absolutebi/serai
1
0
Fork 0
mirror of https://github.com/serai-dex/serai.git synced 2025-12-09 04:39:24 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
72fefb3d8537abc7e9625d2e5c57a1cf671184db
serai/crypto/dkg/evrf/README.md
Luke Parker 738babf7e9 dkg-evrf crate 
monero-oxide relies on ciphersuite, which is in-tree, yet we've made breaking
changes since. This commit adds a patch so
monero-oxide -> patches/ciphersuite -> crypto/ciphersuite, with
patches/ciphersuite resolving the breaking changes.
2025-08-25 04:49:54 -04:00

51 lines
2.5 KiB
Markdown
Raw Blame History

# eVRF DKG
The DKG from the [eVRF paper](https://eprint.iacr.org/2024/397), extended with
Verifiable Encryption premised on the same methodology present in the eVRF
paper.
The DDH-premised VRF is used, yet the different instantiation presented in
section 6.4 premised on elliptic curve divisors. The one-round threshold DKG
presented in section 4.2 is extended, with the following changes:
- Any threshold of `t` participants may complete the DKG. This allows an
adversary to bias the resulting key by choosing the set of participants, yet
offers a robust protocol. The caller is able to choose between robustness and
a lack of bias by completing the DKG with just `t` messages or by waiting for
all `n`. If the caller does opt for robustness, the caller must ensure
participants agree on the subset of participants who actually participated.
- Communication of shares was prior defined as simply sending the share to the
relevant participant, with no description of the channel. Now, a pair of
ECDHs are performed on the embedded curve occurs (between the sender and the
recipient's public key), whose `x` coordinates are summed for a random,
uniform value (as an eVRF would). This value is used as a mask to encrypt the
communicated secret share, with the zero-knowledge proof proving it's
well-formed. This removes the need for a complaint round from the protocol,
allowing it to truly complete (with all recipients holding valid shares) in
just one round.
For a gist of the verifiable encryption scheme, please see
https://gist.github.com/kayabaNerve/cfbde74b0660dfdf8dd55326d6ec33d7. Security
proofs are currently being worked on.
---
This library relies on an implementation of Bulletproofs and various
zero-knowledge gadgets. This library uses
[`generalized-bulletproofs`](https://docs.rs/generalized-bulletproofs),
[`generalized-bulletproofs-circuit-abstraction`](https://docs.rs/generalized-bulletproofs-circuit-abstraction),
and
[`generalized-bulletproofs-ec-gadgets`](https://docs.rs/generalized-bulletproofs-ec-gadgets)
from the Monero project's FCMP++ codebase. These libraries have received the
following audits in the past:
- https://github.com/kayabaNerve/monero-oxide/tree/fcmp++/audits/generalized-bulletproofs
- https://github.com/kayabaNerve/monero-oxide/tree/fcmp++/audits/fcmps
---
This library supports being run in no-std contexts with `alloc` when the `std`
feature (on by default) is disabled. Due to the intensity of the ZK proofs,
this isn't recommended, yet may be justified when _verifying_ posted proofs are
correct.
Reference in New Issue View Git Blame Copy Permalink