feat(threshold): a module to validate cryptographic parameters #18

[0xsecaas]

A a module for validating cryptographic scheme parameters (N, f) and deriving the threshold.

It provides a single validate_and_derive_threshold function to ensure protocol safety for DKG, OT-based ECDSA, Robust ECDSA and possible future schemes.

closes #18

[codecov-commenter]

Codecov Report

❌ Patch coverage is 98.10427% with 4 lines in your changes missing coverage. Please review.
✅ Project coverage is 88.52%. Comparing base (999320f) to head (9614fde).

Files with missing lines	Patch %	Lines
src/threshold.rs	98.10%	2 Missing and 2 partials ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #106      +/-   ##
==========================================
+ Coverage   88.27%   88.52%   +0.24%     
==========================================
  Files          40       41       +1     
  Lines        8179     8390     +211     
  Branches     8179     8390     +211     
==========================================
+ Hits         7220     7427     +207     
- Misses        399      401       +2     
- Partials      560      562       +2     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[SimonRastikian]

Hello @0xsecaas , hope you are doing great!

I finally got back to this PR. I see there are different things happening in this PR from some code refactoring, to tests adjustments, to Readme updates to parameter handling. Would you be fine to split it into multiple PRs while adapting it to the new code (that is conflicted here)?

[SimonRastikian]

The "t" is capital OT refers to Oblivious Transfer.

Suggested change

	let keys = run_keygen(Scheme::OtBasedEcdsa, &participants, threshold)?;
	let keys = run_keygen(Scheme::OTBasedEcdsa, &participants, threshold)?;

[SimonRastikian]

In distributed systems, the terminology used is "faulty" nodes. In cryptography, the terminology is malicious nodes.

[SimonRastikian]

Let us not use the term threshold as multiple definitions exist in the wild and we do not want to confuse the library users.

[SimonRastikian]

DKG is very tricky as there are two actual "thresholds". The first is the Distributed systems' threshold which assumes that not more than one third of the participants are malicious (while running the DKG). The second is the threshold you are creating for the cryptography part i.e., the minimal number of shares needed to recover the key. Both exist in the DKG.
One might ask whether it makes sense to have these two thresholds different. The only answer I can give is "the library user should be clearly notified about this thing and should know what he/she is doing"

[SimonRastikian]

What about parameters for the subprotocols (presign, sign and so on?) Some of the schemes should be robust and "might" allow changing some parameters from the one protocol to the other.

[0xsecaas]

To wire this up properly, I just need to know which schemes actually allow it (e.g., robust ECDSA can sign with more active nodes but the same threshold).

I assume full invariance for now, but do you already have some cases in mind?

[SimonRastikian]

@0xsecaas would you still like to take care of this? Thank you always for your help

[0xsecaas]

@SimonRastikian Definitely, I’ll make sure to take care of it this week.

[0xsecaas]

split it into multiple PRs while adapting it to the new code

Sure @SimonRastikian, lets start with the documentation #221

[SimonRastikian]

I will close this PR as you are opening smaller ones on the side. Thank you @0xsecaas !