+ ~ - + - + - + - ~ ~ *
| commonware
* ~ + + - ~ - + - * - +

commonware-cryptography: Unlocking Seeds, Links, and Views

August 28, 2024

When I chat with a developer about launching their own onchain application (as a specialized blockchain), the same questions always come up:

Today, we're excited to share how @commonwarexyz is answering these questions with commonware-cryptography (now in ALPHA).

commonware-cryptography is an open (Apache-2 and MIT) implementation of BLS12-381 Distributed Key Generation (DKG), Resharing, and Threshold Signatures in Rust. Unlike most implementations, commonware-cryptography does not employ a "board" for share distribution (that requires dealers to broadcast encrypted shares over a public channel). Rather, dealers distribute shares over encrypted connections directly with each recipient and recipients broadcast an acknowledgement when they receive a correct share (no share material included).

With an eye towards consensus integration (natively emitting Threshold Signatures during finalization), the commonware-cryptography DKG/Resharing construction identifies disqualified contributors in each round (missing commitment, invalid commitment, invalid share distribution, ignoring reveal requests, etc.) and supports maintaining a threshold of 2f + 1 (of 3f + 1 total contributors) across Reshares (which can be run to introduce/remove contributors and/or proactively on a regular interval to bound the age of shares). You can read more about this construction here.

So, how does this answer any of a developer's questions?

To showcase how "Seeds" will work, we implemented a Proof-of-Concept Verifiable Random Function (VRF) CLI with a trusted Arbiter (that will be removed after the release of commonware-consensus) and untrusted Contributors:

Contributors to this VRF connect to each other over commonware-p2p (using ED25519 identities), perform an initial DKG (to generate a static public key), and then perform a proactive refresh every 10 seconds. After a successful DKG and/or Reshare, contributors generate partial signatures over the round number and gossip them to others in the group (again using commonware-p2p). These partial signatures, when aggregated, form a bias-resistant source of randomness that was not knowable to any contributor prior to signing.

To demonstrate how malicious contributors are tolerated, the CLI also lets you behave as a "rogue" dealer that generates invalid shares, a "lazy" dealer that doesn't distribute shares to other contributors, or a "defiant" dealer that doesn't respond to requests to reveal shares that weren't acknowledged by other contributors.

Next up, commonware-consensus!

To support contributors and developers working with the Commonware Library, we launched a Discord. We look forward to seeing you there soon!