frost/frost-secp256k1/src/keys/repairable.rs

//! Repairable Threshold Scheme
//!
//! Implements the Repairable Threshold Scheme (RTS) from <https://eprint.iacr.org/2017/1155>.
//! The RTS is used to help a signer (participant) repair their lost share. This is achieved
//! using a subset of the other signers know here as `helpers`.

use std::collections::HashMap;

// This is imported separately to make `gencode` work.
// (if it were below, the position of the import would vary between ciphersuites
//  after `cargo fmt`)
use crate::{frost, Ciphersuite, CryptoRng, Identifier, RngCore, Scalar};
use crate::{Error, Secp256K1Sha256};

use super::{SecretShare, VerifiableSecretSharingCommitment};

/// Step 1 of RTS.
///
/// Generates the "delta" values from `helper_i` to help `participant` recover their share
/// where `helpers` contains the identifiers of all the helpers (including `helper_i`), and `share_i`
/// is the share of `helper_i`.
///
/// Returns a HashMap mapping which value should be sent to which participant.
pub fn repair_share_step_1<C: Ciphersuite, R: RngCore + CryptoRng>(
    helpers: &[Identifier],
    share_i: &SecretShare,
    rng: &mut R,
    participant: Identifier,
) -> Result<HashMap<Identifier, Scalar>, Error> {
    frost::keys::repairable::repair_share_step_1(helpers, share_i, rng, participant)
}

/// Step 2 of RTS.
///
/// Generates the `sigma` values from all `deltas` received from `helpers`
/// to help `participant` recover their share.
/// `sigma` is the sum of all received `delta` and the `delta_i` generated for `helper_i`.
///
/// Returns a scalar
pub fn repair_share_step_2(deltas_j: &[Scalar]) -> Scalar {
    frost::keys::repairable::repair_share_step_2::<Secp256K1Sha256>(deltas_j)
}

/// Step 3 of RTS
///
/// The `participant` sums all `sigma_j` received to compute the `share`. The `SecretShare`
/// is made up of the `identifier`and `commitment` of the `participant` as well as the
/// `value` which is the `SigningShare`.
pub fn repair_share_step_3(
    sigmas: &[Scalar],
    identifier: Identifier,
    commitment: &VerifiableSecretSharingCommitment,
) -> SecretShare {
    frost::keys::repairable::repair_share_step_3(sigmas, identifier, commitment)
}

#[cfg(test)]
mod tests {

    use lazy_static::lazy_static;
    use rand::thread_rng;
    use serde_json::Value;

    use crate::Secp256K1Sha256;

    lazy_static! {
        pub static ref REPAIR_SHARE: Value =
            serde_json::from_str(include_str!("../../tests/helpers/repair-share.json").trim())
                .unwrap();
    }

    #[test]
    fn check_repair_share_step_1() {
        let rng = thread_rng();

        frost_core::tests::repairable::check_repair_share_step_1::<Secp256K1Sha256, _>(rng);
    }

    #[test]
    fn check_repair_share_step_2() {
        frost_core::tests::repairable::check_repair_share_step_2::<Secp256K1Sha256>(&REPAIR_SHARE);
    }

    #[test]
    fn check_repair_share_step_3() {
        let rng = thread_rng();
        frost_core::tests::repairable::check_repair_share_step_3::<Secp256K1Sha256, _>(
            rng,
            &REPAIR_SHARE,
        );
    }
}
Change gencode to handle repairable module; fix build issues (#329) * make gencode generate repairable.rs * fix build issues in ciphersuite-specific repairable.rs * copy repairable docs from frost-core into ciphersuites modules * use full ciphersuite name in repairable.rs to make gencode work 2023-04-27 19:16:03 -07:00			`//! Repairable Threshold Scheme`
			`//!`
			`//! Implements the Repairable Threshold Scheme (RTS) from <https://eprint.iacr.org/2017/1155>.`
			`//! The RTS is used to help a signer (participant) repair their lost share. This is achieved`
			//! using a subset of the other signers know here as `helpers`.
Add repair share functionality (#281) * Add compute random value function for repair share functionality (#41) This is step 1 of 3 * Add compute random value function for repair share functionality for each ciphersuite (#41) * Add compute_sum_of_random_values function for repair share functionality (#41) This is step 2 of 3 * Add recover_share function for repair share functionality (#41) This is step 3 of 3 * Add communication rounds functions for repair share functionality for each ciphersuite (#41) Add compute_sum_of_random_variables function Add recover_share function * Fix recover_share tests so they test the right thing Fix secp256 recover share test values Fix ristretto255 recover share test values Fix ristretto255 compute sum of random values test values * Rewrite compute_random_values to generate_random_values for repair share functionality (#41) Test generate_random_values directly End to end test to be added in another commit Updated gendoc to use original file values to fix clippy complaints * Rename functions and update documentation for repair (#41) * Add end to end test for repair share (#41) Fix lagrange coefficient calculation Co-authored-by: conrado <conradoplg@gmail.com> * Fix formatting (#41) * Remove comment (#41) Co-authored-by: Conrado Gouvea <conrado@zfnd.org> * Update documentation for step 1 of RTS (#41) Co-authored-by: Conrado Gouvea <conrado@zfnd.org> * Update documentation for method of computing step 1 of RTS (#41) Co-authored-by: Conrado Gouvea <conrado@zfnd.org> * Rename repair share functions (#41) * Improve documentation for Repairable Threshold Scheme (#41) * Remove unecessary code from repairable tests (#41) * Update repairable documentation Co-authored-by: Conrado Gouvea <conrado@zfnd.org> * Rename steps in repairable to be more consistent with DKG pattern (#41) * Update gitignore (#41) * Update repairable to use new keygen_with_dealer signature (#41) * Update frost-core/src/frost/keys/repairable.rs --------- Co-authored-by: conrado <conradoplg@gmail.com> Co-authored-by: Conrado Gouvea <conrado@zfnd.org> 2023-04-24 08:27:14 -07:00
			`use std::collections::HashMap;`

Change gencode to handle repairable module; fix build issues (#329) * make gencode generate repairable.rs * fix build issues in ciphersuite-specific repairable.rs * copy repairable docs from frost-core into ciphersuites modules * use full ciphersuite name in repairable.rs to make gencode work 2023-04-27 19:16:03 -07:00			// This is imported separately to make `gencode` work.
			`// (if it were below, the position of the import would vary between ciphersuites`
			// after `cargo fmt`)
			`use crate::{frost, Ciphersuite, CryptoRng, Identifier, RngCore, Scalar};`
refactor Lagrange coefficient computation (#436) * refactor Lagrange coefficient computation * A line * Apply suggestions from code review Co-authored-by: Deirdre Connolly <durumcrustulum@gmail.com> * address review comments; make compute_lagrange_coefficients() not pub by default --------- Co-authored-by: Deirdre Connolly <durumcrustulum@gmail.com> 2023-07-19 09:47:09 -07:00			`use crate::{Error, Secp256K1Sha256};`
Change gencode to handle repairable module; fix build issues (#329) * make gencode generate repairable.rs * fix build issues in ciphersuite-specific repairable.rs * copy repairable docs from frost-core into ciphersuites modules * use full ciphersuite name in repairable.rs to make gencode work 2023-04-27 19:16:03 -07:00
			`use super::{SecretShare, VerifiableSecretSharingCommitment};`

			`/// Step 1 of RTS.`
			`///`
			/// Generates the "delta" values from `helper_i` to help `participant` recover their share
			/// where `helpers` contains the identifiers of all the helpers (including `helper_i`), and `share_i`
			/// is the share of `helper_i`.
			`///`
			`/// Returns a HashMap mapping which value should be sent to which participant.`
			`pub fn repair_share_step_1<C: Ciphersuite, R: RngCore + CryptoRng>(`
			`helpers: &[Identifier],`
			`share_i: &SecretShare,`
Add repair share functionality (#281) * Add compute random value function for repair share functionality (#41) This is step 1 of 3 * Add compute random value function for repair share functionality for each ciphersuite (#41) * Add compute_sum_of_random_values function for repair share functionality (#41) This is step 2 of 3 * Add recover_share function for repair share functionality (#41) This is step 3 of 3 * Add communication rounds functions for repair share functionality for each ciphersuite (#41) Add compute_sum_of_random_variables function Add recover_share function * Fix recover_share tests so they test the right thing Fix secp256 recover share test values Fix ristretto255 recover share test values Fix ristretto255 compute sum of random values test values * Rewrite compute_random_values to generate_random_values for repair share functionality (#41) Test generate_random_values directly End to end test to be added in another commit Updated gendoc to use original file values to fix clippy complaints * Rename functions and update documentation for repair (#41) * Add end to end test for repair share (#41) Fix lagrange coefficient calculation Co-authored-by: conrado <conradoplg@gmail.com> * Fix formatting (#41) * Remove comment (#41) Co-authored-by: Conrado Gouvea <conrado@zfnd.org> * Update documentation for step 1 of RTS (#41) Co-authored-by: Conrado Gouvea <conrado@zfnd.org> * Update documentation for method of computing step 1 of RTS (#41) Co-authored-by: Conrado Gouvea <conrado@zfnd.org> * Rename repair share functions (#41) * Improve documentation for Repairable Threshold Scheme (#41) * Remove unecessary code from repairable tests (#41) * Update repairable documentation Co-authored-by: Conrado Gouvea <conrado@zfnd.org> * Rename steps in repairable to be more consistent with DKG pattern (#41) * Update gitignore (#41) * Update repairable to use new keygen_with_dealer signature (#41) * Update frost-core/src/frost/keys/repairable.rs --------- Co-authored-by: conrado <conradoplg@gmail.com> Co-authored-by: Conrado Gouvea <conrado@zfnd.org> 2023-04-24 08:27:14 -07:00			`rng: &mut R,`
Change gencode to handle repairable module; fix build issues (#329) * make gencode generate repairable.rs * fix build issues in ciphersuite-specific repairable.rs * copy repairable docs from frost-core into ciphersuites modules * use full ciphersuite name in repairable.rs to make gencode work 2023-04-27 19:16:03 -07:00			`participant: Identifier,`
refactor Lagrange coefficient computation (#436) * refactor Lagrange coefficient computation * A line * Apply suggestions from code review Co-authored-by: Deirdre Connolly <durumcrustulum@gmail.com> * address review comments; make compute_lagrange_coefficients() not pub by default --------- Co-authored-by: Deirdre Connolly <durumcrustulum@gmail.com> 2023-07-19 09:47:09 -07:00			`) -> Result<HashMap<Identifier, Scalar>, Error> {`
Change gencode to handle repairable module; fix build issues (#329) * make gencode generate repairable.rs * fix build issues in ciphersuite-specific repairable.rs * copy repairable docs from frost-core into ciphersuites modules * use full ciphersuite name in repairable.rs to make gencode work 2023-04-27 19:16:03 -07:00			`frost::keys::repairable::repair_share_step_1(helpers, share_i, rng, participant)`
Add repair share functionality (#281) * Add compute random value function for repair share functionality (#41) This is step 1 of 3 * Add compute random value function for repair share functionality for each ciphersuite (#41) * Add compute_sum_of_random_values function for repair share functionality (#41) This is step 2 of 3 * Add recover_share function for repair share functionality (#41) This is step 3 of 3 * Add communication rounds functions for repair share functionality for each ciphersuite (#41) Add compute_sum_of_random_variables function Add recover_share function * Fix recover_share tests so they test the right thing Fix secp256 recover share test values Fix ristretto255 recover share test values Fix ristretto255 compute sum of random values test values * Rewrite compute_random_values to generate_random_values for repair share functionality (#41) Test generate_random_values directly End to end test to be added in another commit Updated gendoc to use original file values to fix clippy complaints * Rename functions and update documentation for repair (#41) * Add end to end test for repair share (#41) Fix lagrange coefficient calculation Co-authored-by: conrado <conradoplg@gmail.com> * Fix formatting (#41) * Remove comment (#41) Co-authored-by: Conrado Gouvea <conrado@zfnd.org> * Update documentation for step 1 of RTS (#41) Co-authored-by: Conrado Gouvea <conrado@zfnd.org> * Update documentation for method of computing step 1 of RTS (#41) Co-authored-by: Conrado Gouvea <conrado@zfnd.org> * Rename repair share functions (#41) * Improve documentation for Repairable Threshold Scheme (#41) * Remove unecessary code from repairable tests (#41) * Update repairable documentation Co-authored-by: Conrado Gouvea <conrado@zfnd.org> * Rename steps in repairable to be more consistent with DKG pattern (#41) * Update gitignore (#41) * Update repairable to use new keygen_with_dealer signature (#41) * Update frost-core/src/frost/keys/repairable.rs --------- Co-authored-by: conrado <conradoplg@gmail.com> Co-authored-by: Conrado Gouvea <conrado@zfnd.org> 2023-04-24 08:27:14 -07:00			`}`

Change gencode to handle repairable module; fix build issues (#329) * make gencode generate repairable.rs * fix build issues in ciphersuite-specific repairable.rs * copy repairable docs from frost-core into ciphersuites modules * use full ciphersuite name in repairable.rs to make gencode work 2023-04-27 19:16:03 -07:00			`/// Step 2 of RTS.`
			`///`
			/// Generates the `sigma` values from all `deltas` received from `helpers`
			/// to help `participant` recover their share.
			/// `sigma` is the sum of all received `delta` and the `delta_i` generated for `helper_i`.
			`///`
			`/// Returns a scalar`
			`pub fn repair_share_step_2(deltas_j: &[Scalar]) -> Scalar {`
			`frost::keys::repairable::repair_share_step_2::<Secp256K1Sha256>(deltas_j)`
Add repair share functionality (#281) * Add compute random value function for repair share functionality (#41) This is step 1 of 3 * Add compute random value function for repair share functionality for each ciphersuite (#41) * Add compute_sum_of_random_values function for repair share functionality (#41) This is step 2 of 3 * Add recover_share function for repair share functionality (#41) This is step 3 of 3 * Add communication rounds functions for repair share functionality for each ciphersuite (#41) Add compute_sum_of_random_variables function Add recover_share function * Fix recover_share tests so they test the right thing Fix secp256 recover share test values Fix ristretto255 recover share test values Fix ristretto255 compute sum of random values test values * Rewrite compute_random_values to generate_random_values for repair share functionality (#41) Test generate_random_values directly End to end test to be added in another commit Updated gendoc to use original file values to fix clippy complaints * Rename functions and update documentation for repair (#41) * Add end to end test for repair share (#41) Fix lagrange coefficient calculation Co-authored-by: conrado <conradoplg@gmail.com> * Fix formatting (#41) * Remove comment (#41) Co-authored-by: Conrado Gouvea <conrado@zfnd.org> * Update documentation for step 1 of RTS (#41) Co-authored-by: Conrado Gouvea <conrado@zfnd.org> * Update documentation for method of computing step 1 of RTS (#41) Co-authored-by: Conrado Gouvea <conrado@zfnd.org> * Rename repair share functions (#41) * Improve documentation for Repairable Threshold Scheme (#41) * Remove unecessary code from repairable tests (#41) * Update repairable documentation Co-authored-by: Conrado Gouvea <conrado@zfnd.org> * Rename steps in repairable to be more consistent with DKG pattern (#41) * Update gitignore (#41) * Update repairable to use new keygen_with_dealer signature (#41) * Update frost-core/src/frost/keys/repairable.rs --------- Co-authored-by: conrado <conradoplg@gmail.com> Co-authored-by: Conrado Gouvea <conrado@zfnd.org> 2023-04-24 08:27:14 -07:00			`}`

Change gencode to handle repairable module; fix build issues (#329) * make gencode generate repairable.rs * fix build issues in ciphersuite-specific repairable.rs * copy repairable docs from frost-core into ciphersuites modules * use full ciphersuite name in repairable.rs to make gencode work 2023-04-27 19:16:03 -07:00			`/// Step 3 of RTS`
			`///`
			/// The `participant` sums all `sigma_j` received to compute the `share`. The `SecretShare`
			/// is made up of the `identifier`and `commitment` of the `participant` as well as the
			/// `value` which is the `SigningShare`.
			`pub fn repair_share_step_3(`
			`sigmas: &[Scalar],`
			`identifier: Identifier,`
			`commitment: &VerifiableSecretSharingCommitment,`
			`) -> SecretShare {`
			`frost::keys::repairable::repair_share_step_3(sigmas, identifier, commitment)`
Add repair share functionality (#281) * Add compute random value function for repair share functionality (#41) This is step 1 of 3 * Add compute random value function for repair share functionality for each ciphersuite (#41) * Add compute_sum_of_random_values function for repair share functionality (#41) This is step 2 of 3 * Add recover_share function for repair share functionality (#41) This is step 3 of 3 * Add communication rounds functions for repair share functionality for each ciphersuite (#41) Add compute_sum_of_random_variables function Add recover_share function * Fix recover_share tests so they test the right thing Fix secp256 recover share test values Fix ristretto255 recover share test values Fix ristretto255 compute sum of random values test values * Rewrite compute_random_values to generate_random_values for repair share functionality (#41) Test generate_random_values directly End to end test to be added in another commit Updated gendoc to use original file values to fix clippy complaints * Rename functions and update documentation for repair (#41) * Add end to end test for repair share (#41) Fix lagrange coefficient calculation Co-authored-by: conrado <conradoplg@gmail.com> * Fix formatting (#41) * Remove comment (#41) Co-authored-by: Conrado Gouvea <conrado@zfnd.org> * Update documentation for step 1 of RTS (#41) Co-authored-by: Conrado Gouvea <conrado@zfnd.org> * Update documentation for method of computing step 1 of RTS (#41) Co-authored-by: Conrado Gouvea <conrado@zfnd.org> * Rename repair share functions (#41) * Improve documentation for Repairable Threshold Scheme (#41) * Remove unecessary code from repairable tests (#41) * Update repairable documentation Co-authored-by: Conrado Gouvea <conrado@zfnd.org> * Rename steps in repairable to be more consistent with DKG pattern (#41) * Update gitignore (#41) * Update repairable to use new keygen_with_dealer signature (#41) * Update frost-core/src/frost/keys/repairable.rs --------- Co-authored-by: conrado <conradoplg@gmail.com> Co-authored-by: Conrado Gouvea <conrado@zfnd.org> 2023-04-24 08:27:14 -07:00			`}`
Refactor test folders (#366) * move test functions that differ from other ciphersuites to make gencode simpler to use (#364) * Refactored folder structure for ristretto255 (#364) * Add batch and signing tests folders to ristretto255 (#364) * Refactor test folders for ed25519 (#364) * Refactor test folders for ed448 (#364) * Refactor test folders for ed448 (#364) * Refactor test folders for secp256k1 (#364) * Refactor test folders for frost-core (#364) Update ciphersuites due to refactoring in core * Update coverage tool to exclude new test files (#364) * Rename signing_tests to ciphersuite_generic_tests to match frost-core (#364) * Set default branch as main in codecov (#364) * Fix incorrect file name in gencode (#364) * Remove test file targets in gencode and replace with only md files (#364) * Rename helper_functions to helpers (#364) Remove unecessary test traits * Rename ciphersuite tests (#364) * Rename test_helpers to helpers (#364) * move tests to integration_tests (#364) * Re-add dkg.rs and repairable.rs to gendoc (#364) * Refactored rest of ciphersuite integration tests (#364) * Fix fmt in gencode (#364) 2023-05-31 14:23:29 -07:00
			`#[cfg(test)]`
			`mod tests {`

			`use lazy_static::lazy_static;`
			`use rand::thread_rng;`
			`use serde_json::Value;`

			`use crate::Secp256K1Sha256;`

			`lazy_static! {`
			`pub static ref REPAIR_SHARE: Value =`
			`serde_json::from_str(include_str!("../../tests/helpers/repair-share.json").trim())`
			`.unwrap();`
			`}`

			`#[test]`
			`fn check_repair_share_step_1() {`
			`let rng = thread_rng();`

			`frost_core::tests::repairable::check_repair_share_step_1::<Secp256K1Sha256, _>(rng);`
			`}`

			`#[test]`
			`fn check_repair_share_step_2() {`
			`frost_core::tests::repairable::check_repair_share_step_2::<Secp256K1Sha256>(&REPAIR_SHARE);`
			`}`

			`#[test]`
			`fn check_repair_share_step_3() {`
			`let rng = thread_rng();`
			`frost_core::tests::repairable::check_repair_share_step_3::<Secp256K1Sha256, _>(`
			`rng,`
			`&REPAIR_SHARE,`
			`);`
			`}`
			`}`