KarpelesLab / tss-lib
76%

DEFAULT BRANCH: master
Repo Added
Token 5ye64R2XrjoNQrFCRKhlSNHZAAye6Eg0I regen
Build 23 Last
Files 174
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst

LAST BUILD ON BRANCH master
branch: SELECT
CHANGE BRANCH
x
Sync Branches

coverage: 76.406% (-0.09%) from 76.496%
26678642827

push

github

MagicalTux 
mldsatss: per-party round-3 response validity for identifiable abort

FIX 2 (Low). combine() previously summed every party's z_i block
unconditionally with no per-party validity check, so a single malicious party
could submit garbage z_i and force ErrAllTriesRejected for the whole committee
with no attribution (a silent DoS).

Add validatePartyResponses(), run before aggregation in combine(): each
party's non-zero z_i block must satisfy the L-part of that party's own
rejection gate, i.e. its nu-scaled L2 norm Sum_L (z_i[j]/nu)^2 must not exceed
Rp^2. An honest party either rejects a try (all-zero block, passes trivially)
or accepts it (block came from a zf that passed !zf.Excess(R, nu), so the
L-part alone is within R, and rounding stays inside Rp). Gross garbage (the DoS
vector) exceeds Rp^2 and is rejected with *ErrPartyResponseInvalid naming the
offending committee slot and keyId.

PARTIAL: this is a structural bound, not a full algebraic check. A full
identifiable abort would verify HighBits(A*z_i - c*t_i) == HighBits(w_i)
against the committed w_i, which needs each party's public key share
t_i = A*s1_i + s2_i. This trusted-dealer protocol never transmits or stores
t_i (only the aggregate t1 is public), so a small-but-wrong z_i that passes
the bound still surfaces as the non-attributable ErrAllTriesRejected.
Closing that gap requires publishing per-party t_i or a per-party
commitment/proof binding z_i to w_i.

Adds TestSigning44_InvalidResponseIsAttributed: a party broadcasts a
saturated garbage z_i and the honest combiner returns *ErrPartyResponseInvalid
naming its slot rather than ErrAllTriesRejected.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

41 of 45 new or added lines in 1 file covered. (91.11%)

344 existing lines in 9 files now uncovered.

17419 of 22798 relevant lines covered (76.41%)

124171.97 hits per line

Relevant lines Covered
22798 RELEVANT LINES 17419 COVERED LINES
124171.97 HITS PER LINE
Source Files on master

Recent builds

Builds Branch Commit Type Ran Committer Via Coverage
26678642827 master mldsatss: per-party round-3 response validity for identifiable abort FIX 2 (Low). combine() previously summed every party's z_i block unconditionally with no per-party validity check, so a single malicious party could submit garbage z_i and force... push MagicalTux github
76.41
26677818565 master common/hash_utils: clarify RejectionSample does modular reduction, not rejection RejectionSample performs a bare Mod(eHash, q) with no rejection loop. Document that it is only (near-)uniform when q is within a small factor of the 256-bit digest w... push MagicalTux github
76.5
26283934294 master Merge frosttss-hd-derivation: non-hardened HD on Ed25519 Adds Option A HD derivation to frosttss: per-key ChainCode set at keygen (deterministic function of GroupPublicKey), DeriveChild / DeriveAndSign for non-hardened paths, NewSigningWithTweak ... push MagicalTux github
76.68
26147803342 master go.mod: add golang.org/x/sys/cpu indirect dep for chacha20poly1305 go.sum was missing the golang.org/x/sys/cpu entry transitively imported by golang.org/x/crypto/chacha20poly1305 (added in the frost-encrypted- shares commit). Local builds worked ... push MagicalTux github
76.64
26105378320 master test: bump per-await timeouts 30s/60s → 5m for race-load on CI dklstss/async_test.go TestAsyncPresignAndRefresh failed on CI under -race with "async refresh timed out" — the test's per-step `time.After(30 * time.Second)` was hit during a Refresh ... push MagicalTux github
77.07
24558007932 master migrate mldsatss to mldsa v0.1.3 and fix CI lint mldsa v0.1.3 capitalizes the core API (ntt → NTT, fieldElement → FieldElement, etc.) and drops the thin wrappers the threshold package used to rely on. It also replaces SampleHyperball44's float64 ... push MagicalTux github
75.96
24556386822 master document the experimental mldsatss post-quantum threshold signer Adds a short mention in the intro, a dedicated "Post-Quantum Threshold ML-DSA (experimental)" subsection with keygen and signing code examples, and the ePrint 2025/1166 reference at... push MagicalTux github
75.98
24556290321 master add post-quantum threshold ML-DSA-44 signing (mldsatss) Implements the ML-DSA variant from "Threshold Signatures Reloaded: ML-DSA and Enhanced Raccoon with Identifiable Aborts" (Borin, Celi, del Pino, Espitau, Niot, Prest, ePrint 2025/1166) on to... push MagicalTux github
76.0
24413446242 master add optional progress callback to ecdsatss pre-param generation Pre-parameter generation spends ~all its time finding 4 safe primes (2 for the Paillier key, 2 for NTilde), which can take a minute on slower hardware with no visible progress. Surfa... push MagicalTux github
75.68
24250596740 master fix threshold subset signing by reindexing keys against current parties The new ecdsatss/eddsatss signing paths indexed per-party slices (Ks, BigXj, and for ECDSA NTildej/H1j/H2j/PaillierPKs) by the current-party index but stored them in keygen-p... push MagicalTux github
75.56
See All Builds (23)

Badge your Repo: tss-lib

We detected this repo isn’t badged! Grab the embed code to the right, add it to your repo to show off your code coverage, and when the badge is live hit the refresh button to remove this message.
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst

Refresh