Merge branch 'feat/adkg-cli' into feat/refactor

Author: azixus

Cargo.lock

@@ -1,22 +1,23 @@
 [workspace]
 resolver = "3"
 members = [
+    "crates/adkg",
+    "crates/adkg-cli",
+    "crates/network",
     "crates/blocklock-weft",
     "crates/blocklock-warp",
     "crates/fulfiller-core",
     "crates/payment-warp",
     "crates/randomness-warp",
     "crates/dsigner",
-    "crates/marshmallow-crypto/adkg",
-    "crates/marshmallow-crypto/pairing_utils",
-    "crates/marshmallow-crypto/silent-threshold-encryption",
     "crates/network",
     "crates/omnievent",
     "crates/onlyswaps-verifier",
     "crates/randomness-weft",
     "crates/signer",
     "crates/superalloy",
     "crates/contracts-core",
+    "crates/utils",
 ]
 
 [workspace.package]
@@ -25,6 +26,7 @@ edition = "2024"
 
 [workspace.dependencies]
 # workspace crates
+adkg = { path = "./crates/adkg" }
 contracts-core = { path = "./crates/contracts-core" }
 fulfiller-core = { path = "./crates/fulfiller-core" }
 payment-warp = { path = "./crates/payment-warp" }
@@ -39,10 +41,12 @@ alloy = { version = "1.0", default-features = false }
 
 # crypto
 ark-bn254 = "0.4.0"
+ark-bls12-381 = "0.4.0"
 ark-ec = "0.4.2"
 ark-ff = "0.4.2"
+ark-poly = "0.4.2"
 ark-std = "0.4.0"
-pairing_utils = { path = "./crates/marshmallow-crypto/pairing_utils" }
+utils = { path = "./crates/utils", features = ["bn254"] }
 
 # hashes
 digest = "0.10"
@@ -88,6 +92,7 @@ clap = { version = "4.5", features = ["derive", "env"] }
 figment = { version = "0.10" }
 hex = "0.4"
 itertools = "0.14"
+rand = "0.8.0"
 thiserror = "2.0"
 
 [patch.crates-io]

Cargo.toml

@@ -0,0 +1,28 @@
+[package]
+name = "adkg-cli"
+version = "0.1.0"
+edition = "2024"
+
+[dependencies]
+dcipher-network = { workspace = true, features = ["libp2p"] }
+adkg = { workspace = true, features = ["bn254"] }
+utils = { workspace = true, features = ["bn254", "sha3"] }
+ark-bn254.workspace = true
+ark-ec.workspace = true
+ark-std.workspace = true
+clap = { workspace = true, features = ["derive", "env"] }
+itertools.workspace = true
+libp2p = { workspace = true, features = ["serde"] }
+rand.workspace = true
+serde.workspace = true
+serde_json.workspace = true
+toml = "0.9"
+tokio = { workspace = true, features = ["fs", "net", "rt", "sync", "macros", "io-util", "time", "tracing"] }
+tokio-util.workspace = true
+thiserror.workspace = true
+tracing.workspace = true
+tracing-subscriber = { workspace = true, features = ["env-filter"] }
+base64 = "0.22"
+anyhow = "1.0.86"
+humantime = "2.2.0"
+chrono = { version = "0.4.41", features = ["serde"] }

crates/adkg-cli/Cargo.toml

@@ -0,0 +1,21 @@
+FROM lukemathwalker/cargo-chef:latest-rust-1 AS chef
+WORKDIR /app
+
+FROM chef AS planner
+COPY . .
+RUN cargo chef prepare --recipe-path recipe.json
+
+FROM chef AS builder
+COPY --from=planner /app/recipe.json recipe.json
+# Build dependencies - this is the caching Docker layer!
+RUN cargo chef cook --release --recipe-path recipe.json
+# Build application
+COPY . .
+RUN cargo build --release -p adkg-cli
+RUN strip target/release/adkg-cli
+
+# We do not need the Rust toolchain to run the binary!
+FROM debian:bookworm-slim AS runtime
+WORKDIR /app
+COPY --from=builder /app/target/release/adkg-cli /usr/local/bin/adkg-cli
+CMD ["adkg-cli"]

crates/adkg-cli/Dockerfile

@@ -0,0 +1,112 @@
+# adkg-cli
+CLI tool used to prepare and execute asynchronous distributed key generation ceremonies using the ADKG described in [Practical Asynchronous Distributed Key Generation](https://eprint.iacr.org/2021/1591.pdf) by Das et al.
+
+A ceremony is a three steps process: creation of a scheme specification, long-term key generation, and the execution of the ADKG.
+
+## Networking
+The ADKG relies on libp2p to exchange messages between the various nodes.
+The current implementation requires all nodes to use tcp communication, the traffic is secured using [Noise](https://docs.libp2p.io/concepts/secure-comm/noise/), and multiplexed with [Yamux](https://docs.libp2p.io/concepts/multiplex/yamux/).
+The node must allow incoming traffic on its libp2p tcp port, and tcp outbound traffic must be allowed to the rest of the nodes.
+
+## Specifying a scheme
+A scheme is used to describe an instance of the ADKG.
+It contains various parameters, such as the curve, the number of parties and the malicious threshold.
+Here is an example of a scheme specification used in the context of `dcipher`:  
+```toml
+app_name = "dcipher"
+curve_id = "Bn254G1"
+hash_id = "Keccak256"
+adkg_version = "v0.1"
+adkg_scheme_name = "DYX20-Bn254G1-Keccak256"
+generator_g = "qB3/U8RDVn4aF2tUTlmeDQbV0PvHJ8IB0QL/k1Z+5WI="
+generator_h = "gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE="
+```
+
+The `new-scheme` command can be used to obtain a scheme specification as follows:
+```bash
+adkg-cli new-scheme --app-name dcipher --scheme-out scheme.toml
+```
+
+By default, we use the `DYX20-Bn254G1-Keccak256` scheme.
+This represents the aforementioned ADKG, using the bn254 curve on group G1.
+In this configuration, the long-term public keys use a deterministic generator, `H`, obtained by hashing `ADKG_GENERATOR_G` with the DST `ADKG-%adkg_version%-%app_name%_BN254G1_XMD:KECCAK-256_SVDW_RO_GENERATORS_` using [rfc9380](https://datatracker.ietf.org/doc/html/rfc9380).
+The public key after the ADKG, however, are output with respect to the standard generator of bn254, the point `(1, 2)`.
+
+It is preferable that a single participant executes the `new-scheme` command, and sends the generated file to the rest of the participants.
+
+## Generating long-term keys
+With the scheme in hand, the next step consists of generating long-term keys that can be used to execute multiple instances of the ADKG.
+We require the generation of two keypairs, an elliptic curve keypair `(sk, [sk] H)`, and an ed25519 libp2p keypair.
+
+The former is used for the ADKG, while the latter to authenticate and encrypt network communications.
+
+The `generate` command is used as follows and requires a `scheme.toml` file:
+```bash
+adkg-cli generate --scheme scheme.toml --priv-out adkg.priv --pub-out adkg.pub
+```
+
+The command writes the private key material to the `adkg.priv` file, and the public key material to `adkg.pub`.
+Only the public key material must be forwarded to the rest of the participants.
+As explained above, `adkg.pub` contains two different values:
+```toml
+adkg_pk = "6xBXHRXOlmPcfV2LqeEKEDAOGOoAH2pIYBnuG/h1w8s="
+peer_id = "12D3KooWRLzVJSS2EYpc9Tm4BfV5HEdXc8DiKvQkFqWhEwXcJ8eP"
+```
+
+Once the public key material of each of the participant has been gather, a group configuration in the following format must be built and sent to the participants:
+```toml
+n = 7
+t = 2
+start_time = "2025-07-24T16:25:30Z"
+
+[[nodes]]
+id = 1
+multiaddr = "/ip4/127.0.0.1/tcp/9991"
+adkg_pk = "71zT8Vib8vHG3vX2cktMyFl5VngXFi8RLOkIw9a5ulI="
+peer_id = "12D3KooWMSH17hbmMBSbEtCeyYBkFT7phd6PVaA2fdxakaTAuXMx"
+
+[[nodes]]
+id = 2
+multiaddr = "/dns4/my.domain.com/tcp/1005"
+adkg_pk = "354LSCLd/rCf8bX/vN+nWNfO2G2ZoLs/v054IAgiDFk="
+peer_id = "12D3KooWMAADWEWNMFCNBadQfNFLeHHcYeZr9tNJBekY4opdCzDM"
+
+[...]
+
+[[nodes]]
+id = 7
+multiaddr = "/ip4/127.0.0.1/tcp/7777"
+adkg_pk = "7dpgwvtWiLAw/TweCrzBeRuWahRbxqMwACwiiulYkfA="
+peer_id = "12D3KooWGjQdQ6B3LazUw2EVbhakN3P5931e1UV76vJUNoV73Dd4"
+```
+
+This file contains the group configuration, which includes the number of parties (`n`), a threshold (`t`), and an agreed upon starting time, alongside a list of nodes.
+
+Note that we use the malicious threshold here, i.e., the maximum number of parties that may be malicious.
+The reconstruction threshold, i.e., the number of partials required to obtain a threshold signature, is obtained by adding one.
+
+Each node is specified by its unique identifier, its public key material, and a libp2p multiaddress that can be used to communicate with the node.
+
+Once this group file has been obtained and save, we can proceed to the final step.
+
+## Executing the ADKG
+Finally, to execute the ADKG, we must gather various piece of information:  
+ - the scheme configuration file (`scheme.toml`)
+ - the long-term private key file (`adkg.priv`)
+ - the node's identifier (`1`) 
+ - the group configuration (`group.toml`)
+ - the libp2p listen address (`/ip4/0.0.0.0/tcp/7777`)
+
+With those details, we can use the `run` command as follows:
+```bash
+adkg-cli run                                \
+  --scheme ./scheme.toml                    \
+  --group ./group.toml                      \
+  --priv adkg.priv                          \
+  --id 1                                    \
+  --listen-address "/ip4/0.0.0.0/tcp/7777"  \
+  --priv-out adkg.ceremony.priv             \
+  --pub-out adkg.ceremony.pub 
+```
+
+Notice that we also include two output files used to store the private and public output of the ADKG.

crates/adkg-cli/README.md

@@ -0,0 +1,89 @@
+use crate::GroupConfig;
+use adkg::adkg::AdkgOutput;
+use adkg::helpers::PartyId;
+use adkg::rand::AdkgRng;
+use adkg::scheme::bn254::DYX20Bn254G1Keccak256;
+use adkg::scheme::{AdkgScheme, AdkgSchemeConfig};
+use anyhow::{Context, anyhow};
+use ark_ec::Group;
+use dcipher_network::topic::TopicBasedTransport;
+use std::sync::Arc;
+use std::time::Duration;
+use utils::serialize::fq::FqDeserialize;
+use utils::serialize::point::PointDeserializeCompressed;
+
+#[allow(clippy::too_many_arguments)]
+pub async fn adkg_dyx20_bn254_g1_keccak256<TBT>(
+    id: PartyId,
+    adkg_sk: &str,
+    group_config: &GroupConfig,
+    scheme_config: AdkgSchemeConfig,
+    adkg_grace_period: Duration,
+    adkg_timeout: Duration,
+    topic_transport: Arc<TBT>,
+    rng: &mut impl AdkgRng,
+) -> anyhow::Result<AdkgOutput<<DYX20Bn254G1Keccak256 as AdkgScheme>::Curve>>
+where
+    TBT: TopicBasedTransport<Identity = PartyId>,
+{
+    let scheme = DYX20Bn254G1Keccak256::try_from(scheme_config)?;
+    let sk = <<DYX20Bn254G1Keccak256 as AdkgScheme>::Curve as Group>::ScalarField::deser_base64(
+        adkg_sk,
+    )?;
+    let pks = group_config
+        .nodes
+        .iter()
+        .map(|p| {
+            <DYX20Bn254G1Keccak256 as AdkgScheme>::Curve::deser_base64(
+                &p.public_key_material.adkg_pk,
+            )
+        })
+        .collect::<Result<_, _>>()?;
+
+    let mut adkg = scheme.new_adkg(id, group_config.n, group_config.t, sk, pks)?;
+
+    // Calculate time to sleep before actively executing the adkg
+    let sleep_duration = (group_config.start_time - chrono::Utc::now())
+        .to_std() // TimeDelta to positive duration
+        .context("start_time cannot be in the past")?;
+
+    tracing::info!(
+        "Sleeping for {} before starting ADKG at {}",
+        humantime::format_duration(sleep_duration),
+        humantime::format_rfc3339(group_config.start_time.into()),
+    );
+    tokio::time::sleep(sleep_duration).await;
+
+    // Start the ADKG and wait until we obtain a share, or the timeout occurs
+    tracing::info!(
+        "Executing ADKG with a timeout of {}",
+        humantime::format_duration(adkg_timeout)
+    );
+
+    let res = tokio::select! {
+        output = adkg.start(rng, topic_transport) => {
+            match &output {
+                Ok(_) => {
+                    tracing::info!("ADKG has terminated with an Ok output");
+                    tracing::info!("Running ADKG until grace period of {}", humantime::format_duration(adkg_grace_period));
+                    tokio::time::sleep(adkg_grace_period).await;
+                }
+                Err(e) => {
+                    tracing::error!("failed to obtain output from ADKG: {e:?}");
+                }
+            }
+
+            Ok(output)
+        }
+
+        _ = tokio::time::sleep(adkg_timeout) => {
+            println!("Aborting ADKG due to timeout");
+            Err(anyhow!("ADKG has timed out"))
+        }
+    };
+
+    tracing::warn!("Stopping ADKG...");
+    adkg.stop().await;
+
+    Ok(res??) // unwrap both errors (timeout + adkg error)
+}