This is an automated email from the ASF dual-hosted git repository. sandreoli pushed a commit to branch update-model-no-replay in repository https://gitbox.apache.org/repos/asf/incubator-milagro-MPC.git
commit b0dc1191dbcaa22cd1662d2c0f188c6454187fb8 Author: Samuele Andreoli <[email protected]> AuthorDate: Fri Feb 7 11:53:06 2020 +0000 Extract phase 5 in model --- model/examples/run_mpc.py | 32 ++++++++++---------------------- model/sec256k1/mpc.py | 32 ++++++++++++++++++++++++++++++++ 2 files changed, 42 insertions(+), 22 deletions(-) diff --git a/model/examples/run_mpc.py b/model/examples/run_mpc.py index fc319d7..c1a01d0 100755 --- a/model/examples/run_mpc.py +++ b/model/examples/run_mpc.py @@ -238,44 +238,32 @@ if __name__ == "__main__": M, player["k"], r, player["sigma"]) ## Prove knowledge of the correct s_i + + # Commit to s and R for player in players: - phi = big.rand(curve.r) - rho = big.rand(curve.r) + phi, rho, V, A = mpc.phase5_commit(player["s"], R) player["phi"] = phi player["rho"] = rho - player["V"] = (player["s"] * R).add(phi * ecp.generator()) - player["A"] = rho * ecp.generator() + player["V"] = V + player["A"] = A # Broadcast V and A and combine them [separately for each player] Vs = [player["V"] for player in players] As = [player["A"] for player in players] - A = mpc.combine_ecp_shares(As) - V = mpc.combine_ecp_shares(Vs) - - # Remove (the supposed) R^s from the exponent of V [separately for each player] - m = mpc.hashit(M) - negm = big.modsub(curve.r, m, curve.r) - - negr = big.modsub(curve.r, r, curve.r) - - V.add(negm * ecp.generator()) - V.add(negr * PK) - # Produce proof for the agreed V and A for player in players: - player["U"] = player["rho"] * V - player["T"] = player["phi"] * A + U, T = mpc.phase5_prove(player["rho"], player["phi"], Vs, As, PK, M, r) + + player["U"] = U + player["T"] = T # Broadcast T and U and combine them to complete the proof [separately for each player] Us = [player["U"] for player in players] Ts = [player["T"] for player in players] - U = mpc.combine_ecp_shares(Us) - T = mpc.combine_ecp_shares(Ts) - - assert U == T, "inconsistency detected in signature shares" + assert mpc.phase5_verify(Us, Ts), "inconsistency detected in signature shares" ## Broadcast shares and reconstruct s [separately for each player] shares = [player["s"] for player in players] diff --git a/model/sec256k1/mpc.py b/model/sec256k1/mpc.py index e319aee..6dcef21 100644 --- a/model/sec256k1/mpc.py +++ b/model/sec256k1/mpc.py @@ -78,3 +78,35 @@ def reconciliate_r(deltas, Gammas): def make_signature_share(M, k, r, s): m = hashit(M) return (k * m + r * s) % curve.r + +def phase5_commit(s, R, phi=None, rho=None): + if phi is None: + phi = big.rand(curve.r) + + if rho is None: + rho = big.rand(curve.r) + + V = ecp.generator().mul(phi, R, s) + A = rho * ecp.generator() + + return phi, rho, V, A + +def phase5_prove(rho, phi, Vs, As, PK, M, r): + A = combine_ecp_shares(As) + V = combine_ecp_shares(Vs) + + # Remove R^s from the recombined V + m = hashit(M) + nm = big.modsub(curve.r, m, curve.r) + nr = big.modsub(curve.r, r, curve.r) + + G = ecp.generator().mul(nm, PK, nr) + V.add(G) + + return rho * V, phi * A + +def phase5_verify(Us, Ts): + U = combine_ecp_shares(Us) + T = combine_ecp_shares(Ts) + + return U == T
