Ian Goldberg il y a 10 mois
Parent
commit
a4f00a2061
3 fichiers modifiés avec 44 ajouts et 39 suppressions
  1. 24 14
      src/arctic.rs
  2. 12 3
      src/bin/arctic.rs
  3. 8 22
      src/shine.rs

+ 24 - 14
src/arctic.rs

@@ -45,16 +45,13 @@ pub fn keygen(n: u32, t: u32) -> (PubKey, Vec<PubKey>, Vec<SecKey>) {
     // The signature key shares
     let shamirpoly = ScalarPoly::rand((t as usize) - 1);
     let group_pubkey = shine::commit(&shamirpoly.coeffs[0]);
-    let signkeys : Vec<Scalar> = (1..=n)
-        .map(|k| shamirpoly.eval(&Scalar::from(k)))
-        .collect();
-    let player_pubkeys : Vec<PubKey> = signkeys
-        .iter().map(shine::commit).collect();
+    let signkeys: Vec<Scalar> = (1..=n).map(|k| shamirpoly.eval(&Scalar::from(k))).collect();
+    let player_pubkeys: Vec<PubKey> = signkeys.iter().map(shine::commit).collect();
     for k in 1..=n {
         seckeys.push(SecKey {
             t,
             k,
-            sk: signkeys[(k-1) as usize],
+            sk: signkeys[(k - 1) as usize],
             shine_key: shine::PreprocKey::preproc(&shinekeys[(k as usize) - 1]),
             pk: group_pubkey,
         });
@@ -128,9 +125,11 @@ pub fn sign2_polys(
     let (my_eval, my_commit) = sk.shine_key.gen(&y);
     assert!(r1_outputs[kindex].1 == my_commit);
 
-    let commitments : Vec<RistrettoPoint> =
-        r1_outputs.iter().map(|(_,commitment)| *commitment).collect();
-    if ! shine::verify_polys(sk.t, lag_polys, &commitments) {
+    let commitments: Vec<RistrettoPoint> = r1_outputs
+        .iter()
+        .map(|(_, commitment)| *commitment)
+        .collect();
+    if !shine::verify_polys(sk.t, lag_polys, &commitments) {
         return None;
     }
     let combcomm = shine::agg_polys(sk.t, lag_polys, &commitments);
@@ -164,8 +163,10 @@ pub fn combine_polys(
     assert!(coalition.len() == sigshares.len());
     assert!(coalition.len() >= 2 * (t as usize) - 1);
 
-    let commitments : Vec<RistrettoPoint> =
-        r1_outputs.iter().map(|(_,commitment)| *commitment).collect();
+    let commitments: Vec<RistrettoPoint> = r1_outputs
+        .iter()
+        .map(|(_, commitment)| *commitment)
+        .collect();
     let combcomm = shine::agg_polys(t, lag_polys, &commitments);
     let c = hash3(&combcomm, pk, msg);
 
@@ -270,7 +271,10 @@ pub fn test_arctic_bad2() {
 
     // Player 2 should return None because the commitments are
     // inconsistent
-    assert_eq!(sign2(&pubkey, &seckeys[1], &coalition, msg, &r1_outputs), None);
+    assert_eq!(
+        sign2(&pubkey, &seckeys[1], &coalition, msg, &r1_outputs),
+        None
+    );
 }
 
 #[test]
@@ -294,7 +298,10 @@ pub fn test_arctic_bad3() {
 
     // Player 2 should return None because the y values are
     // inconsistent
-    assert_eq!(sign2(&pubkey, &seckeys[1], &coalition, msg, &r1_outputs), None);
+    assert_eq!(
+        sign2(&pubkey, &seckeys[1], &coalition, msg, &r1_outputs),
+        None
+    );
 }
 
 #[test]
@@ -318,7 +325,10 @@ pub fn test_arctic_bad4() {
 
     // Player 2 should return None because the y values are
     // inconsistent
-    assert_eq!(sign2(&pubkey, &seckeys[1], &coalition, msg2, &r1_outputs), None);
+    assert_eq!(
+        sign2(&pubkey, &seckeys[1], &coalition, msg2, &r1_outputs),
+        None
+    );
 }
 
 #[test]

+ 12 - 3
src/bin/arctic.rs

@@ -79,7 +79,8 @@ fn main() {
             .map(|key| {
                 let sign2start = Instant::now();
                 let sigshare =
-                    arctic::sign2_polys(&pubkey, key, &coalition, &polys, &msg, &r1_outputs).unwrap();
+                    arctic::sign2_polys(&pubkey, key, &coalition, &polys, &msg, &r1_outputs)
+                        .unwrap();
                 let sign2dur = sign2start.elapsed().as_micros() as f64;
                 (sigshare, sign2dur)
             })
@@ -87,8 +88,16 @@ fn main() {
         sign2_timings.extend(sign2_iter_timings);
 
         let combinestart = Instant::now();
-        let sig = arctic::combine_polys(&pubkey, t, &coalition, &polys, &msg, &r1_outputs, &sigshares)
-            .unwrap();
+        let sig = arctic::combine_polys(
+            &pubkey,
+            t,
+            &coalition,
+            &polys,
+            &msg,
+            &r1_outputs,
+            &sigshares,
+        )
+        .unwrap();
         let combinedur = combinestart.elapsed().as_micros() as f64;
         combine_timings.push(combinedur);
 

+ 8 - 22
src/shine.rs

@@ -67,9 +67,7 @@ impl Key {
             let mut vnext = v[0];
             for i in 1..=n {
                 if i < vnext {
-                    res[(i - 1) as usize]
-                        .secrets
-                        .push((v.clone(), phi));
+                    res[(i - 1) as usize].secrets.push((v.clone(), phi));
                 } else {
                     vnextind += 1;
                     vnext = if vnextind < ((t - 1) as usize) {
@@ -133,7 +131,8 @@ impl PreprocKey {
     }
 
     pub fn gen(&self, w: &[u8]) -> (Scalar, RistrettoPoint) {
-        let d = self.secrets
+        let d = self
+            .secrets
             .iter()
             .map(|&(phi, lagrange)| hash1(&phi, w) * lagrange)
             .sum();
@@ -153,11 +152,7 @@ pub fn commit(evaluation: &Scalar) -> RistrettoPoint {
 // precomputed Lagrange polynomials.  Return false if the commitments
 // are not consistent with the given t, or true if they are. You must
 // pass at least 2t-1 commitments, and the same number of lag_polys.
-pub fn verify_polys(
-    t: u32,
-    lag_polys: &[ScalarPoly],
-    commitments: &[RistrettoPoint],
-) -> bool {
+pub fn verify_polys(t: u32, lag_polys: &[ScalarPoly], commitments: &[RistrettoPoint]) -> bool {
     // Check if the commitments are consistent: when interpolating the
     // polys in the exponent, the low t coefficients can be non-0 but
     // the ones above that must be 0
@@ -190,11 +185,7 @@ pub fn verify_polys(
 // Return false if the commitments are not consistent with the given t,
 // or true if they are. You must pass at least 2t-1 commitments, and the
 // same number of lag_polys.
-pub fn verify(
-    t: u32,
-    coalition: &[u32],
-    commitments: &[RistrettoPoint],
-) -> bool {
+pub fn verify(t: u32, coalition: &[u32], commitments: &[RistrettoPoint]) -> bool {
     let polys = lagrange_polys(coalition);
     verify_polys(t, &polys, commitments)
 }
@@ -226,11 +217,7 @@ pub fn agg_polys(
 
 // Combine already-verified commitments. You must pass at least 2t-1
 // commitments, and the same number of lag_polys.
-pub fn agg(
-    t: u32,
-    coalition: &[u32],
-    commitments: &[RistrettoPoint],
-) -> RistrettoPoint {
+pub fn agg(t: u32, coalition: &[u32], commitments: &[RistrettoPoint]) -> RistrettoPoint {
     let polys = lagrange_polys(coalition);
     agg_polys(t, &polys, commitments)
 }
@@ -255,7 +242,7 @@ pub fn combinecomm_polys(
     // polys in the exponent, the low t coefficients can be non-0 but
     // the ones above that must be 0
 
-    if ! verify_polys(t, lag_polys, commitments) {
+    if !verify_polys(t, lag_polys, commitments) {
         return None;
     }
 
@@ -312,8 +299,7 @@ pub fn test_combinecomm() {
     let mut rng = rand::thread_rng();
     let mut w = [0u8; 32];
     rng.fill_bytes(&mut w);
-    let commitments: Vec<RistrettoPoint> =
-        ppkeys.iter().map(|k| k.gen(&w).1).collect();
+    let commitments: Vec<RistrettoPoint> = ppkeys.iter().map(|k| k.gen(&w).1).collect();
 
     let comm1 = combinecomm(3, &vec![1, 2, 3, 4, 5], &commitments[0..=4]);
     let comm2 = combinecomm(3, &vec![3, 4, 5, 6, 7], &commitments[2..=6]);