Skip to content

bnb-chain/tss

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

54 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

tss

Cli and transportation wrapper of tss-lib

User guide

Play in localhost

Please note, "--password" option should only be used in testing. Without this option, the cli would ask interactive input and confirm

  1. build tss executable binary
git clone https://github.com/binance-chain/tss
cd tss
go build
  1. init 3 parties
./tss init --home ~/.test1 --vault_name "default" --moniker "test1" --password "123456789"
./tss init --home ~/.test2 --vault_name "default" --moniker "test2" --password "123456789"
./tss init --home ~/.test3 --vault_name "default" --moniker "test3" --password "123456789"
  1. generate channel id replace value of "--channel_id" for following commands with generated one
./tss channel --channel_expire 30
  1. keygen
./tss keygen --home ~/.test1 --vault_name "default" --parties 3 --threshold 1 --password "123456789" --channel_password "123456789" --channel_id "802671B1B19"
./tss keygen --home ~/.test2 --vault_name "default" --parties 3 --threshold 1 --password "123456789" --channel_password "123456789" --channel_id "802671B1B19"
./tss keygen --home ~/.test3 --vault_name "default" --parties 3 --threshold 1 --password "123456789" --channel_password "123456789" --channel_id "802671B1B19"
  1. sign
./tss sign --home ~/.test1 --vault_name "default" --password "123456789" --channel_password "123456789" --channel_id "802671B1B19"
./tss sign --home ~/.test2 --vault_name "default" --password "123456789" --channel_password "123456789" --channel_id "802671B1B19"
  1. regroup - replace existing 3 parties with 3 brand new parties
# start 2 old parties (answer Y for isOld and IsNew interactive questions)
./tss regroup --home ~/.test1 --vault_name "default" --password "123456789" --new_parties 3 --new_threshold 1 --channel_password "123456789" --channel_id "802671B1B19"
./tss regroup --home ~/.test2 --vault_name "default" --password "123456789" --new_parties 3 --new_threshold 1 --channel_password "123456789" --channel_id "802671B1B19"
# start the new parties (answer n for isIold and Y for IsNew interactive questions)
./tss regroup --home ~/.test3 --vault_name "default" --password "123456789" --new_parties 3 --new_threshold 1 --channel_password "123456789" --channel_id "802671B1B19"

TSS-1049 Upgrade

After TSS-1049 change, reshare now can work under environment with no SSDP support like a native AWS VPC:

Init:
A:
./tss init --vault_name rg55101 --moniker rg55101 --password 123456789 --p2p.listen "/ip4/127.0.0.1/tcp/55101"
B:
./tss init --vault_name rg55102 --moniker rg55102 --password 123456789 --p2p.listen "/ip4/127.0.0.1/tcp/55102"
C:
./tss init --vault_name rg55103 --moniker rg55103 --password 123456789 --p2p.listen "/ip4/127.0.0.1/tcp/55103"

Keygen by ABC (parties 3, threshold 1)
A:
./tss keygen --vault_name rg55101 --parties 3 --threshold 1 --password 123456789 --channel_password 123456789 --channel_id 20963C1108C --p2p.peer_addrs "/ip4/127.0.0.1/tcp/55102","/ip4/127.0.0.1/tcp/55103" --log_level debug 2>&1 | tee keygen_a.log
B:
./tss keygen --vault_name rg55102 --parties 3 --threshold 1 --password 123456789 --channel_password 123456789 --channel_id 20963C1108C --p2p.peer_addrs "/ip4/127.0.0.1/tcp/55101","/ip4/127.0.0.1/tcp/55103" --log_level debug 2>&1 | tee keygen_b.log
C:
./tss keygen --vault_name rg55103 --parties 3 --threshold 1 --password 123456789 --channel_password 123456789 --channel_id 20963C1108C --p2p.peer_addrs "/ip4/127.0.0.1/tcp/55101","/ip4/127.0.0.1/tcp/55102" --log_level debug 2>&1 | tee keygen_c.log
D:
N/A
Regroup
A
./tss regroup --is_old true --is_new_member true --vault_name rg55101 --password 123456789 --parties 3 --threshold 1 --new_parties 3 --new_threshold 1 --channel_password 123456789 --channel_id 20963C1108C --p2p.new_listen "/ip4/127.0.0.1/tcp/43899" --p2p.new_peer_addrs "/ip4/127.0.0.1/tcp/55101","/ip4/127.0.0.1/tcp/55102","/ip4/127.0.0.1/tcp/40855","/ip4/127.0.0.1/tcp/55104" 2>&1 | tee regroup_a.log
B
./tss regroup --is_old true --is_new_member true --vault_name rg55102 --password 123456789 --parties 3 --threshold 1 --new_parties 3 --new_threshold 1 --channel_password 123456789 --channel_id 20963C1108C --p2p.new_listen "/ip4/127.0.0.1/tcp/40855" --p2p.new_peer_addrs "/ip4/127.0.0.1/tcp/55101","/ip4/127.0.0.1/tcp/55102","/ip4/127.0.0.1/tcp/43899","/ip4/127.0.0.1/tcp/55104" 2>&1 | tee regroup_b.log
D
./tss init --vault_name rg55103 --moniker rg55104 --password 123456789 --p2p.listen "/ip4/127.0.0.1/tcp/55104"
./tss regroup --is_old false --is_new_member true --vault_name rg55103 --password 123456789 --parties 3 --threshold 1 --new_parties 3 --new_threshold 1 --channel_password 123456789 --channel_id 20963C1108C --p2p.new_peer_addrs "/ip4/127.0.0.1/tcp/55101","/ip4/127.0.0.1/tcp/55102","/ip4/127.0.0.1/tcp/43899","/ip4/127.0.0.1/tcp/40855" 2>&1 | tee regroup_d.log

Note for running on macos catalina (To be enhanced)

xattr -d com.apple.quarantine ./tss
xattr -d com.apple.quarantine ./tbnbcli
xattr -d com.apple.quarantine ./bnbcli

Network roles and connection topological

Supported NAT Types

Referred to libp2p/go-libp2p#375 (comment) We also have three nat-traversal solutions at the moment.

  1. UPnP/NATPortMap

    When NAT traversal is enabled (in go-libp2p, pass the NATPortMap() option to the libp2p constructor), libp2p will use UPnP and NATPortMap to ask the NAT's router to open and forward a port for libp2p. If your router supports either UPnP or NATPortMap, this is by far the best option.

  2. STUN/hole-punching

    LibP2P has it's own version of the "STUN" protocol using peer-routing, external address discovery, and reuseport.

  3. TURN-like protocol (relay)

    Finally, we have a TURN like protocol called p2p-circuit. This protocol allows libp2p nodes to "proxy" through other p2p nodes. All party clients registered to mainnet would automatically announce they support p2p-circuit (relay) for tss implementation.

In WAN setting

Full cone (Address)-restricted-cone Port-restricted cone Symmetric NAT
Bootstrap (tracking) server
Relay server
Client ✓ (relay server needed)

In LAN setting

Nodes can connected to each other directly without setting bootstrap and relay server.
We have 3 layers of bootstrapping session to help nodes connect with each other within a LAN

  1. ssdp - started before 2 (raw tcp bootstrapping), node advertise their listen addr and moniker and record others. This is not encrypted.
  2. raw tcp bootstrapping - node connect with each other via raw tcp to communicate their libp2pid, moniker, listen address. This is encrypted with channel id and channel password.
  3. libp2p - node share signers/whether it is new party in regroup via formal libp2p Note: keygen and regroup would relies on 1,2,3. But sign only relies on 3, which means the sign can achieved in WAN (with bootstrap server's help)