Program apps/garbled/examples/ed25519/keygen.mpcl

This example implements Ed25519 key generation. Both parties provide 3 random arguments:

Seed  [32]byte
Split [64]byte
Mask  [64]byte

The key generation seed is g.Seed^e.Seed. The generated private key is split into two random shares:

Garbler's share  : privG = g.Split^e.Split
Evaluator's share: privE = privG ^ priv

Garbler's and evaluator's shares are masked with respective masks:

privGM = privG^g.Mask
privEM = privE^e.Mask

The key generation function returns pub, privGM, and privEM to both parties. After the multiparty protocol completes, both Garbler and Evaluator reveal their private key share:

privG = privGM^g.Mask
privE = privEM^e.Mask

The following commands run the key generation algorithm. Both Evaluator and Garbler are started with 3 random arguments:

./garbled -stream -e -v -i 0x784db0ec4ca0cf5338249e6a09139109366dca1fac2838e5f0e5a46f0e191bae,0xd0da45d3c99e756da831d1e7d696eae3fa9fe39d3b1b2618c7ff997d17777989b5cf415b114298c8b10bed0f0eff118e43ab606ab01143151dff89171307dffa,0x44bf09357e19b1f96f9cf6d9e7d25a0e8dd62d6e0d4bba2bec4c59983c7dc84d1486677b6d8837746cd948c881913c36faeaee08e8309afac58be4757a1c544e
./garbled -stream -v -i 0x57c0e59c20ac7d75ef7e3188fdd7f5876abee1cab394af8125acaca9760bb54c,0x76b42e6292f4a3dc339d208481abeb9a24e08127c7cd8dbde62abcddc0c0e6f7a0f740e756b44dae137f0e7ff8eae0ceb1a962c130fdcbe8cbee3e31ab55b8dc,0xeb83eb1f5203f5b752c96264a21ff4a27fa60cf2313f5f53c3fa96e0b52a2814b786e43a3af64b66291b5b29f432cb8d5a930e31f4e6f072a6d33b861b5b5f13 examples/ed25519/keygen.mpcl

The example values return the following results:

Result[0]: 8ae64963506002e267a59665e9a2e6f9348cc159be53747894478e182ece9fcb
Result[1]: 4ded80ae09692306c9659307f522f5dba1d96e48cde9f4f6e22fb340629db76aa2bee5867d009e008b6fb85902273acda8910c9a740a788f70c28ca0a3093835
Result[2]: cd5c37f4497fd56e236aa858442b3ff90f7a6401ee2186ea18d074fe93d8f9d18b582fa47a1ee0f0a9083ddd9e262b8f3c642dfad68f667f87dddd4bec80aca3

The Garbler reveals its private key share by computing Result[1]^g.Mask:

4ded80ae09692306c9659307f522f5dba1d96e48cde9f4f6e22fb340629db76aa2bee5867d009e008b6fb85902273acda8910c9a740a788f70c28ca0a3093835
^ eb83eb1f5203f5b752c96264a21ff4a27fa60cf2313f5f53c3fa96e0b52a2814b786e43a3af64b66291b5b29f432cb8d5a930e31f4e6f072a6d33b861b5b5f13
= a66e6bb15b6ad6b19bacf163573d0179de7f62bafcd6aba521d525a0d7b79f7e153801bc47f6d566a274e370f615f140f20202ab80ec88fdd611b726b8526726

And Evaluator does the same computation for its values: Result[2]^e.Mask:

cd5c37f4497fd56e236aa858442b3ff90f7a6401ee2186ea18d074fe93d8f9d18b582fa47a1ee0f0a9083ddd9e262b8f3c642dfad68f667f87dddd4bec80aca3
^ 44bf09357e19b1f96f9cf6d9e7d25a0e8dd62d6e0d4bba2bec4c59983c7dc84d1486677b6d8837746cd948c881913c36faeaee08e8309afac58be4757a1c544e
= 89e33ec1376664974cf65e81a3f965f782ac496fe36a3cc1f49c2d66afa5319c9fde48df1796d784c5d175151fb717b9c68ec3f23ebffc854256393e969cf8ed

Now Garbler and Evaluator have their private key shares and public key, but they do not know the full combined Ed25519 private key. The private key shares can be used in the `sign.mpcl' example which computes the signature with the combined private key:

privG ^ privE = priv:
priv: 2f8d55706c0cb226d75aafe2f4c4648e5cd32bd51fbc9764d54908c67812aee2
      8ae64963506002e267a59665e9a2e6f9348cc159be53747894478e182ece9fcb
pub : 8ae64963506002e267a59665e9a2e6f9348cc159be53747894478e182ece9fcb

Constants

This section is empty.

Variables

This section is empty.

Functions

func main
func main(g, e Arguments) ([]byte, []byte, []byte)

Types

type Arguments struct { Seed [32]byte Split [64]byte Mask [64]byte }