Correct amount of yx coefficients, get processor key gen test to pass

crypto/dkg/src/evrf/mod.rs

@@ -489,7 +489,7 @@ impl<C: EvrfCurve> EvrfDkg<C> {
     // reconstruct the key regardless, this is safe to the threshold
     {
       let mut participating_weight = 0;
-      let mut evrf_public_keys = evrf_public_keys.to_vec();
+      let mut evrf_public_keys_mut = evrf_public_keys.to_vec();
       for i in valid.keys() {
         let evrf_public_key = evrf_public_keys[usize::from(u16::from(*i)) - 1];
 
@@ -502,9 +502,9 @@ impl<C: EvrfCurve> EvrfDkg<C> {
           all other participants, so this is still a key generated by an amount of participants who
           could simply reconstruct the key.
         */
-        let start_len = evrf_public_keys.len();
+        let start_len = evrf_public_keys_mut.len();
-        evrf_public_keys.retain(|key| *key != evrf_public_key);
+        evrf_public_keys_mut.retain(|key| *key != evrf_public_key);
-        let end_len = evrf_public_keys.len();
+        let end_len = evrf_public_keys_mut.len();
         let count = start_len - end_len;
 
         participating_weight += count;

crypto/dkg/src/tests/evrf/proof.rs

@@ -11,7 +11,7 @@ use ciphersuite::{
     ff::{FromUniformBytes, Field, PrimeField},
     Group,
   },
-  Ciphersuite,
+  Ciphersuite, Secp256k1, Ed25519, Ristretto,
 };
 use pasta_curves::{Ep, Eq, Fp, Fq};
 
@@ -59,7 +59,7 @@ impl DiscreteLogParameters for VestaParams {
   type ScalarBits = U<{ <<Vesta as Ciphersuite>::F as PrimeField>::NUM_BITS as usize }>;
   type XCoefficients = Quot<Sum<Self::ScalarBits, U1>, U2>;
   type XCoefficientsMinusOne = Diff<Self::XCoefficients, U1>;
-  type YxCoefficients = Diff<Quot<Sum<Self::ScalarBits, U1>, U2>, U2>;
+  type YxCoefficients = Diff<Quot<Sum<Sum<Self::ScalarBits, U1>, U1>, U2>, U2>;
 }
 
 impl EvrfCurve for Pallas {
@@ -67,37 +67,52 @@ impl EvrfCurve for Pallas {
   type EmbeddedCurveParameters = VestaParams;
 }
 
-#[test]
+fn evrf_proof_test<C: EvrfCurve>() {
-fn evrf_proof_pasta_test() {
   let generators = generators(1024);
-  let vesta_private_key = Zeroizing::new(<Vesta as Ciphersuite>::F::random(&mut OsRng));
+  let vesta_private_key = Zeroizing::new(<C::EmbeddedCurve as Ciphersuite>::F::random(&mut OsRng));
-  let ecdh_public_keys =
+  let ecdh_public_keys = [
-    [<Vesta as Ciphersuite>::G::random(&mut OsRng), <Vesta as Ciphersuite>::G::random(&mut OsRng)];
+    <C::EmbeddedCurve as Ciphersuite>::G::random(&mut OsRng),
+    <C::EmbeddedCurve as Ciphersuite>::G::random(&mut OsRng),
+  ];
   let time = Instant::now();
-  let res = Evrf::<Pallas>::prove(
+  let res =
-    &mut OsRng,
+    Evrf::<C>::prove(&mut OsRng, &generators, [0; 32], 1, &ecdh_public_keys, &vesta_private_key)
-    &generators,
-    [0; 32],
-    1,
-    &ecdh_public_keys,
-    &vesta_private_key,
-  )
       .unwrap();
   println!("Proving time: {:?}", time.elapsed());
 
   let time = Instant::now();
   let mut verifier = generators.batch_verifier();
-  dbg!(Evrf::<Pallas>::verify(
+  Evrf::<C>::verify(
     &mut OsRng,
     &generators,
     &mut verifier,
     [0; 32],
     1,
     &ecdh_public_keys,
-    Vesta::generator() * *vesta_private_key,
+    C::EmbeddedCurve::generator() * *vesta_private_key,
     &res.proof,
   )
-  .unwrap());
+  .unwrap();
   assert!(generators.verify(verifier));
   println!("Verifying time: {:?}", time.elapsed());
 }
+
+#[test]
+fn pallas_evrf_proof_test() {
+  evrf_proof_test::<Pallas>();
+}
+
+#[test]
+fn secp256k1_evrf_proof_test() {
+  evrf_proof_test::<Secp256k1>();
+}
+
+#[test]
+fn ed25519_evrf_proof_test() {
+  evrf_proof_test::<Ed25519>();
+}
+
+#[test]
+fn ristretto_evrf_proof_test() {
+  evrf_proof_test::<Ristretto>();
+}

crypto/evrf/divisors/src/lib.rs

@@ -29,6 +29,7 @@ pub trait DivisorCurve: Group {
   /// Section 2 of the security proofs define this modulus.
   ///
   /// This MUST NOT be overriden.
+  // TODO: Move to an extension trait
   fn divisor_modulus() -> Poly<Self::FieldElement> {
     Poly {
       // 0 y**1, 1 y*2

crypto/evrf/ec-gadgets/src/dlog.rs

@@ -30,8 +30,8 @@ pub trait DiscreteLogParameters {
 
   /// The amount of y x**i coefficients in a divisor.
   ///
-  /// This is the amount of points in a divisor (the amount of bits in a scalar, plus one) divided
+  /// This is the amount of points in a divisor (the amount of bits in a scalar, plus one) plus
-  /// by two, minus two.
+  /// one, divided by two, minus two.
   type YxCoefficients: ArrayLength;
 }
 

crypto/evrf/embedwards25519/src/lib.rs

@@ -43,5 +43,5 @@ impl generalized_bulletproofs_ec_gadgets::DiscreteLogParameters for Embedwards25
   type ScalarBits = U<{ Scalar::NUM_BITS as usize }>;
   type XCoefficients = Quot<Sum<Self::ScalarBits, U1>, U2>;
   type XCoefficientsMinusOne = Diff<Self::XCoefficients, U1>;
-  type YxCoefficients = Diff<Quot<Sum<Self::ScalarBits, U1>, U2>, U2>;
+  type YxCoefficients = Diff<Quot<Sum<Sum<Self::ScalarBits, U1>, U1>, U2>, U2>;
 }

crypto/evrf/secq256k1/src/lib.rs

@@ -43,5 +43,5 @@ impl generalized_bulletproofs_ec_gadgets::DiscreteLogParameters for Secq256k1 {
   type ScalarBits = U<{ Scalar::NUM_BITS as usize }>;
   type XCoefficients = Quot<Sum<Self::ScalarBits, U1>, U2>;
   type XCoefficientsMinusOne = Diff<Self::XCoefficients, U1>;
-  type YxCoefficients = Diff<Quot<Sum<Self::ScalarBits, U1>, U2>, U2>;
+  type YxCoefficients = Diff<Quot<Sum<Sum<Self::ScalarBits, U1>, U1>, U2>, U2>;
 }

processor/src/key_gen.rs

@@ -78,11 +78,13 @@ create_db!(
       HashMap<Participant, Vec<u8>>,
       HashMap<Participant, Vec<u8>>,
     ),
-    GeneratedKeysDb: (session: &Session) -> Vec<u8>,
+    // GeneratedKeysDb, KeysDb use `()` for their value as we manually serialize their values
+    // TODO: Don't do that
+    GeneratedKeysDb: (session: &Session) -> (),
     // These do assume a key is only used once across sets, which holds true if the threshold is
     // honest
     // TODO: Remove this assumption
-    KeysDb: (network_key: &[u8]) -> Vec<u8>,
+    KeysDb: (network_key: &[u8]) -> (),
     SessionDb: (network_key: &[u8]) -> Session,
     NetworkKeyDb: (session: Session) -> Vec<u8>,
   }
@@ -411,7 +413,7 @@ impl<N: Network, D: Db> KeyGen<N, D> {
             // If we've already generated these keys, we don't actually need to save these
             // participations and continue. We solely have to verify them, as to identify malicious
             // participants and prevent DoSs, before returning
-            if GeneratedKeysDb::get(txn, &session).is_some() {
+            if txn.get(GeneratedKeysDb::key(&session)).is_some() {
               info!("already finished generating a key for {:?}", session);
 
               match EvrfDkg::<Ristretto>::verify(
@@ -482,9 +484,9 @@ impl<N: Network, D: Db> KeyGen<N, D> {
         {
           let mut participating_weight = 0;
           // This uses the Substrate maps as the maps are kept in synchrony
-          let mut evrf_public_keys = substrate_evrf_public_keys.clone();
+          let mut evrf_public_keys_mut = substrate_evrf_public_keys.clone();
           for i in substrate_participations.keys() {
-            let evrf_public_key = evrf_public_keys[usize::from(u16::from(*i)) - 1];
+            let evrf_public_key = substrate_evrf_public_keys[usize::from(u16::from(*i)) - 1];
 
             // Remove this key from the Vec to prevent double-counting
             /*
@@ -495,9 +497,9 @@ impl<N: Network, D: Db> KeyGen<N, D> {
               the shares for themselves and all other participants, so this is still a key
               generated by an amount of participants who could simply reconstruct the key.
             */
-            let start_len = evrf_public_keys.len();
+            let start_len = evrf_public_keys_mut.len();
-            evrf_public_keys.retain(|key| *key != evrf_public_key);
+            evrf_public_keys_mut.retain(|key| *key != evrf_public_key);
-            let end_len = evrf_public_keys.len();
+            let end_len = evrf_public_keys_mut.len();
             let count = start_len - end_len;
 
             participating_weight += count;