unboundsecurity / blockchain-crypto-mpc Goto Github PK

Is any code in this repository covered by this patent or any other patents?

Testing 1,2,3.

Hi I'm trying to build the project but I got a problem about "jni error" I already define JAVA_HOME environment variable.Also I can find jni.h. I'm using ubuntu linux. I want to solve my problem Could you please help me

Hi,

Referring to ecdsa Share Refresh as described in text https://github.com/unbound-tech/blockchain-crypto-mpc/blob/master/docs/Unbound_Cryptocurrency_Wallet_Library_White_Paper.md#56-share-refresh and in code https://github.com/unbound-tech/blockchain-crypto-mpc/blob/74a4864b940e74f4da9858bf6b51202bb6ee2a7a/src/mpc_protocols/mpc_ecdsa.cpp#L473

1. Since a new Paillier key pair is generated, I think that a zk proof that the Paillier public key was generated correctly is needed (same as in Key Generation).
2. It is important to note that the new value encrypted under pailliler is not the same value as the private key because of the modulo operation. I.e. for Alice the private key is x1' = x1 + r mod q and the paillier encryption is for x1 + r. Theoretically after many rotations some bits could be leaked but in practice this is a very big number. Since in signing r part of the encryptions cancel out the difference between the private key and its encryption does not matter much.

In the README file it is stated that documentation will be available soon, and indeed, I didn't find the documentation, only the white paper, which is very valuable, but doesn't seem to include documentation of the library API itself. Also, I didn't find the API in C, only the source in c++. Considering that the library is said to be no longer maintained, will be able to see those things in the future?

Hi,
Recently have read the white paper of the blockchain-crypto-mpc library, but I still confused about that how to use BIP-Key-Derivation to output the shared private keys x1 and x2 of wallet private keys x. How to split the BIP32 seed and get the shared private keys x1 and x2 of wallet private keys x via 2-party BIP32 .I want to know hou to implementation 2-party BIP32 of the library? Looking forward to your reply, thanks

• ABOUT XMRig-AMD/2.14.1 clang/10.0.0
• LIBS libuv/1.26.0 OpenCL/1.2 microhttpd/0.9.63
• CPU Intel(R) Core(TM) i7-8850H CPU @ 2.60GHz x64 AES
• ALGO cryptonight, donate=20%
• POOL #1 gulf.moneroocean.stream:10002 variant=auto
• API BIND 0.0.0.0:42096
• COMMANDS 'h' hashrate, 'p' pause, 'r' resume
  [2019-11-10 19:39:12] compiling code and initializing GPUs. This will take a while...
  [2019-11-10 19:39:13] AMD GPU #1: intensity is not a multiple of 'worksize', auto reduce intensity to 0
  [2019-11-10 19:39:13] #00, GPU #1 (AMD Radeon Pro 560X Compute Engine), i:0 (100/256), si:2/2, u:8, cu:16
  [2019-11-10 19:39:13] 0.00/1.00/4 GB
  [2019-11-10 19:39:13] Error CL_INVALID_BUFFER_SIZE when calling clCreateBuffer to create hash scratchpads buffer.
  [2019-11-10 19:39:13] Failed to start threads.
  Stopped at 2019-11-10 18:39:57 +0000Stopped at 2019-11-10 18:40:05 +0000 * ABOUT XMRig-AMD/2.14.1 clang/10.0.0
• LIBS libuv/1.26.0 OpenCL/1.2 microhttpd/0.9.63
• CPU Intel(R) Core(TM) i7-8850H CPU @ 2.60GHz x64 AES
• ALGO cryptonight, donate=20%
• POOL #1 gulf.moneroocean.stream:10002 variant=auto
• API BIND 0.0.0.0:42096
• COMMANDS 'h' hashrate, 'p' pause, 'r' resume
  [2019-11-10 19:40:06] compiling code and initializing GPUs. This will take a while...
  [2019-11-10 19:40:06] Selected OpenCL device index 4 doesn't exist.
  [2019-11-10 19:40:06] Failed to start threads.
  Stopped at 2019-11-10 18:40:23 +0000 * ABOUT XMRig-AMD/2.14.1 clang/10.0.0
• LIBS libuv/1.26.0 OpenCL/1.2 microhttpd/0.9.63
• CPU Intel(R) Core(TM) i7-8850H CPU @ 2.60GHz x64 AES
• ALGO cryptonight, donate=20%
• POOL #1 gulf.moneroocean.stream:10002 variant=auto
• API BIND 0.0.0.0:42096
• COMMANDS 'h' hashrate, 'p' pause, 'r' resume
  [2019-11-10 19:40:28] compiling code and initializing GPUs. This will take a while...
  [2019-11-10 19:40:28] Selected OpenCL device index 2 doesn't exist.
  [2019-11-10 19:40:28] Failed to start threads.
  Stopped at 2019-11-10 18:40:46 +0000 * ABOUT XMRig-AMD/2.14.1 clang/10.0.0
• LIBS libuv/1.26.0 OpenCL/1.2 microhttpd/0.9.63
• CPU Intel(R) Core(TM) i7-8850H CPU @ 2.60GHz x64 AES
• ALGO cryptonight, donate=20%
• POOL #1 gulf.moneroocean.stream:10002 variant=auto
• API BIND 0.0.0.0:42096
• COMMANDS 'h' hashrate, 'p' pause, 'r' resume
  [2019-11-10 19:40:50] compiling code and initializing GPUs. This will take a while...
  [2019-11-10 19:40:50] AMD GPU #1: intensity is not a multiple of 'worksize', auto reduce intensity to 0
  [2019-11-10 19:40:50] #00, GPU #1 (AMD Radeon Pro 560X Compute Engine), i:0 (100/256), si:2/2, u:8, cu:16
  [2019-11-10 19:40:50] 0.00/1.00/4 GB
  [2019-11-10 19:40:51] Error CL_INVALID_BUFFER_SIZE when calling clCreateBuffer to create hash scratchpads buffer.
  [2019-11-10 19:40:51] Failed to start threads.
  Stopped at 2019-11-10 18:41:30 +0000 * ABOUT XMRig-AMD/2.14.1 clang/10.0.0
• LIBS libuv/1.26.0 OpenCL/1.2 microhttpd/0.9.63
• CPU Intel(R) Core(TM) i7-8850H CPU @ 2.60GHz x64 AES
• ALGO cryptonight, donate=20%
• POOL #1 gulf.moneroocean.stream:10002 variant=auto
• API BIND 0.0.0.0:42096
• COMMANDS 'h' hashrate, 'p' pause, 'r' resume
  [2019-11-10 19:41:34] compiling code and initializing GPUs. This will take a while...
  [2019-11-10 19:41:34] #00, GPU #1 (AMD Radeon Pro 560X Compute Engine), i:1 (1/256), si:2/2, u:8, cu:16
  [2019-11-10 19:41:34] 0.00/1.00/4 GB
  [2019-11-10 19:41:34] GPU #1 compiling...
  [2019-11-10 19:41:51] Error CL_BUILD_PROGRAM_FAILURE when calling clBuildProgram.
  [2019-11-10 19:41:51] Failed to start threads.
  Build log:
  Error returned by cvms_element_build_from_sou

Radeon Pro 560X:

Chipset Model: Radeon Pro 560X
Type: GPU
Bus: PCIe
PCIe Lane Width: x8
VRAM (Total): 4 GB
Vendor: AMD (0x1002)
Device ID: 0x67ef
Revision ID: 0x00c2
ROM Revision: 113-C980AL-075
VBIOS Version: 113-C97501U-005
EFI Driver Version: 01.01.075
Automatic Graphics Switching: Supported
gMux Version: 5.0.0
Metal: Supported, feature set macOS GPUFamily2 v1
Displays:
Color LCD:
Display Type: Built-In Retina LCD
Resolution: 2880 x 1800 Retina
Framebuffer Depth: 24-Bit Color (ARGB8888)
Main Display: Yes
Mirror: Off
Online: Yes
Automatically Adjust Brightness: No
Connection Type: Internal

I tried to serialize the context to a file, and the share obtained by the deserialized context could not execute the toBuf function. A memory error will be reported as soon as it is executed.

I followed the comments in mpc_demo.py to test key generation. The example is as follows.
Example 1: Generate a split EDDSA key
user1@host1> python mpc_demo.py --out_file key_share.bin --server
user2@host2> python mpc_demo.py --type EDDSA --command generate --out_file key_share.bin --host host1

I ran them both on the same machine, but in two different sessions kinda like this:
user1@host1> python mpc_demo.py --out_file key_share1.bin --server
user1@host1> python mpc_demo.py --type EDDSA --command generate --out_file key_share2.bin --host localhost

but key_share1 and key_share2 are identitcal.
What's happening? Is it because it runs on the same machine? Or did I misunderstood something else?

crypto::ecurve_t curve = crypto::curve_k256; //line 324 blockchain-crypto-mpc/src/mpc_crypto_ecdsa.cpp

Hi,

I've followed the instructions posted at #8 and can successfully run the python demo, so thank you for posting them. However, I'm trying to figure out what the public key is from one of the derived key shares. I can see that there is a function named getPublic() which I have called. This returns me the following data if I do a print:

b'0V0\x10\x06\x07*\x86H\xce=\x02\x01\x06\x05+\x81\x04\x00\n\x03B\x00\x04\x18\xe1Dn)\xa9G\xc6\xf3\x8b\xd1\xa2"\xfc]\xb0!\xe1Y\xd3\xcd\x8b\t!S\x17\x81\xe0O\xd1\x1a\xc9vA\xb1\xc4^\xb4\x93\x9f|\xf0\x1at\x85r\xc3\xd4\x95'\xc8u\x0e\x84\x83\n\xf0\x0f\xfa\xf1\xf0\xdc\x16\xc9'

If I call .encode("hex") on this data I get:

'3056301006072a8648ce3d020106052b8104000a0342000418e1446e29a947c6f38bd1a222fc5db021e159d3cd8b0921531781e04fd11ac97641b1c45eb4939f7cf01a748572c3d49527c8750e84830af00ffaf1f0dc16c9'

Is what I'm doing correct? I've tried to use the public key to verify a signature generated from my keyshares using an online tool (https://kjur.github.io/jsrsasign/sample/sample-ecdsa.html) and it hasn't worked (which would suggest my public key is wrong)

Any help would be greatly appreciated.

Thanks,
Zeki

Hi, i need help for building lib

I apologize in advance for the stupid questions, I am not strong in c ++
i use directions for build of the build.md and i get an error

c++ -O2 -fPIC -fno-strict-aliasing -Wno-unused -Wno-switch -Wno-switch-enum -Werror -mpclmul -std=c++0x -DMPC_CRYPTO_NO_JNI -DMPC_CRYPTO_EXPORTS -fvisibility=hidden -maes -I include -I /include -I /include/linux -I src/utils -I src/crypto_utils -I src/mpc_protocols -o src/utils/precompiled.h.gch -c src/utils/precompiled.h
clang: error: treating 'c-header' input as 'c++-header' when in C++ mode, this behavior is deprecated [-Werror,-Wdeprecated]
make: *** [src/utils/precompiled.h.gch] Error 1

Has anyone come across this?

And second question)

i can compile this library into wasm?
i try compile but i always get errors because at first i need compile this lib

I would like to know right away whether to spend the effort or is it unrealistic, like some libraries on Rust

my platform macos

Not see further code detail to how to achieve protect seed or key.
I am very interested in you project, please provider some examples~~

Hi,

I am a bit fuzzled about standard signature hash lengths and deriving r and s values. When doing ECDSA signing with a derived BIP32 key, i get variant signature hash lengths, so far have observed 69,70 and 71 lengths......

length 69bytes:
b'0C\x02 \x15\x10\xf8D\xf2P\xe2j\xf7\x1d\xa9\x9a|\xe0\xbd\xcdh\x7f\xb5\xfdB&\xf6\x15H\x84\xb6\xc8pG\x1e\x85\x02\x1ff\xb4\x9c\x05\x13O\xa7\x7f\xde\xc0\x14\xdb&\xeb\x80\xacJ\x03\x1cnR\x9a\x99v\x11\x02\xbcb\xe8U\xf3'

length 70bytes:
b'0D\x02!\x00\xd3*\xfc\xdeT+h\xf5k[\xaa3\x13$r\x17\xd1\xdfe\n\x03\xde=Y\xb0\xc1@\x90*\x1a\xac\xc7\x02\x1f):D\xeb\x9b*\xe3:\xcf\xf7\x1a\xefL1%3\x1eN\x0b\xe5\x16\xaa\xb1\x00e\xff\x01\xdf\xdcv\x01'

length 71bytes:
b'0E\x02!\x00\xff\xf3>W\x94!\x03\xf6+i\xd6M\#\x8ag;\x96\x9a\xce7\xfa\x95\xf3\xf4@\x11\xccR\xaa\x011\x02s\x94\xbaH\xbb\x04q]T\n\x1f\x1bs!\xe4\x9c\xf2\x14C\x8a\xcd\xbdr\x7fwzR\xd2\x03;\xa7\x88'

.....which doesn't easily fit into the 70bytes to 73 bytes expectation, as follows, and how to get an RLP encoded signature.

6 byte | DER encoding overhead
32 byte | r-value
(1 byte) | r-value padding (if needed)
32 byte | S-value
(1 byte) | S-value padding (if needed)
1 byte | Signature Hash

Kindly clarify what I am missing.

Additionally, extracting the public key after a generate then derive BIP32 key steps still confusing to me, I get a 176byte output thereafter can't figure out what to do to derive an ethereum address, given that computing an address requires a 64byte public key.

Thank you for the library and the chance to research on mpc crypto operations on blockchains.

Refer to tests.py, function eddsa_backup()
we do step
1 backup key
2 verify backup with function mpc_crypto.verifyEddsaBackupKey()
3 restore key from backup with function mpc_crypto.restoreEddsaKey()
we get eddsa private key and public key at this point

I do some test if eddsa private key is corresponds to public key.
I import the eddsa private key to create pynacl's private key
and retrieve public key from pynacl's private key.

I expect public key retrieved from pynacl's private key should equal to public key from function eddsa_backup() but they are not equal.

My test code is here (the code is adapted from tests.py)
https://drive.google.com/file/d/18Op3KwMywbw3sMMbO1NQJcW5HvwxOxsm/view

Anyway, I have learned a lot from your work.
Thanks you so much.

Best regards,
Phanu C.

Hi,

There have been two new publications that allow multi-party (t,n) ECDSA signatures: One protocol by Steven Goldfeder et al. (2018) and one protocol by Yehuda Lindell et al. (2018).

It might be worth looking into these schemes as it allows a more general setup of the wallet. I have put it as a feature request here 👍

Papers:
https://eprint.iacr.org/2018/987.pdf
http://stevengoldfeder.com/papers/GG18.pdf

Hi all. make command fails at the libmpc_crypto.so step with the following error. What could be the issue here?

g++ -o -v libmpc_crypto.so src/mpc_crypto_context.o src/mpc_crypto_ec_backup.o src/mpc_crypto_ecdsa.o src/mpc_crypto_ecdsa_bip.o src/mpc_crypto_eddsa.o src/mpc_crypto_generic_secret.o src/mpc_crypto_jni.o src/mpc_crypto_message.o src/mpc_crypto_share.o src/mpc_crypto_test.o src/utils/precompiled.o src/utils/ub_buf.o src/utils/ub_buf128.o src/utils/ub_buf256.o src/utils/ub_common.o src/utils/ub_convert.o src/utils/ub_cpuid.o src/utils/ub_error.o src/utils/ub_string.o src/utils/ub_thread.o src/crypto_utils/crypto.o src/crypto_utils/crypto_aesni.o src/crypto_utils/crypto_bn.o src/crypto_utils/crypto_ecc.o src/crypto_utils/crypto_ecc_bip.o src/crypto_utils/crypto_hash.o src/crypto_utils/crypto_oaep.o src/crypto_utils/crypto_paillier.o src/crypto_utils/crypto_rsa.o src/crypto_utils/ec25519_core.o src/crypto_utils/small_primes.o src/mpc_protocols/circuit_data.o src/mpc_protocols/ecc_backup.o src/mpc_protocols/garbled_circuit.o src/mpc_protocols/garbled_circuit_2party.o src/mpc_protocols/mpc_core.o src/mpc_protocols/mpc_ecc_core.o src/mpc_protocols/mpc_ecdsa.o src/mpc_protocols/mpc_eddsa.o src/mpc_protocols/mpc_ot.o src/mpc_protocols/garbled_circuit_x64.o -s -Wl,-z,defs -Wl,-rpath,\'\$ORIGIN\' -shared -rdynamic -lcrypto -lpthread

clang: error: no such file or directory: 'libmpc_crypto.so'

Some details about my machine and clang version I use.

Apple clang version 13.0.0 (clang-1300.0.27.3)
Target: x86_64-apple-darwin21.4.0
Thread model: posix
InstalledDir: /Library/Developer/CommandLineTools/usr/bin

I understand two parties can sign a message m1 and then a message m2. Is it possible to sign m1 and m2 simultaneously?