This is a tool for working with BLS keys as used in most aspects of SAFE network operations (wallet, vaults, accounts etc).
Use the tool here
or download it for offline use here
https://github.com/iancoleman/threshold_crypto_ui/releases/ (download bls-standalone.html)
My main reason for doing it (besides learning wasm and bls) was because the output from safe-api commands did not seem to be compatible with any existing BLS tools, despite being based on a standard BLS pairing BLS12-381. The main one I was interested in was the herumi tool, make sure to select BLS12_381 pairing parameter, you’ll notice the key lengths are different to what is given by safe-api and this tool.
Some quirks that are kinda neat
The tool is pretty compact. It’s about 300K, 100K when compressed. Compared to, say, the BIP39 tool which is 4MB that’s really impressive. The wasm binary is 194K when compiled and after conversion to base64 for use in the tool grows to around 279K.
wasm is usually loaded as a module (ie from a server), so getting this working in a single static html page was a pretty neat trick. Single static html page is useful because you can save it to a thumb drive and run it on an offline computer.
Compiling threshold_crypto to wasm was extremely simple. The main hurdle I came across was the random number generator which needed to be replaced with a ‘static’ one that doesn’t try to access the operating system rng. Working with wasm is a little tricky because it can’t easily return arrays or strings or any complex responses, it can only return a single number at a time. So some tricks with iteratively getting and setting bytes within fixed arrays was needed, but in the end is not too much hassle.
Some things I’m still a little uncertain about, any help would be great
What is the effect of using a very basic random number generator for
encrypt? Since wasm can’t work with the random number generator supplied by the operating system (which rng_core uses by default), the process used by the tool is
- use this generated u64 to seed a very basic rust random number generator
- use that basic random number generator when encrypting, ie PublicKey::encrypt_with_rng.
@AndreasF I’m hoping you’re still around in the forum, I saw you’re a large contributor to the threshold_crypto library and was hoping you might have some insight into the specific rng system I’ve used and whether it’s ok to use it for
encrypt? It looks to me like it’s only used to determine
threshold_crypto::SecretKey? Sometimes this deserialization process fails so I keep retrying a new set of random bytes until it works (usually no more than 3 retries needed, the most retries I’ve seen is 11). Is there any risks or faults with this approach to generating secret keys?
If you want to test, here’s a few things to start you off
My public key:
I signed a message which you can verify:
Message: Thanks for trying it out! Signature: 978f7e9e13149af448acc1afc1ac538c7474f50225a9b8c2715712f2703a93a3b172650cbc311880e873aa754aa5e7650218c427c67990298bd3aba80c4d5d1708768d3aaebaf992b7b20b0634b3d0ea62e317266828544e0766fee9411b0c4d
If you want you can post your public key here and I’ll send you an encrypted message for a laugh. Keep in mind this is a very alpha release, still some features to be finished, automated tests to be written, this is a release-early-release-often kinda tool.
You can also use the safe-api command
safe auth create-acc to generate keys that will work with this tool.