simplpedpop: Verify received first_ge[my_idx]

BlockstreamResearch · Mar 15, 2024 · 2ebbdec · 2ebbdec
1 parent df8694a
commit 2ebbdec
Showing 1 changed file with 8 additions and 2 deletions.
diff --git a/reference/simplpedpop.py b/reference/simplpedpop.py
@@ -78,6 +78,7 @@ class SignerState1(NamedTuple):
     t: int
     n: int
     my_idx: int
+    my_first_ge: GE
 
 
 # TODO This should probably moved somewhere else as its common to all DKGs
@@ -112,7 +113,7 @@ def signer_round1(
     pop = pop_prove(vss.secret().to_bytes(), my_idx)
 
     msg = Unicast1(vss.commit(), pop)
-    state = SignerState1(t, n, my_idx)
+    state = SignerState1(t, n, my_idx, my_first_ge)
     return state, msg, shares
 
 
@@ -129,12 +130,17 @@ def signer_pre_finalize(
     :param Scalar shares_sum: sum of shares for this participant received from all participants (including this participant)
     :return: the data `eta` that must be input to an equality check protocol, the final share, the shared pubkey, the individual participants' pubkeys
     """
-    t, n, my_idx = state
+    t, n, my_idx, my_first_ge = state
     first_ges, remaining_ges, pops = msg
     assert len(first_ges) == n
     assert len(remaining_ges) == t - 1
     assert len(pops) == n
 
+    if first_ges[my_idx] != my_first_ge:
+        raise InvalidContributionError(
+            None, "Coordinator sent unexpected first group element for local index"
+        )
+
     for i in range(n):
         P_i = first_ges[i]
         if P_i.infinity: