diff --git a/synedrion/src/cggmp21/interactive_signing.rs b/synedrion/src/cggmp21/interactive_signing.rs index 7f47451..b38a7b0 100644 --- a/synedrion/src/cggmp21/interactive_signing.rs +++ b/synedrion/src/cggmp21/interactive_signing.rs @@ -496,7 +496,7 @@ impl Round for Round2 { .all_cap_k .get(destination) .ok_or(LocalError::new("Missing destination={destination:?} in all_cap_k"))? - * secret_signed_from_scalar::

(&self.context.key_share.secret_share) + * &secret_signed_from_scalar::

(&self.context.key_share.secret_share) + Ciphertext::new_with_randomizer_signed(target_pk, &-&hat_beta, &hat_s); let rp = &self.context.public_aux(destination)?.rp_params; diff --git a/synedrion/src/cggmp21/sigma/mul.rs b/synedrion/src/cggmp21/sigma/mul.rs index 55ef380..be04a39 100644 --- a/synedrion/src/cggmp21/sigma/mul.rs +++ b/synedrion/src/cggmp21/sigma/mul.rs @@ -134,11 +134,7 @@ impl MulProof

{ } // Y^z u^N = A * C^e \mod N^2 - if cap_y - .homomorphic_mul_wide_public(&self.z) - .mul_masked_randomizer(&self.u) - != self.cap_a.to_precomputed(pk) + cap_c * &e - { + if (cap_y * &self.z).mul_masked_randomizer(&self.u) != self.cap_a.to_precomputed(pk) + cap_c * &e { return false; } diff --git a/synedrion/src/paillier/encryption.rs b/synedrion/src/paillier/encryption.rs index dee336a..d429acd 100644 --- a/synedrion/src/paillier/encryption.rs +++ b/synedrion/src/paillier/encryption.rs @@ -304,49 +304,23 @@ impl Ciphertext

{ // compared to what we would get if we used the signed `rhs` faithfully in the original formula. // So if we want to replicate the Paillier encryption manually and get the same ciphertext // (e.g. in the P_enc sigma-protocol), we need to process the sign correctly. - fn homomorphic_mul(self, rhs: &SecretSigned) -> Self { - Self { - pk: self.pk, - ciphertext: self.ciphertext.pow(&rhs.to_wide()), - } - } - - fn homomorphic_mul_ref_public(&self, rhs: &PublicSigned) -> Self { - Self { - pk: self.pk.clone(), - ciphertext: self.ciphertext.pow(&rhs.to_wide()), - } - } - - fn homomorphic_mul_public(self, rhs: &PublicSigned) -> Self { + fn homomorphic_mul(self, rhs: &V) -> Self + where + P::WideUintMod: Exponentiable, + { Self { pk: self.pk, - ciphertext: self.ciphertext.pow(&rhs.to_wide()), - } - } - - fn homomorphic_mul_ref(&self, rhs: &SecretSigned) -> Self { - Self { - pk: self.pk.clone(), - ciphertext: self.ciphertext.pow(&rhs.to_wide()), - } - } - - pub fn homomorphic_mul_wide_public(&self, rhs: &PublicSigned) -> Self { - // Unfortunately we cannot implement `Mul` for `SecretSigned` and `SecretSigned` - // at the same time, since they can be the same type. - // But this method is only used once, so it's not a problem to spell it out. - Self { - pk: self.pk.clone(), ciphertext: self.ciphertext.pow(rhs), } } - fn homomorphic_mul_unsigned_ref(&self, rhs: &SecretUnsigned) -> Self { - let rhs_wide = rhs.to_wide(); + fn homomorphic_mul_ref(&self, rhs: &V) -> Self + where + P::WideUintMod: Exponentiable, + { Self { pk: self.pk.clone(), - ciphertext: self.ciphertext.pow(&rhs_wide), + ciphertext: self.ciphertext.pow(rhs), } } @@ -406,48 +380,26 @@ impl Add<&Ciphertext

> for Ciphertext

{ } } -impl Mul<&PublicSigned> for Ciphertext

{ - type Output = Ciphertext

; - fn mul(self, rhs: &PublicSigned) -> Ciphertext

{ - self.homomorphic_mul_public(rhs) - } -} - -impl Mul<&PublicSigned> for &Ciphertext

{ - type Output = Ciphertext

; - fn mul(self, rhs: &PublicSigned) -> Ciphertext

{ - self.homomorphic_mul_ref_public(rhs) - } -} - -impl Mul> for Ciphertext

{ - type Output = Ciphertext

; - fn mul(self, rhs: SecretSigned) -> Ciphertext

{ - self.homomorphic_mul(&rhs) - } -} - -impl Mul> for &Ciphertext

{ +impl Mul<&V> for Ciphertext

+where + P::WideUintMod: Exponentiable, +{ type Output = Ciphertext

; - fn mul(self, rhs: SecretSigned) -> Ciphertext

{ - self.homomorphic_mul_ref(&rhs) + fn mul(self, rhs: &V) -> Ciphertext

{ + self.homomorphic_mul(rhs) } } -impl<'a, P: PaillierParams> Mul<&'a SecretSigned> for &Ciphertext

{ +impl Mul<&V> for &Ciphertext

+where + P::WideUintMod: Exponentiable, +{ type Output = Ciphertext

; - fn mul(self, rhs: &'a SecretSigned) -> Ciphertext

{ + fn mul(self, rhs: &V) -> Ciphertext

{ self.homomorphic_mul_ref(rhs) } } -impl<'a, P: PaillierParams> Mul<&'a SecretUnsigned> for &Ciphertext

{ - type Output = Ciphertext

; - fn mul(self, rhs: &'a SecretUnsigned) -> Ciphertext

{ - self.homomorphic_mul_unsigned_ref(rhs) - } -} - #[cfg(test)] mod tests { use crypto_bigint::{ @@ -556,7 +508,7 @@ mod tests { let ciphertext = Ciphertext::::new(&mut OsRng, pk, &plaintext); let coeff = SecretSigned::random_in_exp_range(&mut OsRng, ::Uint::BITS - 2); - let new_ciphertext = ciphertext * coeff.clone(); + let new_ciphertext = ciphertext * &coeff; let new_plaintext = new_ciphertext.decrypt(&sk); assert_eq!( @@ -615,7 +567,7 @@ mod tests { let ciphertext1 = Ciphertext::::new(&mut OsRng, pk, &plaintext1); let ciphertext3 = Ciphertext::::new(&mut OsRng, pk, &plaintext3); - let result = ciphertext1 * plaintext2.clone() + ciphertext3; + let result = ciphertext1 * &plaintext2 + ciphertext3; let plaintext_back = result.decrypt(&sk); assert_eq!( diff --git a/synedrion/src/paillier/params.rs b/synedrion/src/paillier/params.rs index 7d63921..b72973c 100644 --- a/synedrion/src/paillier/params.rs +++ b/synedrion/src/paillier/params.rs @@ -89,6 +89,7 @@ pub trait PaillierParams: core::fmt::Debug + PartialEq + Eq + Clone + Send + Syn /// A modulo-residue counterpart of `WideUint`. type WideUintMod: Monty + + PowBoundedExp + PowBoundedExp + ConditionallyNegatable + ConditionallySelectable