Library Usage
The public API is accessible through the Pvss
class. Each instance stores the public
state of a complete PVSS
workflow. Messages created in one instance must be transferred
somehow (network, git repo, etc.) and be imported into the other instances.
Example
The following code is equivalent to the CLI example, if it would be ran inside a single python process:
from pvss import Pvss
from pvss.ristretto_255 import create_ristretto_255_parameters
# init, genparams
pvss_init = Pvss()
params = create_ristretto_255_parameters(pvss_init)
# alice, genuser
pvss_alice = Pvss()
pvss_alice.set_params(params)
alice_priv, alice_pub = pvss_alice.create_user_keypair("Alice")
# boris, genuser
pvss_boris = Pvss()
pvss_boris.set_params(params)
boris_priv, boris_pub = pvss_boris.create_user_keypair("Boris")
# chris, genuser
pvss_chris = Pvss()
pvss_chris.set_params(params)
chris_priv, chris_pub = pvss_chris.create_user_keypair("Chris")
# dealer, splitsecret
pvss_dealer = Pvss()
pvss_dealer.set_params(params)
pvss_dealer.add_user_public_key(chris_pub)
pvss_dealer.add_user_public_key(alice_pub)
pvss_dealer.add_user_public_key(boris_pub)
secret0, shares = pvss_dealer.share_secret(2)
# receiver, genreceiver
pvss_receiver = Pvss()
pvss_receiver.set_params(params)
recv_priv, recv_pub = pvss_receiver.create_receiver_keypair("receiver")
# boris, reencrypt
pvss_boris.add_user_public_key(alice_pub)
pvss_boris.add_user_public_key(chris_pub)
pvss_boris.set_shares(shares)
pvss_boris.set_receiver_public_key(recv_pub)
reenc_boris = pvss_boris.reencrypt_share(boris_priv)
# alice, reencrypt
pvss_alice.add_user_public_key(boris_pub)
pvss_alice.add_user_public_key(chris_pub)
pvss_alice.set_shares(shares)
pvss_alice.set_receiver_public_key(recv_pub)
reenc_alice = pvss_alice.reencrypt_share(alice_priv)
# receiver, reconstruct
pvss_receiver.add_user_public_key(boris_pub)
pvss_receiver.add_user_public_key(chris_pub)
pvss_receiver.add_user_public_key(alice_pub)
pvss_receiver.set_shares(shares)
pvss_receiver.add_reencrypted_share(reenc_alice)
pvss_receiver.add_reencrypted_share(reenc_boris)
secret1 = pvss_receiver.reconstruct_secret(recv_priv)
print(secret0 == secret1)
API reference
- pvss.qr.create_qr_params(pvss: Pvss, params: int | str | bytes) bytes [source]
Create and set QR parameters.
If params is str or a bytes, assume it’s a diffie-hellman parameter file such as created by “openssl dhparam 4096”, either DER or PEM encoded.
- Parameters:
pvss – Pvss object with public values
params – if int, must be a safe prime, otherwise must be a DH params file with a safe prime.
- Returns:
DER encoded QR system parameters.
- pvss.ristretto_255.create_ristretto_255_parameters(pvss: Pvss) bytes [source]
Create and set Ristretto255 parameters.
- Parameters:
pvss – Pvss object with public values
- Returns:
DER encoded Ristretto255 system parameters.
- class pvss.Pvss[source]
Main class to work with Pvss. Stores all public messages and exposes the PVSS operations.
The constructor takes no parameters.
Add a re-encrypted share to the internal state.
- Parameters:
data – DER encoded re-encrypted share.
- Returns:
Decoded reencrypted share.
- Raises:
ValueError – On duplicate
- add_user_public_key(data: bytes) PublicKey [source]
Add a user public key to the internal state.
- Parameters:
data – DER encoded public key
- Returns:
Decoded user public key.
- Raises:
ValueError – On duplicate name or public key value
- create_receiver_keypair(name: str) tuple[bytes, bytes] [source]
Create a random key pair for the receiver.
- Parameters:
name – Name of key; will be included in the public key.
- Returns:
DER encoded private key and public key
- create_user_keypair(name: str) tuple[bytes, bytes] [source]
Create a random key pair for a user.
- Parameters:
name – Name of key; will be included in the public key.
- Returns:
DER encoded private key and public key
- property params: SystemParameters
Retrieve system parameters.
- Returns:
The system parameters.
- property receiver_public_key: PublicKey
Retrieve receiver’s public key.
- Returns:
Receiver’s public key.
- reconstruct_secret(der_private_key: bytes) bytes [source]
Decrypt the re-encrypted shares with the private key and reconstruct the secret
- Parameters:
der_private_key – Receiver’s DER encoded private key
- Returns:
DER encoded secret
Decrypt a share of the encrypted secret with the private_key and re-encrypt it with another public key
- Parameters:
der_private_key – A user’s DER encoded private key
- Returns:
DER encoded re-encrypted share
Retrieve the list of reencrypted shares.
- Returns:
List of reencrypted shares.
- set_params(data: bytes) SystemParameters [source]
Set system parameters.
- Args
data: DER encoded system parameters.
- Returns:
Decoded system parameters.
- Raises:
Exception – If already set.
- set_receiver_public_key(data: bytes) PublicKey [source]
Add the receiver’s public key to the internal state.
- Parameters:
data – DER encoded receiver’s public key.
- Returns:
Decoded receiver’s public key.
- Raises:
Exception – On duplicate
Set the shares of the secret.
- Parameters:
data – DER encoded secret shares.
- Returns:
Decoded secret shares.
- Raises:
Exception – If already set.
Create a secret, split it and compute the encrypted shares.
- Parameters:
qualified_size – Number of shares required to reconstruct the secret
- Returns:
DER encoded shared secret and the DER encoded encrypted shares
Retrieve the shares of the secret.
- Returns:
Shares of the secret.
- property user_public_keys: dict[str, pvss.pvss.PublicKey]
Retrieve all user public keys, as mapping from username to PublicKey.
- Returns:
Mapping of username to PublicKey.