improve error handling

fs-dkr/src/add_party_message.rs

@@ -60,11 +60,11 @@ pub struct JoinMessage<E: Curve, H: Digest + Clone, const M: usize> {
 
 /// Generates the DlogStatement and CompositeProofs using the parameters
 /// generated by [generate_h1_h2_n_tilde]
-fn generate_dlog_statement_proofs() -> (
+fn generate_dlog_statement_proofs() -> FsDkrResult<(
     CompositeDLogStatement,
     CompositeDLogProof,
     CompositeDLogProof,
-) {
+)> {
     let (n_tilde, h1, h2, xhi, xhi_inv, phi) = generate_h1_h2_N_tilde();
 
     let dlog_statement_base_h1 = CompositeDLogStatement {
@@ -91,18 +91,18 @@ fn generate_dlog_statement_proofs() -> (
         &dlog_statement_base_h1,
         &dlog_witness_base_h1,
     )
-    .unwrap();
+    .map_err(|_| FsDkrError::CompositeDLogProofGeneration)?;
     let composite_dlog_proof_base_h2 = CompositeDLogProof::prove(
         &dlog_statement_base_h2,
         &dlog_witness_base_h2,
     )
-    .unwrap();
+    .map_err(|_| FsDkrError::CompositeDLogProofGeneration)?;
 
-    (
+    Ok((
         dlog_statement_base_h1,
         composite_dlog_proof_base_h1,
         composite_dlog_proof_base_h2,
-    )
+    ))
 }
 
 impl<E: Curve, H: Digest + Clone, const M: usize> JoinMessage<E, H, M> {
@@ -113,13 +113,13 @@ impl<E: Curve, H: Digest + Clone, const M: usize> JoinMessage<E, H, M> {
     /// happen before the existing parties distribute. Calling this function
     /// will generate a JoinMessage and a pair of Paillier [Keys] that are
     /// going to be used when generating the [LocalKey].
-    pub fn distribute() -> (Self, Keys) {
+    pub fn distribute() -> FsDkrResult<(Self, Keys)> {
         let paillier_key_pair = Keys::create(0);
         let (
             dlog_statement,
             composite_dlog_proof_base_h1,
             composite_dlog_proof_base_h2,
-        ) = generate_dlog_statement_proofs();
+        ) = generate_dlog_statement_proofs()?;
 
         let (ring_pedersen_statement, ring_pedersen_witness) =
             RingPedersenStatement::generate();
@@ -145,7 +145,7 @@ impl<E: Curve, H: Digest + Clone, const M: usize> JoinMessage<E, H, M> {
             party_index: None,
         };
 
-        (join_message, paillier_key_pair)
+        Ok((join_message, paillier_key_pair))
     }
     /// Returns the party index if it has been assigned one, throws
     /// [FsDkrError::NewPartyUnassignedIndexError] otherwise
@@ -289,16 +289,15 @@ impl<E: Curve, H: Digest + Clone, const M: usize> JoinMessage<E, H, M> {
             })
             .collect();
         // generate the DLogStatement vec needed for the LocalKey generation.
-        let h1_h2_ntilde_vec: Vec<CompositeDLogStatement> = (1..new_n + 1)
-            .map(|party| {
-                let statement = available_h1_h2_ntilde_vec.get(&party);
-
-                match statement {
-                    None => generate_dlog_statement_proofs().0,
-                    Some(dlog_statement) => (*dlog_statement).clone(),
-                }
-            })
-            .collect();
+        let mut h1_h2_ntilde_vec: Vec<CompositeDLogStatement> =
+            Vec::with_capacity(new_n as usize);
+        for party in 1..new_n + 1 {
+            let statement = available_h1_h2_ntilde_vec.get(&party);
+            h1_h2_ntilde_vec.push(match statement {
+                None => generate_dlog_statement_proofs()?.0,
+                Some(dlog_statement) => (*dlog_statement).clone(),
+            });
+        }
 
         // check if all the existing parties submitted the same public key. If
         // they differ, abort. TODO: this should be verifiable?

fs-dkr/src/error.rs

@@ -59,4 +59,7 @@ pub enum FsDkrError {
 
     #[error("Ring pedersen proof failed for party {party_index:?}")]
     RingPedersenProofValidation { party_index: u16 },
+
+    #[error("Composite DLog proof generation failed.")]
+    CompositeDLogProofGeneration,
 }

fs-dkr/src/test.rs

@@ -123,7 +123,7 @@ mod tests {
                 // the new party generates it's join message to start joining
                 // the computation
                 (0..number_of_new_parties)
-                    .map(|_| JoinMessage::distribute())
+                    .map(|_| JoinMessage::distribute().unwrap())
                     .unzip()
             }
 

multi-party-ecdsa/src/gg_2020/party_i.rs

@@ -243,7 +243,8 @@ impl Keys {
 
     pub fn phase1_broadcast_phase3_proof_of_correct_key_proof_of_correct_h1h2(
         &self,
-    ) -> (KeyGenBroadcastMessage1, KeyGenDecommitMessage1) {
+    ) -> Result<(KeyGenBroadcastMessage1, KeyGenDecommitMessage1), ErrorType>
+    {
         let blind_factor = BigInt::sample(SECURITY);
         let correct_key_proof = NiCorrectKeyProof::proof(&self.dk, None);
 
@@ -267,16 +268,21 @@ impl Keys {
             totient: self.phi.clone(),
         };
 
+        let dlog_proof_error = ErrorType {
+            error_type: "Composite DLog Proof Generation Failed".to_string(),
+            bad_actors: vec![],
+            data: vec![],
+        };
         let composite_dlog_proof_base_h1 = CompositeDLogProof::prove(
             &dlog_statement_base_h1,
             &dlog_witness_base_h1,
         )
-        .unwrap();
+        .map_err(|_| dlog_proof_error.clone())?;
         let composite_dlog_proof_base_h2 = CompositeDLogProof::prove(
             &dlog_statement_base_h2,
             &dlog_witness_base_h2,
         )
-        .unwrap();
+        .map_err(|_| dlog_proof_error)?;
 
         let com = HashCommitment::<Sha256>::create_commitment_with_user_defined_randomness(
             &BigInt::from_bytes(self.y_i.to_bytes(true).as_ref()),
@@ -294,7 +300,7 @@ impl Keys {
             blind_factor,
             y_i: self.y_i.clone(),
         };
-        (bcm1, decom1)
+        Ok((bcm1, decom1))
     }
 
     pub fn phase1_verify_com_phase3_verify_correct_key_verify_dlog_phase2_distribute(

multi-party-ecdsa/src/gg_2020/state_machine/keygen/rounds.rs

@@ -41,7 +41,8 @@ impl Round0 {
         let party_keys = Keys::create(self.party_i as usize);
         let (bc1, decom1) = party_keys
             .phase1_broadcast_phase3_proof_of_correct_key_proof_of_correct_h1h2(
-            );
+            )
+            .map_err(ProceedError::Round0GenerateCompositeDlogProof)?;
 
         output.push(Msg {
             sender: self.party_i,
@@ -382,6 +383,8 @@ type Result<T> = std::result::Result<T, ProceedError>;
 /// proceeding (i.e. after every message was received and pre-validated).
 #[derive(Debug, Error)]
 pub enum ProceedError {
+    #[error("round 2: generate composite dlog proof: {0:?}")]
+    Round0GenerateCompositeDlogProof(ErrorType),
     #[error("round 2: verify commitments: {0:?}")]
     Round2VerifyCommitments(ErrorType),
     #[error("round 3: verify vss construction: {0:?}")]

multi-party-ecdsa/src/gg_2020/test.rs

@@ -180,7 +180,7 @@ fn keygen_t_n_parties(
 
     let (bc1_vec, decom_vec): (Vec<_>, Vec<_>) = party_keys_vec
         .iter()
-        .map(|k| k.phase1_broadcast_phase3_proof_of_correct_key_proof_of_correct_h1h2())
+        .map(|k| k.phase1_broadcast_phase3_proof_of_correct_key_proof_of_correct_h1h2().unwrap())
         .unzip();
 
     let e_vec = bc1_vec
@@ -818,8 +818,9 @@ fn test_serialize_deserialize() {
     use serde_json;
 
     let k = Keys::create(0);
-    let (commit, decommit) =
-        k.phase1_broadcast_phase3_proof_of_correct_key_proof_of_correct_h1h2();
+    let (commit, decommit) = k
+        .phase1_broadcast_phase3_proof_of_correct_key_proof_of_correct_h1h2()
+        .unwrap();
 
     let encoded = serde_json::to_string(&commit).unwrap();
     let decoded: KeyGenBroadcastMessage1 =
@@ -839,8 +840,9 @@ fn test_small_paillier() {
     let (ek, dk) = Paillier::keypair_with_modulus_size(2046).keys();
     k.dk = dk;
     k.ek = ek;
-    let (commit, decommit) =
-        k.phase1_broadcast_phase3_proof_of_correct_key_proof_of_correct_h1h2();
+    let (commit, decommit) = k
+        .phase1_broadcast_phase3_proof_of_correct_key_proof_of_correct_h1h2()
+        .unwrap();
     assert!(k
         .phase1_verify_com_phase3_verify_correct_key_verify_dlog_phase2_distribute(
             &Parameters {

src/party_i.rs

@@ -197,7 +197,8 @@ impl Keys {
 
     pub fn phase1_broadcast_phase3_proof_of_correct_key_proof_of_correct_h1h2(
         &self,
-    ) -> (KeyGenBroadcastMessage1, KeyGenDecommitMessage1) {
+    ) -> Result<(KeyGenBroadcastMessage1, KeyGenDecommitMessage1), ErrorType>
+    {
         let blind_factor = BigInt::sample(SECURITY);
         let correct_key_proof = NiCorrectKeyProof::proof(&self.dk, None);
 
@@ -221,16 +222,21 @@ impl Keys {
             totient: self.phi.clone(),
         };
 
+        let dlog_proof_error = ErrorType {
+            error_type: "Composite DLog Proof Generation Failed".to_string(),
+            bad_actors: vec![],
+            data: vec![],
+        };
         let composite_dlog_proof_base_h1 = CompositeDLogProof::prove(
             &dlog_statement_base_h1,
             &dlog_witness_base_h1,
         )
-        .unwrap();
+        .map_err(|_| dlog_proof_error.clone())?;
         let composite_dlog_proof_base_h2 = CompositeDLogProof::prove(
             &dlog_statement_base_h2,
             &dlog_witness_base_h2,
         )
-        .unwrap();
+        .map_err(|_| dlog_proof_error)?;
 
         let com = HashCommitment::<Sha256>::create_commitment_with_user_defined_randomness(
 			&BigInt::from_bytes(self.y_i.to_bytes(true).as_ref()),
@@ -248,7 +254,7 @@ impl Keys {
             blind_factor,
             y_i: self.y_i.clone(),
         };
-        (bcm1, decom1)
+        Ok((bcm1, decom1))
     }
 
     #[allow(clippy::type_complexity)]

src/refresh/rounds.rs

@@ -70,7 +70,7 @@ impl Round0 {
             }
             None => {
                 let (mut join_message, paillier_keys) =
-                    JoinMessage::distribute();
+                    JoinMessage::distribute()?;
                 match self.new_party_index_option {
                     Some(new_party_index) => {
                         join_message.set_party_index(new_party_index);