@@ -38,241 +38,5 @@ pub mod certpedpop;
3838pub mod encpedpop;
3939pub mod simplepedpop;
4040
41- use crate :: Schnorr ;
42- use secp256kfun:: { KeyPair , hash:: Hash32 , nonce:: NonceGen , prelude:: * } ;
43-
44- /// A trait for signature schemes that can be used to certify the DKG output.
45- ///
46- /// This allows applications to choose their preferred signature scheme for
47- /// certifying the aggregated keygen input in certpedpop.
48- pub trait CertificationScheme {
49- /// The signature type produced by this scheme
50- type Signature : Clone + core:: fmt:: Debug ;
51-
52- /// The output produced by successful verification
53- type Output : Clone + core:: fmt:: Debug ;
54-
55- /// Sign the AggKeygenInput with the given keypair
56- fn certify ( & self , keypair : & KeyPair , agg_input : & encpedpop:: AggKeygenInput ) -> Self :: Signature ;
57-
58- /// Verify a certification signature and return the output
59- fn verify_cert (
60- & self ,
61- cert_key : Point ,
62- agg_input : & encpedpop:: AggKeygenInput ,
63- signature : & Self :: Signature ,
64- ) -> Option < Self :: Output > ;
65- }
66-
67- /// Standard Schnorr (BIP340) implementation of the CertificationScheme trait
68- impl < H : Hash32 , NG : NonceGen > CertificationScheme for Schnorr < H , NG > {
69- type Signature = crate :: Signature ;
70- type Output = ( ) ;
71-
72- fn certify ( & self , keypair : & KeyPair , agg_input : & encpedpop:: AggKeygenInput ) -> Self :: Signature {
73- let cert_bytes = agg_input. cert_bytes ( ) ;
74- let message = crate :: Message :: new ( "BIP DKG/cert" , cert_bytes. as_ref ( ) ) ;
75- let keypair_even_y = ( * keypair) . into ( ) ;
76- self . sign ( & keypair_even_y, message)
77- }
78-
79- fn verify_cert (
80- & self ,
81- cert_key : Point ,
82- agg_input : & encpedpop:: AggKeygenInput ,
83- signature : & Self :: Signature ,
84- ) -> Option < Self :: Output > {
85- let cert_bytes = agg_input. cert_bytes ( ) ;
86- let message = crate :: Message :: new ( "BIP DKG/cert" , cert_bytes. as_ref ( ) ) ;
87- let cert_key_even_y = cert_key. into_point_with_even_y ( ) . 0 ;
88- if self . verify ( & cert_key_even_y, message, signature) {
89- Some ( ( ) )
90- } else {
91- None
92- }
93- }
94- }
95-
96- /// VRF-based implementation of CertificationScheme
97- #[ cfg( feature = "vrf_cert_keygen" ) ]
98- pub mod vrf_cert {
99- use super :: * ;
100- use vrf_fun:: VrfProof ;
101-
102- /// VRF certification scheme using SSWU VRF
103- pub struct VrfCertifier ;
104-
105- /// The output from VRF verification containing the gamma point
106- #[ derive( Clone , Debug ) ]
107- pub struct VrfOutput {
108- /// The VRF output point (gamma)
109- pub gamma : Point ,
110- }
111-
112- /// Implement CertificationScheme for VrfCertifier
113- impl CertificationScheme for VrfCertifier {
114- type Signature = VrfProof ;
115- type Output = VrfOutput ;
116-
117- fn certify (
118- & self ,
119- keypair : & KeyPair ,
120- agg_input : & encpedpop:: AggKeygenInput ,
121- ) -> Self :: Signature {
122- // Use the certification bytes as the VRF input
123- let cert_bytes = agg_input. cert_bytes ( ) ;
124- vrf_fun:: rfc9381:: sswu:: prove :: < sha2:: Sha256 > ( keypair, & cert_bytes)
125- }
126-
127- fn verify_cert (
128- & self ,
129- cert_key : Point ,
130- agg_input : & encpedpop:: AggKeygenInput ,
131- signature : & Self :: Signature ,
132- ) -> Option < Self :: Output > {
133- // Use the certification bytes as the VRF input
134- let cert_bytes = agg_input. cert_bytes ( ) ;
135- vrf_fun:: rfc9381:: sswu:: verify :: < sha2:: Sha256 > ( cert_key, & cert_bytes, signature) . map (
136- |output| VrfOutput {
137- gamma : output. gamma ,
138- } ,
139- )
140- }
141- }
142- }
143-
144- #[ cfg( test) ]
145- mod test {
146- use crate :: frost:: Fingerprint ;
147-
148- use super :: * ;
149- use proptest:: {
150- prelude:: * ,
151- test_runner:: { RngAlgorithm , TestRng } ,
152- } ;
153- use secp256kfun:: proptest;
154-
155- proptest ! {
156- #[ test]
157- fn simplepedpop_run_simulate_keygen(
158- ( n_receivers, threshold) in ( 1u32 ..=4 ) . prop_flat_map( |n| ( Just ( n) , 1u32 ..=n) ) ,
159- n_generators in 1u32 ..5 ,
160- ) {
161- let schnorr = crate :: new_with_deterministic_nonces:: <sha2:: Sha256 >( ) ;
162- let mut rng = TestRng :: deterministic_rng( RngAlgorithm :: ChaCha ) ;
163-
164- simplepedpop:: simulate_keygen( & schnorr, threshold, n_receivers, n_generators, & mut rng) ;
165- }
166-
167- #[ test]
168- fn encpedpop_run_simulate_keygen(
169- ( n_receivers, threshold) in ( 1u32 ..=4 ) . prop_flat_map( |n| ( Just ( n) , 1u32 ..=n) ) ,
170- n_generators in 1u32 ..5 ,
171- ) {
172- let schnorr = crate :: new_with_deterministic_nonces:: <sha2:: Sha256 >( ) ;
173- let mut rng = TestRng :: deterministic_rng( RngAlgorithm :: ChaCha ) ;
174-
175- encpedpop:: simulate_keygen(
176- & schnorr,
177- threshold,
178- n_receivers,
179- n_generators,
180- Fingerprint :: none( ) ,
181- & mut rng,
182- ) ;
183- }
184-
185- #[ test]
186- fn certified_run_simulate_keygen(
187- ( n_receivers, threshold) in ( 1u32 ..=4 ) . prop_flat_map( |n| ( Just ( n) , 1u32 ..=n) ) ,
188- n_generators in 1u32 ..5 ,
189- ) {
190- let schnorr = crate :: new_with_deterministic_nonces:: <sha2:: Sha256 >( ) ;
191- let mut rng = TestRng :: deterministic_rng( RngAlgorithm :: ChaCha ) ;
192-
193- let ( certified_keygen, paired_secret_shares_and_keys) = certpedpop:: simulate_keygen(
194- & schnorr,
195- & schnorr,
196- threshold,
197- n_receivers,
198- n_generators,
199- Fingerprint :: none( ) ,
200- & mut rng
201- ) ;
202-
203- for ( paired_secret_share, keypair) in paired_secret_shares_and_keys {
204- let recovered = certified_keygen. recover_share:: <sha2:: Sha256 >( & schnorr, paired_secret_share. index( ) , keypair) . unwrap( ) ;
205- assert_eq!( paired_secret_share, recovered) ;
206- }
207- }
208- }
209-
210- proptest ! {
211- #[ test]
212- fn encpedpop_simulate_keygen_with_fingerprint(
213- ( n_receivers, threshold) in ( 2u32 ..=4 ) . prop_flat_map( |n| ( Just ( n) , 2u32 ..=n) ) ,
214- n_generators in 1u32 ..5 ,
215- difficulty in 0u8 ..10 ,
216- ) {
217- let schnorr = crate :: new_with_deterministic_nonces:: <sha2:: Sha256 >( ) ;
218- let mut rng = TestRng :: deterministic_rng( RngAlgorithm :: ChaCha ) ;
219-
220- let fingerprint = crate :: frost:: shared_key:: Fingerprint {
221- bit_length: difficulty,
222- tag: "test-fingerprint" ,
223- } ;
224-
225- let ( shared_key, paired_shares) = encpedpop:: simulate_keygen(
226- & schnorr,
227- threshold,
228- n_receivers,
229- n_generators,
230- fingerprint,
231- & mut rng,
232- ) ;
233-
234- for share in paired_shares {
235- assert_eq!( shared_key. pair_secret_share( * share. secret_share( ) ) , Some ( share) ) ;
236- }
237-
238- assert!( shared_key. check_fingerprint:: <sha2:: Sha256 >( & fingerprint) , "fingerprint was grinded correctly" ) ;
239- }
240- }
241-
242- #[ test]
243- #[ cfg( feature = "vrf_cert_keygen" ) ]
244- fn vrf_certified_keygen_randomness_beacon ( ) {
245- use proptest:: test_runner:: { RngAlgorithm , TestRng } ;
246-
247- let schnorr = crate :: new_with_deterministic_nonces :: < sha2:: Sha256 > ( ) ;
248- let vrf_certifier = vrf_cert:: VrfCertifier ;
249- let mut rng = TestRng :: deterministic_rng ( RngAlgorithm :: ChaCha ) ;
250-
251- let threshold = 2 ;
252- let n_receivers = 3 ;
253- let n_generators = 2 ;
254-
255- let ( certified_keygen, _) = certpedpop:: simulate_keygen (
256- & schnorr,
257- & vrf_certifier,
258- threshold,
259- n_receivers,
260- n_generators,
261- Fingerprint :: none ( ) ,
262- & mut rng,
263- ) ;
264-
265- // Compute randomness beacon from the VRF outputs
266- let randomness = certified_keygen. compute_randomness_beacon ( ) ;
267-
268- // Verify the randomness is deterministic
269- let randomness2 = certified_keygen. compute_randomness_beacon ( ) ;
270- assert_eq ! ( randomness, randomness2) ;
271-
272- // Verify we have the expected number of VRF outputs
273- assert_eq ! (
274- certified_keygen. outputs( ) . len( ) ,
275- ( n_receivers + n_generators) as usize
276- ) ;
277- }
278- }
41+ // Re-export CertificationScheme trait from certpedpop
42+ pub use certpedpop:: CertificationScheme ;
0 commit comments