{"id":19869685,"url":"https://github.com/burmisov/mpc-tss-js","last_synced_at":"2025-05-02T08:30:56.882Z","repository":{"id":208623679,"uuid":"722087184","full_name":"burmisov/mpc-tss-js","owner":"burmisov","description":"WIP: Multi-Party Computation Threshold Signature Scheme Implementation in Javascript","archived":false,"fork":false,"pushed_at":"2023-12-05T21:07:54.000Z","size":307,"stargazers_count":6,"open_issues_count":0,"forks_count":1,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-04-19T22:03:09.181Z","etag":null,"topics":["bitcoin","cryptocurrency","ecdsa","ethereum","js","mpc","threshold-cryptography","tss"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/burmisov.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2023-11-22T12:08:05.000Z","updated_at":"2024-12-11T06:03:28.000Z","dependencies_parsed_at":"2023-12-04T12:38:01.728Z","dependency_job_id":null,"html_url":"https://github.com/burmisov/mpc-tss-js","commit_stats":null,"previous_names":["burmisov/mpc-tss-js"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/burmisov%2Fmpc-tss-js","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/burmisov%2Fmpc-tss-js/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/burmisov%2Fmpc-tss-js/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/burmisov%2Fmpc-tss-js/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/burmisov","download_url":"https://codeload.github.com/burmisov/mpc-tss-js/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252008750,"owners_count":21679636,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bitcoin","cryptocurrency","ecdsa","ethereum","js","mpc","threshold-cryptography","tss"],"created_at":"2024-11-12T16:06:31.344Z","updated_at":"2025-05-02T08:30:56.488Z","avatar_url":"https://github.com/burmisov.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# mpc-tss-js\n\n**WARNING: Work in progress!**\n\nAn attempt to implement a multi-party computation (MPC) threshold signature scheme (TSS) in Javascript/Typescript for use on Node.js, browsers, react-native apps and other modern JS platforms. This strives to be secure and auditable, based on state of the art research and proven implementations, permissively licensed.\n\nThe approach is described in the original paper by Canetti et al.,\n\"UC Non-Interactive, Proactive, Threshold ECDSA with Identifiable Aborts\"\nhttps://eprint.iacr.org/2021/060\n\n## Current status\n\nUpdated Dec 5, 2023:\n\nFull keygen + signing works, now need to publish to be able to use externally\nfor a demo check. Get back to refinement after that.\n\nUpdated Dec 2, 2023:\n\nMilestone 2 sort of complete -- the library is able to generate a 3-party\nconfiguration via a keygen ceremony; this configuration is tested to be ingestable\nby the signing ceremony and to produce a valid signature in the end.\nSome issues leftover: proper key configuration hashing that is required\nat Round 4 of keygen, as well as multiple minor ones.\n\nUpdated Nov 30, 2023:\n\nMilestone 1 complete -- the library is able to perform a \"2 out of 3\" or\n\"3 out of 3\" parties ECDSA signature (and probably other party numbers, too),\nthe signature is validated both internally and with Ethereum tools. The 3 parties\nkey configuration used is pre-created using the original\n[multi-party-sig](https://github.com/taurusgroup/multi-party-sig) library.\nMilestone 2 is going to be the key generation ceremony implementation, but before that\nit needs some care with state/parameters validation and cleanup.\n\n## How to use\n\nUntil Milestone 2 I see no point exporting any API or interfaces so the best you\ncan do now is to run the tests:\n\n**Use Node.js 21+**\n\n```\ngit clone git@github.com:burmisov/mpc-tss-js.git\ncd mpc-tss-js\nnpm install\nnpm test\n```\n\nThe signature test uses a pre-created 3-party key configuration and handles (more\nlike emulates) signatories communication throught the 5 rounds of creating a signature.\n\n## Current goals\n\n1. Make a full useable cycle with creating a multi-party key setup (key generation process)\n2. Everything else is secondary at this point; this includes docs, comments, links, performance optimization, proper packaging, even some mid-to-low grade security aspects, etc.\n\n## Known issues and limitations\n\n1. Doesn't really perform a full-cycle useful service as of current status; this is about to change\n2. Some operations that could be constant time are not currently constant time\n3. No proper per-round validation of completeness of input parameters\n4. Signing session and state passing between rounds is a bit messy\n5. There's no consistent serialization and deserialization routints for all the necessary objects\n6. Known factorization is not reused to speed some things up; this can be added later\n7. [ likely there's more ]\n\n## TODOs:\n\n### Features\n\n- [x] Make rounds' communication JSON-serializable\n- [x] Prepare v0 publish artifacts\n- [ ] Publish to try to use externally\n\n### Other\n\n- [ ] check zk/mod\n- [ ] Hashing with domains\n- [ ] BIP32 signing\n- [ ] Refactor and cleanup\n- [ ] Devise a predictable Error model\n- [ ] ElGamal\n- [ ] Oblivious Transfer\n- [ ] Create a proper readme\n- [ ] Add a workflow to test (and publish?)\n- [x] Configure my system for signed commits\n- [ ] MILESTONE 3+: Review, add Schnorr and Ed25519 signatures to the scope, implement key refresh ceremony, etc.\n\n### Docs\n\n- [ ] Explicitly list dependencies\n- [ ] Link to my instrumented multi-party-sig fork\n- [ ] Lay out motivation and prior art\n- [ ] Lay out the goals and the plan\n\n##### Done:\n\n- [x] MILESTONE 1: Create a valid signature via \"online\" ceremony given pre-created party setups\n- [x] Paillier encryption scheme internal library (minimal)\n- [x] Keyconfig (party setup) data\n- [x] Pedersen\n- [x] Lagrange\n- [x] ZK Proofs -- zk/enc\n- [x] Signing Round 1 !\n- [x] ZK Proofs -- zk/logstar\n- [x] ZK Proofs -- zk/affg\n- [x] ZK Proofs -- zk/affp\n- [x] MTA\n- [x] Signing Round 2\n- [x] Signing Round 3\n- [x] Signing Round 4\n- [x] Signing Round 5\n- [x] Covert to Ethereum signature and verify with external tool\n- [x] Fix session hashing\n- [x] Blake3-based hasher class\n- [x] Signing round data and implementations\n- [x] ECDSA with secp256k1 utils (use/wrap @noble/curves -- did use it)\n\n- [x] MILESTONE 2: Implement a key generation ceremony; generate valid party setups and create a valid signature\n- [x] ZK Proofs -- sch\n- [x] ZK Proofs -- fac\n- [x] ZK Proofs -- mod\n- [x] ZK Proofs -- prm\n- [x] Polynomials\n- [x] Polynomial Exponent\n- [x] Keygen round 1\n- [x] Keygen round 2\n- [x] Keygen round 3\n- [x] Keygen round 4\n- [x] Keygen round 5\n- [x] Implement KeyConfig hashing and amend round 5\n- [x] End-to-end test with keygen and signing with fresh keys (arbitrary parties)\n\n## Intellectual Property\n\nCopyright 2023 Sergey Burmisov (burmisov.com)\n\n```\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this work except in compliance with the License.\nYou may obtain a copy of the License at\n\n    http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n```\n\nMajor components of this library are derived from the original Go-language library:\n\nhttps://github.com/taurusgroup/multi-party-sig\n\nWhile no original source files are used as-is, many JS/TS files closely rewrite the\noriginal Go files. Other parts adhere to similar semantics as the original library, and\nother sections are original due to JS/TS idiosyncrasies or simply at the author's\ndiscretion.\n\nOriginal Go multi-party-sig copyright notice:  \ncopyright (c) Adrian Hamelink and Taurus SA, 2021, and under Apache 2.0 license.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fburmisov%2Fmpc-tss-js","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fburmisov%2Fmpc-tss-js","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fburmisov%2Fmpc-tss-js/lists"}