Merge pull request #45 from bitcoin-sv/feature/shamir-key-split-combine

shamir key share split & combine

Author: rohenaz

.vscode/extensions.json

@@ -0,0 +1,3 @@
+{
+  "recommendations": ["SonarSource.sonarlint-vscode"]
+}

.vscode/settings.json

@@ -0,0 +1,6 @@
+{
+  "sonarlint.connectedMode.project": {
+    "connectionId": "bitcoin-sv",
+    "projectKey": "bitcoin-sv_go-sdk"
+  }
+}

CHANGELOG.md

@@ -5,11 +5,41 @@ All notable changes to this project will be documented in this file. The format
 ## Table of Contents
 
 - [Unreleased](#unreleased)
-- [1.1.2 - 2024-09-02](#111---2024-09-02)
+- [1.1.3 - 2024-09-04](#113---2024-09-04)
+- [1.1.2 - 2024-09-02](#112---2024-09-02)
 - [1.1.1 - 2024-08-28](#111---2024-08-28)
 - [1.1.0 - 2024-08-19](#110---2024-08-19)
 - [1.0.0 - 2024-06-06](#100---2024-06-06)
 
+## [1.1.3] - 2024-09-04
+
+  - Add shamir key splitting
+  - Added PublicKey.ToHash() - sha256 hash, then ripemd160 of the public key (matching ts implementation)`
+  - Added new KeyShares and polynomial primitives, and polynomial operations to support key splitting
+  - Tests for all new keyshare, private key, and polynomial operations
+  - added recommended vscode plugin and extension settings for this repo in .vscode directory
+  - handle base58 decode errors
+  - additional tests for script/address.go
+
+  ### Added
+  - `PrivateKey.ToKeyShares`
+  - `PrivateKey.ToPolynomial`
+  - `PrivateKey.ToBackupShares`
+  - `PrivateKeyFromKeyShares`
+  - `PrivateKeyFromBackupShares`
+  - `PublicKey.ToHash()`
+  - New tests for the new `PrivateKey` methods
+  - new primitive `keyshares`
+  - `NewKeyShares` returns a new `KeyShares` struct
+  - `NewKeySharesFromBackupFormat`
+  - `KeyShares.ToBackupFormat`
+  - `polonomial.go` and tests for core functionality used by `KeyShares` and `PrivateKey`
+  - `util.Umod` in `util` package `big.go`
+  - `util.NewRandomBigInt` in `util` package `big.go`
+
+  ### Changed
+  - `base58.Decode` now returns an error in the case of invalid characters
+
 ## [1.1.2] - 2024-09-02
   - Fix OP_BIN2NUM to copy bytes and prevent stack corruption & add corresponding test
 

RELEASE.md

@@ -3,4 +3,4 @@
 1. `merge tagged branch to master branch`
 2. `git tag v1.0.0`
 3. `git push origin v1.0.0`
-4. `goreleaser release`
+4. `GITHUB_TOKEN=xxxxxxxx goreleaser release --clean`

compat/base58/base58.go

@@ -5,6 +5,7 @@
 package compat
 
 import (
+	"errors"
 	"math/big"
 )
 
@@ -14,15 +15,15 @@ var bigRadix = big.NewInt(58)
 var bigZero = big.NewInt(0)
 
 // Decode decodes a modified base58 string to a byte slice.
-func Decode(b string) []byte {
+func Decode(b string) ([]byte, error) {
 	answer := big.NewInt(0)
 	j := big.NewInt(1)
 
 	scratch := new(big.Int)
 	for i := len(b) - 1; i >= 0; i-- {
 		tmp := b58[b[i]]
 		if tmp == 255 {
-			return []byte("")
+			return []byte(""), errors.New("bad character in encoding")
 		}
 		scratch.SetInt64(int64(tmp))
 		scratch.Mul(j, scratch)
@@ -42,7 +43,7 @@ func Decode(b string) []byte {
 	val := make([]byte, flen)
 	copy(val[numZeros:], tmpval)
 
-	return val
+	return val, nil
 }
 
 // Encode encodes a byte slice to a modified base58 string.

compat/bip32/extendedkey.go

@@ -537,7 +537,10 @@ func NewMaster(seed []byte, net *chaincfg.Params) (*ExtendedKey, error) {
 func NewKeyFromString(key string) (*ExtendedKey, error) {
 	// The base58-decoded extended key must consist of a serialized payload
 	// plus an additional 4 bytes for the checksum.
-	decoded := base58.Decode(key)
+	decoded, err := base58.Decode(key)
+	if err != nil {
+		return nil, err
+	}
 	if len(decoded) != serializedKeyLen+4 {
 		return nil, ErrInvalidKeyLen
 	}

docs/examples/keyshares_pk_from_backup/from_backup.go

@@ -0,0 +1,27 @@
+package main
+
+import (
+	"log"
+
+	ec "github.com/bitcoin-sv/go-sdk/primitives/ec"
+)
+
+func main() {
+	expectedWif := "KxPEP4DCP2a4g3YU5amfXjFH4kWmz8EHWrTugXocGWgWBbhGsX7a"
+
+	// Restore a key from 3 of 5 key shares
+	shares := []string{
+		"89Gtabj94hosNkJtAtSeJTBKrrZ2BpoVYr2Kmt5UFzjR.69DcY9ngWU7afbj1Na84BahFUMPb6qkBa1hmzDkDcp18.3.bbc45478",
+		"CsA3JhDRqBb1z58FxoixZmdsLTvHuehfwZzPgqJVA3Yv.4PP6QQcmFxikiX38yYUCqE2LFmht2MjXkf4nRjMqYBgw.3.bbc45478",
+		"BVk1tcvJEbhUfZagStg15rFRxQDeLzgSN15rWkGhNf19.CUB7p6zK3JPBkBriRRGdWj4y3Z3qCfsaCYutmMWKv1VJ.3.bbc45478",
+	}
+
+	pk, _ := ec.PrivateKeyFromBackupShares(shares)
+
+	if pk.Wif() == expectedWif {
+		log.Println("Private key:", pk.Wif())
+	}
+
+	// Prints The Original Private key
+	// KxPEP4DCP2a4g3YU5amfXjFH4kWmz8EHWrTugXocGWgWBbhGsX7a
+}

docs/examples/keyshares_pk_to_backup/to_backup.go

@@ -0,0 +1,27 @@
+package main
+
+import (
+	"encoding/hex"
+	"log"
+
+	ec "github.com/bitcoin-sv/go-sdk/primitives/ec"
+)
+
+func main() {
+	pk, _ := ec.PrivateKeyFromWif("KxPEP4DCP2a4g3YU5amfXjFH4kWmz8EHWrTugXocGWgWBbhGsX7a")
+	log.Println("Private key:", hex.EncodeToString(pk.PubKey().ToHash())[:8])
+	totalShares := 5
+	threshold := 3
+	shares, _ := pk.ToBackupShares(threshold, totalShares)
+
+	for i, share := range shares {
+		log.Printf("Share %d: %s", i+1, share)
+	}
+
+	// Prints
+	// Share 1: <share1-x>.<share1-y>.3.bbc45478
+	// Share 2: <share1-x>.<share1-y>.3.bbc45478
+	// Share 3: <share1-x>.<share1-y>.3.bbc45478
+	// Share 4: <share1-x>.<share1-y>.3.bbc45478
+	// Share 5: <share1-x>.<share1-y>.3.bbc45478
+}

primitives/ec/privatekey.go

@@ -11,6 +11,8 @@ import (
 
 	base58 "github.com/bitcoin-sv/go-sdk/compat/base58"
 	crypto "github.com/bitcoin-sv/go-sdk/primitives/hash"
+	keyshares "github.com/bitcoin-sv/go-sdk/primitives/keyshares"
+	"github.com/bitcoin-sv/go-sdk/util"
 )
 
 var (
@@ -41,7 +43,7 @@ const compressMagic byte = 0x01
 // package.
 type PrivateKey e.PrivateKey
 
-// PrivateKeyFromBytes returns a private and public key for `curve' based on the
+// PrivateKeyFromBytes returns a private and public key based on the
 // private key passed as an argument as a byte slice.
 func PrivateKeyFromBytes(pk []byte) (*PrivateKey, *PublicKey) {
 	x, y := S256().ScalarBaseMult(pk)
@@ -57,7 +59,6 @@ func PrivateKeyFromBytes(pk []byte) (*PrivateKey, *PublicKey) {
 }
 
 // NewPrivateKey is a wrapper for ecdsa.GenerateKey that returns a PrivateKey
-// instead of the normal ecdsa.PrivateKey.
 func NewPrivateKey() (*PrivateKey, error) {
 	key, err := e.GenerateKey(S256(), rand.Reader)
 	if err != nil {
@@ -66,7 +67,7 @@ func NewPrivateKey() (*PrivateKey, error) {
 	return (*PrivateKey)(key), nil
 }
 
-// PrivateKey is an ecdsa.PrivateKey with additional functions to
+// PrivateKeyFromHex returns a private key from a hex string.
 func PrivateKeyFromHex(privKeyHex string) (*PrivateKey, error) {
 	if len(privKeyHex) == 0 {
 		return nil, errors.New("private key hex is empty")
@@ -79,9 +80,12 @@ func PrivateKeyFromHex(privKeyHex string) (*PrivateKey, error) {
 	return privKey, nil
 }
 
-// PrivateKey is an ecdsa.PrivateKey with additional functions to
+// PrivateKeyFromWif returns a private key from a WIF string.
 func PrivateKeyFromWif(wif string) (*PrivateKey, error) {
-	decoded := base58.Decode(wif)
+	decoded, err := base58.Decode(wif)
+	if err != nil {
+		return nil, err
+	}
 	decodedLen := len(decoded)
 	var compress bool
 
@@ -198,3 +202,131 @@ func (p *PrivateKey) DeriveChild(pub *PublicKey, invoiceNumber string) (*Private
 	privKey, _ := PrivateKeyFromBytes(newPrivKey.Bytes())
 	return privKey, nil
 }
+
+func (p *PrivateKey) ToPolynomial(threshold int) (*keyshares.Polynomial, error) {
+	// Check for invalid threshold
+	if threshold < 2 {
+		return nil, fmt.Errorf("threshold must be at least 2")
+	}
+
+	curve := keyshares.NewCurve()
+	points := make([]*keyshares.PointInFiniteField, 0)
+
+	// Set the first point to (0, key)
+	points = append(points, keyshares.NewPointInFiniteField(big.NewInt(0), p.D))
+
+	// Generate random points for the rest of the polynomial
+	for i := 1; i < threshold; i++ {
+		x := util.Umod(util.NewRandomBigInt(32), curve.P)
+		y := util.Umod(util.NewRandomBigInt(32), curve.P)
+
+		points = append(points, keyshares.NewPointInFiniteField(x, y))
+	}
+	return keyshares.NewPolynomial(points, threshold), nil
+}
+
+/**
+ * Splits the private key into shares using Shamir's Secret Sharing Scheme.
+ *
+ * @param threshold The minimum number of shares required to reconstruct the private key.
+ * @param totalShares The total number of shares to generate.
+ * @returns A KeyShares object containing the shares, threshold and integrity.
+ *
+ * @example
+ * key, _ := NewPrivateKey()
+ * shares, _ := key.ToKeyShares(2, 5)
+ */
+func (p *PrivateKey) ToKeyShares(threshold int, totalShares int) (keyShares *keyshares.KeyShares, error error) {
+	if threshold < 2 {
+		return nil, errors.New("threshold must be at least 2")
+	}
+	if totalShares < 2 {
+		return nil, errors.New("totalShares must be at least 2")
+	}
+	if threshold > totalShares {
+		return nil, errors.New("threshold should be less than or equal to totalShares")
+	}
+
+	poly, err := p.ToPolynomial(threshold)
+	if err != nil {
+		return nil, err
+	}
+
+	points := make([]*keyshares.PointInFiniteField, 0)
+	for range totalShares {
+		pk, err := NewPrivateKey()
+		if err != nil {
+			return nil, err
+		}
+		x := new(big.Int).Set(pk.D)
+		y := new(big.Int).Set(poly.ValueAt(x))
+		points = append(points, keyshares.NewPointInFiniteField(x, y))
+	}
+
+	integrity := hex.EncodeToString(p.PubKey().ToHash())[:8]
+	return keyshares.NewKeyShares(points, threshold, integrity), nil
+}
+
+// PrivateKeyFromKeyShares combines shares to reconstruct the private key
+func PrivateKeyFromKeyShares(keyShares *keyshares.KeyShares) (*PrivateKey, error) {
+	if keyShares.Threshold < 2 {
+		return nil, errors.New("threshold should be at least 2")
+	}
+
+	if len(keyShares.Points) < keyShares.Threshold {
+		return nil, fmt.Errorf("at least %d shares are required to reconstruct the private key", keyShares.Threshold)
+	}
+
+	// check to see if two points have the same x value
+	for i := 0; i < keyShares.Threshold; i++ {
+		for j := i + 1; j < keyShares.Threshold; j++ {
+			if keyShares.Points[i].X.Cmp(keyShares.Points[j].X) == 0 {
+				return nil, fmt.Errorf("duplicate share detected, each must be unique")
+			}
+		}
+	}
+
+	poly := keyshares.NewPolynomial(keyShares.Points, keyShares.Threshold)
+	polyBytes := poly.ValueAt(big.NewInt(0)).Bytes()
+	privateKey, publicKey := PrivateKeyFromBytes(polyBytes)
+	integrityHash := hex.EncodeToString(publicKey.ToHash())[:8]
+	if keyShares.Integrity != integrityHash {
+		return nil, fmt.Errorf("integrity hash mismatch %s != %s", keyShares.Integrity, integrityHash)
+	}
+	return privateKey, nil
+}
+
+/**
+ * @method ToBackupShares
+ *
+ * Creates a backup of the private key by splitting it into shares.
+ *
+ *
+ * @param threshold The number of shares which will be required to reconstruct the private key.
+ * @param shares The total number of shares to generate for distribution.
+ * @returns
+ */
+func (p *PrivateKey) ToBackupShares(threshold int, shares int) ([]string, error) {
+	keyShares, err := p.ToKeyShares(threshold, shares)
+	if err != nil {
+		return nil, err
+	}
+	return keyShares.ToBackupFormat()
+}
+
+/**
+ *
+ * @method PrivateKeyFromBackupShares
+ *
+ * Creates a private key from backup shares.
+ *
+ * @param shares in backup format
+ * @returns PrivateKey
+ */
+func PrivateKeyFromBackupShares(shares []string) (*PrivateKey, error) {
+	keyShares, err := keyshares.NewKeySharesFromBackupFormat(shares)
+	if err != nil {
+		return nil, err
+	}
+	return PrivateKeyFromKeyShares(keyShares)
+}