This project is a Rust implementation of {t,n}-threshold ECDSA (elliptic curve digital signature algorithm).

Threshold ECDSA includes two protocols:

• Key Generation for creating secret shares.
• Signing for using the secret shares to generate a signature.

ECDSA is used extensively for crypto-currencies such as Bitcoin, Ethereum (secp256k1 curve), NEO (NIST P-256 curve) and much more. This library can be used to create MultiSig and ThresholdSig crypto wallet.

• The library supports 2p-ecdsa based on Lindell's crypto 2017 paper [1]. Project Gotham-city is a proof of concept for a full two-party Bitcoin wallet that uses this library. See benchmarks and white paper there.

• The library supports Gennaro and Goldfeder CCS 2018 protocol [2] for {t,n}-threshold ECDSA.

The following steps are for setup, key generation with n parties and signing with t+1 parties.

Setup

1. We use shared state machine architecture (see white city). The parameters parties and threshold can be configured by changing the file: param. a keygen will run with parties parties and signing will run with any subset of threshold + 1 parties. param file should be located in the same path of the client softwares.
2. Install Rust,Nightly Rust. Run cargo build --release ( it will build into /target/release)
3. Run the shared state machine: ./sm_manager. Currently configured to be in 127.0.0.1:8001, this can be changed in Rocket.toml file. The Rocket.toml file should be in the same folder you run sm_manager from.

KeyGen

run gg18_keygen_client as follows: ./gg18_keygen_client http://127.0.0.1:8001 keys.store. Replace IP and port with the ones configured in setup. Once n parties join the application will run till finish. At the end each party will get a local keys file keys.store (change filename in command line). This contain secret and public data of the party after keygen. The file therefore should remain private.

Sign

Run ./gg18_sign_client. The application should be in the same folder as the keys.store file (or custom filename generated in keygen). the application takes three arguments: IP:port as in keygen, filename and message to be signed: ./gg18_sign_client http://127.0.0.1:8001 keys.store "KZen Networks". The same message should be used by all signers. Once t+1 parties join the protocol will run and will output to screen signatue (R,s).

Full demo

Run ./run.sh (located in /demo folder) in the same folder as the excutables (usually /target/release). It will spawn a shared state machine, clients in the number of parties and signing requests for the threshold + 1 first parties.

A 5 parties setup with 3 signers (threshold = 2)

The contribution workflow is described in CONTRIBUTING.md, in addition the Rust utilities wiki contains information on workflow and environment set-up.

Multi-party ECDSA is released under the terms of the GPL-3.0 license. See LICENSE for more information.

Feel free to reach out or join the KZen Research Telegram for discussions on code and research.

[1] https://eprint.iacr.org/2017/552.pdf

[2] https://eprint.iacr.org/2019/114.pdf