Skip to content

Commit

Permalink
Update KeyInit
Browse files Browse the repository at this point in the history
  • Loading branch information
fjarri committed Jan 1, 2025
1 parent 3b49322 commit bd052b9
Show file tree
Hide file tree
Showing 7 changed files with 399 additions and 108 deletions.
3 changes: 3 additions & 0 deletions synedrion/src/cggmp21.rs
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,9 @@ mod sigma;
#[cfg(test)]
mod signing_malicious;

#[cfg(test)]
mod key_init_malicious;

pub use aux_gen::{AuxGen, AuxGenProtocol};
pub use entities::{AuxInfo, KeyShare, KeyShareChange};
pub use interactive_signing::{InteractiveSigning, InteractiveSigningProtocol, PrehashedMessage};
Expand Down
34 changes: 29 additions & 5 deletions synedrion/src/cggmp21/entities.rs
Original file line number Diff line number Diff line change
Expand Up @@ -24,12 +24,12 @@ use crate::{
/// The result of the KeyInit protocol.
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct KeyShare<P, I: Ord> {
pub(crate) owner: I,
owner: I,
/// Secret key share of this node.
pub(crate) secret_share: Secret<Scalar>, // `x_i`
pub(crate) public_shares: BTreeMap<I, Point>, // `X_j`
secret_share: Secret<Scalar>, // `x_i`
public_shares: BTreeMap<I, Point>, // `X_j`
// TODO (#27): this won't be needed when Scalar/Point are a part of `P`
pub(crate) phantom: PhantomData<P>,
phantom: PhantomData<P>,
}

/// The result of the AuxGen protocol.
Expand Down Expand Up @@ -125,7 +125,23 @@ pub(crate) struct PresigningValues<P: SchemeParams> {
pub(crate) hat_cap_f: Ciphertext<P::Paillier>,
}

impl<P: SchemeParams, I: Clone + Ord + PartialEq + Debug> KeyShare<P, I> {
impl<P: SchemeParams, I: Clone + Ord + Debug> KeyShare<P, I> {
pub(crate) fn new(
owner: I,
secret_share: Secret<Scalar>,
public_shares: BTreeMap<I, Point>,
) -> Result<Self, LocalError> {
if public_shares.values().sum::<Point>() == Point::IDENTITY {
return Err(LocalError::new("Key shares add up to zero"));
}
Ok(KeyShare {
owner,
secret_share,
public_shares,
phantom: PhantomData,
})
}

/// Updates a key share with a change obtained from KeyRefresh protocol.
pub fn update(self, change: KeyShareChange<P, I>) -> Result<Self, LocalError> {
if self.owner != change.owner {
Expand Down Expand Up @@ -217,6 +233,14 @@ impl<P: SchemeParams, I: Clone + Ord + PartialEq + Debug> KeyShare<P, I> {
&self.owner
}

pub(crate) fn secret_share(&self) -> &Secret<Scalar> {
&self.secret_share
}

pub(crate) fn public_shares(&self) -> &BTreeMap<I, Point> {
&self.public_shares
}

/// Returns the set of parties holding other shares from the set.
pub fn all_parties(&self) -> BTreeSet<I> {
self.public_shares.keys().cloned().collect()
Expand Down
18 changes: 9 additions & 9 deletions synedrion/src/cggmp21/interactive_signing.rs
Original file line number Diff line number Diff line change
Expand Up @@ -152,7 +152,7 @@ impl<P: SchemeParams, I: PartyId> EntryPoint<I> for InteractiveSigning<P, I> {
}

let other_ids = key_share
.public_shares
.public_shares()
.keys()
.cloned()
.collect::<BTreeSet<_>>()
Expand All @@ -164,7 +164,7 @@ impl<P: SchemeParams, I: PartyId> EntryPoint<I> for InteractiveSigning<P, I> {
let ssid_hash = FofHasher::new_with_dst(b"ShareSetID")
.chain_type::<P>()
.chain(&shared_randomness)
.chain(&key_share.public_shares)
.chain(&key_share.public_shares())
.chain(&aux_info.public_aux)
.finalize();

Expand Down Expand Up @@ -221,11 +221,11 @@ struct Context<P: SchemeParams, I: Ord> {
impl<P, I> Context<P, I>
where
P: SchemeParams,
I: Ord + Debug,
I: Clone + Ord + Debug,
{
pub fn public_share(&self, i: &I) -> Result<&Point, LocalError> {
self.key_share
.public_shares
.public_shares()
.get(i)
.ok_or_else(|| LocalError::new("Missing public_share for party Id {i:?}"))
}
Expand Down Expand Up @@ -507,7 +507,7 @@ impl<P: SchemeParams, I: PartyId> Round<I> for Round2<P, I> {
let hat_s = Randomizer::random(rng, target_pk);

let gamma = secret_signed_from_scalar::<P>(&self.context.gamma);
let x = secret_signed_from_scalar::<P>(&self.context.key_share.secret_share);
let x = secret_signed_from_scalar::<P>(self.context.key_share.secret_share());

let others_cap_k = self
.all_cap_k
Expand All @@ -518,7 +518,7 @@ impl<P: SchemeParams, I: PartyId> Round<I> for Round2<P, I> {
let cap_d = others_cap_k * &gamma + Ciphertext::new_with_randomizer(target_pk, &-&beta, &s);

let hat_cap_f = Ciphertext::new_with_randomizer(pk, &hat_beta, &hat_r);
let hat_cap_d = others_cap_k * &secret_signed_from_scalar::<P>(&self.context.key_share.secret_share)
let hat_cap_d = others_cap_k * &secret_signed_from_scalar::<P>(self.context.key_share.secret_share())
+ Ciphertext::new_with_randomizer(target_pk, &-&hat_beta, &hat_s);

let cap_g = self.all_cap_g.get(&self.context.my_id).ok_or(LocalError::new(format!(
Expand Down Expand Up @@ -737,7 +737,7 @@ impl<P: SchemeParams, I: PartyId> Round<I> for Round2<P, I> {

let hat_alpha_sum: SecretSigned<_> = payloads.values().map(|payload| &payload.hat_alpha).sum();
let hat_beta_sum: SecretSigned<_> = artifacts.values().map(|artifact| &artifact.hat_beta).sum();
let chi = secret_signed_from_scalar::<P>(&self.context.key_share.secret_share)
let chi = secret_signed_from_scalar::<P>(self.context.key_share.secret_share())
* secret_signed_from_scalar::<P>(&self.context.k)
+ &hat_alpha_sum
+ &hat_beta_sum;
Expand Down Expand Up @@ -1257,7 +1257,7 @@ impl<P: SchemeParams, I: PartyId> Round<I> for Round4<P, I> {
let p_aff_g = AffGProof::<P>::new(
rng,
AffGSecretInputs {
x: &secret_signed_from_scalar::<P>(&self.context.key_share.secret_share),
x: &secret_signed_from_scalar::<P>(self.context.key_share.secret_share()),
y: &values.hat_beta,
rho: &values.hat_s,
rho_y: &values.hat_r,
Expand Down Expand Up @@ -1293,7 +1293,7 @@ impl<P: SchemeParams, I: PartyId> Round<I> for Round4<P, I> {

// mul* proofs

let x = &self.context.key_share.secret_share;
let x = &self.context.key_share.secret_share();
let cap_x = self.context.public_share(&my_id)?;

let rho = Randomizer::random(rng, pk);
Expand Down
Loading

0 comments on commit bd052b9

Please sign in to comment.