Merge remote-tracking branch 'upstream/master' into patch-2

bnb-chain · Nov 18, 2020 · b15a0cf · b15a0cf
2 parents e0e4299 + a827813
commit b15a0cf
Show file tree

Hide file tree

Showing 10 changed files with 53 additions and 22 deletions.
diff --git a/.github/workflows/gofmt.yml b/.github/workflows/gofmt.yml
@@ -0,0 +1,11 @@
+name: Go-fmt
+on: push
+jobs:
+  gofmt:
+    name: Go fmt project
+    runs-on: ubuntu-latest
+    steps:
+      - name: check out
+        uses: actions/checkout@v2
+      - name: go fmt project
+        uses: Jerome1337/[email protected]
diff --git a/Makefile b/Makefile
@@ -22,12 +22,12 @@ build: protob
 test_unit:
 	@echo "--> Running Unit Tests"
 	@echo "!!! WARNING: This will take a long time :)"
-	go test -timeout 20m $(PACKAGES)
+	go test -timeout 60m $(PACKAGES)
 
 test_unit_race:
 	@echo "--> Running Unit Tests (with Race Detection)"
 	@echo "!!! WARNING: This will take a long time :)"
-	go test -timeout 30m -race $(PACKAGES)
+	go test -timeout 60m -race $(PACKAGES)
 
 test:
 	make test_unit

diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,11 @@
+# Security Policy
+
+## Reporting a Bug or Vulnerability
+
+For non-security problems please open an issue in this GitHub repository.
+
+If you find any security issues please send a report confidentially to [email protected].
+
+Please include notes about the impact of the issue and a walkthrough on how it can be exploited.
+
+For severe security issues that completely breach the safety of the scheme or leak the secret shares we would be happy to reward you with a bounty based on the security impact and severity. Please include a link to this notice in your email.
diff --git a/crypto/commitments/commitment.go b/crypto/commitments/commitment.go
@@ -58,11 +58,7 @@ func (cmt *HashCommitDecommit) Verify() bool {
 		return false
 	}
 	hash := common.SHA512_256i(D...)
-	if hash.Cmp(C) == 0 {
-		return true
-	} else {
-		return false
-	}
+	return hash.Cmp(C) == 0
 }
 
 func (cmt *HashCommitDecommit) DeCommit() (bool, HashDeCommitment) {

diff --git a/crypto/ecpoint.go b/crypto/ecpoint.go
@@ -15,6 +15,8 @@ import (
 	"fmt"
 	"math/big"
 
+	"github.com/decred/dcrd/dcrec/edwards/v2"
+
 	"github.com/binance-chain/tss-lib/tss"
 )
 
@@ -24,6 +26,11 @@ type ECPoint struct {
 	coords [2]*big.Int
 }
 
+var (
+	eight    = big.NewInt(8)
+	eightInv = new(big.Int).ModInverse(eight, edwards.Edwards().Params().N)
+)
+
 // Creates a new ECPoint and checks that the given coordinates are on the elliptic curve.
 func NewECPoint(curve elliptic.Curve, X, Y *big.Int) (*ECPoint, error) {
 	if !isOnCurve(curve, X, Y) {
@@ -77,6 +84,10 @@ func (p *ECPoint) ValidateBasic() bool {
 	return p != nil && p.coords[0] != nil && p.coords[1] != nil && p.IsOnCurve()
 }
 
+func (p *ECPoint) EightInvEight() *ECPoint {
+	return p.ScalarMult(eight).ScalarMult(eightInv)
+}
+
 func ScalarBaseMult(curve elliptic.Curve, k *big.Int) *ECPoint {
 	x, y := curve.ScalarBaseMult(k.Bytes())
 	p, _ := NewECPoint(curve, x, y) // it must be on the curve, no need to check.

diff --git a/crypto/mta/range_proof.go b/crypto/mta/range_proof.go
@@ -108,7 +108,6 @@ func (pf *RangeProofAlice) Verify(pk *paillier.PublicKey, NTilde, h1, h2, c *big
 		return false
 	}
 
-	N2 := new(big.Int).Mul(pk.N, pk.N)
 	q := tss.EC().Params().N
 	q3 := new(big.Int).Mul(q, q)
 	q3 = new(big.Int).Mul(q, q3)
@@ -129,14 +128,14 @@ func (pf *RangeProofAlice) Verify(pk *paillier.PublicKey, NTilde, h1, h2, c *big
 	minusE := new(big.Int).Sub(zero, e)
 
 	{ // 4. gamma^s_1 * s^N * c^-e
-		modN2 := common.ModInt(N2)
+		modNSquared := common.ModInt(pk.NSquare())
 
-		cExpMinusE := modN2.Exp(c, minusE)
-		sExpN := modN2.Exp(pf.S, pk.N)
-		gammaExpS1 := modN2.Exp(pk.Gamma(), pf.S1)
+		cExpMinusE := modNSquared.Exp(c, minusE)
+		sExpN := modNSquared.Exp(pf.S, pk.N)
+		gammaExpS1 := modNSquared.Exp(pk.Gamma(), pf.S1)
 		// u != (4)
-		products = modN2.Mul(gammaExpS1, sExpN)
-		products = modN2.Mul(products, cExpMinusE)
+		products = modNSquared.Mul(gammaExpS1, sExpN)
+		products = modNSquared.Mul(products, cExpMinusE)
 		if pf.U.Cmp(products) != 0 {
 			return false
 		}

diff --git a/crypto/schnorr/schnorr_proof.go b/crypto/schnorr/schnorr_proof.go
@@ -70,10 +70,7 @@ func (pf *ZKProof) Verify(X *crypto.ECPoint) bool {
 	if err != nil {
 		return false
 	}
-	if aXc.X().Cmp(tG.X()) != 0 || aXc.Y().Cmp(tG.Y()) != 0 {
-		return false
-	}
-	return true
+	return aXc.X().Cmp(tG.X()) == 0 && aXc.Y().Cmp(tG.Y()) == 0
 }
 
 func (pf *ZKProof) ValidateBasic() bool {
@@ -128,10 +125,7 @@ func (pf *ZKVProof) Verify(V, R *crypto.ECPoint) bool {
 	if err != nil {
 		return false
 	}
-	if tRuG.X().Cmp(aVc.X()) != 0 || tRuG.Y().Cmp(aVc.Y()) != 0 {
-		return false
-	}
-	return true
+	return tRuG.X().Cmp(aVc.X()) == 0 && tRuG.Y().Cmp(aVc.Y()) == 0
 }
 
 func (pf *ZKVProof) ValidateBasic() bool {

diff --git a/eddsa/keygen/round_3.go b/eddsa/keygen/round_3.go
@@ -78,6 +78,9 @@ func (round *round3) Start() *tss.Error {
 				return
 			}
 			PjVs, err := crypto.UnFlattenECPoints(tss.EC(), flatPolyGs)
+			for i, PjV := range PjVs {
+				PjVs[i] = PjV.EightInvEight()
+			}
 			if err != nil {
 				ch <- vssOut{err, nil}
 				return

diff --git a/eddsa/resharing/round_4_new_step_2.go b/eddsa/resharing/round_4_new_step_2.go
@@ -59,6 +59,11 @@ func (round *round4) Start() *tss.Error {
 		if err != nil {
 			return round.WrapError(err, round.Parties().IDs()[j])
 		}
+
+		for i, v := range vj {
+			vj[i] = v.EightInvEight()
+		}
+
 		vjc[j] = vj
 
 		r3msg1 := round.temp.dgRound3Message1s[j].Content().(*DGRound3Message1)

diff --git a/eddsa/signing/round_3.go b/eddsa/signing/round_3.go
@@ -50,6 +50,7 @@ func (round *round3) Start() *tss.Error {
 		}
 
 		Rj, err := crypto.NewECPoint(tss.EC(), coordinates[0], coordinates[1])
+		Rj = Rj.EightInvEight()
 		if err != nil {
 			return round.WrapError(errors.Wrapf(err, "NewECPoint(Rj)"), Pj)
 		}