This is a tool for working with BLS keys as used in most aspects of SAFE network operations (wallet, vaults, accounts etc).
Use the tool here
https://iancoleman.io/threshold_crypto_ui/
or download it for offline use here
https://github.com/iancoleman/threshold_crypto_ui/releases/ (download bls-standalone.html)
My main reason for doing it (besides learning wasm and bls) was because the output from safe-api commands did not seem to be compatible with any existing BLS tools, despite being based on a standard BLS pairing BLS12-381. The main one I was interested in was the herumi tool, make sure to select BLS12_381 pairing parameter, youāll notice the key lengths are different to what is given by safe-api and this tool.
Some quirks that are kinda neat
-
The tool is pretty compact. Itās about 300K, 100K when compressed. Compared to, say, the BIP39 tool which is 4MB thatās really impressive. The wasm binary is 194K when compiled and after conversion to base64 for use in the tool grows to around 279K.
-
wasm is usually loaded as a module (ie from a server), so getting this working in a single static html page was a pretty neat trick. Single static html page is useful because you can save it to a thumb drive and run it on an offline computer.
-
Compiling threshold_crypto to wasm was extremely simple. The main hurdle I came across was the random number generator which needed to be replaced with a āstaticā one that doesnāt try to access the operating system rng. Working with wasm is a little tricky because it canāt easily return arrays or strings or any complex responses, it can only return a single number at a time. So some tricks with iteratively getting and setting bytes within fixed arrays was needed, but in the end is not too much hassle.
-
There are no javascript libraries used in the tool, or css frameworks. Itās nice to just write clean native javascript and have a few simple css declarations. Rust dependencies are as close to just threshold_crypto as possible, I didnāt bring any convenience helpers for wasm-to-javascript.
Some things Iām still a little uncertain about, any help would be great
-
What is the effect of using a very basic random number generator for
encrypt
? Since wasm canāt work with the random number generator supplied by the operating system (which rng_core uses by default), the process used by the tool is- generate secure random u64 in javascript (ie a length 2 uint32array in javascript populated by Crypto.getRandomValues)
- use this generated u64 to seed a very basic rust random number generator
- use that basic random number generator when encrypting, ie PublicKey::encrypt_with_rng.
-
@AndreasF Iām hoping youāre still around in the forum, I saw youāre a large contributor to the threshold_crypto library and was hoping you might have some insight into the specific rng system Iāve used and whether itās ok to use it for
encrypt
? It looks to me like itās only used to determineu
so that single u64 from javascript is ok in this instance?
-
Is it valid to generate secure random bytes for the secret key in javascript, then try to deserialize them into a
threshold_crypto::SecretKey
? Sometimes this deserialization process fails so I keep retrying a new set of random bytes until it works (usually no more than 3 retries needed, the most retries Iāve seen is 11). Is there any risks or faults with this approach to generating secret keys?
If you want to test, hereās a few things to start you off
My public key:
ae7bde4839fa905b7d8125fd84cfdcd0c32cd74e1be3fa24263d71b520fc78113326ce0a90b95d73f19e6d8150a2f73b
I signed a message which you can verify:
Message:
Thanks for trying it out!
Signature:
978f7e9e13149af448acc1afc1ac538c7474f50225a9b8c2715712f2703a93a3b172650cbc311880e873aa754aa5e7650218c427c67990298bd3aba80c4d5d1708768d3aaebaf992b7b20b0634b3d0ea62e317266828544e0766fee9411b0c4d
If you want you can post your public key here and Iāll send you an encrypted message for a laugh. Keep in mind this is a very alpha release, still some features to be finished, automated tests to be written, this is a release-early-release-often kinda tool.
You can also use the safe-api command safe auth create-acc
to generate keys that will work with this tool.