Skip to content

Commit

Permalink
Rename fields to match types (ZcashFoundation#539)
Browse files Browse the repository at this point in the history 
* Rename signer_pubkeys to verifying_shares (ZcashFoundation#495)

* Rename group_public to verifying_key (ZcashFoundation#495)

Some naming needed to be updated in DKG as well as there was already a verifying_key which was actually a verifying_share

* Update KeyPackage field from secret_share to signing_share (ZcashFoundation#495)

* Update Package field from secret_share to signing_share (ZcashFoundation#495)

* Update KeyPackage field from public to verifying_share (ZcashFoundation#495)

* Update SecretShare field vrom value to signing_share (ZcashFoundation#495)

* Remove secret function from SecretShare (ZcashFoundation#495)

This is because we now can use the getter to get signing_share() without the need for an additional function

* Update serde_tests with updated field names (ZcashFoundation#495)
  • Loading branch information
@natalieesk
natalieesk authored Sep 15, 2023
1 parent c38305b commit eee505a
Show file tree
Hide file tree
Showing 42 changed files with 334 additions and 336 deletions.
4 changes: 2 additions & 2 deletions book/src/zcash/ywallet-demo.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -82,13 +82,13 @@ take a bit to compile. It will show a bunch of warnings which is normal.
cargo build --release --bin sign --features dotenv -- -g
```

When prompted for the `ak`, paste the `group_public` value that was printed in
When prompted for the `ak`, paste the `verifying_key` value that was printed in
the previous part, inside the Public Key Package. For example, in the following
package

```
Public key package:
{"signer_pubkeys": ...snip... ,"group_public":"d2bf40ca860fb97e9d6d15d7d25e4f17d2e8ba5dd7069188cbf30b023910a71b","ciphersuite":"FROST(Pallas, BLAKE2b-512)"}
{"verifying_shares": ...snip... ,"verifying_key":"d2bf40ca860fb97e9d6d15d7d25e4f17d2e8ba5dd7069188cbf30b023910a71b","ciphersuite":"FROST(Pallas, BLAKE2b-512)"}
```

you would need to use
Expand Down
4 changes: 2 additions & 2 deletions frost-core/src/benches.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -130,7 +130,7 @@ pub fn bench_sign<C: Ciphersuite, R: RngCore + CryptoRng + Clone>(
key_packages
.get(&participant_identifier)
.unwrap()
.secret_share(),
.signing_share(),
rng,
);
})
Expand All @@ -146,7 +146,7 @@ pub fn bench_sign<C: Ciphersuite, R: RngCore + CryptoRng + Clone>(
key_packages
.get(&participant_identifier)
.unwrap()
.secret_share(),
.signing_share(),
rng,
);
nonces.insert(participant_identifier, nonce);
Expand Down
20 changes: 10 additions & 10 deletions frost-core/src/frost.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -100,13 +100,13 @@ where
#[cfg_attr(docsrs, doc(cfg(feature = "internals")))]
pub(crate) fn compute_binding_factor_list<C>(
signing_package: &SigningPackage<C>,
group_public: &VerifyingKey<C>,
verifying_key: &VerifyingKey<C>,
additional_prefix: &[u8],
) -> BindingFactorList<C>
where
C: Ciphersuite,
{
let preimages = signing_package.binding_factor_preimages(group_public, additional_prefix);
let preimages = signing_package.binding_factor_preimages(verifying_key, additional_prefix);

BindingFactorList(
preimages
Expand Down Expand Up @@ -274,15 +274,15 @@ where
#[cfg_attr(docsrs, doc(cfg(feature = "internals")))]
pub fn binding_factor_preimages(
&self,
group_public: &VerifyingKey<C>,
verifying_key: &VerifyingKey<C>,
additional_prefix: &[u8],
) -> Vec<(Identifier<C>, Vec<u8>)> {
let mut binding_factor_input_prefix = vec![];

// The length of a serialized verifying key of the same cipersuite does
// not change between runs of the protocol, so we don't need to hash to
// get a fixed length.
binding_factor_input_prefix.extend_from_slice(group_public.serialize().as_ref());
binding_factor_input_prefix.extend_from_slice(verifying_key.serialize().as_ref());

// The message is hashed with H4 to force the variable-length message
// into a fixed-length byte string, same for hashing the variable-sized
Expand Down Expand Up @@ -422,22 +422,22 @@ where
C: Ciphersuite,
{
// Check if signing_package.signing_commitments and signature_shares have
// the same set of identifiers, and if they are all in pubkeys.signer_pubkeys.
// the same set of identifiers, and if they are all in pubkeys.verifying_shares.
if signing_package.signing_commitments().len() != signature_shares.len() {
return Err(Error::UnknownIdentifier);
}
if !signing_package
.signing_commitments()
.keys()
.all(|id| signature_shares.contains_key(id) && pubkeys.signer_pubkeys().contains_key(id))
.all(|id| signature_shares.contains_key(id) && pubkeys.verifying_shares().contains_key(id))
{
return Err(Error::UnknownIdentifier);
}

// Encodes the signing commitment list produced in round one as part of generating [`BindingFactor`], the
// binding factor.
let binding_factor_list: BindingFactorList<C> =
compute_binding_factor_list(signing_package, &pubkeys.group_public, &[]);
compute_binding_factor_list(signing_package, &pubkeys.verifying_key, &[]);

// Compute the group commitment from signing commitments produced in round one.
let group_commitment = compute_group_commitment(signing_package, &binding_factor_list)?;
Expand All @@ -461,7 +461,7 @@ where

// Verify the aggregate signature
let verification_result = pubkeys
.group_public
.verifying_key
.verify(signing_package.message(), &signature);

// Only if the verification of the aggregate signature failed; verify each share to find the cheater.
Expand All @@ -471,7 +471,7 @@ where
// Compute the per-message challenge.
let challenge = crate::challenge::<C>(
&group_commitment.0,
&pubkeys.group_public.element,
&pubkeys.verifying_key.element,
signing_package.message().as_slice(),
);

Expand All @@ -480,7 +480,7 @@ where
// Look up the public key for this signer, where `signer_pubkey` = _G.ScalarBaseMult(s[i])_,
// and where s[i] is a secret share of the constant term of _f_, the secret polynomial.
let signer_pubkey = pubkeys
.signer_pubkeys
.verifying_shares
.get(signature_share_identifier)
.ok_or(Error::UnknownIdentifier)?;

Expand Down
77 changes: 36 additions & 41 deletions frost-core/src/frost/keys.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -356,7 +356,7 @@ pub struct SecretShare<C: Ciphersuite> {
#[zeroize(skip)]
pub(crate) identifier: Identifier<C>,
/// Secret Key.
pub(crate) value: SigningShare<C>,
pub(crate) signing_share: SigningShare<C>,
#[zeroize(skip)]
/// The commitments to be distributed among signers.
pub(crate) commitment: VerifiableSecretSharingCommitment<C>,
Expand All @@ -380,22 +380,17 @@ where
/// Create a new [`SecretShare`] instance.
pub fn new(
identifier: Identifier<C>,
value: SigningShare<C>,
signing_share: SigningShare<C>,
commitment: VerifiableSecretSharingCommitment<C>,
) -> Self {
SecretShare {
identifier,
value,
signing_share,
commitment,
ciphersuite: (),
}
}

/// Gets the inner [`SigningShare`] value.
pub fn secret(&self) -> &SigningShare<C> {
&self.value
}

/// Verifies that a secret share is consistent with a verifiable secret sharing commitment,
/// and returns the derived group info for the participant (their public verification share,
/// and the group public key) if successful.
Expand All @@ -411,18 +406,18 @@ where
///
/// [spec]: https://www.ietf.org/archive/id/draft-irtf-cfrg-frost-14.html#appendix-C.2-4
pub fn verify(&self) -> Result<(VerifyingShare<C>, VerifyingKey<C>), Error<C>> {
let f_result = <C::Group>::generator() * self.value.0;
let f_result = <C::Group>::generator() * self.signing_share.0;
let result = evaluate_vss(&self.commitment, self.identifier);

if !(f_result == result) {
return Err(Error::InvalidSecretShare);
}

let group_public = VerifyingKey {
let verifying_key = VerifyingKey {
element: self.commitment.first()?.0,
};

Ok((VerifyingShare(result), group_public))
Ok((VerifyingShare(result), verifying_key))
}
}

Expand Down Expand Up @@ -496,7 +491,7 @@ pub fn split<C: Ciphersuite, R: RngCore + CryptoRng>(
}
}

let group_public = VerifyingKey::from(key);
let verifying_key = VerifyingKey::from(key);

let coefficients = generate_coefficients::<C, R>(min_signers as usize - 1, rng);

Expand All @@ -509,24 +504,24 @@ pub fn split<C: Ciphersuite, R: RngCore + CryptoRng>(
generate_secret_shares(key, max_signers, min_signers, coefficients, identifiers)?
}
};
let mut signer_pubkeys: HashMap<Identifier<C>, VerifyingShare<C>> =
let mut verifying_shares: HashMap<Identifier<C>, VerifyingShare<C>> =
HashMap::with_capacity(max_signers as usize);

let mut secret_shares_by_id: HashMap<Identifier<C>, SecretShare<C>> =
HashMap::with_capacity(max_signers as usize);

for secret_share in secret_shares {
let signer_public = secret_share.value.into();
signer_pubkeys.insert(secret_share.identifier, signer_public);
let signer_public = secret_share.signing_share.into();
verifying_shares.insert(secret_share.identifier, signer_public);

secret_shares_by_id.insert(secret_share.identifier, secret_share);
}

Ok((
secret_shares_by_id,
PublicKeyPackage {
signer_pubkeys,
group_public,
verifying_shares,
verifying_key,
ciphersuite: (),
},
))
Expand Down Expand Up @@ -585,14 +580,14 @@ pub struct KeyPackage<C: Ciphersuite> {
/// Denotes the participant identifier each secret share key package is owned by.
#[zeroize(skip)]
pub(crate) identifier: Identifier<C>,
/// This participant's secret share.
pub(crate) secret_share: SigningShare<C>,
/// This participant's signing share. This is secret.
pub(crate) signing_share: SigningShare<C>,
/// This participant's public key.
#[zeroize(skip)]
pub(crate) public: VerifyingShare<C>,
pub(crate) verifying_share: VerifyingShare<C>,
/// The public verifying key that represents the entire group.
#[zeroize(skip)]
pub(crate) group_public: VerifyingKey<C>,
pub(crate) verifying_key: VerifyingKey<C>,
pub(crate) min_signers: u16,
/// Ciphersuite ID for serialization
#[cfg_attr(
Expand All @@ -614,16 +609,16 @@ where
/// Create a new [`KeyPackage`] instance.
pub fn new(
identifier: Identifier<C>,
secret_share: SigningShare<C>,
public: VerifyingShare<C>,
group_public: VerifyingKey<C>,
signing_share: SigningShare<C>,
verifying_share: VerifyingShare<C>,
verifying_key: VerifyingKey<C>,
min_signers: u16,
) -> Self {
Self {
identifier,
secret_share,
public,
group_public,
signing_share,
verifying_share,
verifying_key,
min_signers,
ciphersuite: (),
}
Expand Down Expand Up @@ -661,13 +656,13 @@ where
/// dealer, but implementations *MUST* make sure that all participants have
/// a consistent view of this commitment in practice.
fn try_from(secret_share: SecretShare<C>) -> Result<Self, Error<C>> {
let (public, group_public) = secret_share.verify()?;
let (verifying_share, verifying_key) = secret_share.verify()?;

Ok(KeyPackage {
identifier: secret_share.identifier,
secret_share: secret_share.value,
public,
group_public,
signing_share: secret_share.signing_share,
verifying_share,
verifying_key,
min_signers: secret_share.commitment.0.len() as u16,
ciphersuite: (),
})
Expand All @@ -684,9 +679,9 @@ where
pub struct PublicKeyPackage<C: Ciphersuite> {
/// The verifying shares for all participants. Used to validate signature
/// shares they generate.
pub(crate) signer_pubkeys: HashMap<Identifier<C>, VerifyingShare<C>>,
pub(crate) verifying_shares: HashMap<Identifier<C>, VerifyingShare<C>>,
/// The joint public key for the entire group.
pub(crate) group_public: VerifyingKey<C>,
pub(crate) verifying_key: VerifyingKey<C>,
/// Ciphersuite ID for serialization
#[cfg_attr(
feature = "serde",
Expand All @@ -706,12 +701,12 @@ where
{
/// Create a new [`PublicKeyPackage`] instance.
pub fn new(
signer_pubkeys: HashMap<Identifier<C>, VerifyingShare<C>>,
group_public: VerifyingKey<C>,
verifying_shares: HashMap<Identifier<C>, VerifyingShare<C>>,
verifying_key: VerifyingKey<C>,
) -> Self {
Self {
signer_pubkeys,
group_public,
verifying_shares,
verifying_key,
ciphersuite: (),
}
}
Expand Down Expand Up @@ -827,7 +822,7 @@ pub(crate) fn generate_secret_shares<C: Ciphersuite>(

secret_shares.push(SecretShare {
identifier: *id,
value: SigningShare(value),
signing_share: SigningShare(value),
commitment: commitment.clone(),
ciphersuite: (),
});
Expand Down Expand Up @@ -880,12 +875,12 @@ pub fn reconstruct<C: Ciphersuite>(
}

// Compute the Lagrange coefficients
for secret_share in key_packages.iter() {
for key_package in key_packages.iter() {
let lagrange_coefficient =
compute_lagrange_coefficient(&identifiers, None, secret_share.identifier)?;
compute_lagrange_coefficient(&identifiers, None, key_package.identifier)?;

// Compute y = f(0) via polynomial interpolation of these t-of-n solutions ('points) of f
secret = secret + (lagrange_coefficient * secret_share.secret_share().0);
secret = secret + (lagrange_coefficient * key_package.signing_share().0);
}

Ok(SigningKey { scalar: secret })
Expand Down
Loading

0 comments on commit eee505a

Please sign in to comment.