[❄] encpedpop: remove input arrival order dependence

nickfarrow · nickfarrow · commit 76ad3d4c334a · 2025-09-05T05:30:52.000+10:00
diff --git a/schnorr_fun/src/frost/chilldkg/certpedpop/certificate.rs b/schnorr_fun/src/frost/chilldkg/certpedpop/certificate.rs
@@ -270,6 +270,7 @@ pub mod vrf_cert {
 }
 
 /// A certifier that validates certificates as they are received
+#[derive(Clone, Debug, PartialEq)]
 pub struct Certifier<S: CertificationScheme> {
     cert_scheme: S,
     agg_input: encpedpop::AggKeygenInput,
diff --git a/schnorr_fun/src/frost/chilldkg/encpedpop.rs b/schnorr_fun/src/frost/chilldkg/encpedpop.rs
@@ -291,7 +291,7 @@ impl Coordinator {
         Self {
             inner: simplepedpop::Coordinator::new(threshold, n_contribtors),
             agg_encrypted_shares,
-            encryption_nonces: Default::default(),
+            encryption_nonces: vec![Point::default(); n_contribtors as usize],
         }
     }
 
@@ -328,8 +328,7 @@ impl Coordinator {
             *agg_encrypted_share += encrypted_share_contrib;
         }
 
-        self.encryption_nonces.push(input.encryption_nonce);
-
+        self.encryption_nonces[from as usize] = input.encryption_nonce;
         Ok(())
     }
 
@@ -496,13 +495,17 @@ where
 
 #[cfg(test)]
 mod test {
-    use crate::frost::{Fingerprint, chilldkg::encpedpop};
+    use std::{collections::BTreeMap, vec::Vec};
+
+    use crate::frost::{Fingerprint, ShareIndex, chilldkg::encpedpop};
 
     use proptest::{
         prelude::*,
         test_runner::{RngAlgorithm, TestRng},
     };
-    use secp256kfun::proptest;
+    use secp256kfun::{KeyPair, Scalar, proptest};
+
+    use super::{Contributor, Coordinator};
 
     proptest! {
         #[test]
@@ -553,4 +556,41 @@ mod test {
             assert!(shared_key.check_fingerprint::<sha2::Sha256>(&fingerprint), "fingerprint was grinded correctly");
         }
     }
+
+    #[test]
+    fn test_input_arrival_order() {
+        let schnorr = crate::new_with_deterministic_nonces::<sha2::Sha256>();
+        let mut rng = TestRng::deterministic_rng(RngAlgorithm::ChaCha);
+        let threshold = 2u32;
+
+        let receiver_enckeys = [(
+            ShareIndex::from(core::num::NonZeroU32::new(1).unwrap()),
+            KeyPair::new(Scalar::random(&mut rng)).public_key(),
+        )]
+        .into_iter()
+        .collect::<BTreeMap<_, _>>();
+
+        let mut coordinator = Coordinator::new(threshold, 3, &receiver_enckeys);
+
+        // Create contributors with indices 0, 1, 2
+        let contributors_and_inputs: Vec<_> = (0..3)
+            .map(|i| {
+                Contributor::gen_keygen_input(&schnorr, threshold, &receiver_enckeys, i, &mut rng)
+            })
+            .collect();
+
+        // Add them to coordinator in different order
+        let arrival_order = [2, 0, 1];
+        for &contributor_idx in arrival_order.iter() {
+            let (_, input) = &contributors_and_inputs[contributor_idx as usize];
+            coordinator
+                .add_input(&schnorr, contributor_idx, input.clone())
+                .unwrap();
+        }
+
+        let agg_input = coordinator.finish().unwrap();
+
+        let (contributor_1, _) = &contributors_and_inputs[1];
+        contributor_1.clone().verify_agg_input(&agg_input).unwrap(); // This should fail
+    }
 }

Original file line number	Diff line number	Diff line change
`@@ -270,6 +270,7 @@ pub mod vrf_cert {`
`270`	`270`	`}`
`271`	`271`
`272`	`272`	`/// A certifier that validates certificates as they are received`
	`273`	`+#[derive(Clone, Debug, PartialEq)]`
`273`	`274`	`pub struct Certifier<S: CertificationScheme> {`
`274`	`275`	`cert_scheme: S,`
`275`	`276`	`agg_input: encpedpop::AggKeygenInput,`