This is an automated email from the ASF dual-hosted git repository. sandreoli pushed a commit to branch add-full-example in repository https://gitbox.apache.org/repos/asf/incubator-milagro-MPC.git
commit 3b0fe54022b38ca19352c35a5cc7e47f117df4cf Author: Samuele Andreoli <[email protected]> AuthorDate: Fri Feb 14 10:57:26 2020 +0000 Expose ECP R value for Phase5 flow --- examples/example_ecdsa.c | 2 +- examples/example_r.c | 2 +- include/amcl/factoring_zk.h | 5 +++++ include/amcl/mpc.h | 6 ++++-- python/amcl_mpc.py | 20 +++++++++++--------- python/example_ecdsa.py | 2 +- python/example_r.py | 2 +- python/test_ecdsa.py | 2 +- python/test_r.py | 2 +- src/mpc.c | 41 ++++++++++++++++++++++------------------- src/mta.c | 22 +++++++++++----------- test/smoke/test_ecdsa_smoke.c | 2 +- test/smoke/test_r_smoke.c | 16 +++++++++------- test/unit/test_r.c | 2 +- 14 files changed, 70 insertions(+), 56 deletions(-) diff --git a/examples/example_ecdsa.c b/examples/example_ecdsa.c index d546ab7..be43f53 100644 --- a/examples/example_ecdsa.c +++ b/examples/example_ecdsa.c @@ -297,7 +297,7 @@ int test(csprng *RNG) printf("\n"); // Calculate the R signature component - rc = MPC_R(&INVKGAMMA, &GAMMAPT1, &GAMMAPT2, &SIG_R); + rc = MPC_R(&INVKGAMMA, &GAMMAPT1, &GAMMAPT2, &SIG_R, NULL); if (rc) { fprintf(stderr, "FAILURE MPC_R rc: %d\n", rc); diff --git a/examples/example_r.c b/examples/example_r.c index af1e2f1..43b78c5 100644 --- a/examples/example_r.c +++ b/examples/example_r.c @@ -479,7 +479,7 @@ int main() } // Calculate the R signature component - rc = MPC_R(&INVKGAMMA, &GAMMAPT1, &GAMMAPT2, &SIG_R); + rc = MPC_R(&INVKGAMMA, &GAMMAPT1, &GAMMAPT2, &SIG_R, NULL); if (rc) { fprintf(stderr, "FAILURE MPC_R rc: %d\n", rc); diff --git a/include/amcl/factoring_zk.h b/include/amcl/factoring_zk.h index bb853cd..b8738f3 100644 --- a/include/amcl/factoring_zk.h +++ b/include/amcl/factoring_zk.h @@ -35,8 +35,13 @@ extern "C" { #endif +#ifndef FS_2048 #define FS_2048 MODBYTES_1024_58 * FFLEN_2048 /**< 2048 field size in bytes */ +#endif + +#ifndef HFS_2048 #define HFS_2048 MODBYTES_1024_58 * HFLEN_2048 /**< Half 2048 field size in bytes */ +#endif #define FACTORING_ZK_B 16 /**< Security parameter, length in bytes */ diff --git a/include/amcl/mpc.h b/include/amcl/mpc.h index 8818ac7..b5b8e63 100644 --- a/include/amcl/mpc.h +++ b/include/amcl/mpc.h @@ -86,7 +86,8 @@ void MPC_INVKGAMMA(octet *KGAMMA1, octet *KGAMMA2, octet *INVKGAMMA); /** \brief R component * - * Generate the ECDSA signature R component + * Generate the ECDSA signature R component. It also outputs the ECP + * associate to the R component if specified * * <ol> * <li> \f$ r_x, r_y = k^{-1}G \f$ where G is the group generator @@ -97,9 +98,10 @@ void MPC_INVKGAMMA(octet *KGAMMA1, octet *KGAMMA2, octet *INVKGAMMA); * @param GAMMAPT1 Actor 1 gamma point * @param GAMMAPT2 Actor 2 gamma point * @param R R component of the signature + * @param RP ECP associated to the R component of the signature. Optional * @return Returns 0 or else error code */ -int MPC_R(octet *INVKGAMMA, octet *GAMMAPT1, octet *GAMMAPT2, octet *R); +int MPC_R(octet *INVKGAMMA, octet *GAMMAPT1, octet *GAMMAPT2, octet *R, octet *RP); /** \brief Hash the message value * diff --git a/python/amcl_mpc.py b/python/amcl_mpc.py index 18c9156..166446e 100755 --- a/python/amcl_mpc.py +++ b/python/amcl_mpc.py @@ -97,7 +97,7 @@ extern void MPC_MTA_CLIENT2(PAILLIER_private_key *PRIV, octet* CB, octet *ALPHA) extern void MPC_MTA_SERVER(csprng *RNG, PAILLIER_public_key *PUB, octet *B, octet *CA, octet *Z, octet *R, octet *CB, octet *BETA); extern void MPC_SUM_MTA(octet *A, octet *B, octet *ALPHA, octet *BETA, octet *SUM); extern void MPC_INVKGAMMA(octet *KGAMMA1, octet *KGAMMA2, octet *INVKGAMMA); -extern extern int MPC_R(octet *INVKGAMMA, octet *GAMMAPT1, octet *GAMMAPT2, octet *R); +extern extern int MPC_R(octet *INVKGAMMA, octet *GAMMAPT1, octet *GAMMAPT2, octet *R, octet *RP); extern void MPC_HASH(int sha, octet *M, octet *HM); extern int MPC_S(octet *HM, octet *R, octet *K, octet *SIGMA, octet *S); extern void MPC_SUM_S(octet *S1, octet *S2, octet *S); @@ -131,7 +131,7 @@ FS_2048 = 256 HFS_2048 = 128 FS_4096 = 512 EGS_SECP256K1 = 32 -PTS_SECP256K1 = 2*EGS_SECP256K1 + 1 +EFS_SECP256K1 = 32 SHA256 = 32 curve_order = 0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141 @@ -317,12 +317,12 @@ def ecp_secp256k1_key_pair_generate(rng, ecdsa_sk=None): else: ecdsa_sk1, ecdsa_sk1_val = make_octet(EGS_SECP256K1) - ecdsa_pk1, ecdsa_pk1_val = make_octet(PTS_SECP256K1) + ecdsa_pk1, ecdsa_pk1_val = make_octet(2 * EFS_SECP256K1) rc = libamcl_curve_secp256k1.ECP_SECP256K1_KEY_PAIR_GENERATE(rng, ecdsa_sk1, ecdsa_pk1) ecdsa_sk2 = to_str(ecdsa_sk1) - ecdsa_pk2 = to_str(ecdsa_pk1) + ecdsa_pk2 = to_str(ecdsa_pk1) return rc, ecdsa_pk2, ecdsa_sk2 @@ -524,9 +524,9 @@ def mpc_r(invkgamma, gammapt1, gammapt2): Returns:: - r: R component of the signature rc: Zero for success or else an error code - + r : R component of the signature + rp: ECP associated to R component of signature Raises: """ @@ -535,12 +535,14 @@ def mpc_r(invkgamma, gammapt1, gammapt2): gammapt21, gammapt21_val = make_octet(None, gammapt2) r1, r1_val = make_octet(EGS_SECP256K1) + rp, rp_val = make_octet(EFS_SECP256K1 + 1) - rc = libamcl_mpc.MPC_R(invkgamma1, gammapt11, gammapt21, r1) + rc = libamcl_mpc.MPC_R(invkgamma1, gammapt11, gammapt21, r1, rp) r2 = to_str(r1) + rp_str = to_str(rp) - return rc, r2 + return rc, r2, rp_str def mpc_hash(message): """Hash the message value @@ -677,7 +679,7 @@ def mpc_sum_pk(pk1, pk2): pk11, pk11_val = make_octet(None, pk1) pk21, pk21_val = make_octet(None, pk2) - pk1, pk1_val = make_octet(PTS_SECP256K1) + pk1, pk1_val = make_octet(EFS_SECP256K1 + 1) rc = libamcl_mpc.MPC_SUM_PK(pk11, pk21, pk1); diff --git a/python/example_ecdsa.py b/python/example_ecdsa.py index 8156f7d..6c99a72 100755 --- a/python/example_ecdsa.py +++ b/python/example_ecdsa.py @@ -84,7 +84,7 @@ if __name__ == "__main__": # Calculate the R signature component - rc, SIG_R = amcl_mpc.mpc_r(INVKGAMMA, GAMMAPT1, GAMMAPT2) + rc, SIG_R, _ = amcl_mpc.mpc_r(INVKGAMMA, GAMMAPT1, GAMMAPT2) # ALPHA1 + BETA2 = K1 * W2 diff --git a/python/example_r.py b/python/example_r.py index b438cf0..fbed92e 100755 --- a/python/example_r.py +++ b/python/example_r.py @@ -169,7 +169,7 @@ if __name__ == "__main__": assert INVKGAMMAGOLDEN_hex == INVKGAMMA_hex, f"expected {INVKGAMMAGOLDEN_hex} got {INVKGAMMA_hex}" # Calculate the R signature component - rc, SIG_R = amcl_mpc.mpc_r(INVKGAMMA, GAMMAPT1, GAMMAPT2) + rc, SIG_R, _ = amcl_mpc.mpc_r(INVKGAMMA, GAMMAPT1, GAMMAPT2) SIG_R_hex = SIG_R.hex() assert SIG_RGOLDEN_hex == SIG_R_hex, f"expected {SIG_RGOLDEN_hex} got {SIG_R_hex}" diff --git a/python/test_ecdsa.py b/python/test_ecdsa.py index 56aea4a..98c85a0 100755 --- a/python/test_ecdsa.py +++ b/python/test_ecdsa.py @@ -92,7 +92,7 @@ class TestECDSA(unittest.TestCase): # Calculate the R signature component - rc, SIG_R = amcl_mpc.mpc_r(INVKGAMMA, GAMMAPT1, GAMMAPT2) + rc, SIG_R, _ = amcl_mpc.mpc_r(INVKGAMMA, GAMMAPT1, GAMMAPT2) # ALPHA1 + BETA2 = K1 * W2 diff --git a/python/test_r.py b/python/test_r.py index d479f8f..f3175ea 100755 --- a/python/test_r.py +++ b/python/test_r.py @@ -78,7 +78,7 @@ class TestR(unittest.TestCase): # Calculate the R signature component - rc, sig_r = amcl_mpc.mpc_r(invkgamma, test['GAMMAPT1'], test['GAMMAPT2']) + rc, sig_r, _ = amcl_mpc.mpc_r(invkgamma, test['GAMMAPT1'], test['GAMMAPT2']) self.assertEqual(vector['SIG_R'], sig_r.hex()) self.assertEqual(rc, 0) diff --git a/src/mpc.c b/src/mpc.c index d8729a9..14eb75e 100644 --- a/src/mpc.c +++ b/src/mpc.c @@ -162,32 +162,30 @@ void MPC_INVKGAMMA(octet *KGAMMA1, octet *KGAMMA2, octet *INVKGAMMA) { BIG_256_56 kgamma1; BIG_256_56 kgamma2; - BIG_256_56 kgamma; - BIG_256_56 invkgamma; BIG_256_56 q; // Curve order BIG_256_56_rcopy(q, CURVE_Order_SECP256K1); // Load values - BIG_256_56_fromBytes(kgamma1, KGAMMA1->val); - BIG_256_56_fromBytes(kgamma2, KGAMMA2->val); + BIG_256_56_fromBytesLen(kgamma1, KGAMMA1->val, KGAMMA1->len); + BIG_256_56_fromBytesLen(kgamma2, KGAMMA2->val, KGAMMA2->len); // kgamma = kgamma1 + kgamma2 mod q - BIG_256_56_add(kgamma, kgamma1, kgamma2); - BIG_256_56_mod(kgamma, q); + BIG_256_56_add(kgamma1, kgamma1, kgamma2); + BIG_256_56_mod(kgamma1, q); // invkgamma = kgamma^{-1} - BIG_256_56_invmodp(invkgamma, kgamma, q); + BIG_256_56_invmodp(kgamma1, kgamma1, q); // Output result INVKGAMMA->len = EGS_SECP256K1; - BIG_256_56_toBytes(INVKGAMMA->val, invkgamma); + BIG_256_56_toBytes(INVKGAMMA->val, kgamma1); } /* Calculate the r component of the signature */ -int MPC_R(octet *INVKGAMMA, octet *GAMMAPT1, octet *GAMMAPT2, octet *R) +int MPC_R(octet *INVKGAMMA, octet *GAMMAPT1, octet *GAMMAPT2, octet *R, octet *RP) { BIG_256_56 invkgamma; BIG_256_56 q; @@ -200,16 +198,16 @@ int MPC_R(octet *INVKGAMMA, octet *GAMMAPT1, octet *GAMMAPT2, octet *R) BIG_256_56_rcopy(q, CURVE_Order_SECP256K1); // Load values - BIG_256_56_fromBytes(invkgamma, INVKGAMMA->val); + BIG_256_56_fromBytesLen(invkgamma, INVKGAMMA->val, INVKGAMMA->len); if (!ECP_SECP256K1_fromOctet(&gammapt1, GAMMAPT1)) { - return 1; + return MPC_INVALID_ECP; } if (!ECP_SECP256K1_fromOctet(&gammapt2, GAMMAPT2)) { - return 1; + return MPC_INVALID_ECP; } // gammapt1 + gammapt2 @@ -223,14 +221,19 @@ int MPC_R(octet *INVKGAMMA, octet *GAMMAPT1, octet *GAMMAPT2, octet *R) BIG_256_56_mod(rx, q); if (BIG_256_56_iszilch(rx)) { - return 1; + return MPC_FAIL; } // Output result R->len = EGS_SECP256K1; BIG_256_56_toBytes(R->val, rx); - return 0; + if (RP != NULL) + { + ECP_SECP256K1_toOctet(RP, &gammapt1, true); + } + + return MPC_OK; } // Hash the message @@ -271,14 +274,14 @@ int MPC_S(octet *HM, octet *R, octet *K, octet *SIGMA, octet *S) BIG_256_56_mod(s, q); if (BIG_256_56_iszilch(s)) { - return 1; + return MPC_FAIL; } // Output result S->len = EGS_SECP256K1; BIG_256_56_toBytes(S->val, s); - return 0; + return MPC_OK; } /* Calculate sum of s components of signature */ @@ -314,12 +317,12 @@ int MPC_SUM_PK(octet *PK1, octet *PK2, octet *PK) // Load values if (!ECP_SECP256K1_fromOctet(&pk1, PK1)) { - return 1; + return MPC_INVALID_ECP; } if (!ECP_SECP256K1_fromOctet(&pk2, PK2)) { - return 1; + return MPC_INVALID_ECP; } // pk1 + pk2 @@ -328,7 +331,7 @@ int MPC_SUM_PK(octet *PK1, octet *PK2, octet *PK) // Output result ECP_SECP256K1_toOctet(PK, &pk1, true); - return 0; + return MPC_OK; } int MPC_PHASE5_commit(csprng *RNG, octet *R, octet *S, octet *PHI, octet *RHO, octet *V, octet *A) diff --git a/src/mta.c b/src/mta.c index c8fba17..19d6b55 100644 --- a/src/mta.c +++ b/src/mta.c @@ -274,27 +274,27 @@ void MPC_SUM_MTA(octet *A, octet *B, octet *ALPHA, octet *BETA, octet *SUM) BIG_256_56 q; // Curve order - BIG_256_56_rcopy(q,CURVE_Order_SECP256K1); + BIG_256_56_rcopy(q, CURVE_Order_SECP256K1); // Load values - BIG_256_56_fromBytes(a,A->val); - BIG_256_56_fromBytes(b,B->val); - BIG_256_56_fromBytes(alpha,ALPHA->val); - BIG_256_56_fromBytes(beta,BETA->val); + BIG_256_56_fromBytesLen(a, A->val, A->len); + BIG_256_56_fromBytesLen(b, B->val, B->len); + BIG_256_56_fromBytesLen(alpha, ALPHA->val, ALPHA->len); + BIG_256_56_fromBytesLen(beta, BETA->val, BETA->len); // sum = a.b mod q - BIG_256_56_modmul(sum,a,b,q); + BIG_256_56_modmul(sum, a, b, q); // sum = sum + alpha + beta - BIG_256_56_add(sum,sum,alpha); - BIG_256_56_add(sum,sum,beta); + BIG_256_56_add(sum, sum, alpha); + BIG_256_56_add(sum, sum, beta); // sum = sum mod q - BIG_256_56_mod(sum,q); + BIG_256_56_mod(sum, q); // Output result - SUM->len=EGS_SECP256K1; - BIG_256_56_toBytes(SUM->val,sum); + SUM->len = EGS_SECP256K1; + BIG_256_56_toBytes(SUM->val, sum); // Clean memory BIG_256_56_zero(a); diff --git a/test/smoke/test_ecdsa_smoke.c b/test/smoke/test_ecdsa_smoke.c index f1100a7..8e28c2c 100644 --- a/test/smoke/test_ecdsa_smoke.c +++ b/test/smoke/test_ecdsa_smoke.c @@ -305,7 +305,7 @@ int test(csprng *RNG) printf("\n"); // Calculate the R signature component - rc = MPC_R(&INVKGAMMA, &GAMMAPT1, &GAMMAPT2, &SIG_R); + rc = MPC_R(&INVKGAMMA, &GAMMAPT1, &GAMMAPT2, &SIG_R, NULL); if (rc) { fprintf(stderr, "FAILURE MPC_R rc: %d\n", rc); diff --git a/test/smoke/test_r_smoke.c b/test/smoke/test_r_smoke.c index 6103d41..44407ad 100644 --- a/test/smoke/test_r_smoke.c +++ b/test/smoke/test_r_smoke.c @@ -79,9 +79,13 @@ char* KGAMMA_hex = "40511eda0877bee4a457001dbbf2ee12466619027940d07db6d8e2adb3d7 char* INVKGAMMA_hex = "f9419b11580cdc098cbcbfd3ac06e70d2d4827447353f64bd97daa5667b34ef9"; -char* GAMMAPT1_hex = "03206b7c7ae7ecf8fe79ac581d8de90b9a12a27f79732268649fb0ae109faade73"; +char* GAMMAPT1_hex = "04206b7c7ae7ecf8fe79ac581d8de90b9a12a27f79732268649fb0ae109faade73385833cafe293b42e33097a79397c77c94a7d12a32304514a890a0c2d747a40d"; -char* GAMMAPT2_hex = "03fc86f69384e2b0cc3d563dc24ebb3a7ca0ac12dfa671e4cda4abdec35f33ed32"; +char* GAMMAPT2_hex = "04fc86f69384e2b0cc3d563dc24ebb3a7ca0ac12dfa671e4cda4abdec35f33ed326fdc2404c8e236d5bea82bcbe4aeeb7545c8b5d0a19a39e00bacf8a7143800a9"; + +char* SUMGAMMAPT_hex = "04b46da316359aead5e06c983407b199465bad193dc661334aafb1d7d94bafe721e671defdf3eedef2b6f298f7cdc673a740e88dbb313f2afdb294ee6527e325c1"; + +char* RPT_hex = "048adf50a4f51443cac2b4d488092ab49925da09e3feb57a1fc03b5b917ca6de9fdefc78277d8cb4865e3e4b17c2821017316d9b21e648e733a207aee22ec91b3c"; char* SIG_R_hex = "8adf50a4f51443cac2b4d488092ab49925da09e3feb57a1fc03b5b917ca6de9f"; @@ -203,10 +207,10 @@ int main() char invkgammagolden[EGS_SECP256K1]; octet INVKGAMMAGOLDEN = {0,sizeof(invkgammagolden),invkgammagolden}; - char gammapt1[EFS_SECP256K1+1]; + char gammapt1[2*EFS_SECP256K1+1]; octet GAMMAPT1 = {0,sizeof(gammapt1),gammapt1}; - char gammapt2[EFS_SECP256K1+1]; + char gammapt2[2*EFS_SECP256K1+1]; octet GAMMAPT2 = {0,sizeof(gammapt2),gammapt2}; char sig_rgolden[EGS_SECP256K1]; @@ -477,15 +481,13 @@ int main() } // Calculate the R signature component - rc = MPC_R(&INVKGAMMA, &GAMMAPT1, &GAMMAPT2, &SIG_R); + rc = MPC_R(&INVKGAMMA, &GAMMAPT1, &GAMMAPT2, &SIG_R, NULL); if (rc) { fprintf(stderr, "FAILURE MPC_R rc: %d\n", rc); exit(EXIT_FAILURE); } - printf("%d", rc); - printf("SIG_R: "); OCT_output(&SIG_R); printf("\n"); diff --git a/test/unit/test_r.c b/test/unit/test_r.c index 03129bf..3a1b54f 100644 --- a/test/unit/test_r.c +++ b/test/unit/test_r.c @@ -229,7 +229,7 @@ int main(int argc, char** argv) MPC_INVKGAMMA(&SUM1, &SUM2, &INVKGAMMA); // Calculate the R signature component - rc = MPC_R(&INVKGAMMA, &GAMMAPT1, &GAMMAPT2, &SIG_R); + rc = MPC_R(&INVKGAMMA, &GAMMAPT1, &GAMMAPT2, &SIG_R, NULL); sprintf(err_msg, "MPC_R rc: %d", rc); assert_tv(fp, testNo, err_msg, rc == 0);
