Skip to content

Commit

Permalink
Updates for CGGMP'24: Paillier/ring-Pedersen level (#161)
Browse files Browse the repository at this point in the history
  • Loading branch information
fjarri authored Dec 1, 2024
2 parents 8ec70fd + f6cd680 commit 9846887
Show file tree
Hide file tree
Showing 25 changed files with 1,369 additions and 1,088 deletions.
40 changes: 20 additions & 20 deletions synedrion/src/cggmp21/aux_gen.rs
Original file line number Diff line number Diff line change
Expand Up @@ -28,8 +28,8 @@ use super::{
use crate::{
curve::{Point, Scalar},
paillier::{
PublicKeyPaillier, PublicKeyPaillierPrecomputed, RPParams, RPParamsMod, RPSecret, SecretKeyPaillier,
SecretKeyPaillierPrecomputed,
PublicKeyPaillier, PublicKeyPaillierWire, RPParams, RPParamsWire, RPSecret, SecretKeyPaillier,
SecretKeyPaillierWire,
},
tools::{
bitvec::BitVec,
Expand Down Expand Up @@ -133,7 +133,7 @@ impl<P: SchemeParams, I: PartyId> EntryPoint<I> for AuxGen<P, I> {
.finalize();

// $p_i$, $q_i$
let paillier_sk = SecretKeyPaillier::<P::Paillier>::random(rng).to_precomputed();
let paillier_sk = SecretKeyPaillierWire::<P::Paillier>::random(rng);
// $N_i$
let paillier_pk = paillier_sk.public_key();

Expand All @@ -145,34 +145,34 @@ impl<P: SchemeParams, I: PartyId> EntryPoint<I> for AuxGen<P, I> {
let tau_y = SchSecret::random(rng); // $\tau$
let cap_b = SchCommitment::new(&tau_y);

let lambda = RPSecret::random(rng, &paillier_sk);
let rp_secret = RPSecret::random(rng);
// Ring-Pedersen parameters ($s$, $t$) bundled in a single object.
let rp_params = RPParamsMod::random_with_secret(rng, &lambda, paillier_pk);
let rp_params = RPParams::random_with_secret(rng, &rp_secret);

let aux = (&sid_hash, id);
let hat_psi = PrmProof::<P>::new(rng, &paillier_sk, &lambda, &rp_params, &aux);
let hat_psi = PrmProof::<P>::new(rng, &rp_secret, &rp_params, &aux);

let rho = BitVec::random(rng, P::SECURITY_PARAMETER);
let u = BitVec::random(rng, P::SECURITY_PARAMETER);

let data = PublicData1 {
cap_y,
cap_b,
paillier_pk: paillier_pk.to_minimal(),
rp_params: rp_params.retrieve(),
paillier_pk: paillier_pk.clone(),
rp_params: rp_params.to_wire(),
hat_psi,
rho,
u,
};

let data_precomp = PublicData1Precomp {
data,
paillier_pk: paillier_pk.clone(),
paillier_pk: paillier_pk.into_precomputed(),
rp_params,
};

let context = Context {
paillier_sk,
paillier_sk: paillier_sk.into_precomputed(),
y,
tau_y,
data_precomp,
Expand All @@ -191,8 +191,8 @@ impl<P: SchemeParams, I: PartyId> EntryPoint<I> for AuxGen<P, I> {
struct PublicData1<P: SchemeParams> {
cap_y: Point,
cap_b: SchCommitment,
paillier_pk: PublicKeyPaillier<P::Paillier>, // $N_i$
rp_params: RPParams<P::Paillier>, // $s_i$ and $t_i$
paillier_pk: PublicKeyPaillierWire<P::Paillier>, // $N_i$
rp_params: RPParamsWire<P::Paillier>, // $s_i$ and $t_i$
hat_psi: PrmProof<P>,
rho: BitVec,
u: BitVec,
Expand All @@ -201,13 +201,13 @@ struct PublicData1<P: SchemeParams> {
#[derive(Debug, Clone)]
struct PublicData1Precomp<P: SchemeParams> {
data: PublicData1<P>,
paillier_pk: PublicKeyPaillierPrecomputed<P::Paillier>,
rp_params: RPParamsMod<P::Paillier>,
paillier_pk: PublicKeyPaillier<P::Paillier>,
rp_params: RPParams<P::Paillier>,
}

#[derive(Debug)]
struct Context<P: SchemeParams, I> {
paillier_sk: SecretKeyPaillierPrecomputed<P::Paillier>,
paillier_sk: SecretKeyPaillier<P::Paillier>,
y: Scalar,
tau_y: SchSecret,
data_precomp: PublicData1Precomp<P>,
Expand Down Expand Up @@ -380,7 +380,7 @@ impl<P: SchemeParams, I: PartyId> Round<I> for Round2<P, I> {
))));
}

let paillier_pk = normal_broadcast.data.paillier_pk.to_precomputed();
let paillier_pk = normal_broadcast.data.paillier_pk.clone().into_precomputed();

if (paillier_pk.modulus().bits_vartime() as usize) < 8 * P::SECURITY_PARAMETER {
return Err(ReceiveError::protocol(AuxGenError(AuxGenErrorEnum::Round2(
Expand All @@ -390,7 +390,7 @@ impl<P: SchemeParams, I: PartyId> Round<I> for Round2<P, I> {

let aux = (&self.context.sid_hash, &from);

let rp_params = normal_broadcast.data.rp_params.to_mod(&paillier_pk);
let rp_params = normal_broadcast.data.rp_params.to_precomputed();
if !normal_broadcast.data.hat_psi.verify(&rp_params, &aux) {
return Err(ReceiveError::protocol(AuxGenError(AuxGenErrorEnum::Round2(
"PRM verification failed".into(),
Expand Down Expand Up @@ -604,15 +604,15 @@ impl<P: SchemeParams, I: PartyId + Serialize> Round<I> for Round3<P, I> {
id,
PublicAuxInfo {
el_gamal_pk: data.data.cap_y,
paillier_pk: data.paillier_pk.to_minimal(),
rp_params: data.rp_params.retrieve(),
paillier_pk: data.paillier_pk.into_wire(),
rp_params: data.rp_params.to_wire(),
},
)
})
.collect();

let secret_aux = SecretAuxInfo {
paillier_sk: self.context.paillier_sk.to_minimal(),
paillier_sk: self.context.paillier_sk.into_wire(),
el_gamal_sk: SecretBox::new(Box::new(self.context.y)),
};

Expand Down
53 changes: 26 additions & 27 deletions synedrion/src/cggmp21/entities.rs
Original file line number Diff line number Diff line change
Expand Up @@ -14,8 +14,8 @@ use crate::{
cggmp21::SchemeParams,
curve::{Point, Scalar},
paillier::{
CiphertextMod, PaillierParams, PublicKeyPaillier, PublicKeyPaillierPrecomputed, RPParams, RPParamsMod,
Randomizer, SecretKeyPaillier, SecretKeyPaillierPrecomputed,
Ciphertext, PaillierParams, PublicKeyPaillier, PublicKeyPaillierWire, RPParams, RPParamsWire, RandomizerWire,
SecretKeyPaillier, SecretKeyPaillierWire,
},
uint::Signed,
};
Expand All @@ -40,22 +40,22 @@ pub struct AuxInfo<P: SchemeParams, I: Ord> {
}

#[derive(Debug, Clone, Serialize, Deserialize)]
#[serde(bound(serialize = "SecretKeyPaillier<P::Paillier>: Serialize"))]
#[serde(bound(deserialize = "SecretKeyPaillier<P::Paillier>: for <'x> Deserialize<'x>"))]
#[serde(bound(serialize = "SecretKeyPaillierWire<P::Paillier>: Serialize"))]
#[serde(bound(deserialize = "SecretKeyPaillierWire<P::Paillier>: for <'x> Deserialize<'x>"))]
pub(crate) struct SecretAuxInfo<P: SchemeParams> {
pub(crate) paillier_sk: SecretKeyPaillier<P::Paillier>,
pub(crate) paillier_sk: SecretKeyPaillierWire<P::Paillier>,
pub(crate) el_gamal_sk: SecretBox<Scalar>, // `y_i`
}

#[derive(Debug, Clone, Serialize, Deserialize)]
#[serde(bound(serialize = "PublicKeyPaillier<P::Paillier>: Serialize"))]
#[serde(bound(deserialize = "PublicKeyPaillier<P::Paillier>: for <'x> Deserialize<'x>"))]
#[serde(bound(serialize = "PublicKeyPaillierWire<P::Paillier>: Serialize"))]
#[serde(bound(deserialize = "PublicKeyPaillierWire<P::Paillier>: for <'x> Deserialize<'x>"))]
pub(crate) struct PublicAuxInfo<P: SchemeParams> {
pub(crate) el_gamal_pk: Point, // `Y_i`
/// The Paillier public key.
pub(crate) paillier_pk: PublicKeyPaillier<P::Paillier>,
pub(crate) paillier_pk: PublicKeyPaillierWire<P::Paillier>,
/// The ring-Pedersen parameters.
pub(crate) rp_params: RPParams<P::Paillier>, // `s_i` and `t_i`
pub(crate) rp_params: RPParamsWire<P::Paillier>, // `s_i` and `t_i`
}

#[derive(Debug, Clone)]
Expand All @@ -66,7 +66,7 @@ pub(crate) struct AuxInfoPrecomputed<P: SchemeParams, I> {

#[derive(Debug, Clone)]
pub(crate) struct SecretAuxInfoPrecomputed<P: SchemeParams> {
pub(crate) paillier_sk: SecretKeyPaillierPrecomputed<P::Paillier>,
pub(crate) paillier_sk: SecretKeyPaillier<P::Paillier>,
#[allow(dead_code)] // TODO (#36): this will be needed for the 6-round presigning protocol.
pub(crate) el_gamal_sk: SecretBox<Scalar>, // `y_i`
}
Expand All @@ -75,8 +75,8 @@ pub(crate) struct SecretAuxInfoPrecomputed<P: SchemeParams> {
pub(crate) struct PublicAuxInfoPrecomputed<P: SchemeParams> {
#[allow(dead_code)] // TODO (#36): this will be needed for the 6-round presigning protocol.
pub(crate) el_gamal_pk: Point,
pub(crate) paillier_pk: PublicKeyPaillierPrecomputed<P::Paillier>,
pub(crate) rp_params: RPParamsMod<P::Paillier>,
pub(crate) paillier_pk: PublicKeyPaillier<P::Paillier>,
pub(crate) rp_params: RPParams<P::Paillier>,
}

/// The result of the Auxiliary Info & Key Refresh protocol - the update to the key share.
Expand Down Expand Up @@ -105,7 +105,7 @@ pub(crate) struct PresigningData<P: SchemeParams, I> {
pub(crate) product_share_nonreduced: Signed<<P::Paillier as PaillierParams>::Uint>,

// $K_i$.
pub(crate) cap_k: CiphertextMod<P::Paillier>,
pub(crate) cap_k: Ciphertext<P::Paillier>,

// The values for $j$, $j != i$.
pub(crate) values: BTreeMap<I, PresigningValues<P>>,
Expand All @@ -114,14 +114,14 @@ pub(crate) struct PresigningData<P: SchemeParams, I> {
#[derive(Debug, Clone)]
pub(crate) struct PresigningValues<P: SchemeParams> {
pub(crate) hat_beta: SecretBox<Signed<<P::Paillier as PaillierParams>::Uint>>,
pub(crate) hat_r: Randomizer<P::Paillier>,
pub(crate) hat_s: Randomizer<P::Paillier>,
pub(crate) cap_k: CiphertextMod<P::Paillier>,
pub(crate) hat_r: RandomizerWire<P::Paillier>,
pub(crate) hat_s: RandomizerWire<P::Paillier>,
pub(crate) cap_k: Ciphertext<P::Paillier>,
/// Received $\hat{D}_{i,j}$.
pub(crate) hat_cap_d_received: CiphertextMod<P::Paillier>,
pub(crate) hat_cap_d_received: Ciphertext<P::Paillier>,
/// Sent $\hat{D}_{j,i}$.
pub(crate) hat_cap_d: CiphertextMod<P::Paillier>,
pub(crate) hat_cap_f: CiphertextMod<P::Paillier>,
pub(crate) hat_cap_d: Ciphertext<P::Paillier>,
pub(crate) hat_cap_f: Ciphertext<P::Paillier>,
}

impl<P: SchemeParams, I: Clone + Ord + PartialEq + Debug> KeyShare<P, I> {
Expand Down Expand Up @@ -215,7 +215,7 @@ impl<P: SchemeParams, I: Ord + Clone> AuxInfo<P, I> {
pub fn new_centralized(rng: &mut impl CryptoRngCore, ids: &BTreeSet<I>) -> BTreeMap<I, Self> {
let secret_aux = (0..ids.len())
.map(|_| SecretAuxInfo {
paillier_sk: SecretKeyPaillier::<P::Paillier>::random(rng),
paillier_sk: SecretKeyPaillierWire::<P::Paillier>::random(rng),
el_gamal_sk: SecretBox::new(Box::new(Scalar::random(rng))),
})
.collect::<Vec<_>>();
Expand All @@ -224,13 +224,12 @@ impl<P: SchemeParams, I: Ord + Clone> AuxInfo<P, I> {
.iter()
.zip(secret_aux.iter())
.map(|(id, secret)| {
let sk = secret.paillier_sk.to_precomputed();
(
id.clone(),
PublicAuxInfo {
paillier_pk: sk.public_key().to_minimal(),
paillier_pk: secret.paillier_sk.public_key(),
el_gamal_pk: secret.el_gamal_sk.expose_secret().mul_by_generator(),
rp_params: RPParamsMod::random(rng, &sk).retrieve(),
rp_params: RPParams::random(rng).to_wire(),
},
)
})
Expand All @@ -251,23 +250,23 @@ impl<P: SchemeParams, I: Ord + Clone> AuxInfo<P, I> {
.collect()
}

pub(crate) fn to_precomputed(&self) -> AuxInfoPrecomputed<P, I> {
pub(crate) fn into_precomputed(self) -> AuxInfoPrecomputed<P, I> {
AuxInfoPrecomputed {
secret_aux: SecretAuxInfoPrecomputed {
paillier_sk: self.secret_aux.paillier_sk.to_precomputed(),
paillier_sk: self.secret_aux.paillier_sk.clone().into_precomputed(),
el_gamal_sk: self.secret_aux.el_gamal_sk.clone(),
},
public_aux: self
.public_aux
.iter()
.map(|(id, public_aux)| {
let paillier_pk = public_aux.paillier_pk.to_precomputed();
let paillier_pk = public_aux.paillier_pk.clone().into_precomputed();
(
id.clone(),
PublicAuxInfoPrecomputed {
el_gamal_pk: public_aux.el_gamal_pk,
paillier_pk: paillier_pk.clone(),
rp_params: public_aux.rp_params.to_mod(&paillier_pk),
rp_params: public_aux.rp_params.to_precomputed(),
},
)
})
Expand Down
Loading

0 comments on commit 9846887

Please sign in to comment.