Skip to content

Add support of secp384r1 curve#173

Merged
survived merged 19 commits intocggmp24/mfrom
curve/p384
Mar 23, 2026
Merged

Add support of secp384r1 curve#173
survived merged 19 commits intocggmp24/mfrom
curve/p384

Conversation

@survived
Copy link
Copy Markdown
Contributor

@survived survived commented Mar 16, 2026
edited
Loading

  • Added secp384r1 curve from Add secp384r1 (NIST P-384) curve support generic-ec#59 to the cggmp.
  • There's no HD derivation algorithm for this curve, so I had to restructure tests which were expecting each curve to be HD-compatible.
  • Also added 192 bits security level matching the added curve
  • Updated all protocols to work with any digest (there was a requirement that output of digest had to be 32 bytes)
  • Added 3840 bits primes to the precomputed primes, matching the new security level
  • Added secp384r1 key shares to pregenerated key shares
  • Size of pregenerated shares is over 400 MB, I had to move it to LFS
  • Optimized size of pregenerated shares file

I noticed that it's very easy to make a mistake and provide wrong security level/digest to secp384r1 curve. Previously, we were always using the same security level/digest pretty much everywhere, but now we have different curves that should be used with different digest/security level.

In next PR, I want to add trait Suite { type Digest; type Curve; type SecLevel; } and then change api so it takes a cryptosuite instead of curve, e.g.

  • cggmp24::keygen::<cggmp24::suites::Secp256k1>(eid, i, n)
  • instead of cggmp24::keygen::<cggmp24::supported_curves::Secp256k1>(eid, i, n)

@github-actions
Copy link
Copy Markdown

github-actions bot commented Mar 16, 2026
edited
Loading

Crate direct deps

Direct deps 
cggmp24-keygen v0.7.0-alpha.4 (/home/runner/work/cggmp21/cggmp21/pr_branch/cggmp24-keygen)
digest v0.10.6
futures v0.3.24
generic-ec v0.5.0
generic-ec-zkp v0.5.0
hex v0.4.3
key-share v0.7.0 (/home/runner/work/cggmp21/cggmp21/pr_branch/key-share)
paillier-zk v0.7.0-alpha.4 (/home/runner/work/cggmp21/cggmp21/pr_branch/paillier-zk)
rand_core v0.6.4
rand_hash v0.1.0
round-based v0.4.1
serde v1.0.193
serde_with v2.3.3
sha2 v0.10.6
thiserror v1.0.48
udigest v0.2.1

Compared to base branch

Diff 
--- direct-deps-base	2026-03-23 13:32:14.459271359 +0000
+++ direct-deps-pr	2026-03-23 13:32:14.901277365 +0000
@@ -1 +1 @@
-cggmp24-keygen v0.7.0-alpha.3 (/home/runner/work/cggmp21/cggmp21/base_branch/cggmp24-keygen)
+cggmp24-keygen v0.7.0-alpha.4 (/home/runner/work/cggmp21/cggmp21/pr_branch/cggmp24-keygen)
@@ -4,2 +4,2 @@
-generic-ec v0.4.1
-generic-ec-zkp v0.4.1
+generic-ec v0.5.0
+generic-ec-zkp v0.5.0
@@ -7,2 +7,2 @@
-key-share v0.6.1 (/home/runner/work/cggmp21/cggmp21/base_branch/key-share)
-paillier-zk v0.7.0-alpha.3 (/home/runner/work/cggmp21/cggmp21/base_branch/paillier-zk)
+key-share v0.7.0 (/home/runner/work/cggmp21/cggmp21/pr_branch/key-share)
+paillier-zk v0.7.0-alpha.4 (/home/runner/work/cggmp21/cggmp21/pr_branch/paillier-zk)

All deps

cargo tree 
cggmp24 v0.7.0-alpha.4 (/home/runner/work/cggmp21/cggmp21/pr_branch/cggmp24)
�[2m├──�[0m cggmp24-keygen v0.7.0-alpha.4 (/home/runner/work/cggmp21/cggmp21/pr_branch/cggmp24-keygen)
�[2m│�[0m   �[2m├──�[0m digest v0.10.6
�[2m│�[0m   �[2m│�[0m   �[2m├──�[0m block-buffer v0.10.3
�[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m└──�[0m generic-array v0.14.6
�[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m �[0m   �[2m├──�[0m serde v1.0.193
�[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m �[0m   �[2m│�[0m   �[2m└──�[0m serde_derive v1.0.193 (proc-macro)
�[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m �[0m   �[2m│�[0m   �[2m �[0m   �[2m├──�[0m proc-macro2 v1.0.92
�[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m �[0m   �[2m│�[0m   �[2m �[0m   �[2m│�[0m   �[2m└──�[0m unicode-ident v1.0.4
�[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m �[0m   �[2m│�[0m   �[2m �[0m   �[2m├──�[0m quote v1.0.37
�[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m �[0m   �[2m│�[0m   �[2m �[0m   �[2m│�[0m   �[2m└──�[0m proc-macro2 v1.0.92 �[33m�[2m(*)�[39m�[22m
�[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m �[0m   �[2m│�[0m   �[2m �[0m   �[2m└──�[0m syn v2.0.90
�[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m �[0m   �[2m│�[0m   �[2m �[0m   �[2m �[0m   �[2m├──�[0m proc-macro2 v1.0.92 �[33m�[2m(*)�[39m�[22m
�[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m �[0m   �[2m│�[0m   �[2m �[0m   �[2m �[0m   �[2m├──�[0m quote v1.0.37 �[33m�[2m(*)�[39m�[22m
�[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m �[0m   �[2m│�[0m   �[2m �[0m   �[2m �[0m   �[2m└──�[0m unicode-ident v1.0.4
�[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m �[0m   �[2m└──�[0m typenum v1.15.0
�[2m│�[0m   �[2m│�[0m   �[2m└──�[0m crypto-common v0.1.6
�[2m│�[0m   �[2m│�[0m   �[2m �[0m   �[2m├──�[0m generic-array v0.14.6 �[33m�[2m(*)�[39m�[22m
�[2m│�[0m   �[2m│�[0m   �[2m �[0m   �[2m└──�[0m typenum v1.15.0
�[2m│�[0m   �[2m├──�[0m displaydoc v0.2.5 (proc-macro)
�[2m│�[0m   �[2m│�[0m   �[2m├──�[0m proc-macro2 v1.0.92 �[33m�[2m(*)�[39m�[22m
�[2m│�[0m   �[2m│�[0m   �[2m├──�[0m quote v1.0.37 �[33m�[2m(*)�[39m�[22m
�[2m│�[0m   �[2m│�[0m   �[2m└──�[0m syn v2.0.90 �[33m�[2m(*)�[39m�[22m
�[2m│�[0m   �[2m├──�[0m futures-util v0.3.24
�[2m│�[0m   �[2m│�[0m   �[2m├──�[0m futures-core v0.3.24
�[2m│�[0m   �[2m│�[0m   �[2m├──�[0m futures-sink v0.3.24
�[2m│�[0m   �[2m│�[0m   �[2m├──�[0m futures-task v0.3.24
�[2m│�[0m   �[2m│�[0m   �[2m├──�[0m pin-project-lite v0.2.9
�[2m│�[0m   �[2m│�[0m   �[2m└──�[0m pin-utils v0.1.0
�[2m│�[0m   �[2m├──�[0m generic-ec v0.5.0
�[2m│�[0m   �[2m│�[0m   �[2m├──�[0m digest v0.10.6 �[33m�[2m(*)�[39m�[22m
�[2m│�[0m   �[2m│�[0m   �[2m├──�[0m generic-ec-core v0.3.0
�[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m├──�[0m generic-array v0.14.6 �[33m�[2m(*)�[39m�[22m
�[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m├──�[0m rand_core v0.6.4
�[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m├──�[0m serde v1.0.193 �[33m�[2m(*)�[39m�[22m
�[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m├──�[0m subtle v2.4.1
�[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m└──�[0m zeroize v1.6.0
�[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m �[0m   �[2m└──�[0m zeroize_derive v1.3.2 (proc-macro)
�[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m �[0m   �[2m �[0m   �[2m├──�[0m proc-macro2 v1.0.92 �[33m�[2m(*)�[39m�[22m
�[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m �[0m   �[2m �[0m   �[2m├──�[0m quote v1.0.37 �[33m�[2m(*)�[39m�[22m
�[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m �[0m   �[2m �[0m   �[2m├──�[0m syn v1.0.101
�[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m �[0m   �[2m �[0m   �[2m│�[0m   �[2m├──�[0m proc-macro2 v1.0.92 �[33m�[2m(*)�[39m�[22m
�[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m �[0m   �[2m �[0m   �[2m│�[0m   �[2m├──�[0m quote v1.0.37 �[33m�[2m(*)�[39m�[22m
�[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m �[0m   �[2m �[0m   �[2m│�[0m   �[2m└──�[0m unicode-ident v1.0.4
�[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m �[0m   �[2m �[0m   �[2m└──�[0m synstructure v0.12.6
�[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m �[0m   �[2m �[0m   �[2m �[0m   �[2m├──�[0m proc-macro2 v1.0.92 �[33m�[2m(*)�[39m�[22m
�[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m �[0m   �[2m �[0m   �[2m �[0m   �[2m├──�[0m quote v1.0.37 �[33m�[2m(*)�[39m�[22m
�[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m �[0m   �[2m �[0m   �[2m �[0m   �[2m├──�[0m syn v1.0.101 �[33m�[2m(*)�[39m�[22m
�[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m �[0m   �[2m �[0m   �[2m �[0m   �[2m└──�[0m unicode-xid v0.2.4
�[2m│�[0m   �[2m│�[0m   �[2m├──�[0m hex v0.4.3
�[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m└──�[0m serde v1.0.193 �[33m�[2m(*)�[39m�[22m
�[2m│�[0m   �[2m│�[0m   �[2m├──�[0m phantom-type v0.4.2
�[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m└──�[0m educe v0.4.19 (proc-macro)
�[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m �[0m   �[2m├──�[0m enum-ordinalize v3.1.11 (proc-macro)
�[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m �[0m   �[2m│�[0m   �[2m├──�[0m num-bigint v0.4.6
�[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m �[0m   �[2m│�[0m   �[2m│�[0m   �[2m├──�[0m num-integer v0.1.46
�[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m �[0m   �[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m└──�[0m num-traits v0.2.19
�[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m �[0m   �[2m│�[0m   �[2m│�[0m   �[2m└──�[0m num-traits v0.2.19
�[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m �[0m   �[2m│�[0m   �[2m├──�[0m num-traits v0.2.19
�[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m �[0m   �[2m│�[0m   �[2m├──�[0m proc-macro2 v1.0.92 �[33m�[2m(*)�[39m�[22m
�[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m �[0m   �[2m│�[0m   �[2m├──�[0m quote v1.0.37 �[33m�[2m(*)�[39m�[22m
�[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m �[0m   �[2m│�[0m   �[2m└──�[0m syn v1.0.101 �[33m�[2m(*)�[39m�[22m
�[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m �[0m   �[2m├──�[0m proc-macro2 v1.0.92 �[33m�[2m(*)�[39m�[22m
�[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m �[0m   �[2m├──�[0m quote v1.0.37 �[33m�[2m(*)�[39m�[22m
�[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m �[0m   �[2m└──�[0m syn v1.0.101 �[33m�[2m(*)�[39m�[22m
�[2m│�[0m   �[2m│�[0m   �[2m├──�[0m rand_core v0.6.4
�[2m│�[0m   �[2m│�[0m   �[2m├──�[0m rand_hash v0.1.0
�[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m├──�[0m digest v0.10.6 �[33m�[2m(*)�[39m�[22m
�[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m├──�[0m rand_core v0.6.4
�[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m└──�[0m udigest v0.2.1
�[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m �[0m   �[2m├──�[0m digest v0.10.6 �[33m�[2m(*)�[39m�[22m
�[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m �[0m   �[2m└──�[0m udigest-derive v0.3.0 (proc-macro)
�[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m �[0m   �[2m �[0m   �[2m├──�[0m proc-macro2 v1.0.92 �[33m�[2m(*)�[39m�[22m
�[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m �[0m   �[2m �[0m   �[2m├──�[0m quote v1.0.37 �[33m�[2m(*)�[39m�[22m
�[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m �[0m   �[2m �[0m   �[2m└──�[0m syn v2.0.90 �[33m�[2m(*)�[39m�[22m
�[2m│�[0m   �[2m│�[0m   �[2m├──�[0m serde v1.0.193 �[33m�[2m(*)�[39m�[22m
�[2m│�[0m   �[2m│�[0m   �[2m├──�[0m serde_with v2.3.3
�[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m├──�[0m serde v1.0.193 �[33m�[2m(*)�[39m�[22m
�[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m└──�[0m serde_with_macros v2.3.3 (proc-macro)
�[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m �[0m   �[2m├──�[0m darling v0.20.1
�[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m �[0m   �[2m│�[0m   �[2m├──�[0m darling_core v0.20.1
�[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m �[0m   �[2m│�[0m   �[2m│�[0m   �[2m├──�[0m fnv v1.0.7
�[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m �[0m   �[2m│�[0m   �[2m│�[0m   �[2m├──�[0m ident_case v1.0.1
�[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m �[0m   �[2m│�[0m   �[2m│�[0m   �[2m├──�[0m proc-macro2 v1.0.92 �[33m�[2m(*)�[39m�[22m
�[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m �[0m   �[2m│�[0m   �[2m│�[0m   �[2m├──�[0m quote v1.0.37 �[33m�[2m(*)�[39m�[22m
�[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m �[0m   �[2m│�[0m   �[2m│�[0m   �[2m├──�[0m strsim v0.10.0
�[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m �[0m   �[2m│�[0m   �[2m│�[0m   �[2m└──�[0m syn v2.0.90 �[33m�[2m(*)�[39m�[22m
�[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m �[0m   �[2m│�[0m   �[2m└──�[0m darling_macro v0.20.1 (proc-macro)
�[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m �[0m   �[2m│�[0m   �[2m �[0m   �[2m├──�[0m darling_core v0.20.1 �[33m�[2m(*)�[39m�[22m
�[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m �[0m   �[2m│�[0m   �[2m �[0m   �[2m├──�[0m quote v1.0.37 �[33m�[2m(*)�[39m�[22m
�[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m �[0m   �[2m│�[0m   �[2m �[0m   �[2m└──�[0m syn v2.0.90 �[33m�[2m(*)�[39m�[22m
�[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m �[0m   �[2m├──�[0m proc-macro2 v1.0.92 �[33m�[2m(*)�[39m�[22m
�[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m �[0m   �[2m├──�[0m quote v1.0.37 �[33m�[2m(*)�[39m�[22m
�[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m �[0m   �[2m└──�[0m syn v2.0.90 �[33m�[2m(*)�[39m�[22m
�[2m│�[0m   �[2m│�[0m   �[2m├──�[0m subtle v2.4.1
�[2m│�[0m   �[2m│�[0m   �[2m├──�[0m udigest v0.2.1 �[33m�[2m(*)�[39m�[22m
�[2m│�[0m   �[2m│�[0m   �[2m└──�[0m zeroize v1.6.0 �[33m�[2m(*)�[39m�[22m
�[2m│�[0m   �[2m├──�[0m generic-ec-zkp v0.5.0
�[2m│�[0m   �[2m│�[0m   �[2m├──�[0m digest v0.10.6 �[33m�[2m(*)�[39m�[22m
�[2m│�[0m   �[2m│�[0m   �[2m├──�[0m generic-array v0.14.6 �[33m�[2m(*)�[39m�[22m
�[2m│�[0m   �[2m│�[0m   �[2m├──�[0m generic-ec v0.5.0 �[33m�[2m(*)�[39m�[22m
�[2m│�[0m   �[2m│�[0m   �[2m├──�[0m rand_core v0.6.4
�[2m│�[0m   �[2m│�[0m   �[2m├──�[0m serde v1.0.193 �[33m�[2m(*)�[39m�[22m
�[2m│�[0m   �[2m│�[0m   �[2m├──�[0m subtle v2.4.1
�[2m│�[0m   �[2m│�[0m   �[2m└──�[0m udigest v0.2.1 �[33m�[2m(*)�[39m�[22m
�[2m│�[0m   �[2m├──�[0m hex v0.4.3 �[33m�[2m(*)�[39m�[22m
�[2m│�[0m   �[2m├──�[0m key-share v0.7.0 (/home/runner/work/cggmp21/cggmp21/pr_branch/key-share)
�[2m│�[0m   �[2m│�[0m   �[2m├──�[0m displaydoc v0.2.5 (proc-macro) �[33m�[2m(*)�[39m�[22m
�[2m│�[0m   �[2m│�[0m   �[2m├──�[0m generic-ec v0.5.0 �[33m�[2m(*)�[39m�[22m
�[2m│�[0m   �[2m│�[0m   �[2m├──�[0m generic-ec-zkp v0.5.0 �[33m�[2m(*)�[39m�[22m
�[2m│�[0m   �[2m│�[0m   �[2m├──�[0m hex v0.4.3 �[33m�[2m(*)�[39m�[22m
�[2m│�[0m   �[2m│�[0m   �[2m├──�[0m serde v1.0.193 �[33m�[2m(*)�[39m�[22m
�[2m│�[0m   �[2m│�[0m   �[2m├──�[0m serde_with v2.3.3 �[33m�[2m(*)�[39m�[22m
�[2m│�[0m   �[2m│�[0m   �[2m└──�[0m thiserror v1.0.48
�[2m│�[0m   �[2m│�[0m   �[2m �[0m   �[2m└──�[0m thiserror-impl v1.0.48 (proc-macro)
�[2m│�[0m   �[2m│�[0m   �[2m �[0m   �[2m �[0m   �[2m├──�[0m proc-macro2 v1.0.92 �[33m�[2m(*)�[39m�[22m
�[2m│�[0m   �[2m│�[0m   �[2m �[0m   �[2m �[0m   �[2m├──�[0m quote v1.0.37 �[33m�[2m(*)�[39m�[22m
�[2m│�[0m   �[2m│�[0m   �[2m �[0m   �[2m �[0m   �[2m└──�[0m syn v2.0.90 �[33m�[2m(*)�[39m�[22m
�[2m│�[0m   �[2m├──�[0m rand_core v0.6.4
�[2m│�[0m   �[2m├──�[0m round-based v0.4.1
�[2m│�[0m   �[2m│�[0m   �[2m├──�[0m futures-util v0.3.24 �[33m�[2m(*)�[39m�[22m
�[2m│�[0m   �[2m│�[0m   �[2m├──�[0m phantom-type v0.3.1
�[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m└──�[0m educe v0.4.19 (proc-macro) �[33m�[2m(*)�[39m�[22m
�[2m│�[0m   �[2m│�[0m   �[2m├──�[0m round-based-derive v0.2.2 (proc-macro)
�[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m├──�[0m proc-macro2 v1.0.92 �[33m�[2m(*)�[39m�[22m
�[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m├──�[0m quote v1.0.37 �[33m�[2m(*)�[39m�[22m
�[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m└──�[0m syn v1.0.101 �[33m�[2m(*)�[39m�[22m
�[2m│�[0m   �[2m│�[0m   �[2m├──�[0m thiserror v2.0.4
�[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m└──�[0m thiserror-impl v2.0.4 (proc-macro)
�[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m �[0m   �[2m├──�[0m proc-macro2 v1.0.92 �[33m�[2m(*)�[39m�[22m
�[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m �[0m   �[2m├──�[0m quote v1.0.37 �[33m�[2m(*)�[39m�[22m
�[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m �[0m   �[2m└──�[0m syn v2.0.90 �[33m�[2m(*)�[39m�[22m
�[2m│�[0m   �[2m│�[0m   �[2m└──�[0m tracing v0.1.36
�[2m│�[0m   �[2m│�[0m   �[2m �[0m   �[2m├──�[0m cfg-if v1.0.0
�[2m│�[0m   �[2m│�[0m   �[2m �[0m   �[2m├──�[0m pin-project-lite v0.2.9
�[2m│�[0m   �[2m│�[0m   �[2m �[0m   �[2m└──�[0m tracing-core v0.1.29
�[2m│�[0m   �[2m├──�[0m serde v1.0.193 �[33m�[2m(*)�[39m�[22m
�[2m│�[0m   �[2m├──�[0m serde_with v2.3.3 �[33m�[2m(*)�[39m�[22m
�[2m│�[0m   �[2m├──�[0m sha2 v0.10.6
�[2m│�[0m   �[2m│�[0m   �[2m├──�[0m cfg-if v1.0.0
�[2m│�[0m   �[2m│�[0m   �[2m├──�[0m cpufeatures v0.2.12
�[2m│�[0m   �[2m│�[0m   �[2m└──�[0m digest v0.10.6 �[33m�[2m(*)�[39m�[22m
�[2m│�[0m   �[2m├──�[0m thiserror v1.0.48 �[33m�[2m(*)�[39m�[22m
�[2m│�[0m   �[2m└──�[0m udigest v0.2.1 �[33m�[2m(*)�[39m�[22m
�[2m├──�[0m digest v0.10.6 �[33m�[2m(*)�[39m�[22m
�[2m├──�[0m futures v0.3.24
�[2m│�[0m   �[2m├──�[0m futures-channel v0.3.24
�[2m│�[0m   �[2m│�[0m   �[2m├──�[0m futures-core v0.3.24
�[2m│�[0m   �[2m│�[0m   �[2m└──�[0m futures-sink v0.3.24
�[2m│�[0m   �[2m├──�[0m futures-core v0.3.24
�[2m│�[0m   �[2m├──�[0m futures-io v0.3.24
�[2m│�[0m   �[2m├──�[0m futures-sink v0.3.24
�[2m│�[0m   �[2m├──�[0m futures-task v0.3.24
�[2m│�[0m   �[2m└──�[0m futures-util v0.3.24 �[33m�[2m(*)�[39m�[22m
�[2m├──�[0m generic-ec v0.5.0 �[33m�[2m(*)�[39m�[22m
�[2m├──�[0m generic-ec-zkp v0.5.0 �[33m�[2m(*)�[39m�[22m
�[2m├──�[0m hex v0.4.3 �[33m�[2m(*)�[39m�[22m
�[2m├──�[0m key-share v0.7.0 (/home/runner/work/cggmp21/cggmp21/pr_branch/key-share) �[33m�[2m(*)�[39m�[22m
�[2m├──�[0m paillier-zk v0.7.0-alpha.4 (/home/runner/work/cggmp21/cggmp21/pr_branch/paillier-zk)
�[2m│�[0m   �[2m├──�[0m digest v0.10.6 �[33m�[2m(*)�[39m�[22m
�[2m│�[0m   �[2m├──�[0m fast-paillier v0.3.2
�[2m│�[0m   �[2m│�[0m   �[2m├──�[0m glass_pumpkin v1.9.0
�[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m├──�[0m core2 v0.4.0
�[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m└──�[0m memchr v2.5.0
�[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m├──�[0m num-bigint v0.4.6
�[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m├──�[0m num-integer v0.1.46
�[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m└──�[0m num-traits v0.2.19
�[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m├──�[0m num-traits v0.2.19
�[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m└──�[0m rand v0.8.5
�[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m �[0m   �[2m└──�[0m rand_core v0.6.4
�[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m├──�[0m num-integer v0.1.46 �[33m�[2m(*)�[39m�[22m
�[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m├──�[0m num-traits v0.2.19
�[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m├──�[0m once_cell v1.21.3
�[2m│�[0m   �[2m│�[0m   �[2m│�[0m   �[2m└──�[0m rand_core v0.6.4
�[2m│�[0m   �[2m│�[0m   �[2m├──�[0m num-bigint v0.4.6 �[33m�[2m(*)�[39m�[22m
�[2m│�[0m   �[2m│�[0m   �[2m├──�[0m num-integer v0.1.46 �[33m�[2m(*)�[39m�[22m
�[2m│�[0m   �[2m│�[0m   �[2m├──�[0m num-traits v0.2.19
�[2m│�[0m   �[2m│�[0m   �[2m├──�[0m rand v0.8.5 �[33m�[2m(*)�[39m�[22m
�[2m│�[0m   �[2m│�[0m   �[2m├──�[0m rand_core v0.6.4
�[2m│�[0m   �[2m│�[0m   �[2m├──�[0m serde v1.0.193 �[33m�[2m(*)�[39m�[22m
�[2m│�[0m   �[2m│�[0m   �[2m└──�[0m thiserror v2.0.4 �[33m�[2m(*)�[39m�[22m
�[2m│�[0m   �[2m├──�[0m generic-ec v0.5.0 �[33m�[2m(*)�[39m�[22m
�[2m│�[0m   �[2m├──�[0m rand_core v0.6.4
�[2m│�[0m   �[2m├──�[0m rand_hash v0.1.0 �[33m�[2m(*)�[39m�[22m
�[2m│�[0m   �[2m├──�[0m serde v1.0.193 �[33m�[2m(*)�[39m�[22m
�[2m│�[0m   �[2m├──�[0m serde_with v2.3.3 �[33m�[2m(*)�[39m�[22m
�[2m│�[0m   �[2m├──�[0m thiserror v1.0.48 �[33m�[2m(*)�[39m�[22m
�[2m│�[0m   �[2m└──�[0m udigest v0.2.1 �[33m�[2m(*)�[39m�[22m
�[2m├──�[0m rand_core v0.6.4
�[2m├──�[0m rand_hash v0.1.0 �[33m�[2m(*)�[39m�[22m
�[2m├──�[0m round-based v0.4.1 �[33m�[2m(*)�[39m�[22m
�[2m├──�[0m serde v1.0.193 �[33m�[2m(*)�[39m�[22m
�[2m├──�[0m serde_with v2.3.3 �[33m�[2m(*)�[39m�[22m
�[2m├──�[0m sha2 v0.10.6 �[33m�[2m(*)�[39m�[22m
�[2m├──�[0m thiserror v1.0.48 �[33m�[2m(*)�[39m�[22m
�[2m└──�[0m udigest v0.2.1 �[33m�[2m(*)�[39m�[22m

Compared to base branch

Diff 
--- all-deps-base	2026-03-23 13:32:14.605273343 +0000
+++ all-deps-pr	2026-03-23 13:32:15.048279362 +0000
@@ -3 +3 @@
-cggmp24-keygen v0.7.0-alpha.3 (/home/runner/work/cggmp21/cggmp21/base_branch/cggmp24-keygen)
+cggmp24-keygen v0.7.0-alpha.4 (/home/runner/work/cggmp21/cggmp21/pr_branch/cggmp24-keygen)
@@ -8 +7,0 @@
-darling v0.20.1 �[33m�[2m(*)�[39m�[22m
@@ -31,5 +30,5 @@
-generic-ec v0.4.1
-generic-ec v0.4.1 �[33m�[2m(*)�[39m�[22m
-generic-ec-core v0.2.0
-generic-ec-zkp v0.4.1
-generic-ec-zkp v0.4.1 �[33m�[2m(*)�[39m�[22m
+generic-ec v0.5.0
+generic-ec v0.5.0 �[33m�[2m(*)�[39m�[22m
+generic-ec-core v0.3.0
+generic-ec-zkp v0.5.0
+generic-ec-zkp v0.5.0 �[33m�[2m(*)�[39m�[22m
@@ -40,2 +39,2 @@
-key-share v0.6.1 (/home/runner/work/cggmp21/cggmp21/base_branch/key-share)
-key-share v0.6.1 (/home/runner/work/cggmp21/cggmp21/base_branch/key-share) �[33m�[2m(*)�[39m�[22m
+key-share v0.7.0 (/home/runner/work/cggmp21/cggmp21/pr_branch/key-share)
+key-share v0.7.0 (/home/runner/work/cggmp21/cggmp21/pr_branch/key-share) �[33m�[2m(*)�[39m�[22m
@@ -49 +48 @@
-paillier-zk v0.7.0-alpha.3 (/home/runner/work/cggmp21/cggmp21/base_branch/paillier-zk)
+paillier-zk v0.7.0-alpha.4 (/home/runner/work/cggmp21/cggmp21/pr_branch/paillier-zk)
@@ -71 +69,0 @@
-serde_with v3.0.0
@@ -73 +70,0 @@
-serde_with_macros v3.0.0 (proc-macro)

@github-actions
Copy link
Copy Markdown

github-actions bot commented Mar 16, 2026
edited
Loading

The spec was successfully compiled. PDF is available here.

@github-actions
Copy link
Copy Markdown

github-actions bot commented Mar 18, 2026
edited
Loading

Benchmark Result

Benchmarks 
RUST_TESTS_SEED=8f3603767db8ff5112842a53428b59816e790f3352d27654b42cab8bb9196e4f
n = 3

Non-threshold DKG
Protocol Performance:
  - Protocol took 446.03µs to complete
In particular:
  - Stage: 5.34µs
    - Setup networking: 5.12µs (95.8%)
    - Unstaged: 226.00ns (4.2%)
  - Round 1: 123.64µs
    - Sample x_i, rid_i, chain_code: 54.82µs (44.3%)
    - Sample schnorr commitment: 49.31µs (39.9%)
    - Commit to public data: 19.24µs (15.6%)
    - Unstaged: 274.00ns (0.2%)
  - Round 2: 1.40µs
    - Hash received msgs (reliability check): 1.23µs (88.1%)
    - Unstaged: 166.00ns (11.9%)
  - Round 3: 220.00ns
    - Assert other parties hashed messages (reliability check): 144.00ns (65.5%)
    - Unstaged: 76.00ns (34.5%)
  - Round 4: 61.40µs
    - Validate decommitments: 29.87µs (48.6%)
    - Calculate chain_code: 584.00ns (1.0%)
    - Calculate challege rid: 30.47µs (49.6%)
    - Prove knowledge of `x_i`: 338.00ns (0.6%)
    - Unstaged: 142.00ns (0.2%)
  - Round 5: 254.03µs
    - Validate schnorr proofs: 253.62µs (99.8%)
    - Unstaged: 408.00ns (0.2%)


Threshold DKG
Protocol Performance:
  - Protocol took 1.11ms to complete
In particular:
  - Stage: 1.83µs
    - Setup networking: 1.77µs (96.6%)
    - Unstaged: 63.00ns (3.4%)
  - Round 1: 184.14µs
    - Sample rid_i, schnorr commitment, polynomial, chain_code: 161.43µs (87.7%)
    - Commit to public data: 22.48µs (12.2%)
    - Unstaged: 230.00ns (0.1%)
  - Round 2: 1.35µs
    - Hash received msgs (reliability check): 1.18µs (87.2%)
    - Unstaged: 173.00ns (12.8%)
  - Round 3: 285.00ns
    - Assert other parties hashed messages (reliability check): 206.00ns (72.3%)
    - Unstaged: 79.00ns (27.7%)
  - Round 4: 671.74µs
    - Validate decommitments: 43.39µs (6.5%)
    - Validate data size: 317.00ns (0.0%)
    - Validate Feldmann VSS: 294.17µs (43.8%)
    - Compute rid: 139.00ns (0.0%)
    - Compute chain_code: 604.00ns (0.1%)
    - Compute Ys: 302.51µs (45.0%)
    - Compute sigma: 337.00ns (0.1%)
    - Calculate challenge: 29.83µs (4.4%)
    - Prove knowledge of `sigma_i`: 300.00ns (0.0%)
    - Unstaged: 144.00ns (0.0%)
  - Round 5: 255.11µs
    - Validate schnorr proofs: 254.04µs (99.6%)
    - Derive resulting public key and other data: 795.00ns (0.3%)
    - Unstaged: 269.00ns (0.1%)


Auxiliary data generation protocol
Protocol Performance:
  - Protocol took 18.80s to complete
In particular:
  - Stage: 13.13µs
    - Retrieve auxiliary data: 167.00ns (1.3%)
    - Setup networking: 12.86µs (98.0%)
    - Unstaged: 99.00ns (0.8%)
  - Round 1: 2.26s
    - Build Paillier key: 1.60µs (0.0%)
    - Build Pedersen params: 5.05ms (0.2%)
    - Prove Πprm (ψˆ_i): 2.25s (99.8%)
    - Sample random bytes: 1.35µs (0.0%)
    - Compute hash commitment and sample decommitment: 184.58µs (0.0%)
    - Unstaged: 347.00ns (0.0%)
  - Round 2: 1.93µs
    - Hash received msgs (reliability check): 1.57µs (81.1%)
    - Unstaged: 364.00ns (18.9%)
  - Round 3: 517.00ns
    - Assert other parties hashed messages (reliability check): 396.00ns (76.6%)
    - Unstaged: 121.00ns (23.4%)
  - Round 4: 11.63s
    - Validate round 1 decommitments: 361.76µs (0.0%)
    - Validate bit length and П_prm (ψˆ_i): 4.50s (38.7%)
    - Add together shared random bytes: 1.24µs (0.0%)
    - Compute П_mod (ψ_i): 6.77s (58.2%)
    - Assemble security params for П_fac (ψ_i): 19.33µs (0.0%)
    - Compute П_fac (ψ'_i,j): 360.67ms (3.1%)
    - Unstaged: 2.34µs (0.0%)
  - Round 5: 4.91s
    - Validate ψ_j (П_mod): 4.73s (96.3%)
    - Validate ψ'_j,i (П_fac): 182.22ms (3.7%)
    - Assemble auxiliary info: 656.43µs (0.0%)
    - Unstaged: 747.00ns (0.0%)


Signing protocol
Protocol Performance:
  - Protocol took 2.97s to complete
In particular:
  - Stage: 1.39ms
    - Map t-out-of-n protocol to t-out-of-t: 65.84µs (4.7%)
    - Retrieve auxiliary data: 1.32ms (94.9%)
    - Precompute execution id and security params: 111.00ns (0.0%)
    - Setup networking: 4.36µs (0.3%)
    - Unstaged: 86.00ns (0.0%)
  - Round 1: 418.22ms
    - Generate local ephemeral secrets (k_i, y_i, p_i, v_i): 206.10µs (0.0%)
    - Encrypt G_i and K_i: 69.84ms (16.7%)
    - Generate a_i, b_i, A_i1, A_i2, B_i1, B_i2: 350.48µs (0.1%)
    - Prove psi0_ji, psi1_ji: 347.83ms (83.2%)
    - Unstaged: 1.07µs (0.0%)
  - Round 2: 114.76µs
    - Hash received msgs (reliability check): 113.57µs (99.0%)
    - Unstaged: 1.20µs (1.0%)
  - Round 3: 1.63s
    - Assert other parties hashed messages (reliability check): 936.00ns (0.0%)
    - Verify psi0, psi1 proofs: 219.26ms (13.5%)
    - Prove tilde_psi_i: 313.80µs (0.0%)
    - Sample random r, hat_r, s, hat_s, beta, hat_beta: 12.48µs (0.0%)
    - Encrypt D_ji: 157.29ms (9.7%)
    - Encrypt F_ji: 69.62ms (4.3%)
    - Encrypt hat_D_ji: 152.08ms (9.3%)
    - Encrypt hat_F_ji: 69.56ms (4.3%)
    - Prove psi_ji: 483.61ms (29.7%)
    - Prove psiˆ_ji: 476.30ms (29.3%)
    - Unstaged: 1.72µs (0.0%)
  - Round 4: 916.81ms
    - Retrieve auxiliary data: 637.00ns (0.0%)
    - Validate tilde_psi_j: 926.32µs (0.1%)
    - Validate psi_i,j: 386.43ms (42.1%)
    - Validate hat_psi_i,j: 387.75ms (42.3%)
    - Compute Gamma, Delta_i, delta_i, chi_i: 141.38ms (15.4%)
    - Prove psi_prime: 318.01µs (0.0%)
    - Unstaged: 934.00ns (0.0%)
  - Presig output: 1.34ms
    - Validate psi_prime_prime: 924.88µs (69.2%)
    - Calculate presignature: 410.24µs (30.7%)
    - Unstaged: 607.00ns (0.0%)
  - Partial signing: 7.28µs
  - Signature reconstruction: 446.45µs

survived added 2 commits March 18, 2026 13:29
@survived
Add support of secp384r1 curve
d875889 
Signed-off-by: Denis Varlakov <denis@dfns.co>
@survived
Add OptionalHd to tests
89397b8 
Signed-off-by: Denis Varlakov <denis@dfns.co>
@survived
Copy link
Copy Markdown
Contributor Author

survived commented Mar 18, 2026

@maurges @nikita-dfns can you look at changes I pushed in 89397b8 before I update all tests to work with HD in similar way?

survived added 4 commits March 19, 2026 10:51
@survived
Adjust choice of hash function for secp384r1 in full pipeline test
4a005b2 
Signed-off-by: Denis Varlakov <denis@dfns.co>
@survived
Update rest of the tests
1c62822 
Signed-off-by: Denis Varlakov <denis@dfns.co>
@survived
Move test-data/precomputed_shares.json to LFS
bd88060 
Signed-off-by: Denis Varlakov <denis@dfns.co>
@survived
Update workflows to download lfs in tests
118c602 
Signed-off-by: Denis Varlakov <denis@dfns.co>
survived added 7 commits March 20, 2026 09:56
@survived
Fix MillionRing
d96b8f8 
Signed-off-by: Denis Varlakov <denis@dfns.co>
@survived
cargo fmt
5a11faf 
Signed-off-by: Denis Varlakov <denis@dfns.co>
@survived
clippy fix
9bda249 
Signed-off-by: Denis Varlakov <denis@dfns.co>
@survived
Prettify imports
7b20c47 
Signed-off-by: Denis Varlakov <denis@dfns.co>
@survived
Remove HdAlgo from CurveParams
1cb7251 
Signed-off-by: Denis Varlakov <denis@dfns.co>
@survived
Bump versions & update changelog & update migration guidelines
bfbb5e0 
Signed-off-by: Denis Varlakov <denis@dfns.co>
@survived
Fix doc examples
5ca89f4 
Signed-off-by: Denis Varlakov <denis@dfns.co>
@survived survived marked this pull request as ready for review March 20, 2026 10:54
@survived survived requested a review from maurges March 20, 2026 11:03
@survived survived mentioned this pull request Mar 20, 2026
Merged
8 tasks
maurges
maurges reviewed Mar 20, 2026
View reviewed changes
maurges
maurges reviewed Mar 20, 2026
View reviewed changes
@maurges
Copy link
Copy Markdown

maurges commented Mar 20, 2026

Looks good. I actually like the test changes

survived added 2 commits March 23, 2026 09:57
@survived
Load all pregenerated data in runtime
53ba026 
Signed-off-by: Denis Varlakov <denis@dfns.co>
@survived
Remove patches for deps that were released
08f94c8 
Signed-off-by: Denis Varlakov <denis@dfns.co>
@socket-security
Copy link
Copy Markdown

socket-security bot commented Mar 23, 2026
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatedcargo/​generic-ec-zkp@​0.4.1 ⏵ 0.5.010010093100100
Updatedcargo/​hd-wallet@​0.6.0 ⏵ 0.7.010010093100100
Updatedcargo/​generic-ec@​0.4.1 ⏵ 0.5.0100100100100100

View full report

@survived
Reduce size of precomputed_shares.json from 401M to 116K
567d73a 
Signed-off-by: Denis Varlakov <denis@dfns.co>
@survived
Remove last patch
a916b77 
Signed-off-by: Denis Varlakov <denis@dfns.co>
@survived
Copy link
Copy Markdown
Contributor Author

survived commented Mar 23, 2026
edited
Loading

@maurges pushed suggested changes + reworked the precomputed shares storage. Now it's optimal, we do not store the duplicate information, as result size of file dropped from 401M to 116K. As result, there's more code for key shares reconstruction (as they are stored in disassembled state), but I think it's worth it.

maurges
maurges reviewed Mar 23, 2026
View reviewed changes
maurges
maurges previously approved these changes Mar 23, 2026
View reviewed changes
@survived
Update comment
5c02f15 
Signed-off-by: Denis Varlakov <denis@dfns.co>
@survived
Remove lfs from github workflows
664ca06 
Signed-off-by: Denis Varlakov <denis@dfns.co>
@survived survived merged commit 117cab3 into cggmp24/m Mar 23, 2026
27 checks passed
@survived survived deleted the curve/p384 branch March 23, 2026 13:35
@xuchaoqian xuchaoqian mentioned this pull request Mar 27, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@maurges maurges maurges approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@survived @maurges