Merge pull request #28 from poanetwork/try-prefixed-constructors
Added 'try_' constructors to secret types.
This commit is contained in:
commit
a2fa8a4b8f
|
@ -19,8 +19,8 @@ mod poly_benches {
|
|||
"Polynomial multiplication",
|
||||
move |b, &°| {
|
||||
let rand_factors = || {
|
||||
let lhs = Poly::random(deg, &mut rng).unwrap();
|
||||
let rhs = Poly::random(deg, &mut rng).unwrap();
|
||||
let lhs = Poly::random(deg, &mut rng);
|
||||
let rhs = Poly::random(deg, &mut rng);
|
||||
(lhs, rhs)
|
||||
};
|
||||
b.iter_with_setup(rand_factors, |(lhs, rhs)| &lhs * &rhs)
|
||||
|
@ -36,7 +36,7 @@ mod poly_benches {
|
|||
"Polynomial interpolation",
|
||||
move |b, &°| {
|
||||
let rand_samples = || (0..=deg).map(|i| (i, rng.gen::<Fr>())).collect::<Vec<_>>();
|
||||
b.iter_with_setup(rand_samples, |samples| Poly::interpolate(samples).unwrap())
|
||||
b.iter_with_setup(rand_samples, Poly::interpolate)
|
||||
},
|
||||
&[5, 10, 20, 40],
|
||||
);
|
||||
|
|
|
@ -27,12 +27,12 @@ impl SecretSociety {
|
|||
// decrypt a message must exceed this `threshold`.
|
||||
fn new(n_actors: usize, threshold: usize) -> Self {
|
||||
let mut rng = rand::thread_rng();
|
||||
let sk_set = SecretKeySet::random(threshold, &mut rng).unwrap();
|
||||
let sk_set = SecretKeySet::random(threshold, &mut rng);
|
||||
let pk_set = sk_set.public_keys();
|
||||
|
||||
let actors = (0..n_actors)
|
||||
.map(|id| {
|
||||
let sk_share = sk_set.secret_key_share(id).unwrap();
|
||||
let sk_share = sk_set.secret_key_share(id);
|
||||
let pk_share = pk_set.public_key_share(id);
|
||||
Actor::new(id, sk_share, pk_share)
|
||||
}).collect();
|
||||
|
|
|
@ -45,12 +45,12 @@ impl ChatNetwork {
|
|||
// before it can be added to the `chat_log`.
|
||||
fn new(n_nodes: usize, threshold: usize) -> Self {
|
||||
let mut rng = rand::thread_rng();
|
||||
let sk_set = SecretKeySet::random(threshold, &mut rng).unwrap();
|
||||
let sk_set = SecretKeySet::random(threshold, &mut rng);
|
||||
let pk_set = sk_set.public_keys();
|
||||
|
||||
let nodes = (0..n_nodes)
|
||||
.map(|id| {
|
||||
let sk_share = sk_set.secret_key_share(id).unwrap();
|
||||
let sk_share = sk_set.secret_key_share(id);
|
||||
let pk_share = pk_set.public_key_share(id);
|
||||
Node::new(id, sk_share, pk_share)
|
||||
}).collect();
|
||||
|
|
293
src/lib.rs
293
src/lib.rs
|
@ -31,8 +31,8 @@ pub mod serde_impl;
|
|||
use std::env;
|
||||
use std::fmt;
|
||||
use std::hash::{Hash, Hasher};
|
||||
use std::mem::size_of_val;
|
||||
use std::ptr::{copy_nonoverlapping, write_volatile};
|
||||
use std::mem::{size_of, size_of_val};
|
||||
use std::ptr::copy_nonoverlapping;
|
||||
|
||||
use byteorder::{BigEndian, ByteOrder};
|
||||
use errno::errno;
|
||||
|
@ -62,6 +62,14 @@ lazy_static! {
|
|||
Ok(s) => s.parse().unwrap_or(true),
|
||||
_ => true,
|
||||
};
|
||||
|
||||
// The size in bytes of a single `Fr` field element.
|
||||
static ref FR_SIZE: usize = size_of::<Fr>();
|
||||
}
|
||||
|
||||
// Overwrites a single field element with zeros.
|
||||
pub(crate) fn clear_fr(fr_ptr: *mut u8) {
|
||||
unsafe { memzero(fr_ptr, *FR_SIZE) };
|
||||
}
|
||||
|
||||
/// Marks a type as containing one or more secret prime field elements.
|
||||
|
@ -256,55 +264,50 @@ pub struct SecretKey(Box<Fr>);
|
|||
///
|
||||
/// # Panics
|
||||
///
|
||||
/// Panics if we have hit the system's locked memory limit when `mlock`ing the new instance of
|
||||
/// `SecretKey`.`
|
||||
/// Panics if we have reached the system's locked memory limit when locking the secret field
|
||||
/// element in RAM.
|
||||
impl Default for SecretKey {
|
||||
fn default() -> Self {
|
||||
let mut fr = Fr::zero();
|
||||
match SecretKey::from_mut_ptr(&mut fr as *mut Fr) {
|
||||
Ok(sk) => sk,
|
||||
Err(e) => panic!("Failed to create default `SecretKey`: {}", e),
|
||||
}
|
||||
SecretKey::try_from_mut(&mut fr)
|
||||
.unwrap_or_else(|e| panic!("Failed to create default `SecretKey`: {}", e))
|
||||
}
|
||||
}
|
||||
|
||||
/// Creates a random `SecretKey`.
|
||||
/// Creates a random `SecretKey` from a given RNG. If you do not need to specify your own RNG, you
|
||||
/// should use `SecretKey::random()` or `SecretKey::try_random()` as your constructor instead.
|
||||
///
|
||||
/// # Panics
|
||||
///
|
||||
/// Panics if we have hit the system's locked memory limit when `mlock`ing the new instance of
|
||||
/// `SecretKey`.
|
||||
/// Panics if we have reached the system's locked memory limit when locking the secret field
|
||||
/// element in RAM.
|
||||
impl Rand for SecretKey {
|
||||
fn rand<R: Rng>(rng: &mut R) -> Self {
|
||||
let mut fr = Fr::rand(rng);
|
||||
match SecretKey::from_mut_ptr(&mut fr as *mut Fr) {
|
||||
Ok(sk) => sk,
|
||||
Err(e) => panic!("Failed to create random `SecretKey`: {}", e),
|
||||
}
|
||||
SecretKey::try_from_mut(&mut fr)
|
||||
.unwrap_or_else(|e| panic!("Failed to create random `SecretKey`: {}", e))
|
||||
}
|
||||
}
|
||||
|
||||
/// Creates a new `SecretKey` by cloning another key's prime field element.
|
||||
/// Creates a new `SecretKey` by cloning another `SecretKey`'s prime field element.
|
||||
///
|
||||
/// # Panics
|
||||
///
|
||||
/// Panics if we have hit the system's locked memory limit when `mlock`ing the new instance of
|
||||
/// `SecretKey`.
|
||||
/// Panics if we have reached the system's locked memory limit when locking the secret field
|
||||
/// element into RAM.
|
||||
impl Clone for SecretKey {
|
||||
fn clone(&self) -> Self {
|
||||
let mut fr = *self.0;
|
||||
match SecretKey::from_mut_ptr(&mut fr as *mut Fr) {
|
||||
Ok(sk) => sk,
|
||||
Err(e) => panic!("Failed to clone a new `SecretKey`: {}", e),
|
||||
}
|
||||
SecretKey::try_from_mut(&mut fr)
|
||||
.unwrap_or_else(|e| panic!("Failed to clone `SecretKey`: {}", e))
|
||||
}
|
||||
}
|
||||
|
||||
// A volatile overwrite of the prime field element's memory.
|
||||
// Zeroes out and unlocks the memory allocated from the `SecretKey`'s field element.
|
||||
//
|
||||
// # Panics
|
||||
//
|
||||
// Panics if we were unable to `munlock` the prime field element memory after it has been cleared.
|
||||
// Panics if we fail to unlock the memory containing the field element.
|
||||
impl Drop for SecretKey {
|
||||
fn drop(&mut self) {
|
||||
self.zero_secret_memory();
|
||||
|
@ -362,52 +365,100 @@ impl ContainsSecret for SecretKey {
|
|||
|
||||
fn zero_secret_memory(&self) {
|
||||
let ptr = &*self.0 as *const Fr as *mut u8;
|
||||
let n_bytes = size_of_val(&*self.0);
|
||||
unsafe {
|
||||
memzero(ptr, n_bytes);
|
||||
}
|
||||
clear_fr(ptr);
|
||||
}
|
||||
}
|
||||
|
||||
impl SecretKey {
|
||||
/// Creates a new `SecretKey` given a mutable raw pointer to a prime
|
||||
/// field element. This constructor takes a pointer to avoid any
|
||||
/// unnecessary stack copying/moving of secrets. The field element will
|
||||
/// be copied bytewise onto the heap, the resulting `Box` is then
|
||||
/// stored in the `SecretKey`.
|
||||
/// Creates a new `SecretKey` from a mutable reference to a field element. This constructor
|
||||
/// takes a reference to avoid any unnecessary stack copying/moving of secrets (i.e. the field
|
||||
/// element). The field element is copied bytewise onto the heap, the resulting `Box` is
|
||||
/// stored in the returned `SecretKey`.
|
||||
///
|
||||
/// *WARNING* this constructor will overwrite the pointed to `Fr` element
|
||||
/// with zeros after it has been copied onto the heap.
|
||||
/// This constructor is identical to `SecretKey::try_from_mut()` in every way except that this
|
||||
/// constructor will panic if locking memory into RAM fails, whereas
|
||||
/// `SecretKey::try_from_mut()` returns an `Err`.
|
||||
///
|
||||
/// *WARNING* this constructor will overwrite the referenced `Fr` element with zeros after it
|
||||
/// has been copied onto the heap.
|
||||
///
|
||||
/// # Panics
|
||||
///
|
||||
/// Panics if we reach the system's locked memory limit when locking the secret field element
|
||||
/// into RAM.
|
||||
pub fn from_mut(fr: &mut Fr) -> Self {
|
||||
SecretKey::try_from_mut(fr)
|
||||
.unwrap_or_else(|e| panic!("Falied to create `SecretKey`: {}", e))
|
||||
}
|
||||
|
||||
/// Creates a new `SecretKey` from a mutable reference to a field element. This constructor
|
||||
/// takes a reference to avoid any unnecessary stack copying/moving of secrets (i.e. the field
|
||||
/// element). The field element is copied bytewise onto the heap, the resulting `Box` is
|
||||
/// stored in the returned `SecretKey`.
|
||||
///
|
||||
/// This constructor is identical to `SecretKey::from_mut()` in every way except that this
|
||||
/// constructor will return an `Err` if locking memory into RAM fails, whereas
|
||||
/// `SecretKey::from_mut()` will panic.
|
||||
///
|
||||
/// *WARNING* this constructor will overwrite the referenced `Fr` element with zeros after it
|
||||
/// has been copied onto the heap.
|
||||
///
|
||||
/// # Errors
|
||||
///
|
||||
/// Returns an `Error::MlockFailed` if we have reached the systems's
|
||||
/// locked memory limit.
|
||||
#[cfg_attr(feature = "cargo-clippy", allow(not_unsafe_ptr_arg_deref))]
|
||||
pub fn from_mut_ptr(fr_ptr: *mut Fr) -> Result<Self> {
|
||||
/// Returns an `Error::MlockFailed` if we reached the system's locked memory limit when locking
|
||||
/// the secret field element into RAM.
|
||||
pub fn try_from_mut(fr: &mut Fr) -> Result<Self> {
|
||||
let fr_ptr = fr as *mut Fr;
|
||||
let mut boxed_fr = Box::new(Fr::zero());
|
||||
unsafe {
|
||||
copy_nonoverlapping(fr_ptr, &mut *boxed_fr as *mut Fr, 1);
|
||||
write_volatile(fr_ptr, Fr::zero());
|
||||
}
|
||||
clear_fr(fr_ptr as *mut u8);
|
||||
let sk = SecretKey(boxed_fr);
|
||||
sk.mlock_secret_memory()?;
|
||||
Ok(sk)
|
||||
}
|
||||
|
||||
/// Creates a new random instance of `SecretKey`. This is used
|
||||
/// as a wrapper around: `let sk: SecretKey = rand::random();`.
|
||||
/// Creates a new random instance of `SecretKey`. If you want to use/define your own random
|
||||
/// number generator, you should use the constructor: `SecretKey::rand()`. If you do not need
|
||||
/// to specify your own RNG, you should use the `SecretKey::random()` and
|
||||
/// `SecretKey::try_random()` constructors, which use
|
||||
/// [`rand::thead_rng()`](https://docs.rs/rand/0.4.3/rand/fn.thread_rng.html) internally as
|
||||
/// their RNG.
|
||||
///
|
||||
/// This constructor panics if it is unable to lock `SecretKey` memory into RAM, otherwise it
|
||||
/// is identical to the constructor: `SecretKey::try_random()` (which instead of panicing
|
||||
/// returns an `Err`).
|
||||
///
|
||||
/// # Panics
|
||||
///
|
||||
/// Panics if we have hit the system's locked memory limit when
|
||||
/// `mlock`ing the new instance of `SecretKey`.
|
||||
/// Panics if we have hit the system's locked memory limit when `mlock`ing the new instance of
|
||||
/// `SecretKey`.
|
||||
pub fn random() -> Self {
|
||||
use rand::thread_rng;
|
||||
let mut rng = thread_rng();
|
||||
let mut rng = rand::thread_rng();
|
||||
SecretKey::rand(&mut rng)
|
||||
}
|
||||
|
||||
/// Creates a new random instance of `SecretKey`. If you want to use/define your own random
|
||||
/// number generator, you should use the constructor: `SecretKey::rand()`. If you do not need
|
||||
/// to specify your own RNG, you should use the `SecretKey::random()` and
|
||||
/// `SecretKey::try_random()` constructors, which use
|
||||
/// [`rand::thead_rng()`](https://docs.rs/rand/0.4.3/rand/fn.thread_rng.html) internally as
|
||||
/// their RNG.
|
||||
///
|
||||
/// This constructor returns an `Err` if it is unable to lock `SecretKey` memory into RAM,
|
||||
/// otherwise it is identical to the constructor: `SecretKey::random()` (which will panic
|
||||
/// instead of returning an `Err`).
|
||||
///
|
||||
/// # Errors
|
||||
///
|
||||
/// Returns an `Error::MlockFailed` if we have reached the systems's locked memory limit.
|
||||
pub fn try_random() -> Result<Self> {
|
||||
let mut rng = rand::thread_rng();
|
||||
let mut fr = Fr::rand(&mut rng);
|
||||
SecretKey::try_from_mut(&mut fr)
|
||||
}
|
||||
|
||||
/// Returns the matching public key.
|
||||
pub fn public_key(&self) -> PublicKey {
|
||||
PublicKey(G1Affine::one().mul(*self.0))
|
||||
|
@ -454,21 +505,48 @@ impl fmt::Debug for SecretKeyShare {
|
|||
}
|
||||
|
||||
impl SecretKeyShare {
|
||||
/// Creates a secret key share from an existing value. This constructor
|
||||
/// takes a pointer to avoid any unnecessary stack copying/moving of
|
||||
/// secrets. The field element will be copied bytewise onto the heap,
|
||||
/// the resulting `Box` is then stored in the `SecretKey` which is then
|
||||
/// wrapped in a `SecretKeyShare`.
|
||||
/// Creates a new `SecretKeyShare` from a mutable reference to a field element. This
|
||||
/// constructor takes a reference to avoid any unnecessary stack copying/moving of secrets
|
||||
/// field elements. The field element will be copied bytewise onto the heap, the resulting
|
||||
/// `Box` is stored in the `SecretKey` which is then wrapped in a `SecretKeyShare`.
|
||||
///
|
||||
/// *WARNING* this constructor will overwrite the pointed to `Fr` element
|
||||
/// with zeros once it has been copied into a new `SecretKeyShare`.
|
||||
/// This constructor is identical to `SecretKeyShare::try_from_mut()` in every way except that
|
||||
/// this constructor will panic if locking memory into RAM fails, whereas
|
||||
/// `SecretKeyShare::try_from_mut()` will return an `Err`.
|
||||
///
|
||||
/// *WARNING* this constructor will overwrite the pointed to `Fr` element with zeros once it
|
||||
/// has been copied into a new `SecretKeyShare`.
|
||||
///
|
||||
/// # Panics
|
||||
///
|
||||
/// Panics if we reach the systems locked memory limit.
|
||||
pub fn from_mut(fr: &mut Fr) -> Self {
|
||||
match SecretKey::try_from_mut(fr) {
|
||||
Ok(sk) => SecretKeyShare(sk),
|
||||
Err(e) => panic!(
|
||||
"Failed to create `SecretKeyShare` from field element: {}",
|
||||
e
|
||||
),
|
||||
}
|
||||
}
|
||||
|
||||
/// Creates a new `SecretKeyShare` from a mutable reference to a field element. This
|
||||
/// constructor takes a reference to avoid any unnecessary stack copying/moving of secrets
|
||||
/// field elements. The field element will be copied bytewise onto the heap, the resulting
|
||||
/// `Box` is stored in the `SecretKey` which is then wrapped in a `SecretKeyShare`.
|
||||
///
|
||||
/// This constructor is identical to `SecretKeyShare::from_mut()` in every way except that this
|
||||
/// constructor will return an `Err` if locking memory into RAM fails, whereas
|
||||
/// `SecretKeyShare::from_mut()` will panic.
|
||||
///
|
||||
/// *WARNING* this constructor will overwrite the pointed to `Fr` element with zeros once it
|
||||
/// has been copied into a new `SecretKeyShare`.
|
||||
///
|
||||
/// # Errors
|
||||
///
|
||||
/// Returns an `Error::MlockFailed` if we have reached the systems's
|
||||
/// locked memory limit.
|
||||
pub fn from_mut_ptr(fr_ptr: *mut Fr) -> Result<Self> {
|
||||
SecretKey::from_mut_ptr(fr_ptr).map(SecretKeyShare)
|
||||
/// Returns an `Error::MlockFailed` if we have reached the systems's locked memory limit.
|
||||
pub fn try_from_mut(fr: &mut Fr) -> Result<Self> {
|
||||
SecretKey::try_from_mut(fr).map(SecretKeyShare)
|
||||
}
|
||||
|
||||
/// Returns the matching public key share.
|
||||
|
@ -621,10 +699,26 @@ impl From<Poly> for SecretKeySet {
|
|||
|
||||
impl SecretKeySet {
|
||||
/// Creates a set of secret key shares, where any `threshold + 1` of them can collaboratively
|
||||
/// sign and decrypt.
|
||||
pub fn random<R: Rng>(threshold: usize, rng: &mut R) -> Result<Self> {
|
||||
let poly = Poly::random(threshold, rng)?;
|
||||
Ok(SecretKeySet { poly })
|
||||
/// sign and decrypt. This constuctor is identical to the `SecretKey::try_random()` in every
|
||||
/// way except that this constructor panics if locking secret values into RAM fails.
|
||||
///
|
||||
/// # Panics
|
||||
///
|
||||
/// Panics if we reach the system's locked memory limit.
|
||||
pub fn random<R: Rng>(threshold: usize, rng: &mut R) -> Self {
|
||||
SecretKeySet::try_random(threshold, rng)
|
||||
.unwrap_or_else(|e| panic!("Failed to create random `SecretKeySet`: {}", e))
|
||||
}
|
||||
|
||||
/// Creates a set of secret key shares, where any `threshold + 1` of them can collaboratively
|
||||
/// sign and decrypt. This constuctor is identical to the `SecretKey::random()` in every
|
||||
/// way except that this constructor return an `Err` if locking secret values into RAM fails.
|
||||
///
|
||||
/// # Errors
|
||||
///
|
||||
/// Returns an `Error::MlockFailed` if we have reached the systems's locked memory limit.
|
||||
pub fn try_random<R: Rng>(threshold: usize, rng: &mut R) -> Result<Self> {
|
||||
Poly::try_random(threshold, rng).map(SecretKeySet::from)
|
||||
}
|
||||
|
||||
/// Returns the threshold `t`: any set of `t + 1` signature shares can be combined into a full
|
||||
|
@ -633,10 +727,30 @@ impl SecretKeySet {
|
|||
self.poly.degree()
|
||||
}
|
||||
|
||||
/// Returns the `i`-th secret key share.
|
||||
pub fn secret_key_share<T: IntoFr>(&self, i: T) -> Result<SecretKeyShare> {
|
||||
/// Returns the `i`-th secret key share. This method is identical to the
|
||||
/// `.try_secret_key_share()` in every way except that this method panics if
|
||||
/// locking secret values into memory fails, whereas `.try_secret_key_share()`
|
||||
/// returns an `Err`.
|
||||
///
|
||||
/// # Panics
|
||||
///
|
||||
/// Panics if we reach the system's locked memory limit.
|
||||
pub fn secret_key_share<T: IntoFr>(&self, i: T) -> SecretKeyShare {
|
||||
self.try_secret_key_share(i)
|
||||
.unwrap_or_else(|e| panic!("Failed to create `SecretKeyShare`: {}", e))
|
||||
}
|
||||
|
||||
/// Returns the `i`-th secret key share. This method is identical to the method
|
||||
/// `.secret_key_share()` in every way except that this method returns an `Err` if
|
||||
/// locking secret values into memory fails, whereas `.secret_key_share()` will
|
||||
/// panic.
|
||||
///
|
||||
/// # Errors
|
||||
///
|
||||
/// Returns an `Error::MlockFailed` if we have reached the systems's locked memory limit.
|
||||
pub fn try_secret_key_share<T: IntoFr>(&self, i: T) -> Result<SecretKeyShare> {
|
||||
let mut fr = self.poly.evaluate(into_fr_plus_1(i));
|
||||
SecretKeyShare::from_mut_ptr(&mut fr as *mut Fr)
|
||||
SecretKeyShare::try_from_mut(&mut fr)
|
||||
}
|
||||
|
||||
/// Returns the corresponding public key set. That information can be shared publicly.
|
||||
|
@ -646,11 +760,16 @@ impl SecretKeySet {
|
|||
}
|
||||
}
|
||||
|
||||
/// Returns the secret master key.
|
||||
/// Returns the secret master key. Panics if mlocking fails.
|
||||
///
|
||||
/// # Panics
|
||||
///
|
||||
/// Panics if we have hit the system's locked memory limit when `mlock`ing the new instance of
|
||||
/// `SecretKey`.
|
||||
#[cfg(test)]
|
||||
fn secret_key(&self) -> Result<SecretKey> {
|
||||
fn secret_key(&self) -> SecretKey {
|
||||
let mut fr = self.poly.evaluate(0);
|
||||
SecretKey::from_mut_ptr(&mut fr as *mut Fr)
|
||||
SecretKey::from_mut(&mut fr)
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -757,7 +876,7 @@ mod tests {
|
|||
#[test]
|
||||
fn test_threshold_sig() {
|
||||
let mut rng = rand::thread_rng();
|
||||
let sk_set = SecretKeySet::random(3, &mut rng).expect("Failed to create `SecretKeySet`");
|
||||
let sk_set = SecretKeySet::random(3, &mut rng);
|
||||
let pk_set = sk_set.public_keys();
|
||||
let pk_master = pk_set.public_key();
|
||||
|
||||
|
@ -767,21 +886,10 @@ mod tests {
|
|||
assert_ne!(pk_master, pk_set.public_key_share(2).0);
|
||||
|
||||
// Make sure we don't hand out the main secret key to anyone.
|
||||
let sk_master = sk_set
|
||||
.secret_key()
|
||||
.expect("Failed to create master `SecretKey`");
|
||||
let sk_share_0 = sk_set
|
||||
.secret_key_share(0)
|
||||
.expect("Failed to create first `SecretKeyShare`")
|
||||
.0;
|
||||
let sk_share_1 = sk_set
|
||||
.secret_key_share(1)
|
||||
.expect("Failed to create second `SecretKeyShare`")
|
||||
.0;
|
||||
let sk_share_2 = sk_set
|
||||
.secret_key_share(2)
|
||||
.expect("Failed to create third `SecretKeyShare`")
|
||||
.0;
|
||||
let sk_master = sk_set.secret_key();
|
||||
let sk_share_0 = sk_set.secret_key_share(0).0;
|
||||
let sk_share_1 = sk_set.secret_key_share(1).0;
|
||||
let sk_share_2 = sk_set.secret_key_share(2).0;
|
||||
assert_ne!(sk_master, sk_share_0);
|
||||
assert_ne!(sk_master, sk_share_1);
|
||||
assert_ne!(sk_master, sk_share_2);
|
||||
|
@ -792,10 +900,7 @@ mod tests {
|
|||
let sigs: BTreeMap<_, _> = [5, 8, 7, 10]
|
||||
.iter()
|
||||
.map(|&i| {
|
||||
let sig = sk_set
|
||||
.secret_key_share(i)
|
||||
.unwrap_or_else(|_| panic!("Failed to create `SecretKeyShare` #{}", i))
|
||||
.sign(msg);
|
||||
let sig = sk_set.secret_key_share(i).sign(msg);
|
||||
(i, sig)
|
||||
}).collect();
|
||||
|
||||
|
@ -812,10 +917,7 @@ mod tests {
|
|||
let sigs2: BTreeMap<_, _> = [42, 43, 44, 45]
|
||||
.iter()
|
||||
.map(|&i| {
|
||||
let sig = sk_set
|
||||
.secret_key_share(i)
|
||||
.unwrap_or_else(|_| panic!("Failed to create `SecretKeyShare` #{}", i))
|
||||
.sign(msg);
|
||||
let sig = sk_set.secret_key_share(i).sign(msg);
|
||||
(i, sig)
|
||||
}).collect();
|
||||
let sig2 = pk_set.combine_signatures(&sigs2).expect("signatures match");
|
||||
|
@ -832,11 +934,11 @@ mod tests {
|
|||
assert!(ciphertext.verify());
|
||||
|
||||
// Bob can decrypt the message.
|
||||
let decrypted = sk_bob.decrypt(&ciphertext).expect("valid ciphertext");
|
||||
let decrypted = sk_bob.decrypt(&ciphertext).expect("invalid ciphertext");
|
||||
assert_eq!(msg[..], decrypted[..]);
|
||||
|
||||
// Eve can't.
|
||||
let decrypted_eve = sk_eve.decrypt(&ciphertext).expect("valid ciphertext");
|
||||
let decrypted_eve = sk_eve.decrypt(&ciphertext).expect("invalid ciphertext");
|
||||
assert_ne!(msg[..], decrypted_eve[..]);
|
||||
|
||||
// Eve tries to trick Bob into decrypting `msg` xor `v`, but it doesn't validate.
|
||||
|
@ -849,7 +951,7 @@ mod tests {
|
|||
#[test]
|
||||
fn test_threshold_enc() {
|
||||
let mut rng = rand::thread_rng();
|
||||
let sk_set = SecretKeySet::random(3, &mut rng).expect("Failed to create to `SecretKeySet`");
|
||||
let sk_set = SecretKeySet::random(3, &mut rng);
|
||||
let pk_set = sk_set.public_keys();
|
||||
let msg = b"Totally real news";
|
||||
let ciphertext = pk_set.public_key().encrypt(&msg[..]);
|
||||
|
@ -860,9 +962,8 @@ mod tests {
|
|||
.map(|&i| {
|
||||
let dec_share = sk_set
|
||||
.secret_key_share(i)
|
||||
.unwrap_or_else(|_| panic!("Failed to create `SecretKeyShare` #{}", i))
|
||||
.decrypt_share(&ciphertext)
|
||||
.expect("ciphertext is valid");
|
||||
.expect("ciphertext is invalid");
|
||||
(i, dec_share)
|
||||
}).collect();
|
||||
|
||||
|
|
274
src/poly.rs
274
src/poly.rs
|
@ -19,7 +19,7 @@
|
|||
use std::borrow::Borrow;
|
||||
use std::fmt::{self, Debug, Formatter};
|
||||
use std::hash::{Hash, Hasher};
|
||||
use std::mem::{size_of, size_of_val};
|
||||
use std::mem::size_of_val;
|
||||
use std::{cmp, iter, ops};
|
||||
|
||||
use errno::errno;
|
||||
|
@ -28,7 +28,7 @@ use pairing::bls12_381::{Fr, G1Affine, G1};
|
|||
use pairing::{CurveAffine, CurveProjective, Field};
|
||||
use rand::Rng;
|
||||
|
||||
use super::{ContainsSecret, Error, IntoFr, Result, SHOULD_MLOCK_SECRETS};
|
||||
use super::{clear_fr, ContainsSecret, Error, IntoFr, Result, FR_SIZE, SHOULD_MLOCK_SECRETS};
|
||||
|
||||
/// A univariate polynomial in the prime field.
|
||||
#[derive(Serialize, Deserialize, PartialEq, Eq)]
|
||||
|
@ -46,10 +46,8 @@ pub struct Poly {
|
|||
/// `Poly`.
|
||||
impl Clone for Poly {
|
||||
fn clone(&self) -> Self {
|
||||
match Poly::new(self.coeff.clone()) {
|
||||
Ok(poly) => poly,
|
||||
Err(e) => panic!("Failed to clone `Poly`: {}", e),
|
||||
}
|
||||
Poly::try_from(self.coeff.clone())
|
||||
.unwrap_or_else(|e| panic!("Failed to clone `Poly`: {}", e))
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -213,7 +211,7 @@ impl<'a, B: Borrow<Poly>> ops::Mul<B> for &'a Poly {
|
|||
fn mul(self, rhs: B) -> Self::Output {
|
||||
let rhs = rhs.borrow();
|
||||
if rhs.coeff.is_empty() || self.coeff.is_empty() {
|
||||
return Poly::zero().expect("failed to create zero Poly");
|
||||
return Poly::zero();
|
||||
}
|
||||
let mut coeff = vec![Fr::zero(); self.coeff.len() + rhs.borrow().coeff.len() - 1];
|
||||
let mut s; // TODO: Mlock and zero on drop.
|
||||
|
@ -224,9 +222,8 @@ impl<'a, B: Borrow<Poly>> ops::Mul<B> for &'a Poly {
|
|||
coeff[i + j].add_assign(&s);
|
||||
}
|
||||
}
|
||||
Poly::new(coeff).unwrap_or_else(|e| {
|
||||
panic!("Failed to create a new `Poly` during muliplication: {}", e);
|
||||
})
|
||||
Poly::try_from(coeff)
|
||||
.unwrap_or_else(|e| panic!("Failed to create a new `Poly` during muliplication: {}", e))
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -247,7 +244,7 @@ impl<B: Borrow<Self>> ops::MulAssign<B> for Poly {
|
|||
impl ops::MulAssign<Fr> for Poly {
|
||||
fn mul_assign(&mut self, rhs: Fr) {
|
||||
if rhs.is_zero() {
|
||||
*self = Poly::zero().expect("failed to create zero Poly");
|
||||
*self = Poly::zero();
|
||||
} else {
|
||||
for c in &mut self.coeff {
|
||||
c.mul_assign(&rhs);
|
||||
|
@ -322,6 +319,19 @@ impl Drop for Poly {
|
|||
}
|
||||
}
|
||||
|
||||
/// Creates a new `Poly` instance from a vector of prime field elements representing the
|
||||
/// coefficients of the polynomial. We lock the region of the heap where the polynomial
|
||||
/// coefficients are allocated.
|
||||
///
|
||||
/// # Panics
|
||||
///
|
||||
/// Panics if we have reached the system's locked memory limit.
|
||||
impl From<Vec<Fr>> for Poly {
|
||||
fn from(coeffs: Vec<Fr>) -> Self {
|
||||
Poly::try_from(coeffs).unwrap_or_else(|e| panic!("Failed to create `Poly`: {}", e))
|
||||
}
|
||||
}
|
||||
|
||||
impl ContainsSecret for Poly {
|
||||
fn mlock_secret_memory(&self) -> Result<()> {
|
||||
if !*SHOULD_MLOCK_SECRETS {
|
||||
|
@ -378,80 +388,167 @@ impl ContainsSecret for Poly {
|
|||
|
||||
impl Poly {
|
||||
/// Creates a new `Poly` instance from a vector of prime field elements representing the
|
||||
/// coefficients of the polynomial. The `mlock` system call is applied to the region of the
|
||||
/// heap where the field elements are allocated.
|
||||
/// coefficients of the polynomial. We lock the region of the heap where the polynomial
|
||||
/// coefficients are allocated.
|
||||
///
|
||||
/// # Errors
|
||||
///
|
||||
/// Returns an `Error::MlockFailed` if we have reached the systems's locked memory limit.
|
||||
pub fn new(coeff: Vec<Fr>) -> Result<Self> {
|
||||
pub fn try_from(coeff: Vec<Fr>) -> Result<Self> {
|
||||
let poly = Poly { coeff };
|
||||
poly.mlock_secret_memory()?;
|
||||
Ok(poly)
|
||||
}
|
||||
|
||||
/// Creates a random polynomial.
|
||||
/// Creates a random polynomial. This constructor is identical to the `Poly::try_random()`
|
||||
/// constructor in every way except that this constructor will panic if locking the polynomial
|
||||
/// coefficients into RAM fails.
|
||||
///
|
||||
/// # Panics
|
||||
///
|
||||
/// Panics if we have reached the system's locked memory limit.
|
||||
pub fn random<R: Rng>(degree: usize, rng: &mut R) -> Self {
|
||||
Poly::try_random(degree, rng)
|
||||
.unwrap_or_else(|e| panic!("Failed to create random `Poly`: {}", e))
|
||||
}
|
||||
|
||||
/// Creates a random polynomial. This constructor is identical to the `Poly::random()`
|
||||
/// constructor in every way except that this constructor will return an `Err` if locking the
|
||||
/// polynomial coefficients into RAM fails.
|
||||
///
|
||||
/// # Errors
|
||||
///
|
||||
/// Returns an `Error::MlockFailed` if we have reached the systems's locked memory limit.
|
||||
pub fn random<R: Rng>(degree: usize, rng: &mut R) -> Result<Self> {
|
||||
pub fn try_random<R: Rng>(degree: usize, rng: &mut R) -> Result<Self> {
|
||||
let coeff: Vec<Fr> = (0..=degree).map(|_| rng.gen()).collect();
|
||||
Poly::new(coeff)
|
||||
Poly::try_from(coeff)
|
||||
}
|
||||
|
||||
/// Returns the polynomial with constant value `0`.
|
||||
///
|
||||
/// # Errors
|
||||
///
|
||||
/// Returns an `Error::MlockFailed` if we have reached the systems's locked memory limit.
|
||||
pub fn zero() -> Result<Self> {
|
||||
Poly::new(vec![])
|
||||
/// This constructor does not return a `Result` because the polynomial's `coeff` vector is
|
||||
/// empty, which does not require memory locking. Memory locking will occur when the first
|
||||
/// coefficient is added to the `coeff` vector.
|
||||
pub fn zero() -> Self {
|
||||
Poly { coeff: vec![] }
|
||||
}
|
||||
|
||||
/// Returns the polynomial with constant value `1`.
|
||||
/// Returns the polynomial with constant value `1`. This constructor is identical to
|
||||
/// `Poly::try_one()` in every way except that this constructor panics if locking the `coeff`
|
||||
/// vector into RAM fails, whereas `Poly::try_one()` returns an `Err`.
|
||||
///
|
||||
/// # Errors
|
||||
/// # Panics
|
||||
///
|
||||
/// Returns an `Error::MlockFailed` if we have reached the systems's locked memory limit.
|
||||
pub fn one() -> Result<Self> {
|
||||
Self::monomial(0)
|
||||
/// Panics if we have reached the system's locked memory limit.
|
||||
pub fn one() -> Self {
|
||||
Poly::try_one()
|
||||
.unwrap_or_else(|e| panic!("Failed to create constant `Poly` of value 1: {}", e))
|
||||
}
|
||||
|
||||
/// Returns the polynomial with constant value `c`.
|
||||
/// Returns the polynomial with constant value `1`. This constructor is identical to
|
||||
/// `Poly::one()` in every way except that this constructor returns `Err` if locking the
|
||||
/// `coeff` vector into RAM fails, whereas `Poly::one()` panics.
|
||||
///
|
||||
/// # Errors
|
||||
///
|
||||
/// Returns an `Error::MlockFailed` if we have reached the systems's locked memory limit.
|
||||
pub fn constant(c: Fr) -> Result<Self> {
|
||||
let ptr = &c as *const Fr as *mut u8;
|
||||
let res = Poly::new(vec![c]);
|
||||
unsafe {
|
||||
memzero(ptr, size_of::<Fr>());
|
||||
}
|
||||
pub fn try_one() -> Result<Self> {
|
||||
Poly::try_constant(Fr::one())
|
||||
}
|
||||
|
||||
/// Returns the polynomial with constant value `c`. Panics if memory locking fails.
|
||||
///
|
||||
/// # Panics
|
||||
///
|
||||
/// Panics if we have reached the systems's locked memory limit.
|
||||
pub fn constant(c: Fr) -> Self {
|
||||
// We create a raw pointer to the field element within this method's stack frame so we can
|
||||
// overwrite that portion of memory with zeros once we have copied the element onto the
|
||||
// heap as part of the vector of polynomial coefficients.
|
||||
let fr_ptr = &c as *const Fr as *mut u8;
|
||||
let poly = Poly::try_from(vec![c])
|
||||
.unwrap_or_else(|e| panic!("Failed to create constant `Poly`: {}", e));
|
||||
clear_fr(fr_ptr);
|
||||
poly
|
||||
}
|
||||
|
||||
/// Returns the polynomial with constant value `c`. This constructor is identical to
|
||||
/// `Poly::constant()` in every way except that this constructor returns an `Err` if locking
|
||||
/// the polynomial coefficients into RAM fails.
|
||||
///
|
||||
/// # Errors
|
||||
///
|
||||
/// Returns an `Error::MlockFailed` if we have reached the systems's locked memory limit.
|
||||
pub fn try_constant(c: Fr) -> Result<Self> {
|
||||
// We create a raw pointer to the field element within this method's stack frame so we can
|
||||
// overwrite that portion of memory with zeros once we have copied the element onto the
|
||||
// heap as part of polynomials `coeff` vector.
|
||||
let fr_ptr = &c as *const Fr as *mut u8;
|
||||
let res = Poly::try_from(vec![c]);
|
||||
clear_fr(fr_ptr);
|
||||
res
|
||||
}
|
||||
|
||||
/// Returns the identity function, i.e. the polynomial "`x`".
|
||||
/// Returns the identity function, i.e. the polynomial "`x`". Panics if mlocking fails.
|
||||
///
|
||||
/// # Errors
|
||||
/// # Panics
|
||||
///
|
||||
/// Returns an `Error::MlockFailed` if we have reached the systems's locked memory limit.
|
||||
pub fn identity() -> Result<Self> {
|
||||
Self::monomial(1)
|
||||
/// Panics if we have reached the system's locked memory limit.
|
||||
pub fn identity() -> Self {
|
||||
Poly::monomial(1)
|
||||
}
|
||||
|
||||
/// Returns the (monic) monomial "`x.pow(degree)`"
|
||||
/// Returns the identity function, i.e. the polynomial `x`. Returns an `Err` if mlocking
|
||||
/// fails.
|
||||
///
|
||||
/// # Errors
|
||||
///
|
||||
/// Returns an `Error::MlockFailed` if we have reached the systems's locked memory limit.
|
||||
pub fn monomial(degree: usize) -> Result<Self> {
|
||||
pub fn try_identity() -> Result<Self> {
|
||||
Poly::try_monomial(1)
|
||||
}
|
||||
|
||||
/// Returns the (monic) monomial: `x.pow(degree)`. Panics if mlocking fails.
|
||||
///
|
||||
/// # Panics
|
||||
///
|
||||
/// Panics if we have reached the systems's locked memory limit.
|
||||
pub fn monomial(degree: usize) -> Self {
|
||||
Poly::try_monomial(degree).unwrap_or_else(|e| {
|
||||
panic!(
|
||||
"Failed to create monomial `Poly` of degree {}: {}",
|
||||
degree, e
|
||||
)
|
||||
})
|
||||
}
|
||||
|
||||
/// Returns the (monic) monomial: `x.pow(degree)`. Returns an `Err` if mlocking fails.
|
||||
///
|
||||
/// # Errors
|
||||
///
|
||||
/// Returns an `Error::MlockFailed` if we have reached the systems's locked memory limit.
|
||||
pub fn try_monomial(degree: usize) -> Result<Self> {
|
||||
let coeff: Vec<Fr> = iter::repeat(Fr::zero())
|
||||
.take(degree)
|
||||
.chain(iter::once(Fr::one()))
|
||||
.collect();
|
||||
Poly::new(coeff)
|
||||
Poly::try_from(coeff)
|
||||
}
|
||||
|
||||
/// Returns the unique polynomial `f` of degree `samples.len() - 1` with the given values
|
||||
/// `(x, f(x))`.
|
||||
///
|
||||
/// # Panics
|
||||
///
|
||||
/// Panics if we have reached the systems's locked memory limit.
|
||||
pub fn interpolate<T, U, I>(samples_repr: I) -> Self
|
||||
where
|
||||
I: IntoIterator<Item = (T, U)>,
|
||||
T: IntoFr,
|
||||
U: IntoFr,
|
||||
{
|
||||
Poly::try_interpolate(samples_repr)
|
||||
.unwrap_or_else(|e| panic!("Failed to interpolate `Poly`: {}", e))
|
||||
}
|
||||
|
||||
/// Returns the unique polynomial `f` of degree `samples.len() - 1` with the given values
|
||||
|
@ -460,7 +557,7 @@ impl Poly {
|
|||
/// # Errors
|
||||
///
|
||||
/// Returns an `Error::MlockFailed` if we have reached the systems's locked memory limit.
|
||||
pub fn interpolate<T, U, I>(samples_repr: I) -> Result<Self>
|
||||
pub fn try_interpolate<T, U, I>(samples_repr: I) -> Result<Self>
|
||||
where
|
||||
I: IntoIterator<Item = (T, U)>,
|
||||
T: IntoFr,
|
||||
|
@ -468,7 +565,7 @@ impl Poly {
|
|||
{
|
||||
let convert = |(x, y): (T, U)| (x.into_fr(), y.into_fr());
|
||||
let samples: Vec<(Fr, Fr)> = samples_repr.into_iter().map(convert).collect();
|
||||
Self::compute_interpolation(&samples)
|
||||
Poly::compute_interpolation(&samples)
|
||||
}
|
||||
|
||||
/// Returns the degree.
|
||||
|
@ -516,19 +613,17 @@ impl Poly {
|
|||
///
|
||||
/// # Errors
|
||||
///
|
||||
/// Returns an `Error::MlockFailed` if we hit the system's locked memory limit and failed to
|
||||
/// `mlock` the new `Poly` instance.
|
||||
/// Returns an `Error::MlockFailed` if we hit the system's locked memory limit.
|
||||
fn compute_interpolation(samples: &[(Fr, Fr)]) -> Result<Self> {
|
||||
let mut poly; // Interpolates on the first `i` samples.
|
||||
let mut base; // Is zero on the first `i` samples.
|
||||
if samples.is_empty() {
|
||||
return Poly::zero();
|
||||
} else {
|
||||
poly = Poly::constant(samples[0].1)?;
|
||||
let mut minus_s0 = samples[0].0;
|
||||
minus_s0.negate();
|
||||
base = Poly::new(vec![minus_s0, Fr::one()])?;
|
||||
return Ok(Poly::zero());
|
||||
}
|
||||
// Interpolates on the first `i` samples.
|
||||
let mut poly = Poly::try_constant(samples[0].1)?;
|
||||
let mut minus_s0 = samples[0].0;
|
||||
minus_s0.negate();
|
||||
// Is zero on the first `i` samples.
|
||||
let mut base = Poly::try_from(vec![minus_s0, Fr::one()])?;
|
||||
|
||||
// We update `base` so that it is always zero on all previous samples, and `poly` so that
|
||||
// it has the correct values on the previous samples.
|
||||
|
@ -545,7 +640,7 @@ impl Poly {
|
|||
// Finally, multiply `base` by X - x, so that it is zero at `x`, too, now.
|
||||
let mut minus_x = *x;
|
||||
minus_x.negate();
|
||||
base *= Poly::new(vec![minus_x, Fr::one()])?;
|
||||
base *= Poly::try_from(vec![minus_x, Fr::one()])?;
|
||||
}
|
||||
Ok(poly)
|
||||
}
|
||||
|
@ -555,7 +650,7 @@ impl Poly {
|
|||
if !*SHOULD_MLOCK_SECRETS {
|
||||
return Ok(());
|
||||
}
|
||||
let n_bytes_truncated = len * size_of::<Fr>();
|
||||
let n_bytes_truncated = *FR_SIZE * len;
|
||||
if n_bytes_truncated == 0 {
|
||||
return Ok(());
|
||||
}
|
||||
|
@ -580,7 +675,7 @@ impl Poly {
|
|||
if !*SHOULD_MLOCK_SECRETS {
|
||||
return Ok(());
|
||||
}
|
||||
let n_bytes_extended = len * size_of::<Fr>();
|
||||
let n_bytes_extended = *FR_SIZE * len;
|
||||
if n_bytes_extended == 0 {
|
||||
return Ok(());
|
||||
}
|
||||
|
@ -788,12 +883,26 @@ impl ContainsSecret for BivarPoly {
|
|||
}
|
||||
|
||||
impl BivarPoly {
|
||||
/// Creates a random polynomial.
|
||||
///
|
||||
/// # Panics
|
||||
///
|
||||
/// Panics if we have hit the system's locked memory limit.
|
||||
pub fn random<R: Rng>(degree: usize, rng: &mut R) -> Self {
|
||||
BivarPoly::try_random(degree, rng).unwrap_or_else(|e| {
|
||||
panic!(
|
||||
"Failed to create random `BivarPoly` of degree {}: {}",
|
||||
degree, e
|
||||
)
|
||||
})
|
||||
}
|
||||
|
||||
/// Creates a random polynomial.
|
||||
///
|
||||
/// # Errors
|
||||
///
|
||||
/// Returns an `Error::MlockFailed` if we have reached the systems's locked memory limit.
|
||||
pub fn random<R: Rng>(degree: usize, rng: &mut R) -> Result<Self> {
|
||||
pub fn try_random<R: Rng>(degree: usize, rng: &mut R) -> Result<Self> {
|
||||
let poly = BivarPoly {
|
||||
degree,
|
||||
coeff: (0..coeff_pos(degree + 1, 0)).map(|_| rng.gen()).collect(),
|
||||
|
@ -824,13 +933,23 @@ impl BivarPoly {
|
|||
result
|
||||
}
|
||||
|
||||
/// Returns the `x`-th row, as a univariate polynomial.
|
||||
///
|
||||
/// # Panics
|
||||
///
|
||||
/// Panics if we have reached the system's locked memory limit.
|
||||
pub fn row<T: IntoFr>(&self, x: T) -> Poly {
|
||||
self.try_row(x)
|
||||
.unwrap_or_else(|e| panic!("Failed to create `Poly` from row of `BivarPoly: {}`", e))
|
||||
}
|
||||
|
||||
/// Returns the `x`-th row, as a univariate polynomial.
|
||||
///
|
||||
/// # Errors
|
||||
///
|
||||
/// Returns an `Error::MlockFailed` if we have reached the systems's locked memory limit when
|
||||
/// creating the new `Poly` instance.
|
||||
pub fn row<T: IntoFr>(&self, x: T) -> Result<Poly> {
|
||||
pub fn try_row<T: IntoFr>(&self, x: T) -> Result<Poly> {
|
||||
let x_pow = self.powers(x);
|
||||
let coeff: Vec<Fr> = (0..=self.degree)
|
||||
.map(|i| {
|
||||
|
@ -843,7 +962,7 @@ impl BivarPoly {
|
|||
}
|
||||
result
|
||||
}).collect();
|
||||
Poly::new(coeff)
|
||||
Poly::try_from(coeff)
|
||||
}
|
||||
|
||||
/// Returns the corresponding commitment. That information can be shared publicly.
|
||||
|
@ -985,8 +1104,8 @@ mod tests {
|
|||
#[test]
|
||||
fn poly() {
|
||||
// The polynomial 5 X³ + X - 2.
|
||||
let x_pow_3 = Poly::monomial(3).expect("Failed to create monic polynomial of degree 3");
|
||||
let x_pow_1 = Poly::monomial(1).expect("Failed to create monic polynomial of degree 1");
|
||||
let x_pow_3 = Poly::monomial(3);
|
||||
let x_pow_1 = Poly::monomial(1);
|
||||
let poly = x_pow_3 * 5 + x_pow_1 - 2;
|
||||
|
||||
let coeff: Vec<_> = [-2, 1, 0, 5].into_iter().map(IntoFr::into_fr).collect();
|
||||
|
@ -995,7 +1114,7 @@ mod tests {
|
|||
for &(x, y) in &samples {
|
||||
assert_eq!(y.into_fr(), poly.evaluate(x));
|
||||
}
|
||||
let interp = Poly::interpolate(samples).expect("Failed to interpolate `Poly`");
|
||||
let interp = Poly::interpolate(samples);
|
||||
assert_eq!(interp, poly);
|
||||
}
|
||||
|
||||
|
@ -1010,10 +1129,8 @@ mod tests {
|
|||
// generates random bivariate polynomials and publicly commits to them. In partice, the
|
||||
// dealers can e.g. be any `faulty_num + 1` nodes.
|
||||
let bi_polys: Vec<BivarPoly> = (0..dealer_num)
|
||||
.map(|_| {
|
||||
BivarPoly::random(faulty_num, &mut rng)
|
||||
.expect("Failed to create random `BivarPoly`")
|
||||
}).collect();
|
||||
.map(|_| BivarPoly::random(faulty_num, &mut rng))
|
||||
.collect();
|
||||
let pub_bi_commits: Vec<_> = bi_polys.iter().map(BivarPoly::commitment).collect();
|
||||
|
||||
let mut sec_keys = vec![Fr::zero(); node_num];
|
||||
|
@ -1024,9 +1141,7 @@ mod tests {
|
|||
for (bi_poly, bi_commit) in bi_polys.iter().zip(&pub_bi_commits) {
|
||||
for m in 1..=node_num {
|
||||
// Node `m` receives its row and verifies it.
|
||||
let row_poly = bi_poly
|
||||
.row(m)
|
||||
.unwrap_or_else(|_| panic!("Failed to create row #{}", m));
|
||||
let row_poly = bi_poly.row(m);
|
||||
let row_commit = bi_commit.row(m);
|
||||
assert_eq!(row_poly.commitment(), row_commit);
|
||||
// Node `s` receives the `s`-th value and verifies it.
|
||||
|
@ -1039,10 +1154,8 @@ mod tests {
|
|||
}
|
||||
|
||||
// A cheating dealer who modified the polynomial would be detected.
|
||||
let x_pow_2 =
|
||||
Poly::monomial(2).expect("Failed to create monic polynomial of degree 2");
|
||||
let five = Poly::constant(5.into_fr())
|
||||
.expect("Failed to create polynomial with constant 5");
|
||||
let x_pow_2 = Poly::monomial(2);
|
||||
let five = Poly::constant(5.into_fr());
|
||||
let wrong_poly = row_poly.clone() + x_pow_2 * five;
|
||||
assert_ne!(wrong_poly.commitment(), row_commit);
|
||||
|
||||
|
@ -1057,8 +1170,7 @@ mod tests {
|
|||
.iter()
|
||||
.map(|&i| (i, bi_poly.evaluate(m, i)))
|
||||
.collect();
|
||||
let my_row =
|
||||
Poly::interpolate(received).expect("Failed to create `Poly` via interpolation");
|
||||
let my_row = Poly::interpolate(received);
|
||||
assert_eq!(bi_poly.evaluate(m, 0), my_row.evaluate(0));
|
||||
assert_eq!(row_poly, my_row);
|
||||
|
||||
|
@ -1073,11 +1185,9 @@ mod tests {
|
|||
// The whole first column never gets added up in practice, because nobody has all the
|
||||
// information. We do it anyway here; entry `0` is the secret key that is not known to
|
||||
// anyone, neither a dealer, nor a node:
|
||||
let mut sec_key_set = Poly::zero().expect("Failed to create empty `Poly`");
|
||||
let mut sec_key_set = Poly::zero();
|
||||
for bi_poly in &bi_polys {
|
||||
sec_key_set += bi_poly
|
||||
.row(0)
|
||||
.expect("Failed to create `Poly` from row #0 for `BivarPoly`");
|
||||
sec_key_set += bi_poly.row(0);
|
||||
}
|
||||
for m in 1..=node_num {
|
||||
assert_eq!(sec_key_set.evaluate(m), sec_keys[m - 1]);
|
||||
|
@ -1085,9 +1195,7 @@ mod tests {
|
|||
|
||||
// The sum of the first rows of the public commitments is the commitment to the secret key
|
||||
// set.
|
||||
let mut sum_commit = Poly::zero()
|
||||
.expect("Failed to create empty `Poly`")
|
||||
.commitment();
|
||||
let mut sum_commit = Poly::zero().commitment();
|
||||
for bi_commit in &pub_bi_commits {
|
||||
sum_commit += bi_commit.row(0);
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue