sonr/crypto/ted25519/frost/round3.go

//
// Copyright Coinbase, Inc. All Rights Reserved.
//
// SPDX-License-Identifier: Apache-2.0
//

package frost

import (
	"fmt"

	"github.com/onsonr/sonr/crypto/core/curves"
	"github.com/onsonr/sonr/crypto/internal"
)

// Round3Bcast contains the output of FROST signature, i.e., it contains FROST signature (z,c) and the
// corresponding message msg.
type Round3Bcast struct {
	R    curves.Point
	Z, C curves.Scalar
	msg  []byte
}

// Define frost signature type
type Signature struct {
	Z curves.Scalar
	C curves.Scalar
}

func (signer *Signer) SignRound3(round3Input map[uint32]*Round2Bcast) (*Round3Bcast, error) {
	// Make sure signer is not empty
	if signer == nil || signer.curve == nil {
		return nil, internal.ErrNilArguments
	}

	// Make sure signer's smallD and smallE are zero
	if !signer.state.smallD.IsZero() || !signer.state.smallE.IsZero() {
		return nil, fmt.Errorf("signer's private smallD and smallE should be zero since one-time use")
	}

	// Make sure the signer has had the msg
	if len(signer.state.msg) == 0 {
		return nil, internal.ErrNilArguments
	}

	// Validate Round3Input
	if round3Input == nil {
		return nil, internal.ErrNilArguments
	}
	for _, data := range round3Input {
		if data == nil {
			return nil, internal.ErrNilArguments
		}
	}

	// Make sure the signer has commitments stored at the end of round 1.
	if signer.state.commitments == nil || len(signer.state.commitments) != len(round3Input) {
		return nil, internal.ErrNilArguments
	}

	// Make sure the round number is correct
	if signer.round != 3 {
		return nil, internal.ErrInvalidRound
	}

	// Round2 Input has different length of threshold
	if uint32(len(round3Input)) != signer.threshold {
		return nil, fmt.Errorf("invalid length of round3Input")
	}

	// Step 1-3
	// Step 1: For j in [1...t]
	z := signer.curve.NewScalar()
	negate := signer.state.sumR.IsNegative()
	for id, data := range round3Input {
		zj := data.Zi
		vkj := data.Vki

		// Step 2: Verify zj*G = Rj + c*Lj*vkj
		// zj*G
		zjG := signer.curve.ScalarBaseMult(zj)

		// c*Lj
		cLj := signer.state.c.Mul(signer.lCoeffs[id])

		// cLjvkj
		cLjvkj := vkj.Mul(cLj)

		// Rj + c*Lj*vkj
		Rj := signer.state.capRs[id]
		if negate {
			Rj = Rj.Neg()
		}
		right := cLjvkj.Add(Rj)

		// Check equation
		if !zjG.Equal(right) {
			return nil, fmt.Errorf("zjG != right with participant id %d\n", id)
		}

		// Step 3 - z = z+zj
		z = z.Add(zj)
	}

	// Step 4 - 7: Self verify the signature (z, c)
	// Step 5 - R' = z*G + (-c)*vk
	zG := signer.curve.ScalarBaseMult(z)
	cvk := signer.verificationKey.Mul(signer.state.c.Neg())
	tempR := zG.Add(cvk)
	// Step 6 - c' = H(m, R')
	tempC, err := signer.challengeDeriver.DeriveChallenge(signer.state.msg, signer.verificationKey, tempR)
	if err != nil {
		return nil, err
	}

	// Step 7 - Check c = c'
	if tempC.Cmp(signer.state.c) != 0 {
		return nil, fmt.Errorf("invalid signature: c != c'")
	}

	// Updating round number
	signer.round = 4

	// Step 8 - Broadcast signature and message
	return &Round3Bcast{
		signer.state.sumR,
		z,
		signer.state.c,
		signer.state.msg,
	}, nil
}

// Method to verify a frost signature.
func Verify(curve *curves.Curve, challengeDeriver ChallengeDerive, vk curves.Point, msg []byte, signature *Signature) (bool, error) {
	if vk == nil || msg == nil || len(msg) == 0 || signature.C == nil || signature.Z == nil {
		return false, fmt.Errorf("invalid input")
	}
	z := signature.Z
	c := signature.C

	// R' = z*G - c*vk
	zG := curve.ScalarBaseMult(z)
	cvk := vk.Mul(c.Neg())
	tempR := zG.Add(cvk)

	// c' = H(m, R')
	tempC, err := challengeDeriver.DeriveChallenge(msg, vk, tempR)
	if err != nil {
		return false, err
	}

	// Check c == c'
	if tempC.Cmp(c) != 0 {
		return false, fmt.Errorf("invalid signature: c != c'")
	}
	return true, nil
}
feature/1114 implement account interface (#1167) - refactor: move session-related code to middleware package - refactor: update PKL build process and adjust related configurations - feat: integrate base.cosmos.v1 Genesis module - refactor: pass session context to modal rendering functions - refactor: move nebula package to app directory and update templ version - refactor: Move home section video view to dedicated directory - refactor: remove unused views file - refactor: move styles and UI components to global scope - refactor: Rename images.go to cdn.go - feat: Add Empty State Illustrations - refactor: Consolidate Vault Index Logic - fix: References to App.wasm and remove Vault Directory embedded CDN files - refactor: Move CDN types to Models - fix: Correct line numbers in templ error messages for arch_templ.go - refactor: use common types for peer roles - refactor: move common types and ORM to a shared package - fix: Config import dwn - refactor: move nebula directory to app - feat: Rebuild nebula - fix: correct file paths in panels templates - feat: Remove duplicate types - refactor: Move dwn to pkg/core - refactor: Binary Structure - feat: Introduce Crypto Pkg - fix: Broken Process Start - *feat: Update pkg/ structure - feat: Refactor PKL Structure - build: update pkl build process - chore: Remove Empty Files - refactor: remove unused macaroon package - feat: Add WebAwesome Components - refactor: consolidate build and generation tasks into a single taskfile, remove redundant makefile targets - refactor: refactor server and move components to pkg/core/dwn - build: update go modules - refactor: move gateway logic into dedicated hway command - feat: Add KSS (Krawczyk-Song-Song) MPC cryptography module - feat: Implement MPC-based JWT signing and UCAN token generation - feat: add support for MPC-based JWT signing - feat: Implement MPC-based UCAN capabilities for smart accounts - feat: add address field to keyshareSource - feat: Add comprehensive MPC test suite for keyshares, UCAN tokens, and token attenuations - refactor: improve MPC keyshare management and signing process - feat: enhance MPC capability hierarchy documentation - refactor: rename GenerateKeyshares function to NewKeyshareSource for clarity - refactor: remove unused Ethereum address computation - feat: Add HasHandle and IsAuthenticated methods to HTTPContext - refactor: Add context.Context support to session HTTPContext - refactor: Resolve context interface conflicts in HTTPContext - feat: Add session ID context key and helper functions - feat: Update WebApp Page Rendering - refactor: Simplify context management by using single HTTPContext key - refactor: Simplify HTTPContext creation and context management in session middleware - refactor: refactor session middleware to use a single data structure - refactor: Simplify HTTPContext implementation and session data handling - refactor: Improve session context handling and prevent nil pointer errors - refactor: Improve session context handling with nil safety and type support - refactor: improve session data injection - feat: add full-screen modal component and update registration flow - chore: add .air.toml to .gitignore - feat: add Air to devbox and update dependencies** 2024-11-23 01:28:58 -05:00			`//`
			`// Copyright Coinbase, Inc. All Rights Reserved.`
			`//`
			`// SPDX-License-Identifier: Apache-2.0`
			`//`

			`package frost`

			`import (`
			`"fmt"`

feature/1121 implement ucan validation (#1176) - refactor: remove unused auth components - refactor: improve devbox configuration and deployment process - refactor: improve devnet and testnet setup - fix: update templ version to v0.2.778 - refactor: rename pkl/net.matrix to pkl/matrix.net - refactor: migrate webapp components to nebula - refactor: protobuf types - chore: update dependencies for improved security and stability - feat: implement landing page and vault gateway servers - refactor: Migrate data models to new module structure and update related files - feature/1121-implement-ucan-validation - refactor: Replace hardcoded constants with model types in attns.go - feature/1121-implement-ucan-validation - chore: add origin Host struct and update main function to handle multiple hosts - build: remove unused static files from dwn module - build: remove unused static files from dwn module - refactor: Move DWN models to common package - refactor: move models to pkg/common - refactor: move vault web app assets to embed module - refactor: update session middleware import path - chore: configure port labels and auto-forwarding behavior - feat: enhance devcontainer configuration - feat: Add UCAN middleware for Echo with flexible token validation - feat: add JWT middleware for UCAN authentication - refactor: update package URI and versioning in PklProject files - fix: correct sonr.pkl import path - refactor: move JWT related code to auth package - feat: introduce vault configuration retrieval and management - refactor: Move vault components to gateway module and update file paths - refactor: remove Dexie and SQLite database implementations - feat: enhance frontend with PWA features and WASM integration - feat: add Devbox features and streamline Dockerfile - chore: update dependencies to include TigerBeetle - chore(deps): update go version to 1.23 - feat: enhance devnet setup with PATH environment variable and updated PWA manifest - fix: upgrade tigerbeetle-go dependency and remove indirect dependency - feat: add PostgreSQL support to devnet and testnet deployments - refactor: rename keyshare cookie to token cookie - feat: upgrade Go version to 1.23.3 and update dependencies - refactor: update devnet and testnet configurations - feat: add IPFS configuration for devnet - I'll help you update the ipfs.config.pkl to include all the peers from the shell script. Here's the updated configuration: - refactor: move mpc package to crypto directory - feat: add BIP32 support for various cryptocurrencies - feat: enhance ATN.pkl with additional capabilities - refactor: simplify smart account and vault attenuation creation - feat: add new capabilities to the Attenuation type - refactor: Rename MPC files for clarity and consistency - feat: add DIDKey support for cryptographic operations - feat: add devnet and testnet deployment configurations - fix: correct key derivation in bip32 package - refactor: rename crypto/bip32 package to crypto/accaddr - fix: remove duplicate indirect dependency - refactor: move vault package to root directory - refactor: update routes for gateway and vault - refactor: remove obsolete web configuration file - refactor: remove unused TigerBeetle imports and update host configuration - refactor: adjust styles directory path - feat: add broadcastTx and simulateTx functions to gateway - feat: add PinVault handler 2024-12-02 14:27:18 -05:00			`"github.com/onsonr/sonr/crypto/core/curves"`
			`"github.com/onsonr/sonr/crypto/internal"`
feature/1114 implement account interface (#1167) - refactor: move session-related code to middleware package - refactor: update PKL build process and adjust related configurations - feat: integrate base.cosmos.v1 Genesis module - refactor: pass session context to modal rendering functions - refactor: move nebula package to app directory and update templ version - refactor: Move home section video view to dedicated directory - refactor: remove unused views file - refactor: move styles and UI components to global scope - refactor: Rename images.go to cdn.go - feat: Add Empty State Illustrations - refactor: Consolidate Vault Index Logic - fix: References to App.wasm and remove Vault Directory embedded CDN files - refactor: Move CDN types to Models - fix: Correct line numbers in templ error messages for arch_templ.go - refactor: use common types for peer roles - refactor: move common types and ORM to a shared package - fix: Config import dwn - refactor: move nebula directory to app - feat: Rebuild nebula - fix: correct file paths in panels templates - feat: Remove duplicate types - refactor: Move dwn to pkg/core - refactor: Binary Structure - feat: Introduce Crypto Pkg - fix: Broken Process Start - *feat: Update pkg/ structure - feat: Refactor PKL Structure - build: update pkl build process - chore: Remove Empty Files - refactor: remove unused macaroon package - feat: Add WebAwesome Components - refactor: consolidate build and generation tasks into a single taskfile, remove redundant makefile targets - refactor: refactor server and move components to pkg/core/dwn - build: update go modules - refactor: move gateway logic into dedicated hway command - feat: Add KSS (Krawczyk-Song-Song) MPC cryptography module - feat: Implement MPC-based JWT signing and UCAN token generation - feat: add support for MPC-based JWT signing - feat: Implement MPC-based UCAN capabilities for smart accounts - feat: add address field to keyshareSource - feat: Add comprehensive MPC test suite for keyshares, UCAN tokens, and token attenuations - refactor: improve MPC keyshare management and signing process - feat: enhance MPC capability hierarchy documentation - refactor: rename GenerateKeyshares function to NewKeyshareSource for clarity - refactor: remove unused Ethereum address computation - feat: Add HasHandle and IsAuthenticated methods to HTTPContext - refactor: Add context.Context support to session HTTPContext - refactor: Resolve context interface conflicts in HTTPContext - feat: Add session ID context key and helper functions - feat: Update WebApp Page Rendering - refactor: Simplify context management by using single HTTPContext key - refactor: Simplify HTTPContext creation and context management in session middleware - refactor: refactor session middleware to use a single data structure - refactor: Simplify HTTPContext implementation and session data handling - refactor: Improve session context handling and prevent nil pointer errors - refactor: Improve session context handling with nil safety and type support - refactor: improve session data injection - feat: add full-screen modal component and update registration flow - chore: add .air.toml to .gitignore - feat: add Air to devbox and update dependencies** 2024-11-23 01:28:58 -05:00			`)`

			`// Round3Bcast contains the output of FROST signature, i.e., it contains FROST signature (z,c) and the`
			`// corresponding message msg.`
			`type Round3Bcast struct {`
			`R curves.Point`
			`Z, C curves.Scalar`
			`msg []byte`
			`}`

			`// Define frost signature type`
			`type Signature struct {`
			`Z curves.Scalar`
			`C curves.Scalar`
			`}`

			`func (signer Signer) SignRound3(round3Input map[uint32]Round2Bcast) (*Round3Bcast, error) {`
			`// Make sure signer is not empty`
			`if signer == nil \|\| signer.curve == nil {`
			`return nil, internal.ErrNilArguments`
			`}`

			`// Make sure signer's smallD and smallE are zero`
			`if !signer.state.smallD.IsZero() \|\| !signer.state.smallE.IsZero() {`
			`return nil, fmt.Errorf("signer's private smallD and smallE should be zero since one-time use")`
			`}`

			`// Make sure the signer has had the msg`
			`if len(signer.state.msg) == 0 {`
			`return nil, internal.ErrNilArguments`
			`}`

			`// Validate Round3Input`
			`if round3Input == nil {`
			`return nil, internal.ErrNilArguments`
			`}`
			`for _, data := range round3Input {`
			`if data == nil {`
			`return nil, internal.ErrNilArguments`
			`}`
			`}`

			`// Make sure the signer has commitments stored at the end of round 1.`
			`if signer.state.commitments == nil \|\| len(signer.state.commitments) != len(round3Input) {`
			`return nil, internal.ErrNilArguments`
			`}`

			`// Make sure the round number is correct`
			`if signer.round != 3 {`
			`return nil, internal.ErrInvalidRound`
			`}`

			`// Round2 Input has different length of threshold`
			`if uint32(len(round3Input)) != signer.threshold {`
			`return nil, fmt.Errorf("invalid length of round3Input")`
			`}`

			`// Step 1-3`
			`// Step 1: For j in [1...t]`
			`z := signer.curve.NewScalar()`
			`negate := signer.state.sumR.IsNegative()`
			`for id, data := range round3Input {`
			`zj := data.Zi`
			`vkj := data.Vki`

			`// Step 2: Verify zjG = Rj + cLj*vkj`
			`// zj*G`
			`zjG := signer.curve.ScalarBaseMult(zj)`

			`// c*Lj`
			`cLj := signer.state.c.Mul(signer.lCoeffs[id])`

			`// cLjvkj`
			`cLjvkj := vkj.Mul(cLj)`

			`// Rj + cLjvkj`
			`Rj := signer.state.capRs[id]`
			`if negate {`
			`Rj = Rj.Neg()`
			`}`
			`right := cLjvkj.Add(Rj)`

			`// Check equation`
			`if !zjG.Equal(right) {`
			`return nil, fmt.Errorf("zjG != right with participant id %d\n", id)`
			`}`

			`// Step 3 - z = z+zj`
			`z = z.Add(zj)`
			`}`

			`// Step 4 - 7: Self verify the signature (z, c)`
			`// Step 5 - R' = zG + (-c)vk`
			`zG := signer.curve.ScalarBaseMult(z)`
			`cvk := signer.verificationKey.Mul(signer.state.c.Neg())`
			`tempR := zG.Add(cvk)`
			`// Step 6 - c' = H(m, R')`
			`tempC, err := signer.challengeDeriver.DeriveChallenge(signer.state.msg, signer.verificationKey, tempR)`
			`if err != nil {`
			`return nil, err`
			`}`

			`// Step 7 - Check c = c'`
			`if tempC.Cmp(signer.state.c) != 0 {`
			`return nil, fmt.Errorf("invalid signature: c != c'")`
			`}`

			`// Updating round number`
			`signer.round = 4`

			`// Step 8 - Broadcast signature and message`
			`return &Round3Bcast{`
			`signer.state.sumR,`
			`z,`
			`signer.state.c,`
			`signer.state.msg,`
			`}, nil`
			`}`

			`// Method to verify a frost signature.`
			`func Verify(curve curves.Curve, challengeDeriver ChallengeDerive, vk curves.Point, msg []byte, signature Signature) (bool, error) {`
			`if vk == nil \|\| msg == nil \|\| len(msg) == 0 \|\| signature.C == nil \|\| signature.Z == nil {`
			`return false, fmt.Errorf("invalid input")`
			`}`
			`z := signature.Z`
			`c := signature.C`

			`// R' = zG - cvk`
			`zG := curve.ScalarBaseMult(z)`
			`cvk := vk.Mul(c.Neg())`
			`tempR := zG.Add(cvk)`

			`// c' = H(m, R')`
			`tempC, err := challengeDeriver.DeriveChallenge(msg, vk, tempR)`
			`if err != nil {`
			`return false, err`
			`}`

			`// Check c == c'`
			`if tempC.Cmp(c) != 0 {`
			`return false, fmt.Errorf("invalid signature: c != c'")`
			`}`
			`return true, nil`
			`}`