From 3284c6bb4e8e4f0a6714ee692074a66ad843f5ba Mon Sep 17 00:00:00 2001 From: maclane Date: Thu, 21 May 2026 11:27:19 -0500 Subject: [PATCH 1/2] Remove unused EdDSA and resharing protocols --- BNB_HARDENING_INTEGRATION.md | 33 +- Makefile | 3 +- README.md | 31 +- crypto/ecpoint.go | 15 - crypto/ecpoint_test.go | 16 +- crypto/mta/share_protocol_test.go | 3 +- ecdsa/keygen/test_utils.go | 2 +- ecdsa/resharing/ecdsa-resharing.pb.go | 1039 ---------------------- ecdsa/resharing/local_party.go | 187 ---- ecdsa/resharing/local_party_test.go | 299 ------- ecdsa/resharing/messages.go | 440 --------- ecdsa/resharing/messages_test.go | 260 ------ ecdsa/resharing/round_1_old_step_1.go | 154 ---- ecdsa/resharing/round_2_new_step_1.go | 193 ---- ecdsa/resharing/round_3_old_step_2.go | 88 -- ecdsa/resharing/round_4_new_step_2.go | 300 ------- ecdsa/resharing/round_5_new_step_3.go | 149 ---- ecdsa/resharing/round_6_new_step_4.go | 56 -- ecdsa/resharing/rounds.go | 156 ---- eddsa/keygen/eddsa-keygen.pb.go | 310 ------- eddsa/keygen/local_party.go | 163 ---- eddsa/keygen/local_party_test.go | 263 ------ eddsa/keygen/messages.go | 126 --- eddsa/keygen/round_1.go | 126 --- eddsa/keygen/round_2.go | 97 -- eddsa/keygen/round_3.go | 213 ----- eddsa/keygen/rounds.go | 95 -- eddsa/keygen/save_data.go | 62 -- eddsa/keygen/test_utils.go | 117 --- eddsa/resharing/eddsa-resharing.pb.go | 407 --------- eddsa/resharing/local_party.go | 168 ---- eddsa/resharing/local_party_test.go | 257 ------ eddsa/resharing/messages.go | 170 ---- eddsa/resharing/round_1_old_step_1.go | 127 --- eddsa/resharing/round_2_new_step_1.go | 72 -- eddsa/resharing/round_3_old_step_2.go | 90 -- eddsa/resharing/round_4_new_step_2.go | 161 ---- eddsa/resharing/round_5_new_step_3.go | 50 -- eddsa/resharing/rounds.go | 135 --- eddsa/signing/eddsa-signing.pb.go | 310 ------- eddsa/signing/finalize.go | 77 -- eddsa/signing/local_party.go | 203 ----- eddsa/signing/local_party_test.go | 263 ------ eddsa/signing/messages.go | 131 --- eddsa/signing/prepare.go | 44 - eddsa/signing/round_1.go | 118 --- eddsa/signing/round_2.go | 75 -- eddsa/signing/round_3.go | 132 --- eddsa/signing/rounds.go | 116 --- eddsa/signing/utils.go | 128 --- go.mod | 4 - go.sum | 4 - protob/ecdsa-resharing.proto | 102 --- protob/eddsa-keygen.proto | 33 - protob/eddsa-resharing.proto | 44 - protob/eddsa-signing.proto | 33 - protob/message.proto | 4 +- test/_eddsa_fixtures/keygen_data_0.json | 1 - test/_eddsa_fixtures/keygen_data_1.json | 1 - test/_eddsa_fixtures/keygen_data_10.json | 1 - test/_eddsa_fixtures/keygen_data_11.json | 1 - test/_eddsa_fixtures/keygen_data_12.json | 1 - test/_eddsa_fixtures/keygen_data_13.json | 1 - test/_eddsa_fixtures/keygen_data_14.json | 1 - test/_eddsa_fixtures/keygen_data_15.json | 1 - test/_eddsa_fixtures/keygen_data_16.json | 1 - test/_eddsa_fixtures/keygen_data_17.json | 1 - test/_eddsa_fixtures/keygen_data_18.json | 1 - test/_eddsa_fixtures/keygen_data_19.json | 1 - test/_eddsa_fixtures/keygen_data_2.json | 1 - test/_eddsa_fixtures/keygen_data_3.json | 1 - test/_eddsa_fixtures/keygen_data_4.json | 1 - test/_eddsa_fixtures/keygen_data_5.json | 1 - test/_eddsa_fixtures/keygen_data_6.json | 1 - test/_eddsa_fixtures/keygen_data_7.json | 1 - test/_eddsa_fixtures/keygen_data_8.json | 1 - test/_eddsa_fixtures/keygen_data_9.json | 1 - test/config.go | 2 +- tss/curve.go | 7 - tss/message.go | 12 +- tss/message.pb.go | 4 +- tss/params.go | 89 +- 82 files changed, 51 insertions(+), 8537 deletions(-) delete mode 100644 ecdsa/resharing/ecdsa-resharing.pb.go delete mode 100644 ecdsa/resharing/local_party.go delete mode 100644 ecdsa/resharing/local_party_test.go delete mode 100644 ecdsa/resharing/messages.go delete mode 100644 ecdsa/resharing/messages_test.go delete mode 100644 ecdsa/resharing/round_1_old_step_1.go delete mode 100644 ecdsa/resharing/round_2_new_step_1.go delete mode 100644 ecdsa/resharing/round_3_old_step_2.go delete mode 100644 ecdsa/resharing/round_4_new_step_2.go delete mode 100644 ecdsa/resharing/round_5_new_step_3.go delete mode 100644 ecdsa/resharing/round_6_new_step_4.go delete mode 100644 ecdsa/resharing/rounds.go delete mode 100644 eddsa/keygen/eddsa-keygen.pb.go delete mode 100644 eddsa/keygen/local_party.go delete mode 100644 eddsa/keygen/local_party_test.go delete mode 100644 eddsa/keygen/messages.go delete mode 100644 eddsa/keygen/round_1.go delete mode 100644 eddsa/keygen/round_2.go delete mode 100644 eddsa/keygen/round_3.go delete mode 100644 eddsa/keygen/rounds.go delete mode 100644 eddsa/keygen/save_data.go delete mode 100644 eddsa/keygen/test_utils.go delete mode 100644 eddsa/resharing/eddsa-resharing.pb.go delete mode 100644 eddsa/resharing/local_party.go delete mode 100644 eddsa/resharing/local_party_test.go delete mode 100644 eddsa/resharing/messages.go delete mode 100644 eddsa/resharing/round_1_old_step_1.go delete mode 100644 eddsa/resharing/round_2_new_step_1.go delete mode 100644 eddsa/resharing/round_3_old_step_2.go delete mode 100644 eddsa/resharing/round_4_new_step_2.go delete mode 100644 eddsa/resharing/round_5_new_step_3.go delete mode 100644 eddsa/resharing/rounds.go delete mode 100644 eddsa/signing/eddsa-signing.pb.go delete mode 100644 eddsa/signing/finalize.go delete mode 100644 eddsa/signing/local_party.go delete mode 100644 eddsa/signing/local_party_test.go delete mode 100644 eddsa/signing/messages.go delete mode 100644 eddsa/signing/prepare.go delete mode 100644 eddsa/signing/round_1.go delete mode 100644 eddsa/signing/round_2.go delete mode 100644 eddsa/signing/round_3.go delete mode 100644 eddsa/signing/rounds.go delete mode 100644 eddsa/signing/utils.go delete mode 100644 protob/ecdsa-resharing.proto delete mode 100644 protob/eddsa-keygen.proto delete mode 100644 protob/eddsa-resharing.proto delete mode 100644 protob/eddsa-signing.proto delete mode 100644 test/_eddsa_fixtures/keygen_data_0.json delete mode 100644 test/_eddsa_fixtures/keygen_data_1.json delete mode 100644 test/_eddsa_fixtures/keygen_data_10.json delete mode 100644 test/_eddsa_fixtures/keygen_data_11.json delete mode 100644 test/_eddsa_fixtures/keygen_data_12.json delete mode 100644 test/_eddsa_fixtures/keygen_data_13.json delete mode 100644 test/_eddsa_fixtures/keygen_data_14.json delete mode 100644 test/_eddsa_fixtures/keygen_data_15.json delete mode 100644 test/_eddsa_fixtures/keygen_data_16.json delete mode 100644 test/_eddsa_fixtures/keygen_data_17.json delete mode 100644 test/_eddsa_fixtures/keygen_data_18.json delete mode 100644 test/_eddsa_fixtures/keygen_data_19.json delete mode 100644 test/_eddsa_fixtures/keygen_data_2.json delete mode 100644 test/_eddsa_fixtures/keygen_data_3.json delete mode 100644 test/_eddsa_fixtures/keygen_data_4.json delete mode 100644 test/_eddsa_fixtures/keygen_data_5.json delete mode 100644 test/_eddsa_fixtures/keygen_data_6.json delete mode 100644 test/_eddsa_fixtures/keygen_data_7.json delete mode 100644 test/_eddsa_fixtures/keygen_data_8.json delete mode 100644 test/_eddsa_fixtures/keygen_data_9.json diff --git a/BNB_HARDENING_INTEGRATION.md b/BNB_HARDENING_INTEGRATION.md index cea9bfc9c..453c2e812 100644 --- a/BNB_HARDENING_INTEGRATION.md +++ b/BNB_HARDENING_INTEGRATION.md @@ -6,10 +6,11 @@ - BNB upstream head compared: `3f677ff761fcf692edb0243a5d812930844d879a` - Common ancestor: `afbe264b44b63155a864dbe0171040c66e442963` - Goal: port applicable security and correctness hardening without replacing Threshold's Paillier/NTilde remediation or weakening `ModProof`/`FactorProof`. +- Follow-up cleanup: this fork now retains only the ECDSA keygen/signing protocol surface used by Threshold/tBTC. EdDSA and resharing protocol packages, generated messages, and fixtures were removed to reduce unused attack surface. ## Compatibility Notice -This is a protocol/wire compatibility break for proof transcripts. Proofs whose Fiat-Shamir challenges now use tagged hashing or session context will not verify across mixed old/new versions, even where the Go API remains source-compatible through variadic arguments. Operators should roll this out as a coordinated protocol upgrade rather than mixing parties from before and after this PR in the same keygen, signing, or resharing ceremony. +This is a protocol/wire compatibility break for proof transcripts. Proofs whose Fiat-Shamir challenges now use tagged hashing or session context will not verify across mixed old/new versions, even where the Go API remains source-compatible through variadic arguments. Operators should roll this out as a coordinated protocol upgrade rather than mixing parties from before and after this PR in the same keygen or signing ceremony. ## Ported Or Manually Adapted @@ -17,21 +18,20 @@ This is a protocol/wire compatibility break for proof transcripts. Proofs whose - `1a14f3a` / PR `#256`, ECDSA proof session byte: manually adapted proof-session APIs for DLN, Schnorr, MtA, Paillier mod proof, and factor proof. Public callers remain source-compatible through variadic session parameters, but generated proof transcripts are not wire-compatible with old versions. - `ff989bf` / PR `#257`, tagged hash encoding: ported length-delimited tagged hashing as `common.SHA512_256i_TAGGED`. - `f3aad28` / PR `#276`, nil `String()` panic: ported `BaseParty.String()` nil-round guard. -- `409542e` / PR `#282`, round update correctness: ported the `round.ok` accumulation fix for all non-terminal ECDSA/EdDSA keygen, signing, and resharing rounds, plus the resharing party-0 broadcast nil guard. -- `9acd90b`, `2f294cf`, `6b92e7d`, `c0de534` / PR `#284`, leading-zero message signing: manually adapted for ECDSA and EdDSA with variadic `fullBytesLen` parameters that are now required at runtime and bounded to the curve order byte length. EdDSA now also hashes the full-length message bytes in round 3. +- `409542e` / PR `#282`, round update correctness: ported the `round.ok` accumulation fix for all non-terminal ECDSA keygen and signing rounds. +- `9acd90b`, `2f294cf`, `6b92e7d`, `c0de534` / PR `#284`, leading-zero message signing: manually adapted for ECDSA with a variadic `fullBytesLen` parameter that is now required at runtime and bounded to the curve order byte length. - `843de68` / PR `#291`, VSS threshold-size validation: ported `len(vs) == threshold+1` verification and added test coverage. - `5d01446` / PR `#289`, range-proof update: ported MtA range-proof GCD, interval, lower-bound, non-one, and tagged challenge checks. -- `4878da5` / PR `#324`, VSS reconstruction fix: ported `threshold+1` reconstruction requirement and updated ECDSA/EdDSA keygen fixture tests. +- `4878da5` / PR `#324`, VSS reconstruction fix: ported `threshold+1` reconstruction requirement and updated ECDSA keygen fixture tests. - `b59ed36`, session context for DLN and MtA proofs: manually adapted with optional session contexts and focused replay/session-mismatch tests. -- `fc38979`, GG20 SSID uniqueness: ported `tss.Parameters.SessionNonce` / `SetSessionNonce`, added `SetSessionNonceBytes` (requires session IDs of at least 16 bytes), and wired ECDSA/EdDSA keygen/signing plus ECDSA resharing SSID derivation. Keygen, ECDSA resharing, and signing now require a positive `SetSessionNonce` and fail closed if it is not set — the previous zero fallback (keygen/resharing) and SHA512_256(messageBytes) fallback (signing) caused two ceremonies with otherwise-identical inputs to derive the same SSID, breaking the session-binding property the proofs rely on. +- `fc38979`, GG20 SSID uniqueness: ported `tss.Parameters.SessionNonce` / `SetSessionNonce`, added `SetSessionNonceBytes` (requires session IDs of at least 16 bytes), and wired ECDSA keygen/signing SSID derivation. Keygen and signing now require a positive `SetSessionNonce` and fail closed if it is not set — the previous zero fallback (keygen) and SHA512_256(messageBytes) fallback (signing) caused two ceremonies with otherwise-identical inputs to derive the same SSID, breaking the session-binding property the proofs rely on. - `685c2af`, canonical EC coordinates: ported rejection of EC coordinates outside `[0, P)`. -- `5d0d0f3`, EdDSA nil-pointer fix: ported by checking `NewECPoint` errors before `EightInvEight()`. - Post-review cleanup: party-specific proof contexts now append fixed-width uint64 party indexes so party 0 does not collapse to the bare SSID. The earlier signing default that derived an SSID nonce from full message bytes has been removed in favour of the fail-closed requirement above; the helpers that produced it (`messageBytes`, `messageSessionNonce`) are gone with it. ## Already Covered Or Superseded - `c84c096` / PR `#323`, modproof checker: Threshold's Paillier proof implementation already had the key Jacobi/non-prime validation from its GHSA-h24c-6p6p-m3vx remediation. Threshold's stronger `ModProof` coverage for both Paillier `N` and `NTilde` was kept. -- `e0e4299`, EdDSA keygen error aggregation: current Threshold code already had the corrected behavior. +- `e0e4299`, EdDSA keygen error aggregation: no longer applicable after EdDSA package removal. - `0629cff`, `773b6af`, `b7b73a0`, `27922e0`, `4c83ace`, `c8136c9`, `8a87b22`, `f67a429`, `002397d`, `28d0622`, `bddf60d`: style, comment, logging, gofmt, minor optimization, or merge-only changes with no security behavior to port. ## Skipped @@ -46,19 +46,17 @@ This is a protocol/wire compatibility break for proof transcripts. Proofs whose ## Semantic Differences From BNB - Threshold's Paillier/NTilde `ModProof` and `FactorProof` remediation was retained. No BNB no-proof escape hatches were introduced. -- Session parameters were added as variadic arguments to preserve existing public call sites. This is API source-compatible for callers, but not wire-compatible for proof transcripts; callers must set `Parameters.SessionNonce()` before starting keygen, signing, or ECDSA resharing. -- ECDSA/EdDSA signing constructors still accept `fullBytesLen` as a variadic argument for source compatibility, but exactly one positive value is required at runtime so all signers agree on message byte width before the protocol starts. -- Keygen, signing, and ECDSA resharing SSIDs use `Parameters.SessionNonce()`. Callers must provide a unique agreed nonce, for example via `SetSessionNonceBytes`, for every ceremony. -- ECDSA resharing now broadcasts the locally-derived SSID in `DGRound1Message` so the new committee can reject old-committee broadcasts whose SSID differs from the local protocol context. +- Session parameters were added as variadic arguments to preserve existing public call sites. This is API source-compatible for callers, but not wire-compatible for proof transcripts; callers must set `Parameters.SessionNonce()` before starting keygen or signing. +- The ECDSA signing constructor still accepts `fullBytesLen` as a variadic argument for source compatibility, but exactly one positive value is required at runtime so all signers agree on message byte width before the protocol starts. +- Keygen and signing SSIDs use `Parameters.SessionNonce()`. Callers must provide a unique agreed nonce, for example via `SetSessionNonceBytes`, for every ceremony. - `common.RejectionSample` keeps BNB's function name for porting clarity, but this implementation is modular reduction rather than a looping rejection sampler. - Constant-time operations are not included and remain a residual follow-up. +- EdDSA and resharing protocol packages are intentionally removed in this fork because Threshold/tBTC does not use them. ## Tests -- `go test ./crypto/... ./ecdsa/keygen ./ecdsa/signing ./eddsa/signing` passed. -- `go test ./eddsa/keygen ./eddsa/resharing` passed after updating EdDSA VSS threshold tests and resharing nil guard. -- `go test ./ecdsa/resharing` passed after the analogous resharing guard. -- `go test ./common ./crypto/paillier ./crypto/mta ./ecdsa/keygen ./ecdsa/resharing ./ecdsa/signing ./eddsa/keygen ./eddsa/signing ./eddsa/resharing` passed after review fixes. +- `go test ./crypto/... ./ecdsa/keygen ./ecdsa/signing` passed. +- `go test ./common ./crypto/paillier ./crypto/mta ./ecdsa/keygen ./ecdsa/signing` passed after review fixes. - `go test ./...` passed. - `go vet ./...` passed. @@ -71,10 +69,9 @@ Added or updated focused tests cover: - ProofBob and ProofBobWC session mismatch/replay failures. - VSS `threshold+1` verification/reconstruction behavior. - Non-canonical EC coordinate rejection. -- ECDSA and EdDSA leading-zero message signing. +- ECDSA leading-zero message signing. ## Residual Risks -- Applications must call `SetSessionNonce` or `SetSessionNonceBytes` before keygen, signing, and ECDSA resharing; those protocols now fail closed without it. +- Applications must call `SetSessionNonce` or `SetSessionNonceBytes` before keygen and signing; those protocols now fail closed without it. - The optional constant-time upstream work is not integrated. -- EdDSA resharing has no SSID-bound proof transcript in this port. diff --git a/Makefile b/Makefile index 164a0a31e..f0b28c673 100644 --- a/Makefile +++ b/Makefile @@ -8,7 +8,7 @@ all: protob test protob: @echo "--> Building Protocol Buffers" - @for protocol in message signature ecdsa-keygen ecdsa-signing ecdsa-resharing eddsa-keygen eddsa-signing eddsa-resharing; do \ + @for protocol in message signature ecdsa-keygen ecdsa-signing; do \ echo "Generating $$protocol.pb.go" ; \ protoc --go_out=. ./protob/$$protocol.proto ; \ done @@ -43,4 +43,3 @@ pre_commit: build test # # unless there is a reason not to. # # https://www.gnu.org/software/make/manual/html_node/Phony-Targets.html .PHONY: protob build test_unit test_unit_race test - diff --git a/README.md b/README.md index d0f48ff3b..5156cbba5 100644 --- a/README.md +++ b/README.md @@ -13,20 +13,17 @@ Permissively MIT Licensed. Note! This is a library for developers. You may find a TSS tool that you can use with the Binance Chain CLI [here](https://docs.binance.org/tss.html). ## Introduction -This is an implementation of multi-party {t,n}-threshold ECDSA (Elliptic Curve Digital Signature Algorithm) based on Gennaro and Goldfeder CCS 2018 [1] and EdDSA (Edwards-curve Digital Signature Algorithm) following a similar approach. +This Threshold-maintained fork is an implementation of multi-party {t,n}-threshold ECDSA (Elliptic Curve Digital Signature Algorithm) based on Gennaro and Goldfeder CCS 2018 [1]. -This library includes three protocols: +This fork includes the protocols used by Threshold/tBTC: * Key Generation for creating secret shares with no trusted dealer ("keygen"). * Signing for using the secret shares to generate a signature ("signing"). -* Dynamic Groups to change the group of participants while keeping the secret ("resharing"). ⚠️ Do not miss [these important notes](#how-to-use-this-securely) on implementing this library securely ## Rationale -ECDSA is used extensively for crypto-currencies such as Bitcoin, Ethereum (secp256k1 curve), NEO (NIST P-256 curve) and many more. - -EdDSA is used extensively for crypto-currencies such as Cardano, Aeternity, Stellar Lumens and many more. +ECDSA is used extensively for crypto-currencies such as Bitcoin, Ethereum (secp256k1 curve), NEO (NIST P-256 curve) and many more. For such currencies this technique may be used to create crypto wallets where multiple parties must collaborate to sign transactions. See [MultiSig Use Cases](https://en.bitcoin.it/wiki/Multisignature#Multisignature_Applications) @@ -39,7 +36,7 @@ There is also a performance bonus in that blockchain nodes may check the validit ## Usage You should start by creating an instance of a `LocalParty` and giving it the arguments that it needs. -The `LocalParty` that you use should be from the `keygen`, `signing` or `resharing` package depending on what you want to do. +The `LocalParty` that you use should be from the `keygen` or `signing` package depending on what you want to do. ### Setup ```go @@ -57,11 +54,8 @@ parties := tss.SortPartyIDs(getParticipantPartyIDs()) thisParty := tss.NewPartyID(id, moniker, uniqueKey) ctx := tss.NewPeerContext(parties) -// Select an elliptic curve -// use ECDSA +// Select an elliptic curve. curve := tss.S256() -// or use EdDSA -// curve := tss.Edwards() params := tss.NewParameters(curve, ctx, thisParty, len(parties), threshold) @@ -97,21 +91,6 @@ go func() { }() ``` -### Re-Sharing -Use the `resharing.LocalParty` to re-distribute the secret shares. The save data received through the `endCh` should overwrite the existing key data in storage, or write new data if the party is receiving a new share. - -Please note that `ReSharingParameters` is used to give this Party more context about the re-sharing that should be carried out. - -```go -party := resharing.NewLocalParty(params, ourKeyData, outCh, endCh) -go func() { - err := party.Start() - // handle err ... -}() -``` - -⚠️ During re-sharing the key data may be modified during the rounds. Do not ever overwrite any data saved on disk until the final struct has been received through the `end` channel. - ## Messaging In these examples the `outCh` will collect outgoing messages from the party and the `endCh` will receive save data or a signature when the protocol is complete. diff --git a/crypto/ecpoint.go b/crypto/ecpoint.go index b7ae8eb3a..6e16c9d08 100644 --- a/crypto/ecpoint.go +++ b/crypto/ecpoint.go @@ -16,8 +16,6 @@ import ( "fmt" "math/big" - "github.com/decred/dcrd/dcrec/edwards/v2" - "github.com/bnb-chain/tss-lib/tss" ) @@ -27,11 +25,6 @@ type ECPoint struct { coords [2]*big.Int } -var ( - eight = big.NewInt(8) - eightInv = new(big.Int).ModInverse(eight, edwards.Edwards().Params().N) -) - // Creates a new ECPoint and checks that the given coordinates are on the elliptic curve. func NewECPoint(curve elliptic.Curve, X, Y *big.Int) (*ECPoint, error) { if !isOnCurve(curve, X, Y) { @@ -109,14 +102,6 @@ func (p *ECPoint) ValidateBasic() bool { return p != nil && p.coords[0] != nil && p.coords[1] != nil && p.IsOnCurve() } -func (p *ECPoint) EightInvEight() *ECPoint { - q := p.ScalarMult(eight) - if q == nil { - return nil - } - return q.ScalarMult(eightInv) -} - func ScalarBaseMult(curve elliptic.Curve, k *big.Int) *ECPoint { if curve == nil || k == nil { return nil diff --git a/crypto/ecpoint_test.go b/crypto/ecpoint_test.go index cb9f0c29e..3d02eda63 100644 --- a/crypto/ecpoint_test.go +++ b/crypto/ecpoint_test.go @@ -7,6 +7,7 @@ package crypto_test import ( + "crypto/elliptic" "encoding/hex" "encoding/json" "math/big" @@ -14,7 +15,6 @@ import ( "testing" "github.com/btcsuite/btcd/btcec" - "github.com/decred/dcrd/dcrec/edwards/v2" "github.com/stretchr/testify/assert" . "github.com/bnb-chain/tss-lib/crypto" @@ -163,16 +163,12 @@ func TestS256EcpointJsonSerialization(t *testing.T) { assert.True(t, reflect.TypeOf(point.Curve()) == reflect.TypeOf(umpoint.Curve())) } -func TestEdwardsEcpointJsonSerialization(t *testing.T) { - ec := edwards.Edwards() - tss.RegisterCurve("ed25519", ec) +func TestP256EcpointJsonSerialization(t *testing.T) { + ec := elliptic.P256() + tss.RegisterCurve("p256", ec) - pubKeyBytes, err := hex.DecodeString("ae1e5bf5f3d6bf58b5c222088671fcbe78b437e28fae944c793897b26091f249") - assert.NoError(t, err) - pbk, err := edwards.ParsePubKey(pubKeyBytes) - assert.NoError(t, err) - - point, err := NewECPoint(ec, pbk.X, pbk.Y) + x, y := ec.ScalarBaseMult(big.NewInt(1).Bytes()) + point, err := NewECPoint(ec, x, y) assert.NoError(t, err) bz, err := json.Marshal(point) assert.NoError(t, err) diff --git a/crypto/mta/share_protocol_test.go b/crypto/mta/share_protocol_test.go index 5bff62c99..f581adb44 100644 --- a/crypto/mta/share_protocol_test.go +++ b/crypto/mta/share_protocol_test.go @@ -8,6 +8,7 @@ package mta import ( "context" + "crypto/elliptic" "math/big" "testing" "time" @@ -138,7 +139,7 @@ func TestShareProtocolWC(t *testing.T) { badV.V = big.NewInt(0) assert.False(t, badV.Verify(tss.EC(), pk, NTildei, h1i, h2i, cA, cB, gBPoint), "V equal to zero must fail") - wrongCurveX := crypto.NewECPointNoCurveCheck(tss.Edwards(), gBPoint.X(), gBPoint.Y()) + wrongCurveX := crypto.NewECPointNoCurveCheck(elliptic.P256(), gBPoint.X(), gBPoint.Y()) assert.False(t, pfB.Verify(tss.EC(), pk, NTildei, h1i, h2i, cA, cB, wrongCurveX), "X on a different curve must fail") alpha, err := AliceEndWC(tss.EC(), pk, pfB, gBPoint, cA, cB, NTildei, h1i, h2i, sk) diff --git a/ecdsa/keygen/test_utils.go b/ecdsa/keygen/test_utils.go index 85aa117c2..cd07ae1bf 100644 --- a/ecdsa/keygen/test_utils.go +++ b/ecdsa/keygen/test_utils.go @@ -24,7 +24,7 @@ import ( const ( // To change these parameters, you must first delete the text fixture files in test/_fixtures/ and then run the keygen test alone. - // Then the signing and resharing tests will work with the new n, t configuration using the newly written fixture files. + // Then the signing tests will work with the new n, t configuration using the newly written fixture files. TestParticipants = test.TestParticipants TestThreshold = test.TestParticipants / 2 ) diff --git a/ecdsa/resharing/ecdsa-resharing.pb.go b/ecdsa/resharing/ecdsa-resharing.pb.go deleted file mode 100644 index 54d6858e6..000000000 --- a/ecdsa/resharing/ecdsa-resharing.pb.go +++ /dev/null @@ -1,1039 +0,0 @@ -// Copyright © 2019 Binance -// -// This file is part of Binance. The full Binance copyright notice, including -// terms governing use, modification, and redistribution, is contained in the -// file LICENSE at the root of the source code distribution tree. - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.30.0 -// protoc v4.25.1 -// source: protob/ecdsa-resharing.proto - -package resharing - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -// The Round 1 data is broadcast to peers of the New Committee in this message. -// Each old-committee party broadcasts the locally-derived SSID so the new -// committee can detect a corrupted old-committee party broadcasting an -// inconsistent SSID across new-committee members. -type DGRound1Message struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - EcdsaPubX []byte `protobuf:"bytes,1,opt,name=ecdsa_pub_x,json=ecdsaPubX,proto3" json:"ecdsa_pub_x,omitempty"` - EcdsaPubY []byte `protobuf:"bytes,2,opt,name=ecdsa_pub_y,json=ecdsaPubY,proto3" json:"ecdsa_pub_y,omitempty"` - VCommitment []byte `protobuf:"bytes,3,opt,name=v_commitment,json=vCommitment,proto3" json:"v_commitment,omitempty"` - Ssid []byte `protobuf:"bytes,4,opt,name=ssid,proto3" json:"ssid,omitempty"` -} - -func (x *DGRound1Message) Reset() { - *x = DGRound1Message{} - if protoimpl.UnsafeEnabled { - mi := &file_protob_ecdsa_resharing_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *DGRound1Message) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*DGRound1Message) ProtoMessage() {} - -func (x *DGRound1Message) ProtoReflect() protoreflect.Message { - mi := &file_protob_ecdsa_resharing_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use DGRound1Message.ProtoReflect.Descriptor instead. -func (*DGRound1Message) Descriptor() ([]byte, []int) { - return file_protob_ecdsa_resharing_proto_rawDescGZIP(), []int{0} -} - -func (x *DGRound1Message) GetEcdsaPubX() []byte { - if x != nil { - return x.EcdsaPubX - } - return nil -} - -func (x *DGRound1Message) GetEcdsaPubY() []byte { - if x != nil { - return x.EcdsaPubY - } - return nil -} - -func (x *DGRound1Message) GetVCommitment() []byte { - if x != nil { - return x.VCommitment - } - return nil -} - -func (x *DGRound1Message) GetSsid() []byte { - if x != nil { - return x.Ssid - } - return nil -} - -// The Round 2 data is broadcast to other peers of the New Committee in this message. -type DGRound2Message1 struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - PaillierN []byte `protobuf:"bytes,1,opt,name=paillier_n,json=paillierN,proto3" json:"paillier_n,omitempty"` - PaillierProof [][]byte `protobuf:"bytes,2,rep,name=paillier_proof,json=paillierProof,proto3" json:"paillier_proof,omitempty"` - NTilde []byte `protobuf:"bytes,3,opt,name=n_tilde,json=nTilde,proto3" json:"n_tilde,omitempty"` - H1 []byte `protobuf:"bytes,4,opt,name=h1,proto3" json:"h1,omitempty"` - H2 []byte `protobuf:"bytes,5,opt,name=h2,proto3" json:"h2,omitempty"` - Dlnproof_1 *DGRound2Message1_DLNProof `protobuf:"bytes,8,opt,name=dlnproof_1,json=dlnproof1,proto3" json:"dlnproof_1,omitempty"` - Dlnproof_2 *DGRound2Message1_DLNProof `protobuf:"bytes,9,opt,name=dlnproof_2,json=dlnproof2,proto3" json:"dlnproof_2,omitempty"` - Modproof *DGRound2Message1_ModProof `protobuf:"bytes,10,opt,name=modproof,proto3" json:"modproof,omitempty"` - ModproofTilde *DGRound2Message1_ModProof `protobuf:"bytes,11,opt,name=modproof_tilde,json=modproofTilde,proto3" json:"modproof_tilde,omitempty"` -} - -func (x *DGRound2Message1) Reset() { - *x = DGRound2Message1{} - if protoimpl.UnsafeEnabled { - mi := &file_protob_ecdsa_resharing_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *DGRound2Message1) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*DGRound2Message1) ProtoMessage() {} - -func (x *DGRound2Message1) ProtoReflect() protoreflect.Message { - mi := &file_protob_ecdsa_resharing_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use DGRound2Message1.ProtoReflect.Descriptor instead. -func (*DGRound2Message1) Descriptor() ([]byte, []int) { - return file_protob_ecdsa_resharing_proto_rawDescGZIP(), []int{1} -} - -func (x *DGRound2Message1) GetPaillierN() []byte { - if x != nil { - return x.PaillierN - } - return nil -} - -func (x *DGRound2Message1) GetPaillierProof() [][]byte { - if x != nil { - return x.PaillierProof - } - return nil -} - -func (x *DGRound2Message1) GetNTilde() []byte { - if x != nil { - return x.NTilde - } - return nil -} - -func (x *DGRound2Message1) GetH1() []byte { - if x != nil { - return x.H1 - } - return nil -} - -func (x *DGRound2Message1) GetH2() []byte { - if x != nil { - return x.H2 - } - return nil -} - -func (x *DGRound2Message1) GetDlnproof_1() *DGRound2Message1_DLNProof { - if x != nil { - return x.Dlnproof_1 - } - return nil -} - -func (x *DGRound2Message1) GetDlnproof_2() *DGRound2Message1_DLNProof { - if x != nil { - return x.Dlnproof_2 - } - return nil -} - -func (x *DGRound2Message1) GetModproof() *DGRound2Message1_ModProof { - if x != nil { - return x.Modproof - } - return nil -} - -func (x *DGRound2Message1) GetModproofTilde() *DGRound2Message1_ModProof { - if x != nil { - return x.ModproofTilde - } - return nil -} - -// The Round 2 "ACK" is broadcast to peers of the Old Committee in this message. -type DGRound2Message2 struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields -} - -func (x *DGRound2Message2) Reset() { - *x = DGRound2Message2{} - if protoimpl.UnsafeEnabled { - mi := &file_protob_ecdsa_resharing_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *DGRound2Message2) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*DGRound2Message2) ProtoMessage() {} - -func (x *DGRound2Message2) ProtoReflect() protoreflect.Message { - mi := &file_protob_ecdsa_resharing_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use DGRound2Message2.ProtoReflect.Descriptor instead. -func (*DGRound2Message2) Descriptor() ([]byte, []int) { - return file_protob_ecdsa_resharing_proto_rawDescGZIP(), []int{2} -} - -// The Round 3 data is sent to peers of the New Committee in this message. -type DGRound3Message1 struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Share []byte `protobuf:"bytes,1,opt,name=share,proto3" json:"share,omitempty"` -} - -func (x *DGRound3Message1) Reset() { - *x = DGRound3Message1{} - if protoimpl.UnsafeEnabled { - mi := &file_protob_ecdsa_resharing_proto_msgTypes[3] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *DGRound3Message1) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*DGRound3Message1) ProtoMessage() {} - -func (x *DGRound3Message1) ProtoReflect() protoreflect.Message { - mi := &file_protob_ecdsa_resharing_proto_msgTypes[3] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use DGRound3Message1.ProtoReflect.Descriptor instead. -func (*DGRound3Message1) Descriptor() ([]byte, []int) { - return file_protob_ecdsa_resharing_proto_rawDescGZIP(), []int{3} -} - -func (x *DGRound3Message1) GetShare() []byte { - if x != nil { - return x.Share - } - return nil -} - -// The Round 3 data is broadcast to peers of the New Committee in this message. -type DGRound3Message2 struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - VDecommitment [][]byte `protobuf:"bytes,1,rep,name=v_decommitment,json=vDecommitment,proto3" json:"v_decommitment,omitempty"` -} - -func (x *DGRound3Message2) Reset() { - *x = DGRound3Message2{} - if protoimpl.UnsafeEnabled { - mi := &file_protob_ecdsa_resharing_proto_msgTypes[4] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *DGRound3Message2) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*DGRound3Message2) ProtoMessage() {} - -func (x *DGRound3Message2) ProtoReflect() protoreflect.Message { - mi := &file_protob_ecdsa_resharing_proto_msgTypes[4] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use DGRound3Message2.ProtoReflect.Descriptor instead. -func (*DGRound3Message2) Descriptor() ([]byte, []int) { - return file_protob_ecdsa_resharing_proto_rawDescGZIP(), []int{4} -} - -func (x *DGRound3Message2) GetVDecommitment() [][]byte { - if x != nil { - return x.VDecommitment - } - return nil -} - -// The Round 4 data is sent to other peers of the New Committee in this message. -type DGRound4Message1 struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Facproof *DGRound4Message1_FactorProof `protobuf:"bytes,1,opt,name=facproof,proto3" json:"facproof,omitempty"` - FacproofTilde *DGRound4Message1_FactorProof `protobuf:"bytes,2,opt,name=facproof_tilde,json=facproofTilde,proto3" json:"facproof_tilde,omitempty"` -} - -func (x *DGRound4Message1) Reset() { - *x = DGRound4Message1{} - if protoimpl.UnsafeEnabled { - mi := &file_protob_ecdsa_resharing_proto_msgTypes[5] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *DGRound4Message1) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*DGRound4Message1) ProtoMessage() {} - -func (x *DGRound4Message1) ProtoReflect() protoreflect.Message { - mi := &file_protob_ecdsa_resharing_proto_msgTypes[5] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use DGRound4Message1.ProtoReflect.Descriptor instead. -func (*DGRound4Message1) Descriptor() ([]byte, []int) { - return file_protob_ecdsa_resharing_proto_rawDescGZIP(), []int{5} -} - -func (x *DGRound4Message1) GetFacproof() *DGRound4Message1_FactorProof { - if x != nil { - return x.Facproof - } - return nil -} - -func (x *DGRound4Message1) GetFacproofTilde() *DGRound4Message1_FactorProof { - if x != nil { - return x.FacproofTilde - } - return nil -} - -// The Round 4 "ACK" is broadcast to peers of the Old and New Committees from the New Committee in this message. -type DGRound4Message2 struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields -} - -func (x *DGRound4Message2) Reset() { - *x = DGRound4Message2{} - if protoimpl.UnsafeEnabled { - mi := &file_protob_ecdsa_resharing_proto_msgTypes[6] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *DGRound4Message2) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*DGRound4Message2) ProtoMessage() {} - -func (x *DGRound4Message2) ProtoReflect() protoreflect.Message { - mi := &file_protob_ecdsa_resharing_proto_msgTypes[6] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use DGRound4Message2.ProtoReflect.Descriptor instead. -func (*DGRound4Message2) Descriptor() ([]byte, []int) { - return file_protob_ecdsa_resharing_proto_rawDescGZIP(), []int{6} -} - -// The Round 5 "ACK" is broadcast to peers of the Old and New Committees from the New Committee in this message. -type DGRound5Message struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields -} - -func (x *DGRound5Message) Reset() { - *x = DGRound5Message{} - if protoimpl.UnsafeEnabled { - mi := &file_protob_ecdsa_resharing_proto_msgTypes[7] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *DGRound5Message) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*DGRound5Message) ProtoMessage() {} - -func (x *DGRound5Message) ProtoReflect() protoreflect.Message { - mi := &file_protob_ecdsa_resharing_proto_msgTypes[7] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use DGRound5Message.ProtoReflect.Descriptor instead. -func (*DGRound5Message) Descriptor() ([]byte, []int) { - return file_protob_ecdsa_resharing_proto_rawDescGZIP(), []int{7} -} - -type DGRound2Message1_DLNProof struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Alpha [][]byte `protobuf:"bytes,1,rep,name=alpha,proto3" json:"alpha,omitempty"` - T [][]byte `protobuf:"bytes,2,rep,name=t,proto3" json:"t,omitempty"` -} - -func (x *DGRound2Message1_DLNProof) Reset() { - *x = DGRound2Message1_DLNProof{} - if protoimpl.UnsafeEnabled { - mi := &file_protob_ecdsa_resharing_proto_msgTypes[8] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *DGRound2Message1_DLNProof) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*DGRound2Message1_DLNProof) ProtoMessage() {} - -func (x *DGRound2Message1_DLNProof) ProtoReflect() protoreflect.Message { - mi := &file_protob_ecdsa_resharing_proto_msgTypes[8] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use DGRound2Message1_DLNProof.ProtoReflect.Descriptor instead. -func (*DGRound2Message1_DLNProof) Descriptor() ([]byte, []int) { - return file_protob_ecdsa_resharing_proto_rawDescGZIP(), []int{1, 0} -} - -func (x *DGRound2Message1_DLNProof) GetAlpha() [][]byte { - if x != nil { - return x.Alpha - } - return nil -} - -func (x *DGRound2Message1_DLNProof) GetT() [][]byte { - if x != nil { - return x.T - } - return nil -} - -type DGRound2Message1_ModProof struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - W []byte `protobuf:"bytes,1,opt,name=w,proto3" json:"w,omitempty"` - X [][]byte `protobuf:"bytes,2,rep,name=x,proto3" json:"x,omitempty"` - A []bool `protobuf:"varint,3,rep,packed,name=a,proto3" json:"a,omitempty"` - B []bool `protobuf:"varint,4,rep,packed,name=b,proto3" json:"b,omitempty"` - Z [][]byte `protobuf:"bytes,5,rep,name=z,proto3" json:"z,omitempty"` -} - -func (x *DGRound2Message1_ModProof) Reset() { - *x = DGRound2Message1_ModProof{} - if protoimpl.UnsafeEnabled { - mi := &file_protob_ecdsa_resharing_proto_msgTypes[9] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *DGRound2Message1_ModProof) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*DGRound2Message1_ModProof) ProtoMessage() {} - -func (x *DGRound2Message1_ModProof) ProtoReflect() protoreflect.Message { - mi := &file_protob_ecdsa_resharing_proto_msgTypes[9] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use DGRound2Message1_ModProof.ProtoReflect.Descriptor instead. -func (*DGRound2Message1_ModProof) Descriptor() ([]byte, []int) { - return file_protob_ecdsa_resharing_proto_rawDescGZIP(), []int{1, 1} -} - -func (x *DGRound2Message1_ModProof) GetW() []byte { - if x != nil { - return x.W - } - return nil -} - -func (x *DGRound2Message1_ModProof) GetX() [][]byte { - if x != nil { - return x.X - } - return nil -} - -func (x *DGRound2Message1_ModProof) GetA() []bool { - if x != nil { - return x.A - } - return nil -} - -func (x *DGRound2Message1_ModProof) GetB() []bool { - if x != nil { - return x.B - } - return nil -} - -func (x *DGRound2Message1_ModProof) GetZ() [][]byte { - if x != nil { - return x.Z - } - return nil -} - -type DGRound4Message1_FactorProof struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - P []byte `protobuf:"bytes,1,opt,name=p,proto3" json:"p,omitempty"` - Q []byte `protobuf:"bytes,2,opt,name=q,proto3" json:"q,omitempty"` - A []byte `protobuf:"bytes,3,opt,name=a,proto3" json:"a,omitempty"` - B []byte `protobuf:"bytes,4,opt,name=b,proto3" json:"b,omitempty"` - T []byte `protobuf:"bytes,5,opt,name=t,proto3" json:"t,omitempty"` - Sigma []byte `protobuf:"bytes,6,opt,name=sigma,proto3" json:"sigma,omitempty"` - Z1 []byte `protobuf:"bytes,7,opt,name=z1,proto3" json:"z1,omitempty"` - Z2 []byte `protobuf:"bytes,8,opt,name=z2,proto3" json:"z2,omitempty"` - W1 []byte `protobuf:"bytes,9,opt,name=w1,proto3" json:"w1,omitempty"` - W2 []byte `protobuf:"bytes,10,opt,name=w2,proto3" json:"w2,omitempty"` - V []byte `protobuf:"bytes,11,opt,name=v,proto3" json:"v,omitempty"` -} - -func (x *DGRound4Message1_FactorProof) Reset() { - *x = DGRound4Message1_FactorProof{} - if protoimpl.UnsafeEnabled { - mi := &file_protob_ecdsa_resharing_proto_msgTypes[10] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *DGRound4Message1_FactorProof) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*DGRound4Message1_FactorProof) ProtoMessage() {} - -func (x *DGRound4Message1_FactorProof) ProtoReflect() protoreflect.Message { - mi := &file_protob_ecdsa_resharing_proto_msgTypes[10] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use DGRound4Message1_FactorProof.ProtoReflect.Descriptor instead. -func (*DGRound4Message1_FactorProof) Descriptor() ([]byte, []int) { - return file_protob_ecdsa_resharing_proto_rawDescGZIP(), []int{5, 0} -} - -func (x *DGRound4Message1_FactorProof) GetP() []byte { - if x != nil { - return x.P - } - return nil -} - -func (x *DGRound4Message1_FactorProof) GetQ() []byte { - if x != nil { - return x.Q - } - return nil -} - -func (x *DGRound4Message1_FactorProof) GetA() []byte { - if x != nil { - return x.A - } - return nil -} - -func (x *DGRound4Message1_FactorProof) GetB() []byte { - if x != nil { - return x.B - } - return nil -} - -func (x *DGRound4Message1_FactorProof) GetT() []byte { - if x != nil { - return x.T - } - return nil -} - -func (x *DGRound4Message1_FactorProof) GetSigma() []byte { - if x != nil { - return x.Sigma - } - return nil -} - -func (x *DGRound4Message1_FactorProof) GetZ1() []byte { - if x != nil { - return x.Z1 - } - return nil -} - -func (x *DGRound4Message1_FactorProof) GetZ2() []byte { - if x != nil { - return x.Z2 - } - return nil -} - -func (x *DGRound4Message1_FactorProof) GetW1() []byte { - if x != nil { - return x.W1 - } - return nil -} - -func (x *DGRound4Message1_FactorProof) GetW2() []byte { - if x != nil { - return x.W2 - } - return nil -} - -func (x *DGRound4Message1_FactorProof) GetV() []byte { - if x != nil { - return x.V - } - return nil -} - -var File_protob_ecdsa_resharing_proto protoreflect.FileDescriptor - -var file_protob_ecdsa_resharing_proto_rawDesc = []byte{ - 0x0a, 0x1c, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x2f, 0x65, 0x63, 0x64, 0x73, 0x61, 0x2d, 0x72, - 0x65, 0x73, 0x68, 0x61, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x1e, - 0x62, 0x69, 0x6e, 0x61, 0x6e, 0x63, 0x65, 0x2e, 0x74, 0x73, 0x73, 0x6c, 0x69, 0x62, 0x2e, 0x65, - 0x63, 0x64, 0x73, 0x61, 0x2e, 0x72, 0x65, 0x73, 0x68, 0x61, 0x72, 0x69, 0x6e, 0x67, 0x22, 0x88, - 0x01, 0x0a, 0x0f, 0x44, 0x47, 0x52, 0x6f, 0x75, 0x6e, 0x64, 0x31, 0x4d, 0x65, 0x73, 0x73, 0x61, - 0x67, 0x65, 0x12, 0x1e, 0x0a, 0x0b, 0x65, 0x63, 0x64, 0x73, 0x61, 0x5f, 0x70, 0x75, 0x62, 0x5f, - 0x78, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x09, 0x65, 0x63, 0x64, 0x73, 0x61, 0x50, 0x75, - 0x62, 0x58, 0x12, 0x1e, 0x0a, 0x0b, 0x65, 0x63, 0x64, 0x73, 0x61, 0x5f, 0x70, 0x75, 0x62, 0x5f, - 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x09, 0x65, 0x63, 0x64, 0x73, 0x61, 0x50, 0x75, - 0x62, 0x59, 0x12, 0x21, 0x0a, 0x0c, 0x76, 0x5f, 0x63, 0x6f, 0x6d, 0x6d, 0x69, 0x74, 0x6d, 0x65, - 0x6e, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0b, 0x76, 0x43, 0x6f, 0x6d, 0x6d, 0x69, - 0x74, 0x6d, 0x65, 0x6e, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x73, 0x73, 0x69, 0x64, 0x18, 0x04, 0x20, - 0x01, 0x28, 0x0c, 0x52, 0x04, 0x73, 0x73, 0x69, 0x64, 0x22, 0x8c, 0x05, 0x0a, 0x10, 0x44, 0x47, - 0x52, 0x6f, 0x75, 0x6e, 0x64, 0x32, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x31, 0x12, 0x1d, - 0x0a, 0x0a, 0x70, 0x61, 0x69, 0x6c, 0x6c, 0x69, 0x65, 0x72, 0x5f, 0x6e, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x0c, 0x52, 0x09, 0x70, 0x61, 0x69, 0x6c, 0x6c, 0x69, 0x65, 0x72, 0x4e, 0x12, 0x25, 0x0a, - 0x0e, 0x70, 0x61, 0x69, 0x6c, 0x6c, 0x69, 0x65, 0x72, 0x5f, 0x70, 0x72, 0x6f, 0x6f, 0x66, 0x18, - 0x02, 0x20, 0x03, 0x28, 0x0c, 0x52, 0x0d, 0x70, 0x61, 0x69, 0x6c, 0x6c, 0x69, 0x65, 0x72, 0x50, - 0x72, 0x6f, 0x6f, 0x66, 0x12, 0x17, 0x0a, 0x07, 0x6e, 0x5f, 0x74, 0x69, 0x6c, 0x64, 0x65, 0x18, - 0x03, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x06, 0x6e, 0x54, 0x69, 0x6c, 0x64, 0x65, 0x12, 0x0e, 0x0a, - 0x02, 0x68, 0x31, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x02, 0x68, 0x31, 0x12, 0x0e, 0x0a, - 0x02, 0x68, 0x32, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x02, 0x68, 0x32, 0x12, 0x58, 0x0a, - 0x0a, 0x64, 0x6c, 0x6e, 0x70, 0x72, 0x6f, 0x6f, 0x66, 0x5f, 0x31, 0x18, 0x08, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x39, 0x2e, 0x62, 0x69, 0x6e, 0x61, 0x6e, 0x63, 0x65, 0x2e, 0x74, 0x73, 0x73, 0x6c, - 0x69, 0x62, 0x2e, 0x65, 0x63, 0x64, 0x73, 0x61, 0x2e, 0x72, 0x65, 0x73, 0x68, 0x61, 0x72, 0x69, - 0x6e, 0x67, 0x2e, 0x44, 0x47, 0x52, 0x6f, 0x75, 0x6e, 0x64, 0x32, 0x4d, 0x65, 0x73, 0x73, 0x61, - 0x67, 0x65, 0x31, 0x2e, 0x44, 0x4c, 0x4e, 0x50, 0x72, 0x6f, 0x6f, 0x66, 0x52, 0x09, 0x64, 0x6c, - 0x6e, 0x70, 0x72, 0x6f, 0x6f, 0x66, 0x31, 0x12, 0x58, 0x0a, 0x0a, 0x64, 0x6c, 0x6e, 0x70, 0x72, - 0x6f, 0x6f, 0x66, 0x5f, 0x32, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x39, 0x2e, 0x62, 0x69, - 0x6e, 0x61, 0x6e, 0x63, 0x65, 0x2e, 0x74, 0x73, 0x73, 0x6c, 0x69, 0x62, 0x2e, 0x65, 0x63, 0x64, - 0x73, 0x61, 0x2e, 0x72, 0x65, 0x73, 0x68, 0x61, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x44, 0x47, 0x52, - 0x6f, 0x75, 0x6e, 0x64, 0x32, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x31, 0x2e, 0x44, 0x4c, - 0x4e, 0x50, 0x72, 0x6f, 0x6f, 0x66, 0x52, 0x09, 0x64, 0x6c, 0x6e, 0x70, 0x72, 0x6f, 0x6f, 0x66, - 0x32, 0x12, 0x55, 0x0a, 0x08, 0x6d, 0x6f, 0x64, 0x70, 0x72, 0x6f, 0x6f, 0x66, 0x18, 0x0a, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x39, 0x2e, 0x62, 0x69, 0x6e, 0x61, 0x6e, 0x63, 0x65, 0x2e, 0x74, 0x73, - 0x73, 0x6c, 0x69, 0x62, 0x2e, 0x65, 0x63, 0x64, 0x73, 0x61, 0x2e, 0x72, 0x65, 0x73, 0x68, 0x61, - 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x44, 0x47, 0x52, 0x6f, 0x75, 0x6e, 0x64, 0x32, 0x4d, 0x65, 0x73, - 0x73, 0x61, 0x67, 0x65, 0x31, 0x2e, 0x4d, 0x6f, 0x64, 0x50, 0x72, 0x6f, 0x6f, 0x66, 0x52, 0x08, - 0x6d, 0x6f, 0x64, 0x70, 0x72, 0x6f, 0x6f, 0x66, 0x12, 0x60, 0x0a, 0x0e, 0x6d, 0x6f, 0x64, 0x70, - 0x72, 0x6f, 0x6f, 0x66, 0x5f, 0x74, 0x69, 0x6c, 0x64, 0x65, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x39, 0x2e, 0x62, 0x69, 0x6e, 0x61, 0x6e, 0x63, 0x65, 0x2e, 0x74, 0x73, 0x73, 0x6c, 0x69, - 0x62, 0x2e, 0x65, 0x63, 0x64, 0x73, 0x61, 0x2e, 0x72, 0x65, 0x73, 0x68, 0x61, 0x72, 0x69, 0x6e, - 0x67, 0x2e, 0x44, 0x47, 0x52, 0x6f, 0x75, 0x6e, 0x64, 0x32, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, - 0x65, 0x31, 0x2e, 0x4d, 0x6f, 0x64, 0x50, 0x72, 0x6f, 0x6f, 0x66, 0x52, 0x0d, 0x6d, 0x6f, 0x64, - 0x70, 0x72, 0x6f, 0x6f, 0x66, 0x54, 0x69, 0x6c, 0x64, 0x65, 0x1a, 0x2e, 0x0a, 0x08, 0x44, 0x4c, - 0x4e, 0x50, 0x72, 0x6f, 0x6f, 0x66, 0x12, 0x14, 0x0a, 0x05, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x18, - 0x01, 0x20, 0x03, 0x28, 0x0c, 0x52, 0x05, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x12, 0x0c, 0x0a, 0x01, - 0x74, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0c, 0x52, 0x01, 0x74, 0x1a, 0x50, 0x0a, 0x08, 0x4d, 0x6f, - 0x64, 0x50, 0x72, 0x6f, 0x6f, 0x66, 0x12, 0x0c, 0x0a, 0x01, 0x77, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x0c, 0x52, 0x01, 0x77, 0x12, 0x0c, 0x0a, 0x01, 0x78, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0c, 0x52, - 0x01, 0x78, 0x12, 0x0c, 0x0a, 0x01, 0x61, 0x18, 0x03, 0x20, 0x03, 0x28, 0x08, 0x52, 0x01, 0x61, - 0x12, 0x0c, 0x0a, 0x01, 0x62, 0x18, 0x04, 0x20, 0x03, 0x28, 0x08, 0x52, 0x01, 0x62, 0x12, 0x0c, - 0x0a, 0x01, 0x7a, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0c, 0x52, 0x01, 0x7a, 0x4a, 0x04, 0x08, 0x06, - 0x10, 0x07, 0x4a, 0x04, 0x08, 0x07, 0x10, 0x08, 0x22, 0x12, 0x0a, 0x10, 0x44, 0x47, 0x52, 0x6f, - 0x75, 0x6e, 0x64, 0x32, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x32, 0x22, 0x28, 0x0a, 0x10, - 0x44, 0x47, 0x52, 0x6f, 0x75, 0x6e, 0x64, 0x33, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x31, - 0x12, 0x14, 0x0a, 0x05, 0x73, 0x68, 0x61, 0x72, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, - 0x05, 0x73, 0x68, 0x61, 0x72, 0x65, 0x22, 0x39, 0x0a, 0x10, 0x44, 0x47, 0x52, 0x6f, 0x75, 0x6e, - 0x64, 0x33, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x32, 0x12, 0x25, 0x0a, 0x0e, 0x76, 0x5f, - 0x64, 0x65, 0x63, 0x6f, 0x6d, 0x6d, 0x69, 0x74, 0x6d, 0x65, 0x6e, 0x74, 0x18, 0x01, 0x20, 0x03, - 0x28, 0x0c, 0x52, 0x0d, 0x76, 0x44, 0x65, 0x63, 0x6f, 0x6d, 0x6d, 0x69, 0x74, 0x6d, 0x65, 0x6e, - 0x74, 0x22, 0x8b, 0x03, 0x0a, 0x10, 0x44, 0x47, 0x52, 0x6f, 0x75, 0x6e, 0x64, 0x34, 0x4d, 0x65, - 0x73, 0x73, 0x61, 0x67, 0x65, 0x31, 0x12, 0x58, 0x0a, 0x08, 0x66, 0x61, 0x63, 0x70, 0x72, 0x6f, - 0x6f, 0x66, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3c, 0x2e, 0x62, 0x69, 0x6e, 0x61, 0x6e, - 0x63, 0x65, 0x2e, 0x74, 0x73, 0x73, 0x6c, 0x69, 0x62, 0x2e, 0x65, 0x63, 0x64, 0x73, 0x61, 0x2e, - 0x72, 0x65, 0x73, 0x68, 0x61, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x44, 0x47, 0x52, 0x6f, 0x75, 0x6e, - 0x64, 0x34, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x31, 0x2e, 0x46, 0x61, 0x63, 0x74, 0x6f, - 0x72, 0x50, 0x72, 0x6f, 0x6f, 0x66, 0x52, 0x08, 0x66, 0x61, 0x63, 0x70, 0x72, 0x6f, 0x6f, 0x66, - 0x12, 0x63, 0x0a, 0x0e, 0x66, 0x61, 0x63, 0x70, 0x72, 0x6f, 0x6f, 0x66, 0x5f, 0x74, 0x69, 0x6c, - 0x64, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3c, 0x2e, 0x62, 0x69, 0x6e, 0x61, 0x6e, - 0x63, 0x65, 0x2e, 0x74, 0x73, 0x73, 0x6c, 0x69, 0x62, 0x2e, 0x65, 0x63, 0x64, 0x73, 0x61, 0x2e, - 0x72, 0x65, 0x73, 0x68, 0x61, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x44, 0x47, 0x52, 0x6f, 0x75, 0x6e, - 0x64, 0x34, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x31, 0x2e, 0x46, 0x61, 0x63, 0x74, 0x6f, - 0x72, 0x50, 0x72, 0x6f, 0x6f, 0x66, 0x52, 0x0d, 0x66, 0x61, 0x63, 0x70, 0x72, 0x6f, 0x6f, 0x66, - 0x54, 0x69, 0x6c, 0x64, 0x65, 0x1a, 0xb7, 0x01, 0x0a, 0x0b, 0x46, 0x61, 0x63, 0x74, 0x6f, 0x72, - 0x50, 0x72, 0x6f, 0x6f, 0x66, 0x12, 0x0c, 0x0a, 0x01, 0x70, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, - 0x52, 0x01, 0x70, 0x12, 0x0c, 0x0a, 0x01, 0x71, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x01, - 0x71, 0x12, 0x0c, 0x0a, 0x01, 0x61, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x01, 0x61, 0x12, - 0x0c, 0x0a, 0x01, 0x62, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x01, 0x62, 0x12, 0x0c, 0x0a, - 0x01, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x01, 0x74, 0x12, 0x14, 0x0a, 0x05, 0x73, - 0x69, 0x67, 0x6d, 0x61, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x05, 0x73, 0x69, 0x67, 0x6d, - 0x61, 0x12, 0x0e, 0x0a, 0x02, 0x7a, 0x31, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x02, 0x7a, - 0x31, 0x12, 0x0e, 0x0a, 0x02, 0x7a, 0x32, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x02, 0x7a, - 0x32, 0x12, 0x0e, 0x0a, 0x02, 0x77, 0x31, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x02, 0x77, - 0x31, 0x12, 0x0e, 0x0a, 0x02, 0x77, 0x32, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x02, 0x77, - 0x32, 0x12, 0x0c, 0x0a, 0x01, 0x76, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x01, 0x76, 0x22, - 0x12, 0x0a, 0x10, 0x44, 0x47, 0x52, 0x6f, 0x75, 0x6e, 0x64, 0x34, 0x4d, 0x65, 0x73, 0x73, 0x61, - 0x67, 0x65, 0x32, 0x22, 0x11, 0x0a, 0x0f, 0x44, 0x47, 0x52, 0x6f, 0x75, 0x6e, 0x64, 0x35, 0x4d, - 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x42, 0x11, 0x5a, 0x0f, 0x65, 0x63, 0x64, 0x73, 0x61, 0x2f, - 0x72, 0x65, 0x73, 0x68, 0x61, 0x72, 0x69, 0x6e, 0x67, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x33, -} - -var ( - file_protob_ecdsa_resharing_proto_rawDescOnce sync.Once - file_protob_ecdsa_resharing_proto_rawDescData = file_protob_ecdsa_resharing_proto_rawDesc -) - -func file_protob_ecdsa_resharing_proto_rawDescGZIP() []byte { - file_protob_ecdsa_resharing_proto_rawDescOnce.Do(func() { - file_protob_ecdsa_resharing_proto_rawDescData = protoimpl.X.CompressGZIP(file_protob_ecdsa_resharing_proto_rawDescData) - }) - return file_protob_ecdsa_resharing_proto_rawDescData -} - -var file_protob_ecdsa_resharing_proto_msgTypes = make([]protoimpl.MessageInfo, 11) -var file_protob_ecdsa_resharing_proto_goTypes = []interface{}{ - (*DGRound1Message)(nil), // 0: binance.tsslib.ecdsa.resharing.DGRound1Message - (*DGRound2Message1)(nil), // 1: binance.tsslib.ecdsa.resharing.DGRound2Message1 - (*DGRound2Message2)(nil), // 2: binance.tsslib.ecdsa.resharing.DGRound2Message2 - (*DGRound3Message1)(nil), // 3: binance.tsslib.ecdsa.resharing.DGRound3Message1 - (*DGRound3Message2)(nil), // 4: binance.tsslib.ecdsa.resharing.DGRound3Message2 - (*DGRound4Message1)(nil), // 5: binance.tsslib.ecdsa.resharing.DGRound4Message1 - (*DGRound4Message2)(nil), // 6: binance.tsslib.ecdsa.resharing.DGRound4Message2 - (*DGRound5Message)(nil), // 7: binance.tsslib.ecdsa.resharing.DGRound5Message - (*DGRound2Message1_DLNProof)(nil), // 8: binance.tsslib.ecdsa.resharing.DGRound2Message1.DLNProof - (*DGRound2Message1_ModProof)(nil), // 9: binance.tsslib.ecdsa.resharing.DGRound2Message1.ModProof - (*DGRound4Message1_FactorProof)(nil), // 10: binance.tsslib.ecdsa.resharing.DGRound4Message1.FactorProof -} -var file_protob_ecdsa_resharing_proto_depIdxs = []int32{ - 8, // 0: binance.tsslib.ecdsa.resharing.DGRound2Message1.dlnproof_1:type_name -> binance.tsslib.ecdsa.resharing.DGRound2Message1.DLNProof - 8, // 1: binance.tsslib.ecdsa.resharing.DGRound2Message1.dlnproof_2:type_name -> binance.tsslib.ecdsa.resharing.DGRound2Message1.DLNProof - 9, // 2: binance.tsslib.ecdsa.resharing.DGRound2Message1.modproof:type_name -> binance.tsslib.ecdsa.resharing.DGRound2Message1.ModProof - 9, // 3: binance.tsslib.ecdsa.resharing.DGRound2Message1.modproof_tilde:type_name -> binance.tsslib.ecdsa.resharing.DGRound2Message1.ModProof - 10, // 4: binance.tsslib.ecdsa.resharing.DGRound4Message1.facproof:type_name -> binance.tsslib.ecdsa.resharing.DGRound4Message1.FactorProof - 10, // 5: binance.tsslib.ecdsa.resharing.DGRound4Message1.facproof_tilde:type_name -> binance.tsslib.ecdsa.resharing.DGRound4Message1.FactorProof - 6, // [6:6] is the sub-list for method output_type - 6, // [6:6] is the sub-list for method input_type - 6, // [6:6] is the sub-list for extension type_name - 6, // [6:6] is the sub-list for extension extendee - 0, // [0:6] is the sub-list for field type_name -} - -func init() { file_protob_ecdsa_resharing_proto_init() } -func file_protob_ecdsa_resharing_proto_init() { - if File_protob_ecdsa_resharing_proto != nil { - return - } - if !protoimpl.UnsafeEnabled { - file_protob_ecdsa_resharing_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*DGRound1Message); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_protob_ecdsa_resharing_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*DGRound2Message1); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_protob_ecdsa_resharing_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*DGRound2Message2); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_protob_ecdsa_resharing_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*DGRound3Message1); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_protob_ecdsa_resharing_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*DGRound3Message2); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_protob_ecdsa_resharing_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*DGRound4Message1); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_protob_ecdsa_resharing_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*DGRound4Message2); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_protob_ecdsa_resharing_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*DGRound5Message); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_protob_ecdsa_resharing_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*DGRound2Message1_DLNProof); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_protob_ecdsa_resharing_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*DGRound2Message1_ModProof); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_protob_ecdsa_resharing_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*DGRound4Message1_FactorProof); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_protob_ecdsa_resharing_proto_rawDesc, - NumEnums: 0, - NumMessages: 11, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_protob_ecdsa_resharing_proto_goTypes, - DependencyIndexes: file_protob_ecdsa_resharing_proto_depIdxs, - MessageInfos: file_protob_ecdsa_resharing_proto_msgTypes, - }.Build() - File_protob_ecdsa_resharing_proto = out.File - file_protob_ecdsa_resharing_proto_rawDesc = nil - file_protob_ecdsa_resharing_proto_goTypes = nil - file_protob_ecdsa_resharing_proto_depIdxs = nil -} diff --git a/ecdsa/resharing/local_party.go b/ecdsa/resharing/local_party.go deleted file mode 100644 index 4cb735edc..000000000 --- a/ecdsa/resharing/local_party.go +++ /dev/null @@ -1,187 +0,0 @@ -// Copyright © 2019 Binance -// -// This file is part of Binance. The full Binance copyright notice, including -// terms governing use, modification, and redistribution, is contained in the -// file LICENSE at the root of the source code distribution tree. - -package resharing - -import ( - "fmt" - "math/big" - - "github.com/bnb-chain/tss-lib/common" - "github.com/bnb-chain/tss-lib/crypto" - cmt "github.com/bnb-chain/tss-lib/crypto/commitments" - "github.com/bnb-chain/tss-lib/crypto/paillier" - "github.com/bnb-chain/tss-lib/crypto/vss" - "github.com/bnb-chain/tss-lib/ecdsa/keygen" - "github.com/bnb-chain/tss-lib/tss" -) - -// Implements Party -// Implements Stringer -var _ tss.Party = (*LocalParty)(nil) -var _ fmt.Stringer = (*LocalParty)(nil) - -type ( - LocalParty struct { - *tss.BaseParty - params *tss.ReSharingParameters - - temp localTempData - input, save keygen.LocalPartySaveData - - // outbound messaging - out chan<- tss.Message - end chan<- keygen.LocalPartySaveData - } - - localMessageStore struct { - dgRound1Messages, - dgRound2Message1s, - dgRound2Message2s, - dgRound3Message1s, - dgRound3Message2s, - dgRound4Message1s, - dgRound4Message2s, - dgRound5Messages []tss.ParsedMessage - } - - localTempData struct { - localMessageStore - - // temp data (thrown away after rounds) - NewVs vss.Vs - NewShares vss.Shares - VD cmt.HashDeCommitment - skTilde *paillier.PrivateKey - - // temporary storage of data that is persisted by the new party in round 5 if all "ACK" messages are received - newXi *big.Int - newKs []*big.Int - newBigXjs []*crypto.ECPoint // Xj to save in round 5 - ssid []byte - ssidNonce *big.Int - } -) - -// Exported, used in `tss` client -// The `key` is read from and/or written to depending on whether this party is part of the old or the new committee. -// You may optionally generate and set the LocalPreParams if you would like to use pre-generated safe primes and Paillier secret. -// (This is similar to providing the `optionalPreParams` to `keygen.LocalParty`). -func NewLocalParty( - params *tss.ReSharingParameters, - key keygen.LocalPartySaveData, - out chan<- tss.Message, - end chan<- keygen.LocalPartySaveData, -) tss.Party { - oldPartyCount := len(params.OldParties().IDs()) - subset := key - if params.IsOldCommittee() { - subset = keygen.BuildLocalSaveDataSubset(key, params.OldParties().IDs()) - } - p := &LocalParty{ - BaseParty: new(tss.BaseParty), - params: params, - temp: localTempData{}, - input: subset, - save: keygen.NewLocalPartySaveData(params.NewPartyCount()), - out: out, - end: end, - } - // msgs init - p.temp.dgRound1Messages = make([]tss.ParsedMessage, oldPartyCount) // from t+1 of Old Committee - p.temp.dgRound2Message1s = make([]tss.ParsedMessage, params.NewPartyCount()) // from n of New Committee - p.temp.dgRound2Message2s = make([]tss.ParsedMessage, params.NewPartyCount()) // " - p.temp.dgRound3Message1s = make([]tss.ParsedMessage, oldPartyCount) // from t+1 of Old Committee - p.temp.dgRound3Message2s = make([]tss.ParsedMessage, oldPartyCount) // " - p.temp.dgRound4Message1s = make([]tss.ParsedMessage, params.NewPartyCount()) // from n of New Committee - p.temp.dgRound4Message2s = make([]tss.ParsedMessage, params.NewPartyCount()) // " - p.temp.dgRound5Messages = make([]tss.ParsedMessage, params.NewPartyCount()) // " - // save data init - if key.LocalPreParams.ValidateWithProof() { - p.save.LocalPreParams = key.LocalPreParams - } - return p -} - -func (p *LocalParty) FirstRound() tss.Round { - return newRound1(p.params, &p.input, &p.save, &p.temp, p.out, p.end) -} - -func (p *LocalParty) Start() *tss.Error { - return tss.BaseStart(p, TaskName) -} - -func (p *LocalParty) Update(msg tss.ParsedMessage) (ok bool, err *tss.Error) { - return tss.BaseUpdate(p, msg, TaskName) -} - -func (p *LocalParty) UpdateFromBytes(wireBytes []byte, from *tss.PartyID, isBroadcast bool) (bool, *tss.Error) { - msg, err := tss.ParseWireMessage(wireBytes, from, isBroadcast) - if err != nil { - return false, p.WrapError(err) - } - return p.Update(msg) -} - -func (p *LocalParty) ValidateMessage(msg tss.ParsedMessage) (bool, *tss.Error) { - if ok, err := p.BaseParty.ValidateMessage(msg); !ok || err != nil { - return ok, err - } - // check that the message's "from index" will fit into the array - var maxFromIdx int - switch msg.Content().(type) { - case *DGRound2Message1, *DGRound2Message2, *DGRound4Message1, *DGRound4Message2, *DGRound5Message: - maxFromIdx = len(p.params.NewParties().IDs()) - 1 - default: - maxFromIdx = len(p.params.OldParties().IDs()) - 1 - } - if maxFromIdx < msg.GetFrom().Index { - return false, p.WrapError(fmt.Errorf("received msg with a sender index too great (%d <= %d)", - maxFromIdx, msg.GetFrom().Index), msg.GetFrom()) - } - return true, nil -} - -func (p *LocalParty) StoreMessage(msg tss.ParsedMessage) (bool, *tss.Error) { - // ValidateBasic is cheap; double-check the message here in case the public StoreMessage was called externally - if ok, err := p.ValidateMessage(msg); !ok || err != nil { - return ok, err - } - fromPIdx := msg.GetFrom().Index - - // switch/case is necessary to store any messages beyond current round - // this does not handle message replays. we expect the caller to apply replay and spoofing protection. - switch msg.Content().(type) { - case *DGRound1Message: - p.temp.dgRound1Messages[fromPIdx] = msg - case *DGRound2Message1: - p.temp.dgRound2Message1s[fromPIdx] = msg - case *DGRound2Message2: - p.temp.dgRound2Message2s[fromPIdx] = msg - case *DGRound3Message1: - p.temp.dgRound3Message1s[fromPIdx] = msg - case *DGRound3Message2: - p.temp.dgRound3Message2s[fromPIdx] = msg - case *DGRound4Message1: - p.temp.dgRound4Message1s[fromPIdx] = msg - case *DGRound4Message2: - p.temp.dgRound4Message2s[fromPIdx] = msg - case *DGRound5Message: - p.temp.dgRound5Messages[fromPIdx] = msg - default: // unrecognised message, just ignore! - common.Logger.Warningf("unrecognised message ignored: %v", msg) - return false, nil - } - return true, nil -} - -func (p *LocalParty) PartyID() *tss.PartyID { - return p.params.PartyID() -} - -func (p *LocalParty) String() string { - return fmt.Sprintf("id: %s, %s", p.PartyID(), p.BaseParty.String()) -} diff --git a/ecdsa/resharing/local_party_test.go b/ecdsa/resharing/local_party_test.go deleted file mode 100644 index a1981e431..000000000 --- a/ecdsa/resharing/local_party_test.go +++ /dev/null @@ -1,299 +0,0 @@ -// Copyright © 2019 Binance -// -// This file is part of Binance. The full Binance copyright notice, including -// terms governing use, modification, and redistribution, is contained in the -// file LICENSE at the root of the source code distribution tree. - -package resharing_test - -import ( - "crypto/ecdsa" - "fmt" - "math/big" - "reflect" - "runtime" - "strings" - "sync/atomic" - "testing" - - "github.com/ipfs/go-log" - "github.com/stretchr/testify/assert" - - "github.com/bnb-chain/tss-lib/common" - "github.com/bnb-chain/tss-lib/crypto" - "github.com/bnb-chain/tss-lib/ecdsa/keygen" - . "github.com/bnb-chain/tss-lib/ecdsa/resharing" - "github.com/bnb-chain/tss-lib/ecdsa/signing" - "github.com/bnb-chain/tss-lib/test" - "github.com/bnb-chain/tss-lib/tss" -) - -const ( - testParticipants = test.TestParticipants - testThreshold = test.TestThreshold -) - -func setUp(level string) { - if err := log.SetLogLevel("tss-lib", level); err != nil { - panic(err) - } -} - -// TestResharing_Start_RequiresSessionNonce pins that resharing fails closed -// when no SessionNonce is set. Previously, round 1 fell back to a zero -// nonce, neutralising the SSID binding for any caller that forgot -// SetSessionNonce — two resharing ceremonies over identical committees -// would derive the same SSID, breaking session binding (and the new -// wire-format SSID broadcast check loses its meaning when the SSIDs -// collapse to a single canonical zero-nonced value across all ceremonies). -func TestResharing_Start_RequiresSessionNonce(t *testing.T) { - setUp("info") - oldKeys, oldPIDs, err := keygen.LoadKeygenTestFixtures(testThreshold + 1) - assert.NoError(t, err, "should load keygen fixtures") - - oldP2PCtx := tss.NewPeerContext(oldPIDs) - newPIDs := tss.GenerateTestPartyIDs(testParticipants) - newP2PCtx := tss.NewPeerContext(newPIDs) - - out := make(chan tss.Message, 8) - end := make(chan keygen.LocalPartySaveData, 8) - - // Old-committee party 0, no SetSessionNonce. - params := tss.NewReSharingParameters(tss.S256(), oldP2PCtx, newP2PCtx, oldPIDs[0], testParticipants, testThreshold, len(newPIDs), testThreshold) - - P := NewLocalParty(params, oldKeys[0], out, end).(*LocalParty) - tssErr := P.Start() - if tssErr == nil { - t.Fatal("Start must return an error without SessionNonce") - } - if !strings.Contains(tssErr.Error(), "SetSessionNonce") { - t.Fatalf("error must reference SetSessionNonce, got: %v", tssErr) - } -} - -func TestE2EConcurrent(t *testing.T) { - setUp("info") - - // tss.SetCurve(elliptic.P256()) - - threshold, newThreshold := testThreshold, testThreshold - - // PHASE: load keygen fixtures - firstPartyIdx, extraParties := 5, 1 // extra can be 0 to N-first - oldKeys, oldPIDs, err := keygen.LoadKeygenTestFixtures(testThreshold+1+extraParties+firstPartyIdx, firstPartyIdx) - assert.NoError(t, err, "should load keygen fixtures") - - // PHASE: resharing - oldP2PCtx := tss.NewPeerContext(oldPIDs) - // init the new parties; re-use the fixture pre-params for speed - fixtures, _, err := keygen.LoadKeygenTestFixtures(testParticipants) - if err != nil { - common.Logger.Info("No test fixtures were found, so the safe primes will be generated from scratch. This may take a while...") - } - newPIDs := tss.GenerateTestPartyIDs(testParticipants) - newP2PCtx := tss.NewPeerContext(newPIDs) - newPCount := len(newPIDs) - - oldCommittee := make([]*LocalParty, 0, len(oldPIDs)) - newCommittee := make([]*LocalParty, 0, newPCount) - bothCommitteesPax := len(oldCommittee) + len(newCommittee) - - errCh := make(chan *tss.Error, bothCommitteesPax) - outCh := make(chan tss.Message, bothCommitteesPax) - endCh := make(chan keygen.LocalPartySaveData, bothCommitteesPax) - - updater := test.SharedPartyUpdater - - // init the old parties first - resharingCeremonyNonce := big.NewInt(7) - for j, pID := range oldPIDs { - params := tss.NewReSharingParameters(tss.S256(), oldP2PCtx, newP2PCtx, pID, testParticipants, threshold, newPCount, newThreshold) - params.SetSessionNonce(resharingCeremonyNonce) - P := NewLocalParty(params, oldKeys[j], outCh, endCh).(*LocalParty) // discard old key data - oldCommittee = append(oldCommittee, P) - } - // init the new parties - for j, pID := range newPIDs { - params := tss.NewReSharingParameters(tss.S256(), oldP2PCtx, newP2PCtx, pID, testParticipants, threshold, newPCount, newThreshold) - params.SetSessionNonce(resharingCeremonyNonce) - save := keygen.NewLocalPartySaveData(newPCount) - if j < len(fixtures) && len(newPIDs) <= len(fixtures) { - save.LocalPreParams = fixtures[j].LocalPreParams - } - P := NewLocalParty(params, save, outCh, endCh).(*LocalParty) - newCommittee = append(newCommittee, P) - } - - // start the new parties; they will wait for messages - for _, P := range newCommittee { - go func(P *LocalParty) { - if err := P.Start(); err != nil { - errCh <- err - } - }(P) - } - // start the old parties; they will send messages - for _, P := range oldCommittee { - go func(P *LocalParty) { - if err := P.Start(); err != nil { - errCh <- err - } - }(P) - } - - newKeys := make([]keygen.LocalPartySaveData, len(newCommittee)) - endedOldCommittee := 0 - var reSharingEnded int32 - for { - fmt.Printf("ACTIVE GOROUTINES: %d\n", runtime.NumGoroutine()) - select { - case err := <-errCh: - common.Logger.Errorf("Error: %s", err) - assert.FailNow(t, err.Error()) - return - - case msg := <-outCh: - dest := msg.GetTo() - if dest == nil { - t.Fatal("did not expect a msg to have a nil destination during resharing") - } - if msg.IsToOldCommittee() || msg.IsToOldAndNewCommittees() { - for _, destP := range dest[:len(oldCommittee)] { - go updater(oldCommittee[destP.Index], msg, errCh) - } - } - if !msg.IsToOldCommittee() || msg.IsToOldAndNewCommittees() { - for _, destP := range dest { - go updater(newCommittee[destP.Index], msg, errCh) - } - } - - case save := <-endCh: - // old committee members that aren't receiving a share have their Xi zeroed - if save.Xi != nil { - index, err := save.OriginalIndex() - assert.NoErrorf(t, err, "should not be an error getting a party's index from save data") - newKeys[index] = save - } else { - endedOldCommittee++ - } - atomic.AddInt32(&reSharingEnded, 1) - if atomic.LoadInt32(&reSharingEnded) == int32(len(oldCommittee)+len(newCommittee)) { - assert.Equal(t, len(oldCommittee), endedOldCommittee) - t.Logf("Resharing done. Reshared %d participants", reSharingEnded) - - // xj tests: BigXj == xj*G - for j, key := range newKeys { - // xj test: BigXj == xj*G - xj := key.Xi - gXj := crypto.ScalarBaseMult(tss.S256(), xj) - BigXj := key.BigXj[j] - assert.True(t, BigXj.Equals(gXj), "ensure BigX_j == g^x_j") - } - - // more verification of signing is implemented within local_party_test.go of keygen package - goto signing - } - } - } - -signing: - // PHASE: signing - signKeys, signPIDs := newKeys, newPIDs - signP2pCtx := tss.NewPeerContext(signPIDs) - signParties := make([]*signing.LocalParty, 0, len(signPIDs)) - - signErrCh := make(chan *tss.Error, len(signPIDs)) - signOutCh := make(chan tss.Message, len(signPIDs)) - signEndCh := make(chan common.SignatureData, len(signPIDs)) - signResultCh := make(chan signatureDataParts, len(signPIDs)) - go func() { - for i := 0; i < len(signPIDs); i++ { - signResultCh <- recvSignatureDataParts(signEndCh) - } - }() - - signCeremonyNonce := big.NewInt(1) - for j, signPID := range signPIDs { - params := tss.NewParameters(tss.S256(), signP2pCtx, signPID, len(signPIDs), newThreshold) - params.SetSessionNonce(signCeremonyNonce) - P := signing.NewLocalParty(big.NewInt(42), params, signKeys[j], signOutCh, signEndCh, 32).(*signing.LocalParty) - signParties = append(signParties, P) - go func(P *signing.LocalParty) { - if err := P.Start(); err != nil { - signErrCh <- err - } - }(P) - } - - var signEnded int32 - for { - fmt.Printf("ACTIVE GOROUTINES: %d\n", runtime.NumGoroutine()) - select { - case err := <-signErrCh: - common.Logger.Errorf("Error: %s", err) - assert.FailNow(t, err.Error()) - return - - case msg := <-signOutCh: - dest := msg.GetTo() - if dest == nil { - for _, P := range signParties { - if P.PartyID().Index == msg.GetFrom().Index { - continue - } - go updater(P, msg, signErrCh) - } - } else { - if dest[0].Index == msg.GetFrom().Index { - t.Fatalf("party %d tried to send a message to itself (%d)", dest[0].Index, msg.GetFrom().Index) - } - go updater(signParties[dest[0].Index], msg, signErrCh) - } - - case signData := <-signResultCh: - atomic.AddInt32(&signEnded, 1) - if atomic.LoadInt32(&signEnded) == int32(len(signPIDs)) { - t.Logf("Signing done. Received sign data from %d participants", signEnded) - - // BEGIN ECDSA verify - pkX, pkY := signKeys[0].ECDSAPub.X(), signKeys[0].ECDSAPub.Y() - pk := ecdsa.PublicKey{ - Curve: tss.S256(), - X: pkX, - Y: pkY, - } - ok := ecdsa.Verify(&pk, big.NewInt(42).Bytes(), - new(big.Int).SetBytes(signData.r), - new(big.Int).SetBytes(signData.s)) - - assert.True(t, ok, "ecdsa verify must pass") - t.Log("ECDSA signing test done.") - // END ECDSA verify - - return - } - } - } -} - -type signatureDataParts struct { - signature []byte - r []byte - s []byte -} - -func recvSignatureDataParts(ch <-chan common.SignatureData) signatureDataParts { - _, value, ok := reflect.Select([]reflect.SelectCase{{ - Dir: reflect.SelectRecv, - Chan: reflect.ValueOf(ch), - }}) - if !ok { - return signatureDataParts{} - } - return signatureDataParts{ - signature: append([]byte(nil), value.FieldByName("Signature").Bytes()...), - r: append([]byte(nil), value.FieldByName("R").Bytes()...), - s: append([]byte(nil), value.FieldByName("S").Bytes()...), - } -} diff --git a/ecdsa/resharing/messages.go b/ecdsa/resharing/messages.go deleted file mode 100644 index b17a3bf93..000000000 --- a/ecdsa/resharing/messages.go +++ /dev/null @@ -1,440 +0,0 @@ -// Copyright © 2019 Binance -// -// This file is part of Binance. The full Binance copyright notice, including -// terms governing use, modification, and redistribution, is contained in the -// file LICENSE at the root of the source code distribution tree. - -package resharing - -import ( - "crypto/elliptic" - "math/big" - - "github.com/bnb-chain/tss-lib/common" - "github.com/bnb-chain/tss-lib/crypto" - cmt "github.com/bnb-chain/tss-lib/crypto/commitments" - "github.com/bnb-chain/tss-lib/crypto/dlnproof" - "github.com/bnb-chain/tss-lib/crypto/paillier" - "github.com/bnb-chain/tss-lib/crypto/vss" - "github.com/bnb-chain/tss-lib/tss" -) - -// These messages were generated from Protocol Buffers definitions into ecdsa-resharing.pb.go - -var ( - // Ensure that signing messages implement ValidateBasic - _ = []tss.MessageContent{ - (*DGRound1Message)(nil), - (*DGRound2Message1)(nil), - (*DGRound2Message2)(nil), - (*DGRound3Message1)(nil), - (*DGRound3Message2)(nil), - } -) - -const paillierBitsLen = 2048 - -// ----- // - -func NewDGRound1Message( - to []*tss.PartyID, - from *tss.PartyID, - ecdsaPub *crypto.ECPoint, - vct cmt.HashCommitment, - ssid []byte, -) tss.ParsedMessage { - meta := tss.MessageRouting{ - From: from, - To: to, - IsBroadcast: true, - IsToOldCommittee: false, - } - content := &DGRound1Message{ - EcdsaPubX: ecdsaPub.X().Bytes(), - EcdsaPubY: ecdsaPub.Y().Bytes(), - VCommitment: vct.Bytes(), - Ssid: append([]byte(nil), ssid...), - } - msg := tss.NewMessageWrapper(meta, content) - return tss.NewMessage(meta, content, msg) -} - -func (m *DGRound1Message) ValidateBasic() bool { - return m != nil && - common.NonEmptyBytes(m.EcdsaPubX) && - common.NonEmptyBytes(m.EcdsaPubY) && - common.NonEmptyBytes(m.VCommitment) && - len(m.Ssid) == 32 -} - -func (m *DGRound1Message) UnmarshalECDSAPub(ec elliptic.Curve) (*crypto.ECPoint, error) { - return crypto.NewECPoint( - ec, - new(big.Int).SetBytes(m.EcdsaPubX), - new(big.Int).SetBytes(m.EcdsaPubY)) -} - -func (m *DGRound1Message) UnmarshalVCommitment() *big.Int { - return new(big.Int).SetBytes(m.GetVCommitment()) -} - -// ----- // - -func NewDGRound2Message1( - to []*tss.PartyID, - from *tss.PartyID, - paillierPK *paillier.PublicKey, - paillierPf paillier.Proof, - NTildei, H1i, H2i *big.Int, - dlnProof1, dlnProof2 *dlnproof.Proof, - modProof, modProofTilde *paillier.ModProof, -) (tss.ParsedMessage, error) { - meta := tss.MessageRouting{ - From: from, - To: to, - IsBroadcast: true, - IsToOldCommittee: false, - } - paiPfBzs := common.BigIntsToBytes(paillierPf[:]) - content := &DGRound2Message1{ - PaillierN: paillierPK.N.Bytes(), - PaillierProof: paiPfBzs, - NTilde: NTildei.Bytes(), - H1: H1i.Bytes(), - H2: H2i.Bytes(), - Dlnproof_1: &DGRound2Message1_DLNProof{ - Alpha: common.BigIntsToBytes(dlnProof1.Alpha[:]), - T: common.BigIntsToBytes(dlnProof1.T[:]), - }, - Dlnproof_2: &DGRound2Message1_DLNProof{ - Alpha: common.BigIntsToBytes(dlnProof2.Alpha[:]), - T: common.BigIntsToBytes(dlnProof2.T[:]), - }, - Modproof: &DGRound2Message1_ModProof{ - W: modProof.W.Bytes(), - X: common.BigIntsToBytes(modProof.X[:]), - A: modProof.A[:], - B: modProof.B[:], - Z: common.BigIntsToBytes(modProof.Z[:]), - }, - ModproofTilde: &DGRound2Message1_ModProof{ - W: modProofTilde.W.Bytes(), - X: common.BigIntsToBytes(modProofTilde.X[:]), - A: modProofTilde.A[:], - B: modProofTilde.B[:], - Z: common.BigIntsToBytes(modProofTilde.Z[:]), - }, - } - msg := tss.NewMessageWrapper(meta, content) - return tss.NewMessage(meta, content, msg), nil -} - -func (m *DGRound2Message1) ValidateBasic() bool { - return m != nil && - common.NonEmptyMultiBytes(m.PaillierProof) && - common.NonEmptyBytes(m.PaillierN) && - common.NonEmptyBytes(m.NTilde) && - hasBitLen(m.PaillierN, paillierBitsLen) && - hasBitLen(m.NTilde, paillierBitsLen) && - common.NonEmptyBytes(m.H1) && - common.NonEmptyBytes(m.H2) && - m.GetDlnproof_1().ValidateBasic() && - m.GetDlnproof_2().ValidateBasic() && - m.GetModproof().ValidateBasic() && - m.GetModproofTilde().ValidateBasic() -} - -func hasBitLen(value []byte, bits int) bool { - return new(big.Int).SetBytes(value).BitLen() == bits -} - -func (m *DGRound2Message1) UnmarshalPaillierPK() *paillier.PublicKey { - return &paillier.PublicKey{ - N: new(big.Int).SetBytes(m.PaillierN), - } -} - -func (m *DGRound2Message1) UnmarshalNTilde() *big.Int { - return new(big.Int).SetBytes(m.GetNTilde()) -} - -func (m *DGRound2Message1) UnmarshalH1() *big.Int { - return new(big.Int).SetBytes(m.GetH1()) -} - -func (m *DGRound2Message1) UnmarshalH2() *big.Int { - return new(big.Int).SetBytes(m.GetH2()) -} - -func (m *DGRound2Message1) UnmarshalPaillierProof() paillier.Proof { - var pf paillier.Proof - ints := common.MultiBytesToBigInts(m.PaillierProof) - copy(pf[:], ints[:paillier.ProofIters]) - return pf -} - -func (m *DGRound2Message1) UnmarshalDLNProof1() (*dlnproof.Proof, error) { - p := m.GetDlnproof_1() - return dlnproof.UnmarshalDLNProof(p.GetAlpha(), p.GetT()) -} - -func (m *DGRound2Message1) UnmarshalDLNProof2() (*dlnproof.Proof, error) { - p := m.GetDlnproof_2() - return dlnproof.UnmarshalDLNProof(p.GetAlpha(), p.GetT()) -} - -func (m *DGRound2Message1) UnmarshalModProof() (*paillier.ModProof, error) { - p := m.GetModproof() - return paillier.UnmarshalModProof(p.GetW(), p.GetX(), p.GetA(), p.GetB(), p.GetZ()) -} - -func (m *DGRound2Message1) UnmarshalModProofTilde() (*paillier.ModProof, error) { - p := m.GetModproofTilde() - return paillier.UnmarshalModProof(p.GetW(), p.GetX(), p.GetA(), p.GetB(), p.GetZ()) -} - -func (p *DGRound2Message1_DLNProof) ValidateBasic() bool { - return p != nil && - common.NonEmptyMultiBytes(p.GetAlpha(), dlnproof.Iterations) && - common.NonEmptyMultiBytes(p.GetT(), dlnproof.Iterations) -} - -func (p *DGRound2Message1_ModProof) ValidateBasic() bool { - return p != nil && - common.NonEmptyBytes(p.GetW()) && - common.NonEmptyMultiBytes(p.GetX(), paillier.PARAM_M) && - common.NonEmptyBools(p.GetA(), paillier.PARAM_M) && - common.NonEmptyBools(p.GetB(), paillier.PARAM_M) && - common.NonEmptyMultiBytes(p.GetZ(), paillier.PARAM_M) -} - -// ----- // - -func NewDGRound2Message2( - to []*tss.PartyID, - from *tss.PartyID, -) tss.ParsedMessage { - meta := tss.MessageRouting{ - From: from, - To: to, - IsBroadcast: true, - IsToOldCommittee: true, - } - content := &DGRound2Message2{} - msg := tss.NewMessageWrapper(meta, content) - return tss.NewMessage(meta, content, msg) -} - -func (m *DGRound2Message2) ValidateBasic() bool { - return true -} - -// ----- // - -func NewDGRound3Message1( - to *tss.PartyID, - from *tss.PartyID, - share *vss.Share, -) tss.ParsedMessage { - meta := tss.MessageRouting{ - From: from, - To: []*tss.PartyID{to}, - IsBroadcast: false, - IsToOldCommittee: false, - } - content := &DGRound3Message1{ - Share: share.Share.Bytes(), - } - msg := tss.NewMessageWrapper(meta, content) - return tss.NewMessage(meta, content, msg) -} - -func (m *DGRound3Message1) ValidateBasic() bool { - return m != nil && - common.NonEmptyBytes(m.Share) -} - -// ----- // - -func NewDGRound3Message2( - to []*tss.PartyID, - from *tss.PartyID, - vdct cmt.HashDeCommitment, -) tss.ParsedMessage { - meta := tss.MessageRouting{ - From: from, - To: to, - IsBroadcast: true, - IsToOldCommittee: false, - } - vDctBzs := common.BigIntsToBytes(vdct) - content := &DGRound3Message2{ - VDecommitment: vDctBzs, - } - msg := tss.NewMessageWrapper(meta, content) - return tss.NewMessage(meta, content, msg) -} - -func (m *DGRound3Message2) ValidateBasic() bool { - return m != nil && - common.NonEmptyMultiBytes(m.VDecommitment) -} - -func (m *DGRound3Message2) UnmarshalVDeCommitment() cmt.HashDeCommitment { - deComBzs := m.GetVDecommitment() - return cmt.NewHashDeCommitmentFromBytes(deComBzs) -} - -// ----- // - -func NewDGRound4Message1( - to *tss.PartyID, - from *tss.PartyID, - proof, proofTilde *paillier.FactorProof, -) tss.ParsedMessage { - meta := tss.MessageRouting{ - From: from, - To: []*tss.PartyID{to}, - IsBroadcast: false, - IsToOldCommittee: false, - } - var facProof *DGRound4Message1_FactorProof - if proof != nil { - facProof = &DGRound4Message1_FactorProof{ - P: common.MarshalSigned(proof.P), - Q: common.MarshalSigned(proof.Q), - A: common.MarshalSigned(proof.A), - B: common.MarshalSigned(proof.B), - T: common.MarshalSigned(proof.T), - Sigma: common.MarshalSigned(proof.Sigma), - Z1: common.MarshalSigned(proof.Z1), - Z2: common.MarshalSigned(proof.Z2), - W1: common.MarshalSigned(proof.W1), - W2: common.MarshalSigned(proof.W2), - V: common.MarshalSigned(proof.V), - } - } else { - // The proof is nil when creating the self-message in round 2. - facProof = nil - } - var facProofTilde *DGRound4Message1_FactorProof - if proofTilde != nil { - facProofTilde = &DGRound4Message1_FactorProof{ - P: common.MarshalSigned(proofTilde.P), - Q: common.MarshalSigned(proofTilde.Q), - A: common.MarshalSigned(proofTilde.A), - B: common.MarshalSigned(proofTilde.B), - T: common.MarshalSigned(proofTilde.T), - Sigma: common.MarshalSigned(proofTilde.Sigma), - Z1: common.MarshalSigned(proofTilde.Z1), - Z2: common.MarshalSigned(proofTilde.Z2), - W1: common.MarshalSigned(proofTilde.W1), - W2: common.MarshalSigned(proofTilde.W2), - V: common.MarshalSigned(proofTilde.V), - } - } else { - // The proof is nil when creating the self-message in round 2. - facProofTilde = nil - } - content := &DGRound4Message1{ - Facproof: facProof, - FacproofTilde: facProofTilde, - } - msg := tss.NewMessageWrapper(meta, content) - return tss.NewMessage(meta, content, msg) -} - -func (m *DGRound4Message1) ValidateBasic() bool { - return m != nil && - m.GetFacproof().ValidateBasic() && - m.GetFacproofTilde().ValidateBasic() -} - -func (m *DGRound4Message1) UnmarshalFactorProof() *paillier.FactorProof { - proof := m.GetFacproof() - return &paillier.FactorProof{ - P: common.UnmarshalSigned(proof.P), - Q: common.UnmarshalSigned(proof.Q), - A: common.UnmarshalSigned(proof.A), - B: common.UnmarshalSigned(proof.B), - T: common.UnmarshalSigned(proof.T), - Sigma: common.UnmarshalSigned(proof.Sigma), - Z1: common.UnmarshalSigned(proof.Z1), - Z2: common.UnmarshalSigned(proof.Z2), - W1: common.UnmarshalSigned(proof.W1), - W2: common.UnmarshalSigned(proof.W2), - V: common.UnmarshalSigned(proof.V), - } -} - -func (m *DGRound4Message1) UnmarshalFactorProofTilde() *paillier.FactorProof { - proof := m.GetFacproofTilde() - return &paillier.FactorProof{ - P: common.UnmarshalSigned(proof.P), - Q: common.UnmarshalSigned(proof.Q), - A: common.UnmarshalSigned(proof.A), - B: common.UnmarshalSigned(proof.B), - T: common.UnmarshalSigned(proof.T), - Sigma: common.UnmarshalSigned(proof.Sigma), - Z1: common.UnmarshalSigned(proof.Z1), - Z2: common.UnmarshalSigned(proof.Z2), - W1: common.UnmarshalSigned(proof.W1), - W2: common.UnmarshalSigned(proof.W2), - V: common.UnmarshalSigned(proof.V), - } -} - -func (proof *DGRound4Message1_FactorProof) ValidateBasic() bool { - return proof != nil && - common.NonEmptyBytes(proof.GetP()) && - common.NonEmptyBytes(proof.GetQ()) && - common.NonEmptyBytes(proof.GetA()) && - common.NonEmptyBytes(proof.GetB()) && - common.NonEmptyBytes(proof.GetT()) && - common.NonEmptyBytes(proof.GetSigma()) && - common.NonEmptyBytes(proof.GetZ1()) && - common.NonEmptyBytes(proof.GetZ2()) && - common.NonEmptyBytes(proof.GetW1()) && - common.NonEmptyBytes(proof.GetW2()) && - common.NonEmptyBytes(proof.GetV()) -} - -// ----- // - -func NewDGRound4Message2( - to []*tss.PartyID, - from *tss.PartyID, -) tss.ParsedMessage { - meta := tss.MessageRouting{ - From: from, - To: to, - IsBroadcast: true, - IsToOldAndNewCommittees: true, - } - content := &DGRound4Message2{} - msg := tss.NewMessageWrapper(meta, content) - return tss.NewMessage(meta, content, msg) -} - -func (m *DGRound4Message2) ValidateBasic() bool { - return true -} - -func NewDGRound5Message( - to []*tss.PartyID, - from *tss.PartyID, -) tss.ParsedMessage { - meta := tss.MessageRouting{ - From: from, - To: to, - IsBroadcast: true, - IsToOldAndNewCommittees: true, - } - content := &DGRound5Message{} - msg := tss.NewMessageWrapper(meta, content) - return tss.NewMessage(meta, content, msg) -} - -func (m *DGRound5Message) ValidateBasic() bool { - return true -} diff --git a/ecdsa/resharing/messages_test.go b/ecdsa/resharing/messages_test.go deleted file mode 100644 index 9f089d3ff..000000000 --- a/ecdsa/resharing/messages_test.go +++ /dev/null @@ -1,260 +0,0 @@ -// Copyright © 2019 Binance -// -// This file is part of Binance. The full Binance copyright notice, including -// terms governing use, modification, and redistribution, is contained in the -// file LICENSE at the root of the source code distribution tree. - -package resharing - -import ( - "math/big" - "strings" - "testing" - - "github.com/bnb-chain/tss-lib/crypto" - "github.com/bnb-chain/tss-lib/crypto/dlnproof" - "github.com/bnb-chain/tss-lib/crypto/paillier" - "github.com/bnb-chain/tss-lib/ecdsa/keygen" - "github.com/bnb-chain/tss-lib/tss" -) - -// TestDGRound1Message_ValidateBasic_RequiresSsid pins the wire-format -// invariant that the SSID field must be present on every DGRound1Message. -// Without this, an attacker could strip the SSID from a broadcast and the -// new-committee cross-verification check in round 1 would silently never -// fire (the message would be rejected for other reasons or accepted with an -// empty SSID, both of which mask the disagreement-detection mechanism the -// SSID-on-the-wire was added for). -func TestDGRound1Message_ValidateBasic_RequiresSsid(t *testing.T) { - withSsid := &DGRound1Message{ - EcdsaPubX: []byte{0x01}, - EcdsaPubY: []byte{0x02}, - VCommitment: []byte{0x03}, - Ssid: make([]byte, 32), - } - if !withSsid.ValidateBasic() { - t.Fatal("ValidateBasic must accept a complete DGRound1Message") - } - - missingSsid := &DGRound1Message{ - EcdsaPubX: []byte{0x01}, - EcdsaPubY: []byte{0x02}, - VCommitment: []byte{0x03}, - // Ssid intentionally omitted - } - if missingSsid.ValidateBasic() { - t.Fatal("ValidateBasic must reject a DGRound1Message with empty Ssid") - } - - emptySsid := &DGRound1Message{ - EcdsaPubX: []byte{0x01}, - EcdsaPubY: []byte{0x02}, - VCommitment: []byte{0x03}, - Ssid: []byte{}, - } - if emptySsid.ValidateBasic() { - t.Fatal("ValidateBasic must reject a DGRound1Message with zero-length Ssid") - } - - shortSsid := &DGRound1Message{ - EcdsaPubX: []byte{0x01}, - EcdsaPubY: []byte{0x02}, - VCommitment: []byte{0x03}, - Ssid: []byte("short-ssid"), - } - if shortSsid.ValidateBasic() { - t.Fatal("ValidateBasic must reject a DGRound1Message with short Ssid") - } -} - -func TestDGRound2Message1ValidateBasicRequiresExactModulusWidth(t *testing.T) { - msg := validDGRound2Message1ForValidation() - if !msg.ValidateBasic() { - t.Fatal("expected baseline message to validate") - } - - msg = validDGRound2Message1ForValidation() - msg.PaillierN = big.NewInt(1).Bytes() - if msg.ValidateBasic() { - t.Fatal("expected sub-2048-bit Paillier modulus to fail validation") - } - - msg = validDGRound2Message1ForValidation() - msg.NTilde = big.NewInt(1).Bytes() - if msg.ValidateBasic() { - t.Fatal("expected sub-2048-bit NTilde modulus to fail validation") - } - - msg = validDGRound2Message1ForValidation() - msg.PaillierN = new(big.Int).Lsh(big.NewInt(1), paillierBitsLen).Bytes() - if msg.ValidateBasic() { - t.Fatal("expected over-2048-bit Paillier modulus to fail validation") - } - - msg = validDGRound2Message1ForValidation() - msg.NTilde = new(big.Int).Lsh(big.NewInt(1), paillierBitsLen).Bytes() - if msg.ValidateBasic() { - t.Fatal("expected over-2048-bit NTilde modulus to fail validation") - } -} - -func validDGRound2Message1ForValidation() *DGRound2Message1 { - largeModulus := new(big.Int).Lsh(big.NewInt(1), paillierBitsLen-1).Bytes() - modProof := validDGRound2ModProofForValidation() - - return &DGRound2Message1{ - PaillierProof: [][]byte{{0x01}}, - PaillierN: largeModulus, - NTilde: largeModulus, - H1: []byte{0x02}, - H2: []byte{0x03}, - Dlnproof_1: validDGRound2DLNProofForValidation(), - Dlnproof_2: validDGRound2DLNProofForValidation(), - Modproof: modProof, - ModproofTilde: modProof, - } -} - -func validDGRound2DLNProofForValidation() *DGRound2Message1_DLNProof { - alpha := make([][]byte, dlnproof.Iterations) - tValues := make([][]byte, dlnproof.Iterations) - for i := range alpha { - alpha[i] = []byte{0x01} - tValues[i] = []byte{0x02} - } - - return &DGRound2Message1_DLNProof{Alpha: alpha, T: tValues} -} - -func validDGRound2ModProofForValidation() *DGRound2Message1_ModProof { - xValues := make([][]byte, paillier.PARAM_M) - zValues := make([][]byte, paillier.PARAM_M) - for i := range xValues { - xValues[i] = []byte{0x01} - zValues[i] = []byte{0x02} - } - - return &DGRound2Message1_ModProof{ - W: []byte{0x01}, - X: xValues, - A: make([]bool, paillier.PARAM_M), - B: make([]bool, paillier.PARAM_M), - Z: zValues, - } -} - -// TestRound1Update_RejectsMismatchedSsidBeforePartyZero pins that every old -// committee broadcast is SSID-checked before being marked accepted. In -// particular, old party j>0 may arrive before old party 0; that ordering must -// not bypass the SSID mismatch check. -func TestRound1Update_RejectsMismatchedSsidBeforePartyZero(t *testing.T) { - oldPIDs := tss.GenerateTestPartyIDs(2) - newPIDs := tss.GenerateTestPartyIDs(2) - oldCtx := tss.NewPeerContext(oldPIDs) - newCtx := tss.NewPeerContext(newPIDs) - - params := tss.NewReSharingParameters(tss.S256(), oldCtx, newCtx, newPIDs[0], len(oldPIDs), 1, len(newPIDs), 1) - params.SetSessionNonce(big.NewInt(7)) - - round := &round1{ - base: &base{ - ReSharingParameters: params, - temp: &localTempData{ - localMessageStore: localMessageStore{ - dgRound1Messages: make([]tss.ParsedMessage, len(oldPIDs)), - }, - ssidNonce: params.SessionNonce(), - }, - oldOK: make([]bool, len(oldPIDs)), - newOK: make([]bool, len(newPIDs)), - started: true, - number: 1, - }, - } - round.allNewOK() - round.temp.ssid = round.getSSID() - - content := &DGRound1Message{ - EcdsaPubX: []byte{0x01}, - EcdsaPubY: []byte{0x02}, - VCommitment: []byte{0x03}, - Ssid: []byte("wrong-ssid"), - } - routing := tss.MessageRouting{ - From: oldPIDs[1], - To: newPIDs, - IsBroadcast: true, - } - round.temp.dgRound1Messages[1] = tss.NewMessage(routing, content, tss.NewMessageWrapper(routing, content)) - - _, tssErr := round.Update() - if tssErr == nil { - t.Fatal("expected mismatched SSID to be rejected even when old party 0 has not arrived") - } - if !strings.Contains(tssErr.Error(), "ssid does not match") { - t.Fatalf("unexpected error: %v", tssErr) - } - if round.oldOK[1] { - t.Fatal("old party 1 must not be marked accepted after SSID mismatch") - } -} - -// TestRound1Update_RejectsMismatchedECDSAPubBeforePartyZero pins that -// DGRound1Message ECDSAPub is checked per sender. A non-zero old party may -// arrive before old party 0, and its public key copy must not be silently -// skipped by waiting for party 0 as a canonical source. -func TestRound1Update_RejectsMismatchedECDSAPubBeforePartyZero(t *testing.T) { - oldPIDs := tss.GenerateTestPartyIDs(2) - newPIDs := tss.GenerateTestPartyIDs(2) - oldCtx := tss.NewPeerContext(oldPIDs) - newCtx := tss.NewPeerContext(newPIDs) - - params := tss.NewReSharingParameters(tss.S256(), oldCtx, newCtx, newPIDs[0], len(oldPIDs), 1, len(newPIDs), 1) - params.SetSessionNonce(big.NewInt(7)) - save := keygen.NewLocalPartySaveData(len(newPIDs)) - - round := &round1{ - base: &base{ - ReSharingParameters: params, - temp: &localTempData{ - localMessageStore: localMessageStore{ - dgRound1Messages: make([]tss.ParsedMessage, len(oldPIDs)), - }, - ssidNonce: params.SessionNonce(), - }, - save: &save, - oldOK: make([]bool, len(oldPIDs)), - newOK: make([]bool, len(newPIDs)), - started: true, - number: 1, - }, - } - round.allNewOK() - round.temp.ssid = round.getSSID() - round.save.ECDSAPub = crypto.ScalarBaseMult(tss.S256(), big.NewInt(1)) - - differentECDSAPub := crypto.ScalarBaseMult(tss.S256(), big.NewInt(2)) - content := &DGRound1Message{ - EcdsaPubX: differentECDSAPub.X().Bytes(), - EcdsaPubY: differentECDSAPub.Y().Bytes(), - VCommitment: []byte{0x03}, - Ssid: round.temp.ssid, - } - routing := tss.MessageRouting{ - From: oldPIDs[1], - To: newPIDs, - IsBroadcast: true, - } - round.temp.dgRound1Messages[1] = tss.NewMessage(routing, content, tss.NewMessageWrapper(routing, content)) - - _, tssErr := round.Update() - if tssErr == nil { - t.Fatal("expected mismatched ECDSA public key to be rejected even when old party 0 has not arrived") - } - if !strings.Contains(tssErr.Error(), "ecdsa pub key did not match") { - t.Fatalf("unexpected error: %v", tssErr) - } - if round.oldOK[1] { - t.Fatal("old party 1 must not be marked accepted after ECDSA public key mismatch") - } -} diff --git a/ecdsa/resharing/round_1_old_step_1.go b/ecdsa/resharing/round_1_old_step_1.go deleted file mode 100644 index 7876b595a..000000000 --- a/ecdsa/resharing/round_1_old_step_1.go +++ /dev/null @@ -1,154 +0,0 @@ -// Copyright © 2019 Binance -// -// This file is part of Binance. The full Binance copyright notice, including -// terms governing use, modification, and redistribution, is contained in the -// file LICENSE at the root of the source code distribution tree. - -package resharing - -import ( - "bytes" - "errors" - "fmt" - "math/big" - - "github.com/bnb-chain/tss-lib/crypto" - "github.com/bnb-chain/tss-lib/crypto/commitments" - "github.com/bnb-chain/tss-lib/crypto/vss" - "github.com/bnb-chain/tss-lib/ecdsa/keygen" - "github.com/bnb-chain/tss-lib/ecdsa/signing" - "github.com/bnb-chain/tss-lib/tss" -) - -// round 1 represents round 1 of the keygen part of the GG18 ECDSA TSS spec (Gennaro, Goldfeder; 2018) -func newRound1(params *tss.ReSharingParameters, input, save *keygen.LocalPartySaveData, temp *localTempData, out chan<- tss.Message, end chan<- keygen.LocalPartySaveData) tss.Round { - return &round1{ - &base{params, temp, input, save, out, end, make([]bool, len(params.OldParties().IDs())), make([]bool, len(params.NewParties().IDs())), false, 1}} -} - -func (round *round1) Start() *tss.Error { - if round.started { - return round.WrapError(errors.New("round already started")) - } - round.number = 1 - round.started = true - round.resetOK() // resets both round.oldOK and round.newOK - round.allNewOK() - - // Derive SSID for both committees so the old committee can broadcast it - // in DGRound1Message and the new committee can cross-check that every - // old-committee party agrees. Both committees can derive locally from - // public inputs (party IDs, curve, round number, ssidNonce); broadcasting - // adds early detection of a corrupted old-committee party who would - // otherwise emit divergent SSIDs across new-committee members. - // - // Resharing fails closed if no SessionNonce is set. The previous zero - // fallback neutralised the SSID binding for any caller that forgot - // SetSessionNonce — two resharing ceremonies over identical committees - // would derive the same SSID, breaking session binding. - nonce := round.Params().SessionNonce() - if nonce == nil || nonce.Sign() <= 0 { - return round.WrapError(errors.New("resharing requires tss.Parameters.SetSessionNonce() before Start")) - } - round.temp.ssidNonce = new(big.Int).Set(nonce) - round.temp.ssid = round.getSSID() - - if !round.ReSharingParams().IsOldCommittee() { - return nil - } - round.allOldOK() - - Pi := round.PartyID() - i := Pi.Index - - // 1. PrepareForSigning() -> w_i - xi, ks, bigXj := round.input.Xi, round.input.Ks, round.input.BigXj - if round.Threshold()+1 > len(ks) { - return round.WrapError(fmt.Errorf("t+1=%d is not satisfied by the key count of %d", round.Threshold()+1, len(ks)), round.PartyID()) - } - newKs := round.NewParties().IDs().Keys() - wi, _ := signing.PrepareForSigning(round.Params().EC(), i, len(round.OldParties().IDs()), xi, ks, bigXj) - - // 2. - vi, shares, err := vss.Create(round.Params().EC(), round.NewThreshold(), wi, newKs) - if err != nil { - return round.WrapError(err, round.PartyID()) - } - - // 3. - flatVis, err := crypto.FlattenECPoints(vi) - if err != nil { - return round.WrapError(err, round.PartyID()) - } - vCmt := commitments.NewHashCommitment(flatVis...) - - // 4. populate temp data - round.temp.VD = vCmt.D - round.temp.NewShares = shares - - // 5. "broadcast" C_i to members of the NEW committee, including this - // party's locally-derived SSID so the new committee can cross-verify. - r1msg := NewDGRound1Message( - round.NewParties().IDs().Exclude(round.PartyID()), round.PartyID(), - round.input.ECDSAPub, vCmt.C, round.temp.ssid) - round.temp.dgRound1Messages[i] = r1msg - round.out <- r1msg - - return nil -} - -func (round *round1) CanAccept(msg tss.ParsedMessage) bool { - // accept messages from old -> new committee - if _, ok := msg.Content().(*DGRound1Message); ok { - return msg.IsBroadcast() - } - return false -} - -func (round *round1) Update() (bool, *tss.Error) { - // only the new committee receive in this round - if !round.ReSharingParameters.IsNewCommittee() { - return true, nil - } - ret := true - // accept messages from old -> new committee - for j, msg := range round.temp.dgRound1Messages { - if round.oldOK[j] { - continue - } - if msg == nil || !round.CanAccept(msg) { - ret = false - continue - } - // Verify the sender's broadcast SSID matches our locally-derived SSID - // before consuming any field of the message. A mismatch means either - // (a) this old-committee party is corrupted and broadcasting an - // inconsistent SSID across new-committee members, or (b) the parties - // disagree on the protocol context (party IDs, curve, session - // nonce). Either way the protocol must abort and identify the - // culprit before downstream proof verification could mask the cause. - senderMsg := round.temp.dgRound1Messages[j].Content().(*DGRound1Message) - if !bytes.Equal(senderMsg.GetSsid(), round.temp.ssid) { - return false, round.WrapError(errors.New("DGRound1Message ssid does not match locally-derived ssid — old-committee party broadcast inconsistent SSID"), msg.GetFrom()) - } - - // save the ecdsa pub received from the old committee - candidate, err := senderMsg.UnmarshalECDSAPub(round.Params().EC()) - if err != nil { - return false, round.WrapError(errors.New("unable to unmarshal the ecdsa pub key"), msg.GetFrom()) - } - if round.save.ECDSAPub != nil && - !candidate.Equals(round.save.ECDSAPub) { - // uh oh - anomaly! - return false, round.WrapError(errors.New("ecdsa pub key did not match what we received previously"), msg.GetFrom()) - } - round.save.ECDSAPub = candidate - round.oldOK[j] = true - } - return ret, nil -} - -func (round *round1) NextRound() tss.Round { - round.started = false - return &round2{round} -} diff --git a/ecdsa/resharing/round_2_new_step_1.go b/ecdsa/resharing/round_2_new_step_1.go deleted file mode 100644 index 1abc5c977..000000000 --- a/ecdsa/resharing/round_2_new_step_1.go +++ /dev/null @@ -1,193 +0,0 @@ -// Copyright © 2019 Binance -// -// This file is part of Binance. The full Binance copyright notice, including -// terms governing use, modification, and redistribution, is contained in the -// file LICENSE at the root of the source code distribution tree. - -package resharing - -import ( - "errors" - "math/big" - - "github.com/bnb-chain/tss-lib/common" - "github.com/bnb-chain/tss-lib/crypto/dlnproof" - "github.com/bnb-chain/tss-lib/crypto/paillier" - "github.com/bnb-chain/tss-lib/ecdsa/keygen" - "github.com/bnb-chain/tss-lib/tss" -) - -func (round *round2) Start() *tss.Error { - if round.started { - return round.WrapError(errors.New("round already started")) - } - round.number = 2 - round.started = true - round.resetOK() // resets both round.oldOK and round.newOK - round.allOldOK() - // round.temp.ssid and round.temp.ssidNonce were set in round 1 (for both - // old and new committees) so the old committee could broadcast SSID and - // the new committee could cross-verify. Reusing the round-1 value here - // keeps proof contexts consistent across rounds. - - if !round.ReSharingParams().IsNewCommittee() { - return nil - } - - Pi := round.PartyID() - i := Pi.Index - - // 2. "broadcast" "ACK" members of the OLD committee - r2msg1 := NewDGRound2Message2( - round.OldParties().IDs().Exclude(round.PartyID()), round.PartyID()) - round.temp.dgRound2Message2s[i] = r2msg1 - round.out <- r2msg1 - - // 1. - // generate Paillier public key E_i, private key and proof - // generate safe primes for ZKPs later on - // compute ntilde, h1, h2 (uses safe primes) - // use the pre-params if they were provided to the LocalParty constructor - var preParams *keygen.LocalPreParams - if round.save.LocalPreParams.Validate() && !round.save.LocalPreParams.ValidateWithProof() { - return round.WrapError( - errors.New("`optionalPreParams` failed to validate; it might have been generated with an older version of tss-lib")) - } else if round.save.LocalPreParams.ValidateWithProof() { - preParams = &round.save.LocalPreParams - } else { - var err error - preParams, err = keygen.GeneratePreParams(round.SafePrimeGenTimeout(), round.Concurrency()) - if err != nil { - return round.WrapError(errors.New("pre-params generation failed"), Pi) - } - } - round.save.LocalPreParams = *preParams - round.save.NTildej[i] = preParams.NTildei - round.save.H1j[i], round.save.H2j[i] = preParams.H1i, preParams.H2i - - // generate the dlnproofs for resharing - h1i, h2i, alpha, beta, p, q, NTildei := - preParams.H1i, - preParams.H2i, - preParams.Alpha, - preParams.Beta, - preParams.P, - preParams.Q, - preParams.NTildei - dlnProof1 := dlnproof.NewDLNProof(h1i, h2i, alpha, p, q, NTildei, round.temp.ssid) - dlnProof2 := dlnproof.NewDLNProof(h2i, h1i, beta, p, q, NTildei, round.temp.ssid) - - contextI := common.AppendUint64ToBytesSlice(round.temp.ssid, uint64(i)) - modProof := preParams.PaillierSK.ModProof(contextI) - - // NTildei = (2p+1) * (2q+1) - // phi(NTildei) = ((2p+1) - 1) * ((2q+1) - 1) = 2p * 2q - pp := new(big.Int).Add(p, p) - qq := new(big.Int).Add(q, q) - phiNTilde := new(big.Int).Mul(pp, qq) - // As per paillier.go - gcdTilde := new(big.Int).GCD(nil, nil, pp, qq) - lambdaNTilde := new(big.Int).Div(phiNTilde, gcdTilde) - pkTilde := &paillier.PublicKey{N: NTildei} - skTilde := &paillier.PrivateKey{PublicKey: *pkTilde, LambdaN: lambdaNTilde, PhiN: phiNTilde} - - modProofTilde := skTilde.ModProof(contextI) - - paillierPf := preParams.PaillierSK.Proof(Pi.KeyInt(), round.save.ECDSAPub) - r2msg2, err := NewDGRound2Message1( - round.NewParties().IDs().Exclude(round.PartyID()), round.PartyID(), - &preParams.PaillierSK.PublicKey, - paillierPf, - preParams.NTildei, - preParams.H1i, - preParams.H2i, - dlnProof1, - dlnProof2, - modProof, - modProofTilde, - ) - if err != nil { - return round.WrapError(err, Pi) - } - round.temp.dgRound2Message1s[i] = r2msg2 - round.out <- r2msg2 - - // for this P: SAVE de-commitments, paillier keys for round 2 - round.save.PaillierSK = preParams.PaillierSK - round.save.PaillierPKs[i] = &preParams.PaillierSK.PublicKey - round.save.NTildej[i] = preParams.NTildei - round.save.H1j[i], round.save.H2j[i] = preParams.H1i, preParams.H2i - - round.temp.skTilde = skTilde - - return nil -} - -func (round *round2) CanAccept(msg tss.ParsedMessage) bool { - if round.ReSharingParams().IsNewCommittee() { - if _, ok := msg.Content().(*DGRound2Message1); ok { - return msg.IsBroadcast() - } - } - if round.ReSharingParams().IsOldCommittee() { - if _, ok := msg.Content().(*DGRound2Message2); ok { - return msg.IsBroadcast() - } - } - return false -} - -func (round *round2) Update() (bool, *tss.Error) { - ret := true - if round.ReSharingParams().IsOldCommittee() && round.ReSharingParameters.IsNewCommittee() { - // accept messages from new -> old committee - for j, msg1 := range round.temp.dgRound2Message2s { - if round.newOK[j] { - continue - } - if msg1 == nil || !round.CanAccept(msg1) { - ret = false - continue - } - // accept message from new -> committee - msg2 := round.temp.dgRound2Message1s[j] - if msg2 == nil || !round.CanAccept(msg2) { - ret = false - continue - } - round.newOK[j] = true - } - } else if round.ReSharingParams().IsOldCommittee() { - // accept messages from new -> old committee - for j, msg := range round.temp.dgRound2Message2s { - if round.newOK[j] { - continue - } - if msg == nil || !round.CanAccept(msg) { - ret = false - continue - } - round.newOK[j] = true - } - } else if round.ReSharingParams().IsNewCommittee() { - // accept messages from new -> new committee - for j, msg := range round.temp.dgRound2Message1s { - if round.newOK[j] { - continue - } - if msg == nil || !round.CanAccept(msg) { - ret = false - continue - } - round.newOK[j] = true - } - } else { - return false, round.WrapError(errors.New("this party is not in the old or the new committee"), round.PartyID()) - } - return ret, nil -} - -func (round *round2) NextRound() tss.Round { - round.started = false - return &round3{round} -} diff --git a/ecdsa/resharing/round_3_old_step_2.go b/ecdsa/resharing/round_3_old_step_2.go deleted file mode 100644 index f1a8b99a7..000000000 --- a/ecdsa/resharing/round_3_old_step_2.go +++ /dev/null @@ -1,88 +0,0 @@ -// Copyright © 2019 Binance -// -// This file is part of Binance. The full Binance copyright notice, including -// terms governing use, modification, and redistribution, is contained in the -// file LICENSE at the root of the source code distribution tree. - -package resharing - -import ( - "errors" - - "github.com/bnb-chain/tss-lib/tss" -) - -func (round *round3) Start() *tss.Error { - if round.started { - return round.WrapError(errors.New("round already started")) - } - round.number = 3 - round.started = true - round.resetOK() // resets both round.oldOK and round.newOK - round.allNewOK() - - if !round.ReSharingParams().IsOldCommittee() { - return nil - } - round.allOldOK() - - Pi := round.PartyID() - i := Pi.Index - - // 2. send share to Pj from the new committee - for j, Pj := range round.NewParties().IDs() { - share := round.temp.NewShares[j] - r3msg1 := NewDGRound3Message1(Pj, round.PartyID(), share) - round.temp.dgRound3Message1s[i] = r3msg1 - round.out <- r3msg1 - } - - vDeCmt := round.temp.VD - r3msg2 := NewDGRound3Message2( - round.NewParties().IDs().Exclude(round.PartyID()), round.PartyID(), - vDeCmt) - round.temp.dgRound3Message2s[i] = r3msg2 - round.out <- r3msg2 - - return nil -} - -func (round *round3) CanAccept(msg tss.ParsedMessage) bool { - if _, ok := msg.Content().(*DGRound3Message1); ok { - return !msg.IsBroadcast() - } - if _, ok := msg.Content().(*DGRound3Message2); ok { - return msg.IsBroadcast() - } - return false -} - -func (round *round3) Update() (bool, *tss.Error) { - // only the new committee receive in this round - if !round.ReSharingParams().IsNewCommittee() { - return true, nil - } - ret := true - // accept messages from old -> new committee - for j, msg1 := range round.temp.dgRound3Message1s { - if round.oldOK[j] { - continue - } - if msg1 == nil || !round.CanAccept(msg1) { - ret = false - continue - } - msg2 := round.temp.dgRound3Message2s[j] - if msg2 == nil || !round.CanAccept(msg2) { - ret = false - continue - } - round.oldOK[j] = true - } - return ret, nil -} - -func (round *round3) NextRound() tss.Round { - round.started = false - return &round4{round} -} diff --git a/ecdsa/resharing/round_4_new_step_2.go b/ecdsa/resharing/round_4_new_step_2.go deleted file mode 100644 index 56d118c09..000000000 --- a/ecdsa/resharing/round_4_new_step_2.go +++ /dev/null @@ -1,300 +0,0 @@ -// Copyright © 2019 Binance -// -// This file is part of Binance. The full Binance copyright notice, including -// terms governing use, modification, and redistribution, is contained in the -// file LICENSE at the root of the source code distribution tree. - -package resharing - -import ( - "encoding/hex" - "errors" - "math/big" - "sync" - - errors2 "github.com/pkg/errors" - - "github.com/bnb-chain/tss-lib/common" - "github.com/bnb-chain/tss-lib/crypto" - "github.com/bnb-chain/tss-lib/crypto/commitments" - "github.com/bnb-chain/tss-lib/crypto/vss" - "github.com/bnb-chain/tss-lib/ecdsa/keygen" - "github.com/bnb-chain/tss-lib/tss" -) - -func (round *round4) Start() *tss.Error { - if round.started { - return round.WrapError(errors.New("round already started")) - } - round.number = 4 - round.started = true - round.resetOK() // resets both round.oldOK and round.newOK - - round.allOldOK() - - if !round.ReSharingParams().IsNewCommittee() { - // both committees proceed to round 5 after receiving "ACK" messages from the new committee - return nil - } - - common.Logger.Debugf( - "%s Setting up DLN verification with concurrency level of %d", - round.PartyID(), - round.Concurrency(), - ) - verifier := keygen.NewProofVerifier(round.Concurrency()) - - Pi := round.PartyID() - i := Pi.Index - - // 1-3. verify paillier & dln proofs, store message pieces, ensure uniqueness of h1j, h2j - h1H2Map := make(map[string]struct{}, len(round.temp.dgRound2Message1s)*2) - paiProofCulprits := make([]*tss.PartyID, len(round.temp.dgRound2Message1s)) // who caused the error(s) - dlnProof1FailCulprits := make([]*tss.PartyID, len(round.temp.dgRound2Message1s)) - dlnProof2FailCulprits := make([]*tss.PartyID, len(round.temp.dgRound2Message1s)) - modProofFailCulprits := make([]*tss.PartyID, len(round.temp.dgRound2Message1s)) - modProofTildeFailCulprits := make([]*tss.PartyID, len(round.temp.dgRound2Message1s)) - wg := new(sync.WaitGroup) - for j, msg := range round.temp.dgRound2Message1s { - r2msg1 := msg.Content().(*DGRound2Message1) - paiPK, NTildej, H1j, H2j := - r2msg1.UnmarshalPaillierPK(), - r2msg1.UnmarshalNTilde(), - r2msg1.UnmarshalH1(), - r2msg1.UnmarshalH2() - if H1j.Cmp(H2j) == 0 { - return round.WrapError(errors.New("h1j and h2j were equal for this party"), msg.GetFrom()) - } - h1JHex, h2JHex := hex.EncodeToString(H1j.Bytes()), hex.EncodeToString(H2j.Bytes()) - if _, found := h1H2Map[h1JHex]; found { - return round.WrapError(errors.New("this h1j was already used by another party"), msg.GetFrom()) - } - if _, found := h1H2Map[h2JHex]; found { - return round.WrapError(errors.New("this h2j was already used by another party"), msg.GetFrom()) - } - h1H2Map[h1JHex], h1H2Map[h2JHex] = struct{}{}, struct{}{} - wg.Add(5) - go func(j int, msg tss.ParsedMessage, r2msg1 *DGRound2Message1) { - if ok, err := r2msg1.UnmarshalPaillierProof().Verify(paiPK.N, msg.GetFrom().KeyInt(), round.save.ECDSAPub); err != nil || !ok { - paiProofCulprits[j] = msg.GetFrom() - common.Logger.Warningf("paillier verify failed for party %s", msg.GetFrom(), err) - } - wg.Done() - }(j, msg, r2msg1) - _j := j - _msg := msg - contextJ := common.AppendUint64ToBytesSlice(round.temp.ssid, uint64(j)) - verifier.VerifyDLNProof1(r2msg1, H1j, H2j, NTildej, func(isValid bool) { - if !isValid { - dlnProof1FailCulprits[_j] = _msg.GetFrom() - common.Logger.Warningf("dln proof 1 verify failed for party %s", _msg.GetFrom()) - } - wg.Done() - }, round.temp.ssid) - verifier.VerifyDLNProof2(r2msg1, H2j, H1j, NTildej, func(isValid bool) { - if !isValid { - dlnProof2FailCulprits[_j] = _msg.GetFrom() - common.Logger.Warningf("dln proof 2 verify failed for party %s", _msg.GetFrom()) - } - wg.Done() - }, round.temp.ssid) - verifier.VerifyModProof(r2msg1, paiPK.N, func(isValid bool) { - if !isValid { - modProofFailCulprits[_j] = _msg.GetFrom() - common.Logger.Warningf("mod proof verify failed for party %s", _msg.GetFrom()) - } - wg.Done() - }, contextJ) - verifier.VerifyModProofTilde(r2msg1, NTildej, func(isValid bool) { - if !isValid { - modProofTildeFailCulprits[_j] = _msg.GetFrom() - common.Logger.Warningf("mod proof tilde verify failed for party %s", _msg.GetFrom()) - } - wg.Done() - }, contextJ) - } - wg.Wait() - for _, culprit := range append(append(paiProofCulprits, dlnProof1FailCulprits...), dlnProof2FailCulprits...) { - if culprit != nil { - return round.WrapError(errors.New("dln proof verification failed"), culprit) - } - } - for _, culprit := range append(modProofFailCulprits, modProofTildeFailCulprits...) { - if culprit != nil { - return round.WrapError(errors.New("mod proof verification failed"), culprit) - } - } - // save NTilde_j, h1_j, h2_j received in NewCommitteeStep1 here - for j, msg := range round.temp.dgRound2Message1s { - if j == i { - continue - } - r2msg1 := msg.Content().(*DGRound2Message1) - round.save.NTildej[j] = new(big.Int).SetBytes(r2msg1.NTilde) - round.save.H1j[j] = new(big.Int).SetBytes(r2msg1.H1) - round.save.H2j[j] = new(big.Int).SetBytes(r2msg1.H2) - } - - // 4. - newXi := big.NewInt(0) - - // 5-9. - modQ := common.ModInt(round.Params().EC().Params().N) - vjc := make([][]*crypto.ECPoint, len(round.OldParties().IDs())) - for j := 0; j <= len(vjc)-1; j++ { // P1..P_t+1. Ps are indexed from 0 here - // 6-7. - r1msg := round.temp.dgRound1Messages[j].Content().(*DGRound1Message) - r3msg2 := round.temp.dgRound3Message2s[j].Content().(*DGRound3Message2) - - vCj, vDj := r1msg.UnmarshalVCommitment(), r3msg2.UnmarshalVDeCommitment() - - // 6. unpack flat "v" commitment content - vCmtDeCmt := commitments.HashCommitDecommit{C: vCj, D: vDj} - ok, flatVs := vCmtDeCmt.DeCommit() - if !ok || len(flatVs) != (round.NewThreshold()+1)*2 { // they're points so * 2 - // TODO collect culprits and return a list of them as per convention - return round.WrapError(errors.New("de-commitment of v_j0..v_jt failed"), round.Parties().IDs()[j]) - } - vj, err := crypto.UnFlattenECPoints(round.Params().EC(), flatVs) - if err != nil { - return round.WrapError(err, round.Parties().IDs()[j]) - } - vjc[j] = vj - - // 8. - r3msg1 := round.temp.dgRound3Message1s[j].Content().(*DGRound3Message1) - sharej := &vss.Share{ - Threshold: round.NewThreshold(), - ID: round.PartyID().KeyInt(), - Share: new(big.Int).SetBytes(r3msg1.Share), - } - if ok := sharej.Verify(round.Params().EC(), round.NewThreshold(), vj); !ok { - // TODO collect culprits and return a list of them as per convention - return round.WrapError(errors.New("share from old committee did not pass Verify()"), round.Parties().IDs()[j]) - } - - // 9. - newXi = new(big.Int).Add(newXi, sharej.Share) - } - - // 10-13. - var err error - Vc := make([]*crypto.ECPoint, round.NewThreshold()+1) - for c := 0; c <= round.NewThreshold(); c++ { - Vc[c] = vjc[0][c] - for j := 1; j <= len(vjc)-1; j++ { - Vc[c], err = Vc[c].Add(vjc[j][c]) - if err != nil { - return round.WrapError(errors2.Wrapf(err, "Vc[c].Add(vjc[j][c])")) - } - } - } - - // 14. - if !Vc[0].Equals(round.save.ECDSAPub) { - return round.WrapError(errors.New("assertion failed: V_0 != y"), round.PartyID()) - } - - // 15-19. - newKs := make([]*big.Int, 0, round.NewPartyCount()) - newBigXjs := make([]*crypto.ECPoint, round.NewPartyCount()) - paiProofCulprits = make([]*tss.PartyID, 0, round.NewPartyCount()) // who caused the error(s) - for j := 0; j < round.NewPartyCount(); j++ { - Pj := round.NewParties().IDs()[j] - kj := Pj.KeyInt() - newBigXj := Vc[0] - newKs = append(newKs, kj) - z := new(big.Int).SetInt64(int64(1)) - for c := 1; c <= round.NewThreshold(); c++ { - z = modQ.Mul(z, kj) - newBigXj, err = newBigXj.Add(Vc[c].ScalarMult(z)) - if err != nil { - paiProofCulprits = append(paiProofCulprits, Pj) - } - } - newBigXjs[j] = newBigXj - } - if len(paiProofCulprits) > 0 { - return round.WrapError(errors2.Wrapf(err, "newBigXj.Add(Vc[c].ScalarMult(z))"), paiProofCulprits...) - } - - contextI := common.AppendUint64ToBytesSlice(round.temp.ssid, uint64(i)) - for j, Pj := range round.NewParties().IDs() { - - if common.Eq(Pi.KeyInt(), Pj.KeyInt()) { - round.temp.dgRound4Message1s[j] = NewDGRound4Message1(Pj, Pi, nil, nil) - } - - // Add factor proofs - H1j, H2j, NTildej := round.save.H1j[j], round.save.H2j[j], round.save.NTildej[j] - facProof := round.save.LocalPreParams.PaillierSK.FactorProof(NTildej, H1j, H2j, contextI) - facProofTilde := round.temp.skTilde.FactorProof(NTildej, H1j, H2j, contextI) - - r4msg1 := NewDGRound4Message1(Pj, Pi, facProof, facProofTilde) - round.out <- r4msg1 - } - - round.temp.newXi = newXi - round.temp.newKs = newKs - round.temp.newBigXjs = newBigXjs - - // Send an "ACK" message to both committees to signal that we're ready to save our data - r4msg := NewDGRound4Message2(round.OldAndNewParties(), Pi) - round.temp.dgRound4Message2s[i] = r4msg - round.out <- r4msg - - return nil -} - -func (round *round4) CanAccept(msg tss.ParsedMessage) bool { - if _, ok := msg.Content().(*DGRound4Message1); ok { - return !msg.IsBroadcast() - } - if _, ok := msg.Content().(*DGRound4Message2); ok { - return msg.IsBroadcast() - } - return false -} - -func (round *round4) Update() (bool, *tss.Error) { - ret := true - if round.ReSharingParameters.IsNewCommittee() { - // accept messages from new -> everyone - for j, msg1 := range round.temp.dgRound4Message2s { - if round.newOK[j] { - continue - } - if msg1 == nil || !round.CanAccept(msg1) { - ret = false - continue - } - // accept message from new -> new committee - msg2 := round.temp.dgRound4Message1s[j] - if msg2 == nil || !round.CanAccept(msg2) { - ret = false - continue - } - round.newOK[j] = true - } - } else if round.ReSharingParams().IsOldCommittee() { - // accept messages from new -> old committee - for j, msg := range round.temp.dgRound4Message2s { - if round.newOK[j] { - continue - } - if msg == nil || !round.CanAccept(msg) { - ret = false - continue - } - round.newOK[j] = true - } - } else { - return false, round.WrapError(errors.New("this party is not in the old or the new committee"), round.PartyID()) - } - return ret, nil -} - -func (round *round4) NextRound() tss.Round { - round.started = false - return &round5{round} -} diff --git a/ecdsa/resharing/round_5_new_step_3.go b/ecdsa/resharing/round_5_new_step_3.go deleted file mode 100644 index 394691de1..000000000 --- a/ecdsa/resharing/round_5_new_step_3.go +++ /dev/null @@ -1,149 +0,0 @@ -// Copyright © 2019 Binance -// -// This file is part of Binance. The full Binance copyright notice, including -// terms governing use, modification, and redistribution, is contained in the -// file LICENSE at the root of the source code distribution tree. - -package resharing - -import ( - "errors" - - "github.com/hashicorp/go-multierror" - - "github.com/bnb-chain/tss-lib/common" - "github.com/bnb-chain/tss-lib/tss" -) - -func (round *round5) Start() *tss.Error { - if round.started { - return round.WrapError(errors.New("round already started")) - } - round.number = 5 - round.started = true - round.resetOK() // resets both round.oldOK and round.newOK - - round.allOldOK() - - if !round.IsNewCommittee() { - // both committees proceed to round 6 after receiving "ACK" messages from the new committee - return nil - } - - Pi := round.PartyID() - i := Pi.Index - - Ps := round.NewParties().IDs() - - type proofOut struct { - unWrappedErr error - } - chs := make([]chan proofOut, len(Ps)) - for j, Pj := range Ps { - if common.Eq(Pi.KeyInt(), Pj.KeyInt()) { - continue - } - chs[j] = make(chan proofOut) - } - for j, Pj := range Ps { - if common.Eq(Pi.KeyInt(), Pj.KeyInt()) { - continue - } - contextJ := common.AppendUint64ToBytesSlice(round.temp.ssid, uint64(j)) - go func(j int, ch chan<- proofOut) { - r4msg1 := round.temp.dgRound4Message1s[j].Content().(*DGRound4Message1) - - FacProof := r4msg1.UnmarshalFactorProof() - - r2msg1 := round.temp.dgRound2Message1s[j].Content().(*DGRound2Message1) - pk := r2msg1.UnmarshalPaillierPK() - pkN := pk.N - NTilde := round.save.LocalPreParams.NTildei - H1i, H2i := round.save.LocalPreParams.H1i, round.save.LocalPreParams.H2i - ok, err := FacProof.FactorVerify(pkN, NTilde, H1i, H2i, contextJ) - if err != nil { - ch <- proofOut{err} - return - } - if !ok { - ch <- proofOut{errors.New("factor proof verify failed")} - return - } - FacProofTilde := r4msg1.UnmarshalFactorProofTilde() - NTildej := round.save.NTildej[j] - ok, err = FacProofTilde.FactorVerify(NTildej, NTilde, H1i, H2i, contextJ) - if err != nil { - ch <- proofOut{err} - return - } - if !ok { - ch <- proofOut{errors.New("factor proof verify failed")} - return - } - // (9) handled above - ch <- proofOut{nil} - }(j, chs[j]) - } - - proofResults := make([]proofOut, len(Ps)) - { - culprits := make([]*tss.PartyID, 0, len(Ps)) - for j, Pj := range Ps { - if common.Eq(Pi.KeyInt(), Pj.KeyInt()) { - continue - } - proofResults[j] = <-chs[j] - if err := proofResults[j].unWrappedErr; err != nil { - culprits = append(culprits, Pj) - } - } - var multiErr error - if len(culprits) > 0 { - for _, proofResult := range proofResults { - if proofResult.unWrappedErr == nil { - continue - } - multiErr = multierror.Append(multiErr, proofResult.unWrappedErr) - } - return round.WrapError(multiErr, culprits...) - } - } - - r5msg := NewDGRound5Message(round.OldAndNewParties(), Pi) - round.temp.dgRound5Messages[i] = r5msg - round.out <- r5msg - return nil -} - -func (round *round5) CanAccept(msg tss.ParsedMessage) bool { - // accept messages from new -> both committees - if _, ok := msg.Content().(*DGRound5Message); ok { - return msg.IsBroadcast() - } - return false -} - -func (round *round5) Update() (bool, *tss.Error) { - ret := true - if round.ReSharingParameters.IsNewCommittee() || round.ReSharingParams().IsOldCommittee() { - // accept messages from new -> everyone - for j, msg := range round.temp.dgRound5Messages { - if round.newOK[j] { - continue - } - if msg == nil || !round.CanAccept(msg) { - ret = false - continue - } - round.newOK[j] = true - } - } else { - return false, round.WrapError(errors.New("this party is not in the old or the new committee"), round.PartyID()) - } - return ret, nil -} - -func (round *round5) NextRound() tss.Round { - round.started = false - return &round6{round} -} diff --git a/ecdsa/resharing/round_6_new_step_4.go b/ecdsa/resharing/round_6_new_step_4.go deleted file mode 100644 index 279d2c59f..000000000 --- a/ecdsa/resharing/round_6_new_step_4.go +++ /dev/null @@ -1,56 +0,0 @@ -package resharing - -import ( - "errors" - - "github.com/bnb-chain/tss-lib/tss" -) - -func (round *round6) Start() *tss.Error { - if round.started { - return round.WrapError(errors.New("round already started")) - } - round.number = 6 - round.started = true - - round.allOldOK() - round.allNewOK() - - Pi := round.PartyID() - i := Pi.Index - - if round.IsNewCommittee() { - // 21. - // for this P: SAVE data - round.save.BigXj = round.temp.newBigXjs - round.save.ShareID = round.PartyID().KeyInt() - round.save.Xi = round.temp.newXi - round.save.Ks = round.temp.newKs - - // misc: build list of paillier public keys to save - for j, msg := range round.temp.dgRound2Message1s { - if j == i { - continue - } - r2msg1 := msg.Content().(*DGRound2Message1) - round.save.PaillierPKs[j] = r2msg1.UnmarshalPaillierPK() - } - } else if round.IsOldCommittee() { - round.input.Xi.SetInt64(0) - } - - round.end <- *round.save - return nil -} - -func (round *round6) CanAccept(msg tss.ParsedMessage) bool { - return false -} - -func (round *round6) Update() (bool, *tss.Error) { - return false, nil -} - -func (round *round6) NextRound() tss.Round { - return nil // both committees are finished! -} diff --git a/ecdsa/resharing/rounds.go b/ecdsa/resharing/rounds.go deleted file mode 100644 index 3a820943a..000000000 --- a/ecdsa/resharing/rounds.go +++ /dev/null @@ -1,156 +0,0 @@ -// Copyright © 2019 Binance -// -// This file is part of Binance. The full Binance copyright notice, including -// terms governing use, modification, and redistribution, is contained in the -// file LICENSE at the root of the source code distribution tree. - -package resharing - -import ( - "math/big" - - "github.com/bnb-chain/tss-lib/common" - "github.com/bnb-chain/tss-lib/ecdsa/keygen" - "github.com/bnb-chain/tss-lib/tss" -) - -const ( - TaskName = "ecdsa-resharing" -) - -type ( - base struct { - *tss.ReSharingParameters - temp *localTempData - input, save *keygen.LocalPartySaveData - out chan<- tss.Message - end chan<- keygen.LocalPartySaveData - oldOK, // old committee "ok" tracker - newOK []bool // `ok` tracks parties which have been verified by Update(); this one is for the new committee - started bool - number int - } - round1 struct { - *base - } - round2 struct { - *round1 - } - round3 struct { - *round2 - } - round4 struct { - *round3 - } - round5 struct { - *round4 - } - round6 struct { - *round5 - } -) - -var ( - _ tss.Round = (*round1)(nil) - _ tss.Round = (*round2)(nil) - _ tss.Round = (*round3)(nil) - _ tss.Round = (*round4)(nil) - _ tss.Round = (*round5)(nil) - _ tss.Round = (*round6)(nil) -) - -// ----- // - -func (round *base) Params() *tss.Parameters { - return round.ReSharingParameters.Parameters -} - -func (round *base) ReSharingParams() *tss.ReSharingParameters { - return round.ReSharingParameters -} - -func (round *base) RoundNumber() int { - return round.number -} - -// CanProceed is inherited by other rounds -func (round *base) CanProceed() bool { - if !round.started { - return false - } - for _, ok := range append(round.oldOK, round.newOK...) { - if !ok { - return false - } - } - return true -} - -// WaitingFor is called by a Party for reporting back to the caller -func (round *base) WaitingFor() []*tss.PartyID { - oldPs := round.OldParties().IDs() - newPs := round.NewParties().IDs() - idsMap := make(map[*tss.PartyID]bool) - ids := make([]*tss.PartyID, 0, len(round.oldOK)) - for j, ok := range round.oldOK { - if ok { - continue - } - idsMap[oldPs[j]] = true - } - for j, ok := range round.newOK { - if ok { - continue - } - idsMap[newPs[j]] = true - } - // consolidate into the list - for id := range idsMap { - ids = append(ids, id) - } - return ids -} - -func (round *base) WrapError(err error, culprits ...*tss.PartyID) *tss.Error { - return tss.NewError(err, TaskName, round.number, round.PartyID(), culprits...) -} - -// ----- // - -// `oldOK` tracks parties which have been verified by Update() -func (round *base) resetOK() { - for j := range round.oldOK { - round.oldOK[j] = false - } - for j := range round.newOK { - round.newOK[j] = false - } -} - -// sets all pairings in `oldOK` to true -func (round *base) allOldOK() { - for j := range round.oldOK { - round.oldOK[j] = true - } -} - -// sets all pairings in `newOK` to true -func (round *base) allNewOK() { - for j := range round.newOK { - round.newOK[j] = true - } -} - -func (round *base) getSSID() []byte { - ssidList := []*big.Int{ - round.EC().Params().P, - round.EC().Params().N, - round.EC().Params().Gx, - round.EC().Params().Gy, - } - ssidList = append(ssidList, round.OldParties().IDs().Keys()...) - ssidList = append(ssidList, round.NewParties().IDs().Keys()...) - ssidList = append(ssidList, big.NewInt(int64(round.number))) - ssidList = append(ssidList, round.temp.ssidNonce) - return common.SHA512_256i(ssidList...).FillBytes(make([]byte, 32)) -} diff --git a/eddsa/keygen/eddsa-keygen.pb.go b/eddsa/keygen/eddsa-keygen.pb.go deleted file mode 100644 index f2ef9f7d4..000000000 --- a/eddsa/keygen/eddsa-keygen.pb.go +++ /dev/null @@ -1,310 +0,0 @@ -// Copyright © 2019 Binance -// -// This file is part of Binance. The full Binance copyright notice, including -// terms governing use, modification, and redistribution, is contained in the -// file LICENSE at the root of the source code distribution tree. - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.30.0 -// protoc v3.21.12 -// source: protob/eddsa-keygen.proto - -package keygen - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -// Represents a BROADCAST message sent during Round 1 of the EDDSA TSS keygen protocol. -type KGRound1Message struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Commitment []byte `protobuf:"bytes,1,opt,name=commitment,proto3" json:"commitment,omitempty"` -} - -func (x *KGRound1Message) Reset() { - *x = KGRound1Message{} - if protoimpl.UnsafeEnabled { - mi := &file_protob_eddsa_keygen_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *KGRound1Message) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*KGRound1Message) ProtoMessage() {} - -func (x *KGRound1Message) ProtoReflect() protoreflect.Message { - mi := &file_protob_eddsa_keygen_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use KGRound1Message.ProtoReflect.Descriptor instead. -func (*KGRound1Message) Descriptor() ([]byte, []int) { - return file_protob_eddsa_keygen_proto_rawDescGZIP(), []int{0} -} - -func (x *KGRound1Message) GetCommitment() []byte { - if x != nil { - return x.Commitment - } - return nil -} - -// Represents a P2P message sent to each party during Round 2 of the EDDSA TSS keygen protocol. -type KGRound2Message1 struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Share []byte `protobuf:"bytes,1,opt,name=share,proto3" json:"share,omitempty"` -} - -func (x *KGRound2Message1) Reset() { - *x = KGRound2Message1{} - if protoimpl.UnsafeEnabled { - mi := &file_protob_eddsa_keygen_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *KGRound2Message1) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*KGRound2Message1) ProtoMessage() {} - -func (x *KGRound2Message1) ProtoReflect() protoreflect.Message { - mi := &file_protob_eddsa_keygen_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use KGRound2Message1.ProtoReflect.Descriptor instead. -func (*KGRound2Message1) Descriptor() ([]byte, []int) { - return file_protob_eddsa_keygen_proto_rawDescGZIP(), []int{1} -} - -func (x *KGRound2Message1) GetShare() []byte { - if x != nil { - return x.Share - } - return nil -} - -// Represents a BROADCAST message sent to each party during Round 2 of the EDDSA TSS keygen protocol. -type KGRound2Message2 struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - DeCommitment [][]byte `protobuf:"bytes,1,rep,name=de_commitment,json=deCommitment,proto3" json:"de_commitment,omitempty"` - ProofAlphaX []byte `protobuf:"bytes,2,opt,name=proof_alpha_x,json=proofAlphaX,proto3" json:"proof_alpha_x,omitempty"` - ProofAlphaY []byte `protobuf:"bytes,3,opt,name=proof_alpha_y,json=proofAlphaY,proto3" json:"proof_alpha_y,omitempty"` - ProofT []byte `protobuf:"bytes,4,opt,name=proof_t,json=proofT,proto3" json:"proof_t,omitempty"` -} - -func (x *KGRound2Message2) Reset() { - *x = KGRound2Message2{} - if protoimpl.UnsafeEnabled { - mi := &file_protob_eddsa_keygen_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *KGRound2Message2) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*KGRound2Message2) ProtoMessage() {} - -func (x *KGRound2Message2) ProtoReflect() protoreflect.Message { - mi := &file_protob_eddsa_keygen_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use KGRound2Message2.ProtoReflect.Descriptor instead. -func (*KGRound2Message2) Descriptor() ([]byte, []int) { - return file_protob_eddsa_keygen_proto_rawDescGZIP(), []int{2} -} - -func (x *KGRound2Message2) GetDeCommitment() [][]byte { - if x != nil { - return x.DeCommitment - } - return nil -} - -func (x *KGRound2Message2) GetProofAlphaX() []byte { - if x != nil { - return x.ProofAlphaX - } - return nil -} - -func (x *KGRound2Message2) GetProofAlphaY() []byte { - if x != nil { - return x.ProofAlphaY - } - return nil -} - -func (x *KGRound2Message2) GetProofT() []byte { - if x != nil { - return x.ProofT - } - return nil -} - -var File_protob_eddsa_keygen_proto protoreflect.FileDescriptor - -var file_protob_eddsa_keygen_proto_rawDesc = []byte{ - 0x0a, 0x19, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x2f, 0x65, 0x64, 0x64, 0x73, 0x61, 0x2d, 0x6b, - 0x65, 0x79, 0x67, 0x65, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x1b, 0x62, 0x69, 0x6e, - 0x61, 0x6e, 0x63, 0x65, 0x2e, 0x74, 0x73, 0x73, 0x6c, 0x69, 0x62, 0x2e, 0x65, 0x64, 0x64, 0x73, - 0x61, 0x2e, 0x6b, 0x65, 0x79, 0x67, 0x65, 0x6e, 0x22, 0x31, 0x0a, 0x0f, 0x4b, 0x47, 0x52, 0x6f, - 0x75, 0x6e, 0x64, 0x31, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x12, 0x1e, 0x0a, 0x0a, 0x63, - 0x6f, 0x6d, 0x6d, 0x69, 0x74, 0x6d, 0x65, 0x6e, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, - 0x0a, 0x63, 0x6f, 0x6d, 0x6d, 0x69, 0x74, 0x6d, 0x65, 0x6e, 0x74, 0x22, 0x28, 0x0a, 0x10, 0x4b, - 0x47, 0x52, 0x6f, 0x75, 0x6e, 0x64, 0x32, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x31, 0x12, - 0x14, 0x0a, 0x05, 0x73, 0x68, 0x61, 0x72, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x05, - 0x73, 0x68, 0x61, 0x72, 0x65, 0x22, 0x98, 0x01, 0x0a, 0x10, 0x4b, 0x47, 0x52, 0x6f, 0x75, 0x6e, - 0x64, 0x32, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x32, 0x12, 0x23, 0x0a, 0x0d, 0x64, 0x65, - 0x5f, 0x63, 0x6f, 0x6d, 0x6d, 0x69, 0x74, 0x6d, 0x65, 0x6e, 0x74, 0x18, 0x01, 0x20, 0x03, 0x28, - 0x0c, 0x52, 0x0c, 0x64, 0x65, 0x43, 0x6f, 0x6d, 0x6d, 0x69, 0x74, 0x6d, 0x65, 0x6e, 0x74, 0x12, - 0x22, 0x0a, 0x0d, 0x70, 0x72, 0x6f, 0x6f, 0x66, 0x5f, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x5f, 0x78, - 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0b, 0x70, 0x72, 0x6f, 0x6f, 0x66, 0x41, 0x6c, 0x70, - 0x68, 0x61, 0x58, 0x12, 0x22, 0x0a, 0x0d, 0x70, 0x72, 0x6f, 0x6f, 0x66, 0x5f, 0x61, 0x6c, 0x70, - 0x68, 0x61, 0x5f, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0b, 0x70, 0x72, 0x6f, 0x6f, - 0x66, 0x41, 0x6c, 0x70, 0x68, 0x61, 0x59, 0x12, 0x17, 0x0a, 0x07, 0x70, 0x72, 0x6f, 0x6f, 0x66, - 0x5f, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x06, 0x70, 0x72, 0x6f, 0x6f, 0x66, 0x54, - 0x42, 0x0e, 0x5a, 0x0c, 0x65, 0x64, 0x64, 0x73, 0x61, 0x2f, 0x6b, 0x65, 0x79, 0x67, 0x65, 0x6e, - 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, -} - -var ( - file_protob_eddsa_keygen_proto_rawDescOnce sync.Once - file_protob_eddsa_keygen_proto_rawDescData = file_protob_eddsa_keygen_proto_rawDesc -) - -func file_protob_eddsa_keygen_proto_rawDescGZIP() []byte { - file_protob_eddsa_keygen_proto_rawDescOnce.Do(func() { - file_protob_eddsa_keygen_proto_rawDescData = protoimpl.X.CompressGZIP(file_protob_eddsa_keygen_proto_rawDescData) - }) - return file_protob_eddsa_keygen_proto_rawDescData -} - -var file_protob_eddsa_keygen_proto_msgTypes = make([]protoimpl.MessageInfo, 3) -var file_protob_eddsa_keygen_proto_goTypes = []interface{}{ - (*KGRound1Message)(nil), // 0: binance.tsslib.eddsa.keygen.KGRound1Message - (*KGRound2Message1)(nil), // 1: binance.tsslib.eddsa.keygen.KGRound2Message1 - (*KGRound2Message2)(nil), // 2: binance.tsslib.eddsa.keygen.KGRound2Message2 -} -var file_protob_eddsa_keygen_proto_depIdxs = []int32{ - 0, // [0:0] is the sub-list for method output_type - 0, // [0:0] is the sub-list for method input_type - 0, // [0:0] is the sub-list for extension type_name - 0, // [0:0] is the sub-list for extension extendee - 0, // [0:0] is the sub-list for field type_name -} - -func init() { file_protob_eddsa_keygen_proto_init() } -func file_protob_eddsa_keygen_proto_init() { - if File_protob_eddsa_keygen_proto != nil { - return - } - if !protoimpl.UnsafeEnabled { - file_protob_eddsa_keygen_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*KGRound1Message); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_protob_eddsa_keygen_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*KGRound2Message1); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_protob_eddsa_keygen_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*KGRound2Message2); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_protob_eddsa_keygen_proto_rawDesc, - NumEnums: 0, - NumMessages: 3, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_protob_eddsa_keygen_proto_goTypes, - DependencyIndexes: file_protob_eddsa_keygen_proto_depIdxs, - MessageInfos: file_protob_eddsa_keygen_proto_msgTypes, - }.Build() - File_protob_eddsa_keygen_proto = out.File - file_protob_eddsa_keygen_proto_rawDesc = nil - file_protob_eddsa_keygen_proto_goTypes = nil - file_protob_eddsa_keygen_proto_depIdxs = nil -} diff --git a/eddsa/keygen/local_party.go b/eddsa/keygen/local_party.go deleted file mode 100644 index 7e3c59389..000000000 --- a/eddsa/keygen/local_party.go +++ /dev/null @@ -1,163 +0,0 @@ -// Copyright © 2019 Binance -// -// This file is part of Binance. The full Binance copyright notice, including -// terms governing use, modification, and redistribution, is contained in the -// file LICENSE at the root of the source code distribution tree. - -package keygen - -import ( - "errors" - "fmt" - "math/big" - - "github.com/bnb-chain/tss-lib/common" - cmt "github.com/bnb-chain/tss-lib/crypto/commitments" - "github.com/bnb-chain/tss-lib/crypto/vss" - "github.com/bnb-chain/tss-lib/tss" -) - -// Implements Party -// Implements Stringer -var _ tss.Party = (*LocalParty)(nil) -var _ fmt.Stringer = (*LocalParty)(nil) - -type ( - LocalParty struct { - *tss.BaseParty - params *tss.Parameters - - temp localTempData - data LocalPartySaveData - - // outbound messaging - out chan<- tss.Message - end chan<- LocalPartySaveData - } - - localMessageStore struct { - kgRound1Messages, - kgRound2Message1s, - kgRound2Message2s, - kgRound3Messages []tss.ParsedMessage - } - - localTempData struct { - localMessageStore - - // temp data (thrown away after keygen) - ui *big.Int // used for tests - KGCs []cmt.HashCommitment - vs vss.Vs - shares vss.Shares - deCommitPolyG cmt.HashDeCommitment - ssid []byte - ssidNonce *big.Int - } -) - -// Exported, used in `tss` client -func NewLocalParty( - params *tss.Parameters, - out chan<- tss.Message, - end chan<- LocalPartySaveData, -) tss.Party { - partyCount := params.PartyCount() - data := NewLocalPartySaveData(partyCount) - p := &LocalParty{ - BaseParty: new(tss.BaseParty), - params: params, - temp: localTempData{}, - data: data, - out: out, - end: end, - } - // msgs init - p.temp.kgRound1Messages = make([]tss.ParsedMessage, partyCount) - p.temp.kgRound2Message1s = make([]tss.ParsedMessage, partyCount) - p.temp.kgRound2Message2s = make([]tss.ParsedMessage, partyCount) - p.temp.kgRound3Messages = make([]tss.ParsedMessage, partyCount) - // temp data init - p.temp.KGCs = make([]cmt.HashCommitment, partyCount) - return p -} - -func (p *LocalParty) FirstRound() tss.Round { - return newRound1(p.params, &p.data, &p.temp, p.out, p.end) -} - -func (p *LocalParty) Start() *tss.Error { - return tss.BaseStart(p, TaskName) -} - -func (p *LocalParty) Update(msg tss.ParsedMessage) (ok bool, err *tss.Error) { - return tss.BaseUpdate(p, msg, TaskName) -} - -func (p *LocalParty) UpdateFromBytes(wireBytes []byte, from *tss.PartyID, isBroadcast bool) (bool, *tss.Error) { - msg, err := tss.ParseWireMessage(wireBytes, from, isBroadcast) - if err != nil { - return false, p.WrapError(err) - } - return p.Update(msg) -} - -func (p *LocalParty) ValidateMessage(msg tss.ParsedMessage) (bool, *tss.Error) { - if ok, err := p.BaseParty.ValidateMessage(msg); !ok || err != nil { - return ok, err - } - // check that the message's "from index" will fit into the array - if maxFromIdx := p.params.PartyCount() - 1; maxFromIdx < msg.GetFrom().Index { - return false, p.WrapError(fmt.Errorf("received msg with a sender index too great (%d <= %d)", - p.params.PartyCount(), msg.GetFrom().Index), msg.GetFrom()) - } - return true, nil -} - -func (p *LocalParty) StoreMessage(msg tss.ParsedMessage) (bool, *tss.Error) { - // ValidateBasic is cheap; double-check the message here in case the public StoreMessage was called externally - if ok, err := p.ValidateMessage(msg); !ok || err != nil { - return ok, err - } - fromPIdx := msg.GetFrom().Index - - // switch/case is necessary to store any messages beyond current round - // this does not handle message replays. we expect the caller to apply replay and spoofing protection. - switch msg.Content().(type) { - case *KGRound1Message: - p.temp.kgRound1Messages[fromPIdx] = msg - case *KGRound2Message1: - p.temp.kgRound2Message1s[fromPIdx] = msg - case *KGRound2Message2: - p.temp.kgRound2Message2s[fromPIdx] = msg - default: // unrecognised message, just ignore! - common.Logger.Warningf("unrecognised message ignored: %v", msg) - return false, nil - } - return true, nil -} - -// recovers a party's original index in the set of parties during keygen -func (save LocalPartySaveData) OriginalIndex() (int, error) { - index := -1 - ki := save.ShareID - for j, kj := range save.Ks { - if kj.Cmp(ki) != 0 { - continue - } - index = j - break - } - if index < 0 { - return -1, errors.New("a party index could not be recovered from Ks") - } - return index, nil -} - -func (p *LocalParty) PartyID() *tss.PartyID { - return p.params.PartyID() -} - -func (p *LocalParty) String() string { - return fmt.Sprintf("id: %s, %s", p.PartyID(), p.BaseParty.String()) -} diff --git a/eddsa/keygen/local_party_test.go b/eddsa/keygen/local_party_test.go deleted file mode 100644 index d499ec7eb..000000000 --- a/eddsa/keygen/local_party_test.go +++ /dev/null @@ -1,263 +0,0 @@ -// Copyright © 2019 Binance -// -// This file is part of Binance. The full Binance copyright notice, including -// terms governing use, modification, and redistribution, is contained in the -// file LICENSE at the root of the source code distribution tree. - -package keygen - -import ( - "encoding/json" - "fmt" - "math/big" - "os" - "runtime" - "strings" - "sync/atomic" - "testing" - - "github.com/decred/dcrd/dcrec/edwards/v2" - "github.com/ipfs/go-log" - "github.com/stretchr/testify/assert" - - "github.com/bnb-chain/tss-lib/common" - "github.com/bnb-chain/tss-lib/crypto" - "github.com/bnb-chain/tss-lib/crypto/vss" - "github.com/bnb-chain/tss-lib/test" - "github.com/bnb-chain/tss-lib/tss" -) - -const ( - testParticipants = TestParticipants - testThreshold = TestThreshold -) - -func setUp(level string) { - if err := log.SetLogLevel("tss-lib", level); err != nil { - panic(err) - } -} - -// TestKeygen_Start_RequiresSessionNonce pins that keygen fails closed when -// no SessionNonce is set. Previously, round 1 fell back to a zero nonce, -// neutralising the SSID binding for any caller that forgot -// SetSessionNonce. -func TestKeygen_Start_RequiresSessionNonce(t *testing.T) { - tss.SetCurve(tss.Edwards()) - pIDs := tss.GenerateTestPartyIDs(1) - p2pCtx := tss.NewPeerContext(pIDs) - params := tss.NewParameters(tss.Edwards(), p2pCtx, pIDs[0], len(pIDs), 0) - // Deliberately do NOT call params.SetSessionNonce — Start must fail closed. - - out := make(chan tss.Message, 1) - end := make(chan LocalPartySaveData, 1) - lp := NewLocalParty(params, out, end).(*LocalParty) - - tssErr := lp.Start() - if tssErr == nil { - t.Fatal("Start must return an error without SessionNonce") - } - if !strings.Contains(tssErr.Error(), "SetSessionNonce") { - t.Fatalf("error must reference SetSessionNonce, got: %v", tssErr) - } -} - -func TestE2EConcurrentAndSaveFixtures(t *testing.T) { - setUp("info") - - threshold := testThreshold - fixtures, pIDs, err := LoadKeygenTestFixtures(testParticipants) - if err != nil { - common.Logger.Info("No test fixtures were found, so the safe primes will be generated from scratch. This may take a while...") - pIDs = tss.GenerateTestPartyIDs(testParticipants) - } - - p2pCtx := tss.NewPeerContext(pIDs) - parties := make([]*LocalParty, 0, len(pIDs)) - - errCh := make(chan *tss.Error, len(pIDs)) - outCh := make(chan tss.Message, len(pIDs)) - endCh := make(chan LocalPartySaveData, len(pIDs)) - - updater := test.SharedPartyUpdater - - startGR := runtime.NumGoroutine() - - // init the parties - ceremonyNonce := big.NewInt(1) - for i := 0; i < len(pIDs); i++ { - var P *LocalParty - params := tss.NewParameters(tss.Edwards(), p2pCtx, pIDs[i], len(pIDs), threshold) - params.SetSessionNonce(ceremonyNonce) - if i < len(fixtures) { - P = NewLocalParty(params, outCh, endCh).(*LocalParty) - } else { - P = NewLocalParty(params, outCh, endCh).(*LocalParty) - } - parties = append(parties, P) - go func(P *LocalParty) { - if err := P.Start(); err != nil { - errCh <- err - } - }(P) - } - - // PHASE: keygen - var ended int32 -keygen: - for { - fmt.Printf("ACTIVE GOROUTINES: %d\n", runtime.NumGoroutine()) - select { - case err := <-errCh: - common.Logger.Errorf("Error: %s", err) - assert.FailNow(t, err.Error()) - break keygen - - case msg := <-outCh: - dest := msg.GetTo() - if dest == nil { // broadcast! - for _, P := range parties { - if P.PartyID().Index == msg.GetFrom().Index { - continue - } - go updater(P, msg, errCh) - } - } else { // point-to-point! - if dest[0].Index == msg.GetFrom().Index { - t.Fatalf("party %d tried to send a message to itself (%d)", dest[0].Index, msg.GetFrom().Index) - return - } - go updater(parties[dest[0].Index], msg, errCh) - } - - case save := <-endCh: - // SAVE a test fixture file for this P (if it doesn't already exist) - // .. here comes a workaround to recover this party's index (it was removed from save data) - index, err := save.OriginalIndex() - assert.NoErrorf(t, err, "should not be an error getting a party's index from save data") - tryWriteTestFixtureFile(t, index, save) - - atomic.AddInt32(&ended, 1) - if atomic.LoadInt32(&ended) == int32(len(pIDs)) { - t.Logf("Done. Received save data from %d participants", ended) - - // combine shares for each Pj to get u - u := new(big.Int) - for j, Pj := range parties { - pShares := make(vss.Shares, 0) - for j2, P := range parties { - if j2 == j { - continue - } - vssMsgs := P.temp.kgRound2Message1s - share := vssMsgs[j].Content().(*KGRound2Message1).Share - shareStruct := &vss.Share{ - Threshold: threshold, - ID: P.PartyID().KeyInt(), - Share: new(big.Int).SetBytes(share), - } - pShares = append(pShares, shareStruct) - } - uj, err := pShares[:threshold+1].ReConstruct(tss.Edwards()) - assert.NoError(t, err, "vss.ReConstruct should not throw error") - - // uG test: u*G[j] == V[0] - assert.Equal(t, uj, Pj.temp.ui) - uG := crypto.ScalarBaseMult(tss.Edwards(), uj) - assert.True(t, uG.Equals(Pj.temp.vs[0]), "ensure u*G[j] == V_0") - - // xj tests: BigXj == xj*G - xj := Pj.data.Xi - gXj := crypto.ScalarBaseMult(tss.Edwards(), xj) - BigXj := Pj.data.BigXj[j] - assert.True(t, BigXj.Equals(gXj), "ensure BigX_j == g^x_j") - - // fails if threshold cannot be satisfied (bad share) - { - badShares := pShares[:threshold+1] - badShares[len(badShares)-1].Share.Set(big.NewInt(0)) - uj, err := pShares[:threshold+1].ReConstruct(tss.Edwards()) - assert.NoError(t, err) - assert.NotEqual(t, parties[j].temp.ui, uj) - BigXjX, BigXjY := tss.Edwards().ScalarBaseMult(uj.Bytes()) - assert.NotEqual(t, BigXjX, Pj.temp.vs[0].X()) - assert.NotEqual(t, BigXjY, Pj.temp.vs[0].Y()) - } - u = new(big.Int).Add(u, uj) - } - u = new(big.Int).Mod(u, tss.Edwards().Params().N) - scalar := u.FillBytes(make([]byte, 32)) - - // build eddsa key pair - pkX, pkY := save.EDDSAPub.X(), save.EDDSAPub.Y() - pk := edwards.PublicKey{ - Curve: tss.Edwards(), - X: pkX, - Y: pkY, - } - sk, _, err := edwards.PrivKeyFromScalar(scalar) - if !assert.NoError(t, err) { - return - } - - // test pub key, should be on curve and match pkX, pkY - assert.True(t, pk.IsOnCurve(pkX, pkY), "public key must be on curve") - - // public key tests - assert.NotZero(t, u, "u should not be zero") - ourPkX, ourPkY := tss.Edwards().ScalarBaseMult(scalar) - assert.Equal(t, pkX, ourPkX, "pkX should match expected pk derived from u") - assert.Equal(t, pkY, ourPkY, "pkY should match expected pk derived from u") - t.Log("Public key tests done.") - - // make sure everyone has the same EDDSA public key - for _, Pj := range parties { - assert.Equal(t, pkX, Pj.data.EDDSAPub.X()) - assert.Equal(t, pkY, Pj.data.EDDSAPub.Y()) - } - t.Log("Public key distribution test done.") - - // test sign/verify - data := make([]byte, 32) - for i := range data { - data[i] = byte(i) - } - r, s, err := edwards.Sign(sk, data) - assert.NoError(t, err, "sign should not throw an error") - ok := edwards.Verify(&pk, data, r, s) - assert.True(t, ok, "signature should be ok") - t.Log("EDDSA signing test done.") - - t.Logf("Start goroutines: %d, End goroutines: %d", startGR, runtime.NumGoroutine()) - - break keygen - } - } - } -} - -func tryWriteTestFixtureFile(t *testing.T, index int, data LocalPartySaveData) { - fixtureFileName := makeTestFixtureFilePath(index) - - // fixture file does not already exist? - // if it does, we won't re-create it here - fi, err := os.Stat(fixtureFileName) - if !(err == nil && fi != nil && !fi.IsDir()) { - fd, err := os.OpenFile(fixtureFileName, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600) - if err != nil { - assert.NoErrorf(t, err, "unable to open fixture file %s for writing", fixtureFileName) - } - bz, err := json.Marshal(&data) - if err != nil { - t.Fatalf("unable to marshal save data for fixture file %s", fixtureFileName) - } - _, err = fd.Write(bz) - if err != nil { - t.Fatalf("unable to write to fixture file %s", fixtureFileName) - } - t.Logf("Saved a test fixture file for party %d: %s", index, fixtureFileName) - } else { - t.Logf("Fixture file already exists for party %d; not re-creating: %s", index, fixtureFileName) - } - // -} diff --git a/eddsa/keygen/messages.go b/eddsa/keygen/messages.go deleted file mode 100644 index 50b8ac544..000000000 --- a/eddsa/keygen/messages.go +++ /dev/null @@ -1,126 +0,0 @@ -// Copyright © 2019 Binance -// -// This file is part of Binance. The full Binance copyright notice, including -// terms governing use, modification, and redistribution, is contained in the -// file LICENSE at the root of the source code distribution tree. - -package keygen - -import ( - "crypto/elliptic" - "math/big" - - "github.com/bnb-chain/tss-lib/common" - "github.com/bnb-chain/tss-lib/crypto" - cmt "github.com/bnb-chain/tss-lib/crypto/commitments" - "github.com/bnb-chain/tss-lib/crypto/schnorr" - "github.com/bnb-chain/tss-lib/crypto/vss" - "github.com/bnb-chain/tss-lib/tss" -) - -// These messages were generated from Protocol Buffers definitions into eddsa-keygen.pb.go -// The following messages are registered on the Protocol Buffers "wire" - -var ( - // Ensure that keygen messages implement ValidateBasic - _ = []tss.MessageContent{ - (*KGRound1Message)(nil), - (*KGRound2Message1)(nil), - (*KGRound2Message2)(nil), - } -) - -// ----- // - -func NewKGRound1Message(from *tss.PartyID, ct cmt.HashCommitment) tss.ParsedMessage { - meta := tss.MessageRouting{ - From: from, - IsBroadcast: true, - } - content := &KGRound1Message{ - Commitment: ct.Bytes(), - } - msg := tss.NewMessageWrapper(meta, content) - return tss.NewMessage(meta, content, msg) -} - -func (m *KGRound1Message) ValidateBasic() bool { - return m != nil && common.NonEmptyBytes(m.GetCommitment()) -} - -func (m *KGRound1Message) UnmarshalCommitment() *big.Int { - return new(big.Int).SetBytes(m.GetCommitment()) -} - -// ----- // - -func NewKGRound2Message1( - to, from *tss.PartyID, - share *vss.Share, -) tss.ParsedMessage { - meta := tss.MessageRouting{ - From: from, - To: []*tss.PartyID{to}, - IsBroadcast: false, - } - content := &KGRound2Message1{ - Share: share.Share.Bytes(), - } - msg := tss.NewMessageWrapper(meta, content) - return tss.NewMessage(meta, content, msg) -} - -func (m *KGRound2Message1) ValidateBasic() bool { - return m != nil && - common.NonEmptyBytes(m.GetShare()) -} - -func (m *KGRound2Message1) UnmarshalShare() *big.Int { - return new(big.Int).SetBytes(m.Share) -} - -// ----- // - -func NewKGRound2Message2( - from *tss.PartyID, - deCommitment cmt.HashDeCommitment, - proof *schnorr.ZKProof, -) tss.ParsedMessage { - meta := tss.MessageRouting{ - From: from, - IsBroadcast: true, - } - dcBzs := common.BigIntsToBytes(deCommitment) - content := &KGRound2Message2{ - DeCommitment: dcBzs, - ProofAlphaX: proof.Alpha.X().Bytes(), - ProofAlphaY: proof.Alpha.Y().Bytes(), - ProofT: proof.T.Bytes(), - } - msg := tss.NewMessageWrapper(meta, content) - return tss.NewMessage(meta, content, msg) -} - -func (m *KGRound2Message2) ValidateBasic() bool { - return m != nil && - common.NonEmptyMultiBytes(m.GetDeCommitment()) -} - -func (m *KGRound2Message2) UnmarshalDeCommitment() []*big.Int { - deComBzs := m.GetDeCommitment() - return cmt.NewHashDeCommitmentFromBytes(deComBzs) -} - -func (m *KGRound2Message2) UnmarshalZKProof(ec elliptic.Curve) (*schnorr.ZKProof, error) { - point, err := crypto.NewECPoint( - ec, - new(big.Int).SetBytes(m.GetProofAlphaX()), - new(big.Int).SetBytes(m.GetProofAlphaY())) - if err != nil { - return nil, err - } - return &schnorr.ZKProof{ - Alpha: point, - T: new(big.Int).SetBytes(m.GetProofT()), - }, nil -} diff --git a/eddsa/keygen/round_1.go b/eddsa/keygen/round_1.go deleted file mode 100644 index ed8d0af3c..000000000 --- a/eddsa/keygen/round_1.go +++ /dev/null @@ -1,126 +0,0 @@ -// Copyright © 2019 Binance -// -// This file is part of Binance. The full Binance copyright notice, including -// terms governing use, modification, and redistribution, is contained in the -// file LICENSE at the root of the source code distribution tree. - -package keygen - -import ( - "errors" - "math/big" - - "github.com/bnb-chain/tss-lib/common" - "github.com/bnb-chain/tss-lib/crypto" - cmts "github.com/bnb-chain/tss-lib/crypto/commitments" - "github.com/bnb-chain/tss-lib/crypto/vss" - "github.com/bnb-chain/tss-lib/tss" -) - -var ( - zero = big.NewInt(0) -) - -// round 1 represents round 1 of the keygen part of the EDDSA TSS spec -func newRound1(params *tss.Parameters, save *LocalPartySaveData, temp *localTempData, out chan<- tss.Message, end chan<- LocalPartySaveData) tss.Round { - return &round1{ - &base{params, save, temp, out, end, make([]bool, len(params.Parties().IDs())), false, 1}} -} - -func (round *round1) Start() *tss.Error { - if round.started { - return round.WrapError(errors.New("round already started")) - } - round.number = 1 - round.started = true - round.resetOK() - - Pi := round.PartyID() - i := Pi.Index - - // Keygen fails closed if no SessionNonce is set. The previous zero - // fallback neutralised the SSID binding for any caller that forgot - // SetSessionNonce — two keygen ceremonies over otherwise identical - // committees would derive the same SSID, exposing proof transcripts - // to splicing between runs. - nonce := round.Params().SessionNonce() - if nonce == nil || nonce.Sign() <= 0 { - return round.WrapError(errors.New("keygen requires tss.Parameters.SetSessionNonce() before Start"), Pi) - } - round.temp.ssidNonce = new(big.Int).Set(nonce) - ssid, err := round.getSSID() - if err != nil { - return round.WrapError(err) - } - round.temp.ssid = ssid - - // 1. calculate "partial" key share ui - ui := common.GetRandomPositiveInt(round.Params().EC().Params().N) - round.temp.ui = ui - - // 2. compute the vss shares - ids := round.Parties().IDs().Keys() - vs, shares, err := vss.Create(round.Params().EC(), round.Threshold(), ui, ids) - if err != nil { - return round.WrapError(err, Pi) - } - round.save.Ks = ids - - // security: the original u_i may be discarded - ui = zero // clears the secret data from memory - _ = ui // silences a linter warning - - // 3. make commitment -> (C, D) - pGFlat, err := crypto.FlattenECPoints(vs) - if err != nil { - return round.WrapError(err, Pi) - } - cmt := cmts.NewHashCommitment(pGFlat...) - - // for this P: SAVE - // - shareID - // and keep in temporary storage: - // - VSS Vs - // - our set of Shamir shares - round.save.ShareID = ids[i] - round.temp.vs = vs - round.temp.shares = shares - - round.temp.deCommitPolyG = cmt.D - - // BROADCAST commitments - { - msg := NewKGRound1Message(round.PartyID(), cmt.C) - round.temp.kgRound1Messages[i] = msg - round.out <- msg - } - return nil -} - -func (round *round1) CanAccept(msg tss.ParsedMessage) bool { - if _, ok := msg.Content().(*KGRound1Message); ok { - return msg.IsBroadcast() - } - return false -} - -func (round *round1) Update() (bool, *tss.Error) { - ret := true - for j, msg := range round.temp.kgRound1Messages { - if round.ok[j] { - continue - } - if msg == nil || !round.CanAccept(msg) { - ret = false - continue - } - // vss check is in round 2 - round.ok[j] = true - } - return ret, nil -} - -func (round *round1) NextRound() tss.Round { - round.started = false - return &round2{round} -} diff --git a/eddsa/keygen/round_2.go b/eddsa/keygen/round_2.go deleted file mode 100644 index e5abf12d3..000000000 --- a/eddsa/keygen/round_2.go +++ /dev/null @@ -1,97 +0,0 @@ -// Copyright © 2019 Binance -// -// This file is part of Binance. The full Binance copyright notice, including -// terms governing use, modification, and redistribution, is contained in the -// file LICENSE at the root of the source code distribution tree. - -package keygen - -import ( - "errors" - - errors2 "github.com/pkg/errors" - - "github.com/bnb-chain/tss-lib/common" - "github.com/bnb-chain/tss-lib/crypto/schnorr" - "github.com/bnb-chain/tss-lib/tss" -) - -func (round *round2) Start() *tss.Error { - if round.started { - return round.WrapError(errors.New("round already started")) - } - round.number = 2 - round.started = true - round.resetOK() - - i := round.PartyID().Index - - // 4. store r1 message pieces - for j, msg := range round.temp.kgRound1Messages { - r1msg := msg.Content().(*KGRound1Message) - round.temp.KGCs[j] = r1msg.UnmarshalCommitment() - } - - // 3. p2p send share ij to Pj - shares := round.temp.shares - for j, Pj := range round.Parties().IDs() { - r2msg1 := NewKGRound2Message1(Pj, round.PartyID(), shares[j]) - // do not send to this Pj, but store for round 3 - if j == i { - round.temp.kgRound2Message1s[j] = r2msg1 - continue - } - round.temp.kgRound2Message1s[i] = r2msg1 - round.out <- r2msg1 - } - - // 5. compute Schnorr prove - contextI := common.AppendUint64ToBytesSlice(round.temp.ssid, uint64(i)) - pii, err := schnorr.NewZKProofWithSession(contextI, round.temp.ui, round.temp.vs[0]) - if err != nil { - return round.WrapError(errors2.Wrapf(err, "NewZKProof(ui, vi0)")) - } - - // 5. BROADCAST de-commitments of Shamir poly*G and Schnorr prove - r2msg2 := NewKGRound2Message2(round.PartyID(), round.temp.deCommitPolyG, pii) - round.temp.kgRound2Message2s[i] = r2msg2 - round.out <- r2msg2 - - return nil -} - -func (round *round2) CanAccept(msg tss.ParsedMessage) bool { - if _, ok := msg.Content().(*KGRound2Message1); ok { - return !msg.IsBroadcast() - } - if _, ok := msg.Content().(*KGRound2Message2); ok { - return msg.IsBroadcast() - } - return false -} - -func (round *round2) Update() (bool, *tss.Error) { - ret := true - // guard - VERIFY de-commit for all Pj - for j, msg := range round.temp.kgRound2Message1s { - if round.ok[j] { - continue - } - if msg == nil || !round.CanAccept(msg) { - ret = false - continue - } - msg2 := round.temp.kgRound2Message2s[j] - if msg2 == nil || !round.CanAccept(msg2) { - ret = false - continue - } - round.ok[j] = true - } - return ret, nil -} - -func (round *round2) NextRound() tss.Round { - round.started = false - return &round3{round} -} diff --git a/eddsa/keygen/round_3.go b/eddsa/keygen/round_3.go deleted file mode 100644 index 8dfa37ff9..000000000 --- a/eddsa/keygen/round_3.go +++ /dev/null @@ -1,213 +0,0 @@ -// Copyright © 2019 Binance -// -// This file is part of Binance. The full Binance copyright notice, including -// terms governing use, modification, and redistribution, is contained in the -// file LICENSE at the root of the source code distribution tree. - -package keygen - -import ( - "errors" - "math/big" - - "github.com/hashicorp/go-multierror" - errors2 "github.com/pkg/errors" - - "github.com/bnb-chain/tss-lib/common" - "github.com/bnb-chain/tss-lib/crypto" - "github.com/bnb-chain/tss-lib/crypto/commitments" - "github.com/bnb-chain/tss-lib/crypto/vss" - "github.com/bnb-chain/tss-lib/tss" -) - -func (round *round3) Start() *tss.Error { - if round.started { - return round.WrapError(errors.New("round already started")) - } - round.number = 3 - round.started = true - round.resetOK() - - Ps := round.Parties().IDs() - PIdx := round.PartyID().Index - - // 1,10. calculate xi - xi := new(big.Int).Set(round.temp.shares[PIdx].Share) - for j := range Ps { - if j == PIdx { - continue - } - r2msg1 := round.temp.kgRound2Message1s[j].Content().(*KGRound2Message1) - share := r2msg1.UnmarshalShare() - xi = new(big.Int).Add(xi, share) - } - round.save.Xi = new(big.Int).Mod(xi, round.Params().EC().Params().N) - - // 2-3. - Vc := make(vss.Vs, round.Threshold()+1) - for c := range Vc { - Vc[c] = round.temp.vs[c] // ours - } - - // 4-12. - type vssOut struct { - unWrappedErr error - pjVs vss.Vs - } - chs := make([]chan vssOut, len(Ps)) - for i := range chs { - if i == PIdx { - continue - } - chs[i] = make(chan vssOut) - } - for j := range Ps { - if j == PIdx { - continue - } - contextJ := common.AppendUint64ToBytesSlice(round.temp.ssid, uint64(j)) - // 6-9. - go func(j int, ch chan<- vssOut) { - // 4-10. - KGCj := round.temp.KGCs[j] - r2msg2 := round.temp.kgRound2Message2s[j].Content().(*KGRound2Message2) - KGDj := r2msg2.UnmarshalDeCommitment() - cmtDeCmt := commitments.HashCommitDecommit{C: KGCj, D: KGDj} - ok, flatPolyGs := cmtDeCmt.DeCommit() - if !ok || flatPolyGs == nil { - ch <- vssOut{errors.New("de-commitment verify failed"), nil} - return - } - - PjVs, err := crypto.UnFlattenECPoints(round.Params().EC(), flatPolyGs) - if err != nil { - ch <- vssOut{err, nil} - return - } - for i, PjV := range PjVs { - PjVs[i] = PjV.EightInvEight() - } - proof, err := r2msg2.UnmarshalZKProof(round.Params().EC()) - if err != nil { - ch <- vssOut{errors.New("failed to unmarshal schnorr proof"), nil} - return - } - ok = proof.VerifyWithSession(contextJ, PjVs[0]) - if !ok { - ch <- vssOut{errors.New("failed to prove schnorr proof"), nil} - return - } - r2msg1 := round.temp.kgRound2Message1s[j].Content().(*KGRound2Message1) - PjShare := vss.Share{ - Threshold: round.Threshold(), - ID: round.PartyID().KeyInt(), - Share: r2msg1.UnmarshalShare(), - } - if ok = PjShare.Verify(round.Params().EC(), round.Threshold(), PjVs); !ok { - ch <- vssOut{errors.New("vss verify failed"), nil} - return - } - // (9) handled above - ch <- vssOut{nil, PjVs} - }(j, chs[j]) - } - - // consume unbuffered channels (end the goroutines) - vssResults := make([]vssOut, len(Ps)) - { - culprits := make([]*tss.PartyID, 0, len(Ps)) // who caused the error(s) - for j, Pj := range Ps { - if j == PIdx { - continue - } - vssResults[j] = <-chs[j] - // collect culprits to error out with - if err := vssResults[j].unWrappedErr; err != nil { - culprits = append(culprits, Pj) - } - } - var multiErr error - if len(culprits) > 0 { - for _, vssResult := range vssResults { - if vssResult.unWrappedErr == nil { - continue - } - multiErr = multierror.Append(multiErr, vssResult.unWrappedErr) - } - return round.WrapError(multiErr, culprits...) - } - } - { - var err error - culprits := make([]*tss.PartyID, 0, len(Ps)) // who caused the error(s) - for j, Pj := range Ps { - if j == PIdx { - continue - } - // 11-12. - PjVs := vssResults[j].pjVs - for c := 0; c <= round.Threshold(); c++ { - Vc[c], err = Vc[c].Add(PjVs[c]) - if err != nil { - culprits = append(culprits, Pj) - } - } - } - if len(culprits) > 0 { - return round.WrapError(errors.New("adding PjVs[c] to Vc[c] resulted in a point not on the curve"), culprits...) - } - } - - // 13-17. compute Xj for each Pj - { - var err error - modQ := common.ModInt(round.Params().EC().Params().N) - culprits := make([]*tss.PartyID, 0, len(Ps)) // who caused the error(s) - bigXj := round.save.BigXj - for j := 0; j < round.PartyCount(); j++ { - Pj := round.Parties().IDs()[j] - kj := Pj.KeyInt() - BigXj := Vc[0] - z := new(big.Int).SetInt64(int64(1)) - for c := 1; c <= round.Threshold(); c++ { - z = modQ.Mul(z, kj) - BigXj, err = BigXj.Add(Vc[c].ScalarMult(z)) - if err != nil { - culprits = append(culprits, Pj) - } - } - bigXj[j] = BigXj - } - if len(culprits) > 0 { - return round.WrapError(errors.New("adding Vc[c].ScalarMult(z) to BigXj resulted in a point not on the curve"), culprits...) - } - round.save.BigXj = bigXj - } - - // 18. compute and SAVE the EDDSA public key `y` - eddsaPubKey, err := crypto.NewECPoint(round.Params().EC(), Vc[0].X(), Vc[0].Y()) - if err != nil { - return round.WrapError(errors2.Wrapf(err, "public key is not on the curve")) - } - round.save.EDDSAPub = eddsaPubKey - - // PRINT public key & private share - common.Logger.Debugf("%s public key: %x", round.PartyID(), eddsaPubKey) - - round.end <- *round.save - return nil -} - -func (round *round3) CanAccept(msg tss.ParsedMessage) bool { - // not expecting any incoming messages in this round - return false -} - -func (round *round3) Update() (bool, *tss.Error) { - // not expecting any incoming messages in this round - return false, nil -} - -func (round *round3) NextRound() tss.Round { - return nil // finished! -} diff --git a/eddsa/keygen/rounds.go b/eddsa/keygen/rounds.go deleted file mode 100644 index 33e87ecc5..000000000 --- a/eddsa/keygen/rounds.go +++ /dev/null @@ -1,95 +0,0 @@ -// Copyright © 2019 Binance -// -// This file is part of Binance. The full Binance copyright notice, including -// terms governing use, modification, and redistribution, is contained in the -// file LICENSE at the root of the source code distribution tree. - -package keygen - -import ( - "math/big" - - "github.com/bnb-chain/tss-lib/common" - "github.com/bnb-chain/tss-lib/tss" -) - -const ( - TaskName = "eddsa-keygen" -) - -type ( - base struct { - *tss.Parameters - save *LocalPartySaveData - temp *localTempData - out chan<- tss.Message - end chan<- LocalPartySaveData - ok []bool // `ok` tracks parties which have been verified by Update() - started bool - number int - } - round1 struct { - *base - } - round2 struct { - *round1 - } - round3 struct { - *round2 - } -) - -func (round *base) Params() *tss.Parameters { - return round.Parameters -} - -func (round *base) RoundNumber() int { - return round.number -} - -// CanProceed is inherited by other rounds -func (round *base) CanProceed() bool { - if !round.started { - return false - } - for _, ok := range round.ok { - if !ok { - return false - } - } - return true -} - -// WaitingFor is called by a Party for reporting back to the caller -func (round *base) WaitingFor() []*tss.PartyID { - Ps := round.Parties().IDs() - ids := make([]*tss.PartyID, 0, len(round.ok)) - for j, ok := range round.ok { - if ok { - continue - } - ids = append(ids, Ps[j]) - } - return ids -} - -func (round *base) WrapError(err error, culprits ...*tss.PartyID) *tss.Error { - return tss.NewError(err, TaskName, round.number, round.PartyID(), culprits...) -} - -// ----- // - -// `ok` tracks parties which have been verified by Update() -func (round *base) resetOK() { - for j := range round.ok { - round.ok[j] = false - } -} - -func (round *base) getSSID() ([]byte, error) { - ssidList := []*big.Int{round.Params().EC().Params().P, round.Params().EC().Params().N, round.Params().EC().Params().Gx, round.Params().EC().Params().Gy} - ssidList = append(ssidList, round.Parties().IDs().Keys()...) - ssidList = append(ssidList, big.NewInt(int64(round.number))) - ssidList = append(ssidList, round.temp.ssidNonce) - return common.SHA512_256i(ssidList...).FillBytes(make([]byte, 32)), nil -} diff --git a/eddsa/keygen/save_data.go b/eddsa/keygen/save_data.go deleted file mode 100644 index ae40c3d24..000000000 --- a/eddsa/keygen/save_data.go +++ /dev/null @@ -1,62 +0,0 @@ -// Copyright © 2019 Binance -// -// This file is part of Binance. The full Binance copyright notice, including -// terms governing use, modification, and redistribution, is contained in the -// file LICENSE at the root of the source code distribution tree. - -package keygen - -import ( - "encoding/hex" - "math/big" - - "github.com/bnb-chain/tss-lib/crypto" - "github.com/bnb-chain/tss-lib/tss" -) - -type ( - LocalSecrets struct { - // secret fields (not shared, but stored locally) - Xi, ShareID *big.Int // xi, kj - } - - // Everything in LocalPartySaveData is saved locally to user's HD when done - LocalPartySaveData struct { - LocalSecrets - - // original indexes (ki in signing preparation phase) - Ks []*big.Int - - // public keys (Xj = uj*G for each Pj) - BigXj []*crypto.ECPoint // Xj - - // used for test assertions (may be discarded) - EDDSAPub *crypto.ECPoint // y - } -) - -func NewLocalPartySaveData(partyCount int) (saveData LocalPartySaveData) { - saveData.Ks = make([]*big.Int, partyCount) - saveData.BigXj = make([]*crypto.ECPoint, partyCount) - return -} - -// BuildLocalSaveDataSubset re-creates the LocalPartySaveData to contain data for only the list of signing parties. -func BuildLocalSaveDataSubset(sourceData LocalPartySaveData, sortedIDs tss.SortedPartyIDs) LocalPartySaveData { - keysToIndices := make(map[string]int, len(sourceData.Ks)) - for j, kj := range sourceData.Ks { - keysToIndices[hex.EncodeToString(kj.Bytes())] = j - } - newData := NewLocalPartySaveData(sortedIDs.Len()) - newData.LocalSecrets = sourceData.LocalSecrets - newData.EDDSAPub = sourceData.EDDSAPub - for j, id := range sortedIDs { - savedIdx, ok := keysToIndices[hex.EncodeToString(id.Key)] - if !ok { - panic("BuildLocalSaveDataSubset: unable to find a signer party in the local save data") - } - newData.Ks[j] = sourceData.Ks[savedIdx] - newData.BigXj[j] = sourceData.BigXj[savedIdx] - } - return newData -} diff --git a/eddsa/keygen/test_utils.go b/eddsa/keygen/test_utils.go deleted file mode 100644 index ba8eac13e..000000000 --- a/eddsa/keygen/test_utils.go +++ /dev/null @@ -1,117 +0,0 @@ -// Copyright © 2019 Binance -// -// This file is part of Binance. The full Binance copyright notice, including -// terms governing use, modification, and redistribution, is contained in the -// file LICENSE at the root of the source code distribution tree. - -package keygen - -import ( - "encoding/json" - "fmt" - "io/ioutil" - "math/rand" - "path/filepath" - "runtime" - "sort" - - "github.com/pkg/errors" - - "github.com/bnb-chain/tss-lib/test" - "github.com/bnb-chain/tss-lib/tss" -) - -const ( - // To change these parameters, you must first delete the text fixture files in test/_fixtures/ and then run the keygen test alone. - // Then the signing and resharing tests will work with the new n, t configuration using the newly written fixture files. - TestParticipants = test.TestParticipants - TestThreshold = test.TestParticipants / 2 -) -const ( - testFixtureDirFormat = "%s/../../test/_eddsa_fixtures" - testFixtureFileFormat = "keygen_data_%d.json" -) - -func LoadKeygenTestFixtures(qty int, optionalStart ...int) ([]LocalPartySaveData, tss.SortedPartyIDs, error) { - keys := make([]LocalPartySaveData, 0, qty) - start := 0 - if 0 < len(optionalStart) { - start = optionalStart[0] - } - for i := start; i < qty; i++ { - fixtureFilePath := makeTestFixtureFilePath(i) - bz, err := ioutil.ReadFile(fixtureFilePath) - if err != nil { - return nil, nil, errors.Wrapf(err, - "could not open the test fixture for party %d in the expected location: %s. run keygen tests first.", - i, fixtureFilePath) - } - var key LocalPartySaveData - if err = json.Unmarshal(bz, &key); err != nil { - return nil, nil, errors.Wrapf(err, - "could not unmarshal fixture data for party %d located at: %s", - i, fixtureFilePath) - } - for _, kbxj := range key.BigXj { - kbxj.SetCurve(tss.Edwards()) - } - key.EDDSAPub.SetCurve(tss.Edwards()) - keys = append(keys, key) - } - partyIDs := make(tss.UnSortedPartyIDs, len(keys)) - for i, key := range keys { - pMoniker := fmt.Sprintf("%d", i+start+1) - partyIDs[i] = tss.NewPartyID(pMoniker, pMoniker, key.ShareID) - } - sortedPIDs := tss.SortPartyIDs(partyIDs) - return keys, sortedPIDs, nil -} - -func LoadKeygenTestFixturesRandomSet(qty, fixtureCount int) ([]LocalPartySaveData, tss.SortedPartyIDs, error) { - keys := make([]LocalPartySaveData, 0, qty) - plucked := make(map[int]interface{}, qty) - for i := 0; len(plucked) < qty; i = (i + 1) % fixtureCount { - _, have := plucked[i] - if pluck := rand.Float32() < 0.5; !have && pluck { - plucked[i] = new(struct{}) - } - } - for i := range plucked { - fixtureFilePath := makeTestFixtureFilePath(i) - bz, err := ioutil.ReadFile(fixtureFilePath) - if err != nil { - return nil, nil, errors.Wrapf(err, - "could not open the test fixture for party %d in the expected location: %s. run keygen tests first.", - i, fixtureFilePath) - } - var key LocalPartySaveData - if err = json.Unmarshal(bz, &key); err != nil { - return nil, nil, errors.Wrapf(err, - "could not unmarshal fixture data for party %d located at: %s", - i, fixtureFilePath) - } - for _, kbxj := range key.BigXj { - kbxj.SetCurve(tss.Edwards()) - } - key.EDDSAPub.SetCurve(tss.Edwards()) - keys = append(keys, key) - } - partyIDs := make(tss.UnSortedPartyIDs, len(keys)) - j := 0 - for i := range plucked { - key := keys[j] - pMoniker := fmt.Sprintf("%d", i+1) - partyIDs[j] = tss.NewPartyID(pMoniker, pMoniker, key.ShareID) - j++ - } - sortedPIDs := tss.SortPartyIDs(partyIDs) - sort.Slice(keys, func(i, j int) bool { return keys[i].ShareID.Cmp(keys[j].ShareID) == -1 }) - return keys, sortedPIDs, nil -} - -func makeTestFixtureFilePath(partyIndex int) string { - _, callerFileName, _, _ := runtime.Caller(0) - srcDirName := filepath.Dir(callerFileName) - fixtureDirName := fmt.Sprintf(testFixtureDirFormat, srcDirName) - return fmt.Sprintf("%s/"+testFixtureFileFormat, fixtureDirName, partyIndex) -} diff --git a/eddsa/resharing/eddsa-resharing.pb.go b/eddsa/resharing/eddsa-resharing.pb.go deleted file mode 100644 index cca9b4016..000000000 --- a/eddsa/resharing/eddsa-resharing.pb.go +++ /dev/null @@ -1,407 +0,0 @@ -// Copyright © 2019 Binance -// -// This file is part of Binance. The full Binance copyright notice, including -// terms governing use, modification, and redistribution, is contained in the -// file LICENSE at the root of the source code distribution tree. - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.30.0 -// protoc v3.21.12 -// source: protob/eddsa-resharing.proto - -package resharing - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -// The Round 1 data is broadcast to peers of the New Committee in this message. -type DGRound1Message struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - EddsaPubX []byte `protobuf:"bytes,1,opt,name=eddsa_pub_x,json=eddsaPubX,proto3" json:"eddsa_pub_x,omitempty"` - EddsaPubY []byte `protobuf:"bytes,2,opt,name=eddsa_pub_y,json=eddsaPubY,proto3" json:"eddsa_pub_y,omitempty"` - VCommitment []byte `protobuf:"bytes,3,opt,name=v_commitment,json=vCommitment,proto3" json:"v_commitment,omitempty"` -} - -func (x *DGRound1Message) Reset() { - *x = DGRound1Message{} - if protoimpl.UnsafeEnabled { - mi := &file_protob_eddsa_resharing_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *DGRound1Message) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*DGRound1Message) ProtoMessage() {} - -func (x *DGRound1Message) ProtoReflect() protoreflect.Message { - mi := &file_protob_eddsa_resharing_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use DGRound1Message.ProtoReflect.Descriptor instead. -func (*DGRound1Message) Descriptor() ([]byte, []int) { - return file_protob_eddsa_resharing_proto_rawDescGZIP(), []int{0} -} - -func (x *DGRound1Message) GetEddsaPubX() []byte { - if x != nil { - return x.EddsaPubX - } - return nil -} - -func (x *DGRound1Message) GetEddsaPubY() []byte { - if x != nil { - return x.EddsaPubY - } - return nil -} - -func (x *DGRound1Message) GetVCommitment() []byte { - if x != nil { - return x.VCommitment - } - return nil -} - -// The Round 2 "ACK" is broadcast to peers of the Old Committee in this message. -type DGRound2Message struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields -} - -func (x *DGRound2Message) Reset() { - *x = DGRound2Message{} - if protoimpl.UnsafeEnabled { - mi := &file_protob_eddsa_resharing_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *DGRound2Message) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*DGRound2Message) ProtoMessage() {} - -func (x *DGRound2Message) ProtoReflect() protoreflect.Message { - mi := &file_protob_eddsa_resharing_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use DGRound2Message.ProtoReflect.Descriptor instead. -func (*DGRound2Message) Descriptor() ([]byte, []int) { - return file_protob_eddsa_resharing_proto_rawDescGZIP(), []int{1} -} - -// The Round 3 data is sent to peers of the New Committee in this message. -type DGRound3Message1 struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Share []byte `protobuf:"bytes,1,opt,name=share,proto3" json:"share,omitempty"` -} - -func (x *DGRound3Message1) Reset() { - *x = DGRound3Message1{} - if protoimpl.UnsafeEnabled { - mi := &file_protob_eddsa_resharing_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *DGRound3Message1) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*DGRound3Message1) ProtoMessage() {} - -func (x *DGRound3Message1) ProtoReflect() protoreflect.Message { - mi := &file_protob_eddsa_resharing_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use DGRound3Message1.ProtoReflect.Descriptor instead. -func (*DGRound3Message1) Descriptor() ([]byte, []int) { - return file_protob_eddsa_resharing_proto_rawDescGZIP(), []int{2} -} - -func (x *DGRound3Message1) GetShare() []byte { - if x != nil { - return x.Share - } - return nil -} - -// The Round 3 data is broadcast to peers of the New Committee in this message. -type DGRound3Message2 struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - VDecommitment [][]byte `protobuf:"bytes,1,rep,name=v_decommitment,json=vDecommitment,proto3" json:"v_decommitment,omitempty"` -} - -func (x *DGRound3Message2) Reset() { - *x = DGRound3Message2{} - if protoimpl.UnsafeEnabled { - mi := &file_protob_eddsa_resharing_proto_msgTypes[3] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *DGRound3Message2) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*DGRound3Message2) ProtoMessage() {} - -func (x *DGRound3Message2) ProtoReflect() protoreflect.Message { - mi := &file_protob_eddsa_resharing_proto_msgTypes[3] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use DGRound3Message2.ProtoReflect.Descriptor instead. -func (*DGRound3Message2) Descriptor() ([]byte, []int) { - return file_protob_eddsa_resharing_proto_rawDescGZIP(), []int{3} -} - -func (x *DGRound3Message2) GetVDecommitment() [][]byte { - if x != nil { - return x.VDecommitment - } - return nil -} - -// The Round 4 "ACK" is broadcast to peers of the Old and New Committees from the New Committee in this message. -type DGRound4Message struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields -} - -func (x *DGRound4Message) Reset() { - *x = DGRound4Message{} - if protoimpl.UnsafeEnabled { - mi := &file_protob_eddsa_resharing_proto_msgTypes[4] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *DGRound4Message) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*DGRound4Message) ProtoMessage() {} - -func (x *DGRound4Message) ProtoReflect() protoreflect.Message { - mi := &file_protob_eddsa_resharing_proto_msgTypes[4] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use DGRound4Message.ProtoReflect.Descriptor instead. -func (*DGRound4Message) Descriptor() ([]byte, []int) { - return file_protob_eddsa_resharing_proto_rawDescGZIP(), []int{4} -} - -var File_protob_eddsa_resharing_proto protoreflect.FileDescriptor - -var file_protob_eddsa_resharing_proto_rawDesc = []byte{ - 0x0a, 0x1c, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x2f, 0x65, 0x64, 0x64, 0x73, 0x61, 0x2d, 0x72, - 0x65, 0x73, 0x68, 0x61, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x1e, - 0x62, 0x69, 0x6e, 0x61, 0x6e, 0x63, 0x65, 0x2e, 0x74, 0x73, 0x73, 0x6c, 0x69, 0x62, 0x2e, 0x65, - 0x64, 0x64, 0x73, 0x61, 0x2e, 0x72, 0x65, 0x73, 0x68, 0x61, 0x72, 0x69, 0x6e, 0x67, 0x22, 0x74, - 0x0a, 0x0f, 0x44, 0x47, 0x52, 0x6f, 0x75, 0x6e, 0x64, 0x31, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, - 0x65, 0x12, 0x1e, 0x0a, 0x0b, 0x65, 0x64, 0x64, 0x73, 0x61, 0x5f, 0x70, 0x75, 0x62, 0x5f, 0x78, - 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x09, 0x65, 0x64, 0x64, 0x73, 0x61, 0x50, 0x75, 0x62, - 0x58, 0x12, 0x1e, 0x0a, 0x0b, 0x65, 0x64, 0x64, 0x73, 0x61, 0x5f, 0x70, 0x75, 0x62, 0x5f, 0x79, - 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x09, 0x65, 0x64, 0x64, 0x73, 0x61, 0x50, 0x75, 0x62, - 0x59, 0x12, 0x21, 0x0a, 0x0c, 0x76, 0x5f, 0x63, 0x6f, 0x6d, 0x6d, 0x69, 0x74, 0x6d, 0x65, 0x6e, - 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0b, 0x76, 0x43, 0x6f, 0x6d, 0x6d, 0x69, 0x74, - 0x6d, 0x65, 0x6e, 0x74, 0x22, 0x11, 0x0a, 0x0f, 0x44, 0x47, 0x52, 0x6f, 0x75, 0x6e, 0x64, 0x32, - 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x22, 0x28, 0x0a, 0x10, 0x44, 0x47, 0x52, 0x6f, 0x75, - 0x6e, 0x64, 0x33, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x31, 0x12, 0x14, 0x0a, 0x05, 0x73, - 0x68, 0x61, 0x72, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x05, 0x73, 0x68, 0x61, 0x72, - 0x65, 0x22, 0x39, 0x0a, 0x10, 0x44, 0x47, 0x52, 0x6f, 0x75, 0x6e, 0x64, 0x33, 0x4d, 0x65, 0x73, - 0x73, 0x61, 0x67, 0x65, 0x32, 0x12, 0x25, 0x0a, 0x0e, 0x76, 0x5f, 0x64, 0x65, 0x63, 0x6f, 0x6d, - 0x6d, 0x69, 0x74, 0x6d, 0x65, 0x6e, 0x74, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0c, 0x52, 0x0d, 0x76, - 0x44, 0x65, 0x63, 0x6f, 0x6d, 0x6d, 0x69, 0x74, 0x6d, 0x65, 0x6e, 0x74, 0x22, 0x11, 0x0a, 0x0f, - 0x44, 0x47, 0x52, 0x6f, 0x75, 0x6e, 0x64, 0x34, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x42, - 0x11, 0x5a, 0x0f, 0x65, 0x64, 0x64, 0x73, 0x61, 0x2f, 0x72, 0x65, 0x73, 0x68, 0x61, 0x72, 0x69, - 0x6e, 0x67, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, -} - -var ( - file_protob_eddsa_resharing_proto_rawDescOnce sync.Once - file_protob_eddsa_resharing_proto_rawDescData = file_protob_eddsa_resharing_proto_rawDesc -) - -func file_protob_eddsa_resharing_proto_rawDescGZIP() []byte { - file_protob_eddsa_resharing_proto_rawDescOnce.Do(func() { - file_protob_eddsa_resharing_proto_rawDescData = protoimpl.X.CompressGZIP(file_protob_eddsa_resharing_proto_rawDescData) - }) - return file_protob_eddsa_resharing_proto_rawDescData -} - -var file_protob_eddsa_resharing_proto_msgTypes = make([]protoimpl.MessageInfo, 5) -var file_protob_eddsa_resharing_proto_goTypes = []interface{}{ - (*DGRound1Message)(nil), // 0: binance.tsslib.eddsa.resharing.DGRound1Message - (*DGRound2Message)(nil), // 1: binance.tsslib.eddsa.resharing.DGRound2Message - (*DGRound3Message1)(nil), // 2: binance.tsslib.eddsa.resharing.DGRound3Message1 - (*DGRound3Message2)(nil), // 3: binance.tsslib.eddsa.resharing.DGRound3Message2 - (*DGRound4Message)(nil), // 4: binance.tsslib.eddsa.resharing.DGRound4Message -} -var file_protob_eddsa_resharing_proto_depIdxs = []int32{ - 0, // [0:0] is the sub-list for method output_type - 0, // [0:0] is the sub-list for method input_type - 0, // [0:0] is the sub-list for extension type_name - 0, // [0:0] is the sub-list for extension extendee - 0, // [0:0] is the sub-list for field type_name -} - -func init() { file_protob_eddsa_resharing_proto_init() } -func file_protob_eddsa_resharing_proto_init() { - if File_protob_eddsa_resharing_proto != nil { - return - } - if !protoimpl.UnsafeEnabled { - file_protob_eddsa_resharing_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*DGRound1Message); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_protob_eddsa_resharing_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*DGRound2Message); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_protob_eddsa_resharing_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*DGRound3Message1); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_protob_eddsa_resharing_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*DGRound3Message2); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_protob_eddsa_resharing_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*DGRound4Message); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_protob_eddsa_resharing_proto_rawDesc, - NumEnums: 0, - NumMessages: 5, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_protob_eddsa_resharing_proto_goTypes, - DependencyIndexes: file_protob_eddsa_resharing_proto_depIdxs, - MessageInfos: file_protob_eddsa_resharing_proto_msgTypes, - }.Build() - File_protob_eddsa_resharing_proto = out.File - file_protob_eddsa_resharing_proto_rawDesc = nil - file_protob_eddsa_resharing_proto_goTypes = nil - file_protob_eddsa_resharing_proto_depIdxs = nil -} diff --git a/eddsa/resharing/local_party.go b/eddsa/resharing/local_party.go deleted file mode 100644 index eba356406..000000000 --- a/eddsa/resharing/local_party.go +++ /dev/null @@ -1,168 +0,0 @@ -// Copyright © 2019 Binance -// -// This file is part of Binance. The full Binance copyright notice, including -// terms governing use, modification, and redistribution, is contained in the -// file LICENSE at the root of the source code distribution tree. - -package resharing - -import ( - "fmt" - "math/big" - - "github.com/bnb-chain/tss-lib/common" - "github.com/bnb-chain/tss-lib/crypto" - cmt "github.com/bnb-chain/tss-lib/crypto/commitments" - "github.com/bnb-chain/tss-lib/crypto/vss" - "github.com/bnb-chain/tss-lib/eddsa/keygen" - "github.com/bnb-chain/tss-lib/tss" -) - -// Implements Party -// Implements Stringer -var _ tss.Party = (*LocalParty)(nil) -var _ fmt.Stringer = (*LocalParty)(nil) - -type ( - LocalParty struct { - *tss.BaseParty - params *tss.ReSharingParameters - - temp localTempData - input, save keygen.LocalPartySaveData - - // outbound messaging - out chan<- tss.Message - end chan<- keygen.LocalPartySaveData - } - - localMessageStore struct { - dgRound1Messages, - dgRound2Messages, - dgRound3Message1s, - dgRound3Message2s, - dgRound4Messages []tss.ParsedMessage - } - - localTempData struct { - localMessageStore - - // temp data (thrown away after rounds) - NewVs vss.Vs - NewShares vss.Shares - VD cmt.HashDeCommitment - - // temporary storage of data that is persisted by the new party in round 5 if all "ACK" messages are received - newXi *big.Int - newKs []*big.Int - newBigXjs []*crypto.ECPoint // Xj to save in round 5 - } -) - -// Exported, used in `tss` client -// The `key` is read from and/or written to depending on whether this party is part of the old or the new committee. -// You may optionally generate and set the LocalPreParams if you would like to use pre-generated safe primes and Paillier secret. -// (This is similar to providing the `optionalPreParams` to `keygen.LocalParty`). -func NewLocalParty( - params *tss.ReSharingParameters, - key keygen.LocalPartySaveData, - out chan<- tss.Message, - end chan<- keygen.LocalPartySaveData, -) tss.Party { - oldPartyCount := len(params.OldParties().IDs()) - subset := key - if params.IsOldCommittee() { - subset = keygen.BuildLocalSaveDataSubset(key, params.OldParties().IDs()) - } - p := &LocalParty{ - BaseParty: new(tss.BaseParty), - params: params, - temp: localTempData{}, - input: subset, - save: keygen.NewLocalPartySaveData(params.NewPartyCount()), - out: out, - end: end, - } - // msgs init - p.temp.dgRound1Messages = make([]tss.ParsedMessage, oldPartyCount) // from t+1 of Old Committee - p.temp.dgRound2Messages = make([]tss.ParsedMessage, params.NewPartyCount()) // from n of New Committee - p.temp.dgRound3Message1s = make([]tss.ParsedMessage, oldPartyCount) // from t+1 of Old Committee - p.temp.dgRound3Message2s = make([]tss.ParsedMessage, oldPartyCount) // " - p.temp.dgRound4Messages = make([]tss.ParsedMessage, params.NewPartyCount()) // from n of New Committee - - return p -} - -func (p *LocalParty) FirstRound() tss.Round { - return newRound1(p.params, &p.input, &p.save, &p.temp, p.out, p.end) -} - -func (p *LocalParty) Start() *tss.Error { - return tss.BaseStart(p, TaskName) -} - -func (p *LocalParty) Update(msg tss.ParsedMessage) (ok bool, err *tss.Error) { - return tss.BaseUpdate(p, msg, TaskName) -} - -func (p *LocalParty) UpdateFromBytes(wireBytes []byte, from *tss.PartyID, isBroadcast bool) (bool, *tss.Error) { - msg, err := tss.ParseWireMessage(wireBytes, from, isBroadcast) - if err != nil { - return false, p.WrapError(err) - } - return p.Update(msg) -} - -func (p *LocalParty) ValidateMessage(msg tss.ParsedMessage) (bool, *tss.Error) { - if ok, err := p.BaseParty.ValidateMessage(msg); !ok || err != nil { - return ok, err - } - // check that the message's "from index" will fit into the array - var maxFromIdx int - switch msg.Content().(type) { - case *DGRound2Message, *DGRound4Message: - maxFromIdx = len(p.params.NewParties().IDs()) - 1 - default: - maxFromIdx = len(p.params.OldParties().IDs()) - 1 - } - if maxFromIdx < msg.GetFrom().Index { - return false, p.WrapError(fmt.Errorf("received msg with a sender index too great (%d <= %d)", - maxFromIdx, msg.GetFrom().Index), msg.GetFrom()) - } - return true, nil -} - -func (p *LocalParty) StoreMessage(msg tss.ParsedMessage) (bool, *tss.Error) { - // ValidateBasic is cheap; double-check the message here in case the public StoreMessage was called externally - if ok, err := p.ValidateMessage(msg); !ok || err != nil { - return ok, err - } - fromPIdx := msg.GetFrom().Index - - // switch/case is necessary to store any messages beyond current round - // this does not handle message replays. we expect the caller to apply replay and spoofing protection. - switch msg.Content().(type) { - case *DGRound1Message: - p.temp.dgRound1Messages[fromPIdx] = msg - case *DGRound2Message: - p.temp.dgRound2Messages[fromPIdx] = msg - case *DGRound3Message1: - p.temp.dgRound3Message1s[fromPIdx] = msg - case *DGRound3Message2: - p.temp.dgRound3Message2s[fromPIdx] = msg - case *DGRound4Message: - p.temp.dgRound4Messages[fromPIdx] = msg - default: // unrecognised message, just ignore! - common.Logger.Warningf("unrecognised message ignored: %v", msg) - return false, nil - } - return true, nil -} - -func (p *LocalParty) PartyID() *tss.PartyID { - return p.params.PartyID() -} - -func (p *LocalParty) String() string { - return fmt.Sprintf("id: %s, %s", p.PartyID(), p.BaseParty.String()) -} diff --git a/eddsa/resharing/local_party_test.go b/eddsa/resharing/local_party_test.go deleted file mode 100644 index 726dd118d..000000000 --- a/eddsa/resharing/local_party_test.go +++ /dev/null @@ -1,257 +0,0 @@ -// Copyright © 2019 Binance -// -// This file is part of Binance. The full Binance copyright notice, including -// terms governing use, modification, and redistribution, is contained in the -// file LICENSE at the root of the source code distribution tree. - -package resharing_test - -import ( - "math/big" - "reflect" - "sync/atomic" - "testing" - - "github.com/decred/dcrd/dcrec/edwards/v2" - "github.com/ipfs/go-log" - "github.com/stretchr/testify/assert" - - "github.com/bnb-chain/tss-lib/common" - "github.com/bnb-chain/tss-lib/crypto" - "github.com/bnb-chain/tss-lib/eddsa/keygen" - . "github.com/bnb-chain/tss-lib/eddsa/resharing" - "github.com/bnb-chain/tss-lib/eddsa/signing" - "github.com/bnb-chain/tss-lib/test" - "github.com/bnb-chain/tss-lib/tss" -) - -const ( - testParticipants = test.TestParticipants - testThreshold = test.TestThreshold -) - -func setUp(level string) { - if err := log.SetLogLevel("tss-lib", level); err != nil { - panic(err) - } - - // only for test - tss.SetCurve(tss.Edwards()) -} - -func TestE2EConcurrent(t *testing.T) { - setUp("info") - - threshold, newThreshold := testThreshold, testThreshold - - // PHASE: load keygen fixtures - firstPartyIdx, extraParties := 5, 1 // // extra can be 0 to N-first - oldKeys, oldPIDs, err := keygen.LoadKeygenTestFixtures(testThreshold+1+extraParties+firstPartyIdx, firstPartyIdx) - assert.NoError(t, err, "should load keygen fixtures") - - // PHASE: resharing - oldP2PCtx := tss.NewPeerContext(oldPIDs) - - // init the new parties; re-use the fixture pre-params for speed - newPIDs := tss.GenerateTestPartyIDs(testParticipants) - newP2PCtx := tss.NewPeerContext(newPIDs) - newPCount := len(newPIDs) - - oldCommittee := make([]*LocalParty, 0, len(oldPIDs)) - newCommittee := make([]*LocalParty, 0, newPCount) - bothCommitteesPax := len(oldCommittee) + len(newCommittee) - - errCh := make(chan *tss.Error, bothCommitteesPax) - outCh := make(chan tss.Message, bothCommitteesPax) - endCh := make(chan keygen.LocalPartySaveData, bothCommitteesPax) - - updater := test.SharedPartyUpdater - - // init the old parties first - for j, pID := range oldPIDs { - params := tss.NewReSharingParameters(tss.Edwards(), oldP2PCtx, newP2PCtx, pID, testParticipants, threshold, newPCount, newThreshold) - P := NewLocalParty(params, oldKeys[j], outCh, endCh).(*LocalParty) // discard old key data - oldCommittee = append(oldCommittee, P) - } - - // init the new parties - for _, pID := range newPIDs { - params := tss.NewReSharingParameters(tss.Edwards(), oldP2PCtx, newP2PCtx, pID, testParticipants, threshold, newPCount, newThreshold) - save := keygen.NewLocalPartySaveData(newPCount) - P := NewLocalParty(params, save, outCh, endCh).(*LocalParty) - newCommittee = append(newCommittee, P) - } - - // start the new parties; they will wait for messages - for _, P := range newCommittee { - go func(P *LocalParty) { - if err := P.Start(); err != nil { - errCh <- err - } - }(P) - } - // start the old parties; they will send messages - for _, P := range oldCommittee { - go func(P *LocalParty) { - if err := P.Start(); err != nil { - errCh <- err - } - }(P) - } - - newKeys := make([]keygen.LocalPartySaveData, len(newCommittee)) - endedOldCommittee := 0 - var reSharingEnded int32 - for { - select { - case err := <-errCh: - common.Logger.Errorf("Error: %s", err) - assert.FailNow(t, err.Error()) - return - - case msg := <-outCh: - dest := msg.GetTo() - if dest == nil { - t.Fatal("did not expect a msg to have a nil destination during resharing") - } - if msg.IsToOldCommittee() || msg.IsToOldAndNewCommittees() { - for _, destP := range dest[:len(oldCommittee)] { - go updater(oldCommittee[destP.Index], msg, errCh) - } - } - if !msg.IsToOldCommittee() || msg.IsToOldAndNewCommittees() { - for _, destP := range dest { - go updater(newCommittee[destP.Index], msg, errCh) - } - } - - case save := <-endCh: - // old committee members that aren't receiving a share have their Xi zeroed - if save.Xi != nil { - index, err := save.OriginalIndex() - assert.NoErrorf(t, err, "should not be an error getting a party's index from save data") - newKeys[index] = save - } else { - endedOldCommittee++ - } - atomic.AddInt32(&reSharingEnded, 1) - if atomic.LoadInt32(&reSharingEnded) == int32(len(oldCommittee)+len(newCommittee)) { - assert.Equal(t, len(oldCommittee), endedOldCommittee) - t.Logf("Resharing done. Reshared %d participants", reSharingEnded) - - // xj tests: BigXj == xj*G - for j, key := range newKeys { - // xj test: BigXj == xj*G - xj := key.Xi - gXj := crypto.ScalarBaseMult(tss.Edwards(), xj) - BigXj := key.BigXj[j] - assert.True(t, BigXj.Equals(gXj), "ensure BigX_j == g^x_j") - } - - // more verification of signing is implemented within local_party_test.go of keygen package - goto signing - } - } - } - -signing: - // PHASE: signing - signKeys, signPIDs := newKeys, newPIDs - signP2pCtx := tss.NewPeerContext(signPIDs) - signParties := make([]*signing.LocalParty, 0, len(signPIDs)) - - signErrCh := make(chan *tss.Error, len(signPIDs)) - signOutCh := make(chan tss.Message, len(signPIDs)) - signEndCh := make(chan common.SignatureData, len(signPIDs)) - signResultCh := make(chan signatureDataParts, len(signPIDs)) - go func() { - for i := 0; i < len(signPIDs); i++ { - signResultCh <- recvSignatureDataParts(signEndCh) - } - }() - - signCeremonyNonce := big.NewInt(1) - for j, signPID := range signPIDs { - params := tss.NewParameters(tss.Edwards(), signP2pCtx, signPID, len(signPIDs), newThreshold) - params.SetSessionNonce(signCeremonyNonce) - P := signing.NewLocalParty(big.NewInt(42), params, signKeys[j], signOutCh, signEndCh, 32).(*signing.LocalParty) - signParties = append(signParties, P) - go func(P *signing.LocalParty) { - if err := P.Start(); err != nil { - signErrCh <- err - } - }(P) - } - - var signEnded int32 - for { - select { - case err := <-signErrCh: - common.Logger.Errorf("Error: %s", err) - assert.FailNow(t, err.Error()) - return - - case msg := <-signOutCh: - dest := msg.GetTo() - if dest == nil { - for _, P := range signParties { - if P.PartyID().Index == msg.GetFrom().Index { - continue - } - go updater(P, msg, signErrCh) - } - } else { - if dest[0].Index == msg.GetFrom().Index { - t.Fatalf("party %d tried to send a message to itself (%d)", dest[0].Index, msg.GetFrom().Index) - } - go updater(signParties[dest[0].Index], msg, signErrCh) - } - - case signData := <-signResultCh: - atomic.AddInt32(&signEnded, 1) - if atomic.LoadInt32(&signEnded) == int32(len(signPIDs)) { - t.Logf("Signing done. Received sign data from %d participants", signEnded) - - // BEGIN EDDSA verify - pkX, pkY := signKeys[0].EDDSAPub.X(), signKeys[0].EDDSAPub.Y() - pk := edwards.PublicKey{ - Curve: tss.Edwards(), - X: pkX, - Y: pkY, - } - - newSig, err := edwards.ParseSignature(signData.signature) - if err != nil { - println("new sig error, ", err.Error()) - } - - msgBytes := make([]byte, 32) - big.NewInt(42).FillBytes(msgBytes) - ok := edwards.Verify(&pk, msgBytes, newSig.R, newSig.S) - - assert.True(t, ok, "eddsa verify must pass") - t.Log("EDDSA signing test done.") - // END EDDSA verify - - return - } - } - } -} - -type signatureDataParts struct { - signature []byte -} - -func recvSignatureDataParts(ch <-chan common.SignatureData) signatureDataParts { - _, value, ok := reflect.Select([]reflect.SelectCase{{ - Dir: reflect.SelectRecv, - Chan: reflect.ValueOf(ch), - }}) - if !ok { - return signatureDataParts{} - } - return signatureDataParts{ - signature: append([]byte(nil), value.FieldByName("Signature").Bytes()...), - } -} diff --git a/eddsa/resharing/messages.go b/eddsa/resharing/messages.go deleted file mode 100644 index 23003bb2e..000000000 --- a/eddsa/resharing/messages.go +++ /dev/null @@ -1,170 +0,0 @@ -// Copyright © 2019 Binance -// -// This file is part of Binance. The full Binance copyright notice, including -// terms governing use, modification, and redistribution, is contained in the -// file LICENSE at the root of the source code distribution tree. - -package resharing - -import ( - "crypto/elliptic" - "math/big" - - "github.com/bnb-chain/tss-lib/common" - "github.com/bnb-chain/tss-lib/crypto" - cmt "github.com/bnb-chain/tss-lib/crypto/commitments" - "github.com/bnb-chain/tss-lib/crypto/vss" - "github.com/bnb-chain/tss-lib/tss" -) - -// These messages were generated from Protocol Buffers definitions into eddsa-resharing.pb.go - -var ( - // Ensure that signing messages implement ValidateBasic - _ = []tss.MessageContent{ - (*DGRound1Message)(nil), - (*DGRound2Message)(nil), - (*DGRound3Message1)(nil), - (*DGRound3Message2)(nil), - (*DGRound4Message)(nil), - } -) - -// ----- // - -func NewDGRound1Message( - to []*tss.PartyID, - from *tss.PartyID, - eddsaPub *crypto.ECPoint, - vct cmt.HashCommitment, -) tss.ParsedMessage { - meta := tss.MessageRouting{ - From: from, - To: to, - IsBroadcast: true, - IsToOldCommittee: false, - } - content := &DGRound1Message{ - EddsaPubX: eddsaPub.X().Bytes(), - EddsaPubY: eddsaPub.Y().Bytes(), - VCommitment: vct.Bytes(), - } - msg := tss.NewMessageWrapper(meta, content) - return tss.NewMessage(meta, content, msg) -} - -func (m *DGRound1Message) ValidateBasic() bool { - return m != nil && - common.NonEmptyBytes(m.EddsaPubX) && - common.NonEmptyBytes(m.EddsaPubY) && - common.NonEmptyBytes(m.VCommitment) -} - -func (m *DGRound1Message) UnmarshalEDDSAPub(ec elliptic.Curve) (*crypto.ECPoint, error) { - return crypto.NewECPoint( - ec, - new(big.Int).SetBytes(m.EddsaPubX), - new(big.Int).SetBytes(m.EddsaPubY)) -} - -func (m *DGRound1Message) UnmarshalVCommitment() *big.Int { - return new(big.Int).SetBytes(m.GetVCommitment()) -} - -// ----- // - -func NewDGRound2Message( - to []*tss.PartyID, - from *tss.PartyID, -) tss.ParsedMessage { - meta := tss.MessageRouting{ - From: from, - To: to, - IsBroadcast: true, - IsToOldCommittee: true, - } - content := &DGRound2Message{} - msg := tss.NewMessageWrapper(meta, content) - return tss.NewMessage(meta, content, msg) -} - -func (m *DGRound2Message) ValidateBasic() bool { - return true -} - -// ----- // - -func NewDGRound3Message1( - to *tss.PartyID, - from *tss.PartyID, - share *vss.Share, -) tss.ParsedMessage { - meta := tss.MessageRouting{ - From: from, - To: []*tss.PartyID{to}, - IsBroadcast: false, - IsToOldCommittee: false, - } - content := &DGRound3Message1{ - Share: share.Share.Bytes(), - } - msg := tss.NewMessageWrapper(meta, content) - return tss.NewMessage(meta, content, msg) -} - -func (m *DGRound3Message1) ValidateBasic() bool { - return m != nil && - common.NonEmptyBytes(m.Share) -} - -// ----- // - -func NewDGRound3Message2( - to []*tss.PartyID, - from *tss.PartyID, - vdct cmt.HashDeCommitment, -) tss.ParsedMessage { - meta := tss.MessageRouting{ - From: from, - To: to, - IsBroadcast: true, - IsToOldCommittee: false, - } - vDctBzs := common.BigIntsToBytes(vdct) - content := &DGRound3Message2{ - VDecommitment: vDctBzs, - } - msg := tss.NewMessageWrapper(meta, content) - return tss.NewMessage(meta, content, msg) -} - -func (m *DGRound3Message2) ValidateBasic() bool { - return m != nil && - common.NonEmptyMultiBytes(m.VDecommitment) -} - -func (m *DGRound3Message2) UnmarshalVDeCommitment() cmt.HashDeCommitment { - deComBzs := m.GetVDecommitment() - return cmt.NewHashDeCommitmentFromBytes(deComBzs) -} - -// ----- // - -func NewDGRound4Message( - to []*tss.PartyID, - from *tss.PartyID, -) tss.ParsedMessage { - meta := tss.MessageRouting{ - From: from, - To: to, - IsBroadcast: true, - IsToOldAndNewCommittees: true, - } - content := &DGRound4Message{} - msg := tss.NewMessageWrapper(meta, content) - return tss.NewMessage(meta, content, msg) -} - -func (m *DGRound4Message) ValidateBasic() bool { - return true -} diff --git a/eddsa/resharing/round_1_old_step_1.go b/eddsa/resharing/round_1_old_step_1.go deleted file mode 100644 index 4e1b80f9d..000000000 --- a/eddsa/resharing/round_1_old_step_1.go +++ /dev/null @@ -1,127 +0,0 @@ -// Copyright © 2019 Binance -// -// This file is part of Binance. The full Binance copyright notice, including -// terms governing use, modification, and redistribution, is contained in the -// file LICENSE at the root of the source code distribution tree. - -package resharing - -import ( - "errors" - "fmt" - - "github.com/bnb-chain/tss-lib/crypto" - "github.com/bnb-chain/tss-lib/crypto/commitments" - "github.com/bnb-chain/tss-lib/crypto/vss" - "github.com/bnb-chain/tss-lib/eddsa/keygen" - "github.com/bnb-chain/tss-lib/eddsa/signing" - "github.com/bnb-chain/tss-lib/tss" -) - -// round 1 represents round 1 of the keygen part of the EDDSA TSS spec -func newRound1(params *tss.ReSharingParameters, input, save *keygen.LocalPartySaveData, temp *localTempData, out chan<- tss.Message, end chan<- keygen.LocalPartySaveData) tss.Round { - return &round1{ - &base{params, temp, input, save, out, end, make([]bool, len(params.OldParties().IDs())), make([]bool, len(params.NewParties().IDs())), false, 1}} -} - -func (round *round1) Start() *tss.Error { - if round.started { - return round.WrapError(errors.New("round already started")) - } - round.number = 1 - round.started = true - round.resetOK() // resets both round.oldOK and round.newOK - round.allNewOK() - - if !round.ReSharingParams().IsOldCommittee() { - return nil - } - round.allOldOK() - - Pi := round.PartyID() - i := Pi.Index - - // 1. PrepareForSigning() -> w_i - xi, ks := round.input.Xi, round.input.Ks - if round.Threshold()+1 > len(ks) { - return round.WrapError(fmt.Errorf("t+1=%d is not satisfied by the key count of %d", round.Threshold()+1, len(ks)), round.PartyID()) - } - newKs := round.NewParties().IDs().Keys() - wi := signing.PrepareForSigning(round.Params().EC(), i, len(round.OldParties().IDs()), xi, ks) - - // 2. - vi, shares, err := vss.Create(round.Params().EC(), round.NewThreshold(), wi, newKs) - if err != nil { - return round.WrapError(err, round.PartyID()) - } - - // 3. - flatVis, err := crypto.FlattenECPoints(vi) - if err != nil { - return round.WrapError(err, round.PartyID()) - } - vCmt := commitments.NewHashCommitment(flatVis...) - - // 4. populate temp data - round.temp.VD = vCmt.D - round.temp.NewShares = shares - - // 5. "broadcast" C_i to members of the NEW committee - r1msg := NewDGRound1Message( - round.NewParties().IDs().Exclude(round.PartyID()), round.PartyID(), - round.input.EDDSAPub, vCmt.C) - round.temp.dgRound1Messages[i] = r1msg - round.out <- r1msg - - return nil -} - -func (round *round1) CanAccept(msg tss.ParsedMessage) bool { - // accept messages from old -> new committee - if _, ok := msg.Content().(*DGRound1Message); ok { - return msg.IsBroadcast() - } - return false -} - -func (round *round1) Update() (bool, *tss.Error) { - // only the new committee receive in this round - if !round.ReSharingParameters.IsNewCommittee() { - return true, nil - } - ret := true - // accept messages from old -> new committee - for j, msg := range round.temp.dgRound1Messages { - if round.oldOK[j] { - continue - } - if msg == nil || !round.CanAccept(msg) { - ret = false - continue - } - round.oldOK[j] = true - - if round.temp.dgRound1Messages[0] == nil { - ret = false - continue - } - // save the eddsa pub received from the old committee - r1msg := round.temp.dgRound1Messages[0].Content().(*DGRound1Message) - candidate, err := r1msg.UnmarshalEDDSAPub(round.Params().EC()) - if err != nil { - return false, round.WrapError(errors.New("unable to unmarshal the eddsa pub key"), msg.GetFrom()) - } - if round.save.EDDSAPub != nil && - !candidate.Equals(round.save.EDDSAPub) { - // uh oh - anomaly! - return false, round.WrapError(errors.New("eddsa pub key did not match what we received previously"), msg.GetFrom()) - } - round.save.EDDSAPub = candidate - } - return ret, nil -} - -func (round *round1) NextRound() tss.Round { - round.started = false - return &round2{round} -} diff --git a/eddsa/resharing/round_2_new_step_1.go b/eddsa/resharing/round_2_new_step_1.go deleted file mode 100644 index 86b698e76..000000000 --- a/eddsa/resharing/round_2_new_step_1.go +++ /dev/null @@ -1,72 +0,0 @@ -// Copyright © 2019 Binance -// -// This file is part of Binance. The full Binance copyright notice, including -// terms governing use, modification, and redistribution, is contained in the -// file LICENSE at the root of the source code distribution tree. - -package resharing - -import ( - "errors" - - "github.com/bnb-chain/tss-lib/tss" -) - -func (round *round2) Start() *tss.Error { - if round.started { - return round.WrapError(errors.New("round already started")) - } - round.number = 2 - round.started = true - round.resetOK() // resets both round.oldOK and round.newOK - round.allOldOK() - - if !round.ReSharingParams().IsNewCommittee() { - return nil - } - round.allNewOK() - - Pi := round.PartyID() - i := Pi.Index - - // 1. "broadcast" "ACK" members of the OLD committee - r2msg := NewDGRound2Message(round.OldParties().IDs(), Pi) - round.temp.dgRound2Messages[i] = r2msg - round.out <- r2msg - - return nil -} - -func (round *round2) CanAccept(msg tss.ParsedMessage) bool { - if _, ok := msg.Content().(*DGRound2Message); ok { - return msg.IsBroadcast() - } - return false -} - -func (round *round2) Update() (bool, *tss.Error) { - // only the old committee receive in this round - if !round.ReSharingParams().IsOldCommittee() { - return true, nil - } - - ret := true - // accept messages from new -> old committee - for j, msg := range round.temp.dgRound2Messages { - if round.newOK[j] { - continue - } - if msg == nil || !round.CanAccept(msg) { - ret = false - continue - } - round.newOK[j] = true - } - - return ret, nil -} - -func (round *round2) NextRound() tss.Round { - round.started = false - return &round3{round} -} diff --git a/eddsa/resharing/round_3_old_step_2.go b/eddsa/resharing/round_3_old_step_2.go deleted file mode 100644 index dbb26bf62..000000000 --- a/eddsa/resharing/round_3_old_step_2.go +++ /dev/null @@ -1,90 +0,0 @@ -// Copyright © 2019 Binance -// -// This file is part of Binance. The full Binance copyright notice, including -// terms governing use, modification, and redistribution, is contained in the -// file LICENSE at the root of the source code distribution tree. - -package resharing - -import ( - "errors" - - "github.com/bnb-chain/tss-lib/tss" -) - -func (round *round3) Start() *tss.Error { - if round.started { - return round.WrapError(errors.New("round already started")) - } - round.number = 3 - round.started = true - round.resetOK() // resets both round.oldOK and round.newOK - round.allNewOK() - - if !round.ReSharingParams().IsOldCommittee() { - return nil - } - round.allOldOK() - - Pi := round.PartyID() - i := Pi.Index - - // 1-2. send share to Pj from the new committee - for j, Pj := range round.NewParties().IDs() { - share := round.temp.NewShares[j] - r3msg1 := NewDGRound3Message1(Pj, round.PartyID(), share) - round.temp.dgRound3Message1s[i] = r3msg1 - round.out <- r3msg1 - } - - // 3. broadcast de-commitment to new committees - vDeCmt := round.temp.VD - r3msg2 := NewDGRound3Message2( - round.NewParties().IDs().Exclude(round.PartyID()), round.PartyID(), - vDeCmt) - round.temp.dgRound3Message2s[i] = r3msg2 - round.out <- r3msg2 - - return nil -} - -func (round *round3) CanAccept(msg tss.ParsedMessage) bool { - if _, ok := msg.Content().(*DGRound3Message1); ok { - return !msg.IsBroadcast() - } - if _, ok := msg.Content().(*DGRound3Message2); ok { - return msg.IsBroadcast() - } - return false -} - -func (round *round3) Update() (bool, *tss.Error) { - // only the new committee receive in this round - if !round.ReSharingParams().IsNewCommittee() { - return true, nil - } - - ret := true - // accept messages from old -> new committee - for j, msg1 := range round.temp.dgRound3Message1s { - if round.oldOK[j] { - continue - } - if msg1 == nil || !round.CanAccept(msg1) { - ret = false - continue - } - msg2 := round.temp.dgRound3Message2s[j] - if msg2 == nil || !round.CanAccept(msg2) { - ret = false - continue - } - round.oldOK[j] = true - } - return ret, nil -} - -func (round *round3) NextRound() tss.Round { - round.started = false - return &round4{round} -} diff --git a/eddsa/resharing/round_4_new_step_2.go b/eddsa/resharing/round_4_new_step_2.go deleted file mode 100644 index ffcb52b9f..000000000 --- a/eddsa/resharing/round_4_new_step_2.go +++ /dev/null @@ -1,161 +0,0 @@ -// Copyright © 2019 Binance -// -// This file is part of Binance. The full Binance copyright notice, including -// terms governing use, modification, and redistribution, is contained in the -// file LICENSE at the root of the source code distribution tree. - -package resharing - -import ( - "math/big" - - "github.com/pkg/errors" - - "github.com/bnb-chain/tss-lib/common" - "github.com/bnb-chain/tss-lib/crypto" - "github.com/bnb-chain/tss-lib/crypto/commitments" - "github.com/bnb-chain/tss-lib/crypto/vss" - "github.com/bnb-chain/tss-lib/tss" -) - -func (round *round4) Start() *tss.Error { - if round.started { - return round.WrapError(errors.New("round already started")) - } - round.number = 4 - round.started = true - round.resetOK() // resets both round.oldOK and round.newOK - - round.allOldOK() - - if !round.ReSharingParams().IsNewCommittee() { - // both committees proceed to round 5 after receiving "ACK" messages from the new committee - return nil - } - - Pi := round.PartyID() - i := Pi.Index - - // 1. - newXi := big.NewInt(0) - - // 2-8. - modQ := common.ModInt(round.Params().EC().Params().N) - vjc := make([][]*crypto.ECPoint, len(round.OldParties().IDs())) - for j := 0; j <= len(vjc)-1; j++ { // P1..P_t+1. Ps are indexed from 0 here - r1msg := round.temp.dgRound1Messages[j].Content().(*DGRound1Message) - r3msg2 := round.temp.dgRound3Message2s[j].Content().(*DGRound3Message2) - - vCj, vDj := r1msg.UnmarshalVCommitment(), r3msg2.UnmarshalVDeCommitment() - - // 3. unpack flat "v" commitment content - vCmtDeCmt := commitments.HashCommitDecommit{C: vCj, D: vDj} - ok, flatVs := vCmtDeCmt.DeCommit() - if !ok || len(flatVs) != (round.NewThreshold()+1)*2 { // they're points so * 2 - // TODO collect culprits and return a list of them as per convention - return round.WrapError(errors.New("de-commitment of v_j0..v_jt failed"), round.Parties().IDs()[j]) - } - vj, err := crypto.UnFlattenECPoints(round.Params().EC(), flatVs) - if err != nil { - return round.WrapError(err, round.Parties().IDs()[j]) - } - - for i, v := range vj { - vj[i] = v.EightInvEight() - } - - vjc[j] = vj - - r3msg1 := round.temp.dgRound3Message1s[j].Content().(*DGRound3Message1) - sharej := &vss.Share{ - Threshold: round.NewThreshold(), - ID: round.PartyID().KeyInt(), - Share: new(big.Int).SetBytes(r3msg1.Share), - } - if ok := sharej.Verify(round.Params().EC(), round.NewThreshold(), vj); !ok { - return round.WrapError(errors.New("share from old committee did not pass Verify()"), round.Parties().IDs()[j]) - } - - newXi = new(big.Int).Add(newXi, sharej.Share) - } - - // 9-12. - var err error - Vc := make([]*crypto.ECPoint, round.NewThreshold()+1) - for c := 0; c <= round.NewThreshold(); c++ { - Vc[c] = vjc[0][c] - for j := 1; j <= len(vjc)-1; j++ { - Vc[c], err = Vc[c].Add(vjc[j][c]) - if err != nil { - return round.WrapError(errors.Wrapf(err, "Vc[c].Add(vjc[j][c])")) - } - } - } - - // 13-15. - if !Vc[0].Equals(round.save.EDDSAPub) { - return round.WrapError(errors.New("assertion failed: V_0 != y"), round.PartyID()) - } - - // 16-20. - newKs := make([]*big.Int, 0, round.NewPartyCount()) - newBigXjs := make([]*crypto.ECPoint, round.NewPartyCount()) - culprits := make([]*tss.PartyID, 0, round.NewPartyCount()) // who caused the error(s) - for j := 0; j < round.NewPartyCount(); j++ { - Pj := round.NewParties().IDs()[j] - kj := Pj.KeyInt() - newBigXj := Vc[0] - newKs = append(newKs, kj) - z := new(big.Int).SetInt64(int64(1)) - for c := 1; c <= round.NewThreshold(); c++ { - z = modQ.Mul(z, kj) - newBigXj, err = newBigXj.Add(Vc[c].ScalarMult(z)) - if err != nil { - culprits = append(culprits, Pj) - } - } - newBigXjs[j] = newBigXj - } - if len(culprits) > 0 { - return round.WrapError(errors.Wrapf(err, "newBigXj.Add(Vc[c].ScalarMult(z))"), culprits...) - } - - round.temp.newXi = newXi - round.temp.newKs = newKs - round.temp.newBigXjs = newBigXjs - - // 21. Send an "ACK" message to both committees to signal that we're ready to save our data - r4msg := NewDGRound4Message(round.OldAndNewParties(), Pi) - round.temp.dgRound4Messages[i] = r4msg - round.out <- r4msg - - return nil -} - -func (round *round4) CanAccept(msg tss.ParsedMessage) bool { - if _, ok := msg.Content().(*DGRound4Message); ok { - return msg.IsBroadcast() - } - return false -} - -func (round *round4) Update() (bool, *tss.Error) { - ret := true - // accept messages from new -> old&new committees - for j, msg := range round.temp.dgRound4Messages { - if round.newOK[j] { - continue - } - if msg == nil || !round.CanAccept(msg) { - ret = false - continue - } - round.newOK[j] = true - } - return ret, nil -} - -func (round *round4) NextRound() tss.Round { - round.started = false - return &round5{round} -} diff --git a/eddsa/resharing/round_5_new_step_3.go b/eddsa/resharing/round_5_new_step_3.go deleted file mode 100644 index 69da2c149..000000000 --- a/eddsa/resharing/round_5_new_step_3.go +++ /dev/null @@ -1,50 +0,0 @@ -// Copyright © 2019 Binance -// -// This file is part of Binance. The full Binance copyright notice, including -// terms governing use, modification, and redistribution, is contained in the -// file LICENSE at the root of the source code distribution tree. - -package resharing - -import ( - "errors" - - "github.com/bnb-chain/tss-lib/tss" -) - -func (round *round5) Start() *tss.Error { - if round.started { - return round.WrapError(errors.New("round already started")) - } - round.number = 5 - round.started = true - - round.allOldOK() - round.allNewOK() - - if round.IsNewCommittee() { - // for this P: SAVE data - round.save.BigXj = round.temp.newBigXjs - round.save.ShareID = round.PartyID().KeyInt() - round.save.Xi = round.temp.newXi - round.save.Ks = round.temp.newKs - - } else if round.IsOldCommittee() { - round.input.Xi.SetInt64(0) - } - - round.end <- *round.save - return nil -} - -func (round *round5) CanAccept(msg tss.ParsedMessage) bool { - return false -} - -func (round *round5) Update() (bool, *tss.Error) { - return false, nil -} - -func (round *round5) NextRound() tss.Round { - return nil // both committees are finished! -} diff --git a/eddsa/resharing/rounds.go b/eddsa/resharing/rounds.go deleted file mode 100644 index b33766927..000000000 --- a/eddsa/resharing/rounds.go +++ /dev/null @@ -1,135 +0,0 @@ -// Copyright © 2019 Binance -// -// This file is part of Binance. The full Binance copyright notice, including -// terms governing use, modification, and redistribution, is contained in the -// file LICENSE at the root of the source code distribution tree. - -package resharing - -import ( - "github.com/bnb-chain/tss-lib/eddsa/keygen" - "github.com/bnb-chain/tss-lib/tss" -) - -const ( - TaskName = "eddsa-resharing" -) - -type ( - base struct { - *tss.ReSharingParameters - temp *localTempData - input, save *keygen.LocalPartySaveData - out chan<- tss.Message - end chan<- keygen.LocalPartySaveData - oldOK, // old committee "ok" tracker - newOK []bool // `ok` tracks parties which have been verified by Update(); this one is for the new committee - started bool - number int - } - round1 struct { - *base - } - round2 struct { - *round1 - } - round3 struct { - *round2 - } - round4 struct { - *round3 - } - round5 struct { - *round4 - } -) - -var ( - _ tss.Round = (*round1)(nil) - _ tss.Round = (*round2)(nil) - _ tss.Round = (*round3)(nil) - _ tss.Round = (*round4)(nil) - _ tss.Round = (*round5)(nil) -) - -// ----- // - -func (round *base) Params() *tss.Parameters { - return round.ReSharingParameters.Parameters -} - -func (round *base) ReSharingParams() *tss.ReSharingParameters { - return round.ReSharingParameters -} - -func (round *base) RoundNumber() int { - return round.number -} - -// CanProceed is inherited by other rounds -func (round *base) CanProceed() bool { - if !round.started { - return false - } - for _, ok := range append(round.oldOK, round.newOK...) { - if !ok { - return false - } - } - return true -} - -// WaitingFor is called by a Party for reporting back to the caller -func (round *base) WaitingFor() []*tss.PartyID { - oldPs := round.OldParties().IDs() - newPs := round.NewParties().IDs() - idsMap := make(map[*tss.PartyID]bool) - ids := make([]*tss.PartyID, 0, len(round.oldOK)) - for j, ok := range round.oldOK { - if ok { - continue - } - idsMap[oldPs[j]] = true - } - for j, ok := range round.newOK { - if ok { - continue - } - idsMap[newPs[j]] = true - } - // consolidate into the list - for id := range idsMap { - ids = append(ids, id) - } - return ids -} - -func (round *base) WrapError(err error, culprits ...*tss.PartyID) *tss.Error { - return tss.NewError(err, TaskName, round.number, round.PartyID(), culprits...) -} - -// ----- // - -// `oldOK` tracks parties which have been verified by Update() -func (round *base) resetOK() { - for j := range round.oldOK { - round.oldOK[j] = false - } - for j := range round.newOK { - round.newOK[j] = false - } -} - -// sets all pairings in `oldOK` to true -func (round *base) allOldOK() { - for j := range round.oldOK { - round.oldOK[j] = true - } -} - -// sets all pairings in `newOK` to true -func (round *base) allNewOK() { - for j := range round.newOK { - round.newOK[j] = true - } -} diff --git a/eddsa/signing/eddsa-signing.pb.go b/eddsa/signing/eddsa-signing.pb.go deleted file mode 100644 index 05baac1fb..000000000 --- a/eddsa/signing/eddsa-signing.pb.go +++ /dev/null @@ -1,310 +0,0 @@ -// Copyright © 2019 Binance -// -// This file is part of Binance. The full Binance copyright notice, including -// terms governing use, modification, and redistribution, is contained in the -// file LICENSE at the root of the source code distribution tree. - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.30.0 -// protoc v3.21.12 -// source: protob/eddsa-signing.proto - -package signing - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -// Represents a BROADCAST message sent to all parties during Round 1 of the EDDSA TSS signing protocol. -type SignRound1Message struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Commitment []byte `protobuf:"bytes,1,opt,name=commitment,proto3" json:"commitment,omitempty"` -} - -func (x *SignRound1Message) Reset() { - *x = SignRound1Message{} - if protoimpl.UnsafeEnabled { - mi := &file_protob_eddsa_signing_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *SignRound1Message) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*SignRound1Message) ProtoMessage() {} - -func (x *SignRound1Message) ProtoReflect() protoreflect.Message { - mi := &file_protob_eddsa_signing_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use SignRound1Message.ProtoReflect.Descriptor instead. -func (*SignRound1Message) Descriptor() ([]byte, []int) { - return file_protob_eddsa_signing_proto_rawDescGZIP(), []int{0} -} - -func (x *SignRound1Message) GetCommitment() []byte { - if x != nil { - return x.Commitment - } - return nil -} - -// Represents a BROADCAST message sent to all parties during Round 2 of the EDDSA TSS signing protocol. -type SignRound2Message struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - DeCommitment [][]byte `protobuf:"bytes,1,rep,name=de_commitment,json=deCommitment,proto3" json:"de_commitment,omitempty"` - ProofAlphaX []byte `protobuf:"bytes,2,opt,name=proof_alpha_x,json=proofAlphaX,proto3" json:"proof_alpha_x,omitempty"` - ProofAlphaY []byte `protobuf:"bytes,3,opt,name=proof_alpha_y,json=proofAlphaY,proto3" json:"proof_alpha_y,omitempty"` - ProofT []byte `protobuf:"bytes,4,opt,name=proof_t,json=proofT,proto3" json:"proof_t,omitempty"` -} - -func (x *SignRound2Message) Reset() { - *x = SignRound2Message{} - if protoimpl.UnsafeEnabled { - mi := &file_protob_eddsa_signing_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *SignRound2Message) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*SignRound2Message) ProtoMessage() {} - -func (x *SignRound2Message) ProtoReflect() protoreflect.Message { - mi := &file_protob_eddsa_signing_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use SignRound2Message.ProtoReflect.Descriptor instead. -func (*SignRound2Message) Descriptor() ([]byte, []int) { - return file_protob_eddsa_signing_proto_rawDescGZIP(), []int{1} -} - -func (x *SignRound2Message) GetDeCommitment() [][]byte { - if x != nil { - return x.DeCommitment - } - return nil -} - -func (x *SignRound2Message) GetProofAlphaX() []byte { - if x != nil { - return x.ProofAlphaX - } - return nil -} - -func (x *SignRound2Message) GetProofAlphaY() []byte { - if x != nil { - return x.ProofAlphaY - } - return nil -} - -func (x *SignRound2Message) GetProofT() []byte { - if x != nil { - return x.ProofT - } - return nil -} - -// Represents a BROADCAST message sent to all parties during Round 3 of the EDDSA TSS signing protocol. -type SignRound3Message struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - S []byte `protobuf:"bytes,1,opt,name=s,proto3" json:"s,omitempty"` -} - -func (x *SignRound3Message) Reset() { - *x = SignRound3Message{} - if protoimpl.UnsafeEnabled { - mi := &file_protob_eddsa_signing_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *SignRound3Message) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*SignRound3Message) ProtoMessage() {} - -func (x *SignRound3Message) ProtoReflect() protoreflect.Message { - mi := &file_protob_eddsa_signing_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use SignRound3Message.ProtoReflect.Descriptor instead. -func (*SignRound3Message) Descriptor() ([]byte, []int) { - return file_protob_eddsa_signing_proto_rawDescGZIP(), []int{2} -} - -func (x *SignRound3Message) GetS() []byte { - if x != nil { - return x.S - } - return nil -} - -var File_protob_eddsa_signing_proto protoreflect.FileDescriptor - -var file_protob_eddsa_signing_proto_rawDesc = []byte{ - 0x0a, 0x1a, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x2f, 0x65, 0x64, 0x64, 0x73, 0x61, 0x2d, 0x73, - 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x1c, 0x62, 0x69, - 0x6e, 0x61, 0x6e, 0x63, 0x65, 0x2e, 0x74, 0x73, 0x73, 0x6c, 0x69, 0x62, 0x2e, 0x65, 0x64, 0x64, - 0x73, 0x61, 0x2e, 0x73, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x22, 0x33, 0x0a, 0x11, 0x53, 0x69, - 0x67, 0x6e, 0x52, 0x6f, 0x75, 0x6e, 0x64, 0x31, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x12, - 0x1e, 0x0a, 0x0a, 0x63, 0x6f, 0x6d, 0x6d, 0x69, 0x74, 0x6d, 0x65, 0x6e, 0x74, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x0c, 0x52, 0x0a, 0x63, 0x6f, 0x6d, 0x6d, 0x69, 0x74, 0x6d, 0x65, 0x6e, 0x74, 0x22, - 0x99, 0x01, 0x0a, 0x11, 0x53, 0x69, 0x67, 0x6e, 0x52, 0x6f, 0x75, 0x6e, 0x64, 0x32, 0x4d, 0x65, - 0x73, 0x73, 0x61, 0x67, 0x65, 0x12, 0x23, 0x0a, 0x0d, 0x64, 0x65, 0x5f, 0x63, 0x6f, 0x6d, 0x6d, - 0x69, 0x74, 0x6d, 0x65, 0x6e, 0x74, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0c, 0x52, 0x0c, 0x64, 0x65, - 0x43, 0x6f, 0x6d, 0x6d, 0x69, 0x74, 0x6d, 0x65, 0x6e, 0x74, 0x12, 0x22, 0x0a, 0x0d, 0x70, 0x72, - 0x6f, 0x6f, 0x66, 0x5f, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x5f, 0x78, 0x18, 0x02, 0x20, 0x01, 0x28, - 0x0c, 0x52, 0x0b, 0x70, 0x72, 0x6f, 0x6f, 0x66, 0x41, 0x6c, 0x70, 0x68, 0x61, 0x58, 0x12, 0x22, - 0x0a, 0x0d, 0x70, 0x72, 0x6f, 0x6f, 0x66, 0x5f, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x5f, 0x79, 0x18, - 0x03, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0b, 0x70, 0x72, 0x6f, 0x6f, 0x66, 0x41, 0x6c, 0x70, 0x68, - 0x61, 0x59, 0x12, 0x17, 0x0a, 0x07, 0x70, 0x72, 0x6f, 0x6f, 0x66, 0x5f, 0x74, 0x18, 0x04, 0x20, - 0x01, 0x28, 0x0c, 0x52, 0x06, 0x70, 0x72, 0x6f, 0x6f, 0x66, 0x54, 0x22, 0x21, 0x0a, 0x11, 0x53, - 0x69, 0x67, 0x6e, 0x52, 0x6f, 0x75, 0x6e, 0x64, 0x33, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, - 0x12, 0x0c, 0x0a, 0x01, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x01, 0x73, 0x42, 0x0f, - 0x5a, 0x0d, 0x65, 0x64, 0x64, 0x73, 0x61, 0x2f, 0x73, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x62, - 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, -} - -var ( - file_protob_eddsa_signing_proto_rawDescOnce sync.Once - file_protob_eddsa_signing_proto_rawDescData = file_protob_eddsa_signing_proto_rawDesc -) - -func file_protob_eddsa_signing_proto_rawDescGZIP() []byte { - file_protob_eddsa_signing_proto_rawDescOnce.Do(func() { - file_protob_eddsa_signing_proto_rawDescData = protoimpl.X.CompressGZIP(file_protob_eddsa_signing_proto_rawDescData) - }) - return file_protob_eddsa_signing_proto_rawDescData -} - -var file_protob_eddsa_signing_proto_msgTypes = make([]protoimpl.MessageInfo, 3) -var file_protob_eddsa_signing_proto_goTypes = []interface{}{ - (*SignRound1Message)(nil), // 0: binance.tsslib.eddsa.signing.SignRound1Message - (*SignRound2Message)(nil), // 1: binance.tsslib.eddsa.signing.SignRound2Message - (*SignRound3Message)(nil), // 2: binance.tsslib.eddsa.signing.SignRound3Message -} -var file_protob_eddsa_signing_proto_depIdxs = []int32{ - 0, // [0:0] is the sub-list for method output_type - 0, // [0:0] is the sub-list for method input_type - 0, // [0:0] is the sub-list for extension type_name - 0, // [0:0] is the sub-list for extension extendee - 0, // [0:0] is the sub-list for field type_name -} - -func init() { file_protob_eddsa_signing_proto_init() } -func file_protob_eddsa_signing_proto_init() { - if File_protob_eddsa_signing_proto != nil { - return - } - if !protoimpl.UnsafeEnabled { - file_protob_eddsa_signing_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*SignRound1Message); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_protob_eddsa_signing_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*SignRound2Message); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_protob_eddsa_signing_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*SignRound3Message); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_protob_eddsa_signing_proto_rawDesc, - NumEnums: 0, - NumMessages: 3, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_protob_eddsa_signing_proto_goTypes, - DependencyIndexes: file_protob_eddsa_signing_proto_depIdxs, - MessageInfos: file_protob_eddsa_signing_proto_msgTypes, - }.Build() - File_protob_eddsa_signing_proto = out.File - file_protob_eddsa_signing_proto_rawDesc = nil - file_protob_eddsa_signing_proto_goTypes = nil - file_protob_eddsa_signing_proto_depIdxs = nil -} diff --git a/eddsa/signing/finalize.go b/eddsa/signing/finalize.go deleted file mode 100644 index f865ae28c..000000000 --- a/eddsa/signing/finalize.go +++ /dev/null @@ -1,77 +0,0 @@ -// Copyright © 2019 Binance -// -// This file is part of Binance. The full Binance copyright notice, including -// terms governing use, modification, and redistribution, is contained in the -// file LICENSE at the root of the source code distribution tree. - -package signing - -import ( - "errors" - "fmt" - "math/big" - - "github.com/agl/ed25519/edwards25519" - "github.com/decred/dcrd/dcrec/edwards/v2" - - "github.com/bnb-chain/tss-lib/tss" -) - -func (round *finalization) Start() *tss.Error { - if round.started { - return round.WrapError(errors.New("round already started")) - } - round.number = 4 - round.started = true - round.resetOK() - - sumS := round.temp.si - for j := range round.Parties().IDs() { - round.ok[j] = true - if j == round.PartyID().Index { - continue - } - r3msg := round.temp.signRound3Messages[j].Content().(*SignRound3Message) - sjBytes := bigIntToEncodedBytes(r3msg.UnmarshalS()) - var tmpSumS [32]byte - edwards25519.ScMulAdd(&tmpSumS, sumS, bigIntToEncodedBytes(big.NewInt(1)), sjBytes) - sumS = &tmpSumS - } - s := encodedBytesToBigInt(sumS) - - // save the signature for final output - round.data.Signature = append(bigIntToEncodedBytes(round.temp.r)[:], sumS[:]...) - round.data.R = round.temp.r.Bytes() - round.data.S = s.Bytes() - mBytes := make([]byte, round.temp.fullBytesLen) - round.temp.m.FillBytes(mBytes) - round.data.M = mBytes - - pk := edwards.PublicKey{ - Curve: round.Params().EC(), - X: round.key.EDDSAPub.X(), - Y: round.key.EDDSAPub.Y(), - } - - ok := edwards.Verify(&pk, round.data.M, round.temp.r, s) - if !ok { - return round.WrapError(fmt.Errorf("signature verification failed")) - } - round.end <- *round.data - - return nil -} - -func (round *finalization) CanAccept(msg tss.ParsedMessage) bool { - // not expecting any incoming messages in this round - return false -} - -func (round *finalization) Update() (bool, *tss.Error) { - // not expecting any incoming messages in this round - return false, nil -} - -func (round *finalization) NextRound() tss.Round { - return nil // finished! -} diff --git a/eddsa/signing/local_party.go b/eddsa/signing/local_party.go deleted file mode 100644 index cf06efff0..000000000 --- a/eddsa/signing/local_party.go +++ /dev/null @@ -1,203 +0,0 @@ -// Copyright © 2019 Binance -// -// This file is part of Binance. The full Binance copyright notice, including -// terms governing use, modification, and redistribution, is contained in the -// file LICENSE at the root of the source code distribution tree. - -package signing - -import ( - "errors" - "fmt" - "math/big" - - "github.com/bnb-chain/tss-lib/common" - "github.com/bnb-chain/tss-lib/crypto" - cmt "github.com/bnb-chain/tss-lib/crypto/commitments" - "github.com/bnb-chain/tss-lib/eddsa/keygen" - "github.com/bnb-chain/tss-lib/tss" -) - -// Implements Party -// Implements Stringer -var _ tss.Party = (*LocalParty)(nil) -var _ fmt.Stringer = (*LocalParty)(nil) - -type ( - LocalParty struct { - *tss.BaseParty - params *tss.Parameters - - keys keygen.LocalPartySaveData - temp localTempData - data common.SignatureData - - // outbound messaging - out chan<- tss.Message - end chan<- common.SignatureData - } - - localMessageStore struct { - signRound1Messages, - signRound2Messages, - signRound3Messages []tss.ParsedMessage - } - - localTempData struct { - localMessageStore - - // temp data (thrown away after sign) / round 1 - wi, - m, - ri *big.Int - fullBytesLen int - pointRi *crypto.ECPoint - deCommit cmt.HashDeCommitment - - // round 2 - cjs []*big.Int - si *[32]byte - - // round 3 - r *big.Int - - ssid []byte - ssidNonce *big.Int - } -) - -// NewLocalParty returns a signing party. fullBytesLen fixes the byte width used -// to encode the message for EdDSA lambda hashing and final verification/output -// (preserving leading zero bytes). Every signer in a ceremony must pass the -// same value. It must be positive, no larger than the curve order byte length, -// and at least ceil(msg.BitLen()/8); violating these constraints is a caller -// bug and the constructor panics at the call site rather than later inside a -// protocol goroutine. -func NewLocalParty( - msg *big.Int, - params *tss.Parameters, - key keygen.LocalPartySaveData, - out chan<- tss.Message, - end chan<- common.SignatureData, - fullBytesLen ...int, -) tss.Party { - validatedFullBytesLen := validateFullBytesLen("NewLocalParty", msg, params, fullBytesLen) - - partyCount := len(params.Parties().IDs()) - p := &LocalParty{ - BaseParty: new(tss.BaseParty), - params: params, - keys: keygen.BuildLocalSaveDataSubset(key, params.Parties().IDs()), - temp: localTempData{}, - data: common.SignatureData{}, - out: out, - end: end, - } - // msgs init - p.temp.signRound1Messages = make([]tss.ParsedMessage, partyCount) - p.temp.signRound2Messages = make([]tss.ParsedMessage, partyCount) - p.temp.signRound3Messages = make([]tss.ParsedMessage, partyCount) - - // temp data init - p.temp.m = msg - p.temp.fullBytesLen = validatedFullBytesLen - p.temp.cjs = make([]*big.Int, partyCount) - return p -} - -func validateFullBytesLen(caller string, msg *big.Int, params *tss.Parameters, fullBytesLen []int) int { - if len(fullBytesLen) != 1 { - panic(fmt.Errorf("%s: fullBytesLen is required and must match all signing parties", caller)) - } - length := fullBytesLen[0] - if length <= 0 { - panic(fmt.Errorf("%s: fullBytesLen must be positive, got %d", caller, length)) - } - if msg != nil && msg.BitLen() > 8*length { - panic(fmt.Errorf("%s: fullBytesLen=%d is too small for a %d-bit message (need at least %d bytes)", - caller, length, msg.BitLen(), (msg.BitLen()+7)/8)) - } - if params == nil || params.EC() == nil || params.EC().Params() == nil || params.EC().Params().N == nil { - panic(fmt.Errorf("%s: params with a curve order is required to validate fullBytesLen", caller)) - } - orderBytes := (params.EC().Params().N.BitLen() + 7) / 8 - if length > orderBytes { - panic(fmt.Errorf("%s: fullBytesLen=%d exceeds curve order byte length %d", caller, length, orderBytes)) - } - return length -} - -func (p *LocalParty) FirstRound() tss.Round { - return newRound1(p.params, &p.keys, &p.data, &p.temp, p.out, p.end) -} - -func (p *LocalParty) Start() *tss.Error { - return tss.BaseStart(p, TaskName, func(round tss.Round) *tss.Error { - round1, ok := round.(*round1) - if !ok { - return round.WrapError(errors.New("unable to Start(). party is in an unexpected round")) - } - if err := round1.prepare(); err != nil { - return round.WrapError(err) - } - return nil - }) -} - -func (p *LocalParty) Update(msg tss.ParsedMessage) (ok bool, err *tss.Error) { - return tss.BaseUpdate(p, msg, TaskName) -} - -func (p *LocalParty) UpdateFromBytes(wireBytes []byte, from *tss.PartyID, isBroadcast bool) (bool, *tss.Error) { - msg, err := tss.ParseWireMessage(wireBytes, from, isBroadcast) - if err != nil { - return false, p.WrapError(err) - } - return p.Update(msg) -} - -func (p *LocalParty) ValidateMessage(msg tss.ParsedMessage) (bool, *tss.Error) { - if msg.GetFrom() == nil || !msg.GetFrom().ValidateBasic() { - return false, p.WrapError(fmt.Errorf("received msg with an invalid sender: %s", msg)) - } - // check that the message's "from index" will fit into the array - if maxFromIdx := len(p.params.Parties().IDs()) - 1; maxFromIdx < msg.GetFrom().Index { - return false, p.WrapError(fmt.Errorf("received msg with a sender index too great (%d <= %d)", - maxFromIdx, msg.GetFrom().Index), msg.GetFrom()) - } - return p.BaseParty.ValidateMessage(msg) -} - -func (p *LocalParty) StoreMessage(msg tss.ParsedMessage) (bool, *tss.Error) { - // ValidateBasic is cheap; double-check the message here in case the public StoreMessage was called externally - if ok, err := p.ValidateMessage(msg); !ok || err != nil { - return ok, err - } - fromPIdx := msg.GetFrom().Index - - // switch/case is necessary to store any messages beyond current round - // this does not handle message replays. we expect the caller to apply replay and spoofing protection. - switch msg.Content().(type) { - case *SignRound1Message: - p.temp.signRound1Messages[fromPIdx] = msg - - case *SignRound2Message: - p.temp.signRound2Messages[fromPIdx] = msg - - case *SignRound3Message: - p.temp.signRound3Messages[fromPIdx] = msg - - default: // unrecognised message, just ignore! - common.Logger.Warningf("unrecognised message ignored: %v", msg) - return false, nil - } - return true, nil -} - -func (p *LocalParty) PartyID() *tss.PartyID { - return p.params.PartyID() -} - -func (p *LocalParty) String() string { - return fmt.Sprintf("id: %s, %s", p.PartyID(), p.BaseParty.String()) -} diff --git a/eddsa/signing/local_party_test.go b/eddsa/signing/local_party_test.go deleted file mode 100644 index 8b2757052..000000000 --- a/eddsa/signing/local_party_test.go +++ /dev/null @@ -1,263 +0,0 @@ -// Copyright © 2019 Binance -// -// This file is part of Binance. The full Binance copyright notice, including -// terms governing use, modification, and redistribution, is contained in the -// file LICENSE at the root of the source code distribution tree. - -package signing - -import ( - "encoding/hex" - "fmt" - "math/big" - "strings" - "sync/atomic" - "testing" - - "github.com/agl/ed25519/edwards25519" - "github.com/decred/dcrd/dcrec/edwards/v2" - "github.com/ipfs/go-log" - "github.com/stretchr/testify/assert" - - "github.com/bnb-chain/tss-lib/common" - "github.com/bnb-chain/tss-lib/eddsa/keygen" - "github.com/bnb-chain/tss-lib/test" - "github.com/bnb-chain/tss-lib/tss" -) - -const ( - testParticipants = test.TestParticipants - testThreshold = test.TestThreshold -) - -func setUp(level string) { - if err := log.SetLogLevel("tss-lib", level); err != nil { - panic(err) - } - - // only for test - tss.SetCurve(tss.Edwards()) -} - -func TestE2EConcurrent(t *testing.T) { - setUp("info") - - threshold := testThreshold - - // PHASE: load keygen fixtures - keys, signPIDs, err := keygen.LoadKeygenTestFixturesRandomSet(testThreshold+1, testParticipants) - assert.NoError(t, err, "should load keygen fixtures") - assert.Equal(t, testThreshold+1, len(keys)) - assert.Equal(t, testThreshold+1, len(signPIDs)) - - // PHASE: signing - - p2pCtx := tss.NewPeerContext(signPIDs) - parties := make([]*LocalParty, 0, len(signPIDs)) - - errCh := make(chan *tss.Error, len(signPIDs)) - outCh := make(chan tss.Message, len(signPIDs)) - endCh := make(chan common.SignatureData, len(signPIDs)) - - updater := test.SharedPartyUpdater - - msgData, err := hex.DecodeString("00f163ee51bcaeff9cdff5e0e3c1a646abd19885fffbab0b3b4236e0cf95c9f5") - assert.NoError(t, err) - msg := new(big.Int).SetBytes(msgData) - // init the parties - ceremonyNonce := big.NewInt(1) - for i := 0; i < len(signPIDs); i++ { - params := tss.NewParameters(tss.Edwards(), p2pCtx, signPIDs[i], len(signPIDs), threshold) - params.SetSessionNonce(ceremonyNonce) - - P := NewLocalParty(msg, params, keys[i], outCh, endCh, len(msgData)).(*LocalParty) - parties = append(parties, P) - go func(P *LocalParty) { - if err := P.Start(); err != nil { - errCh <- err - } - }(P) - } - - var ended int32 -signing: - for { - select { - case err := <-errCh: - common.Logger.Errorf("Error: %s", err) - assert.FailNow(t, err.Error()) - break signing - - case msg := <-outCh: - dest := msg.GetTo() - if dest == nil { - for _, P := range parties { - if P.PartyID().Index == msg.GetFrom().Index { - continue - } - go updater(P, msg, errCh) - } - } else { - if dest[0].Index == msg.GetFrom().Index { - t.Fatalf("party %d tried to send a message to itself (%d)", dest[0].Index, msg.GetFrom().Index) - } - go updater(parties[dest[0].Index], msg, errCh) - } - - case <-endCh: - atomic.AddInt32(&ended, 1) - if atomic.LoadInt32(&ended) == int32(len(signPIDs)) { - t.Logf("Done. Received signature data from %d participants", ended) - R := parties[0].temp.r - - // BEGIN check s correctness - sumS := parties[0].temp.si - for i, p := range parties { - if i == 0 { - continue - } - - var tmpSumS [32]byte - edwards25519.ScMulAdd(&tmpSumS, sumS, bigIntToEncodedBytes(big.NewInt(1)), p.temp.si) - sumS = &tmpSumS - } - fmt.Printf("S: %s\n", encodedBytesToBigInt(sumS).String()) - fmt.Printf("R: %s\n", R.String()) - // END check s correctness - - // BEGIN EDDSA verify - pkX, pkY := keys[0].EDDSAPub.X(), keys[0].EDDSAPub.Y() - pk := edwards.PublicKey{ - Curve: tss.Edwards(), - X: pkX, - Y: pkY, - } - - newSig, err := edwards.ParseSignature(parties[0].data.Signature) - if err != nil { - println("new sig error, ", err.Error()) - } - - ok := edwards.Verify(&pk, msgData, newSig.R, newSig.S) - assert.True(t, ok, "eddsa verify must pass") - assert.Equal(t, msgData, parties[0].data.M) - t.Log("EDDSA signing test done.") - // END EDDSA verify - - break signing - } - } - } -} - -// TestSigning_Start_RequiresSessionNonce pins that signing fails closed -// when no SessionNonce is set. Previously the round-1 code fell back to -// SHA512_256(messageBytes), making two concurrent ceremonies on the same -// canonical message reuse the same SSID and enabling Fiat-Shamir -// transcript splicing across runs. The fix removes the fallback and -// requires the caller to provide a per-ceremony nonce. -func TestSigning_Start_RequiresSessionNonce(t *testing.T) { - setUp("info") - keys, signPIDs, err := keygen.LoadKeygenTestFixturesRandomSet(testThreshold+1, testParticipants) - assert.NoError(t, err, "should load keygen fixtures") - - p2pCtx := tss.NewPeerContext(signPIDs) - outCh := make(chan tss.Message, len(signPIDs)) - endCh := make(chan common.SignatureData, len(signPIDs)) - - params := tss.NewParameters(tss.Edwards(), p2pCtx, signPIDs[0], len(signPIDs), testThreshold) - // Deliberately do NOT call params.SetSessionNonce — Start must fail closed. - - P := NewLocalParty(big.NewInt(42), params, keys[0], outCh, endCh, 32).(*LocalParty) - tssErr := P.Start() - if tssErr == nil { - t.Fatal("Start must return an error without SessionNonce") - } - if !strings.Contains(tssErr.Error(), "SetSessionNonce") { - t.Fatalf("error must reference SetSessionNonce, got: %v", tssErr) - } -} - -// TestNewLocalParty_FullBytesLen_NonPositive pins constructor-side validation -// for fullBytesLen. Previously, a negative fullBytesLen propagated to the -// round-1/round-3 code path where `make([]byte, fullBytesLen)` panicked -// inside a protocol goroutine, bypassing tss.Error reporting. The -// constructor now panics synchronously at the caller's call site. -func TestNewLocalParty_FullBytesLen_NonPositive(t *testing.T) { - msg := big.NewInt(1) - for _, length := range []int{-1, 0} { - func() { - defer func() { - r := recover() - if r == nil { - t.Fatalf("expected panic for fullBytesLen=%d", length) - } - err, ok := r.(error) - if !ok { - t.Fatalf("panic value must be an error, got %T: %v", r, r) - } - if !strings.Contains(err.Error(), "fullBytesLen must be positive") { - t.Fatalf("unexpected panic message: %v", err) - } - }() - _ = NewLocalParty(msg, nil, keygen.LocalPartySaveData{}, nil, nil, length) - }() - } -} - -// TestNewLocalParty_FullBytesLen_TooSmall pins that a fullBytesLen smaller -// than the message's byte width is rejected at the constructor rather than -// later inside (*big.Int).FillBytes (which would panic inside a goroutine). -func TestNewLocalParty_FullBytesLen_TooSmall(t *testing.T) { - msg := big.NewInt(0xABCD) // 16-bit, needs at least 2 bytes - defer func() { - r := recover() - if r == nil { - t.Fatal("expected panic for fullBytesLen smaller than msg byte width") - } - err, ok := r.(error) - if !ok { - t.Fatalf("panic value must be an error, got %T: %v", r, r) - } - if !strings.Contains(err.Error(), "fullBytesLen=1 is too small") { - t.Fatalf("unexpected panic message: %v", err) - } - }() - _ = NewLocalParty(msg, nil, keygen.LocalPartySaveData{}, nil, nil, 1) -} - -func TestNewLocalParty_FullBytesLen_Required(t *testing.T) { - defer func() { - r := recover() - if r == nil { - t.Fatal("expected panic when fullBytesLen is omitted") - } - err, ok := r.(error) - if !ok { - t.Fatalf("panic value must be an error, got %T: %v", r, r) - } - if !strings.Contains(err.Error(), "fullBytesLen is required") { - t.Fatalf("unexpected panic message: %v", err) - } - }() - _ = NewLocalParty(big.NewInt(42), nil, keygen.LocalPartySaveData{}, nil, nil) -} - -func TestNewLocalParty_FullBytesLen_TooWide(t *testing.T) { - pIDs := tss.GenerateTestPartyIDs(1) - params := tss.NewParameters(tss.Edwards(), tss.NewPeerContext(pIDs), pIDs[0], 1, 0) - defer func() { - r := recover() - if r == nil { - t.Fatal("expected panic for fullBytesLen wider than the curve order") - } - err, ok := r.(error) - if !ok { - t.Fatalf("panic value must be an error, got %T: %v", r, r) - } - if !strings.Contains(err.Error(), "exceeds curve order byte length") { - t.Fatalf("unexpected panic message: %v", err) - } - }() - _ = NewLocalParty(big.NewInt(1), params, keygen.LocalPartySaveData{}, nil, nil, 33) -} diff --git a/eddsa/signing/messages.go b/eddsa/signing/messages.go deleted file mode 100644 index dcfbf734e..000000000 --- a/eddsa/signing/messages.go +++ /dev/null @@ -1,131 +0,0 @@ -// Copyright © 2019 Binance -// -// This file is part of Binance. The full Binance copyright notice, including -// terms governing use, modification, and redistribution, is contained in the -// file LICENSE at the root of the source code distribution tree. - -package signing - -import ( - "crypto/elliptic" - "math/big" - - "github.com/bnb-chain/tss-lib/common" - "github.com/bnb-chain/tss-lib/crypto" - cmt "github.com/bnb-chain/tss-lib/crypto/commitments" - "github.com/bnb-chain/tss-lib/crypto/schnorr" - "github.com/bnb-chain/tss-lib/tss" -) - -// These messages were generated from Protocol Buffers definitions into eddsa-signing.pb.go -// The following messages are registered on the Protocol Buffers "wire" - -var ( - // Ensure that signing messages implement ValidateBasic - _ = []tss.MessageContent{ - (*SignRound1Message)(nil), - (*SignRound2Message)(nil), - (*SignRound3Message)(nil), - } -) - -// ----- // - -func NewSignRound1Message( - from *tss.PartyID, - commitment cmt.HashCommitment, -) tss.ParsedMessage { - meta := tss.MessageRouting{ - From: from, - IsBroadcast: true, - } - content := &SignRound1Message{ - Commitment: commitment.Bytes(), - } - msg := tss.NewMessageWrapper(meta, content) - return tss.NewMessage(meta, content, msg) -} - -func (m *SignRound1Message) ValidateBasic() bool { - return m.Commitment != nil && - common.NonEmptyBytes(m.GetCommitment()) -} - -func (m *SignRound1Message) UnmarshalCommitment() *big.Int { - return new(big.Int).SetBytes(m.GetCommitment()) -} - -// ----- // - -func NewSignRound2Message( - from *tss.PartyID, - deCommitment cmt.HashDeCommitment, - proof *schnorr.ZKProof, -) tss.ParsedMessage { - meta := tss.MessageRouting{ - From: from, - IsBroadcast: true, - } - dcBzs := common.BigIntsToBytes(deCommitment) - content := &SignRound2Message{ - DeCommitment: dcBzs, - ProofAlphaX: proof.Alpha.X().Bytes(), - ProofAlphaY: proof.Alpha.Y().Bytes(), - ProofT: proof.T.Bytes(), - } - msg := tss.NewMessageWrapper(meta, content) - return tss.NewMessage(meta, content, msg) -} - -func (m *SignRound2Message) ValidateBasic() bool { - return m != nil && - common.NonEmptyMultiBytes(m.DeCommitment, 3) && - common.NonEmptyBytes(m.ProofAlphaX) && - common.NonEmptyBytes(m.ProofAlphaY) && - common.NonEmptyBytes(m.ProofT) -} - -func (m *SignRound2Message) UnmarshalDeCommitment() []*big.Int { - deComBzs := m.GetDeCommitment() - return cmt.NewHashDeCommitmentFromBytes(deComBzs) -} - -func (m *SignRound2Message) UnmarshalZKProof(ec elliptic.Curve) (*schnorr.ZKProof, error) { - point, err := crypto.NewECPoint( - ec, - new(big.Int).SetBytes(m.GetProofAlphaX()), - new(big.Int).SetBytes(m.GetProofAlphaY())) - if err != nil { - return nil, err - } - return &schnorr.ZKProof{ - Alpha: point, - T: new(big.Int).SetBytes(m.GetProofT()), - }, nil -} - -// ----- // - -func NewSignRound3Message( - from *tss.PartyID, - si *big.Int, -) tss.ParsedMessage { - meta := tss.MessageRouting{ - From: from, - IsBroadcast: true, - } - content := &SignRound3Message{ - S: si.Bytes(), - } - msg := tss.NewMessageWrapper(meta, content) - return tss.NewMessage(meta, content, msg) -} - -func (m *SignRound3Message) ValidateBasic() bool { - return m != nil && - common.NonEmptyBytes(m.S) -} - -func (m *SignRound3Message) UnmarshalS() *big.Int { - return new(big.Int).SetBytes(m.S) -} diff --git a/eddsa/signing/prepare.go b/eddsa/signing/prepare.go deleted file mode 100644 index 1838b9253..000000000 --- a/eddsa/signing/prepare.go +++ /dev/null @@ -1,44 +0,0 @@ -// Copyright © 2019 Binance -// -// This file is part of Binance. The full Binance copyright notice, including -// terms governing use, modification, and redistribution, is contained in the -// file LICENSE at the root of the source code distribution tree. - -package signing - -import ( - "crypto/elliptic" - "fmt" - "math/big" - - "github.com/bnb-chain/tss-lib/common" -) - -// PrepareForSigning(), Fig. 7 -func PrepareForSigning(ec elliptic.Curve, i, pax int, xi *big.Int, ks []*big.Int) (wi *big.Int) { - modQ := common.ModInt(ec.Params().N) - if len(ks) != pax { - panic(fmt.Errorf("PrepareForSigning: len(ks) != pax (%d != %d)", len(ks), pax)) - } - if len(ks) <= i { - panic(fmt.Errorf("PrepareForSigning: len(ks) <= i (%d <= %d)", len(ks), i)) - } - - // 1-4. - wi = xi - for j := 0; j < pax; j++ { - if j == i { - continue - } - ksj := ks[j] - ksi := ks[i] - if ksj.Cmp(ksi) == 0 { - panic(fmt.Errorf("index of two parties are equal")) - } - // big.Int Div is calculated as: a/b = a * modInv(b,q) - coef := modQ.Mul(ks[j], modQ.ModInverse(new(big.Int).Sub(ksj, ksi))) - wi = modQ.Mul(wi, coef) - } - - return -} diff --git a/eddsa/signing/round_1.go b/eddsa/signing/round_1.go deleted file mode 100644 index 5df6c3397..000000000 --- a/eddsa/signing/round_1.go +++ /dev/null @@ -1,118 +0,0 @@ -// Copyright © 2019 Binance -// -// This file is part of Binance. The full Binance copyright notice, including -// terms governing use, modification, and redistribution, is contained in the -// file LICENSE at the root of the source code distribution tree. - -package signing - -import ( - "errors" - "fmt" - "math/big" - - "github.com/bnb-chain/tss-lib/common" - "github.com/bnb-chain/tss-lib/crypto" - "github.com/bnb-chain/tss-lib/crypto/commitments" - "github.com/bnb-chain/tss-lib/eddsa/keygen" - "github.com/bnb-chain/tss-lib/tss" -) - -// round 1 represents round 1 of the signing part of the EDDSA TSS spec -func newRound1(params *tss.Parameters, key *keygen.LocalPartySaveData, data *common.SignatureData, temp *localTempData, out chan<- tss.Message, end chan<- common.SignatureData) tss.Round { - return &round1{ - &base{params, key, data, temp, out, end, make([]bool, len(params.Parties().IDs())), false, 1}} -} - -func (round *round1) Start() *tss.Error { - if round.started { - return round.WrapError(errors.New("round already started")) - } - - round.number = 1 - round.started = true - round.resetOK() - - // Signing fails closed if no SessionNonce is set. The previous fallback - // (SHA512_256 of the message) made two concurrent ceremonies on the same - // canonical message reuse the same SSID, which would have enabled - // Fiat-Shamir transcript splicing across the runs. The caller must now - // supply a per-ceremony nonce via tss.Parameters.SetSessionNonce. - nonce := round.Params().SessionNonce() - if nonce == nil || nonce.Sign() <= 0 { - return round.WrapError(errors.New("signing requires tss.Parameters.SetSessionNonce() before Start")) - } - round.temp.ssidNonce = new(big.Int).Set(nonce) - ssid, err := round.getSSID() - if err != nil { - return round.WrapError(err) - } - round.temp.ssid = ssid - - // 1. select ri - ri := common.GetRandomPositiveInt(round.Params().EC().Params().N) - - // 2. make commitment - pointRi := crypto.ScalarBaseMult(round.Params().EC(), ri) - cmt := commitments.NewHashCommitment(pointRi.X(), pointRi.Y()) - - // 3. store r1 message pieces - round.temp.ri = ri - round.temp.pointRi = pointRi - round.temp.deCommit = cmt.D - - i := round.PartyID().Index - round.ok[i] = true - - // 4. broadcast commitment - r1msg2 := NewSignRound1Message(round.PartyID(), cmt.C) - round.temp.signRound1Messages[i] = r1msg2 - round.out <- r1msg2 - - return nil -} - -func (round *round1) Update() (bool, *tss.Error) { - ret := true - for j, msg := range round.temp.signRound1Messages { - if round.ok[j] { - continue - } - if msg == nil || !round.CanAccept(msg) { - ret = false - continue - } - round.ok[j] = true - } - return ret, nil -} - -func (round *round1) CanAccept(msg tss.ParsedMessage) bool { - if _, ok := msg.Content().(*SignRound1Message); ok { - return msg.IsBroadcast() - } - return false -} - -func (round *round1) NextRound() tss.Round { - round.started = false - return &round2{round} -} - -// ----- // - -// helper to call into PrepareForSigning() -func (round *round1) prepare() error { - i := round.PartyID().Index - - xi := round.key.Xi - ks := round.key.Ks - - if round.Threshold()+1 > len(ks) { - return fmt.Errorf("t+1=%d is not satisfied by the key count of %d", round.Threshold()+1, len(ks)) - } - wi := PrepareForSigning(round.Params().EC(), i, len(ks), xi, ks) - - round.temp.wi = wi - return nil -} diff --git a/eddsa/signing/round_2.go b/eddsa/signing/round_2.go deleted file mode 100644 index ea8c6bd11..000000000 --- a/eddsa/signing/round_2.go +++ /dev/null @@ -1,75 +0,0 @@ -// Copyright © 2019 Binance -// -// This file is part of Binance. The full Binance copyright notice, including -// terms governing use, modification, and redistribution, is contained in the -// file LICENSE at the root of the source code distribution tree. - -package signing - -import ( - "errors" - - errors2 "github.com/pkg/errors" - - "github.com/bnb-chain/tss-lib/common" - "github.com/bnb-chain/tss-lib/crypto/schnorr" - "github.com/bnb-chain/tss-lib/tss" -) - -func (round *round2) Start() *tss.Error { - if round.started { - return round.WrapError(errors.New("round already started")) - } - round.number = 2 - round.started = true - round.resetOK() - - i := round.PartyID().Index - - // 1. store r1 message pieces - for j, msg := range round.temp.signRound1Messages { - r1msg := msg.Content().(*SignRound1Message) - round.temp.cjs[j] = r1msg.UnmarshalCommitment() - } - - // 2. compute Schnorr prove - contextI := common.AppendUint64ToBytesSlice(round.temp.ssid, uint64(i)) - pir, err := schnorr.NewZKProofWithSession(contextI, round.temp.ri, round.temp.pointRi) - if err != nil { - return round.WrapError(errors2.Wrapf(err, "NewZKProof(ri, pointRi)")) - } - - // 3. BROADCAST de-commitments of Shamir poly*G and Schnorr prove - r2msg2 := NewSignRound2Message(round.PartyID(), round.temp.deCommit, pir) - round.temp.signRound2Messages[i] = r2msg2 - round.out <- r2msg2 - - return nil -} - -func (round *round2) CanAccept(msg tss.ParsedMessage) bool { - if _, ok := msg.Content().(*SignRound2Message); ok { - return msg.IsBroadcast() - } - return false -} - -func (round *round2) Update() (bool, *tss.Error) { - ret := true - for j, msg := range round.temp.signRound2Messages { - if round.ok[j] { - continue - } - if msg == nil || !round.CanAccept(msg) { - ret = false - continue - } - round.ok[j] = true - } - return ret, nil -} - -func (round *round2) NextRound() tss.Round { - round.started = false - return &round3{round} -} diff --git a/eddsa/signing/round_3.go b/eddsa/signing/round_3.go deleted file mode 100644 index a5d7d3e39..000000000 --- a/eddsa/signing/round_3.go +++ /dev/null @@ -1,132 +0,0 @@ -// Copyright © 2019 Binance -// -// This file is part of Binance. The full Binance copyright notice, including -// terms governing use, modification, and redistribution, is contained in the -// file LICENSE at the root of the source code distribution tree. - -package signing - -import ( - "crypto/sha512" - - "github.com/agl/ed25519/edwards25519" - "github.com/pkg/errors" - - "github.com/bnb-chain/tss-lib/common" - "github.com/bnb-chain/tss-lib/crypto" - "github.com/bnb-chain/tss-lib/crypto/commitments" - "github.com/bnb-chain/tss-lib/tss" -) - -func (round *round3) Start() *tss.Error { - if round.started { - return round.WrapError(errors.New("round already started")) - } - - round.number = 3 - round.started = true - round.resetOK() - - // 1. init R - var R edwards25519.ExtendedGroupElement - riBytes := bigIntToEncodedBytes(round.temp.ri) - edwards25519.GeScalarMultBase(&R, riBytes) - - // 2-6. compute R - i := round.PartyID().Index - for j, Pj := range round.Parties().IDs() { - if j == i { - continue - } - - contextJ := common.AppendUint64ToBytesSlice(round.temp.ssid, uint64(j)) - msg := round.temp.signRound2Messages[j] - r2msg := msg.Content().(*SignRound2Message) - cmtDeCmt := commitments.HashCommitDecommit{C: round.temp.cjs[j], D: r2msg.UnmarshalDeCommitment()} - ok, coordinates := cmtDeCmt.DeCommit() - if !ok { - return round.WrapError(errors.New("de-commitment verify failed")) - } - if len(coordinates) != 2 { - return round.WrapError(errors.New("length of de-commitment should be 2")) - } - - Rj, err := crypto.NewECPoint(round.Params().EC(), coordinates[0], coordinates[1]) - if err != nil { - return round.WrapError(errors.Wrapf(err, "NewECPoint(Rj)"), Pj) - } - Rj = Rj.EightInvEight() - proof, err := r2msg.UnmarshalZKProof(round.Params().EC()) - if err != nil { - return round.WrapError(errors.New("failed to unmarshal Rj proof"), Pj) - } - ok = proof.VerifyWithSession(contextJ, Rj) - if !ok { - return round.WrapError(errors.New("failed to prove Rj"), Pj) - } - - extendedRj := ecPointToExtendedElement(round.Params().EC(), Rj.X(), Rj.Y()) - R = addExtendedElements(R, extendedRj) - } - - // 7. compute lambda - var encodedR [32]byte - R.ToBytes(&encodedR) - encodedPubKey := ecPointToEncodedBytes(round.key.EDDSAPub.X(), round.key.EDDSAPub.Y()) - - // h = hash512(k || A || M) - h := sha512.New() - h.Reset() - h.Write(encodedR[:]) - h.Write(encodedPubKey[:]) - mBytes := make([]byte, round.temp.fullBytesLen) - round.temp.m.FillBytes(mBytes) - h.Write(mBytes) - - var lambda [64]byte - h.Sum(lambda[:0]) - var lambdaReduced [32]byte - edwards25519.ScReduce(&lambdaReduced, &lambda) - - // 8. compute si - var localS [32]byte - edwards25519.ScMulAdd(&localS, &lambdaReduced, bigIntToEncodedBytes(round.temp.wi), riBytes) - - // 9. store r3 message pieces - round.temp.si = &localS - round.temp.r = encodedBytesToBigInt(&encodedR) - - // 10. broadcast si to other parties - r3msg := NewSignRound3Message(round.PartyID(), encodedBytesToBigInt(&localS)) - round.temp.signRound3Messages[round.PartyID().Index] = r3msg - round.out <- r3msg - - return nil -} - -func (round *round3) Update() (bool, *tss.Error) { - ret := true - for j, msg := range round.temp.signRound3Messages { - if round.ok[j] { - continue - } - if msg == nil || !round.CanAccept(msg) { - ret = false - continue - } - round.ok[j] = true - } - return ret, nil -} - -func (round *round3) CanAccept(msg tss.ParsedMessage) bool { - if _, ok := msg.Content().(*SignRound3Message); ok { - return msg.IsBroadcast() - } - return false -} - -func (round *round3) NextRound() tss.Round { - round.started = false - return &finalization{round} -} diff --git a/eddsa/signing/rounds.go b/eddsa/signing/rounds.go deleted file mode 100644 index 5917ff10a..000000000 --- a/eddsa/signing/rounds.go +++ /dev/null @@ -1,116 +0,0 @@ -// Copyright © 2019 Binance -// -// This file is part of Binance. The full Binance copyright notice, including -// terms governing use, modification, and redistribution, is contained in the -// file LICENSE at the root of the source code distribution tree. - -package signing - -import ( - "errors" - "math/big" - - "github.com/bnb-chain/tss-lib/common" - "github.com/bnb-chain/tss-lib/crypto" - "github.com/bnb-chain/tss-lib/eddsa/keygen" - "github.com/bnb-chain/tss-lib/tss" -) - -const ( - TaskName = "eddsa-signing" -) - -type ( - base struct { - *tss.Parameters - key *keygen.LocalPartySaveData - data *common.SignatureData - temp *localTempData - out chan<- tss.Message - end chan<- common.SignatureData - ok []bool // `ok` tracks parties which have been verified by Update() - started bool - number int - } - round1 struct { - *base - } - round2 struct { - *round1 - } - round3 struct { - *round2 - } - finalization struct { - *round3 - } -) - -var ( - _ tss.Round = (*round1)(nil) - _ tss.Round = (*round2)(nil) - _ tss.Round = (*round3)(nil) - _ tss.Round = (*finalization)(nil) -) - -// ----- // - -func (round *base) Params() *tss.Parameters { - return round.Parameters -} - -func (round *base) RoundNumber() int { - return round.number -} - -// CanProceed is inherited by other rounds -func (round *base) CanProceed() bool { - if !round.started { - return false - } - for _, ok := range round.ok { - if !ok { - return false - } - } - return true -} - -// WaitingFor is called by a Party for reporting back to the caller -func (round *base) WaitingFor() []*tss.PartyID { - Ps := round.Parties().IDs() - ids := make([]*tss.PartyID, 0, len(round.ok)) - for j, ok := range round.ok { - if ok { - continue - } - ids = append(ids, Ps[j]) - } - return ids -} - -func (round *base) WrapError(err error, culprits ...*tss.PartyID) *tss.Error { - return tss.NewError(err, TaskName, round.number, round.PartyID(), culprits...) -} - -// ----- // - -// `ok` tracks parties which have been verified by Update() -func (round *base) resetOK() { - for j := range round.ok { - round.ok[j] = false - } -} - -func (round *base) getSSID() ([]byte, error) { - ssidList := []*big.Int{round.Params().EC().Params().P, round.Params().EC().Params().N, round.Params().EC().Params().Gx, round.Params().EC().Params().Gy} - ssidList = append(ssidList, round.Parties().IDs().Keys()...) - bigXjList, err := crypto.FlattenECPoints(round.key.BigXj) - if err != nil { - return nil, errors.New("read BigXj failed") - } - ssidList = append(ssidList, bigXjList...) - ssidList = append(ssidList, big.NewInt(int64(round.number))) - ssidList = append(ssidList, round.temp.ssidNonce) - return common.SHA512_256i(ssidList...).FillBytes(make([]byte, 32)), nil -} diff --git a/eddsa/signing/utils.go b/eddsa/signing/utils.go deleted file mode 100644 index ebd775695..000000000 --- a/eddsa/signing/utils.go +++ /dev/null @@ -1,128 +0,0 @@ -// Copyright © 2019 Binance -// -// This file is part of Binance. The full Binance copyright notice, including -// terms governing use, modification, and redistribution, is contained in the -// file LICENSE at the root of the source code distribution tree. - -package signing - -import ( - "crypto/elliptic" - "math/big" - - "github.com/agl/ed25519/edwards25519" - - "github.com/bnb-chain/tss-lib/common" -) - -func encodedBytesToBigInt(s *[32]byte) *big.Int { - // Use a copy so we don't screw up our original - // memory. - sCopy := new([32]byte) - for i := 0; i < 32; i++ { - sCopy[i] = s[i] - } - reverse(sCopy) - - bi := new(big.Int).SetBytes(sCopy[:]) - - return bi -} - -func bigIntToEncodedBytes(a *big.Int) *[32]byte { - s := new([32]byte) - if a == nil { - return s - } - - // Caveat: a can be longer than 32 bytes. - s = copyBytes(a.Bytes()) - - // Reverse the byte string --> little endian after - // encoding. - reverse(s) - - return s -} - -func copyBytes(aB []byte) *[32]byte { - if aB == nil { - return nil - } - s := new([32]byte) - - // If we have a short byte string, expand - // it so that it's long enough. - aBLen := len(aB) - if aBLen < 32 { - diff := 32 - aBLen - for i := 0; i < diff; i++ { - aB = append([]byte{0x00}, aB...) - } - } - - for i := 0; i < 32; i++ { - s[i] = aB[i] - } - - return s -} - -func ecPointToEncodedBytes(x *big.Int, y *big.Int) *[32]byte { - s := bigIntToEncodedBytes(y) - xB := bigIntToEncodedBytes(x) - xFE := new(edwards25519.FieldElement) - edwards25519.FeFromBytes(xFE, xB) - isNegative := edwards25519.FeIsNegative(xFE) == 1 - - if isNegative { - s[31] |= (1 << 7) - } else { - s[31] &^= (1 << 7) - } - - return s -} - -func reverse(s *[32]byte) { - for i, j := 0, len(s)-1; i < j; i, j = i+1, j-1 { - s[i], s[j] = s[j], s[i] - } -} - -func addExtendedElements(p, q edwards25519.ExtendedGroupElement) edwards25519.ExtendedGroupElement { - var r edwards25519.CompletedGroupElement - var qCached edwards25519.CachedGroupElement - q.ToCached(&qCached) - edwards25519.GeAdd(&r, &p, &qCached) - var result edwards25519.ExtendedGroupElement - r.ToExtended(&result) - return result -} - -func ecPointToExtendedElement(ec elliptic.Curve, x *big.Int, y *big.Int) edwards25519.ExtendedGroupElement { - encodedXBytes := bigIntToEncodedBytes(x) - encodedYBytes := bigIntToEncodedBytes(y) - - z := common.GetRandomPositiveInt(ec.Params().N) - encodedZBytes := bigIntToEncodedBytes(z) - - var fx, fy, fxy edwards25519.FieldElement - edwards25519.FeFromBytes(&fx, encodedXBytes) - edwards25519.FeFromBytes(&fy, encodedYBytes) - - var X, Y, Z, T edwards25519.FieldElement - edwards25519.FeFromBytes(&Z, encodedZBytes) - - edwards25519.FeMul(&X, &fx, &Z) - edwards25519.FeMul(&Y, &fy, &Z) - edwards25519.FeMul(&fxy, &fx, &fy) - edwards25519.FeMul(&T, &fxy, &Z) - - return edwards25519.ExtendedGroupElement{ - X: X, - Y: Y, - Z: Z, - T: T, - } -} diff --git a/go.mod b/go.mod index c5d5426f8..5030f3f5e 100644 --- a/go.mod +++ b/go.mod @@ -3,11 +3,9 @@ module github.com/bnb-chain/tss-lib go 1.16 require ( - github.com/agl/ed25519 v0.0.0-20170116200512-5312a6153412 github.com/btcsuite/btcd v0.0.0-20190629003639-c26ffa870fd8 github.com/btcsuite/btcutil v0.0.0-20190425235716-9e5f4b9a998d github.com/davecgh/go-spew v1.1.1 // indirect - github.com/decred/dcrd/dcrec/edwards/v2 v2.0.0 github.com/hashicorp/go-multierror v1.0.0 github.com/ipfs/go-log v0.0.1 github.com/mattn/go-colorable v0.1.2 // indirect @@ -20,5 +18,3 @@ require ( golang.org/x/sys v0.0.0-20190712062909-fae7ac547cb7 // indirect google.golang.org/protobuf v1.27.1 ) - -replace github.com/agl/ed25519 => github.com/binance-chain/edwards25519 v0.0.0-20200305024217-f36fc4b53d43 diff --git a/go.sum b/go.sum index ab3fee3c8..f999801b2 100644 --- a/go.sum +++ b/go.sum @@ -1,8 +1,6 @@ bou.ke/monkey v1.0.1 h1:zEMLInw9xvNakzUUPjfS4Ds6jYPqCFx3m7bRmG5NH2U= bou.ke/monkey v1.0.1/go.mod h1:FgHuK96Rv2Nlf+0u1OOVDpCMdsWyOFmeeketDHE7LIg= github.com/aead/siphash v1.0.1/go.mod h1:Nywa3cDsYNNK3gaciGTWPwHt0wlpNV15vwmswBAUSII= -github.com/binance-chain/edwards25519 v0.0.0-20200305024217-f36fc4b53d43 h1:Vkf7rtHx8uHx8gDfkQaCdVfc+gfrF9v6sR6xJy7RXNg= -github.com/binance-chain/edwards25519 v0.0.0-20200305024217-f36fc4b53d43/go.mod h1:TnVqVdGEK8b6erOMkcyYGWzCQMw7HEMCOw3BgFYCFWs= github.com/btcsuite/btcd v0.0.0-20190629003639-c26ffa870fd8 h1:mOg8/RgDSHTQ1R0IR+LMDuW4TDShPv+JzYHuR4GLoNA= github.com/btcsuite/btcd v0.0.0-20190629003639-c26ffa870fd8/go.mod h1:3J08xEfcugPacsc34/LKRU2yO7YmuT8yt28J8k2+rrI= github.com/btcsuite/btclog v0.0.0-20170628155309-84c8d2346e9f/go.mod h1:TdznJufoqS23FtqVCzL0ZqgP5MqXbb4fg/WgDys70nA= @@ -17,8 +15,6 @@ github.com/davecgh/go-spew v0.0.0-20171005155431-ecdeabc65495/go.mod h1:J7Y8YcW2 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/decred/dcrd/dcrec/edwards/v2 v2.0.0 h1:E5KszxGgpjpmW8vN811G6rBAZg0/S/DftdGqN4FW5x4= -github.com/decred/dcrd/dcrec/edwards/v2 v2.0.0/go.mod h1:d0H8xGMWbiIQP7gN3v2rByWUcuZPm9YsgmnfoxgbINc= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/gogo/protobuf v1.2.1 h1:/s5zKNz0uPFCZ5hddgPdo2TK2TVrUNMn0OOX8/aZMTE= github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4= diff --git a/protob/ecdsa-resharing.proto b/protob/ecdsa-resharing.proto deleted file mode 100644 index 9ec4fd243..000000000 --- a/protob/ecdsa-resharing.proto +++ /dev/null @@ -1,102 +0,0 @@ -// Copyright © 2019 Binance -// -// This file is part of Binance. The full Binance copyright notice, including -// terms governing use, modification, and redistribution, is contained in the -// file LICENSE at the root of the source code distribution tree. - -syntax = "proto3"; -package binance.tsslib.ecdsa.resharing; -option go_package = "ecdsa/resharing"; - -/* - * The Round 1 data is broadcast to peers of the New Committee in this message. - * Each old-committee party broadcasts the locally-derived SSID so the new - * committee can detect a corrupted old-committee party broadcasting an - * inconsistent SSID across new-committee members. - */ -message DGRound1Message { - bytes ecdsa_pub_x = 1; - bytes ecdsa_pub_y = 2; - bytes v_commitment = 3; - bytes ssid = 4; -} - -/* - * The Round 2 data is broadcast to other peers of the New Committee in this message. - */ -message DGRound2Message1 { - message DLNProof { - repeated bytes alpha = 1; - repeated bytes t = 2; - } - message ModProof { - bytes w = 1; - repeated bytes x = 2; - repeated bool a = 3; - repeated bool b = 4; - repeated bytes z = 5; - } - reserved 6, 7; - bytes paillier_n = 1; - repeated bytes paillier_proof = 2; - bytes n_tilde = 3; - bytes h1 = 4; - bytes h2 = 5; - DLNProof dlnproof_1 = 8; - DLNProof dlnproof_2 = 9; - ModProof modproof = 10; - ModProof modproof_tilde = 11; -} - -/* - * The Round 2 "ACK" is broadcast to peers of the Old Committee in this message. - */ -message DGRound2Message2 { -} - -/* - * The Round 3 data is sent to peers of the New Committee in this message. - */ -message DGRound3Message1 { - bytes share = 1; -} - -/* - * The Round 3 data is broadcast to peers of the New Committee in this message. - */ -message DGRound3Message2 { - repeated bytes v_decommitment = 1; -} - -/* - * The Round 4 data is sent to other peers of the New Committee in this message. - */ -message DGRound4Message1 { - message FactorProof { - bytes p = 1; - bytes q = 2; - bytes a = 3; - bytes b = 4; - bytes t = 5; - bytes sigma = 6; - bytes z1 = 7; - bytes z2 = 8; - bytes w1 = 9; - bytes w2 = 10; - bytes v = 11; - } - FactorProof facproof = 1; - FactorProof facproof_tilde = 2; -} - -/* - * The Round 4 "ACK" is broadcast to peers of the Old and New Committees from the New Committee in this message. - */ -message DGRound4Message2 { -} - -/* - * The Round 5 "ACK" is broadcast to peers of the Old and New Committees from the New Committee in this message. - */ -message DGRound5Message { -} \ No newline at end of file diff --git a/protob/eddsa-keygen.proto b/protob/eddsa-keygen.proto deleted file mode 100644 index 199d05022..000000000 --- a/protob/eddsa-keygen.proto +++ /dev/null @@ -1,33 +0,0 @@ -// Copyright © 2019 Binance -// -// This file is part of Binance. The full Binance copyright notice, including -// terms governing use, modification, and redistribution, is contained in the -// file LICENSE at the root of the source code distribution tree. - -syntax = "proto3"; -package binance.tsslib.eddsa.keygen; -option go_package = "eddsa/keygen"; - -/* - * Represents a BROADCAST message sent during Round 1 of the EDDSA TSS keygen protocol. - */ -message KGRound1Message { - bytes commitment = 1; -} - -/* - * Represents a P2P message sent to each party during Round 2 of the EDDSA TSS keygen protocol. - */ -message KGRound2Message1 { - bytes share = 1; -} - -/* - * Represents a BROADCAST message sent to each party during Round 2 of the EDDSA TSS keygen protocol. - */ -message KGRound2Message2 { - repeated bytes de_commitment = 1; - bytes proof_alpha_x = 2; - bytes proof_alpha_y = 3; - bytes proof_t = 4; -} diff --git a/protob/eddsa-resharing.proto b/protob/eddsa-resharing.proto deleted file mode 100644 index 3b646cbae..000000000 --- a/protob/eddsa-resharing.proto +++ /dev/null @@ -1,44 +0,0 @@ -// Copyright © 2019 Binance -// -// This file is part of Binance. The full Binance copyright notice, including -// terms governing use, modification, and redistribution, is contained in the -// file LICENSE at the root of the source code distribution tree. - -syntax = "proto3"; -package binance.tsslib.eddsa.resharing; -option go_package = "eddsa/resharing"; - -/* - * The Round 1 data is broadcast to peers of the New Committee in this message. - */ -message DGRound1Message { - bytes eddsa_pub_x = 1; - bytes eddsa_pub_y = 2; - bytes v_commitment = 3; -} - -/* - * The Round 2 "ACK" is broadcast to peers of the Old Committee in this message. - */ -message DGRound2Message { -} - -/* - * The Round 3 data is sent to peers of the New Committee in this message. - */ -message DGRound3Message1 { - bytes share = 1; -} - -/* - * The Round 3 data is broadcast to peers of the New Committee in this message. - */ -message DGRound3Message2 { - repeated bytes v_decommitment = 1; -} - -/* - * The Round 4 "ACK" is broadcast to peers of the Old and New Committees from the New Committee in this message. - */ -message DGRound4Message { -} diff --git a/protob/eddsa-signing.proto b/protob/eddsa-signing.proto deleted file mode 100644 index b018279e7..000000000 --- a/protob/eddsa-signing.proto +++ /dev/null @@ -1,33 +0,0 @@ -// Copyright © 2019 Binance -// -// This file is part of Binance. The full Binance copyright notice, including -// terms governing use, modification, and redistribution, is contained in the -// file LICENSE at the root of the source code distribution tree. - -syntax = "proto3"; -package binance.tsslib.eddsa.signing; -option go_package = "eddsa/signing"; - -/* - * Represents a BROADCAST message sent to all parties during Round 1 of the EDDSA TSS signing protocol. - */ -message SignRound1Message { - bytes commitment = 1; -} - -/* - * Represents a BROADCAST message sent to all parties during Round 2 of the EDDSA TSS signing protocol. - */ -message SignRound2Message { - repeated bytes de_commitment = 1; - bytes proof_alpha_x = 2; - bytes proof_alpha_y = 3; - bytes proof_t = 4; -} - -/* - * Represents a BROADCAST message sent to all parties during Round 3 of the EDDSA TSS signing protocol. - */ -message SignRound3Message { - bytes s = 1; -} diff --git a/protob/message.proto b/protob/message.proto index 707bf0399..71884b3e1 100644 --- a/protob/message.proto +++ b/protob/message.proto @@ -26,9 +26,9 @@ message MessageWrapper { // Metadata optionally un-marshalled and used by the transport to route this message. bool is_broadcast = 1; // Metadata optionally un-marshalled and used by the transport to route this message. - bool is_to_old_committee = 2; // used only in certain resharing messages + bool is_to_old_committee = 2; // legacy resharing routing field // Metadata optionally un-marshalled and used by the transport to route this message. - bool is_to_old_and_new_committees = 5; // used only in certain resharing messages + bool is_to_old_and_new_committees = 5; // legacy resharing routing field // Metadata optionally un-marshalled and used by the transport to route this message. PartyID from = 3; diff --git a/test/_eddsa_fixtures/keygen_data_0.json b/test/_eddsa_fixtures/keygen_data_0.json deleted file mode 100644 index feeec1432..000000000 --- a/test/_eddsa_fixtures/keygen_data_0.json +++ /dev/null @@ -1 +0,0 @@ -{"Xi":5497684578559545786538821087317191229833609560825198097090867227036693974853,"ShareID":40734138852254171962093726793026483849163144962128892259315105148313993825450,"Ks":[40734138852254171962093726793026483849163144962128892259315105148313993825450,40734138852254171962093726793026483849163144962128892259315105148313993825451,40734138852254171962093726793026483849163144962128892259315105148313993825452,40734138852254171962093726793026483849163144962128892259315105148313993825453,40734138852254171962093726793026483849163144962128892259315105148313993825454,40734138852254171962093726793026483849163144962128892259315105148313993825455,40734138852254171962093726793026483849163144962128892259315105148313993825456,40734138852254171962093726793026483849163144962128892259315105148313993825457,40734138852254171962093726793026483849163144962128892259315105148313993825458,40734138852254171962093726793026483849163144962128892259315105148313993825459,40734138852254171962093726793026483849163144962128892259315105148313993825460,40734138852254171962093726793026483849163144962128892259315105148313993825461,40734138852254171962093726793026483849163144962128892259315105148313993825462,40734138852254171962093726793026483849163144962128892259315105148313993825463,40734138852254171962093726793026483849163144962128892259315105148313993825464,40734138852254171962093726793026483849163144962128892259315105148313993825465,40734138852254171962093726793026483849163144962128892259315105148313993825466,40734138852254171962093726793026483849163144962128892259315105148313993825467,40734138852254171962093726793026483849163144962128892259315105148313993825468,40734138852254171962093726793026483849163144962128892259315105148313993825469],"BigXj":[{"Coords":[29957866551444288658476350454857942692734557351100032691360819157091897571232,36516084228669802171659768461438209556386151343623994887856397017072741988372]},{"Coords":[47405980669639002124687519219913707250293554115260022083522701215817403509702,6956633993610953877720305833332948578423467581354172946924040631226828086263]},{"Coords":[18448325566171282313365171084287037248684936691904749885126674379501353453346,57542808379242682171071366265254456185195752776998290707742666662032232473622]},{"Coords":[798119792817890022465650864894266739550633881670097146590803382931084199002,18741616705198182206589511729301188460657955392768622916582367701785923387424]},{"Coords":[14524065198933915096660983495571495008260235612202009841821241149956652340934,162069773027357354579088193613939754572344398048294401250160042815055523396]},{"Coords":[2391511861628100895088988814765656118369224176176415534794931546222531191393,54978250562078788732535891657909173161508352364458206272900734945726006923944]},{"Coords":[33367545684625665916290843623923194353275614015826572202674111417892161420321,34552418317790324990966929588824151029743376389391432746282019503564426200611]},{"Coords":[453004606432256381667684448461219576328123204931667780295629476469381320335,24202636244659007772676161416986810172809713458728117448473736554568193288470]},{"Coords":[44318728173104604826550003017879014210227013712735183198372207299653903594205,55087473080850843015060234253261358005815826246456261778853783389363296224499]},{"Coords":[5097897464978708021234982103799161978473496892186061915228937112062938960292,39812599820868772665849683762267559082841521300551301780306710760212842213142]},{"Coords":[55801688604275193229895471092959853307614973751632662500004587523688279428992,17908790269314533447122947617750819476463804243432605334549377565373680755876]},{"Coords":[32196451128233400126962687457853805171503763230195900653815988022301169917854,10273285854850198960907924097749326069343899412006196915507281805160302832102]},{"Coords":[26398652979910650230881886450362073218710043900599396151821471419532983149715,3032814692424797993000494058354620844984917462544480255564224802193495430820]},{"Coords":[27236617586105103118624761259021831737235970883376501177552152583376986719238,2786011207236436994120124945804028682728444491790282961909091865945687955840]},{"Coords":[6500269738457737805717018971821598944446826873819309240030153246330846600187,54308477058519174622786176570543012641112928166620722474067812858680268430854]},{"Coords":[4652059627434138465834466819430362335203531466567637962754703362561726860984,18006877504897652595228402160133201981096960017662552547657957601542173068568]},{"Coords":[42705465432401668547671480078970955931365681662524360494488948437573630670729,37242984276081434326327463579899341679142344806501877280538421137197674554811]},{"Coords":[18501735463211215871442136946404860176100300228118646447712783974401612692211,55831398139586339034188706414537302757232734304622486782051369794171579576311]},{"Coords":[7385530367911231668221642462698546652820692326793989938132531831625569287435,12085977429229034609485085920553594147602092630530547749432190844231493145848]},{"Coords":[49366217028906791915740719671679644479230737403944270239462268252818931953988,25008491817774874184492999972971314605544442775664114331432153999032773052367]}],"EDDSAPub":{"Coords":[42175055170903350083404361365361390497000185285799325061444760830647516725091,33752718602899281735872279809218140168011871948094137689488348151553552496995]}} \ No newline at end of file diff --git a/test/_eddsa_fixtures/keygen_data_1.json b/test/_eddsa_fixtures/keygen_data_1.json deleted file mode 100644 index 4460233d1..000000000 --- a/test/_eddsa_fixtures/keygen_data_1.json +++ /dev/null @@ -1 +0,0 @@ -{"Xi":63217934899982716894047386607270001125515919366615110191441945641589351059,"ShareID":40734138852254171962093726793026483849163144962128892259315105148313993825451,"Ks":[40734138852254171962093726793026483849163144962128892259315105148313993825450,40734138852254171962093726793026483849163144962128892259315105148313993825451,40734138852254171962093726793026483849163144962128892259315105148313993825452,40734138852254171962093726793026483849163144962128892259315105148313993825453,40734138852254171962093726793026483849163144962128892259315105148313993825454,40734138852254171962093726793026483849163144962128892259315105148313993825455,40734138852254171962093726793026483849163144962128892259315105148313993825456,40734138852254171962093726793026483849163144962128892259315105148313993825457,40734138852254171962093726793026483849163144962128892259315105148313993825458,40734138852254171962093726793026483849163144962128892259315105148313993825459,40734138852254171962093726793026483849163144962128892259315105148313993825460,40734138852254171962093726793026483849163144962128892259315105148313993825461,40734138852254171962093726793026483849163144962128892259315105148313993825462,40734138852254171962093726793026483849163144962128892259315105148313993825463,40734138852254171962093726793026483849163144962128892259315105148313993825464,40734138852254171962093726793026483849163144962128892259315105148313993825465,40734138852254171962093726793026483849163144962128892259315105148313993825466,40734138852254171962093726793026483849163144962128892259315105148313993825467,40734138852254171962093726793026483849163144962128892259315105148313993825468,40734138852254171962093726793026483849163144962128892259315105148313993825469],"BigXj":[{"Coords":[29957866551444288658476350454857942692734557351100032691360819157091897571232,36516084228669802171659768461438209556386151343623994887856397017072741988372]},{"Coords":[47405980669639002124687519219913707250293554115260022083522701215817403509702,6956633993610953877720305833332948578423467581354172946924040631226828086263]},{"Coords":[18448325566171282313365171084287037248684936691904749885126674379501353453346,57542808379242682171071366265254456185195752776998290707742666662032232473622]},{"Coords":[798119792817890022465650864894266739550633881670097146590803382931084199002,18741616705198182206589511729301188460657955392768622916582367701785923387424]},{"Coords":[14524065198933915096660983495571495008260235612202009841821241149956652340934,162069773027357354579088193613939754572344398048294401250160042815055523396]},{"Coords":[2391511861628100895088988814765656118369224176176415534794931546222531191393,54978250562078788732535891657909173161508352364458206272900734945726006923944]},{"Coords":[33367545684625665916290843623923194353275614015826572202674111417892161420321,34552418317790324990966929588824151029743376389391432746282019503564426200611]},{"Coords":[453004606432256381667684448461219576328123204931667780295629476469381320335,24202636244659007772676161416986810172809713458728117448473736554568193288470]},{"Coords":[44318728173104604826550003017879014210227013712735183198372207299653903594205,55087473080850843015060234253261358005815826246456261778853783389363296224499]},{"Coords":[5097897464978708021234982103799161978473496892186061915228937112062938960292,39812599820868772665849683762267559082841521300551301780306710760212842213142]},{"Coords":[55801688604275193229895471092959853307614973751632662500004587523688279428992,17908790269314533447122947617750819476463804243432605334549377565373680755876]},{"Coords":[32196451128233400126962687457853805171503763230195900653815988022301169917854,10273285854850198960907924097749326069343899412006196915507281805160302832102]},{"Coords":[26398652979910650230881886450362073218710043900599396151821471419532983149715,3032814692424797993000494058354620844984917462544480255564224802193495430820]},{"Coords":[27236617586105103118624761259021831737235970883376501177552152583376986719238,2786011207236436994120124945804028682728444491790282961909091865945687955840]},{"Coords":[6500269738457737805717018971821598944446826873819309240030153246330846600187,54308477058519174622786176570543012641112928166620722474067812858680268430854]},{"Coords":[4652059627434138465834466819430362335203531466567637962754703362561726860984,18006877504897652595228402160133201981096960017662552547657957601542173068568]},{"Coords":[42705465432401668547671480078970955931365681662524360494488948437573630670729,37242984276081434326327463579899341679142344806501877280538421137197674554811]},{"Coords":[18501735463211215871442136946404860176100300228118646447712783974401612692211,55831398139586339034188706414537302757232734304622486782051369794171579576311]},{"Coords":[7385530367911231668221642462698546652820692326793989938132531831625569287435,12085977429229034609485085920553594147602092630530547749432190844231493145848]},{"Coords":[49366217028906791915740719671679644479230737403944270239462268252818931953988,25008491817774874184492999972971314605544442775664114331432153999032773052367]}],"EDDSAPub":{"Coords":[42175055170903350083404361365361390497000185285799325061444760830647516725091,33752718602899281735872279809218140168011871948094137689488348151553552496995]}} \ No newline at end of file diff --git a/test/_eddsa_fixtures/keygen_data_10.json b/test/_eddsa_fixtures/keygen_data_10.json deleted file mode 100644 index 637f110ac..000000000 --- a/test/_eddsa_fixtures/keygen_data_10.json +++ /dev/null @@ -1 +0,0 @@ -{"Xi":612714003124180468435465629962791203830154005382664864392564657993173015402,"ShareID":40734138852254171962093726793026483849163144962128892259315105148313993825460,"Ks":[40734138852254171962093726793026483849163144962128892259315105148313993825450,40734138852254171962093726793026483849163144962128892259315105148313993825451,40734138852254171962093726793026483849163144962128892259315105148313993825452,40734138852254171962093726793026483849163144962128892259315105148313993825453,40734138852254171962093726793026483849163144962128892259315105148313993825454,40734138852254171962093726793026483849163144962128892259315105148313993825455,40734138852254171962093726793026483849163144962128892259315105148313993825456,40734138852254171962093726793026483849163144962128892259315105148313993825457,40734138852254171962093726793026483849163144962128892259315105148313993825458,40734138852254171962093726793026483849163144962128892259315105148313993825459,40734138852254171962093726793026483849163144962128892259315105148313993825460,40734138852254171962093726793026483849163144962128892259315105148313993825461,40734138852254171962093726793026483849163144962128892259315105148313993825462,40734138852254171962093726793026483849163144962128892259315105148313993825463,40734138852254171962093726793026483849163144962128892259315105148313993825464,40734138852254171962093726793026483849163144962128892259315105148313993825465,40734138852254171962093726793026483849163144962128892259315105148313993825466,40734138852254171962093726793026483849163144962128892259315105148313993825467,40734138852254171962093726793026483849163144962128892259315105148313993825468,40734138852254171962093726793026483849163144962128892259315105148313993825469],"BigXj":[{"Coords":[29957866551444288658476350454857942692734557351100032691360819157091897571232,36516084228669802171659768461438209556386151343623994887856397017072741988372]},{"Coords":[47405980669639002124687519219913707250293554115260022083522701215817403509702,6956633993610953877720305833332948578423467581354172946924040631226828086263]},{"Coords":[18448325566171282313365171084287037248684936691904749885126674379501353453346,57542808379242682171071366265254456185195752776998290707742666662032232473622]},{"Coords":[798119792817890022465650864894266739550633881670097146590803382931084199002,18741616705198182206589511729301188460657955392768622916582367701785923387424]},{"Coords":[14524065198933915096660983495571495008260235612202009841821241149956652340934,162069773027357354579088193613939754572344398048294401250160042815055523396]},{"Coords":[2391511861628100895088988814765656118369224176176415534794931546222531191393,54978250562078788732535891657909173161508352364458206272900734945726006923944]},{"Coords":[33367545684625665916290843623923194353275614015826572202674111417892161420321,34552418317790324990966929588824151029743376389391432746282019503564426200611]},{"Coords":[453004606432256381667684448461219576328123204931667780295629476469381320335,24202636244659007772676161416986810172809713458728117448473736554568193288470]},{"Coords":[44318728173104604826550003017879014210227013712735183198372207299653903594205,55087473080850843015060234253261358005815826246456261778853783389363296224499]},{"Coords":[5097897464978708021234982103799161978473496892186061915228937112062938960292,39812599820868772665849683762267559082841521300551301780306710760212842213142]},{"Coords":[55801688604275193229895471092959853307614973751632662500004587523688279428992,17908790269314533447122947617750819476463804243432605334549377565373680755876]},{"Coords":[32196451128233400126962687457853805171503763230195900653815988022301169917854,10273285854850198960907924097749326069343899412006196915507281805160302832102]},{"Coords":[26398652979910650230881886450362073218710043900599396151821471419532983149715,3032814692424797993000494058354620844984917462544480255564224802193495430820]},{"Coords":[27236617586105103118624761259021831737235970883376501177552152583376986719238,2786011207236436994120124945804028682728444491790282961909091865945687955840]},{"Coords":[6500269738457737805717018971821598944446826873819309240030153246330846600187,54308477058519174622786176570543012641112928166620722474067812858680268430854]},{"Coords":[4652059627434138465834466819430362335203531466567637962754703362561726860984,18006877504897652595228402160133201981096960017662552547657957601542173068568]},{"Coords":[42705465432401668547671480078970955931365681662524360494488948437573630670729,37242984276081434326327463579899341679142344806501877280538421137197674554811]},{"Coords":[18501735463211215871442136946404860176100300228118646447712783974401612692211,55831398139586339034188706414537302757232734304622486782051369794171579576311]},{"Coords":[7385530367911231668221642462698546652820692326793989938132531831625569287435,12085977429229034609485085920553594147602092630530547749432190844231493145848]},{"Coords":[49366217028906791915740719671679644479230737403944270239462268252818931953988,25008491817774874184492999972971314605544442775664114331432153999032773052367]}],"EDDSAPub":{"Coords":[42175055170903350083404361365361390497000185285799325061444760830647516725091,33752718602899281735872279809218140168011871948094137689488348151553552496995]}} \ No newline at end of file diff --git a/test/_eddsa_fixtures/keygen_data_11.json b/test/_eddsa_fixtures/keygen_data_11.json deleted file mode 100644 index cfd154ae6..000000000 --- a/test/_eddsa_fixtures/keygen_data_11.json +++ /dev/null @@ -1 +0,0 @@ -{"Xi":132334330740542508112965228396678173206965797155205085258526075204147842999,"ShareID":40734138852254171962093726793026483849163144962128892259315105148313993825461,"Ks":[40734138852254171962093726793026483849163144962128892259315105148313993825450,40734138852254171962093726793026483849163144962128892259315105148313993825451,40734138852254171962093726793026483849163144962128892259315105148313993825452,40734138852254171962093726793026483849163144962128892259315105148313993825453,40734138852254171962093726793026483849163144962128892259315105148313993825454,40734138852254171962093726793026483849163144962128892259315105148313993825455,40734138852254171962093726793026483849163144962128892259315105148313993825456,40734138852254171962093726793026483849163144962128892259315105148313993825457,40734138852254171962093726793026483849163144962128892259315105148313993825458,40734138852254171962093726793026483849163144962128892259315105148313993825459,40734138852254171962093726793026483849163144962128892259315105148313993825460,40734138852254171962093726793026483849163144962128892259315105148313993825461,40734138852254171962093726793026483849163144962128892259315105148313993825462,40734138852254171962093726793026483849163144962128892259315105148313993825463,40734138852254171962093726793026483849163144962128892259315105148313993825464,40734138852254171962093726793026483849163144962128892259315105148313993825465,40734138852254171962093726793026483849163144962128892259315105148313993825466,40734138852254171962093726793026483849163144962128892259315105148313993825467,40734138852254171962093726793026483849163144962128892259315105148313993825468,40734138852254171962093726793026483849163144962128892259315105148313993825469],"BigXj":[{"Coords":[29957866551444288658476350454857942692734557351100032691360819157091897571232,36516084228669802171659768461438209556386151343623994887856397017072741988372]},{"Coords":[47405980669639002124687519219913707250293554115260022083522701215817403509702,6956633993610953877720305833332948578423467581354172946924040631226828086263]},{"Coords":[18448325566171282313365171084287037248684936691904749885126674379501353453346,57542808379242682171071366265254456185195752776998290707742666662032232473622]},{"Coords":[798119792817890022465650864894266739550633881670097146590803382931084199002,18741616705198182206589511729301188460657955392768622916582367701785923387424]},{"Coords":[14524065198933915096660983495571495008260235612202009841821241149956652340934,162069773027357354579088193613939754572344398048294401250160042815055523396]},{"Coords":[2391511861628100895088988814765656118369224176176415534794931546222531191393,54978250562078788732535891657909173161508352364458206272900734945726006923944]},{"Coords":[33367545684625665916290843623923194353275614015826572202674111417892161420321,34552418317790324990966929588824151029743376389391432746282019503564426200611]},{"Coords":[453004606432256381667684448461219576328123204931667780295629476469381320335,24202636244659007772676161416986810172809713458728117448473736554568193288470]},{"Coords":[44318728173104604826550003017879014210227013712735183198372207299653903594205,55087473080850843015060234253261358005815826246456261778853783389363296224499]},{"Coords":[5097897464978708021234982103799161978473496892186061915228937112062938960292,39812599820868772665849683762267559082841521300551301780306710760212842213142]},{"Coords":[55801688604275193229895471092959853307614973751632662500004587523688279428992,17908790269314533447122947617750819476463804243432605334549377565373680755876]},{"Coords":[32196451128233400126962687457853805171503763230195900653815988022301169917854,10273285854850198960907924097749326069343899412006196915507281805160302832102]},{"Coords":[26398652979910650230881886450362073218710043900599396151821471419532983149715,3032814692424797993000494058354620844984917462544480255564224802193495430820]},{"Coords":[27236617586105103118624761259021831737235970883376501177552152583376986719238,2786011207236436994120124945804028682728444491790282961909091865945687955840]},{"Coords":[6500269738457737805717018971821598944446826873819309240030153246330846600187,54308477058519174622786176570543012641112928166620722474067812858680268430854]},{"Coords":[4652059627434138465834466819430362335203531466567637962754703362561726860984,18006877504897652595228402160133201981096960017662552547657957601542173068568]},{"Coords":[42705465432401668547671480078970955931365681662524360494488948437573630670729,37242984276081434326327463579899341679142344806501877280538421137197674554811]},{"Coords":[18501735463211215871442136946404860176100300228118646447712783974401612692211,55831398139586339034188706414537302757232734304622486782051369794171579576311]},{"Coords":[7385530367911231668221642462698546652820692326793989938132531831625569287435,12085977429229034609485085920553594147602092630530547749432190844231493145848]},{"Coords":[49366217028906791915740719671679644479230737403944270239462268252818931953988,25008491817774874184492999972971314605544442775664114331432153999032773052367]}],"EDDSAPub":{"Coords":[42175055170903350083404361365361390497000185285799325061444760830647516725091,33752718602899281735872279809218140168011871948094137689488348151553552496995]}} \ No newline at end of file diff --git a/test/_eddsa_fixtures/keygen_data_12.json b/test/_eddsa_fixtures/keygen_data_12.json deleted file mode 100644 index 5c0b4d6f0..000000000 --- a/test/_eddsa_fixtures/keygen_data_12.json +++ /dev/null @@ -1 +0,0 @@ -{"Xi":1921343134857809336751206840551659669418844774179637463961986945173823600101,"ShareID":40734138852254171962093726793026483849163144962128892259315105148313993825462,"Ks":[40734138852254171962093726793026483849163144962128892259315105148313993825450,40734138852254171962093726793026483849163144962128892259315105148313993825451,40734138852254171962093726793026483849163144962128892259315105148313993825452,40734138852254171962093726793026483849163144962128892259315105148313993825453,40734138852254171962093726793026483849163144962128892259315105148313993825454,40734138852254171962093726793026483849163144962128892259315105148313993825455,40734138852254171962093726793026483849163144962128892259315105148313993825456,40734138852254171962093726793026483849163144962128892259315105148313993825457,40734138852254171962093726793026483849163144962128892259315105148313993825458,40734138852254171962093726793026483849163144962128892259315105148313993825459,40734138852254171962093726793026483849163144962128892259315105148313993825460,40734138852254171962093726793026483849163144962128892259315105148313993825461,40734138852254171962093726793026483849163144962128892259315105148313993825462,40734138852254171962093726793026483849163144962128892259315105148313993825463,40734138852254171962093726793026483849163144962128892259315105148313993825464,40734138852254171962093726793026483849163144962128892259315105148313993825465,40734138852254171962093726793026483849163144962128892259315105148313993825466,40734138852254171962093726793026483849163144962128892259315105148313993825467,40734138852254171962093726793026483849163144962128892259315105148313993825468,40734138852254171962093726793026483849163144962128892259315105148313993825469],"BigXj":[{"Coords":[29957866551444288658476350454857942692734557351100032691360819157091897571232,36516084228669802171659768461438209556386151343623994887856397017072741988372]},{"Coords":[47405980669639002124687519219913707250293554115260022083522701215817403509702,6956633993610953877720305833332948578423467581354172946924040631226828086263]},{"Coords":[18448325566171282313365171084287037248684936691904749885126674379501353453346,57542808379242682171071366265254456185195752776998290707742666662032232473622]},{"Coords":[798119792817890022465650864894266739550633881670097146590803382931084199002,18741616705198182206589511729301188460657955392768622916582367701785923387424]},{"Coords":[14524065198933915096660983495571495008260235612202009841821241149956652340934,162069773027357354579088193613939754572344398048294401250160042815055523396]},{"Coords":[2391511861628100895088988814765656118369224176176415534794931546222531191393,54978250562078788732535891657909173161508352364458206272900734945726006923944]},{"Coords":[33367545684625665916290843623923194353275614015826572202674111417892161420321,34552418317790324990966929588824151029743376389391432746282019503564426200611]},{"Coords":[453004606432256381667684448461219576328123204931667780295629476469381320335,24202636244659007772676161416986810172809713458728117448473736554568193288470]},{"Coords":[44318728173104604826550003017879014210227013712735183198372207299653903594205,55087473080850843015060234253261358005815826246456261778853783389363296224499]},{"Coords":[5097897464978708021234982103799161978473496892186061915228937112062938960292,39812599820868772665849683762267559082841521300551301780306710760212842213142]},{"Coords":[55801688604275193229895471092959853307614973751632662500004587523688279428992,17908790269314533447122947617750819476463804243432605334549377565373680755876]},{"Coords":[32196451128233400126962687457853805171503763230195900653815988022301169917854,10273285854850198960907924097749326069343899412006196915507281805160302832102]},{"Coords":[26398652979910650230881886450362073218710043900599396151821471419532983149715,3032814692424797993000494058354620844984917462544480255564224802193495430820]},{"Coords":[27236617586105103118624761259021831737235970883376501177552152583376986719238,2786011207236436994120124945804028682728444491790282961909091865945687955840]},{"Coords":[6500269738457737805717018971821598944446826873819309240030153246330846600187,54308477058519174622786176570543012641112928166620722474067812858680268430854]},{"Coords":[4652059627434138465834466819430362335203531466567637962754703362561726860984,18006877504897652595228402160133201981096960017662552547657957601542173068568]},{"Coords":[42705465432401668547671480078970955931365681662524360494488948437573630670729,37242984276081434326327463579899341679142344806501877280538421137197674554811]},{"Coords":[18501735463211215871442136946404860176100300228118646447712783974401612692211,55831398139586339034188706414537302757232734304622486782051369794171579576311]},{"Coords":[7385530367911231668221642462698546652820692326793989938132531831625569287435,12085977429229034609485085920553594147602092630530547749432190844231493145848]},{"Coords":[49366217028906791915740719671679644479230737403944270239462268252818931953988,25008491817774874184492999972971314605544442775664114331432153999032773052367]}],"EDDSAPub":{"Coords":[42175055170903350083404361365361390497000185285799325061444760830647516725091,33752718602899281735872279809218140168011871948094137689488348151553552496995]}} \ No newline at end of file diff --git a/test/_eddsa_fixtures/keygen_data_13.json b/test/_eddsa_fixtures/keygen_data_13.json deleted file mode 100644 index bdc867a30..000000000 --- a/test/_eddsa_fixtures/keygen_data_13.json +++ /dev/null @@ -1 +0,0 @@ -{"Xi":3558382524044537666501461744703165381727523259984117242394204292910450959450,"ShareID":40734138852254171962093726793026483849163144962128892259315105148313993825463,"Ks":[40734138852254171962093726793026483849163144962128892259315105148313993825450,40734138852254171962093726793026483849163144962128892259315105148313993825451,40734138852254171962093726793026483849163144962128892259315105148313993825452,40734138852254171962093726793026483849163144962128892259315105148313993825453,40734138852254171962093726793026483849163144962128892259315105148313993825454,40734138852254171962093726793026483849163144962128892259315105148313993825455,40734138852254171962093726793026483849163144962128892259315105148313993825456,40734138852254171962093726793026483849163144962128892259315105148313993825457,40734138852254171962093726793026483849163144962128892259315105148313993825458,40734138852254171962093726793026483849163144962128892259315105148313993825459,40734138852254171962093726793026483849163144962128892259315105148313993825460,40734138852254171962093726793026483849163144962128892259315105148313993825461,40734138852254171962093726793026483849163144962128892259315105148313993825462,40734138852254171962093726793026483849163144962128892259315105148313993825463,40734138852254171962093726793026483849163144962128892259315105148313993825464,40734138852254171962093726793026483849163144962128892259315105148313993825465,40734138852254171962093726793026483849163144962128892259315105148313993825466,40734138852254171962093726793026483849163144962128892259315105148313993825467,40734138852254171962093726793026483849163144962128892259315105148313993825468,40734138852254171962093726793026483849163144962128892259315105148313993825469],"BigXj":[{"Coords":[29957866551444288658476350454857942692734557351100032691360819157091897571232,36516084228669802171659768461438209556386151343623994887856397017072741988372]},{"Coords":[47405980669639002124687519219913707250293554115260022083522701215817403509702,6956633993610953877720305833332948578423467581354172946924040631226828086263]},{"Coords":[18448325566171282313365171084287037248684936691904749885126674379501353453346,57542808379242682171071366265254456185195752776998290707742666662032232473622]},{"Coords":[798119792817890022465650864894266739550633881670097146590803382931084199002,18741616705198182206589511729301188460657955392768622916582367701785923387424]},{"Coords":[14524065198933915096660983495571495008260235612202009841821241149956652340934,162069773027357354579088193613939754572344398048294401250160042815055523396]},{"Coords":[2391511861628100895088988814765656118369224176176415534794931546222531191393,54978250562078788732535891657909173161508352364458206272900734945726006923944]},{"Coords":[33367545684625665916290843623923194353275614015826572202674111417892161420321,34552418317790324990966929588824151029743376389391432746282019503564426200611]},{"Coords":[453004606432256381667684448461219576328123204931667780295629476469381320335,24202636244659007772676161416986810172809713458728117448473736554568193288470]},{"Coords":[44318728173104604826550003017879014210227013712735183198372207299653903594205,55087473080850843015060234253261358005815826246456261778853783389363296224499]},{"Coords":[5097897464978708021234982103799161978473496892186061915228937112062938960292,39812599820868772665849683762267559082841521300551301780306710760212842213142]},{"Coords":[55801688604275193229895471092959853307614973751632662500004587523688279428992,17908790269314533447122947617750819476463804243432605334549377565373680755876]},{"Coords":[32196451128233400126962687457853805171503763230195900653815988022301169917854,10273285854850198960907924097749326069343899412006196915507281805160302832102]},{"Coords":[26398652979910650230881886450362073218710043900599396151821471419532983149715,3032814692424797993000494058354620844984917462544480255564224802193495430820]},{"Coords":[27236617586105103118624761259021831737235970883376501177552152583376986719238,2786011207236436994120124945804028682728444491790282961909091865945687955840]},{"Coords":[6500269738457737805717018971821598944446826873819309240030153246330846600187,54308477058519174622786176570543012641112928166620722474067812858680268430854]},{"Coords":[4652059627434138465834466819430362335203531466567637962754703362561726860984,18006877504897652595228402160133201981096960017662552547657957601542173068568]},{"Coords":[42705465432401668547671480078970955931365681662524360494488948437573630670729,37242984276081434326327463579899341679142344806501877280538421137197674554811]},{"Coords":[18501735463211215871442136946404860176100300228118646447712783974401612692211,55831398139586339034188706414537302757232734304622486782051369794171579576311]},{"Coords":[7385530367911231668221642462698546652820692326793989938132531831625569287435,12085977429229034609485085920553594147602092630530547749432190844231493145848]},{"Coords":[49366217028906791915740719671679644479230737403944270239462268252818931953988,25008491817774874184492999972971314605544442775664114331432153999032773052367]}],"EDDSAPub":{"Coords":[42175055170903350083404361365361390497000185285799325061444760830647516725091,33752718602899281735872279809218140168011871948094137689488348151553552496995]}} \ No newline at end of file diff --git a/test/_eddsa_fixtures/keygen_data_14.json b/test/_eddsa_fixtures/keygen_data_14.json deleted file mode 100644 index 27d1d8f42..000000000 --- a/test/_eddsa_fixtures/keygen_data_14.json +++ /dev/null @@ -1 +0,0 @@ -{"Xi":6412808835118819085492743071719737203105199209455243425461676282885185849942,"ShareID":40734138852254171962093726793026483849163144962128892259315105148313993825464,"Ks":[40734138852254171962093726793026483849163144962128892259315105148313993825450,40734138852254171962093726793026483849163144962128892259315105148313993825451,40734138852254171962093726793026483849163144962128892259315105148313993825452,40734138852254171962093726793026483849163144962128892259315105148313993825453,40734138852254171962093726793026483849163144962128892259315105148313993825454,40734138852254171962093726793026483849163144962128892259315105148313993825455,40734138852254171962093726793026483849163144962128892259315105148313993825456,40734138852254171962093726793026483849163144962128892259315105148313993825457,40734138852254171962093726793026483849163144962128892259315105148313993825458,40734138852254171962093726793026483849163144962128892259315105148313993825459,40734138852254171962093726793026483849163144962128892259315105148313993825460,40734138852254171962093726793026483849163144962128892259315105148313993825461,40734138852254171962093726793026483849163144962128892259315105148313993825462,40734138852254171962093726793026483849163144962128892259315105148313993825463,40734138852254171962093726793026483849163144962128892259315105148313993825464,40734138852254171962093726793026483849163144962128892259315105148313993825465,40734138852254171962093726793026483849163144962128892259315105148313993825466,40734138852254171962093726793026483849163144962128892259315105148313993825467,40734138852254171962093726793026483849163144962128892259315105148313993825468,40734138852254171962093726793026483849163144962128892259315105148313993825469],"BigXj":[{"Coords":[29957866551444288658476350454857942692734557351100032691360819157091897571232,36516084228669802171659768461438209556386151343623994887856397017072741988372]},{"Coords":[47405980669639002124687519219913707250293554115260022083522701215817403509702,6956633993610953877720305833332948578423467581354172946924040631226828086263]},{"Coords":[18448325566171282313365171084287037248684936691904749885126674379501353453346,57542808379242682171071366265254456185195752776998290707742666662032232473622]},{"Coords":[798119792817890022465650864894266739550633881670097146590803382931084199002,18741616705198182206589511729301188460657955392768622916582367701785923387424]},{"Coords":[14524065198933915096660983495571495008260235612202009841821241149956652340934,162069773027357354579088193613939754572344398048294401250160042815055523396]},{"Coords":[2391511861628100895088988814765656118369224176176415534794931546222531191393,54978250562078788732535891657909173161508352364458206272900734945726006923944]},{"Coords":[33367545684625665916290843623923194353275614015826572202674111417892161420321,34552418317790324990966929588824151029743376389391432746282019503564426200611]},{"Coords":[453004606432256381667684448461219576328123204931667780295629476469381320335,24202636244659007772676161416986810172809713458728117448473736554568193288470]},{"Coords":[44318728173104604826550003017879014210227013712735183198372207299653903594205,55087473080850843015060234253261358005815826246456261778853783389363296224499]},{"Coords":[5097897464978708021234982103799161978473496892186061915228937112062938960292,39812599820868772665849683762267559082841521300551301780306710760212842213142]},{"Coords":[55801688604275193229895471092959853307614973751632662500004587523688279428992,17908790269314533447122947617750819476463804243432605334549377565373680755876]},{"Coords":[32196451128233400126962687457853805171503763230195900653815988022301169917854,10273285854850198960907924097749326069343899412006196915507281805160302832102]},{"Coords":[26398652979910650230881886450362073218710043900599396151821471419532983149715,3032814692424797993000494058354620844984917462544480255564224802193495430820]},{"Coords":[27236617586105103118624761259021831737235970883376501177552152583376986719238,2786011207236436994120124945804028682728444491790282961909091865945687955840]},{"Coords":[6500269738457737805717018971821598944446826873819309240030153246330846600187,54308477058519174622786176570543012641112928166620722474067812858680268430854]},{"Coords":[4652059627434138465834466819430362335203531466567637962754703362561726860984,18006877504897652595228402160133201981096960017662552547657957601542173068568]},{"Coords":[42705465432401668547671480078970955931365681662524360494488948437573630670729,37242984276081434326327463579899341679142344806501877280538421137197674554811]},{"Coords":[18501735463211215871442136946404860176100300228118646447712783974401612692211,55831398139586339034188706414537302757232734304622486782051369794171579576311]},{"Coords":[7385530367911231668221642462698546652820692326793989938132531831625569287435,12085977429229034609485085920553594147602092630530547749432190844231493145848]},{"Coords":[49366217028906791915740719671679644479230737403944270239462268252818931953988,25008491817774874184492999972971314605544442775664114331432153999032773052367]}],"EDDSAPub":{"Coords":[42175055170903350083404361365361390497000185285799325061444760830647516725091,33752718602899281735872279809218140168011871948094137689488348151553552496995]}} \ No newline at end of file diff --git a/test/_eddsa_fixtures/keygen_data_15.json b/test/_eddsa_fixtures/keygen_data_15.json deleted file mode 100644 index aa6b2347a..000000000 --- a/test/_eddsa_fixtures/keygen_data_15.json +++ /dev/null @@ -1 +0,0 @@ -{"Xi":2537771294854952247889447558735279964020200059516392797425993769055333209778,"ShareID":40734138852254171962093726793026483849163144962128892259315105148313993825465,"Ks":[40734138852254171962093726793026483849163144962128892259315105148313993825450,40734138852254171962093726793026483849163144962128892259315105148313993825451,40734138852254171962093726793026483849163144962128892259315105148313993825452,40734138852254171962093726793026483849163144962128892259315105148313993825453,40734138852254171962093726793026483849163144962128892259315105148313993825454,40734138852254171962093726793026483849163144962128892259315105148313993825455,40734138852254171962093726793026483849163144962128892259315105148313993825456,40734138852254171962093726793026483849163144962128892259315105148313993825457,40734138852254171962093726793026483849163144962128892259315105148313993825458,40734138852254171962093726793026483849163144962128892259315105148313993825459,40734138852254171962093726793026483849163144962128892259315105148313993825460,40734138852254171962093726793026483849163144962128892259315105148313993825461,40734138852254171962093726793026483849163144962128892259315105148313993825462,40734138852254171962093726793026483849163144962128892259315105148313993825463,40734138852254171962093726793026483849163144962128892259315105148313993825464,40734138852254171962093726793026483849163144962128892259315105148313993825465,40734138852254171962093726793026483849163144962128892259315105148313993825466,40734138852254171962093726793026483849163144962128892259315105148313993825467,40734138852254171962093726793026483849163144962128892259315105148313993825468,40734138852254171962093726793026483849163144962128892259315105148313993825469],"BigXj":[{"Coords":[29957866551444288658476350454857942692734557351100032691360819157091897571232,36516084228669802171659768461438209556386151343623994887856397017072741988372]},{"Coords":[47405980669639002124687519219913707250293554115260022083522701215817403509702,6956633993610953877720305833332948578423467581354172946924040631226828086263]},{"Coords":[18448325566171282313365171084287037248684936691904749885126674379501353453346,57542808379242682171071366265254456185195752776998290707742666662032232473622]},{"Coords":[798119792817890022465650864894266739550633881670097146590803382931084199002,18741616705198182206589511729301188460657955392768622916582367701785923387424]},{"Coords":[14524065198933915096660983495571495008260235612202009841821241149956652340934,162069773027357354579088193613939754572344398048294401250160042815055523396]},{"Coords":[2391511861628100895088988814765656118369224176176415534794931546222531191393,54978250562078788732535891657909173161508352364458206272900734945726006923944]},{"Coords":[33367545684625665916290843623923194353275614015826572202674111417892161420321,34552418317790324990966929588824151029743376389391432746282019503564426200611]},{"Coords":[453004606432256381667684448461219576328123204931667780295629476469381320335,24202636244659007772676161416986810172809713458728117448473736554568193288470]},{"Coords":[44318728173104604826550003017879014210227013712735183198372207299653903594205,55087473080850843015060234253261358005815826246456261778853783389363296224499]},{"Coords":[5097897464978708021234982103799161978473496892186061915228937112062938960292,39812599820868772665849683762267559082841521300551301780306710760212842213142]},{"Coords":[55801688604275193229895471092959853307614973751632662500004587523688279428992,17908790269314533447122947617750819476463804243432605334549377565373680755876]},{"Coords":[32196451128233400126962687457853805171503763230195900653815988022301169917854,10273285854850198960907924097749326069343899412006196915507281805160302832102]},{"Coords":[26398652979910650230881886450362073218710043900599396151821471419532983149715,3032814692424797993000494058354620844984917462544480255564224802193495430820]},{"Coords":[27236617586105103118624761259021831737235970883376501177552152583376986719238,2786011207236436994120124945804028682728444491790282961909091865945687955840]},{"Coords":[6500269738457737805717018971821598944446826873819309240030153246330846600187,54308477058519174622786176570543012641112928166620722474067812858680268430854]},{"Coords":[4652059627434138465834466819430362335203531466567637962754703362561726860984,18006877504897652595228402160133201981096960017662552547657957601542173068568]},{"Coords":[42705465432401668547671480078970955931365681662524360494488948437573630670729,37242984276081434326327463579899341679142344806501877280538421137197674554811]},{"Coords":[18501735463211215871442136946404860176100300228118646447712783974401612692211,55831398139586339034188706414537302757232734304622486782051369794171579576311]},{"Coords":[7385530367911231668221642462698546652820692326793989938132531831625569287435,12085977429229034609485085920553594147602092630530547749432190844231493145848]},{"Coords":[49366217028906791915740719671679644479230737403944270239462268252818931953988,25008491817774874184492999972971314605544442775664114331432153999032773052367]}],"EDDSAPub":{"Coords":[42175055170903350083404361365361390497000185285799325061444760830647516725091,33752718602899281735872279809218140168011871948094137689488348151553552496995]}} \ No newline at end of file diff --git a/test/_eddsa_fixtures/keygen_data_16.json b/test/_eddsa_fixtures/keygen_data_16.json deleted file mode 100644 index e30f5e140..000000000 --- a/test/_eddsa_fixtures/keygen_data_16.json +++ /dev/null @@ -1 +0,0 @@ -{"Xi":1398337338638325844456898556082803595180685456144685609069723938462608553306,"ShareID":40734138852254171962093726793026483849163144962128892259315105148313993825466,"Ks":[40734138852254171962093726793026483849163144962128892259315105148313993825450,40734138852254171962093726793026483849163144962128892259315105148313993825451,40734138852254171962093726793026483849163144962128892259315105148313993825452,40734138852254171962093726793026483849163144962128892259315105148313993825453,40734138852254171962093726793026483849163144962128892259315105148313993825454,40734138852254171962093726793026483849163144962128892259315105148313993825455,40734138852254171962093726793026483849163144962128892259315105148313993825456,40734138852254171962093726793026483849163144962128892259315105148313993825457,40734138852254171962093726793026483849163144962128892259315105148313993825458,40734138852254171962093726793026483849163144962128892259315105148313993825459,40734138852254171962093726793026483849163144962128892259315105148313993825460,40734138852254171962093726793026483849163144962128892259315105148313993825461,40734138852254171962093726793026483849163144962128892259315105148313993825462,40734138852254171962093726793026483849163144962128892259315105148313993825463,40734138852254171962093726793026483849163144962128892259315105148313993825464,40734138852254171962093726793026483849163144962128892259315105148313993825465,40734138852254171962093726793026483849163144962128892259315105148313993825466,40734138852254171962093726793026483849163144962128892259315105148313993825467,40734138852254171962093726793026483849163144962128892259315105148313993825468,40734138852254171962093726793026483849163144962128892259315105148313993825469],"BigXj":[{"Coords":[29957866551444288658476350454857942692734557351100032691360819157091897571232,36516084228669802171659768461438209556386151343623994887856397017072741988372]},{"Coords":[47405980669639002124687519219913707250293554115260022083522701215817403509702,6956633993610953877720305833332948578423467581354172946924040631226828086263]},{"Coords":[18448325566171282313365171084287037248684936691904749885126674379501353453346,57542808379242682171071366265254456185195752776998290707742666662032232473622]},{"Coords":[798119792817890022465650864894266739550633881670097146590803382931084199002,18741616705198182206589511729301188460657955392768622916582367701785923387424]},{"Coords":[14524065198933915096660983495571495008260235612202009841821241149956652340934,162069773027357354579088193613939754572344398048294401250160042815055523396]},{"Coords":[2391511861628100895088988814765656118369224176176415534794931546222531191393,54978250562078788732535891657909173161508352364458206272900734945726006923944]},{"Coords":[33367545684625665916290843623923194353275614015826572202674111417892161420321,34552418317790324990966929588824151029743376389391432746282019503564426200611]},{"Coords":[453004606432256381667684448461219576328123204931667780295629476469381320335,24202636244659007772676161416986810172809713458728117448473736554568193288470]},{"Coords":[44318728173104604826550003017879014210227013712735183198372207299653903594205,55087473080850843015060234253261358005815826246456261778853783389363296224499]},{"Coords":[5097897464978708021234982103799161978473496892186061915228937112062938960292,39812599820868772665849683762267559082841521300551301780306710760212842213142]},{"Coords":[55801688604275193229895471092959853307614973751632662500004587523688279428992,17908790269314533447122947617750819476463804243432605334549377565373680755876]},{"Coords":[32196451128233400126962687457853805171503763230195900653815988022301169917854,10273285854850198960907924097749326069343899412006196915507281805160302832102]},{"Coords":[26398652979910650230881886450362073218710043900599396151821471419532983149715,3032814692424797993000494058354620844984917462544480255564224802193495430820]},{"Coords":[27236617586105103118624761259021831737235970883376501177552152583376986719238,2786011207236436994120124945804028682728444491790282961909091865945687955840]},{"Coords":[6500269738457737805717018971821598944446826873819309240030153246330846600187,54308477058519174622786176570543012641112928166620722474067812858680268430854]},{"Coords":[4652059627434138465834466819430362335203531466567637962754703362561726860984,18006877504897652595228402160133201981096960017662552547657957601542173068568]},{"Coords":[42705465432401668547671480078970955931365681662524360494488948437573630670729,37242984276081434326327463579899341679142344806501877280538421137197674554811]},{"Coords":[18501735463211215871442136946404860176100300228118646447712783974401612692211,55831398139586339034188706414537302757232734304622486782051369794171579576311]},{"Coords":[7385530367911231668221642462698546652820692326793989938132531831625569287435,12085977429229034609485085920553594147602092630530547749432190844231493145848]},{"Coords":[49366217028906791915740719671679644479230737403944270239462268252818931953988,25008491817774874184492999972971314605544442775664114331432153999032773052367]}],"EDDSAPub":{"Coords":[42175055170903350083404361365361390497000185285799325061444760830647516725091,33752718602899281735872279809218140168011871948094137689488348151553552496995]}} \ No newline at end of file diff --git a/test/_eddsa_fixtures/keygen_data_17.json b/test/_eddsa_fixtures/keygen_data_17.json deleted file mode 100644 index 5c87a0c9b..000000000 --- a/test/_eddsa_fixtures/keygen_data_17.json +++ /dev/null @@ -1 +0,0 @@ -{"Xi":6568342599621759325979947282583347307332087091895502202407344082023314551338,"ShareID":40734138852254171962093726793026483849163144962128892259315105148313993825467,"Ks":[40734138852254171962093726793026483849163144962128892259315105148313993825450,40734138852254171962093726793026483849163144962128892259315105148313993825451,40734138852254171962093726793026483849163144962128892259315105148313993825452,40734138852254171962093726793026483849163144962128892259315105148313993825453,40734138852254171962093726793026483849163144962128892259315105148313993825454,40734138852254171962093726793026483849163144962128892259315105148313993825455,40734138852254171962093726793026483849163144962128892259315105148313993825456,40734138852254171962093726793026483849163144962128892259315105148313993825457,40734138852254171962093726793026483849163144962128892259315105148313993825458,40734138852254171962093726793026483849163144962128892259315105148313993825459,40734138852254171962093726793026483849163144962128892259315105148313993825460,40734138852254171962093726793026483849163144962128892259315105148313993825461,40734138852254171962093726793026483849163144962128892259315105148313993825462,40734138852254171962093726793026483849163144962128892259315105148313993825463,40734138852254171962093726793026483849163144962128892259315105148313993825464,40734138852254171962093726793026483849163144962128892259315105148313993825465,40734138852254171962093726793026483849163144962128892259315105148313993825466,40734138852254171962093726793026483849163144962128892259315105148313993825467,40734138852254171962093726793026483849163144962128892259315105148313993825468,40734138852254171962093726793026483849163144962128892259315105148313993825469],"BigXj":[{"Coords":[29957866551444288658476350454857942692734557351100032691360819157091897571232,36516084228669802171659768461438209556386151343623994887856397017072741988372]},{"Coords":[47405980669639002124687519219913707250293554115260022083522701215817403509702,6956633993610953877720305833332948578423467581354172946924040631226828086263]},{"Coords":[18448325566171282313365171084287037248684936691904749885126674379501353453346,57542808379242682171071366265254456185195752776998290707742666662032232473622]},{"Coords":[798119792817890022465650864894266739550633881670097146590803382931084199002,18741616705198182206589511729301188460657955392768622916582367701785923387424]},{"Coords":[14524065198933915096660983495571495008260235612202009841821241149956652340934,162069773027357354579088193613939754572344398048294401250160042815055523396]},{"Coords":[2391511861628100895088988814765656118369224176176415534794931546222531191393,54978250562078788732535891657909173161508352364458206272900734945726006923944]},{"Coords":[33367545684625665916290843623923194353275614015826572202674111417892161420321,34552418317790324990966929588824151029743376389391432746282019503564426200611]},{"Coords":[453004606432256381667684448461219576328123204931667780295629476469381320335,24202636244659007772676161416986810172809713458728117448473736554568193288470]},{"Coords":[44318728173104604826550003017879014210227013712735183198372207299653903594205,55087473080850843015060234253261358005815826246456261778853783389363296224499]},{"Coords":[5097897464978708021234982103799161978473496892186061915228937112062938960292,39812599820868772665849683762267559082841521300551301780306710760212842213142]},{"Coords":[55801688604275193229895471092959853307614973751632662500004587523688279428992,17908790269314533447122947617750819476463804243432605334549377565373680755876]},{"Coords":[32196451128233400126962687457853805171503763230195900653815988022301169917854,10273285854850198960907924097749326069343899412006196915507281805160302832102]},{"Coords":[26398652979910650230881886450362073218710043900599396151821471419532983149715,3032814692424797993000494058354620844984917462544480255564224802193495430820]},{"Coords":[27236617586105103118624761259021831737235970883376501177552152583376986719238,2786011207236436994120124945804028682728444491790282961909091865945687955840]},{"Coords":[6500269738457737805717018971821598944446826873819309240030153246330846600187,54308477058519174622786176570543012641112928166620722474067812858680268430854]},{"Coords":[4652059627434138465834466819430362335203531466567637962754703362561726860984,18006877504897652595228402160133201981096960017662552547657957601542173068568]},{"Coords":[42705465432401668547671480078970955931365681662524360494488948437573630670729,37242984276081434326327463579899341679142344806501877280538421137197674554811]},{"Coords":[18501735463211215871442136946404860176100300228118646447712783974401612692211,55831398139586339034188706414537302757232734304622486782051369794171579576311]},{"Coords":[7385530367911231668221642462698546652820692326793989938132531831625569287435,12085977429229034609485085920553594147602092630530547749432190844231493145848]},{"Coords":[49366217028906791915740719671679644479230737403944270239462268252818931953988,25008491817774874184492999972971314605544442775664114331432153999032773052367]}],"EDDSAPub":{"Coords":[42175055170903350083404361365361390497000185285799325061444760830647516725091,33752718602899281735872279809218140168011871948094137689488348151553552496995]}} \ No newline at end of file diff --git a/test/_eddsa_fixtures/keygen_data_18.json b/test/_eddsa_fixtures/keygen_data_18.json deleted file mode 100644 index 13647fd96..000000000 --- a/test/_eddsa_fixtures/keygen_data_18.json +++ /dev/null @@ -1 +0,0 @@ -{"Xi":3049379593686129638313564852122191503689962664104561458255546250747117815135,"ShareID":40734138852254171962093726793026483849163144962128892259315105148313993825468,"Ks":[40734138852254171962093726793026483849163144962128892259315105148313993825450,40734138852254171962093726793026483849163144962128892259315105148313993825451,40734138852254171962093726793026483849163144962128892259315105148313993825452,40734138852254171962093726793026483849163144962128892259315105148313993825453,40734138852254171962093726793026483849163144962128892259315105148313993825454,40734138852254171962093726793026483849163144962128892259315105148313993825455,40734138852254171962093726793026483849163144962128892259315105148313993825456,40734138852254171962093726793026483849163144962128892259315105148313993825457,40734138852254171962093726793026483849163144962128892259315105148313993825458,40734138852254171962093726793026483849163144962128892259315105148313993825459,40734138852254171962093726793026483849163144962128892259315105148313993825460,40734138852254171962093726793026483849163144962128892259315105148313993825461,40734138852254171962093726793026483849163144962128892259315105148313993825462,40734138852254171962093726793026483849163144962128892259315105148313993825463,40734138852254171962093726793026483849163144962128892259315105148313993825464,40734138852254171962093726793026483849163144962128892259315105148313993825465,40734138852254171962093726793026483849163144962128892259315105148313993825466,40734138852254171962093726793026483849163144962128892259315105148313993825467,40734138852254171962093726793026483849163144962128892259315105148313993825468,40734138852254171962093726793026483849163144962128892259315105148313993825469],"BigXj":[{"Coords":[29957866551444288658476350454857942692734557351100032691360819157091897571232,36516084228669802171659768461438209556386151343623994887856397017072741988372]},{"Coords":[47405980669639002124687519219913707250293554115260022083522701215817403509702,6956633993610953877720305833332948578423467581354172946924040631226828086263]},{"Coords":[18448325566171282313365171084287037248684936691904749885126674379501353453346,57542808379242682171071366265254456185195752776998290707742666662032232473622]},{"Coords":[798119792817890022465650864894266739550633881670097146590803382931084199002,18741616705198182206589511729301188460657955392768622916582367701785923387424]},{"Coords":[14524065198933915096660983495571495008260235612202009841821241149956652340934,162069773027357354579088193613939754572344398048294401250160042815055523396]},{"Coords":[2391511861628100895088988814765656118369224176176415534794931546222531191393,54978250562078788732535891657909173161508352364458206272900734945726006923944]},{"Coords":[33367545684625665916290843623923194353275614015826572202674111417892161420321,34552418317790324990966929588824151029743376389391432746282019503564426200611]},{"Coords":[453004606432256381667684448461219576328123204931667780295629476469381320335,24202636244659007772676161416986810172809713458728117448473736554568193288470]},{"Coords":[44318728173104604826550003017879014210227013712735183198372207299653903594205,55087473080850843015060234253261358005815826246456261778853783389363296224499]},{"Coords":[5097897464978708021234982103799161978473496892186061915228937112062938960292,39812599820868772665849683762267559082841521300551301780306710760212842213142]},{"Coords":[55801688604275193229895471092959853307614973751632662500004587523688279428992,17908790269314533447122947617750819476463804243432605334549377565373680755876]},{"Coords":[32196451128233400126962687457853805171503763230195900653815988022301169917854,10273285854850198960907924097749326069343899412006196915507281805160302832102]},{"Coords":[26398652979910650230881886450362073218710043900599396151821471419532983149715,3032814692424797993000494058354620844984917462544480255564224802193495430820]},{"Coords":[27236617586105103118624761259021831737235970883376501177552152583376986719238,2786011207236436994120124945804028682728444491790282961909091865945687955840]},{"Coords":[6500269738457737805717018971821598944446826873819309240030153246330846600187,54308477058519174622786176570543012641112928166620722474067812858680268430854]},{"Coords":[4652059627434138465834466819430362335203531466567637962754703362561726860984,18006877504897652595228402160133201981096960017662552547657957601542173068568]},{"Coords":[42705465432401668547671480078970955931365681662524360494488948437573630670729,37242984276081434326327463579899341679142344806501877280538421137197674554811]},{"Coords":[18501735463211215871442136946404860176100300228118646447712783974401612692211,55831398139586339034188706414537302757232734304622486782051369794171579576311]},{"Coords":[7385530367911231668221642462698546652820692326793989938132531831625569287435,12085977429229034609485085920553594147602092630530547749432190844231493145848]},{"Coords":[49366217028906791915740719671679644479230737403944270239462268252818931953988,25008491817774874184492999972971314605544442775664114331432153999032773052367]}],"EDDSAPub":{"Coords":[42175055170903350083404361365361390497000185285799325061444760830647516725091,33752718602899281735872279809218140168011871948094137689488348151553552496995]}} \ No newline at end of file diff --git a/test/_eddsa_fixtures/keygen_data_19.json b/test/_eddsa_fixtures/keygen_data_19.json deleted file mode 100644 index 76e90ec4c..000000000 --- a/test/_eddsa_fixtures/keygen_data_19.json +++ /dev/null @@ -1 +0,0 @@ -{"Xi":5204698323580644027606815765592885488881961426971733158947112508553271193434,"ShareID":40734138852254171962093726793026483849163144962128892259315105148313993825469,"Ks":[40734138852254171962093726793026483849163144962128892259315105148313993825450,40734138852254171962093726793026483849163144962128892259315105148313993825451,40734138852254171962093726793026483849163144962128892259315105148313993825452,40734138852254171962093726793026483849163144962128892259315105148313993825453,40734138852254171962093726793026483849163144962128892259315105148313993825454,40734138852254171962093726793026483849163144962128892259315105148313993825455,40734138852254171962093726793026483849163144962128892259315105148313993825456,40734138852254171962093726793026483849163144962128892259315105148313993825457,40734138852254171962093726793026483849163144962128892259315105148313993825458,40734138852254171962093726793026483849163144962128892259315105148313993825459,40734138852254171962093726793026483849163144962128892259315105148313993825460,40734138852254171962093726793026483849163144962128892259315105148313993825461,40734138852254171962093726793026483849163144962128892259315105148313993825462,40734138852254171962093726793026483849163144962128892259315105148313993825463,40734138852254171962093726793026483849163144962128892259315105148313993825464,40734138852254171962093726793026483849163144962128892259315105148313993825465,40734138852254171962093726793026483849163144962128892259315105148313993825466,40734138852254171962093726793026483849163144962128892259315105148313993825467,40734138852254171962093726793026483849163144962128892259315105148313993825468,40734138852254171962093726793026483849163144962128892259315105148313993825469],"BigXj":[{"Coords":[29957866551444288658476350454857942692734557351100032691360819157091897571232,36516084228669802171659768461438209556386151343623994887856397017072741988372]},{"Coords":[47405980669639002124687519219913707250293554115260022083522701215817403509702,6956633993610953877720305833332948578423467581354172946924040631226828086263]},{"Coords":[18448325566171282313365171084287037248684936691904749885126674379501353453346,57542808379242682171071366265254456185195752776998290707742666662032232473622]},{"Coords":[798119792817890022465650864894266739550633881670097146590803382931084199002,18741616705198182206589511729301188460657955392768622916582367701785923387424]},{"Coords":[14524065198933915096660983495571495008260235612202009841821241149956652340934,162069773027357354579088193613939754572344398048294401250160042815055523396]},{"Coords":[2391511861628100895088988814765656118369224176176415534794931546222531191393,54978250562078788732535891657909173161508352364458206272900734945726006923944]},{"Coords":[33367545684625665916290843623923194353275614015826572202674111417892161420321,34552418317790324990966929588824151029743376389391432746282019503564426200611]},{"Coords":[453004606432256381667684448461219576328123204931667780295629476469381320335,24202636244659007772676161416986810172809713458728117448473736554568193288470]},{"Coords":[44318728173104604826550003017879014210227013712735183198372207299653903594205,55087473080850843015060234253261358005815826246456261778853783389363296224499]},{"Coords":[5097897464978708021234982103799161978473496892186061915228937112062938960292,39812599820868772665849683762267559082841521300551301780306710760212842213142]},{"Coords":[55801688604275193229895471092959853307614973751632662500004587523688279428992,17908790269314533447122947617750819476463804243432605334549377565373680755876]},{"Coords":[32196451128233400126962687457853805171503763230195900653815988022301169917854,10273285854850198960907924097749326069343899412006196915507281805160302832102]},{"Coords":[26398652979910650230881886450362073218710043900599396151821471419532983149715,3032814692424797993000494058354620844984917462544480255564224802193495430820]},{"Coords":[27236617586105103118624761259021831737235970883376501177552152583376986719238,2786011207236436994120124945804028682728444491790282961909091865945687955840]},{"Coords":[6500269738457737805717018971821598944446826873819309240030153246330846600187,54308477058519174622786176570543012641112928166620722474067812858680268430854]},{"Coords":[4652059627434138465834466819430362335203531466567637962754703362561726860984,18006877504897652595228402160133201981096960017662552547657957601542173068568]},{"Coords":[42705465432401668547671480078970955931365681662524360494488948437573630670729,37242984276081434326327463579899341679142344806501877280538421137197674554811]},{"Coords":[18501735463211215871442136946404860176100300228118646447712783974401612692211,55831398139586339034188706414537302757232734304622486782051369794171579576311]},{"Coords":[7385530367911231668221642462698546652820692326793989938132531831625569287435,12085977429229034609485085920553594147602092630530547749432190844231493145848]},{"Coords":[49366217028906791915740719671679644479230737403944270239462268252818931953988,25008491817774874184492999972971314605544442775664114331432153999032773052367]}],"EDDSAPub":{"Coords":[42175055170903350083404361365361390497000185285799325061444760830647516725091,33752718602899281735872279809218140168011871948094137689488348151553552496995]}} \ No newline at end of file diff --git a/test/_eddsa_fixtures/keygen_data_2.json b/test/_eddsa_fixtures/keygen_data_2.json deleted file mode 100644 index be22505a6..000000000 --- a/test/_eddsa_fixtures/keygen_data_2.json +++ /dev/null @@ -1 +0,0 @@ -{"Xi":872133822970594263976239542698278517508809712383590934449908956501683125959,"ShareID":40734138852254171962093726793026483849163144962128892259315105148313993825452,"Ks":[40734138852254171962093726793026483849163144962128892259315105148313993825450,40734138852254171962093726793026483849163144962128892259315105148313993825451,40734138852254171962093726793026483849163144962128892259315105148313993825452,40734138852254171962093726793026483849163144962128892259315105148313993825453,40734138852254171962093726793026483849163144962128892259315105148313993825454,40734138852254171962093726793026483849163144962128892259315105148313993825455,40734138852254171962093726793026483849163144962128892259315105148313993825456,40734138852254171962093726793026483849163144962128892259315105148313993825457,40734138852254171962093726793026483849163144962128892259315105148313993825458,40734138852254171962093726793026483849163144962128892259315105148313993825459,40734138852254171962093726793026483849163144962128892259315105148313993825460,40734138852254171962093726793026483849163144962128892259315105148313993825461,40734138852254171962093726793026483849163144962128892259315105148313993825462,40734138852254171962093726793026483849163144962128892259315105148313993825463,40734138852254171962093726793026483849163144962128892259315105148313993825464,40734138852254171962093726793026483849163144962128892259315105148313993825465,40734138852254171962093726793026483849163144962128892259315105148313993825466,40734138852254171962093726793026483849163144962128892259315105148313993825467,40734138852254171962093726793026483849163144962128892259315105148313993825468,40734138852254171962093726793026483849163144962128892259315105148313993825469],"BigXj":[{"Coords":[29957866551444288658476350454857942692734557351100032691360819157091897571232,36516084228669802171659768461438209556386151343623994887856397017072741988372]},{"Coords":[47405980669639002124687519219913707250293554115260022083522701215817403509702,6956633993610953877720305833332948578423467581354172946924040631226828086263]},{"Coords":[18448325566171282313365171084287037248684936691904749885126674379501353453346,57542808379242682171071366265254456185195752776998290707742666662032232473622]},{"Coords":[798119792817890022465650864894266739550633881670097146590803382931084199002,18741616705198182206589511729301188460657955392768622916582367701785923387424]},{"Coords":[14524065198933915096660983495571495008260235612202009841821241149956652340934,162069773027357354579088193613939754572344398048294401250160042815055523396]},{"Coords":[2391511861628100895088988814765656118369224176176415534794931546222531191393,54978250562078788732535891657909173161508352364458206272900734945726006923944]},{"Coords":[33367545684625665916290843623923194353275614015826572202674111417892161420321,34552418317790324990966929588824151029743376389391432746282019503564426200611]},{"Coords":[453004606432256381667684448461219576328123204931667780295629476469381320335,24202636244659007772676161416986810172809713458728117448473736554568193288470]},{"Coords":[44318728173104604826550003017879014210227013712735183198372207299653903594205,55087473080850843015060234253261358005815826246456261778853783389363296224499]},{"Coords":[5097897464978708021234982103799161978473496892186061915228937112062938960292,39812599820868772665849683762267559082841521300551301780306710760212842213142]},{"Coords":[55801688604275193229895471092959853307614973751632662500004587523688279428992,17908790269314533447122947617750819476463804243432605334549377565373680755876]},{"Coords":[32196451128233400126962687457853805171503763230195900653815988022301169917854,10273285854850198960907924097749326069343899412006196915507281805160302832102]},{"Coords":[26398652979910650230881886450362073218710043900599396151821471419532983149715,3032814692424797993000494058354620844984917462544480255564224802193495430820]},{"Coords":[27236617586105103118624761259021831737235970883376501177552152583376986719238,2786011207236436994120124945804028682728444491790282961909091865945687955840]},{"Coords":[6500269738457737805717018971821598944446826873819309240030153246330846600187,54308477058519174622786176570543012641112928166620722474067812858680268430854]},{"Coords":[4652059627434138465834466819430362335203531466567637962754703362561726860984,18006877504897652595228402160133201981096960017662552547657957601542173068568]},{"Coords":[42705465432401668547671480078970955931365681662524360494488948437573630670729,37242984276081434326327463579899341679142344806501877280538421137197674554811]},{"Coords":[18501735463211215871442136946404860176100300228118646447712783974401612692211,55831398139586339034188706414537302757232734304622486782051369794171579576311]},{"Coords":[7385530367911231668221642462698546652820692326793989938132531831625569287435,12085977429229034609485085920553594147602092630530547749432190844231493145848]},{"Coords":[49366217028906791915740719671679644479230737403944270239462268252818931953988,25008491817774874184492999972971314605544442775664114331432153999032773052367]}],"EDDSAPub":{"Coords":[42175055170903350083404361365361390497000185285799325061444760830647516725091,33752718602899281735872279809218140168011871948094137689488348151553552496995]}} \ No newline at end of file diff --git a/test/_eddsa_fixtures/keygen_data_3.json b/test/_eddsa_fixtures/keygen_data_3.json deleted file mode 100644 index e1e8037dd..000000000 --- a/test/_eddsa_fixtures/keygen_data_3.json +++ /dev/null @@ -1 +0,0 @@ -{"Xi":1179836229477984641418482962119419198917316245936841797929041104581714095832,"ShareID":40734138852254171962093726793026483849163144962128892259315105148313993825453,"Ks":[40734138852254171962093726793026483849163144962128892259315105148313993825450,40734138852254171962093726793026483849163144962128892259315105148313993825451,40734138852254171962093726793026483849163144962128892259315105148313993825452,40734138852254171962093726793026483849163144962128892259315105148313993825453,40734138852254171962093726793026483849163144962128892259315105148313993825454,40734138852254171962093726793026483849163144962128892259315105148313993825455,40734138852254171962093726793026483849163144962128892259315105148313993825456,40734138852254171962093726793026483849163144962128892259315105148313993825457,40734138852254171962093726793026483849163144962128892259315105148313993825458,40734138852254171962093726793026483849163144962128892259315105148313993825459,40734138852254171962093726793026483849163144962128892259315105148313993825460,40734138852254171962093726793026483849163144962128892259315105148313993825461,40734138852254171962093726793026483849163144962128892259315105148313993825462,40734138852254171962093726793026483849163144962128892259315105148313993825463,40734138852254171962093726793026483849163144962128892259315105148313993825464,40734138852254171962093726793026483849163144962128892259315105148313993825465,40734138852254171962093726793026483849163144962128892259315105148313993825466,40734138852254171962093726793026483849163144962128892259315105148313993825467,40734138852254171962093726793026483849163144962128892259315105148313993825468,40734138852254171962093726793026483849163144962128892259315105148313993825469],"BigXj":[{"Coords":[29957866551444288658476350454857942692734557351100032691360819157091897571232,36516084228669802171659768461438209556386151343623994887856397017072741988372]},{"Coords":[47405980669639002124687519219913707250293554115260022083522701215817403509702,6956633993610953877720305833332948578423467581354172946924040631226828086263]},{"Coords":[18448325566171282313365171084287037248684936691904749885126674379501353453346,57542808379242682171071366265254456185195752776998290707742666662032232473622]},{"Coords":[798119792817890022465650864894266739550633881670097146590803382931084199002,18741616705198182206589511729301188460657955392768622916582367701785923387424]},{"Coords":[14524065198933915096660983495571495008260235612202009841821241149956652340934,162069773027357354579088193613939754572344398048294401250160042815055523396]},{"Coords":[2391511861628100895088988814765656118369224176176415534794931546222531191393,54978250562078788732535891657909173161508352364458206272900734945726006923944]},{"Coords":[33367545684625665916290843623923194353275614015826572202674111417892161420321,34552418317790324990966929588824151029743376389391432746282019503564426200611]},{"Coords":[453004606432256381667684448461219576328123204931667780295629476469381320335,24202636244659007772676161416986810172809713458728117448473736554568193288470]},{"Coords":[44318728173104604826550003017879014210227013712735183198372207299653903594205,55087473080850843015060234253261358005815826246456261778853783389363296224499]},{"Coords":[5097897464978708021234982103799161978473496892186061915228937112062938960292,39812599820868772665849683762267559082841521300551301780306710760212842213142]},{"Coords":[55801688604275193229895471092959853307614973751632662500004587523688279428992,17908790269314533447122947617750819476463804243432605334549377565373680755876]},{"Coords":[32196451128233400126962687457853805171503763230195900653815988022301169917854,10273285854850198960907924097749326069343899412006196915507281805160302832102]},{"Coords":[26398652979910650230881886450362073218710043900599396151821471419532983149715,3032814692424797993000494058354620844984917462544480255564224802193495430820]},{"Coords":[27236617586105103118624761259021831737235970883376501177552152583376986719238,2786011207236436994120124945804028682728444491790282961909091865945687955840]},{"Coords":[6500269738457737805717018971821598944446826873819309240030153246330846600187,54308477058519174622786176570543012641112928166620722474067812858680268430854]},{"Coords":[4652059627434138465834466819430362335203531466567637962754703362561726860984,18006877504897652595228402160133201981096960017662552547657957601542173068568]},{"Coords":[42705465432401668547671480078970955931365681662524360494488948437573630670729,37242984276081434326327463579899341679142344806501877280538421137197674554811]},{"Coords":[18501735463211215871442136946404860176100300228118646447712783974401612692211,55831398139586339034188706414537302757232734304622486782051369794171579576311]},{"Coords":[7385530367911231668221642462698546652820692326793989938132531831625569287435,12085977429229034609485085920553594147602092630530547749432190844231493145848]},{"Coords":[49366217028906791915740719671679644479230737403944270239462268252818931953988,25008491817774874184492999972971314605544442775664114331432153999032773052367]}],"EDDSAPub":{"Coords":[42175055170903350083404361365361390497000185285799325061444760830647516725091,33752718602899281735872279809218140168011871948094137689488348151553552496995]}} \ No newline at end of file diff --git a/test/_eddsa_fixtures/keygen_data_4.json b/test/_eddsa_fixtures/keygen_data_4.json deleted file mode 100644 index e57fb5c29..000000000 --- a/test/_eddsa_fixtures/keygen_data_4.json +++ /dev/null @@ -1 +0,0 @@ -{"Xi":5017669489520337100589122810632646133378593041253350621343210562932715161221,"ShareID":40734138852254171962093726793026483849163144962128892259315105148313993825454,"Ks":[40734138852254171962093726793026483849163144962128892259315105148313993825450,40734138852254171962093726793026483849163144962128892259315105148313993825451,40734138852254171962093726793026483849163144962128892259315105148313993825452,40734138852254171962093726793026483849163144962128892259315105148313993825453,40734138852254171962093726793026483849163144962128892259315105148313993825454,40734138852254171962093726793026483849163144962128892259315105148313993825455,40734138852254171962093726793026483849163144962128892259315105148313993825456,40734138852254171962093726793026483849163144962128892259315105148313993825457,40734138852254171962093726793026483849163144962128892259315105148313993825458,40734138852254171962093726793026483849163144962128892259315105148313993825459,40734138852254171962093726793026483849163144962128892259315105148313993825460,40734138852254171962093726793026483849163144962128892259315105148313993825461,40734138852254171962093726793026483849163144962128892259315105148313993825462,40734138852254171962093726793026483849163144962128892259315105148313993825463,40734138852254171962093726793026483849163144962128892259315105148313993825464,40734138852254171962093726793026483849163144962128892259315105148313993825465,40734138852254171962093726793026483849163144962128892259315105148313993825466,40734138852254171962093726793026483849163144962128892259315105148313993825467,40734138852254171962093726793026483849163144962128892259315105148313993825468,40734138852254171962093726793026483849163144962128892259315105148313993825469],"BigXj":[{"Coords":[29957866551444288658476350454857942692734557351100032691360819157091897571232,36516084228669802171659768461438209556386151343623994887856397017072741988372]},{"Coords":[47405980669639002124687519219913707250293554115260022083522701215817403509702,6956633993610953877720305833332948578423467581354172946924040631226828086263]},{"Coords":[18448325566171282313365171084287037248684936691904749885126674379501353453346,57542808379242682171071366265254456185195752776998290707742666662032232473622]},{"Coords":[798119792817890022465650864894266739550633881670097146590803382931084199002,18741616705198182206589511729301188460657955392768622916582367701785923387424]},{"Coords":[14524065198933915096660983495571495008260235612202009841821241149956652340934,162069773027357354579088193613939754572344398048294401250160042815055523396]},{"Coords":[2391511861628100895088988814765656118369224176176415534794931546222531191393,54978250562078788732535891657909173161508352364458206272900734945726006923944]},{"Coords":[33367545684625665916290843623923194353275614015826572202674111417892161420321,34552418317790324990966929588824151029743376389391432746282019503564426200611]},{"Coords":[453004606432256381667684448461219576328123204931667780295629476469381320335,24202636244659007772676161416986810172809713458728117448473736554568193288470]},{"Coords":[44318728173104604826550003017879014210227013712735183198372207299653903594205,55087473080850843015060234253261358005815826246456261778853783389363296224499]},{"Coords":[5097897464978708021234982103799161978473496892186061915228937112062938960292,39812599820868772665849683762267559082841521300551301780306710760212842213142]},{"Coords":[55801688604275193229895471092959853307614973751632662500004587523688279428992,17908790269314533447122947617750819476463804243432605334549377565373680755876]},{"Coords":[32196451128233400126962687457853805171503763230195900653815988022301169917854,10273285854850198960907924097749326069343899412006196915507281805160302832102]},{"Coords":[26398652979910650230881886450362073218710043900599396151821471419532983149715,3032814692424797993000494058354620844984917462544480255564224802193495430820]},{"Coords":[27236617586105103118624761259021831737235970883376501177552152583376986719238,2786011207236436994120124945804028682728444491790282961909091865945687955840]},{"Coords":[6500269738457737805717018971821598944446826873819309240030153246330846600187,54308477058519174622786176570543012641112928166620722474067812858680268430854]},{"Coords":[4652059627434138465834466819430362335203531466567637962754703362561726860984,18006877504897652595228402160133201981096960017662552547657957601542173068568]},{"Coords":[42705465432401668547671480078970955931365681662524360494488948437573630670729,37242984276081434326327463579899341679142344806501877280538421137197674554811]},{"Coords":[18501735463211215871442136946404860176100300228118646447712783974401612692211,55831398139586339034188706414537302757232734304622486782051369794171579576311]},{"Coords":[7385530367911231668221642462698546652820692326793989938132531831625569287435,12085977429229034609485085920553594147602092630530547749432190844231493145848]},{"Coords":[49366217028906791915740719671679644479230737403944270239462268252818931953988,25008491817774874184492999972971314605544442775664114331432153999032773052367]}],"EDDSAPub":{"Coords":[42175055170903350083404361365361390497000185285799325061444760830647516725091,33752718602899281735872279809218140168011871948094137689488348151553552496995]}} \ No newline at end of file diff --git a/test/_eddsa_fixtures/keygen_data_5.json b/test/_eddsa_fixtures/keygen_data_5.json deleted file mode 100644 index 8f7b32a4b..000000000 --- a/test/_eddsa_fixtures/keygen_data_5.json +++ /dev/null @@ -1 +0,0 @@ -{"Xi":4765471521464052470070984911157841845886683306552259817170065272142575391856,"ShareID":40734138852254171962093726793026483849163144962128892259315105148313993825455,"Ks":[40734138852254171962093726793026483849163144962128892259315105148313993825450,40734138852254171962093726793026483849163144962128892259315105148313993825451,40734138852254171962093726793026483849163144962128892259315105148313993825452,40734138852254171962093726793026483849163144962128892259315105148313993825453,40734138852254171962093726793026483849163144962128892259315105148313993825454,40734138852254171962093726793026483849163144962128892259315105148313993825455,40734138852254171962093726793026483849163144962128892259315105148313993825456,40734138852254171962093726793026483849163144962128892259315105148313993825457,40734138852254171962093726793026483849163144962128892259315105148313993825458,40734138852254171962093726793026483849163144962128892259315105148313993825459,40734138852254171962093726793026483849163144962128892259315105148313993825460,40734138852254171962093726793026483849163144962128892259315105148313993825461,40734138852254171962093726793026483849163144962128892259315105148313993825462,40734138852254171962093726793026483849163144962128892259315105148313993825463,40734138852254171962093726793026483849163144962128892259315105148313993825464,40734138852254171962093726793026483849163144962128892259315105148313993825465,40734138852254171962093726793026483849163144962128892259315105148313993825466,40734138852254171962093726793026483849163144962128892259315105148313993825467,40734138852254171962093726793026483849163144962128892259315105148313993825468,40734138852254171962093726793026483849163144962128892259315105148313993825469],"BigXj":[{"Coords":[29957866551444288658476350454857942692734557351100032691360819157091897571232,36516084228669802171659768461438209556386151343623994887856397017072741988372]},{"Coords":[47405980669639002124687519219913707250293554115260022083522701215817403509702,6956633993610953877720305833332948578423467581354172946924040631226828086263]},{"Coords":[18448325566171282313365171084287037248684936691904749885126674379501353453346,57542808379242682171071366265254456185195752776998290707742666662032232473622]},{"Coords":[798119792817890022465650864894266739550633881670097146590803382931084199002,18741616705198182206589511729301188460657955392768622916582367701785923387424]},{"Coords":[14524065198933915096660983495571495008260235612202009841821241149956652340934,162069773027357354579088193613939754572344398048294401250160042815055523396]},{"Coords":[2391511861628100895088988814765656118369224176176415534794931546222531191393,54978250562078788732535891657909173161508352364458206272900734945726006923944]},{"Coords":[33367545684625665916290843623923194353275614015826572202674111417892161420321,34552418317790324990966929588824151029743376389391432746282019503564426200611]},{"Coords":[453004606432256381667684448461219576328123204931667780295629476469381320335,24202636244659007772676161416986810172809713458728117448473736554568193288470]},{"Coords":[44318728173104604826550003017879014210227013712735183198372207299653903594205,55087473080850843015060234253261358005815826246456261778853783389363296224499]},{"Coords":[5097897464978708021234982103799161978473496892186061915228937112062938960292,39812599820868772665849683762267559082841521300551301780306710760212842213142]},{"Coords":[55801688604275193229895471092959853307614973751632662500004587523688279428992,17908790269314533447122947617750819476463804243432605334549377565373680755876]},{"Coords":[32196451128233400126962687457853805171503763230195900653815988022301169917854,10273285854850198960907924097749326069343899412006196915507281805160302832102]},{"Coords":[26398652979910650230881886450362073218710043900599396151821471419532983149715,3032814692424797993000494058354620844984917462544480255564224802193495430820]},{"Coords":[27236617586105103118624761259021831737235970883376501177552152583376986719238,2786011207236436994120124945804028682728444491790282961909091865945687955840]},{"Coords":[6500269738457737805717018971821598944446826873819309240030153246330846600187,54308477058519174622786176570543012641112928166620722474067812858680268430854]},{"Coords":[4652059627434138465834466819430362335203531466567637962754703362561726860984,18006877504897652595228402160133201981096960017662552547657957601542173068568]},{"Coords":[42705465432401668547671480078970955931365681662524360494488948437573630670729,37242984276081434326327463579899341679142344806501877280538421137197674554811]},{"Coords":[18501735463211215871442136946404860176100300228118646447712783974401612692211,55831398139586339034188706414537302757232734304622486782051369794171579576311]},{"Coords":[7385530367911231668221642462698546652820692326793989938132531831625569287435,12085977429229034609485085920553594147602092630530547749432190844231493145848]},{"Coords":[49366217028906791915740719671679644479230737403944270239462268252818931953988,25008491817774874184492999972971314605544442775664114331432153999032773052367]}],"EDDSAPub":{"Coords":[42175055170903350083404361365361390497000185285799325061444760830647516725091,33752718602899281735872279809218140168011871948094137689488348151553552496995]}} \ No newline at end of file diff --git a/test/_eddsa_fixtures/keygen_data_6.json b/test/_eddsa_fixtures/keygen_data_6.json deleted file mode 100644 index 5f4efa22d..000000000 --- a/test/_eddsa_fixtures/keygen_data_6.json +++ /dev/null @@ -1 +0,0 @@ -{"Xi":1045892474936059251985659170102725504923897290191611725843576974027994030581,"ShareID":40734138852254171962093726793026483849163144962128892259315105148313993825456,"Ks":[40734138852254171962093726793026483849163144962128892259315105148313993825450,40734138852254171962093726793026483849163144962128892259315105148313993825451,40734138852254171962093726793026483849163144962128892259315105148313993825452,40734138852254171962093726793026483849163144962128892259315105148313993825453,40734138852254171962093726793026483849163144962128892259315105148313993825454,40734138852254171962093726793026483849163144962128892259315105148313993825455,40734138852254171962093726793026483849163144962128892259315105148313993825456,40734138852254171962093726793026483849163144962128892259315105148313993825457,40734138852254171962093726793026483849163144962128892259315105148313993825458,40734138852254171962093726793026483849163144962128892259315105148313993825459,40734138852254171962093726793026483849163144962128892259315105148313993825460,40734138852254171962093726793026483849163144962128892259315105148313993825461,40734138852254171962093726793026483849163144962128892259315105148313993825462,40734138852254171962093726793026483849163144962128892259315105148313993825463,40734138852254171962093726793026483849163144962128892259315105148313993825464,40734138852254171962093726793026483849163144962128892259315105148313993825465,40734138852254171962093726793026483849163144962128892259315105148313993825466,40734138852254171962093726793026483849163144962128892259315105148313993825467,40734138852254171962093726793026483849163144962128892259315105148313993825468,40734138852254171962093726793026483849163144962128892259315105148313993825469],"BigXj":[{"Coords":[29957866551444288658476350454857942692734557351100032691360819157091897571232,36516084228669802171659768461438209556386151343623994887856397017072741988372]},{"Coords":[47405980669639002124687519219913707250293554115260022083522701215817403509702,6956633993610953877720305833332948578423467581354172946924040631226828086263]},{"Coords":[18448325566171282313365171084287037248684936691904749885126674379501353453346,57542808379242682171071366265254456185195752776998290707742666662032232473622]},{"Coords":[798119792817890022465650864894266739550633881670097146590803382931084199002,18741616705198182206589511729301188460657955392768622916582367701785923387424]},{"Coords":[14524065198933915096660983495571495008260235612202009841821241149956652340934,162069773027357354579088193613939754572344398048294401250160042815055523396]},{"Coords":[2391511861628100895088988814765656118369224176176415534794931546222531191393,54978250562078788732535891657909173161508352364458206272900734945726006923944]},{"Coords":[33367545684625665916290843623923194353275614015826572202674111417892161420321,34552418317790324990966929588824151029743376389391432746282019503564426200611]},{"Coords":[453004606432256381667684448461219576328123204931667780295629476469381320335,24202636244659007772676161416986810172809713458728117448473736554568193288470]},{"Coords":[44318728173104604826550003017879014210227013712735183198372207299653903594205,55087473080850843015060234253261358005815826246456261778853783389363296224499]},{"Coords":[5097897464978708021234982103799161978473496892186061915228937112062938960292,39812599820868772665849683762267559082841521300551301780306710760212842213142]},{"Coords":[55801688604275193229895471092959853307614973751632662500004587523688279428992,17908790269314533447122947617750819476463804243432605334549377565373680755876]},{"Coords":[32196451128233400126962687457853805171503763230195900653815988022301169917854,10273285854850198960907924097749326069343899412006196915507281805160302832102]},{"Coords":[26398652979910650230881886450362073218710043900599396151821471419532983149715,3032814692424797993000494058354620844984917462544480255564224802193495430820]},{"Coords":[27236617586105103118624761259021831737235970883376501177552152583376986719238,2786011207236436994120124945804028682728444491790282961909091865945687955840]},{"Coords":[6500269738457737805717018971821598944446826873819309240030153246330846600187,54308477058519174622786176570543012641112928166620722474067812858680268430854]},{"Coords":[4652059627434138465834466819430362335203531466567637962754703362561726860984,18006877504897652595228402160133201981096960017662552547657957601542173068568]},{"Coords":[42705465432401668547671480078970955931365681662524360494488948437573630670729,37242984276081434326327463579899341679142344806501877280538421137197674554811]},{"Coords":[18501735463211215871442136946404860176100300228118646447712783974401612692211,55831398139586339034188706414537302757232734304622486782051369794171579576311]},{"Coords":[7385530367911231668221642462698546652820692326793989938132531831625569287435,12085977429229034609485085920553594147602092630530547749432190844231493145848]},{"Coords":[49366217028906791915740719671679644479230737403944270239462268252818931953988,25008491817774874184492999972971314605544442775664114331432153999032773052367]}],"EDDSAPub":{"Coords":[42175055170903350083404361365361390497000185285799325061444760830647516725091,33752718602899281735872279809218140168011871948094137689488348151553552496995]}} \ No newline at end of file diff --git a/test/_eddsa_fixtures/keygen_data_7.json b/test/_eddsa_fixtures/keygen_data_7.json deleted file mode 100644 index ed10ea51d..000000000 --- a/test/_eddsa_fixtures/keygen_data_7.json +++ /dev/null @@ -1 +0,0 @@ -{"Xi":4041926922956203584528365898533497289190576165251745887001630247571429018585,"ShareID":40734138852254171962093726793026483849163144962128892259315105148313993825457,"Ks":[40734138852254171962093726793026483849163144962128892259315105148313993825450,40734138852254171962093726793026483849163144962128892259315105148313993825451,40734138852254171962093726793026483849163144962128892259315105148313993825452,40734138852254171962093726793026483849163144962128892259315105148313993825453,40734138852254171962093726793026483849163144962128892259315105148313993825454,40734138852254171962093726793026483849163144962128892259315105148313993825455,40734138852254171962093726793026483849163144962128892259315105148313993825456,40734138852254171962093726793026483849163144962128892259315105148313993825457,40734138852254171962093726793026483849163144962128892259315105148313993825458,40734138852254171962093726793026483849163144962128892259315105148313993825459,40734138852254171962093726793026483849163144962128892259315105148313993825460,40734138852254171962093726793026483849163144962128892259315105148313993825461,40734138852254171962093726793026483849163144962128892259315105148313993825462,40734138852254171962093726793026483849163144962128892259315105148313993825463,40734138852254171962093726793026483849163144962128892259315105148313993825464,40734138852254171962093726793026483849163144962128892259315105148313993825465,40734138852254171962093726793026483849163144962128892259315105148313993825466,40734138852254171962093726793026483849163144962128892259315105148313993825467,40734138852254171962093726793026483849163144962128892259315105148313993825468,40734138852254171962093726793026483849163144962128892259315105148313993825469],"BigXj":[{"Coords":[29957866551444288658476350454857942692734557351100032691360819157091897571232,36516084228669802171659768461438209556386151343623994887856397017072741988372]},{"Coords":[47405980669639002124687519219913707250293554115260022083522701215817403509702,6956633993610953877720305833332948578423467581354172946924040631226828086263]},{"Coords":[18448325566171282313365171084287037248684936691904749885126674379501353453346,57542808379242682171071366265254456185195752776998290707742666662032232473622]},{"Coords":[798119792817890022465650864894266739550633881670097146590803382931084199002,18741616705198182206589511729301188460657955392768622916582367701785923387424]},{"Coords":[14524065198933915096660983495571495008260235612202009841821241149956652340934,162069773027357354579088193613939754572344398048294401250160042815055523396]},{"Coords":[2391511861628100895088988814765656118369224176176415534794931546222531191393,54978250562078788732535891657909173161508352364458206272900734945726006923944]},{"Coords":[33367545684625665916290843623923194353275614015826572202674111417892161420321,34552418317790324990966929588824151029743376389391432746282019503564426200611]},{"Coords":[453004606432256381667684448461219576328123204931667780295629476469381320335,24202636244659007772676161416986810172809713458728117448473736554568193288470]},{"Coords":[44318728173104604826550003017879014210227013712735183198372207299653903594205,55087473080850843015060234253261358005815826246456261778853783389363296224499]},{"Coords":[5097897464978708021234982103799161978473496892186061915228937112062938960292,39812599820868772665849683762267559082841521300551301780306710760212842213142]},{"Coords":[55801688604275193229895471092959853307614973751632662500004587523688279428992,17908790269314533447122947617750819476463804243432605334549377565373680755876]},{"Coords":[32196451128233400126962687457853805171503763230195900653815988022301169917854,10273285854850198960907924097749326069343899412006196915507281805160302832102]},{"Coords":[26398652979910650230881886450362073218710043900599396151821471419532983149715,3032814692424797993000494058354620844984917462544480255564224802193495430820]},{"Coords":[27236617586105103118624761259021831737235970883376501177552152583376986719238,2786011207236436994120124945804028682728444491790282961909091865945687955840]},{"Coords":[6500269738457737805717018971821598944446826873819309240030153246330846600187,54308477058519174622786176570543012641112928166620722474067812858680268430854]},{"Coords":[4652059627434138465834466819430362335203531466567637962754703362561726860984,18006877504897652595228402160133201981096960017662552547657957601542173068568]},{"Coords":[42705465432401668547671480078970955931365681662524360494488948437573630670729,37242984276081434326327463579899341679142344806501877280538421137197674554811]},{"Coords":[18501735463211215871442136946404860176100300228118646447712783974401612692211,55831398139586339034188706414537302757232734304622486782051369794171579576311]},{"Coords":[7385530367911231668221642462698546652820692326793989938132531831625569287435,12085977429229034609485085920553594147602092630530547749432190844231493145848]},{"Coords":[49366217028906791915740719671679644479230737403944270239462268252818931953988,25008491817774874184492999972971314605544442775664114331432153999032773052367]}],"EDDSAPub":{"Coords":[42175055170903350083404361365361390497000185285799325061444760830647516725091,33752718602899281735872279809218140168011871948094137689488348151553552496995]}} \ No newline at end of file diff --git a/test/_eddsa_fixtures/keygen_data_8.json b/test/_eddsa_fixtures/keygen_data_8.json deleted file mode 100644 index ced478506..000000000 --- a/test/_eddsa_fixtures/keygen_data_8.json +++ /dev/null @@ -1 +0,0 @@ -{"Xi":4424331354155150752871085145208343995276421178095495124698480820719825522042,"ShareID":40734138852254171962093726793026483849163144962128892259315105148313993825458,"Ks":[40734138852254171962093726793026483849163144962128892259315105148313993825450,40734138852254171962093726793026483849163144962128892259315105148313993825451,40734138852254171962093726793026483849163144962128892259315105148313993825452,40734138852254171962093726793026483849163144962128892259315105148313993825453,40734138852254171962093726793026483849163144962128892259315105148313993825454,40734138852254171962093726793026483849163144962128892259315105148313993825455,40734138852254171962093726793026483849163144962128892259315105148313993825456,40734138852254171962093726793026483849163144962128892259315105148313993825457,40734138852254171962093726793026483849163144962128892259315105148313993825458,40734138852254171962093726793026483849163144962128892259315105148313993825459,40734138852254171962093726793026483849163144962128892259315105148313993825460,40734138852254171962093726793026483849163144962128892259315105148313993825461,40734138852254171962093726793026483849163144962128892259315105148313993825462,40734138852254171962093726793026483849163144962128892259315105148313993825463,40734138852254171962093726793026483849163144962128892259315105148313993825464,40734138852254171962093726793026483849163144962128892259315105148313993825465,40734138852254171962093726793026483849163144962128892259315105148313993825466,40734138852254171962093726793026483849163144962128892259315105148313993825467,40734138852254171962093726793026483849163144962128892259315105148313993825468,40734138852254171962093726793026483849163144962128892259315105148313993825469],"BigXj":[{"Coords":[29957866551444288658476350454857942692734557351100032691360819157091897571232,36516084228669802171659768461438209556386151343623994887856397017072741988372]},{"Coords":[47405980669639002124687519219913707250293554115260022083522701215817403509702,6956633993610953877720305833332948578423467581354172946924040631226828086263]},{"Coords":[18448325566171282313365171084287037248684936691904749885126674379501353453346,57542808379242682171071366265254456185195752776998290707742666662032232473622]},{"Coords":[798119792817890022465650864894266739550633881670097146590803382931084199002,18741616705198182206589511729301188460657955392768622916582367701785923387424]},{"Coords":[14524065198933915096660983495571495008260235612202009841821241149956652340934,162069773027357354579088193613939754572344398048294401250160042815055523396]},{"Coords":[2391511861628100895088988814765656118369224176176415534794931546222531191393,54978250562078788732535891657909173161508352364458206272900734945726006923944]},{"Coords":[33367545684625665916290843623923194353275614015826572202674111417892161420321,34552418317790324990966929588824151029743376389391432746282019503564426200611]},{"Coords":[453004606432256381667684448461219576328123204931667780295629476469381320335,24202636244659007772676161416986810172809713458728117448473736554568193288470]},{"Coords":[44318728173104604826550003017879014210227013712735183198372207299653903594205,55087473080850843015060234253261358005815826246456261778853783389363296224499]},{"Coords":[5097897464978708021234982103799161978473496892186061915228937112062938960292,39812599820868772665849683762267559082841521300551301780306710760212842213142]},{"Coords":[55801688604275193229895471092959853307614973751632662500004587523688279428992,17908790269314533447122947617750819476463804243432605334549377565373680755876]},{"Coords":[32196451128233400126962687457853805171503763230195900653815988022301169917854,10273285854850198960907924097749326069343899412006196915507281805160302832102]},{"Coords":[26398652979910650230881886450362073218710043900599396151821471419532983149715,3032814692424797993000494058354620844984917462544480255564224802193495430820]},{"Coords":[27236617586105103118624761259021831737235970883376501177552152583376986719238,2786011207236436994120124945804028682728444491790282961909091865945687955840]},{"Coords":[6500269738457737805717018971821598944446826873819309240030153246330846600187,54308477058519174622786176570543012641112928166620722474067812858680268430854]},{"Coords":[4652059627434138465834466819430362335203531466567637962754703362561726860984,18006877504897652595228402160133201981096960017662552547657957601542173068568]},{"Coords":[42705465432401668547671480078970955931365681662524360494488948437573630670729,37242984276081434326327463579899341679142344806501877280538421137197674554811]},{"Coords":[18501735463211215871442136946404860176100300228118646447712783974401612692211,55831398139586339034188706414537302757232734304622486782051369794171579576311]},{"Coords":[7385530367911231668221642462698546652820692326793989938132531831625569287435,12085977429229034609485085920553594147602092630530547749432190844231493145848]},{"Coords":[49366217028906791915740719671679644479230737403944270239462268252818931953988,25008491817774874184492999972971314605544442775664114331432153999032773052367]}],"EDDSAPub":{"Coords":[42175055170903350083404361365361390497000185285799325061444760830647516725091,33752718602899281735872279809218140168011871948094137689488348151553552496995]}} \ No newline at end of file diff --git a/test/_eddsa_fixtures/keygen_data_9.json b/test/_eddsa_fixtures/keygen_data_9.json deleted file mode 100644 index a7386de20..000000000 --- a/test/_eddsa_fixtures/keygen_data_9.json +++ /dev/null @@ -1 +0,0 @@ -{"Xi":4107694223360230897865014039477631043773881150017797542034694187907332099878,"ShareID":40734138852254171962093726793026483849163144962128892259315105148313993825459,"Ks":[40734138852254171962093726793026483849163144962128892259315105148313993825450,40734138852254171962093726793026483849163144962128892259315105148313993825451,40734138852254171962093726793026483849163144962128892259315105148313993825452,40734138852254171962093726793026483849163144962128892259315105148313993825453,40734138852254171962093726793026483849163144962128892259315105148313993825454,40734138852254171962093726793026483849163144962128892259315105148313993825455,40734138852254171962093726793026483849163144962128892259315105148313993825456,40734138852254171962093726793026483849163144962128892259315105148313993825457,40734138852254171962093726793026483849163144962128892259315105148313993825458,40734138852254171962093726793026483849163144962128892259315105148313993825459,40734138852254171962093726793026483849163144962128892259315105148313993825460,40734138852254171962093726793026483849163144962128892259315105148313993825461,40734138852254171962093726793026483849163144962128892259315105148313993825462,40734138852254171962093726793026483849163144962128892259315105148313993825463,40734138852254171962093726793026483849163144962128892259315105148313993825464,40734138852254171962093726793026483849163144962128892259315105148313993825465,40734138852254171962093726793026483849163144962128892259315105148313993825466,40734138852254171962093726793026483849163144962128892259315105148313993825467,40734138852254171962093726793026483849163144962128892259315105148313993825468,40734138852254171962093726793026483849163144962128892259315105148313993825469],"BigXj":[{"Coords":[29957866551444288658476350454857942692734557351100032691360819157091897571232,36516084228669802171659768461438209556386151343623994887856397017072741988372]},{"Coords":[47405980669639002124687519219913707250293554115260022083522701215817403509702,6956633993610953877720305833332948578423467581354172946924040631226828086263]},{"Coords":[18448325566171282313365171084287037248684936691904749885126674379501353453346,57542808379242682171071366265254456185195752776998290707742666662032232473622]},{"Coords":[798119792817890022465650864894266739550633881670097146590803382931084199002,18741616705198182206589511729301188460657955392768622916582367701785923387424]},{"Coords":[14524065198933915096660983495571495008260235612202009841821241149956652340934,162069773027357354579088193613939754572344398048294401250160042815055523396]},{"Coords":[2391511861628100895088988814765656118369224176176415534794931546222531191393,54978250562078788732535891657909173161508352364458206272900734945726006923944]},{"Coords":[33367545684625665916290843623923194353275614015826572202674111417892161420321,34552418317790324990966929588824151029743376389391432746282019503564426200611]},{"Coords":[453004606432256381667684448461219576328123204931667780295629476469381320335,24202636244659007772676161416986810172809713458728117448473736554568193288470]},{"Coords":[44318728173104604826550003017879014210227013712735183198372207299653903594205,55087473080850843015060234253261358005815826246456261778853783389363296224499]},{"Coords":[5097897464978708021234982103799161978473496892186061915228937112062938960292,39812599820868772665849683762267559082841521300551301780306710760212842213142]},{"Coords":[55801688604275193229895471092959853307614973751632662500004587523688279428992,17908790269314533447122947617750819476463804243432605334549377565373680755876]},{"Coords":[32196451128233400126962687457853805171503763230195900653815988022301169917854,10273285854850198960907924097749326069343899412006196915507281805160302832102]},{"Coords":[26398652979910650230881886450362073218710043900599396151821471419532983149715,3032814692424797993000494058354620844984917462544480255564224802193495430820]},{"Coords":[27236617586105103118624761259021831737235970883376501177552152583376986719238,2786011207236436994120124945804028682728444491790282961909091865945687955840]},{"Coords":[6500269738457737805717018971821598944446826873819309240030153246330846600187,54308477058519174622786176570543012641112928166620722474067812858680268430854]},{"Coords":[4652059627434138465834466819430362335203531466567637962754703362561726860984,18006877504897652595228402160133201981096960017662552547657957601542173068568]},{"Coords":[42705465432401668547671480078970955931365681662524360494488948437573630670729,37242984276081434326327463579899341679142344806501877280538421137197674554811]},{"Coords":[18501735463211215871442136946404860176100300228118646447712783974401612692211,55831398139586339034188706414537302757232734304622486782051369794171579576311]},{"Coords":[7385530367911231668221642462698546652820692326793989938132531831625569287435,12085977429229034609485085920553594147602092630530547749432190844231493145848]},{"Coords":[49366217028906791915740719671679644479230737403944270239462268252818931953988,25008491817774874184492999972971314605544442775664114331432153999032773052367]}],"EDDSAPub":{"Coords":[42175055170903350083404361365361390497000185285799325061444760830647516725091,33752718602899281735872279809218140168011871948094137689488348151553552496995]}} \ No newline at end of file diff --git a/test/config.go b/test/config.go index 4f055032a..478bb42c1 100644 --- a/test/config.go +++ b/test/config.go @@ -8,7 +8,7 @@ package test const ( // To change these parameters, you must first delete the text fixture files in test/_fixtures/ and then run the keygen test alone. - // Then the signing and resharing tests will work with the new n, t configuration using the newly written fixture files. + // Then the signing tests will work with the new n, t configuration using the newly written fixture files. TestParticipants = 20 TestThreshold = TestParticipants / 2 ) diff --git a/tss/curve.go b/tss/curve.go index d5bcdc82e..0b08db8b9 100644 --- a/tss/curve.go +++ b/tss/curve.go @@ -12,14 +12,12 @@ import ( "reflect" s256k1 "github.com/btcsuite/btcd/btcec" - "github.com/decred/dcrd/dcrec/edwards/v2" ) type CurveName string const ( Secp256k1 CurveName = "secp256k1" - Ed25519 CurveName = "ed25519" ) var ( @@ -33,7 +31,6 @@ func init() { registry = make(map[CurveName]elliptic.Curve) registry[Secp256k1] = s256k1.S256() - registry[Ed25519] = edwards.Edwards() } func RegisterCurve(name CurveName, curve elliptic.Curve) { @@ -85,7 +82,3 @@ func SetCurve(curve elliptic.Curve) { func S256() elliptic.Curve { return s256k1.S256() } - -func Edwards() elliptic.Curve { - return edwards.Edwards() -} diff --git a/tss/message.go b/tss/message.go index acb4a6ec2..9aa8e59e4 100644 --- a/tss/message.go +++ b/tss/message.go @@ -24,9 +24,9 @@ type ( GetFrom() *PartyID // Indicates whether the message should be broadcast to other participants IsBroadcast() bool - // Indicates whether the message is to the old committee during re-sharing; used mainly in tests + // Legacy routing flag retained for wire compatibility with the wrapper. IsToOldCommittee() bool - // Indicates whether the message is to both committees during re-sharing; used mainly in tests + // Legacy routing flag retained for wire compatibility with the wrapper. IsToOldAndNewCommittees() bool // Returns the encoded inner message bytes to send over the wire along with metadata about how the message should be delivered WireBytes() ([]byte, *MessageRouting, error) @@ -57,9 +57,9 @@ type ( To []*PartyID // whether the message should be broadcast to other participants IsBroadcast bool - // whether the message should be sent to old committee participants rather than the new committee + // legacy resharing routing flag retained for wire compatibility IsToOldCommittee bool - // whether the message should be sent to both old and new committee participants + // legacy resharing routing flag retained for wire compatibility IsToOldAndNewCommittees bool } @@ -126,12 +126,12 @@ func (mm *MessageImpl) IsBroadcast() bool { return mm.wire.IsBroadcast } -// only `true` in DGRound2Message (resharing) +// legacy resharing routing flag retained for wire compatibility func (mm *MessageImpl) IsToOldCommittee() bool { return mm.wire.IsToOldCommittee } -// only `true` in DGRound4Message (resharing) +// legacy resharing routing flag retained for wire compatibility func (mm *MessageImpl) IsToOldAndNewCommittees() bool { return mm.wire.IsToOldAndNewCommittees } diff --git a/tss/message.pb.go b/tss/message.pb.go index a7fbd6cee..02d3f919a 100644 --- a/tss/message.pb.go +++ b/tss/message.pb.go @@ -36,9 +36,9 @@ type MessageWrapper struct { // Metadata optionally un-marshalled and used by the transport to route this message. IsBroadcast bool `protobuf:"varint,1,opt,name=is_broadcast,json=isBroadcast,proto3" json:"is_broadcast,omitempty"` // Metadata optionally un-marshalled and used by the transport to route this message. - IsToOldCommittee bool `protobuf:"varint,2,opt,name=is_to_old_committee,json=isToOldCommittee,proto3" json:"is_to_old_committee,omitempty"` // used only in certain resharing messages + IsToOldCommittee bool `protobuf:"varint,2,opt,name=is_to_old_committee,json=isToOldCommittee,proto3" json:"is_to_old_committee,omitempty"` // legacy resharing routing field // Metadata optionally un-marshalled and used by the transport to route this message. - IsToOldAndNewCommittees bool `protobuf:"varint,5,opt,name=is_to_old_and_new_committees,json=isToOldAndNewCommittees,proto3" json:"is_to_old_and_new_committees,omitempty"` // used only in certain resharing messages + IsToOldAndNewCommittees bool `protobuf:"varint,5,opt,name=is_to_old_and_new_committees,json=isToOldAndNewCommittees,proto3" json:"is_to_old_and_new_committees,omitempty"` // legacy resharing routing field // Metadata optionally un-marshalled and used by the transport to route this message. From *MessageWrapper_PartyID `protobuf:"bytes,3,opt,name=from,proto3" json:"from,omitempty"` // Metadata optionally un-marshalled and used by the transport to route this message. diff --git a/tss/params.go b/tss/params.go index 1d8612e75..486f50a3c 100644 --- a/tss/params.go +++ b/tss/params.go @@ -25,17 +25,10 @@ type ( concurrency int safePrimeGenTimeout time.Duration // sessionNonce provides per-session SSID uniqueness for GG20 proof - // binding. Keygen, signing, and resharing require callers to coordinate - // a shared positive nonce before Start. + // binding. Keygen and signing require callers to coordinate a shared + // positive nonce before Start. sessionNonce *big.Int } - - ReSharingParameters struct { - *Parameters - newParties *PeerContext - newPartyCount int - newThreshold int - } ) const ( @@ -100,15 +93,14 @@ func (params *Parameters) SessionNonce() *big.Int { // SetSessionNonce sets a per-session nonce that all parties in a protocol run // must agree on. It must be called before Start. // -// Keygen, resharing, and signing all fail closed if no nonce is set. The -// previous zero (keygen/resharing) and SHA512_256(messageBytes) (signing) -// fallbacks caused two ceremonies with otherwise-identical inputs to derive -// the same SSID, breaking the session-binding property that the proofs rely -// on. The caller must supply a per-ceremony unique nonce; reusing the same -// nonce across distinct ceremonies on the same inputs reintroduces -// transcript-splicing risk. Set the nonce before Start on the same goroutine -// that constructs the party; do not mutate Parameters concurrently with a -// running protocol. +// Keygen and signing fail closed if no nonce is set. The previous zero +// (keygen) and SHA512_256(messageBytes) (signing) fallbacks caused two +// ceremonies with otherwise-identical inputs to derive the same SSID, breaking +// the session-binding property that the proofs rely on. The caller must supply +// a per-ceremony unique nonce; reusing the same nonce across distinct +// ceremonies on the same inputs reintroduces transcript-splicing risk. Set the +// nonce before Start on the same goroutine that constructs the party; do not +// mutate Parameters concurrently with a running protocol. func (params *Parameters) SetSessionNonce(nonce *big.Int) { if nonce == nil || nonce.Sign() <= 0 { panic("tss: session nonce must be positive") @@ -126,64 +118,3 @@ func (params *Parameters) SetSessionNonceBytes(sessionID []byte) { } params.SetSessionNonce(new(big.Int).SetBytes(common.SHA512_256(sessionID))) } - -// ----- // - -// Exported, used in `tss` client -func NewReSharingParameters(ec elliptic.Curve, ctx, newCtx *PeerContext, partyID *PartyID, partyCount, threshold, newPartyCount, newThreshold int) *ReSharingParameters { - params := NewParameters(ec, ctx, partyID, partyCount, threshold) - return &ReSharingParameters{ - Parameters: params, - newParties: newCtx, - newPartyCount: newPartyCount, - newThreshold: newThreshold, - } -} - -func (rgParams *ReSharingParameters) OldParties() *PeerContext { - return rgParams.Parties() // wr use the original method for old parties -} - -func (rgParams *ReSharingParameters) OldPartyCount() int { - return rgParams.partyCount -} - -func (rgParams *ReSharingParameters) NewParties() *PeerContext { - return rgParams.newParties -} - -func (rgParams *ReSharingParameters) NewPartyCount() int { - return rgParams.newPartyCount -} - -func (rgParams *ReSharingParameters) NewThreshold() int { - return rgParams.newThreshold -} - -func (rgParams *ReSharingParameters) OldAndNewParties() []*PartyID { - return append(rgParams.OldParties().IDs(), rgParams.NewParties().IDs()...) -} - -func (rgParams *ReSharingParameters) OldAndNewPartyCount() int { - return rgParams.OldPartyCount() + rgParams.NewPartyCount() -} - -func (rgParams *ReSharingParameters) IsOldCommittee() bool { - partyID := rgParams.partyID - for _, Pj := range rgParams.parties.IDs() { - if partyID.KeyInt().Cmp(Pj.KeyInt()) == 0 { - return true - } - } - return false -} - -func (rgParams *ReSharingParameters) IsNewCommittee() bool { - partyID := rgParams.partyID - for _, Pj := range rgParams.newParties.IDs() { - if partyID.KeyInt().Cmp(Pj.KeyInt()) == 0 { - return true - } - } - return false -} From 1b42437e49a5216a95b51c13df22cc23b7e78604 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Piotr=20Ros=C5=82aniec?= Date: Sat, 23 May 2026 12:53:52 +0000 Subject: [PATCH 2/2] Document removed surface and fix stale README references Add a Removed Public Surface section to BNB_HARDENING_INTEGRATION.md enumerating the packages and symbols deleted in this fork so downstream consumers can grep their codebases mechanically. Drop two stale re-sharing references in README.md: one pre-existing session-ID line, and one introduced in the same PR that deletes the ECDSA re-sharing package. --- BNB_HARDENING_INTEGRATION.md | 12 ++++++++++++ README.md | 4 ++-- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/BNB_HARDENING_INTEGRATION.md b/BNB_HARDENING_INTEGRATION.md index 453c2e812..23f84bd9a 100644 --- a/BNB_HARDENING_INTEGRATION.md +++ b/BNB_HARDENING_INTEGRATION.md @@ -53,6 +53,18 @@ This is a protocol/wire compatibility break for proof transcripts. Proofs whose - Constant-time operations are not included and remain a residual follow-up. - EdDSA and resharing protocol packages are intentionally removed in this fork because Threshold/tBTC does not use them. +## Removed Public Surface + +The following public packages and symbols were removed in this fork. Downstream consumers upgrading from upstream BNB tss-lib or from an earlier Threshold fork can grep against this list to confirm they do not depend on the removed surface. Audit of `keep-core-security` confirmed it imports only ECDSA keygen/signing plus the shared `common`, `crypto`, and `tss` packages. + +- Packages: `github.com/bnb-chain/tss-lib/eddsa/keygen`, `eddsa/signing`, `eddsa/resharing`, `ecdsa/resharing`. +- `tss.Ed25519` curve-name constant and the registered `Edwards()` curve. +- `tss.ReSharingParameters` and `tss.NewReSharingParameters`. +- `crypto.ECPoint.EightInvEight()` and the unexported `eight` / `eightInv` package-level constants. +- Proto definitions: `protob/ecdsa-resharing.proto`, `protob/eddsa-keygen.proto`, `protob/eddsa-signing.proto`, `protob/eddsa-resharing.proto`. + +The legacy `IsToOldCommittee` / `IsToOldAndNewCommittees` fields on `tss.Message` and `MessageWrapper` are intentionally retained; this fork never sets them to `true`, but the wrapper field numbers stay reserved for proto wire-layout stability. + ## Tests - `go test ./crypto/... ./ecdsa/keygen ./ecdsa/signing` passed. diff --git a/README.md b/README.md index 5156cbba5..e835e4c5d 100644 --- a/README.md +++ b/README.md @@ -124,7 +124,7 @@ The transport for messaging is left to the application layer and is not provided When you build a transport, it should offer a broadcast channel as well as point-to-point channels connecting every pair of parties. Your transport should also employ suitable end-to-end encryption (TLS with an [AEAD cipher](https://en.wikipedia.org/wiki/Authenticated_encryption#Authenticated_encryption_with_associated_data_(AEAD)) is recommended) between parties to ensure that a party can only read the messages sent to it. -Within your transport, each message should be wrapped with a **session ID** that is unique to a single run of the keygen, signing or re-sharing rounds. This session ID should be agreed upon out-of-band and known only by the participating parties before the rounds begin. Upon receiving any message, your program should make sure that the received session ID matches the one that was agreed upon at the start. +Within your transport, each message should be wrapped with a **session ID** that is unique to a single run of the keygen or signing rounds. This session ID should be agreed upon out-of-band and known only by the participating parties before the rounds begin. Upon receiving any message, your program should make sure that the received session ID matches the one that was agreed upon at the start. The same session ID should be bound into the protocol parameters before constructing local parties: @@ -133,7 +133,7 @@ params := tss.NewParameters(curve, ctx, thisParty, len(parties), threshold) params.SetSessionNonceBytes([]byte(sessionID)) ``` -All parties in the run must use the same high-entropy session ID of at least 16 bytes, and it must be unique to the ceremony. Keygen, signing, and ECDSA re-sharing fail closed if no session nonce is set; reusing a session ID across otherwise identical ceremonies reintroduces transcript-splicing risk. +All parties in the run must use the same high-entropy session ID of at least 16 bytes, and it must be unique to the ceremony. Keygen and signing fail closed if no session nonce is set; reusing a session ID across otherwise identical ceremonies reintroduces transcript-splicing risk. Additionally, there should be a mechanism in your transport to allow for "reliable broadcasts", meaning parties can broadcast a message to other parties such that it's guaranteed that each one receives the same message. There are several examples of algorithms online that do this by sharing and comparing hashes of received messages.