use HashMap instead of Vec/array for polynomials since we no longer r…

…equire full DKG participation; remove 0 based party and key IDs since the scalars are 1 based; start fixing tests
Trust-Machines · Jan 16, 2024 · 69d6372 · 69d6372
1 parent 5753cdd
commit 69d6372
Show file tree

Hide file tree

Showing 12 changed files with 155 additions and 91 deletions.
diff --git a/src/common.rs b/src/common.rs
@@ -171,7 +171,7 @@ pub mod test_helpers {
 /// These evaluations take the form of s * G == \Sum{k=0}{T+1}(a_k * x^k) where the a vals are the coeffs of the polys
 /// There is 1 share per poly, N polys, and each poly is degree T-1 (so T coeffs)
 /// First we evaluate each poly, then we subtract each s * G
-pub struct CheckPrivateShares<'a> {
+pub struct CheckPrivateShares {
     /// number of keys
     n: u32,
     /// threshold, where the degree of each poly is (t-1)
@@ -181,16 +181,25 @@ pub struct CheckPrivateShares<'a> {
     /// Negated DKG private shares for the receiving key ID, indexed by sending key ID
     pub neg_shares: HashMap<u32, Scalar>,
     /// Polynomial commitments for each key ID
-    polys: &'a [PolyCommitment],
+    polys: HashMap<u32, PolyCommitment>,
 }
 
-impl<'a> CheckPrivateShares<'a> {
+impl CheckPrivateShares {
     /// Construct a new CheckPrivateShares object
-    pub fn new(id: Scalar, shares: &HashMap<u32, Scalar>, polys: &'a [PolyCommitment]) -> Self {
+    pub fn new(
+        id: Scalar,
+        shares: &HashMap<u32, Scalar>,
+        polys: HashMap<u32, PolyCommitment>,
+    ) -> Self {
+        let mut l: usize = 0;
+        for (_id, comm) in &polys {
+            l = comm.poly.len();
+            break;
+        }
         let n: u32 = shares.len().try_into().unwrap();
-        let t: u32 = polys[0].poly.len().try_into().unwrap();
+        let t: u32 = l.try_into().unwrap();
         let x = id;
-        let mut powers = Vec::with_capacity(polys[0].poly.len());
+        let mut powers = Vec::with_capacity(l);
         let mut pow = Scalar::one();
 
         for _ in 0..t {
@@ -213,27 +222,29 @@ impl<'a> CheckPrivateShares<'a> {
     }
 }
 
-impl<'a> MultiMult for CheckPrivateShares<'a> {
+impl MultiMult for CheckPrivateShares {
     /// The first n*t scalars will be powers, the last n will be the negation of shares
     fn get_scalar(&self, i: usize) -> &Scalar {
+        println!("get_scalar({})", i);
         let h: u32 = i.try_into().unwrap();
         let u: usize = self.t.try_into().unwrap();
         if h < self.n * self.t {
             &self.powers[i % u]
         } else {
-            &self.neg_shares[&(h - (self.t * self.n))]
+            &self.neg_shares[&(h - (self.t * self.n) + 1)]
         }
     }
 
     /// The first n*t points will be poly coeffs, the last n will be G
     fn get_point(&self, i: usize) -> &Point {
+        println!("get_point({})", i);
         let h: u32 = i.try_into().unwrap();
         let u: usize = self.t.try_into().unwrap();
         if h < self.n * self.t {
             let j = i / u;
             let k = i % u;
 
-            &self.polys[j].poly[k]
+            &self.polys[&((j + 1) as u32)].poly[k]
         } else {
             &G
         }

diff --git a/src/compute.rs b/src/compute.rs
@@ -114,7 +114,7 @@ pub fn aggregate_nonce(
 
 /// Compute a one-based Scalar from a zero-based integer
 pub fn id(i: u32) -> Scalar {
-    Scalar::from(i + 1)
+    Scalar::from(i)
 }
 
 /// Evaluate the public polynomial `f` at scalar `x` using multi-exponentiation

diff --git a/src/main.rs b/src/main.rs
@@ -37,12 +37,12 @@ fn main() {
             .collect();
 
         let dkg_start = time::Instant::now();
-        let A = v1::test_helpers::dkg(&mut signers, &mut rng).expect("v1 dkg failed");
+        let polys = v1::test_helpers::dkg(&mut signers, &mut rng).expect("v1 dkg failed");
         let dkg_time = dkg_start.elapsed();
         let mut signers = signers[..(K * 3 / 4).try_into().unwrap()].to_vec();
 
         let mut aggregator = v1::Aggregator::new(N, T);
-        aggregator.init(A).expect("aggregator init failed");
+        aggregator.init(&polys).expect("aggregator init failed");
 
         let party_sign_start = time::Instant::now();
         let (nonces, sig_shares) = v1::test_helpers::sign(msg, &mut signers, &mut rng);
@@ -73,12 +73,12 @@ fn main() {
             .collect();
 
         let dkg_start = time::Instant::now();
-        let A = v2::test_helpers::dkg(&mut signers, &mut rng).expect("v2 dkg failed");
+        let polys = v2::test_helpers::dkg(&mut signers, &mut rng).expect("v2 dkg failed");
         let dkg_time = dkg_start.elapsed();
         let mut signers = signers[..(K * 3 / 4).try_into().unwrap()].to_vec();
 
         let mut aggregator = v2::Aggregator::new(N, T);
-        aggregator.init(A).expect("aggregator init failed");
+        aggregator.init(&polys).expect("aggregator init failed");
 
         let party_sign_start = time::Instant::now();
         let (nonces, sig_shares, key_ids) = v2::test_helpers::sign(msg, &mut signers, &mut rng);

diff --git a/src/net.rs b/src/net.rs
@@ -121,6 +121,8 @@ impl Signable for DkgPublicShares {
 pub struct DkgPrivateBegin {
     /// DKG round ID
     pub dkg_id: u64,
+    /// Signer IDs who responded in time for this DKG round
+    pub signer_ids: Vec<u32>,
     /// Key IDs who responded in time for this DKG round
     pub key_ids: Vec<u32>,
 }
@@ -132,6 +134,9 @@ impl Signable for DkgPrivateBegin {
         for key_id in &self.key_ids {
             hasher.update(key_id.to_be_bytes());
         }
+        for signer_id in &self.signer_ids {
+            hasher.update(signer_id.to_be_bytes());
+        }
     }
 }
 
@@ -167,6 +172,8 @@ impl Signable for DkgPrivateShares {
 pub struct DkgEndBegin {
     /// DKG round ID
     pub dkg_id: u64,
+    /// Signer IDs who responded in time for this DKG round
+    pub signer_ids: Vec<u32>,
     /// Key IDs who responded in time for this DKG round
     pub key_ids: Vec<u32>,
 }
@@ -178,6 +185,9 @@ impl Signable for DkgEndBegin {
         for key_id in &self.key_ids {
             hasher.update(key_id.to_be_bytes());
         }
+        for signer_id in &self.signer_ids {
+            hasher.update(signer_id.to_be_bytes());
+        }
     }
 }
 
@@ -510,6 +520,7 @@ mod test {
         let dkg_private_begin = DkgPrivateBegin {
             dkg_id: 0,
             key_ids: Default::default(),
+            signer_ids: Default::default(),
         };
         let msg = Message::DkgBegin(dkg_begin.clone());
         let coordinator_packet_dkg_begin = Packet {

diff --git a/src/state_machine/coordinator/fire.rs b/src/state_machine/coordinator/fire.rs
@@ -1,4 +1,4 @@
-use hashbrown::HashSet;
+use hashbrown::{HashMap, HashSet};
 use std::{collections::BTreeMap, time::Instant};
 use tracing::{debug, error, info, warn};
 
@@ -32,7 +32,7 @@ pub struct Coordinator<Aggregator: AggregatorTrait> {
     dkg_public_shares: BTreeMap<u32, DkgPublicShares>,
     dkg_private_shares: BTreeMap<u32, DkgPrivateShares>,
     dkg_end_messages: BTreeMap<u32, DkgEnd>,
-    party_polynomials: BTreeMap<u32, PolyCommitment>,
+    party_polynomials: HashMap<u32, PolyCommitment>,
     public_nonces: BTreeMap<u32, NonceResponse>,
     signature_shares: BTreeMap<u32, Vec<SignatureShare>>,
     /// aggregate public key
@@ -353,6 +353,7 @@ impl<Aggregator: AggregatorTrait> Coordinator<Aggregator> {
         let dkg_begin = DkgPrivateBegin {
             dkg_id: self.current_dkg_id,
             key_ids: active_key_ids,
+            signer_ids: self.dkg_public_shares.keys().cloned().collect(),
         };
         let dkg_private_begin_msg = Packet {
             sig: dkg_begin
@@ -378,14 +379,15 @@ impl<Aggregator: AggregatorTrait> Coordinator<Aggregator> {
             self.current_dkg_id
         );
         let active_key_ids = self
-            .dkg_public_shares
+            .dkg_private_shares
             .keys()
             .flat_map(|signer_id| self.config.signer_key_ids[signer_id].clone())
             .collect::<Vec<u32>>();
 
         let dkg_end_begin = DkgEndBegin {
             dkg_id: self.current_dkg_id,
             key_ids: active_key_ids,
+            signer_ids: self.dkg_private_shares.keys().cloned().collect(),
         };
         let dkg_end_begin_msg = Packet {
             sig: dkg_end_begin
@@ -695,8 +697,6 @@ impl<Aggregator: AggregatorTrait> Coordinator<Aggregator> {
         }
         if self.sign_wait_signer_ids.is_empty() {
             // Calculate the aggregate signature
-            let polys: Vec<PolyCommitment> = self.party_polynomials.values().cloned().collect();
-
             let nonce_responses = self
                 .public_nonces
                 .values()
@@ -726,7 +726,7 @@ impl<Aggregator: AggregatorTrait> Coordinator<Aggregator> {
                 shares.len()
             );
 
-            self.aggregator.init(polys)?;
+            self.aggregator.init(&self.party_polynomials)?;
 
             if is_taproot {
                 let schnorr_proof = self.aggregator.sign_taproot(
@@ -1052,7 +1052,7 @@ pub mod test {
 
         let message = coordinator.start_private_shares().unwrap();
         assert!(matches!(message.msg, Message::DkgPrivateBegin(_)));
-        assert_eq!(coordinator.get_state(), State::DkgEndGather);
+        assert_eq!(coordinator.get_state(), State::DkgPrivateGather);
         assert_eq!(coordinator.current_dkg_id, 0);
     }
 

diff --git a/src/state_machine/coordinator/frost.rs b/src/state_machine/coordinator/frost.rs
@@ -1,4 +1,4 @@
-use hashbrown::HashSet;
+use hashbrown::{HashMap, HashSet};
 use std::collections::BTreeMap;
 use tracing::{debug, info};
 
@@ -31,7 +31,7 @@ pub struct Coordinator<Aggregator: AggregatorTrait> {
     current_sign_iter_id: u64,
     dkg_public_shares: BTreeMap<u32, DkgPublicShares>,
     dkg_private_shares: BTreeMap<u32, DkgPrivateShares>,
-    party_polynomials: BTreeMap<u32, PolyCommitment>,
+    party_polynomials: HashMap<u32, PolyCommitment>,
     public_nonces: BTreeMap<u32, NonceResponse>,
     signature_shares: BTreeMap<u32, Vec<SignatureShare>>,
     /// aggregate public key
@@ -204,6 +204,7 @@ impl<Aggregator: AggregatorTrait> Coordinator<Aggregator> {
         let dkg_begin = DkgPrivateBegin {
             dkg_id: self.current_dkg_id,
             key_ids: (0..self.config.num_keys).collect(),
+            signer_ids: (0..self.config.num_signers).collect(),
         };
         let dkg_private_begin_msg = Packet {
             sig: dkg_begin.sign(&self.config.message_private_key).expect(""),
@@ -223,6 +224,7 @@ impl<Aggregator: AggregatorTrait> Coordinator<Aggregator> {
         let dkg_begin = DkgEndBegin {
             dkg_id: self.current_dkg_id,
             key_ids: (0..self.config.num_keys).collect(),
+            signer_ids: (0..self.config.num_signers).collect(),
         };
         let dkg_end_begin_msg = Packet {
             sig: dkg_begin.sign(&self.config.message_private_key).expect(""),
@@ -453,8 +455,6 @@ impl<Aggregator: AggregatorTrait> Coordinator<Aggregator> {
         }
         if self.ids_to_await.is_empty() {
             // Calculate the aggregate signature
-            let polys: Vec<PolyCommitment> = self.party_polynomials.values().cloned().collect();
-
             let nonce_responses = (0..self.config.num_signers)
                 .map(|i| self.public_nonces[&i].clone())
                 .collect::<Vec<NonceResponse>>();
@@ -482,7 +482,7 @@ impl<Aggregator: AggregatorTrait> Coordinator<Aggregator> {
                 shares.len()
             );
 
-            self.aggregator.init(polys)?;
+            self.aggregator.init(&self.party_polynomials)?;
 
             if is_taproot {
                 let schnorr_proof = self.aggregator.sign_taproot(
@@ -764,7 +764,7 @@ pub mod test {
 
         let message = coordinator.start_private_shares().unwrap();
         assert!(matches!(message.msg, Message::DkgPrivateBegin(_)));
-        assert_eq!(coordinator.get_state(), State::DkgEndGather);
+        assert_eq!(coordinator.get_state(), State::DkgPrivateGather);
         assert_eq!(coordinator.current_dkg_id, 0);
     }
 

diff --git a/src/state_machine/coordinator/mod.rs b/src/state_machine/coordinator/mod.rs
@@ -485,10 +485,9 @@ pub mod test {
             feedback_messages(&mut coordinators, &mut signers, &[message]);
         assert!(operation_results.is_empty());
         for coordinator in coordinators.iter() {
-            assert_eq!(coordinator.get_state(), State::DkgEndGather);
+            assert_eq!(coordinator.get_state(), State::DkgPrivateGather);
         }
 
-        // Successfully got an Aggregate Public Key...
         assert_eq!(outbound_messages.len(), 1);
         match &outbound_messages[0].msg {
             Message::DkgPrivateBegin(_) => {}
@@ -499,7 +498,13 @@ pub mod test {
         // Send the DKG Private Begin message to all signers and share their responses with the coordinator and signers
         let (outbound_messages, operation_results) =
             feedback_messages(&mut coordinators, &mut signers, &outbound_messages);
-        assert!(outbound_messages.is_empty());
+        assert_eq!(outbound_messages.len(), 1);
+        match &outbound_messages[0].msg {
+            Message::DkgEndBegin(_) => {}
+            _ => {
+                panic!("Expected DkgEndBegin message");
+            }
+        }
         assert_eq!(operation_results.len(), 1);
         match operation_results[0] {
             OperationResult::Dkg(point) => {