-
Notifications
You must be signed in to change notification settings - Fork 0
/
round_3.go
118 lines (104 loc) · 3.23 KB
/
round_3.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
/*
* Copyright (C) 2020-2021 AnySwap Ltd. All rights reserved.
* Copyright (C) 2020-2021 haijun.cai@anyswap.exchange
*
* This library is free software; you can redistribute it and/or
* modify it under the Apache License, Version 2.0.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
*
* See the License for the specific language governing permissions and
* limitations under the License.
*
*/
package keygen
import (
"errors"
//"fmt"
"github.com/deltaswapio/gsmpc/log"
"github.com/deltaswapio/gsmpc/smpc-lib/crypto/ec2"
"github.com/deltaswapio/gsmpc/smpc-lib/smpc"
)
// Start broacast commitment D
func (round *round3) Start() error {
if round.started {
return errors.New("round already started")
}
round.number = 3
round.started = true
round.ResetOK()
curIndex, err := round.GetDNodeIDIndex(round.dnodeid)
if err != nil {
return err
}
ids, err := round.GetIDs()
if err != nil {
return err
}
// add for GG20: keygen phase 3. Each player Pi proves in ZK that Ni is square-free using the proof of Gennaro, Micciancio, and Rabin [30]
// An Efficient Non-Interactive Statistical Zero-Knowledge Proof System for Quasi-Safe Prime Products, section 3.1
for k := range ids {
msg1, ok := round.temp.kgRound1Messages[k].(*KGRound1Message)
if !ok {
return errors.New("round.Start get round1 msg fail")
}
paiPk := msg1.U1PaillierPk
if paiPk == nil {
return errors.New("error kg round1 message")
}
msg22, ok := round.temp.kgRound2Messages2[k].(*KGRound2Message2)
if !ok {
return errors.New("round.Start get round2 msg 2 fail")
}
if !ec2.SquareFreeVerify(paiPk.N, msg22.Num, msg22.SfPf) {
log.Error("keygen round3,check that a zero-knowledge proof that paillier.N is a square-free integer fail", "k", ids[k])
return errors.New("check that a zero-knowledge proof that paillier.N is a square-free integer fail")
}
}
kg := &KGRound3Message{
KGRoundMessage: new(KGRoundMessage),
ComU1GD: round.temp.commitU1G.D,
ComC1GD: round.temp.commitC1G.D,
U1PolyGG: round.temp.u1PolyG.PolyG,
}
kg.SetFromID(round.dnodeid)
kg.SetFromIndex(curIndex)
round.temp.kgRound3Messages[curIndex] = kg
round.out <- kg
//fmt.Printf("========= round3 start success, u1polygg = %v, k = %v ==========\n", round.temp.u1PolyG.PolyG, curIndex)
return nil
}
// CanAccept is it legal to receive this message
func (round *round3) CanAccept(msg smpc.Message) bool {
if _, ok := msg.(*KGRound3Message); ok {
return msg.IsBroadcast()
}
/*if _, ok := msg.(*KGRound3Message1); ok {
return !msg.IsBroadcast()
}*/
return false
}
// Update is the message received and ready for the next round?
func (round *round3) Update() (bool, error) {
for j, msg := range round.temp.kgRound3Messages {
if round.ok[j] {
continue
}
if msg == nil || !round.CanAccept(msg) {
return false, nil
}
/*msg31 := round.temp.kgRound3Messages1[j]
if msg31 == nil || !round.CanAccept(msg31) {
return false, nil
}*/
round.ok[j] = true
}
return true, nil
}
// NextRound enter next round
func (round *round3) NextRound() smpc.Round {
round.started = false
return &round4{round}
}