Expose various missing items in the public API

synedrion/src/cggmp21.rs

@@ -21,6 +21,8 @@ pub(crate) use protocols::{
     ToNextRound, ToResult,
 };
 pub use protocols::{
-    InteractiveSigningResult, KeyRefreshResult, KeyShare, KeyShareChange, KeygenAndAuxResult,
-    PartyIdx, ProtocolResult, ThresholdKeyShare,
+    InteractiveSigningError, InteractiveSigningProof, InteractiveSigningResult, KeyRefreshResult,
+    KeyShare, KeyShareChange, KeygenAndAuxError, KeygenAndAuxProof, KeygenAndAuxResult,
+    KeygenError, KeygenResult, PartyIdx, PresigningError, PresigningProof, PresigningResult,
+    ProtocolResult, SigningProof, SigningResult, ThresholdKeyShare,
 };

synedrion/src/cggmp21/protocols.rs

@@ -23,6 +23,11 @@ pub(crate) use common::PresigningData;
 pub use auxiliary::KeyRefreshResult;
 pub use common::{KeyShare, KeyShareChange, KeyShareSeed, PartyIdx};
 pub use generic::ProtocolResult;
-pub use interactive_signing::InteractiveSigningResult;
-pub use keygen_and_aux::KeygenAndAuxResult;
+pub use interactive_signing::{
+    InteractiveSigningError, InteractiveSigningProof, InteractiveSigningResult,
+};
+pub use keygen::{KeygenError, KeygenResult};
+pub use keygen_and_aux::{KeygenAndAuxError, KeygenAndAuxProof, KeygenAndAuxResult};
+pub use presigning::{PresigningError, PresigningProof, PresigningResult};
+pub use signing::{SigningProof, SigningResult};
 pub use threshold::ThresholdKeyShare;

synedrion/src/cggmp21/protocols/common.rs

@@ -152,7 +152,7 @@ pub struct PresigningData<P: SchemeParams> {
 impl<P: SchemeParams> KeyShare<P> {
     /// Creates a key share out of the seed (obtained from the KeyGen protocol)
     /// and the share change (obtained from the KeyRefresh+Auxiliary protocol).
-    pub fn new(seed: KeyShareSeed, change: KeyShareChange<P>) -> Self {
+    pub(crate) fn new(seed: KeyShareSeed, change: KeyShareChange<P>) -> Self {
         // TODO: check that party_idx is the same for both, and the number of parties is the same
         let secret_share = seed.secret_share + change.secret_share_change;
         let public_shares = seed
@@ -267,10 +267,10 @@ impl<P: SchemeParams> KeyShare<P> {
     }
 
     /// Returns the index of this share's party.
-    pub fn party_index(&self) -> PartyIdx {
+    pub fn party_index(&self) -> usize {
         // TODO: technically it is the share index, but for now we are equating the two,
         // since we assume that one party has one share.
-        self.index
+        self.index.as_usize()
     }
 }
 

synedrion/src/cggmp21/protocols/interactive_signing.rs

@@ -15,7 +15,7 @@ use crate::cggmp21::params::SchemeParams;
 use crate::curve::{RecoverableSignature, Scalar};
 use crate::tools::collections::HoleVec;
 
-/// Possible results of merged Presigning and Signing protocols.
+/// Possible results of the merged Presigning and Signing protocols.
 #[derive(Debug, Clone, Copy)]
 pub struct InteractiveSigningResult<P: SchemeParams>(PhantomData<P>);
 
@@ -25,15 +25,21 @@ impl<P: SchemeParams> ProtocolResult for InteractiveSigningResult<P> {
     type CorrectnessProof = InteractiveSigningProof<P>;
 }
 
+/// Possible verifiable errors of the merged Presigning and Signing protocols.
 #[derive(Debug, Clone)]
 pub enum InteractiveSigningError<P: SchemeParams> {
+    /// An error in the Presigning part of the protocol.
     Presigning(<PresigningResult<P> as ProtocolResult>::ProvableError),
+    /// An error in the Signing part of the protocol.
     Signing(<SigningResult<P> as ProtocolResult>::ProvableError),
 }
 
+/// A proof of a node's correct behavior for the merged Presigning and Signing protocols.
 #[derive(Debug, Clone)]
 pub enum InteractiveSigningProof<P: SchemeParams> {
+    /// A proof for the Presigning part of the protocol.
     Presigning(<PresigningResult<P> as ProtocolResult>::CorrectnessProof),
+    /// A proof for the Signing part of the protocol.
     Signing(<SigningResult<P> as ProtocolResult>::CorrectnessProof),
 }
 
@@ -212,7 +218,7 @@ impl<P: SchemeParams> FinalizableToNextRound for Round3<P> {
             rng,
             &self.context.shared_randomness,
             num_parties,
-            party_idx,
+            PartyIdx::from_usize(party_idx),
             signing_context,
         )
         .map_err(FinalizeError::Init)?;

synedrion/src/cggmp21/protocols/keygen.rs

@@ -22,6 +22,7 @@ use crate::tools::hashing::{Chain, Hash, HashOutput, Hashable};
 use crate::tools::random::random_bits;
 use crate::tools::serde_bytes;
 
+/// Possible results of the KeyGen protocol.
 #[derive(Debug, Clone, Copy)]
 pub struct KeygenResult;
 
@@ -31,9 +32,12 @@ impl ProtocolResult for KeygenResult {
     type CorrectnessProof = ();
 }
 
+/// Possible verifiable errors of the KeyGen protocol.
 #[derive(Debug, Clone, Copy)]
 pub enum KeygenError {
+    /// A hash mismatch in Round 2.
     R2HashMismatch,
+    /// Failed to verify `П^{sch}` in Round 3.
     R3InvalidSchProof,
 }
 

synedrion/src/cggmp21/protocols/keygen_and_aux.rs

@@ -15,7 +15,7 @@ use super::wrappers::{wrap_finalize_error, wrap_receive_error, ResultWrapper};
 use crate::cggmp21::SchemeParams;
 use crate::tools::collections::{HoleRange, HoleVec};
 
-/// Possible results of merged KeyGen and KeyRefresh protocols.
+/// Possible results of the merged KeyGen and KeyRefresh protocols.
 #[derive(Debug, Clone, Copy)]
 pub struct KeygenAndAuxResult<P: SchemeParams>(PhantomData<P>);
 
@@ -25,15 +25,21 @@ impl<P: SchemeParams> ProtocolResult for KeygenAndAuxResult<P> {
     type CorrectnessProof = KeygenAndAuxProof<P>;
 }
 
+/// Possible verifiable errors of the merged KeyGen and KeyRefresh protocols.
 #[derive(Debug, Clone)]
 pub enum KeygenAndAuxError<P: SchemeParams> {
+    /// An error in the KeyGen part of the protocol.
     Keygen(<KeygenResult as ProtocolResult>::ProvableError),
+    /// An error in the KeyRefresh part of the protocol.
     KeyRefresh(<KeyRefreshResult<P> as ProtocolResult>::ProvableError),
 }
 
+/// A proof of a node's correct behavior for the merged KeyGen and KeyRefresh protocols.
 #[derive(Debug, Clone)]
 pub enum KeygenAndAuxProof<P: SchemeParams> {
+    /// A proof for the KeyGen part of the protocol.
     Keygen(<KeygenResult as ProtocolResult>::CorrectnessProof),
+    /// A proof for the KeyRefresh part of the protocol.
     KeyRefresh(<KeyRefreshResult<P> as ProtocolResult>::CorrectnessProof),
 }
 

synedrion/src/cggmp21/protocols/presigning.rs

@@ -27,6 +27,7 @@ fn uint_from_scalar<P: SchemeParams>(
     <<P as SchemeParams>::Paillier as PaillierParams>::Uint::from_scalar(x)
 }
 
+/// Possible results of the Presigning protocol.
 #[derive(Debug, Clone, Copy)]
 pub struct PresigningResult<P: SchemeParams>(PhantomData<P>);
 
@@ -36,10 +37,14 @@ impl<P: SchemeParams> ProtocolResult for PresigningResult<P> {
     type CorrectnessProof = PresigningProof<P>;
 }
 
+/// Possible verifiable errors of the Presigning protocol.
 #[derive(Debug, Clone)]
 pub enum PresigningError {
+    /// An error in Round 1.
     Round1(String),
+    /// An error in Round 2.
     Round2(String),
+    /// An error in Round 3.
     Round3(String),
 }
 
@@ -663,8 +668,8 @@ impl<P: SchemeParams> DirectRound for Round3<P> {
     }
 }
 
-// TODO: this can be removed when error verification is added
-#[allow(dead_code)]
+/// A proof of a node's correct behavior for the Presigning protocol.
+#[allow(dead_code)] // TODO: this can be removed when error verification is added
 #[derive(Debug, Clone)]
 pub struct PresigningProof<P: SchemeParams> {
     aff_g_proofs: Vec<(PartyIdx, PartyIdx, AffGProof<P>)>,

synedrion/src/cggmp21/protocols/signing.rs

@@ -20,6 +20,7 @@ use crate::paillier::RandomizerMod;
 use crate::tools::collections::{HoleRange, HoleVec};
 use crate::uint::{Bounded, FromScalar, Signed};
 
+/// Possible results of the Signing protocol.
 #[derive(Debug, Clone, Copy)]
 pub struct SigningResult<P: SchemeParams>(PhantomData<P>);
 
@@ -29,8 +30,8 @@ impl<P: SchemeParams> ProtocolResult for SigningResult<P> {
     type CorrectnessProof = SigningProof<P>;
 }
 
-// TODO: this can be removed when error verification is added
-#[allow(dead_code)]
+/// A proof of a node's correct behavior for the Signing protocol.
+#[allow(dead_code)] // TODO: this can be removed when error verification is added
 #[derive(Debug, Clone)]
 pub struct SigningProof<P: SchemeParams> {
     aff_g_proofs: Vec<(PartyIdx, PartyIdx, AffGProof<P>)>,

synedrion/src/cggmp21/protocols/threshold.rs

@@ -96,10 +96,10 @@ impl<P: SchemeParams> ThresholdKeyShare<P> {
     }
 
     /// Returns the index of this share's party.
-    pub fn party_index(&self) -> PartyIdx {
+    pub fn party_index(&self) -> usize {
         // TODO: technically it is the share index, but for now we are equating the two,
         // since we assume that one party has one share.
-        self.index
+        self.index.as_usize()
     }
 
     /// Converts a t-of-n key share into a t-of-t key share

synedrion/src/lib.rs

@@ -37,7 +37,10 @@ pub use k256::ecdsa;
 pub use signature;
 
 pub use cggmp21::{
-    KeyShare, KeyShareChange, ProductionParams, ProtocolResult, SchemeParams, TestParams,
+    InteractiveSigningError, InteractiveSigningProof, InteractiveSigningResult, KeyRefreshResult,
+    KeyShare, KeyShareChange, KeygenAndAuxError, KeygenAndAuxProof, KeygenAndAuxResult,
+    KeygenError, KeygenResult, PresigningError, PresigningProof, PresigningResult,
+    ProductionParams, ProtocolResult, SchemeParams, SigningProof, SigningResult, TestParams,
     ThresholdKeyShare,
 };
 pub use curve::RecoverableSignature;

synedrion/src/sessions.rs

@@ -7,10 +7,13 @@ mod signed_message;
 mod states;
 mod type_erased;
 
+pub use broadcast::ConsensusError;
 pub use constructors::{
     make_interactive_signing_session, make_key_refresh_session, make_keygen_and_aux_session,
     PrehashedMessage,
 };
-pub use error::Error;
+pub use error::{Error, LocalError, ProvableError, RemoteError, RemoteErrorEnum};
 pub use signed_message::SignedMessage;
-pub use states::{FinalizeOutcome, Session};
+pub use states::{
+    Artefact, FinalizeOutcome, PreprocessedMessage, ProcessedMessage, RoundAccumulator, Session,
+};

synedrion/src/sessions/broadcast.rs

@@ -20,11 +20,17 @@ struct Message<Sig> {
     broadcasts: Vec<(PartyIdx, SignedMessage<Sig>)>,
 }
 
+/// Errors that can occur during broadcast consesnsus check.
 #[derive(Debug, Clone)]
 pub enum ConsensusError {
+    /// Cannot deserialize the message.
     CannotDeserialize(String),
+    /// Unexpected number of broadcasts in the message.
     UnexpectedNumberOfBroadcasts,
+    /// A broadcast from one of the parties is missing.
     MissingBroadcast,
+    /// The broadcasts received during the consensus round
+    /// do not match the ones received previously.
     ConflictingBroadcasts,
 }
 

synedrion/src/sessions/error.rs

@@ -7,7 +7,6 @@ use crate::cggmp21::ProtocolResult;
 #[derive(Clone, Debug)]
 pub enum Error<Res: ProtocolResult, Verifier> {
     /// Indicates an error on this party's side.
-    /// Can be caused by an incorrect usage, a bug in the implementation, or some environment error.
     Local(LocalError),
     /// A provable fault of another party.
     // TODO: attach the party's messages up to this round for this to be verifiable by a third party
@@ -32,27 +31,40 @@ pub enum Error<Res: ProtocolResult, Verifier> {
     Remote(RemoteError<Verifier>),
 }
 
+/// An error on this party's side.
+/// Can be caused by an incorrect usage, a bug in the implementation, or some environment error.
 #[derive(Clone, Debug)]
 pub struct LocalError(pub(crate) String);
 
 /// An unprovable fault of another party.
 #[derive(Clone, Debug)]
 pub struct RemoteError<Verifier> {
+    /// The offending party.
     pub party: Verifier,
+    /// The error type
     pub error: RemoteErrorEnum,
 }
 
+/// Types of unprovable faults of another party.
 #[derive(Clone, Debug)]
 pub enum RemoteErrorEnum {
+    /// Session ID does not match the one provided to the local session constructor.
     UnexpectedSessionId,
+    /// A message is intended for an unexpected round (not the current one or the next one).
     OutOfOrderMessage,
+    /// A message from this party has already been received.
     DuplicateMessage,
+    /// The message signature does not match its contents.
     InvalidSignature(String),
 }
 
+/// A provable fault of another party.
 #[derive(Clone, Debug)]
 pub enum ProvableError<Res: ProtocolResult> {
+    /// A protocol error.
     Protocol(Res::ProvableError),
+    /// Failed to deserialize the message.
     CannotDeserialize(String),
+    /// Broadcast consensus check failed.
     Consensus(ConsensusError),
 }

synedrion/src/sessions/states.rs

@@ -568,6 +568,7 @@ where
     }
 }
 
+/// A mutable accumulator created for each round to assemble processed messages from other parties.
 pub struct RoundAccumulator<Sig> {
     received_direct_messages: Vec<(PartyIdx, VerifiedMessage<Sig>)>,
     received_broadcasts: Vec<(PartyIdx, VerifiedMessage<Sig>)>,
@@ -618,7 +619,7 @@ impl<Sig> RoundAccumulator<Sig> {
             })
     }
 
-    /// Save a processed message produced by [`Session::verify_message`].
+    /// Save a processed message produced by [`Session::process_message`].
     pub fn add_processed_message<Verifier>(
         &mut self,
         pm: ProcessedMessage<Sig, Verifier>,
@@ -698,17 +699,21 @@ impl<Sig> RoundAccumulator<Sig> {
     }
 }
 
+/// Data produced when creating a direct message to another party
+/// that has to be preserved for further processing.
 pub struct Artefact<Verifier> {
     destination: Verifier,
     destination_idx: PartyIdx,
     artefact: DynDmArtefact,
 }
 
+/// A message that passed initial validity checks.
 pub struct PreprocessedMessage<Sig> {
     from_idx: PartyIdx,
     message: VerifiedMessage<Sig>,
 }
 
+/// A processed message from another party.
 pub struct ProcessedMessage<Sig, Verifier> {
     from: Verifier,
     from_idx: PartyIdx,

synedrion/tests/sessions.rs

@@ -237,7 +237,7 @@ async fn keygen_and_aux() {
     let key_shares = run_nodes(sessions).await;
 
     for (idx, key_share) in key_shares.iter().enumerate() {
-        assert_eq!(key_share.party_index().as_usize(), idx);
+        assert_eq!(key_share.party_index(), idx);
         assert_eq!(key_share.num_parties(), num_parties);
         assert_eq!(key_share.verifying_key(), key_shares[0].verifying_key());
     }