verify_sig_share.c (3438B)
1 /* 2 This file is part of Frosix 3 Copyright (C) 2022, 2023 Frosix 4 5 Frosix is free software; you can redistribute it and/or modify it under the 6 terms of the GNU Affero General Public License as published by the Free Software 7 Foundation; either version 3, or (at your option) any later version. 8 9 Frosix is distributed in the hope that it will be useful, but WITHOUT ANY 10 WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR 11 A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. 12 13 You should have received a copy of the GNU Affero General Public License along with 14 Frosix; see the file COPYING. If not, see <http://www.gnu.org/licenses/> 15 */ 16 /** 17 * @file verify_sig_share.c 18 * @brief Implements the function to verify a signature share against a commitment 19 * @author Joel Urech 20 */ 21 #include "frost_high.h" 22 #include "high_common.h" 23 24 /** 25 * Gives the 'SA' the possibility to verify each received signature share against the commitment from round1. 26 */ 27 enum GNUNET_GenericReturnValue 28 FROST_verify_signature_share ( 29 const struct FROST_Commitment *commitment_i, 30 const struct FROST_SignatureShare *signature_share_i, 31 const struct FROST_Commitment commitments[], 32 uint8_t commitments_len, 33 const struct FROST_PublicKey *public_key, 34 const struct FROST_MessageHash *message_hash) 35 { 36 // === Compute the binding factors === 37 struct FROST_BindingFactor binding_factors[commitments_len]; 38 FROST_compute_binding_factors_ (binding_factors, commitments, 39 commitments_len, message_hash); 40 41 struct FROST_BindingFactor binding_factor; 42 if (0 43 == FROST_binding_factor_for_participant_ (&binding_factor, 44 binding_factors, 45 commitments_len, 46 commitment_i->identifier)) 47 return GNUNET_NO; 48 49 // === Compute the group commitment === 50 struct FROST_GroupCommitment group_commitment; 51 FROST_compute_group_commitment_ (&group_commitment, commitments, 52 binding_factors, commitments_len); 53 54 // === compute the commitment share 55 struct FROST_Point comm_share; 56 FROST_point_mul_scalar (&comm_share, &commitment_i->binding_commitment, 57 &binding_factor.binding_factor); 58 FROST_point_add_point (&comm_share, &comm_share, 59 &commitment_i->hiding_commitment); 60 61 // === Compute challenge === 62 struct FROST_Challenge challenge; 63 FROST_compute_challenge_ (&challenge, &group_commitment, public_key, 64 message_hash); 65 66 // === Compute coefficient 67 struct FROST_Coefficient coeff; 68 if (GNUNET_OK 69 != FROST_compute_lagrange_coefficient_ (&coeff, 70 commitment_i->identifier, 71 commitments, commitments_len)) 72 return GNUNET_NO; 73 74 // Compute relation values 75 struct FROST_Point l; 76 FROST_base_mul_scalar (&l, &signature_share_i->sig_share); 77 78 struct FROST_Scalar challenge_lambda; 79 FROST_scalar_mul_scalar (&challenge_lambda, &challenge.challenge, 80 &coeff.coeff); 81 82 struct FROST_Point r; 83 FROST_point_mul_scalar (&r, &signature_share_i->pk_i, &challenge_lambda); 84 FROST_point_add_point (&r, &r, &comm_share); 85 86 return FROST_point_cmp (&l, 87 &r); 88 }