#key #generation #distributed #gennaro

gennaro-dkg

The Gennaro Distributed Key Generation Algorithm

38 releases

1.0.0-rc1 Oct 18, 2024
1.0.0-pre.0 Jul 31, 2024
0.9.0-rc2 Jul 30, 2024
0.9.0-rc1 Mar 26, 2024
0.2.8-pre0 Mar 20, 2023

#441 in Cryptography

Download history 190/week @ 2024-08-04 129/week @ 2024-08-11 187/week @ 2024-08-18 48/week @ 2024-08-25 75/week @ 2024-09-01 146/week @ 2024-09-08 87/week @ 2024-09-15 267/week @ 2024-09-22 516/week @ 2024-09-29 881/week @ 2024-10-06 711/week @ 2024-10-13 312/week @ 2024-10-20 509/week @ 2024-10-27 407/week @ 2024-11-03 221/week @ 2024-11-10 298/week @ 2024-11-17

1,441 downloads per month

Apache-2.0 OR MIT

645KB
2K SLoC

gennaro-dkg

Crate Docs Apache 2.0 Build status Downloads

The Gennaro Distributed Key Generation Algorithm as described here

This implementation also mitigates the Rogue Key Attack.

Security Notes

This crate has received one security audit from Kudelski Security with no significant findings. The audit report can be found here. We'd like to thank LIT Protocol for sponsoring this audit.

Protocol details

The protocol provided in this crate provides the following

  • It will continue as long as there are enough participants a.k.a above the threshold
  • Abort if the number of participants drops below the threshold

Malformed messages are not allowed and result in bad participants. Non-responsive participants are out of scope for this crate since this includes timeouts and retries which could be for a number of reasons: network latency, system crashes, etc. This is left to consumers as is handling the creation a secure channel to send data.

Essentially communication channels are deliberately not part of this crate. The sending and receiving of messages needs to be handled by the consumer of this crate. This allows the protocol to be used in both sync and async environments.

A good description of methods to do this can be found here.

In a nut-shell:

  1. Use Signal Protocol since this offers the highest security.
  2. Use the latest version of TLS if you can rely on and trust PKI.

License

Licensed under either of

at your option.

Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.

Dependencies

~8–11MB
~200K SLoC