Skip to content

Commit

Permalink
WIP
Browse files Browse the repository at this point in the history
  • Loading branch information
Fiono11 committed May 9, 2024
1 parent b7553e5 commit 5a25871
Show file tree
Hide file tree
Showing 5 changed files with 192 additions and 62 deletions.
24 changes: 13 additions & 11 deletions ed25519-dalek/src/olaf/errors.rs
Original file line number Diff line number Diff line change
Expand Up @@ -9,33 +9,35 @@ pub type DKGResult<T> = Result<T, DKGError>;
/// An error ocurred during the execution of the SimplPedPoP protocol.
#[derive(Debug)]
pub enum DKGError {
/// Invalid Proof of Possession.
InvalidProofOfPossession(SignatureError),
/// Threshold cannot be greater than the number of participants.
ExcessiveThreshold,
/// Threshold must be at least 2.
InsufficientThreshold,
/// Number of participants is invalid.
InvalidNumberOfParticipants,
/// Invalid PublicKey.
/// Invalid public key.
InvalidPublicKey(SignatureError),
/// Invalid Signature.
/// Invalid group public key.
InvalidGroupPublicKey,
/// Invalid signature.
InvalidSignature(SignatureError),
/// Invalid Ristretto Point.
InvalidRistrettoPoint,
/// Invalid coefficient commitment of the polynomial commitment.
InvalidCoefficientCommitment,
/// Invalid identifier.
InvalidIdentifier,
/// Invalid secret share.
InvalidSecretShare,
/// Deserialization Error.
DeserializationError(TryFromSliceError),
/// The parameters of all messages should be equal.
/// The parameters of all messages must be equal.
DifferentParameters,
/// The recipients hash of all messages should be equal.
/// The recipients hash of all messages must be equal.
DifferentRecipientsHash,
/// The number of messages should be 2 at least, which the minimum number of participants.
InvalidNumberOfMessages,
/// The degree of the polynomial commitment be equal to the number of participants - 1.
IncorrectPolynomialCommitmentDegree,
/// The number of encrypted shares per message should be equal to the number of participants.
/// The number of coefficient commitments of the polynomial commitment must be equal to the threshold - 1.
IncorrectNumberOfCoefficientCommitments,
/// The number of encrypted shares per message must be equal to the number of participants.
IncorrectNumberOfEncryptedShares,
/// Decryption error when decrypting an encrypted secret share.
DecryptionError(chacha20poly1305::Error),
Expand Down
18 changes: 15 additions & 3 deletions ed25519-dalek/src/olaf/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -32,9 +32,21 @@ impl Identifier {
let mut pos = Transcript::new(b"Identifier");
pos.append_message(b"RecipientsHash", recipients_hash);
pos.append_message(b"i", &index.to_le_bytes()[..]);
let mut bytes = [0; SCALAR_LENGTH];
pos.challenge_bytes(b"evaluation position", &mut bytes);

Identifier(Scalar::from_canonical_bytes(bytes).unwrap())
let mut buf = [0; 64];
pos.challenge_bytes(b"identifier", &mut buf);

Identifier(Scalar::from_bytes_mod_order_wide(&buf))
}
}

pub(crate) fn scalar_from_canonical_bytes(bytes: [u8; 32]) -> Option<Scalar> {
let key = Scalar::from_canonical_bytes(bytes);

// Note: this is a `CtOption` so we have to do this to extract the value.
if bool::from(key.is_none()) {
return None;
}

Some(key.unwrap())
}
31 changes: 19 additions & 12 deletions ed25519-dalek/src/olaf/simplpedpop.rs
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,12 @@ impl SigningKey {

let recipient = recipients[i as usize];

let key_exchange: EdwardsPoint = ephemeral_key.to_scalar() * recipient.point;
let key_exchange: EdwardsPoint = secret * recipient.point;

//println!("secret: {:?}", secret);
println!("point1-A: {:?}", secret * GENERATOR);
//println!("scalar: {:?}", ephemeral_key.to_scalar());
println!("point2-A: {:?}", recipient.point);

let mut encryption_transcript = encryption_transcript.clone();
encryption_transcript.append_message(b"recipient", recipient.as_bytes());
Expand Down Expand Up @@ -136,6 +141,12 @@ impl SigningKey {
let mut identifiers = Vec::new();

for (j, message) in messages.iter().enumerate() {
message
.content
.sender
.verify(&message.content.to_bytes(), &message.signature)
.map_err(DKGError::InvalidSignature)?;

if &message.content.parameters != parameters {
return Err(DKGError::DifferentParameters);
}
Expand All @@ -160,8 +171,8 @@ impl SigningKey {
encryption_transcript.append_message(b"contributor", content.sender.as_bytes());
encryption_transcript.append_message(b"nonce", &content.encryption_nonce);

if polynomial_commitment.coefficients_commitments.len() != threshold - 1 {
return Err(DKGError::IncorrectPolynomialCommitmentDegree);
if polynomial_commitment.coefficients_commitments.len() != threshold {
return Err(DKGError::IncorrectNumberOfCoefficientCommitments);
}

if encrypted_secret_shares.len() != participants {
Expand All @@ -177,6 +188,11 @@ impl SigningKey {

let key_exchange: EdwardsPoint = self.to_scalar() * secret_commitment;

assert!(self.to_scalar() * GENERATOR == self.verifying_key.point);

println!("point1-B: {:?}", secret_commitment);
println!("point2-B: {:?}", self.to_scalar() * GENERATOR);

encryption_transcript.append_message(b"recipient", self.verifying_key.as_bytes());
encryption_transcript
.append_message(b"key exchange", &key_exchange.compress().as_bytes()[..]);
Expand Down Expand Up @@ -215,15 +231,6 @@ impl SigningKey {
group_point += secret_commitment;
}

for i in 0..signatures.len() {
self.verifying_key
.verify(&signatures_messages[i], &signatures[i])
.map_err(DKGError::InvalidSignature)?;
}

//verify_batch(&mut signatures_transcripts, &signatures, &senders, false)
//.map_err(DKGError::InvalidSignature)?;

for id in &identifiers {
let evaluation = total_polynomial_commitment.evaluate(&id.0);
verifying_keys.push((*id, VerifyingShare(VerifyingKey::from(evaluation))));
Expand Down
39 changes: 22 additions & 17 deletions ed25519-dalek/src/olaf/tests.rs
Original file line number Diff line number Diff line change
Expand Up @@ -10,11 +10,12 @@ mod tests {
use crate::{SigningKey, VerifyingKey};
use alloc::vec::Vec;
use curve25519_dalek::Scalar;
use ed25519::signature::Signer;
use merlin::Transcript;
use rand::Rng;
use rand_core::OsRng;

const MAXIMUM_PARTICIPANTS: u16 = 10;
const MAXIMUM_PARTICIPANTS: u16 = 2;
const MINIMUM_PARTICIPANTS: u16 = 2;
const PROTOCOL_RUNS: usize = 1;

Expand All @@ -41,6 +42,7 @@ mod tests {
let mut keypairs: Vec<SigningKey> = (0..participants)
.map(|_| SigningKey::generate(&mut OsRng))
.collect();

let public_keys: Vec<VerifyingKey> =
keypairs.iter().map(|kp| kp.verifying_key).collect();

Expand All @@ -54,7 +56,7 @@ mod tests {

let mut dkg_outputs = Vec::new();

for kp in keypairs.iter() {
for kp in keypairs.iter_mut() {
let dkg_output = kp.simplpedpop_recipient_all(&all_messages).unwrap();
dkg_outputs.push(dkg_output);
}
Expand All @@ -81,8 +83,9 @@ mod tests {
for i in 0..participants {
for j in 0..participants {
assert_eq!(
dkg_outputs[i].0.dkg_output.verifying_keys[j].1 .0,
(dkg_outputs[j].1 .0.to_public()),
dkg_outputs[i].0.dkg_output.verifying_keys[j].1 .0.point,
(Scalar::from_canonical_bytes(dkg_outputs[j].1 .0).unwrap()
* GENERATOR),
"Verification of total secret shares failed!"
);
}
Expand All @@ -99,11 +102,14 @@ mod tests {
let mut keypairs: Vec<SigningKey> = (0..participants)
.map(|_| SigningKey::generate(&mut rng))
.collect();
let public_keys: Vec<VerifyingKey> =
keypairs.iter().map(|kp| kp.verifying_key.clone()).collect();

let public_keys: Vec<VerifyingKey> = keypairs
.iter_mut()
.map(|kp| kp.verifying_key.clone())
.collect();

let mut messages: Vec<AllMessage> = keypairs
.iter()
.iter_mut()
.map(|kp| {
kp.simplpedpop_contribute_all(threshold, public_keys.clone())
.unwrap()
Expand Down Expand Up @@ -175,7 +181,7 @@ mod tests {
keypairs.iter().map(|kp| kp.verifying_key.clone()).collect();

let mut messages: Vec<AllMessage> = keypairs
.iter()
.iter_mut()
.map(|kp| {
kp.simplpedpop_contribute_all(threshold, public_keys.clone())
.unwrap()
Expand Down Expand Up @@ -213,7 +219,7 @@ mod tests {
keypairs.iter().map(|kp| kp.verifying_key.clone()).collect();

let mut messages: Vec<AllMessage> = keypairs
.iter()
.iter_mut()
.map(|kp| {
kp.simplpedpop_contribute_all(threshold, public_keys.clone())
.unwrap()
Expand All @@ -231,9 +237,9 @@ mod tests {
match result {
Ok(_) => panic!("Expected an error, but got Ok."),
Err(e) => match e {
DKGError::IncorrectPolynomialCommitmentDegree => assert!(true),
DKGError::IncorrectNumberOfCoefficientCommitments => assert!(true),
_ => panic!(
"Expected DKGError::IncorrectNumberOfCommitments, but got {:?}",
"Expected DKGError::IncorrectNumberOfCoefficientCommitments, but got {:?}",
e
),
},
Expand All @@ -253,7 +259,7 @@ mod tests {
keypairs.iter().map(|kp| kp.verifying_key.clone()).collect();

let mut messages: Vec<AllMessage> = keypairs
.iter()
.iter_mut()
.map(|kp| {
kp.simplpedpop_contribute_all(threshold, public_keys.clone())
.unwrap()
Expand Down Expand Up @@ -289,7 +295,7 @@ mod tests {
keypairs.iter().map(|kp| kp.verifying_key.clone()).collect();

let mut messages: Vec<AllMessage> = keypairs
.iter()
.iter_mut()
.map(|kp| {
kp.simplpedpop_contribute_all(threshold, public_keys.clone())
.unwrap()
Expand Down Expand Up @@ -319,20 +325,19 @@ mod tests {
let mut keypairs: Vec<SigningKey> = (0..participants)
.map(|_| SigningKey::generate(&mut rng))
.collect();

let public_keys: Vec<VerifyingKey> =
keypairs.iter().map(|kp| kp.verifying_key.clone()).collect();

let mut messages: Vec<AllMessage> = keypairs
.iter()
.iter_mut()
.map(|kp| {
kp.simplpedpop_contribute_all(threshold, public_keys.clone())
.unwrap()
})
.collect();

messages[1].signature = keypairs[1]
.secret
.sign(Transcript::new(b"invalid"), &keypairs[1].public);
messages[1].signature = keypairs[1].sign(b"invalid");

let result = keypairs[0].simplpedpop_recipient_all(&messages);

Expand Down
Loading

0 comments on commit 5a25871

Please sign in to comment.