Merge pull request #149 from binance-chain/shareid-security

Bugfix for vss, check shareid when construct vss
bnb-chain · Oct 27, 2021 · c26beac · c26beac
2 parents 73560da + 566d4c1
commit c26beac
Show file tree

Hide file tree

Showing 2 changed files with 52 additions and 5 deletions.
diff --git a/crypto/vss/feldman_vss.go b/crypto/vss/feldman_vss.go
@@ -39,6 +39,24 @@ var (
 	one  = big.NewInt(1)
 )
 
+// Check share ids of Shamir's Secret Sharing, return error if duplicate or 0 value found
+func CheckIndexes(ec elliptic.Curve, indexes []*big.Int) ([]*big.Int, error) {
+	visited := make(map[string]struct{})
+	for i, v := range indexes {
+		vMod := new(big.Int).Mod(v, ec.Params().N)
+		if vMod.Cmp(zero) == 0 {
+			return nil, errors.New("party index should not be 0")
+		}
+		vModStr := vMod.String()
+		if _, ok := visited[vModStr]; ok {
+			return nil, fmt.Errorf("duplicate indexes %s", vModStr)
+		}
+		visited[vModStr] = struct{}{}
+		indexes[i] = vMod
+	}
+	return indexes, nil
+}
+
 // Returns a new array of secret shares created by Shamir's Secret Sharing Algorithm,
 // requiring a minimum number of shares to recreate, of length shares, from the input secret
 //
@@ -49,6 +67,12 @@ func Create(ec elliptic.Curve, threshold int, secret *big.Int, indexes []*big.In
 	if threshold < 1 {
 		return nil, nil, errors.New("vss threshold < 1")
 	}
+
+	ids, err := CheckIndexes(ec, indexes)
+	if err != nil {
+		return nil, nil, err
+	}
+
 	num := len(indexes)
 	if num < threshold {
 		return nil, nil, ErrNumSharesBelowThreshold
@@ -63,11 +87,8 @@ func Create(ec elliptic.Curve, threshold int, secret *big.Int, indexes []*big.In
 
 	shares := make(Shares, num)
 	for i := 0; i < num; i++ {
-		if indexes[i].Cmp(big.NewInt(0)) == 0 {
-			return nil, nil, fmt.Errorf("party index should not be 0")
-		}
-		share := evaluatePolynomial(ec, threshold, poly, indexes[i])
-		shares[i] = &Share{Threshold: threshold, ID: indexes[i], Share: share}
+		share := evaluatePolynomial(ec, threshold, poly, ids[i])
+		shares[i] = &Share{Threshold: threshold, ID: ids[i], Share: share}
 	}
 	return v, shares, nil
 }

diff --git a/crypto/vss/feldman_vss_test.go b/crypto/vss/feldman_vss_test.go
@@ -17,6 +17,32 @@ import (
 	"github.com/binance-chain/tss-lib/tss"
 )
 
+func TestCheckIndexesDup(t *testing.T) {
+	indexes := make([]*big.Int, 0)
+	for i := 0; i < 1000; i++ {
+		indexes = append(indexes, common.GetRandomPositiveInt(tss.EC().Params().N))
+	}
+	_, e := CheckIndexes(tss.EC(), indexes)
+	assert.NoError(t, e)
+
+	indexes = append(indexes, indexes[99])
+	_, e = CheckIndexes(tss.EC(), indexes)
+	assert.Error(t, e)
+}
+
+func TestCheckIndexesZero(t *testing.T) {
+	indexes := make([]*big.Int, 0)
+	for i := 0; i < 1000; i++ {
+		indexes = append(indexes, common.GetRandomPositiveInt(tss.EC().Params().N))
+	}
+	_, e := CheckIndexes(tss.EC(), indexes)
+	assert.NoError(t, e)
+
+	indexes = append(indexes, tss.EC().Params().N)
+	_, e = CheckIndexes(tss.EC(), indexes)
+	assert.Error(t, e)
+}
+
 func TestCreate(t *testing.T) {
 	num, threshold := 5, 3