ckomlo
/
VerifiableSecretSharing


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108
							use curve25519_dalek::edwards::EdwardsPoint;
use curve25519_dalek::scalar::Scalar;
use curve25519_dalek::constants::ED25519_BASEPOINT_POINT;
use rand::rngs::ThreadRng;

pub type Secret = Scalar;

pub struct Share {
    index: u32,
    value: Scalar,
}

pub struct Commitment {
    coms: Vec<EdwardsPoint>,
}

/// Create secret shares for a given secret.
pub fn generate_shares(secret: Secret, numshares: u32, threshold: u32) -> Result<(Commitment, Vec<Share>), &'static str> {
    if threshold < 1 { return Err("Threshold cannot be 0") }
    if numshares < 1 { return Err("Number of shares cannot be 0") }
    if threshold > numshares { return Err("Threshold cannot exceed numshares") }

    let numcoeffs = (threshold-1) as usize;

    let mut coeffs: Vec<Scalar> = Vec::with_capacity(numcoeffs);

    let mut rng: ThreadRng = rand::thread_rng();

    let mut shares: Vec<Share> = Vec::with_capacity(numshares as usize);

    let mut comm: Commitment = Commitment { coms: Vec::with_capacity(threshold as usize) };

    for _ in 1..numcoeffs {
        coeffs.push(Scalar::random(&mut rng));
    }

    for share_index in 1..numshares {
        // Evaluate the polynomial with `secret` as the constant term
        // and `coeffs` as the other coefficients at the point x=share_index
        // using Horner's method
        let scalar_index = Scalar::from(share_index);
        let mut value = Scalar::zero();
        for i in (0..numcoeffs-1).rev() {
            value += coeffs[i];
            value *= scalar_index;
        }
        value += secret;
        shares.push(Share{ index: share_index, value: value });
    }

    comm.coms.push(ED25519_BASEPOINT_POINT * secret);
    for c in coeffs {
        comm.coms.push(ED25519_BASEPOINT_POINT * c);
    }

    Ok((comm, shares))
}

/// Verify that a share is consistent with a commitment.
pub fn verify_share(share: Share, commitment: Commitment) -> Result<bool, &'static str> {
    unimplemented!("Not yet implemented")
}

/// Reconstruct the secret from enough (at least the threshold) already-verified shares.
pub fn reconstruct_secret(shares: &Vec<Share>) -> Result<Secret, &'static str> {
    let numshares = shares.len();

    if numshares < 1 { return Err("No shares provided"); }

    let mut lagrange_coeffs: Vec<Scalar> = Vec::with_capacity(numshares);

    for i in 0..numshares-1 {
        let mut num = Scalar::one();
        let mut den = Scalar::one();
        for j in 0..numshares-1 {
            if j==i { continue; }
            num *= Scalar::from(shares[j].index);
            den *= Scalar::from(shares[j].index - shares[i].index);
        }
        if den == Scalar::zero() {
            return Err("Duplicate shares provided");
        }
        lagrange_coeffs.push(num * den.invert());
    }

    let mut secret = Scalar::zero();

    for i in 0..numshares-1 {
        secret += lagrange_coeffs[i] * shares[i].value;
    }

    return Ok(secret)
}

/// Create a proactive update.
pub fn create_update(numshares: u32, threshold: u32) -> Result<(Commitment, Vec<Share>), &'static str> {
    unimplemented!("Not yet implemented")
}

/// Apply the commitment for the update to the master commitment.
pub fn apply_commitment_update(oldcommitment: &Commitment, update: &Commitment) -> Result<Commitment, &'static str> {
    unimplemented!("Not yet implemented")
}

/// Apply the share update to an existing share
pub fn apply_share_update(oldshare: &Share, update: &Share) -> Result<Share, &'static str> {
    unimplemented!("Not yet implemented")
}