You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@milagro.apache.org by sa...@apache.org on 2020/05/14 22:47:38 UTC
[incubator-milagro-MPC] 22/27: Extract phase 5 in model
This is an automated email from the ASF dual-hosted git repository.
sandreoli pushed a commit to branch update-model-no-replay
in repository https://gitbox.apache.org/repos/asf/incubator-milagro-MPC.git
commit b0dc1191dbcaa22cd1662d2c0f188c6454187fb8
Author: Samuele Andreoli <sa...@yahoo.it>
AuthorDate: Fri Feb 7 11:53:06 2020 +0000
Extract phase 5 in model
---
model/examples/run_mpc.py | 32 ++++++++++----------------------
model/sec256k1/mpc.py | 32 ++++++++++++++++++++++++++++++++
2 files changed, 42 insertions(+), 22 deletions(-)
diff --git a/model/examples/run_mpc.py b/model/examples/run_mpc.py
index fc319d7..c1a01d0 100755
--- a/model/examples/run_mpc.py
+++ b/model/examples/run_mpc.py
@@ -238,44 +238,32 @@ if __name__ == "__main__":
M, player["k"], r, player["sigma"])
## Prove knowledge of the correct s_i
+
+ # Commit to s and R
for player in players:
- phi = big.rand(curve.r)
- rho = big.rand(curve.r)
+ phi, rho, V, A = mpc.phase5_commit(player["s"], R)
player["phi"] = phi
player["rho"] = rho
- player["V"] = (player["s"] * R).add(phi * ecp.generator())
- player["A"] = rho * ecp.generator()
+ player["V"] = V
+ player["A"] = A
# Broadcast V and A and combine them [separately for each player]
Vs = [player["V"] for player in players]
As = [player["A"] for player in players]
- A = mpc.combine_ecp_shares(As)
- V = mpc.combine_ecp_shares(Vs)
-
- # Remove (the supposed) R^s from the exponent of V [separately for each player]
- m = mpc.hashit(M)
- negm = big.modsub(curve.r, m, curve.r)
-
- negr = big.modsub(curve.r, r, curve.r)
-
- V.add(negm * ecp.generator())
- V.add(negr * PK)
-
# Produce proof for the agreed V and A
for player in players:
- player["U"] = player["rho"] * V
- player["T"] = player["phi"] * A
+ U, T = mpc.phase5_prove(player["rho"], player["phi"], Vs, As, PK, M, r)
+
+ player["U"] = U
+ player["T"] = T
# Broadcast T and U and combine them to complete the proof [separately for each player]
Us = [player["U"] for player in players]
Ts = [player["T"] for player in players]
- U = mpc.combine_ecp_shares(Us)
- T = mpc.combine_ecp_shares(Ts)
-
- assert U == T, "inconsistency detected in signature shares"
+ assert mpc.phase5_verify(Us, Ts), "inconsistency detected in signature shares"
## Broadcast shares and reconstruct s [separately for each player]
shares = [player["s"] for player in players]
diff --git a/model/sec256k1/mpc.py b/model/sec256k1/mpc.py
index e319aee..6dcef21 100644
--- a/model/sec256k1/mpc.py
+++ b/model/sec256k1/mpc.py
@@ -78,3 +78,35 @@ def reconciliate_r(deltas, Gammas):
def make_signature_share(M, k, r, s):
m = hashit(M)
return (k * m + r * s) % curve.r
+
+def phase5_commit(s, R, phi=None, rho=None):
+ if phi is None:
+ phi = big.rand(curve.r)
+
+ if rho is None:
+ rho = big.rand(curve.r)
+
+ V = ecp.generator().mul(phi, R, s)
+ A = rho * ecp.generator()
+
+ return phi, rho, V, A
+
+def phase5_prove(rho, phi, Vs, As, PK, M, r):
+ A = combine_ecp_shares(As)
+ V = combine_ecp_shares(Vs)
+
+ # Remove R^s from the recombined V
+ m = hashit(M)
+ nm = big.modsub(curve.r, m, curve.r)
+ nr = big.modsub(curve.r, r, curve.r)
+
+ G = ecp.generator().mul(nm, PK, nr)
+ V.add(G)
+
+ return rho * V, phi * A
+
+def phase5_verify(Us, Ts):
+ U = combine_ecp_shares(Us)
+ T = combine_ecp_shares(Ts)
+
+ return U == T