forked from bnb-chain/tss-lib
/
round_1.go
99 lines (79 loc) · 2.5 KB
/
round_1.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
// Copyright © 2019 Binance
//
// This file is part of Binance. The full Binance copyright notice, including
// terms governing use, modification, and redistribution, is contained in the
// file LICENSE at the root of the source code distribution tree.
package signing
import (
"errors"
"fmt"
"github.com/lastingasset/tss-lib/common"
"github.com/lastingasset/tss-lib/crypto"
"github.com/lastingasset/tss-lib/crypto/commitments"
"github.com/lastingasset/tss-lib/eddsa/keygen"
"github.com/lastingasset/tss-lib/tss"
)
// round 1 represents round 1 of the signing part of the EDDSA TSS spec
func newRound1(params *tss.Parameters, key *keygen.LocalPartySaveData, data *common.SignatureData, temp *localTempData, out chan<- tss.Message, end chan<- common.SignatureData) tss.Round {
return &round1{
&base{params, key, data, temp, out, end, make([]bool, len(params.Parties().IDs())), false, 1}}
}
func (round *round1) Start() *tss.Error {
if round.started {
return round.WrapError(errors.New("round already started"))
}
round.number = 1
round.started = true
round.resetOK()
// 1. select ri
ri := common.GetRandomPositiveInt(round.Params().EC().Params().N)
// 2. make commitment
pointRi := crypto.ScalarBaseMult(round.Params().EC(), ri)
cmt := commitments.NewHashCommitment(pointRi.X(), pointRi.Y())
// 3. store r1 message pieces
round.temp.ri = ri
round.temp.pointRi = pointRi
round.temp.deCommit = cmt.D
i := round.PartyID().Index
round.ok[i] = true
// 4. broadcast commitment
r1msg2 := NewSignRound1Message(round.PartyID(), cmt.C)
round.temp.signRound1Messages[i] = r1msg2
round.out <- r1msg2
return nil
}
func (round *round1) Update() (bool, *tss.Error) {
for j, msg := range round.temp.signRound1Messages {
if round.ok[j] {
continue
}
if msg == nil || !round.CanAccept(msg) {
return false, nil
}
round.ok[j] = true
}
return true, nil
}
func (round *round1) CanAccept(msg tss.ParsedMessage) bool {
if _, ok := msg.Content().(*SignRound1Message); ok {
return msg.IsBroadcast()
}
return false
}
func (round *round1) NextRound() tss.Round {
round.started = false
return &round2{round}
}
// ----- //
// helper to call into PrepareForSigning()
func (round *round1) prepare() error {
i := round.PartyID().Index
xi := round.key.Xi
ks := round.key.Ks
if round.Threshold()+1 > len(ks) {
return fmt.Errorf("t+1=%d is not satisfied by the key count of %d", round.Threshold()+1, len(ks))
}
wi := PrepareForSigning(round.Params().EC(), i, len(ks), xi, ks)
round.temp.wi = wi
return nil
}