Skip to content
/ tss Public
forked from bnb-chain/tss

Threshold Signature Scheme for ECDSA

0 stars 12 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

MaxeASN/tss

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

79 Commits
api
api
 
 
client
client
 
 
cmd
cmd
 
 
common
common
 
 
doc
doc
 
 
node
node
 
 
p2p
p2p
 
 
server
server
 
 
ssdp
ssdp
 
 
task
task
 
 
test
test
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
tbnbcli
tbnbcli
 
 

Repository files navigation

tss

Cli and transportation wrapper of tss-lib

User guide

Play in localhost

Please note, "--password" option should only be used in testing. Without this option, the cli would ask interactive input and confirm

  1. build tss executable binary
git clone https://github.com/binance-chain/tss
cd tss
go build
  1. init 3 parties
./tss init --home ~/.test1 --vault_name "default" --moniker "test1" --password "123456789"
./tss init --home ~/.test2 --vault_name "default" --moniker "test2" --password "123456789"
./tss init --home ~/.test3 --vault_name "default" --moniker "test3" --password "123456789"
  1. generate channel id replace value of "--channel_id" for following commands with generated one
./tss channel --channel_expire 30
  1. keygen
./tss keygen --home ~/.test1 --vault_name "default" --parties 3 --threshold 1 --password "123456789" --channel_password "123456789" --channel_id "802671B1B19"
./tss keygen --home ~/.test2 --vault_name "default" --parties 3 --threshold 1 --password "123456789" --channel_password "123456789" --channel_id "802671B1B19"
./tss keygen --home ~/.test3 --vault_name "default" --parties 3 --threshold 1 --password "123456789" --channel_password "123456789" --channel_id "802671B1B19"
  1. sign
./tss sign --home ~/.test1 --vault_name "default" --password "123456789" --channel_password "123456789" --channel_id "802671B1B19"
./tss sign --home ~/.test2 --vault_name "default" --password "123456789" --channel_password "123456789" --channel_id "802671B1B19"
  1. regroup - replace existing 3 parties with 3 brand new parties
# start 2 old parties (answer Y for isOld and IsNew interactive questions)
./tss regroup --home ~/.test1 --vault_name "default" --password "123456789" --new_parties 3 --new_threshold 1 --channel_password "123456789" --channel_id "802671B1B19"
./tss regroup --home ~/.test2 --vault_name "default" --password "123456789" --new_parties 3 --new_threshold 1 --channel_password "123456789" --channel_id "802671B1B19"
# start the new parties (answer n for isIold and Y for IsNew interactive questions)
./tss regroup --home ~/.test3 --vault_name "default" --password "123456789" --new_parties 3 --new_threshold 1 --channel_password "123456789" --channel_id "802671B1B19"

TSS-1049 Upgrade

After TSS-1049 change, reshare now can work under environment with no SSDP support like a native AWS VPC:

Init:
A:
./tss init --vault_name rg55101 --moniker rg55101 --password 123456789 --p2p.listen "/ip4/127.0.0.1/tcp/55101"
B:
./tss init --vault_name rg55102 --moniker rg55102 --password 123456789 --p2p.listen "/ip4/127.0.0.1/tcp/55102"
C:
./tss init --vault_name rg55103 --moniker rg55103 --password 123456789 --p2p.listen "/ip4/127.0.0.1/tcp/55103"

Keygen by ABC (parties 3, threshold 1)
A:
./tss keygen --vault_name rg55101 --parties 3 --threshold 1 --password 123456789 --channel_password 123456789 --channel_id 20963C1108C --p2p.peer_addrs "/ip4/127.0.0.1/tcp/55102","/ip4/127.0.0.1/tcp/55103" --log_level debug 2>&1 | tee keygen_a.log
B:
./tss keygen --vault_name rg55102 --parties 3 --threshold 1 --password 123456789 --channel_password 123456789 --channel_id 20963C1108C --p2p.peer_addrs "/ip4/127.0.0.1/tcp/55101","/ip4/127.0.0.1/tcp/55103" --log_level debug 2>&1 | tee keygen_b.log
C:
./tss keygen --vault_name rg55103 --parties 3 --threshold 1 --password 123456789 --channel_password 123456789 --channel_id 20963C1108C --p2p.peer_addrs "/ip4/127.0.0.1/tcp/55101","/ip4/127.0.0.1/tcp/55102" --log_level debug 2>&1 | tee keygen_c.log
D:
N/A
Regroup
A
./tss regroup --is_old true --is_new_member true --vault_name rg55101 --password 123456789 --parties 3 --threshold 1 --new_parties 3 --new_threshold 1 --channel_password 123456789 --channel_id 20963C1108C --p2p.new_listen "/ip4/127.0.0.1/tcp/43899" --p2p.new_peer_addrs "/ip4/127.0.0.1/tcp/55101","/ip4/127.0.0.1/tcp/55102","/ip4/127.0.0.1/tcp/40855","/ip4/127.0.0.1/tcp/55104" 2>&1 | tee regroup_a.log
B
./tss regroup --is_old true --is_new_member true --vault_name rg55102 --password 123456789 --parties 3 --threshold 1 --new_parties 3 --new_threshold 1 --channel_password 123456789 --channel_id 20963C1108C --p2p.new_listen "/ip4/127.0.0.1/tcp/40855" --p2p.new_peer_addrs "/ip4/127.0.0.1/tcp/55101","/ip4/127.0.0.1/tcp/55102","/ip4/127.0.0.1/tcp/43899","/ip4/127.0.0.1/tcp/55104" 2>&1 | tee regroup_b.log
D
./tss init --vault_name rg55103 --moniker rg55104 --password 123456789 --p2p.listen "/ip4/127.0.0.1/tcp/55104"
./tss regroup --is_old false --is_new_member true --vault_name rg55103 --password 123456789 --parties 3 --threshold 1 --new_parties 3 --new_threshold 1 --channel_password 123456789 --channel_id 20963C1108C --p2p.new_peer_addrs "/ip4/127.0.0.1/tcp/55101","/ip4/127.0.0.1/tcp/55102","/ip4/127.0.0.1/tcp/43899","/ip4/127.0.0.1/tcp/40855" 2>&1 | tee regroup_d.log

Note for running on macos catalina (To be enhanced)

xattr -d com.apple.quarantine ./tss
xattr -d com.apple.quarantine ./tbnbcli
xattr -d com.apple.quarantine ./bnbcli

Network roles and connection topological

Supported NAT Types

Referred to libp2p/go-libp2p#375 (comment) We also have three nat-traversal solutions at the moment.

  1. UPnP/NATPortMap

    When NAT traversal is enabled (in go-libp2p, pass the NATPortMap() option to the libp2p constructor), libp2p will use UPnP and NATPortMap to ask the NAT's router to open and forward a port for libp2p. If your router supports either UPnP or NATPortMap, this is by far the best option.

  2. STUN/hole-punching

    LibP2P has it's own version of the "STUN" protocol using peer-routing, external address discovery, and reuseport.

  3. TURN-like protocol (relay)

    Finally, we have a TURN like protocol called p2p-circuit. This protocol allows libp2p nodes to "proxy" through other p2p nodes. All party clients registered to mainnet would automatically announce they support p2p-circuit (relay) for tss implementation.

In WAN setting

Full cone (Address)-restricted-cone Port-restricted cone Symmetric NAT
Bootstrap (tracking) server
Relay server
Client ✓ (relay server needed)

In LAN setting

Nodes can connected to each other directly without setting bootstrap and relay server.
We have 3 layers of bootstrapping session to help nodes connect with each other within a LAN

  1. ssdp - started before 2 (raw tcp bootstrapping), node advertise their listen addr and moniker and record others. This is not encrypted.
  2. raw tcp bootstrapping - node connect with each other via raw tcp to communicate their libp2pid, moniker, listen address. This is encrypted with channel id and channel password.
  3. libp2p - node share signers/whether it is new party in regroup via formal libp2p Note: keygen and regroup would relies on 1,2,3. But sign only relies on 3, which means the sign can achieved in WAN (with bootstrap server's help)

About

Threshold Signature Scheme for ECDSA

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

2 forks
Report repository

Releases

5 tags

Packages

No packages published

Languages

  • Go 98.9%
  • Shell 1.1%