{"id":13607220,"url":"https://github.com/bnb-chain/tss-lib","last_synced_at":"2026-01-15T22:20:22.925Z","repository":{"id":37374712,"uuid":"186134447","full_name":"bnb-chain/tss-lib","owner":"bnb-chain","description":"Threshold Signature Scheme, for ECDSA and EDDSA","archived":false,"fork":false,"pushed_at":"2025-10-24T08:10:44.000Z","size":5350,"stargazers_count":975,"open_issues_count":64,"forks_count":342,"subscribers_count":33,"default_branch":"master","last_synced_at":"2026-01-13T03:35:49.539Z","etag":null,"topics":["blockchain","cryptography","golang","tss"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/bnb-chain.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2019-05-11T13:10:27.000Z","updated_at":"2026-01-13T03:33:52.000Z","dependencies_parsed_at":"2024-04-18T09:29:50.176Z","dependency_job_id":"9c2f3bac-21fb-448a-96c6-f1b7fb8e9188","html_url":"https://github.com/bnb-chain/tss-lib","commit_stats":{"total_commits":369,"total_committers":23,"mean_commits":"16.043478260869566","dds":0.5284552845528455,"last_synced_commit":"5d01446c77c7ef4e20189c59a4d0f9db2c71a4e9"},"previous_names":["binance-chain/tss-lib"],"tags_count":13,"template":false,"template_full_name":null,"purl":"pkg:github/bnb-chain/tss-lib","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bnb-chain%2Ftss-lib","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bnb-chain%2Ftss-lib/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bnb-chain%2Ftss-lib/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bnb-chain%2Ftss-lib/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/bnb-chain","download_url":"https://codeload.github.com/bnb-chain/tss-lib/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bnb-chain%2Ftss-lib/sbom","scorecard":{"id":238401,"data":{"date":"2025-08-11","repo":{"name":"github.com/bnb-chain/tss-lib","commit":"5d01446c77c7ef4e20189c59a4d0f9db2c71a4e9"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":4.7,"checks":[{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Security-Policy","score":9,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Warn: One or no descriptive hints of disclosure, vulnerability, and/or timelines in security policy","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/gofmt.yml:1","Warn: no topLevel permission defined: .github/workflows/test.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Code-Review","score":9,"reason":"Found 17/18 approved changesets -- score normalized to 9","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/gofmt.yml:9: update your workflow using https://app.stepsecurity.io/secureworkflow/bnb-chain/tss-lib/gofmt.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/gofmt.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/bnb-chain/tss-lib/gofmt.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/bnb-chain/tss-lib/test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/bnb-chain/tss-lib/test.yml/master?enable=pin","Info:   0 out of   3 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   1 third-party GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Vulnerabilities","score":4,"reason":"6 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2024-2818 / GHSA-3jgf-r68h-xfqm","Warn: Project is vulnerable to: GO-2024-3189 / GHSA-27vh-h6mc-q6g8","Warn: Project is vulnerable to: GO-2023-2402 / GHSA-45x7-px36-x8w8","Warn: Project is vulnerable to: GO-2024-3321 / GHSA-v778-237x-gjrc","Warn: Project is vulnerable to: GO-2025-3487 / GHSA-hcg3-q754-cr77","Warn: Project is vulnerable to: GO-2024-2611 / GHSA-8r3f-844c-mc37"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-17T06:10:53.213Z","repository_id":37374712,"created_at":"2025-08-17T06:10:53.213Z","updated_at":"2025-08-17T06:10:53.213Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28472626,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-15T22:13:38.078Z","status":"ssl_error","status_checked_at":"2026-01-15T22:12:11.737Z","response_time":62,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["blockchain","cryptography","golang","tss"],"created_at":"2024-08-01T19:01:16.648Z","updated_at":"2026-01-15T22:20:22.911Z","avatar_url":"https://github.com/bnb-chain.png","language":"Go","funding_links":[],"categories":["Go","Software Development","Exchange-based Tokens"],"sub_categories":["Go"],"readme":"# Multi-Party Threshold Signature Scheme\n[![MIT licensed][1]][2] [![GoDoc][3]][4] [![Go Report Card][5]][6]\n\n[1]: https://img.shields.io/badge/license-MIT-blue.svg\n[2]: LICENSE\n[3]: https://godoc.org/github.com/bnb-chain/tss-lib?status.svg\n[4]: https://godoc.org/github.com/bnb-chain/tss-lib\n[5]: https://goreportcard.com/badge/github.com/bnb-chain/tss-lib\n[6]: https://goreportcard.com/report/github.com/bnb-chain/tss-lib\n\nPermissively MIT Licensed.\n\nNote! This is a library for developers. You may find a TSS tool that you can use with the Binance Chain CLI [here](https://docs.binance.org/tss.html).\n\n## Introduction\nThis is an implementation of multi-party {t,n}-threshold ECDSA (Elliptic Curve Digital Signature Algorithm) based on Gennaro and Goldfeder CCS 2018 [1] and EdDSA (Edwards-curve Digital Signature Algorithm) following a similar approach.\n\nThis library includes three protocols:\n\n* Key Generation for creating secret shares with no trusted dealer (\"keygen\").\n* Signing for using the secret shares to generate a signature (\"signing\").\n* Dynamic Groups to change the group of participants while keeping the secret (\"resharing\").\n\n⚠️ Do not miss [these important notes](#how-to-use-this-securely) on implementing this library securely\n\n## Rationale\nECDSA is used extensively for crypto-currencies such as Bitcoin, Ethereum (secp256k1 curve), NEO (NIST P-256 curve) and many more. \n\nEdDSA is used extensively for crypto-currencies such as Cardano, Aeternity, Stellar Lumens and many more.\n\nFor such currencies this technique may be used to create crypto wallets where multiple parties must collaborate to sign transactions. See [MultiSig Use Cases](https://en.bitcoin.it/wiki/Multisignature#Multisignature_Applications)\n\nOne secret share per key/address is stored locally by each participant and these are kept safe by the protocol – they are never revealed to others at any time. Moreover, there is no trusted dealer of the shares.\n\nIn contrast to MultiSig solutions, transactions produced by TSS preserve the privacy of the signers by not revealing which `t+1` participants were involved in their signing.\n\nThere is also a performance bonus in that blockchain nodes may check the validity of a signature without any extra MultiSig logic or processing.\n\n## Usage\nYou should start by creating an instance of a `LocalParty` and giving it the arguments that it needs.\n\nThe `LocalParty` that you use should be from the `keygen`, `signing` or `resharing` package depending on what you want to do.\n\n### Setup\n```go\n// When using the keygen party it is recommended that you pre-compute the \"safe primes\" and Paillier secret beforehand because this can take some time.\n// This code will generate those parameters using a concurrency limit equal to the number of available CPU cores.\npreParams, _ := keygen.GeneratePreParams(1 * time.Minute)\n\n// Create a `*PartyID` for each participating peer on the network (you should call `tss.NewPartyID` for each one)\nparties := tss.SortPartyIDs(getParticipantPartyIDs())\n\n// Set up the parameters\n// Note: The `id` and `moniker` fields are for convenience to allow you to easily track participants.\n// The `id` should be a unique string representing this party in the network and `moniker` can be anything (even left blank).\n// The `uniqueKey` is a unique identifying key for this peer (such as its p2p public key) as a big.Int.\nthisParty := tss.NewPartyID(id, moniker, uniqueKey)\nctx := tss.NewPeerContext(parties)\n\n// Select an elliptic curve\n// use ECDSA\ncurve := tss.S256()\n// or use EdDSA\n// curve := tss.Edwards()\n\nparams := tss.NewParameters(curve, ctx, thisParty, len(parties), threshold)\n\n// You should keep a local mapping of `id` strings to `*PartyID` instances so that an incoming message can have its origin party's `*PartyID` recovered for passing to `UpdateFromBytes` (see below)\npartyIDMap := make(map[string]*PartyID)\nfor _, id := range parties {\n    partyIDMap[id.Id] = id\n}\n```\n\n### Keygen\nUse the `keygen.LocalParty` for the keygen protocol. The save data you receive through the `endCh` upon completion of the protocol should be persisted to secure storage.\n\n```go\nparty := keygen.NewLocalParty(params, outCh, endCh, preParams) // Omit the last arg to compute the pre-params in round 1\ngo func() {\n    err := party.Start()\n    // handle err ...\n}()\n```\n\n### Signing\nUse the `signing.LocalParty` for signing and provide it with a `message` to sign. It requires the key data obtained from the keygen protocol. The signature will be sent through the `endCh` once completed.\n\nPlease note that `t+1` signers are required to sign a message and for optimal usage no more than this should be involved. Each signer should have the same view of who the `t+1` signers are.\n\n```go\nparty := signing.NewLocalParty(message, params, ourKeyData, outCh, endCh)\ngo func() {\n    err := party.Start()\n    // handle err ...\n}()\n```\n\n### Re-Sharing\nUse the `resharing.LocalParty` to re-distribute the secret shares. The save data received through the `endCh` should overwrite the existing key data in storage, or write new data if the party is receiving a new share.\n\nPlease note that `ReSharingParameters` is used to give this Party more context about the re-sharing that should be carried out.\n\n```go\nparty := resharing.NewLocalParty(params, ourKeyData, outCh, endCh)\ngo func() {\n    err := party.Start()\n    // handle err ...\n}()\n```\n\n⚠️ During re-sharing the key data may be modified during the rounds. Do not ever overwrite any data saved on disk until the final struct has been received through the `end` channel.\n\n## Messaging\nIn these examples the `outCh` will collect outgoing messages from the party and the `endCh` will receive save data or a signature when the protocol is complete.\n\nDuring the protocol you should provide the party with updates received from other participating parties on the network.\n\nA `Party` has two thread-safe methods on it for receiving updates.\n```go\n// The main entry point when updating a party's state from the wire\nUpdateFromBytes(wireBytes []byte, from *tss.PartyID, isBroadcast bool) (ok bool, err *tss.Error)\n// You may use this entry point to update a party's state when running locally or in tests\nUpdate(msg tss.ParsedMessage) (ok bool, err *tss.Error)\n```\n\nAnd a `tss.Message` has the following two methods for converting messages to data for the wire:\n```go\n// Returns the encoded message bytes to send over the wire along with routing information\nWireBytes() ([]byte, *tss.MessageRouting, error)\n// Returns the protobuf wrapper message struct, used only in some exceptional scenarios (i.e. mobile apps)\nWireMsg() *tss.MessageWrapper\n```\n\nIn a typical use case, it is expected that a transport implementation will consume message bytes via the `out` channel of the local `Party`, send them to the destination(s) specified in the result of `msg.GetTo()`, and pass them to `UpdateFromBytes` on the receiving end.\n\nThis way there is no need to deal with Marshal/Unmarshalling Protocol Buffers to implement a transport.\n\n## Changes of Preparams of ECDSA in v2.0\n\nTwo fields PaillierSK.P and PaillierSK.Q is added in version 2.0. They are used to generate Paillier key proofs. Key valuts generated from versions before 2.0 need to regenerate(resharing) the key valuts to update the praparams with the necessary fileds filled.\n\n## How to use this securely\n\n⚠️ This section is important. Be sure to read it!\n\nThe transport for messaging is left to the application layer and is not provided by this library. Each one of the following paragraphs should be read and followed carefully as it is crucial that you implement a secure transport to ensure safety of the protocol.\n\nWhen you build a transport, it should offer a broadcast channel as well as point-to-point channels connecting every pair of parties. Your transport should also employ suitable end-to-end encryption (TLS with an [AEAD cipher](https://en.wikipedia.org/wiki/Authenticated_encryption#Authenticated_encryption_with_associated_data_(AEAD)) is recommended) between parties to ensure that a party can only read the messages sent to it.\n\nWithin your transport, each message should be wrapped with a **session ID** that is unique to a single run of the keygen, signing or re-sharing rounds. This session ID should be agreed upon out-of-band and known only by the participating parties before the rounds begin. Upon receiving any message, your program should make sure that the received session ID matches the one that was agreed upon at the start.\n\nAdditionally, there should be a mechanism in your transport to allow for \"reliable broadcasts\", meaning parties can broadcast a message to other parties such that it's guaranteed that each one receives the same message. There are several examples of algorithms online that do this by sharing and comparing hashes of received messages.\n\nTimeouts and errors should be handled by your application. The method `WaitingFor` may be called on a `Party` to get the set of other parties that it is still waiting for messages from. You may also get the set of culprit parties that caused an error from a `*tss.Error`.\n\n## Security Audit\nA full review of this library was carried out by Kudelski Security and their final report was made available in October, 2019. A copy of this report [`audit-binance-tss-lib-final-20191018.pdf`](https://github.com/bnb-chain/tss-lib/releases/download/v1.0.0/audit-binance-tss-lib-final-20191018.pdf) may be found in the v1.0.0 release notes of this repository.\n\n## References\n\\[1\\] https://eprint.iacr.org/2019/114.pdf\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbnb-chain%2Ftss-lib","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbnb-chain%2Ftss-lib","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbnb-chain%2Ftss-lib/lists"}