sonr/crypto/tecdsa/dklsv1/refresh/refresh_test.go

//
// Copyright Coinbase, Inc. All Rights Reserved.
//
// SPDX-License-Identifier: Apache-2.0
//

package refresh_test

import (
	"fmt"
	"testing"

	"github.com/stretchr/testify/require"
	"golang.org/x/crypto/sha3"

	"github.com/onsonr/sonr/crypto/core/curves"
	"github.com/onsonr/sonr/crypto/ot/extension/kos"
	"github.com/onsonr/sonr/crypto/tecdsa/dklsv1/dkg"
	"github.com/onsonr/sonr/crypto/tecdsa/dklsv1/refresh"
	"github.com/onsonr/sonr/crypto/tecdsa/dklsv1/sign"
)

func performDKG(t *testing.T, curve *curves.Curve) (*dkg.Alice, *dkg.Bob) {
	t.Helper()

	alice := dkg.NewAlice(curve)
	bob := dkg.NewBob(curve)

	seed, err := bob.Round1GenerateRandomSeed()
	require.NoError(t, err)
	round3Output, err := alice.Round2CommitToProof(seed)
	require.NoError(t, err)
	proof, err := bob.Round3SchnorrProve(round3Output)
	require.NoError(t, err)
	proof, err = alice.Round4VerifyAndReveal(proof)
	require.NoError(t, err)
	proof, err = bob.Round5DecommitmentAndStartOt(proof)
	require.NoError(t, err)
	compressedReceiversMaskedChoice, err := alice.Round6DkgRound2Ot(proof)
	require.NoError(t, err)
	challenge, err := bob.Round7DkgRound3Ot(compressedReceiversMaskedChoice)
	require.NoError(t, err)
	challengeResponse, err := alice.Round8DkgRound4Ot(challenge)
	require.NoError(t, err)
	challengeOpenings, err := bob.Round9DkgRound5Ot(challengeResponse)
	require.NoError(t, err)
	err = alice.Round10DkgRound6Ot(challengeOpenings)
	require.NoError(t, err)

	return alice, bob
}

func performRefresh(t *testing.T, curve *curves.Curve, aliceSecretKeyShare, bobSecretKeyShare curves.Scalar) (*refresh.Alice, *refresh.Bob) {
	t.Helper()
	alice := refresh.NewAlice(curve, &dkg.AliceOutput{SecretKeyShare: aliceSecretKeyShare})
	bob := refresh.NewBob(curve, &dkg.BobOutput{SecretKeyShare: bobSecretKeyShare})

	round1Output := alice.Round1RefreshGenerateSeed()
	require.False(t, round1Output.IsZero())
	round2Output, err := bob.Round2RefreshProduceSeedAndMultiplyAndStartOT(round1Output)
	require.NoError(t, err)
	round3Output, err := alice.Round3RefreshMultiplyRound2Ot(round2Output)
	require.NoError(t, err)
	round4Output, err := bob.Round4RefreshRound3Ot(round3Output)
	require.NoError(t, err)
	round5Output, err := alice.Round5RefreshRound4Ot(round4Output)
	require.NoError(t, err)
	round6Output, err := bob.Round6RefreshRound5Ot(round5Output)
	require.NoError(t, err)
	err = alice.Round7DkgRound6Ot(round6Output)
	require.NoError(t, err)
	return alice, bob
}

func Test_RefreshLeadsToTheSamePublicKeyButDifferentPrivateMaterial(t *testing.T) {
	t.Parallel()
	curveInstances := []*curves.Curve{
		curves.K256(),
		curves.P256(),
	}
	for _, curve := range curveInstances {
		boundCurve := curve
		t.Run(fmt.Sprintf("testing refresh for curve %s", boundCurve.Name), func(tt *testing.T) {
			tt.Parallel()
			alice, bob := performDKG(tt, boundCurve)

			publicKey := alice.Output().PublicKey
			require.True(tt, publicKey.Equal(bob.Output().PublicKey))

			aliceRefreshed, bobRefreshed := performRefresh(tt, boundCurve, alice.Output().SecretKeyShare, bob.Output().SecretKeyShare)

			require.NotEqual(tt, aliceRefreshed.Output().SecretKeyShare, alice.Output().SecretKeyShare)
			require.NotEqual(tt, bobRefreshed.Output().SeedOtResult, bob.Output().SecretKeyShare)
			require.NotEqualValues(
				tt,
				aliceRefreshed.Output().SeedOtResult.OneTimePadDecryptionKey,
				alice.Output().SeedOtResult.OneTimePadDecryptionKey,
			)
			require.NotEqualValues(
				tt,
				aliceRefreshed.Output().SeedOtResult.PackedRandomChoiceBits,
				alice.Output().SeedOtResult.PackedRandomChoiceBits,
			)
			require.NotEqualValues(
				tt,
				aliceRefreshed.Output().SeedOtResult.RandomChoiceBits,
				alice.Output().SeedOtResult.RandomChoiceBits,
			)
			require.NotEqualValues(
				tt,
				bobRefreshed.Output().SeedOtResult.OneTimePadEncryptionKeys,
				bob.Output().SeedOtResult.OneTimePadEncryptionKeys,
			)

			pkA := boundCurve.ScalarBaseMult(aliceRefreshed.Output().SecretKeyShare)
			computedPublicKeyA := pkA.Mul(bobRefreshed.Output().SecretKeyShare)
			require.True(tt, computedPublicKeyA.Equal(publicKey))

			pkB := boundCurve.ScalarBaseMult(bobRefreshed.Output().SecretKeyShare)
			computedPublicKeyB := pkB.Mul(aliceRefreshed.Output().SecretKeyShare)
			require.True(tt, computedPublicKeyB.Equal(publicKey))
		})
	}
}

func Test_RefreshOTIsCorrect(t *testing.T) {
	t.Parallel()
	curveInstances := []*curves.Curve{
		curves.K256(),
		curves.P256(),
	}
	for _, curve := range curveInstances {
		boundCurve := curve
		t.Run(fmt.Sprintf("testing OT correctness of key refresh for curve %s", boundCurve.Name), func(tt *testing.T) {
			tt.Parallel()
			alice, bob := performDKG(tt, boundCurve)
			aliceRefreshed, bobRefreshed := performRefresh(tt, boundCurve, alice.Output().SecretKeyShare, bob.Output().SecretKeyShare)
			for i := 0; i < kos.Kappa; i++ {
				if aliceRefreshed.Output().SeedOtResult.OneTimePadDecryptionKey[i] != bobRefreshed.Output().SeedOtResult.OneTimePadEncryptionKeys[i][aliceRefreshed.Output().SeedOtResult.RandomChoiceBits[i]] {
					tt.Errorf("oblivious transfer is incorrect at index i=%v", i)
				}
			}
		})
	}
}

func Test_CanSignAfterRefresh(t *testing.T) {
	t.Parallel()
	curveInstances := []*curves.Curve{
		curves.K256(),
		curves.P256(),
	}
	for _, curve := range curveInstances {
		boundCurve := curve
		t.Run(fmt.Sprintf("testing sign after refresh for curve %s", boundCurve.Name), func(tt *testing.T) {
			tt.Parallel()
			aliceDKG, bobDKG := performDKG(tt, boundCurve)

			publicKey := aliceDKG.Output().PublicKey
			require.True(tt, publicKey.Equal(bobDKG.Output().PublicKey))

			aliceRefreshed, bobRefreshed := performRefresh(tt, boundCurve, aliceDKG.Output().SecretKeyShare, bobDKG.Output().SecretKeyShare)

			alice := sign.NewAlice(boundCurve, sha3.New256(), &dkg.AliceOutput{
				SeedOtResult:   aliceRefreshed.Output().SeedOtResult,
				SecretKeyShare: aliceRefreshed.Output().SecretKeyShare,
				PublicKey:      publicKey,
			})
			bob := sign.NewBob(boundCurve, sha3.New256(), &dkg.BobOutput{
				SeedOtResult:   bobRefreshed.Output().SeedOtResult,
				SecretKeyShare: bobRefreshed.Output().SecretKeyShare,
				PublicKey:      publicKey,
			})

			message := []byte("A message.")
			seed, err := alice.Round1GenerateRandomSeed()
			require.NoError(tt, err)
			round3Output, err := bob.Round2Initialize(seed)
			require.NoError(tt, err)
			round4Output, err := alice.Round3Sign(message, round3Output)
			require.NoError(tt, err)
			err = bob.Round4Final(message, round4Output)
			require.NoError(tt, err, "curve: %s", boundCurve.Name)
		})
	}
}
feature/1114 implement account interface (#1167) - refactor: move session-related code to middleware package - refactor: update PKL build process and adjust related configurations - feat: integrate base.cosmos.v1 Genesis module - refactor: pass session context to modal rendering functions - refactor: move nebula package to app directory and update templ version - refactor: Move home section video view to dedicated directory - refactor: remove unused views file - refactor: move styles and UI components to global scope - refactor: Rename images.go to cdn.go - feat: Add Empty State Illustrations - refactor: Consolidate Vault Index Logic - fix: References to App.wasm and remove Vault Directory embedded CDN files - refactor: Move CDN types to Models - fix: Correct line numbers in templ error messages for arch_templ.go - refactor: use common types for peer roles - refactor: move common types and ORM to a shared package - fix: Config import dwn - refactor: move nebula directory to app - feat: Rebuild nebula - fix: correct file paths in panels templates - feat: Remove duplicate types - refactor: Move dwn to pkg/core - refactor: Binary Structure - feat: Introduce Crypto Pkg - fix: Broken Process Start - *feat: Update pkg/ structure - feat: Refactor PKL Structure - build: update pkl build process - chore: Remove Empty Files - refactor: remove unused macaroon package - feat: Add WebAwesome Components - refactor: consolidate build and generation tasks into a single taskfile, remove redundant makefile targets - refactor: refactor server and move components to pkg/core/dwn - build: update go modules - refactor: move gateway logic into dedicated hway command - feat: Add KSS (Krawczyk-Song-Song) MPC cryptography module - feat: Implement MPC-based JWT signing and UCAN token generation - feat: add support for MPC-based JWT signing - feat: Implement MPC-based UCAN capabilities for smart accounts - feat: add address field to keyshareSource - feat: Add comprehensive MPC test suite for keyshares, UCAN tokens, and token attenuations - refactor: improve MPC keyshare management and signing process - feat: enhance MPC capability hierarchy documentation - refactor: rename GenerateKeyshares function to NewKeyshareSource for clarity - refactor: remove unused Ethereum address computation - feat: Add HasHandle and IsAuthenticated methods to HTTPContext - refactor: Add context.Context support to session HTTPContext - refactor: Resolve context interface conflicts in HTTPContext - feat: Add session ID context key and helper functions - feat: Update WebApp Page Rendering - refactor: Simplify context management by using single HTTPContext key - refactor: Simplify HTTPContext creation and context management in session middleware - refactor: refactor session middleware to use a single data structure - refactor: Simplify HTTPContext implementation and session data handling - refactor: Improve session context handling and prevent nil pointer errors - refactor: Improve session context handling with nil safety and type support - refactor: improve session data injection - feat: add full-screen modal component and update registration flow - chore: add .air.toml to .gitignore - feat: add Air to devbox and update dependencies** 2024-11-23 01:28:58 -05:00			`//`
			`// Copyright Coinbase, Inc. All Rights Reserved.`
			`//`
			`// SPDX-License-Identifier: Apache-2.0`
			`//`

			`package refresh_test`

			`import (`
			`"fmt"`
			`"testing"`

			`"github.com/stretchr/testify/require"`
			`"golang.org/x/crypto/sha3"`

feature/1121 implement ucan validation (#1176) - refactor: remove unused auth components - refactor: improve devbox configuration and deployment process - refactor: improve devnet and testnet setup - fix: update templ version to v0.2.778 - refactor: rename pkl/net.matrix to pkl/matrix.net - refactor: migrate webapp components to nebula - refactor: protobuf types - chore: update dependencies for improved security and stability - feat: implement landing page and vault gateway servers - refactor: Migrate data models to new module structure and update related files - feature/1121-implement-ucan-validation - refactor: Replace hardcoded constants with model types in attns.go - feature/1121-implement-ucan-validation - chore: add origin Host struct and update main function to handle multiple hosts - build: remove unused static files from dwn module - build: remove unused static files from dwn module - refactor: Move DWN models to common package - refactor: move models to pkg/common - refactor: move vault web app assets to embed module - refactor: update session middleware import path - chore: configure port labels and auto-forwarding behavior - feat: enhance devcontainer configuration - feat: Add UCAN middleware for Echo with flexible token validation - feat: add JWT middleware for UCAN authentication - refactor: update package URI and versioning in PklProject files - fix: correct sonr.pkl import path - refactor: move JWT related code to auth package - feat: introduce vault configuration retrieval and management - refactor: Move vault components to gateway module and update file paths - refactor: remove Dexie and SQLite database implementations - feat: enhance frontend with PWA features and WASM integration - feat: add Devbox features and streamline Dockerfile - chore: update dependencies to include TigerBeetle - chore(deps): update go version to 1.23 - feat: enhance devnet setup with PATH environment variable and updated PWA manifest - fix: upgrade tigerbeetle-go dependency and remove indirect dependency - feat: add PostgreSQL support to devnet and testnet deployments - refactor: rename keyshare cookie to token cookie - feat: upgrade Go version to 1.23.3 and update dependencies - refactor: update devnet and testnet configurations - feat: add IPFS configuration for devnet - I'll help you update the ipfs.config.pkl to include all the peers from the shell script. Here's the updated configuration: - refactor: move mpc package to crypto directory - feat: add BIP32 support for various cryptocurrencies - feat: enhance ATN.pkl with additional capabilities - refactor: simplify smart account and vault attenuation creation - feat: add new capabilities to the Attenuation type - refactor: Rename MPC files for clarity and consistency - feat: add DIDKey support for cryptographic operations - feat: add devnet and testnet deployment configurations - fix: correct key derivation in bip32 package - refactor: rename crypto/bip32 package to crypto/accaddr - fix: remove duplicate indirect dependency - refactor: move vault package to root directory - refactor: update routes for gateway and vault - refactor: remove obsolete web configuration file - refactor: remove unused TigerBeetle imports and update host configuration - refactor: adjust styles directory path - feat: add broadcastTx and simulateTx functions to gateway - feat: add PinVault handler 2024-12-02 14:27:18 -05:00			`"github.com/onsonr/sonr/crypto/core/curves"`
			`"github.com/onsonr/sonr/crypto/ot/extension/kos"`
			`"github.com/onsonr/sonr/crypto/tecdsa/dklsv1/dkg"`
			`"github.com/onsonr/sonr/crypto/tecdsa/dklsv1/refresh"`
			`"github.com/onsonr/sonr/crypto/tecdsa/dklsv1/sign"`
feature/1114 implement account interface (#1167) - refactor: move session-related code to middleware package - refactor: update PKL build process and adjust related configurations - feat: integrate base.cosmos.v1 Genesis module - refactor: pass session context to modal rendering functions - refactor: move nebula package to app directory and update templ version - refactor: Move home section video view to dedicated directory - refactor: remove unused views file - refactor: move styles and UI components to global scope - refactor: Rename images.go to cdn.go - feat: Add Empty State Illustrations - refactor: Consolidate Vault Index Logic - fix: References to App.wasm and remove Vault Directory embedded CDN files - refactor: Move CDN types to Models - fix: Correct line numbers in templ error messages for arch_templ.go - refactor: use common types for peer roles - refactor: move common types and ORM to a shared package - fix: Config import dwn - refactor: move nebula directory to app - feat: Rebuild nebula - fix: correct file paths in panels templates - feat: Remove duplicate types - refactor: Move dwn to pkg/core - refactor: Binary Structure - feat: Introduce Crypto Pkg - fix: Broken Process Start - *feat: Update pkg/ structure - feat: Refactor PKL Structure - build: update pkl build process - chore: Remove Empty Files - refactor: remove unused macaroon package - feat: Add WebAwesome Components - refactor: consolidate build and generation tasks into a single taskfile, remove redundant makefile targets - refactor: refactor server and move components to pkg/core/dwn - build: update go modules - refactor: move gateway logic into dedicated hway command - feat: Add KSS (Krawczyk-Song-Song) MPC cryptography module - feat: Implement MPC-based JWT signing and UCAN token generation - feat: add support for MPC-based JWT signing - feat: Implement MPC-based UCAN capabilities for smart accounts - feat: add address field to keyshareSource - feat: Add comprehensive MPC test suite for keyshares, UCAN tokens, and token attenuations - refactor: improve MPC keyshare management and signing process - feat: enhance MPC capability hierarchy documentation - refactor: rename GenerateKeyshares function to NewKeyshareSource for clarity - refactor: remove unused Ethereum address computation - feat: Add HasHandle and IsAuthenticated methods to HTTPContext - refactor: Add context.Context support to session HTTPContext - refactor: Resolve context interface conflicts in HTTPContext - feat: Add session ID context key and helper functions - feat: Update WebApp Page Rendering - refactor: Simplify context management by using single HTTPContext key - refactor: Simplify HTTPContext creation and context management in session middleware - refactor: refactor session middleware to use a single data structure - refactor: Simplify HTTPContext implementation and session data handling - refactor: Improve session context handling and prevent nil pointer errors - refactor: Improve session context handling with nil safety and type support - refactor: improve session data injection - feat: add full-screen modal component and update registration flow - chore: add .air.toml to .gitignore - feat: add Air to devbox and update dependencies** 2024-11-23 01:28:58 -05:00			`)`

			`func performDKG(t testing.T, curve curves.Curve) (dkg.Alice, dkg.Bob) {`
			`t.Helper()`

			`alice := dkg.NewAlice(curve)`
			`bob := dkg.NewBob(curve)`

			`seed, err := bob.Round1GenerateRandomSeed()`
			`require.NoError(t, err)`
			`round3Output, err := alice.Round2CommitToProof(seed)`
			`require.NoError(t, err)`
			`proof, err := bob.Round3SchnorrProve(round3Output)`
			`require.NoError(t, err)`
			`proof, err = alice.Round4VerifyAndReveal(proof)`
			`require.NoError(t, err)`
			`proof, err = bob.Round5DecommitmentAndStartOt(proof)`
			`require.NoError(t, err)`
			`compressedReceiversMaskedChoice, err := alice.Round6DkgRound2Ot(proof)`
			`require.NoError(t, err)`
			`challenge, err := bob.Round7DkgRound3Ot(compressedReceiversMaskedChoice)`
			`require.NoError(t, err)`
			`challengeResponse, err := alice.Round8DkgRound4Ot(challenge)`
			`require.NoError(t, err)`
			`challengeOpenings, err := bob.Round9DkgRound5Ot(challengeResponse)`
			`require.NoError(t, err)`
			`err = alice.Round10DkgRound6Ot(challengeOpenings)`
			`require.NoError(t, err)`

			`return alice, bob`
			`}`

			`func performRefresh(t testing.T, curve curves.Curve, aliceSecretKeyShare, bobSecretKeyShare curves.Scalar) (refresh.Alice, refresh.Bob) {`
			`t.Helper()`
			`alice := refresh.NewAlice(curve, &dkg.AliceOutput{SecretKeyShare: aliceSecretKeyShare})`
			`bob := refresh.NewBob(curve, &dkg.BobOutput{SecretKeyShare: bobSecretKeyShare})`

			`round1Output := alice.Round1RefreshGenerateSeed()`
			`require.False(t, round1Output.IsZero())`
			`round2Output, err := bob.Round2RefreshProduceSeedAndMultiplyAndStartOT(round1Output)`
			`require.NoError(t, err)`
			`round3Output, err := alice.Round3RefreshMultiplyRound2Ot(round2Output)`
			`require.NoError(t, err)`
			`round4Output, err := bob.Round4RefreshRound3Ot(round3Output)`
			`require.NoError(t, err)`
			`round5Output, err := alice.Round5RefreshRound4Ot(round4Output)`
			`require.NoError(t, err)`
			`round6Output, err := bob.Round6RefreshRound5Ot(round5Output)`
			`require.NoError(t, err)`
			`err = alice.Round7DkgRound6Ot(round6Output)`
			`require.NoError(t, err)`
			`return alice, bob`
			`}`

			`func Test_RefreshLeadsToTheSamePublicKeyButDifferentPrivateMaterial(t *testing.T) {`
			`t.Parallel()`
			`curveInstances := []*curves.Curve{`
			`curves.K256(),`
			`curves.P256(),`
			`}`
			`for _, curve := range curveInstances {`
			`boundCurve := curve`
			`t.Run(fmt.Sprintf("testing refresh for curve %s", boundCurve.Name), func(tt *testing.T) {`
			`tt.Parallel()`
			`alice, bob := performDKG(tt, boundCurve)`

			`publicKey := alice.Output().PublicKey`
			`require.True(tt, publicKey.Equal(bob.Output().PublicKey))`

			`aliceRefreshed, bobRefreshed := performRefresh(tt, boundCurve, alice.Output().SecretKeyShare, bob.Output().SecretKeyShare)`

			`require.NotEqual(tt, aliceRefreshed.Output().SecretKeyShare, alice.Output().SecretKeyShare)`
			`require.NotEqual(tt, bobRefreshed.Output().SeedOtResult, bob.Output().SecretKeyShare)`
			`require.NotEqualValues(`
			`tt,`
			`aliceRefreshed.Output().SeedOtResult.OneTimePadDecryptionKey,`
			`alice.Output().SeedOtResult.OneTimePadDecryptionKey,`
			`)`
			`require.NotEqualValues(`
			`tt,`
			`aliceRefreshed.Output().SeedOtResult.PackedRandomChoiceBits,`
			`alice.Output().SeedOtResult.PackedRandomChoiceBits,`
			`)`
			`require.NotEqualValues(`
			`tt,`
			`aliceRefreshed.Output().SeedOtResult.RandomChoiceBits,`
			`alice.Output().SeedOtResult.RandomChoiceBits,`
			`)`
			`require.NotEqualValues(`
			`tt,`
			`bobRefreshed.Output().SeedOtResult.OneTimePadEncryptionKeys,`
			`bob.Output().SeedOtResult.OneTimePadEncryptionKeys,`
			`)`

			`pkA := boundCurve.ScalarBaseMult(aliceRefreshed.Output().SecretKeyShare)`
			`computedPublicKeyA := pkA.Mul(bobRefreshed.Output().SecretKeyShare)`
			`require.True(tt, computedPublicKeyA.Equal(publicKey))`

			`pkB := boundCurve.ScalarBaseMult(bobRefreshed.Output().SecretKeyShare)`
			`computedPublicKeyB := pkB.Mul(aliceRefreshed.Output().SecretKeyShare)`
			`require.True(tt, computedPublicKeyB.Equal(publicKey))`
			`})`
			`}`
			`}`

			`func Test_RefreshOTIsCorrect(t *testing.T) {`
			`t.Parallel()`
			`curveInstances := []*curves.Curve{`
			`curves.K256(),`
			`curves.P256(),`
			`}`
			`for _, curve := range curveInstances {`
			`boundCurve := curve`
			`t.Run(fmt.Sprintf("testing OT correctness of key refresh for curve %s", boundCurve.Name), func(tt *testing.T) {`
			`tt.Parallel()`
			`alice, bob := performDKG(tt, boundCurve)`
			`aliceRefreshed, bobRefreshed := performRefresh(tt, boundCurve, alice.Output().SecretKeyShare, bob.Output().SecretKeyShare)`
			`for i := 0; i < kos.Kappa; i++ {`
			`if aliceRefreshed.Output().SeedOtResult.OneTimePadDecryptionKey[i] != bobRefreshed.Output().SeedOtResult.OneTimePadEncryptionKeys[i][aliceRefreshed.Output().SeedOtResult.RandomChoiceBits[i]] {`
			`tt.Errorf("oblivious transfer is incorrect at index i=%v", i)`
			`}`
			`}`
			`})`
			`}`
			`}`

			`func Test_CanSignAfterRefresh(t *testing.T) {`
			`t.Parallel()`
			`curveInstances := []*curves.Curve{`
			`curves.K256(),`
			`curves.P256(),`
			`}`
			`for _, curve := range curveInstances {`
			`boundCurve := curve`
			`t.Run(fmt.Sprintf("testing sign after refresh for curve %s", boundCurve.Name), func(tt *testing.T) {`
			`tt.Parallel()`
			`aliceDKG, bobDKG := performDKG(tt, boundCurve)`

			`publicKey := aliceDKG.Output().PublicKey`
			`require.True(tt, publicKey.Equal(bobDKG.Output().PublicKey))`

			`aliceRefreshed, bobRefreshed := performRefresh(tt, boundCurve, aliceDKG.Output().SecretKeyShare, bobDKG.Output().SecretKeyShare)`

			`alice := sign.NewAlice(boundCurve, sha3.New256(), &dkg.AliceOutput{`
			`SeedOtResult: aliceRefreshed.Output().SeedOtResult,`
			`SecretKeyShare: aliceRefreshed.Output().SecretKeyShare,`
			`PublicKey: publicKey,`
			`})`
			`bob := sign.NewBob(boundCurve, sha3.New256(), &dkg.BobOutput{`
			`SeedOtResult: bobRefreshed.Output().SeedOtResult,`
			`SecretKeyShare: bobRefreshed.Output().SecretKeyShare,`
			`PublicKey: publicKey,`
			`})`

			`message := []byte("A message.")`
			`seed, err := alice.Round1GenerateRandomSeed()`
			`require.NoError(tt, err)`
			`round3Output, err := bob.Round2Initialize(seed)`
			`require.NoError(tt, err)`
			`round4Output, err := alice.Round3Sign(message, round3Output)`
			`require.NoError(tt, err)`
			`err = bob.Round4Final(message, round4Output)`
			`require.NoError(tt, err, "curve: %s", boundCurve.Name)`
			`})`
			`}`
			`}`