forked from taurushq-io/multi-party-sig
-
Notifications
You must be signed in to change notification settings - Fork 0
/
round2.go
124 lines (100 loc) · 3.67 KB
/
round2.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
package keygen
import (
"github.com/cronokirby/saferith"
"github.com/taurusgroup/multi-party-sig/internal/round"
"github.com/taurusgroup/multi-party-sig/internal/types"
"github.com/taurusgroup/multi-party-sig/pkg/hash"
"github.com/taurusgroup/multi-party-sig/pkg/math/curve"
"github.com/taurusgroup/multi-party-sig/pkg/math/polynomial"
"github.com/taurusgroup/multi-party-sig/pkg/paillier"
"github.com/taurusgroup/multi-party-sig/pkg/party"
"github.com/taurusgroup/multi-party-sig/pkg/pedersen"
zksch "github.com/taurusgroup/multi-party-sig/pkg/zk/sch"
)
var _ round.Round = (*round2)(nil)
type round2 struct {
*round1
// VSSPolynomials[j] = Fⱼ(X) = fⱼ(X)•G
VSSPolynomials map[party.ID]*polynomial.Exponent
// Commitments[j] = H(Keygen3ⱼ ∥ Decommitments[j])
Commitments map[party.ID]hash.Commitment
// RIDs[j] = ridⱼ
RIDs map[party.ID]types.RID
// ChainKeys[j] = cⱼ
ChainKeys map[party.ID]types.RID
// ShareReceived[j] = xʲᵢ
// share received from party j
ShareReceived map[party.ID]curve.Scalar
ElGamalPublic map[party.ID]curve.Point
// PaillierPublic[j] = Nⱼ
PaillierPublic map[party.ID]*paillier.PublicKey
// Pedersen[j] = (Nⱼ,Sⱼ,Tⱼ)
Pedersen map[party.ID]*pedersen.Parameters
ElGamalSecret curve.Scalar
// PaillierSecret = (pᵢ, qᵢ)
PaillierSecret *paillier.SecretKey
// PedersenSecret = λᵢ
// Used to generate the Pedersen parameters
PedersenSecret *saferith.Nat
// SchnorrRand = aᵢ
// Randomness used to compute Schnorr commitment of proof of knowledge of secret share
SchnorrRand *zksch.Randomness
// Decommitment for Keygen3ᵢ
Decommitment hash.Decommitment // uᵢ
}
type broadcast2 struct {
round.ReliableBroadcastContent
// Commitment = Vᵢ = H(ρᵢ, Fᵢ(X), Aᵢ, Yᵢ, Nᵢ, sᵢ, tᵢ, uᵢ)
Commitment hash.Commitment
}
// StoreBroadcastMessage implements round.BroadcastRound.
// - save commitment Vⱼ.
func (r *round2) StoreBroadcastMessage(msg round.Message) error {
body, ok := msg.Content.(*broadcast2)
if !ok || body == nil {
return round.ErrInvalidContent
}
if err := body.Commitment.Validate(); err != nil {
return err
}
r.Commitments[msg.From] = body.Commitment
return nil
}
// VerifyMessage implements round.Round.
func (round2) VerifyMessage(round.Message) error { return nil }
// StoreMessage implements round.Round.
func (round2) StoreMessage(round.Message) error { return nil }
// Finalize implements round.Round
//
// - send all committed data.
func (r *round2) Finalize(out chan<- *round.Message) (round.Session, error) {
// Send the message we created in Round1 to all
err := r.BroadcastMessage(out, &broadcast3{
RID: r.RIDs[r.SelfID()],
C: r.ChainKeys[r.SelfID()],
VSSPolynomial: r.VSSPolynomials[r.SelfID()],
SchnorrCommitments: r.SchnorrRand.Commitment(),
ElGamalPublic: r.ElGamalPublic[r.SelfID()],
N: r.Pedersen[r.SelfID()].N(),
S: r.Pedersen[r.SelfID()].S(),
T: r.Pedersen[r.SelfID()].T(),
Decommitment: r.Decommitment,
})
if err != nil {
return r, err
}
return &round3{
round2: r,
SchnorrCommitments: map[party.ID]*zksch.Commitment{},
}, nil
}
// PreviousRound implements round.Round.
func (r *round2) PreviousRound() round.Round { return r.round1 }
// MessageContent implements round.Round.
func (round2) MessageContent() round.Content { return nil }
// RoundNumber implements round.Content.
func (broadcast2) RoundNumber() round.Number { return 2 }
// BroadcastContent implements round.BroadcastRound.
func (round2) BroadcastContent() round.BroadcastContent { return &broadcast2{} }
// Number implements round.Round.
func (round2) Number() round.Number { return 2 }