sonr/crypto/sharing/pedersen.go

//
// Copyright Coinbase, Inc. All Rights Reserved.
//
// SPDX-License-Identifier: Apache-2.0
//

package sharing

import (
	"fmt"
	"io"

	"github.com/onsonr/sonr/crypto/core/curves"
)

// Pedersen Verifiable Secret Sharing Scheme
type Pedersen struct {
	threshold, limit uint32
	curve            *curves.Curve
	generator        curves.Point
}

type PedersenVerifier struct {
	Generator   curves.Point
	Commitments []curves.Point
}

func (pv PedersenVerifier) Verify(share, blindShare *ShamirShare) error {
	curve := curves.GetCurveByName(pv.Generator.CurveName())
	if err := share.Validate(curve); err != nil {
		return err
	}
	if err := blindShare.Validate(curve); err != nil {
		return err
	}

	x := curve.Scalar.New(int(share.Id))
	i := curve.Scalar.One()
	rhs := pv.Commitments[0]

	for j := 1; j < len(pv.Commitments); j++ {
		i = i.Mul(x)
		rhs = rhs.Add(pv.Commitments[j].Mul(i))
	}

	sc, _ := curve.Scalar.SetBytes(share.Value)
	bsc, _ := curve.Scalar.SetBytes(blindShare.Value)
	g := pv.Commitments[0].Generator().Mul(sc)
	h := pv.Generator.Mul(bsc)
	lhs := g.Add(h)

	if lhs.Equal(rhs) {
		return nil
	} else {
		return fmt.Errorf("not equal")
	}
}

// PedersenResult contains all the data from calling Split
type PedersenResult struct {
	Blinding                     curves.Scalar
	BlindingShares, SecretShares []*ShamirShare
	FeldmanVerifier              *FeldmanVerifier
	PedersenVerifier             *PedersenVerifier
}

// NewPedersen creates a new pedersen VSS
func NewPedersen(threshold, limit uint32, generator curves.Point) (*Pedersen, error) {
	if limit < threshold {
		return nil, fmt.Errorf("limit cannot be less than threshold")
	}
	if threshold < 2 {
		return nil, fmt.Errorf("threshold cannot be less than 2")
	}
	if limit > 255 {
		return nil, fmt.Errorf("cannot exceed 255 shares")
	}
	curve := curves.GetCurveByName(generator.CurveName())
	if curve == nil {
		return nil, fmt.Errorf("invalid curve")
	}
	if generator == nil {
		return nil, fmt.Errorf("invalid generator")
	}
	if !generator.IsOnCurve() || generator.IsIdentity() {
		return nil, fmt.Errorf("invalid generator")
	}
	return &Pedersen{threshold, limit, curve, generator}, nil
}

// Split creates the verifiers, blinding and shares
func (pd Pedersen) Split(secret curves.Scalar, reader io.Reader) (*PedersenResult, error) {
	// generate a random blinding factor
	blinding := pd.curve.Scalar.Random(reader)

	shamir := Shamir{pd.threshold, pd.limit, pd.curve}
	// split the secret into shares
	shares, poly := shamir.getPolyAndShares(secret, reader)

	// split the blinding into shares
	blindingShares, polyBlinding := shamir.getPolyAndShares(blinding, reader)

	// Generate the verifiable commitments to the polynomial for the shares
	blindedverifiers := make([]curves.Point, pd.threshold)
	verifiers := make([]curves.Point, pd.threshold)

	// ({p0 * G + b0 * H}, ...,{pt * G + bt * H})
	for i, c := range poly.Coefficients {
		s := pd.curve.ScalarBaseMult(c)
		b := pd.generator.Mul(polyBlinding.Coefficients[i])
		bv := s.Add(b)
		blindedverifiers[i] = bv
		verifiers[i] = s
	}
	verifier1 := &FeldmanVerifier{Commitments: verifiers}
	verifier2 := &PedersenVerifier{Commitments: blindedverifiers, Generator: pd.generator}

	return &PedersenResult{
		blinding, blindingShares, shares, verifier1, verifier2,
	}, nil
}

func (pd Pedersen) LagrangeCoeffs(shares map[uint32]*ShamirShare) (map[uint32]curves.Scalar, error) {
	shamir := &Shamir{
		threshold: pd.threshold,
		limit:     pd.limit,
		curve:     pd.curve,
	}
	identities := make([]uint32, 0)
	for _, xi := range shares {
		identities = append(identities, xi.Id)
	}
	return shamir.LagrangeCoeffs(identities)
}

func (pd Pedersen) Combine(shares ...*ShamirShare) (curves.Scalar, error) {
	shamir := &Shamir{
		threshold: pd.threshold,
		limit:     pd.limit,
		curve:     pd.curve,
	}
	return shamir.Combine(shares...)
}

func (pd Pedersen) CombinePoints(shares ...*ShamirShare) (curves.Point, error) {
	shamir := &Shamir{
		threshold: pd.threshold,
		limit:     pd.limit,
		curve:     pd.curve,
	}
	return shamir.CombinePoints(shares...)
}
feature/1114 implement account interface (#1167) - refactor: move session-related code to middleware package - refactor: update PKL build process and adjust related configurations - feat: integrate base.cosmos.v1 Genesis module - refactor: pass session context to modal rendering functions - refactor: move nebula package to app directory and update templ version - refactor: Move home section video view to dedicated directory - refactor: remove unused views file - refactor: move styles and UI components to global scope - refactor: Rename images.go to cdn.go - feat: Add Empty State Illustrations - refactor: Consolidate Vault Index Logic - fix: References to App.wasm and remove Vault Directory embedded CDN files - refactor: Move CDN types to Models - fix: Correct line numbers in templ error messages for arch_templ.go - refactor: use common types for peer roles - refactor: move common types and ORM to a shared package - fix: Config import dwn - refactor: move nebula directory to app - feat: Rebuild nebula - fix: correct file paths in panels templates - feat: Remove duplicate types - refactor: Move dwn to pkg/core - refactor: Binary Structure - feat: Introduce Crypto Pkg - fix: Broken Process Start - *feat: Update pkg/ structure - feat: Refactor PKL Structure - build: update pkl build process - chore: Remove Empty Files - refactor: remove unused macaroon package - feat: Add WebAwesome Components - refactor: consolidate build and generation tasks into a single taskfile, remove redundant makefile targets - refactor: refactor server and move components to pkg/core/dwn - build: update go modules - refactor: move gateway logic into dedicated hway command - feat: Add KSS (Krawczyk-Song-Song) MPC cryptography module - feat: Implement MPC-based JWT signing and UCAN token generation - feat: add support for MPC-based JWT signing - feat: Implement MPC-based UCAN capabilities for smart accounts - feat: add address field to keyshareSource - feat: Add comprehensive MPC test suite for keyshares, UCAN tokens, and token attenuations - refactor: improve MPC keyshare management and signing process - feat: enhance MPC capability hierarchy documentation - refactor: rename GenerateKeyshares function to NewKeyshareSource for clarity - refactor: remove unused Ethereum address computation - feat: Add HasHandle and IsAuthenticated methods to HTTPContext - refactor: Add context.Context support to session HTTPContext - refactor: Resolve context interface conflicts in HTTPContext - feat: Add session ID context key and helper functions - feat: Update WebApp Page Rendering - refactor: Simplify context management by using single HTTPContext key - refactor: Simplify HTTPContext creation and context management in session middleware - refactor: refactor session middleware to use a single data structure - refactor: Simplify HTTPContext implementation and session data handling - refactor: Improve session context handling and prevent nil pointer errors - refactor: Improve session context handling with nil safety and type support - refactor: improve session data injection - feat: add full-screen modal component and update registration flow - chore: add .air.toml to .gitignore - feat: add Air to devbox and update dependencies** 2024-11-23 01:28:58 -05:00			`//`
			`// Copyright Coinbase, Inc. All Rights Reserved.`
			`//`
			`// SPDX-License-Identifier: Apache-2.0`
			`//`

			`package sharing`

			`import (`
			`"fmt"`
			`"io"`

feature/1220 origin handle exists method (#1241) * feat: add docs and CI workflow for publishing to onsonr.dev * (refactor): Move hway,motr executables to their own repos * feat: simplify devnet and testnet configurations * refactor: update import path for didcrypto package * docs(networks): Add README with project overview, architecture, and community links * refactor: Move network configurations to deploy directory * build: update golang version to 1.23 * refactor: move logger interface to appropriate package * refactor: Move devnet configuration to networks/devnet * chore: improve release process with date variable * (chore): Move Crypto Library * refactor: improve code structure and readability in DID module * feat: integrate Trunk CI checks * ci: optimize CI workflow by removing redundant build jobs --------- Co-authored-by: Darp Alakun <i@prad.nu> 2025-01-06 12:06:10 -05:00			`"github.com/onsonr/sonr/crypto/core/curves"`
feature/1114 implement account interface (#1167) - refactor: move session-related code to middleware package - refactor: update PKL build process and adjust related configurations - feat: integrate base.cosmos.v1 Genesis module - refactor: pass session context to modal rendering functions - refactor: move nebula package to app directory and update templ version - refactor: Move home section video view to dedicated directory - refactor: remove unused views file - refactor: move styles and UI components to global scope - refactor: Rename images.go to cdn.go - feat: Add Empty State Illustrations - refactor: Consolidate Vault Index Logic - fix: References to App.wasm and remove Vault Directory embedded CDN files - refactor: Move CDN types to Models - fix: Correct line numbers in templ error messages for arch_templ.go - refactor: use common types for peer roles - refactor: move common types and ORM to a shared package - fix: Config import dwn - refactor: move nebula directory to app - feat: Rebuild nebula - fix: correct file paths in panels templates - feat: Remove duplicate types - refactor: Move dwn to pkg/core - refactor: Binary Structure - feat: Introduce Crypto Pkg - fix: Broken Process Start - *feat: Update pkg/ structure - feat: Refactor PKL Structure - build: update pkl build process - chore: Remove Empty Files - refactor: remove unused macaroon package - feat: Add WebAwesome Components - refactor: consolidate build and generation tasks into a single taskfile, remove redundant makefile targets - refactor: refactor server and move components to pkg/core/dwn - build: update go modules - refactor: move gateway logic into dedicated hway command - feat: Add KSS (Krawczyk-Song-Song) MPC cryptography module - feat: Implement MPC-based JWT signing and UCAN token generation - feat: add support for MPC-based JWT signing - feat: Implement MPC-based UCAN capabilities for smart accounts - feat: add address field to keyshareSource - feat: Add comprehensive MPC test suite for keyshares, UCAN tokens, and token attenuations - refactor: improve MPC keyshare management and signing process - feat: enhance MPC capability hierarchy documentation - refactor: rename GenerateKeyshares function to NewKeyshareSource for clarity - refactor: remove unused Ethereum address computation - feat: Add HasHandle and IsAuthenticated methods to HTTPContext - refactor: Add context.Context support to session HTTPContext - refactor: Resolve context interface conflicts in HTTPContext - feat: Add session ID context key and helper functions - feat: Update WebApp Page Rendering - refactor: Simplify context management by using single HTTPContext key - refactor: Simplify HTTPContext creation and context management in session middleware - refactor: refactor session middleware to use a single data structure - refactor: Simplify HTTPContext implementation and session data handling - refactor: Improve session context handling and prevent nil pointer errors - refactor: Improve session context handling with nil safety and type support - refactor: improve session data injection - feat: add full-screen modal component and update registration flow - chore: add .air.toml to .gitignore - feat: add Air to devbox and update dependencies** 2024-11-23 01:28:58 -05:00			`)`

			`// Pedersen Verifiable Secret Sharing Scheme`
			`type Pedersen struct {`
			`threshold, limit uint32`
			`curve *curves.Curve`
			`generator curves.Point`
			`}`

			`type PedersenVerifier struct {`
			`Generator curves.Point`
			`Commitments []curves.Point`
			`}`

			`func (pv PedersenVerifier) Verify(share, blindShare *ShamirShare) error {`
			`curve := curves.GetCurveByName(pv.Generator.CurveName())`
			`if err := share.Validate(curve); err != nil {`
			`return err`
			`}`
			`if err := blindShare.Validate(curve); err != nil {`
			`return err`
			`}`

			`x := curve.Scalar.New(int(share.Id))`
			`i := curve.Scalar.One()`
			`rhs := pv.Commitments[0]`

			`for j := 1; j < len(pv.Commitments); j++ {`
			`i = i.Mul(x)`
			`rhs = rhs.Add(pv.Commitments[j].Mul(i))`
			`}`

			`sc, _ := curve.Scalar.SetBytes(share.Value)`
			`bsc, _ := curve.Scalar.SetBytes(blindShare.Value)`
			`g := pv.Commitments[0].Generator().Mul(sc)`
			`h := pv.Generator.Mul(bsc)`
			`lhs := g.Add(h)`

			`if lhs.Equal(rhs) {`
			`return nil`
			`} else {`
			`return fmt.Errorf("not equal")`
			`}`
			`}`

			`// PedersenResult contains all the data from calling Split`
			`type PedersenResult struct {`
			`Blinding curves.Scalar`
			`BlindingShares, SecretShares []*ShamirShare`
			`FeldmanVerifier *FeldmanVerifier`
			`PedersenVerifier *PedersenVerifier`
			`}`

			`// NewPedersen creates a new pedersen VSS`
			`func NewPedersen(threshold, limit uint32, generator curves.Point) (*Pedersen, error) {`
			`if limit < threshold {`
			`return nil, fmt.Errorf("limit cannot be less than threshold")`
			`}`
			`if threshold < 2 {`
			`return nil, fmt.Errorf("threshold cannot be less than 2")`
			`}`
			`if limit > 255 {`
			`return nil, fmt.Errorf("cannot exceed 255 shares")`
			`}`
			`curve := curves.GetCurveByName(generator.CurveName())`
			`if curve == nil {`
			`return nil, fmt.Errorf("invalid curve")`
			`}`
			`if generator == nil {`
			`return nil, fmt.Errorf("invalid generator")`
			`}`
			`if !generator.IsOnCurve() \|\| generator.IsIdentity() {`
			`return nil, fmt.Errorf("invalid generator")`
			`}`
			`return &Pedersen{threshold, limit, curve, generator}, nil`
			`}`

			`// Split creates the verifiers, blinding and shares`
			`func (pd Pedersen) Split(secret curves.Scalar, reader io.Reader) (*PedersenResult, error) {`
			`// generate a random blinding factor`
			`blinding := pd.curve.Scalar.Random(reader)`

			`shamir := Shamir{pd.threshold, pd.limit, pd.curve}`
			`// split the secret into shares`
			`shares, poly := shamir.getPolyAndShares(secret, reader)`

			`// split the blinding into shares`
			`blindingShares, polyBlinding := shamir.getPolyAndShares(blinding, reader)`

			`// Generate the verifiable commitments to the polynomial for the shares`
			`blindedverifiers := make([]curves.Point, pd.threshold)`
			`verifiers := make([]curves.Point, pd.threshold)`

			`// ({p0 * G + b0 * H}, ...,{pt * G + bt * H})`
			`for i, c := range poly.Coefficients {`
			`s := pd.curve.ScalarBaseMult(c)`
			`b := pd.generator.Mul(polyBlinding.Coefficients[i])`
			`bv := s.Add(b)`
			`blindedverifiers[i] = bv`
			`verifiers[i] = s`
			`}`
			`verifier1 := &FeldmanVerifier{Commitments: verifiers}`
			`verifier2 := &PedersenVerifier{Commitments: blindedverifiers, Generator: pd.generator}`

			`return &PedersenResult{`
			`blinding, blindingShares, shares, verifier1, verifier2,`
			`}, nil`
			`}`

			`func (pd Pedersen) LagrangeCoeffs(shares map[uint32]*ShamirShare) (map[uint32]curves.Scalar, error) {`
			`shamir := &Shamir{`
			`threshold: pd.threshold,`
			`limit: pd.limit,`
			`curve: pd.curve,`
			`}`
			`identities := make([]uint32, 0)`
			`for _, xi := range shares {`
			`identities = append(identities, xi.Id)`
			`}`
			`return shamir.LagrangeCoeffs(identities)`
			`}`

			`func (pd Pedersen) Combine(shares ...*ShamirShare) (curves.Scalar, error) {`
			`shamir := &Shamir{`
			`threshold: pd.threshold,`
			`limit: pd.limit,`
			`curve: pd.curve,`
			`}`
			`return shamir.Combine(shares...)`
			`}`

			`func (pd Pedersen) CombinePoints(shares ...*ShamirShare) (curves.Point, error) {`
			`shamir := &Shamir{`
			`threshold: pd.threshold,`
			`limit: pd.limit,`
			`curve: pd.curve,`
			`}`
			`return shamir.CombinePoints(shares...)`
			`}`