additional fixes for use of tweaked pubkey
This commit is contained in:
parent
8204166b93
commit
a3071302dd
|
@ -59,9 +59,13 @@ where
|
|||
// Generate Schnorr challenge
|
||||
let c: Challenge<C> = <C>::challenge(&R, &public, msg);
|
||||
|
||||
let z = k + (c.0 * secret);
|
||||
|
||||
Signature { R, z }
|
||||
if <C>::is_need_tweaking() {
|
||||
let z = <C>::tweaked_z(k, secret, c.0, &public.element);
|
||||
Signature { R, z }
|
||||
} else {
|
||||
let z = k + (c.0 * secret);
|
||||
Signature { R, z }
|
||||
}
|
||||
}
|
||||
|
||||
/// Creates a SigningKey from a scalar.
|
||||
|
|
|
@ -272,6 +272,18 @@ pub trait Ciphersuite: Copy + Clone + PartialEq + Debug {
|
|||
panic!("Not implemented");
|
||||
}
|
||||
|
||||
/// tweaked z for SigningKey sign
|
||||
#[allow(unused)]
|
||||
fn tweaked_z(
|
||||
k: <<Self::Group as Group>::Field as Field>::Scalar,
|
||||
secret: <<Self::Group as Group>::Field as Field>::Scalar,
|
||||
challenge: <<Self::Group as Group>::Field as Field>::Scalar,
|
||||
verifying_key: &Element<Self>,
|
||||
) -> <<Self::Group as Group>::Field as Field>::Scalar
|
||||
{
|
||||
panic!("Not implemented");
|
||||
}
|
||||
|
||||
/// signature_share tweak
|
||||
#[allow(unused)]
|
||||
fn compute_tweaked_signature_share(
|
||||
|
|
|
@ -245,11 +245,11 @@ pub fn tweaked_secret_key(
|
|||
public_key: &<<Secp256K1Sha256 as Ciphersuite>::Group as Group>::Element,
|
||||
merkle_root: &[u8],
|
||||
) -> <<<Secp256K1Sha256 as Ciphersuite>::Group as Group>::Field as Field>::Scalar {
|
||||
let mut secret = secret.clone();
|
||||
if public_key.to_affine().y_is_odd().into() {
|
||||
secret = -secret
|
||||
-secret + tweak(&public_key, merkle_root)
|
||||
} else {
|
||||
secret + tweak(&public_key, merkle_root)
|
||||
}
|
||||
secret + tweak(&public_key, merkle_root)
|
||||
}
|
||||
|
||||
impl Ciphersuite for Secp256K1Sha256 {
|
||||
|
@ -345,6 +345,21 @@ impl Ciphersuite for Secp256K1Sha256 {
|
|||
}
|
||||
}
|
||||
|
||||
/// tweaked z for SigningKey sign
|
||||
fn tweaked_z(
|
||||
k: <<Self::Group as Group>::Field as Field>::Scalar,
|
||||
secret: <<Self::Group as Group>::Field as Field>::Scalar,
|
||||
challenge: <<Self::Group as Group>::Field as Field>::Scalar,
|
||||
verifying_key: &Element<S>,
|
||||
) -> <<Self::Group as Group>::Field as Field>::Scalar {
|
||||
let tweaked_pubkey = tweaked_public_key(&verifying_key, &[]);
|
||||
if tweaked_pubkey.to_affine().y_is_odd().into() {
|
||||
k - (challenge * secret)
|
||||
} else {
|
||||
k + (challenge * secret)
|
||||
}
|
||||
}
|
||||
|
||||
/// compute tweaked signature_share
|
||||
fn compute_tweaked_signature_share(
|
||||
signer_nonces: &round1::SigningNonces,
|
||||
|
@ -361,8 +376,8 @@ impl Ciphersuite for Secp256K1Sha256 {
|
|||
|
||||
let mut kp = key_package.clone();
|
||||
let public_key = key_package.verifying_key();
|
||||
let pubkey_is_odd = public_key.y_is_odd();
|
||||
let tweaked_pubkey_is_odd = tweaked_public_key(public_key.element(), &[])
|
||||
let pubkey_is_odd: bool = public_key.y_is_odd();
|
||||
let tweaked_pubkey_is_odd: bool = tweaked_public_key(public_key.element(), &[])
|
||||
.to_affine()
|
||||
.y_is_odd()
|
||||
.into();
|
||||
|
@ -421,7 +436,12 @@ impl Ciphersuite for Secp256K1Sha256 {
|
|||
verifying_key: &<Self::Group as Group>::Element,
|
||||
) -> <Self::Group as Group>::Element {
|
||||
let mut vs = verifying_share.clone();
|
||||
if verifying_key.to_affine().y_is_odd().into() {
|
||||
let pubkey_is_odd: bool = verifying_key.to_affine().y_is_odd().into();
|
||||
let tweaked_pubkey_is_odd: bool = tweaked_public_key(verifying_key, &[])
|
||||
.to_affine()
|
||||
.y_is_odd()
|
||||
.into();
|
||||
if pubkey_is_odd != tweaked_pubkey_is_odd {
|
||||
vs = -vs;
|
||||
}
|
||||
vs
|
||||
|
|
|
@ -1091,19 +1091,19 @@
|
|||
"outputs": [
|
||||
{
|
||||
"identifier": 129,
|
||||
"sig_share": "f01e946f27156b55a714d8872a31c860a379e10e305a20bbd39e4f509b78a7ab"
|
||||
"sig_share": "8ec041c83e92c21d349ee6335434d284d33bbe1dfddc9d0a40972d6bb7d2e539"
|
||||
},
|
||||
{
|
||||
"identifier": 256,
|
||||
"sig_share": "f4ca85e6e1bf8bd0d16cb3bab9a9b223e97fdcff73ecc650706a4b54b4573368"
|
||||
"sig_share": "5fa76c4dc2cded6680d660dc1fc7a705c467d612ddf20f9ef1f41461fa99c765"
|
||||
},
|
||||
{
|
||||
"identifier": 257,
|
||||
"sig_share": "0b9b540faed82f39a9cee154dc998297865f1b9096f89e87c5cd3163997b1165"
|
||||
"sig_share": "87533d65930f6daafac1b08089a2fc2044b193c552fd9151affd014613458b0d"
|
||||
}
|
||||
]
|
||||
},
|
||||
"final_output": {
|
||||
"sig": "0354997f922511dba38d16973092a331f4039477bf4a2d77b438a317862795b267afb5d03fef0520d7b6ef541cbf9c252e51c11b989950ff64f750cb65ac9d1277"
|
||||
"sig": "0354997f922511dba38d16973092a331f4039477bf4a2d77b438a317862795b267b68989a15d1822b71b981109fe784d9b288f2c2e722983b27568869d61f38f2a"
|
||||
}
|
||||
}
|
||||
|
|
|
@ -63,15 +63,15 @@
|
|||
"outputs": [
|
||||
{
|
||||
"identifier": 1,
|
||||
"sig_share": "d6641c4136ee5bf7135272c2cae2ffc1170f9ee44562cf1a1f0ab65c14cfcc4e"
|
||||
"sig_share": "971bbcb0383c0fc47a710a8cae41a123cb44808328ce30880a8b66f1f15766fb"
|
||||
},
|
||||
{
|
||||
"identifier": 3,
|
||||
"sig_share": "e79e49ff66968247cb345da0f43d9ca83522e455478612602ac69e004b93e476"
|
||||
"sig_share": "33d0471177d384d3ec22731abbdd942851c78fbdbed0fb54149d657820228b55"
|
||||
}
|
||||
]
|
||||
},
|
||||
"final_output": {
|
||||
"sig": "030c776a9516a77808b70a31e74f1464814a6fcf897fb3a6bd84c7a9a9a7a5bcb8c0828f771deb8b8ab07fbfc2138ddbda6ff32bd9f7a673459538bc96d1f72e70"
|
||||
"sig": "030c776a9516a77808b70a31e74f1464814a6fcf897fb3a6bd84c7a9a9a7a5bcb8c86bda8b2fa8e74c949a8e4915b1f5dc3e9c8ab9cd98f9d513ef05a2cfb03363"
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue