From 09929286b0a025dfeac8050852f7e3f73e187c41 Mon Sep 17 00:00:00 2001 From: Joey Yandle Date: Mon, 25 Sep 2023 11:32:32 -0400 Subject: [PATCH] remove most non-snake case variables, only leave R which is the default terminology for schnorr proofs --- src/common.rs | 12 +++++------ src/v1.rs | 60 ++++++++++++++++++++++----------------------------- src/v2.rs | 48 ++++++++++++++++------------------------- 3 files changed, 51 insertions(+), 69 deletions(-) diff --git a/src/common.rs b/src/common.rs index 2888eab1..f46edaaa 100644 --- a/src/common.rs +++ b/src/common.rs @@ -22,20 +22,20 @@ pub struct PolyCommitment { /// The party ID with a schnorr proof pub id: ID, /// The public polynomial which commits to the secret polynomial - pub A: Vec, + pub poly: Vec, } impl PolyCommitment { /// Verify the wrapped schnorr ID pub fn verify(&self) -> bool { - self.id.verify(&self.A[0]) + self.id.verify(&self.poly[0]) } } impl Display for PolyCommitment { fn fmt(&self, f: &mut Formatter<'_>) -> FmtResult { write!(f, "{}", self.id.id)?; - for p in &self.A { + for p in &self.poly { write!(f, " {}", p)?; } Ok(()) @@ -183,9 +183,9 @@ impl<'a> CheckPrivateShares<'a> { /// Construct a new CheckPrivateShares object pub fn new(id: Scalar, shares: &HashMap, polys: &'a [PolyCommitment]) -> Self { let n: u32 = shares.len().try_into().unwrap(); - let t: u32 = polys[0].A.len().try_into().unwrap(); + let t: u32 = polys[0].poly.len().try_into().unwrap(); let x = id; - let mut powers = Vec::with_capacity(polys[0].A.len()); + let mut powers = Vec::with_capacity(polys[0].poly.len()); let mut pow = Scalar::one(); for _ in 0..t { @@ -228,7 +228,7 @@ impl<'a> MultiMult for CheckPrivateShares<'a> { let j = i / u; let k = i % u; - &self.polys[j].A[k] + &self.polys[j].poly[k] } else { &G } diff --git a/src/v1.rs b/src/v1.rs index 18ef7813..138da92f 100644 --- a/src/v1.rs +++ b/src/v1.rs @@ -28,7 +28,6 @@ pub struct PartyState { } #[derive(Clone, Debug, Eq, PartialEq)] -#[allow(non_snake_case)] /// A FROST party, which encapsulates a single polynomial, nonce, and key pub struct Party { /// The ID @@ -45,7 +44,6 @@ pub struct Party { } impl Party { - #[allow(non_snake_case)] /// Construct a random Party with the passed ID and parameters pub fn new(id: u32, n: u32, t: u32, rng: &mut RNG) -> Self { Self { @@ -87,12 +85,11 @@ impl Party { PublicNonce::from(&self.nonce) } - #[allow(non_snake_case)] /// Get a public commitment to the private polynomial pub fn get_poly_commitment(&self, rng: &mut RNG) -> PolyCommitment { PolyCommitment { id: ID::new(&self.id(), &self.f.data()[0], rng), - A: (0..self.f.data().len()) + poly: (0..self.f.data().len()) .map(|i| &self.f.data()[i] * G) .collect(), } @@ -113,12 +110,11 @@ impl Party { shares } - #[allow(non_snake_case)] /// Compute this party's share of the group secret key pub fn compute_secret( &mut self, shares: HashMap, - A: &[PolyCommitment], + comms: &[PolyCommitment], ) -> Result<(), DkgError> { let mut missing_shares = Vec::new(); for i in 0..self.n { @@ -136,7 +132,7 @@ impl Party { let bad_ids: Vec = shares .keys() .cloned() - .filter(|i| !A[usize::try_from(*i).unwrap()].verify()) + .filter(|i| !comms[usize::try_from(*i).unwrap()].verify()) .collect(); if !bad_ids.is_empty() { return Err(DkgError::BadIds(bad_ids)); @@ -145,14 +141,14 @@ impl Party { // building a vector of scalars and points from public poly evaluations and expected values takes too much memory // instead make an object which implements p256k1 MultiMult trait, using the existing powers of x and shares - let mut check_shares = CheckPrivateShares::new(self.id(), &shares, A); + let mut check_shares = CheckPrivateShares::new(self.id(), &shares, comms); // if the batch verify fails then check them one by one and find the bad ones if Point::multimult_trait(&mut check_shares)? != Point::zero() { let mut bad_shares = Vec::new(); for (i, s) in shares.iter() { - let Ai = &A[usize::try_from(*i).unwrap()]; - if s * G != compute::poly(&self.id(), &Ai.A)? { + let comm = &comms[usize::try_from(*i).unwrap()]; + if s * G != compute::poly(&self.id(), &comm.poly)? { bad_shares.push(*i); } } @@ -160,10 +156,10 @@ impl Party { } for (i, s) in shares.iter() { - let Ai = &A[usize::try_from(*i).unwrap()]; + let comm = &comms[usize::try_from(*i).unwrap()]; self.private_key += s; - self.group_key += Ai.A[0]; + self.group_key += comm.poly[0]; } self.public_key = self.private_key * G; @@ -175,12 +171,11 @@ impl Party { compute::id(self.id) } - #[allow(non_snake_case)] /// Sign `msg` with this party's share of the group private key, using the set of `signers` and corresponding `nonces` pub fn sign(&self, msg: &[u8], signers: &[u32], nonces: &[PublicNonce]) -> SignatureShare { - let (_R_vec, R) = compute::intermediate(msg, signers, nonces); + let (_, aggregate_nonce) = compute::intermediate(msg, signers, nonces); let mut z = &self.nonce.d + &self.nonce.e * compute::binding(&self.id(), nonces, msg); - z += compute::challenge(&self.group_key, &R, msg) + z += compute::challenge(&self.group_key, &aggregate_nonce, msg) * &self.private_key * compute::lambda(self.id, signers); @@ -260,7 +255,7 @@ impl Aggregator { } let signers: Vec = sig_shares.iter().map(|ss| ss.id).collect(); - let (R_vec, R) = compute::intermediate(msg, &signers, nonces); + let (Rs, R) = compute::intermediate(msg, &signers, nonces); let mut z = Scalar::zero(); let mut bad_party_keys = Vec::new(); let mut bad_party_sigs = Vec::new(); @@ -291,7 +286,7 @@ impl Aggregator { let z_i = sig_shares[i].z_i; if z_i * G - != r_sign * R_vec[i] + != r_sign * Rs[i] + cx_sign * (compute::lambda(sig_shares[i].id, &signers) * c * public_key) { bad_party_sigs.push(sig_shares[i].id); @@ -325,18 +320,17 @@ impl traits::Aggregator for Aggregator { } } - #[allow(non_snake_case)] /// Initialize the Aggregator polynomial - fn init(&mut self, A: Vec) -> Result<(), AggregatorError> { + fn init(&mut self, comms: Vec) -> Result<(), AggregatorError> { let len = self.num_keys.try_into().unwrap(); - if A.len() != len { - return Err(AggregatorError::BadPolyCommitmentLen(len, A.len())); + if comms.len() != len { + return Err(AggregatorError::BadPolyCommitmentLen(len, comms.len())); } let mut bad_poly_commitments = Vec::new(); - for A_i in &A { - if !A_i.verify() { - bad_poly_commitments.push(A_i.id.id); + for comm in &comms { + if !comm.verify() { + bad_poly_commitments.push(comm.id.id); } } if !bad_poly_commitments.is_empty() { @@ -347,8 +341,8 @@ impl traits::Aggregator for Aggregator { for i in 0..poly.capacity() { poly.push(Point::zero()); - for p in &A { - poly[i] += &p.A[i]; + for p in &comms { + poly[i] += &p.poly[i]; } } @@ -357,7 +351,6 @@ impl traits::Aggregator for Aggregator { Ok(()) } - #[allow(non_snake_case)] /// Check and aggregate the party signatures fn sign( &mut self, @@ -595,13 +588,12 @@ pub mod test_helpers { use hashbrown::HashMap; use rand_core::{CryptoRng, RngCore}; - #[allow(non_snake_case)] /// Run a distributed key generation round pub fn dkg( signers: &mut [v1::Signer], rng: &mut RNG, ) -> Result, HashMap> { - let A: Vec = signers + let comms: Vec = signers .iter() .flat_map(|s| s.get_poly_commitments(rng)) .collect(); @@ -615,13 +607,13 @@ pub mod test_helpers { let mut secret_errors = HashMap::new(); for signer in signers.iter_mut() { - if let Err(signer_secret_errors) = signer.compute_secrets(&private_shares, &A) { + if let Err(signer_secret_errors) = signer.compute_secrets(&private_shares, &comms) { secret_errors.extend(signer_secret_errors.into_iter()); } } if secret_errors.is_empty() { - Ok(A) + Ok(comms) } else { Err(secret_errors) } @@ -724,8 +716,8 @@ mod tests { .map(|(id, ids)| v1::Signer::new(id.try_into().unwrap(), ids, N, T, &mut rng)) .collect(); - let A = match v1::test_helpers::dkg(&mut signers, &mut rng) { - Ok(A) => A, + let comms = match v1::test_helpers::dkg(&mut signers, &mut rng) { + Ok(comms) => comms, Err(secret_errors) => { panic!("Got secret errors from DKG: {:?}", secret_errors); } @@ -735,7 +727,7 @@ mod tests { { let mut signers = [signers[0].clone(), signers[1].clone(), signers[3].clone()].to_vec(); let mut sig_agg = v1::Aggregator::new(N, T); - sig_agg.init(A.clone()).expect("aggregator init failed"); + sig_agg.init(comms.clone()).expect("aggregator init failed"); let (nonces, sig_shares) = v1::test_helpers::sign(&msg, &mut signers, &mut rng); if let Err(e) = sig_agg.sign(&msg, &nonces, &sig_shares, &[]) { diff --git a/src/v2.rs b/src/v2.rs index c63e42c3..ba2bf872 100644 --- a/src/v2.rs +++ b/src/v2.rs @@ -45,7 +45,6 @@ pub struct PartyState { } #[derive(Clone, Debug, Eq, PartialEq)] -#[allow(non_snake_case)] /// A WSTS party, which encapsulates a single polynomial, nonce, and one private key per key ID pub struct Party { /// The party ID @@ -63,7 +62,6 @@ pub struct Party { } impl Party { - #[allow(non_snake_case)] /// Construct a random Party with the passed party ID, key IDs, and parameters pub fn new( party_id: u32, @@ -122,12 +120,11 @@ impl Party { PublicNonce::from(&self.nonce) } - #[allow(non_snake_case)] /// Get a public commitment to the private polynomial pub fn get_poly_commitment(&self, rng: &mut RNG) -> PolyCommitment { PolyCommitment { id: ID::new(&self.id(), &self.f.data()[0], rng), - A: (0..self.f.data().len()) + poly: (0..self.f.data().len()) .map(|i| &self.f.data()[i] * G) .collect(), } @@ -142,12 +139,11 @@ impl Party { shares } - #[allow(non_snake_case)] /// Compute this party's share of the group secret key pub fn compute_secret( &mut self, shares: &HashMap>, - A: &[PolyCommitment], + comms: &[PolyCommitment], ) -> Result<(), DkgError> { let mut missing_shares = Vec::new(); for key_id in &self.key_ids { @@ -160,11 +156,11 @@ impl Party { } let mut bad_ids = Vec::new(); - for (i, Ai) in A.iter().enumerate() { - if !Ai.verify() { + for (i, comm) in comms.iter().enumerate() { + if !comm.verify() { bad_ids.push(i.try_into().unwrap()); } - self.group_key += Ai.A[0]; + self.group_key += comm.poly[0]; } if !bad_ids.is_empty() { return Err(DkgError::BadIds(bad_ids)); @@ -183,8 +179,8 @@ impl Party { let mut bad_shares = Vec::new(); for key_id in &self.key_ids { for (sender, s) in &shares[key_id] { - let Ai = &A[usize::try_from(*sender).unwrap()]; - if s * G != compute::poly(&compute::id(*key_id), &Ai.A)? { + let comm = &comms[usize::try_from(*sender).unwrap()]; + if s * G != compute::poly(&compute::id(*key_id), &comm.poly)? { bad_shares.push(*sender); } } @@ -211,7 +207,6 @@ impl Party { } /// Sign `msg` with this party's shares of the group private key, using the set of `party_ids`, `key_ids` and corresponding `nonces` - #[allow(non_snake_case)] pub fn sign( &self, msg: &[u8], @@ -233,7 +228,7 @@ impl Party { tweak: &Scalar, ) -> SignatureShare { let tweaked_public_key = self.group_key + tweak * G; - let (_R_vec, R) = compute::intermediate(msg, party_ids, nonces); + let (_, R) = compute::intermediate(msg, party_ids, nonces); let c = compute::challenge(&tweaked_public_key, &R, msg); let mut r = &self.nonce.d + &self.nonce.e * compute::binding(&self.id(), nonces, msg); if tweak != &Scalar::zero() && !R.has_even_y() { @@ -259,7 +254,6 @@ impl Party { } } -#[allow(non_snake_case)] /// The group signature aggregator pub struct Aggregator { /// The total number of keys @@ -286,7 +280,7 @@ impl Aggregator { } let party_ids: Vec = sig_shares.iter().map(|ss| ss.id).collect(); - let (Ris, R) = compute::intermediate(msg, &party_ids, nonces); + let (Rs, R) = compute::intermediate(msg, &party_ids, nonces); let mut z = Scalar::zero(); let mut bad_party_keys = Vec::new(); let mut bad_party_sigs = Vec::new(); @@ -321,7 +315,7 @@ impl Aggregator { cx += compute::lambda(*key_id, key_ids) * c * public_key; } - if z_i * G != (r_sign * Ris[i] + cx_sign * cx) { + if z_i * G != (r_sign * Rs[i] + cx_sign * cx) { bad_party_sigs.push(sig_shares[i].id); } @@ -351,13 +345,12 @@ impl traits::Aggregator for Aggregator { } } - #[allow(non_snake_case)] /// Initialize the Aggregator polynomial - fn init(&mut self, A: Vec) -> Result<(), AggregatorError> { + fn init(&mut self, comms: Vec) -> Result<(), AggregatorError> { let mut bad_poly_commitments = Vec::new(); - for A_i in &A { - if !A_i.verify() { - bad_poly_commitments.push(A_i.id.id); + for comm in &comms { + if !comm.verify() { + bad_poly_commitments.push(comm.id.id); } } if !bad_poly_commitments.is_empty() { @@ -368,8 +361,8 @@ impl traits::Aggregator for Aggregator { for i in 0..poly.capacity() { poly.push(Point::zero()); - for p in &A { - poly[i] += &p.A[i]; + for comm in &comms { + poly[i] += &comm.poly[i]; } } @@ -379,7 +372,6 @@ impl traits::Aggregator for Aggregator { } /// Check and aggregate the party signatures - #[allow(non_snake_case)] fn sign( &mut self, msg: &[u8], @@ -397,7 +389,6 @@ impl traits::Aggregator for Aggregator { } /// Check and aggregate the party signatures - #[allow(non_snake_case)] fn sign_taproot( &mut self, msg: &[u8], @@ -530,7 +521,6 @@ pub mod test_helpers { use hashbrown::HashMap; use rand_core::{CryptoRng, RngCore}; - #[allow(non_snake_case)] /// Run a distributed key generation round pub fn dkg( signers: &mut [v2::Party], @@ -632,8 +622,8 @@ mod tests { .map(|(pid, pkids)| v2::Party::new(pid.try_into().unwrap(), pkids, Np, Nk, T, &mut rng)) .collect(); - let A = match v2::test_helpers::dkg(&mut signers, &mut rng) { - Ok(A) => A, + let comms = match v2::test_helpers::dkg(&mut signers, &mut rng) { + Ok(comms) => comms, Err(secret_errors) => { panic!("Got secret errors from DKG: {:?}", secret_errors); } @@ -644,7 +634,7 @@ mod tests { let mut signers = [signers[0].clone(), signers[1].clone(), signers[3].clone()].to_vec(); let mut sig_agg = v2::Aggregator::new(Nk, T); - sig_agg.init(A.clone()).expect("aggregator init failed"); + sig_agg.init(comms.clone()).expect("aggregator init failed"); let (nonces, sig_shares, key_ids) = v2::test_helpers::sign(&msg, &mut signers, &mut rng);