Tests: simple fixes in "Aggregated SSSS" section

src/test.cpp

@@ -1255,11 +1255,6 @@ TEST_CASE("Threshold Signatures") {
         std::vector<G1Element> verifVec;
     };
 
-    struct RecvSigShare {
-        G2Element sig;
-        RawData msg;
-    };
-
     class Participant {
     public:
         // Unique identifier
@@ -1271,7 +1266,6 @@ TEST_CASE("Threshold Signatures") {
         // Coefficients vectors
         std::vector<PrivateKey> sks;
         std::vector<G1Element> pks;
-        std::vector<G2Element> sigs;
         // Internal Shares
         std::map<RawData, PrivateKey> sksShares;
         std::map<RawData, G1Element> pksShares;
@@ -1283,16 +1277,16 @@ TEST_CASE("Threshold Signatures") {
         PrivateKey aggrSk;
 
         // Map of received aggrSigs from each participant id.
-        std::map<RawData, RecvSigShare> recvAggrSigs;
+        std::map<RawData, G2Element> recvAggrSigs;
 
         bool recvShareAndVerificationVector(RawData fromId, const PrivateKey& skShare, const std::vector<G1Element>& verifVec) {
             G1Element evalPubShare = bls::Threshold::PublicKeyShare(verifVec, Bytes(id));
             REQUIRE(skShare.GetG1Element() == evalPubShare);
             recvShares.emplace(std::move(fromId), RecvShare{skShare, evalPubShare, verifVec});
             return true;
         }
-        void recvAggrSigsFrom(RawData& fromId, G2Element aggrSig, vector<uint8_t> msgHash) {
-            recvAggrSigs.emplace(fromId, RecvSigShare{aggrSig, std::move(msgHash)});
+        void recvAggrSigsFrom(RawData& fromId, const G2Element& sigShare) {
+            recvAggrSigs.emplace(fromId, sigShare);
         }
     };
 
@@ -1392,26 +1386,19 @@ TEST_CASE("Threshold Signatures") {
 
         // Data to be signed.
         std::vector<uint8_t> msgHash = getRandomSeed();
+
         for (auto& participant : participants) {
-            // Load SIG() polynomial coefficients vector
-            for (int i = 0; i < m; i++) {
-                PrivateKey sk = participant.sks[i];
-                G1Element pk = participant.pks[i];
-                G2Element sig = bls::Threshold::Sign(sk, Bytes(msgHash));
-                participant.sigs.emplace_back(sig);
-                REQUIRE(bls::Threshold::Verify(pk, Bytes(msgHash), {sig}));
-            }
+            // Recover public-key share and check it correspond to the aggregated secret-key share
+            G1Element aggrPk = bls::Threshold::PublicKeyShare(finalVerifVector, Bytes(participant.id));
+            REQUIRE(aggrPk == participant.aggrSk.GetG1Element());
+
+            // Validate signature share against public-key share
+            G2Element aggrSig = bls::Threshold::Sign(participant.aggrSk, Bytes(msgHash));
+            REQUIRE(bls::Threshold::Verify(aggrPk, Bytes(msgHash), {aggrSig}));
 
-            // Send participant.aggrSk sig to every other participant.
+            // Send signature share to every other participant.
             for (int i = 0; i < n; i++) {
-                auto& recipient = participants[i];
-                G2Element aggrSig = bls::Threshold::Sign(participant.aggrSk, Bytes(msgHash));
-                // Recv aggrSig and validates that correspond to Pa()
-                // Let's check that Pa(id) == participant.aggrPk
-                G1Element aggrPk = bls::Threshold::PublicKeyShare(finalVerifVector, Bytes(participant.id));
-                REQUIRE(aggrPk == participant.aggrSk.GetG1Element());
-                REQUIRE(bls::Threshold::Verify(aggrPk, Bytes(msgHash), {aggrSig}));
-                recipient.recvAggrSigsFrom(participant.id, aggrSig, msgHash);
+                participants[i].recvAggrSigsFrom(participant.id, aggrSig);
             }
         }
 
@@ -1420,19 +1407,25 @@ TEST_CASE("Threshold Signatures") {
             RawData random = getRandomSeed();
             Participant p = participants[random[0] % participants.size()];
             // Block two participants at random
-            std::vector<RawData> blockedIds;
-            blockedIds.emplace_back(participants[random[1] % participants.size()].id);
-            blockedIds.emplace_back(participants[random[2] % participants.size()].id);
+            int randomIdx = random[1] % participants.size();
+            int randomIdx2 = random[2] % participants.size();
+            while (randomIdx == randomIdx2) { randomIdx2 = getRandomSeed()[0] % participants.size(); }
+            std::vector<RawData> blockedIds = {
+                    participants[randomIdx].id,
+                    participants[randomIdx2].id
+            };
 
             // Gather sigs and ids.
             std::vector<G2Element> aggrSigs;
             std::vector<Bytes> ids;
             for (const auto& recvSigShare : p.recvAggrSigs) {
                 if (std::find(blockedIds.begin(), blockedIds.end(), recvSigShare.first) != blockedIds.end()) continue;
                 ids.emplace_back(recvSigShare.first);
-                aggrSigs.emplace_back(recvSigShare.second.sig);
+                aggrSigs.emplace_back(recvSigShare.second);
             }
 
+            REQUIRE(aggrSigs.size() == m);
+
             G2Element freeCoefficientSigs = bls::Threshold::SignatureRecover(aggrSigs, ids);
             // This will validate against Pa(0)!
             G1Element freeCoefficientPks = finalVerifVector[0];
@@ -1450,6 +1443,12 @@ TEST_CASE("Threshold Signatures") {
             PrivateKey finalKey = bls::Threshold::PrivateKeyRecover(aggrKeys, ids3);
             REQUIRE(finalKey.GetG1Element() == freeCoefficientPks);
             REQUIRE(bls::Threshold::Sign(finalKey, Bytes(msgHash)) == freeCoefficientSigs);
+
+            // Now let's modify one sig share, aggregate again, and check that verification fails
+            aggrSigs[0] += G2Element::Generator();
+            G2Element freeCoefficientSigs2 = bls::Threshold::SignatureRecover(aggrSigs, ids);
+            REQUIRE(freeCoefficientSigs2.IsValid());
+            REQUIRE(!bls::Threshold::Verify(freeCoefficientPks, Bytes(msgHash), freeCoefficientSigs2));
         }
     }
 }