absolutebi/serai
1
0
Fork 0
mirror of https://github.com/serai-dex/serai.git synced 2025-12-08 12:19:24 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
d219b77bd08b3c37befeaff5c00b5b431bd97145
serai/audits/crypto/dkg/evrf
History
Luke Parker cc5d38f1ce dkg-evrf Security Proofs (#681) 
* Add audit statement for `dkg-evrf`

This doesn't cover the implementation, solely the academia and background.

Also moves the existing audit of the `crypto` folder for organizational
reasons.

* Add files via upload
2025-09-26 11:20:48 -04:00
..
README.md
dkg-evrf Security Proofs (#681)
2025-09-26 11:20:48 -04:00
Security Proofs.pdf
dkg-evrf Security Proofs (#681)
2025-09-26 11:20:48 -04:00

README.md

eVRF DKG

In 2024, the eVRF paper was published to the IACR preprint server. Within it was a one-round unbiased DKG and a one-round unbiased threshold DKG. Unfortunately, both simply describe communication of the secret shares as 'Alice sends s_b to Bob'. This causes, in practice, the need for an additional round of communication to occur where all participants confirm they received their secret shares.

Within Serai, it was posited to use the same premises as the DDH eVRF itself to achieve a verifiable encryption scheme. This allows the secret shares to be posted to any 'bulletin board' (such as a blockchain) and for all observers to confirm:

  • A participant participated
  • The secret shares sent can be received by the intended recipient so long as they can access the bulletin board

Additionally, Serai desired a robust scheme (albeit with an biased key as the output, which is fine for our purposes). Accordingly, our implementation instantiates the threshold eVRF DKG from the eVRF paper, with our own proposal for verifiable encryption, with the caller allowed to decide the set of participants. They may:

  • Select everyone, collapsing to the non-threshold unbiased DKG from the eVRF paper
  • Select a pre-determined set, collapsing to the threshold unbaised DKG from the eVRF paper
  • Select a post-determined set (with any solution for the Common Subset problem), allowing achieving a robust threshold biased DKG

Note that the eVRF paper proposes using the eVRF to sample coefficients yet this is unnecessary when the resulting key will be biased. Any proof of knowledge for the coefficients, as necessary for their extraction within the security proofs, would be sufficient.

MAGIC Grants contracted HashCloak to formalize Serai's proposal for a DKG and provide proofs for its security. This resulted in this paper.

Our implementation itself is then built on top of the audited generalized-bulletproofs and generalized-bulletproofs-ec-gadgets.

Note we do not use the originally premised DDH eVRF yet the one premised on elliptic curve divisors, the methodology of which is commented on here.

Our implementation itself is unaudited at this time however.

Reference in New Issue View Git Blame Copy Permalink