inv-tshare: Threshold (re-)sharing protocol

Cargo.toml

@@ -41,6 +41,7 @@ sha2 = "0.10.8"
 thiserror = "1"
 tracing = "0.1.37"
 zeroize = "1.5"
+itertools = "0.13.0"
 sodiumoxide = "0.2.7"
 
 [dependencies.gmp-mpfr-sys]
@@ -76,4 +77,4 @@ harness = false
 # This isn't strictly necessary but helps certain IDEs (Clion) find the code.
 [[example]]
 name = "threaded_example"
-path = "examples/threaded_example/threaded.rs"
+path = "examples/threaded_example/threaded.rs"

examples/threaded_example/threaded.rs

@@ -427,7 +427,8 @@ impl Worker {
         let key_shares = self.key_gen_material.retrieve(&key_id).public_key_shares();
         let record = self.presign_records.take(&key_id);
 
-        let inputs = sign::Input::new(b"hello world", record, key_shares.to_vec(), None);
+        let threshold = key_shares.len();
+        let inputs = sign::Input::new(b"hello world", record, key_shares.to_vec(), threshold, None);
         self.new_sub_protocol::<SignParticipant>(sid, inputs, key_id)
     }
 }

src/broadcast/participant.rs

@@ -52,6 +52,7 @@ pub(crate) struct BroadcastParticipant {
 pub(crate) enum BroadcastTag {
     AuxinfoR1CommitHash,
     KeyGenR1CommitHash,
+    TshareR1CommitHash,
     KeyRefreshR1CommitHash,
     PresignR1Ciphertexts,
 }

src/lib.rs

@@ -222,6 +222,7 @@ mod protocol;
 mod ring_pedersen;
 pub mod sign;
 pub mod slip0010;
+pub mod tshare;
 mod utils;
 mod zkp;
 mod zkstar;

src/messages.rs

@@ -30,6 +30,8 @@ pub enum MessageType {
     Auxinfo(AuxinfoMessageType),
     /// Keygen messages
     Keygen(KeygenMessageType),
+    /// Tshare messages
+    Tshare(TshareMessageType),
     /// Keyrefresh messages
     Keyrefresh(KeyrefreshMessageType),
     /// Presign messages
@@ -68,6 +70,22 @@ pub enum KeygenMessageType {
     R3Proof,
 }
 
+/// An enum consisting of all tshare message types
+#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq, Serialize, Deserialize)]
+pub enum TshareMessageType {
+    /// Signal to self that we're ready to run the protocol
+    Ready,
+    /// A hash commitment to the public keyshare and associated proofs
+    R1CommitHash,
+    /// The information committed to in Round 1
+    R2Decommit,
+    /// The encrypted private share from a participant to another.
+    R2PrivateShare,
+    /// A proof of knowledge of the discrete log of the value decommitted in
+    /// Round 2
+    R3Proof,
+}
+
 /// An enum consisting of all keyrefresh message types
 #[derive(Debug, Copy, Clone, Hash, PartialEq, Eq, Serialize, Deserialize)]
 pub enum KeyrefreshMessageType {
@@ -211,4 +229,17 @@ impl Message {
         }
         Ok(())
     }
+
+    /// Check if the message type is one of the valid options.
+    pub(crate) fn check_one_of_type(&self, expected_types: &[MessageType]) -> Result<()> {
+        if !expected_types.contains(&self.message_type()) {
+            error!(
+                "A message was misrouted. Expected one of {:?}, Got {:?}",
+                expected_types,
+                self.message_type()
+            );
+            return Err(InternalError::InternalInvariantFailed);
+        }
+        Ok(())
+    }
 }

src/participant.rs

@@ -460,7 +460,7 @@ pub enum Status {
     /// This variant is used by
     /// [`InteractiveSignParticipant`](crate::sign::InteractiveSignParticipant)
     RunningPresign,
-    /// Participant completed presign and is running sign.
+    /// Participant received a ready message and is running tshare.
     ///
     /// This variant is used by
     /// [`InteractiveSignParticipant`](crate::sign::InteractiveSignParticipant)

src/presign/record.rs

@@ -266,7 +266,7 @@ mod tests {
 
         /// Simulate creation of a random presign record. Do not use outside of
         /// testing.
-        fn simulate(rng: &mut StdRng) -> PresignRecord {
+        pub(crate) fn simulate(rng: &mut StdRng) -> PresignRecord {
             let mask_point = CurvePoint::random(StdRng::from_seed(rng.gen()));
             let mask_share = Scalar::random(StdRng::from_seed(rng.gen()));
             let masked_key_share = Scalar::random(rng);