# Elliptic curve cryptography 
## Tutorial2

In [None]:
extern crate kn0syseccrs as ecc;
extern crate num;
extern crate hex;

> this is about vectors of scalars (ScalarVector) and of points (PointVector).
   we can think of a vector as an array of data.

In [None]:
let mut v1: Vec<num::BigInt> = Vec::new();
let mut v2: Vec<num::BigInt> = Vec::new();
for i in 1..7 {
    if i < 4 {
        v1.push(num::BigInt::from(i));
    } else {
        v2.push(num::BigInt::from(i));
    }
}
let sv1 = ecc::ScalarVector::new(v1);
let sv2 = ecc::ScalarVector::new(v2);
println!("sv1: {:?}", sv1.unwrap());
println!("sv2: {:?}", sv2.unwrap());

## Scalar Vector Addition

In [None]:
let mut v1: Vec<num::BigInt> = Vec::new();
let mut v2: Vec<num::BigInt> = Vec::new();
for i in 1..7 {
    if i < 4 {
        v1.push(num::BigInt::from(i));
    } else {
        v2.push(num::BigInt::from(i));
    }
}
let sv1 = ecc::ScalarVector::new(v1);
let sv2 = ecc::ScalarVector::new(v2);
let sv3 = sv1.unwrap() + sv2.unwrap();
println!("sv1 + sv2 =  {:?}", sv3.unwrap());

## Scalar Vector Subtraction

In [None]:
let mut v1: Vec<num::BigInt> = Vec::new();
let mut v2: Vec<num::BigInt> = Vec::new();
for i in 1..7 {
    if i < 4 {
        v1.push(num::BigInt::from(i));
    } else {
        v2.push(num::BigInt::from(i));
    }
}
let sv1 = ecc::ScalarVector::new(v1);
let sv2 = ecc::ScalarVector::new(v2);
let sv3 = sv1.unwrap() - sv2.unwrap();
println!("sv1 - sv2 =  {:?}", sv3.unwrap());

## Scalar Vector Multiplication

In [None]:
let mut v1: Vec<num::BigInt> = Vec::new();
let mut v2: Vec<num::BigInt> = Vec::new();
for i in 1..7 {
    if i < 4 {
        v1.push(num::BigInt::from(i));
    } else {
        v2.push(num::BigInt::from(i));
    }
}
let sv1 = ecc::ScalarVector::new(v1);
let sv2 = ecc::ScalarVector::new(v2);
let sv3 = sv1.unwrap() * sv2.unwrap();
println!("sv1 * sv2 =  {:?}", sv3.unwrap());

## Sum of all

In [None]:
let mut v1: Vec<num::BigInt> = Vec::new();
for i in 1..7 {
    if i < 4 {
        v1.push(num::BigInt::from(i));
    }
}
let sv1 = ecc::ScalarVector::new(v1);
println!("sv1 sum of all = {:?}", sv1.unwrap().sum_of_all());

## Scalar Vector Negation

In [None]:
let mut v1: Vec<num::BigInt> = Vec::new();
for i in 1..7 {
    if i < 4 {
        v1.push(num::BigInt::from(i));
    }
}
let sv1 = ecc::ScalarVector::new(v1);
println!("sv1 neg = {:?}", -sv1.unwrap());

## Scalar Vector Dot Product x1 ** x2

In [None]:
let mut v1: Vec<num::BigInt> = Vec::new();
let mut v2: Vec<num::BigInt> = Vec::new();
for i in 1..7 {
    if i < 4 {
        v1.push(num::BigInt::from(i));
    } else {
        v2.push(num::BigInt::from(i));
    }
}
let sv1 = ecc::ScalarVector::new(v1);
let sv2 = ecc::ScalarVector::new(v2);
let sv3 = sv1.unwrap().pow(sv2.unwrap());
println!("sv1 ** sv2 =  {:?}", sv3.unwrap());

## Point Vector Operations

In [None]:
// addition
let mut v1: Vec<ecc::Point> = Vec::new();
let mut v2: Vec<ecc::Point> = Vec::new();
for i in 1..7 {
    if i < 4 {
        v1.push((ecc::G.clone() * ecc::Scalar::new(num::BigInt::from(i)).unwrap()).unwrap());
    } else {
        v2.push((ecc::G.clone() * ecc::Scalar::new(num::BigInt::from(i)).unwrap()).unwrap());
    }
}
let pv1 = ecc::PointVector::new(v1);
let pv2 = ecc::PointVector::new(v2);
let pv3 = pv1.unwrap() + pv2.unwrap();
println!("pv1 + pv2 = {:?}", pv3.unwrap());

In [None]:
// Multiscalar multiplication Scalar Vector ** Point Vector
let mut v2: Vec<ecc::Point> = Vec::new();
let mut b1: Vec<num::BigInt> = Vec::new();
let mut b1_copy: Vec<num::BigInt> = Vec::new();
let mut b2: Vec<num::BigInt> = Vec::new();
for i in 1..7 {
    if i < 4 {
        b1.push(num::BigInt::from(i));
        b1_copy.push(num::BigInt::from(i));
    } else {
        v2.push((ecc::G.clone() * ecc::Scalar::new(num::BigInt::from(i)).unwrap()).unwrap());
        b2.push(num::BigInt::from(i));
    }
}
let pv2 = ecc::PointVector::new(v2);
let sv1 = ecc::ScalarVector::new(b1);
let sv1_copy = ecc::ScalarVector::new(b1_copy);
let sv2 = ecc::ScalarVector::new(b2);
let p = sv1.unwrap().pow(sv2.unwrap());
let expected = ecc::G.clone() * p.unwrap();
let actual = pv2.unwrap().multiexp(sv1_copy.unwrap());
println!("expected: {:?}", expected.unwrap());
println!("actual: {:?}", actual.unwrap());

#### please read lib.rs code for better understanding of PointVector.

#### Exercise: implement Shamir secret sharing
read more: https://en.wikipedia.org/wiki/Shamir%27s_Secret_Sharing

here's the scenario:
* You know a secret. you call n other people (which we call 'players').
* You must give each player a "partial key" so that exactly m people (with m <= n)
* It is required to recover the secret. How would you do that?

#### Shamir secret sharing allows you to do this!

#### here's the actual secret. the players must not know this (until recovery at least)

```rust
let acutal_secret: Scalar = ecc::Scalar::new(num::BigInt::from(123456789)).unwrap();
```

#### polynomial evaluation poly(x)

```rust
fn poly_eval(x: ecc::Scalar, coeff: ecc::ScalarVector) -> ecc::Scalar {
  let mut powers_x: Vec::<num::BigInt> = Vec::new();
  powers_x.push(BigInt("1"));
  for (index, bi) in powers_x.inter().enumerate() {
    powers_x.push(x[index] * bi);
  }
  let sv1 = new ecc::ScalarVector::new(powers_x);
  return await sv1.pow(coeff);
}
```

* build the secret polynomial: we want m = 3 players to recover the secret
* hence len(poly) should be 3, or in other words, degree of polynomial should be 2.
* set coeff[0] = actual_secret, and the other coeff must be random scalars.

#### note: 
* coeff[0] corresponds to x ** 0 = 1
* coeff[1] corresponds to x ** 1 = x,
* coeff[2] corresponds to x ** 2, etc.

#### list of n = 5 'players'/x-coord of share coords
##### note: Scalar(0) is not allowed in player_list because poly(0) = secret (which leaks the secret)
```python
player_list = [Scalar(1), Scalar(2), Scalar(3), Scalar(4), Scalar(5)]
```

#### build all share coords. these are the "partial keys" to be sent to the players
```rust
// player list
let mut players_a: Vec<num::BigInt> = Vec::new();
struct Coord {
  x: ecc::Scalar,
  y: ecc::Scalar
}
let mut all_coords: Vec<Coord> = Vec::new();
for in 0..5 {
  players_a.push(num::BigInt(i));
}
let plsv = new ecc::ScalarVector::new(players_a);
// poly is a scalar vector of each player's secret key (random scalars)
for p in player_list {
  let e = poly_eval(p, poly);
  const c: Coord = {x:p, y:e};
  all_coords.push(c);
})
```

### recover the secret: implement the formula in the following link:
https://en.wikipedia.org/wiki/Shamir%27s_Secret_Sharing#Computationally_efficient_approach
#### * coords: set of coords for recovery
#### note: our "division" is (x1 * x2.invert()), NOT (x1 // x2) !!!

$$l_0(x) = \frac{x-x_1}{x_0-x_1} \cdot \frac{x-x_2}{x_0-x_2}$$
$$l_1(x) = \frac{x-x_0}{x_1-x_0} \cdot \frac{x-x_2}{x_1-x_2}$$
$$l_2(x) = \frac{x-x_0}{x_2-x_0} \cdot \frac{x-x_1}{x_2-x_1}$$

Therefore:

$$f(x) = \sum_{j=0}^{2} y_{j}\cdot l_{j}(x)$$


In [None]:
// code here

#### here's a 3 coords to recover secret:

#### Experiment: what would happen if 

1. you change some indexes?
2. add/remove coords?

```typescript
let recovery_coord: Vec<Coord> = [all_coords[1], all_coords[3], all_coords[4]];

let recovered_secret = recovery(recovery_coord);
let actual = actual_secret.get_hex();
let recovered = recovered_secret.get_hex();
if (actual === recovered) {
  println!("Shamir's Secret Sharing implementation recovered { successfully")
}
```