frosix

Multiparty signature service (experimental)
Log | Files | Refs | README | LICENSE

sign_message_hash.c (4719B)

      1 /*
      2   This file is part of Frosix
      3   Copyright (C) 2022, 2023 Frosix
      4 
      5   Frosix is free software; you can redistribute it and/or modify it under the
      6   terms of the GNU Affero General Public License as published by the Free Software
      7   Foundation; either version 3, or (at your option) any later version.
      8 
      9   Frosix is distributed in the hope that it will be useful, but WITHOUT ANY
     10   WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
     11   A PARTICULAR PURPOSE.  See the GNU Affero General Public License for more details.
     12 
     13   You should have received a copy of the GNU Affero General Public License along with
     14   Frosix; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
     15 */
     16 /**
     17  * @file sign_message_hash.c
     18  * @brief Implements the signing of a message
     19  * @author Joel Urech
     20 */
     21 #include <gnunet/gnunet_util_lib.h>
     22 #include "frost_high.h"
     23 #include "high_common.h"
     24 
     25 /**
     26  * @brief Internal function to compute the signature share
     27  *
     28  * @param sig_share The resulting signature share
     29  * @param my_key_pair Secret key material
     30  * @param nonce The generated nonce from round1
     31  * @param binding_factors Binding factors of all participating participants
     32  * @param binding_factors_len Length of the binding factors array
     33  * @param coefficient Our lagrange coefficient
     34  * @param challenge The group challenge
     35  * @return #GNUNET_OK
     36  *         #GNUNET_NO
     37 */
     38 static enum GNUNET_GenericReturnValue
     39 compute_sig_share (
     40   struct FROST_SignatureShare *sig_share,
     41   const struct FROST_KeyPair *my_key_pair,
     42   const struct FROST_Nonce *nonce,
     43   const struct FROST_BindingFactor binding_factors[],
     44   size_t binding_factors_len,
     45   const struct FROST_Coefficient *coefficient,
     46   const struct FROST_Challenge *challenge)
     47 {
     48   // get my_binding_factor
     49   struct FROST_BindingFactor my_binding_factor;
     50   if (GNUNET_OK
     51       != FROST_binding_factor_for_participant_ (&my_binding_factor,
     52                                                 binding_factors,
     53                                                 binding_factors_len,
     54                                                 my_key_pair->identifier))
     55     return GNUNET_NO;
     56 
     57 
     58   // binding_nonce * binding_factor
     59   struct FROST_Scalar binding;
     60   FROST_scalar_mul_scalar (&binding, &nonce->binding_nonce,
     61                            &my_binding_factor.binding_factor);
     62 
     63   // lambda_i * sk_i * challenge
     64   struct FROST_Scalar challenge_sk;
     65 
     66   FROST_scalar_mul_scalar (&challenge_sk, &coefficient->coeff,
     67                            &my_key_pair->my_sk);
     68   FROST_scalar_mul_scalar (&challenge_sk, &challenge_sk,
     69                            &challenge->challenge);
     70 
     71   // hiding + binding
     72   FROST_scalar_add_scalar (&sig_share->sig_share, &nonce->hiding_nonce,
     73                            &binding);
     74 
     75   // + challenge
     76   FROST_scalar_add_scalar (&sig_share->sig_share, &sig_share->sig_share,
     77                            &challenge_sk);
     78 
     79   // Set index
     80   sig_share->identifier = my_key_pair->identifier;
     81 
     82   // Set pk of sk_share
     83   FROST_base_mul_scalar (&sig_share->pk_i, &my_key_pair->my_sk);
     84 
     85   return GNUNET_OK;
     86 }
     87 
     88 
     89 enum GNUNET_GenericReturnValue
     90 FROST_sign_message_hash (struct FROST_SignatureShare *signature_share,
     91                          const struct FROST_MessageHash *message_hash,
     92                          const struct FROST_Commitment commitments[],
     93                          size_t commitments_len,
     94                          const struct FROST_KeyPair *my_key_pair,
     95                          const struct FROST_Nonce *my_nonce)
     96 {
     97   // Compute the binding factor(s)
     98   struct FROST_BindingFactor binding_factors[commitments_len];
     99   FROST_compute_binding_factors_ (binding_factors, commitments,
    100                                   commitments_len, message_hash);
    101 
    102   // Compute the group commitment
    103   struct FROST_GroupCommitment group_commitment;
    104   FROST_compute_group_commitment_ (&group_commitment, commitments,
    105                                    binding_factors, commitments_len);
    106 
    107   // Compute the per-message challenge
    108   struct FROST_Challenge challenge;
    109   FROST_compute_challenge_ (&challenge, &group_commitment,
    110                             &my_key_pair->group_pk, message_hash);
    111 
    112   // Compute coefficient
    113   struct FROST_Coefficient coeff_i;
    114 
    115   if (GNUNET_OK != FROST_compute_lagrange_coefficient_ (&coeff_i,
    116                                                         my_key_pair->identifier,
    117                                                         commitments,
    118                                                         commitments_len))
    119     return GNUNET_NO;
    120 
    121   // Compute the signature share
    122   return compute_sig_share (signature_share, my_key_pair, my_nonce,
    123                             binding_factors, commitments_len, &coeff_i,
    124                             &challenge);
    125 }