cl_dl proof with setup'

Author: omershlo

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "multi-party-ecdsa"
-version = "0.2.7"
+version = "0.2.8"
 edition = "2018"
 authors = [
     "Gary <[email protected]>",
@@ -46,7 +46,7 @@ tag = "v0.2.1"
 
 [dependencies.class_group]
 git = "https://github.com/KZen-networks/class"
-tag = "v0.3.0"
+tag = "v0.4.2"
 optional = true
 
 [dev-dependencies]

benches/two_party_ecdsa/cclst_2019/keygen.rs

@@ -10,41 +10,43 @@ mod bench {
     pub fn bench_full_keygen_party_one_two(c: &mut Criterion) {
         c.bench_function("keygen", move |b| {
             b.iter(|| {
+
                 let (party_one_first_message, comm_witness, ec_key_pair_party1) =
-                    party_one::KeyGenFirstMsg::create_commitments_with_fixed_secret_share(
-                        ECScalar::from(&BigInt::sample(253)),
-                    );
-                let (party_two_first_message, _ec_key_pair_party2) =
-                    party_two::KeyGenFirstMsg::create_with_fixed_secret_share(ECScalar::from(
-                        &BigInt::from(10),
+                    party_one::KeyGenFirstMsg::create_commitments_with_fixed_secret_share(ECScalar::from(
+                        &BigInt::sample(253),
                     ));
+                let (party_two_first_message, _ec_key_pair_party2) =
+                    party_two::KeyGenFirstMsg::create_with_fixed_secret_share(ECScalar::from(&BigInt::from(
+                        10,
+                    )));
                 let party_one_second_message = party_one::KeyGenSecondMsg::verify_and_decommit(
                     comm_witness,
                     &party_two_first_message.d_log_proof,
                 )
-                .expect("failed to verify and decommit");
+                    .expect("failed to verify and decommit");
 
-                let _party_two_second_message =
-                    party_two::KeyGenSecondMsg::verify_commitments_and_dlog_proof(
-                        &party_one_first_message,
-                        &party_one_second_message,
-                    )
+                let _party_two_second_message = party_two::KeyGenSecondMsg::verify_commitments_and_dlog_proof(
+                    &party_one_first_message,
+                    &party_one_second_message,
+                )
                     .expect("failed to verify commitments and DLog proof");
 
                 // init HSMCL keypair:
-                let hsmcl_key_pair = party_one::HSMCLKeyPair::generate_keypair_and_encrypted_share(
-                    &ec_key_pair_party1,
-                );
+                let seed :BigInt = str::parse(
+                    "314159265358979323846264338327950288419716939937510582097494459230781640628620899862803482534211706798214808651328230664709384460955058223172535940812848"
+                ).unwrap();
+                let hsmcl_key_pair =
+                    party_one::HSMCLKeyPair::generate_keypair_and_encrypted_share(&ec_key_pair_party1, seed.clone());
 
                 let party_one_private =
                     party_one::Party1Private::set_private_key(&ec_key_pair_party1, &hsmcl_key_pair);
 
-                let cldl_proof = party_one::HSMCLKeyPair::generate_zkcldl_proof(
-                    &hsmcl_key_pair,
-                    &party_one_private,
-                );
+                let cldl_proof =
+                    party_one::HSMCLKeyPair::generate_zkcldl_proof(&hsmcl_key_pair, &party_one_private, seed.clone());
                 let _party_two_hsmcl_pub =
                     party_two::HSMCLPublic::verify_zkcldl_proof(cldl_proof).expect("proof error");
+
+
             })
         });
     }

benches/two_party_ecdsa/cclst_2019/sign.rs

@@ -14,18 +14,17 @@ mod bench {
                 // party2 owning private share and HSMCL encryption of party1 share
                 let (_party_one_private_share_gen, _comm_witness, ec_key_pair_party1) =
                     party_one::KeyGenFirstMsg::create_commitments();
-                let (party_two_private_share_gen, ec_key_pair_party2) =
-                    party_two::KeyGenFirstMsg::create();
+                let (party_two_private_share_gen, ec_key_pair_party2) = party_two::KeyGenFirstMsg::create();
+
+                let seed: BigInt = str::parse(
+                    "314159265358979323846264338327950288419716939937510582097494459230781640628620899862803482534211706798214808651328230664709384460955058223172535940812848"
+                ).unwrap();
 
                 let party_one_hsmcl_key_pair =
-                    party_one::HSMCLKeyPair::generate_keypair_and_encrypted_share(
-                        &ec_key_pair_party1,
-                    );
+                    party_one::HSMCLKeyPair::generate_keypair_and_encrypted_share(&ec_key_pair_party1, seed);
 
-                let party1_private = party_one::Party1Private::set_private_key(
-                    &ec_key_pair_party1,
-                    &party_one_hsmcl_key_pair,
-                );
+                let party1_private =
+                    party_one::Party1Private::set_private_key(&ec_key_pair_party1, &party_one_hsmcl_key_pair);
 
                 let party_two_hsmcl_public = HSMCLPublic::set(
                     &party_one_hsmcl_key_pair.keypair.pk,
@@ -37,19 +36,18 @@ mod bench {
                     party_two::EphKeyGenFirstMsg::create_commitments();
                 let (eph_party_one_first_message, eph_ec_key_pair_party1) =
                     party_one::EphKeyGenFirstMsg::create();
-                let eph_party_two_second_message =
-                    party_two::EphKeyGenSecondMsg::verify_and_decommit(
-                        eph_comm_witness,
-                        &eph_party_one_first_message,
-                    )
+                let eph_party_two_second_message = party_two::EphKeyGenSecondMsg::verify_and_decommit(
+                    eph_comm_witness,
+                    &eph_party_one_first_message,
+                )
                     .expect("party1 DLog proof failed");
 
                 let _eph_party_one_second_message =
                     party_one::EphKeyGenSecondMsg::verify_commitments_and_dlog_proof(
                         &eph_party_two_first_message,
                         &eph_party_two_second_message,
                     )
-                    .expect("failed to verify commitments and DLog proof");
+                        .expect("failed to verify commitments and DLog proof");
                 let party2_private = party_two::Party2Private::set_private_key(&ec_key_pair_party2);
                 let message = BigInt::from(1234);
 
@@ -68,10 +66,8 @@ mod bench {
                     &eph_party_two_second_message.comm_witness.public_share,
                 );
 
-                let pubkey = party_one::compute_pubkey(
-                    &party1_private,
-                    &party_two_private_share_gen.public_share,
-                );
+                let pubkey =
+                    party_one::compute_pubkey(&party1_private, &party_two_private_share_gen.public_share);
                 party_one::verify(&signature, &pubkey, &message).expect("Invalid signature")
             })
         });

src/protocols/two_party_ecdsa/cclst_2019/party_one.rs

@@ -17,7 +17,7 @@ use std::cmp;
 
 use class_group::primitives::cl_dl_lcm::Ciphertext;
 use class_group::primitives::cl_dl_lcm::Witness;
-use class_group::primitives::cl_dl_lcm::{CLDLProof, HSMCL};
+use class_group::primitives::cl_dl_lcm::{CLDLProofPublicSetup, HSMCL};
 use curv::arithmetic::traits::*;
 use curv::cryptographic_primitives::commitments::hash_commitment::HashCommitment;
 use curv::cryptographic_primitives::commitments::traits::Commitment;
@@ -241,8 +241,8 @@ impl Party1Private {
 }
 
 impl HSMCLKeyPair {
-    pub fn generate_keypair_and_encrypted_share(keygen: &EcKeyPair) -> HSMCLKeyPair {
-        let hsmcl = HSMCL::keygen(&FE::q(), &516);
+    pub fn generate_keypair_and_encrypted_share(keygen: &EcKeyPair, seed: BigInt) -> HSMCLKeyPair {
+        let hsmcl = HSMCL::keygen_with_setup(&FE::q(), &1348, &seed);
         let ek = hsmcl.pk.clone();
         let randomness = BigInt::sample_below(&(&ek.stilde * BigInt::from(2).pow(40)));
 
@@ -262,16 +262,18 @@ impl HSMCLKeyPair {
     pub fn generate_zkcldl_proof(
         context: &HSMCLKeyPair,
         party_one_private: &Party1Private,
-    ) -> CLDLProof {
+        seed: BigInt,
+    ) -> CLDLProofPublicSetup {
         let witness = Witness {
             x: party_one_private.x1.to_big_int(),
             r: party_one_private.c_key_randomness.clone(),
         };
-        let proof = CLDLProof::prove(
+        let proof = CLDLProofPublicSetup::prove(
             witness,
             context.keypair.pk.clone(),
             context.encrypted_share.clone(),
             GE::generator() * &party_one_private.x1,
+            seed,
         );
 
         proof
@@ -364,9 +366,6 @@ impl Signature {
         ephemeral_local_share: &EphEcKeyPair,
         ephemeral_other_public_share: &GE,
     ) -> Signature {
-        let y_lcm_2_10 : BigInt =   str::parse(
-            "15161806181366890704755537519628428221282838501257142250824360639698299050776571382489681778825684381429314058890905101687022024744606800532531764952734582389201393752832486383043169059475949454418063248428056646723694341952991408637386677631205400831455008554143754794994126167401137152222379676492247471515691285702536834646805381995650206229354446213284302569283840180834930263739794772017863585682362821412785936104792844891075228278568320000",
-        ).unwrap();
         //compute r = k2* R1
         let mut r = ephemeral_other_public_share.clone();
         r = r.scalar_mul(&ephemeral_local_share.secret_share.get_element());
@@ -378,7 +377,6 @@ impl Signature {
             .invert(&FE::q())
             .unwrap();
         let s_tag = party_one_private.keypair.decrypt(&partial_sig_c3);
-        let s_tag = BigInt::mod_mul(&s_tag, &(y_lcm_2_10.invert(&FE::q()).unwrap()), &FE::q());
         let s_tag_tag = BigInt::mod_mul(&k1_inv, &s_tag, &FE::q());
         let s = cmp::min(s_tag_tag.clone(), FE::q().clone() - s_tag_tag.clone());
         Signature { s, r: rx }

src/protocols/two_party_ecdsa/cclst_2019/party_two.rs

@@ -14,7 +14,7 @@
     @license GPL-3.0+ <https://github.com/KZen-networks/multi-party-ecdsa/blob/master/LICENSE>
 */
 
-use class_group::primitives::cl_dl_lcm::CLDLProof;
+use class_group::primitives::cl_dl_lcm::CLDLProofPublicSetup;
 use class_group::primitives::cl_dl_lcm::Ciphertext;
 use class_group::primitives::cl_dl_lcm::HSMCL;
 use class_group::primitives::cl_dl_lcm::PK as HSMCLPK;
@@ -203,14 +203,9 @@ impl KeyGenSecondMsg {
 
 impl HSMCLPublic {
     pub fn set(ek: &HSMCLPK, encrypted_secret_share: &Ciphertext) -> HSMCLPublic {
-        let y_lcm_2_10 : BigInt =   str::parse(
-            "15161806181366890704755537519628428221282838501257142250824360639698299050776571382489681778825684381429314058890905101687022024744606800532531764952734582389201393752832486383043169059475949454418063248428056646723694341952991408637386677631205400831455008554143754794994126167401137152222379676492247471515691285702536834646805381995650206229354446213284302569283840180834930263739794772017863585682362821412785936104792844891075228278568320000",
-        ).unwrap();
-        let encrypted_share_y = HSMCL::eval_scal(encrypted_secret_share, &y_lcm_2_10);
-
         HSMCLPublic {
             ek: ek.clone(),
-            encrypted_secret_share: encrypted_share_y,
+            encrypted_secret_share: encrypted_secret_share.clone(),
         }
     }
 }
@@ -229,7 +224,7 @@ impl Party2Private {
 }
 
 impl HSMCLPublic {
-    pub fn verify_zkcldl_proof(proof: CLDLProof) -> Result<Self, ()> {
+    pub fn verify_zkcldl_proof(proof: CLDLProofPublicSetup) -> Result<Self, ()> {
         let res = proof.verify();
         match res {
             Ok(_) => Ok(HSMCLPublic {
@@ -320,9 +315,6 @@ impl PartialSig {
         ephemeral_other_public_share: &GE,
         message: &BigInt,
     ) -> PartialSig {
-        let y_lcm_2_10 : BigInt =   str::parse(
-            "15161806181366890704755537519628428221282838501257142250824360639698299050776571382489681778825684381429314058890905101687022024744606800532531764952734582389201393752832486383043169059475949454418063248428056646723694341952991408637386677631205400831455008554143754794994126167401137152222379676492247471515691285702536834646805381995650206229354446213284302569283840180834930263739794772017863585682362821412785936104792844891075228278568320000",
-        ).unwrap();
         let q = FE::q();
         //compute r = k2* R1
         let mut r: GE = ephemeral_other_public_share.clone();
@@ -335,8 +327,7 @@ impl PartialSig {
             .invert(&q)
             .unwrap();
         let k2_inv_m = BigInt::mod_mul(&k2_inv, message, &q);
-        let k2_inv_m_y_lcm_2_10 = BigInt::mod_mul(&k2_inv_m, &y_lcm_2_10, &q);
-        let c1 = HSMCL::encrypt(&party_two_public.ek, &k2_inv_m_y_lcm_2_10);
+        let c1 = HSMCL::encrypt(&party_two_public.ek, &k2_inv_m);
         let v = BigInt::mod_mul(&k2_inv, &local_share.x2.to_big_int(), &q);
         let v = BigInt::mod_mul(&v, &rx, &q);
 

src/protocols/two_party_ecdsa/cclst_2019/test.rs

@@ -26,37 +26,48 @@ fn test_d_log_proof_party_two_party_one() {
 
 #[test]
 fn test_full_key_gen() {
-    let (party_one_first_message, comm_witness, ec_key_pair_party1) =
-        party_one::KeyGenFirstMsg::create_commitments_with_fixed_secret_share(ECScalar::from(
-            &BigInt::sample(253),
-        ));
-    let (party_two_first_message, _ec_key_pair_party2) =
-        party_two::KeyGenFirstMsg::create_with_fixed_secret_share(ECScalar::from(&BigInt::from(
-            10,
-        )));
-    let party_one_second_message = party_one::KeyGenSecondMsg::verify_and_decommit(
-        comm_witness,
-        &party_two_first_message.d_log_proof,
-    )
-    .expect("failed to verify and decommit");
-
-    let _party_two_second_message = party_two::KeyGenSecondMsg::verify_commitments_and_dlog_proof(
-        &party_one_first_message,
-        &party_one_second_message,
-    )
-    .expect("failed to verify commitments and DLog proof");
-
-    // init HSMCL keypair:
-    let hsmcl_key_pair =
-        party_one::HSMCLKeyPair::generate_keypair_and_encrypted_share(&ec_key_pair_party1);
-
-    let party_one_private =
-        party_one::Party1Private::set_private_key(&ec_key_pair_party1, &hsmcl_key_pair);
-
-    let cldl_proof =
-        party_one::HSMCLKeyPair::generate_zkcldl_proof(&hsmcl_key_pair, &party_one_private);
-    let _party_two_hsmcl_pub =
-        party_two::HSMCLPublic::verify_zkcldl_proof(cldl_proof).expect("proof error");
+    for i in 0..20 {
+        let (party_one_first_message, comm_witness, ec_key_pair_party1) =
+            party_one::KeyGenFirstMsg::create_commitments_with_fixed_secret_share(ECScalar::from(
+                &BigInt::sample(253),
+            ));
+        let (party_two_first_message, _ec_key_pair_party2) =
+            party_two::KeyGenFirstMsg::create_with_fixed_secret_share(ECScalar::from(
+                &BigInt::from(10),
+            ));
+        let party_one_second_message = party_one::KeyGenSecondMsg::verify_and_decommit(
+            comm_witness,
+            &party_two_first_message.d_log_proof,
+        )
+        .expect("failed to verify and decommit");
+
+        let _party_two_second_message =
+            party_two::KeyGenSecondMsg::verify_commitments_and_dlog_proof(
+                &party_one_first_message,
+                &party_one_second_message,
+            )
+            .expect("failed to verify commitments and DLog proof");
+
+        // init HSMCL keypair:
+        let seed: BigInt = str::parse(
+            "314159265358979323846264338327950288419716939937510582097494459230781640628620899862803482534211706798214808651328230664709384460955058223172535940812848"
+        ).unwrap();
+        let hsmcl_key_pair = party_one::HSMCLKeyPair::generate_keypair_and_encrypted_share(
+            &ec_key_pair_party1,
+            seed.clone(),
+        );
+
+        let party_one_private =
+            party_one::Party1Private::set_private_key(&ec_key_pair_party1, &hsmcl_key_pair);
+
+        let cldl_proof = party_one::HSMCLKeyPair::generate_zkcldl_proof(
+            &hsmcl_key_pair,
+            &party_one_private,
+            seed.clone(),
+        );
+        let _party_two_hsmcl_pub =
+            party_two::HSMCLPublic::verify_zkcldl_proof(cldl_proof).expect("proof error");
+    }
 }
 
 #[test]
@@ -68,8 +79,12 @@ fn test_two_party_sign() {
         party_one::KeyGenFirstMsg::create_commitments();
     let (party_two_private_share_gen, ec_key_pair_party2) = party_two::KeyGenFirstMsg::create();
 
+    let seed: BigInt = str::parse(
+        "314159265358979323846264338327950288419716939937510582097494459230781640628620899862803482534211706798214808651328230664709384460955058223172535940812848"
+    ).unwrap();
+
     let party_one_hsmcl_key_pair =
-        party_one::HSMCLKeyPair::generate_keypair_and_encrypted_share(&ec_key_pair_party1);
+        party_one::HSMCLKeyPair::generate_keypair_and_encrypted_share(&ec_key_pair_party1, seed);
 
     let party1_private =
         party_one::Party1Private::set_private_key(&ec_key_pair_party1, &party_one_hsmcl_key_pair);