Decentralised HMAC Signing Library is a HMAC signing library using secure multi-party computation. This library is made using the go binaries complied from Multiparty Computation Implementation by Mark Rossi. Clone this repository, and build it using 'cargo build --release'


The current implementation of the DHSL Library, recieves the entire shard from the user, generated a 2-PC connection to Garbler Circuits. The DHSL Library retrives the shard for a particular user_id & client_addr from the Accounts Oracle, and generates HMAC on those shards.

Getting started with DHSL Library

The library is not published on crates.io as of writing the readme. Download this repository, build it using 'cargo build'. Use this in your project using:

1dhsl_library = { path= "/Users/ soms/ Development/ DHSL_Library" }

For any subsequent changes made to the code in the library, the library has to be built for the dependencies.Use the built rust file found in './dhsl_library/target', and import it into your project.Current implementation has one function to generate HMAC signature of a specified Message & Key, for a given user_id and client_addr.

Use 'cargo docs --open' in the directory for better documentation.

The 'sign_with_hmac' retrives data from Oracle, and processes the computation on the backend. Further explanation for the working has been given below.

Example Scenario

A) Making a request to BITGET REST API

Let's consider an example Scenario with a user_id of 0x1dc and client_addr of 0x1e81d3588220b04b8cc741d7e4f51361f7d1a7e2.

The DHSL Library has the function sign_with_hmac, to which we supply parameters of user_id, client_addr, timestamp (on which HMAC Signature is to be generated), and the api_url which is our message for the example.

We have a demo api running on localhost:5000, to which we make a request containing the user_id and client_addr.

2  "user_id":"0x1dc",
3  "client_addr":"0x1e81d3588220b04b8cc741d7e4f51361f7d1a7e2"

The sign_with_hmac in backend,retrives the decrypted shard from the Account Oracle using the provided user_id and client_addr, seperates into key value shard pairs, and runs 2PC Connection in form of Garbler and Evaluator, and generates HMAC using the sharded key pair, and the message sent to the function.

Currently for debugging purpose, the HMAC Computation is shown on the console as demonstrated below:

1[src/main.rs:134] &signature_with_library = HMACResponse {
2    signature: "091e883e1efd7254fc45de89d6a34cfb1da78839d061b3a512c5341dcb29c53e",
3    timestamp: "1704710290606",

This HMAC is then returned to the demo api, which then uses this to HMAC to get get response from BITGET.Example:

2  "code": "00000",
3  "msg": "success",
4  "requestTime": 1704710109827,
5  "data": [
6    {
7      "available": "0",
8      "coinId": 1,
9      "coinName": "BTC",
10      "frozen": "0",
11      "lock": "0",
12      "uTime": "1704710110276"
13    },
14    .
15    .]

If HMAC signature is invalid, the demo API should have a response of "sign signature error" from the BITGET API.

2  "code": "40009",
3  "msg": "sign signature error",
4  "requestTime": 1704710250362,
5  "data": null


A) Rust

The current implementation of the DHSL Library, recieves the entire shard from the user, generated a 2-PC connection in the Garbler-Evaluator pair as explained on the MPCL Library.

In production setup, it is advised to have 3 or more oracle nodes to generate the HMAC.

B) Node.js Wrapper

A Node.js wrapper built around the compiled go binary also ships with this library, having the similar function name and parameters.

Known Bugs

Sometimes the Command::new does not immeditely fire-up a process. Workaround is deployed. Working on a fix which handles the process exit gracefully. Multiple 2-PC is simulated using hard-coded values and tested. Production will require oracle setups. This bug should clear-out itself once oracles run on individual instances.


If you encounter any issues or have questions during the integration process, our support team is here to assist you.

Support Contact

Thank you for choosing ZKON. We're excited to be a part of your journey towards a more secure and decentralized world.

Contact us

We have received your submission! Wait for ZKON to contact you at the e-mail address provided.
Thank you very much!
Oops! Something went wrong when you submitted the form. Please try again or fill in any missing fields.