From 8050e3a2809976d8c71362f6b38d069ffb3d76d4 Mon Sep 17 00:00:00 2001 From: bytemare <3641580+bytemare@users.noreply.github.com> Date: Tue, 8 Oct 2024 02:14:33 +0200 Subject: [PATCH] rename groupublickey to verificationkey, add tests Signed-off-by: bytemare <3641580+bytemare@users.noreply.github.com> --- README.md | 2 +- coordinator.go | 2 +- debug/debug.go | 4 +- encoding.go | 22 +++++----- examples_test.go | 42 ++++++++++++++----- frost.go | 18 ++++----- go.mod | 4 +- go.sum | 8 ++-- internal/lambda.go | 11 ++++- signer.go | 2 +- tests/commitment_test.go | 4 +- tests/configuration_test.go | 74 ++++++++++++++++----------------- tests/dkg_test.go | 4 +- tests/encoding_test.go | 81 +++++++++++++++++++++---------------- tests/frost_error_test.go | 4 +- tests/frost_test.go | 19 +++++---- tests/misc_test.go | 57 +++++++++++++++++++------- tests/vector_utils_test.go | 14 +++---- tests/vectors_test.go | 8 ++-- 19 files changed, 227 insertions(+), 153 deletions(-) diff --git a/README.md b/README.md index a61d87c..7ac3a99 100644 --- a/README.md +++ b/README.md @@ -129,7 +129,7 @@ configuration := &frost.Configuration{ Ciphersuite: ciphersuite, Threshold: threshold, MaxSigners: maxSigners, - GroupPublicKey: groupPublicKey, + VerificationKey: verificationKey, SignerPublicKeyShares: publicKeyShares, } diff --git a/coordinator.go b/coordinator.go index ad7008b..72acc7e 100644 --- a/coordinator.go +++ b/coordinator.go @@ -128,7 +128,7 @@ func (c *Configuration) prepareSignatureShareVerification(message []byte, return nil, nil, nil, fmt.Errorf("invalid list of commitments: %w", err) } - groupCommitment, bindingFactors := commitments.groupCommitmentAndBindingFactors(c.GroupPublicKey, message) + groupCommitment, bindingFactors := commitments.groupCommitmentAndBindingFactors(c.VerificationKey, message) participants := commitments.ParticipantsScalar() return groupCommitment, bindingFactors, participants, nil diff --git a/debug/debug.go b/debug/debug.go index c1b429d..ce9a8bd 100644 --- a/debug/debug.go +++ b/debug/debug.go @@ -55,8 +55,8 @@ func TrustedDealerKeygen( shares := make([]*keys.KeyShare, maxSigners) for i, k := range privateKeyShares { shares[i] = &keys.KeyShare{ - Secret: k.Secret, - GroupPublicKey: coms[0], + Secret: k.Secret, + VerificationKey: coms[0], PublicKeyShare: keys.PublicKeyShare{ PublicKey: g.Base().Multiply(k.Secret), VssCommitment: coms, diff --git a/encoding.go b/encoding.go index 1a981d1..83f9ba4 100644 --- a/encoding.go +++ b/encoding.go @@ -102,7 +102,7 @@ func (c *Configuration) Encode() []byte { binary.LittleEndian.PutUint16(out[3:5], c.MaxSigners) binary.LittleEndian.PutUint16(out[5:7], uint16(len(c.SignerPublicKeyShares))) - out = append(out, c.GroupPublicKey.Encode()...) + out = append(out, c.VerificationKey.Encode()...) for _, pk := range c.SignerPublicKeyShares { out = append(out, pk.Encode()...) @@ -165,7 +165,7 @@ func (c *Configuration) decode(header *confHeader, data []byte) error { Ciphersuite: Ciphersuite(header.g), Threshold: uint16(header.t), MaxSigners: uint16(header.n), - GroupPublicKey: gpk, + VerificationKey: gpk, SignerPublicKeyShares: pks, group: header.g, verified: false, @@ -198,7 +198,7 @@ func (c *Configuration) decode(header *confHeader, data []byte) error { c.Ciphersuite = conf.Ciphersuite c.Threshold = conf.Threshold c.MaxSigners = conf.MaxSigners - c.GroupPublicKey = gpk + c.VerificationKey = gpk c.SignerPublicKeyShares = pks c.group = ecc.Group(conf.Ciphersuite) c.verified = true @@ -364,9 +364,9 @@ func (s *Signer) Decode(data []byte) error { nLambdas := int(binary.LittleEndian.Uint16(data[header.length+4 : header.length+6])) g := conf.group _, nLen := encodedLength(encNonceCommitment, g) - _, lLem := encodedLength(encLambda, g) + _, llen := encodedLength(encLambda, g) - _, length := encodedLength(encSigner, g, header.length, ksLen, nCommitments*nLen, nLambdas*lLem) + _, length := encodedLength(encSigner, g, header.length, ksLen, nCommitments*nLen, nLambdas*llen) if len(data) != length { return fmt.Errorf(errFmt, errDecodeSignerPrefix, errInvalidLength) } @@ -383,9 +383,9 @@ func (s *Signer) Decode(data []byte) error { } offset += ksLen - stop := offset + nLambdas*lLem + stop := offset + nLambdas*llen - lambdaRegistry := make(internal.LambdaRegistry, lLem) + lambdaRegistry := make(internal.LambdaRegistry, llen) if err = lambdaRegistry.Decode(g, data[offset:stop]); err != nil { return fmt.Errorf("%w: failed to decode lambda registry in signer: %w", errDecodeSignerPrefix, err) } @@ -692,15 +692,15 @@ type shadowInit interface { type configurationShadow Configuration func (c *configurationShadow) init(g ecc.Group) { - c.GroupPublicKey = g.NewElement() + c.VerificationKey = g.NewElement() } type signerShadow Signer func (s *signerShadow) init(g ecc.Group) { s.KeyShare = &keys.KeyShare{ - Secret: g.NewScalar(), - GroupPublicKey: g.NewElement(), + Secret: g.NewScalar(), + VerificationKey: g.NewElement(), PublicKeyShare: keys.PublicKeyShare{ PublicKey: g.NewElement(), VssCommitment: nil, @@ -709,7 +709,7 @@ func (s *signerShadow) init(g ecc.Group) { }, } s.Configuration = &Configuration{ - GroupPublicKey: g.NewElement(), + VerificationKey: g.NewElement(), SignerPublicKeyShares: nil, Threshold: 0, MaxSigners: 0, diff --git a/examples_test.go b/examples_test.go index 5477f0d..75622ad 100644 --- a/examples_test.go +++ b/examples_test.go @@ -14,6 +14,7 @@ import ( "fmt" "strings" + "github.com/bytemare/ecc" "github.com/bytemare/secret-sharing/keys" "github.com/bytemare/frost" @@ -31,7 +32,7 @@ func Example_signer() { // and their signing share. // This example uses a centralised trusted dealer, but it is strongly recommended to use distributed key generation, // e.g. from github.com/bytemare/dkg, which is compatible with FROST. - secretKeyShares, groupPublicKey, _ := debug.TrustedDealerKeygen(ciphersuite, nil, threshold, maxSigners) + secretKeyShares, verificationKey, _ := debug.TrustedDealerKeygen(ciphersuite, nil, threshold, maxSigners) // Since we used a centralised key generation, we only take the first key share for our participant. participantSecretKeyShare := secretKeyShares[0] @@ -50,7 +51,7 @@ func Example_signer() { Ciphersuite: ciphersuite, Threshold: threshold, MaxSigners: maxSigners, - GroupPublicKey: groupPublicKey, + VerificationKey: verificationKey, SignerPublicKeyShares: publicKeyShares, } @@ -123,7 +124,7 @@ func Example_coordinator() { // We assume you already have a pool of participants with distinct non-zero identifiers and their signing share. // The following block uses a centralised trusted dealer to do this, but it is strongly recommended to use // distributed key generation, e.g. from github.com/bytemare/dkg, which is compatible with FROST. - secretKeyShares, groupPublicKey, _ := debug.TrustedDealerKeygen(ciphersuite, nil, threshold, maxSigners) + secretKeyShares, verificationKey, _ := debug.TrustedDealerKeygen(ciphersuite, nil, threshold, maxSigners) participantSecretKeyShares := secretKeyShares[:threshold] participants := make([]*frost.Signer, threshold) @@ -139,7 +140,7 @@ func Example_coordinator() { Ciphersuite: ciphersuite, Threshold: threshold, MaxSigners: maxSigners, - GroupPublicKey: groupPublicKey, + VerificationKey: verificationKey, SignerPublicKeyShares: publicKeyShares, } @@ -189,7 +190,7 @@ func Example_coordinator() { // Verify the signature and identify potential foul players. Note that since we set verify to true when calling // AggregateSignatures, the following is redundant. // Anyone can verify the signature given the ciphersuite parameter, message, and the group public key. - if err = frost.VerifySignature(ciphersuite, message, signature, groupPublicKey); err != nil { + if err = frost.VerifySignature(ciphersuite, message, signature, verificationKey); err != nil { // At this point one should try to identify which participant's signature share is invalid and act on it. // This verification is done as follows: for _, signatureShare := range signatureShares { @@ -216,13 +217,32 @@ func Example_coordinator() { // Example_key_generation shows how to create keys in a threshold setup with a centralized trusted dealer. // - a decentralised protocol described in the original FROST paper func Example_key_generation_centralised_trusted_dealer() { - panic(nil) + maxSigners := uint16(5) + threshold := uint16(3) + ciphersuite := frost.Default + + optionnalSecretKey := ciphersuite.Group().NewScalar().Random() + keyShares, verificationKey, vssCommitment := debug.TrustedDealerKeygen( + ciphersuite, + optionnalSecretKey, + threshold, + maxSigners, + ) + + fmt.Printf("Created %d key shares with %d vss commitments and %d verification key.", + len(keyShares), + len(vssCommitment), + len([]*ecc.Element{verificationKey}), // yes that line is ugly but it's pretext to use the variable produced. + ) + + // Output: Created 5 key shares with 3 vss commitments and 1 verification key. } // Example_key_generation shows how to create keys in a threshold setup with distributed key generation described in // the original FROST paper. func Example_key_generation_decentralised() { - panic(nil) + fmt.Println("Visit github.com/bytemare/dkg for an example and documentation.") + // Output: Visit github.com/bytemare/dkg for an example and documentation. } // Example_existing_keys shows how to import existing keys in their canonical byte encoding. @@ -361,7 +381,7 @@ func Example_key_deserialization() { // Example_deserialize shows how to encode and decode a FROST messages. func Example_deserialize() { - groupPublicKeyHex := "74144431f64b052a173c2505e4224a6cc5f3e81d587d4f23369e1b2b1fd0d427" + verificationKeyHex := "74144431f64b052a173c2505e4224a6cc5f3e81d587d4f23369e1b2b1fd0d427" publicKeySharesHex := []string{ "010100000000003c5ff80cd593a3b7e9007fdbc2b8fe6caee380e7d23eb7ba35160a5b7a51cb08", "0102000000000002db540a823f17b975d9eb206ccfbcf3a7667a0365ec1918fa2c3bb69acb105c", @@ -369,8 +389,8 @@ func Example_deserialize() { } g := frost.Default.Group() - groupPublicKey := g.NewElement() - if err := groupPublicKey.DecodeHex(groupPublicKeyHex); err != nil { + verificationKey := g.NewElement() + if err := verificationKey.DecodeHex(verificationKeyHex); err != nil { fmt.Println(err) } @@ -389,7 +409,7 @@ func Example_deserialize() { Ciphersuite: frost.Default, Threshold: 2, MaxSigners: 3, - GroupPublicKey: groupPublicKey, + VerificationKey: verificationKey, SignerPublicKeyShares: publicKeyShares, } diff --git a/frost.go b/frost.go index 60283e7..416f683 100644 --- a/frost.go +++ b/frost.go @@ -71,7 +71,7 @@ func (c Ciphersuite) Group() ecc.Group { // Configuration holds the Configuration for a signing session. type Configuration struct { - GroupPublicKey *ecc.Element `json:"groupPublicKey"` + VerificationKey *ecc.Element `json:"verificationKey"` SignerPublicKeyShares []*keys.PublicKeyShare `json:"signerPublicKeyShares"` Threshold uint16 `json:"threshold"` MaxSigners uint16 `json:"maxSigners"` @@ -184,7 +184,7 @@ func (c *Configuration) ValidateKeyShare(keyShare *keys.KeyShare) error { return err } - if !c.GroupPublicKey.Equal(keyShare.GroupPublicKey) { + if !c.VerificationKey.Equal(keyShare.VerificationKey) { return errKeyShareNotMatch } @@ -277,7 +277,7 @@ func (c *Configuration) verifyConfiguration() error { return errInvalidMaxSignersOrder } - if err := c.validateGroupElement(c.GroupPublicKey); err != nil { + if err := c.validateGroupElement(c.VerificationKey); err != nil { return fmt.Errorf("invalid group public key, the key %w", err) } @@ -322,7 +322,7 @@ func (c *Configuration) validateGroupElement(e *ecc.Element) error { } func (c *Configuration) challenge(lambda *ecc.Scalar, message []byte, groupCommitment *ecc.Element) *ecc.Scalar { - chall := SchnorrChallenge(c.group, message, groupCommitment, c.GroupPublicKey) + chall := SchnorrChallenge(c.group, message, groupCommitment, c.VerificationKey) return chall.Multiply(lambda) } @@ -387,7 +387,7 @@ func NewPublicKeyShare(c Ciphersuite, id uint16, signerPublicKey []byte) (*keys. func NewKeyShare( c Ciphersuite, id uint16, - secretShare, signerPublicKey, groupPublicKey []byte, + secretShare, signerPublicKey, verificationKey []byte, ) (*keys.KeyShare, error) { pks, err := NewPublicKeyShare(c, id, signerPublicKey) if err != nil { @@ -407,13 +407,13 @@ func NewKeyShare( } gpk := g.NewElement() - if err = gpk.Decode(groupPublicKey); err != nil { + if err = gpk.Decode(verificationKey); err != nil { return nil, fmt.Errorf("could not decode the group public key: %w", err) } return &keys.KeyShare{ - Secret: s, - GroupPublicKey: gpk, - PublicKeyShare: *pks, + Secret: s, + VerificationKey: gpk, + PublicKeyShare: *pks, }, nil } diff --git a/go.mod b/go.mod index 3bc910d..7b401e0 100644 --- a/go.mod +++ b/go.mod @@ -4,10 +4,10 @@ go 1.23.1 require ( filippo.io/edwards25519 v1.1.0 - github.com/bytemare/dkg v0.0.0-20241004153610-04af7b423593 + github.com/bytemare/dkg v0.0.0-20241007182121-23ea4d549880 github.com/bytemare/ecc v0.8.2 github.com/bytemare/hash v0.3.0 - github.com/bytemare/secret-sharing v0.6.0 + github.com/bytemare/secret-sharing v0.7.0 github.com/gtank/ristretto255 v0.1.2 ) diff --git a/go.sum b/go.sum index c11d5ef..0a9b082 100644 --- a/go.sum +++ b/go.sum @@ -2,8 +2,8 @@ filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA= filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4= filippo.io/nistec v0.0.3 h1:h336Je2jRDZdBCLy2fLDUd9E2unG32JLwcJi0JQE9Cw= filippo.io/nistec v0.0.3/go.mod h1:84fxC9mi+MhC2AERXI4LSa8cmSVOzrFikg6hZ4IfCyw= -github.com/bytemare/dkg v0.0.0-20241004153610-04af7b423593 h1:pIVaRXwCFangFes/2adBWxQskwWbWU5DlgO/i1f0Q0w= -github.com/bytemare/dkg v0.0.0-20241004153610-04af7b423593/go.mod h1:uu0zK5IObiwEexMegqZe/wLyK+HZTstGnrz47ZdDkiI= +github.com/bytemare/dkg v0.0.0-20241007182121-23ea4d549880 h1:KoEDglTZoJx0EaWdmYkvdrPNxAr/Hkc1WgWvH2b/XCw= +github.com/bytemare/dkg v0.0.0-20241007182121-23ea4d549880/go.mod h1:szhmKyIBs11r5IPo/jGqwxfmnpELmbj8okgdKxA+QVs= github.com/bytemare/ecc v0.8.2 h1:MN+Ah48hApFpzJgIMa1xOrK7/R5uwCV06dtJyuHAi3Y= github.com/bytemare/ecc v0.8.2/go.mod h1:dvkSikSCejw8YaTdJs6lZSN4qz9B4PC5PtGq+CRDmHk= github.com/bytemare/hash v0.3.0 h1:RqFMt3mqpF7UxLdjBrsOZm/2cz0cQiAOnYc9gDLopWE= @@ -12,8 +12,8 @@ github.com/bytemare/hash2curve v0.3.0 h1:41Npcbc+u/E252A5aCMtxDcz7JPkkX1QzShneTF github.com/bytemare/hash2curve v0.3.0/go.mod h1:itj45U8uqvCtWC0eCswIHVHswXcEHkpFui7gfJdPSfQ= github.com/bytemare/secp256k1 v0.1.6 h1:5pOA84UBBTPTUmCkjtH6jHrbvZSh2kyxG0mW/OjSih0= github.com/bytemare/secp256k1 v0.1.6/go.mod h1:Zr7o3YCog5jKx5JwgYbj984gRIqVioTDZMSDo1y0zgE= -github.com/bytemare/secret-sharing v0.6.0 h1:/gQhsC3BY2pn7nIl+1sQDtI4c9IfkjuTbBXsvh922UM= -github.com/bytemare/secret-sharing v0.6.0/go.mod h1:CQ7ALe5CIbvnEGhcF50LKu9brAki7efQPT3d/UUhzQQ= +github.com/bytemare/secret-sharing v0.7.0 h1:ayJWEhwQzeChtavB4WrqufRJPnG5u2IePe1MEeJJEgs= +github.com/bytemare/secret-sharing v0.7.0/go.mod h1:Qzrf83Sk36D2NGJpk1/0H6YJx0SnsiOtrS6zaiISL2o= github.com/gtank/ristretto255 v0.1.2 h1:JEqUCPA1NvLq5DwYtuzigd7ss8fwbYay9fi4/5uMzcc= github.com/gtank/ristretto255 v0.1.2/go.mod h1:Ph5OpO6c7xKUGROZfWVLiJf9icMDwUeIvY4OmlYW69o= golang.org/x/crypto v0.28.0 h1:GBDwsMXVQi34v5CCYUm2jkJvu4cbtru2U4TN2PSyQnw= diff --git a/internal/lambda.go b/internal/lambda.go index d9d87ea..70a8ac2 100644 --- a/internal/lambda.go +++ b/internal/lambda.go @@ -20,7 +20,7 @@ import ( ) // ComputeLambda derives the interpolating value for id in the polynomial made by the participant identifiers. -// This function assumes that: +// This function is not public to protect its usage, as the following conditions MUST be met. // - id is non-nil and != 0. // - every scalar in participants is non-nil and != 0. // - there are no duplicates in participants. @@ -43,8 +43,11 @@ func ComputeLambda(g ecc.Group, id uint16, participants []*ecc.Scalar) *ecc.Scal // A Lambda is the interpolating value for a given id in the polynomial made by the participant identifiers. type Lambda struct { + // Value is the actual Lambda value. Value *ecc.Scalar `json:"value"` - Group ecc.Group `json:"group"` + + // Group is necessary so the Value scalar can reliably be decoded in the right group. + Group ecc.Group `json:"group"` } type lambdaShadow Lambda @@ -110,6 +113,10 @@ func (l LambdaRegistry) Get(participants []uint16) *ecc.Scalar { // GetOrNew returns the recorded Lambda for the list of participants, or created, records, and returns a new one if // it wasn't found. +// This function assumes that: +// - id is non-nil and != 0. +// - every scalar in participants is non-nil and != 0. +// - there are no duplicates in participants. func (l LambdaRegistry) GetOrNew(g ecc.Group, id uint16, participants []uint16) *ecc.Scalar { lambda := l.Get(participants) if lambda == nil { diff --git a/signer.go b/signer.go index bda5922..82b45f6 100644 --- a/signer.go +++ b/signer.go @@ -184,7 +184,7 @@ func (s *Signer) Sign(message []byte, commitments CommitmentList) (*SignatureSha } groupCommitment, bindingFactors := commitments.groupCommitmentAndBindingFactors( - s.Configuration.GroupPublicKey, + s.Configuration.VerificationKey, message, ) diff --git a/tests/commitment_test.go b/tests/commitment_test.go index 32bb1a7..1053bec 100644 --- a/tests/commitment_test.go +++ b/tests/commitment_test.go @@ -28,7 +28,7 @@ func TestCommitment_Validate_InvalidConfiguration(t *testing.T) { Ciphersuite: tt.Ciphersuite, Threshold: tt.threshold, MaxSigners: tt.maxSigners, - GroupPublicKey: nil, + VerificationKey: nil, SignerPublicKeyShares: nil, } @@ -269,7 +269,7 @@ func TestCommitmentList_Validate_InvalidConfiguration(t *testing.T) { Ciphersuite: tt.Ciphersuite, Threshold: tt.threshold, MaxSigners: tt.maxSigners, - GroupPublicKey: nil, + VerificationKey: nil, SignerPublicKeyShares: nil, } diff --git a/tests/configuration_test.go b/tests/configuration_test.go index 4492481..9489c55 100644 --- a/tests/configuration_test.go +++ b/tests/configuration_test.go @@ -25,7 +25,7 @@ func TestConfiguration_Verify_InvalidCiphersuite(t *testing.T) { expectedErrorPrefix := internal.ErrInvalidCiphersuite testAll(t, func(t *testing.T, test *tableTest) { - keyShares, groupPublicKey, _ := debug.TrustedDealerKeygen( + keyShares, verificationKey, _ := debug.TrustedDealerKeygen( test.Ciphersuite, nil, test.threshold, @@ -37,7 +37,7 @@ func TestConfiguration_Verify_InvalidCiphersuite(t *testing.T) { Ciphersuite: 2, Threshold: test.threshold, MaxSigners: test.maxSigners, - GroupPublicKey: groupPublicKey, + VerificationKey: verificationKey, SignerPublicKeyShares: publicKeyShares, } @@ -51,7 +51,7 @@ func TestConfiguration_Verify_Threshold_0(t *testing.T) { expectedErrorPrefix := "threshold is 0 or higher than maxSigners" testAll(t, func(t *testing.T, test *tableTest) { - keyShares, groupPublicKey, _ := debug.TrustedDealerKeygen( + keyShares, verificationKey, _ := debug.TrustedDealerKeygen( test.Ciphersuite, nil, test.threshold, @@ -63,7 +63,7 @@ func TestConfiguration_Verify_Threshold_0(t *testing.T) { Ciphersuite: test.Ciphersuite, Threshold: 0, MaxSigners: test.maxSigners, - GroupPublicKey: groupPublicKey, + VerificationKey: verificationKey, SignerPublicKeyShares: publicKeyShares, } @@ -77,7 +77,7 @@ func TestConfiguration_Verify_Threshold_Max(t *testing.T) { expectedErrorPrefix := "threshold is 0 or higher than maxSigners" testAll(t, func(t *testing.T, test *tableTest) { - keyShares, groupPublicKey, _ := debug.TrustedDealerKeygen( + keyShares, verificationKey, _ := debug.TrustedDealerKeygen( test.Ciphersuite, nil, test.threshold, @@ -89,7 +89,7 @@ func TestConfiguration_Verify_Threshold_Max(t *testing.T) { Ciphersuite: test.Ciphersuite, Threshold: test.maxSigners + 1, MaxSigners: test.maxSigners, - GroupPublicKey: groupPublicKey, + VerificationKey: verificationKey, SignerPublicKeyShares: publicKeyShares, } @@ -99,7 +99,7 @@ func TestConfiguration_Verify_Threshold_Max(t *testing.T) { }) } -func TestConfiguration_Verify_GroupPublicKey_Nil(t *testing.T) { +func TestConfiguration_Verify_verificationKey_Nil(t *testing.T) { expectedErrorPrefix := "invalid group public key, the key is nil" testAll(t, func(t *testing.T, test *tableTest) { @@ -110,7 +110,7 @@ func TestConfiguration_Verify_GroupPublicKey_Nil(t *testing.T) { Ciphersuite: test.Ciphersuite, Threshold: test.threshold, MaxSigners: test.maxSigners, - GroupPublicKey: nil, + VerificationKey: nil, SignerPublicKeyShares: publicKeyShares, } @@ -120,7 +120,7 @@ func TestConfiguration_Verify_GroupPublicKey_Nil(t *testing.T) { }) } -func TestConfiguration_Verify_GroupPublicKey_Identity(t *testing.T) { +func TestConfiguration_Verify_verificationKey_Identity(t *testing.T) { expectedErrorPrefix := "invalid group public key, the key is the identity element" testAll(t, func(t *testing.T, test *tableTest) { @@ -131,7 +131,7 @@ func TestConfiguration_Verify_GroupPublicKey_Identity(t *testing.T) { Ciphersuite: test.Ciphersuite, Threshold: test.threshold, MaxSigners: test.maxSigners, - GroupPublicKey: test.Group().NewElement(), + VerificationKey: test.Group().NewElement(), SignerPublicKeyShares: publicKeyShares, } @@ -141,7 +141,7 @@ func TestConfiguration_Verify_GroupPublicKey_Identity(t *testing.T) { }) } -func TestConfiguration_Verify_GroupPublicKey_Generator(t *testing.T) { +func TestConfiguration_Verify_verificationKey_Generator(t *testing.T) { expectedErrorPrefix := "invalid group public key, the key is the group generator (base element)" testAll(t, func(t *testing.T, test *tableTest) { @@ -152,7 +152,7 @@ func TestConfiguration_Verify_GroupPublicKey_Generator(t *testing.T) { Ciphersuite: test.Ciphersuite, Threshold: test.threshold, MaxSigners: test.maxSigners, - GroupPublicKey: test.Group().Base(), + VerificationKey: test.Group().Base(), SignerPublicKeyShares: publicKeyShares, } @@ -169,7 +169,7 @@ func TestConfiguration_VerifySignerPublicKeys_InvalidNumber(t *testing.T) { threshold := uint16(2) maxSigners := uint16(3) - keyShares, groupPublicKey, _ := debug.TrustedDealerKeygen(ciphersuite, nil, threshold, maxSigners) + keyShares, verificationKey, _ := debug.TrustedDealerKeygen(ciphersuite, nil, threshold, maxSigners) publicKeyShares := getPublicKeyShares(keyShares) // nil @@ -177,7 +177,7 @@ func TestConfiguration_VerifySignerPublicKeys_InvalidNumber(t *testing.T) { Ciphersuite: ciphersuite, Threshold: threshold, MaxSigners: maxSigners, - GroupPublicKey: groupPublicKey, + VerificationKey: verificationKey, SignerPublicKeyShares: nil, } @@ -214,7 +214,7 @@ func TestConfiguration_VerifySignerPublicKeys_Nil(t *testing.T) { threshold := uint16(2) maxSigners := uint16(3) - keyShares, groupPublicKey, _ := debug.TrustedDealerKeygen(ciphersuite, nil, threshold, maxSigners) + keyShares, verificationKey, _ := debug.TrustedDealerKeygen(ciphersuite, nil, threshold, maxSigners) publicKeyShares := getPublicKeyShares(keyShares) publicKeyShares[threshold-1] = nil @@ -222,7 +222,7 @@ func TestConfiguration_VerifySignerPublicKeys_Nil(t *testing.T) { Ciphersuite: ciphersuite, Threshold: threshold, MaxSigners: maxSigners, - GroupPublicKey: groupPublicKey, + VerificationKey: verificationKey, SignerPublicKeyShares: publicKeyShares, } @@ -236,14 +236,14 @@ func TestConfiguration_VerifySignerPublicKeys_BadPublicKey(t *testing.T) { threshold := uint16(2) maxSigners := uint16(3) - keyShares, groupPublicKey, _ := debug.TrustedDealerKeygen(ciphersuite, nil, threshold, maxSigners) + keyShares, verificationKey, _ := debug.TrustedDealerKeygen(ciphersuite, nil, threshold, maxSigners) publicKeyShares := getPublicKeyShares(keyShares) configuration := &frost.Configuration{ Ciphersuite: ciphersuite, Threshold: threshold, MaxSigners: maxSigners, - GroupPublicKey: groupPublicKey, + VerificationKey: verificationKey, SignerPublicKeyShares: publicKeyShares, } @@ -288,14 +288,14 @@ func TestConfiguration_VerifySignerPublicKeys_Duplicate_Identifiers(t *testing.T threshold := uint16(2) maxSigners := uint16(3) - keyShares, groupPublicKey, _ := debug.TrustedDealerKeygen(ciphersuite, nil, threshold, maxSigners) + keyShares, verificationKey, _ := debug.TrustedDealerKeygen(ciphersuite, nil, threshold, maxSigners) publicKeyShares := getPublicKeyShares(keyShares) configuration := &frost.Configuration{ Ciphersuite: ciphersuite, Threshold: threshold, MaxSigners: maxSigners, - GroupPublicKey: groupPublicKey, + VerificationKey: verificationKey, SignerPublicKeyShares: publicKeyShares, } @@ -315,14 +315,14 @@ func TestConfiguration_VerifySignerPublicKeys_Duplicate_PublicKeys(t *testing.T) threshold := uint16(2) maxSigners := uint16(3) - keyShares, groupPublicKey, _ := debug.TrustedDealerKeygen(ciphersuite, nil, threshold, maxSigners) + keyShares, verificationKey, _ := debug.TrustedDealerKeygen(ciphersuite, nil, threshold, maxSigners) publicKeyShares := getPublicKeyShares(keyShares) configuration := &frost.Configuration{ Ciphersuite: ciphersuite, Threshold: threshold, MaxSigners: maxSigners, - GroupPublicKey: groupPublicKey, + VerificationKey: verificationKey, SignerPublicKeyShares: publicKeyShares, } @@ -346,7 +346,7 @@ func TestConfiguration_ValidatePublicKeyShare_InvalidConfiguration(t *testing.T) Ciphersuite: tt.Ciphersuite, Threshold: tt.threshold, MaxSigners: tt.maxSigners, - GroupPublicKey: nil, + VerificationKey: nil, SignerPublicKeyShares: nil, } @@ -457,7 +457,7 @@ func TestConfiguration_ValidateKeyShare_InvalidConfiguration(t *testing.T) { Ciphersuite: tt.Ciphersuite, Threshold: tt.threshold, MaxSigners: tt.maxSigners, - GroupPublicKey: nil, + VerificationKey: nil, SignerPublicKeyShares: nil, } @@ -480,7 +480,7 @@ func TestConfiguration_ValidateKeyShare_Nil(t *testing.T) { } } -func TestConfiguration_ValidateKeyShare_InvalidGroupPublicKey(t *testing.T) { +func TestConfiguration_ValidateKeyShare_InvalidverificationKey(t *testing.T) { expectedErrorPrefix := "the key share's group public key does not match the one in the configuration" tt := &tableTest{ Ciphersuite: frost.Ristretto255, @@ -490,17 +490,17 @@ func TestConfiguration_ValidateKeyShare_InvalidGroupPublicKey(t *testing.T) { configuration, keyShares := makeConfAndShares(t, tt) keyShare := keyShares[0] - keyShare.GroupPublicKey = nil + keyShare.VerificationKey = nil if err := configuration.ValidateKeyShare(keyShare); err == nil || err.Error() != expectedErrorPrefix { t.Fatalf("expected %q, got %q", expectedErrorPrefix, err) } - keyShare.GroupPublicKey = tt.Group().NewElement() + keyShare.VerificationKey = tt.Group().NewElement() if err := configuration.ValidateKeyShare(keyShare); err == nil || err.Error() != expectedErrorPrefix { t.Fatalf("expected %q, got %q", expectedErrorPrefix, err) } - keyShare.GroupPublicKey.Base() + keyShare.VerificationKey.Base() if err := configuration.ValidateKeyShare(keyShare); err == nil || err.Error() != expectedErrorPrefix { t.Fatalf("expected %q, got %q", expectedErrorPrefix, err) } @@ -592,8 +592,8 @@ func TestConfiguration_ValidateKeyShare_WrongPublicKey(t *testing.T) { random := tt.Group().NewScalar().Random() keyShare := &keys.KeyShare{ - Secret: random, - GroupPublicKey: keyShares[0].GroupPublicKey, + Secret: random, + VerificationKey: keyShares[0].VerificationKey, PublicKeyShare: keys.PublicKeyShare{ PublicKey: tt.Group().Base().Multiply(random), ID: keyShares[0].ID, @@ -611,14 +611,14 @@ func TestConfiguration_Signer_NotVerified(t *testing.T) { threshold := uint16(2) maxSigners := uint16(3) - keyShares, groupPublicKey, _ := debug.TrustedDealerKeygen(ciphersuite, nil, threshold, maxSigners) + keyShares, verificationKey, _ := debug.TrustedDealerKeygen(ciphersuite, nil, threshold, maxSigners) publicKeyShares := getPublicKeyShares(keyShares) configuration := &frost.Configuration{ Ciphersuite: ciphersuite, Threshold: threshold, MaxSigners: maxSigners, - GroupPublicKey: groupPublicKey, + VerificationKey: verificationKey, SignerPublicKeyShares: publicKeyShares, } @@ -633,14 +633,14 @@ func TestConfiguration_Signer_BadConfig(t *testing.T) { threshold := uint16(2) maxSigners := uint16(3) - keyShares, groupPublicKey, _ := debug.TrustedDealerKeygen(ciphersuite, nil, threshold, maxSigners) + keyShares, verificationKey, _ := debug.TrustedDealerKeygen(ciphersuite, nil, threshold, maxSigners) publicKeyShares := getPublicKeyShares(keyShares) configuration := &frost.Configuration{ Ciphersuite: 2, Threshold: threshold, MaxSigners: maxSigners, - GroupPublicKey: groupPublicKey, + VerificationKey: verificationKey, SignerPublicKeyShares: publicKeyShares, } @@ -673,14 +673,14 @@ func TestConfiguration_VerifySignatureShare_BadPrep(t *testing.T) { threshold := uint16(2) maxSigners := uint16(3) - keyShares, groupPublicKey, _ := debug.TrustedDealerKeygen(ciphersuite, nil, threshold, maxSigners) + keyShares, verificationKey, _ := debug.TrustedDealerKeygen(ciphersuite, nil, threshold, maxSigners) publicKeyShares := getPublicKeyShares(keyShares) configuration := &frost.Configuration{ Ciphersuite: 2, Threshold: threshold, MaxSigners: maxSigners, - GroupPublicKey: groupPublicKey, + VerificationKey: verificationKey, SignerPublicKeyShares: publicKeyShares, } @@ -923,7 +923,7 @@ func TestConfiguration_AggregateSignatures_InvalidConfiguration(t *testing.T) { Ciphersuite: tt.Ciphersuite, Threshold: tt.threshold, MaxSigners: tt.maxSigners, - GroupPublicKey: nil, + VerificationKey: nil, SignerPublicKeyShares: nil, } diff --git a/tests/dkg_test.go b/tests/dkg_test.go index d73e86a..1852db1 100644 --- a/tests/dkg_test.go +++ b/tests/dkg_test.go @@ -48,7 +48,7 @@ func runDKG( commitments[i] = r1[i].Commitment } - pubKey, err := dkg.GroupPublicKeyFromRound1(c, r1) + pubKey, err := dkg.VerificationKeyFromRound1(c, r1) if err != nil { t.Fatal(err) } @@ -88,7 +88,7 @@ func runDKG( // t.Fatal("expected validity") //} - if !keyShare.GroupPublicKey.Equal(pubKey) { + if !keyShare.VerificationKey.Equal(pubKey) { t.Fatal("expected same public key") } diff --git a/tests/encoding_test.go b/tests/encoding_test.go index df9d6a2..25ea68b 100644 --- a/tests/encoding_test.go +++ b/tests/encoding_test.go @@ -27,14 +27,14 @@ import ( ) func makeConfAndShares(t *testing.T, test *tableTest) (*frost.Configuration, []*keys.KeyShare) { - keyShares, groupPublicKey, _ := debug.TrustedDealerKeygen(test.Ciphersuite, nil, test.threshold, test.maxSigners) + keyShares, verificationKey, _ := debug.TrustedDealerKeygen(test.Ciphersuite, nil, test.threshold, test.maxSigners) publicKeyShares := getPublicKeyShares(keyShares) configuration := &frost.Configuration{ Ciphersuite: test.Ciphersuite, Threshold: test.threshold, MaxSigners: test.maxSigners, - GroupPublicKey: groupPublicKey, + VerificationKey: verificationKey, SignerPublicKeyShares: publicKeyShares, } @@ -107,9 +107,9 @@ func compareConfigurations(t *testing.T, a, b serde, expectedMatch bool) { t.Fatalf("expected matching max signers: %q / %q", c1.MaxSigners, c2.MaxSigners) } - if ((c1.GroupPublicKey == nil || c2.GroupPublicKey == nil) || !c1.GroupPublicKey.Equal(c2.GroupPublicKey)) && + if ((c1.VerificationKey == nil || c2.VerificationKey == nil) || !c1.VerificationKey.Equal(c2.VerificationKey)) && expectedMatch { - t.Fatalf("expected matching GroupPublicKey: %q / %q", c1.Ciphersuite, c2.Ciphersuite) + t.Fatalf("expected matching VerificationKey: %q / %q", c1.Ciphersuite, c2.Ciphersuite) } if len(c1.SignerPublicKeyShares) != len(c2.SignerPublicKeyShares) && expectedMatch { @@ -189,11 +189,11 @@ func compareKeyShares(t *testing.T, a, b serde, expectedMatch bool) { t.Fatalf("Expected equality on Secret:\n\t%s\n\t%s\n", s1.Secret.Hex(), s2.Secret.Hex()) } - if !s1.GroupPublicKey.Equal(s2.GroupPublicKey) && expectedMatch { + if !s1.VerificationKey.Equal(s2.VerificationKey) && expectedMatch { t.Fatalf( - "Expected equality on GroupPublicKey:\n\t%s\n\t%s\n", - s1.GroupPublicKey.Hex(), - s2.GroupPublicKey.Hex(), + "Expected equality on VerificationKey:\n\t%s\n\t%s\n", + s1.VerificationKey.Hex(), + s2.VerificationKey.Hex(), ) } @@ -427,7 +427,7 @@ func TestEncoding_Configuration_InvalidConfigEncoding(t *testing.T) { } } -func TestEncoding_Configuration_InvalidGroupPublicKey(t *testing.T) { +func TestEncoding_Configuration_InvalidVerificationKey(t *testing.T) { expectedErrorPrefix := "failed to decode Configuration: could not decode group public key: element Decode: " testAll(t, func(t *testing.T, test *tableTest) { @@ -448,7 +448,7 @@ func TestEncoding_Configuration_BadPublicKeyShare(t *testing.T) { expectedErrorPrefix := "failed to decode Configuration: could not decode signer public key share for signer 1: " testAll(t, func(t *testing.T, test *tableTest) { - keyShares, groupPublicKey, _ := debug.TrustedDealerKeygen( + keyShares, verificationKey, _ := debug.TrustedDealerKeygen( test.Ciphersuite, nil, test.threshold, @@ -460,7 +460,7 @@ func TestEncoding_Configuration_BadPublicKeyShare(t *testing.T) { Ciphersuite: test.Ciphersuite, Threshold: test.threshold, MaxSigners: test.maxSigners, - GroupPublicKey: groupPublicKey, + VerificationKey: verificationKey, SignerPublicKeyShares: publicKeyShares, } g := ecc.Group(test.Ciphersuite) @@ -481,7 +481,7 @@ func TestEncoding_Configuration_InvalidPublicKeyShares(t *testing.T) { expectedErrorPrefix := "failed to decode Configuration: invalid number of public keys (lower than threshold or above maximum)" testAll(t, func(t *testing.T, test *tableTest) { - keyShares, groupPublicKey, _ := debug.TrustedDealerKeygen( + keyShares, verificationKey, _ := debug.TrustedDealerKeygen( test.Ciphersuite, nil, test.threshold, @@ -493,7 +493,7 @@ func TestEncoding_Configuration_InvalidPublicKeyShares(t *testing.T) { Ciphersuite: test.Ciphersuite, Threshold: test.threshold, MaxSigners: test.maxSigners, - GroupPublicKey: groupPublicKey, + VerificationKey: verificationKey, SignerPublicKeyShares: publicKeyShares, } configuration.SignerPublicKeyShares = configuration.SignerPublicKeyShares[:test.threshold-1] @@ -506,12 +506,12 @@ func TestEncoding_Configuration_InvalidPublicKeyShares(t *testing.T) { }) } -func TestEncoding_Configuration_CantVerify_InvalidGroupPublicKey(t *testing.T) { +func TestEncoding_Configuration_CantVerify_InvalidVerificationKey(t *testing.T) { expectedErrorPrefix := "failed to decode Configuration: invalid group public key, the key is the group generator (base element)" testAll(t, func(t *testing.T, test *tableTest) { configuration := makeConf(t, test) - configuration.GroupPublicKey.Base() + configuration.VerificationKey.Base() encoded := configuration.Encode() decoded := new(frost.Configuration) @@ -524,7 +524,7 @@ func TestEncoding_Configuration_CantVerify_InvalidGroupPublicKey(t *testing.T) { func TestEncoding_Configuration_BadHex(t *testing.T) { testAll(t, func(t *testing.T, test *tableTest) { configuration := makeConf(t, test) - testDecodingHexFails(t, configuration, new(frost.Configuration), "failed to decode Configuration:") + testDecodeHexFails(t, configuration, new(frost.Configuration), "failed to decode Configuration:") }) } @@ -534,6 +534,17 @@ func TestEncoding_Configuration_BadJSON(t *testing.T) { errInvalidJSON := "failed to decode Configuration: failed to decode PublicKeyShare: invalid JSON encoding" testDecodingJSONFails(t, "failed to decode Configuration", errInvalidJSON, configuration, new(frost.Configuration)) + + configuration.SignerPublicKeyShares[1].PublicKey.Base() + j, err := json.Marshal(configuration) + if err != nil { + t.Fatal(err) + } + + expectedError := "failed to decode Configuration: invalid public key for participant 2, the key is the group generator (base element)" + if err = json.Unmarshal(j, new(frost.Configuration)); err == nil || err.Error() != expectedError { + t.Fatalf("expected %q, got %q", errInvalidJSON, err) + } }) } @@ -791,7 +802,7 @@ func TestEncoding_Signer_InvalidCommitment(t *testing.T) { func TestEncoding_Signer_BadHex(t *testing.T) { testAll(t, func(t *testing.T, test *tableTest) { s := makeSigners(t, test)[0] - testDecodingHexFails(t, s, new(frost.Signer), "failed to decode Signer:") + testDecodeHexFails(t, s, new(frost.Signer), "failed to decode Signer:") }) } @@ -804,6 +815,18 @@ func TestEncoding_Signer_BadJSON(t *testing.T) { }) } +func TestEncoding_Nonce_BadJSON(t *testing.T) { + testAll(t, func(t *testing.T, test *tableTest) { + signer := makeSigners(t, test)[0] + com := signer.Commit() + nonce := signer.NonceCommitments[com.CommitmentID] + + errInvalidJSON := "failed to decode Commitment: invalid JSON encoding" + testDecodingJSONFails(t, "failed to decode Commitment", + errInvalidJSON, nonce, new(frost.Nonce)) + }) +} + func TestEncoding_SignatureShare(t *testing.T) { message := []byte("message") @@ -857,7 +880,6 @@ func TestEncoding_SignatureShare_InvalidLength2(t *testing.T) { } func TestEncoding_SignatureShare_InvalidIdentifier(t *testing.T) { - // todo: check for zero id in all decodings expectedError := errors.New("failed to decode SignatureShare: identifier cannot be 0") encoded := make([]byte, 35) encoded[0] = 1 @@ -911,7 +933,7 @@ func TestEncoding_SignatureShare_BadHex(t *testing.T) { t.Fatal(err) } - testDecodingHexFails(t, sigShare, new(frost.SignatureShare), "failed to decode SignatureShare:") + testDecodeHexFails(t, sigShare, new(frost.SignatureShare), "failed to decode SignatureShare:") }) } @@ -1032,7 +1054,7 @@ func TestEncoding_Signature_BadHex(t *testing.T) { t.Fatal(err) } - testDecodingHexFails(t, signature, new(frost.Signature), "failed to decode Signature:") + testDecodeHexFails(t, signature, new(frost.Signature), "failed to decode Signature:") }) } @@ -1163,7 +1185,7 @@ func TestEncoding_Commitment_BadHex(t *testing.T) { signer := makeSigners(t, test)[0] com := signer.Commit() - testDecodingHexFails(t, com, new(frost.Commitment), "failed to decode Commitment:") + testDecodeHexFails(t, com, new(frost.Commitment), "failed to decode Commitment:") }) } @@ -1337,8 +1359,6 @@ func testJSONEncoding(t *testing.T, in, out serde) error { return err } - t.Log(string(jsonEnc)) - if err = json.Unmarshal(jsonEnc, out); err != nil { return err } @@ -1373,25 +1393,26 @@ func testAndCompareSerde( testAndCompareSerdeSimple(t, in, maker, expectedMatch, testJSONEncoding, compare) } -func testDecodingHexFails(t *testing.T, thing1, thing2 serde, expectedErrorPrefix string) { +func testDecodeHexFails(t *testing.T, thing1, thing2 serde, expectedErrorPrefix string) { // empty string if err := thing2.DecodeHex(""); err == nil || !strings.HasPrefix(err.Error(), expectedErrorPrefix) { t.Fatal("expected error on empty string") } // uneven length + expectedError := expectedErrorPrefix + " encoding/hex: odd length hex string" e := thing1.Hex() + if err := thing2.DecodeHex(e[:len(e)-1]); err == nil || !strings.HasPrefix(err.Error(), expectedErrorPrefix) { t.Fatal("expected error on empty string") } // malformed string + expectedError = expectedErrorPrefix + " encoding/hex: invalid byte: U+005F '_'" hexed := thing1.Hex() malformed := []rune(hexed) malformed[0] = []rune("_")[0] - expectedError := expectedErrorPrefix + " encoding/hex: invalid byte: U+005F '_'" - if err := thing2.DecodeHex(string(malformed)); err == nil { t.Fatal("expected error on malformed string") } else if err.Error() != expectedError { @@ -1432,7 +1453,6 @@ func testDecodingJSONFails( errPrefix, badJSONErr string, in any, decoded json.Unmarshaler, - baddies ...jsonTesterBaddie, ) { errInvalidCiphersuite := errPrefix + ": invalid group" @@ -1491,11 +1511,4 @@ func testDecodingJSONFails( if err := testJSONBaddie(in, decoded, baddie); err != nil { t.Fatal(err) } - - // Replace keys and values - for _, baddie = range baddies { - if err := testJSONBaddie(in, decoded, baddie); err != nil { - t.Fatal(err) - } - } } diff --git a/tests/frost_error_test.go b/tests/frost_error_test.go index b639f3e..257e2b2 100644 --- a/tests/frost_error_test.go +++ b/tests/frost_error_test.go @@ -43,7 +43,7 @@ func TestVerifySignature_InvalidSignature(t *testing.T) { Z: test.Group().NewScalar().Random(), } - if err := frost.VerifySignature(test.Ciphersuite, message, signature, configuration.GroupPublicKey); err == nil || + if err := frost.VerifySignature(test.Ciphersuite, message, signature, configuration.VerificationKey); err == nil || !strings.HasPrefix(err.Error(), expectedErrorPrefix) { t.Fatalf("expected %q, got %q", expectedErrorPrefix, err) } @@ -133,7 +133,7 @@ func TestFrost_NewKeyShare(t *testing.T) { keyShare := keyShares[0] newKeyShare, err := frost.NewKeyShare(configuration.Ciphersuite, keyShare.ID, keyShare.SecretKey().Encode(), - keyShare.PublicKey.Encode(), configuration.GroupPublicKey.Encode()) + keyShare.PublicKey.Encode(), configuration.VerificationKey.Encode()) if err != nil { t.Fatal(err) } diff --git a/tests/frost_test.go b/tests/frost_test.go index 79a50ff..a3a6c80 100644 --- a/tests/frost_test.go +++ b/tests/frost_test.go @@ -63,7 +63,7 @@ func runFrost( threshold, maxSigners uint16, message []byte, keyShares []*keys.KeyShare, - groupPublicKey *ecc.Element, + verificationKey *ecc.Element, ) { // Collect public keys. publicKeyShares := getPublicKeyShares(keyShares) @@ -73,7 +73,7 @@ func runFrost( Ciphersuite: test.Ciphersuite, Threshold: threshold, MaxSigners: maxSigners, - GroupPublicKey: groupPublicKey, + VerificationKey: verificationKey, SignerPublicKeyShares: publicKeyShares, } @@ -127,7 +127,7 @@ func runFrost( t.Fatal(err) } - if err = frost.VerifySignature(test.Ciphersuite, message, singleSig, groupPublicKey); err != nil { + if err = frost.VerifySignature(test.Ciphersuite, message, singleSig, verificationKey); err != nil { t.Fatal(err) } @@ -148,8 +148,13 @@ func TestFrost_WithTrustedDealer(t *testing.T) { testAll(t, func(t *testing.T, test *tableTest) { g := test.Ciphersuite.Group() sk := g.NewScalar().Random() - keyShares, groupPublicKey, _ := debug.TrustedDealerKeygen(test.Ciphersuite, sk, test.threshold, test.maxSigners) - runFrost(t, test, test.threshold, test.maxSigners, message, keyShares, groupPublicKey) + keyShares, verificationKey, _ := debug.TrustedDealerKeygen( + test.Ciphersuite, + sk, + test.threshold, + test.maxSigners, + ) + runFrost(t, test, test.threshold, test.maxSigners, message, keyShares, verificationKey) }) } @@ -158,8 +163,8 @@ func TestFrost_WithDKG(t *testing.T) { testAll(t, func(t *testing.T, test *tableTest) { g := test.Ciphersuite.Group() - keyShares, groupPublicKey, _ := runDKG(t, g, test.threshold, test.maxSigners) - runFrost(t, test, test.threshold, test.maxSigners, message, keyShares, groupPublicKey) + keyShares, verificationKey, _ := runDKG(t, g, test.threshold, test.maxSigners) + runFrost(t, test, test.threshold, test.maxSigners, message, keyShares, verificationKey) }) } diff --git a/tests/misc_test.go b/tests/misc_test.go index 8ed7bac..9b0473b 100644 --- a/tests/misc_test.go +++ b/tests/misc_test.go @@ -38,7 +38,7 @@ func verifyTrustedDealerKeygen( t.Fatal(err) } - groupPublicKey, participantPublicKeys, err := debug.RecoverPublicKeys( + verificationKey, participantPublicKeys, err := debug.RecoverPublicKeys( test.Ciphersuite, test.maxSigners, coms, @@ -51,7 +51,7 @@ func verifyTrustedDealerKeygen( t.Fatal() } - if !groupPublicKey.Equal(pk) { + if !verificationKey.Equal(pk) { t.Fatal() } @@ -68,7 +68,7 @@ func verifyTrustedDealerKeygen( t.Fatal(err) } - if err = frost.VerifySignature(test.Ciphersuite, []byte("message"), sig, groupPublicKey); err != nil { + if err = frost.VerifySignature(test.Ciphersuite, []byte("message"), sig, verificationKey); err != nil { t.Fatal(err) } } @@ -257,7 +257,7 @@ func TestRecoverPublicKeys(t *testing.T) { test.maxSigners, ) - groupPublicKey, participantPublicKeys, err := debug.RecoverPublicKeys( + verificationKey, participantPublicKeys, err := debug.RecoverPublicKeys( test.Ciphersuite, test.maxSigners, secretsharingCommitment, @@ -266,7 +266,7 @@ func TestRecoverPublicKeys(t *testing.T) { t.Fatal(err) } - if !dealerGroupPubKey.Equal(groupPublicKey) { + if !dealerGroupPubKey.Equal(verificationKey) { t.Fatal("expected equality") } @@ -374,15 +374,44 @@ func TestPublicKeyShareVerificationFail(t *testing.T) { }) } -func TestLambda_BadID(t *testing.T) { - // expectedErrorPrefix := "anomaly in participant identifiers: one of the polynomial's coefficients is zero" - g := ecc.Ristretto255Sha512 - polynomial := []*ecc.Scalar{ - g.NewScalar().SetUInt64(1), - g.NewScalar().SetUInt64(2), - g.NewScalar().SetUInt64(3), +func runComputeLambda(g ecc.Group, id uint16, expectedValue *ecc.Scalar, participants ...int) *ecc.Scalar { + ps := make([]*ecc.Scalar, len(participants)) + for i, p := range participants { + ps[i] = g.NewScalar().SetUInt64(uint64(p)) } - // todo : what happens if the participant list is not vetted? - t.Log(internal.ComputeLambda(g, 4, polynomial).Hex()) + if s := internal.ComputeLambda(g, id, ps); !s.Equal(expectedValue) { + return s + } + + return nil +} + +func TestComputeLambda_BadID(t *testing.T) { + testAll(t, func(t *testing.T, test *tableTest) { + g := test.Group() + + // id is 0 + expected := g.NewScalar().SetUInt64(1) + if s := runComputeLambda(g, 0, expected, 1, 2, 3); s != nil { + t.Fatalf("expected %v, got %v", expected.Hex(), s.Hex()) + } + + // no participants + if s := runComputeLambda(g, 1, expected); s != nil { + t.Fatalf("expected %v, got %v", expected.Hex(), s.Hex()) + } + + // participants has 0 id + expected = g.NewScalar() + if s := runComputeLambda(g, 1, expected, 2, 0, 3); s != nil { + t.Fatalf("expected %v, got %v", expected.Hex(), s.Hex()) + } + + // participants has only 0 ids + expected = g.NewScalar() + if s := runComputeLambda(g, 1, expected, 0, 0, 0); s != nil { + t.Fatalf("expected %v, got %v", expected.Hex(), s.Hex()) + } + }) } diff --git a/tests/vector_utils_test.go b/tests/vector_utils_test.go index 3c3787f..4149777 100644 --- a/tests/vector_utils_test.go +++ b/tests/vector_utils_test.go @@ -85,7 +85,7 @@ func (j *ByteToHex) UnmarshalJSON(b []byte) error { type testVectorInput struct { ParticipantList []uint16 `json:"participant_list"` GroupSecretKey ByteToHex `json:"group_secret_key"` - GroupPublicKey ByteToHex `json:"group_public_key"` + VerificationKey ByteToHex `json:"group_public_key"` Message ByteToHex `json:"message"` SharePolynomialCoefficients []ByteToHex `json:"share_polynomial_coefficients"` ParticipantShares []testVectorParticipantShare `json:"participant_shares"` @@ -165,7 +165,7 @@ type testConfig struct { type testInput struct { ParticipantList []uint16 GroupSecretKey *ecc.Scalar - GroupPublicKey *ecc.Element + VerificationKey *ecc.Element Message []byte SharePolynomialCoefficients []*ecc.Scalar Participants []*keys.KeyShare @@ -208,7 +208,7 @@ func makeFrostConfig(c frost.Ciphersuite, threshold, maxSigners uint) *frost.Con Ciphersuite: c, Threshold: uint16(threshold), MaxSigners: uint16(maxSigners), - GroupPublicKey: nil, + VerificationKey: nil, SignerPublicKeyShares: nil, } } @@ -247,7 +247,7 @@ func decodeParticipant(t *testing.T, g ecc.Group, tp *testParticipant) *particip func (i testVectorInput) decode(t *testing.T, g ecc.Group) *testInput { input := &testInput{ GroupSecretKey: decodeScalar(t, g, i.GroupSecretKey), - GroupPublicKey: decodeElement(t, g, i.GroupPublicKey), + VerificationKey: decodeElement(t, g, i.VerificationKey), Message: i.Message, SharePolynomialCoefficients: make([]*ecc.Scalar, len(i.SharePolynomialCoefficients)+1), Participants: make([]*keys.KeyShare, len(i.ParticipantShares)), @@ -267,8 +267,8 @@ func (i testVectorInput) decode(t *testing.T, g ecc.Group) *testInput { secret := decodeScalar(t, g, p.ParticipantShare) public := g.Base().Multiply(secret) input.Participants[j] = &keys.KeyShare{ - Secret: secret, - GroupPublicKey: input.GroupPublicKey, + Secret: secret, + VerificationKey: input.VerificationKey, PublicKeyShare: keys.PublicKeyShare{ PublicKey: public, VssCommitment: nil, @@ -312,7 +312,7 @@ func (v testVector) decode(t *testing.T) *test { conf := v.Config.decode(t) inputs := v.Inputs.decode(t, conf.Ciphersuite.Group()) - conf.GroupPublicKey = inputs.GroupPublicKey + conf.VerificationKey = inputs.VerificationKey conf.SignerPublicKeyShares = make([]*keys.PublicKeyShare, len(inputs.Participants)) for i, ks := range inputs.Participants { diff --git a/tests/vectors_test.go b/tests/vectors_test.go index f84f9fa..fddf795 100644 --- a/tests/vectors_test.go +++ b/tests/vectors_test.go @@ -48,7 +48,7 @@ func (v test) testTrustedDealer(t *testing.T) ([]*keys.KeyShare, *ecc.Element) { t.Fatal() } - groupPublicKey, participantPublicKey, err := debug.RecoverPublicKeys( + verificationKey, participantPublicKey, err := debug.RecoverPublicKeys( v.Config.Ciphersuite, v.Config.Configuration.MaxSigners, secretsharingCommitment, @@ -61,7 +61,7 @@ func (v test) testTrustedDealer(t *testing.T) ([]*keys.KeyShare, *ecc.Element) { t.Fatal() } - if !groupPublicKey.Equal(dealerGroupPubKey) { + if !verificationKey.Equal(dealerGroupPubKey) { t.Fatal() } @@ -75,7 +75,7 @@ func (v test) testTrustedDealer(t *testing.T) ([]*keys.KeyShare, *ecc.Element) { } func (v test) test(t *testing.T) { - keyShares, groupPublicKey := v.testTrustedDealer(t) + keyShares, verificationKey := v.testTrustedDealer(t) // Check whether key shares are the same cpt := len(keyShares) @@ -177,7 +177,7 @@ func (v test) test(t *testing.T) { } // Sanity Check - if err = frost.VerifySignature(conf.Ciphersuite, v.Inputs.Message, sig, groupPublicKey); err != nil { + if err = frost.VerifySignature(conf.Ciphersuite, v.Inputs.Message, sig, verificationKey); err != nil { t.Fatal() } }