@entropyxyz/entropy-protocol-bundler
Advanced tools
Entropy Signing and DKG protocol execution and transport logic
entropy-protocolThis contains wasm bindings to the entropy-protocol crate, for
encrypting and decrypting messages to and from entropy TSS servers,
and for executing the Entropy signing and DKG protocols on the client
side when using private access mode.
Exposed to JS:
Hpke - for signing and encrypting / decryptingX25519Keypair - for creating encryption keypairsrunDkgProtocol - for registering in private access moderunSigningProtocol - for signing in private access modeValidatorInfo - details of a TSS nodeKeyShare - a Synedrion ECDSA signing key-shareHelpers:
toHex - convert a Uint8Array to hex-encoded stringfromHex - convert a hex-encoded string to a Uint8Array, ignoring 0x prefixconstantTimeEq - compare 2 Uint8Arrays in constant timeThe private mode functions runDkgProtocol and runSigningProtocol expect to have access to
the browser websockets API, which is not present on NodeJS. If you want to use these functions on
NodeJS you must have the dependency ws as a property of the
global object like so:
Object.assign(global, { WebSocket: require('ws') })
This is tested in CI with ws version ^8.14.2.
HpkeThis is used for communicating with TSS servers and uses Hybrid Public Key Encryption based on chacha20poly1305 with X25519 key agreement, as well as sr25519 signing.
Hpke.publicKeyFromSecretGiven an sr25519 secret key, derive an X25519 DH keypair and return the public key as a 32 bytes
Uint8Array.
Hpke.encryptAndSignEncrypt and sign a message. Takes an sr25519 secret key, a payload to encrypt, and the recipient's
public x25519 key, all given as Uint8Arrays. Returns an EncryptedSignedMessage as a JSON
serialized string.
Hpke.decryptAndVerifyDecrypt and verify an EncryptedSignedMessage. Takes an x25519 secret key given as a Uint8Array,
and a JSON serialized SignedMessage containing the encrypted payload. On successful decryption
and signature verification it will return the decrypted payload as a Uint8Array.
Hpke.generateSigningKeyGenerates a secret sr25519 signing key and returns it as a Uint8Array. This is really only exposed for testing purposes, as you can also use Polkadot-JS to generate sr25519 keypairs.
X25519KeypairX25519Keypair.generateConstructor to randomly generate an X25519Keypair.
X25519Keypair.fromSecretKeyConstructor to create an X25519Keypair from a secret key given as a 32 byte Uint8Array.
X25519Keypair.secretKeyReturns the secret key as a Uint8Array. Note that this is a getter method, not a public property
of the object.
X25519Keypair.publicKeyReturns the public key as a Uint8Array. Note that this is a getter method, not a public property
of the object.
To register in private access mode a register transaction must be submitted just as with other access modes.
Then we connect to the TSS servers in the DKG committee. The DKG committee consists of one TSS node from each signing sub-group, determined by the block number of the block containing the register transaction.
To find this, for each subgroup, we get the account IDs of all members
using the staking pallet's signing_groups query with the signing group
index number as the parameter.
Then we select a member of the subgroup by using the block number
modulo the number of members of the subgroup. We check if that TSS
server has fully a synced keyshare store using the staking pallet's
is_validator_synced query with the account ID. If the server is not
fully synced, we remove that TSS server from the list of servers, and
repeat the selection process. If there are no fully synced validators
in the subgroup, registration fails.
Once we have the account ID of the selected TSS server, we get their
other details (IP address and x25519 public encryption key) by using
the staking pallet's threshold_servers query with the account ID.
We create an array of ValidatorInfo objects containing these details,
and pass this to the runDkgProtocol function, together with the
user's secret sr25519 signing key.
runDkgProtocol returns a promise which if successful will resolve to a
KeyShare. KeyShare has methods for serialization and de-serialization,
to/from both JSON and binary (using bincode).
The runSigningProtocol function also takes an array of ValidatorInfo
objects. These should be selected using the message hash, exactly the
same as the those used in a UserSignatureRequest.
runSigningProtocol needs to be run concurrently whilst
making the user/sign_tx http requests, for example by using
Promise.all. runSigningProtocol also takes the user's KeyShare
as an argument, as well as the message hash, and the user's private
sr25519 signing key and x25519 encryption key.
runSigningProtocol returns a promise which if successful will resolve
to an ECDSA signature with recovery bit, encoded as a base64 string.
0.2.0 - 2024-07-11
--mnemonic flag during
process startup. This also allows operators to back up the mnemonic for their TSS.--mnemonic-option,
and environment variable DEPLOYER_MNEMONIC, were added to the entropy-test-cli as ways to
indicate which account to use during registration. This replaces having an account name or
mnemonic directly in the command invocation.UserSignatureRequest and replaced with block_number. Thus check_stale now uses block_number for
stale checksHashingAlgorithm enum is
given an additional variant Blake2_256 and marked as non_exhaustive meaning we must handle the
case that an unknown variant is added in the future.//Alice).--mnemonic-file and THRESHOLD_SERVER_MNEMONIC (#864)blake2 as built in hash function and make HashingAlgorithm non-exhaustive (#881)FAQs
Entropy Signing and DKG protocol execution and transport logic
The npm package @entropyxyz/entropy-protocol-bundler receives a total of 0 weekly downloads. As such, @entropyxyz/entropy-protocol-bundler popularity was classified as not popular.
We found that @entropyxyz/entropy-protocol-bundler demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.
Security News
PyPI now supports digital attestations, enhancing security and trust by allowing package maintainers to verify the authenticity of Python packages.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.