hbbft/src/common_coin.rs

//! # A Cryptographic Common Coin
//!
//! The Common Coin produces a pseudorandom binary value that the correct nodes agree on, and that
//! cannot be known beforehand.
//!
//! Every Common Coin instance has a _nonce_ that determines the value, without giving it away: It
//! is not feasible to compute the output from the nonce alone, and the output is uniformly
//! distributed.
//!
//! The nodes input a signal (no data, just `()`), and after _2 f + 1_ nodes have provided input,
//! everyone receives the output value. In particular, the adversary cannot know the output value
//! before at least one correct node has provided input.
//!
//! ## How it works
//!
//! The algorithm uses a threshold signature scheme with the uniqueness property: For each public
//! key and message, there is exactly one valid signature. This group signature is produced using
//! signature shares from any combination of _2 f + 1_ secret key share holders.
//!
//! * On input, a node signs the nonce and sends its signature share to everyone else.
//! * When a node has received _2 f + 1_ shares, it computes the main signature and outputs the XOR
//! of its bits.

use std::collections::BTreeMap;
use std::fmt::Debug;
use std::sync::Arc;

use crypto::error as cerror;
use crypto::{Signature, SignatureShare};
use fault_log::{Fault, FaultKind};
use messaging::{self, DistAlgorithm, NetworkInfo, Target};

/// A common coin error.
#[derive(Clone, Eq, PartialEq, Debug, Fail)]
pub enum Error {
    #[fail(display = "CombineAndVerifySigCrypto error: {}", _0)]
    CombineAndVerifySigCrypto(cerror::Error),
    #[fail(display = "Unknown sender")]
    UnknownSender,
    #[fail(display = "Signature verification failed")]
    VerificationFailed,
}

/// A common coin result.
pub type Result<T> = ::std::result::Result<T, Error>;

#[derive(Serialize, Deserialize, Clone, Debug, PartialEq, Rand)]
pub struct CommonCoinMessage(SignatureShare);

impl CommonCoinMessage {
    pub fn new(sig: SignatureShare) -> Self {
        CommonCoinMessage(sig)
    }

    pub fn to_sig(&self) -> &SignatureShare {
        &self.0
    }
}

/// A common coin algorithm instance. On input, broadcasts our threshold signature share. Upon
/// receiving at least `num_faulty + 1` shares, attempts to combine them into a signature. If that
/// signature is valid, the instance outputs it and terminates; otherwise the instance aborts.
#[derive(Debug)]
pub struct CommonCoin<NodeUid, T> {
    netinfo: Arc<NetworkInfo<NodeUid>>,
    /// The name of this common coin. It is required to be unique for each common coin round.
    nonce: T,
    /// All received threshold signature shares.
    received_shares: BTreeMap<NodeUid, SignatureShare>,
    /// Whether we provided input to the common coin.
    had_input: bool,
    /// Termination flag.
    terminated: bool,
}

pub type Step<NodeUid, T> = messaging::Step<CommonCoin<NodeUid, T>>;

impl<NodeUid, T> DistAlgorithm for CommonCoin<NodeUid, T>
where
    NodeUid: Clone + Debug + Ord,
    T: Clone + AsRef<[u8]>,
{
    type NodeUid = NodeUid;
    type Input = ();
    type Output = bool;
    type Message = CommonCoinMessage;
    type Error = Error;

    /// Sends our threshold signature share if not yet sent.
    fn input(&mut self, _input: Self::Input) -> Result<Step<NodeUid, T>> {
        if !self.had_input {
            self.had_input = true;
            self.get_coin()
        } else {
            Ok(Step::default())
        }
    }

    /// Receives input from a remote node.
    fn handle_message(
        &mut self,
        sender_id: &Self::NodeUid,
        message: Self::Message,
    ) -> Result<Step<NodeUid, T>> {
        if !self.terminated {
            let CommonCoinMessage(share) = message;
            self.handle_share(sender_id, share)
        } else {
            Ok(Step::default())
        }
    }

    /// Whether the algorithm has terminated.
    fn terminated(&self) -> bool {
        self.terminated
    }

    fn our_id(&self) -> &Self::NodeUid {
        self.netinfo.our_uid()
    }
}

impl<NodeUid, T> CommonCoin<NodeUid, T>
where
    NodeUid: Clone + Debug + Ord,
    T: Clone + AsRef<[u8]>,
{
    pub fn new(netinfo: Arc<NetworkInfo<NodeUid>>, nonce: T) -> Self {
        CommonCoin {
            netinfo,
            nonce,
            received_shares: BTreeMap::new(),
            had_input: false,
            terminated: false,
        }
    }

    fn get_coin(&mut self) -> Result<Step<NodeUid, T>> {
        if !self.netinfo.is_validator() {
            return self.try_output();
        }
        let share = self.netinfo.secret_key_share().sign(&self.nonce);
        let mut step: Step<_, _> = Target::All.message(CommonCoinMessage(share.clone())).into();
        let id = self.netinfo.our_uid().clone();
        step.extend(self.handle_share(&id, share)?);
        Ok(step)
    }

    fn handle_share(
        &mut self,
        sender_id: &NodeUid,
        share: SignatureShare,
    ) -> Result<Step<NodeUid, T>> {
        if let Some(pk_i) = self.netinfo.public_key_share(sender_id) {
            if !pk_i.verify(&share, &self.nonce) {
                // Log the faulty node and ignore the invalid share.
                let fault_kind = FaultKind::UnverifiedSignatureShareSender;
                return Ok(Fault::new(sender_id.clone(), fault_kind).into());
            }
            self.received_shares.insert(sender_id.clone(), share);
        } else {
            return Err(Error::UnknownSender);
        }
        self.try_output()
    }

    fn try_output(&mut self) -> Result<Step<NodeUid, T>> {
        debug!(
            "{:?} received {} shares, had_input = {}",
            self.netinfo.our_uid(),
            self.received_shares.len(),
            self.had_input
        );
        if self.had_input && self.received_shares.len() > self.netinfo.num_faulty() {
            let sig = self.combine_and_verify_sig()?;
            // Output the parity of the verified signature.
            let parity = sig.parity();
            debug!("{:?} output {}", self.netinfo.our_uid(), parity);
            self.terminated = true;
            let step = self.input(())?; // Before terminating, make sure we sent our share.
            Ok(step.with_output(parity))
        } else {
            Ok(Step::default())
        }
    }

    fn combine_and_verify_sig(&self) -> Result<Signature> {
        // Pass the indices of sender nodes to `combine_signatures`.
        let to_idx = |(id, share)| (self.netinfo.node_index(id).unwrap(), share);
        let shares = self.received_shares.iter().map(to_idx);
        let sig = self
            .netinfo
            .public_key_set()
            .combine_signatures(shares)
            .map_err(Error::CombineAndVerifySigCrypto)?;
        if !self
            .netinfo
            .public_key_set()
            .public_key()
            .verify(&sig, &self.nonce)
        {
            // Abort
            error!(
                "{:?} main public key verification failed",
                self.netinfo.our_uid()
            );
            Err(Error::VerificationFailed)
        } else {
            Ok(sig)
        }
    }
}
Add coin docs, change parity computation. This makes the signature parity computation take into account all bits, not just the last one of each byte. 2018-07-02 03:09:06 -07:00			`//! # A Cryptographic Common Coin`
			`//!`
Fix module docs. (Review comments.) 2018-07-05 08:51:55 -07:00			`//! The Common Coin produces a pseudorandom binary value that the correct nodes agree on, and that`
Add coin docs, change parity computation. This makes the signature parity computation take into account all bits, not just the last one of each byte. 2018-07-02 03:09:06 -07:00			`//! cannot be known beforehand.`
			`//!`
			`//! Every Common Coin instance has a _nonce_ that determines the value, without giving it away: It`
Fix module docs. (Review comments.) 2018-07-05 08:51:55 -07:00			`//! is not feasible to compute the output from the nonce alone, and the output is uniformly`
			`//! distributed.`
Add coin docs, change parity computation. This makes the signature parity computation take into account all bits, not just the last one of each byte. 2018-07-02 03:09:06 -07:00			`//!`
Add agreement module-level docs. 2018-07-02 06:42:31 -07:00			//! The nodes input a signal (no data, just `()`), and after _2 f + 1_ nodes have provided input,
Add coin docs, change parity computation. This makes the signature parity computation take into account all bits, not just the last one of each byte. 2018-07-02 03:09:06 -07:00			`//! everyone receives the output value. In particular, the adversary cannot know the output value`
			`//! before at least one correct node has provided input.`
			`//!`
			`//! ## How it works`
			`//!`
			`//! The algorithm uses a threshold signature scheme with the uniqueness property: For each public`
Improve mod docs (review comments). 2018-07-02 23:53:08 -07:00			`//! key and message, there is exactly one valid signature. This group signature is produced using`
			`//! signature shares from any combination of _2 f + 1_ secret key share holders.`
Add coin docs, change parity computation. This makes the signature parity computation take into account all bits, not just the last one of each byte. 2018-07-02 03:09:06 -07:00			`//!`
			`//! * On input, a node signs the nonce and sends its signature share to everyone else.`
Add agreement module-level docs. 2018-07-02 06:42:31 -07:00			`//! * When a node has received _2 f + 1_ shares, it computes the main signature and outputs the XOR`
Add coin docs, change parity computation. This makes the signature parity computation take into account all bits, not just the last one of each byte. 2018-07-02 03:09:06 -07:00			`//! of its bits.`
Common Coin module template; added keys in NetworkInfo 2018-06-04 14:00:38 -07:00
Remove output and message queue from CommonCoin. 2018-07-24 02:57:50 -07:00			`use std::collections::BTreeMap;`
Common Coin module template; added keys in NetworkInfo 2018-06-04 14:00:38 -07:00			`use std::fmt::Debug;`
Make `*HoneyBadger` types thread safe. Replaces `Rc` with `Arc`. This allows usage from different threads which will be necessary for use with Parity. 2018-07-11 12:15:08 -07:00			`use std::sync::Arc;`
Common Coin module template; added keys in NetworkInfo 2018-06-04 14:00:38 -07:00
common coin implementation 2018-06-08 11:43:27 -07:00			`use crypto::error as cerror;`
Separate keys and key shares. 2018-07-17 06:54:12 -07:00			`use crypto::{Signature, SignatureShare};`
Remove output and message queue from CommonCoin. 2018-07-24 02:57:50 -07:00			`use fault_log::{Fault, FaultKind};`
added a Step for each module 2018-07-19 06:09:50 -07:00			`use messaging::{self, DistAlgorithm, NetworkInfo, Target};`
Common Coin module template; added keys in NetworkInfo 2018-06-04 14:00:38 -07:00
Replace `chain_error` with `failure` Changes: * Remove `error_chain` and convert errors to `failure` types. * Add variants for each possible error generation point. 2018-07-25 14:38:33 -07:00			`/// A common coin error.`
			`#[derive(Clone, Eq, PartialEq, Debug, Fail)]`
			`pub enum Error {`
			`#[fail(display = "CombineAndVerifySigCrypto error: {}", _0)]`
			`CombineAndVerifySigCrypto(cerror::Error),`
			`#[fail(display = "Unknown sender")]`
			`UnknownSender,`
			`#[fail(display = "Signature verification failed")]`
			`VerificationFailed,`
Common Coin module template; added keys in NetworkInfo 2018-06-04 14:00:38 -07:00			`}`

Replace `chain_error` with `failure` Changes: * Remove `error_chain` and convert errors to `failure` types. * Add variants for each possible error generation point. 2018-07-25 14:38:33 -07:00			`/// A common coin result.`
			`pub type Result<T> = ::std::result::Result<T, Error>;`

Added `RandomAdversary` and the necessary auxiliary functions. Random adversaries are created for `broadcast` and `honey_badger`. Random value generation was added for all type-dependencies of these algorithms, causing the `Rand` trait to be implement for a large portion of the codebase. Additionally, `MessageWithSender` turned into an actual struct, making it much easier to handle. Tuple-like construction is still available through `MessageWithSender::new()`. 2018-07-05 09:20:53 -07:00			`#[derive(Serialize, Deserialize, Clone, Debug, PartialEq, Rand)]`
Separate keys and key shares. 2018-07-17 06:54:12 -07:00			`pub struct CommonCoinMessage(SignatureShare);`
Common Coin module template; added keys in NetworkInfo 2018-06-04 14:00:38 -07:00
protobuf serialization 2018-06-09 13:50:36 -07:00			`impl CommonCoinMessage {`
Separate keys and key shares. 2018-07-17 06:54:12 -07:00			`pub fn new(sig: SignatureShare) -> Self {`
protobuf serialization 2018-06-09 13:50:36 -07:00			`CommonCoinMessage(sig)`
			`}`

Separate keys and key shares. 2018-07-17 06:54:12 -07:00			`pub fn to_sig(&self) -> &SignatureShare {`
protobuf serialization 2018-06-09 13:50:36 -07:00			`&self.0`
			`}`
			`}`

common coin implementation 2018-06-08 11:43:27 -07:00			`/// A common coin algorithm instance. On input, broadcasts our threshold signature share. Upon`
			/// receiving at least `num_faulty + 1` shares, attempts to combine them into a signature. If that
			`/// signature is valid, the instance outputs it and terminates; otherwise the instance aborts.`
Common Coin module template; added keys in NetworkInfo 2018-06-04 14:00:38 -07:00			`#[derive(Debug)]`
Remove more NodeUid trait bounds. Use a `BTreeMap` instead of `HashMap` in `NetworkInfo`. The number of nodes can't grow very large anyway. 2018-06-18 07:37:07 -07:00			`pub struct CommonCoin<NodeUid, T> {`
Make `*HoneyBadger` types thread safe. Replaces `Rc` with `Arc`. This allows usage from different threads which will be necessary for use with Parity. 2018-07-11 12:15:08 -07:00			`netinfo: Arc<NetworkInfo<NodeUid>>,`
common coin implementation 2018-06-08 11:43:27 -07:00			`/// The name of this common coin. It is required to be unique for each common coin round.`
			`nonce: T,`
			`/// All received threshold signature shares.`
Separate keys and key shares. 2018-07-17 06:54:12 -07:00			`received_shares: BTreeMap<NodeUid, SignatureShare>,`
added a queue of incoming common coin signature shares 2018-06-10 03:36:13 -07:00			`/// Whether we provided input to the common coin.`
			`had_input: bool,`
common coin implementation 2018-06-08 11:43:27 -07:00			`/// Termination flag.`
			`terminated: bool,`
Common Coin module template; added keys in NetworkInfo 2018-06-04 14:00:38 -07:00			`}`

added a Step for each module 2018-07-19 06:09:50 -07:00			`pub type Step<NodeUid, T> = messaging::Step<CommonCoin<NodeUid, T>>;`
added step output in DistAlgorithm 2018-07-09 04:35:26 -07:00
Return proposer info from HoneyBadger. Also, consistently name generic arguments, and remove some unused trait bounds. 2018-06-18 07:14:17 -07:00			`impl<NodeUid, T> DistAlgorithm for CommonCoin<NodeUid, T>`
Common Coin module template; added keys in NetworkInfo 2018-06-04 14:00:38 -07:00			`where`
Remove more NodeUid trait bounds. Use a `BTreeMap` instead of `HashMap` in `NetworkInfo`. The number of nodes can't grow very large anyway. 2018-06-18 07:37:07 -07:00			`NodeUid: Clone + Debug + Ord,`
common coin implementation 2018-06-08 11:43:27 -07:00			`T: Clone + AsRef<[u8]>,`
Common Coin module template; added keys in NetworkInfo 2018-06-04 14:00:38 -07:00			`{`
Return proposer info from HoneyBadger. Also, consistently name generic arguments, and remove some unused trait bounds. 2018-06-18 07:14:17 -07:00			`type NodeUid = NodeUid;`
Common Coin module template; added keys in NetworkInfo 2018-06-04 14:00:38 -07:00			`type Input = ();`
common coin implementation 2018-06-08 11:43:27 -07:00			`type Output = bool;`
Common Coin module template; added keys in NetworkInfo 2018-06-04 14:00:38 -07:00			`type Message = CommonCoinMessage;`
			`type Error = Error;`

common coin implementation 2018-06-08 11:43:27 -07:00			`/// Sends our threshold signature share if not yet sent.`
added a Step for each module 2018-07-19 06:09:50 -07:00			`fn input(&mut self, _input: Self::Input) -> Result<Step<NodeUid, T>> {`
Remove output and message queue from CommonCoin. 2018-07-24 02:57:50 -07:00			`if !self.had_input {`
added a queue of incoming common coin signature shares 2018-06-10 03:36:13 -07:00			`self.had_input = true;`
Remove output and message queue from CommonCoin. 2018-07-24 02:57:50 -07:00			`self.get_coin()`
common coin implementation 2018-06-08 11:43:27 -07:00			`} else {`
Remove output and message queue from CommonCoin. 2018-07-24 02:57:50 -07:00			`Ok(Step::default())`
			`}`
Common Coin module template; added keys in NetworkInfo 2018-06-04 14:00:38 -07:00			`}`

common coin implementation 2018-06-08 11:43:27 -07:00			`/// Receives input from a remote node.`
Added faulty node logging to algorithms. 2018-07-08 09:41:50 -07:00			`fn handle_message(`
			`&mut self,`
			`sender_id: &Self::NodeUid,`
			`message: Self::Message,`
added a Step for each module 2018-07-19 06:09:50 -07:00			`) -> Result<Step<NodeUid, T>> {`
Remove output and message queue from CommonCoin. 2018-07-24 02:57:50 -07:00			`if !self.terminated {`
added step output in DistAlgorithm 2018-07-09 04:35:26 -07:00			`let CommonCoinMessage(share) = message;`
Remove output and message queue from CommonCoin. 2018-07-24 02:57:50 -07:00			`self.handle_share(sender_id, share)`
added step output in DistAlgorithm 2018-07-09 04:35:26 -07:00			`} else {`
Remove output and message queue from CommonCoin. 2018-07-24 02:57:50 -07:00			`Ok(Step::default())`
			`}`
Common Coin module template; added keys in NetworkInfo 2018-06-04 14:00:38 -07:00			`}`

			`/// Whether the algorithm has terminated.`
			`fn terminated(&self) -> bool {`
common coin implementation 2018-06-08 11:43:27 -07:00			`self.terminated`
Common Coin module template; added keys in NetworkInfo 2018-06-04 14:00:38 -07:00			`}`

			`fn our_id(&self) -> &Self::NodeUid {`
			`self.netinfo.our_uid()`
			`}`
			`}`

Return proposer info from HoneyBadger. Also, consistently name generic arguments, and remove some unused trait bounds. 2018-06-18 07:14:17 -07:00			`impl<NodeUid, T> CommonCoin<NodeUid, T>`
Common Coin module template; added keys in NetworkInfo 2018-06-04 14:00:38 -07:00			`where`
Remove more NodeUid trait bounds. Use a `BTreeMap` instead of `HashMap` in `NetworkInfo`. The number of nodes can't grow very large anyway. 2018-06-18 07:37:07 -07:00			`NodeUid: Clone + Debug + Ord,`
common coin implementation 2018-06-08 11:43:27 -07:00			`T: Clone + AsRef<[u8]>,`
Common Coin module template; added keys in NetworkInfo 2018-06-04 14:00:38 -07:00			`{`
Make `*HoneyBadger` types thread safe. Replaces `Rc` with `Arc`. This allows usage from different threads which will be necessary for use with Parity. 2018-07-11 12:15:08 -07:00			`pub fn new(netinfo: Arc<NetworkInfo<NodeUid>>, nonce: T) -> Self {`
Common Coin module template; added keys in NetworkInfo 2018-06-04 14:00:38 -07:00			`CommonCoin {`
Revert "the set of node indices of common coin shares is now computed only once" This reverts commit e9808efc6112b69b6ec5b5440b9088d1780de2a5. 2018-06-14 02:05:05 -07:00			`netinfo,`
common coin implementation 2018-06-08 11:43:27 -07:00			`nonce,`
			`received_shares: BTreeMap::new(),`
added a queue of incoming common coin signature shares 2018-06-10 03:36:13 -07:00			`had_input: false,`
common coin implementation 2018-06-08 11:43:27 -07:00			`terminated: false,`
Common Coin module template; added keys in NetworkInfo 2018-06-04 14:00:38 -07:00			`}`
			`}`
get_coin interface to Common Coin 2018-06-07 09:38:27 -07:00
Remove output and message queue from CommonCoin. 2018-07-24 02:57:50 -07:00			`fn get_coin(&mut self) -> Result<Step<NodeUid, T>> {`
Update terminology: "observers" and "validators" 2018-06-29 08:20:54 -07:00			`if !self.netinfo.is_validator() {`
Remove output and message queue from CommonCoin. 2018-07-24 02:57:50 -07:00			`return self.try_output();`
Allow observer nodes in all algorithms. This allows nodes to join the network without sending any messages themselves. They can't give any input and just observe the outcome. Closes #81 2018-06-25 12:09:45 -07:00			`}`
Separate keys and key shares. 2018-07-17 06:54:12 -07:00			`let share = self.netinfo.secret_key_share().sign(&self.nonce);`
Remove output and message queue from CommonCoin. 2018-07-24 02:57:50 -07:00			`let mut step: Step<_, _> = Target::All.message(CommonCoinMessage(share.clone())).into();`
common coin implementation 2018-06-08 11:43:27 -07:00			`let id = self.netinfo.our_uid().clone();`
Remove output and message queue from CommonCoin. 2018-07-24 02:57:50 -07:00			`step.extend(self.handle_share(&id, share)?);`
			`Ok(step)`
common coin implementation 2018-06-08 11:43:27 -07:00			`}`

Separate keys and key shares. 2018-07-17 06:54:12 -07:00			`fn handle_share(`
			`&mut self,`
			`sender_id: &NodeUid,`
			`share: SignatureShare,`
Remove output and message queue from CommonCoin. 2018-07-24 02:57:50 -07:00			`) -> Result<Step<NodeUid, T>> {`
Avoid redundant key computations. 2018-06-27 05:25:32 -07:00			`if let Some(pk_i) = self.netinfo.public_key_share(sender_id) {`
Revert "the set of node indices of common coin shares is now computed only once" This reverts commit e9808efc6112b69b6ec5b5440b9088d1780de2a5. 2018-06-14 02:05:05 -07:00			`if !pk_i.verify(&share, &self.nonce) {`
Added faulty node logging to algorithms. 2018-07-08 09:41:50 -07:00			`// Log the faulty node and ignore the invalid share.`
			`let fault_kind = FaultKind::UnverifiedSignatureShareSender;`
Remove output and message queue from CommonCoin. 2018-07-24 02:57:50 -07:00			`return Ok(Fault::new(sender_id.clone(), fault_kind).into());`
Revert "the set of node indices of common coin shares is now computed only once" This reverts commit e9808efc6112b69b6ec5b5440b9088d1780de2a5. 2018-06-14 02:05:05 -07:00			`}`
			`self.received_shares.insert(sender_id.clone(), share);`
common coin implementation 2018-06-08 11:43:27 -07:00			`} else {`
Replace `chain_error` with `failure` Changes: * Remove `error_chain` and convert errors to `failure` types. * Add variants for each possible error generation point. 2018-07-25 14:38:33 -07:00			`return Err(Error::UnknownSender);`
Allow observer nodes in all algorithms. This allows nodes to join the network without sending any messages themselves. They can't give any input and just observe the outcome. Closes #81 2018-06-25 12:09:45 -07:00			`}`
Remove output and message queue from CommonCoin. 2018-07-24 02:57:50 -07:00			`self.try_output()`
Allow observer nodes in all algorithms. This allows nodes to join the network without sending any messages themselves. They can't give any input and just observe the outcome. Closes #81 2018-06-25 12:09:45 -07:00			`}`

Remove output and message queue from CommonCoin. 2018-07-24 02:57:50 -07:00			`fn try_output(&mut self) -> Result<Step<NodeUid, T>> {`
fixed a starvation issue in Agreement when num_faulty=0 2018-07-10 04:23:50 -07:00			`debug!(`
			`"{:?} received {} shares, had_input = {}",`
			`self.netinfo.our_uid(),`
Fix agreement bugs, and refactor a few fields. * Don't drop `Term` messages from previous epochs. They are still relevant for all future epochs. * Restructure some fields to avoid unnecessary iteration and counting. * Simplify the fields related to the common coin. * Reorder the methods, so that the message handlers are all in one place. * Handle the case where the coin value arrives before the required number of `Conf` messages. 2018-07-28 08:31:17 -07:00			`self.received_shares.len(),`
fixed a starvation issue in Agreement when num_faulty=0 2018-07-10 04:23:50 -07:00			`self.had_input`
			`);`
Fix agreement bugs, and refactor a few fields. * Don't drop `Term` messages from previous epochs. They are still relevant for all future epochs. * Restructure some fields to avoid unnecessary iteration and counting. * Simplify the fields related to the common coin. * Reorder the methods, so that the message handlers are all in one place. * Handle the case where the coin value arrives before the required number of `Conf` messages. 2018-07-28 08:31:17 -07:00			`if self.had_input && self.received_shares.len() > self.netinfo.num_faulty() {`
Allow observer nodes in all algorithms. This allows nodes to join the network without sending any messages themselves. They can't give any input and just observe the outcome. Closes #81 2018-06-25 12:09:45 -07:00			`let sig = self.combine_and_verify_sig()?;`
			`// Output the parity of the verified signature.`
			`let parity = sig.parity();`
fixed a starvation issue in Agreement when num_faulty=0 2018-07-10 04:23:50 -07:00			`debug!("{:?} output {}", self.netinfo.our_uid(), parity);`
Allow observer nodes in all algorithms. This allows nodes to join the network without sending any messages themselves. They can't give any input and just observe the outcome. Closes #81 2018-06-25 12:09:45 -07:00			`self.terminated = true;`
Fix agreement bugs, and refactor a few fields. * Don't drop `Term` messages from previous epochs. They are still relevant for all future epochs. * Restructure some fields to avoid unnecessary iteration and counting. * Simplify the fields related to the common coin. * Reorder the methods, so that the message handlers are all in one place. * Handle the case where the coin value arrives before the required number of `Conf` messages. 2018-07-28 08:31:17 -07:00			`let step = self.input(())?; // Before terminating, make sure we sent our share.`
			`Ok(step.with_output(parity))`
Remove output and message queue from CommonCoin. 2018-07-24 02:57:50 -07:00			`} else {`
			`Ok(Step::default())`
common coin implementation 2018-06-08 11:43:27 -07:00			`}`
get_coin interface to Common Coin 2018-06-07 09:38:27 -07:00			`}`
review comment coverage 2018-06-14 04:28:38 -07:00
Remove generic E: Engine from crypto. 2018-06-21 08:31:15 -07:00			`fn combine_and_verify_sig(&self) -> Result<Signature> {`
review comment coverage 2018-06-14 04:28:38 -07:00			// Pass the indices of sender nodes to `combine_signatures`.
Accept more types in threshold crypto API. This removes some unnecessary allocation and conversion by accepting more primitive types and references as the index in threshold decryption and signing, and as the argument to a polynomial. 2018-07-23 02:50:44 -07:00			`let to_idx = \|(id, share)\| (self.netinfo.node_index(id).unwrap(), share);`
			`let shares = self.received_shares.iter().map(to_idx);`
Replace `chain_error` with `failure` Changes: * Remove `error_chain` and convert errors to `failure` types. * Add variants for each possible error generation point. 2018-07-25 14:38:33 -07:00			`let sig = self`
			`.netinfo`
			`.public_key_set()`
			`.combine_signatures(shares)`
			`.map_err(Error::CombineAndVerifySigCrypto)?;`
review comment coverage 2018-06-14 04:28:38 -07:00			`if !self`
			`.netinfo`
			`.public_key_set()`
			`.public_key()`
			`.verify(&sig, &self.nonce)`
			`{`
			`// Abort`
			`error!(`
			`"{:?} main public key verification failed",`
			`self.netinfo.our_uid()`
			`);`
Replace `chain_error` with `failure` Changes: * Remove `error_chain` and convert errors to `failure` types. * Add variants for each possible error generation point. 2018-07-25 14:38:33 -07:00			`Err(Error::VerificationFailed)`
review comment coverage 2018-06-14 04:28:38 -07:00			`} else {`
			`Ok(sig)`
			`}`
			`}`
Common Coin module template; added keys in NetworkInfo 2018-06-04 14:00:38 -07:00			`}`