[❄] encpedpop: remove input arrival order dependence

nickfarrow · LLFourn · commit 377eac124bf8 · 2025-09-05T20:18:20.000+10:00
diff --git a/schnorr_fun/src/frost/chilldkg/encpedpop.rs b/schnorr_fun/src/frost/chilldkg/encpedpop.rs
@@ -291,7 +291,7 @@ impl Coordinator {
         Self {
             inner: simplepedpop::Coordinator::new(threshold, n_contribtors),
             agg_encrypted_shares,
-            encryption_nonces: Default::default(),
+            encryption_nonces: vec![Point::default(); n_contribtors as usize],
         }
     }
 
@@ -328,8 +328,7 @@ impl Coordinator {
             *agg_encrypted_share += encrypted_share_contrib;
         }
 
-        self.encryption_nonces.push(input.encryption_nonce);
-
+        self.encryption_nonces[from as usize] = input.encryption_nonce;
         Ok(())
     }
 
@@ -496,13 +495,17 @@ where
 
 #[cfg(test)]
 mod test {
-    use crate::frost::{Fingerprint, chilldkg::encpedpop};
+    use alloc::{collections::BTreeMap, vec::Vec};
+
+    use crate::frost::{Fingerprint, ShareIndex, chilldkg::encpedpop};
 
     use proptest::{
         prelude::*,
         test_runner::{RngAlgorithm, TestRng},
     };
-    use secp256kfun::proptest;
+    use secp256kfun::{KeyPair, Scalar, proptest};
+
+    use super::{Contributor, Coordinator};
 
     proptest! {
         #[test]
@@ -557,4 +560,41 @@ mod test {
             assert!(shared_key.check_fingerprint::<sha2::Sha256>(&fingerprint), "fingerprint was grinded correctly");
         }
     }
+
+    #[test]
+    fn test_input_arrival_order() {
+        let schnorr = crate::new_with_deterministic_nonces::<sha2::Sha256>();
+        let mut rng = TestRng::deterministic_rng(RngAlgorithm::ChaCha);
+        let threshold = 2u32;
+
+        let receiver_enckeys = [(
+            ShareIndex::from(core::num::NonZeroU32::new(1).unwrap()),
+            KeyPair::new(Scalar::random(&mut rng)).public_key(),
+        )]
+        .into_iter()
+        .collect::<BTreeMap<_, _>>();
+
+        let mut coordinator = Coordinator::new(threshold, 3, &receiver_enckeys);
+
+        // Create contributors with indices 0, 1, 2
+        let contributors_and_inputs: Vec<_> = (0..3)
+            .map(|i| {
+                Contributor::gen_keygen_input(&schnorr, threshold, &receiver_enckeys, i, &mut rng)
+            })
+            .collect();
+
+        // Add them to coordinator in different order
+        let arrival_order = [2, 0, 1];
+        for &contributor_idx in arrival_order.iter() {
+            let (_, input) = &contributors_and_inputs[contributor_idx as usize];
+            coordinator
+                .add_input(&schnorr, contributor_idx, input.clone())
+                .unwrap();
+        }
+
+        let agg_input = coordinator.finish().unwrap();
+
+        let (contributor_1, _) = &contributors_and_inputs[1];
+        contributor_1.clone().verify_agg_input(&agg_input).unwrap(); // This should fail
+    }
 }
