diff --git a/fs-dkr/src/add_party_message.rs b/fs-dkr/src/add_party_message.rs index 291cfc6..9737969 100644 --- a/fs-dkr/src/add_party_message.rs +++ b/fs-dkr/src/add_party_message.rs @@ -60,11 +60,11 @@ pub struct JoinMessage { /// Generates the DlogStatement and CompositeProofs using the parameters /// generated by [generate_h1_h2_n_tilde] -fn generate_dlog_statement_proofs() -> ( +fn generate_dlog_statement_proofs() -> FsDkrResult<( CompositeDLogStatement, CompositeDLogProof, CompositeDLogProof, -) { +)> { let (n_tilde, h1, h2, xhi, xhi_inv, phi) = generate_h1_h2_N_tilde(); let dlog_statement_base_h1 = CompositeDLogStatement { @@ -91,18 +91,18 @@ fn generate_dlog_statement_proofs() -> ( &dlog_statement_base_h1, &dlog_witness_base_h1, ) - .unwrap(); + .map_err(|_| FsDkrError::CompositeDLogProofGeneration)?; let composite_dlog_proof_base_h2 = CompositeDLogProof::prove( &dlog_statement_base_h2, &dlog_witness_base_h2, ) - .unwrap(); + .map_err(|_| FsDkrError::CompositeDLogProofGeneration)?; - ( + Ok(( dlog_statement_base_h1, composite_dlog_proof_base_h1, composite_dlog_proof_base_h2, - ) + )) } impl JoinMessage { @@ -113,13 +113,13 @@ impl JoinMessage { /// happen before the existing parties distribute. Calling this function /// will generate a JoinMessage and a pair of Paillier [Keys] that are /// going to be used when generating the [LocalKey]. - pub fn distribute() -> (Self, Keys) { + pub fn distribute() -> FsDkrResult<(Self, Keys)> { let paillier_key_pair = Keys::create(0); let ( dlog_statement, composite_dlog_proof_base_h1, composite_dlog_proof_base_h2, - ) = generate_dlog_statement_proofs(); + ) = generate_dlog_statement_proofs()?; let (ring_pedersen_statement, ring_pedersen_witness) = RingPedersenStatement::generate(); @@ -145,7 +145,7 @@ impl JoinMessage { party_index: None, }; - (join_message, paillier_key_pair) + Ok((join_message, paillier_key_pair)) } /// Returns the party index if it has been assigned one, throws /// [FsDkrError::NewPartyUnassignedIndexError] otherwise @@ -289,16 +289,15 @@ impl JoinMessage { }) .collect(); // generate the DLogStatement vec needed for the LocalKey generation. - let h1_h2_ntilde_vec: Vec = (1..new_n + 1) - .map(|party| { - let statement = available_h1_h2_ntilde_vec.get(&party); - - match statement { - None => generate_dlog_statement_proofs().0, - Some(dlog_statement) => (*dlog_statement).clone(), - } - }) - .collect(); + let mut h1_h2_ntilde_vec: Vec = + Vec::with_capacity(new_n as usize); + for party in 1..new_n + 1 { + let statement = available_h1_h2_ntilde_vec.get(&party); + h1_h2_ntilde_vec.push(match statement { + None => generate_dlog_statement_proofs()?.0, + Some(dlog_statement) => (*dlog_statement).clone(), + }); + } // check if all the existing parties submitted the same public key. If // they differ, abort. TODO: this should be verifiable? diff --git a/fs-dkr/src/error.rs b/fs-dkr/src/error.rs index c5d988a..03452ce 100644 --- a/fs-dkr/src/error.rs +++ b/fs-dkr/src/error.rs @@ -59,4 +59,7 @@ pub enum FsDkrError { #[error("Ring pedersen proof failed for party {party_index:?}")] RingPedersenProofValidation { party_index: u16 }, + + #[error("Composite DLog proof generation failed.")] + CompositeDLogProofGeneration, } diff --git a/fs-dkr/src/test.rs b/fs-dkr/src/test.rs index 6cd028f..0e74403 100644 --- a/fs-dkr/src/test.rs +++ b/fs-dkr/src/test.rs @@ -123,7 +123,7 @@ mod tests { // the new party generates it's join message to start joining // the computation (0..number_of_new_parties) - .map(|_| JoinMessage::distribute()) + .map(|_| JoinMessage::distribute().unwrap()) .unzip() } diff --git a/multi-party-ecdsa/src/gg_2020/party_i.rs b/multi-party-ecdsa/src/gg_2020/party_i.rs index 0feb86b..ce1e94c 100644 --- a/multi-party-ecdsa/src/gg_2020/party_i.rs +++ b/multi-party-ecdsa/src/gg_2020/party_i.rs @@ -243,7 +243,8 @@ impl Keys { pub fn phase1_broadcast_phase3_proof_of_correct_key_proof_of_correct_h1h2( &self, - ) -> (KeyGenBroadcastMessage1, KeyGenDecommitMessage1) { + ) -> Result<(KeyGenBroadcastMessage1, KeyGenDecommitMessage1), ErrorType> + { let blind_factor = BigInt::sample(SECURITY); let correct_key_proof = NiCorrectKeyProof::proof(&self.dk, None); @@ -267,16 +268,21 @@ impl Keys { totient: self.phi.clone(), }; + let dlog_proof_error = ErrorType { + error_type: "Composite DLog Proof Generation Failed".to_string(), + bad_actors: vec![], + data: vec![], + }; let composite_dlog_proof_base_h1 = CompositeDLogProof::prove( &dlog_statement_base_h1, &dlog_witness_base_h1, ) - .unwrap(); + .map_err(|_| dlog_proof_error.clone())?; let composite_dlog_proof_base_h2 = CompositeDLogProof::prove( &dlog_statement_base_h2, &dlog_witness_base_h2, ) - .unwrap(); + .map_err(|_| dlog_proof_error)?; let com = HashCommitment::::create_commitment_with_user_defined_randomness( &BigInt::from_bytes(self.y_i.to_bytes(true).as_ref()), @@ -294,7 +300,7 @@ impl Keys { blind_factor, y_i: self.y_i.clone(), }; - (bcm1, decom1) + Ok((bcm1, decom1)) } pub fn phase1_verify_com_phase3_verify_correct_key_verify_dlog_phase2_distribute( diff --git a/multi-party-ecdsa/src/gg_2020/state_machine/keygen/rounds.rs b/multi-party-ecdsa/src/gg_2020/state_machine/keygen/rounds.rs index c32f560..d7470ea 100644 --- a/multi-party-ecdsa/src/gg_2020/state_machine/keygen/rounds.rs +++ b/multi-party-ecdsa/src/gg_2020/state_machine/keygen/rounds.rs @@ -41,7 +41,8 @@ impl Round0 { let party_keys = Keys::create(self.party_i as usize); let (bc1, decom1) = party_keys .phase1_broadcast_phase3_proof_of_correct_key_proof_of_correct_h1h2( - ); + ) + .map_err(ProceedError::Round0GenerateCompositeDlogProof)?; output.push(Msg { sender: self.party_i, @@ -382,6 +383,8 @@ type Result = std::result::Result; /// proceeding (i.e. after every message was received and pre-validated). #[derive(Debug, Error)] pub enum ProceedError { + #[error("round 2: generate composite dlog proof: {0:?}")] + Round0GenerateCompositeDlogProof(ErrorType), #[error("round 2: verify commitments: {0:?}")] Round2VerifyCommitments(ErrorType), #[error("round 3: verify vss construction: {0:?}")] diff --git a/multi-party-ecdsa/src/gg_2020/test.rs b/multi-party-ecdsa/src/gg_2020/test.rs index 3cccfec..059a118 100644 --- a/multi-party-ecdsa/src/gg_2020/test.rs +++ b/multi-party-ecdsa/src/gg_2020/test.rs @@ -180,7 +180,7 @@ fn keygen_t_n_parties( let (bc1_vec, decom_vec): (Vec<_>, Vec<_>) = party_keys_vec .iter() - .map(|k| k.phase1_broadcast_phase3_proof_of_correct_key_proof_of_correct_h1h2()) + .map(|k| k.phase1_broadcast_phase3_proof_of_correct_key_proof_of_correct_h1h2().unwrap()) .unzip(); let e_vec = bc1_vec @@ -818,8 +818,9 @@ fn test_serialize_deserialize() { use serde_json; let k = Keys::create(0); - let (commit, decommit) = - k.phase1_broadcast_phase3_proof_of_correct_key_proof_of_correct_h1h2(); + let (commit, decommit) = k + .phase1_broadcast_phase3_proof_of_correct_key_proof_of_correct_h1h2() + .unwrap(); let encoded = serde_json::to_string(&commit).unwrap(); let decoded: KeyGenBroadcastMessage1 = @@ -839,8 +840,9 @@ fn test_small_paillier() { let (ek, dk) = Paillier::keypair_with_modulus_size(2046).keys(); k.dk = dk; k.ek = ek; - let (commit, decommit) = - k.phase1_broadcast_phase3_proof_of_correct_key_proof_of_correct_h1h2(); + let (commit, decommit) = k + .phase1_broadcast_phase3_proof_of_correct_key_proof_of_correct_h1h2() + .unwrap(); assert!(k .phase1_verify_com_phase3_verify_correct_key_verify_dlog_phase2_distribute( &Parameters { diff --git a/src/party_i.rs b/src/party_i.rs index 3c6e1ad..deac4aa 100644 --- a/src/party_i.rs +++ b/src/party_i.rs @@ -197,7 +197,8 @@ impl Keys { pub fn phase1_broadcast_phase3_proof_of_correct_key_proof_of_correct_h1h2( &self, - ) -> (KeyGenBroadcastMessage1, KeyGenDecommitMessage1) { + ) -> Result<(KeyGenBroadcastMessage1, KeyGenDecommitMessage1), ErrorType> + { let blind_factor = BigInt::sample(SECURITY); let correct_key_proof = NiCorrectKeyProof::proof(&self.dk, None); @@ -221,16 +222,21 @@ impl Keys { totient: self.phi.clone(), }; + let dlog_proof_error = ErrorType { + error_type: "Composite DLog Proof Generation Failed".to_string(), + bad_actors: vec![], + data: vec![], + }; let composite_dlog_proof_base_h1 = CompositeDLogProof::prove( &dlog_statement_base_h1, &dlog_witness_base_h1, ) - .unwrap(); + .map_err(|_| dlog_proof_error.clone())?; let composite_dlog_proof_base_h2 = CompositeDLogProof::prove( &dlog_statement_base_h2, &dlog_witness_base_h2, ) - .unwrap(); + .map_err(|_| dlog_proof_error)?; let com = HashCommitment::::create_commitment_with_user_defined_randomness( &BigInt::from_bytes(self.y_i.to_bytes(true).as_ref()), @@ -248,7 +254,7 @@ impl Keys { blind_factor, y_i: self.y_i.clone(), }; - (bcm1, decom1) + Ok((bcm1, decom1)) } #[allow(clippy::type_complexity)] diff --git a/src/refresh/rounds.rs b/src/refresh/rounds.rs index f95d8a9..c9f3894 100644 --- a/src/refresh/rounds.rs +++ b/src/refresh/rounds.rs @@ -70,7 +70,7 @@ impl Round0 { } None => { let (mut join_message, paillier_keys) = - JoinMessage::distribute(); + JoinMessage::distribute()?; match self.new_party_index_option { Some(new_party_index) => { join_message.set_party_index(new_party_index);