synedrion
| Crates.io | synedrion |
| lib.rs | synedrion |
| version | 0.3.0 |
| created_at | 2023-12-08 01:28:57.234628+00 |
| updated_at | 2025-04-07 15:23:54.08134+00 |
| description | Threshold signing library based on Canetti-Gennaro-Goldfeder-Makriyannis-Peled '24 scheme |
| homepage | |
| repository | https://github.com/entropyxyz/synedrion |
| max_upload_size | |
| id | 1061448 |
| size | 714,598 |
core-developers (github:entropyxyz:core-developers)
documentation
README
Synedrion
A threshold signing library based on the CGGMP'24 scheme.
WARNING: the library is a work in progress (see Issues), and has not been audited. Use at your own risk.
This library is an implementation of a scheme described in "UC Non-Interactive, Proactive, Threshold ECDSA with Identifiable Aborts" by R. Canetti, R. Gennaro, S. Goldfeder, N. Makriyannis, and U. Peled. Specifically, we are using the scheme as specified in the preprint at https://eprint.iacr.org/2021/060, revision 2024-10-21.
Protocols
The library implements the following protocols from the paper:
- ECDSA Key-Generation - generates the initial secret key shares and distributes the public counterparts between the nodes;
- Auxiliary Info. & Key Refresh - generates updates to the secret key shares and auxiliary information required for ZK proofs;
- Auxiliary Info - the protocol above without the key refresh, only generating the auxiliary info;
- ECDSA Presigning - performs all the signing calculations that do not depend on the message that is being signed;
- ECDSA Signing - finalizes signing given a pre-hashed message.
- ECDSA Interactive Signing - the two protocols above chained one after the other acting as a single protocol. Note that currently Presigning and Signing are not available separately to ensure we can generate provable evidence on Signing faults (which requires transcript from Presigning).
- Threshold Key Resharing - technically not a part of the CGGMP'24 proper, but needed to enable threshold functionality.
All the protocols support identifiable aborts where specified by the paper, and where possible, a self-contained malicious behavior evidence will be returned, so that it can be published.
The following components are work in progress:
-
Multiple shares per party - see https://github.com/entropyxyz/synedrion/issues/31;
-
Generic support for arbitrary curves - currently SECP256k1 is hardcoded, see https://github.com/entropyxyz/synedrion/issues/27 for more details.
High-level API
The library uses manul as a framework for running the protocols.
All the protocols expose a type implementing EntryPoint and can be executed via Session.
See manul docs for general information on how to execute protocols in production or development environment, and how to handle errors.