A Rust implementation of CGGMP20 with augmentations as described by the Wamu protocol for computation of threshold signatures by multiple decentralized identities.
It uses the Wamu Core (wamu-core) crate for Wamu's core sub-protocols and augmentations, and Webb tool's cggmp-threshold-ecdsa crate for the CGGMP20 implementation that it wraps and augments.
This crate is pre-alpha software developed as a PoC (Proof of Concept) of the Wamu protocol. It has NOT been independently audited and/or rigorously tested yet! It SHOULD NOT BE USED IN PRODUCTION!
NOTE: 🚧 This project is still work in progress, check back over the next few weeks for regular updates.
This crate is a PoC (Proof of Concept) implementation of the Wamu protocol and uses a fork of Webb tool's cggmp-threshold-ecdsa crate for the CGGMP20 implementation with the following modifications/additions:
- Fixes for/completion of the CGGMP20 pre-signing protocol.
- Support for threshold modification during the key refresh protocol.
- This also required modifications/additions to the FS-DKR library which
cggmp-threshold-ecdsauses on for key refresh implementation which are made in a fork of FS-DKR.
- This also required modifications/additions to the FS-DKR library which
- Minor public interface changes to
pubrelevant fields required for augmentation.
- Due to reliance on
cggmp-threshold-ecdsa, key generation is based on GG20 using ZenGo's multi-party-ecdsa library, which is no longer maintained and contains some known and un-patched vulnerabilities (see https://www.fireblocks.com/blog/gg18-and-gg20-paillier-key-vulnerability-technical-report/ and https://www.verichains.io/tsshock/). - Due to reliance on
cggmp-threshold-ecdsawhich uses FS-DKR (which assumes an honest majority) for the key refresh implementation, key refresh and related protocols (i.e. share addition, share removal, threshold modification and share recovery with quorum) all operate in an honest majority setting (i.e. the threshold cannot be greater than half the number of parties). - Due to reliance on
cggmp-threshold-ecdsa(and round-based-protocol), state machine implementations use/requireu16party identifiers instead of using decentralized verifying keys/addresses for the same purpose. - Only 4-round
$O(n^2)$ with identifiable abort version of CGGMP20 signing is implemented.
NOTE: There's an ongoing collaborative effort to resolve cggmp-threshold-ecdsa's deviations from CGGMP20 (see tangle-network/cggmp-threshold-ecdsa#37 for details and progress).
Run the following Cargo command in your project directory
cargo add wamu-cggmp --git https://github.com/wamutech/wamu-rs.gitYou can access documentation locally by running the following command from the project root
cargo doc --no-deps -p wamu-cggmp --openYou can run unit tests for all the core functionality by running the following command from the project root
cargo test -p wamu-cggmpSee the /crates/cggmp/examples directory.
Licensed under GPL-3.0.
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the GPL-3.0 license, shall be licensed as above, without any additional terms or conditions.