Resolve the issue with GE deserialization using division by eight

See this link for more details: ZenGo-X/curv#156 (comment)
HRezaei · Dec 8, 2021 · 8ef39b1 · 8ef39b1
1 parent bf4732b
commit 8ef39b1
Show file tree

Hide file tree

Showing 2 changed files with 49 additions and 4 deletions.
diff --git a/examples/common.rs b/examples/common.rs
@@ -9,6 +9,8 @@ use curv::{
     elliptic::curves::traits::{ECPoint, ECScalar},
     BigInt,
 };
+use curv::cryptographic_primitives::secret_sharing::feldman_vss::VerifiableSS;
+use curv::elliptic::curves::ed25519::Ed25519Scalar;
 
 use reqwest::Client;
 use serde::{Deserialize, Serialize};
@@ -238,3 +240,21 @@ pub fn check_sig(r: &FE, s: &FE, msg: &BigInt, pk: &GE) {
     let is_correct = verify(&msg, &secp_sig, &pk);
     assert!(is_correct);
 }
+
+pub fn correct_verifiable_ss(vss: VerifiableSS<GE>) -> VerifiableSS<GE> {
+    //Since curv v0.7 does multiply GE's with 8 in deserialization, we have to correct them here:
+    //See https://github.com/ZenGo-X/curv/issues/156#issuecomment-987657279
+    let eight: Ed25519Scalar = ECScalar::from(&BigInt::from(8));
+    let eight_invert = eight.invert();
+
+    let corrected_commitments = vss.commitments.iter()
+        .map(|g| g * &eight_invert)
+        .collect();
+
+    let corrected_vss = VerifiableSS {
+        parameters: vss.parameters,
+        commitments: corrected_commitments,
+    };
+
+    corrected_vss
+}
diff --git a/examples/gg18_keygen_client.rs b/examples/gg18_keygen_client.rs
@@ -18,12 +18,14 @@ use multi_party_eddsa::protocols::thresholdsig::{
 use paillier::EncryptionKey;
 use reqwest::Client;
 use std::{env, fs, time};
+use curv::elliptic::curves::ed25519::Ed25519Scalar;
 
 mod common;
 use common::{
     aes_decrypt, aes_encrypt, broadcast, poll_for_broadcasts, poll_for_p2p, postb, sendp2p, Params,
     PartySignup, AEAD, AES_KEY_BYTES_LEN,
 };
+use crate::common::correct_verifiable_ss;
 
 fn main() {
     if env::args().nth(3).is_some() {
@@ -36,6 +38,11 @@ fn main() {
     let data = fs::read_to_string("params.json")
         .expect("Unable to read params, make sure config file is present in the same folder ");
     let params: Params = serde_json::from_str(&data).unwrap();
+
+    run_keygen(params);
+}
+
+pub fn run_keygen(params: Params) {
     let PARTIES: u16 = params.parties.parse::<u16>().unwrap();
     let THRESHOLD: u16 = params.threshold.parse::<u16>().unwrap();
 
@@ -104,13 +111,18 @@ fn main() {
     let mut point_vec: Vec<GE> = Vec::new();
     let mut blind_vec: Vec<BigInt> = Vec::new();
     let mut enc_keys: Vec<Vec<u8>> = Vec::new();
+    let eight: Ed25519Scalar = ECScalar::from(&BigInt::from(8));
+    let eight_invert = eight.invert();
     for i in 1..=PARTIES {
         if i == party_num_int {
             point_vec.push(decom_i.y_i);
             blind_vec.push(decom_i.clone().blind_factor);
         } else {
             let decom_j: KeyGenDecommitMessage1 = serde_json::from_str::<KeyGenDecommitMessage1>(&round2_ans_vec[j]).unwrap();
-            point_vec.push(decom_j.y_i);
+
+            //Since curv v0.7 does multiply GE's with 8 in deserialization, we have to correct them here:
+            //See https://github.com/ZenGo-X/curv/issues/156#issuecomment-987657279
+            point_vec.push(decom_j.y_i * eight_invert.clone());
             blind_vec.push(decom_j.clone().blind_factor);
             let key_bn: BigInt = (decom_j.y_i.clone() * party_keys.u_i).x_coor().unwrap();
             let key_bytes = BigInt::to_bytes(&key_bn);
@@ -207,7 +219,11 @@ fn main() {
             vss_scheme_vec.push(vss_scheme.clone());
         } else {
             let vss_scheme_j: VerifiableSS<GE> = serde_json::from_str(&round4_ans_vec[j]).unwrap();
-            vss_scheme_vec.push(vss_scheme_j);
+
+            //Since curv v0.7 does multiply GE's with 8 in deserialization, we have to correct them here:
+            //See https://github.com/ZenGo-X/curv/issues/156#issuecomment-987657279
+            let corrected_vss_scheme_j = correct_verifiable_ss(vss_scheme_j);
+            vss_scheme_vec.push(corrected_vss_scheme_j);
             j += 1;
         }
     }
@@ -247,11 +263,20 @@ fn main() {
             dlog_proof_vec.push(dlog_proof.clone());
         } else {
             let dlog_proof_j: DLogProof<GE> = serde_json::from_str(&round5_ans_vec[j]).unwrap();
-            dlog_proof_vec.push(dlog_proof_j);
+
+            //Since curv v0.7 does multiply GE with 8 in deserialization, we have to correct them here:
+            //See https://github.com/ZenGo-X/curv/issues/156#issuecomment-987657279
+            let corrected_dlog_proof_j = DLogProof {
+                pk: dlog_proof_j.pk * eight_invert,
+                pk_t_rand_commitment: dlog_proof_j.pk_t_rand_commitment * eight_invert,
+                challenge_response: dlog_proof_j.challenge_response
+            };
+            dlog_proof_vec.push(corrected_dlog_proof_j);
             j += 1;
         }
     }
-    Keys::verify_dlog_proofs(&params, &dlog_proof_vec, &point_vec).expect("bad dlog proof");
+    Keys::verify_dlog_proofs(&params, &dlog_proof_vec, &point_vec)
+        .expect("bad dlog proof");
 
     //save key to file:
     let paillier_key_vec = (0..PARTIES)