sonr/crypto/sharing/shamir.go

//
// Copyright Coinbase, Inc. All Rights Reserved.
//
// SPDX-License-Identifier: Apache-2.0
//

// Package sharing is an implementation of shamir secret sharing and implements the following papers.
//
// - https://dl.acm.org/doi/pdf/10.1145/359168.359176
// - https://www.cs.umd.edu/~gasarch/TOPICS/secretsharing/feldmanVSS.pdf
// - https://link.springer.com/content/pdf/10.1007%2F3-540-46766-1_9.pdf
package sharing

import (
	"encoding/binary"
	"fmt"
	"io"

	"github.com/onsonr/sonr/crypto/core/curves"
)

type ShamirShare struct {
	Id    uint32 `json:"identifier"`
	Value []byte `json:"value"`
}

func (ss ShamirShare) Validate(curve *curves.Curve) error {
	if ss.Id == 0 {
		return fmt.Errorf("invalid identifier")
	}
	sc, err := curve.Scalar.SetBytes(ss.Value)
	if err != nil {
		return err
	}
	if sc.IsZero() {
		return fmt.Errorf("invalid share")
	}
	return nil
}

func (ss ShamirShare) Bytes() []byte {
	var id [4]byte
	binary.BigEndian.PutUint32(id[:], ss.Id)
	return append(id[:], ss.Value...)
}

type Shamir struct {
	threshold, limit uint32
	curve            *curves.Curve
}

func NewShamir(threshold, limit uint32, curve *curves.Curve) (*Shamir, error) {
	if limit < threshold {
		return nil, fmt.Errorf("limit cannot be less than threshold")
	}
	if threshold < 2 {
		return nil, fmt.Errorf("threshold cannot be less than 2")
	}
	if limit > 255 {
		return nil, fmt.Errorf("cannot exceed 255 shares")
	}
	if curve == nil {
		return nil, fmt.Errorf("invalid curve")
	}
	return &Shamir{threshold, limit, curve}, nil
}

func (s Shamir) Split(secret curves.Scalar, reader io.Reader) ([]*ShamirShare, error) {
	if secret.IsZero() {
		return nil, fmt.Errorf("invalid secret")
	}
	shares, _ := s.getPolyAndShares(secret, reader)
	return shares, nil
}

func (s Shamir) getPolyAndShares(secret curves.Scalar, reader io.Reader) ([]*ShamirShare, *Polynomial) {
	poly := new(Polynomial).Init(secret, s.threshold, reader)
	shares := make([]*ShamirShare, s.limit)
	for i := range shares {
		x := s.curve.Scalar.New(i + 1)
		shares[i] = &ShamirShare{
			Id:    uint32(i + 1),
			Value: poly.Evaluate(x).Bytes(),
		}
	}
	return shares, poly
}

func (s Shamir) LagrangeCoeffs(identities []uint32) (map[uint32]curves.Scalar, error) {
	xs := make(map[uint32]curves.Scalar, len(identities))
	for _, xi := range identities {
		xs[xi] = s.curve.Scalar.New(int(xi))
	}

	result := make(map[uint32]curves.Scalar, len(identities))
	for i, xi := range xs {
		num := s.curve.Scalar.One()
		den := s.curve.Scalar.One()
		for j, xj := range xs {
			if i == j {
				continue
			}

			num = num.Mul(xj)
			den = den.Mul(xj.Sub(xi))
		}
		if den.IsZero() {
			return nil, fmt.Errorf("divide by zero")
		}
		result[i] = num.Div(den)
	}
	return result, nil
}

func (s Shamir) Combine(shares ...*ShamirShare) (curves.Scalar, error) {
	if len(shares) < int(s.threshold) {
		return nil, fmt.Errorf("invalid number of shares")
	}
	dups := make(map[uint32]bool, len(shares))
	xs := make([]curves.Scalar, len(shares))
	ys := make([]curves.Scalar, len(shares))

	for i, share := range shares {
		err := share.Validate(s.curve)
		if err != nil {
			return nil, err
		}
		if share.Id > s.limit {
			return nil, fmt.Errorf("invalid share identifier")
		}
		if _, in := dups[share.Id]; in {
			return nil, fmt.Errorf("duplicate share")
		}
		dups[share.Id] = true
		ys[i], _ = s.curve.Scalar.SetBytes(share.Value)
		xs[i] = s.curve.Scalar.New(int(share.Id))
	}
	return s.interpolate(xs, ys)
}

func (s Shamir) CombinePoints(shares ...*ShamirShare) (curves.Point, error) {
	if len(shares) < int(s.threshold) {
		return nil, fmt.Errorf("invalid number of shares")
	}
	dups := make(map[uint32]bool, len(shares))
	xs := make([]curves.Scalar, len(shares))
	ys := make([]curves.Point, len(shares))

	for i, share := range shares {
		err := share.Validate(s.curve)
		if err != nil {
			return nil, err
		}
		if share.Id > s.limit {
			return nil, fmt.Errorf("invalid share identifier")
		}
		if _, in := dups[share.Id]; in {
			return nil, fmt.Errorf("duplicate share")
		}
		dups[share.Id] = true
		sc, _ := s.curve.Scalar.SetBytes(share.Value)
		ys[i] = s.curve.ScalarBaseMult(sc)
		xs[i] = s.curve.Scalar.New(int(share.Id))
	}
	return s.interpolatePoint(xs, ys)
}

func (s Shamir) interpolate(xs, ys []curves.Scalar) (curves.Scalar, error) {
	result := s.curve.Scalar.Zero()
	for i, xi := range xs {
		num := s.curve.Scalar.One()
		den := s.curve.Scalar.One()
		for j, xj := range xs {
			if i == j {
				continue
			}
			num = num.Mul(xj)
			den = den.Mul(xj.Sub(xi))
		}
		if den.IsZero() {
			return nil, fmt.Errorf("divide by zero")
		}
		result = result.Add(ys[i].Mul(num.Div(den)))
	}
	return result, nil
}

func (s Shamir) interpolatePoint(xs []curves.Scalar, ys []curves.Point) (curves.Point, error) {
	result := s.curve.NewIdentityPoint()
	for i, xi := range xs {
		num := s.curve.Scalar.One()
		den := s.curve.Scalar.One()
		for j, xj := range xs {
			if i == j {
				continue
			}
			num = num.Mul(xj)
			den = den.Mul(xj.Sub(xi))
		}
		if den.IsZero() {
			return nil, fmt.Errorf("divide by zero")
		}
		result = result.Add(ys[i].Mul(num.Div(den)))
	}
	return result, nil
}
feature/1114 implement account interface (#1167) - refactor: move session-related code to middleware package - refactor: update PKL build process and adjust related configurations - feat: integrate base.cosmos.v1 Genesis module - refactor: pass session context to modal rendering functions - refactor: move nebula package to app directory and update templ version - refactor: Move home section video view to dedicated directory - refactor: remove unused views file - refactor: move styles and UI components to global scope - refactor: Rename images.go to cdn.go - feat: Add Empty State Illustrations - refactor: Consolidate Vault Index Logic - fix: References to App.wasm and remove Vault Directory embedded CDN files - refactor: Move CDN types to Models - fix: Correct line numbers in templ error messages for arch_templ.go - refactor: use common types for peer roles - refactor: move common types and ORM to a shared package - fix: Config import dwn - refactor: move nebula directory to app - feat: Rebuild nebula - fix: correct file paths in panels templates - feat: Remove duplicate types - refactor: Move dwn to pkg/core - refactor: Binary Structure - feat: Introduce Crypto Pkg - fix: Broken Process Start - *feat: Update pkg/ structure - feat: Refactor PKL Structure - build: update pkl build process - chore: Remove Empty Files - refactor: remove unused macaroon package - feat: Add WebAwesome Components - refactor: consolidate build and generation tasks into a single taskfile, remove redundant makefile targets - refactor: refactor server and move components to pkg/core/dwn - build: update go modules - refactor: move gateway logic into dedicated hway command - feat: Add KSS (Krawczyk-Song-Song) MPC cryptography module - feat: Implement MPC-based JWT signing and UCAN token generation - feat: add support for MPC-based JWT signing - feat: Implement MPC-based UCAN capabilities for smart accounts - feat: add address field to keyshareSource - feat: Add comprehensive MPC test suite for keyshares, UCAN tokens, and token attenuations - refactor: improve MPC keyshare management and signing process - feat: enhance MPC capability hierarchy documentation - refactor: rename GenerateKeyshares function to NewKeyshareSource for clarity - refactor: remove unused Ethereum address computation - feat: Add HasHandle and IsAuthenticated methods to HTTPContext - refactor: Add context.Context support to session HTTPContext - refactor: Resolve context interface conflicts in HTTPContext - feat: Add session ID context key and helper functions - feat: Update WebApp Page Rendering - refactor: Simplify context management by using single HTTPContext key - refactor: Simplify HTTPContext creation and context management in session middleware - refactor: refactor session middleware to use a single data structure - refactor: Simplify HTTPContext implementation and session data handling - refactor: Improve session context handling and prevent nil pointer errors - refactor: Improve session context handling with nil safety and type support - refactor: improve session data injection - feat: add full-screen modal component and update registration flow - chore: add .air.toml to .gitignore - feat: add Air to devbox and update dependencies** 2024-11-23 01:28:58 -05:00			`//`
			`// Copyright Coinbase, Inc. All Rights Reserved.`
			`//`
			`// SPDX-License-Identifier: Apache-2.0`
			`//`

			`// Package sharing is an implementation of shamir secret sharing and implements the following papers.`
			`//`
			`// - https://dl.acm.org/doi/pdf/10.1145/359168.359176`
			`// - https://www.cs.umd.edu/~gasarch/TOPICS/secretsharing/feldmanVSS.pdf`
			`// - https://link.springer.com/content/pdf/10.1007%2F3-540-46766-1_9.pdf`
			`package sharing`

			`import (`
			`"encoding/binary"`
			`"fmt"`
			`"io"`

feature/1220 origin handle exists method (#1241) * feat: add docs and CI workflow for publishing to onsonr.dev * (refactor): Move hway,motr executables to their own repos * feat: simplify devnet and testnet configurations * refactor: update import path for didcrypto package * docs(networks): Add README with project overview, architecture, and community links * refactor: Move network configurations to deploy directory * build: update golang version to 1.23 * refactor: move logger interface to appropriate package * refactor: Move devnet configuration to networks/devnet * chore: improve release process with date variable * (chore): Move Crypto Library * refactor: improve code structure and readability in DID module * feat: integrate Trunk CI checks * ci: optimize CI workflow by removing redundant build jobs --------- Co-authored-by: Darp Alakun <i@prad.nu> 2025-01-06 12:06:10 -05:00			`"github.com/onsonr/sonr/crypto/core/curves"`
feature/1114 implement account interface (#1167) - refactor: move session-related code to middleware package - refactor: update PKL build process and adjust related configurations - feat: integrate base.cosmos.v1 Genesis module - refactor: pass session context to modal rendering functions - refactor: move nebula package to app directory and update templ version - refactor: Move home section video view to dedicated directory - refactor: remove unused views file - refactor: move styles and UI components to global scope - refactor: Rename images.go to cdn.go - feat: Add Empty State Illustrations - refactor: Consolidate Vault Index Logic - fix: References to App.wasm and remove Vault Directory embedded CDN files - refactor: Move CDN types to Models - fix: Correct line numbers in templ error messages for arch_templ.go - refactor: use common types for peer roles - refactor: move common types and ORM to a shared package - fix: Config import dwn - refactor: move nebula directory to app - feat: Rebuild nebula - fix: correct file paths in panels templates - feat: Remove duplicate types - refactor: Move dwn to pkg/core - refactor: Binary Structure - feat: Introduce Crypto Pkg - fix: Broken Process Start - *feat: Update pkg/ structure - feat: Refactor PKL Structure - build: update pkl build process - chore: Remove Empty Files - refactor: remove unused macaroon package - feat: Add WebAwesome Components - refactor: consolidate build and generation tasks into a single taskfile, remove redundant makefile targets - refactor: refactor server and move components to pkg/core/dwn - build: update go modules - refactor: move gateway logic into dedicated hway command - feat: Add KSS (Krawczyk-Song-Song) MPC cryptography module - feat: Implement MPC-based JWT signing and UCAN token generation - feat: add support for MPC-based JWT signing - feat: Implement MPC-based UCAN capabilities for smart accounts - feat: add address field to keyshareSource - feat: Add comprehensive MPC test suite for keyshares, UCAN tokens, and token attenuations - refactor: improve MPC keyshare management and signing process - feat: enhance MPC capability hierarchy documentation - refactor: rename GenerateKeyshares function to NewKeyshareSource for clarity - refactor: remove unused Ethereum address computation - feat: Add HasHandle and IsAuthenticated methods to HTTPContext - refactor: Add context.Context support to session HTTPContext - refactor: Resolve context interface conflicts in HTTPContext - feat: Add session ID context key and helper functions - feat: Update WebApp Page Rendering - refactor: Simplify context management by using single HTTPContext key - refactor: Simplify HTTPContext creation and context management in session middleware - refactor: refactor session middleware to use a single data structure - refactor: Simplify HTTPContext implementation and session data handling - refactor: Improve session context handling and prevent nil pointer errors - refactor: Improve session context handling with nil safety and type support - refactor: improve session data injection - feat: add full-screen modal component and update registration flow - chore: add .air.toml to .gitignore - feat: add Air to devbox and update dependencies** 2024-11-23 01:28:58 -05:00			`)`

			`type ShamirShare struct {`
			Id uint32 `json:"identifier"`
			Value []byte `json:"value"`
			`}`

			`func (ss ShamirShare) Validate(curve *curves.Curve) error {`
			`if ss.Id == 0 {`
			`return fmt.Errorf("invalid identifier")`
			`}`
			`sc, err := curve.Scalar.SetBytes(ss.Value)`
			`if err != nil {`
			`return err`
			`}`
			`if sc.IsZero() {`
			`return fmt.Errorf("invalid share")`
			`}`
			`return nil`
			`}`

			`func (ss ShamirShare) Bytes() []byte {`
			`var id [4]byte`
			`binary.BigEndian.PutUint32(id[:], ss.Id)`
			`return append(id[:], ss.Value...)`
			`}`

			`type Shamir struct {`
			`threshold, limit uint32`
			`curve *curves.Curve`
			`}`

			`func NewShamir(threshold, limit uint32, curve curves.Curve) (Shamir, error) {`
			`if limit < threshold {`
			`return nil, fmt.Errorf("limit cannot be less than threshold")`
			`}`
			`if threshold < 2 {`
			`return nil, fmt.Errorf("threshold cannot be less than 2")`
			`}`
			`if limit > 255 {`
			`return nil, fmt.Errorf("cannot exceed 255 shares")`
			`}`
			`if curve == nil {`
			`return nil, fmt.Errorf("invalid curve")`
			`}`
			`return &Shamir{threshold, limit, curve}, nil`
			`}`

			`func (s Shamir) Split(secret curves.Scalar, reader io.Reader) ([]*ShamirShare, error) {`
			`if secret.IsZero() {`
			`return nil, fmt.Errorf("invalid secret")`
			`}`
			`shares, _ := s.getPolyAndShares(secret, reader)`
			`return shares, nil`
			`}`

			`func (s Shamir) getPolyAndShares(secret curves.Scalar, reader io.Reader) ([]ShamirShare, Polynomial) {`
			`poly := new(Polynomial).Init(secret, s.threshold, reader)`
			`shares := make([]*ShamirShare, s.limit)`
			`for i := range shares {`
			`x := s.curve.Scalar.New(i + 1)`
			`shares[i] = &ShamirShare{`
			`Id: uint32(i + 1),`
			`Value: poly.Evaluate(x).Bytes(),`
			`}`
			`}`
			`return shares, poly`
			`}`

			`func (s Shamir) LagrangeCoeffs(identities []uint32) (map[uint32]curves.Scalar, error) {`
			`xs := make(map[uint32]curves.Scalar, len(identities))`
			`for _, xi := range identities {`
			`xs[xi] = s.curve.Scalar.New(int(xi))`
			`}`

			`result := make(map[uint32]curves.Scalar, len(identities))`
			`for i, xi := range xs {`
			`num := s.curve.Scalar.One()`
			`den := s.curve.Scalar.One()`
			`for j, xj := range xs {`
			`if i == j {`
			`continue`
			`}`

			`num = num.Mul(xj)`
			`den = den.Mul(xj.Sub(xi))`
			`}`
			`if den.IsZero() {`
			`return nil, fmt.Errorf("divide by zero")`
			`}`
			`result[i] = num.Div(den)`
			`}`
			`return result, nil`
			`}`

			`func (s Shamir) Combine(shares ...*ShamirShare) (curves.Scalar, error) {`
			`if len(shares) < int(s.threshold) {`
			`return nil, fmt.Errorf("invalid number of shares")`
			`}`
			`dups := make(map[uint32]bool, len(shares))`
			`xs := make([]curves.Scalar, len(shares))`
			`ys := make([]curves.Scalar, len(shares))`

			`for i, share := range shares {`
			`err := share.Validate(s.curve)`
			`if err != nil {`
			`return nil, err`
			`}`
			`if share.Id > s.limit {`
			`return nil, fmt.Errorf("invalid share identifier")`
			`}`
			`if _, in := dups[share.Id]; in {`
			`return nil, fmt.Errorf("duplicate share")`
			`}`
			`dups[share.Id] = true`
			`ys[i], _ = s.curve.Scalar.SetBytes(share.Value)`
			`xs[i] = s.curve.Scalar.New(int(share.Id))`
			`}`
			`return s.interpolate(xs, ys)`
			`}`

			`func (s Shamir) CombinePoints(shares ...*ShamirShare) (curves.Point, error) {`
			`if len(shares) < int(s.threshold) {`
			`return nil, fmt.Errorf("invalid number of shares")`
			`}`
			`dups := make(map[uint32]bool, len(shares))`
			`xs := make([]curves.Scalar, len(shares))`
			`ys := make([]curves.Point, len(shares))`

			`for i, share := range shares {`
			`err := share.Validate(s.curve)`
			`if err != nil {`
			`return nil, err`
			`}`
			`if share.Id > s.limit {`
			`return nil, fmt.Errorf("invalid share identifier")`
			`}`
			`if _, in := dups[share.Id]; in {`
			`return nil, fmt.Errorf("duplicate share")`
			`}`
			`dups[share.Id] = true`
			`sc, _ := s.curve.Scalar.SetBytes(share.Value)`
			`ys[i] = s.curve.ScalarBaseMult(sc)`
			`xs[i] = s.curve.Scalar.New(int(share.Id))`
			`}`
			`return s.interpolatePoint(xs, ys)`
			`}`

			`func (s Shamir) interpolate(xs, ys []curves.Scalar) (curves.Scalar, error) {`
			`result := s.curve.Scalar.Zero()`
			`for i, xi := range xs {`
			`num := s.curve.Scalar.One()`
			`den := s.curve.Scalar.One()`
			`for j, xj := range xs {`
			`if i == j {`
			`continue`
			`}`
			`num = num.Mul(xj)`
			`den = den.Mul(xj.Sub(xi))`
			`}`
			`if den.IsZero() {`
			`return nil, fmt.Errorf("divide by zero")`
			`}`
			`result = result.Add(ys[i].Mul(num.Div(den)))`
			`}`
			`return result, nil`
			`}`

			`func (s Shamir) interpolatePoint(xs []curves.Scalar, ys []curves.Point) (curves.Point, error) {`
			`result := s.curve.NewIdentityPoint()`
			`for i, xi := range xs {`
			`num := s.curve.Scalar.One()`
			`den := s.curve.Scalar.One()`
			`for j, xj := range xs {`
			`if i == j {`
			`continue`
			`}`
			`num = num.Mul(xj)`
			`den = den.Mul(xj.Sub(xi))`
			`}`
			`if den.IsZero() {`
			`return nil, fmt.Errorf("divide by zero")`
			`}`
			`result = result.Add(ys[i].Mul(num.Div(den)))`
			`}`
			`return result, nil`
			`}`