|
|
@@ -1,4 +1,5 @@
|
|
|
use curve25519_dalek::edwards::EdwardsPoint;
|
|
|
+use curve25519_dalek::traits::Identity;
|
|
|
use curve25519_dalek::scalar::Scalar;
|
|
|
use curve25519_dalek::constants::ED25519_BASEPOINT_POINT;
|
|
|
use rand::rngs::ThreadRng;
|
|
|
@@ -61,19 +62,12 @@ pub fn generate_shares(secret: Secret, numshares: u32, threshold: u32) -> Result
|
|
|
pub fn verify_share(share: Share, commitment: &Commitment) -> Result<bool, &'static str> {
|
|
|
let f_result = ED25519_BASEPOINT_POINT * share.value;
|
|
|
|
|
|
- // always calculate at least the first share
|
|
|
- let mut result = commitment.coms[0];
|
|
|
+ let x = Scalar::from(share.index);
|
|
|
|
|
|
- for i in 1..share.index+1 {
|
|
|
- // check in case of the last share
|
|
|
- if (i as usize) >= commitment.coms.len() {
|
|
|
- break;
|
|
|
- }
|
|
|
-
|
|
|
- let next_comm = commitment.coms[i as usize];
|
|
|
- let x_raised_to_threshold = share.index.pow(i as u32);
|
|
|
- result += next_comm * Scalar::from(x_raised_to_threshold);
|
|
|
- }
|
|
|
+ let (_, result) = commitment.coms.iter().fold(
|
|
|
+ (Scalar::one(), EdwardsPoint::identity()),
|
|
|
+ |(x_to_the_i, sum_so_far), comm_i|
|
|
|
+ (x_to_the_i * x, sum_so_far + x_to_the_i * comm_i));
|
|
|
|
|
|
let is_valid = f_result == result;
|
|
|
Ok(is_valid)
|
