- key generation for secretsharing

- gnunet-ecc -E also prints hex

8 files changed, 383 insertions, 37 deletions

diff --git a/src/include/gnunet_protocols.h b/src/include/gnunet_protocols.h
index 8fc1cd6e6..ea150c52f 100644
--- a/src/include/gnunet_protocols.h
+++ b/src/include/gnunet_protocols.h
@@ -2289,7 +2289,7 @@ extern "C"
  * The cryptosystem has been established.
  * Contains the peer's share.
  */
-#define GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_ESTABLISHED 783
+#define GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_SECRET_READY 783
 
 
 
diff --git a/src/include/gnunet_secretsharing_service.h b/src/include/gnunet_secretsharing_service.h
index 7752bb2d2..4479f0d80 100644
--- a/src/include/gnunet_secretsharing_service.h
+++ b/src/include/gnunet_secretsharing_service.h
@@ -119,7 +119,7 @@ struct GNUNET_SECRETSHARING_Message
  */
 typedef void (*GNUNET_SECRETSHARING_SecretReadyCallback) (void *cls,
                                                           const struct GNUNET_SECRETSHARING_Share *my_share,
-                                                          const struct GNUNET_SECRETSHARING_PublicKey public_key,
+                                                          const struct GNUNET_SECRETSHARING_PublicKey *public_key,
                                                           unsigned int num_ready_peers,
                                                           const struct GNUNET_PeerIdentity *ready_peers);
 
@@ -157,7 +157,7 @@ GNUNET_SECRETSHARING_create_session (const struct GNUNET_CONFIGURATION_Handle *c
                                      const struct GNUNET_HashCode *session_id,
                                      struct GNUNET_TIME_Absolute deadline,
                                      unsigned int threshold,
-                                     GNUNET_SECRETSHARING_SecretReadyCallback *cb,
+                                     GNUNET_SECRETSHARING_SecretReadyCallback cb,
                                      void *cls);
 
 
diff --git a/src/secretsharing/Makefile.am b/src/secretsharing/Makefile.am
index 96af95a44..a94bf293c 100644
--- a/src/secretsharing/Makefile.am
+++ b/src/secretsharing/Makefile.am
@@ -15,12 +15,27 @@ if USE_COVERAGE
   AM_CFLAGS = -fprofile-arcs -ftest-coverage
 endif
 
+
+bin_PROGRAMS = \
+ gnunet-secretsharing-profiler
+
 libexec_PROGRAMS = \
  gnunet-service-secretsharing
 
 lib_LTLIBRARIES = \
   libgnunetsecretsharing.la
 
+
+gnunet_secretsharing_profiler_SOURCES = \
+ gnunet-secretsharing-profiler.c
+gnunet_secretsharing_profiler_LDADD = \
+  $(top_builddir)/src/util/libgnunetutil.la \
+  $(top_builddir)/src/secretsharing/libgnunetsecretsharing.la \
+  $(top_builddir)/src/testbed/libgnunettestbed.la \
+  $(GN_LIBINTL)
+gnunet_secretsharing_profiler_DEPENDENCIES = \
+  libgnunetsecretsharing.la
+
 gnunet_service_secretsharing_SOURCES = \
  gnunet-service-secretsharing.c
 gnunet_service_secretsharing_LDADD = \
diff --git a/src/secretsharing/gnunet-service-secretsharing.c b/src/secretsharing/gnunet-service-secretsharing.c
index 4020a554a..6ca0d85f9 100644
--- a/src/secretsharing/gnunet-service-secretsharing.c
+++ b/src/secretsharing/gnunet-service-secretsharing.c
@@ -32,7 +32,6 @@
 #include <gcrypt.h>
 
 
-
 /**
  * Info about a peer in a key generation session.
  */
@@ -51,7 +50,7 @@ struct KeygenPeerInfo
   /**
    * mu-component of the peer's paillier public key.
    */
-  gcry_mpi_t paillier_mu;
+  gcry_mpi_t paillier_n;
 
   /**
    * The peer's commitment to his presecret.
@@ -59,6 +58,17 @@ struct KeygenPeerInfo
   gcry_mpi_t presecret_commitment;
 
   /**
+   * The peer's preshare that we could decrypt
+   * with out private key.
+   */
+  gcry_mpi_t decrypted_preshare;
+
+  /**
+   * Multiplicative share of the public key.
+   */
+  gcry_mpi_t public_key_share;
+
+  /**
    * GNUNET_YES if the peer has been disqualified,
    * GNUNET_NO otherwise.
    */
@@ -93,6 +103,11 @@ struct KeygenSession
   struct GNUNET_SERVER_Client *client;
 
   /**
+   * Message queue for 'client'
+   */
+  struct GNUNET_MQ_Handle *client_mq;
+
+  /**
    * Randomly generated coefficients of the polynomial for sharing our
    * pre-secret, where 'preshares[0]' is our pre-secret.  Contains 'threshold'
    * elements, thus represents a polynomial of degree 'threshold-1', which can
@@ -136,7 +151,7 @@ struct KeygenSession
   /**
    * g-component of our peer's paillier private key.
    */
-  gcry_mpi_t paillier_g;
+  gcry_mpi_t paillier_lambda;
 
   /**
    * g-component of our peer's paillier private key.
@@ -166,12 +181,12 @@ struct DecryptSession
 /**
  * Decrypt sessions are held in a linked list.
  */
-static struct DecryptSession *decrypt_sessions_head;
+//static struct DecryptSession *decrypt_sessions_head;
 
 /**
  * Decrypt sessions are held in a linked list.
  */
-static struct DecryptSession *decrypt_sessions_tail;
+//static struct DecryptSession *decrypt_sessions_tail;
 
 /**
  * Decrypt sessions are held in a linked list.
@@ -298,9 +313,14 @@ normalize_peers (struct GNUNET_PeerIdentity *listed,
  *
  * Uses the simplified key generation of Jonathan Katz, Yehuda Lindell,
  * "Introduction to Modern Cryptography: Principles and Protocols".
+ *
+ * @param g g-component of public key
+ * @param n n-component of public key
+ * @param lambda lambda-component of private key
+ * @param mu mu-componenent of private key
  */
 static void
-paillier_create (unsigned int s, gcry_mpi_t n, gcry_mpi_t g, gcry_mpi_t lambda, gcry_mpi_t mu)
+paillier_create (gcry_mpi_t g, gcry_mpi_t n, gcry_mpi_t lambda, gcry_mpi_t mu)
 {
   gcry_mpi_t p;
   gcry_mpi_t q;
@@ -311,9 +331,9 @@ paillier_create (unsigned int s, gcry_mpi_t n, gcry_mpi_t g, gcry_mpi_t lambda,
   GNUNET_assert (0 != (tmp = gcry_mpi_new (PAILLIER_BITS)));
 
   // generate rsa modulus
-  GNUNET_assert (0 == gcry_prime_generate (&p, s, 0, NULL, NULL, NULL,
+  GNUNET_assert (0 == gcry_prime_generate (&p, PAILLIER_BITS / 2, 0, NULL, NULL, NULL,
                                            GCRY_WEAK_RANDOM, 0));
-  GNUNET_assert (0 == gcry_prime_generate (&q, s, 0, NULL, NULL, NULL,
+  GNUNET_assert (0 == gcry_prime_generate (&q, PAILLIER_BITS / 2, 0, NULL, NULL, NULL,
                                            GCRY_WEAK_RANDOM, 0));
   gcry_mpi_mul (n, p, q);
   gcry_mpi_add_ui (g, n, 1);
@@ -332,6 +352,14 @@ paillier_create (unsigned int s, gcry_mpi_t n, gcry_mpi_t g, gcry_mpi_t lambda,
 }
 
 
+/**
+ * Encrypt a value using Paillier's scheme.
+ *
+ * @param c resulting ciphertext
+ * @param m plaintext to encrypt
+ * @param g g-component of public key
+ * @param n n-component of public key
+ */
 static void
 paillier_encrypt (gcry_mpi_t c, gcry_mpi_t m, gcry_mpi_t g, gcry_mpi_t n)
 {
@@ -359,6 +387,14 @@ paillier_encrypt (gcry_mpi_t c, gcry_mpi_t m, gcry_mpi_t g, gcry_mpi_t n)
 }
 
 
+/**
+ * Decrypt a ciphertext using Paillier's scheme.
+ *
+ * @param m[out] resulting plaintext
+ * @param c ciphertext to decrypt
+ * @param lambda lambda-component of private key
+ * @param mu mu-component of private key
+ */
 static void
 paillier_decrypt (gcry_mpi_t m, gcry_mpi_t c, gcry_mpi_t mu, gcry_mpi_t lambda, gcry_mpi_t n)
 {
@@ -422,13 +458,18 @@ keygen_round1_new_element (void *cls,
   {
     if (0 == memcmp (&d->peer, &ks->info[i].peer, sizeof (struct GNUNET_PeerIdentity)))
     {
-      // TODO: check signature and store key data
+      // TODO: check signature
+      GNUNET_assert (0 == gcry_mpi_scan (&ks->info[i].paillier_g, GCRYMPI_FMT_USG,
+                                         &d->pubkey.g, sizeof d->pubkey.g, NULL));
+      GNUNET_assert (0 == gcry_mpi_scan (&ks->info[i].paillier_n, GCRYMPI_FMT_USG,
+                                         &d->pubkey.n, sizeof d->pubkey.n, NULL));
+      GNUNET_assert (0 == gcry_mpi_scan (&ks->info[i].presecret_commitment, GCRYMPI_FMT_USG,
+                                         &d->commitment, sizeof d->commitment, NULL));
       return;
     }
   }
 
   GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "keygen commit data with wrong peer identity in consensus\n");
-
 }
 
 
@@ -460,39 +501,116 @@ horner_eval (gcry_mpi_t z, gcry_mpi_t *coeff, unsigned int num_coeff, gcry_mpi_t
 static void
 keygen_round2_conclude (void *cls)
 {
-  // TODO: recombine shares and send to client
-  GNUNET_assert (0);
+  struct KeygenSession *ks = cls;
+  struct GNUNET_SECRETSHARING_SecretReadyMessage *m;
+  struct GNUNET_MQ_Envelope *ev;
+  unsigned int i;
+  gcry_mpi_t s;
+  gcry_mpi_t h;
+  struct GNUNET_PeerIdentity *pid;
+
+  GNUNET_assert (0 != (s = gcry_mpi_new (PAILLIER_BITS)));
+  GNUNET_assert (0 != (h = gcry_mpi_new (PAILLIER_BITS)));
+
+  // multiplicative identity
+  gcry_mpi_set_ui (s, 1);
+
+  pid = (void *) &m[1];
+
+  for (i = 0; i < ks->num_peers; i++)
+  {
+    if (GNUNET_NO == ks->info[i].disqualified)
+    {
+      gcry_mpi_addm (s, s, ks->info[i].decrypted_preshare, elgamal_p);
+      gcry_mpi_mulm (h, h, ks->info[i].public_key_share, elgamal_p);
+      m->num_secret_peers++;
+      *pid = ks->info[i].peer;
+      pid++;
+    }
+  }
+
+  ev = GNUNET_MQ_msg (m, GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_SECRET_READY);
+
+  gcry_mpi_print (GCRYMPI_FMT_USG, (void *) &m->secret, PAILLIER_BITS / 8, NULL, s);
+  gcry_mpi_print (GCRYMPI_FMT_USG, (void *) &m->public_key, PAILLIER_BITS / 8, NULL, s);
+
+  GNUNET_MQ_send (ks->client_mq, ev);
 }
 
 
+/**
+ * Insert round 2 element in the consensus, consisting of
+ * (1) The exponentiated pre-share polynomial coefficients A_{i,l}=g^{a_{i,l}}
+ * (2) The exponentiated pre-shares y_{i,j}=g^{s_{i,j}}
+ * (3) The encrypted pre-shares Y_{i,j}
+ * (4) The zero knowledge proof for correctness of
+ *    the encryption
+ *
+ * @param ks session to use
+ */
 static void
 insert_round2_element (struct KeygenSession *ks)
 {
   struct GNUNET_SET_Element *element;
+  struct GNUNET_SECRETSHARING_KeygenRevealData *msg;
+  unsigned char *pos;
+  unsigned char *last_pos;
+  size_t element_size;
   unsigned int i;
-  uint16_t big_y_size;
   gcry_mpi_t c;
   gcry_mpi_t idx;
-  gcry_mpi_t preshare;
+  gcry_mpi_t v;
 
   GNUNET_assert (0 != (c = gcry_mpi_new (PAILLIER_BITS)));
-  GNUNET_assert (0 != (preshare = gcry_mpi_new (PAILLIER_BITS)));
+  GNUNET_assert (0 != (v = gcry_mpi_new (PAILLIER_BITS)));
   GNUNET_assert (0 != (idx = gcry_mpi_new (PAILLIER_BITS)));
 
-  big_y_size = PAILLIER_BITS / 8 * ks->num_peers;
+  element_size = (sizeof (struct GNUNET_SECRETSHARING_KeygenRevealData) +
+                  2 * PAILLIER_BITS / 8 * ks->num_peers + 
+                  1 * PAILLIER_BITS / 8 * ks->threshold);
+
+  element = GNUNET_malloc (sizeof (struct GNUNET_SET_Element) + element_size);
 
-  element = GNUNET_malloc (sizeof (struct GNUNET_SET_Element) + big_y_size);
+  msg = (void *) element->data;
+  pos = (void *) &msg[1];
+  last_pos = pos + element_size;
 
+  // exponentiated pre-shares
+  for (i = 0; i <= ks->threshold; i++)
+  {
+    ptrdiff_t remaining = last_pos - pos;
+    GNUNET_assert (remaining > 0);
+    gcry_mpi_set_ui (idx, i);
+    // evaluate the polynomial
+    horner_eval (v, ks->presecret_polynomial, ks->threshold, idx, elgamal_p);
+    // take g to the result
+    gcry_mpi_powm (v, elgamal_g, v, elgamal_p);
+    gcry_mpi_print (GCRYMPI_FMT_USG, pos, (size_t) remaining, NULL, v);
+    pos += PAILLIER_BITS / 8;
+  }
+
+  // exponentiated coefficients
   for (i = 0; i < ks->num_peers; i++)
   {
-    gcry_mpi_set_ui (idx, i + 1);
-    horner_eval (preshare, ks->presecret_polynomial, ks->threshold, idx, elgamal_p);
-    // concat 'A', 'y' and 'Y' to the vector
+    ptrdiff_t remaining = last_pos - pos;
+    GNUNET_assert (remaining > 0);
+    gcry_mpi_powm (v, elgamal_g, ks->presecret_polynomial[0], elgamal_p);
+    gcry_mpi_print (GCRYMPI_FMT_USG, pos, (size_t) remaining, NULL, v);
+    pos += PAILLIER_BITS / 8;
   }
 
+  // encrypted pre-shares
   for (i = 0; i < ks->threshold; i++)
   {
-    // concat 'a' to the vector
+    ptrdiff_t remaining = last_pos - pos;
+    GNUNET_assert (remaining > 0);
+    if (GNUNET_YES == ks->info[i].disqualified)
+      gcry_mpi_set_ui (v, 0);
+    else
+      paillier_encrypt (v, ks->presecret_polynomial[0],
+                        ks->info[i].paillier_g, ks->info[i].paillier_g);
+    gcry_mpi_print (GCRYMPI_FMT_USG, pos, (size_t) remaining, NULL, v);
+    pos += PAILLIER_BITS / 8;
   }
 
   GNUNET_CONSENSUS_insert (ks->consensus, element, NULL, NULL);
@@ -500,15 +618,75 @@ insert_round2_element (struct KeygenSession *ks)
 }
 
 
+static struct KeygenPeerInfo *
+get_keygen_peer_info (const struct KeygenSession *ks,
+               struct GNUNET_PeerIdentity *peer)
+{
+  unsigned int i;
+  for (i = 0; i < ks->num_peers; i++)
+    if (0 == memcmp (peer, &ks->info[i].peer, sizeof (struct GNUNET_PeerIdentity)))
+      return &ks->info[i];
+  return NULL;
+}
+
+
+static void
+keygen_round2_new_element (void *cls,
+                           const struct GNUNET_SET_Element *element)
+{
+  struct KeygenSession *ks = cls;
+  struct GNUNET_SECRETSHARING_KeygenRevealData *msg;
+  struct KeygenPeerInfo *info;
+  unsigned char *pos;
+  unsigned char *last_pos;
+  gcry_mpi_t c;
+
+  msg = (void *) element->data;
+  pos = (void *) &msg[1];
+  // skip exp. pre-shares
+  pos += PAILLIER_BITS / 8 * ks->num_peers;
+  // skip exp. coefficients
+  pos += PAILLIER_BITS / 8 * ks->threshold;
+  // skip to the value for our peer
+  pos += PAILLIER_BITS / 8 * ks->local_peer_idx;
+
+  last_pos = element->size + (unsigned char *) element->data;
+
+  if ((pos >= last_pos) || ((last_pos - pos) < (PAILLIER_BITS / 8)))
+  {
+    GNUNET_break_op (0);
+    return;
+  }
+
+  GNUNET_assert (0 == gcry_mpi_scan (&c, GCRYMPI_FMT_USG,
+                                     pos, PAILLIER_BITS / 8, NULL));
+
+  info = get_keygen_peer_info (ks, &msg->peer);
+
+  if (NULL == info)
+  {
+    GNUNET_break_op (0);
+    return;
+  }
+
+  paillier_decrypt (info->decrypted_preshare, c, ks->paillier_lambda, ks->paillier_mu,
+                    ks->info[ks->local_peer_idx].paillier_n);
+
+  // TODO: validate signature and proofs
+
+}
+
+
 static void
 keygen_round1_conclude (void *cls)
 {
   struct KeygenSession *ks = cls;
 
   // TODO: destroy old consensus
+  // TODO: mark peers without keys as disqualified
 
   ks->consensus = GNUNET_CONSENSUS_create (cfg, ks->num_peers, ks->peers, &ks->session_id,
-                                           keygen_round1_new_element, ks);
+                                           keygen_round2_new_element, ks);
 
   insert_round2_element (ks);
 
@@ -516,12 +694,20 @@ keygen_round1_conclude (void *cls)
 }
 
 
+/**
+ * Insert the ephemeral key and the presecret commitment
+ * of this peer in the consensus of the given session.
+ *
+ * @param ks session to use
+ */
 static void
 insert_round1_element (struct KeygenSession *ks)
 {
   struct GNUNET_SET_Element *element;
   struct GNUNET_SECRETSHARING_KeygenCommitData *d;
+  // g^a_{i,0}
   gcry_mpi_t v;
+  // big-endian representation of 'v'
   unsigned char v_data[PAILLIER_BITS / 8];
 
   element = GNUNET_malloc (sizeof *element + sizeof *d);
@@ -541,11 +727,11 @@ insert_round1_element (struct KeygenSession *ks)
 
   GNUNET_assert (0 == gcry_mpi_print (GCRYMPI_FMT_USG,
                                       (unsigned char *) d->pubkey.g, PAILLIER_BITS / 8, NULL,
-                                      ks->paillier_g));
+                                      ks->info[ks->local_peer_idx].paillier_g));
 
   GNUNET_assert (0 == gcry_mpi_print (GCRYMPI_FMT_USG,
-                                      (unsigned char *) d->pubkey.mu, PAILLIER_BITS / 8, NULL,
-                                      ks->paillier_mu));
+                                      (unsigned char *) d->pubkey.n, PAILLIER_BITS / 8, NULL,
+                                      ks->info[ks->local_peer_idx].paillier_n));
 
   // FIXME: sign stuff
 
@@ -572,6 +758,8 @@ static void handle_client_keygen (void *cls,
       (const struct GNUNET_SECRETSHARING_CreateMessage *) message;
   struct KeygenSession *ks;
 
+  GNUNET_log (GNUNET_ERROR_TYPE_INFO, "client requested key generation\n");
+
   ks = GNUNET_new (struct KeygenSession);
 
   GNUNET_CONTAINER_DLL_insert (keygen_sessions_head, keygen_sessions_tail, ks);
@@ -583,9 +771,17 @@ static void handle_client_keygen (void *cls,
   ks->peers = normalize_peers ((struct GNUNET_PeerIdentity *) &msg[1], ks->num_peers,
                                &ks->num_peers, &ks->local_peer_idx);
 
+  // TODO: initialize MPIs in peer structure
+
   ks->consensus = GNUNET_CONSENSUS_create (cfg, ks->num_peers, ks->peers, &msg->session_id,
                                            keygen_round1_new_element, ks);
 
+  paillier_create (ks->info[ks->local_peer_idx].paillier_g,
+                   ks->info[ks->local_peer_idx].paillier_n,
+                   ks->paillier_lambda,
+                   ks->paillier_mu);
+
+
   generate_presecret_polynomial (ks);
 
   insert_round1_element (ks);
diff --git a/src/secretsharing/secretsharing.h b/src/secretsharing/secretsharing.h
index 7025fdfea..8bd1b05b5 100644
--- a/src/secretsharing/secretsharing.h
+++ b/src/secretsharing/secretsharing.h
@@ -67,10 +67,10 @@ struct GNUNET_SECRETSHARING_CreateMessage
 };
 
 
-struct GNUNET_SECRETSHARING_SecretEstablishedMessage
+struct GNUNET_SECRETSHARING_SecretReadyMessage
 {
   /**
-   * Type: GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_ESTABLISHED
+   * Type: GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_SECRET_READY
    */
   struct GNUNET_MessageHeader header;
 
@@ -80,6 +80,11 @@ struct GNUNET_SECRETSHARING_SecretEstablishedMessage
   unsigned char secret[GNUNET_SECRETSHARING_KEY_BITS / 8];
 
   /**
+   * Secret share in network byte order.
+   */
+  struct GNUNET_SECRETSHARING_PublicKey public_key;
+
+  /**
    * Number of peers at the end of this message.
    * Includes peers that are part of the established
    * threshold crypto system.
@@ -90,10 +95,10 @@ struct GNUNET_SECRETSHARING_SecretEstablishedMessage
 };
 
 
-struct GNUNET_SECRETSHARING_DecryptMessage
+struct GNUNET_SECRETSHARING_DecryptRequestMessage
 {
   /**
-   * Type: GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_DECRYPT
+   * Type: GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_DECRYPT_REQUEST
    */
   struct GNUNET_MessageHeader header;
 
@@ -113,10 +118,10 @@ struct GNUNET_SECRETSHARING_DecryptMessage
 };
 
 
-struct GNUNET_SECRETSHARING_DecryptDoneMessage
+struct GNUNET_SECRETSHARING_DecryptResponseMessage
 {
   /**
-   * Type: GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_DECRYPT_DONE
+   * Type: GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_DECRYPT_RESPONSE
    */
   struct GNUNET_MessageHeader header;
 
diff --git a/src/secretsharing/secretsharing_api.c b/src/secretsharing/secretsharing_api.c
index 325e07f51..a44fa2a2f 100644
--- a/src/secretsharing/secretsharing_api.c
+++ b/src/secretsharing/secretsharing_api.c
@@ -25,8 +25,102 @@
  */
 #include "platform.h"
 #include "gnunet_util_lib.h"
+#include "gnunet_secretsharing_service.h"
+#include "secretsharing.h"
 
 
 #define LOG(kind,...) GNUNET_log_from (kind, "secretsharing-api",__VA_ARGS__)
 
 
+
+/**
+ * Session that will eventually establish a shared secred between
+ * the involved peers and allow encryption and cooperative decryption.
+ */
+struct GNUNET_SECRETSHARING_Session
+{
+  /**
+   * Client connected to the secretsharing service.
+   */
+  struct GNUNET_CLIENT_Connection *client;
+
+  /**
+   * Message queue for 'client'.
+   */
+  struct GNUNET_MQ_Handle *mq;
+
+  /**
+   * Called when the secret sharing is done.
+   */
+  GNUNET_SECRETSHARING_SecretReadyCallback secret_ready_cb;
+
+  /**
+   * Closure for 'secret_ready_cb'.
+   */
+  void *secret_ready_cls;
+};
+
+
+static void
+handle_session_client_error (void *cls, enum GNUNET_MQ_Error error)
+{
+  struct GNUNET_SECRETSHARING_Session *s = cls;
+
+  s->secret_ready_cb (s->secret_ready_cls, NULL, NULL, 0, NULL);
+}
+
+static void
+handle_secret_ready (void *cls, const struct GNUNET_MessageHeader *msg)
+{
+  struct GNUNET_SECRETSHARING_Session *s = cls;
+  const struct GNUNET_SECRETSHARING_SecretReadyMessage *m = (const void *) msg;
+
+  s->secret_ready_cb (s->secret_ready_cls,
+                      NULL,
+                      &m->public_key,
+                      ntohs (m->num_secret_peers),
+                      (struct GNUNET_PeerIdentity *) &m[1]);
+
+}
+
+
+struct GNUNET_SECRETSHARING_Session *
+GNUNET_SECRETSHARING_create_session (const struct GNUNET_CONFIGURATION_Handle *cfg,
+                                     unsigned int num_peers,
+                                     const struct GNUNET_PeerIdentity *peers,
+                                     const struct GNUNET_HashCode *session_id,
+                                     struct GNUNET_TIME_Absolute deadline,
+                                     unsigned int threshold,
+                                     GNUNET_SECRETSHARING_SecretReadyCallback cb,
+                                     void *cls)
+{
+  struct GNUNET_SECRETSHARING_Session *s;
+  struct GNUNET_MQ_Envelope *ev;
+  struct GNUNET_SECRETSHARING_CreateMessage *msg;
+  static const struct GNUNET_MQ_MessageHandler mq_handlers[] = {
+    {handle_secret_ready, GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_SECRET_READY, 0},
+    GNUNET_MQ_HANDLERS_END
+  };
+
+
+  s = GNUNET_new (struct GNUNET_SECRETSHARING_Session);
+  s->client = GNUNET_CLIENT_connect ("secretsharing", cfg);
+  s->secret_ready_cb = cb;
+  s->secret_ready_cls = cls;
+  GNUNET_assert (NULL != s->client);
+
+  s->mq = GNUNET_MQ_queue_for_connection_client (s->client, mq_handlers,
+                                                   handle_session_client_error, s);
+  GNUNET_assert (NULL != s->mq);
+
+  ev = GNUNET_MQ_msg (msg, GNUNET_MESSAGE_TYPE_SECRETSHARING_CLIENT_GENERATE);
+  msg->threshold = htons (threshold);
+  GNUNET_MQ_send (s->mq, ev);
+
+  LOG (GNUNET_ERROR_TYPE_DEBUG, "secretsharing session created\n");
+  return s;
+
+}
+
+
+
diff --git a/src/secretsharing/secretsharing_protocol.h b/src/secretsharing/secretsharing_protocol.h
index 71e6d50a9..470002f10 100644
--- a/src/secretsharing/secretsharing_protocol.h
+++ b/src/secretsharing/secretsharing_protocol.h
@@ -60,9 +60,9 @@ struct PaillierPublicKey
 
   /**
    * Network order representation of the
-   * g-component.
+   * n-component.
    */
-  uint32_t mu[PAILLIER_BITS / 8 / sizeof (uint32_t)];
+  uint32_t n[PAILLIER_BITS / 8 / sizeof (uint32_t)];
 };
 
 
@@ -72,6 +72,10 @@ struct PaillierPublicKey
 struct GNUNET_SECRETSHARING_KeygenCommitData
 {
   /**
+   * Signature over the rest of the message.
+   */
+  struct GNUNET_CRYPTO_EddsaSignature signature;
+  /**
    * Signature purpose for signing the keygen commit data.
    */
   struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
@@ -88,10 +92,25 @@ struct GNUNET_SECRETSHARING_KeygenCommitData
    * Commitment of 'peer' to his presecret.
    */
   struct GNUNET_HashCode commitment GNUNET_PACKED;
+};
+
+
+struct GNUNET_SECRETSHARING_KeygenRevealData
+{
   /**
-   * Signature over the previous values.
+   * Signature over rest of the message.
    */
   struct GNUNET_CRYPTO_EddsaSignature signature;
+  /*
+   * Signature purpose for signing the keygen commit data.
+   */
+  struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
+  /**
+   * Peer that inserts this element.
+   */
+  struct GNUNET_PeerIdentity peer;
+
+  /* values follow */
 };
 
 GNUNET_NETWORK_STRUCT_END
diff --git a/src/util/gnunet-ecc.c b/src/util/gnunet-ecc.c
index d4e0f2387..4af9f084d 100644
--- a/src/util/gnunet-ecc.c
+++ b/src/util/gnunet-ecc.c
@@ -113,6 +113,19 @@ create_keys (const char *fn)
 
 
 static void
+print_hex (char *msg, void *buf, size_t size)
+{
+  size_t i;
+  printf ("%s: ", msg);
+  for (i = 0; i < size; i++)
+  {
+    printf ("%02hhx", ((char *)buf)[i]);
+  }
+  printf ("\n");
+}
+
+
+static void
 print_examples_ecdh ()
 {
   struct GNUNET_CRYPTO_EcdhePrivateKey *dh_priv1;
@@ -132,14 +145,18 @@ print_examples_ecdh ()
   GNUNET_assert (NULL != GNUNET_STRINGS_data_to_string (dh_priv1, 32, buf, 128));
   printf ("ECDHE key 1:\n");
   printf ("private: %s\n", buf);
+  print_hex ("private(hex)", dh_priv1, sizeof *dh_priv1);
   GNUNET_assert (NULL != GNUNET_STRINGS_data_to_string (dh_pub1, 32, buf, 128));
   printf ("public: %s\n", buf);
+  print_hex ("public(hex)", dh_pub1, sizeof *dh_pub1);
 
   GNUNET_assert (NULL != GNUNET_STRINGS_data_to_string (dh_priv2, 32, buf, 128));
   printf ("ECDHE key 2:\n");
   printf ("private: %s\n", buf);
+  print_hex ("private(hex)", dh_priv2, sizeof *dh_priv2);
   GNUNET_assert (NULL != GNUNET_STRINGS_data_to_string (dh_pub2, 32, buf, 128));
   printf ("public: %s\n", buf);
+  print_hex ("public(hex)", dh_pub2, sizeof *dh_pub2);
 
   GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_ecc_ecdh (dh_priv1, dh_pub2, &hash));
   GNUNET_assert (NULL != GNUNET_STRINGS_data_to_string (&hash, 64, buf, 128));