derive verification share and group public key from commitments
This commit is contained in:
parent
0f18d63f5a
commit
8f2af1987c
|
@ -248,7 +248,9 @@ where
|
|||
&self.value
|
||||
}
|
||||
|
||||
/// Verifies that a secret share is consistent with a verifiable secret sharing commitment.
|
||||
/// Verifies that a secret share is consistent with a verifiable secret sharing commitment,
|
||||
/// and returns the derived group info for the participant (their public verification share,
|
||||
/// and the group public key) if successful.
|
||||
///
|
||||
/// This ensures that this participant's share has been generated using the same
|
||||
/// mechanism as all other signing participants. Note that participants *MUST*
|
||||
|
@ -256,9 +258,11 @@ where
|
|||
/// commitment!
|
||||
///
|
||||
/// An implementation of `vss_verify()` from the [spec].
|
||||
/// This also implements `derive_group_info()` from the [spec] (which is very similar),
|
||||
/// but only for this participant.
|
||||
///
|
||||
/// [spec]: https://www.ietf.org/archive/id/draft-irtf-cfrg-frost-05.html#appendix-B.2-5
|
||||
pub fn verify(&self) -> Result<(), &'static str> {
|
||||
pub fn verify(&self) -> Result<(VerifyingShare<C>, VerifyingKey<C>), &'static str> {
|
||||
let f_result = <C::Group as Group>::generator() * self.value.0;
|
||||
|
||||
let x = self.identifier.to_scalar()?;
|
||||
|
@ -275,7 +279,11 @@ where
|
|||
return Err("SecretShare is invalid.");
|
||||
}
|
||||
|
||||
Ok(())
|
||||
let group_public = VerifyingKey {
|
||||
element: self.commitment.0[0].0,
|
||||
};
|
||||
|
||||
Ok((VerifyingShare(result), group_public))
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -290,10 +298,6 @@ pub struct SharePackage<C: Ciphersuite> {
|
|||
pub identifier: Identifier<C>,
|
||||
/// This participant's secret share.
|
||||
pub secret_share: SecretShare<C>,
|
||||
/// This participant's public key.
|
||||
pub public: VerifyingShare<C>,
|
||||
/// The public verifying key that represents the entire group.
|
||||
pub group_public: VerifyingKey<C>,
|
||||
}
|
||||
|
||||
/// Allows all participants' keys to be generated using a central, trusted
|
||||
|
@ -329,8 +333,6 @@ pub fn keygen_with_dealer<C: Ciphersuite, R: RngCore + CryptoRng>(
|
|||
share_packages.push(SharePackage {
|
||||
identifier: secret_share.identifier,
|
||||
secret_share: secret_share.clone(),
|
||||
public: signer_public,
|
||||
group_public,
|
||||
});
|
||||
|
||||
signer_pubkeys.insert(secret_share.identifier, signer_public);
|
||||
|
@ -403,13 +405,13 @@ where
|
|||
/// dealer, but implementations *MUST* make sure that all participants have
|
||||
/// a consistent view of this commitment in practice.
|
||||
fn try_from(share_package: SharePackage<C>) -> Result<Self, &'static str> {
|
||||
share_package.secret_share.verify()?;
|
||||
let (public, group_public) = share_package.secret_share.verify()?;
|
||||
|
||||
Ok(KeyPackage {
|
||||
identifier: share_package.identifier,
|
||||
secret_share: share_package.secret_share.value,
|
||||
public: share_package.public,
|
||||
group_public: share_package.group_public,
|
||||
public,
|
||||
group_public,
|
||||
})
|
||||
}
|
||||
}
|
||||
|
|
|
@ -16,7 +16,7 @@ pub fn check_share_generation<C: Ciphersuite, R: RngCore + CryptoRng>(mut rng: R
|
|||
let secret_shares = frost::keys::generate_secret_shares(&secret, 5, 3, rng).unwrap();
|
||||
|
||||
for secret_share in secret_shares.iter() {
|
||||
assert_eq!(secret_share.verify(), Ok(()));
|
||||
assert!(secret_share.verify().is_ok());
|
||||
}
|
||||
|
||||
assert_eq!(
|
||||
|
|
Loading…
Reference in New Issue