diff --git a/crypto/dkg/src/evrf/mod.rs b/crypto/dkg/src/evrf/mod.rs index cad78984..b64435a7 100644 --- a/crypto/dkg/src/evrf/mod.rs +++ b/crypto/dkg/src/evrf/mod.rs @@ -489,7 +489,7 @@ impl EvrfDkg { // reconstruct the key regardless, this is safe to the threshold { let mut participating_weight = 0; - let mut evrf_public_keys = evrf_public_keys.to_vec(); + let mut evrf_public_keys_mut = evrf_public_keys.to_vec(); for i in valid.keys() { let evrf_public_key = evrf_public_keys[usize::from(u16::from(*i)) - 1]; @@ -502,9 +502,9 @@ impl EvrfDkg { all other participants, so this is still a key generated by an amount of participants who could simply reconstruct the key. */ - let start_len = evrf_public_keys.len(); - evrf_public_keys.retain(|key| *key != evrf_public_key); - let end_len = evrf_public_keys.len(); + let start_len = evrf_public_keys_mut.len(); + evrf_public_keys_mut.retain(|key| *key != evrf_public_key); + let end_len = evrf_public_keys_mut.len(); let count = start_len - end_len; participating_weight += count; diff --git a/crypto/dkg/src/tests/evrf/proof.rs b/crypto/dkg/src/tests/evrf/proof.rs index 8296ee8a..5750c6c4 100644 --- a/crypto/dkg/src/tests/evrf/proof.rs +++ b/crypto/dkg/src/tests/evrf/proof.rs @@ -11,7 +11,7 @@ use ciphersuite::{ ff::{FromUniformBytes, Field, PrimeField}, Group, }, - Ciphersuite, + Ciphersuite, Secp256k1, Ed25519, Ristretto, }; use pasta_curves::{Ep, Eq, Fp, Fq}; @@ -59,7 +59,7 @@ impl DiscreteLogParameters for VestaParams { type ScalarBits = U<{ <::F as PrimeField>::NUM_BITS as usize }>; type XCoefficients = Quot, U2>; type XCoefficientsMinusOne = Diff; - type YxCoefficients = Diff, U2>, U2>; + type YxCoefficients = Diff, U1>, U2>, U2>; } impl EvrfCurve for Pallas { @@ -67,37 +67,52 @@ impl EvrfCurve for Pallas { type EmbeddedCurveParameters = VestaParams; } -#[test] -fn evrf_proof_pasta_test() { +fn evrf_proof_test() { let generators = generators(1024); - let vesta_private_key = Zeroizing::new(::F::random(&mut OsRng)); - let ecdh_public_keys = - [::G::random(&mut OsRng), ::G::random(&mut OsRng)]; + let vesta_private_key = Zeroizing::new(::F::random(&mut OsRng)); + let ecdh_public_keys = [ + ::G::random(&mut OsRng), + ::G::random(&mut OsRng), + ]; let time = Instant::now(); - let res = Evrf::::prove( - &mut OsRng, - &generators, - [0; 32], - 1, - &ecdh_public_keys, - &vesta_private_key, - ) - .unwrap(); + let res = + Evrf::::prove(&mut OsRng, &generators, [0; 32], 1, &ecdh_public_keys, &vesta_private_key) + .unwrap(); println!("Proving time: {:?}", time.elapsed()); let time = Instant::now(); let mut verifier = generators.batch_verifier(); - dbg!(Evrf::::verify( + Evrf::::verify( &mut OsRng, &generators, &mut verifier, [0; 32], 1, &ecdh_public_keys, - Vesta::generator() * *vesta_private_key, + C::EmbeddedCurve::generator() * *vesta_private_key, &res.proof, ) - .unwrap()); + .unwrap(); assert!(generators.verify(verifier)); println!("Verifying time: {:?}", time.elapsed()); } + +#[test] +fn pallas_evrf_proof_test() { + evrf_proof_test::(); +} + +#[test] +fn secp256k1_evrf_proof_test() { + evrf_proof_test::(); +} + +#[test] +fn ed25519_evrf_proof_test() { + evrf_proof_test::(); +} + +#[test] +fn ristretto_evrf_proof_test() { + evrf_proof_test::(); +} diff --git a/crypto/evrf/divisors/src/lib.rs b/crypto/evrf/divisors/src/lib.rs index 08091553..d71aa8a4 100644 --- a/crypto/evrf/divisors/src/lib.rs +++ b/crypto/evrf/divisors/src/lib.rs @@ -29,6 +29,7 @@ pub trait DivisorCurve: Group { /// Section 2 of the security proofs define this modulus. /// /// This MUST NOT be overriden. + // TODO: Move to an extension trait fn divisor_modulus() -> Poly { Poly { // 0 y**1, 1 y*2 diff --git a/crypto/evrf/ec-gadgets/src/dlog.rs b/crypto/evrf/ec-gadgets/src/dlog.rs index d20c39c8..ef4b8c83 100644 --- a/crypto/evrf/ec-gadgets/src/dlog.rs +++ b/crypto/evrf/ec-gadgets/src/dlog.rs @@ -30,8 +30,8 @@ pub trait DiscreteLogParameters { /// The amount of y x**i coefficients in a divisor. /// - /// This is the amount of points in a divisor (the amount of bits in a scalar, plus one) divided - /// by two, minus two. + /// This is the amount of points in a divisor (the amount of bits in a scalar, plus one) plus + /// one, divided by two, minus two. type YxCoefficients: ArrayLength; } diff --git a/crypto/evrf/embedwards25519/src/lib.rs b/crypto/evrf/embedwards25519/src/lib.rs index 0c9ac6bb..858f4ada 100644 --- a/crypto/evrf/embedwards25519/src/lib.rs +++ b/crypto/evrf/embedwards25519/src/lib.rs @@ -43,5 +43,5 @@ impl generalized_bulletproofs_ec_gadgets::DiscreteLogParameters for Embedwards25 type ScalarBits = U<{ Scalar::NUM_BITS as usize }>; type XCoefficients = Quot, U2>; type XCoefficientsMinusOne = Diff; - type YxCoefficients = Diff, U2>, U2>; + type YxCoefficients = Diff, U1>, U2>, U2>; } diff --git a/crypto/evrf/secq256k1/src/lib.rs b/crypto/evrf/secq256k1/src/lib.rs index 8e157844..b59078af 100644 --- a/crypto/evrf/secq256k1/src/lib.rs +++ b/crypto/evrf/secq256k1/src/lib.rs @@ -43,5 +43,5 @@ impl generalized_bulletproofs_ec_gadgets::DiscreteLogParameters for Secq256k1 { type ScalarBits = U<{ Scalar::NUM_BITS as usize }>; type XCoefficients = Quot, U2>; type XCoefficientsMinusOne = Diff; - type YxCoefficients = Diff, U2>, U2>; + type YxCoefficients = Diff, U1>, U2>, U2>; } diff --git a/processor/src/key_gen.rs b/processor/src/key_gen.rs index 7fb60b39..a059c350 100644 --- a/processor/src/key_gen.rs +++ b/processor/src/key_gen.rs @@ -78,11 +78,13 @@ create_db!( HashMap>, HashMap>, ), - GeneratedKeysDb: (session: &Session) -> Vec, + // GeneratedKeysDb, KeysDb use `()` for their value as we manually serialize their values + // TODO: Don't do that + GeneratedKeysDb: (session: &Session) -> (), // These do assume a key is only used once across sets, which holds true if the threshold is // honest // TODO: Remove this assumption - KeysDb: (network_key: &[u8]) -> Vec, + KeysDb: (network_key: &[u8]) -> (), SessionDb: (network_key: &[u8]) -> Session, NetworkKeyDb: (session: Session) -> Vec, } @@ -411,7 +413,7 @@ impl KeyGen { // If we've already generated these keys, we don't actually need to save these // participations and continue. We solely have to verify them, as to identify malicious // participants and prevent DoSs, before returning - if GeneratedKeysDb::get(txn, &session).is_some() { + if txn.get(GeneratedKeysDb::key(&session)).is_some() { info!("already finished generating a key for {:?}", session); match EvrfDkg::::verify( @@ -482,9 +484,9 @@ impl KeyGen { { let mut participating_weight = 0; // This uses the Substrate maps as the maps are kept in synchrony - let mut evrf_public_keys = substrate_evrf_public_keys.clone(); + let mut evrf_public_keys_mut = substrate_evrf_public_keys.clone(); for i in substrate_participations.keys() { - let evrf_public_key = evrf_public_keys[usize::from(u16::from(*i)) - 1]; + let evrf_public_key = substrate_evrf_public_keys[usize::from(u16::from(*i)) - 1]; // Remove this key from the Vec to prevent double-counting /* @@ -495,9 +497,9 @@ impl KeyGen { the shares for themselves and all other participants, so this is still a key generated by an amount of participants who could simply reconstruct the key. */ - let start_len = evrf_public_keys.len(); - evrf_public_keys.retain(|key| *key != evrf_public_key); - let end_len = evrf_public_keys.len(); + let start_len = evrf_public_keys_mut.len(); + evrf_public_keys_mut.retain(|key| *key != evrf_public_key); + let end_len = evrf_public_keys_mut.len(); let count = start_len - end_len; participating_weight += count;