WIP

2023-02-16 13:59:51 -03:00 · 2023-02-16 13:59:51 -03:00 · 148616bd53
parent 09f3f36aab
commit 148616bd53
5 changed files with 115 additions and 0 deletions
--- a/frost-core/src/frost/keys.rs
+++ b/frost-core/src/frost/keys.rs
@ -21,6 +21,7 @@ use crate::{
 };

 pub mod dkg;
+pub mod repairable;

 /// Return a vector of randomly generated polynomial coefficients ([`Scalar`]s).
 pub(crate) fn generate_coefficients<C: Ciphersuite, R: RngCore + CryptoRng>(
--- a/frost-core/src/frost/keys/repairable.rs
+++ b/frost-core/src/frost/keys/repairable.rs
@ -0,0 +1,38 @@
+//! Repairable Threshold Scheme
+//!
+
+// # For every single helper i in helpers:
+
+use crate::{frost::Identifier, Ciphersuite, Scalar};
+
+use super::SecretShare;
+
+/// # i: the identifier of the signer helping
+/// # helpers: as above
+/// # share_i: i's secret share
+/// # zeta_i: Lagrange coefficient (?)
+/// # - Note: may be able to be computed inside the function, check
+/// # Output: i_deltas: random values that sum up to zeta_i * share _i
+pub fn compute_random_values<C: Ciphersuite>(
+    helpers: &[Identifier<C>],
+    share_i: &SecretShare<C>,
+    zeta_i: Scalar<C>,
+) -> Vec<Scalar<C>> {
+    vec![]
+}
+
+// # Communication round:
+// # Helper i sends deltas_i[j] to helper j
+
+// # j: the identifier of the signer helping
+// # helpers: as above
+// # deltas_j: values received by j in the communication round
+// # Output: sigma_j
+// pub fn compute_sum_of_random_values(j, helpers, deltas_j) -> sigma_j
+
+// # Communication round
+// # Helper j sends sigma_j to signer r
+
+// # sigmas: all sigma_j received from each helper j
+// # Output: share_r: r's secret share
+// pub fn recover_share(sigmas) -> share_r
--- a/frost-core/src/tests.rs
+++ b/frost-core/src/tests.rs
@ -8,6 +8,7 @@ use crate::Ciphersuite;

 pub mod batch;
 pub mod proptests;
+pub mod repairable;
 pub mod vectors;

 /// Test share generation with a Ciphersuite
--- a/frost-core/src/tests/repairable.rs
+++ b/frost-core/src/tests/repairable.rs
@ -0,0 +1,68 @@
+//! Test for Repairable Threshold Scheme
+
+use std::collections::HashMap;
+
+use rand_core::{CryptoRng, RngCore};
+
+use crate::{
+    frost::{
+        self,
+        keys::{repairable::compute_random_values, PublicKeyPackage, SecretShare},
+        Identifier,
+    },
+    Ciphersuite, Field, Group, Scalar,
+};
+
+/// Test RTS.
+pub fn check_rts<C: Ciphersuite, R: RngCore + CryptoRng>(mut rng: R) {
+    // We want to test that recover share matches the original share
+
+    // Compute shares
+
+    ////////////////////////////////////////////////////////////////////////////
+    // Key generation
+    ////////////////////////////////////////////////////////////////////////////
+
+    let max_signers = 5;
+    let min_signers = 3;
+    let (shares, pubkeys): (Vec<SecretShare<C>>, PublicKeyPackage<C>) =
+        frost::keys::keygen_with_dealer(max_signers, min_signers, &mut rng).unwrap();
+
+    // // Verifies the secret shares from the dealer
+    // let key_packages: HashMap<frost::Identifier<C>, frost::keys::KeyPackage<C>> = shares
+    //     .into_iter()
+    //     .map(|share| {
+    //         (
+    //             share.identifier,
+    //             frost::keys::KeyPackage::try_from(share).unwrap(),
+    //         )
+    //     })
+    //     .collect();
+
+    // Try to recover a share
+
+    // Signer 2 will lose their share
+    // Signer 1, 4 and 5 will help signer 2 to recover their share
+
+    let helpers: [Identifier<C>; 3] = [
+        Identifier::try_from(1).unwrap(),
+        Identifier::try_from(4).unwrap(),
+        Identifier::try_from(5).unwrap(),
+    ];
+    //  For every helper i in helpers:
+
+    for i in [1usize, 4, 5] {
+        // let identifier: Identifier<C> = Identifier::try_from(i as u16).unwrap();
+        // pub fn compute_random_values(i, helpers, share_i, zeta_i) -> deltas_i
+        let zeta_i = <<C::Group as Group>::Field>::one();
+        let deltas_i: Vec<Scalar<C>> = compute_random_values(&helpers, &shares[i - 1], zeta_i);
+
+        // Test if Sum of deltas_i = zeta_i * share _i
+        let rhs = zeta_i * shares[i - 1].value.0;
+        let mut lhs = <<C::Group as Group>::Field>::zero();
+        for delta in deltas_i {
+            lhs = lhs + delta;
+        }
+        assert!(lhs == rhs);
+    }
+}
--- a/frost-ristretto255/tests/frost.rs
+++ b/frost-ristretto255/tests/frost.rs
@ -17,6 +17,13 @@ fn check_sign_with_dkg() {
    frost_core::tests::check_sign_with_dkg::<Ristretto255Sha512, _>(rng);
 }

+#[test]
+fn check_rts() {
+    let rng = thread_rng();
+
+    frost_core::tests::repairable::check_rts::<Ristretto255Sha512, _>(rng);
+}
+
 #[test]
 fn check_batch_verify() {
    let rng = thread_rng();