frosix

Multiparty signature service (experimental)
Log | Files | Refs | README | LICENSE

keygen_validate_commitment.c (2759B)

      1 /*
      2   This file is part of Frosix
      3   Copyright (C) 2022, 2023 Joel Urech
      4 
      5   Frosix is free software; you can redistribute it and/or modify it under the
      6   terms of the GNU Affero General Public License as published by the Free Software
      7   Foundation; either version 3, or (at your option) any later version.
      8 
      9   Frosix is distributed in the hope that it will be useful, but WITHOUT ANY
     10   WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
     11   A PARTICULAR PURPOSE.  See the GNU Affero General Public License for more details.
     12 
     13   You should have received a copy of the GNU Affero General Public License along with
     14   Frosix; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
     15 */
     16 /**
     17  * @file keygen_validate_commitment.c
     18  * @brief Implements the validation of the commitments
     19  * @author Joel Urech
     20 */
     21 #include "keygen.h"
     22 #include "keygen_common.h"
     23 
     24 /**
     25  * @brief Validates the zero knowledge proof of a commitment.
     26  *
     27  * @param[in] challenge The already calculated challenge for the zkp.
     28  * @param[in] comm A commitment to validate.
     29 */
     30 static enum GNUNET_GenericReturnValue
     31 is_valid_zkp (const struct FROST_Scalar *challenge,
     32               const struct FROST_DkgCommitment *comm)
     33 {
     34   // g^z - (s_pub * challenge)
     35   struct FROST_Point g_z;
     36   FROST_base_mul_scalar (&g_z, &comm->zkp.z);
     37 
     38   struct FROST_Point s_challenge;
     39   FROST_point_mul_scalar (&s_challenge, &comm->share_comm[0].sc,
     40                           challenge);
     41 
     42   struct FROST_Point r;
     43   FROST_point_sub_point (&r, &g_z, &s_challenge);
     44 
     45   return FROST_point_cmp (&comm->zkp.r, &r);
     46 }
     47 
     48 
     49 enum GNUNET_GenericReturnValue
     50 FROST_keygen_validate_commitment (
     51   const struct FROST_DkgCommitment *dkg_commitment,
     52   const struct FROST_HashCode *additional_data,
     53   uint8_t num_of_participants)
     54 {
     55   /* Check if other party pretends to have an invalid identifier */
     56   if (0 == dkg_commitment->identifier
     57       || num_of_participants < dkg_commitment->identifier)
     58     return GNUNET_NO;
     59 
     60   /* check every element if it is a valid encoded point */
     61   if (0 >= dkg_commitment->shares_commitments_length
     62       || dkg_commitment->shares_commitments_length >= 254)
     63     return GNUNET_NO;
     64   for (unsigned int i = 0; i < dkg_commitment->shares_commitments_length; i++)
     65   {
     66     if (GNUNET_OK != FROST_is_valid_point (&dkg_commitment->share_comm[i].sc))
     67       return GNUNET_NO;
     68   }
     69 
     70   struct FROST_DkgChallenge challenge;
     71   FROST_generate_dkg_challenge_ (&challenge,
     72                                  dkg_commitment->identifier,
     73                                  &dkg_commitment->
     74                                  share_comm[0],
     75                                  &dkg_commitment->zkp,
     76                                  additional_data);
     77 
     78   return is_valid_zkp (&challenge.c, dkg_commitment);
     79 }