Skip to content

Commit

Permalink
Some tests fixed: share updating should be done on top of blinded shares
Browse files Browse the repository at this point in the history 
As suspected in a previous commit
  • Loading branch information
@cygnusv
cygnusv committed Mar 14, 2024
1 parent 71ae5a9 commit 506f2c7
Show file tree
Hide file tree
Showing 4 changed files with 62 additions and 28 deletions.
2 changes: 1 addition & 1 deletion ferveo-tdec/src/context.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ use crate::{
#[derive(Clone, Debug)]
pub struct PublicDecryptionContextFast<E: Pairing> {
pub domain: E::ScalarField,
pub public_key: ShareCommitment<E>, // FIXME
pub public_key: ShareCommitment<E>, // FIXME
pub blinded_key_share: BlindedKeyShare<E>,
// This decrypter's contribution to N(0), namely (-1)^|domain| * \prod_i omega_i
pub lagrange_n_0: E::ScalarField,
Expand Down
20 changes: 14 additions & 6 deletions ferveo-tdec/src/key_share.rs
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,7 @@
use std::ops::Mul;

use ark_ec::{pairing::Pairing, AffineRepr, CurveGroup};


use ferveo_common::serialization;

use serde::{Deserialize, Serialize};
use serde_with::serde_as;
use zeroize::{Zeroize, ZeroizeOnDrop};
Expand All @@ -21,10 +18,12 @@ pub struct ShareCommitment<E: Pairing>(
#[serde_as(as = "serialization::SerdeAs")] pub E::G1Affine, // A_{i, \omega_i}
);

// TODO: Improve by adding share commitment here
// TODO: Is this a test utility perhaps?
#[derive(Debug, Copy, Clone)]
pub struct BlindedKeyShare<E: Pairing> {
pub validator_public_key: E::G2Affine, // [b] H
pub blinded_key_share: E::G2Affine, // [b] Z_{i, \omega_i}
pub validator_public_key: E::G2Affine, // [b] H
pub blinded_key_share: E::G2Affine, // [b] Z_{i, \omega_i}
}

impl<E: Pairing> BlindedKeyShare<E> {
Expand Down Expand Up @@ -55,6 +54,14 @@ impl<E: Pairing> BlindedKeyShare<E> {
// self.blinded_key_share =
// self.blinded_key_share.mul(-*omega_inv).into_affine();
// }
pub fn unblind(
&self,
unblinding_factor: E::ScalarField,
) -> PrivateKeyShare<E> {
PrivateKeyShare::<E>(
self.blinded_key_share.mul(unblinding_factor).into_affine(),
)
}
}

#[serde_as]
Expand All @@ -69,7 +76,8 @@ pub struct PrivateKeyShare<E: Pairing>(
// #[cfg(test)]
impl<E: Pairing> PrivateKeyShare<E> {
pub fn blind(&self, b: E::ScalarField) -> BlindedKeyShare<E> {
let validator_public_key = E::G2Affine::generator().mul(b).into_affine();
let validator_public_key =
E::G2Affine::generator().mul(b).into_affine();
BlindedKeyShare::<E> {
validator_public_key,
blinded_key_share: self.0.mul(b).into_affine(),
Expand Down
40 changes: 24 additions & 16 deletions ferveo-tdec/src/lib.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -138,7 +138,8 @@ pub mod test_common {
)
.enumerate()
{
let private_key_share: PrivateKeyShare<E> = PrivateKeyShare(*private);
let private_key_share: PrivateKeyShare<E> =
PrivateKeyShare(*private);
let b = E::ScalarField::rand(rng);
let blinded_key_shares = private_key_share.blind(b);
// blinded_key_shares.multiply_by_omega_inv(domain_inv); // FIXME
Expand Down Expand Up @@ -191,23 +192,23 @@ pub mod test_common {
// The dealer chooses a uniformly random polynomial f of degree t-1
let threshold_poly =
DensePolynomial::<E::ScalarField>::rand(threshold - 1, rng);

// Domain, or omega Ω
let fft_domain =
ark_poly::GeneralEvaluationDomain::<E::ScalarField>::new(
shares_num,
)
.unwrap();

// domain points: - ω_j in Ω
let domain_points = fft_domain.elements().collect::<Vec<_>>();

// `evals` are evaluations of the polynomial f over the domain, omega: f(ω_j) for ω_j in Ω
let evals = threshold_poly.evaluate_over_domain_by_ref(fft_domain);

// A_j, share commitments of participants: [f(ω_j)] G
let share_commitments = fast_multiexp(&evals.evals, g.into_group());

// FIXME: These 2 lines don't make sense
//let pubkey_share = g.mul(evals.evals[0]);
//debug_assert!(share_commitments[0] == E::G1Affine::from(pubkey_share));
Expand All @@ -218,10 +219,10 @@ pub mod test_common {

// The shared secret is the free coefficient from threshold poly
let a_0 = threshold_poly.coeffs[0];

// F_0, group's public key
let group_pubkey = g.mul(a_0);

// group's private key (NOTE: just for tests, this is NEVER constructed in production)
let group_privkey = h.mul(a_0);

Expand All @@ -233,18 +234,23 @@ pub mod test_common {
let mut public_contexts = vec![];

// (domain_point, A, Z)
for (index, (domain_point, share_commit, private_share)) in
izip!(domain_points.iter(), share_commitments.iter(), privkey_shares.iter())
.enumerate()
for (index, (domain_point, share_commit, private_share)) in izip!(
domain_points.iter(),
share_commitments.iter(),
privkey_shares.iter()
)
.enumerate()
{
let private_key_share = PrivateKeyShare::<E>(*private_share);
let b = E::ScalarField::one(); // FIXME: rand(rng);
let blinded_key_share: BlindedKeyShare<E> = private_key_share.blind(b);
let blinding_factor = E::ScalarField::rand(rng);
let blinded_key_share: BlindedKeyShare<E> =
private_key_share.blind(blinding_factor);

private_contexts.push(PrivateDecryptionContextSimple::<E> {
index,
setup_params: SetupParams {
b,
b_inv: b.inverse().unwrap(),
b: blinding_factor,
b_inv: blinding_factor.inverse().unwrap(),
g,
h_inv: E::G2Prepared::from(-h.into_group()),
g_inv: E::G1Prepared::from(-g.into_group()),
Expand All @@ -255,10 +261,12 @@ pub mod test_common {
});
public_contexts.push(PublicDecryptionContextSimple::<E> {
domain: *domain_point,
share_commitment: ShareCommitment::<E>(*share_commit), // FIXME
share_commitment: ShareCommitment::<E>(*share_commit), // FIXME
blinded_key_share,
h,
validator_public_key: blinded_key_share.validator_public_key.into_group()
validator_public_key: blinded_key_share
.validator_public_key
.into_group(),
});
}
for private_ctxt in private_contexts.iter_mut() {
Expand Down
28 changes: 23 additions & 5 deletions ferveo/src/refresh.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ impl<E: Pairing> PrivateKeyShare<E> {
&self,
share_updates: &[ShareUpdate<E>],
) -> UpdatedPrivateKeyShare<E> {
// TODO: Validate commitments from share update
// TODO: Validate commitments from share update // FIXME: Don't forget!!!!!
let updated_key_share = share_updates
.iter()
.fold(self.0 .0, |acc, delta| (acc + delta.update).into());
Expand Down Expand Up @@ -316,7 +316,8 @@ mod tests_refresh {
use ark_bls12_381::Fr;
use ark_std::{test_rng, UniformRand, Zero};
use ferveo_tdec::{
test_common::setup_simple, PrivateDecryptionContextSimple,
test_common::setup_simple,
BlindedKeyShare, PrivateDecryptionContextSimple,
};
use rand_core::RngCore;
use test_case::{test_case, test_matrix};
Expand Down Expand Up @@ -601,9 +602,26 @@ mod tests_refresh {
.collect();

// And creates a new, refreshed share
let updated_share =
PrivateKeyShare(p.private_key_share.clone())
.create_updated_key_share(&updates_for_participant);
let blinded_key_share =
p.public_decryption_contexts[p.index].blinded_key_share;

// TODO: Encapsulate this somewhere, originally from PrivateKeyShare.create_updated_key_share
// FIXME: Validate commitments from share update, don't forget!!!!!
let updated_blinded_key_share: BlindedKeyShare<E> =
BlindedKeyShare {
validator_public_key: blinded_key_share
.validator_public_key,
blinded_key_share: updates_for_participant.iter().fold(
blinded_key_share.blinded_key_share,
|acc, delta| (acc + delta.update).into(),
),
};

let unblinding_factor = p.setup_params.b_inv;
let updated_share = UpdatedPrivateKeyShare(
updated_blinded_key_share.unblind(unblinding_factor),
);

(p.index as u32, updated_share)
})
// We only need `threshold` refreshed shares to recover the original share
Expand Down

0 comments on commit 506f2c7

Please sign in to comment.