Version 3 for kyber, onet and cothority

Feb 21, 2019  

The DEDIS group is happy to announce new versions of kyber, onet and cothority. This new major release will be used by our students as a stable base to build new projects on for the next two semesters, and gives our industrial partners a predictable version train to build on as well. Below we outline the main changes in v3.

Go modules and semantic versioning

Go 1.11 introduced the modules feature. It lets us clearly define dependencies and create reproducible builds, which is important in building secure distributed systems. All of our main repositories (cothority, onet, kyber, protobuf and fixbuf) use the new modules systems in v3. To convert from v2 to v3, you need to enable the modules feature, e.g., go mod init and then change the import paths from to in the case of cothority and similarly for kyber and onet. Please see the modules documentation for more details.

Together with the modules system, we will start using semantic versioning, which is a way to systematically assign version numbers to releases. It helps our users analyse the compatibility risks of upgrading to newer versions. According to semantic versioning, there will be no API incompatible changes until the next major version, which we do not expect to release until January 2020.

Changes to services

Version 3 changed a lot of the services and added many new ones. The most important service is ByzCoin - our distributed ledger implementation. It acts as a building block for many decentralized applications.

New services

  • ByzCoin is an implementation of the paper “Enhancing Bitcoin Security and Performance with Strong Consistency via Collective Signing”. It is a permissioned blockchain system with smart-contract support. It uses the DARC (Decentralized Access Right Control) data structure to manage authentication and authorization. The smart-contract support enables users to build decentralized applications, some useful applications are described below.
  • Authentication Proxy is a service that acts as a glue between DARCs and traditional authentication services like OpenID. Consider the situation where we have to work with existing authentication systems but we still want the benefits of DARCs and ByzCoin. The Authentication Proxy (authprox) can generate a cryptographic proof in a decentralized manner that the user is authorized by the traditional authentication service which he/she can use to interact with ByzCoin.
  • Calypso is an implementation of a system that performs auditable sharing of private data over blockchains described in this paper.
  • The E-Voting service is a decentralized electronic voting system. Ballots are recorded on our blockchain and the counting happens only after they are anonymized using verifiable shuffles. Anonymity and correctness is guaranteed as long as the majority of the entities running the service are honest. Our previous blog post describes the system in more detail.
  • EventLog is a logging service with enhanced security and auditability. Logged events are tamper-proof and their existence are undeniable.

Deprecated services

All the Schnorr-based collective signing protocols (cosi, ftcosi and bftcosi) are deprecated by the BLS-based ones (blscosi and byzcoinx) due to a recently discovered security vulnerability in two-round Schnorr-based multi-signature schemes. BLS-based protocols only need one round trip to create an aggregate signature, which is not affected by the vulnerability above and has a better performance.

Pairing-based cryptography

The biggest change in kyber, our advanced crypto library, is the support of pairing-based cryptography. We support the BN256 curve and BLS signatures. The implementation is in Go, Java and JavaScript/TypeScript.

Java and JavaScript/TypeScript client API

While our services and protocols are implemented in Go, we also support client side libraries in Go, Java and JavaScript/TypeScript.

The Java library is published on maven, it contains both the client API and the crypto primitives. The JavaScript libraries are published on NPM. You can find the client API here and the crypto library here.