Tidy up refresh share functionality (#245)

ZcashFoundation · Jul 4, 2024 · fdde54a · fdde54a
1 parent a640cfd
commit fdde54a
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 67 deletions.
diff --git a/README.md b/README.md
@@ -32,6 +32,7 @@ Besides FROST itself, this repository also provides:
 - Distributed key generation as specified in the original paper [FROST20](https://eprint.iacr.org/2020/852.pdf);
 - Repairable Threshold Scheme (RTS) from ['A Survey and Refinement of Repairable Threshold Schemes'](https://eprint.iacr.org/2017/1155) which allows a participant to recover a lost share with the help of a threshold of other participants;
 - Rerandomized FROST (paper under review).
+- Refresh Share functionality using a Trusted Dealer. This can be used to refresh the shares of the participants or to remove a participant.
 
 ## Getting Started
 

diff --git a/frost-core/src/keys/refresh.rs b/frost-core/src/keys/refresh.rs
@@ -9,9 +9,9 @@ use std::collections::BTreeMap;
 use crate::{
     keys::{
         generate_coefficients, generate_secret_shares, validate_num_of_signers,
-        CoefficientCommitment, PublicKeyPackage, SigningKey, SigningShare, VerifyingShare
+        CoefficientCommitment, PublicKeyPackage, SigningKey, SigningShare, VerifyingShare,
     },
-    Ciphersuite, CryptoRng, Error, Field, Group, Identifier, RngCore, Scalar,
+    Ciphersuite, CryptoRng, Error, Field, Group, Identifier, RngCore,
 };
 
 use super::{KeyPackage, SecretShare, VerifiableSecretSharingCommitment};
@@ -79,10 +79,9 @@ pub fn refresh_share<C: Ciphersuite>(
     zero_share: SecretShare<C>,
     current_key_package: &KeyPackage<C>,
 ) -> Result<KeyPackage<C>, Error<C>> {
-
     // The identity commitment needs to be added to the VSS commitment
     let identity_commitment: Vec<CoefficientCommitment<C>> =
-    vec![CoefficientCommitment::new(C::Group::identity())];
+        vec![CoefficientCommitment::new(C::Group::identity())];
 
     let zero_commitments_without_id = zero_share.commitment.0;
 
@@ -91,29 +90,22 @@ pub fn refresh_share<C: Ciphersuite>(
         .chain(zero_commitments_without_id.clone())
         .collect();
 
-    let zero_share = SecretShare{
+    let zero_share = SecretShare {
         header: zero_share.header,
         identifier: zero_share.identifier,
         signing_share: zero_share.signing_share,
-        commitment: VerifiableSecretSharingCommitment::<C>::new(zero_commitment)
+        commitment: VerifiableSecretSharingCommitment::<C>::new(zero_commitment),
     };
 
     // verify zero_share secret share
-    let zero_key_package = KeyPackage::<C>::try_from(zero_share).unwrap(); // TODO
-
-
+    let zero_key_package = KeyPackage::<C>::try_from(zero_share)?;
 
-    let signing_share: Scalar<C> =
-        zero_key_package.signing_share.to_scalar() + current_key_package.signing_share.to_scalar();
+    let signing_share: SigningShare<C> = SigningShare::new(
+        zero_key_package.signing_share.to_scalar() + current_key_package.signing_share.to_scalar(),
+    );
 
-    // let key_package = {current_key_package, signing_share}; // TODO
+    let mut new_key_package = current_key_package.clone();
+    new_key_package.signing_share = signing_share;
 
-    Ok(KeyPackage {
-        verifying_share: current_key_package.verifying_share,
-        verifying_key: current_key_package.verifying_key,
-        min_signers: current_key_package.min_signers,
-        header: current_key_package.header,
-        identifier: current_key_package.identifier,
-        signing_share: SigningShare::new(signing_share),
-    })
+    Ok(new_key_package)
 }
diff --git a/frost-core/src/tests/refresh.rs b/frost-core/src/tests/refresh.rs
@@ -24,19 +24,18 @@ pub fn check_refresh_shares_with_dealer<C: Ciphersuite, R: RngCore + CryptoRng>(
 
     let max_signers = 5;
     let min_signers = 3;
-    let (old_shares, pub_key_package) = frost::keys::generate_with_dealer(
+    let (old_shares, pub_key_package) = generate_with_dealer(
         max_signers,
         min_signers,
         frost::keys::IdentifierList::Default,
         &mut rng,
     )
     .unwrap();
 
-    let mut old_key_packages: BTreeMap<frost::Identifier<C>, frost::keys::KeyPackage<C>> =
-    BTreeMap::new();
+    let mut old_key_packages: BTreeMap<frost::Identifier<C>, KeyPackage<C>> = BTreeMap::new();
 
     for (k, v) in old_shares {
-        let key_package = frost::keys::KeyPackage::try_from(v).unwrap();
+        let key_package = KeyPackage::try_from(v).unwrap();
         old_key_packages.insert(k, key_package);
     }
 
@@ -79,12 +78,10 @@ pub fn check_refresh_shares_with_dealer<C: Ciphersuite, R: RngCore + CryptoRng>(
         );
     }
 
-    let mut key_packages: BTreeMap<frost::Identifier<C>, frost::keys::KeyPackage<C>> =
-        BTreeMap::new();
+    let mut key_packages: BTreeMap<frost::Identifier<C>, KeyPackage<C>> = BTreeMap::new();
 
     for (k, v) in new_shares {
-        let key_package = frost::keys::KeyPackage::try_from(v.unwrap()).unwrap();
-        key_packages.insert(k, key_package);
+        key_packages.insert(k, v.unwrap());
     }
     check_sign(min_signers, key_packages, rng, new_pub_key_package).unwrap();
 }
@@ -100,7 +97,8 @@ pub fn check_refresh_shares_with_dealer_fails_with_invalid_signers<
     error: Error<C>,
     mut rng: R,
 ) {
-    let (_old_shares, pub_key_package) = generate_with_dealer::<C, R>(5, 2, frost::keys::IdentifierList::Default, &mut rng).unwrap();
+    let (_old_shares, pub_key_package) =
+        generate_with_dealer::<C, R>(5, 2, frost::keys::IdentifierList::Default, &mut rng).unwrap();
     let out = calculate_zero_key(
         pub_key_package,
         new_max_signers,
@@ -113,42 +111,6 @@ pub fn check_refresh_shares_with_dealer_fails_with_invalid_signers<
     assert!(out == Err(error))
 }
 
-// fn build_old_shares<C: Ciphersuite, R: RngCore + CryptoRng>(
-//     max_signers: u16,
-//     min_signers: u16,
-//     mut rng: &mut R,
-// ) -> (BTreeMap<Identifier<C>, SecretShare<C>>, PublicKeyPackage<C>) {
-//     // Compute shares
-
-//     ////////////////////////////////////////////////////////////////////////////
-//     // Key generation
-//     ////////////////////////////////////////////////////////////////////////////
-
-//     let mut bytes = [0; 64];
-//     rng.fill_bytes(&mut bytes);
-
-//     let key = SigningKey::new(&mut rng);
-
-//     let (old_shares, pub_key_package): (
-//         BTreeMap<Identifier<C>, SecretShare<C>>,
-//         PublicKeyPackage<C>,
-//     ) = frost::keys::split(
-//         &key,
-//         max_signers,
-//         min_signers,
-//         frost::keys::IdentifierList::Default,
-//         &mut rng,
-//     )
-//     .unwrap();
-
-//     // Try to refresh shares
-//     // Signer 2 will be removed and Signers 1, 3, 4 & 5 will remain
-
-//     // Rerun key generation
-
-//     (old_shares, pub_key_package)
-// }
-
 /// Check serialisation
 pub fn check_refresh_shares_with_dealer_serialisation<C: Ciphersuite, R: RngCore + CryptoRng>(
     mut rng: R,
@@ -161,7 +123,7 @@ pub fn check_refresh_shares_with_dealer_serialisation<C: Ciphersuite, R: RngCore
 
     let max_signers = 5;
     let min_signers = 3;
-    let (_old_shares, pub_key_package) = frost::keys::generate_with_dealer(
+    let (_old_shares, pub_key_package) = generate_with_dealer(
         max_signers,
         min_signers,
         frost::keys::IdentifierList::Default,
@@ -173,7 +135,7 @@ pub fn check_refresh_shares_with_dealer_serialisation<C: Ciphersuite, R: RngCore
     // New Key generation
     //
     // Zero key is calculated by trusted dealer
-    // Signer 2 will be removed and Signers 1, 3, 4 & 5 will remain
+    // Participant 2 will be removed and Participants 1, 3, 4 & 5 will remain
     ////////////////////////////////////////////////////////////////////////////
 
     let remaining_ids = vec![