Merge pull request #219 from getamis/rewriteReadme

rewrite README

README.md

@@ -19,16 +19,21 @@ The main merit of HTSS is vertical access control such that it has "partial acco
 
 For example, an important contract not only requires enough signatures, but also needs to be signed by a manager. Despite the fact that vertical access control can be realized on the application layer and tracked by an audit log. Once a hack happens, we will have no idea about who to blame for. However, in HTSS framework, through assigning different ranks of each share induces that any valid signature generated includes the share of the manager.
 
-HTSS  has been developed by [Tassa](https://www.openu.ac.il/lists/mediaserver_documents/personalsites/tamirtassa/hss_conf.pdf) and other researchers many years ago. In our implementation, we setup up this theory on TSS(i.e. just replace Lagrange Interpolation to Birkhoff Interpolation).  Meanwhile, our protocol of sign (i.e. GG18 and CCLST20 ) can support two homomorphic encryptions which are Paillier and CL scheme. 
+HTSS  has been developed by [Tassa](https://www.openu.ac.il/lists/mediaserver_documents/personalsites/tamirtassa/hss_conf.pdf) and other researchers many years ago. In our implementation, we setup up this theory on TSS(i.e. just replace Lagrange Interpolation to Birkhoff Interpolation).
 
 Now, Alice supports two parts:
-### Audited Part :
+## Audited Part :
 
-1. [HTSS(A variant of GG18 and CCLST): ECDSA](./crypto/tss/ecdsa/gg18/README.md).
-2. [HTSS(A variant of CGGMP): ECDSA](./crypto/tss/ecdsa/cggmp/README.md).
-3. [HTSS(A variant of FROST): EdDSA](./crypto/tss/eddsa/frost/README.md).
+### ECDSA :
+1. [HTSS(A variant of GG18 and CCLST)](./crypto/tss/ecdsa/README.md).
+2. [HTSS(A variant of CGGMP)](./crypto/tss/ecdsa/README.md).
 
-### Preparation : 
+
+### EdDSA :
+1. [HTSS(A variant of FROST)](./crypto/tss/eddsa/frost/README.md).
+
+
+## Preparation : 
 1. [2-party Bip32](./crypto/bip32/README.md).
 
 
@@ -49,29 +54,32 @@ Although the fist part of Alice has been audited, you should still be careful to
 
 If you have more questions, you can connect [us](https://www.am.is/) directly without any hesitation.
 
+### Our product
+Wallet: [Qubic](https://www.qubic.app/en.html)
 
 
 ## The Explanation of Packages
 1. **binaryfield**: support some basic operation of binary fields.
-2. **binaryquadratic**: support operations  ideal class group of quadratic imaginary field over the rational number Q (ref.[here](https://math.stanford.edu/~conrad/676Page/handouts/picgroup.pdf)).
+2. **binaryquadratic**: support operations  ideal class groups of quadratic imaginary fields over the rational number Q (ref.[here](https://math.stanford.edu/~conrad/676Page/handouts/picgroup.pdf)).
 3. **bip32**: support two-party computation of [BIP32](https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki).
 4. **birkhoffinterpolation**: support the [birkhoff interpolation](https://en.wikipedia.org/wiki/Birkhoff_interpolation) (i.e. a generization of Lagrange interpolation).
-5. **circuit**: support the loading of [bristol fashion](https://homes.esat.kuleuven.be/~nsmart/MPC/) and garbled this circuit (ref. [Two Halves Make a Whole: Reducing Data Transfer in Garbled Circuits using Half Gates](https://eprint.iacr.org/2014/756)).
+5. **circuit**: support the loading of [bristol fashion](https://homes.esat.kuleuven.be/~nsmart/MPC/) and garbling circuit (ref. [Two Halves Make a Whole: Reducing Data Transfer in Garbled Circuits using Half Gates](https://eprint.iacr.org/2014/756)).
 6. **commitment**: support [Section 2.4: hash commitment](https://eprint.iacr.org/2019/114.pdf), [Section 2.6:Feldman’s VSS parotocol](https://eprint.iacr.org/2019/114.pdf), and [Pedersen Commitment](https://research.nccgroup.com/2021/06/15/on-the-use-of-pedersen-commitments-for-confidential-payments/).
-7. **dbnssystem**: write a positive integer to [The Double-Base Number expression](https://link.springer.com/chapter/10.1007/978-3-540-70500-0_32).
-8. **ecpointgrouplaw**: an interface of group operations of elliptic curve group.
-9. **elliptic**: support groups of of elliptic curve group.
-10. **homo**: support addtivie homomorphic encryptions: [Castagnos and Laguillaumie homomorphic Scheme](https://github.com/getamis/alice/tree/master/crypto/homo/cl) and [Paillier homomorphic cryptosystem](https://github.com/getamis/alice/tree/master/crypto/homo/paillier).
-11. **matrix**: support some operations of matrices over finite field.
-12. **mta**: special package used in the sign algorithm of ECDSA.
-13. **oprf**: support a hash function mapping to the point of secp256k1. (ref. [Shallue-van de Woestijne Method: Hashing to Elliptic Curves](https://tools.ietf.org/html/draft-irtf-cfrg-hash-to-curve-04#section-6.9.1))
+7. **dbnssystem**: write a positive integer to be [The Double-Base Number expression](https://link.springer.com/chapter/10.1007/978-3-540-70500-0_32).
+8. **ecpointgrouplaw**: an interface of group operations of elliptic curve groups.
+9. **elliptic**: support groups of of elliptic curve groups.
+10. **homo**: support additive homomorphic encryptions: [Castagnos and Laguillaumie homomorphic Scheme](https://github.com/getamis/alice/tree/master/crypto/homo/cl) and [Paillier homomorphic cryptosystem](https://github.com/getamis/alice/tree/master/crypto/homo/paillier).
+11. **matrix**: support some operations of matrices over finite fields.
+12. **mta**: the special package used in the sign algorithm of ECDSA.
+13. **oprf**: support a hash function mapping to the points of secp256k1. (ref. [Shallue-van de Woestijne Method: Hashing to Elliptic Curves](https://tools.ietf.org/html/draft-irtf-cfrg-hash-to-curve-04#section-6.9.1))
 14. **ot**: support an [Oblivious transfer](https://en.wikipedia.org/wiki/Oblivious_transfer) protocol (ref. [our implementation: Blazing Fast OT for Three-round UC OT Extension](https://link.springer.com/chapter/10.1007/978-3-030-45388-6_11)).
 15. **polynomial**: support some operations of polynomials over finite fields.
 16. **tss**: support ECDSA: [GG18](https://eprint.iacr.org/2019/114.pdf), [CCLST](https://link.springer.com/chapter/10.1007/978-3-030-45388-6_10), and [CGGMP](https://eprint.iacr.org/2021/060). And EdDSA: [FROST](https://link.springer.com/chapter/10.1007/978-3-030-81652-0_2).
 17. **utils**: support some commonly used functions.
 18. **zkrpoof**: support some zero knowledge proofs e.x. Schnorr's proof, factorization proof and so on.
 
 
+
 ## Acknowledgments:
 Thanks to 
 1. [Filipe Casal from Trail of Bits](https://www.trailofbits.com) for indicating the potential issues of integer factorization proof.

crypto/tss/ecdsa/gg18/README.md → crypto/tss/ecdsa/README.md

@@ -11,10 +11,15 @@ One of references of HTSS is
 
 *	[Implementations](#implementation)
 	*	[DKG](#DKG)
+		*	[GG18 & CCLST](#GG18)
+		*	[CGGMP](#CGGMP)
     *	[Signer](#Signer)
-		*	[GG18(Insecure)](#GG18)
+		*	[GG18 with sMTA](#GG18)
 		*	[CCLST](#CCLST)
+		*	[CGGMP](#CGGMP)
     *	[Reshare](#Reshare)
+		*	[GG18 & CCLST](#GG18)
+		*	[CGGMP](#CGGMP)
 *	[Usage](#usage)
     *	[Peer](#peerusage)
     *   [Listener](#listenerusage)
@@ -32,6 +37,7 @@ One of references of HTSS is
 *	[Benchmarks](#benchmark)
 	*	[GG18](#gg18benchmark)
 	*	[CCLST](#cclstbenchmark)
+	*	[CGGMP](#cggmpbenchmark)
 *	[Appendix](#appendix)
 	*	[Security levels of two homomorphic schemes](#securitylevel)
 *	[References](#reference)
@@ -79,11 +85,19 @@ The other combinations of shares can not recover the secret (e.g. 1, 1, 2).
 
 <h3 id="DKG">DKG:</h3>
 
+<h4 id="GG18">GG18 & CCLST:</h4>
 We implement a modified version of DKG in [Fast Multiparty Threshold ECDSA with Fast Trustless Setup](https://eprint.iacr.org/2019/114.pdf).
 We point out the different parts:
 * Replace Lagrange interpolation with [Birkhoff interpolation](https://en.wikipedia.org/wiki/Birkhoff_interpolation) and generate own x-coordinate respectively.
 * We do not generate a private key and the corresponding public key of homomorphic encryptions (i.e. Paillier cryptosystem or CL Scheme) in the key-generation. Move it to the beginning of Signer.
 
+
+<h4 id="CGGMP">CGGMP:</h4>
+We implement a modified version of DKG in 
+[UC Non-Interactive, Proactive, Threshold ECDSA with Identifiable Aborts](https://eprint.iacr.org/2021/060.pdf) including echo protocol.
+We point out the different part:
+* Replace replacing the n-n threshold with [Birkhoff interpolation](https://en.wikipedia.org/wiki/Birkhoff_interpolation) and generate own x-coordinate respectively.
+
 <h3 id="Signer">Signer:</h3>
 
 Our implementation involves two algorithms: [Fast Multiparty Threshold ECDSA with Fast Trustless Setup](https://eprint.iacr.org/2019/114.pdf) and [Bandwidth-efficient threshold EC-DSA](https://eprint.iacr.org/2020/084).
@@ -106,10 +120,27 @@ Our version is the algorithm of GG18 without doing range proofs in sMtA(cf. [Sec
  protocol, all participants use the same parameters but different key-pairs, which are generated in DKG.
 * All zero-knowledge proofs are non-interactive version. 
 
+
+<h4 id="CGGMP">CGGMP:</h4>
+Our implementation involves two algorithms: three-rounds and six rounds in [UC Non-Interactive, Proactive, Threshold ECDSA with Identifiable Aborts](https://eprint.iacr.org/2021/060.pdf) including echo protocol.
+
+* Replace Lagrange interpolation with [Birkhoff interpolation](https://en.wikipedia.org/wiki/Birkhoff_interpolation).
+* All zero-knowledge proofs are non-interactive version. 
+
 <h3 id="Reshare">Reshare:</h3>
 
+<h4 id="GG18">GG18 & CCLST:</h4>
 It is the standard algorithm replacing Lagrange interpolation with [Birkhoff interpolation](https://en.wikipedia.org/wiki/Birkhoff_interpolation).
 
+<h4 id="CGGMP">CGGMP:</h4>
+Our implementation is the Key-Refresh & Auxiliary Information algorithm in [UC Non-Interactive, Proactive, Threshold ECDSA with Identifiable Aborts](https://eprint.iacr.org/2021/060.pdf) including echo protocol.
+
+* Replace Lagrange interpolation with [Birkhoff interpolation](https://en.wikipedia.org/wiki/Birkhoff_interpolation).
+* All zero-knowledge proofs are non-interactive version. 
+
+
+
+
 <h2 id="usage">Usage:</h2>
 
 <h3 id="peerusage">Peer:</h3>
@@ -446,6 +477,12 @@ Our benchmarks were in local computation and ran on an Intel qualcore-i5 CPU 2.3
 |          2.452s |                   3.754s |              3.229s ± 0.396s |
 +-----------------+--------------------------+------------------------------+
 ```
+
+<h3 id="cggmpbenchmark">For CGGMP:</h3>
+In progress
+
+
+
 <h2 id="appendix">Appendix:</h2>
 
 <h3 id="securitylevel">Security levels of two homomorphic schemes:</h3>

crypto/tss/eddsa/frost/README.md

@@ -8,9 +8,6 @@ One of references of HTSS is
 3. [Example](#Example).
 
 
-## Audit Report:
-Preparation
-
 ## Table of Contents:
 
 *	[Implementations](#implementation)
@@ -60,14 +57,14 @@ The other combinations of shares can not recover the secret (e.g. 1, 1, 2).
 
 <h3 id="DKG">DKG:</h3>
 
-We implement a modified version of DKG in [Fast Multiparty Threshold ECDSA with Fast Trustless Setup](https://eprint.iacr.org/2019/114.pdf) without generating a pair Paillier key. More details can be found in the DKG of GG18.
-We point out the different part:
-* Replace Lagrange interpolation with [Birkhoff interpolation](https://en.wikipedia.org/wiki/Birkhoff_interpolation) and generate own x-coordinate respectively.
+Use the same DKG in [Fast Multiparty Threshold ECDSA with Fast Trustless Setup](https://eprint.iacr.org/2019/114.pdf).
 
 <h3 id="Signer">Signer:</h3>
 
 Our implementation is [FROST: Flexible Round-Optimized Schnorr Threshold Signatures](https://eprint.iacr.org/2020/852.pdf).
 
+<h2 id ="Example">EXAMPLE:<h2>
+In progress...
 
 <h2 id="reference">References:</h2>