getamis · cychuang0924 · Mar 7, 2023 · Mar 25, 2023
@@ -69,7 +69,8 @@ type shareManager struct {
 
 type childShare struct {
 	*shareManager
-	translate *big.Int
+	translate          *big.Int
+	otherPartialShareG *ecpointgrouplaw.ECPoint
 }
 
 func NewShareManager(share *big.Int, pubKey *ecpointgrouplaw.ECPoint, chainCode []byte, depth byte, bks map[string]*birkhoffinterpolation.BkParameter, selfId string) (*shareManager, error) {
@@ -143,11 +144,19 @@ func (sHolder *shareManager) ComputeHardenedChildShare(childIndex uint32, second
 	}
 
 	cs := new(big.Int).Add(sHolder.share, halfTranslate)
+	// set otherPartial PubKey
+	otherPartialKey, err := childPubKey.Add(ecpointgrouplaw.ScalarBaseMult(childPubKey.GetCurve(), cs).Neg())
+	if err != nil {
+		return nil, err
+	}
+	otherPartialKey = otherPartialKey.ScalarMult(new(big.Int).ModInverse(cos[1], curveN))
+
 	// Set bk coefficients
 	cs = new(big.Int).Mul(cs, new(big.Int).ModInverse(cos[0], curveN))
 	cs = cs.Mod(cs, curveN)
 	return &childShare{
-		translate: translate,
+		translate:          translate,
+		otherPartialShareG: otherPartialKey,
 		shareManager: &shareManager{
 			share:     cs,
 			chainCode: hashResult[32:],

@@ -33,6 +33,7 @@ import (
 const (
 	SeedLength = 32
 	Threshold  = 2
+	LenRidi    = 32
 
 	otherInfoBitStr = "0100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000101000000000000000000010000000000010001000000000001000001010001010000000000000100010100000101000000010001010101000100000100000100010101010101010100010101000101010000000000000001000100000001000001000101010100010001000101000001010100000101010001010001010100010001000100010101000100010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001010000000001010100010100010100000100010100010100010001000100000100000000000001000001010100000101000001010101010101010100010000000000010000010000010000000101000101010100010100000101000000010101010001000100010001000101000101010000000101010101000101010101010001010101000100000101000101000101000001000001000101010100010100000001000100000001010001000000000101010001000001000100000001000100000000000100010001000100000101000101000100000101010000000100010100000101010001010101000001010000000101000001010101000101010101010101000001000100010000010000000000010001010001000001010101010100000100000000000100010100010100000000010000010000010100000101010001000101010000010100000100000101000000000100010100000001010101000101010101010001000001010101000001000101000000010001010100010100010001010100000101000000000100000000010000000100000101010001010000000100010100000000010101000100000100010000010000000101010100010100000101010000000001010000000000010100000000000101000000000001000001010001000000010001010101000100010001000000010101000100000101010001010000010100000100010100010000010100010001010000000101010101000000000001010000000000000101010001000101000101000101010100000100010000010001010001010001000001010001010101000100000000010100000101010100000001000001000000000000000000000100010000000000010101010000000101010100010100000000000100000001010101010000000001010000000001010001010000010100010001000001000101000001000101000000010101010101010000010100000100000001010101000001010001010101000101000001000100010001000000010101010100000000010100000001000100000101000001000101000001010001000100000101000000000000010100000001010000010100000101010100010100010000000000000100000100010000000001000001000000000100000101000100010101010001000000000100000100000001000101000100010101010000010001010100010101010101010001010100000000000101010101000101000000000000000001000001010101010100000101010100010001000100000001010101000100000000010001010100010101000101010100010100010101000001000101010001000001000000000100000000010100010001010100010101010000010000010001010101000101010001"
 )
@@ -46,6 +47,7 @@ type initial struct {
 	peers       map[string]*peer
 	selfId      string
 
+	ridi            []byte
 	bk              *birkhoffinterpolation.BkParameter
 	bks             birkhoffinterpolation.BkParameters
 	sid             []byte
@@ -108,6 +110,11 @@ func newMasterKeyFunc(startIndex int, garbleStart int, garbleEnd int, computeFun
 			return nil, ErrInvalidSeed
 		}
 
+		ridi, err := utils.GenRandomBytes(LenRidi)
+		if err != nil {
+			return nil, err
+		}
+
 		// Random x and build bk
 		x, err := utils.RandomPositiveInt(secp256k1N)
 		if err != nil {
@@ -140,6 +147,7 @@ func newMasterKeyFunc(startIndex int, garbleStart int, garbleEnd int, computeFun
 			peers:       peers,
 			selfId:      peerManager.SelfID(),
 
+			ridi:            ridi,
 			bk:              bk,
 			sid:             sid,
 			garcircuit:      garcir,
@@ -157,6 +165,7 @@ func newMasterKeyFunc(startIndex int, garbleStart int, garbleEnd int, computeFun
 						GarcirMsg:     garMsg,
 						OtherInfoWire: garcir.Encrypt(1024, otherInfoBit),
 						Bk:            bk.ToMessage(),
+						Ridi:          ridi,
 					},
 				},
 			},
@@ -204,6 +213,8 @@ func (s *initial) HandleMessage(logger log.Logger, message types.Message) error
 		s.bk,
 		bk,
 	}
+	// Set for CGGMP
+	peer.ridi = body.GetRidi()
 	err = s.bks.CheckValid(Threshold, secp256k1N)
 	if err != nil {
 		logger.Warn("Invalid bks", "err", err)

@@ -18,6 +18,7 @@ import (
 	"math/big"
 
 	pt "github.com/getamis/alice/crypto/ecpointgrouplaw"
+	"github.com/getamis/alice/crypto/utils"
 	"github.com/getamis/alice/crypto/zkproof"
 	"github.com/getamis/alice/types"
 	"github.com/getamis/sirius/log"
@@ -28,6 +29,7 @@ type resultHandler struct {
 
 	share  *big.Int
 	shareG *pt.ECPoint
+	rid    []byte
 }
 
 func newResultHandler(oh *decommitmentHandler) *resultHandler {
@@ -76,10 +78,11 @@ func (s *resultHandler) HandleMessage(logger log.Logger, message types.Message)
 		logger.Warn("Failed to verify", "err", err)
 		return err
 	}
+	s.rid = utils.Xor(s.ridi, peer.ridi)
 	s.share = new(big.Int).Add(s.poly.Evaluate(s.bk.GetX()), new(big.Int).SetBytes(body.GetResult().Evaluation))
 	s.share = s.share.Mul(s.share, big2Inver)
 	s.share = s.share.Mod(s.share, secp256k1N)
-	shareGMsg, err := zkproof.NewBaseSchorrMessage(curve, s.share)
+	shareGMsg, err := zkproof.NewBaseSchorrMessage(curve, s.share, s.rid)
 	if err != nil {
 		logger.Warn("Failed to get share G message", "err", err)
 		return err

@@ -57,7 +57,7 @@ func (s *verifyHandler) HandleMessage(logger log.Logger, message types.Message)
 	}
 
 	shareGMsg := msg.GetVerify().GetShareGProofMsg()
-	err := shareGMsg.Verify(ecpointgrouplaw.NewBase(curve))
+	err := shareGMsg.Verify(ecpointgrouplaw.NewBase(curve), s.rid)
 	if err != nil {
 		logger.Warn("Failed to verify Schorr proof", "err", err)
 		return err

@@ -46,6 +46,7 @@ type Result struct {
 	Bks       map[string]*birkhoffinterpolation.BkParameter
 	Seed      []byte
 	ChainCode []byte
+	Rid       []byte
 }
 
 type Master struct {
@@ -135,5 +136,6 @@ func (m *Master) GetResult() (*Result, error) {
 		Bks:       bks,
 		ChainCode: rh.chiancode,
 		Seed:      rh.seed,
+		Rid:       rh.rid,
 	}, nil
 }