Library Usage

The public API is accessible through the Pvss class. Each instance stores the public state of a complete PVSS workflow. Messages created in once instance must be transferred somehow (network, git repo, etc.) and be imported into the other instances.

Example

The following code is equivalent to the CLI example, if it would be ran inside a single python process:

from pvss import Pvss
from pvss.ristretto_255 import create_ristretto_255_parameters

# init, genparams
pvss_init = Pvss()
params = create_ristretto_255_parameters(pvss_init)

# alice, genuser
pvss_alice = Pvss()
pvss_alice.set_params(params)
alice_priv, alice_pub = pvss_alice.create_user_keypair("Alice")

# boris, genuser
pvss_boris = Pvss()
pvss_boris.set_params(params)
boris_priv, boris_pub = pvss_boris.create_user_keypair("Boris")

# chris, genuser
pvss_chris = Pvss()
pvss_chris.set_params(params)
chris_priv, chris_pub = pvss_chris.create_user_keypair("Chris")

# dealer, splitsecret
pvss_dealer = Pvss()
pvss_dealer.set_params(params)
pvss_dealer.add_user_public_key(chris_pub)
pvss_dealer.add_user_public_key(alice_pub)
pvss_dealer.add_user_public_key(boris_pub)
secret0, shares = pvss_dealer.share_secret(2)

# receiver, genreceiver
pvss_receiver = Pvss()
pvss_receiver.set_params(params)
recv_priv, recv_pub = pvss_receiver.create_receiver_keypair("receiver")

# boris, reencrypt
pvss_boris.add_user_public_key(alice_pub)
pvss_boris.add_user_public_key(chris_pub)
pvss_boris.set_shares(shares)
pvss_boris.set_receiver_public_key(recv_pub)
reenc_boris = pvss_boris.reencrypt_share(boris_priv)

# alice, reencrypt
pvss_alice.add_user_public_key(boris_pub)
pvss_alice.add_user_public_key(chris_pub)
pvss_alice.set_shares(shares)
pvss_alice.set_receiver_public_key(recv_pub)
reenc_alice = pvss_alice.reencrypt_share(alice_priv)

# receiver, reconstruct
pvss_receiver.add_user_public_key(boris_pub)
pvss_receiver.add_user_public_key(chris_pub)
pvss_receiver.add_user_public_key(alice_pub)
pvss_receiver.set_shares(shares)
pvss_receiver.add_reencrypted_share(reenc_alice)
pvss_receiver.add_reencrypted_share(reenc_boris)
secret1 = pvss_receiver.reconstruct_secret(recv_priv)

print(secret0 == secret1)

API reference

pvss.qr.create_qr_params(pvss: pvss.pvss.Pvss, params: Union[int, str, ByteString]) → bytes[source]

Create and set QR parameters.

If params is str or a ByteString, assume it’s a diffie-hellman parameter file such as created by “openssl dhparam 4096”, either DER or PEM encoded.

Parameters

  • pvss – Pvss object with public values

  • params – if int, must be a safe prime, otherwise must be a DH params file with a safe prime.

Returns

DER encoded QR system parameters.

pvss.ristretto_255.create_ristretto_255_parameters(pvss: pvss.pvss.Pvss) → bytes[source]

Create and set Ristretto255 parameters.

Parameters

pvss – Pvss object with public values

Returns

DER encoded Ristretto255 system parameters.

class pvss.Pvss[source]

Main class to work with Pvss. Stores all public messages and exposes the PVSS operations.

The constructor takes no parameters.

add_reencrypted_share(data: ByteString) → pvss.pvss.ReencryptedShare[source]

Add a re-encrypted share to the internal state.

Parameters

data – DER encoded re-encrypted share.

Returns

Decoded reencrypted share.

Raises

ValueError – On duplicate

add_user_public_key(data: ByteString) → pvss.pvss.PublicKey[source]

Add a user public key to the internal state.

Parameters

data – DER encoded public key

Returns

Decoded user public key.

Raises

ValueError – On duplicate name or public key value

create_receiver_keypair(name: str) → Tuple[bytes, bytes][source]

Create a random key pair for the receiver.

Parameters

name – Name of key; will be included in the public key.

Returns

DER encoded private key and public key

create_user_keypair(name: str) → Tuple[bytes, bytes][source]

Create a random key pair for a user.

Parameters

name – Name of key; will be included in the public key.

Returns

DER encoded private key and public key

property params

Retrieve system parameters.

Returns

The system parameters.

property receiver_public_key

Retrieve receiver’s public key.

Returns

Receiver’s public key.

reconstruct_secret(der_private_key: ByteString) → bytes[source]

Decrypt the re-encrypted shares with the private key and reconstruct the secret

Parameters

der_private_key – Receiver’s DER encoded private key

Returns

DER encoded secret

reencrypt_share(der_private_key: ByteString) → bytes[source]

Decrypt a share of the encrypted secret with the private_key and re-encrypt it with another public key

Parameters

der_private_key – A user’s DER encoded private key

Returns

DER encoded re-encrypted share

property reencrypted_shares

Retrieve the list of reencrypted shares.

Returns

List of reencrypted shares.

set_params(data: ByteString) → pvss.pvss.SystemParameters[source]

Set system parameters.

Args

data: DER encoded system parameters.

Returns

Decoded system parameters.

Raises

Exception – If already set.

set_receiver_public_key(data: ByteString) → pvss.pvss.PublicKey[source]

Add the receiver’s public key to the internal state.

Parameters

data – DER encoded receiver’s public key.

Returns

Decoded receiver’s public key.

Raises

Exception – On duplicate

set_shares(data: ByteString) → pvss.pvss.SharedSecret[source]

Set the shares of the secret.

Parameters

data – DER encoded secret shares.

Returns

Decoded secret shares.

Raises

Exception – If already set.

share_secret(qualified_size: int) → Tuple[bytes, bytes][source]

Create a secret, split it and compute the encrypted shares.

Parameters

qualified_size – Number of shares required to reconstruct the secret

Returns

DER encoded shared secret and the DER encoded encrypted shares

property shares

Retrieve the shares of the secret.

Returns

Shares of the secret.

property user_public_keys

Retrieve all user public keys, as mapping from username to PublicKey.

Returns

Mapping of username to PublicKey.