Skip to content

Commit

Permalink
Merge branch 'dedis:master' into master
Browse files Browse the repository at this point in the history
  • Loading branch information
Tingo authored Dec 23, 2023
2 parents e4c10b3 + 5fad44c commit 28f33ba
Show file tree
Hide file tree
Showing 9 changed files with 82 additions and 49 deletions.
4 changes: 2 additions & 2 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,8 @@ require (
github.com/stretchr/testify v1.3.0
go.dedis.ch/fixbuf v1.0.3
go.dedis.ch/protobuf v1.0.11
golang.org/x/crypto v0.0.0-20190123085648-057139ce5d2b
golang.org/x/sys v0.0.0-20190124100055-b90733256f2e
golang.org/x/crypto v0.1.0
golang.org/x/sys v0.1.0
)

go 1.13
32 changes: 30 additions & 2 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZN
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/testify v1.3.0 h1:TivCn/peBQ7UY8ooIcPgZFpTNSz0Q2U6UrFlUfqbe0Q=
github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
go.dedis.ch/fixbuf v1.0.3 h1:hGcV9Cd/znUxlusJ64eAlExS+5cJDIyTyEG+otu5wQs=
go.dedis.ch/fixbuf v1.0.3/go.mod h1:yzJMt34Wa5xD37V5RTdmp38cz3QhMagdGoem9anUalw=
go.dedis.ch/kyber/v3 v3.0.4/go.mod h1:OzvaEnPvKlyrWyp3kGXlFdp7ap1VC6RkZDTaPikqhsQ=
Expand All @@ -13,7 +14,34 @@ go.dedis.ch/protobuf v1.0.5/go.mod h1:eIV4wicvi6JK0q/QnfIEGeSFNG0ZeB24kzut5+HaRL
go.dedis.ch/protobuf v1.0.7/go.mod h1:pv5ysfkDX/EawiPqcW3ikOxsL5t+BqnV6xHSmE79KI4=
go.dedis.ch/protobuf v1.0.11 h1:FTYVIEzY/bfl37lu3pR4lIj+F9Vp1jE8oh91VmxKgLo=
go.dedis.ch/protobuf v1.0.11/go.mod h1:97QR256dnkimeNdfmURz0wAMNVbd1VmLXhG1CrTYrJ4=
golang.org/x/crypto v0.0.0-20190123085648-057139ce5d2b h1:Elez2XeF2p9uyVj0yEUDqQ56NFcDtcBNkYP7yv8YbUE=
golang.org/x/crypto v0.0.0-20190123085648-057139ce5d2b/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
golang.org/x/sys v0.0.0-20190124100055-b90733256f2e h1:3GIlrlVLfkoipSReOMNAgApI0ajnalyLa/EZHHca/XI=
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
golang.org/x/crypto v0.1.0 h1:MDRAIl0xIo9Io2xV565hzXHw3zVseKrJKodhohM5CjU=
golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw=
golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sys v0.0.0-20190124100055-b90733256f2e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.1.0 h1:kunALQeHf1/185U1i0GOB/fy1IPRDDpuoOOqRReG57U=
golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
5 changes: 4 additions & 1 deletion share/dkg/pedersen/dkg.go
Original file line number Diff line number Diff line change
Expand Up @@ -341,7 +341,10 @@ func (d *DistKeyGenerator) ProcessDeal(dd *Deal) (*Response, error) {
return nil, err
}

ver, _ := d.verifiers[dd.Index]
ver, ok := d.verifiers[dd.Index]
if !ok {
return nil, fmt.Errorf("missing verifiers")
}

resp, err := ver.ProcessEncryptedDeal(dd.Deal)
if err != nil {
Expand Down
11 changes: 4 additions & 7 deletions share/dkg/pedersen/dkg_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -202,6 +202,7 @@ func TestDKGProcessResponse(t *testing.T) {
require.Nil(t, err)

resp12, err := rec.ProcessDeal(deals2[idxRec])
require.NoError(t, err)
require.NotNil(t, resp)
require.Equal(t, vss.StatusComplaint, resp12.Response.Status)
require.Equal(t, deals2[idxRec].Index, uint32(dkg2.nidx))
Expand Down Expand Up @@ -801,7 +802,7 @@ func TestDKGResharingNewNodesThreshold(t *testing.T) {
require.Equal(t, newDkgs[i].nidx, i)
}

//alive := oldT - 1
// alive := oldT - 1
alive := oldT
oldSelected := make([]*DistKeyGenerator, 0, alive)
selected := make(map[string]bool)
Expand Down Expand Up @@ -1134,12 +1135,8 @@ func TestDKGResharingPartialNewNodes(t *testing.T) {

newPrivs := make([]kyber.Scalar, 0, newN)
newPubs := make([]kyber.Point, 0, newN)
for _, priv := range oldPrivs[1:] {
newPrivs = append(newPrivs, priv)
}
for _, pub := range oldPubs[1:] {
newPubs = append(newPubs, pub)
}
newPrivs = append(newPrivs, oldPrivs[1:]...)
newPubs = append(newPubs, oldPubs[1:]...)
// add two new nodes
priv1, pub1 := genPair()
priv2, pub2 := genPair()
Expand Down
2 changes: 1 addition & 1 deletion share/dkg/rabin/dkg_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -643,7 +643,7 @@ func genPair() (kyber.Scalar, kyber.Point) {

func randomBytes(n int) []byte {
var buff = make([]byte, n)
_, _ = rand.Read(buff[:])
_, _ = rand.Read(buff)
return buff
}
func checkDks(dks1, dks2 *DistKeyShare) bool {
Expand Down
20 changes: 10 additions & 10 deletions share/vss/pedersen/vss.go
Original file line number Diff line number Diff line change
Expand Up @@ -113,10 +113,10 @@ type Justification struct {

// NewDealer returns a Dealer capable of leading the secret sharing scheme. It
// does not have to be trusted by other Verifiers. The security parameter t is
// the number of shares required to reconstruct the secret. It is HIGHLY
// RECOMMENDED to use a threshold higher or equal than what the method
// MinimumT() returns, otherwise it breaks the security assumptions of the whole
// scheme. It returns an error if the t is less than or equal to 2.
// the number of shares required to reconstruct the secret. MinimumT() provides
// a middle ground between robustness and secrecy. Increasing t will increase
// the secrecy at the cost of the decreased robustness and vice versa. It
// returns an error if the t is inferior or equal to 2.
func NewDealer(suite Suite, longterm, secret kyber.Scalar, verifiers []kyber.Point, t int) (*Dealer, error) {
d := &Dealer{
suite: suite,
Expand Down Expand Up @@ -378,7 +378,7 @@ func (v *Verifier) ProcessEncryptedDeal(e *EncryptedDeal) (*Response, error) {
r.Status = StatusComplaint
}

if err == errDealAlreadyProcessed {
if errors.Is(err, errDealAlreadyProcessed) {
return nil, err
}

Expand Down Expand Up @@ -714,11 +714,11 @@ func (a *Aggregator) MissingResponses() []int {
return absents
}

// MinimumT returns the minimum safe T that is proven to be secure with this
// protocol. It expects n, the total number of participants.
// WARNING: Setting a lower T could make
// the whole protocol insecure. Setting a higher T only makes it harder to
// reconstruct the secret.
// MinimumT returns a safe value of T that balances secrecy and robustness.
// It expects n, the total number of participants.
// T should be adjusted to your threat model. Setting a lower T decreases the
// difficulty for an adversary to break secrecy. However, a too large T makes
// it possible for an adversary to prevent recovery (robustness).
func MinimumT(n int) int {
return (n + 1) / 2
}
Expand Down
1 change: 1 addition & 0 deletions share/vss/pedersen/vss_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -383,6 +383,7 @@ func TestVSSAggregatorVerifyResponse(t *testing.T) {
// wrong index
resp.Index = uint32(len(verifiersPub))
sig, err := schnorr.Sign(suite, v.longterm, resp.Hash(suite))
assert.NoError(t, err)
resp.Signature = sig
assert.Error(t, aggr.verifyResponse(resp))
resp.Index = 0
Expand Down
54 changes: 28 additions & 26 deletions share/vss/rabin/vss.go
Original file line number Diff line number Diff line change
Expand Up @@ -8,24 +8,26 @@
// verifier can check the validity of the received share. The protocol has the
// following steps:
//
// 1) The dealer send a Deal to every verifiers using `Deals()`. Each deal must
// be sent securely to one verifier whose public key is at the same index than
// the index of the Deal.
// 1. The dealer send a Deal to every verifiers using `Deals()`. Each deal must
// be sent securely to one verifier whose public key is at the same index than
// the index of the Deal.
//
// 2) Each verifier processes the Deal with `ProcessDeal`.
// This function returns a Response which can be twofold:
// - an approval, to confirm a correct deal
// - a complaint to announce an incorrect deal notifying others that the
// 2. Each verifier processes the Deal with `ProcessDeal`.
// This function returns a Response which can be twofold:
// - an approval, to confirm a correct deal
// - a complaint to announce an incorrect deal notifying others that the
// dealer might be malicious.
// All Responses must be broadcasted to every verifiers and the dealer.
// 3) The dealer can respond to each complaint by a justification revealing the
// share he originally sent out to the accusing verifier. This is done by
// calling `ProcessResponse` on the `Dealer`.
// 4) The verifiers refuse the shared secret and abort the protocol if there
// are at least t complaints OR if a Justification is wrong. The verifiers
// accept the shared secret if there are at least t approvals at which point
// any t out of n verifiers can reveal their shares to reconstruct the shared
// secret.
// All Responses must be broadcasted to every verifiers and the dealer.
//
// 3. The dealer can respond to each complaint by a justification revealing the
// share he originally sent out to the accusing verifier. This is done by
// calling `ProcessResponse` on the `Dealer`.
//
// 4. The verifiers refuse the shared secret and abort the protocol if there
// are at least t complaints OR if a Justification is wrong. The verifiers
// accept the shared secret if there are at least t approvals at which point
// any t out of n verifiers can reveal their shares to reconstruct the shared
// secret.
package vss

import (
Expand Down Expand Up @@ -129,10 +131,10 @@ type Justification struct {

// NewDealer returns a Dealer capable of leading the secret sharing scheme. It
// does not have to be trusted by other Verifiers. The security parameter t is
// the number of shares required to reconstruct the secret. It is HIGHLY
// RECOMMENDED to use a threshold higher or equal than what the method
// MinimumT() returns, otherwise it breaks the security assumptions of the whole
// scheme. It returns an error if the t is inferior or equal to 2.
// the number of shares required to reconstruct the secret. MinimumT() provides
// a middle ground between robustness and secrecy. Increasing t will increase
// the secrecy at the cost of the decreased robustness and vice versa. It
// returns an error if the t is inferior or equal to 2.
func NewDealer(suite Suite, longterm, secret kyber.Scalar, verifiers []kyber.Point, t int) (*Dealer, error) {
d := &Dealer{
suite: suite,
Expand Down Expand Up @@ -400,7 +402,7 @@ func (v *Verifier) ProcessEncryptedDeal(e *EncryptedDeal) (*Response, error) {
r.Approved = false
}

if err == errDealAlreadyProcessed {
if errors.Is(err, errDealAlreadyProcessed) {
return nil, err
}

Expand Down Expand Up @@ -688,11 +690,11 @@ func (a *aggregator) UnsafeSetResponseDKG(idx uint32, approval bool) {
a.addResponse(r)
}

// MinimumT returns the minimum safe T that is proven to be secure with this
// protocol. It expects n, the total number of participants.
// WARNING: Setting a lower T could make
// the whole protocol insecure. Setting a higher T only makes it harder to
// reconstruct the secret.
// MinimumT returns a safe value of T that balances secrecy and robustness.
// It expects n, the total number of participants.
// T should be adjusted to your threat model. Setting a lower T decreases the
// difficulty for an adversary to break secrecy. However, a too large T makes
// it possible for an adversary to prevent recovery (robustness).
func MinimumT(n int) int {
return (n + 1) / 2
}
Expand Down
2 changes: 2 additions & 0 deletions share/vss/rabin/vss_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -303,6 +303,7 @@ func TestVSSAggregatorVerifyJustification(t *testing.T) {
d.SecShare.V = goodV

j, err := dealer.ProcessResponse(resp)
assert.NoError(t, err)

// invalid deal justified
goodV = j.Deal.SecShare.V
Expand Down Expand Up @@ -388,6 +389,7 @@ func TestVSSAggregatorVerifyResponse(t *testing.T) {
// wrong index
resp.Index = uint32(len(verifiersPub))
sig, err := schnorr.Sign(suite, v.longterm, resp.Hash(suite))
assert.NoError(t, err)
resp.Signature = sig
assert.Error(t, aggr.verifyResponse(resp))
resp.Index = 0
Expand Down

0 comments on commit 28f33ba

Please sign in to comment.