Skip to content

Commit

Permalink
refactor: rename to PiPrm and use instead of existing Ring-Pedersen
Browse files Browse the repository at this point in the history
  • Loading branch information
@ivokub
ivokub committed Nov 6, 2023
1 parent e87ff90 commit 86ddbc5
Show file tree
Hide file tree
Showing 17 changed files with 210 additions and 222 deletions.
49 changes: 20 additions & 29 deletions fs-dkr/src/add_party_message.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,10 +39,8 @@ use std::{collections::HashMap, fmt::Debug};
use zk_paillier::zkproofs::NiCorrectKeyProof;

use crate::ring_pedersen_proof::{RingPedersenProof, RingPedersenStatement};
use tss_core::utilities::generate_h1_h2_N_tilde;
use tss_core::zkproof::prm::{
CompositeDLogProof, CompositeDLogStatement, CompositeDLogWitness,
};
use tss_core::utilities::generate_safe_h1_h2_N_tilde;
use tss_core::zkproof::prm::{PiPrmProof, PiPrmStatement, PiPrmWitness};

/// Message used by new parties to join the protocol.
#[derive(Clone, Deserialize, Serialize, Debug)]
Expand All @@ -51,52 +49,45 @@ pub struct JoinMessage<E: Curve, H: Digest + Clone, const M: usize> {
pub(crate) ek: EncryptionKey,
pub(crate) dk_correctness_proof: NiCorrectKeyProof,
pub(crate) party_index: Option<u16>,
pub(crate) dlog_statement: CompositeDLogStatement,
pub(crate) composite_dlog_proof_base_h1: CompositeDLogProof,
pub(crate) composite_dlog_proof_base_h2: CompositeDLogProof,
pub(crate) dlog_statement: PiPrmStatement,
pub(crate) composite_dlog_proof_base_h1: PiPrmProof,
pub(crate) composite_dlog_proof_base_h2: PiPrmProof,
pub(crate) ring_pedersen_statement: RingPedersenStatement<E, H>,
pub(crate) ring_pedersen_proof: RingPedersenProof<E, H, M>,
}

/// Generates the DlogStatement and CompositeProofs using the parameters
/// generated by [generate_h1_h2_n_tilde]
fn generate_dlog_statement_proofs() -> FsDkrResult<(
CompositeDLogStatement,
CompositeDLogProof,
CompositeDLogProof,
)> {
let (n_tilde, h1, h2, xhi, xhi_inv, phi) = generate_h1_h2_N_tilde();
fn generate_dlog_statement_proofs(
) -> FsDkrResult<(PiPrmStatement, PiPrmProof, PiPrmProof)> {
let (n_tilde, h1, h2, xhi, xhi_inv, phi) = generate_safe_h1_h2_N_tilde();

let dlog_statement_base_h1 = CompositeDLogStatement {
let dlog_statement_base_h1 = PiPrmStatement {
modulus: n_tilde.clone(),
base: h1.clone(),
value: h2.clone(),
};
let dlog_witness_base_h1 = CompositeDLogWitness {
let dlog_witness_base_h1 = PiPrmWitness {
exponent: xhi,
totient: phi.clone(),
};

let dlog_statement_base_h2 = CompositeDLogStatement {
let dlog_statement_base_h2 = PiPrmStatement {
modulus: n_tilde,
base: h2,
value: h1,
};
let dlog_witness_base_h2 = CompositeDLogWitness {
let dlog_witness_base_h2 = PiPrmWitness {
exponent: xhi_inv,
totient: phi.clone(),
};

let composite_dlog_proof_base_h1 = CompositeDLogProof::prove(
&dlog_statement_base_h1,
&dlog_witness_base_h1,
)
.map_err(|_| FsDkrError::CompositeDLogProofGeneration)?;
let composite_dlog_proof_base_h2 = CompositeDLogProof::prove(
&dlog_statement_base_h2,
&dlog_witness_base_h2,
)
.map_err(|_| FsDkrError::CompositeDLogProofGeneration)?;
let composite_dlog_proof_base_h1 =
PiPrmProof::prove(&dlog_statement_base_h1, &dlog_witness_base_h1)
.map_err(|_| FsDkrError::CompositeDLogProofGeneration)?;
let composite_dlog_proof_base_h2 =
PiPrmProof::prove(&dlog_statement_base_h2, &dlog_witness_base_h2)
.map_err(|_| FsDkrError::CompositeDLogProofGeneration)?;

Ok((
dlog_statement_base_h1,
Expand Down Expand Up @@ -261,7 +252,7 @@ impl<E: Curve, H: Digest + Clone, const M: usize> JoinMessage<E, H, M> {
// TODO: submit the statement the dlog proof as well!
// check what parties are assigned in the current rotation and associate
// their DLogStatements and check their CompositeDlogProofs.
let available_h1_h2_ntilde_vec: HashMap<u16, &CompositeDLogStatement> =
let available_h1_h2_ntilde_vec: HashMap<u16, &PiPrmStatement> =
refresh_messages
.iter()
.map(|msg| (msg.party_index, &msg.dlog_statement))
Expand Down Expand Up @@ -289,7 +280,7 @@ impl<E: Curve, H: Digest + Clone, const M: usize> JoinMessage<E, H, M> {
})
.collect();
// generate the DLogStatement vec needed for the LocalKey generation.
let mut h1_h2_ntilde_vec: Vec<CompositeDLogStatement> =
let mut h1_h2_ntilde_vec: Vec<PiPrmStatement> =
Vec::with_capacity(new_n as usize);
for party in 1..new_n + 1 {
let statement = available_h1_h2_ntilde_vec.get(&party);
Expand Down
22 changes: 11 additions & 11 deletions fs-dkr/src/range_proofs.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ use curv::{
use paillier::{EncryptionKey, Randomness};
use serde::{Deserialize, Serialize};
use std::{borrow::Borrow, marker::PhantomData};
use tss_core::zkproof::prm::CompositeDLogStatement;
use tss_core::zkproof::prm::PiPrmStatement;
use zeroize::Zeroize;

/// Represents the first round of the interactive version of the proof
Expand All @@ -41,7 +41,7 @@ struct AliceZkpRound1 {
impl AliceZkpRound1 {
fn from(
alice_ek: &EncryptionKey,
dlog_statement: &CompositeDLogStatement,
dlog_statement: &PiPrmStatement,
a: &BigInt,
q: &BigInt,
) -> Self {
Expand Down Expand Up @@ -118,7 +118,7 @@ impl<E: Curve, H: Digest + Clone> AliceProof<E, H> {
&self,
cipher: &BigInt,
alice_ek: &EncryptionKey,
dlog_statement: &CompositeDLogStatement,
dlog_statement: &PiPrmStatement,
) -> bool {
let N = &alice_ek.n;
let NN = &alice_ek.nn;
Expand Down Expand Up @@ -178,7 +178,7 @@ impl<E: Curve, H: Digest + Clone> AliceProof<E, H> {
a: &BigInt,
cipher: &BigInt,
alice_ek: &EncryptionKey,
dlog_statement: &CompositeDLogStatement,
dlog_statement: &PiPrmStatement,
r: &BigInt,
) -> Self {
let q = Scalar::<E>::group_order();
Expand Down Expand Up @@ -257,7 +257,7 @@ impl<E: Curve> BobZkpRound1<E> {
/// `a_encrypted` - Alice's secret encrypted by Alice
fn from(
alice_ek: &EncryptionKey,
dlog_statement: &CompositeDLogStatement,
dlog_statement: &PiPrmStatement,
b: &Scalar<E>,
beta_prim: &BigInt,
a_encrypted: &BigInt,
Expand Down Expand Up @@ -378,7 +378,7 @@ impl<E: Curve, H: Digest + Clone> BobProof<E, H> {
a_enc: &BigInt,
mta_avc_out: &BigInt,
alice_ek: &EncryptionKey,
dlog_statement: &CompositeDLogStatement,
dlog_statement: &PiPrmStatement,
check: Option<&BobCheck<E>>,
) -> bool {
let N = &alice_ek.n;
Expand Down Expand Up @@ -474,7 +474,7 @@ impl<E: Curve, H: Digest + Clone> BobProof<E, H> {
b: &Scalar<E>,
beta_prim: &BigInt,
alice_ek: &EncryptionKey,
dlog_statement: &CompositeDLogStatement,
dlog_statement: &PiPrmStatement,
r: &Randomness,
check: bool,
) -> (BobProof<E, H>, Option<Point<E>>) {
Expand Down Expand Up @@ -552,7 +552,7 @@ impl<E: Curve, H: Digest + Clone> BobProofExt<E, H> {
a_enc: &BigInt,
mta_avc_out: &BigInt,
alice_ek: &EncryptionKey,
dlog_statement: &CompositeDLogStatement,
dlog_statement: &PiPrmStatement,
X: &Point<E>,
) -> bool {
// check basic proof first
Expand Down Expand Up @@ -590,7 +590,7 @@ impl<E: Curve, H: Digest + Clone> BobProofExt<E, H> {
b: &Scalar<E>,
beta_prim: &BigInt,
alice_ek: &EncryptionKey,
dlog_statement: &CompositeDLogStatement,
dlog_statement: &PiPrmStatement,
r: &Randomness,
) -> BobProofExt<E, H> {
// proving a basic proof (with modified hash)
Expand Down Expand Up @@ -651,7 +651,7 @@ pub(crate) mod tests {
type FE = Secp256k1Scalar;

pub(crate) fn generate_init(
) -> (CompositeDLogStatement, EncryptionKey, DecryptionKey) {
) -> (PiPrmStatement, EncryptionKey, DecryptionKey) {
let (ek_tilde, dk_tilde) =
Paillier::keypair_with_modulus_size(crate::PAILLIER_KEY_SIZE)
.keys();
Expand All @@ -670,7 +670,7 @@ pub(crate) mod tests {
let (ek, dk) =
Paillier::keypair_with_modulus_size(crate::PAILLIER_KEY_SIZE)
.keys();
let dlog_statement = CompositeDLogStatement {
let dlog_statement = PiPrmStatement {
base: h1,
value: h2,
modulus: ek_tilde.n,
Expand Down
8 changes: 4 additions & 4 deletions fs-dkr/src/refresh_message.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ use serde::{Deserialize, Serialize};
use std::{borrow::Borrow, collections::HashMap, fmt::Debug};
use zeroize::Zeroize;
use zk_paillier::zkproofs::{NiCorrectKeyProof, SALT_STRING};
use tss_core::zkproof::prm::CompositeDLogStatement;
use tss_core::zkproof::prm::PiPrmStatement;

use crate::ring_pedersen_proof::{RingPedersenProof, RingPedersenStatement};

Expand All @@ -39,7 +39,7 @@ pub struct RefreshMessage<E: Curve, H: Digest + Clone, const M: usize> {
pub(crate) points_committed_vec: Vec<Point<E>>,
points_encrypted_vec: Vec<BigInt>,
dk_correctness_proof: NiCorrectKeyProof,
pub(crate) dlog_statement: CompositeDLogStatement,
pub(crate) dlog_statement: PiPrmStatement,
pub(crate) ek: EncryptionKey,
pub(crate) remove_party_indices: Vec<u16>,
pub(crate) public_key: Point<E>,
Expand Down Expand Up @@ -272,7 +272,7 @@ impl<E: Curve, H: Digest + Clone, const M: usize> RefreshMessage<E, H, M> {
let current_len = key.paillier_key_vec.len() as u16;
let mut paillier_key_h1_h2_n_tilde_hash_map: HashMap<
u16,
(EncryptionKey, CompositeDLogStatement),
(EncryptionKey, PiPrmStatement),
> = HashMap::new();
for old_party_index in old_to_new_map.keys() {
let paillier_key = key
Expand Down Expand Up @@ -452,7 +452,7 @@ impl<E: Curve, H: Digest + Clone, const M: usize> RefreshMessage<E, H, M> {
}

// creating an inverse dlog statement
let dlog_statement_base_h2 = CompositeDLogStatement {
let dlog_statement_base_h2 = PiPrmStatement {
modulus: join_message.dlog_statement.modulus.clone(),
// Base and value are swapped because we're using h1's statement.
base: join_message.dlog_statement.value.clone(),
Expand Down
57 changes: 28 additions & 29 deletions multi-party-ecdsa/src/gg_2020/party_i.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,10 +56,8 @@ use curv::cryptographic_primitives::proofs::sigma_valid_pedersen::PedersenProof;
use std::convert::TryInto;

use tss_core::{
utilities::generate_h1_h2_N_tilde,
zkproof::prm::{
CompositeDLogProof, CompositeDLogStatement, CompositeDLogWitness,
},
utilities::generate_safe_h1_h2_N_tilde,
zkproof::prm::{PiPrmProof, PiPrmStatement, PiPrmWitness},
};

const SECURITY: usize = 256;
Expand Down Expand Up @@ -97,11 +95,11 @@ pub struct PartyPrivate {
#[derive(Clone, Debug, Serialize, Deserialize)]
pub struct KeyGenBroadcastMessage1 {
pub e: EncryptionKey,
pub dlog_statement: CompositeDLogStatement,
pub dlog_statement: PiPrmStatement,
pub com: BigInt,
pub correct_key_proof: NiCorrectKeyProof,
pub composite_dlog_proof_base_h1: CompositeDLogProof,
pub composite_dlog_proof_base_h2: CompositeDLogProof,
pub composite_dlog_proof_base_h1: PiPrmProof,
pub composite_dlog_proof_base_h2: PiPrmProof,
}

#[derive(Clone, Debug, Serialize, Deserialize)]
Expand Down Expand Up @@ -157,7 +155,8 @@ impl Keys {
let u = Scalar::<Secp256k1>::random();
let y = Point::generator() * &u;
let (ek, dk) = Paillier::keypair().keys();
let (N_tilde, h1, h2, xhi, xhi_inv, phi) = generate_h1_h2_N_tilde();
let (N_tilde, h1, h2, xhi, xhi_inv, phi) =
generate_safe_h1_h2_N_tilde();

Self {
u_i: u,
Expand All @@ -180,7 +179,8 @@ impl Keys {
let y = Point::generator() * &u;

let (ek, dk) = Paillier::keypair_safe_primes().keys();
let (N_tilde, h1, h2, xhi, xhi_inv, phi) = generate_h1_h2_N_tilde();
let (N_tilde, h1, h2, xhi, xhi_inv, phi) =
generate_safe_h1_h2_N_tilde();

Self {
u_i: u,
Expand All @@ -199,7 +199,8 @@ impl Keys {
pub fn create_from(u: Scalar<Secp256k1>, index: usize) -> Self {
let y = Point::generator() * &u;
let (ek, dk) = Paillier::keypair().keys();
let (N_tilde, h1, h2, xhi, xhi_inv, phi) = generate_h1_h2_N_tilde();
let (N_tilde, h1, h2, xhi, xhi_inv, phi) =
generate_safe_h1_h2_N_tilde();

Self {
u_i: u,
Expand All @@ -223,22 +224,22 @@ impl Keys {
let blind_factor = BigInt::sample(SECURITY);
let correct_key_proof = NiCorrectKeyProof::proof(&self.dk, None);

let dlog_statement_base_h1 = CompositeDLogStatement {
let dlog_statement_base_h1 = PiPrmStatement {
modulus: self.N_tilde.clone(),
base: self.h1.clone(),
value: self.h2.clone(),
};
let dlog_witness_base_h1 = CompositeDLogWitness {
let dlog_witness_base_h1 = PiPrmWitness {
exponent: self.xhi.clone(),
totient: self.phi.clone(),
};

let dlog_statement_base_h2 = CompositeDLogStatement {
let dlog_statement_base_h2 = PiPrmStatement {
modulus: self.N_tilde.clone(),
base: self.h2.clone(),
value: self.h1.clone(),
};
let dlog_witness_base_h2 = CompositeDLogWitness {
let dlog_witness_base_h2 = PiPrmWitness {
exponent: self.xhi_inv.clone(),
totient: self.phi.clone(),
};
Expand All @@ -248,16 +249,12 @@ impl Keys {
bad_actors: vec![],
data: vec![],
};
let composite_dlog_proof_base_h1 = CompositeDLogProof::prove(
&dlog_statement_base_h1,
&dlog_witness_base_h1,
)
.map_err(|_| dlog_proof_error.clone())?;
let composite_dlog_proof_base_h2 = CompositeDLogProof::prove(
&dlog_statement_base_h2,
&dlog_witness_base_h2,
)
.map_err(|_| dlog_proof_error)?;
let composite_dlog_proof_base_h1 =
PiPrmProof::prove(&dlog_statement_base_h1, &dlog_witness_base_h1)
.map_err(|_| dlog_proof_error.clone())?;
let composite_dlog_proof_base_h2 =
PiPrmProof::prove(&dlog_statement_base_h2, &dlog_witness_base_h2)
.map_err(|_| dlog_proof_error)?;

let com = HashCommitment::<Sha256>::create_commitment_with_user_defined_randomness(
&BigInt::from_bytes(self.y_i.to_bytes(true).as_ref()),
Expand Down Expand Up @@ -295,7 +292,7 @@ impl Keys {
// decommitments
let correct_key_correct_decom_all = (0..bc1_vec.len())
.map(|i| {
let dlog_statement_base_h2 = CompositeDLogStatement {
let dlog_statement_base_h2 = PiPrmStatement {
modulus: bc1_vec[i].dlog_statement.modulus.clone(),
// Base and value are swapped because we're using h1's statement.
base: bc1_vec[i].dlog_statement.value.clone(),
Expand Down Expand Up @@ -553,7 +550,8 @@ impl PartyPrivate {
let y = Point::generator() * &u;
let (ek, dk) = Paillier::keypair().keys();

let (N_tilde, h1, h2, xhi, xhi_inv, phi) = generate_h1_h2_N_tilde();
let (N_tilde, h1, h2, xhi, xhi_inv, phi) =
generate_safe_h1_h2_N_tilde();

Keys {
u_i: u,
Expand All @@ -580,7 +578,8 @@ impl PartyPrivate {
let y = Point::generator() * &u;
let (ek, dk) = Paillier::keypair_safe_primes().keys();

let (N_tilde, h1, h2, xhi, xhi_inv, phi) = generate_h1_h2_N_tilde();
let (N_tilde, h1, h2, xhi, xhi_inv, phi) =
generate_safe_h1_h2_N_tilde();

Keys {
u_i: u,
Expand Down Expand Up @@ -805,7 +804,7 @@ impl LocalSignature {
ek: &EncryptionKey,
k_i: &Scalar<Secp256k1>,
k_enc_randomness: &BigInt,
dlog_statement: &CompositeDLogStatement,
dlog_statement: &PiPrmStatement,
) -> PDLwSlackProof {
// Generate PDL with slack statement, witness and proof
let pdl_w_slack_statement = PDLwSlackStatement {
Expand All @@ -832,7 +831,7 @@ impl LocalSignature {
R: &Point<Secp256k1>,
k_ciphertext: &BigInt,
ek: &EncryptionKey,
dlog_statement: &[CompositeDLogStatement],
dlog_statement: &[PiPrmStatement],
s: &[usize],
i: usize,
) -> Result<(), ErrorType> {
Expand Down
Loading

0 comments on commit 86ddbc5

Please sign in to comment.