Pre-Constructed Publicly Verifiable Secret Sharing (PPVSS)

⚠️ DEVELOPMENT WARNING ⚠️

This crate is currently under active development and should NOT be used in production until a stable version (1.0.0) is released. The API may change significantly, security properties are not yet guaranteed, and the implementation may contain bugs or vulnerabilities.

A Rust implementation of Pre-Constructed Publicly Verifiable Secret Sharing (PPVSS) based on the paper "Pre-Constructed Publicly Verifiable Secret Sharing and Applications".

Overview

This crate provides a PPVSS scheme that allows:

• Public Verifiability: Anyone can verify that shares were correctly distributed without access to the shares themselves
• Pre-Construction: Shares can be prepared and encrypted before the secret is known
• Threshold Reconstruction: Any k out of n participants can reconstruct the secret
• Robust Security: Invalid shares and malicious participants can be detected and excluded

Features

• ✅ Working Prototype: Basic PPVSS functionality with share encryption/decryption
• ✅ Age Encryption: Uses the modern age encryption library for secure share encryption
• ✅ Shamir's Secret Sharing: Built on the battle-tested secretsharing_shamir implementation
• ✅ Example Applications: Two complete examples demonstrating usage
• 🚧 Zero-Knowledge Proofs: Non-interactive ZK proofs (library selection in progress)
• 🚧 Public Verification: Full public verifiability (under development)
• 🚧 Security Audit: Comprehensive security review (pending)

Installation

Add this to your Cargo.toml:

[dependencies]
ppvss = "0.0.1-alpha"

Architecture

The crate is built on several key dependencies:

• age: Modern, secure encryption for protecting individual shares
• secretsharing_shamir: Robust implementation of Shamir's Secret Sharing
• Zero-Knowledge Proofs: (Library selection in progress) - For non-interactive public verification

Examples

The crate includes two comprehensive examples:

1. Basic PPVSS: Demonstrates core functionality with threshold secret sharing
2. Advanced Usage: Shows integration with custom cryptographic primitives

Current Limitations

⚠️ This implementation is incomplete and should not be used in production:

• Missing ZK Proofs: Public verifiability requires zero-knowledge proofs (not yet implemented)
• Security Review Pending: No formal security audit has been conducted
• API Instability: The public API may change significantly before v1.0.0
• Limited Testing: Comprehensive test suite and fuzzing not yet complete
• Performance Unoptimized: Current focus is on correctness, not performance

Roadmap to v1.0.0

• Zero-Knowledge Proof Integration: Select and integrate a suitable ZK proof library
• Complete Public Verification: Implement full PPVSS verification protocol
• Security Audit: Professional cryptographic review
• Comprehensive Testing: Unit tests, integration tests, and property-based testing
• Performance Optimization: Benchmarking and optimization
• Documentation: Complete API documentation and usage guides
• Constant-Time Operations: Ensure timing attack resistance

Contributing

Contributions are welcome! However, please note:

• This is experimental cryptographic software - exercise extreme caution
• All contributions will be thoroughly reviewed for security implications
• Breaking changes are expected until v1.0.0

Development Setup

Please refer to the examples included in the crate for usage demonstrations.

Security Notice

⚠️ CRYPTOGRAPHIC SOFTWARE WARNING

This crate implements cryptographic primitives and protocols. It has NOT undergone professional cryptographic review and may contain serious vulnerabilities. Do not use this library to protect sensitive data until:

1. A stable version (1.0.0+) is released
2. The implementation has been audited by qualified cryptographers
3. You understand the security assumptions and limitations

References

• Paper: "Pre-Constructed Publicly Verifiable Secret Sharing and Applications"
• Age Encryption Specification
• Shamir's Secret Sharing

License

Licensed under the Apache License, Version 2.0 (LICENSE or http://www.apache.org/licenses/LICENSE-2.0)

Disclaimer

This software is provided "as is" without warranty of any kind. The authors disclaim all liability for any damages arising from the use of this cryptographic software.