Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

refactor: ZK proofs #48

Merged
merged 26 commits into from
Feb 6, 2024
Merged

refactor: ZK proofs #48

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
26 commits
Select commit Hold shift + click to select a range
b183a8c
refactor: add tss-core package
ivokub Oct 24, 2023
745e512
refactor: move composite dlog proof to tss-core
ivokub Oct 24, 2023
6836ad3
refactor: use tss-core composite dlog proof
ivokub Oct 24, 2023
e5770ba
refactor: move generate_h1_h2_N_tilde to tss-core
ivokub Oct 24, 2023
e87ff90
refactor: allow non-snake-case
ivokub Oct 27, 2023
86ddbc5
refactor: rename to PiPrm and use instead of existing Ring-Pedersen
ivokub Nov 6, 2023
70309b2
refactor: define RingPedersenParams structure
ivokub Nov 6, 2023
b70b789
refactor: use pi-prm proof in fs-dkr
ivokub Nov 7, 2023
dfe9d9f
refactor: move Pi-PRM and utilities to tss-core
ivokub Nov 30, 2023
c9e1e64
refactor: rename to PiEnc to correspond with paper
ivokub Nov 30, 2023
695b528
refactor: move pi-aff-g proof
ivokub Dec 11, 2023
34b7d2b
feat: use externally generated rho in pi-enc
ivokub Dec 11, 2023
e194cb7
refactor: move pi-log-star proof
ivokub Dec 12, 2023
23e2b9b
refactor: move pi-mul
ivokub Dec 12, 2023
3b7f73d
refactor: move pi-mul-star
ivokub Dec 12, 2023
f2aec93
refactor: move pi-dec
ivokub Dec 12, 2023
9c01354
refactor: use constant security parameters
ivokub Dec 12, 2023
e6c0385
chore: clippy
ivokub Dec 12, 2023
edcf7c4
feat: add sqrt for ring pedersen params
ivokub Jan 10, 2024
e6bec9c
fix: convert Legendre to -1
ivokub Jan 17, 2024
e64071b
fix: use p,q directly in sqrt
ivokub Jan 17, 2024
24bfd1e
feat: add pi-mod proof
ivokub Jan 17, 2024
2ea3df3
feat: add Pi-Fac proof
ivokub Jan 23, 2024
b4a3c66
fix: Pi-fac proof
ivokub Jan 29, 2024
cd89fc2
fix: sample sign bit for Pi-Fac challenge
ivokub Jan 31, 2024
418eefe
refactor: clippy suggestions
ivokub Jan 31, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 20 additions & 0 deletions Cargo.lock
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

9 changes: 7 additions & 2 deletions Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ authors = [
members = [
"multi-party-ecdsa",
"fs-dkr",
"tss-core",
]

[workspace.dependencies]
Expand All @@ -22,6 +23,9 @@ serde = { version = "1.0", features = ["derive"] }
zeroize = "1"
round-based = { git = "https://github.com/webb-tools/round-based-protocol", version = "0.1.4", features = ["dev"] }
thiserror = "1.0.23"
tss-core = { path = "tss-core" }
rand_chacha = "0.3.1"
rand = "0.8.5"

[workspace.dependencies.multi-party-ecdsa]
version = "0.8"
Expand All @@ -44,13 +48,14 @@ zeroize.workspace = true
paillier.workspace = true
round-based.workspace = true
thiserror.workspace = true
rand.workspace = true
rand_chacha.workspace = true
fs-dkr = { path = "fs-dkr", default-features = false }
bincode = "1.3.3"
digest = "0.9"
generic-array = "0.14"
rand_chacha = "0.3.1"
rand = "0.8.5"
getrandom = { version = "0.2", optional = true }
tss-core.workspace = true

[dev-dependencies]
criterion = "0.3"
Expand Down
1 change: 1 addition & 0 deletions fs-dkr/Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ round-based.workspace = true
serde.workspace = true
zeroize.workspace = true
thiserror.workspace = true
tss-core.workspace = true

[dependencies.multi-party-ecdsa]
workspace = true
Expand Down
127 changes: 48 additions & 79 deletions fs-dkr/src/add_party_message.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,74 +29,51 @@ use curv::{
elliptic::curves::{Curve, Point, Scalar},
BigInt,
};
use multi_party_ecdsa::gg_2020::party_i::generate_h1_h2_N_tilde;
use multi_party_ecdsa::protocols::multi_party_ecdsa::gg_2020::{
party_i::{Keys, SharedKeys},
state_machine::keygen::LocalKey,
};
use multi_party_ecdsa::utilities::zk_composite_dlog::{
CompositeDLogProof, CompositeDLogStatement, CompositeDLogWitness,
};
use paillier::{Decrypt, EncryptionKey, Paillier};
use serde::{Deserialize, Serialize};
use std::{collections::HashMap, fmt::Debug};
use std::{collections::HashMap, fmt::Debug, marker::PhantomData};
use zk_paillier::zkproofs::NiCorrectKeyProof;

use crate::ring_pedersen_proof::{RingPedersenProof, RingPedersenStatement};
use tss_core::utilities::generate_safe_h1_h2_N_tilde;
use tss_core::zkproof::prm::{PiPrmProof, PiPrmStatement, PiPrmWitness};

/// Message used by new parties to join the protocol.
#[derive(Clone, Deserialize, Serialize, Debug)]
#[serde(bound = "E: Curve, H: Digest + Clone")]
pub struct JoinMessage<E: Curve, H: Digest + Clone, const M: usize> {
pub struct JoinMessage<E: Curve, H: Digest + Clone> {
pub(crate) ek: EncryptionKey,
pub(crate) dk_correctness_proof: NiCorrectKeyProof,
pub(crate) party_index: Option<u16>,
pub(crate) dlog_statement: CompositeDLogStatement,
pub(crate) composite_dlog_proof_base_h1: CompositeDLogProof,
pub(crate) composite_dlog_proof_base_h2: CompositeDLogProof,
pub(crate) ring_pedersen_statement: RingPedersenStatement<E, H>,
pub(crate) ring_pedersen_proof: RingPedersenProof<E, H, M>,
pub(crate) dlog_statement: PiPrmStatement,
pub(crate) composite_dlog_proof_base_h1: PiPrmProof,
pub(crate) composite_dlog_proof_base_h2: PiPrmProof,
pub(crate) ring_pedersen_pi_prm_statement: PiPrmStatement,
pub(crate) ring_pedersen_pi_prm_proof: PiPrmProof,
pub phantom: PhantomData<(E, H)>,
}

/// Generates the DlogStatement and CompositeProofs using the parameters
/// generated by [generate_h1_h2_n_tilde]
fn generate_dlog_statement_proofs() -> FsDkrResult<(
CompositeDLogStatement,
CompositeDLogProof,
CompositeDLogProof,
)> {
let (n_tilde, h1, h2, xhi, xhi_inv, phi) = generate_h1_h2_N_tilde();
fn generate_dlog_statement_proofs(
) -> FsDkrResult<(PiPrmStatement, PiPrmProof, PiPrmProof)> {
let (rpparam, rpwitness) = generate_safe_h1_h2_N_tilde();

let dlog_statement_base_h1 = CompositeDLogStatement {
modulus: n_tilde.clone(),
base: h1.clone(),
value: h2.clone(),
};
let dlog_witness_base_h1 = CompositeDLogWitness {
exponent: xhi,
totient: phi.clone(),
};
let dlog_statement_base_h1 = PiPrmStatement::from(&rpparam);
let dlog_witness_base_h1 = PiPrmWitness::from(&rpwitness);

let dlog_statement_base_h2 = CompositeDLogStatement {
modulus: n_tilde,
base: h2,
value: h1,
};
let dlog_witness_base_h2 = CompositeDLogWitness {
exponent: xhi_inv,
totient: phi.clone(),
};
let dlog_statement_base_h2 = PiPrmStatement::inverse_from(&rpparam);
let dlog_witness_base_h2 = PiPrmWitness::inverse_from(&rpwitness);

let composite_dlog_proof_base_h1 = CompositeDLogProof::prove(
&dlog_statement_base_h1,
&dlog_witness_base_h1,
)
.map_err(|_| FsDkrError::CompositeDLogProofGeneration)?;
let composite_dlog_proof_base_h2 = CompositeDLogProof::prove(
&dlog_statement_base_h2,
&dlog_witness_base_h2,
)
.map_err(|_| FsDkrError::CompositeDLogProofGeneration)?;
let composite_dlog_proof_base_h1 =
PiPrmProof::prove(&dlog_statement_base_h1, &dlog_witness_base_h1)
.map_err(|_| FsDkrError::CompositeDLogProofGeneration)?;
let composite_dlog_proof_base_h2 =
PiPrmProof::prove(&dlog_statement_base_h2, &dlog_witness_base_h2)
.map_err(|_| FsDkrError::CompositeDLogProofGeneration)?;

Ok((
dlog_statement_base_h1,
Expand All @@ -105,7 +82,7 @@ fn generate_dlog_statement_proofs() -> FsDkrResult<(
))
}

impl<E: Curve, H: Digest + Clone, const M: usize> JoinMessage<E, H, M> {
impl<E: Curve, H: Digest + Clone> JoinMessage<E, H> {
pub fn set_party_index(&mut self, new_party_index: u16) {
self.party_index = Some(new_party_index);
}
Expand All @@ -121,13 +98,12 @@ impl<E: Curve, H: Digest + Clone, const M: usize> JoinMessage<E, H, M> {
composite_dlog_proof_base_h2,
) = generate_dlog_statement_proofs()?;

let (ring_pedersen_statement, ring_pedersen_witness) =
RingPedersenStatement::generate();

let ring_pedersen_proof = RingPedersenProof::prove(
&ring_pedersen_witness,
&ring_pedersen_statement,
);
let (rpparam, rpwitness) = generate_safe_h1_h2_N_tilde();
let pi_prm_statement = PiPrmStatement::from(&rpparam);
let pi_prm_witness = PiPrmWitness::from(&rpwitness);
let pi_prm_proof =
PiPrmProof::prove(&pi_prm_statement, &pi_prm_witness)
.map_err(|_| FsDkrError::RingPedersenProofError {})?;

let join_message = JoinMessage {
// in a join message, we only care about the ek and the correctness
Expand All @@ -140,9 +116,10 @@ impl<E: Curve, H: Digest + Clone, const M: usize> JoinMessage<E, H, M> {
dlog_statement,
composite_dlog_proof_base_h1,
composite_dlog_proof_base_h2,
ring_pedersen_statement,
ring_pedersen_proof,
ring_pedersen_pi_prm_statement: pi_prm_statement,
ring_pedersen_pi_prm_proof: pi_prm_proof,
party_index: None,
phantom: PhantomData {},
};

Ok((join_message, paillier_key_pair))
Expand All @@ -162,39 +139,31 @@ impl<E: Curve, H: Digest + Clone, const M: usize> JoinMessage<E, H, M> {
/// (multiple parties can be added/replaced at once).
pub fn collect(
&self,
refresh_messages: &[RefreshMessage<E, H, M>],
refresh_messages: &[RefreshMessage<E, H>],
paillier_key: Keys,
join_messages: &[JoinMessage<E, H, M>],
join_messages: &[JoinMessage<E, H>],
new_t: u16,
new_n: u16,
current_t: u16,
) -> FsDkrResult<LocalKey<E>> {
RefreshMessage::validate_collect(refresh_messages, current_t, new_n)?;

for refresh_message in refresh_messages.iter() {
RingPedersenProof::verify(
&refresh_message.ring_pedersen_proof,
&refresh_message.ring_pedersen_statement,
)
.map_err(|_| {
FsDkrError::RingPedersenProofValidation {
refresh_message
.ring_pedersen_pi_prm_proof
.verify(&refresh_message.ring_pedersen_pi_prm_statement)
.map_err(|_| FsDkrError::RingPedersenProofValidation {
party_index: refresh_message.party_index,
}
})?;
})?;
}

for join_message in join_messages.iter() {
RingPedersenProof::verify(
&join_message.ring_pedersen_proof,
&join_message.ring_pedersen_statement,
)
.map_err(|e| {
if let Some(party_index) = join_message.party_index {
FsDkrError::RingPedersenProofValidation { party_index }
} else {
e
}
})?;
join_message
.ring_pedersen_pi_prm_proof
.verify(&join_message.ring_pedersen_pi_prm_statement)
.map_err(|_| FsDkrError::RingPedersenProofValidation {
party_index: join_message.party_index.unwrap_or(0),
})?;
}

// check if a party_index has been assigned to the current party
Expand Down Expand Up @@ -261,7 +230,7 @@ impl<E: Curve, H: Digest + Clone, const M: usize> JoinMessage<E, H, M> {
// TODO: submit the statement the dlog proof as well!
// check what parties are assigned in the current rotation and associate
// their DLogStatements and check their CompositeDlogProofs.
let available_h1_h2_ntilde_vec: HashMap<u16, &CompositeDLogStatement> =
let available_h1_h2_ntilde_vec: HashMap<u16, &PiPrmStatement> =
refresh_messages
.iter()
.map(|msg| (msg.party_index, &msg.dlog_statement))
Expand Down Expand Up @@ -289,7 +258,7 @@ impl<E: Curve, H: Digest + Clone, const M: usize> JoinMessage<E, H, M> {
})
.collect();
// generate the DLogStatement vec needed for the LocalKey generation.
let mut h1_h2_ntilde_vec: Vec<CompositeDLogStatement> =
let mut h1_h2_ntilde_vec: Vec<PiPrmStatement> =
Vec::with_capacity(new_n as usize);
for party in 1..new_n + 1 {
let statement = available_h1_h2_ntilde_vec.get(&party);
Expand Down
1 change: 0 additions & 1 deletion fs-dkr/src/lib.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,6 @@ pub mod add_party_message;
pub mod error;
pub mod range_proofs;
pub mod refresh_message;
pub mod ring_pedersen_proof;
pub mod zk_pdl_with_slack;

mod test;
Expand Down
Loading
Loading