new cclst proof

Author: omershlo

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "multi-party-ecdsa"
-version = "0.2.6"
+version = "0.2.7"
 edition = "2018"
 authors = [
     "Gary <[email protected]>",
@@ -45,8 +45,8 @@ git = "https://github.com/KZen-networks/centipede"
 tag = "v0.2.1"
 
 [dependencies.class_group]
-git = "https://github.com/KZen-networks/class-groups"
-tag = "v0.1.5"
+git = "https://github.com/KZen-networks/class"
+tag = "v0.3.0"
 optional = true
 
 [dev-dependencies]
@@ -77,17 +77,30 @@ name = "common"
 crate-type = ["lib"]
 
 [[bench]]
-name = "cclst"
+name = "cclst_keygen"
 path = "benches/two_party_ecdsa/cclst_2019/keygen.rs"
 required-features = ["cclst"]
 harness = false
 
+[[bench]]
+name = "cclst_sign"
+path = "benches/two_party_ecdsa/cclst_2019/sign.rs"
+required-features = ["cclst"]
+harness = false
+
+
 [[bench]]
 name = "gg18"
 path = "benches/multi_party_ecdsa/gg18/keygen.rs"
 harness = false
 
 [[bench]]
-name = "lindel2017"
+name = "lindel2017_keygen"
 path = "benches/two_party_ecdsa/lindell_2017/keygen.rs"
 harness = false
+
+
+[[bench]]
+name = "lindel2017_sign"
+path = "benches/two_party_ecdsa/lindell_2017/sign.rs"
+harness = false

benches/two_party_ecdsa/cclst_2019/sign.rs

@@ -6,9 +6,12 @@ mod bench {
     use multi_party_ecdsa::protocols::two_party_ecdsa::cclst_2019::party_two::HSMCLPublic;
     use multi_party_ecdsa::protocols::two_party_ecdsa::cclst_2019::*;
 
-    pub fn bench_full_keygen_party_one_two(c: &mut Criterion) {
-        c.bench_function("keygen", move |b| {
+    pub fn bench_full_sign_party_one_two(c: &mut Criterion) {
+        c.bench_function("sign", move |b| {
             b.iter(|| {
+                // assume party1 and party2 engaged with KeyGen in the past resulting in
+                // party1 owning private share and HSMCL key-pair
+                // party2 owning private share and HSMCL encryption of party1 share
                 let (_party_one_private_share_gen, _comm_witness, ec_key_pair_party1) =
                     party_one::KeyGenFirstMsg::create_commitments();
                 let (party_two_private_share_gen, ec_key_pair_party2) =
@@ -19,10 +22,15 @@ mod bench {
                         &ec_key_pair_party1,
                     );
 
-                let party_two_hsmcl_public = HSMCLPublic {
-                    ek: party_one_hsmcl_key_pair.keypair.pk.clone(),
-                    encrypted_secret_share: party_one_hsmcl_key_pair.encrypted_share.clone(),
-                };
+                let party1_private = party_one::Party1Private::set_private_key(
+                    &ec_key_pair_party1,
+                    &party_one_hsmcl_key_pair,
+                );
+
+                let party_two_hsmcl_public = HSMCLPublic::set(
+                    &party_one_hsmcl_key_pair.keypair.pk,
+                    &party_one_hsmcl_key_pair.encrypted_share,
+                );
                 // creating the ephemeral private shares:
 
                 let (eph_party_two_first_message, eph_comm_witness, eph_ec_key_pair_party2) =
@@ -53,11 +61,6 @@ mod bench {
                     &message,
                 );
 
-                let party1_private = party_one::Party1Private::set_private_key(
-                    &ec_key_pair_party1,
-                    &party_one_hsmcl_key_pair,
-                );
-
                 let signature = party_one::Signature::compute(
                     &party1_private,
                     partial_sig.c3,
@@ -75,9 +78,9 @@ mod bench {
     }
 
     criterion_group! {
-    name = keygen;
+    name = sign;
     config = Criterion::default().sample_size(10);
-    targets =self::bench_full_keygen_party_one_two}
+    targets =self::bench_full_sign_party_one_two}
 }
 
-criterion_main!(bench::keygen);
+criterion_main!(bench::sign);

benches/two_party_ecdsa/lindell_2017/sign.rs

@@ -1,14 +1,12 @@
 use criterion::criterion_main;
 
 mod bench {
-    use criterion::Criterion;
-    use curv::arithmetic::traits::Samplable;
-    use curv::elliptic::curves::traits::*;
+    use criterion::{criterion_group, Criterion};
     use curv::BigInt;
     use multi_party_ecdsa::protocols::two_party_ecdsa::lindell_2017::*;
 
-    pub fn bench_full_keygen_party_one_two(c: &mut Criterion) {
-        c.bench_function("keygen", move |b| {
+    pub fn bench_full_sign_party_one_two(c: &mut Criterion) {
+        c.bench_function("sign", move |b| {
             b.iter(|| {
                 let (_party_one_private_share_gen, _comm_witness, ec_key_pair_party1) =
                     party_one::KeyGenFirstMsg::create_commitments();
@@ -69,9 +67,9 @@ mod bench {
     }
 
     criterion_group! {
-    name = keygen;
+    name = sign;
     config = Criterion::default().sample_size(10);
-    targets =self::bench_full_keygen_party_one_two}
+    targets =self::bench_full_sign_party_one_two}
 }
 
-criterion_main!(bench::keygen);
+criterion_main!(bench::sign);

src/protocols/two_party_ecdsa/cclst_2019/party_one.rs

@@ -15,9 +15,9 @@
 */
 use std::cmp;
 
-use class_group::primitives::Ciphertext;
-use class_group::primitives::Witness;
-use class_group::primitives::{CLDLProof, HSMCL};
+use class_group::primitives::cl_dl_lcm::Ciphertext;
+use class_group::primitives::cl_dl_lcm::Witness;
+use class_group::primitives::cl_dl_lcm::{CLDLProof, HSMCL};
 use curv::arithmetic::traits::*;
 use curv::cryptographic_primitives::commitments::hash_commitment::HashCommitment;
 use curv::cryptographic_primitives::commitments::traits::Commitment;
@@ -36,7 +36,6 @@ use subtle::ConstantTimeEq;
 use super::party_two::EphKeyGenFirstMsg as Party2EphKeyGenFirstMessage;
 use super::party_two::EphKeyGenSecondMsg as Party2EphKeyGenSecondMessage;
 use super::SECURITY_BITS;
-
 use crate::Error::{self, InvalidSig};
 
 //****************** Begin: Party One structs ******************//
@@ -365,6 +364,9 @@ impl Signature {
         ephemeral_local_share: &EphEcKeyPair,
         ephemeral_other_public_share: &GE,
     ) -> Signature {
+        let y_lcm_2_10 : BigInt =   str::parse(
+            "15161806181366890704755537519628428221282838501257142250824360639698299050776571382489681778825684381429314058890905101687022024744606800532531764952734582389201393752832486383043169059475949454418063248428056646723694341952991408637386677631205400831455008554143754794994126167401137152222379676492247471515691285702536834646805381995650206229354446213284302569283840180834930263739794772017863585682362821412785936104792844891075228278568320000",
+        ).unwrap();
         //compute r = k2* R1
         let mut r = ephemeral_other_public_share.clone();
         r = r.scalar_mul(&ephemeral_local_share.secret_share.get_element());
@@ -376,7 +378,7 @@ impl Signature {
             .invert(&FE::q())
             .unwrap();
         let s_tag = party_one_private.keypair.decrypt(&partial_sig_c3);
-
+        let s_tag = BigInt::mod_mul(&s_tag, &(y_lcm_2_10.invert(&FE::q()).unwrap()), &FE::q());
         let s_tag_tag = BigInt::mod_mul(&k1_inv, &s_tag, &FE::q());
         let s = cmp::min(s_tag_tag.clone(), FE::q().clone() - s_tag_tag.clone());
         Signature { s, r: rx }

src/protocols/two_party_ecdsa/cclst_2019/party_two.rs

@@ -14,10 +14,10 @@
     @license GPL-3.0+ <https://github.com/KZen-networks/multi-party-ecdsa/blob/master/LICENSE>
 */
 
-use class_group::primitives::CLDLProof;
-use class_group::primitives::Ciphertext;
-use class_group::primitives::HSMCL;
-use class_group::primitives::PK as HSMCLPK;
+use class_group::primitives::cl_dl_lcm::CLDLProof;
+use class_group::primitives::cl_dl_lcm::Ciphertext;
+use class_group::primitives::cl_dl_lcm::HSMCL;
+use class_group::primitives::cl_dl_lcm::PK as HSMCLPK;
 use curv::arithmetic::traits::*;
 use curv::cryptographic_primitives::commitments::hash_commitment::HashCommitment;
 use curv::cryptographic_primitives::commitments::traits::Commitment;
@@ -201,6 +201,20 @@ impl KeyGenSecondMsg {
     }
 }
 
+impl HSMCLPublic {
+    pub fn set(ek: &HSMCLPK, encrypted_secret_share: &Ciphertext) -> HSMCLPublic {
+        let y_lcm_2_10 : BigInt =   str::parse(
+            "15161806181366890704755537519628428221282838501257142250824360639698299050776571382489681778825684381429314058890905101687022024744606800532531764952734582389201393752832486383043169059475949454418063248428056646723694341952991408637386677631205400831455008554143754794994126167401137152222379676492247471515691285702536834646805381995650206229354446213284302569283840180834930263739794772017863585682362821412785936104792844891075228278568320000",
+        ).unwrap();
+        let encrypted_share_y = HSMCL::eval_scal(encrypted_secret_share, &y_lcm_2_10);
+
+        HSMCLPublic {
+            ek: ek.clone(),
+            encrypted_secret_share: encrypted_share_y,
+        }
+    }
+}
+
 pub fn compute_pubkey(local_share: &EcKeyPair, other_share_public_share: &GE) -> GE {
     let pubkey = other_share_public_share.clone();
     pubkey.scalar_mul(&local_share.secret_share.get_element())
@@ -215,7 +229,7 @@ impl Party2Private {
 }
 
 impl HSMCLPublic {
-    pub fn verify_zkcldl_proof(proof: CLDLProof) -> Result<(Self), ()> {
+    pub fn verify_zkcldl_proof(proof: CLDLProof) -> Result<Self, ()> {
         let res = proof.verify();
         match res {
             Ok(_) => Ok(HSMCLPublic {
@@ -306,6 +320,9 @@ impl PartialSig {
         ephemeral_other_public_share: &GE,
         message: &BigInt,
     ) -> PartialSig {
+        let y_lcm_2_10 : BigInt =   str::parse(
+            "15161806181366890704755537519628428221282838501257142250824360639698299050776571382489681778825684381429314058890905101687022024744606800532531764952734582389201393752832486383043169059475949454418063248428056646723694341952991408637386677631205400831455008554143754794994126167401137152222379676492247471515691285702536834646805381995650206229354446213284302569283840180834930263739794772017863585682362821412785936104792844891075228278568320000",
+        ).unwrap();
         let q = FE::q();
         //compute r = k2* R1
         let mut r: GE = ephemeral_other_public_share.clone();
@@ -318,7 +335,8 @@ impl PartialSig {
             .invert(&q)
             .unwrap();
         let k2_inv_m = BigInt::mod_mul(&k2_inv, message, &q);
-        let c1 = HSMCL::encrypt(&party_two_public.ek, &k2_inv_m);
+        let k2_inv_m_y_lcm_2_10 = BigInt::mod_mul(&k2_inv_m, &y_lcm_2_10, &q);
+        let c1 = HSMCL::encrypt(&party_two_public.ek, &k2_inv_m_y_lcm_2_10);
         let v = BigInt::mod_mul(&k2_inv, &local_share.x2.to_big_int(), &q);
         let v = BigInt::mod_mul(&v, &rx, &q);
 

src/protocols/two_party_ecdsa/cclst_2019/test.rs

@@ -71,10 +71,13 @@ fn test_two_party_sign() {
     let party_one_hsmcl_key_pair =
         party_one::HSMCLKeyPair::generate_keypair_and_encrypted_share(&ec_key_pair_party1);
 
-    let party_two_hsmcl_public = HSMCLPublic {
-        ek: party_one_hsmcl_key_pair.keypair.pk.clone(),
-        encrypted_secret_share: party_one_hsmcl_key_pair.encrypted_share.clone(),
-    };
+    let party1_private =
+        party_one::Party1Private::set_private_key(&ec_key_pair_party1, &party_one_hsmcl_key_pair);
+
+    let party_two_hsmcl_public = HSMCLPublic::set(
+        &party_one_hsmcl_key_pair.keypair.pk,
+        &party_one_hsmcl_key_pair.encrypted_share,
+    );
     // creating the ephemeral private shares:
 
     let (eph_party_two_first_message, eph_comm_witness, eph_ec_key_pair_party2) =
@@ -104,9 +107,6 @@ fn test_two_party_sign() {
         &message,
     );
 
-    let party1_private =
-        party_one::Party1Private::set_private_key(&ec_key_pair_party1, &party_one_hsmcl_key_pair);
-
     let signature = party_one::Signature::compute(
         &party1_private,
         partial_sig.c3,