too many sign verify failed in ed25519 example

[alexSmallWorld]

@markya0616 @cychuang0924 could you take a look at this: too many sign verify failed in ed25519 example.

git repo: https://github.com/alexSmallWorld/alice-ed25519/tree/ed25519Example
git branch: ed25519Example
in this branch I add ed25519 example and batch test script.

how to run batch test: 1, use go 17; 2, cd example && ./rerun.sh
you will see the test processing and result. ** false mean how many case verify sign failed. ** true mean how many case verify sign success.
like:

thanks a lot.

[cychuang0924]

Hi, I spend some time checking our code. The main problem arises in Round2 Line 90.
p.s = s should be replaced by p.s = s.Mod(s, p.curveN).
Ref: https://github.com/getamis/alice/pull/175/files (Merged)
Thanks your report back!

I also add more test in EdDSA. I think that it is help to you!

[alexSmallWorld]

Hi, I spend some time checking our code. The main problem arises in Round2 Line 90. p.s = s should be replaced by p.s = s.Mod(s, p.curveN). Ref: https://github.com/getamis/alice/pull/175/files (Merged) Thanks your report back!

I also add more test in EdDSA. I think that it is help to you!

@cychuang0924
thank you for the bug fix.
but I still got a little failed case in a lot of test of sign verify.

you can replay this by: 1, merge master; 2, vim rerun.sh, use 200 instead of 20; 3 ./rerun.sh

[cychuang0924]

This problem arises from the Schnorr proof of siG. The original paper does not need this zero knowledge proof, so we decide to remove it. If we keep this proof, then we need to change the interface of our Library. In fact, you do not worry about removing it. As say the above, the original paper does not need any Schnorr proofs. After removing it, then you do not get any errors.
Here is the fixing branch: #177 (merged)
Original Paper: https://eprint.iacr.org/2020/852.pdf

[alexSmallWorld]

Thank you very much for handling and updating this issue. However, after I merged the new code and conducted a lot of tests, there is still a small probability that the signature verification will fail.

You can replay this by: 1, merge master; 2, vim rerun.sh, use 200 instead of 20; 3 ./rerun.sh
Thanks!

[cychuang0924]

I run my test 1000 times using random shares. There does not exist any failures.

Excuse me, could you copy the informations of shares and the public key?
For example, I need x-coord, rank, and shares such that I can write the tests by myself.

By the way, if you use the data coming from yaml of the signer then you will get fail results.
Thanks!

[alexSmallWorld]

Of course, my three signer inputs are attached.
input.zip
share: "3675788498585450082991846428007326057826754636663877385528274415846839676857"
share: "1522795425006476177538987458185716386773973361216994141828318603466392185301"
share: "4575846830523611786637644129807785488887694553004765055615792711279484061401"
pubkey:
x: "13303072567237052328013834338380099174471808636153533034015575804719580433195"
"y": "16964052623936448625187294284159857344364737590067812676140890490183700057118"
bks:
id-10001:
x: "2254765913981550676205803762478430869696580688700958727495894224115312987764"
rank: 0
id-10002:
x: "2117636074604900758115075527580492494720639688970891834155177238392086845382"
rank: 0
id-10003:
x: "6414582964050248729324272790247195316284712038021768098875147472012178712076"
rank: 0

By the way, I used the same input to execute the signature for 200 times, and I will fail to verify the signature once; Instead of using a different share for each signature.

Thank you for trying to solve this problem.

[cychuang0924]

Thanks for your help. I add your offering example in our test.
See https://github.com/getamis/alice/pull/180/files
I run this test over 1000 time. There still exists any failures. This verification failure may not be caused by
EdDSA Library. It is possible that the error is caused elsewhere.
If you have time, then you can run the tests in the ../Eddsa/frost/signer_test.go
Thank you very much!

[alexSmallWorld]

I ran the test program provided by you and did not fail.

But my testing process is different from yours. I use three independent processes to connect with each other using TCP, and then do dkg and sign for 200 times.

You can try it on my code:
git repo: https://github.com/alexSmallWorld/alice-ed25519/tree/ed25519Example
1, use go 16; 2, cd example && ./rerun.sh; 3, waiting for all test run out.

Thanks!

[cychuang0924]

OK! I will invite @markya0616 to help you. But, this maybe take some time.

[alexSmallWorld]

Thanks!

[alexSmallWorld]

Is there any progressing? @markya0616

[cychuang0924]

Excuse me, we release our new product in these days, so we have not enough time to check this problem.