Announcing "tecdh" crate

Dfns is launching tecdh, our new open-source library for threshold elliptic-curve Diffie-Hellman key exchange protocol. This library, maintained by Lockness under the Linux Foundation Decentralized Trust (LFDT), provides a building block for fast and secure key exchange, where the parties don't have to store the full key.

Technical Details

This crate was made by me and my colleague Denis Varlakov as an adaptation of the [tBLS] signature scheme for another use-case. We at Dfns specialize in threshold signatures, and we applied all our knowledge here. tecdh is highly optimized and integrates our previous developments in key share and network management:

• It's based on the [generic-ec] crate for ease of integration of new elliptic curves
• The multi-round setup is made with the [round-based] https://crates.io/crates/round-based crate for optimized network performance
• And the key shares themselves are from the [key-share] https://crates.io/crates/key-share crate, which allows to use any compatible algorithms for key share generation and management

Using the library

Distributed key generation (DKG)

As mentioned above, you can use any `key-share` compatible crate. We recommend using [cggmp24-keygen] \- it's another protocol based on `round-based`, which means you can reuse the network setup between it and `tecdh`.

First you will need to define the transport layer, which consists of a stream and a sink:

let incoming: impl futures::Stream<Item = Result<round_based::Incoming<Msg>>>;
let outgoing: impl futures::Sink<round_based::Outgoing<Msg>>;

Here:

Stream and Sink are the familiar primitives from the [futures] crate. - round_based::Incoming and round_based::Outgoing wrap around Msg and add extra data (e.g., sender/recipient). - Msg is the message type used by cggmp24-keygen

The transport layer must be authenticated: each message must be cryptographically verified that it comes from the claimed sender.

Next, construct an MpcParty for the DKG protocol:

let party = round_based::MpcParty::connected((incoming, outgoing));

Finally, you can execute the DKG protocol with all parties sharing the key. Parties must agree on parameters like the participant indices, the execution ID, and the threshold value.

use E = tecdh::generic_ec::curves::Ed25519;
let eid = cggmp24_keygen::ExecutionId::new(b"unique execution id");
let i = /* signer index (0 <= i < n) */;
let n = /* number of parties */;
let t = /* threshold value */;
let key_share = cggmp24_keygen::keygen::<E>(eid, i, n)
    .set_threshold(t)
    .start(&mut rand::rngs::OsRng, party)
    .await?;

This generates a shared key among the parties that run this code based on the specified parameters.

Key exchange

Now, having received a public key from the counterparty and having the key shares prepared, you can execute the tecdh protocol itself.

let party = round_based::MpcParty::connected((incoming, outgoing)); // as above

let counterparty_key: generic_ec::NonZero<generic_ec::Point<E>>;

let eid = b"unique execution id";
let i = /* signer index (0 <= i < n) */;
let participant_indices: &[u16] = /* match keygen participants to tecdh */;

let session_key = tecdh::start::<sha2::Sha256, E, _>(
    &eid,
    counterparty_key,
    i,
    &key_share,
    participant_indices,
    party,
    &mut rand::rngs::OsRng,
).await?;

For more information on the relevant functions, you can read the documentation on [docs.rs]

Open-sourcing

Our tECDH implementation marks a major step forward in distributed cryptographic threshold protocols. By open-sourcing it and placing it under Lockness governance, we’re creating a collaborative space to drive innovation and enhance security. We encourage the community to explore this tool and contribute to its growth.