some refactoring and test

Signed-off-by: bytemare <[email protected]>
bytemare · Aug 27, 2024 · 9f09e45 · 9f09e45
1 parent f673885
commit 9f09e45
Show file tree

Hide file tree

Showing 11 changed files with 350 additions and 298 deletions.
diff --git a/commitment.go b/commitment.go
@@ -31,15 +31,15 @@ var (
 
 // Commitment is a participant's one-time commitment holding its identifier, and hiding and binding nonces.
 type Commitment struct {
-	HidingNonce  *group.Element
-	BindingNonce *group.Element
-	CommitmentID uint64
-	SignerID     uint64
-	Group        group.Group
+	HidingNonceCommitment  *group.Element
+	BindingNonceCommitment *group.Element
+	CommitmentID           uint64
+	SignerID               uint64
+	Group                  group.Group
 }
 
-// Verify returns an error if the commitment is
-func (c *Commitment) Verify(g group.Group) error {
+// Validate returns an error if the commitment is
+func (c *Commitment) Validate(g group.Group) error {
 	if c.Group != g {
 		return fmt.Errorf(
 			"commitment for participant %d has an unexpected ciphersuite: expected %s, got %s",
@@ -51,11 +51,13 @@ func (c *Commitment) Verify(g group.Group) error {
 
 	generator := g.Base()
 
-	if c.HidingNonce == nil || c.HidingNonce.IsIdentity() || c.HidingNonce.Equal(generator) == 1 {
+	if c.HidingNonceCommitment == nil || c.HidingNonceCommitment.IsIdentity() ||
+		c.HidingNonceCommitment.Equal(generator) == 1 {
 		return errHidingNonce
 	}
 
-	if c.BindingNonce == nil || c.BindingNonce.IsIdentity() || c.BindingNonce.Equal(generator) == 1 {
+	if c.BindingNonceCommitment == nil || c.BindingNonceCommitment.IsIdentity() ||
+		c.BindingNonceCommitment.Equal(generator) == 1 {
 		return errBindingNonce
 	}
 
@@ -65,11 +67,11 @@ func (c *Commitment) Verify(g group.Group) error {
 // Copy returns a new Commitment struct populated with the same values as the receiver.
 func (c *Commitment) Copy() *Commitment {
 	return &Commitment{
-		HidingNonce:  c.HidingNonce.Copy(),
-		BindingNonce: c.BindingNonce.Copy(),
-		CommitmentID: c.CommitmentID,
-		SignerID:     c.SignerID,
-		Group:        c.Group,
+		HidingNonceCommitment:  c.HidingNonceCommitment.Copy(),
+		BindingNonceCommitment: c.BindingNonceCommitment.Copy(),
+		CommitmentID:           c.CommitmentID,
+		SignerID:               c.SignerID,
+		Group:                  c.Group,
 	}
 }
 
@@ -80,8 +82,8 @@ func EncodedSize(g group.Group) uint64 {
 
 // Encode returns the serialized byte encoding of a participant's commitment.
 func (c *Commitment) Encode() []byte {
-	hNonce := c.HidingNonce.Encode()
-	bNonce := c.BindingNonce.Encode()
+	hNonce := c.HidingNonceCommitment.Encode()
+	bNonce := c.BindingNonceCommitment.Encode()
 
 	out := make([]byte, 17, EncodedSize(c.Group))
 	out[0] = byte(c.Group)
@@ -127,8 +129,8 @@ func (c *Commitment) Decode(data []byte) error {
 	c.Group = g
 	c.CommitmentID = cID
 	c.SignerID = pID
-	c.HidingNonce = hn
-	c.BindingNonce = bn
+	c.HidingNonceCommitment = hn
+	c.BindingNonceCommitment = bn
 
 	return nil
 }
@@ -168,8 +170,8 @@ func (c CommitmentList) Get(identifier uint64) *Commitment {
 	return nil
 }
 
-// ParticipantsUInt64 returns the uint64 list of participant identifiers in the list.
-func (c CommitmentList) ParticipantsUInt64() []uint64 {
+// Participants returns the uint64 list of participant identifiers in the list.
+func (c CommitmentList) Participants() []uint64 {
 	out := make([]uint64, len(c))
 
 	for i, com := range c {
@@ -196,9 +198,9 @@ func (c CommitmentList) ParticipantsScalar() []*group.Scalar {
 	})
 }
 
-// Verify checks for the Commitment list's integrity.
-func (c CommitmentList) Verify(g group.Group, threshold uint64) error {
-	// Verify number of commitments.
+// Validate checks for the Commitment list's integrity.
+func (c CommitmentList) Validate(g group.Group, threshold uint64) error {
+	// Validate number of commitments.
 	if uint64(len(c)) < threshold {
 		return fmt.Errorf("too few commitments: expected at least %d but got %d", threshold, len(c))
 	}
@@ -219,8 +221,8 @@ func (c CommitmentList) Verify(g group.Group, threshold uint64) error {
 
 		set[com.SignerID] = struct{}{}
 
-		// Check general consistency.
-		if err := com.Verify(g); err != nil {
+		// Check general validity of the commitment.
+		if err := com.Validate(g); err != nil {
 			return err
 		}
 	}
@@ -312,8 +314,8 @@ func encodeCommitmentList(g group.Group, commitments []*commitmentWithEncodedID)
 
 	for _, com := range commitments {
 		encoded = append(encoded, com.ParticipantID...)
-		encoded = append(encoded, com.HidingNonce.Encode()...)
-		encoded = append(encoded, com.BindingNonce.Encode()...)
+		encoded = append(encoded, com.HidingNonceCommitment.Encode()...)
+		encoded = append(encoded, com.BindingNonceCommitment.Encode()...)
 	}
 
 	return encoded
@@ -344,8 +346,8 @@ func (c CommitmentList) groupCommitment(bf BindingFactors) *group.Element {
 
 	for _, com := range c {
 		factor := bf[com.SignerID]
-		bindingNonce := com.BindingNonce.Copy().Multiply(factor)
-		gc.Add(com.HidingNonce).Add(bindingNonce)
+		bindingNonce := com.BindingNonceCommitment.Copy().Multiply(factor)
+		gc.Add(com.HidingNonceCommitment).Add(bindingNonce)
 	}
 
 	return gc

diff --git a/coordinator.go b/coordinator.go
@@ -42,14 +42,14 @@ func (c *Configuration) AggregateSignatures(
 	commitments CommitmentList,
 	verify bool,
 ) (*Signature, error) {
-	groupCommitment, bindingFactors, err := c.PrepareVerifySignatureShare(message, commitments)
+	groupCommitment, bindingFactors, participants, err := c.PrepareVerifySignatureShare(message, commitments)
 	if err != nil {
 		return nil, err
 	}
 
 	if verify {
 		for _, share := range sigShares {
-			if err = c.verifySignatureShare(share, message, commitments,
+			if err = c.verifySignatureShare(share, message, commitments, participants,
 				groupCommitment, bindingFactors); err != nil {
 				return nil, err
 			}
@@ -84,33 +84,32 @@ func (c *Configuration) VerifySignatureShare(
 	message []byte,
 	commitments CommitmentList,
 ) error {
-	groupCommitment, bindingFactors, err := c.PrepareVerifySignatureShare(message, commitments)
+	groupCommitment, bindingFactors, participants, err := c.PrepareVerifySignatureShare(message, commitments)
 	if err != nil {
 		return err
 	}
 
-	return c.verifySignatureShare(sigShare, message, commitments, groupCommitment, bindingFactors)
+	return c.verifySignatureShare(sigShare, message, commitments, participants, groupCommitment, bindingFactors)
 }
 
 func (c *Configuration) PrepareVerifySignatureShare(message []byte,
 	commitments CommitmentList,
-) (*group.Element, BindingFactors, error) {
+) (*group.Element, BindingFactors, []*group.Scalar, error) {
 	if !c.verified {
 		if err := c.verify(); err != nil {
-			return nil, nil, err
+			return nil, nil, nil, err
 		}
 	}
 
-	if err := commitments.Verify(c.group, c.Threshold); err != nil {
-		return nil, nil, fmt.Errorf("invalid list of commitments: %w", err)
+	// Check Commitment list integrity
+	if err := commitments.Validate(c.group, c.Threshold); err != nil {
+		return nil, nil, nil, fmt.Errorf("invalid list of commitments: %w", err)
 	}
 
-	groupCommitment, bindingFactors := commitments.GroupCommitmentAndBindingFactors(
-		c.GroupPublicKey,
-		message,
-	)
+	groupCommitment, bindingFactors := commitments.GroupCommitmentAndBindingFactors(c.GroupPublicKey, message)
+	participants := commitments.ParticipantsScalar()
 
-	return groupCommitment, bindingFactors, nil
+	return groupCommitment, bindingFactors, participants, nil
 }
 
 func (c *Configuration) getSignerPubKey(id uint64) *group.Element {
@@ -127,6 +126,7 @@ func (c *Configuration) verifySignatureShare(
 	sigShare *SignatureShare,
 	message []byte,
 	commitments CommitmentList,
+	participants []*group.Scalar,
 	groupCommitment *group.Element,
 	bindingFactors BindingFactors,
 ) error {
@@ -140,24 +140,16 @@ func (c *Configuration) verifySignatureShare(
 		return fmt.Errorf("public key not registered for signer %d", sigShare.SignerIdentifier)
 	}
 
-	participants := commitments.ParticipantsScalar()
-
-	lambdaChall, err := internal.ComputeChallengeFactor(
-		c.group,
-		sigShare.SignerIdentifier,
-		nil,
-		participants,
-		message,
-		groupCommitment,
-		c.GroupPublicKey,
-	)
+	lambda, err := internal.Lambda(c.group, sigShare.SignerIdentifier, participants)
 	if err != nil {
-		return fmt.Errorf("can't compute challenge: %w", err)
+		return err
 	}
 
+	lambdaChall := c.challenge(lambda, message, groupCommitment)
+
 	// Commitment KeyShare: r = g(h + b*f + l*s)
 	bindingFactor := bindingFactors[sigShare.SignerIdentifier]
-	commShare := com.HidingNonce.Copy().Add(com.BindingNonce.Copy().Multiply(bindingFactor))
+	commShare := com.HidingNonceCommitment.Copy().Add(com.BindingNonceCommitment.Copy().Multiply(bindingFactor))
 	r := commShare.Add(pk.Copy().Multiply(lambdaChall))
 	l := c.group.Base().Multiply(sigShare.SignatureShare)
 
@@ -175,7 +167,7 @@ func VerifySignature(c Ciphersuite, message []byte, signature *Signature, public
 		return internal.ErrInvalidCiphersuite
 	}
 
-	ch := internal.SchnorrChallenge(g, message, signature.R, publicKey)
+	ch := SchnorrChallenge(g, message, signature.R, publicKey)
 	r := signature.R.Copy().Add(publicKey.Copy().Multiply(ch))
 	l := g.Base().Multiply(signature.Z)
 

diff --git a/debug/debug.go b/debug/debug.go
@@ -108,7 +108,7 @@ func Sign(c frost.Ciphersuite, msg []byte, key *group.Scalar, random ...*group.S
 
 	R := g.Base().Multiply(k)
 	pk := g.Base().Multiply(key)
-	challenge := internal.SchnorrChallenge(g, msg, R, pk)
+	challenge := frost.SchnorrChallenge(g, msg, R, pk)
 	z := k.Add(challenge.Multiply(key))
 
 	return &frost.Signature{