Skip to content

Commit

Permalink
fix(sdk-lib-mpc): use rejection sampling for range proof challenge
Browse files Browse the repository at this point in the history 
TICKET: HSM-165
  • Loading branch information
@zhongxishen
zhongxishen committed Sep 22, 2023
1 parent e290719 commit 7c81836
Show file tree
Hide file tree
Showing 7 changed files with 157 additions and 53 deletions.
4 changes: 4 additions & 0 deletions modules/bitgo/test/v2/fixtures/tss/ecdsaFixtures.ts
View file

Large diffs are not rendered by default.

6 changes: 4 additions & 2 deletions modules/bitgo/test/v2/unit/tss/ecdsa.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -633,7 +633,7 @@ describe('Ecdsa tss helper functions tests', function () {
ECDSAMethods.delimeter
}${bitgoKShare.p.join(ECDSAMethods.delimeter)}${ECDSAMethods.delimeter}${bitgoKShare.sigma.join(
ECDSAMethods.delimeter
)}`,
)}${ECDSAMethods.delimeter}`,
} as SignatureShareRecord;

const kshare = ECDSAMethods.convertKShare(bitgoKShare);
Expand Down Expand Up @@ -701,7 +701,9 @@ describe('Ecdsa tss helper functions tests', function () {
mockShare.wProof?.t2 || ''
}${ECDSAMethods.delimeter}${mockShare.wProof?.u || ''}${ECDSAMethods.delimeter}${mockShare.wProof?.x || ''}${
ECDSAMethods.delimeter
}${mockShare.sigma!.join(ECDSAMethods.delimeter)}`,
}${mockShare.sigma.join(ECDSAMethods.delimeter)}${ECDSAMethods.delimeter}${ECDSAMethods.delimeter}${
ECDSAMethods.delimeter
}`,
} as SignatureShareRecord;

const aShare = ECDSAMethods.convertAShare(mockShare);
Expand Down
16 changes: 16 additions & 0 deletions modules/sdk-core/src/account-lib/mpc/tss/ecdsa/ecdsa.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -392,6 +392,7 @@ export default class Ecdsa {
z: bigIntToBufferBE(proof.z, 384).toString('hex'),
u: bigIntToBufferBE(proof.u, 768).toString('hex'),
w: bigIntToBufferBE(proof.w, 384).toString('hex'),
nonce: proof.nonce?.toString('hex'),
s: bigIntToBufferBE(proof.s, 384).toString('hex'),
s1: bigIntToBufferBE(proof.s1, 96).toString('hex'),
s2: bigIntToBufferBE(proof.s2, 480).toString('hex'),
Expand Down Expand Up @@ -487,6 +488,7 @@ export default class Ecdsa {
z: hexToBigInt(receivedKShare.proof.z),
u: hexToBigInt(receivedKShare.proof.u),
w: hexToBigInt(receivedKShare.proof.w),
nonce: receivedKShare.proof.nonce ? Buffer.from(receivedKShare.proof.nonce, 'hex') : undefined,
s: hexToBigInt(receivedKShare.proof.s),
s1: hexToBigInt(receivedKShare.proof.s1),
s2: hexToBigInt(receivedKShare.proof.s2),
Expand Down Expand Up @@ -528,6 +530,7 @@ export default class Ecdsa {
t: bigIntToBufferBE(proof.t, 384).toString('hex'),
v: bigIntToBufferBE(proof.v, 768).toString('hex'),
w: bigIntToBufferBE(proof.w, 384).toString('hex'),
nonce: proof.nonce?.toString('hex'),
s: bigIntToBufferBE(proof.s, 384).toString('hex'),
s1: bigIntToBufferBE(proof.s1, 96).toString('hex'),
s2: bigIntToBufferBE(proof.s2, 480).toString('hex'),
Expand Down Expand Up @@ -568,6 +571,7 @@ export default class Ecdsa {
t: bigIntToBufferBE(proof.t, 384).toString('hex'),
v: bigIntToBufferBE(proof.v, 768).toString('hex'),
w: bigIntToBufferBE(proof.w, 384).toString('hex'),
nonce: proof.nonce?.toString('hex'),
s: bigIntToBufferBE(proof.s, 384).toString('hex'),
s1: bigIntToBufferBE(proof.s1, 96).toString('hex'),
s2: bigIntToBufferBE(proof.s2, 480).toString('hex'),
Expand Down Expand Up @@ -659,6 +663,7 @@ export default class Ecdsa {
t: hexToBigInt(receivedAShare.gammaProof.t),
v: hexToBigInt(receivedAShare.gammaProof.v),
w: hexToBigInt(receivedAShare.gammaProof.w),
nonce: receivedAShare.gammaProof.nonce ? Buffer.from(receivedAShare.gammaProof.nonce, 'hex') : undefined,
s: hexToBigInt(receivedAShare.gammaProof.s),
s1: hexToBigInt(receivedAShare.gammaProof.s1),
s2: hexToBigInt(receivedAShare.gammaProof.s2),
Expand Down Expand Up @@ -690,6 +695,7 @@ export default class Ecdsa {
t: hexToBigInt(receivedAShare.wProof.t),
v: hexToBigInt(receivedAShare.wProof.v),
w: hexToBigInt(receivedAShare.wProof.w),
nonce: receivedAShare.wProof.nonce ? Buffer.from(receivedAShare.wProof.nonce, 'hex') : undefined,
s: hexToBigInt(receivedAShare.wProof.s),
s1: hexToBigInt(receivedAShare.wProof.s1),
s2: hexToBigInt(receivedAShare.wProof.s2),
Expand Down Expand Up @@ -738,6 +744,7 @@ export default class Ecdsa {
z: hexToBigInt(receivedAShare.proof.z),
u: hexToBigInt(receivedAShare.proof.u),
w: hexToBigInt(receivedAShare.proof.w),
nonce: receivedAShare.proof.nonce ? Buffer.from(receivedAShare.proof.nonce, 'hex') : undefined,
s: hexToBigInt(receivedAShare.proof.s),
s1: hexToBigInt(receivedAShare.proof.s1),
s2: hexToBigInt(receivedAShare.proof.s2),
Expand Down Expand Up @@ -780,6 +787,7 @@ export default class Ecdsa {
t: bigIntToBufferBE(proof.t, 384).toString('hex'),
v: bigIntToBufferBE(proof.v, 768).toString('hex'),
w: bigIntToBufferBE(proof.w, 384).toString('hex'),
nonce: proof.nonce?.toString('hex'),
s: bigIntToBufferBE(proof.s, 384).toString('hex'),
s1: bigIntToBufferBE(proof.s1, 96).toString('hex'),
s2: bigIntToBufferBE(proof.s2, 480).toString('hex'),
Expand Down Expand Up @@ -820,6 +828,7 @@ export default class Ecdsa {
t: bigIntToBufferBE(proof.t, 384).toString('hex'),
v: bigIntToBufferBE(proof.v, 768).toString('hex'),
w: bigIntToBufferBE(proof.w, 384).toString('hex'),
nonce: proof.nonce?.toString('hex'),
s: bigIntToBufferBE(proof.s, 384).toString('hex'),
s1: bigIntToBufferBE(proof.s1, 96).toString('hex'),
s2: bigIntToBufferBE(proof.s2, 480).toString('hex'),
Expand Down Expand Up @@ -891,6 +900,7 @@ export default class Ecdsa {
t: hexToBigInt(receivedMuShare.gammaProof.t),
v: hexToBigInt(receivedMuShare.gammaProof.v),
w: hexToBigInt(receivedMuShare.gammaProof.w),
nonce: receivedMuShare.gammaProof.nonce ? Buffer.from(receivedMuShare.gammaProof.nonce, 'hex') : undefined,
s: hexToBigInt(receivedMuShare.gammaProof.s),
s1: hexToBigInt(receivedMuShare.gammaProof.s1),
s2: hexToBigInt(receivedMuShare.gammaProof.s2),
Expand Down Expand Up @@ -922,6 +932,7 @@ export default class Ecdsa {
t: hexToBigInt(receivedMuShare.wProof.t),
v: hexToBigInt(receivedMuShare.wProof.v),
w: hexToBigInt(receivedMuShare.wProof.w),
nonce: receivedMuShare.wProof.nonce ? Buffer.from(receivedMuShare.wProof.nonce, 'hex') : undefined,
s: hexToBigInt(receivedMuShare.wProof.s),
s1: hexToBigInt(receivedMuShare.wProof.s1),
s2: hexToBigInt(receivedMuShare.wProof.s2),
Expand Down Expand Up @@ -1030,6 +1041,7 @@ export default class Ecdsa {
t: hexToBigInt(aShareToBeSent.gammaProof.t),
v: hexToBigInt(aShareToBeSent.gammaProof.v),
w: hexToBigInt(aShareToBeSent.gammaProof.w),
nonce: aShareToBeSent.gammaProof.nonce ? Buffer.from(aShareToBeSent.gammaProof.nonce, 'hex') : undefined,
s: hexToBigInt(aShareToBeSent.gammaProof.s),
s1: hexToBigInt(aShareToBeSent.gammaProof.s1),
s2: hexToBigInt(aShareToBeSent.gammaProof.s2),
Expand Down Expand Up @@ -1061,6 +1073,7 @@ export default class Ecdsa {
t: hexToBigInt(aShareToBeSent.wProof.t),
v: hexToBigInt(aShareToBeSent.wProof.v),
w: hexToBigInt(aShareToBeSent.wProof.w),
nonce: aShareToBeSent.wProof.nonce ? Buffer.from(aShareToBeSent.wProof.nonce, 'hex') : undefined,
s: hexToBigInt(aShareToBeSent.wProof.s),
s1: hexToBigInt(aShareToBeSent.wProof.s1),
s2: hexToBigInt(aShareToBeSent.wProof.s2),
Expand Down Expand Up @@ -1122,6 +1135,7 @@ export default class Ecdsa {
z: hexToBigInt(aShareToBeSent.proof.z),
u: hexToBigInt(aShareToBeSent.proof.u),
w: hexToBigInt(aShareToBeSent.proof.w),
nonce: aShareToBeSent.proof.nonce ? Buffer.from(aShareToBeSent.proof.nonce, 'hex') : undefined,
s: hexToBigInt(aShareToBeSent.proof.s),
s1: hexToBigInt(aShareToBeSent.proof.s1),
s2: hexToBigInt(aShareToBeSent.proof.s2),
Expand Down Expand Up @@ -1166,6 +1180,7 @@ export default class Ecdsa {
t: bigIntToBufferBE(proof.t, 384).toString('hex'),
v: bigIntToBufferBE(proof.v, 768).toString('hex'),
w: bigIntToBufferBE(proof.w, 384).toString('hex'),
nonce: proof.nonce?.toString('hex'),
s: bigIntToBufferBE(proof.s, 384).toString('hex'),
s1: bigIntToBufferBE(proof.s1, 96).toString('hex'),
s2: bigIntToBufferBE(proof.s2, 480).toString('hex'),
Expand Down Expand Up @@ -1210,6 +1225,7 @@ export default class Ecdsa {
t: bigIntToBufferBE(proof.t, 384).toString('hex'),
v: bigIntToBufferBE(proof.v, 768).toString('hex'),
w: bigIntToBufferBE(proof.w, 384).toString('hex'),
nonce: proof.nonce?.toString('hex'),
s: bigIntToBufferBE(proof.s, 384).toString('hex'),
s1: bigIntToBufferBE(proof.s1, 96).toString('hex'),
s2: bigIntToBufferBE(proof.s2, 480).toString('hex'),
Expand Down
2 changes: 2 additions & 0 deletions modules/sdk-core/src/account-lib/mpc/tss/ecdsa/types.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -118,6 +118,7 @@ export type RangeProofShare = {
z: string;
u: string;
w: string;
nonce?: string;
s: string;
s1: string;
s2: string;
Expand All @@ -144,6 +145,7 @@ export type RangeProofWithCheckShare = {
t: string;
v: string;
w: string;
nonce?: string;
s: string;
s1: string;
s2: string;
Expand Down
14 changes: 11 additions & 3 deletions modules/sdk-core/src/bitgo/tss/ecdsa/ecdsa.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -480,6 +480,7 @@ export function parseKShare(share: SignatureShareRecord): KShare {
z: shares[5],
u: shares[6],
w: shares[7],
nonce: shares[11 + 2 * EcdsaPaillierProof.m] ? shares[11 + 2 * EcdsaPaillierProof.m] : undefined,
s: shares[8],
s1: shares[9],
s2: shares[10],
Expand Down Expand Up @@ -515,7 +516,9 @@ export function convertKShare(share: KShare): SignatureShareRecord {
share.proof?.w || ''
}${delimeter}${share.proof?.s || ''}${delimeter}${share.proof?.s1 || ''}${delimeter}${
share.proof?.s2 || ''
}${delimeter}${(share.p || []).join(delimeter)}${delimeter}${(share.sigma || []).join(delimeter)}`,
}${delimeter}${(share.p || []).join(delimeter)}${delimeter}${(share.sigma || []).join(delimeter)}${delimeter}${
share.proof?.nonce || ''
}`,
};
}

Expand All @@ -536,6 +539,7 @@ export function parseAShare(share: SignatureShareRecord): AShare {
z: shares[7],
u: shares[8],
w: shares[9],
nonce: shares[37 + EcdsaPaillierProof.m] ? shares[37 + EcdsaPaillierProof.m] : undefined,
s: shares[10],
s1: shares[11],
s2: shares[12],
Expand All @@ -549,6 +553,7 @@ export function parseAShare(share: SignatureShareRecord): AShare {
t: shares[15],
v: shares[16],
w: shares[17],
nonce: shares[38 + EcdsaPaillierProof.m] ? shares[38 + EcdsaPaillierProof.m] : undefined,
s: shares[18],
s1: shares[19],
s2: shares[20],
Expand All @@ -566,6 +571,7 @@ export function parseAShare(share: SignatureShareRecord): AShare {
t: shares[27],
v: shares[28],
w: shares[29],
nonce: shares[39 + EcdsaPaillierProof.m] ? shares[39 + EcdsaPaillierProof.m] : undefined,
s: shares[30],
s1: shares[31],
s2: shares[32],
Expand All @@ -589,7 +595,7 @@ export function parseAShare(share: SignatureShareRecord): AShare {
proof,
gammaProof,
wProof,
sigma: shares.slice(37),
sigma: shares.slice(37, 37 + EcdsaPaillierProof.m),
};
}

Expand Down Expand Up @@ -624,7 +630,9 @@ export function convertAShare(share: AShare): SignatureShareRecord {
share.wProof?.s2 || ''
}${delimeter}${share.wProof?.t1 || ''}${delimeter}${share.wProof?.t2 || ''}${delimeter}${
share.wProof?.u || ''
}${delimeter}${share.wProof?.x || ''}${delimeter}${(share.sigma || []).join(delimeter)}`,
}${delimeter}${share.wProof?.x || ''}${delimeter}${(share.sigma || []).join(delimeter)}${delimeter}${
share.proof?.nonce || ''
}${delimeter}${share.gammaProof?.nonce || ''}${delimeter}${share.wProof?.nonce || ''}`,
};
}

Expand Down
Loading

0 comments on commit 7c81836

Please sign in to comment.