serai/docs/cryptography/Distributed Key Generation.md
Luke Parker 13977f6287
Clean and document the DKG library's encryption
Encryption used to be inlined into FROST. When writing the documentation, I
realized it was decently hard to review. It also was antagonistic to other
hosted DKG algorithms by not allowing code re-use.

Encryption is now a standalone module, providing clear boundaries and
reusability.

Additionally, the DKG protocol itself used to use the ciphersuite's specified
hash function (with an HKDF to prevent length extension attacks). Now,
RecommendedTranscript is used to achieve much more robust transcripting and
remove the HKDF dependency. This does add Blake2 into all consumers yet is
preferred for its security properties and ease of review.
2022-12-07 17:30:42 -05:00

745 B

Distributed Key Generation

Serai uses a modification of Pedersen's Distributed Key Generation, which is actually Feldman's Verifiable Secret Sharing Scheme run by every participant, as described in the FROST paper. The modification included in FROST was to include a Schnorr Proof of Knowledge for coefficient zero, preventing rogue key attacks. This results in a two-round protocol.

Encryption

In order to protect the secret shares during communication, the dkg library additionally sends an encryption key. These encryption keys are used in an ECDH to derive a shared key. This key is then hashed to obtain two keys and IVs, one for sending and one for receiving, with the given counterparty. Chacha20 is used as the stream cipher.