[R4R] Add eddsa (#88)

* [R4R] Add eddsa keygen and signing (#3) * add eddsa signing and keygen * contruct extended element from x,y * update dep * fix test * fix bug * delete unused code * add resharing * fix comments * refactor RejectionSampl;e * rename variable (#4) * delete printf * update dependency * resolve conflict
bnb-chain · Mar 6, 2020 · abd66f8 · abd66f8
1 parent c66e035
commit abd66f8
Show file tree

Hide file tree

Showing 116 changed files with 4,294 additions and 106 deletions.
diff --git a/common/hash_utils.go b/common/hash_utils.go
@@ -11,27 +11,8 @@ import (
 )
 
 // RejectionSample implements the rejection sampling logic for converting a
-// SHA512/256 hash to a value between 0-q from GG18Spec (6) Fig. 12.
+// SHA512/256 hash to a value between 0-q
 func RejectionSample(q *big.Int, eHash *big.Int) *big.Int { // e' = eHash
-	qGTZero := zero.Cmp(q) == -1
-	// e = the first |q| bits of e'
-	qBits := q.BitLen()
-	e := firstBitsOf(qBits, eHash)
-	// while e is not between 0-q
-	for !(qGTZero && e.Cmp(q) == -1) {
-		eHash := SHA512_256iOne(eHash)
-		e = firstBitsOf(qBits, eHash)
-	}
-	return e
-}
-
-func firstBitsOf(bits int, v *big.Int) *big.Int {
-	e := big.NewInt(0)
-	for i := 0; i < bits; i++ {
-		bit := v.Bit(i)
-		if 0 < bit {
-			e.SetBit(e, i, bit)
-		}
-	}
+	e := eHash.Mod(eHash, q)
 	return e
 }
diff --git a/ecdsa/signing/signature.pb.go → common/signature.pb.go b/ecdsa/signing/signature.pb.go → common/signature.pb.go
diff --git a/crypto/schnorr/schnorr_proof.go b/crypto/schnorr/schnorr_proof.go
@@ -40,7 +40,7 @@ func NewZKProof(x *big.Int, X *crypto.ECPoint) (*ZKProof, error) {
 	alpha := crypto.ScalarBaseMult(tss.EC(), a)
 
 	var c *big.Int
-	{ // must use RejectionSample
+	{
 		cHash := common.SHA512_256i(X.X(), X.Y(), g.X(), g.Y(), alpha.X(), alpha.Y())
 		c = common.RejectionSample(q, cHash)
 	}
@@ -60,7 +60,7 @@ func (pf *ZKProof) Verify(X *crypto.ECPoint) bool {
 	g := crypto.NewECPointNoCurveCheck(tss.EC(), ecParams.Gx, ecParams.Gy)
 
 	var c *big.Int
-	{ // must use RejectionSample
+	{
 		cHash := common.SHA512_256i(X.X(), X.Y(), g.X(), g.Y(), pf.Alpha.X(), pf.Alpha.Y())
 		c = common.RejectionSample(q, cHash)
 	}
@@ -95,7 +95,7 @@ func NewZKVProof(V, R *crypto.ECPoint, s, l *big.Int) (*ZKVProof, error) {
 	alpha, _ := aR.Add(bG) // already on the curve.
 
 	var c *big.Int
-	{ // must use RejectionSample
+	{
 		cHash := common.SHA512_256i(V.X(), V.Y(), R.X(), R.Y(), g.X(), g.Y(), alpha.X(), alpha.Y())
 		c = common.RejectionSample(q, cHash)
 	}
@@ -115,7 +115,7 @@ func (pf *ZKVProof) Verify(V, R *crypto.ECPoint) bool {
 	g := crypto.NewECPointNoCurveCheck(tss.EC(), ecParams.Gx, ecParams.Gy)
 
 	var c *big.Int
-	{ // must use RejectionSample
+	{
 		cHash := common.SHA512_256i(V.X(), V.Y(), R.X(), R.Y(), g.X(), g.Y(), pf.Alpha.X(), pf.Alpha.Y())
 		c = common.RejectionSample(q, cHash)
 	}

diff --git a/ecdsa/keygen/local_party.go b/ecdsa/keygen/local_party.go
@@ -96,11 +96,11 @@ func (p *LocalParty) FirstRound() tss.Round {
 }
 
 func (p *LocalParty) Start() *tss.Error {
-	return tss.BaseStart(p, "keygen")
+	return tss.BaseStart(p, TaskName)
 }
 
 func (p *LocalParty) Update(msg tss.ParsedMessage) (ok bool, err *tss.Error) {
-	return tss.BaseUpdate(p, msg, "keygen")
+	return tss.BaseUpdate(p, msg, TaskName)
 }
 
 func (p *LocalParty) UpdateFromBytes(wireBytes []byte, from *tss.PartyID, isBroadcast bool) (bool, *tss.Error) {

diff --git a/ecdsa/keygen/local_party_test.go b/ecdsa/keygen/local_party_test.go
@@ -162,7 +162,7 @@ func TestBadMessageCulprits(t *testing.T) {
 	assert.Equal(t, 1, len(err2.Culprits()))
 	assert.Equal(t, pIDs[1], err2.Culprits()[0])
 	assert.Equal(t,
-		"task keygen, party {0,P[1]}, round 1, culprits [{1,2}]: message failed ValidateBasic: Type: binance.tss-lib.ecdsa.keygen.KGRound1Message, From: {1,2}, To: all",
+		"task ecdsa-keygen, party {0,P[1]}, round 1, culprits [{1,2}]: message failed ValidateBasic: Type: binance.tss-lib.ecdsa.keygen.KGRound1Message, From: {1,2}, To: all",
 		err2.Error())
 }
 

diff --git a/ecdsa/keygen/messages.go b/ecdsa/keygen/messages.go
@@ -33,10 +33,10 @@ var (
 )
 
 func init() {
-	proto.RegisterType((*KGRound1Message)(nil), tss.ProtoNamePrefix+"keygen.KGRound1Message")
-	proto.RegisterType((*KGRound2Message1)(nil), tss.ProtoNamePrefix+"keygen.KGRound2Message1")
-	proto.RegisterType((*KGRound2Message2)(nil), tss.ProtoNamePrefix+"keygen.KGRound2Message2")
-	proto.RegisterType((*KGRound3Message)(nil), tss.ProtoNamePrefix+"keygen.KGRound3Message")
+	proto.RegisterType((*KGRound1Message)(nil), tss.ECDSAProtoNamePrefix+"keygen.KGRound1Message")
+	proto.RegisterType((*KGRound2Message1)(nil), tss.ECDSAProtoNamePrefix+"keygen.KGRound2Message1")
+	proto.RegisterType((*KGRound2Message2)(nil), tss.ECDSAProtoNamePrefix+"keygen.KGRound2Message2")
+	proto.RegisterType((*KGRound3Message)(nil), tss.ECDSAProtoNamePrefix+"keygen.KGRound3Message")
 }
 
 // ----- //

diff --git a/ecdsa/keygen/round_1.go b/ecdsa/keygen/round_1.go
@@ -41,6 +41,7 @@ func (round *round1) Start() *tss.Error {
 
 	// 1. calculate "partial" key share ui
 	ui := common.GetRandomPositiveInt(tss.EC().Params().N)
+
 	round.temp.ui = ui
 
 	// 2. compute the vss shares

diff --git a/ecdsa/keygen/rounds.go b/ecdsa/keygen/rounds.go
@@ -11,7 +11,7 @@ import (
 )
 
 const (
-	TaskName = "keygen"
+	TaskName = "ecdsa-keygen"
 )
 
 type (

diff --git a/ecdsa/keygen/test_utils.go b/ecdsa/keygen/test_utils.go
@@ -29,7 +29,7 @@ const (
 	TestThreshold    = test.TestParticipants / 2
 )
 const (
-	testFixtureDirFormat  = "%s/../../test/_fixtures"
+	testFixtureDirFormat  = "%s/../../test/_ecdsa_fixtures"
 	testFixtureFileFormat = "keygen_data_%d.json"
 )
 

diff --git a/ecdsa/resharing/local_party.go b/ecdsa/resharing/local_party.go
@@ -102,11 +102,11 @@ func (p *LocalParty) FirstRound() tss.Round {
 }
 
 func (p *LocalParty) Start() *tss.Error {
-	return tss.BaseStart(p, "resharing")
+	return tss.BaseStart(p, TaskName)
 }
 
 func (p *LocalParty) Update(msg tss.ParsedMessage) (ok bool, err *tss.Error) {
-	return tss.BaseUpdate(p, msg, "resharing")
+	return tss.BaseUpdate(p, msg, TaskName)
 }
 
 func (p *LocalParty) UpdateFromBytes(wireBytes []byte, from *tss.PartyID, isBroadcast bool) (bool, *tss.Error) {

diff --git a/ecdsa/resharing/local_party_test.go b/ecdsa/resharing/local_party_test.go
@@ -168,7 +168,7 @@ signing:
 
 	signErrCh := make(chan *tss.Error, len(signPIDs))
 	signOutCh := make(chan tss.Message, len(signPIDs))
-	signEndCh := make(chan signing.SignatureData, len(signPIDs))
+	signEndCh := make(chan common.SignatureData, len(signPIDs))
 
 	for j, signPID := range signPIDs {
 		params := tss.NewParameters(signP2pCtx, signPID, len(signPIDs), newThreshold)

diff --git a/ecdsa/resharing/messages.go b/ecdsa/resharing/messages.go
@@ -34,11 +34,11 @@ var (
 )
 
 func init() {
-	proto.RegisterType((*DGRound1Message)(nil), tss.ProtoNamePrefix+"resharing.DGRound1Message")
-	proto.RegisterType((*DGRound2Message1)(nil), tss.ProtoNamePrefix+"resharing.DGRound2Message1")
-	proto.RegisterType((*DGRound2Message2)(nil), tss.ProtoNamePrefix+"resharing.DGRound2Message2")
-	proto.RegisterType((*DGRound3Message1)(nil), tss.ProtoNamePrefix+"resharing.DGRound3Message1")
-	proto.RegisterType((*DGRound3Message2)(nil), tss.ProtoNamePrefix+"resharing.DGRound3Message2")
+	proto.RegisterType((*DGRound1Message)(nil), tss.ECDSAProtoNamePrefix+"resharing.DGRound1Message")
+	proto.RegisterType((*DGRound2Message1)(nil), tss.ECDSAProtoNamePrefix+"resharing.DGRound2Message1")
+	proto.RegisterType((*DGRound2Message2)(nil), tss.ECDSAProtoNamePrefix+"resharing.DGRound2Message2")
+	proto.RegisterType((*DGRound3Message1)(nil), tss.ECDSAProtoNamePrefix+"resharing.DGRound3Message1")
+	proto.RegisterType((*DGRound3Message2)(nil), tss.ECDSAProtoNamePrefix+"resharing.DGRound3Message2")
 }
 
 // ----- //

diff --git a/ecdsa/resharing/rounds.go b/ecdsa/resharing/rounds.go
@@ -12,7 +12,7 @@ import (
 )
 
 const (
-	TaskName = "resharing"
+	TaskName = "ecdsa-resharing"
 )
 
 type (

diff --git a/ecdsa/signing/local_party.go b/ecdsa/signing/local_party.go
@@ -31,11 +31,11 @@ type (
 
 		keys keygen.LocalPartySaveData
 		temp localTempData
-		data SignatureData
+		data common.SignatureData
 
 		// outbound messaging
 		out chan<- tss.Message
-		end chan<- SignatureData
+		end chan<- common.SignatureData
 	}
 
 	localMessageStore struct {
@@ -98,15 +98,15 @@ func NewLocalParty(
 	params *tss.Parameters,
 	key keygen.LocalPartySaveData,
 	out chan<- tss.Message,
-	end chan<- SignatureData,
+	end chan<- common.SignatureData,
 ) tss.Party {
 	partyCount := len(params.Parties().IDs())
 	p := &LocalParty{
 		BaseParty: new(tss.BaseParty),
 		params:    params,
 		keys:      keygen.BuildLocalSaveDataSubset(key, params.Parties().IDs()),
 		temp:      localTempData{},
-		data:      SignatureData{},
+		data:      common.SignatureData{},
 		out:       out,
 		end:       end,
 	}
@@ -139,7 +139,7 @@ func (p *LocalParty) FirstRound() tss.Round {
 }
 
 func (p *LocalParty) Start() *tss.Error {
-	return tss.BaseStart(p, "signing", func(round tss.Round) *tss.Error {
+	return tss.BaseStart(p, TaskName, func(round tss.Round) *tss.Error {
 		round1, ok := round.(*round1)
 		if !ok {
 			return round.WrapError(errors.New("unable to Start(). party is in an unexpected round"))
@@ -152,7 +152,7 @@ func (p *LocalParty) Start() *tss.Error {
 }
 
 func (p *LocalParty) Update(msg tss.ParsedMessage) (ok bool, err *tss.Error) {
-	return tss.BaseUpdate(p, msg, "signing")
+	return tss.BaseUpdate(p, msg, TaskName)
 }
 
 func (p *LocalParty) UpdateFromBytes(wireBytes []byte, from *tss.PartyID, isBroadcast bool) (bool, *tss.Error) {

diff --git a/ecdsa/signing/local_party_test.go b/ecdsa/signing/local_party_test.go
@@ -51,13 +51,14 @@ func TestE2EConcurrent(t *testing.T) {
 
 	errCh := make(chan *tss.Error, len(signPIDs))
 	outCh := make(chan tss.Message, len(signPIDs))
-	endCh := make(chan SignatureData, len(signPIDs))
+	endCh := make(chan common.SignatureData, len(signPIDs))
 
 	updater := test.SharedPartyUpdater
 
 	// init the parties
 	for i := 0; i < len(signPIDs); i++ {
 		params := tss.NewParameters(p2pCtx, signPIDs[i], len(signPIDs), threshold)
+
 		P := NewLocalParty(big.NewInt(42), params, keys[i], outCh, endCh).(*LocalParty)
 		parties = append(parties, P)
 		go func(P *LocalParty) {

diff --git a/ecdsa/signing/messages.go b/ecdsa/signing/messages.go
@@ -39,16 +39,16 @@ var (
 )
 
 func init() {
-	proto.RegisterType((*SignRound1Message1)(nil), tss.ProtoNamePrefix+"signing.SignRound1Message1")
-	proto.RegisterType((*SignRound1Message2)(nil), tss.ProtoNamePrefix+"signing.SignRound1Message2")
-	proto.RegisterType((*SignRound2Message)(nil), tss.ProtoNamePrefix+"signing.SignRound2Message")
-	proto.RegisterType((*SignRound3Message)(nil), tss.ProtoNamePrefix+"signing.SignRound3Message")
-	proto.RegisterType((*SignRound4Message)(nil), tss.ProtoNamePrefix+"signing.SignRound4Message")
-	proto.RegisterType((*SignRound5Message)(nil), tss.ProtoNamePrefix+"signing.SignRound5Message")
-	proto.RegisterType((*SignRound6Message)(nil), tss.ProtoNamePrefix+"signing.SignRound6Message")
-	proto.RegisterType((*SignRound7Message)(nil), tss.ProtoNamePrefix+"signing.SignRound7Message")
-	proto.RegisterType((*SignRound8Message)(nil), tss.ProtoNamePrefix+"signing.SignRound8Message")
-	proto.RegisterType((*SignRound9Message)(nil), tss.ProtoNamePrefix+"signing.SignRound9Message")
+	proto.RegisterType((*SignRound1Message1)(nil), tss.ECDSAProtoNamePrefix+"signing.SignRound1Message1")
+	proto.RegisterType((*SignRound1Message2)(nil), tss.ECDSAProtoNamePrefix+"signing.SignRound1Message2")
+	proto.RegisterType((*SignRound2Message)(nil), tss.ECDSAProtoNamePrefix+"signing.SignRound2Message")
+	proto.RegisterType((*SignRound3Message)(nil), tss.ECDSAProtoNamePrefix+"signing.SignRound3Message")
+	proto.RegisterType((*SignRound4Message)(nil), tss.ECDSAProtoNamePrefix+"signing.SignRound4Message")
+	proto.RegisterType((*SignRound5Message)(nil), tss.ECDSAProtoNamePrefix+"signing.SignRound5Message")
+	proto.RegisterType((*SignRound6Message)(nil), tss.ECDSAProtoNamePrefix+"signing.SignRound6Message")
+	proto.RegisterType((*SignRound7Message)(nil), tss.ECDSAProtoNamePrefix+"signing.SignRound7Message")
+	proto.RegisterType((*SignRound8Message)(nil), tss.ECDSAProtoNamePrefix+"signing.SignRound8Message")
+	proto.RegisterType((*SignRound9Message)(nil), tss.ECDSAProtoNamePrefix+"signing.SignRound9Message")
 }
 
 // ----- //

diff --git a/ecdsa/signing/round_1.go b/ecdsa/signing/round_1.go
@@ -24,7 +24,7 @@ var (
 )
 
 // round 1 represents round 1 of the signing part of the GG18 ECDSA TSS spec (Gennaro, Goldfeder; 2018)
-func newRound1(params *tss.Parameters, key *keygen.LocalPartySaveData, data *SignatureData, temp *localTempData, out chan<- tss.Message, end chan<- SignatureData) tss.Round {
+func newRound1(params *tss.Parameters, key *keygen.LocalPartySaveData, data *common.SignatureData, temp *localTempData, out chan<- tss.Message, end chan<- common.SignatureData) tss.Round {
 	return &round1{
 		&base{params, key, data, temp, out, end, make([]bool, len(params.Parties().IDs())), false, 1}}
 }

diff --git a/ecdsa/signing/rounds.go b/ecdsa/signing/rounds.go
@@ -7,6 +7,7 @@
 package signing
 
 import (
+	"github.com/binance-chain/tss-lib/common"
 	"github.com/binance-chain/tss-lib/ecdsa/keygen"
 	"github.com/binance-chain/tss-lib/tss"
 )
@@ -19,10 +20,10 @@ type (
 	base struct {
 		*tss.Parameters
 		key     *keygen.LocalPartySaveData
-		data    *SignatureData
+		data    *common.SignatureData
 		temp    *localTempData
 		out     chan<- tss.Message
-		end     chan<- SignatureData
+		end     chan<- common.SignatureData
 		ok      []bool // `ok` tracks parties which have been verified by Update()
 		started bool
 		number  int