Remove statefullness from DKG instances

ferveo-python/examples/server_api_precomputed.py

@@ -59,7 +59,7 @@ def gen_eth_addr(i: int) -> str:
 # In the meantime, the client creates a ciphertext and decryption request
 msg = "abc".encode()
 aad = "my-aad".encode()
-ciphertext = encrypt(msg, aad, dkg.public_key)
+ciphertext = encrypt(msg, aad, client_aggregate.public_key)
 
 # Having aggregated the transcripts, the validators can now create decryption shares
 decryption_shares = []

ferveo-python/examples/server_api_simple.py

@@ -62,7 +62,7 @@ def gen_eth_addr(i: int) -> str:
 # In the meantime, the client creates a ciphertext and decryption request
 msg = "abc".encode()
 aad = "my-aad".encode()
-ciphertext = encrypt(msg, aad, dkg.public_key)
+ciphertext = encrypt(msg, aad, client_aggregate.public_key)
 
 # The client can serialize/deserialize ciphertext for transport
 ciphertext_ser = bytes(ciphertext)

ferveo-python/ferveo/__init__.py

@@ -18,10 +18,6 @@
     ValidatorMessage,
     FerveoVariant,
     ThresholdEncryptionError,
-    InvalidDkgStateToDeal,
-    InvalidDkgStateToAggregate,
-    InvalidDkgStateToVerify,
-    InvalidDkgStateToIngest,
     DealerNotInValidatorSet,
     UnknownDealer,
     DuplicateDealer,
@@ -40,4 +36,6 @@
     NoTranscriptsToAggregate,
     InvalidAggregateVerificationParameters,
     UnknownValidator,
+    TooManyTranscripts,
+    DuplicateTranscript,
 )

ferveo-python/ferveo/__init__.pyi

@@ -105,6 +105,7 @@ class DecryptionSharePrecomputed:
 
 @final
 class AggregatedTranscript:
+    public_key: DkgPublicKey
     def __init__(self, messages: Sequence[ValidatorMessage]): ...
     def verify(
         self, validators_num: int, messages: Sequence[ValidatorMessage]
@@ -157,18 +158,6 @@ def decrypt_with_shared_secret(
 class ThresholdEncryptionError(Exception):
     pass
 
-class InvalidDkgStateToDeal(Exception):
-    pass
-
-class InvalidDkgStateToAggregate(Exception):
-    pass
-
-class InvalidDkgStateToVerify(Exception):
-    pass
-
-class InvalidDkgStateToIngest(Exception):
-    pass
-
 class DealerNotInValidatorSet(Exception):
     pass
 
@@ -181,12 +170,6 @@ class DuplicateDealer(Exception):
 class InvalidPvssTranscript(Exception):
     pass
 
-class InsufficientTranscriptsForAggregate(Exception):
-    pass
-
-class InvalidDkgPublicKey(Exception):
-    pass
-
 class InsufficientValidators(Exception):
     pass
 
@@ -220,5 +203,8 @@ class NoTranscriptsToAggregate(Exception):
 class InvalidAggregateVerificationParameters(Exception):
     pass
 
-class UnknownValidator(Exception):
+class TooManyTranscripts(Exception):
+    pass
+
+class DuplicateTranscript(Exception):
     pass

ferveo-python/test/test_ferveo.py

@@ -89,7 +89,7 @@ def scenario_for_variant(
     # Client creates a ciphertext and requests decryption shares from validators
     msg = "abc".encode()
     aad = "my-aad".encode()
-    ciphertext = encrypt(msg, aad, dkg.public_key)
+    ciphertext = encrypt(msg, aad, client_aggregate.public_key)
 
     # Having aggregated the transcripts, the validators can now create decryption shares
     decryption_shares = []

ferveo-python/test/test_serialization.py

@@ -5,6 +5,7 @@
     DkgPublicKey,
     FerveoPublicKey,
     FerveoVariant,
+    ValidatorMessage
 )
 
 
@@ -32,7 +33,10 @@ def make_dkg_public_key():
         validators=validators,
         me=me,
     )
-    return dkg.public_key
+    transcripts = [ValidatorMessage(v, dkg.generate_transcript()) for v in validators]
+    aggregate = dkg.aggregate_transcripts(transcripts)
+    assert aggregate.verify(shares_num, transcripts)
+    return aggregate.public_key
 
 
 def make_shared_secret():

ferveo-tdec/benches/tpke.rs

@@ -25,7 +25,7 @@ struct SetupShared {
     shares_num: usize,
     msg: Vec<u8>,
     aad: Vec<u8>,
-    pubkey: PublicKeyShare<E>,
+    pubkey: PublicKey<E>,
     privkey: PrivateKeyShare<E>,
     ciphertext: Ciphertext<E>,
     shared_secret: SharedSecret<E>,

ferveo-tdec/src/ciphertext.rs

@@ -14,7 +14,7 @@ use sha2::{digest::Digest, Sha256};
 use zeroize::ZeroizeOnDrop;
 
 use crate::{
-    htp_bls12381_g2, Error, PrivateKeyShare, PublicKeyShare, Result, SecretBox,
+    htp_bls12381_g2, Error, PrivateKeyShare, PublicKey, Result, SecretBox,
     SharedSecret,
 };
 
@@ -98,7 +98,7 @@ impl<E: Pairing> CiphertextHeader<E> {
 pub fn encrypt<E: Pairing>(
     message: SecretBox<Vec<u8>>,
     aad: &[u8],
-    pubkey: &PublicKeyShare<E>,
+    pubkey: &PublicKey<E>,
     rng: &mut impl rand::Rng,
 ) -> Result<Ciphertext<E>> {
     // r
@@ -108,8 +108,7 @@ pub fn encrypt<E: Pairing>(
     // h
     let h_gen = E::G2Affine::generator();
 
-    let ry_prep =
-        E::G1Prepared::from(pubkey.public_key_share.mul(rand_element).into());
+    let ry_prep = E::G1Prepared::from(pubkey.0.mul(rand_element).into());
     // s
     let product = E::pairing(ry_prep, h_gen).0;
     // u
@@ -150,7 +149,7 @@ pub fn decrypt_symmetric<E: Pairing>(
     ciphertext.check(aad, g_inv)?;
     let shared_secret = E::pairing(
         E::G1Prepared::from(ciphertext.commitment),
-        E::G2Prepared::from(private_key.private_key_share),
+        E::G2Prepared::from(private_key.0),
     )
     .0;
     let shared_secret = SharedSecret(shared_secret);

ferveo-tdec/src/context.rs

@@ -5,13 +5,13 @@ use ark_ec::{pairing::Pairing, CurveGroup};
 use crate::{
     prepare_combine_simple, BlindedKeyShare, Ciphertext, CiphertextHeader,
     DecryptionShareFast, DecryptionSharePrecomputed, DecryptionShareSimple,
-    PrivateKeyShare, PublicKeyShare, Result,
+    PrivateKeyShare, PublicKey, Result,
 };
 
 #[derive(Clone, Debug)]
 pub struct PublicDecryptionContextFast<E: Pairing> {
     pub domain: E::ScalarField,
-    pub public_key_share: PublicKeyShare<E>,
+    pub public_key: PublicKey<E>,
     pub blinded_key_share: BlindedKeyShare<E>,
     // This decrypter's contribution to N(0), namely (-1)^|domain| * \prod_i omega_i
     pub lagrange_n_0: E::ScalarField,
@@ -21,7 +21,7 @@ pub struct PublicDecryptionContextFast<E: Pairing> {
 #[derive(Clone, Debug)]
 pub struct PublicDecryptionContextSimple<E: Pairing> {
     pub domain: E::ScalarField,
-    pub public_key_share: PublicKeyShare<E>,
+    pub public_key: PublicKey<E>,
     pub blinded_key_share: BlindedKeyShare<E>,
     pub h: E::G2Affine,
     pub validator_public_key: E::G2,

ferveo-tdec/src/decryption.rs

@@ -74,13 +74,13 @@ impl<E: Pairing> ValidatorShareChecksum<E> {
 
 #[serde_as]
 #[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
-#[serde(bound(
-    serialize = "ValidatorShareChecksum<E>: Serialize",
-    deserialize = "ValidatorShareChecksum<E>: DeserializeOwned"
-))]
 pub struct DecryptionShareSimple<E: Pairing> {
     #[serde_as(as = "serialization::SerdeAs")]
     pub decryption_share: E::TargetField,
+    #[serde(bound(
+        serialize = "ValidatorShareChecksum<E>: Serialize",
+        deserialize = "ValidatorShareChecksum<E>: DeserializeOwned"
+    ))]
     pub validator_checksum: ValidatorShareChecksum<E>,
 }
 
@@ -110,11 +110,8 @@ impl<E: Pairing> DecryptionShareSimple<E> {
         ciphertext_header: &CiphertextHeader<E>,
     ) -> Result<Self> {
         // D_i = e(U, Z_i)
-        let decryption_share = E::pairing(
-            ciphertext_header.commitment,
-            private_key_share.private_key_share,
-        )
-        .0;
+        let decryption_share =
+            E::pairing(ciphertext_header.commitment, private_key_share.0).0;
 
         let validator_checksum = ValidatorShareChecksum::new(
             validator_decryption_key,
@@ -146,14 +143,14 @@ impl<E: Pairing> DecryptionShareSimple<E> {
 
 #[serde_as]
 #[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
-#[serde(bound(
-    serialize = "ValidatorShareChecksum<E>: Serialize",
-    deserialize = "ValidatorShareChecksum<E>: DeserializeOwned"
-))]
 pub struct DecryptionSharePrecomputed<E: Pairing> {
     pub decrypter_index: usize,
     #[serde_as(as = "serialization::SerdeAs")]
     pub decryption_share: E::TargetField,
+    #[serde(bound(
+        serialize = "ValidatorShareChecksum<E>: Serialize",
+        deserialize = "ValidatorShareChecksum<E>: DeserializeOwned"
+    ))]
     pub validator_checksum: ValidatorShareChecksum<E>,
 }
 
@@ -188,11 +185,8 @@ impl<E: Pairing> DecryptionSharePrecomputed<E> {
         let u_to_lagrange_coeff =
             ciphertext_header.commitment.mul(lagrange_coeff);
         // C_{λ_i} = e(U_{λ_i}, Z_i)
-        let decryption_share = E::pairing(
-            u_to_lagrange_coeff,
-            private_key_share.private_key_share,
-        )
-        .0;
+        let decryption_share =
+            E::pairing(u_to_lagrange_coeff, private_key_share.0).0;
 
         let validator_checksum = ValidatorShareChecksum::new(
             validator_decryption_key,

ferveo-tdec/src/key_share.rs

@@ -9,11 +9,11 @@ use serde::{Deserialize, Serialize};
 use serde_with::serde_as;
 use zeroize::{Zeroize, ZeroizeOnDrop};
 
-#[derive(Debug, Clone)]
-// TODO: Should we rename it to PublicKey or SharedPublicKey?
-pub struct PublicKeyShare<E: Pairing> {
-    pub public_key_share: E::G1Affine, // A_{i, \omega_i}
-}
+#[serde_as]
+#[derive(Debug, Copy, Clone, Serialize, Deserialize, PartialEq, Eq)]
+pub struct PublicKey<E: Pairing>(
+    #[serde_as(as = "serialization::SerdeAs")] pub E::G1Affine, // A_{i, \omega_i}
+);
 
 #[derive(Debug, Clone)]
 pub struct BlindedKeyShare<E: Pairing> {
@@ -24,15 +24,14 @@ pub struct BlindedKeyShare<E: Pairing> {
 impl<E: Pairing> BlindedKeyShare<E> {
     pub fn verify_blinding<R: RngCore>(
         &self,
-        public_key_share: &PublicKeyShare<E>,
+        public_key: &PublicKey<E>,
         rng: &mut R,
     ) -> bool {
         let g = E::G1Affine::generator();
         let alpha = E::ScalarField::rand(rng);
 
-        let alpha_a = E::G1Prepared::from(
-            g + public_key_share.public_key_share.mul(alpha).into_affine(),
-        );
+        let alpha_a =
+            E::G1Prepared::from(g + public_key.0.mul(alpha).into_affine());
 
         // \sum_i(Y_i)
         let alpha_z = E::G2Prepared::from(
@@ -56,18 +55,16 @@ impl<E: Pairing> BlindedKeyShare<E> {
 #[derive(
     Clone, Debug, PartialEq, Eq, Serialize, Deserialize, Zeroize, ZeroizeOnDrop,
 )]
-pub struct PrivateKeyShare<E: Pairing> {
-    // TODO: Replace with a tuple?
-    #[serde_as(as = "serialization::SerdeAs")]
-    pub private_key_share: E::G2Affine,
-}
+pub struct PrivateKeyShare<E: Pairing>(
+    #[serde_as(as = "serialization::SerdeAs")] pub E::G2Affine,
+);
 
 impl<E: Pairing> PrivateKeyShare<E> {
     pub fn blind(&self, b: E::ScalarField) -> BlindedKeyShare<E> {
         let blinding_key = E::G2Affine::generator().mul(b).into_affine();
         BlindedKeyShare::<E> {
             blinding_key,
-            blinded_key_share: self.private_key_share.mul(b).into_affine(),
+            blinded_key_share: self.0.mul(b).into_affine(),
         }
     }
 }