Library Usage¶
The public API is accessible through the Pvss
class. Each instance stores the public
state of a complete PVSS
workflow. Messages created in once instance must be transferred
somehow (network, git repo, etc.) and be imported into the other instances.
Example¶
The following code is equivalent to the CLI example, if it would be ran inside a single python process:
from pvss import Pvss
from pvss.ristretto_255 import create_ristretto_255_parameters
# init, genparams
pvss_init = Pvss()
params = create_ristretto_255_parameters(pvss_init)
# alice, genuser
pvss_alice = Pvss()
pvss_alice.set_params(params)
alice_priv, alice_pub = pvss_alice.create_user_keypair("Alice")
# boris, genuser
pvss_boris = Pvss()
pvss_boris.set_params(params)
boris_priv, boris_pub = pvss_boris.create_user_keypair("Boris")
# chris, genuser
pvss_chris = Pvss()
pvss_chris.set_params(params)
chris_priv, chris_pub = pvss_chris.create_user_keypair("Chris")
# dealer, splitsecret
pvss_dealer = Pvss()
pvss_dealer.set_params(params)
pvss_dealer.add_user_public_key(chris_pub)
pvss_dealer.add_user_public_key(alice_pub)
pvss_dealer.add_user_public_key(boris_pub)
secret0, shares = pvss_dealer.share_secret(2)
# receiver, genreceiver
pvss_receiver = Pvss()
pvss_receiver.set_params(params)
recv_priv, recv_pub = pvss_receiver.create_receiver_keypair("receiver")
# boris, reencrypt
pvss_boris.add_user_public_key(alice_pub)
pvss_boris.add_user_public_key(chris_pub)
pvss_boris.set_shares(shares)
pvss_boris.set_receiver_public_key(recv_pub)
reenc_boris = pvss_boris.reencrypt_share(boris_priv)
# alice, reencrypt
pvss_alice.add_user_public_key(boris_pub)
pvss_alice.add_user_public_key(chris_pub)
pvss_alice.set_shares(shares)
pvss_alice.set_receiver_public_key(recv_pub)
reenc_alice = pvss_alice.reencrypt_share(alice_priv)
# receiver, reconstruct
pvss_receiver.add_user_public_key(boris_pub)
pvss_receiver.add_user_public_key(chris_pub)
pvss_receiver.add_user_public_key(alice_pub)
pvss_receiver.set_shares(shares)
pvss_receiver.add_reencrypted_share(reenc_alice)
pvss_receiver.add_reencrypted_share(reenc_boris)
secret1 = pvss_receiver.reconstruct_secret(recv_priv)
print(secret0 == secret1)
API reference¶
-
pvss.qr.
create_qr_params
(pvss: pvss.pvss.Pvss, params: Union[int, str, ByteString]) → bytes[source]¶ Create and set QR parameters.
If params is str or a ByteString, assume it’s a diffie-hellman parameter file such as created by “openssl dhparam 4096”, either DER or PEM encoded.
- Parameters
pvss – Pvss object with public values
params – if int, must be a safe prime, otherwise must be a DH params file with a safe prime.
- Returns
DER encoded QR system parameters.
-
pvss.ristretto_255.
create_ristretto_255_parameters
(pvss: pvss.pvss.Pvss) → bytes[source]¶ Create and set Ristretto255 parameters.
- Parameters
pvss – Pvss object with public values
- Returns
DER encoded Ristretto255 system parameters.
-
class
pvss.
Pvss
[source]¶ Main class to work with Pvss. Stores all public messages and exposes the PVSS operations.
The constructor takes no parameters.
Add a re-encrypted share to the internal state.
- Parameters
data – DER encoded re-encrypted share.
- Returns
Decoded reencrypted share.
- Raises
ValueError – On duplicate
-
add_user_public_key
(data: ByteString) → pvss.pvss.PublicKey[source]¶ Add a user public key to the internal state.
- Parameters
data – DER encoded public key
- Returns
Decoded user public key.
- Raises
ValueError – On duplicate name or public key value
-
create_receiver_keypair
(name: str) → Tuple[bytes, bytes][source]¶ Create a random key pair for the receiver.
- Parameters
name – Name of key; will be included in the public key.
- Returns
DER encoded private key and public key
-
create_user_keypair
(name: str) → Tuple[bytes, bytes][source]¶ Create a random key pair for a user.
- Parameters
name – Name of key; will be included in the public key.
- Returns
DER encoded private key and public key
-
property
params
¶ Retrieve system parameters.
- Returns
The system parameters.
-
property
receiver_public_key
¶ Retrieve receiver’s public key.
- Returns
Receiver’s public key.
-
reconstruct_secret
(der_private_key: ByteString) → bytes[source]¶ Decrypt the re-encrypted shares with the private key and reconstruct the secret
- Parameters
der_private_key – Receiver’s DER encoded private key
- Returns
DER encoded secret
Decrypt a share of the encrypted secret with the private_key and re-encrypt it with another public key
- Parameters
der_private_key – A user’s DER encoded private key
- Returns
DER encoded re-encrypted share
Retrieve the list of reencrypted shares.
- Returns
List of reencrypted shares.
-
set_params
(data: ByteString) → pvss.pvss.SystemParameters[source]¶ Set system parameters.
- Args
data: DER encoded system parameters.
- Returns
Decoded system parameters.
- Raises
Exception – If already set.
-
set_receiver_public_key
(data: ByteString) → pvss.pvss.PublicKey[source]¶ Add the receiver’s public key to the internal state.
- Parameters
data – DER encoded receiver’s public key.
- Returns
Decoded receiver’s public key.
- Raises
Exception – On duplicate
Set the shares of the secret.
- Parameters
data – DER encoded secret shares.
- Returns
Decoded secret shares.
- Raises
Exception – If already set.
Create a secret, split it and compute the encrypted shares.
- Parameters
qualified_size – Number of shares required to reconstruct the secret
- Returns
DER encoded shared secret and the DER encoded encrypted shares
Retrieve the shares of the secret.
- Returns
Shares of the secret.
-
property
user_public_keys
¶ Retrieve all user public keys, as mapping from username to PublicKey.
- Returns
Mapping of username to PublicKey.