ckomlo
/
VerifiableSecretSharing


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182
							use curve25519_dalek::edwards::EdwardsPoint;
use curve25519_dalek::scalar::Scalar;
use curve25519_dalek::constants::ED25519_BASEPOINT_POINT;
use rand::rngs::ThreadRng;

pub type Secret = Scalar;

#[derive(Copy, Clone)]
pub struct Share {
    index: u32,
    value: Scalar,
}

pub struct Commitment {
    coms: Vec<EdwardsPoint>,
}

/// Create secret shares for a given secret.
pub fn generate_shares(secret: Secret, numshares: u32, threshold: u32) -> Result<(Commitment, Vec<Share>), &'static str> {
    if threshold < 1 { return Err("Threshold cannot be 0") }
    if numshares < 1 { return Err("Number of shares cannot be 0") }
    if threshold > numshares { return Err("Threshold cannot exceed numshares") }

    let numcoeffs = (threshold-1) as usize;

    let mut coeffs: Vec<Scalar> = Vec::with_capacity(numcoeffs);

    let mut rng: ThreadRng = rand::thread_rng();

    let mut shares: Vec<Share> = Vec::with_capacity(numshares as usize);

    let mut comm: Commitment = Commitment { coms: Vec::with_capacity(threshold as usize) };

    for _ in 0..numcoeffs {
        coeffs.push(Scalar::random(&mut rng));
    }

    for share_index in 1..numshares+1 {
        // Evaluate the polynomial with `secret` as the constant term
        // and `coeffs` as the other coefficients at the point x=share_index
        // using Horner's method
        let scalar_index = Scalar::from(share_index);
        let mut value = Scalar::zero();
        for i in (0..numcoeffs).rev() {
            value += coeffs[i];
            value *= scalar_index;
        }
        value += secret;
        shares.push(Share{ index: share_index, value: value });
    }

    comm.coms.push(ED25519_BASEPOINT_POINT * secret);
    for c in coeffs {
        comm.coms.push(ED25519_BASEPOINT_POINT * c);
    }

    Ok((comm, shares))
}

/// Verify that a share is consistent with a commitment.
pub fn verify_share(share: Share, commitment: Commitment) -> Result<bool, &'static str> {
    unimplemented!("Not yet implemented")
}

/// Reconstruct the secret from enough (at least the threshold) already-verified shares.
pub fn reconstruct_secret(shares: &Vec<Share>) -> Result<Secret, &'static str> {
    let numshares = shares.len();

    if numshares < 1 { return Err("No shares provided"); }

    let mut lagrange_coeffs: Vec<Scalar> = Vec::with_capacity(numshares);

    for i in 0..numshares {
        let mut num = Scalar::one();
        let mut den = Scalar::one();
        for j in 0..numshares {
            if j==i { continue; }
            num *= Scalar::from(shares[j].index);
            den *= (Scalar::from(shares[j].index) - Scalar::from(shares[i].index));
        }
        if den == Scalar::zero() {
            return Err("Duplicate shares provided");
        }
        lagrange_coeffs.push(num * den.invert());
    }

    let mut secret = Scalar::zero();

    for i in 0..numshares {
        secret += lagrange_coeffs[i] * shares[i].value;
    }

    return Ok(secret)
}

/// Create a proactive update.
pub fn create_update(numshares: u32, threshold: u32) -> Result<(Commitment, Vec<Share>), &'static str> {
    unimplemented!("Not yet implemented")
}

/// Apply the commitment for the update to the master commitment.
pub fn apply_commitment_update(oldcommitment: &Commitment, update: &Commitment) -> Result<Commitment, &'static str> {
    unimplemented!("Not yet implemented")
}

/// Apply the share update to an existing share
pub fn apply_share_update(oldshare: &Share, update: &Share) -> Result<Share, &'static str> {
    unimplemented!("Not yet implemented")
}

#[cfg(test)]
mod tests {
    use crate::vss::*;

    #[test]
    fn share_simple() {
        let s = Secret::from(42u32);

        let res = generate_shares(s, 5, 2);
        assert!(res.is_ok());
        let (com, shares) = res.unwrap();

        let mut recshares: Vec<Share> = Vec::new();
        recshares.push(shares[1]);
        recshares.push(shares[3]);
        let recres = reconstruct_secret(&recshares);
        assert!(recres.is_ok());
        assert_eq!(recres.unwrap(), s);
    }

    #[test]
    fn share_not_enough() {
        let s = Secret::from(42u32);

        let res = generate_shares(s, 5, 2);
        assert!(res.is_ok());
        let (com, shares) = res.unwrap();

        let mut recshares: Vec<Share> = Vec::new();
        recshares.push(shares[1]);
        let recres = reconstruct_secret(&recshares);
        assert!(recres.is_ok());
        assert_ne!(recres.unwrap(), s);
    }

    #[test]
    fn share_dup() {
        let s = Secret::from(42u32);

        let res = generate_shares(s, 5, 2);
        assert!(res.is_ok());
        let (com, shares) = res.unwrap();

        let mut recshares: Vec<Share> = Vec::new();
        recshares.push(shares[1]);
        recshares.push(shares[1]);
        let recres = reconstruct_secret(&recshares);
        assert!(recres.is_err());
        assert_eq!(recres.err(), Some("Duplicate shares provided"));
    }

    #[test]
    fn share_badparams() {
        let s = Secret::from(42u32);

        {
            let res = generate_shares(s, 5, 0);
            assert!(res.is_err());
            assert_eq!(res.err(), Some("Threshold cannot be 0"));
        }
        {
            let res = generate_shares(s, 0, 3);
            assert!(res.is_err());
            assert_eq!(res.err(), Some("Number of shares cannot be 0"));
        }
        {
            let res = generate_shares(s, 1, 3);
            assert!(res.is_err());
            assert_eq!(res.err(), Some("Threshold cannot exceed numshares"));
        }
    }
}