+ ~ - + - + - + - ~ ~ *
| commonware
* ~ + + - ~ - + - * - +

commonware-cryptography: Unlocking Seeds, Links, and Views

August 28, 2024

When I chat with a developer about launching their own onchain application (as a specialized blockchain), the same questions always come up:

Today, we're excited to share how @commonwarexyz is answering these questions with commonware-cryptography (now in ALPHA).

commonware-cryptography is an open (Apache-2 and MIT) implementation of BLS12-381 Distributed Key Generation (DKG), Resharing, and Threshold Signatures in Rust. Unlike most implementations, our construction does not employ a "board" for share distribution (that requires dealers to broadcast encrypted shares over a public channel). Rather, dealers distribute shares over encrypted connections directly with each player and players broadcast an acknowledgement when they receive a correct share (no share material posted).

With an eye towards consensus integration (natively emitting Threshold Signatures during finalization), this interactive DKG/Resharing construction requires 2f + 1 players (of 3f + 1 players where any f are Byzantine) to generate a valid threshold signature. Resharing can be run to introduce/remove contributors and/or proactively on a regular interval to bound the age of any shares. You can read more about this construction here.

So, how does this answer any of a developer's questions?

To showcase how "Seeds" will work, we implemented a Proof-of-Concept Verifiable Random Function (VRF) CLI with a trusted Arbiter and untrusted Contributors. Contributors to this VRF connect to each other over commonware-p2p (using ED25519 identities), perform an initial DKG (to generate a static public key), and then perform a proactive refresh every 10 seconds. After a successful DKG and/or Reshare, contributors generate partial signatures over the round number and gossip them to others in the group (again using commonware-p2p). These partial signatures, when aggregated, form a bias-resistant source of randomness that was not knowable to any contributor prior to signing. To demonstrate how malicious contributors are tolerated, the CLI also lets you behave as a "rogue" dealer that generates invalid shares, a "lazy" dealer that distributes the minimum number of shares to other contributors, or a "forger" dealer that produces fake acknowledgements.

Next up, commonware-consensus!

To support contributors and developers working with the Commonware Library, we activated GitHub Discussions. We look forward to seeing you there soon!