pub struct Ecdsa {
host_url: String,
}Expand description
A threshold ECDSA implementation that allows distributed key generation and signing.
This struct provides methods for:
- Distributed key generation among multiple parties
- Threshold signing with a subset of parties
- Key derivation using BIP-32 paths
- Secret share management and refresh operations
- Private key import/export functionality
Fields§
§host_url: StringImplementations§
Source§impl Ecdsa
impl Ecdsa
Sourcepub fn with_default_host() -> Self
pub fn with_default_host() -> Self
Creates a new ECDSA instance using the default production host URL.
Sourcepub fn init_keygen(&self) -> Result<(KeygenId, KeygenPrivateKey), SodotError>
pub fn init_keygen(&self) -> Result<(KeygenId, KeygenPrivateKey), SodotError>
Initializes the key generation process by creating a keygen ID and private key.
Sourcepub async fn create_room(
&self,
num_parties: NonZeroU16,
api_key: &str,
) -> Result<RoomUUID, SodotError>
pub async fn create_room( &self, num_parties: NonZeroU16, api_key: &str, ) -> Result<RoomUUID, SodotError>
Creates a room for coordinating multi-party computation protocols.
Sourcepub async fn keygen(
&self,
room_uuid: &RoomUUID,
num_parties: NonZeroU16,
threshold: NonZeroU16,
keygen_init_keypair: &KeygenPrivateKey,
keygen_ids: &[KeygenId],
) -> Result<(EcdsaPublicKey, EcdsaSecretShare), SodotError>
pub async fn keygen( &self, room_uuid: &RoomUUID, num_parties: NonZeroU16, threshold: NonZeroU16, keygen_init_keypair: &KeygenPrivateKey, keygen_ids: &[KeygenId], ) -> Result<(EcdsaPublicKey, EcdsaSecretShare), SodotError>
Generates a threshold ECDSA key.
Multiple parties collaborate to create a shared public key and individual secret shares. The resulting public key can be used for verification, while the secret shares are required for threshold signing.
Sourcepub async fn sign(
&self,
room_uuid: &RoomUUID,
secret_share: &EcdsaSecretShare,
message_hash: &MessageHash,
derivation_path: &[u32],
) -> Result<EcdsaSignature, SodotError>
pub async fn sign( &self, room_uuid: &RoomUUID, secret_share: &EcdsaSecretShare, message_hash: &MessageHash, derivation_path: &[u32], ) -> Result<EcdsaSignature, SodotError>
Signs a message using the threshold ECDSA scheme.
A subset of parties (at least the threshold) collaborate to generate a valid ECDSA signature for a given message hash. The signature can be verified against the public key generated during keygen.
Sourcepub fn derive_pubkey(
&self,
secret_share: &EcdsaSecretShare,
derivation_path: &[u32],
) -> Result<EcdsaPublicKey, SodotError>
pub fn derive_pubkey( &self, secret_share: &EcdsaSecretShare, derivation_path: &[u32], ) -> Result<EcdsaPublicKey, SodotError>
Derives a public key using a BIP-32 non-hardened derivation path.
Derives child public keys from a secret share without needing additional threshold operations. Follows the BIP-32 standard for hierarchical deterministic key derivation.
Sourcepub fn get_xpub(
&self,
secret_share: &EcdsaSecretShare,
) -> Result<EcdsaExtendedPublicKey, SodotError>
pub fn get_xpub( &self, secret_share: &EcdsaSecretShare, ) -> Result<EcdsaExtendedPublicKey, SodotError>
Returns a base58-encoded extended public key (Xpub) derived from a secret share.
The returned Xpub follows the BIP-32 standard and can be used with third-party libraries
or with the derive_pubkey_from_xpub method for additional key derivations.
Sourcepub fn derive_pubkey_from_xpub(
&self,
xpub: &EcdsaExtendedPublicKey,
derivation_path: &[u32],
) -> Result<EcdsaPublicKey, SodotError>
pub fn derive_pubkey_from_xpub( &self, xpub: &EcdsaExtendedPublicKey, derivation_path: &[u32], ) -> Result<EcdsaPublicKey, SodotError>
Derives a public key from an extended public key (Xpub) using a BIP-32 derivation path.
Derive child public keys from an extended public key without needing access to the original secret share. Useful for watch-only wallets and key management systems.
Sourcepub fn derive_private_key_from_xpriv(
&self,
xpriv: &EcdsaExtendedPrivateKey,
derivation_path: &[u32],
) -> Result<[u8; 32], SodotError>
pub fn derive_private_key_from_xpriv( &self, xpriv: &EcdsaExtendedPrivateKey, derivation_path: &[u32], ) -> Result<[u8; 32], SodotError>
Derives a private key from an extended private key (xpriv) using a BIP-32 derivation path.
Derives child private keys from an extended private key following the BIP-32 hierarchical deterministic key derivation standard.
Sourcepub async fn refresh(
&self,
room_uuid: &RoomUUID,
secret_share: &EcdsaSecretShare,
) -> Result<(EcdsaPublicKey, EcdsaSecretShare), SodotError>
pub async fn refresh( &self, room_uuid: &RoomUUID, secret_share: &EcdsaSecretShare, ) -> Result<(EcdsaPublicKey, EcdsaSecretShare), SodotError>
Refreshes the secret material of all parties without changing the public key.
Generates fresh randomness for the secret shares while maintaining the same public key, improving security against long-term attacks. All parties must participate.
Important: Delete the input secret_share only after confirming all parties
have successfully stored their new secret shares.
Receives a key share for a new party in a reshared quorum.
Warning: Key resharing is an advanced feature. Consult with the Sodot team before using it, as incorrect usage might compromise private key security.
Allows a new party to join an existing threshold scheme by participating in a reshare protocol with existing parties.
Receives a new key share for a remaining party in a reshared quorum.
Warning: Key resharing is an advanced feature. Consult with the Sodot team before using it, as incorrect usage might compromise private key security.
Allows an existing party to participate in a reshare protocol to create a new threshold scheme configuration.
Sourcepub fn export_id(
&self,
secret_share: &EcdsaSecretShare,
) -> Result<KeygenId, SodotError>
pub fn export_id( &self, secret_share: &EcdsaSecretShare, ) -> Result<KeygenId, SodotError>
Extracts the KeygenID from a secret share.
Useful for reshare operations and private key export/import operations to identify parties in the threshold scheme.
Sourcepub async fn export_full_private_key(
&self,
room_uuid: &RoomUUID,
secret_share: &EcdsaSecretShare,
export_to: &KeygenId,
) -> Result<Option<EcdsaExtendedPrivateKey>, SodotError>
pub async fn export_full_private_key( &self, room_uuid: &RoomUUID, secret_share: &EcdsaSecretShare, export_to: &KeygenId, ) -> Result<Option<EcdsaExtendedPrivateKey>, SodotError>
Combines multiple secret shares to export the full private key to a designated party.
Requires at least a threshold number of parties to participate. The full private key
will only be revealed to the party specified by export_to. Returns Some(String)
with the full private key (xpriv) if the current party is the designated receiver,
None otherwise.
Sourcepub fn offline_export_full_private_key(
&self,
secret_shares: &[EcdsaSecretShare],
) -> Result<EcdsaExtendedPrivateKey, SodotError>
pub fn offline_export_full_private_key( &self, secret_shares: &[EcdsaSecretShare], ) -> Result<EcdsaExtendedPrivateKey, SodotError>
Locally reconstructs the full private key from a threshold number of secret shares.
Designed for offline recovery scenarios where secret shares are collected manually. Does not require network communication and can be used to recover the private key when threshold signing is not possible.
Sourcepub async fn import_private_key_recipient(
&self,
room_uuid: &RoomUUID,
threshold: NonZeroU16,
keygen_init_keypair: &KeygenPrivateKey,
keygen_ids: &[KeygenId],
) -> Result<(EcdsaPublicKey, EcdsaSecretShare), SodotError>
pub async fn import_private_key_recipient( &self, room_uuid: &RoomUUID, threshold: NonZeroU16, keygen_init_keypair: &KeygenPrivateKey, keygen_ids: &[KeygenId], ) -> Result<(EcdsaPublicKey, EcdsaSecretShare), SodotError>
Participates as a recipient in a private key import operation.
Warning: Private key import is an advanced feature. Consult with the Sodot team before using it, as incorrect usage might compromise security.
Allows a party to participate as a recipient in importing an external private key into a threshold scheme. The private key holder will distribute shares of their key to all recipients.
Sourcepub async fn import_private_key_importer(
&self,
room_uuid: &RoomUUID,
threshold: NonZeroU16,
private_key: &[u8; 32],
keygen_init_keypair: &KeygenPrivateKey,
keygen_ids: &[KeygenId],
) -> Result<(EcdsaPublicKey, EcdsaSecretShare), SodotError>
pub async fn import_private_key_importer( &self, room_uuid: &RoomUUID, threshold: NonZeroU16, private_key: &[u8; 32], keygen_init_keypair: &KeygenPrivateKey, keygen_ids: &[KeygenId], ) -> Result<(EcdsaPublicKey, EcdsaSecretShare), SodotError>
Participates as the importing party in a private key import operation.
Warning: Private key import is an advanced feature. Consult with the Sodot team before using it, as incorrect usage might compromise security.
Allows a party that holds a private key to import it into a threshold scheme by distributing shares to other parties. The private key will be split among all participants.