crypto/dkg/src/tests/frost.rs

use std::collections::HashMap;

use rand_core::{RngCore, CryptoRng};

use crate::{
  Ciphersuite, ThresholdParams, ThresholdCore,
  frost::KeyGenMachine,
  encryption::{EncryptionKeyMessage, EncryptedMessage},
  tests::{THRESHOLD, PARTICIPANTS, clone_without},
};

/// Fully perform the FROST key generation algorithm.
pub fn frost_gen<R: RngCore + CryptoRng, C: Ciphersuite>(
  rng: &mut R,
) -> HashMap<u16, ThresholdCore<C>> {
  let mut machines = HashMap::new();
  let mut commitments = HashMap::new();
  for i in 1 ..= PARTICIPANTS {
    let machine = KeyGenMachine::<C>::new(
      ThresholdParams::new(THRESHOLD, PARTICIPANTS, i).unwrap(),
      "DKG Test Key Generation".to_string(),
    );
    let (machine, these_commitments) = machine.generate_coefficients(rng);
    machines.insert(i, machine);

    commitments.insert(
      i,
      EncryptionKeyMessage::read::<&[u8]>(
        &mut these_commitments.serialize().as_ref(),
        ThresholdParams { t: THRESHOLD, n: PARTICIPANTS, i: 1 },
      )
      .unwrap(),
    );
  }

  let mut secret_shares = HashMap::new();
  let mut machines = machines
    .drain()
    .map(|(l, machine)| {
      let (machine, mut shares) =
        machine.generate_secret_shares(rng, clone_without(&commitments, &l)).unwrap();
      let shares = shares
        .drain()
        .map(|(l, share)| {
          (
            l,
            EncryptedMessage::read::<&[u8]>(
              &mut share.serialize().as_ref(),
              ThresholdParams { t: THRESHOLD, n: PARTICIPANTS, i: 1 },
            )
            .unwrap(),
          )
        })
        .collect::<HashMap<_, _>>();
      secret_shares.insert(l, shares);
      (l, machine)
    })
    .collect::<HashMap<_, _>>();

  let mut verification_shares = None;
  let mut group_key = None;
  machines
    .drain()
    .map(|(i, machine)| {
      let mut our_secret_shares = HashMap::new();
      for (l, shares) in &secret_shares {
        if i == *l {
          continue;
        }
        our_secret_shares.insert(*l, shares[&i].clone());
      }
      let these_keys = machine.complete(rng, our_secret_shares).unwrap();

      // Verify the verification_shares are agreed upon
      if verification_shares.is_none() {
        verification_shares = Some(these_keys.verification_shares());
      }
      assert_eq!(verification_shares.as_ref().unwrap(), &these_keys.verification_shares());

      // Verify the group keys are agreed upon
      if group_key.is_none() {
        group_key = Some(these_keys.group_key());
      }
      assert_eq!(group_key.unwrap(), these_keys.group_key());

      (i, these_keys)
    })
    .collect::<HashMap<_, _>>()
}
Create a dedicated crate for the DKG (#141) * Add dkg crate * Remove F_len and G_len They're generally no longer used. * Replace hash_to_vec with a provided method around associated type H: Digest Part of trying to minimize this trait so it can be moved elsewhere. Vec, which isn't std, may have been a blocker. * Encrypt secret shares within the FROST library Reduces requirements on callers in order to be correct. * Update usage of Zeroize within FROST * Inline functions in key_gen There was no reason to have them separated as they were. sign probably has the same statement available, yet that isn't the focus right now. * Add a ciphersuite package which provides hash_to_F * Set the Ciphersuite version to something valid * Have ed448 export Scalar/FieldElement/Point at the top level * Move FROST over to Ciphersuite * Correct usage of ff in ciphersuite * Correct documentation handling * Move Schnorr signatures to their own crate * Remove unused feature from schnorr * Fix Schnorr tests * Split DKG into a separate crate * Add serialize to Commitments and SecretShare Helper for buf = vec![]; .write(buf).unwrap(); buf * Move FROST over to the new dkg crate * Update Monero lib to latest FROST * Correct ethereum's usage of features * Add serialize to GeneratorProof * Add serialize helper function to FROST * Rename AddendumSerialize to WriteAddendum * Update processor * Slight fix to processor 2022-10-29 03:54:42 -05:00			`use std::collections::HashMap;`

			`use rand_core::{RngCore, CryptoRng};`

			`use crate::{`
			`Ciphersuite, ThresholdParams, ThresholdCore,`
Clean and document the DKG library's encryption Encryption used to be inlined into FROST. When writing the documentation, I realized it was decently hard to review. It also was antagonistic to other hosted DKG algorithms by not allowing code re-use. Encryption is now a standalone module, providing clear boundaries and reusability. Additionally, the DKG protocol itself used to use the ciphersuite's specified hash function (with an HKDF to prevent length extension attacks). Now, RecommendedTranscript is used to achieve much more robust transcripting and remove the HKDF dependency. This does add Blake2 into all consumers yet is preferred for its security properties and ease of review. 2022-12-07 17:20:20 -05:00			`frost::KeyGenMachine,`
			`encryption::{EncryptionKeyMessage, EncryptedMessage},`
Create a dedicated crate for the DKG (#141) * Add dkg crate * Remove F_len and G_len They're generally no longer used. * Replace hash_to_vec with a provided method around associated type H: Digest Part of trying to minimize this trait so it can be moved elsewhere. Vec, which isn't std, may have been a blocker. * Encrypt secret shares within the FROST library Reduces requirements on callers in order to be correct. * Update usage of Zeroize within FROST * Inline functions in key_gen There was no reason to have them separated as they were. sign probably has the same statement available, yet that isn't the focus right now. * Add a ciphersuite package which provides hash_to_F * Set the Ciphersuite version to something valid * Have ed448 export Scalar/FieldElement/Point at the top level * Move FROST over to Ciphersuite * Correct usage of ff in ciphersuite * Correct documentation handling * Move Schnorr signatures to their own crate * Remove unused feature from schnorr * Fix Schnorr tests * Split DKG into a separate crate * Add serialize to Commitments and SecretShare Helper for buf = vec![]; .write(buf).unwrap(); buf * Move FROST over to the new dkg crate * Update Monero lib to latest FROST * Correct ethereum's usage of features * Add serialize to GeneratorProof * Add serialize helper function to FROST * Rename AddendumSerialize to WriteAddendum * Update processor * Slight fix to processor 2022-10-29 03:54:42 -05:00			`tests::{THRESHOLD, PARTICIPANTS, clone_without},`
			`};`

			`/// Fully perform the FROST key generation algorithm.`
			`pub fn frost_gen<R: RngCore + CryptoRng, C: Ciphersuite>(`
			`rng: &mut R,`
			`) -> HashMap<u16, ThresholdCore<C>> {`
			`let mut machines = HashMap::new();`
			`let mut commitments = HashMap::new();`
			`for i in 1 ..= PARTICIPANTS {`
			`let machine = KeyGenMachine::<C>::new(`
			`ThresholdParams::new(THRESHOLD, PARTICIPANTS, i).unwrap(),`
			`"DKG Test Key Generation".to_string(),`
			`);`
			`let (machine, these_commitments) = machine.generate_coefficients(rng);`
			`machines.insert(i, machine);`

			`commitments.insert(`
			`i,`
Clean and document the DKG library's encryption Encryption used to be inlined into FROST. When writing the documentation, I realized it was decently hard to review. It also was antagonistic to other hosted DKG algorithms by not allowing code re-use. Encryption is now a standalone module, providing clear boundaries and reusability. Additionally, the DKG protocol itself used to use the ciphersuite's specified hash function (with an HKDF to prevent length extension attacks). Now, RecommendedTranscript is used to achieve much more robust transcripting and remove the HKDF dependency. This does add Blake2 into all consumers yet is preferred for its security properties and ease of review. 2022-12-07 17:20:20 -05:00			`EncryptionKeyMessage::read::<&[u8]>(`
Create a dedicated crate for the DKG (#141) * Add dkg crate * Remove F_len and G_len They're generally no longer used. * Replace hash_to_vec with a provided method around associated type H: Digest Part of trying to minimize this trait so it can be moved elsewhere. Vec, which isn't std, may have been a blocker. * Encrypt secret shares within the FROST library Reduces requirements on callers in order to be correct. * Update usage of Zeroize within FROST * Inline functions in key_gen There was no reason to have them separated as they were. sign probably has the same statement available, yet that isn't the focus right now. * Add a ciphersuite package which provides hash_to_F * Set the Ciphersuite version to something valid * Have ed448 export Scalar/FieldElement/Point at the top level * Move FROST over to Ciphersuite * Correct usage of ff in ciphersuite * Correct documentation handling * Move Schnorr signatures to their own crate * Remove unused feature from schnorr * Fix Schnorr tests * Split DKG into a separate crate * Add serialize to Commitments and SecretShare Helper for buf = vec![]; .write(buf).unwrap(); buf * Move FROST over to the new dkg crate * Update Monero lib to latest FROST * Correct ethereum's usage of features * Add serialize to GeneratorProof * Add serialize helper function to FROST * Rename AddendumSerialize to WriteAddendum * Update processor * Slight fix to processor 2022-10-29 03:54:42 -05:00			`&mut these_commitments.serialize().as_ref(),`
			`ThresholdParams { t: THRESHOLD, n: PARTICIPANTS, i: 1 },`
			`)`
			`.unwrap(),`
			`);`
			`}`

			`let mut secret_shares = HashMap::new();`
			`let mut machines = machines`
			`.drain()`
			`.map(\|(l, machine)\| {`
			`let (machine, mut shares) =`
			`machine.generate_secret_shares(rng, clone_without(&commitments, &l)).unwrap();`
			`let shares = shares`
			`.drain()`
			`.map(\|(l, share)\| {`
Clean and document the DKG library's encryption Encryption used to be inlined into FROST. When writing the documentation, I realized it was decently hard to review. It also was antagonistic to other hosted DKG algorithms by not allowing code re-use. Encryption is now a standalone module, providing clear boundaries and reusability. Additionally, the DKG protocol itself used to use the ciphersuite's specified hash function (with an HKDF to prevent length extension attacks). Now, RecommendedTranscript is used to achieve much more robust transcripting and remove the HKDF dependency. This does add Blake2 into all consumers yet is preferred for its security properties and ease of review. 2022-12-07 17:20:20 -05:00			`(`
			`l,`
			`EncryptedMessage::read::<&[u8]>(`
			`&mut share.serialize().as_ref(),`
			`ThresholdParams { t: THRESHOLD, n: PARTICIPANTS, i: 1 },`
			`)`
			`.unwrap(),`
			`)`
Create a dedicated crate for the DKG (#141) * Add dkg crate * Remove F_len and G_len They're generally no longer used. * Replace hash_to_vec with a provided method around associated type H: Digest Part of trying to minimize this trait so it can be moved elsewhere. Vec, which isn't std, may have been a blocker. * Encrypt secret shares within the FROST library Reduces requirements on callers in order to be correct. * Update usage of Zeroize within FROST * Inline functions in key_gen There was no reason to have them separated as they were. sign probably has the same statement available, yet that isn't the focus right now. * Add a ciphersuite package which provides hash_to_F * Set the Ciphersuite version to something valid * Have ed448 export Scalar/FieldElement/Point at the top level * Move FROST over to Ciphersuite * Correct usage of ff in ciphersuite * Correct documentation handling * Move Schnorr signatures to their own crate * Remove unused feature from schnorr * Fix Schnorr tests * Split DKG into a separate crate * Add serialize to Commitments and SecretShare Helper for buf = vec![]; .write(buf).unwrap(); buf * Move FROST over to the new dkg crate * Update Monero lib to latest FROST * Correct ethereum's usage of features * Add serialize to GeneratorProof * Add serialize helper function to FROST * Rename AddendumSerialize to WriteAddendum * Update processor * Slight fix to processor 2022-10-29 03:54:42 -05:00			`})`
			`.collect::<HashMap<_, _>>();`
			`secret_shares.insert(l, shares);`
			`(l, machine)`
			`})`
			`.collect::<HashMap<_, _>>();`

			`let mut verification_shares = None;`
			`let mut group_key = None;`
			`machines`
			`.drain()`
			`.map(\|(i, machine)\| {`
			`let mut our_secret_shares = HashMap::new();`
			`for (l, shares) in &secret_shares {`
			`if i == *l {`
			`continue;`
			`}`
			`our_secret_shares.insert(*l, shares[&i].clone());`
			`}`
			`let these_keys = machine.complete(rng, our_secret_shares).unwrap();`

			`// Verify the verification_shares are agreed upon`
			`if verification_shares.is_none() {`
			`verification_shares = Some(these_keys.verification_shares());`
			`}`
			`assert_eq!(verification_shares.as_ref().unwrap(), &these_keys.verification_shares());`

			`// Verify the group keys are agreed upon`
			`if group_key.is_none() {`
			`group_key = Some(these_keys.group_key());`
			`}`
			`assert_eq!(group_key.unwrap(), these_keys.group_key());`

			`(i, these_keys)`
			`})`
			`.collect::<HashMap<_, _>>()`
			`}`