grassrootseconomics
/
openethereum
5
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Secretstore DKG protocol draft + distributed encryption/decryption tests (#4725) 

* ECDKG protocol prototype

* added test for enc/dec math

* get rid of decryption_session

* added licenses

* fix after merge

* get rid of unused serde dependency

* doc

* decryption session [without commutative enc]

* failed_dec_session

* fixed tests

* added commen

* added more decryption session tests

* helper to localize an issue

* more computations to localize error

* decryption_session::SessionParams

* added tests for EC math to localize problem
This commit is contained in:
Svyatoslav Nikolsky 2017-03-13 14:54:56 +03:00 committed by Gav Wood
parent b7862ac23a
commit fddbc9e5cb
10 changed files with 2677 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ethkey/src/error.rs
View File

@ -51,6 +51,12 @@ impl fmt::Display for Error {
}
}
impl Into<String> for Error {
fn into(self) -> String {
format!("{}", self)
}
}
impl From<::secp256k1::Error> for Error {
fn from(e: ::secp256k1::Error) -> Error {
match e {

43
ethkey/src/math.rs
View File

@ -36,6 +36,17 @@ pub fn public_add(public: &mut Public, other: &Public) -> Result<(), Error> {
Ok(())
}
/// Inplace sub one public key from another (EC point - EC point)
pub fn public_sub(public: &mut Public, other: &Public) -> Result<(), Error> {
let mut key_neg_other = to_secp256k1_public(other)?;
key_neg_other.mul_assign(&SECP256K1, &key::MINUS_ONE_KEY)?;
let mut key_public = to_secp256k1_public(public)?;
key_public.add_assign(&SECP256K1, &key_neg_other)?;
set_public(public, &key_public);
Ok(())
}
/// Return base point of secp256k1
pub fn generation_point() -> Public {
let mut public_sec_raw = [0u8; 65];
@ -64,3 +75,35 @@ fn set_public(public: &mut Public, key_public: &key::PublicKey) {
let key_public_serialized = key_public.serialize_vec(&SECP256K1, false);
public.copy_from_slice(&key_public_serialized[1..65]);
}
#[cfg(test)]
mod tests {
use super::super::{Random, Generator};
use super::{public_add, public_sub};
#[test]
fn public_addition_is_commutative() {
let public1 = Random.generate().unwrap().public().clone();
let public2 = Random.generate().unwrap().public().clone();
let mut left = public1.clone();
public_add(&mut left, &public2).unwrap();
let mut right = public2.clone();
public_add(&mut right, &public1).unwrap();
assert_eq!(left, right);
}
#[test]
fn public_addition_is_reversible_with_subtraction() {
let public1 = Random.generate().unwrap().public().clone();
let public2 = Random.generate().unwrap().public().clone();
let mut sum = public1.clone();
public_add(&mut sum, &public2).unwrap();
public_sub(&mut sum, &public2).unwrap();
assert_eq!(sum, public1);
}
}

51
ethkey/src/secret.rs
View File

@ -130,3 +130,54 @@ impl Deref for Secret {
&self.inner
}
}
#[cfg(test)]
mod tests {
use std::str::FromStr;
use super::super::{Random, Generator};
use super::Secret;
#[test]
fn multiplicating_secret_inversion_with_secret_gives_one() {
let secret = Random.generate().unwrap().secret().clone();
let mut inversion = secret.clone();
inversion.inv().unwrap();
inversion.mul(&secret).unwrap();
assert_eq!(inversion, Secret::from_str("0000000000000000000000000000000000000000000000000000000000000001").unwrap());
}
#[test]
fn secret_inversion_is_reversible_with_inversion() {
let secret = Random.generate().unwrap().secret().clone();
let mut inversion = secret.clone();
inversion.inv().unwrap();
inversion.inv().unwrap();
assert_eq!(inversion, secret);
}
#[test]
fn secret_pow() {
let secret = Random.generate().unwrap().secret().clone();
let mut pow0 = secret.clone();
pow0.pow(0).unwrap();
assert_eq!(pow0, Secret::from_str("0000000000000000000000000000000000000000000000000000000000000001").unwrap());
let mut pow1 = secret.clone();
pow1.pow(1).unwrap();
assert_eq!(pow1, secret);
let mut pow2 = secret.clone();
pow2.pow(2).unwrap();
let mut pow2_expected = secret.clone();
pow2_expected.mul(&secret).unwrap();
assert_eq!(pow2, pow2_expected);
let mut pow3 = secret.clone();
pow3.pow(3).unwrap();
let mut pow3_expected = secret.clone();
pow3_expected.mul(&secret).unwrap();
pow3_expected.mul(&secret).unwrap();
assert_eq!(pow3, pow3_expected);
}
}

90
secret_store/src/key_server_cluster/cluster.rs Normal file
View File

@ -0,0 +1,90 @@
// Copyright 2015-2017 Parity Technologies (UK) Ltd.
// This file is part of Parity.
// Parity is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
// Parity is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
// You should have received a copy of the GNU General Public License
// along with Parity. If not, see <http://www.gnu.org/licenses/>.
use key_server_cluster::{Error, NodeId};
use key_server_cluster::message::Message;
/// Cluster access for single encryption/decryption participant.
pub trait Cluster {
/// Broadcast message to all other nodes.
fn broadcast(&self, message: Message) -> Result<(), Error>;
/// Send message to given node.
fn send(&self, to: &NodeId, message: Message) -> Result<(), Error>;
/// Blacklist node, close connection and remove all pending messages.
fn blacklist(&self, node: &NodeId);
}
#[cfg(test)]
pub mod tests {
use std::collections::VecDeque;
use parking_lot::Mutex;
use key_server_cluster::{NodeId, Error};
use key_server_cluster::message::Message;
use key_server_cluster::cluster::Cluster;
#[derive(Debug)]
pub struct DummyCluster {
id: NodeId,
data: Mutex<DummyClusterData>,
}
#[derive(Debug, Default)]
struct DummyClusterData {
nodes: Vec<NodeId>,
messages: VecDeque<(NodeId, Message)>,
}
impl DummyCluster {
pub fn new(id: NodeId) -> Self {
DummyCluster {
id: id,
data: Mutex::new(DummyClusterData::default())
}
}
pub fn node(&self) -> NodeId {
self.id.clone()
}
pub fn add_node(&self, node: NodeId) {
self.data.lock().nodes.push(node);
}
pub fn take_message(&self) -> Option<(NodeId, Message)> {
self.data.lock().messages.pop_front()
}
}
impl Cluster for DummyCluster {
fn broadcast(&self, message: Message) -> Result<(), Error> {
let mut data = self.data.lock();
let all_nodes: Vec<_> = data.nodes.iter().cloned().filter(|n| n != &self.id).collect();
for node in all_nodes {
data.messages.push_back((node, message.clone()));
}
Ok(())
}
fn send(&self, to: &NodeId, message: Message) -> Result<(), Error> {
debug_assert!(&self.id != to);
self.data.lock().messages.push_back((to.clone(), message));
Ok(())
}
fn blacklist(&self, _node: &NodeId) {
}
}
}

707
secret_store/src/key_server_cluster/decryption_session.rs Normal file
View File

@ -0,0 +1,707 @@
// Copyright 2015-2017 Parity Technologies (UK) Ltd.
// This file is part of Parity.
// Parity is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
// Parity is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
// You should have received a copy of the GNU General Public License
// along with Parity. If not, see <http://www.gnu.org/licenses/>.
use std::collections::{BTreeSet, BTreeMap};
use std::sync::Arc;
use parking_lot::Mutex;
use ethkey::{self, Secret, Public, Signature};
use key_server_cluster::{Error, AclStorage, EncryptedData, NodeId, SessionId};
use key_server_cluster::cluster::Cluster;
use key_server_cluster::math;
use key_server_cluster::message::{Message, InitializeDecryptionSession, ConfirmDecryptionInitialization,
RequestPartialDecryption, PartialDecryption};
/// Distributed decryption session.
/// Based on "ECDKG: A Distributed Key Generation Protocol Based on Elliptic Curve Discrete Logarithm" paper:
/// http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.124.4128&rep=rep1&type=pdf
/// Brief overview:
/// 1) initialization: master node (which has received request for decrypting the secret) requests all other nodes to decrypt the secret
/// 2) ACL check: all nodes which have received the request are querying ACL-contract to check if requestor has access to the document
/// 3) partial decryption: every node which has succussfully checked access for the requestor do a partial decryption
/// 4) decryption: master node receives all partial decryptions of the secret and restores the secret
pub struct Session {
/// Encryption session id.
id: SessionId,
/// Decryption session access key.
access_key: Secret,
/// Public identifier of this node.
self_node_id: NodeId,
/// Encrypted data.
encrypted_data: EncryptedData,
/// ACL storate to check access to the resource.
acl_storage: Arc<AclStorage>,
/// Cluster which allows this node to send messages to other nodes in the cluster.
cluster: Arc<Cluster>,
/// Mutable session data.
data: Mutex<SessionData>,
}
/// Session creation parameters
pub struct SessionParams {
/// Session identifier.
pub id: SessionId,
/// Session access key.
pub access_key: Secret,
/// Id of node, on which this session is running.
pub self_node_id: Public,
/// Encrypted data (result of running encryption_session::Session).
pub encrypted_data: EncryptedData,
/// ACL storage.
pub acl_storage: Arc<AclStorage>,
/// Cluster
pub cluster: Arc<Cluster>,
}
#[derive(Debug)]
/// Mutable data of encryption (distributed key generation) session.
struct SessionData {
/// Current state of the session.
state: SessionState,
// === Values, filled when session initialization just starts ===
/// Reference to the node, which has started this session.
master: Option<NodeId>,
/// Public key of requestor.
requestor: Option<Public>,
// === Values, filled during session initialization ===
/// Nodes, which have been requested for decryption initialization.
requested_nodes: BTreeSet<NodeId>,
/// Nodes, which have responded with reject to initialization request.
rejected_nodes: BTreeSet<NodeId>,
/// Nodes, which have responded with confirm to initialization request.
confirmed_nodes: BTreeSet<NodeId>,
// === Values, filled during partial decryption ===
/// Shadow points, received from nodes as a response to partial decryption request.
shadow_points: BTreeMap<NodeId, Public>,
/// === Values, filled during final decryption ===
/// Decrypted secret
decrypted_secret: Option<Public>,
}
#[derive(Debug)]
struct NodeData {
/// Node-generated shadow point.
shadow_point: Option<Public>,
}
#[derive(Debug, Clone, PartialEq)]
pub enum SessionState {
/// Every node starts in this state.
WaitingForInitialization,
/// Master node waits for other nodes to confirm decryption.
WaitingForInitializationConfirm,
/// Waiting for partial decrypion request.
WaitingForPartialDecryptionRequest,
/// Waiting for partial decryption responses.
WaitingForPartialDecryption,
/// Decryption session is finished for this node.
Finished,
/// Decryption session is failed for this node.
Failed,
}
impl Session {
/// Create new decryption session.
pub fn new(params: SessionParams) -> Result<Self, Error> {
check_encrypted_data(&params.self_node_id, &params.encrypted_data)?;
Ok(Session {
id: params.id,
access_key: params.access_key,
self_node_id: params.self_node_id,
encrypted_data: params.encrypted_data,
acl_storage: params.acl_storage,
cluster: params.cluster,
data: Mutex::new(SessionData {
state: SessionState::WaitingForInitialization,
master: None,
requestor: None,
requested_nodes: BTreeSet::new(),
rejected_nodes: BTreeSet::new(),
confirmed_nodes: BTreeSet::new(),
shadow_points: BTreeMap::new(),
decrypted_secret: None,
})
})
}
/// Get this node Id.
pub fn node(&self) -> &NodeId {
&self.self_node_id
}
/// Get this session access key.
pub fn access_key(&self) -> &Secret {
&self.access_key
}
/// Get current session state.
pub fn state(&self) -> SessionState {
self.data.lock().state.clone()
}
/// Get decrypted secret
pub fn decrypted_secret(&self) -> Option<Public> {
self.data.lock().decrypted_secret.clone()
}
/// Initialize decryption session.
pub fn initialize(&self, requestor_signature: Signature) -> Result<(), Error> {
let mut data = self.data.lock();
// check state
if data.state != SessionState::WaitingForInitialization {
return Err(Error::InvalidStateForRequest);
}
// recover requestor signature
let requestor_public = ethkey::recover(&requestor_signature, &self.id)?;
// update state
data.master = Some(self.node().clone());
data.state = SessionState::WaitingForInitializationConfirm;
data.requestor = Some(requestor_public.clone());
data.requested_nodes.extend(self.encrypted_data.id_numbers.keys().cloned());
// ..and finally check access on our's own
let is_requestor_allowed_to_read = self.acl_storage.check(&requestor_public, &self.id).unwrap_or(false);
process_initialization_response(&self.encrypted_data, &mut *data, self.node(), is_requestor_allowed_to_read)?;
// check if we have enough nodes to decrypt data
match data.state {
// not enough nodes => pass initialization message to all other nodes
SessionState::WaitingForInitializationConfirm => {
for node in self.encrypted_data.id_numbers.keys().filter(|n| *n != self.node()) {
self.cluster.send(node, Message::InitializeDecryptionSession(InitializeDecryptionSession {
session: self.id.clone(),
sub_session: self.access_key.clone(),
requestor_signature: requestor_signature.clone(),
}))?;
}
},
// we can decrypt data on our own
SessionState::WaitingForPartialDecryption => unimplemented!(),
// we can not decrypt data
SessionState::Failed => (),
// cannot reach other states
_ => unreachable!("process_initialization_response can change state to WaitingForPartialDecryption or Failed; checked that we are in WaitingForInitializationConfirm state above; qed"),
}
Ok(())
}
/// When session initialization message is received.
pub fn on_initialize_session(&self, sender: NodeId, message: InitializeDecryptionSession) -> Result<(), Error> {
debug_assert!(self.id == message.session);
debug_assert!(self.access_key == message.sub_session);
debug_assert!(&sender != self.node());
let mut data = self.data.lock();
// check state
if data.state != SessionState::WaitingForInitialization {
return Err(Error::InvalidStateForRequest);
}
// recover requestor signature
let requestor_public = ethkey::recover(&message.requestor_signature, &self.id)?;
// check access
let is_requestor_allowed_to_read = self.acl_storage.check(&requestor_public, &self.id).unwrap_or(false);
data.state = if is_requestor_allowed_to_read { SessionState::WaitingForPartialDecryptionRequest }
else { SessionState::Failed };
data.requestor = Some(requestor_public);
// respond to master node
data.master = Some(sender.clone());
self.cluster.send(&sender, Message::ConfirmDecryptionInitialization(ConfirmDecryptionInitialization {
session: self.id.clone(),
sub_session: self.access_key.clone(),
is_confirmed: is_requestor_allowed_to_read,
}))
}
/// When session initialization confirmation message is reeived.
pub fn on_confirm_initialization(&self, sender: NodeId, message: ConfirmDecryptionInitialization) -> Result<(), Error> {
debug_assert!(self.id == message.session);
debug_assert!(self.access_key == message.sub_session);
debug_assert!(&sender != self.node());
let mut data = self.data.lock();
// check state
if data.state != SessionState::WaitingForInitializationConfirm {
// if there were enough confirmations/rejections before this message
// we have already moved to the next state
return Ok(());
}
// update state
process_initialization_response(&self.encrypted_data, &mut *data, &sender, message.is_confirmed)?;
// check if we have enough nodes to decrypt data
match data.state {
// we do not yet have enough nodes for decryption
SessionState::WaitingForInitializationConfirm => Ok(()),
// we have enough nodes for decryption
SessionState::WaitingForPartialDecryption => {
let confirmed_nodes: BTreeSet<_> = data.confirmed_nodes.clone();
for node in data.confirmed_nodes.iter().filter(|n| n != &self.node()) {
self.cluster.send(node, Message::RequestPartialDecryption(RequestPartialDecryption {
session: self.id.clone(),
sub_session: self.access_key.clone(),
nodes: confirmed_nodes.clone(),
}))?;
}
assert!(data.confirmed_nodes.remove(self.node()));
let shadow_point = {
let requestor = data.requestor.as_ref().expect("requestor public is filled during initialization; WaitingForPartialDecryption follows initialization; qed");
do_partial_decryption(self.node(), &requestor, &data.confirmed_nodes, &self.access_key, &self.encrypted_data)?
};
data.shadow_points.insert(self.node().clone(), shadow_point);
Ok(())
},
// we can not have enough nodes for decryption
SessionState::Failed => Ok(()),
// cannot reach other states
_ => unreachable!("process_initialization_response can change state to WaitingForPartialDecryption or Failed; checked that we are in WaitingForInitializationConfirm state above; qed"),
}
}
/// When partial decryption is requested.
pub fn on_partial_decryption_requested(&self, sender: NodeId, message: RequestPartialDecryption) -> Result<(), Error> {
debug_assert!(self.id == message.session);
debug_assert!(self.access_key == message.sub_session);
debug_assert!(&sender != self.node());
// check message
if message.nodes.len() != self.encrypted_data.threshold + 1 {
return Err(Error::InvalidMessage);
}
let mut data = self.data.lock();
// check state
if data.master != Some(sender) {
return Err(Error::InvalidMessage);
}
if data.state != SessionState::WaitingForPartialDecryptionRequest {
return Err(Error::InvalidStateForRequest);
}
// calculate shadow point
let shadow_point = {
let requestor = data.requestor.as_ref().expect("requestor public is filled during initialization; WaitingForPartialDecryptionRequest follows initialization; qed");
do_partial_decryption(self.node(), &requestor, &message.nodes, &self.access_key, &self.encrypted_data)?
};
self.cluster.send(&sender, Message::PartialDecryption(PartialDecryption {
session: self.id.clone(),
sub_session: self.access_key.clone(),
shadow_point: shadow_point,
}))?;
// update sate
data.state = SessionState::Finished;
Ok(())
}
/// When partial decryption is received.
pub fn on_partial_decryption(&self, sender: NodeId, message: PartialDecryption) -> Result<(), Error> {
debug_assert!(self.id == message.session);
debug_assert!(self.access_key == message.sub_session);
debug_assert!(&sender != self.node());
let mut data = self.data.lock();
// check state
if data.state != SessionState::WaitingForPartialDecryption {
return Err(Error::InvalidStateForRequest);
}
if !data.confirmed_nodes.remove(&sender) {
return Err(Error::InvalidStateForRequest);
}
data.shadow_points.insert(sender, message.shadow_point);
// check if we have enough shadow points to decrypt the secret
if data.shadow_points.len() != self.encrypted_data.threshold + 1 {
return Ok(());
}
// decrypt the secret using shadow points
let joint_shadow_point = math::compute_joint_shadow_point(data.shadow_points.values())?;
let decrypted_secret = math::decrypt_with_joint_shadow(&self.access_key, &self.encrypted_data.encrypted_point, &joint_shadow_point)?;
data.decrypted_secret = Some(decrypted_secret);
data.state = SessionState::Finished;
Ok(())
}
}
fn check_encrypted_data(self_node_id: &Public, encrypted_data: &EncryptedData) -> Result<(), Error> {
use key_server_cluster::encryption_session::{check_cluster_nodes, check_threshold};
let nodes = encrypted_data.id_numbers.keys().cloned().collect();
check_cluster_nodes(self_node_id, &nodes)?;
check_threshold(encrypted_data.threshold, &nodes)?;
Ok(())
}
fn process_initialization_response(encrypted_data: &EncryptedData, data: &mut SessionData, node: &NodeId, check_result: bool) -> Result<(), Error> {
if !data.requested_nodes.remove(node) {
return Err(Error::InvalidMessage);
}
match check_result {
true => {
data.confirmed_nodes.insert(node.clone());
// check if we have enough nodes to do a decryption?
if data.confirmed_nodes.len() == encrypted_data.threshold + 1 {
data.state = SessionState::WaitingForPartialDecryption;
}
},
false => {
data.rejected_nodes.insert(node.clone());
// check if we still can receive enough confirmations to do a decryption?
if encrypted_data.id_numbers.len() - data.rejected_nodes.len() < encrypted_data.threshold + 1 {
data.state = SessionState::Failed;
}
},
}
Ok(())
}
fn do_partial_decryption(node: &NodeId, _requestor_public: &Public, participants: &BTreeSet<NodeId>, access_key: &Secret, encrypted_data: &EncryptedData) -> Result<Public, Error> {
let node_id_number = &encrypted_data.id_numbers[node];
let node_secret_share = &encrypted_data.secret_share;
let other_id_numbers = participants.iter()
.filter(|id| *id != node)
.map(|id| &encrypted_data.id_numbers[id]);
// TODO: commutative encryption using _requestor_public
let node_shadow = math::compute_node_shadow(node_id_number, node_secret_share, other_id_numbers)?;
math::compute_node_shadow_point(access_key, &encrypted_data.common_point, &node_shadow)
}
#[cfg(test)]
mod tests {
use std::sync::Arc;
use std::str::FromStr;
use std::collections::BTreeMap;
use super::super::super::acl_storage::DummyAclStorage;
use ethkey::{self, Random, Generator, Public, Secret};
use key_server_cluster::{NodeId, EncryptedData, SessionId, Error};
use key_server_cluster::cluster::tests::DummyCluster;
use key_server_cluster::decryption_session::{Session, SessionParams, SessionState};
use key_server_cluster::message::{self, Message};
const SECRET_PLAIN: &'static str = "d2b57ae7619e070af0af6bc8c703c0cd27814c54d5d6a999cacac0da34ede279ca0d9216e85991029e54e2f0c92ee0bd30237725fa765cbdbfc4529489864c5f";
fn prepare_decryption_sessions() -> (Vec<Arc<DummyCluster>>, Vec<Arc<DummyAclStorage>>, Vec<Session>) {
// prepare encrypted data + cluster configuration for scheme 4-of-5
let session_id = SessionId::default();
let access_key = Random.generate().unwrap().secret().clone();
let secret_shares = vec![
Secret::from_str("834cb736f02d9c968dfaf0c37658a1d86ff140554fc8b59c9fdad5a8cf810eec").unwrap(),
Secret::from_str("5a3c1d90fafafa66bb808bcc464354a98b05e6b2c95b5f609d4511cdd1b17a0b").unwrap(),
Secret::from_str("71bf61e7848e08e3a8486c308ce521bdacfebcf9116a0151447eb301f3a2d0e9").unwrap(),
Secret::from_str("80c0e5e2bea66fa9b2e07f7ce09630a9563e8242446d5ee63221feb09c4338f4").unwrap(),
Secret::from_str("c06546b5669877ba579ca437a5602e89425c53808c708d44ccd6afcaa4610fad").unwrap(),
];
let id_numbers: Vec<(NodeId, Secret)> = vec![
("b486d3840218837b035c66196ecb15e6b067ca20101e11bd5e626288ab6806ecc70b8307012626bd512bad1559112d11d21025cef48cc7a1d2f3976da08f36c8".into(),
Secret::from_str("281b6bf43cb86d0dc7b98e1b7def4a80f3ce16d28d2308f934f116767306f06c").unwrap()),
("1395568277679f7f583ab7c0992da35f26cde57149ee70e524e49bdae62db3e18eb96122501e7cbb798b784395d7bb5a499edead0706638ad056d886e56cf8fb".into(),
Secret::from_str("00125d85a05e5e63e214cb60fe63f132eec8a103aa29266b7e6e6c5b7597230b").unwrap()),
("99e82b163b062d55a64085bacfd407bb55f194ba5fb7a1af9c34b84435455520f1372e0e650a4f91aed0058cb823f62146ccb5599c8d13372c300dea866b69fc".into(),
Secret::from_str("f43ac0fba42a5b6ed95707d2244659e89ba877b1c9b82c0d0a9dcf834e80fc62").unwrap()),
("7e05df9dd077ec21ed4bc45c9fe9e0a43d65fa4be540630de615ced5e95cf5c3003035eb713317237d7667feeeb64335525158f5f7411f67aca9645169ea554c".into(),
Secret::from_str("5a324938dfb2516800487d25ab7289ba8ec38811f77c3df602e4e65e3c9acd9f").unwrap()),
("321977760d1d8e15b047a309e4c7fe6f355c10bb5a06c68472b676926427f69f229024fa2692c10da167d14cdc77eb95d0fce68af0a0f704f0d3db36baa83bb2".into(),
Secret::from_str("12cf422d50002d04e52bd4906fd7f5f235f051ca36abfe37e061f8da248008d8").unwrap()),
];
let common_point: Public = "6962be696e1bcbba8e64cc7fddf140f854835354b5804f3bb95ae5a2799130371b589a131bd39699ac7174ccb35fc4342dab05331202209582fc8f3a40916ab0".into();
let encrypted_point: Public = "b07031982bde9890e12eff154765f03c56c3ab646ad47431db5dd2d742a9297679c4c65b998557f8008469afd0c43d40b6c5f6c6a1c7354875da4115237ed87a".into();
let encrypted_datas: Vec<_> = (0..5).map(|i| EncryptedData {
threshold: 3,
id_numbers: id_numbers.clone().into_iter().collect(),
secret_share: secret_shares[i].clone(),
common_point: common_point.clone(),
encrypted_point: encrypted_point.clone(),
}).collect();
let acl_storages: Vec<_> = (0..5).map(|_| Arc::new(DummyAclStorage::default())).collect();
let clusters: Vec<_> = (0..5).map(|i| Arc::new(DummyCluster::new(id_numbers.iter().nth(i).clone().unwrap().0))).collect();
let sessions: Vec<_> = (0..5).map(|i| Session::new(SessionParams {
id: session_id.clone(),
access_key: access_key.clone(),
self_node_id: id_numbers.iter().nth(i).clone().unwrap().0,
encrypted_data: encrypted_datas[i].clone(),
acl_storage: acl_storages[i].clone(),
cluster: clusters[i].clone()
}).unwrap()).collect();
(clusters, acl_storages, sessions)
}
fn do_messages_exchange(clusters: &[Arc<DummyCluster>], sessions: &[Session]) {
do_messages_exchange_until(clusters, sessions, |_, _, _| false);
}
fn do_messages_exchange_until<F>(clusters: &[Arc<DummyCluster>], sessions: &[Session], mut cond: F) where F: FnMut(&NodeId, &NodeId, &Message) -> bool {
while let Some((from, to, message)) = clusters.iter().filter_map(|c| c.take_message().map(|(to, msg)| (c.node(), to, msg))).next() {
let session = &sessions[sessions.iter().position(|s| s.node() == &to).unwrap()];
if cond(&from, &to, &message) {
break;
}
match message {
Message::InitializeDecryptionSession(message) => session.on_initialize_session(from, message).unwrap(),
Message::ConfirmDecryptionInitialization(message) => session.on_confirm_initialization(from, message).unwrap(),
Message::RequestPartialDecryption(message) => session.on_partial_decryption_requested(from, message).unwrap(),
Message::PartialDecryption(message) => session.on_partial_decryption(from, message).unwrap(),
_ => panic!("unexpected"),
}
}
}
#[test]
fn fails_to_construct_in_cluster_of_single_node() {
let mut nodes = BTreeMap::new();
let self_node_id = Random.generate().unwrap().public().clone();
nodes.insert(self_node_id, Random.generate().unwrap().secret().clone());
match Session::new(SessionParams {
id: SessionId::default(),
access_key: Random.generate().unwrap().secret().clone(),
self_node_id: self_node_id.clone(),
encrypted_data: EncryptedData {
threshold: 0,
id_numbers: nodes,
secret_share: Random.generate().unwrap().secret().clone(),
common_point: Random.generate().unwrap().public().clone(),
encrypted_point: Random.generate().unwrap().public().clone(),
},
acl_storage: Arc::new(DummyAclStorage::default()),
cluster: Arc::new(DummyCluster::new(self_node_id.clone())),
}) {
Err(Error::InvalidNodesCount) => (),
_ => panic!("unexpected"),
}
}
#[test]
fn fails_to_construct_if_not_a_part_of_cluster() {
let mut nodes = BTreeMap::new();
let self_node_id = Random.generate().unwrap().public().clone();
nodes.insert(Random.generate().unwrap().public().clone(), Random.generate().unwrap().secret().clone());
nodes.insert(Random.generate().unwrap().public().clone(), Random.generate().unwrap().secret().clone());
match Session::new(SessionParams {
id: SessionId::default(),
access_key: Random.generate().unwrap().secret().clone(),
self_node_id: self_node_id.clone(),
encrypted_data: EncryptedData {
threshold: 0,
id_numbers: nodes,
secret_share: Random.generate().unwrap().secret().clone(),
common_point: Random.generate().unwrap().public().clone(),
encrypted_point: Random.generate().unwrap().public().clone(),
},
acl_storage: Arc::new(DummyAclStorage::default()),
cluster: Arc::new(DummyCluster::new(self_node_id.clone())),
}) {
Err(Error::InvalidNodesConfiguration) => (),
_ => panic!("unexpected"),
}
}
#[test]
fn fails_to_construct_if_threshold_is_wrong() {
let mut nodes = BTreeMap::new();
let self_node_id = Random.generate().unwrap().public().clone();
nodes.insert(self_node_id.clone(), Random.generate().unwrap().secret().clone());
nodes.insert(Random.generate().unwrap().public().clone(), Random.generate().unwrap().secret().clone());
match Session::new(SessionParams {
id: SessionId::default(),
access_key: Random.generate().unwrap().secret().clone(),
self_node_id: self_node_id.clone(),
encrypted_data: EncryptedData {
threshold: 2,
id_numbers: nodes,
secret_share: Random.generate().unwrap().secret().clone(),
common_point: Random.generate().unwrap().public().clone(),
encrypted_point: Random.generate().unwrap().public().clone(),
},
acl_storage: Arc::new(DummyAclStorage::default()),
cluster: Arc::new(DummyCluster::new(self_node_id.clone())),
}) {
Err(Error::InvalidThreshold) => (),
_ => panic!("unexpected"),
}
}
#[test]
fn fails_to_initialize_when_already_initialized() {
let (_, _, sessions) = prepare_decryption_sessions();
assert_eq!(sessions[0].initialize(ethkey::sign(Random.generate().unwrap().secret(), &SessionId::default()).unwrap()).unwrap(), ());
assert_eq!(sessions[0].initialize(ethkey::sign(Random.generate().unwrap().secret(), &SessionId::default()).unwrap()).unwrap_err(), Error::InvalidStateForRequest);
}
#[test]
fn fails_to_accept_initialization_when_already_initialized() {
let (_, _, sessions) = prepare_decryption_sessions();
assert_eq!(sessions[0].initialize(ethkey::sign(Random.generate().unwrap().secret(), &SessionId::default()).unwrap()).unwrap(), ());
assert_eq!(sessions[0].on_initialize_session(sessions[1].node().clone(), message::InitializeDecryptionSession {
session: SessionId::default(),
sub_session: sessions[0].access_key().clone(),
requestor_signature: ethkey::sign(Random.generate().unwrap().secret(), &SessionId::default()).unwrap(),
}).unwrap_err(), Error::InvalidStateForRequest);
}
#[test]
fn fails_to_partial_decrypt_if_not_waiting() {
let (_, _, sessions) = prepare_decryption_sessions();
assert_eq!(sessions[1].on_initialize_session(sessions[0].node().clone(), message::InitializeDecryptionSession {
session: SessionId::default(),
sub_session: sessions[0].access_key().clone(),
requestor_signature: ethkey::sign(Random.generate().unwrap().secret(), &SessionId::default()).unwrap(),
}).unwrap(), ());
assert_eq!(sessions[1].on_partial_decryption_requested(sessions[0].node().clone(), message::RequestPartialDecryption {
session: SessionId::default(),
sub_session: sessions[0].access_key().clone(),
nodes: sessions.iter().map(|s| s.node().clone()).take(4).collect(),
}).unwrap(), ());
assert_eq!(sessions[1].on_partial_decryption_requested(sessions[0].node().clone(), message::RequestPartialDecryption {
session: SessionId::default(),
sub_session: sessions[0].access_key().clone(),
nodes: sessions.iter().map(|s| s.node().clone()).take(4).collect(),
}).unwrap_err(), Error::InvalidStateForRequest);
}
#[test]
fn fails_to_partial_decrypt_if_requested_by_slave() {
let (_, _, sessions) = prepare_decryption_sessions();
assert_eq!(sessions[1].on_initialize_session(sessions[0].node().clone(), message::InitializeDecryptionSession {
session: SessionId::default(),
sub_session: sessions[0].access_key().clone(),
requestor_signature: ethkey::sign(Random.generate().unwrap().secret(), &SessionId::default()).unwrap(),
}).unwrap(), ());
assert_eq!(sessions[1].on_partial_decryption_requested(sessions[2].node().clone(), message::RequestPartialDecryption {
session: SessionId::default(),
sub_session: sessions[0].access_key().clone(),
nodes: sessions.iter().map(|s| s.node().clone()).take(4).collect(),
}).unwrap_err(), Error::InvalidMessage);
}
#[test]
fn fails_to_partial_decrypt_if_wrong_number_of_nodes_participating() {
let (_, _, sessions) = prepare_decryption_sessions();
assert_eq!(sessions[1].on_initialize_session(sessions[0].node().clone(), message::InitializeDecryptionSession {
session: SessionId::default(),
sub_session: sessions[0].access_key().clone(),
requestor_signature: ethkey::sign(Random.generate().unwrap().secret(), &SessionId::default()).unwrap(),
}).unwrap(), ());
assert_eq!(sessions[1].on_partial_decryption_requested(sessions[0].node().clone(), message::RequestPartialDecryption {
session: SessionId::default(),
sub_session: sessions[0].access_key().clone(),
nodes: sessions.iter().map(|s| s.node().clone()).take(2).collect(),
}).unwrap_err(), Error::InvalidMessage);
}
#[test]
fn fails_to_accept_partial_decrypt_if_not_waiting() {
let (_, _, sessions) = prepare_decryption_sessions();
assert_eq!(sessions[0].on_partial_decryption(sessions[1].node().clone(), message::PartialDecryption {
session: SessionId::default(),
sub_session: sessions[0].access_key().clone(),
shadow_point: Random.generate().unwrap().public().clone(),
}).unwrap_err(), Error::InvalidStateForRequest);
}
#[test]
fn fails_to_accept_partial_decrypt_twice() {
let (clusters, _, sessions) = prepare_decryption_sessions();
sessions[0].initialize(ethkey::sign(Random.generate().unwrap().secret(), &SessionId::default()).unwrap()).unwrap();
let mut pd_from = None;
let mut pd_msg = None;
do_messages_exchange_until(&clusters, &sessions, |from, _, msg| match msg {
&Message::PartialDecryption(ref msg) => {
pd_from = Some(from.clone());
pd_msg = Some(msg.clone());
true
},
_ => false,
});
assert_eq!(sessions[0].on_partial_decryption(pd_from.clone().unwrap(), pd_msg.clone().unwrap()).unwrap(), ());
assert_eq!(sessions[0].on_partial_decryption(pd_from.unwrap(), pd_msg.unwrap()).unwrap_err(), Error::InvalidStateForRequest);
}
#[test]
fn complete_dec_session() {
let (clusters, _, sessions) = prepare_decryption_sessions();
// now let's try to do a decryption
let key_pair = Random.generate().unwrap();
let signature = ethkey::sign(key_pair.secret(), &SessionId::default()).unwrap();
sessions[0].initialize(signature).unwrap();
do_messages_exchange(&clusters, &sessions);
// now check that:
// 1) 4 of 5 sessions are in Finished state
assert_eq!(sessions.iter().filter(|s| s.state() == SessionState::Finished).count(), 4);
// 2) 1 session is in WaitingForPartialDecryptionRequest state
assert_eq!(sessions.iter().filter(|s| s.state() == SessionState::WaitingForPartialDecryptionRequest).count(), 1);
// 3) 1 session has decrypted key value
assert!(sessions.iter().skip(1).all(|s| s.decrypted_secret().is_none()));
assert_eq!(sessions[0].decrypted_secret(), Some(SECRET_PLAIN.into()));
}
#[test]
fn failed_dec_session() {
let (clusters, acl_storages, sessions) = prepare_decryption_sessions();
// now let's try to do a decryption
let key_pair = Random.generate().unwrap();
let signature = ethkey::sign(key_pair.secret(), &SessionId::default()).unwrap();
sessions[0].initialize(signature).unwrap();
// we need 4 out of 5 nodes to agree to do a decryption
// let's say that 2 of these nodes are disagree
acl_storages[1].prohibit(key_pair.public().clone(), SessionId::default());
acl_storages[2].prohibit(key_pair.public().clone(), SessionId::default());
do_messages_exchange(&clusters, &sessions);
// now check that:
// 1) 3 of 5 sessions are in Failed state
assert_eq!(sessions.iter().filter(|s| s.state() == SessionState::Failed).count(), 3);
// 2) 2 of 5 sessions are in WaitingForPartialDecryptionRequest state
assert_eq!(sessions.iter().filter(|s| s.state() == SessionState::WaitingForPartialDecryptionRequest).count(), 2);
// 3) 0 sessions have decrypted key value
assert!(sessions.iter().all(|s| s.decrypted_secret().is_none()));
}
}

1197
secret_store/src/key_server_cluster/encryption_session.rs Normal file
View File

File diff suppressed because it is too large Load Diff

338
secret_store/src/key_server_cluster/math.rs Normal file
View File

@ -0,0 +1,338 @@
// Copyright 2015-2017 Parity Technologies (UK) Ltd.
// This file is part of Parity.
// Parity is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
// Parity is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
// You should have received a copy of the GNU General Public License
// along with Parity. If not, see <http://www.gnu.org/licenses/>.
use ethkey::{Public, Secret, Random, Generator, math};
use key_server_cluster::Error;
#[derive(Debug)]
/// Encryption result.
pub struct EncryptedSecret {
/// Common encryption point.
pub common_point: Public,
/// Ecnrypted point.
pub encrypted_point: Public,
}
/// Generate random scalar
pub fn generate_random_scalar() -> Result<Secret, Error> {
Ok(Random.generate()?.secret().clone())
}
/// Generate random point
pub fn generate_random_point() -> Result<Public, Error> {
Ok(Random.generate()?.public().clone())
}
/// Update point by multiplying to random scalar
pub fn update_random_point(point: &mut Public) -> Result<(), Error> {
Ok(math::public_mul_secret(point, &generate_random_scalar()?)?)
}
/// Generate random polynom of threshold degree
pub fn generate_random_polynom(threshold: usize) -> Result<Vec<Secret>, Error> {
let mut polynom: Vec<_> = Vec::with_capacity(threshold + 1);
for _ in 0..threshold + 1 {
polynom.push(generate_random_scalar()?);
}
debug_assert_eq!(polynom.len(), threshold + 1);
Ok(polynom)
}
/// Compute value of polynom, using `node_number` as argument
pub fn compute_polynom(polynom: &[Secret], node_number: &Secret) -> Result<Secret, Error> {
debug_assert!(!polynom.is_empty());
let mut result = polynom[0].clone();
for i in 1..polynom.len() {
// calculate pow(node_number, i)
let mut appendum = node_number.clone();
appendum.pow(i)?;
// calculate coeff * pow(point, i)
appendum.mul(&polynom[i])?;
// calculate result + coeff * pow(point, i)
result.add(&appendum)?;
}
Ok(result)
}
/// Generate public keys for other participants.
pub fn public_values_generation(threshold: usize, derived_point: &Public, polynom1: &[Secret], polynom2: &[Secret]) -> Result<Vec<Public>, Error> {
debug_assert_eq!(polynom1.len(), threshold + 1);
debug_assert_eq!(polynom2.len(), threshold + 1);
// compute t+1 public values
let mut publics = Vec::with_capacity(threshold + 1);
for i in 0..threshold + 1 {
let coeff1 = &polynom1[i];
let mut multiplication1 = math::generation_point();
math::public_mul_secret(&mut multiplication1, &coeff1)?;
let coeff2 = &polynom2[i];
let mut multiplication2 = derived_point.clone();
math::public_mul_secret(&mut multiplication2, &coeff2)?;
math::public_add(&mut multiplication1, &multiplication2)?;
publics.push(multiplication1);
}
debug_assert_eq!(publics.len(), threshold + 1);
Ok(publics)
}
/// Check keys passed by other participants.
pub fn keys_verification(threshold: usize, derived_point: &Public, number_id: &Secret, secret1: &Secret, secret2: &Secret, publics: &[Public]) -> Result<bool, Error> {
// calculate left part
let mut multiplication1 = math::generation_point();
math::public_mul_secret(&mut multiplication1, secret1)?;
let mut multiplication2 = derived_point.clone();
math::public_mul_secret(&mut multiplication2, secret2)?;
math::public_add(&mut multiplication1, &multiplication2)?;
let left = multiplication1;
// calculate right part
let mut right = publics[0].clone();
for i in 1..threshold + 1 {
let mut secret_pow = number_id.clone();
secret_pow.pow(i)?;
let mut public_k = publics[i].clone();
math::public_mul_secret(&mut public_k, &secret_pow)?;
math::public_add(&mut right, &public_k)?;
}
Ok(left == right)
}
/// Compute secret share.
pub fn compute_secret_share<'a, I>(mut secret_values: I) -> Result<Secret, Error> where I: Iterator<Item=&'a Secret> {
let mut secret_share = secret_values.next().expect("compute_secret_share is called when cluster has at least one node; qed").clone();
while let Some(secret_value) = secret_values.next() {
secret_share.add(secret_value)?;
}
Ok(secret_share)
}
/// Compute public key share.
pub fn compute_public_share(self_secret_value: &Secret) -> Result<Public, Error> {
let mut public_share = math::generation_point();
math::public_mul_secret(&mut public_share, self_secret_value)?;
Ok(public_share)
}
/// Compute joint public key.
pub fn compute_joint_public<'a, I>(mut public_shares: I) -> Result<Public, Error> where I: Iterator<Item=&'a Public> {
let mut joint_public = public_shares.next().expect("compute_joint_public is called when cluster has at least one node; qed").clone();
while let Some(public_share) = public_shares.next() {
math::public_add(&mut joint_public, &public_share)?;
}
Ok(joint_public)
}
#[cfg(test)]
/// Compute joint secret key.
pub fn compute_joint_secret<'a, I>(mut secret_coeffs: I) -> Result<Secret, Error> where I: Iterator<Item=&'a Secret> {
let mut joint_secret = secret_coeffs.next().expect("compute_joint_private is called when cluster has at least one node; qed").clone();
while let Some(secret_coeff) = secret_coeffs.next() {
joint_secret.add(secret_coeff)?;
}
Ok(joint_secret)
}
/// Encrypt secret with joint public key.
pub fn encrypt_secret(secret: Public, joint_public: &Public) -> Result<EncryptedSecret, Error> {
// this is performed by KS-cluster client (or KS master)
let key_pair = Random.generate()?;
// k * T
let mut common_point = math::generation_point();
math::public_mul_secret(&mut common_point, key_pair.secret())?;
// M + k * y
let mut encrypted_point = joint_public.clone();
math::public_mul_secret(&mut encrypted_point, key_pair.secret())?;
math::public_add(&mut encrypted_point, &secret)?;
Ok(EncryptedSecret {
common_point: common_point,
encrypted_point: encrypted_point,
})
}
/// Compute shadow for the node.
pub fn compute_node_shadow<'a, I>(node_number: &Secret, node_secret_share: &Secret, mut other_nodes_numbers: I) -> Result<Secret, Error> where I: Iterator<Item=&'a Secret> {
let other_node_number = other_nodes_numbers.next().expect("compute_node_shadow is called when at least two nodes are required to decrypt secret; qed");
let mut shadow = node_number.clone();
shadow.sub(other_node_number)?;
shadow.inv()?;
shadow.mul(other_node_number)?;
while let Some(other_node_number) = other_nodes_numbers.next() {
let mut shadow_element = node_number.clone();
shadow_element.sub(other_node_number)?;
shadow_element.inv()?;
shadow_element.mul(other_node_number)?;
shadow.mul(&shadow_element)?;
}
shadow.mul(&node_secret_share)?;
Ok(shadow)
}
/// Compute shadow point for the node.
pub fn compute_node_shadow_point(access_key: &Secret, common_point: &Public, node_shadow: &Secret) -> Result<Public, Error> {
let mut shadow_key = access_key.clone();
shadow_key.mul(node_shadow)?;
let mut node_shadow_point = common_point.clone();
math::public_mul_secret(&mut node_shadow_point, &shadow_key)?;
Ok(node_shadow_point)
}
/// Compute joint shadow point.
pub fn compute_joint_shadow_point<'a, I>(mut nodes_shadow_points: I) -> Result<Public, Error> where I: Iterator<Item=&'a Public> {
let mut joint_shadow_point = nodes_shadow_points.next().expect("compute_joint_shadow_point is called when at least two nodes are required to decrypt secret; qed").clone();
while let Some(node_shadow_point) = nodes_shadow_points.next() {
math::public_add(&mut joint_shadow_point, &node_shadow_point)?;
}
Ok(joint_shadow_point)
}
#[cfg(test)]
/// Compute joint shadow point (version for tests).
pub fn compute_joint_shadow_point_test<'a, I>(access_key: &Secret, common_point: &Public, mut nodes_shadows: I) -> Result<Public, Error> where I: Iterator<Item=&'a Secret> {
let mut joint_shadow = nodes_shadows.next().expect("compute_joint_shadow_point_test is called when at least two nodes are required to decrypt secret; qed").clone();
while let Some(node_shadow) = nodes_shadows.next() {
joint_shadow.add(node_shadow)?;
}
joint_shadow.mul(access_key)?;
let mut joint_shadow_point = common_point.clone();
math::public_mul_secret(&mut joint_shadow_point, &joint_shadow)?;
Ok(joint_shadow_point)
}
/// Decrypt data using joint shadow point.
pub fn decrypt_with_joint_shadow(access_key: &Secret, encrypted_point: &Public, joint_shadow_point: &Public) -> Result<Public, Error> {
let mut inv_access_key = access_key.clone();
inv_access_key.inv()?;
let mut decrypted_point = joint_shadow_point.clone();
math::public_mul_secret(&mut decrypted_point, &inv_access_key)?;
math::public_add(&mut decrypted_point, encrypted_point)?;
Ok(decrypted_point)
}
/// Decrypt data using joint secret (version for tests).
pub fn decrypt_with_joint_secret(encrypted_point: &Public, common_point: &Public, joint_secret: &Secret) -> Result<Public, Error> {
let mut common_point_mul = common_point.clone();
math::public_mul_secret(&mut common_point_mul, joint_secret)?;
let mut decrypted_point = encrypted_point.clone();
math::public_sub(&mut decrypted_point, &common_point_mul)?;
Ok(decrypted_point)
}
#[cfg(test)]
pub mod tests {
use ethkey::KeyPair;
use super::*;
pub fn do_encryption_and_decryption(t: usize, joint_public: &Public, id_numbers: &[Secret], secret_shares: &[Secret], joint_secret: Option<&Secret>, document_secret_plain: Public) -> (Public, Public) {
// === PART2: encryption using joint public key ===
// the next line is executed on KeyServer-client
let encrypted_secret = encrypt_secret(document_secret_plain.clone(), &joint_public).unwrap();
// === PART3: decryption ===
// next line is executed on KeyServer client
let access_key = generate_random_scalar().unwrap();
// use t + 1 nodes to compute joint shadow point
let nodes_shadows: Vec<_> = (0..t + 1).map(|i|
compute_node_shadow(&id_numbers[i], &secret_shares[i], id_numbers.iter()
.enumerate()
.filter(|&(j, _)| j != i)
.take(t)
.map(|(_, id_number)| id_number)).unwrap()).collect();
let nodes_shadow_points: Vec<_> = nodes_shadows.iter().map(|s| compute_node_shadow_point(&access_key, &encrypted_secret.common_point, s).unwrap()).collect();
assert_eq!(nodes_shadows.len(), t + 1);
assert_eq!(nodes_shadow_points.len(), t + 1);
let joint_shadow_point = compute_joint_shadow_point(nodes_shadow_points.iter()).unwrap();
let joint_shadow_point_test = compute_joint_shadow_point_test(&access_key, &encrypted_secret.common_point, nodes_shadows.iter()).unwrap();
assert_eq!(joint_shadow_point, joint_shadow_point_test);
// decrypt encrypted secret using joint shadow point
let document_secret_decrypted = decrypt_with_joint_shadow(&access_key, &encrypted_secret.encrypted_point, &joint_shadow_point).unwrap();
// decrypt encrypted secret using joint secret [just for test]
let document_secret_decrypted_test = match joint_secret {
Some(joint_secret) => decrypt_with_joint_secret(&encrypted_secret.encrypted_point, &encrypted_secret.common_point, joint_secret).unwrap(),
None => document_secret_decrypted.clone(),
};
(document_secret_decrypted, document_secret_decrypted_test)
}
#[test]
fn full_encryption_math_session() {
let test_cases = [(1, 3)];
for &(t, n) in &test_cases {
// === PART1: DKG ===
// data, gathered during initialization
let id_numbers: Vec<_> = (0..n).map(|_| generate_random_scalar().unwrap()).collect();
// data, generated during keys dissemination
let polynoms1: Vec<_> = (0..n).map(|_| generate_random_polynom(t).unwrap()).collect();
let secrets1: Vec<_> = (0..n).map(|i| (0..n).map(|j| compute_polynom(&polynoms1[i], &id_numbers[j]).unwrap()).collect::<Vec<_>>()).collect();
// data, generated during keys generation
let public_shares: Vec<_> = (0..n).map(|i| compute_public_share(&polynoms1[i][0]).unwrap()).collect();
let secret_shares: Vec<_> = (0..n).map(|i| compute_secret_share(secrets1.iter().map(|s| &s[i])).unwrap()).collect();
// joint public key, as a result of DKG
let joint_public = compute_joint_public(public_shares.iter()).unwrap();
// compute joint private key [just for test]
let joint_secret = compute_joint_secret(polynoms1.iter().map(|p| &p[0])).unwrap();
let joint_key_pair = KeyPair::from_secret(joint_secret.clone()).unwrap();
assert_eq!(&joint_public, joint_key_pair.public());
// check secret shares computation [just for test]
let secret_shares_polynom: Vec<_> = (0..t + 1).map(|k| compute_secret_share(polynoms1.iter().map(|p| &p[k])).unwrap()).collect();
let secret_shares_calculated_from_polynom: Vec<_> = id_numbers.iter().map(|id_number| compute_polynom(&*secret_shares_polynom, id_number).unwrap()).collect();
assert_eq!(secret_shares, secret_shares_calculated_from_polynom);
// now encrypt and decrypt data
let document_secret_plain = generate_random_point().unwrap();
let (document_secret_decrypted, document_secret_decrypted_test) =
do_encryption_and_decryption(t, &joint_public, &id_numbers, &secret_shares, Some(&joint_secret), document_secret_plain.clone());
assert_eq!(document_secret_plain, document_secret_decrypted_test);
assert_eq!(document_secret_plain, document_secret_decrypted);
}
}
}

168
secret_store/src/key_server_cluster/message.rs Normal file
View File

@ -0,0 +1,168 @@
// Copyright 2015-2017 Parity Technologies (UK) Ltd.
// This file is part of Parity.
// Parity is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
// Parity is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
// You should have received a copy of the GNU General Public License
// along with Parity. If not, see <http://www.gnu.org/licenses/>.
use std::collections::{BTreeSet, BTreeMap};
use ethkey::{Public, Secret, Signature};
use key_server_cluster::{NodeId, SessionId};
#[derive(Clone, Debug)]
/// All possible messages that can be sent during DKG.
pub enum Message {
/// Initialize new DKG session.
InitializeSession(InitializeSession),
/// Confirm DKG session initialization.
ConfirmInitialization(ConfirmInitialization),
/// Broadcast data, calculated during session initialization phase.
CompleteInitialization(CompleteInitialization),
/// Generated keys are sent to every node.
KeysDissemination(KeysDissemination),
/// Complaint against another node is broadcasted.
Complaint(Complaint),
/// Complaint response is broadcasted.
ComplaintResponse(ComplaintResponse),
/// Broadcast self public key portion.
PublicKeyShare(PublicKeyShare),
/// Initialize decryption session.
InitializeDecryptionSession(InitializeDecryptionSession),
/// Confirm/reject decryption session initialization.
ConfirmDecryptionInitialization(ConfirmDecryptionInitialization),
/// Request partial decryption from node.
RequestPartialDecryption(RequestPartialDecryption),
/// Partial decryption is completed
PartialDecryption(PartialDecryption),
}
#[derive(Clone, Debug)]
/// Initialize new DKG session.
pub struct InitializeSession {
/// Session Id.
pub session: SessionId,
/// Derived generation point. Starting from originator, every node must multiply this
/// point by random scalar (unknown by other nodes). At the end of initialization
/// `point` will be some (k1 * k2 * ... * kn) * G = `point` where `(k1 * k2 * ... * kn)`
/// is unknown for every node.
pub derived_point: Public,
}
#[derive(Clone, Debug)]
/// Confirm DKG session initialization.
pub struct ConfirmInitialization {
/// Session Id.
pub session: SessionId,
/// Derived generation point.
pub derived_point: Public,
}
#[derive(Clone, Debug)]
/// Broadcast generated point to every other node.
pub struct CompleteInitialization {
/// Session Id.
pub session: SessionId,
/// All session participants along with their identification numbers.
pub nodes: BTreeMap<NodeId, Secret>,
/// Decryption threshold. During decryption threshold-of-route.len() nodes must came to
/// consensus to successfully decrypt message.
pub threshold: usize,
/// Derived generation point.
pub derived_point: Public,
}
#[derive(Clone, Debug)]
/// Generated keys are sent to every node.
pub struct KeysDissemination {
/// Session Id.
pub session: SessionId,
/// Secret 1.
pub secret1: Secret,
/// Secret 2.
pub secret2: Secret,
/// Public values.
pub publics: Vec<Public>,
}
#[derive(Clone, Debug)]
/// Complaint against node is broadcasted.
pub struct Complaint {
/// Session Id.
pub session: SessionId,
/// Public values.
pub against: NodeId,
}
#[derive(Clone, Debug)]
/// Node is responding to complaint.
pub struct ComplaintResponse {
/// Session Id.
pub session: SessionId,
/// Secret 1.
pub secret1: Secret,
/// Secret 2.
pub secret2: Secret,
}
#[derive(Clone, Debug)]
/// Node is sharing its public key share.
pub struct PublicKeyShare {
/// Session Id.
pub session: SessionId,
/// Public key share.
pub public_share: Public,
}
#[derive(Clone, Debug)]
/// Node is requested to decrypt data, encrypted in given session.
pub struct InitializeDecryptionSession {
/// Encryption session Id.
pub session: SessionId,
/// Decryption session Id.
pub sub_session: Secret,
/// Requestor signature.
pub requestor_signature: Signature,
}
#[derive(Clone, Debug)]
/// Node is responding to decryption request.
pub struct ConfirmDecryptionInitialization {
/// Encryption session Id.
pub session: SessionId,
/// Decryption session Id.
pub sub_session: Secret,
/// Is node confirmed to make a decryption?.
pub is_confirmed: bool,
}
#[derive(Clone, Debug)]
/// Node is requested to do a partial decryption.
pub struct RequestPartialDecryption {
/// Encryption session Id.
pub session: SessionId,
/// Decryption session Id.
pub sub_session: Secret,
/// Nodes that are agreed to do a decryption.
pub nodes: BTreeSet<NodeId>,
}
#[derive(Clone, Debug)]
/// Node has partially decrypted the secret.
pub struct PartialDecryption {
/// Encryption session Id.
pub session: SessionId,
/// Decryption session Id.
pub sub_session: Secret,
/// Partially decrypted secret.
pub shadow_point: Public,
}

76
secret_store/src/key_server_cluster/mod.rs Normal file
View File

@ -0,0 +1,76 @@
// Copyright 2015-2017 Parity Technologies (UK) Ltd.
// This file is part of Parity.
// Parity is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
// Parity is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
// You should have received a copy of the GNU General Public License
// along with Parity. If not, see <http://www.gnu.org/licenses/>.
#![allow(dead_code)] // TODO: remove me
use std::collections::BTreeMap;
use ethkey::{self, Public, Secret, Signature};
use super::types::all::DocumentAddress;
pub use super::acl_storage::AclStorage;
pub type NodeId = Public;
pub type SessionId = DocumentAddress;
pub type SessionIdSignature = Signature;
#[derive(Debug, PartialEq)]
/// Errors which can occur during encryption/decryption session
pub enum Error {
/// Invalid number of nodes.
/// There must be at least two nodes participating in encryption.
/// There must be at least one node participating in decryption.
InvalidNodesCount,
/// Node which is required to start encryption/decryption session is not a part of cluster.
InvalidNodesConfiguration,
/// Invalid threshold value has been passed.
/// Threshold value must be in [0; n - 1], where n is a number of nodes participating in the encryption.
InvalidThreshold,
/// Current state of encryption/decryption session does not allow to proceed request.
/// This means that either there is some comm-failure or node is misbehaving/cheating.
InvalidStateForRequest,
/// Some data in passed message was recognized as invalid.
/// This means that node is misbehaving/cheating.
InvalidMessage,
/// Cryptographic error.
EthKey(String),
}
#[derive(Debug, Clone)]
/// Data, which is stored on every node after DKG && encryption is completed.
pub struct EncryptedData {
/// Decryption threshold (at least threshold + 1 nodes are required to decrypt data).
threshold: usize,
/// Nodes ids numbers.
id_numbers: BTreeMap<NodeId, Secret>,
/// Node secret share.
secret_share: Secret,
/// Common (shared) encryption point.
common_point: Public,
/// Encrypted point.
encrypted_point: Public,
}
impl From<ethkey::Error> for Error {
fn from(err: ethkey::Error) -> Self {
Error::EthKey(err.into())
}
}
mod cluster;
mod decryption_session;
mod encryption_session;
mod math;
mod message;

1
secret_store/src/lib.rs
View File

@ -26,6 +26,7 @@ extern crate ethcore_ipc as ipc;
extern crate ethcrypto;
extern crate ethkey;
mod key_server_cluster;
mod types;
mod traits {