npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

mpc-tss

v0.1.2

Published

Multi-Party Computation Threshold Signature Scheme Implementation in Javascript

Downloads

7

Readme

mpc-tss-js

WARNING: Work in progress!

An attempt to implement a multi-party computation (MPC) threshold signature scheme (TSS) in Javascript/Typescript for use on Node.js, browsers, react-native apps and other modern JS platforms. This strives to be secure and auditable, based on state of the art research and proven implementations, permissively licensed.

The approach is described in the original paper by Canetti et al., "UC Non-Interactive, Proactive, Threshold ECDSA with Identifiable Aborts" https://eprint.iacr.org/2021/060

Current status

Updated Dec 5, 2023:

Full keygen + signing works, now need to publish to be able to use externally for a demo check. Get back to refinement after that.

Updated Dec 2, 2023:

Milestone 2 sort of complete -- the library is able to generate a 3-party configuration via a keygen ceremony; this configuration is tested to be ingestable by the signing ceremony and to produce a valid signature in the end. Some issues leftover: proper key configuration hashing that is required at Round 4 of keygen, as well as multiple minor ones.

Updated Nov 30, 2023:

Milestone 1 complete -- the library is able to perform a "2 out of 3" or "3 out of 3" parties ECDSA signature (and probably other party numbers, too), the signature is validated both internally and with Ethereum tools. The 3 parties key configuration used is pre-created using the original multi-party-sig library. Milestone 2 is going to be the key generation ceremony implementation, but before that it needs some care with state/parameters validation and cleanup.

How to use

Until Milestone 2 I see no point exporting any API or interfaces so the best you can do now is to run the tests:

Use Node.js 21+

git clone [email protected]:burmisov/mpc-tss-js.git
cd mpc-tss-js
npm install
npm test

The signature test uses a pre-created 3-party key configuration and handles (more like emulates) signatories communication throught the 5 rounds of creating a signature.

Current goals

  1. Make a full useable cycle with creating a multi-party key setup (key generation process)
  2. Everything else is secondary at this point; this includes docs, comments, links, performance optimization, proper packaging, even some mid-to-low grade security aspects, etc.

Known issues and limitations

  1. Doesn't really perform a full-cycle useful service as of current status; this is about to change
  2. Some operations that could be constant time are not currently constant time
  3. No proper per-round validation of completeness of input parameters
  4. Signing session and state passing between rounds is a bit messy
  5. There's no consistent serialization and deserialization routints for all the necessary objects
  6. Known factorization is not reused to speed some things up; this can be added later
  7. [ likely there's more ]

TODOs:

Features

  • [x] Make rounds' communication JSON-serializable
  • [x] Prepare v0 publish artifacts
  • [ ] Publish to try to use externally

Other

  • [ ] check zk/mod
  • [ ] Hashing with domains
  • [ ] BIP32 signing
  • [ ] Refactor and cleanup
  • [ ] Devise a predictable Error model
  • [ ] ElGamal
  • [ ] Oblivious Transfer
  • [ ] Create a proper readme
  • [ ] Add a workflow to test (and publish?)
  • [x] Configure my system for signed commits
  • [ ] MILESTONE 3+: Review, add Schnorr and Ed25519 signatures to the scope, implement key refresh ceremony, etc.

Docs

  • [ ] Explicitly list dependencies
  • [ ] Link to my instrumented multi-party-sig fork
  • [ ] Lay out motivation and prior art
  • [ ] Lay out the goals and the plan
Done:
  • [x] MILESTONE 1: Create a valid signature via "online" ceremony given pre-created party setups

  • [x] Paillier encryption scheme internal library (minimal)

  • [x] Keyconfig (party setup) data

  • [x] Pedersen

  • [x] Lagrange

  • [x] ZK Proofs -- zk/enc

  • [x] Signing Round 1 !

  • [x] ZK Proofs -- zk/logstar

  • [x] ZK Proofs -- zk/affg

  • [x] ZK Proofs -- zk/affp

  • [x] MTA

  • [x] Signing Round 2

  • [x] Signing Round 3

  • [x] Signing Round 4

  • [x] Signing Round 5

  • [x] Covert to Ethereum signature and verify with external tool

  • [x] Fix session hashing

  • [x] Blake3-based hasher class

  • [x] Signing round data and implementations

  • [x] ECDSA with secp256k1 utils (use/wrap @noble/curves -- did use it)

  • [x] MILESTONE 2: Implement a key generation ceremony; generate valid party setups and create a valid signature

  • [x] ZK Proofs -- sch

  • [x] ZK Proofs -- fac

  • [x] ZK Proofs -- mod

  • [x] ZK Proofs -- prm

  • [x] Polynomials

  • [x] Polynomial Exponent

  • [x] Keygen round 1

  • [x] Keygen round 2

  • [x] Keygen round 3

  • [x] Keygen round 4

  • [x] Keygen round 5

  • [x] Implement KeyConfig hashing and amend round 5

  • [x] End-to-end test with keygen and signing with fresh keys (arbitrary parties)

Intellectual Property

Copyright 2023 Sergey Burmisov (burmisov.com)

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this work except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

Major components of this library are derived from the original Go-language library:

https://github.com/taurusgroup/multi-party-sig

While no original source files are used as-is, many JS/TS files closely rewrite the original Go files. Other parts adhere to similar semantics as the original library, and other sections are original due to JS/TS idiosyncrasies or simply at the author's discretion.

Original Go multi-party-sig copyright notice:
copyright (c) Adrian Hamelink and Taurus SA, 2021, and under Apache 2.0 license.