diff --git a/.github/workflows/gofmt.yml b/.github/workflows/gofmt.yml index a646728..ce629f8 100644 --- a/.github/workflows/gofmt.yml +++ b/.github/workflows/gofmt.yml @@ -1,3 +1,19 @@ +# Copyright (c) 2023, Circle Internet Financial, LTD. All rights reserved. +# +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + name: Go-fmt on: push jobs: diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 16ef46d..e92e8b6 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -1,3 +1,18 @@ +# Copyright (c) 2023, Circle Internet Financial, LTD. All rights reserved. +# +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. name: Go Test on: push: diff --git a/LICENSE.Apache-2.0 b/LICENSE.Apache-2.0 new file mode 100644 index 0000000..5581ff8 --- /dev/null +++ b/LICENSE.Apache-2.0 @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright 2023 Circle Internet Financial, LTD. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. \ No newline at end of file diff --git a/LICENSE b/LICENSE.MIT similarity index 100% rename from LICENSE rename to LICENSE.MIT diff --git a/Makefile b/Makefile index 882f79b..75baea2 100644 --- a/Makefile +++ b/Makefile @@ -1,3 +1,9 @@ +# Portions Copyright (c) 2023, Circle Internet Financial, LTD. All rights reserved +# Circle contributions are licensed under the Apache 2.0 License. +# +# SPDX-License-Identifier: Apache-2.0 AND MIT + + MODULE = github.com/bnb-chain/tss-lib PACKAGES = $(shell go list ./... | grep -v '/vendor/') @@ -8,7 +14,7 @@ all: protob test protob: @echo "--> Building Protocol Buffers" - @for protocol in message signature ecdsa-cggplus ecdsa-accsigning ecdsa-keygen ecdsa-signing ecdsa-resharing eddsa-keygen eddsa-signing eddsa-resharing; do \ + @for protocol in message signature ecdsa-cggplus ecdsa-keygen ecdsa-signing ecdsa-resharing eddsa-keygen eddsa-signing eddsa-resharing; do \ echo "Generating $$protocol.pb.go" ; \ protoc --go_out=. ./protob/$$protocol.proto ; \ done @@ -28,7 +34,6 @@ test_unit: @echo "!!! WARNING: This will take a long time :)" go test -timeout 60m github.com/bnb-chain/tss-lib/crypto/accmta go test -timeout 60m github.com/bnb-chain/tss-lib/crypto/zkproofs -# go test -timeout 60m github.com/bnb-chain/tss-lib/ecdsa/accsigning go test -timeout 60m github.com/bnb-chain/tss-lib/ecdsa/cggplus # go test -timeout 60m $(PACKAGES) diff --git a/README.md b/README.md index 6342c2f..93b7132 100644 --- a/README.md +++ b/README.md @@ -1,16 +1,15 @@ # Multi-Party Threshold Signature Scheme -[![MIT licensed][1]][2] [![GoDoc][3]][4] [![Go Report Card][5]][6] -[1]: https://img.shields.io/badge/license-MIT-blue.svg -[2]: LICENSE -[3]: https://godoc.org/github.com/bnb-chain/tss-lib?status.svg -[4]: https://godoc.org/github.com/bnb-chain/tss-lib -[5]: https://goreportcard.com/badge/github.com/bnb-chain/tss-lib -[6]: https://goreportcard.com/report/github.com/bnb-chain/tss-lib +## License -Permissively MIT Licensed. +This work is dual-licensed under Apache 2.0 and MIT. +Portions contributed by Circle are licensed under Apache 2.0; +see SPDX-License-Identifier in the file headings. -Note! This is a library for developers. You may find a TSS tool that you can use with the Binance Chain CLI [here](https://docs.binance.org/tss.html). +`SPDX-License-Identifier: Apache-2.0 AND MIT` + +## Note +This is a library for developers. You may find a TSS tool that you can use with the Binance Chain CLI [here](https://docs.binance.org/tss.html). ## Introduction This is an implementation of multi-party {t,n}-threshold ECDSA (Elliptic Curve Digital Signature Algorithm) based on Gennaro and Goldfeder CCS 2018 [1] and EdDSA (Edwards-curve Digital Signature Algorithm) following a similar approach. diff --git a/README2.md b/README2.md deleted file mode 100644 index 8a48830..0000000 --- a/README2.md +++ /dev/null @@ -1,10 +0,0 @@ -# Dependencies -``` -brew install protobuf -brew install protoc-gen-go -``` - -# Testing -``` -make all -``` \ No newline at end of file diff --git a/SECURITY.md b/SECURITY.md deleted file mode 100644 index c555b2f..0000000 --- a/SECURITY.md +++ /dev/null @@ -1,11 +0,0 @@ -# Security Policy - -## Reporting a Bug or Vulnerability - -For non-security problems please open an issue in this GitHub repository. - -If you find any security issues please send a report confidentially to security@binance.com. - -Please include notes about the impact of the issue and a walkthrough on how it can be exploited. - -For severe security issues that completely breach the safety of the scheme or leak the secret shares we would be happy to reward you with a bounty based on the security impact and severity. Please include a link to this notice in your email. diff --git a/common/int.go b/common/int.go index edfd7e0..0daf0bc 100644 --- a/common/int.go +++ b/common/int.go @@ -3,6 +3,11 @@ // This file is part of Binance. The full Binance copyright notice, including // terms governing use, modification, and redistribution, is contained in the // file LICENSE at the root of the source code distribution tree. +// +// Portions Copyright (c) 2023, Circle Internet Financial, LTD. All rights reserved +// Circle contributions are licensed under the Apache 2.0 License. +// +// SPDX-License-Identifier: Apache-2.0 AND MIT package common diff --git a/common/random.go b/common/random.go index 43557a6..662367c 100644 --- a/common/random.go +++ b/common/random.go @@ -3,6 +3,11 @@ // This file is part of Binance. The full Binance copyright notice, including // terms governing use, modification, and redistribution, is contained in the // file LICENSE at the root of the source code distribution tree. +// +// Portions Copyright (c) 2023, Circle Internet Financial, LTD. All rights reserved +// Circle contributions are licensed under the Apache 2.0 License. +// +// SPDX-License-Identifier: Apache-2.0 AND MIT package common diff --git a/common/safe_prime.go b/common/safe_prime.go index 8092d03..3c2f7fe 100644 --- a/common/safe_prime.go +++ b/common/safe_prime.go @@ -3,6 +3,11 @@ // This file is part of Binance. The full Binance copyright notice, including // terms governing use, modification, and redistribution, is contained in the // file LICENSE at the root of the source code distribution tree. +// +// Portions Copyright (c) 2023, Circle Internet Financial, LTD. All rights reserved +// Circle contributions are licensed under the Apache 2.0 License. +// +// SPDX-License-Identifier: Apache-2.0 AND MIT package common diff --git a/crypto/accmta/share_protocol.go b/crypto/accmta/share_protocol.go index 5ab57bb..89cf114 100644 --- a/crypto/accmta/share_protocol.go +++ b/crypto/accmta/share_protocol.go @@ -1,6 +1,18 @@ -// Copyright © 2023 Circle +// Copyright (c) 2023, Circle Internet Financial, LTD. All rights reserved. // -// This file implements the accountable mta protocols +// SPDX-License-Identifier: Apache-2.0 +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. package accmta diff --git a/crypto/accmta/share_protocol_test.go b/crypto/accmta/share_protocol_test.go index 774fdfd..c3b6b77 100644 --- a/crypto/accmta/share_protocol_test.go +++ b/crypto/accmta/share_protocol_test.go @@ -1,4 +1,18 @@ -// Copyright 2023 Circle +// Copyright (c) 2023, Circle Internet Financial, LTD. All rights reserved. +// +// SPDX-License-Identifier: Apache-2.0 +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. package accmta_test diff --git a/crypto/paillier/paillier.go b/crypto/paillier/paillier.go index e801417..d763064 100644 --- a/crypto/paillier/paillier.go +++ b/crypto/paillier/paillier.go @@ -3,7 +3,12 @@ // This file is part of Binance. The full Binance copyright notice, including // terms governing use, modification, and redistribution, is contained in the // file LICENSE at the root of the source code distribution tree. - +// +// Portions Copyright (c) 2023, Circle Internet Financial, LTD. All rights reserved +// Circle contributions are licensed under the Apache 2.0 License. +// +// SPDX-License-Identifier: Apache-2.0 AND MIT +// // The Paillier Crypto-system is an additive crypto-system. This means that given two ciphertexts, one can perform operations equivalent to adding the respective plain texts. // Additionally, Paillier Crypto-system supports further computations: // @@ -12,6 +17,7 @@ // * Encrypted integers and unencrypted integers can be added together // // Implementation adheres to GG18Spec (6) +// package paillier diff --git a/crypto/paillier/paillier_test.go b/crypto/paillier/paillier_test.go index fb45435..9989a98 100644 --- a/crypto/paillier/paillier_test.go +++ b/crypto/paillier/paillier_test.go @@ -3,6 +3,11 @@ // This file is part of Binance. The full Binance copyright notice, including // terms governing use, modification, and redistribution, is contained in the // file LICENSE at the root of the source code distribution tree. +// +// Portions Copyright (c) 2023, Circle Internet Financial, LTD. All rights reserved +// Circle contributions are licensed under the Apache 2.0 License. +// +// SPDX-License-Identifier: Apache-2.0 AND MIT package paillier_test diff --git a/crypto/zkproofs/README.md b/crypto/zkproofs/README.md index 4fb8c75..9cc6ab7 100644 --- a/crypto/zkproofs/README.md +++ b/crypto/zkproofs/README.md @@ -1,3 +1,19 @@ +Copyright (c) 2023, Circle Internet Financial, LTD. All rights reserved. + + SPDX-License-Identifier: Apache-2.0 + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. + # Go package crypto/zkproofs This package contains various zero knowledge proofs of knowledge. The source of these proofs is CGG21: @@ -16,9 +32,8 @@ List of proofs in this package * mul Appendix C.6 Figure 29 * mul* Appendix C.6. Figure 31 +There is also one additional proof aff-g-inv that is based on aff-g. + Some of the proofs require obtaining the randomness used to generate a Paillier ciphertext. The `crypto/paillier` package has a function to do this computation. - -Note there is a rust package https://github.com/ZenGo-X/zk-paillier that implements -the same functionality with slightly different techniques. \ No newline at end of file diff --git a/crypto/zkproofs/aff_g_inv_proof.go b/crypto/zkproofs/aff_g_inv_proof.go index 22e0378..d72d6fb 100644 --- a/crypto/zkproofs/aff_g_inv_proof.go +++ b/crypto/zkproofs/aff_g_inv_proof.go @@ -1,4 +1,18 @@ -// Copyright 2023 Circle +// Copyright (c) 2023, Circle Internet Financial, LTD. All rights reserved. +// +// SPDX-License-Identifier: Apache-2.0 +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. // // This file modifies the proof aff-g from CGG21 Section 6.2 Figure 15. // the prover has secret input (x, y, rho, rhoy) while the diff --git a/crypto/zkproofs/aff_g_proof.go b/crypto/zkproofs/aff_g_proof.go index a749460..7f52d43 100644 --- a/crypto/zkproofs/aff_g_proof.go +++ b/crypto/zkproofs/aff_g_proof.go @@ -1,4 +1,18 @@ -// Copyright 2023 Circle +// Copyright (c) 2023, Circle Internet Financial, LTD. All rights reserved. +// +// SPDX-License-Identifier: Apache-2.0 +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. // // This file implements proof aff-g from CGG21 Section 6.2 Figure 15. // Tbe prover has secret input (x, y, rho, rhoy) and diff --git a/crypto/zkproofs/aff_g_proof_test.go b/crypto/zkproofs/aff_g_proof_test.go index 61f9fbf..799b7c2 100644 --- a/crypto/zkproofs/aff_g_proof_test.go +++ b/crypto/zkproofs/aff_g_proof_test.go @@ -1,3 +1,19 @@ +// Copyright (c) 2023, Circle Internet Financial, LTD. All rights reserved. +// +// SPDX-License-Identifier: Apache-2.0 +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package zkproofs_test import ( diff --git a/crypto/zkproofs/aff_p_proof.go b/crypto/zkproofs/aff_p_proof.go index 3e28c7f..bab0b7c 100644 --- a/crypto/zkproofs/aff_p_proof.go +++ b/crypto/zkproofs/aff_p_proof.go @@ -1,4 +1,18 @@ -// Copyright 2023 Circle +// Copyright (c) 2023, Circle Internet Financial, LTD. All rights reserved. +// +// SPDX-License-Identifier: Apache-2.0 +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. // // This file implements proof aff-p from CGG21 Appendix C.3 Figure 26. // The prover has secret input (x, y, rho, rhox, rhoy) and the diff --git a/crypto/zkproofs/aff_p_proof_test.go b/crypto/zkproofs/aff_p_proof_test.go index 76e2c48..9f22526 100644 --- a/crypto/zkproofs/aff_p_proof_test.go +++ b/crypto/zkproofs/aff_p_proof_test.go @@ -1,3 +1,19 @@ +// Copyright (c) 2023, Circle Internet Financial, LTD. All rights reserved. +// +// SPDX-License-Identifier: Apache-2.0 +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package zkproofs_test import ( diff --git a/crypto/zkproofs/dec_proof.go b/crypto/zkproofs/dec_proof.go index 4f4e0dd..41951c0 100644 --- a/crypto/zkproofs/dec_proof.go +++ b/crypto/zkproofs/dec_proof.go @@ -1,4 +1,18 @@ -// Copyright 2023 Circle +// Copyright (c) 2023, Circle Internet Financial, LTD. All rights reserved. +// +// SPDX-License-Identifier: Apache-2.0 +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. // // This file implements proof dec in CGG21 Appendix C6 Figure 30. // The prover has secret input (y, rho) and diff --git a/crypto/zkproofs/dec_proof_test.go b/crypto/zkproofs/dec_proof_test.go index 30be9c3..a1e5856 100644 --- a/crypto/zkproofs/dec_proof_test.go +++ b/crypto/zkproofs/dec_proof_test.go @@ -1,3 +1,19 @@ +// Copyright (c) 2023, Circle Internet Financial, LTD. All rights reserved. +// +// SPDX-License-Identifier: Apache-2.0 +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package zkproofs_test import ( diff --git a/crypto/zkproofs/enc_proof.go b/crypto/zkproofs/enc_proof.go index 398b114..01e74c3 100644 --- a/crypto/zkproofs/enc_proof.go +++ b/crypto/zkproofs/enc_proof.go @@ -1,4 +1,18 @@ -// Copyright 2023 Circle +// Copyright (c) 2023, Circle Internet Financial, LTD. All rights reserved. +// +// SPDX-License-Identifier: Apache-2.0 +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. // // This file implements proof enc from CGG21 Section 6.1 Figure 14. // The prover has secret input (k, rho) and the diff --git a/crypto/zkproofs/enc_proof_test.go b/crypto/zkproofs/enc_proof_test.go index e62f047..6a7ac8b 100644 --- a/crypto/zkproofs/enc_proof_test.go +++ b/crypto/zkproofs/enc_proof_test.go @@ -1,3 +1,19 @@ +// Copyright (c) 2023, Circle Internet Financial, LTD. All rights reserved. +// +// SPDX-License-Identifier: Apache-2.0 +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package zkproofs_test import ( diff --git a/crypto/zkproofs/logstar_proof.go b/crypto/zkproofs/logstar_proof.go index e4b2fa4..b64cca0 100644 --- a/crypto/zkproofs/logstar_proof.go +++ b/crypto/zkproofs/logstar_proof.go @@ -1,4 +1,18 @@ -// Copyright 2023 Circle +// Copyright (c) 2023, Circle Internet Financial, LTD. All rights reserved. +// +// SPDX-License-Identifier: Apache-2.0 +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. // // This file implements proof log* from CGG21 Appendix C.2 Figure 25. // The Prover has secret input (x, rho) and diff --git a/crypto/zkproofs/logstar_proof_test.go b/crypto/zkproofs/logstar_proof_test.go index b951079..cbd262d 100644 --- a/crypto/zkproofs/logstar_proof_test.go +++ b/crypto/zkproofs/logstar_proof_test.go @@ -1,3 +1,19 @@ +// Copyright (c) 2023, Circle Internet Financial, LTD. All rights reserved. +// +// SPDX-License-Identifier: Apache-2.0 +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package zkproofs_test import ( diff --git a/crypto/zkproofs/mul_proof.go b/crypto/zkproofs/mul_proof.go index 7636daf..0f35ac9 100644 --- a/crypto/zkproofs/mul_proof.go +++ b/crypto/zkproofs/mul_proof.go @@ -1,4 +1,18 @@ -// Copyright 2023 Circle +// Copyright (c) 2023, Circle Internet Financial, LTD. All rights reserved. +// +// SPDX-License-Identifier: Apache-2.0 +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. // // This file implements proof mul from CGG21 Appendix C.6 Figure 29. // The prover has secret input (x, rho, rhox) and diff --git a/crypto/zkproofs/mul_proof_test.go b/crypto/zkproofs/mul_proof_test.go index 990466c..a5e04c7 100644 --- a/crypto/zkproofs/mul_proof_test.go +++ b/crypto/zkproofs/mul_proof_test.go @@ -1,3 +1,19 @@ +// Copyright (c) 2023, Circle Internet Financial, LTD. All rights reserved. +// +// SPDX-License-Identifier: Apache-2.0 +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package zkproofs_test import ( diff --git a/crypto/zkproofs/mulstar_proof.go b/crypto/zkproofs/mulstar_proof.go index 0652246..868ecfe 100644 --- a/crypto/zkproofs/mulstar_proof.go +++ b/crypto/zkproofs/mulstar_proof.go @@ -1,4 +1,18 @@ -// Copyright 2023 Circle +// Copyright (c) 2023, Circle Internet Financial, LTD. All rights reserved. +// +// SPDX-License-Identifier: Apache-2.0 +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. // // This file implements proof mul* from CGG21 Appendix C.6 Figure 31. // The prover has secret (x, rho) and diff --git a/crypto/zkproofs/mulstar_proof_test.go b/crypto/zkproofs/mulstar_proof_test.go index ac484b2..76b912f 100644 --- a/crypto/zkproofs/mulstar_proof_test.go +++ b/crypto/zkproofs/mulstar_proof_test.go @@ -1,3 +1,19 @@ +// Copyright (c) 2023, Circle Internet Financial, LTD. All rights reserved. +// +// SPDX-License-Identifier: Apache-2.0 +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package zkproofs_test import ( diff --git a/crypto/zkproofs/zkproofs.go b/crypto/zkproofs/zkproofs.go index 4bd89d3..3740224 100644 --- a/crypto/zkproofs/zkproofs.go +++ b/crypto/zkproofs/zkproofs.go @@ -1,3 +1,19 @@ +// Copyright (c) 2023, Circle Internet Financial, LTD. All rights reserved. +// +// SPDX-License-Identifier: Apache-2.0 +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package zkproofs import ( diff --git a/crypto/zkproofs/zkproofs_test.go b/crypto/zkproofs/zkproofs_test.go index 3d0ee11..d0c16a8 100644 --- a/crypto/zkproofs/zkproofs_test.go +++ b/crypto/zkproofs/zkproofs_test.go @@ -1,3 +1,19 @@ +// Copyright (c) 2023, Circle Internet Financial, LTD. All rights reserved. +// +// SPDX-License-Identifier: Apache-2.0 +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package zkproofs_test import ( diff --git a/ecdsa/accsigning/debuglog.go b/ecdsa/accsigning/debuglog.go deleted file mode 100644 index 6631967..0000000 --- a/ecdsa/accsigning/debuglog.go +++ /dev/null @@ -1,23 +0,0 @@ -// Copyright 2023 Circle - -package accsigning - -import ( - "fmt" - "os" -) - -const logfile = "accountablelog.txt" - -func Logf(format string, a ...any) (n int, err error) { - msg := fmt.Sprintf(format, a...) - msg = fmt.Sprintf("%s\n", msg) - f, err := os.OpenFile(logfile, os.O_APPEND|os.O_WRONLY|os.O_CREATE, 0666) - if err != nil { - n = 0 - return - } - defer f.Close() - n, err = f.WriteString(msg) - return -} diff --git a/ecdsa/accsigning/ecdsa-accsigning.pb.go b/ecdsa/accsigning/ecdsa-accsigning.pb.go deleted file mode 100644 index 8ad5a58..0000000 --- a/ecdsa/accsigning/ecdsa-accsigning.pb.go +++ /dev/null @@ -1,753 +0,0 @@ -// Copyright 2023 Circle -// - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.30.0 -// protoc v3.21.12 -// source: protob/ecdsa-accsigning.proto - -package accsigning - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -// Represents a P2P message sent to each party during Round 1 of the Accountable ECDSA TSS signing protocol. -type SignRound1Message1 struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - RangeProofAlice [][]byte `protobuf:"bytes,1,rep,name=range_proof_alice,json=rangeProofAlice,proto3" json:"range_proof_alice,omitempty"` - ProofXGamma [][]byte `protobuf:"bytes,2,rep,name=proof_x_gamma,json=proofXGamma,proto3" json:"proof_x_gamma,omitempty"` - ProofXKw [][]byte `protobuf:"bytes,3,rep,name=proof_x_kw,json=proofXKw,proto3" json:"proof_x_kw,omitempty"` -} - -func (x *SignRound1Message1) Reset() { - *x = SignRound1Message1{} - if protoimpl.UnsafeEnabled { - mi := &file_protob_ecdsa_accsigning_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *SignRound1Message1) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*SignRound1Message1) ProtoMessage() {} - -func (x *SignRound1Message1) ProtoReflect() protoreflect.Message { - mi := &file_protob_ecdsa_accsigning_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use SignRound1Message1.ProtoReflect.Descriptor instead. -func (*SignRound1Message1) Descriptor() ([]byte, []int) { - return file_protob_ecdsa_accsigning_proto_rawDescGZIP(), []int{0} -} - -func (x *SignRound1Message1) GetRangeProofAlice() [][]byte { - if x != nil { - return x.RangeProofAlice - } - return nil -} - -func (x *SignRound1Message1) GetProofXGamma() [][]byte { - if x != nil { - return x.ProofXGamma - } - return nil -} - -func (x *SignRound1Message1) GetProofXKw() [][]byte { - if x != nil { - return x.ProofXKw - } - return nil -} - -// Represents a BROADCAST message sent to all parties during Round 1 of the Accountable ECDSA TSS signing protocol. -type SignRound1Message2 struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - CA []byte `protobuf:"bytes,1,opt,name=c_a,json=cA,proto3" json:"c_a,omitempty"` - XGamma []byte `protobuf:"bytes,2,opt,name=x_gamma,json=xGamma,proto3" json:"x_gamma,omitempty"` - XKgamma []byte `protobuf:"bytes,3,opt,name=x_kgamma,json=xKgamma,proto3" json:"x_kgamma,omitempty"` - XKw []byte `protobuf:"bytes,4,opt,name=x_kw,json=xKw,proto3" json:"x_kw,omitempty"` - ProofXKgamma [][]byte `protobuf:"bytes,5,rep,name=proof_x_kgamma,json=proofXKgamma,proto3" json:"proof_x_kgamma,omitempty"` -} - -func (x *SignRound1Message2) Reset() { - *x = SignRound1Message2{} - if protoimpl.UnsafeEnabled { - mi := &file_protob_ecdsa_accsigning_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *SignRound1Message2) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*SignRound1Message2) ProtoMessage() {} - -func (x *SignRound1Message2) ProtoReflect() protoreflect.Message { - mi := &file_protob_ecdsa_accsigning_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use SignRound1Message2.ProtoReflect.Descriptor instead. -func (*SignRound1Message2) Descriptor() ([]byte, []int) { - return file_protob_ecdsa_accsigning_proto_rawDescGZIP(), []int{1} -} - -func (x *SignRound1Message2) GetCA() []byte { - if x != nil { - return x.CA - } - return nil -} - -func (x *SignRound1Message2) GetXGamma() []byte { - if x != nil { - return x.XGamma - } - return nil -} - -func (x *SignRound1Message2) GetXKgamma() []byte { - if x != nil { - return x.XKgamma - } - return nil -} - -func (x *SignRound1Message2) GetXKw() []byte { - if x != nil { - return x.XKw - } - return nil -} - -func (x *SignRound1Message2) GetProofXKgamma() [][]byte { - if x != nil { - return x.ProofXKgamma - } - return nil -} - -// Represents a P2P message sent to each party during Round 2 of the Accountable ECDSA TSS signing protocol. -type SignRound2Message1 struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - CGamma []byte `protobuf:"bytes,1,opt,name=c_gamma,json=cGamma,proto3" json:"c_gamma,omitempty"` - CW []byte `protobuf:"bytes,2,opt,name=c_w,json=cW,proto3" json:"c_w,omitempty"` - ProofP [][]byte `protobuf:"bytes,3,rep,name=proof_p,json=proofP,proto3" json:"proof_p,omitempty"` - ProofDl [][]byte `protobuf:"bytes,4,rep,name=proof_dl,json=proofDl,proto3" json:"proof_dl,omitempty"` -} - -func (x *SignRound2Message1) Reset() { - *x = SignRound2Message1{} - if protoimpl.UnsafeEnabled { - mi := &file_protob_ecdsa_accsigning_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *SignRound2Message1) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*SignRound2Message1) ProtoMessage() {} - -func (x *SignRound2Message1) ProtoReflect() protoreflect.Message { - mi := &file_protob_ecdsa_accsigning_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use SignRound2Message1.ProtoReflect.Descriptor instead. -func (*SignRound2Message1) Descriptor() ([]byte, []int) { - return file_protob_ecdsa_accsigning_proto_rawDescGZIP(), []int{2} -} - -func (x *SignRound2Message1) GetCGamma() []byte { - if x != nil { - return x.CGamma - } - return nil -} - -func (x *SignRound2Message1) GetCW() []byte { - if x != nil { - return x.CW - } - return nil -} - -func (x *SignRound2Message1) GetProofP() [][]byte { - if x != nil { - return x.ProofP - } - return nil -} - -func (x *SignRound2Message1) GetProofDl() [][]byte { - if x != nil { - return x.ProofDl - } - return nil -} - -// Represents a BROADCAST message sent to all parties during Round 2 of the Accountable ECDSA TSS signing protocol. -type SignRound2Message struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Recipient []byte `protobuf:"bytes,1,opt,name=recipient,proto3" json:"recipient,omitempty"` - CAlpha []byte `protobuf:"bytes,2,opt,name=c_alpha,json=cAlpha,proto3" json:"c_alpha,omitempty"` - CBeta []byte `protobuf:"bytes,3,opt,name=c_beta,json=cBeta,proto3" json:"c_beta,omitempty"` - CBetaPrm []byte `protobuf:"bytes,4,opt,name=c_beta_prm,json=cBetaPrm,proto3" json:"c_beta_prm,omitempty"` - CMu []byte `protobuf:"bytes,5,opt,name=c_mu,json=cMu,proto3" json:"c_mu,omitempty"` - CNu []byte `protobuf:"bytes,6,opt,name=c_nu,json=cNu,proto3" json:"c_nu,omitempty"` - CNuPrm []byte `protobuf:"bytes,7,opt,name=c_nu_prm,json=cNuPrm,proto3" json:"c_nu_prm,omitempty"` - ProofP [][]byte `protobuf:"bytes,8,rep,name=proof_p,json=proofP,proto3" json:"proof_p,omitempty"` - ProofDl [][]byte `protobuf:"bytes,9,rep,name=proof_dl,json=proofDl,proto3" json:"proof_dl,omitempty"` - ProofBeta [][]byte `protobuf:"bytes,10,rep,name=proof_beta,json=proofBeta,proto3" json:"proof_beta,omitempty"` - ProofNu [][]byte `protobuf:"bytes,11,rep,name=proof_nu,json=proofNu,proto3" json:"proof_nu,omitempty"` -} - -func (x *SignRound2Message) Reset() { - *x = SignRound2Message{} - if protoimpl.UnsafeEnabled { - mi := &file_protob_ecdsa_accsigning_proto_msgTypes[3] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *SignRound2Message) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*SignRound2Message) ProtoMessage() {} - -func (x *SignRound2Message) ProtoReflect() protoreflect.Message { - mi := &file_protob_ecdsa_accsigning_proto_msgTypes[3] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use SignRound2Message.ProtoReflect.Descriptor instead. -func (*SignRound2Message) Descriptor() ([]byte, []int) { - return file_protob_ecdsa_accsigning_proto_rawDescGZIP(), []int{3} -} - -func (x *SignRound2Message) GetRecipient() []byte { - if x != nil { - return x.Recipient - } - return nil -} - -func (x *SignRound2Message) GetCAlpha() []byte { - if x != nil { - return x.CAlpha - } - return nil -} - -func (x *SignRound2Message) GetCBeta() []byte { - if x != nil { - return x.CBeta - } - return nil -} - -func (x *SignRound2Message) GetCBetaPrm() []byte { - if x != nil { - return x.CBetaPrm - } - return nil -} - -func (x *SignRound2Message) GetCMu() []byte { - if x != nil { - return x.CMu - } - return nil -} - -func (x *SignRound2Message) GetCNu() []byte { - if x != nil { - return x.CNu - } - return nil -} - -func (x *SignRound2Message) GetCNuPrm() []byte { - if x != nil { - return x.CNuPrm - } - return nil -} - -func (x *SignRound2Message) GetProofP() [][]byte { - if x != nil { - return x.ProofP - } - return nil -} - -func (x *SignRound2Message) GetProofDl() [][]byte { - if x != nil { - return x.ProofDl - } - return nil -} - -func (x *SignRound2Message) GetProofBeta() [][]byte { - if x != nil { - return x.ProofBeta - } - return nil -} - -func (x *SignRound2Message) GetProofNu() [][]byte { - if x != nil { - return x.ProofNu - } - return nil -} - -// Represents a BROADCAST message sent to all parties during Round 3 of the Accountable ECDSA TSS signing protocol. -type SignRound3Message struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Delta []byte `protobuf:"bytes,1,opt,name=delta,proto3" json:"delta,omitempty"` - D []byte `protobuf:"bytes,2,opt,name=d,proto3" json:"d,omitempty"` - Proof [][]byte `protobuf:"bytes,3,rep,name=proof,proto3" json:"proof,omitempty"` -} - -func (x *SignRound3Message) Reset() { - *x = SignRound3Message{} - if protoimpl.UnsafeEnabled { - mi := &file_protob_ecdsa_accsigning_proto_msgTypes[4] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *SignRound3Message) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*SignRound3Message) ProtoMessage() {} - -func (x *SignRound3Message) ProtoReflect() protoreflect.Message { - mi := &file_protob_ecdsa_accsigning_proto_msgTypes[4] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use SignRound3Message.ProtoReflect.Descriptor instead. -func (*SignRound3Message) Descriptor() ([]byte, []int) { - return file_protob_ecdsa_accsigning_proto_rawDescGZIP(), []int{4} -} - -func (x *SignRound3Message) GetDelta() []byte { - if x != nil { - return x.Delta - } - return nil -} - -func (x *SignRound3Message) GetD() []byte { - if x != nil { - return x.D - } - return nil -} - -func (x *SignRound3Message) GetProof() [][]byte { - if x != nil { - return x.Proof - } - return nil -} - -// Represents a BROADCAST message sent to all parties during Round 4 of the Accountable ECDSA TSS signing protocol. -type SignRound4Message struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Gamma [][]byte `protobuf:"bytes,1,rep,name=gamma,proto3" json:"gamma,omitempty"` - Proof [][]byte `protobuf:"bytes,2,rep,name=proof,proto3" json:"proof,omitempty"` -} - -func (x *SignRound4Message) Reset() { - *x = SignRound4Message{} - if protoimpl.UnsafeEnabled { - mi := &file_protob_ecdsa_accsigning_proto_msgTypes[5] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *SignRound4Message) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*SignRound4Message) ProtoMessage() {} - -func (x *SignRound4Message) ProtoReflect() protoreflect.Message { - mi := &file_protob_ecdsa_accsigning_proto_msgTypes[5] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use SignRound4Message.ProtoReflect.Descriptor instead. -func (*SignRound4Message) Descriptor() ([]byte, []int) { - return file_protob_ecdsa_accsigning_proto_rawDescGZIP(), []int{5} -} - -func (x *SignRound4Message) GetGamma() [][]byte { - if x != nil { - return x.Gamma - } - return nil -} - -func (x *SignRound4Message) GetProof() [][]byte { - if x != nil { - return x.Proof - } - return nil -} - -// Represents a BROADCAST message sent to all parties during Round 4 of the Accountable ECDSA TSS signing protocol. -type SignRound5Message struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - S []byte `protobuf:"bytes,1,opt,name=s,proto3" json:"s,omitempty"` - Proof [][]byte `protobuf:"bytes,2,rep,name=proof,proto3" json:"proof,omitempty"` -} - -func (x *SignRound5Message) Reset() { - *x = SignRound5Message{} - if protoimpl.UnsafeEnabled { - mi := &file_protob_ecdsa_accsigning_proto_msgTypes[6] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *SignRound5Message) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*SignRound5Message) ProtoMessage() {} - -func (x *SignRound5Message) ProtoReflect() protoreflect.Message { - mi := &file_protob_ecdsa_accsigning_proto_msgTypes[6] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use SignRound5Message.ProtoReflect.Descriptor instead. -func (*SignRound5Message) Descriptor() ([]byte, []int) { - return file_protob_ecdsa_accsigning_proto_rawDescGZIP(), []int{6} -} - -func (x *SignRound5Message) GetS() []byte { - if x != nil { - return x.S - } - return nil -} - -func (x *SignRound5Message) GetProof() [][]byte { - if x != nil { - return x.Proof - } - return nil -} - -var File_protob_ecdsa_accsigning_proto protoreflect.FileDescriptor - -var file_protob_ecdsa_accsigning_proto_rawDesc = []byte{ - 0x0a, 0x1d, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x2f, 0x65, 0x63, 0x64, 0x73, 0x61, 0x2d, 0x61, - 0x63, 0x63, 0x73, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, - 0x1f, 0x62, 0x69, 0x6e, 0x61, 0x6e, 0x63, 0x65, 0x2e, 0x74, 0x73, 0x73, 0x6c, 0x69, 0x62, 0x2e, - 0x65, 0x63, 0x64, 0x73, 0x61, 0x2e, 0x61, 0x63, 0x63, 0x73, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, - 0x22, 0x82, 0x01, 0x0a, 0x12, 0x53, 0x69, 0x67, 0x6e, 0x52, 0x6f, 0x75, 0x6e, 0x64, 0x31, 0x4d, - 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x31, 0x12, 0x2a, 0x0a, 0x11, 0x72, 0x61, 0x6e, 0x67, 0x65, - 0x5f, 0x70, 0x72, 0x6f, 0x6f, 0x66, 0x5f, 0x61, 0x6c, 0x69, 0x63, 0x65, 0x18, 0x01, 0x20, 0x03, - 0x28, 0x0c, 0x52, 0x0f, 0x72, 0x61, 0x6e, 0x67, 0x65, 0x50, 0x72, 0x6f, 0x6f, 0x66, 0x41, 0x6c, - 0x69, 0x63, 0x65, 0x12, 0x22, 0x0a, 0x0d, 0x70, 0x72, 0x6f, 0x6f, 0x66, 0x5f, 0x78, 0x5f, 0x67, - 0x61, 0x6d, 0x6d, 0x61, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0c, 0x52, 0x0b, 0x70, 0x72, 0x6f, 0x6f, - 0x66, 0x58, 0x47, 0x61, 0x6d, 0x6d, 0x61, 0x12, 0x1c, 0x0a, 0x0a, 0x70, 0x72, 0x6f, 0x6f, 0x66, - 0x5f, 0x78, 0x5f, 0x6b, 0x77, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0c, 0x52, 0x08, 0x70, 0x72, 0x6f, - 0x6f, 0x66, 0x58, 0x4b, 0x77, 0x22, 0x92, 0x01, 0x0a, 0x12, 0x53, 0x69, 0x67, 0x6e, 0x52, 0x6f, - 0x75, 0x6e, 0x64, 0x31, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x32, 0x12, 0x0f, 0x0a, 0x03, - 0x63, 0x5f, 0x61, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x02, 0x63, 0x41, 0x12, 0x17, 0x0a, - 0x07, 0x78, 0x5f, 0x67, 0x61, 0x6d, 0x6d, 0x61, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x06, - 0x78, 0x47, 0x61, 0x6d, 0x6d, 0x61, 0x12, 0x19, 0x0a, 0x08, 0x78, 0x5f, 0x6b, 0x67, 0x61, 0x6d, - 0x6d, 0x61, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x07, 0x78, 0x4b, 0x67, 0x61, 0x6d, 0x6d, - 0x61, 0x12, 0x11, 0x0a, 0x04, 0x78, 0x5f, 0x6b, 0x77, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0c, 0x52, - 0x03, 0x78, 0x4b, 0x77, 0x12, 0x24, 0x0a, 0x0e, 0x70, 0x72, 0x6f, 0x6f, 0x66, 0x5f, 0x78, 0x5f, - 0x6b, 0x67, 0x61, 0x6d, 0x6d, 0x61, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0c, 0x52, 0x0c, 0x70, 0x72, - 0x6f, 0x6f, 0x66, 0x58, 0x4b, 0x67, 0x61, 0x6d, 0x6d, 0x61, 0x22, 0x72, 0x0a, 0x12, 0x53, 0x69, - 0x67, 0x6e, 0x52, 0x6f, 0x75, 0x6e, 0x64, 0x32, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x31, - 0x12, 0x17, 0x0a, 0x07, 0x63, 0x5f, 0x67, 0x61, 0x6d, 0x6d, 0x61, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x0c, 0x52, 0x06, 0x63, 0x47, 0x61, 0x6d, 0x6d, 0x61, 0x12, 0x0f, 0x0a, 0x03, 0x63, 0x5f, 0x77, - 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x02, 0x63, 0x57, 0x12, 0x17, 0x0a, 0x07, 0x70, 0x72, - 0x6f, 0x6f, 0x66, 0x5f, 0x70, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0c, 0x52, 0x06, 0x70, 0x72, 0x6f, - 0x6f, 0x66, 0x50, 0x12, 0x19, 0x0a, 0x08, 0x70, 0x72, 0x6f, 0x6f, 0x66, 0x5f, 0x64, 0x6c, 0x18, - 0x04, 0x20, 0x03, 0x28, 0x0c, 0x52, 0x07, 0x70, 0x72, 0x6f, 0x6f, 0x66, 0x44, 0x6c, 0x22, 0xad, - 0x02, 0x0a, 0x11, 0x53, 0x69, 0x67, 0x6e, 0x52, 0x6f, 0x75, 0x6e, 0x64, 0x32, 0x4d, 0x65, 0x73, - 0x73, 0x61, 0x67, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x72, 0x65, 0x63, 0x69, 0x70, 0x69, 0x65, 0x6e, - 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x09, 0x72, 0x65, 0x63, 0x69, 0x70, 0x69, 0x65, - 0x6e, 0x74, 0x12, 0x17, 0x0a, 0x07, 0x63, 0x5f, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x18, 0x02, 0x20, - 0x01, 0x28, 0x0c, 0x52, 0x06, 0x63, 0x41, 0x6c, 0x70, 0x68, 0x61, 0x12, 0x15, 0x0a, 0x06, 0x63, - 0x5f, 0x62, 0x65, 0x74, 0x61, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x05, 0x63, 0x42, 0x65, - 0x74, 0x61, 0x12, 0x1c, 0x0a, 0x0a, 0x63, 0x5f, 0x62, 0x65, 0x74, 0x61, 0x5f, 0x70, 0x72, 0x6d, - 0x18, 0x04, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x08, 0x63, 0x42, 0x65, 0x74, 0x61, 0x50, 0x72, 0x6d, - 0x12, 0x11, 0x0a, 0x04, 0x63, 0x5f, 0x6d, 0x75, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x03, - 0x63, 0x4d, 0x75, 0x12, 0x11, 0x0a, 0x04, 0x63, 0x5f, 0x6e, 0x75, 0x18, 0x06, 0x20, 0x01, 0x28, - 0x0c, 0x52, 0x03, 0x63, 0x4e, 0x75, 0x12, 0x18, 0x0a, 0x08, 0x63, 0x5f, 0x6e, 0x75, 0x5f, 0x70, - 0x72, 0x6d, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x06, 0x63, 0x4e, 0x75, 0x50, 0x72, 0x6d, - 0x12, 0x17, 0x0a, 0x07, 0x70, 0x72, 0x6f, 0x6f, 0x66, 0x5f, 0x70, 0x18, 0x08, 0x20, 0x03, 0x28, - 0x0c, 0x52, 0x06, 0x70, 0x72, 0x6f, 0x6f, 0x66, 0x50, 0x12, 0x19, 0x0a, 0x08, 0x70, 0x72, 0x6f, - 0x6f, 0x66, 0x5f, 0x64, 0x6c, 0x18, 0x09, 0x20, 0x03, 0x28, 0x0c, 0x52, 0x07, 0x70, 0x72, 0x6f, - 0x6f, 0x66, 0x44, 0x6c, 0x12, 0x1d, 0x0a, 0x0a, 0x70, 0x72, 0x6f, 0x6f, 0x66, 0x5f, 0x62, 0x65, - 0x74, 0x61, 0x18, 0x0a, 0x20, 0x03, 0x28, 0x0c, 0x52, 0x09, 0x70, 0x72, 0x6f, 0x6f, 0x66, 0x42, - 0x65, 0x74, 0x61, 0x12, 0x19, 0x0a, 0x08, 0x70, 0x72, 0x6f, 0x6f, 0x66, 0x5f, 0x6e, 0x75, 0x18, - 0x0b, 0x20, 0x03, 0x28, 0x0c, 0x52, 0x07, 0x70, 0x72, 0x6f, 0x6f, 0x66, 0x4e, 0x75, 0x22, 0x4d, - 0x0a, 0x11, 0x53, 0x69, 0x67, 0x6e, 0x52, 0x6f, 0x75, 0x6e, 0x64, 0x33, 0x4d, 0x65, 0x73, 0x73, - 0x61, 0x67, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x64, 0x65, 0x6c, 0x74, 0x61, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x0c, 0x52, 0x05, 0x64, 0x65, 0x6c, 0x74, 0x61, 0x12, 0x0c, 0x0a, 0x01, 0x64, 0x18, 0x02, - 0x20, 0x01, 0x28, 0x0c, 0x52, 0x01, 0x64, 0x12, 0x14, 0x0a, 0x05, 0x70, 0x72, 0x6f, 0x6f, 0x66, - 0x18, 0x03, 0x20, 0x03, 0x28, 0x0c, 0x52, 0x05, 0x70, 0x72, 0x6f, 0x6f, 0x66, 0x22, 0x3f, 0x0a, - 0x11, 0x53, 0x69, 0x67, 0x6e, 0x52, 0x6f, 0x75, 0x6e, 0x64, 0x34, 0x4d, 0x65, 0x73, 0x73, 0x61, - 0x67, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x67, 0x61, 0x6d, 0x6d, 0x61, 0x18, 0x01, 0x20, 0x03, 0x28, - 0x0c, 0x52, 0x05, 0x67, 0x61, 0x6d, 0x6d, 0x61, 0x12, 0x14, 0x0a, 0x05, 0x70, 0x72, 0x6f, 0x6f, - 0x66, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0c, 0x52, 0x05, 0x70, 0x72, 0x6f, 0x6f, 0x66, 0x22, 0x37, - 0x0a, 0x11, 0x53, 0x69, 0x67, 0x6e, 0x52, 0x6f, 0x75, 0x6e, 0x64, 0x35, 0x4d, 0x65, 0x73, 0x73, - 0x61, 0x67, 0x65, 0x12, 0x0c, 0x0a, 0x01, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x01, - 0x73, 0x12, 0x14, 0x0a, 0x05, 0x70, 0x72, 0x6f, 0x6f, 0x66, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0c, - 0x52, 0x05, 0x70, 0x72, 0x6f, 0x6f, 0x66, 0x42, 0x12, 0x5a, 0x10, 0x65, 0x63, 0x64, 0x73, 0x61, - 0x2f, 0x61, 0x63, 0x63, 0x73, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x62, 0x06, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x33, -} - -var ( - file_protob_ecdsa_accsigning_proto_rawDescOnce sync.Once - file_protob_ecdsa_accsigning_proto_rawDescData = file_protob_ecdsa_accsigning_proto_rawDesc -) - -func file_protob_ecdsa_accsigning_proto_rawDescGZIP() []byte { - file_protob_ecdsa_accsigning_proto_rawDescOnce.Do(func() { - file_protob_ecdsa_accsigning_proto_rawDescData = protoimpl.X.CompressGZIP(file_protob_ecdsa_accsigning_proto_rawDescData) - }) - return file_protob_ecdsa_accsigning_proto_rawDescData -} - -var file_protob_ecdsa_accsigning_proto_msgTypes = make([]protoimpl.MessageInfo, 7) -var file_protob_ecdsa_accsigning_proto_goTypes = []interface{}{ - (*SignRound1Message1)(nil), // 0: binance.tsslib.ecdsa.accsigning.SignRound1Message1 - (*SignRound1Message2)(nil), // 1: binance.tsslib.ecdsa.accsigning.SignRound1Message2 - (*SignRound2Message1)(nil), // 2: binance.tsslib.ecdsa.accsigning.SignRound2Message1 - (*SignRound2Message)(nil), // 3: binance.tsslib.ecdsa.accsigning.SignRound2Message - (*SignRound3Message)(nil), // 4: binance.tsslib.ecdsa.accsigning.SignRound3Message - (*SignRound4Message)(nil), // 5: binance.tsslib.ecdsa.accsigning.SignRound4Message - (*SignRound5Message)(nil), // 6: binance.tsslib.ecdsa.accsigning.SignRound5Message -} -var file_protob_ecdsa_accsigning_proto_depIdxs = []int32{ - 0, // [0:0] is the sub-list for method output_type - 0, // [0:0] is the sub-list for method input_type - 0, // [0:0] is the sub-list for extension type_name - 0, // [0:0] is the sub-list for extension extendee - 0, // [0:0] is the sub-list for field type_name -} - -func init() { file_protob_ecdsa_accsigning_proto_init() } -func file_protob_ecdsa_accsigning_proto_init() { - if File_protob_ecdsa_accsigning_proto != nil { - return - } - if !protoimpl.UnsafeEnabled { - file_protob_ecdsa_accsigning_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*SignRound1Message1); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_protob_ecdsa_accsigning_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*SignRound1Message2); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_protob_ecdsa_accsigning_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*SignRound2Message1); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_protob_ecdsa_accsigning_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*SignRound2Message); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_protob_ecdsa_accsigning_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*SignRound3Message); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_protob_ecdsa_accsigning_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*SignRound4Message); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_protob_ecdsa_accsigning_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*SignRound5Message); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_protob_ecdsa_accsigning_proto_rawDesc, - NumEnums: 0, - NumMessages: 7, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_protob_ecdsa_accsigning_proto_goTypes, - DependencyIndexes: file_protob_ecdsa_accsigning_proto_depIdxs, - MessageInfos: file_protob_ecdsa_accsigning_proto_msgTypes, - }.Build() - File_protob_ecdsa_accsigning_proto = out.File - file_protob_ecdsa_accsigning_proto_rawDesc = nil - file_protob_ecdsa_accsigning_proto_goTypes = nil - file_protob_ecdsa_accsigning_proto_depIdxs = nil -} diff --git a/ecdsa/accsigning/finalize.go b/ecdsa/accsigning/finalize.go deleted file mode 100644 index 1d1fdc3..0000000 --- a/ecdsa/accsigning/finalize.go +++ /dev/null @@ -1,150 +0,0 @@ -// Copyright 2023 Circle - -package accsigning - -import ( - "crypto/ecdsa" - "errors" - "fmt" - "math/big" - "sync" - - "github.com/bnb-chain/tss-lib/common" - "github.com/bnb-chain/tss-lib/crypto/zkproofs" - "github.com/bnb-chain/tss-lib/tss" -) - -func (round *finalization) Start() *tss.Error { - if round.started { - return round.WrapError(errors.New("round already started")) - } - round.number = 6 - round.started = true - round.resetOK() - - err := round.VerifyRound5Messages() - if err != nil { - return err - } - - sumS := round.GetSumS() - - recid := 0 - // byte v = if(R.X > curve.N) then 2 else 0) | (if R.Y.IsEven then 0 else 1); - if round.temp.rx.Cmp(round.Params().EC().Params().N) > 0 { - recid = 2 - } - if round.temp.ry.Bit(0) != 0 { - recid |= 1 - } - - // This is copied from: - // https://github.com/btcsuite/btcd/blob/c26ffa870fd817666a857af1bf6498fabba1ffe3/btcec/signature.go#L442-L444 - // This is needed because of tendermint checks here: - // https://github.com/tendermint/tendermint/blob/d9481e3648450cb99e15c6a070c1fb69aa0c255b/crypto/secp256k1/secp256k1_nocgo.go#L43-L47 - secp256k1halfN := new(big.Int).Rsh(round.Params().EC().Params().N, 1) - if sumS.Cmp(secp256k1halfN) > 0 { - sumS.Sub(round.Params().EC().Params().N, sumS) - recid ^= 1 - } - - // save the signature for final output - bitSizeInBytes := round.Params().EC().Params().BitSize / 8 - round.data.R = padToLengthBytesInPlace(round.temp.rx.Bytes(), bitSizeInBytes) - round.data.S = padToLengthBytesInPlace(sumS.Bytes(), bitSizeInBytes) - round.data.Signature = append(round.data.R, round.data.S...) - round.data.SignatureRecovery = []byte{byte(recid)} - round.data.M = round.temp.m.Bytes() - - pk := ecdsa.PublicKey{ - Curve: round.Params().EC(), - X: round.key.ECDSAPub.X(), - Y: round.key.ECDSAPub.Y(), - } - ok := ecdsa.Verify(&pk, round.temp.m.Bytes(), round.temp.rx, sumS) - if !ok { - return round.WrapError(fmt.Errorf("signature verification failed")) - } - - round.end <- *round.data - - return nil -} - -func (round *finalization) GetSumS() *big.Int { - sumS := round.temp.si - modQ := common.ModInt(round.Params().EC().Params().N) - - for j := range round.Parties().IDs() { - round.ok[j] = true - if j == round.PartyID().Index { - continue - } - r5msg := round.temp.signRound5Messages[j].Content().(*SignRound5Message) - sumS = modQ.Add(sumS, r5msg.UnmarshalS()) - } - return sumS -} - -func (round *finalization) VerifyRound5Messages() *tss.Error { - i := round.PartyID().Index - rp := round.key.GetRingPedersen(i) - errChs := make(chan *tss.Error, len(round.temp.signRound5Messages)) - wg := sync.WaitGroup{} - for j, msg := range round.temp.signRound5Messages { - r5msg := msg.Content().(*SignRound5Message) - if j == i { - continue - } - wg.Add(1) - go func(j int, r5msg *SignRound5Message) { - defer wg.Done() - pkj := round.key.PaillierPKs[j] - sj := r5msg.UnmarshalS() - ec := round.Params().EC() - statement := &zkproofs.DecStatement{ - Q: ec.Params().N, - Ell: zkproofs.GetEll(ec), - N0: pkj.N, - C: round.temp.bigS[j], - X: sj, - } - proof, err := r5msg.UnmarshalProof(ec) - Pj := round.Parties().IDs()[j] - if err != nil { - errChs <- round.WrapError(errors.New(fmt.Sprintf("failed to parse proof from party %d.", j)), Pj) - } - if proof[i].Verify(statement, rp) { - errChs <- round.WrapError(errors.New(fmt.Sprintf("failed to verify proof from party %d.", j)), Pj) - } - }(j, r5msg) - } - wg.Wait() - close(errChs) - err := round.WrapErrorChs(round.PartyID(), errChs, "Failed to process round 5 messages") - return err -} - -func (round *finalization) CanAccept(msg tss.ParsedMessage) bool { - // not expecting any incoming messages in this round - return false -} - -func (round *finalization) Update() (bool, *tss.Error) { - // not expecting any incoming messages in this round - return false, nil -} - -func (round *finalization) NextRound() tss.Round { - return nil // finished! -} - -func padToLengthBytesInPlace(src []byte, length int) []byte { - oriLen := len(src) - if oriLen < length { - for i := 0; i < length-oriLen; i++ { - src = append([]byte{0}, src...) - } - } - return src -} diff --git a/ecdsa/accsigning/local_party.go b/ecdsa/accsigning/local_party.go deleted file mode 100644 index d560488..0000000 --- a/ecdsa/accsigning/local_party.go +++ /dev/null @@ -1,293 +0,0 @@ -// Copyright © 2019 Binance -// -// This file is part of Binance. The full Binance copyright notice, including -// terms governing use, modification, and redistribution, is contained in the -// file LICENSE at the root of the source code distribution tree. - -package accsigning - -import ( - "errors" - "fmt" - "math/big" - - "github.com/bnb-chain/tss-lib/common" - "github.com/bnb-chain/tss-lib/crypto" - "github.com/bnb-chain/tss-lib/crypto/zkproofs" - "github.com/bnb-chain/tss-lib/ecdsa/keygen" - "github.com/bnb-chain/tss-lib/tss" -) - -// Implements Party -// Implements Stringer -var _ tss.Party = (*LocalParty)(nil) -var _ fmt.Stringer = (*LocalParty)(nil) - -type ( - LocalParty struct { - *tss.BaseParty - params *tss.Parameters - - keys keygen.LocalPartySaveData - temp localTempData - data common.SignatureData - - // outbound messaging - out chan<- tss.Message - end chan<- common.SignatureData - } - - localMessageStore struct { - signRound1Message1s, - signRound1Message2s, - signRound3Messages, - signRound4Messages, - signRound5Messages, - signRound6Messages []tss.ParsedMessage - signRound2Messages [][]tss.ParsedMessage - } - - localTempData struct { - localMessageStore - - // round 1 - all data except bigWs removed in round 5 - keyDerivationDelta, - w, - k, - gamma, - rhoxgamma *big.Int - Xgamma, - Xkgamma, - Xkw, - cA []*big.Int // [sender] -> self - bigWs, - pointGamma []*crypto.ECPoint // [sender] -> self - - // round 2 - beta, - nu []*big.Int // self -> [receiver] - cAlpha, - cBeta, - cBetaPrm, - cMu, - cNu, - cNuPrm [][]*big.Int // [sender][receiver] - - // round 3 - delta, - D, - alpha, - mu []*big.Int // [sender] -> self - - // round 4 - finalDeltaInv *big.Int - - // round 5 - bigS []*big.Int - m, - sigma, - si, - rx, - ry *big.Int - bigR *crypto.ECPoint - } -) - -func (temp *localTempData) CleanUpPreSigningData() { - // round 1 - temp.w = nil - temp.k = nil - temp.gamma = nil - temp.rhoxgamma = nil - temp.Xgamma = nil - temp.Xkgamma = nil - temp.Xkw = nil - temp.cA = nil - // leave bigWs - temp.pointGamma = nil - - // round 2 - temp.beta = nil - temp.nu = nil - temp.cAlpha = nil - temp.cBeta = nil - temp.cBetaPrm = nil - temp.cMu = nil - temp.cNu = nil - temp.cNuPrm = nil - - // round 3 - temp.delta = nil - temp.D = nil - temp.alpha = nil - temp.mu = nil - - // round 4 - temp.finalDeltaInv = nil -} - -func NewLocalParty( - msg *big.Int, - params *tss.Parameters, - key keygen.LocalPartySaveData, - out chan<- tss.Message, - end chan<- common.SignatureData) tss.Party { - return NewLocalPartyWithKDD(msg, params, key, nil, out, end) -} - -// NewLocalPartyWithKDD returns a party with key derivation delta for HD support -func NewLocalPartyWithKDD( - msg *big.Int, - params *tss.Parameters, - key keygen.LocalPartySaveData, - keyDerivationDelta *big.Int, - out chan<- tss.Message, - end chan<- common.SignatureData, -) tss.Party { - partyCount := len(params.Parties().IDs()) - p := &LocalParty{ - BaseParty: new(tss.BaseParty), - params: params, - keys: keygen.BuildLocalSaveDataSubset(key, params.Parties().IDs()), - temp: localTempData{}, - data: common.SignatureData{}, - out: out, - end: end, - } - // msgs init - p.temp.signRound1Message1s = make([]tss.ParsedMessage, partyCount) - p.temp.signRound1Message2s = make([]tss.ParsedMessage, partyCount) - p.temp.signRound2Messages = Make2DParsedMessage(partyCount) - p.temp.signRound3Messages = make([]tss.ParsedMessage, partyCount) - p.temp.signRound4Messages = make([]tss.ParsedMessage, partyCount) - p.temp.signRound5Messages = make([]tss.ParsedMessage, partyCount) - p.temp.signRound6Messages = make([]tss.ParsedMessage, partyCount) - - // temp data init - p.temp.keyDerivationDelta = keyDerivationDelta - p.temp.m = msg - - // round 1 - p.temp.Xkw = make([]*big.Int, partyCount) - p.temp.Xgamma = make([]*big.Int, partyCount) - p.temp.Xkgamma = make([]*big.Int, partyCount) - p.temp.cA = make([]*big.Int, partyCount) - p.temp.bigWs = make([]*crypto.ECPoint, partyCount) - p.temp.pointGamma = make([]*crypto.ECPoint, partyCount) - - // round 2 - p.temp.cAlpha = Make2DSlice[*big.Int](partyCount) - p.temp.cBeta = Make2DSlice[*big.Int](partyCount) - p.temp.cBetaPrm = Make2DSlice[*big.Int](partyCount) - p.temp.cMu = Make2DSlice[*big.Int](partyCount) - p.temp.cNu = Make2DSlice[*big.Int](partyCount) - p.temp.cNuPrm = Make2DSlice[*big.Int](partyCount) - p.temp.beta = make([]*big.Int, partyCount) - p.temp.nu = make([]*big.Int, partyCount) - - // round 3 - p.temp.alpha = make([]*big.Int, partyCount) - p.temp.mu = make([]*big.Int, partyCount) - p.temp.D = make([]*big.Int, partyCount) - p.temp.delta = make([]*big.Int, partyCount) - - p.temp.bigS = make([]*big.Int, partyCount) - - return p -} - -func Make2DParsedMessage(dim int) [][]tss.ParsedMessage { - out := make([][]tss.ParsedMessage, dim) - for i, _ := range out { - out[i] = make([]tss.ParsedMessage, dim) - } - return out -} - -func Make2DSlice[K *big.Int | *zkproofs.AffPProof | *zkproofs.AffGProof | *zkproofs.DecProof](dim int) [][]K { - out := make([][]K, dim) - for i, _ := range out { - out[i] = make([]K, dim) - } - return out -} - -func (p *LocalParty) FirstRound() tss.Round { - return newRound1(p.params, &p.keys, &p.data, &p.temp, p.out, p.end) -} - -func (p *LocalParty) Start() *tss.Error { - return tss.BaseStart(p, TaskName, func(round tss.Round) *tss.Error { - round1, ok := round.(*round1) - if !ok { - return round.WrapError(errors.New("unable to Start(). party is in an unexpected round")) - } - if err := round1.prepare(); err != nil { - return round.WrapError(err) - } - return nil - }) -} - -func (p *LocalParty) Update(msg tss.ParsedMessage) (ok bool, err *tss.Error) { - return tss.BaseUpdate(p, msg, TaskName) -} - -func (p *LocalParty) UpdateFromBytes(wireBytes []byte, from *tss.PartyID, isBroadcast bool) (bool, *tss.Error) { - msg, err := tss.ParseWireMessage(wireBytes, from, isBroadcast) - if err != nil { - return false, p.WrapError(err) - } - return p.Update(msg) -} - -func (p *LocalParty) ValidateMessage(msg tss.ParsedMessage) (bool, *tss.Error) { - if ok, err := p.BaseParty.ValidateMessage(msg); !ok || err != nil { - return ok, err - } - // check that the message's "from index" will fit into the array - if maxFromIdx := len(p.params.Parties().IDs()) - 1; maxFromIdx < msg.GetFrom().Index { - return false, p.WrapError(fmt.Errorf("received msg with a sender index too great (%d <= %d)", - maxFromIdx, msg.GetFrom().Index), msg.GetFrom()) - } - return true, nil -} - -func (p *LocalParty) StoreMessage(msg tss.ParsedMessage) (bool, *tss.Error) { - // ValidateBasic is cheap; double-check the message here in case the public StoreMessage was called externally - if ok, err := p.ValidateMessage(msg); !ok || err != nil { - return ok, err - } - fromPIdx := msg.GetFrom().Index - - // switch/case is necessary to store any messages beyond current round - // this does not handle message replays. we expect the caller to apply replay and spoofing protection. - switch msg.Content().(type) { - case *SignRound1Message1: - p.temp.signRound1Message1s[fromPIdx] = msg - case *SignRound1Message2: - p.temp.signRound1Message2s[fromPIdx] = msg - case *SignRound2Message: - r2msg := msg.Content().(*SignRound2Message) - toPIdx := r2msg.UnmarshalRecipient() - p.temp.signRound2Messages[fromPIdx][toPIdx] = msg - case *SignRound3Message: - p.temp.signRound3Messages[fromPIdx] = msg - case *SignRound4Message: - p.temp.signRound4Messages[fromPIdx] = msg - case *SignRound5Message: - p.temp.signRound5Messages[fromPIdx] = msg - default: // unrecognised message, just ignore! - common.Logger.Warningf("unrecognised message ignored: %v", msg) - return false, nil - } - return true, nil -} - -func (p *LocalParty) PartyID() *tss.PartyID { - return p.params.PartyID() -} - -func (p *LocalParty) String() string { - return fmt.Sprintf("id: %s, %s", p.PartyID(), p.BaseParty.String()) -} diff --git a/ecdsa/accsigning/messages.go b/ecdsa/accsigning/messages.go deleted file mode 100644 index 80249b8..0000000 --- a/ecdsa/accsigning/messages.go +++ /dev/null @@ -1,331 +0,0 @@ -package accsigning - -import ( - "crypto/elliptic" - "math/big" - "strconv" - - "github.com/bnb-chain/tss-lib/common" - "github.com/bnb-chain/tss-lib/crypto" - "github.com/bnb-chain/tss-lib/crypto/zkproofs" - "github.com/bnb-chain/tss-lib/tss" -) - -var ( - // Ensure that signing messages implement ValidateBasic - _ = []tss.MessageContent{ - (*SignRound1Message1)(nil), - (*SignRound1Message2)(nil), - (*SignRound2Message)(nil), - (*SignRound3Message)(nil), - (*SignRound4Message)(nil), - } -) - -func NewSignRound1Message1( - to, from *tss.PartyID, - proofAlice *zkproofs.EncProof, - proofXgamma *zkproofs.EncProof, - proofXkw *zkproofs.MulStarProof, -) tss.ParsedMessage { - meta := tss.MessageRouting{ - From: from, - To: []*tss.PartyID{to}, - IsBroadcast: false, - } - pa := proofAlice.Bytes() - pXg := proofXgamma.Bytes() - pXkw := proofXkw.Bytes() - content := &SignRound1Message1{ - RangeProofAlice: pa[:], - ProofXGamma: pXg[:], - ProofXKw: pXkw[:], - } - msg := tss.NewMessageWrapper(meta, content) - return tss.NewMessage(meta, content, msg) -} - -func (m *SignRound1Message1) ValidateBasic() bool { - return m != nil && - common.NonEmptyMultiBytes(m.GetRangeProofAlice(), zkproofs.EncProofParts) && - common.NonEmptyMultiBytes(m.GetProofXGamma(), zkproofs.EncProofParts) && - common.NonEmptyMultiBytes(m.GetProofXKw(), zkproofs.MulStarProofParts) -} - -func (m *SignRound1Message1) UnmarshalRangeProofAlice() (*zkproofs.EncProof, error) { - proof, err := new(zkproofs.EncProof).ProofFromBytes(nil, m.GetRangeProofAlice()) - if err != nil { - return nil, err - } - return proof.(*zkproofs.EncProof), nil -} - -func (m *SignRound1Message1) UnmarshalProofXGamma() (*zkproofs.EncProof, error) { - proof, err := new(zkproofs.EncProof).ProofFromBytes(nil, m.GetProofXGamma()) - if err != nil { - return nil, err - } - return proof.(*zkproofs.EncProof), nil -} - -func (m *SignRound1Message1) UnmarshalProofXKw(ec elliptic.Curve) (*zkproofs.MulStarProof, error) { - var proofInBytes [][]byte = m.GetProofXKw() - np, err := new(zkproofs.MulStarProof).ProofFromBytes(ec, proofInBytes) - if err != nil { - return nil, err - } - - newProof := np.(*zkproofs.MulStarProof) - return newProof, nil -} - -func NewSignRound1Message2( - from *tss.PartyID, - cA, xgamma, xkgamma, xkw *big.Int, - proofXkgamma *zkproofs.MulProof, -) tss.ParsedMessage { - meta := tss.MessageRouting{ - From: from, - IsBroadcast: true, - } - pXkg := proofXkgamma.Bytes() - content := &SignRound1Message2{ - CA: cA.Bytes(), - XGamma: xgamma.Bytes(), - XKgamma: xkgamma.Bytes(), - XKw: xkw.Bytes(), - ProofXKgamma: pXkg[:], - } - msg := tss.NewMessageWrapper(meta, content) - return tss.NewMessage(meta, content, msg) -} - -func (m *SignRound1Message2) ValidateBasic() bool { - return m != nil && - common.NonEmptyBytes(m.GetCA()) && - common.NonEmptyBytes(m.GetXGamma()) && - common.NonEmptyBytes(m.GetXKgamma()) && - common.NonEmptyBytes(m.GetXKw()) && - common.NonEmptyMultiBytes(m.GetProofXKgamma(), zkproofs.MulProofParts) -} - -func (m *SignRound1Message2) UnmarshalCA() *big.Int { - return new(big.Int).SetBytes(m.GetCA()) -} - -func (m *SignRound1Message2) UnmarshalXGamma() *big.Int { - return new(big.Int).SetBytes(m.GetXGamma()) -} - -func (m *SignRound1Message2) UnmarshalXKGamma() *big.Int { - return new(big.Int).SetBytes(m.GetXKgamma()) -} - -func (m *SignRound1Message2) UnmarshalXKw() *big.Int { - return new(big.Int).SetBytes(m.GetXKw()) -} - -func (m *SignRound1Message2) UnmarshalProofXKgamma() (*zkproofs.MulProof, error) { - return zkproofs.MulProofFromBytes(m.GetProofXKgamma()) -} - -func NewSignRound2Message( - recipient, from *tss.PartyID, - cAlpha, cBeta, cBetaPrm, cMu, cNu, cNuPrm *big.Int, - proofP []*zkproofs.AffPProof, - proofDL []*zkproofs.AffGProof, - proofDecBeta []*zkproofs.DecProof, - proofDecNu []*zkproofs.DecProof, -) tss.ParsedMessage { - meta := tss.MessageRouting{ - From: from, - IsBroadcast: true, - } - pP := zkproofs.ProofArrayToBytes(proofP) - pDL := zkproofs.ProofArrayToBytes(proofDL) - dBeta := zkproofs.ProofArrayToBytes(proofDecBeta) - dNu := zkproofs.ProofArrayToBytes(proofDecNu) - content := &SignRound2Message{ - Recipient: []byte(strconv.Itoa(recipient.Index)), - CAlpha: cAlpha.Bytes(), - CBeta: cBeta.Bytes(), - CBetaPrm: cBetaPrm.Bytes(), - CMu: cMu.Bytes(), - CNu: cNu.Bytes(), - CNuPrm: cNuPrm.Bytes(), - ProofP: pP[:], - ProofDl: pDL[:], - ProofBeta: dBeta[:], - ProofNu: dNu[:], - } - msg := tss.NewMessageWrapper(meta, content) - return tss.NewMessage(meta, content, msg) -} - -func (m *SignRound2Message) ValidateBasic() bool { - return m != nil && - common.NonEmptyBytes(m.GetRecipient()) && - common.NonEmptyBytes(m.GetCAlpha()) && - common.NonEmptyBytes(m.GetCBetaPrm()) && - common.NonEmptyBytes(m.GetCBeta()) && - common.NonEmptyBytes(m.GetCMu()) && - common.NonEmptyBytes(m.GetCNu()) && - common.NonEmptyBytes(m.GetCNuPrm()) -} - -func (m *SignRound2Message) UnmarshalRecipient() int { - x, err := strconv.Atoi(string(m.GetRecipient())) - if err != nil { - return -1 - } - return x -} - -func (m *SignRound2Message) UnmarshalCAlpha() *big.Int { - return new(big.Int).SetBytes(m.GetCAlpha()) -} - -func (m *SignRound2Message) UnmarshalCBeta() *big.Int { - return new(big.Int).SetBytes(m.GetCBeta()) -} - -func (m *SignRound2Message) UnmarshalCBetaPrm() *big.Int { - return new(big.Int).SetBytes(m.GetCBetaPrm()) -} - -func (m *SignRound2Message) UnmarshalCMu() *big.Int { - return new(big.Int).SetBytes(m.GetCMu()) -} - -func (m *SignRound2Message) UnmarshalCNu() *big.Int { - return new(big.Int).SetBytes(m.GetCNu()) -} - -func (m *SignRound2Message) UnmarshalCNuPrm() *big.Int { - return new(big.Int).SetBytes(m.GetCNuPrm()) -} - -func (m *SignRound2Message) UnmarshalProofP() ([]*zkproofs.AffPProof, error) { - return zkproofs.ProofArrayFromBytes[*zkproofs.AffPProof](nil, m.GetProofP()) -} - -func (m *SignRound2Message) UnmarshalProofDL(ec elliptic.Curve) ([]*zkproofs.AffGProof, error) { - return zkproofs.ProofArrayFromBytes[*zkproofs.AffGProof](ec, m.GetProofDl()) -} - -func (m *SignRound2Message) UnmarshalProofBeta(ec elliptic.Curve) ([]*zkproofs.DecProof, error) { - return zkproofs.ProofArrayFromBytes[*zkproofs.DecProof](ec, m.GetProofBeta()) -} - -func (m *SignRound2Message) UnmarshalProofNu(ec elliptic.Curve) ([]*zkproofs.DecProof, error) { - return zkproofs.ProofArrayFromBytes[*zkproofs.DecProof](ec, m.GetProofNu()) -} - -func NewSignRound3Message( - from *tss.PartyID, - delta *big.Int, - d *big.Int, - proof []*zkproofs.DecProof, -) tss.ParsedMessage { - meta := tss.MessageRouting{ - From: from, - IsBroadcast: true, - } - pP := zkproofs.ProofArrayToBytes(proof) - content := &SignRound3Message{ - Delta: delta.Bytes(), - D: d.Bytes(), - Proof: pP[:], - } - msg := tss.NewMessageWrapper(meta, content) - return tss.NewMessage(meta, content, msg) -} - -func (m *SignRound3Message) ValidateBasic() bool { - return m != nil && - common.NonEmptyBytes(m.GetDelta()) && - common.NonEmptyBytes(m.GetD()) -} - -func (m *SignRound3Message) UnmarshalDelta() *big.Int { - return new(big.Int).SetBytes(m.GetDelta()) -} - -func (m *SignRound3Message) UnmarshalD() *big.Int { - return new(big.Int).SetBytes(m.GetD()) -} - -func (m *SignRound3Message) UnmarshalProof(ec elliptic.Curve) ([]*zkproofs.DecProof, error) { - return zkproofs.ProofArrayFromBytes[*zkproofs.DecProof](ec, m.GetProof()) -} - -func NewSignRound4Message( - from *tss.PartyID, - Gamma *crypto.ECPoint, - proof []*zkproofs.LogStarProof, -) tss.ParsedMessage { - meta := tss.MessageRouting{ - From: from, - IsBroadcast: true, - } - pP := zkproofs.ProofArrayToBytes(proof) - pGamma := [][]byte{Gamma.X().Bytes(), Gamma.Y().Bytes()} - content := &SignRound4Message{ - Gamma: pGamma[:], - Proof: pP[:], - } - msg := tss.NewMessageWrapper(meta, content) - return tss.NewMessage(meta, content, msg) -} - -func (m *SignRound4Message) ValidateBasic() bool { - return m != nil -} - -func (m *SignRound4Message) UnmarshalGamma(ec elliptic.Curve) (*crypto.ECPoint, error) { - bzs := m.GetGamma() - Gamma, err := crypto.NewECPoint( - ec, - new(big.Int).SetBytes(bzs[0]), - new(big.Int).SetBytes(bzs[1]), - ) - if err != nil { - return Gamma, err - } - return Gamma, nil -} - -func (m *SignRound4Message) UnmarshalProof(ec elliptic.Curve) ([]*zkproofs.LogStarProof, error) { - return zkproofs.ProofArrayFromBytes[*zkproofs.LogStarProof](ec, m.GetProof()) -} - -func NewSignRound5Message( - from *tss.PartyID, - s *big.Int, - proof []*zkproofs.DecProof, -) tss.ParsedMessage { - meta := tss.MessageRouting{ - From: from, - IsBroadcast: true, - } - pP := zkproofs.ProofArrayToBytes(proof) - content := &SignRound5Message{ - S: s.Bytes(), - Proof: pP[:], - } - msg := tss.NewMessageWrapper(meta, content) - return tss.NewMessage(meta, content, msg) -} - -func (m *SignRound5Message) ValidateBasic() bool { - return m != nil && - common.NonEmptyBytes(m.GetS()) -} - -func (m *SignRound5Message) UnmarshalS() *big.Int { - return new(big.Int).SetBytes(m.GetS()) -} - -func (m *SignRound5Message) UnmarshalProof(ec elliptic.Curve) ([]*zkproofs.DecProof, error) { - return zkproofs.ProofArrayFromBytes[*zkproofs.DecProof](ec, m.GetProof()) -} diff --git a/ecdsa/accsigning/round_1.go b/ecdsa/accsigning/round_1.go deleted file mode 100644 index bf702e2..0000000 --- a/ecdsa/accsigning/round_1.go +++ /dev/null @@ -1,209 +0,0 @@ -// Copyright 2023 Circle - -package accsigning - -import ( - "errors" - "fmt" - "math/big" - - "github.com/bnb-chain/tss-lib/common" - "github.com/bnb-chain/tss-lib/crypto" - "github.com/bnb-chain/tss-lib/crypto/accmta" - "github.com/bnb-chain/tss-lib/crypto/zkproofs" - "github.com/bnb-chain/tss-lib/ecdsa/keygen" - "github.com/bnb-chain/tss-lib/ecdsa/signing" - "github.com/bnb-chain/tss-lib/tss" -) - -var ( - zero = big.NewInt(0) -) - -func newRound1(params *tss.Parameters, key *keygen.LocalPartySaveData, data *common.SignatureData, temp *localTempData, out chan<- tss.Message, end chan<- common.SignatureData) tss.Round { - return &round1{ - &base{params, key, data, temp, out, end, make([]bool, len(params.Parties().IDs())), false, 1}} -} - -func (round *round1) Start() *tss.Error { - if round.started { - return round.WrapError(errors.New("round already started")) - } - - round.number = 1 - round.started = true - round.resetOK() - i := round.PartyID().Index - round.ok[i] = true - - paillierPK := round.key.PaillierSK.PublicKey - q := round.Params().EC().Params().N - - k := common.GetRandomPositiveInt(q) - cA, rA, err := paillierPK.EncryptAndReturnRandomness(k) - if err != nil { - return round.WrapError(fmt.Errorf("failed to init round1: %v", err)) - } - - gamma := common.GetRandomPositiveInt(q) - Xgamma, rhoxgamma, err := paillierPK.EncryptAndReturnRandomness(gamma) - if err != nil { - return round.WrapError(fmt.Errorf("failed to init round1: %v", err)) - } - witnessXgamma := &zkproofs.EncWitness{ - K: gamma, - Rho: rhoxgamma, - } - statementXgamma := &zkproofs.EncStatement{ - EC: round.Params().EC(), - N0: paillierPK.N, - K: Xgamma, - } - - // Xkgamma = Xk^gamma rhoxkgamma^N mod N2 - // C = Y^gamma * rhoxkgamma^N mod N2 - Xkgamma, rhoxkgamma, err := paillierPK.HomoMultAndReturnRandomness(gamma, cA) - if err != nil { - return round.WrapError(fmt.Errorf("failed to init round1: %v", err)) - } - witnessXkgamma := &zkproofs.MulWitness{ - X: gamma, - Rho: rhoxkgamma, - Rhox: rhoxgamma, - } - statementXkgamma := &zkproofs.MulStatement{ - N: paillierPK.N, - X: Xgamma, - Y: cA, - C: Xkgamma, - } - - bigW := round.temp.bigWs[round.PartyID().Index] - Xkw, rhokw, err := paillierPK.HomoMultAndReturnRandomness(round.temp.w, cA) - if err != nil { - return round.WrapError(fmt.Errorf("failed to get init round1")) - } - // C = Encrypt(k) - // X = bigW = g^w - // D = C^x rho^N0 mod N02 - witnessXkw := &zkproofs.MulStarWitness{ - X: round.temp.w, - Rho: rhokw, - } - statementXkw := &zkproofs.MulStarStatement{ - Ell: zkproofs.GetEll(round.Params().EC()), - N0: paillierPK.N, - C: cA, - D: Xkw, - X: bigW, - } - - // save data for later in round.temp - round.temp.k = k - round.temp.gamma = gamma - round.temp.rhoxgamma = rhoxgamma - round.temp.Xgamma[i] = Xgamma - round.temp.Xkgamma[i] = Xkgamma - round.temp.Xkw[i] = Xkw - round.temp.cA[i] = cA - round.temp.pointGamma[i] = crypto.ScalarBaseMult(round.Params().EC(), gamma) - - // P2P messages - rpVs := round.key.GetAllRingPedersen() - rpVs[i] = nil - _, proofAlice, err := accmta.AliceInit( - round.Params().EC(), - round.key.PaillierPKs[i], - k, rA, - rpVs, - ) - if err != nil { - return round.WrapError(fmt.Errorf("failed to init mta: %v", err)) - } - - for j, Pj := range round.Parties().IDs() { - if j == i { - continue - } - proofXgamma, err := zkproofs.NewEncProof(witnessXgamma, statementXgamma, rpVs[j]) - if err != nil { - return round.WrapError(fmt.Errorf("failed to create proof Xgamma: %v", err)) - } - proofXkw := zkproofs.NewMulStarProof(witnessXkw, statementXkw, rpVs[j]) - r1msg1 := NewSignRound1Message1( - Pj, round.PartyID(), - proofAlice[j], - proofXgamma, proofXkw, - ) - round.out <- r1msg1 - } - - // broadcast - proofXkgamma := zkproofs.NewMulProof(witnessXkgamma, statementXkgamma) - r1msg2 := NewSignRound1Message2(round.PartyID(), cA, Xgamma, Xkgamma, Xkw, proofXkgamma) - round.temp.signRound1Message2s[i] = r1msg2 - round.out <- r1msg2 - - return nil -} - -func (round *round1) Update() (bool, *tss.Error) { - for j, msg1 := range round.temp.signRound1Message1s { - if round.ok[j] { - continue - } - if msg1 == nil || !round.CanAccept(msg1) { - return false, nil - } - msg2 := round.temp.signRound1Message2s[j] - if msg2 == nil || !round.CanAccept(msg2) { - return false, nil - } - round.ok[j] = true - } - return true, nil -} - -func (round *round1) CanAccept(msg tss.ParsedMessage) bool { - if _, ok := msg.Content().(*SignRound1Message1); ok { - return !msg.IsBroadcast() - } - if _, ok := msg.Content().(*SignRound1Message2); ok { - return msg.IsBroadcast() - } - return false -} - -func (round *round1) NextRound() tss.Round { - round.started = false - return &round2{round} -} - -// ----- // - -// helper to call into PrepareForSigning() -func (round *round1) prepare() error { - i := round.PartyID().Index - - xi := round.key.Xi - ks := round.key.Ks - bigXs := round.key.BigXj - - if round.temp.keyDerivationDelta != nil { - // adding the key derivation delta to the xi's - // Suppose x has shamir shares x_0, x_1, ..., x_n - // So x + D has shamir shares x_0 + D, x_1 + D, ..., x_n + D - mod := common.ModInt(round.Params().EC().Params().N) - xi = mod.Add(round.temp.keyDerivationDelta, xi) - round.key.Xi = xi - } - - if round.Threshold()+1 > len(ks) { - return fmt.Errorf("t+1=%d is not satisfied by the key count of %d", round.Threshold()+1, len(ks)) - } - wi, bigWs := signing.PrepareForSigning(round.Params().EC(), i, len(ks), xi, ks, bigXs) - - round.temp.w = wi - round.temp.bigWs = bigWs - return nil -} diff --git a/ecdsa/accsigning/round_2.go b/ecdsa/accsigning/round_2.go deleted file mode 100644 index 6601284..0000000 --- a/ecdsa/accsigning/round_2.go +++ /dev/null @@ -1,273 +0,0 @@ -// Copyright 2023 Circle - -package accsigning - -import ( - "errors" - "fmt" - "sync" - - "github.com/bnb-chain/tss-lib/crypto/accmta" - "github.com/bnb-chain/tss-lib/crypto/zkproofs" - "github.com/bnb-chain/tss-lib/tss" -) - -func (round *round2) Start() *tss.Error { - if round.started { - return round.WrapError(errors.New("round already started")) - } - round.number = 2 - round.started = true - round.resetOK() - - i := round.PartyID().Index - round.ok[i] = true - - partyCount := len(round.Parties().IDs()) - proofP := Make2DSlice[*zkproofs.AffPProof](partyCount) - proofDL := Make2DSlice[*zkproofs.AffGProof](partyCount) - proofBeta := Make2DSlice[*zkproofs.DecProof](partyCount) - proofNu := Make2DSlice[*zkproofs.DecProof](partyCount) - - errChs := make(chan *tss.Error, (len(round.Parties().IDs())-1)*3) - wg := sync.WaitGroup{} - for j, Pj := range round.Parties().IDs() { - if j == i { - continue - } - - wg.Add(2) - go round.BobRespondsP(j, Pj, proofP, proofBeta, &wg, errChs) - go round.BobRespondsDL(j, Pj, proofDL, proofNu, &wg, errChs) - } - wg.Add(1) - go func() { - defer wg.Done() - round.VerifyRound1Messages(errChs) - }() - wg.Wait() - close(errChs) - err := round.WrapErrorChs(round.PartyID(), errChs, "Failed to verify round 4 messages") - if err != nil { - return err - } - - for j, Pj := range round.Parties().IDs() { - if j == i { - continue - } - - r2msg := NewSignRound2Message( - Pj, round.PartyID(), - round.temp.cAlpha[i][j], - round.temp.cBeta[i][j], - round.temp.cBetaPrm[i][j], - round.temp.cMu[i][j], - round.temp.cNu[i][j], - round.temp.cNuPrm[i][j], - proofP[j], proofDL[j], - proofBeta[j], proofNu[j]) - round.out <- r2msg - } - return nil -} - -func (round *round2) VerifyRound1Messages(errChs chan *tss.Error) { - wg := sync.WaitGroup{} - i := round.PartyID().Index - for j, Pj := range round.Parties().IDs() { - if i == j { - continue - } - wg.Add(1) - go func(j int, Pj *tss.PartyID) { - defer wg.Done() - round.VerifyRound1Message(j, Pj, errChs) - }(j, Pj) - } - wg.Wait() -} - -func (round *round2) VerifyRound1Message(j int, Pj *tss.PartyID, errChs chan *tss.Error) { - i := round.PartyID().Index - - r1msg1 := round.temp.signRound1Message1s[j].Content().(*SignRound1Message1) - proofXgamma, err := r1msg1.UnmarshalProofXGamma() - if err != nil { - errChs <- round.WrapError(fmt.Errorf("error parsing r1msg1[%d]", j)) - return - } - proofXkw, err := r1msg1.UnmarshalProofXKw(round.Params().EC()) - if err != nil { - errChs <- round.WrapError(fmt.Errorf("error parsing r1msg1[%d]", j)) - return - } - r1msg2 := round.temp.signRound1Message2s[j].Content().(*SignRound1Message2) - round.temp.cA[j] = r1msg2.UnmarshalCA() - proofXkgamma, err := r1msg2.UnmarshalProofXKgamma() - if err != nil { - errChs <- round.WrapError(fmt.Errorf("error parsing r1msg1[%d]", j)) - return - } - round.temp.Xgamma[j] = r1msg2.UnmarshalXGamma() - round.temp.Xkgamma[j] = r1msg2.UnmarshalXKGamma() - round.temp.Xkw[j] = r1msg2.UnmarshalXKw() - rp := round.key.GetRingPedersen(i) - - paillierPK := round.key.PaillierPKs[j] - bigW := round.temp.bigWs[j] - statementXgamma := &zkproofs.EncStatement{ - EC: round.Params().EC(), - N0: paillierPK.N, - K: round.temp.Xgamma[j], - } - statementXkgamma := &zkproofs.MulStatement{ - N: paillierPK.N, - X: round.temp.Xgamma[j], - Y: round.temp.cA[j], - C: round.temp.Xkgamma[j], - } - statementXkw := &zkproofs.MulStarStatement{ - Ell: zkproofs.GetEll(round.Params().EC()), - N0: paillierPK.N, - C: round.temp.cA[j], - D: round.temp.Xkw[j], - X: bigW, - } - - if !proofXgamma.Verify(statementXgamma, rp) || - !proofXkgamma.Verify(statementXkgamma) || - !proofXkw.Verify(statementXkw, rp) { - errChs <- round.WrapError(fmt.Errorf("Failed to verify proofs from [%d]", j)) - return - } - return -} - -func (round *round2) BobRespondsP(j int, Pj *tss.PartyID, proofP [][]*zkproofs.AffPProof, proofBeta [][]*zkproofs.DecProof, wg *sync.WaitGroup, errChs chan *tss.Error) { - defer wg.Done() - i := round.PartyID().Index - if round.temp.signRound1Message1s[j] == nil { - errChs <- round.WrapError(fmt.Errorf("nil round1message1[%d]", j)) - return - } - r2msg := round.temp.signRound1Message2s[j].Content().(*SignRound1Message2) - cA := r2msg.UnmarshalCA() - - r1msg := round.temp.signRound1Message1s[j].Content().(*SignRound1Message1) - rangeProofAliceJ, err := r1msg.UnmarshalRangeProofAlice() - if err != nil { - errChs <- round.WrapError(fmt.Errorf("UnmarshalRangeProofAlice failed."), Pj) - return - } - - ringPedersenBobI := round.key.GetRingPedersen(i) - rpVs := round.key.GetAllRingPedersen() - rpVs[i] = nil - beta, cAlpha, cBeta, cBetaPrm, proofs, decProofs, err := accmta.BobRespondsP( - round.Params().EC(), - // Alice's public key - round.key.PaillierPKs[j], - // Bob's private key - round.key.PaillierSK, - // Alice's proof - rangeProofAliceJ, - // Bob's encrypted secret gamma - round.temp.Xgamma[i], - // Alice's encryption of a under pkA - cA, - // Verifier's Ring Pedersen parameters - rpVs, - // Bob's Ring Pedersen parameters - ringPedersenBobI, - ) - if err != nil { - errChs <- round.WrapError(err, Pj) - } - - // should be thread safe as these are pre-allocated - round.temp.beta[j] = beta - round.temp.cAlpha[i][j] = cAlpha - round.temp.cBeta[i][j] = cBeta - round.temp.cBetaPrm[i][j] = cBetaPrm - proofP[j] = proofs - proofBeta[j] = decProofs -} - -// BobRespondsDL on share k*w, Bob's secret is w -func (round *round2) BobRespondsDL(j int, Pj *tss.PartyID, proofDL [][]*zkproofs.AffGProof, proofNu [][]*zkproofs.DecProof, wg *sync.WaitGroup, errChs chan *tss.Error) { - defer wg.Done() - i := round.PartyID().Index - r2msg := round.temp.signRound1Message2s[j].Content().(*SignRound1Message2) - cA := r2msg.UnmarshalCA() - - r1msg := round.temp.signRound1Message1s[j].Content().(*SignRound1Message1) - rangeProofAliceJ, err := r1msg.UnmarshalRangeProofAlice() - if err != nil { - errChs <- round.WrapError(fmt.Errorf("UnmarshalRangeProofAlice failed"), Pj) - return - } - - ringPedersenBobI := round.key.GetRingPedersen(i) - rpVs := round.key.GetAllRingPedersen() - rpVs[i] = nil - nu, cMu, cNu, cNuPrm, proofs, decProofs, err := accmta.BobRespondsDL( - round.Params().EC(), - // Alice's public key - round.key.PaillierPKs[j], - // Bob's public key - round.key.PaillierSK, - // Alice's proof - rangeProofAliceJ, - // Bob's secret - round.temp.w, - // Alice's encryption of a under pkA - cA, - // Verifier's Ring Pedersen parameters - rpVs, - // Bob's Ring Pedersen parameters - ringPedersenBobI, - // DL commitment to Bob's input b - round.temp.bigWs[i], - ) - if err != nil { - errChs <- round.WrapError(err, Pj) - } - - round.temp.nu[j] = nu - round.temp.cMu[i][j] = cMu - round.temp.cNu[i][j] = cNu - round.temp.cNuPrm[i][j] = cNuPrm - proofDL[j] = proofs - proofNu[j] = decProofs -} - -func (round *round2) Update() (bool, *tss.Error) { - for i, msgArray := range round.temp.signRound2Messages { - for j, msg := range msgArray { - if i == j || i == round.PartyID().Index { - continue - } - if round.ok[j] { - continue - } - if msg == nil || !round.CanAccept(msg) { - return false, nil - } - } - round.ok[i] = true - } - return true, nil -} - -func (round *round2) CanAccept(msg tss.ParsedMessage) bool { - if _, ok := msg.Content().(*SignRound2Message); ok { - return msg.IsBroadcast() - } - return false -} - -func (round *round2) NextRound() tss.Round { - round.started = false - return &round3{round} -} diff --git a/ecdsa/accsigning/round_3.go b/ecdsa/accsigning/round_3.go deleted file mode 100644 index 1d6ab2a..0000000 --- a/ecdsa/accsigning/round_3.go +++ /dev/null @@ -1,369 +0,0 @@ -// Copyright 2023 Circle - -package accsigning - -import ( - "errors" - "fmt" - "math/big" - "sync" - - "github.com/bnb-chain/tss-lib/common" - "github.com/bnb-chain/tss-lib/crypto/accmta" - "github.com/bnb-chain/tss-lib/crypto/zkproofs" - "github.com/bnb-chain/tss-lib/tss" -) - -func (round *round3) Start() *tss.Error { - if round.started { - return round.WrapError(errors.New("round already started")) - } - round.number = 3 - round.started = true - round.resetOK() - - i := round.PartyID().Index - - partyCount := len(round.Parties().IDs()) - errChs := make(chan *tss.Error, partyCount*partyCount*3) - wg := sync.WaitGroup{} - for sender, _ := range round.Parties().IDs() { - if sender == i { - continue - } - wg.Add(2) - go round.AliceEndP(sender, &wg, errChs) - go round.AliceEndDL(sender, &wg, errChs) - } - wg.Add(1) - go func() { - defer wg.Done() - round.VerifyRound2Messages(errChs) - }() - wg.Wait() - close(errChs) - err := round.WrapErrorChs(round.PartyID(), errChs, "Failed to process round 2 messages") - if err != nil { - return err - } - - d, proofs, err := round.ComputeProofs() - if err != nil { - return err - } - - r3msg := NewSignRound3Message( - round.PartyID(), - round.temp.delta[i], - d, - proofs, - ) - round.temp.signRound3Messages[i] = r3msg - round.out <- r3msg - - return nil -} - -func (round *round3) VerifyRound2Messages(errChs chan *tss.Error) { - i := round.PartyID().Index - wg := sync.WaitGroup{} - for sender, _ := range round.Parties().IDs() { - for recipient, _ := range round.Parties().IDs() { - if sender == recipient || sender == i { - continue - } - wg.Add(1) - go func(sender, recipient int, errChs chan *tss.Error) { - defer wg.Done() - round.VerifyRound2Message(sender, recipient, errChs) - }(sender, recipient, errChs) - } - } - wg.Wait() -} - -func (round *round3) VerifyRound2Message(sender, recipient int, errChs chan *tss.Error) { - verifier := round.PartyID().Index - - r2msg := round.temp.signRound2Messages[sender][recipient].Content().(*SignRound2Message) - if recipient != r2msg.UnmarshalRecipient() { - errChs <- round.WrapError(fmt.Errorf("improper message [%d][%d]", sender, recipient)) - return - } - - proofPs, err := r2msg.UnmarshalProofP() - if err != nil || len(proofPs) <= verifier { - errChs <- round.WrapError(fmt.Errorf("error getting proofP [%d][%d]", sender, recipient)) - return - } - proofP := proofPs[verifier] - - round.temp.cAlpha[sender][recipient] = r2msg.UnmarshalCAlpha() - round.temp.cBetaPrm[sender][recipient] = r2msg.UnmarshalCBetaPrm() - ok := accmta.AliceVerifyP( - round.Params().EC(), - round.key.PaillierPKs[recipient], - round.key.PaillierPKs[sender], - proofP, - round.temp.cA[recipient], - round.temp.cAlpha[sender][recipient], - round.temp.cBetaPrm[sender][recipient], - round.temp.Xgamma[sender], - round.key.GetRingPedersen(verifier), - ) - if !ok { - errChs <- round.WrapError(fmt.Errorf("failed to verify proofP [%d][%d][%d]", sender, recipient, verifier)) - return - } - - round.temp.cBeta[sender][recipient] = r2msg.UnmarshalCBeta() - proofBeta, err := r2msg.UnmarshalProofBeta(round.Params().EC()) - if err != nil { - errChs <- round.WrapError(fmt.Errorf("failed to parse proofBeta [%d][%d][%d]", sender, recipient, verifier)) - return - } - ok = accmta.DecProofVerify( - round.key.PaillierPKs[sender], - round.Params().EC(), - proofBeta[verifier], - round.temp.cBeta[sender][recipient], - round.temp.cBetaPrm[sender][recipient], - round.key.GetRingPedersen(verifier), - ) - if !ok { - errChs <- round.WrapError(fmt.Errorf("failed to verify proofBeta [%d][%d][%d]", sender, recipient, verifier)) - return - } - - proofDLs, err := r2msg.UnmarshalProofDL(round.Params().EC()) - if err != nil || len(proofDLs) <= verifier { - errChs <- round.WrapError(fmt.Errorf("error getting proofDL [%d][%d]", sender, recipient)) - return - } - proofDL := proofDLs[verifier] - - round.temp.cMu[sender][recipient] = r2msg.UnmarshalCMu() - round.temp.cNuPrm[sender][recipient] = r2msg.UnmarshalCNuPrm() - ok = accmta.AliceVerifyDL( - round.Params().EC(), - round.key.PaillierPKs[recipient], - round.key.PaillierPKs[sender], - proofDL, - round.temp.cA[recipient], - round.temp.cMu[sender][recipient], - round.temp.cNuPrm[sender][recipient], - round.temp.bigWs[sender], - round.key.GetRingPedersen(verifier), - ) - if !ok { - errChs <- round.WrapError(fmt.Errorf("failed to verify proofDL [%d][%d][%d]", sender, recipient, verifier)) - return - } - - round.temp.cNu[sender][recipient] = r2msg.UnmarshalCNu() - proofNu, err := r2msg.UnmarshalProofNu(round.Params().EC()) - if err != nil { - errChs <- round.WrapError(fmt.Errorf("failed to parse proofNu [%d][%d][%d]", sender, recipient, verifier)) - return - } - ok = accmta.DecProofVerify( - round.key.PaillierPKs[sender], - round.Params().EC(), - proofNu[verifier], - round.temp.cNu[sender][recipient], - round.temp.cNuPrm[sender][recipient], - round.key.GetRingPedersen(verifier), - ) - if !ok { - errChs <- round.WrapError(fmt.Errorf("failed to verify proofNu [%d][%d][%d]", sender, recipient, verifier)) - return - } - -} - -func (round *round3) AliceEndP(sender int, wg *sync.WaitGroup, errChs chan *tss.Error) { - defer wg.Done() - i := round.PartyID().Index - r2msg := round.temp.signRound2Messages[sender][i].Content().(*SignRound2Message) - proofPs, err := r2msg.UnmarshalProofP() - if err != nil || len(proofPs) <= i { - errChs <- round.WrapError(fmt.Errorf("error parsing proofP [%d][%d] %v len %d\n", sender, i, err, len(proofPs))) - return - } - proofP := proofPs[i] - proofBetas, err := r2msg.UnmarshalProofBeta(round.Params().EC()) - if err != nil || len(proofBetas) <= i || proofBetas[i] == nil { - errChs <- round.WrapError(fmt.Errorf("error parsing proofBetas [%d][%d]", sender, i)) - return - } - proofBeta := proofBetas[i] - round.temp.cAlpha[sender][i] = r2msg.UnmarshalCAlpha() - round.temp.cBeta[sender][i] = r2msg.UnmarshalCBeta() - round.temp.cBetaPrm[sender][i] = r2msg.UnmarshalCBetaPrm() - cB := round.temp.Xgamma[sender] - alphaIj, err := accmta.AliceEndP( - round.Params().EC(), - round.key.PaillierSK, - round.key.PaillierPKs[sender], - proofP, - proofBeta, - round.temp.cA[i], - round.temp.cAlpha[sender][i], - round.temp.cBeta[sender][i], - round.temp.cBetaPrm[sender][i], - cB, - round.key.GetRingPedersen(i), - ) - if err != nil { - errChs <- round.WrapError(fmt.Errorf("error getting alphaIJ [%d][%d] %v", sender, i, err)) - round.temp.alpha[sender] = big.NewInt(1) - return - } - round.temp.alpha[sender] = alphaIj -} - -func (round *round3) AliceEndDL(sender int, wg *sync.WaitGroup, errChs chan *tss.Error) { - defer wg.Done() - i := round.PartyID().Index - r2msg := round.temp.signRound2Messages[sender][i].Content().(*SignRound2Message) - proofDLs, err := r2msg.UnmarshalProofDL(round.Params().EC()) - if err != nil || len(proofDLs) <= i { - errChs <- round.WrapError(fmt.Errorf("error getting proofDL [%d][%d]", sender, i)) - return - } - proofDL := proofDLs[i] - proofNus, err := r2msg.UnmarshalProofNu(round.Params().EC()) - if err != nil || len(proofNus) <= i { - errChs <- round.WrapError(fmt.Errorf("error getting proofDL [%d][%d]", sender, i)) - return - } - proofNu := proofNus[i] - round.temp.cMu[sender][i] = r2msg.UnmarshalCMu() - round.temp.cNu[sender][i] = r2msg.UnmarshalCNu() - round.temp.cNuPrm[sender][i] = r2msg.UnmarshalCNuPrm() - - muIj, err := accmta.AliceEndDL( - round.Params().EC(), - round.key.PaillierSK, - round.key.PaillierPKs[sender], - proofDL, - proofNu, - round.temp.cA[i], - round.temp.cMu[sender][i], - round.temp.cNu[sender][i], - round.temp.cNuPrm[sender][i], - round.temp.bigWs[sender], - round.key.GetRingPedersen(i), - ) - if err != nil { - errChs <- round.WrapError(fmt.Errorf("error getting proofP [%d][%d]", sender, i)) - return - } - round.temp.mu[sender] = muIj -} - -func (round *round3) ComputeDs() { - for i, _ := range round.Parties().IDs() { - modN2 := common.ModInt(round.key.PaillierPKs[i].NSquare()) - Di := round.temp.Xkgamma[i] - if Di == nil { - return - } - for j := range round.Parties().IDs() { - if i == j { - continue - } - Di = modN2.Mul(Di, round.temp.cAlpha[j][i]) // encrypted under pki - Di = modN2.Mul(Di, round.temp.cBeta[i][j]) // encrypted under pki - } - round.temp.D[i] = Di - } -} - -func (round *round3) ComputeDelta() { - i := round.PartyID().Index - modQ := common.ModInt(round.Params().EC().Params().N) - delta := modQ.Mul(round.temp.k, round.temp.gamma) - for j := range round.Parties().IDs() { - if j == round.PartyID().Index { - continue - } - temp := modQ.Add(round.temp.alpha[j], round.temp.beta[j]) - delta = modQ.Add(delta, temp) - } - round.temp.delta[i] = delta -} - -func (round *round3) ComputeProofs() (*big.Int, []*zkproofs.DecProof, *tss.Error) { - round.ComputeDs() - round.ComputeDelta() - i := round.PartyID().Index - modQ := common.ModInt(round.Params().EC().Params().N) - - if round.temp.delta[i] == nil { - return nil, nil, round.WrapError(fmt.Errorf("%d could not compute Delta", i)) - } - - if round.temp.D[i] == nil { - return nil, nil, round.WrapError(fmt.Errorf("%d could not compute D", i)) - } - - ski := round.key.PaillierSK - d, rho, errd := ski.DecryptFull(round.temp.D[i]) - if errd != nil { - return nil, nil, round.WrapError(fmt.Errorf("could not decrypt D")) - } - - statement := &zkproofs.DecStatement{ - Q: round.Params().EC().Params().N, - Ell: zkproofs.GetEll(round.Params().EC()), - N0: ski.PublicKey.N, - C: round.temp.D[i], - X: modQ.Mod(d), - } - witness := &zkproofs.DecWitness{ - Y: d, - Rho: rho, - } - rpVs := round.key.GetAllRingPedersen() - rpVs[i] = nil - proofs := make([]*zkproofs.DecProof, len(rpVs)) - wg := sync.WaitGroup{} - for j, rp := range rpVs { - if j == i { - continue - } - wg.Add(1) - go func(j int, rp *zkproofs.RingPedersenParams) { - defer wg.Done() - proofs[j] = zkproofs.NewDecProof(witness, statement, rp) - }(j, rp) - } - wg.Wait() - return d, proofs, nil -} - -func (round *round3) Update() (bool, *tss.Error) { - for j, msg := range round.temp.signRound3Messages { - if round.ok[j] { - continue - } - if msg == nil || !round.CanAccept(msg) { - return false, nil - } - round.ok[j] = true - } - return true, nil -} - -func (round *round3) CanAccept(msg tss.ParsedMessage) bool { - if _, ok := msg.Content().(*SignRound3Message); ok { - return msg.IsBroadcast() - } - return false -} - -func (round *round3) NextRound() tss.Round { - round.started = false - return &round4{round} -} diff --git a/ecdsa/accsigning/round_4.go b/ecdsa/accsigning/round_4.go deleted file mode 100644 index ceff3f5..0000000 --- a/ecdsa/accsigning/round_4.go +++ /dev/null @@ -1,176 +0,0 @@ -// Copyright 2023 Circle - -package accsigning - -import ( - "errors" - "fmt" - "math/big" - "sync" - - "github.com/bnb-chain/tss-lib/common" - "github.com/bnb-chain/tss-lib/crypto/zkproofs" - "github.com/bnb-chain/tss-lib/tss" -) - -func (round *round4) Start() *tss.Error { - if round.started { - return round.WrapError(errors.New("round already started")) - } - round.number = 4 - round.started = true - round.resetOK() - - partyCount := len(round.Parties().IDs()) - errChs := make(chan *tss.Error, partyCount*partyCount*3) - round.VerifyRound3Messages(errChs) - close(errChs) - err := round.WrapErrorChs(round.PartyID(), errChs, "Failed to process round 3 messages") - if err != nil { - return err - } - - err = round.ComputeFinalDelta() - if err != nil { - return err - } - - proofs, err := round.ComputeProofs() - if err != nil { - return err - } - - i := round.PartyID().Index - r4msg := NewSignRound4Message(round.PartyID(), round.temp.pointGamma[i], proofs) - round.temp.signRound4Messages[i] = r4msg - round.out <- r4msg - - return nil -} - -func (round *round4) VerifyRound3Messages(errChs chan *tss.Error) { - wg := sync.WaitGroup{} - i := round.PartyID().Index - rp := round.key.GetRingPedersen(i) - q := round.Params().EC().Params().N - for j, _ := range round.Parties().IDs() { - if i == j { - continue - } - - wg.Add(1) - go func(sender int) { - defer wg.Done() - r3msg := round.temp.signRound3Messages[sender].Content().(*SignRound3Message) - proof, err := r3msg.UnmarshalProof(tss.EC()) - if err != nil { - errChs <- round.WrapError(errors.New(fmt.Sprintf("failed to parse proof from party %d.", sender))) - return - } - delta := r3msg.UnmarshalDelta() - if delta == nil { - errChs <- round.WrapError(errors.New(fmt.Sprintf("sender %d sent nil delta.", sender))) - return - } - d := r3msg.UnmarshalD() - if d == nil { - errChs <- round.WrapError(errors.New(fmt.Sprintf("sender %d sent nil d.", sender))) - return - } - pkj := round.key.PaillierPKs[sender] - if !common.ModInt(q).IsCongruent(delta, d) { - errChs <- round.WrapError(errors.New(fmt.Sprintf("sender %d sent delta /= d mod q.", sender))) - return - } - - statement := &zkproofs.DecStatement{ - Q: q, - Ell: zkproofs.GetEll(round.Params().EC()), - N0: pkj.N, - C: round.temp.D[sender], - X: delta, - } - if !proof[i].Verify(statement, rp) { - errChs <- round.WrapError(errors.New(fmt.Sprintf("failed to verify proof from party %d.", sender))) - return - } - round.temp.delta[sender] = delta - }(j) - } - wg.Wait() -} - -func (round *round4) ComputeFinalDelta() *tss.Error { - delta := big.NewInt(0) - modN := common.ModInt(round.Params().EC().Params().N) - for j, deltaJ := range round.temp.delta { - if deltaJ == nil { - return round.WrapError(errors.New(fmt.Sprintf("%d: nil delta[%d].", round.PartyID().Index, j))) - } - delta = modN.Add(delta, deltaJ) - } - round.temp.finalDeltaInv = modN.ModInverse(delta) - return nil -} - -func (round *round4) ComputeProofs() (proofs []*zkproofs.LogStarProof, err *tss.Error) { - wg := sync.WaitGroup{} - i := round.PartyID().Index - err = nil - statement := &zkproofs.LogStarStatement{ - Ell: zkproofs.GetEll(round.Params().EC()), - N0: round.key.PaillierSK.N, - C: round.temp.Xgamma[i], - X: round.temp.pointGamma[i], - } - witness := &zkproofs.LogStarWitness{ - X: round.temp.gamma, - Rho: round.temp.rhoxgamma, - } - - proofs = make([]*zkproofs.LogStarProof, len(round.Parties().IDs())) - rpVs := round.key.GetAllRingPedersen() - for j, rp := range rpVs { - if i == j { - continue - } - wg.Add(1) - go func(j int, rp *zkproofs.RingPedersenParams) { - defer wg.Done() - proofs[j] = zkproofs.NewLogStarProof(witness, statement, rp) - }(j, rp) - } - wg.Wait() - - for j, pf := range proofs { - if j != i && pf.IsNil() { - return proofs, round.WrapError(fmt.Errorf("Failed to create proof [%d]->[%d].", i, j)) - } - } - return proofs, nil -} - -func (round *round4) Update() (bool, *tss.Error) { - for j, msg := range round.temp.signRound4Messages { - if round.ok[j] { - continue - } - if msg == nil || !round.CanAccept(msg) { - return false, nil - } - round.ok[j] = true - } - return true, nil -} - -func (round *round4) CanAccept(msg tss.ParsedMessage) bool { - if _, ok := msg.Content().(*SignRound4Message); ok { - return msg.IsBroadcast() - } - return false -} - -func (round *round4) NextRound() tss.Round { - round.started = false - return &round5{round} -} diff --git a/ecdsa/accsigning/round_5.go b/ecdsa/accsigning/round_5.go deleted file mode 100644 index b6ea33d..0000000 --- a/ecdsa/accsigning/round_5.go +++ /dev/null @@ -1,242 +0,0 @@ -// Copyright 2023 Circle - -package accsigning - -import ( - "errors" - "fmt" - "math/big" - "sync" - - "github.com/bnb-chain/tss-lib/common" - "github.com/bnb-chain/tss-lib/crypto/zkproofs" - "github.com/bnb-chain/tss-lib/tss" -) - -func (round *round5) Start() *tss.Error { - if round.started { - return round.WrapError(errors.New("round already started")) - } - round.number = 5 - round.started = true - round.resetOK() - - // The check that temp.m = hash(msg) is in Zq is delayed to round 5 to allow - // presigning bulk computation of rounds 1-4. - if round.temp.m.Cmp(round.Params().EC().Params().N) >= 0 { - return round.WrapError(errors.New("hashed message is not valid")) - } - - err := round.VerifyRound4Messages() - if err != nil { - return err - } - - err = round.ComputeR() - if err != nil { - return err - } - - err = round.ComputeSi() - if err != nil { - return err - } - - proofs, err := round.ComputeProofs() - if err != nil { - return err - } - r5msg := NewSignRound5Message(round.PartyID(), round.temp.si, proofs) - round.temp.signRound5Messages[round.PartyID().Index] = r5msg - round.out <- r5msg - - round.temp.CleanUpPreSigningData() - return nil -} - -func (round *round5) VerifyRound4Messages() *tss.Error { - errChs := make(chan *tss.Error, len(round.Parties().IDs())) - wg := sync.WaitGroup{} - i := round.PartyID().Index - rp := round.key.GetRingPedersen(i) - for j, _ := range round.Parties().IDs() { - if i == j { - continue - } - - wg.Add(1) - go func(sender int, errChs chan *tss.Error) { - defer wg.Done() - r4msg := round.temp.signRound4Messages[sender].Content().(*SignRound4Message) - proof, err := r4msg.UnmarshalProof(round.Params().EC()) - if err != nil { - errChs <- round.WrapError(errors.New(fmt.Sprintf("failed to parse proof from party %d.", sender))) - } - Gamma, err := r4msg.UnmarshalGamma(round.Params().EC()) - round.temp.pointGamma[sender] = Gamma - if err != nil { - errChs <- round.WrapError(errors.New(fmt.Sprintf("failed to parse Gamma from party %d.", sender))) - } - pkj := round.key.PaillierPKs[sender] - statement := &zkproofs.LogStarStatement{ - Ell: zkproofs.GetEll(round.Params().EC()), - N0: pkj.N, - C: round.temp.Xgamma[sender], - X: round.temp.pointGamma[sender], - } - if !proof[i].Verify(statement, rp) { - errChs <- round.WrapError(errors.New(fmt.Sprintf("failed to parse Gamma from party %d.", sender))) - } - }(j, errChs) - } - wg.Wait() - close(errChs) - err := round.WrapErrorChs(round.PartyID(), errChs, "Failed to verify round 4 messages") - if err != nil { - return err - } - - return nil -} - -func (round *round5) ComputeR() *tss.Error { - i := round.PartyID().Index - bigR := round.temp.pointGamma[i] - if bigR == nil { - return round.WrapError(errors.New("Gamma[i] is nil.")) - } - var err error - for j := range round.Parties().IDs() { - if i == j { - continue - } - if round.temp.pointGamma[j] == nil { - return round.WrapError(errors.New("Gamma [j] is nil")) - } - bigR, err = bigR.Add(round.temp.pointGamma[j]) - if err != nil { - return round.WrapError(errors.New("Cannot compute R from pointGammas.")) - } - } - round.temp.bigR = bigR.ScalarMult(round.temp.finalDeltaInv) - round.temp.rx = round.temp.bigR.X() - round.temp.ry = round.temp.bigR.Y() - return nil -} - -func (round *round5) ComputeSi() (err *tss.Error) { - modQ := common.ModInt(round.Params().EC().Params().N) - wg := sync.WaitGroup{} - err = nil - - for i := range round.Parties().IDs() { - wg.Add(1) - go func(i int) { - defer wg.Done() - Psi := round.temp.Xkw[i] - pki := round.key.PaillierPKs[i] - modN2 := common.ModInt(pki.NSquare()) - for j := range round.Parties().IDs() { - if j == i { - continue - } - Psi = modN2.Mul(Psi, round.temp.cMu[j][i]) // encrypted under pki - Psi = modN2.Mul(Psi, round.temp.cNu[i][j]) // encrypted under pki - } - S := zkproofs.PseudoPaillierEncrypt( - round.temp.cA[i], - round.temp.m, - Psi, - new(big.Int).Mul(round.temp.rx, round.temp.m), - pki.NSquare(), - ) - round.temp.bigS[i] = S - }(i) - } - wg.Add(1) - go func() { - defer wg.Done() - sigma := modQ.Mul(round.temp.k, round.temp.w) - for j := range round.Parties().IDs() { - if j == round.PartyID().Index { - continue - } - temp := modQ.Add(round.temp.mu[j], round.temp.nu[j]) - sigma = modQ.Add(sigma, temp) - } - round.temp.sigma = sigma - }() - wg.Wait() - if err != nil { - return err - } - round.temp.si = modQ.Add(modQ.Mul(round.temp.m, round.temp.k), modQ.Mul(round.temp.rx, round.temp.sigma)) - return nil -} - -func (round *round5) ComputeProofs() (proofs []*zkproofs.DecProof, err *tss.Error) { - i := round.PartyID().Index - ski := round.key.PaillierSK - statement := &zkproofs.DecStatement{ - Q: round.Params().EC().Params().N, - Ell: zkproofs.GetEll(round.Params().EC()), - N0: ski.PublicKey.N, - C: round.temp.bigS[i], - X: round.temp.si, - } - y, rho, errd := ski.DecryptFull(round.temp.bigS[i]) - if errd != nil { - return nil, round.WrapError(fmt.Errorf("could not decrypt D")) - } - witness := &zkproofs.DecWitness{ - Y: y, - Rho: rho, - } - rpVs := round.key.GetAllRingPedersen() - rpVs[i] = nil - proofs = make([]*zkproofs.DecProof, len(rpVs)) - wg := sync.WaitGroup{} - for j, rp := range rpVs { - if j == i { - continue - } - wg.Add(1) - go func(j int, rp *zkproofs.RingPedersenParams) { - defer wg.Done() - proofs[j] = zkproofs.NewDecProof(witness, statement, rp) - }(j, rp) - } - wg.Wait() - - for j, pf := range proofs { - if j != i && pf.IsNil() { - return proofs, round.WrapError(errors.New("Failed to create one or more proofs.")) - } - } - return proofs, nil -} - -func (round *round5) Update() (bool, *tss.Error) { - for j, msg := range round.temp.signRound5Messages { - if round.ok[j] { - continue - } - if msg == nil || !round.CanAccept(msg) { - return false, nil - } - round.ok[j] = true - } - return true, nil -} - -func (round *round5) CanAccept(msg tss.ParsedMessage) bool { - if _, ok := msg.Content().(*SignRound5Message); ok { - return msg.IsBroadcast() - } - return false -} - -func (round *round5) NextRound() tss.Round { - round.started = false - return &finalization{round} -} diff --git a/ecdsa/accsigning/round_test.go b/ecdsa/accsigning/round_test.go deleted file mode 100644 index 384c4ba..0000000 --- a/ecdsa/accsigning/round_test.go +++ /dev/null @@ -1,206 +0,0 @@ -// Copyright 2023 Circle -// - -package accsigning - -import ( - "fmt" -// "sync" - "testing" - - "github.com/stretchr/testify/assert" - - "github.com/bnb-chain/tss-lib/common" - "github.com/bnb-chain/tss-lib/ecdsa/keygen" -// "github.com/bnb-chain/tss-lib/tss" -) -/* -* Uncomment test to check individual round -* - -func TestHomoAddLimit(t *testing.T) { - keys, _, err := keygen.LoadKeygenTestFixturesRandomSet(1, 1) - assert.NoError(t, err) - - q := tss.EC().Params().N - pk := keys[0].PaillierSK.PublicKey - sk := keys[0].PaillierSK - modQ := common.ModInt(q) - modN := common.ModInt(pk.N) - - val := common.GetRandomPositiveInt(q) - sumQ := val - sumN := val - cVal, _ := pk.Encrypt(val) - cSum := cVal - assert.NoError(t, err) - for i := 0; i < 60; i++ { - dSum, err := sk.Decrypt(cSum) - assert.NoError(t, err) - assert.True(t, modQ.IsCongruent(sumQ, dSum), fmt.Sprintf("error modQ %d", i)) - assert.True(t, modQ.IsCongruent(sumN, dSum), fmt.Sprintf("error modN %d", i)) - - sumQ = modQ.Add(sumQ, val) - sumN = modN.Add(sumN, val) - cSum, err = pk.HomoAdd(cSum, cVal) - assert.NoError(t, err) - } -} - -func TestRound1(t *testing.T) { - params, parties, outCh, _, _, _ := SetupParties(t) - rounds := RunRound1(t, params, parties, outCh) - - wg := sync.WaitGroup{} - partyCount := len(parties) - errChs := make(chan *tss.Error, partyCount*partyCount*3) - for _, round := range rounds { - wg.Add(1) - go func(round *round1) { - defer wg.Done() - nextRound := &round2{round} - nextRound.VerifyRound1Messages(errChs) - }(round) - } - wg.Wait() - close(errChs) - AssertNoErrors(t, errChs) - -} - -func TestRound2(t *testing.T) { - params, parties, outCh, _, _, _ := SetupParties(t) - t.Logf("round 1") - round1s := RunRound1(t, params, parties, outCh) - t.Logf("round 2") - totalMessages := len(parties) * (len(parties) - 1) - round2s := RunRound[*round1, *round2](t, params, parties, round1s, totalMessages, outCh) - - wg := sync.WaitGroup{} - partyCount := len(parties) - errChs := make(chan *tss.Error, partyCount*partyCount*partyCount) - for _, round := range round2s { - wg.Add(1) - go func(round *round2) { - defer wg.Done() - nextRound := &round3{round} - nextRound.VerifyRound2Messages(errChs) - }(round) - } - wg.Wait() - close(errChs) - AssertNoErrors(t, errChs) -} - -func TestRound3(t *testing.T) { - params, parties, outCh, _, _, _ := SetupParties(t) - t.Logf("round 1") - round1s := RunRound1(t, params, parties, outCh) - t.Logf("round 2") - totalMessages := len(parties) * (len(parties) - 1) - round2s := RunRound[*round1, *round2](t, params, parties, round1s, totalMessages, outCh) - t.Logf("round 3") - round3s := RunRound[*round2, *round3](t, params, parties, round2s, len(parties), outCh) - assert.NotNil(t, round3s) - - wg := sync.WaitGroup{} - partyCount := len(parties) - errChs := make(chan *tss.Error, partyCount*partyCount*partyCount) - for _, round := range round3s { - wg.Add(1) - go func(round *round3) { - defer wg.Done() - nextRound := &round4{round} - nextRound.VerifyRound3Messages(errChs) - }(round) - } - wg.Wait() - close(errChs) - AssertNoErrors(t, errChs) -} - -func TestRound4(t *testing.T) { - params, parties, outCh, _, _, _ := SetupParties(t) - t.Logf("round 1") - round1s := RunRound1(t, params, parties, outCh) - t.Logf("round 2") - totalMessages := len(parties) * (len(parties) - 1) - round2s := RunRound[*round1, *round2](t, params, parties, round1s, totalMessages, outCh) - t.Logf("round 3") - round3s := RunRound[*round2, *round3](t, params, parties, round2s, len(parties), outCh) - t.Logf("round 4") - round4s := RunRound[*round3, *round4](t, params, parties, round3s, len(parties), outCh) - - wg := sync.WaitGroup{} - for i, round := range round4s { - for j, _ := range round.Parties().IDs() { - if i == j { - continue - } - - wg.Add(1) - go func(round *round4) { - defer wg.Done() - nextRound := &round5{round} - err := nextRound.VerifyRound4Messages() - AssertNoTssError(t, err) - }(round) - } - } - wg.Wait() -} - -func TestRound5(t *testing.T) { - params, parties, outCh, _, _, _ := SetupParties(t) - - t.Logf("round 1") - round1s := RunRound1(t, params, parties, outCh) - t.Logf("round 2") - totalMessages := len(parties) * (len(parties) - 1) - round2s := RunRound[*round1, *round2](t, params, parties, round1s, totalMessages, outCh) - t.Logf("round 3") - round3s := RunRound[*round2, *round3](t, params, parties, round2s, len(parties), outCh) - t.Logf("round 4") - round4s := RunRound[*round3, *round4](t, params, parties, round3s, len(parties), outCh) - t.Logf("round 5") - round5s := RunRound[*round4, *round5](t, params, parties, round4s, len(parties), outCh) - - wg := sync.WaitGroup{} - for i, round := range round5s { - for j, _ := range round.Parties().IDs() { - if i == j { - continue - } - - wg.Add(1) - go func(round *round5) { - defer wg.Done() - nextRound := &finalization{round} - err := nextRound.VerifyRound5Messages() - AssertNoTssError(t, err) - }(round) - } - } - wg.Wait() -} -*/ - -func TestRoundFinalization(t *testing.T) { - // params, parties, outCh, keys, signPIDs, p2pCtx := SetupParties(t) - // _= signing.Run(t, keys, signPIDs, p2pCtx) - params, parties, outCh, _, _, _ := SetupParties(t) - - t.Logf("round 1") - round1s := RunRound1(t, params, parties, outCh) - t.Logf("round 2") - totalMessages := len(parties) * (len(parties) - 1) - round2s := RunRound[*round1, *round2](t, params, parties, round1s, totalMessages, outCh) - t.Logf("round 3") - round3s := RunRound[*round2, *round3](t, params, parties, round2s, len(parties), outCh) - t.Logf("round 4") - round4s := RunRound[*round3, *round4](t, params, parties, round3s, len(parties), outCh) - t.Logf("round 5") - round5s := RunRound[*round4, *round5](t, params, parties, round4s, len(parties), outCh) - t.Logf("finalize") - _ = RunRound[*round5, *finalization](t, params, parties, round5s, len(parties), outCh) -} diff --git a/ecdsa/accsigning/round_test_util.go b/ecdsa/accsigning/round_test_util.go deleted file mode 100644 index 02d8dc2..0000000 --- a/ecdsa/accsigning/round_test_util.go +++ /dev/null @@ -1,175 +0,0 @@ -// Copyright 2023 Circle -// - -package accsigning - -import ( - "math/big" - "sync" - "testing" - - "github.com/ipfs/go-log" - "github.com/stretchr/testify/assert" - - "github.com/bnb-chain/tss-lib/common" - "github.com/bnb-chain/tss-lib/ecdsa/keygen" - "github.com/bnb-chain/tss-lib/test" - "github.com/bnb-chain/tss-lib/tss" -) - -const ( - testParticipants = test.TestParticipants - testThreshold = test.TestThreshold -) - -func SetUp(level string) { - if err := log.SetLogLevel("tss-lib", level); err != nil { - panic(err) - } -} - -func SetupParties(t *testing.T) ( - params []*tss.Parameters, - parties []*LocalParty, - outCh chan tss.Message, - keys []keygen.LocalPartySaveData, - signPIDs tss.SortedPartyIDs, - p2pCtx *tss.PeerContext, -) { - SetUp("info") - - // PHASE: load keygen fixtures - keys, signPIDs, err := keygen.LoadKeygenTestFixturesRandomSet(testThreshold+1, testParticipants) - assert.NoError(t, err, "should load keygen fixtures") - assert.Equal(t, testThreshold+1, len(keys)) - assert.Equal(t, testThreshold+1, len(signPIDs)) - - // PHASE: signing - // use a shuffled selection of the list of parties for this test - p2pCtx = tss.NewPeerContext(signPIDs) - parties = make([]*LocalParty, 0, len(signPIDs)) - - outCh = make(chan tss.Message, len(signPIDs)*len(signPIDs)*3) - endCh := make(chan common.SignatureData, len(signPIDs)) - - // updater := test.SharedPartyUpdater - - // init the parties - for i := 0; i < len(signPIDs); i++ { - Pparams := tss.NewParameters(tss.S256(), p2pCtx, signPIDs[i], len(signPIDs), testThreshold) - params = append(params, Pparams) - P := NewLocalParty(big.NewInt(42), Pparams, keys[i], outCh, endCh).(*LocalParty) - parties = append(parties, P) - } - return params, parties, outCh, keys, signPIDs, p2pCtx -} - -func GetParsedMessage(t *testing.T, message tss.Message, expectedType string) tss.ParsedMessage { - wireBytes, routing, err := message.WireBytes() - assert.NoError(t, err) - mType := message.Type() - assert.Equal(t, expectedType, mType) - from := routing.From - isBroadcast := message.IsBroadcast() - parsedMessage, err := tss.ParseWireMessage(wireBytes, from, isBroadcast) - assert.NoError(t, err) - assert.True(t, parsedMessage.ValidateBasic()) - return parsedMessage -} - -func IsMessageType(msg tss.Message, expectedType string) bool { - mType := msg.Type() - return expectedType == mType -} - -func AssertNoErrors(t *testing.T, errChs chan *tss.Error) { - for err := range errChs { - AssertNoTssError(t, err) - } -} - -func AssertNoTssError(t *testing.T, err *tss.Error) { - if err != nil { - assert.False(t, true, err.Error()) - } -} - -func DeliverMessages(t *testing.T, totalMessages int, parties []*LocalParty, outCh chan tss.Message) { - errChs := make(chan *tss.Error, len(parties)*3) - maxErrors := 20 - length := len(outCh) - for num := 0; num < totalMessages && num < length; num += 1 { - if len(errChs) > maxErrors { - t.Logf("too many errors") - break - } - var msg tss.Message = <-outCh - dest := msg.GetTo() - if dest == nil || len(dest) == 0 { - for recipient, _ := range parties { - test.SharedPartyUpdater(parties[recipient], msg, errChs) - } - } else { - test.SharedPartyUpdater(parties[dest[0].Index], msg, errChs) - } - } - close(errChs) - AssertNoErrors(t, errChs) -} - -func RunRound1(t *testing.T, params []*tss.Parameters, parties []*LocalParty, outCh chan tss.Message) []*round1 { - rounds := make([]*round1, len(parties)) - wg := sync.WaitGroup{} - for j, party := range parties { - wg.Add(1) - go func(j int, party *LocalParty) { - defer wg.Done() - partyParams := params[j] - rounds[j] = newRound1(partyParams, &party.keys, &party.data, &party.temp, party.out, party.end).(*round1) - err := rounds[j].prepare() - assert.NoError(t, err) - tssError := rounds[j].Start() - assert.Nil(t, tssError) - }(j, party) - } - wg.Wait() - - // deliver all messages - totalMessages := len(parties) * len(parties) - DeliverMessages(t, totalMessages, parties, outCh) - return rounds -} - -func RunRound[InRound tss.Round, OutRound tss.Round]( - t *testing.T, - params []*tss.Parameters, - parties []*LocalParty, - inrounds []InRound, - totalMessages int, - outCh chan tss.Message, -) []OutRound { - t.Logf("Updating") - - outrounds := make([]OutRound, len(parties)) - for j, round := range inrounds { - ok, tssErr := round.Update() - assert.True(t, ok) - AssertNoTssError(t, tssErr) - outrounds[j] = round.NextRound().(OutRound) - } - t.Logf("Running round") - - wg := sync.WaitGroup{} - for j, round := range outrounds { - wg.Add(1) - go func(j int, round OutRound) { - defer wg.Done() - tssErr := round.Start() - AssertNoTssError(t, tssErr) - }(j, round) - } - wg.Wait() - t.Logf("Delivering") - DeliverMessages(t, totalMessages, parties, outCh) - return outrounds -} diff --git a/ecdsa/accsigning/rounds.go b/ecdsa/accsigning/rounds.go deleted file mode 100644 index ee45c48..0000000 --- a/ecdsa/accsigning/rounds.go +++ /dev/null @@ -1,124 +0,0 @@ -// Copyright © 2019 Binance -// -// This file is part of Binance. The full Binance copyright notice, including -// terms governing use, modification, and redistribution, is contained in the -// file LICENSE at the root of the source code distribution tree. - -package accsigning - -import ( - "errors" - "fmt" - - "github.com/bnb-chain/tss-lib/common" - "github.com/bnb-chain/tss-lib/ecdsa/keygen" - "github.com/bnb-chain/tss-lib/tss" -) - -const ( - TaskName = "signing" -) - -type ( - base struct { - *tss.Parameters - key *keygen.LocalPartySaveData - data *common.SignatureData - temp *localTempData - out chan<- tss.Message - end chan<- common.SignatureData - ok []bool // `ok` tracks parties which have been verified by Update() - started bool - number int - } - round1 struct { - *base - } - round2 struct { - *round1 - } - round3 struct { - *round2 - } - round4 struct { - *round3 - } - round5 struct { - *round4 - } - finalization struct { - *round5 - } -) - -var ( - _ tss.Round = (*round1)(nil) - _ tss.Round = (*round2)(nil) - _ tss.Round = (*round3)(nil) - _ tss.Round = (*round4)(nil) - _ tss.Round = (*round5)(nil) - _ tss.Round = (*finalization)(nil) -) - -// ----- // - -func (round *base) WrapErrorChs(id *tss.PartyID, errChs chan *tss.Error, msg string) *tss.Error { - culprits := make([]*tss.PartyID, 0, len(round.Parties().IDs())) - length := len(errChs) - allMsgs := "" - for err := range errChs { - allMsgs = fmt.Sprintf("%s %s", allMsgs, err.Error()) - culprits = append(culprits, err.Culprits()...) - } - if length > 0 { - return round.WrapError(errors.New(fmt.Sprintf("round [%d], party [%d], %s,%s", round.number, id.Index, msg, allMsgs)), culprits...) - } - return nil -} - -func (round *base) Params() *tss.Parameters { - return round.Parameters -} - -func (round *base) RoundNumber() int { - return round.number -} - -// CanProceed is inherited by other rounds -func (round *base) CanProceed() bool { - if !round.started { - return false - } - for _, ok := range round.ok { - if !ok { - return false - } - } - return true -} - -// WaitingFor is called by a Party for reporting back to the caller -func (round *base) WaitingFor() []*tss.PartyID { - Ps := round.Parties().IDs() - ids := make([]*tss.PartyID, 0, len(round.ok)) - for j, ok := range round.ok { - if ok { - continue - } - ids = append(ids, Ps[j]) - } - return ids -} - -func (round *base) WrapError(err error, culprits ...*tss.PartyID) *tss.Error { - return tss.NewError(err, TaskName, round.number, round.PartyID(), culprits...) -} - -// ----- // - -// `ok` tracks parties which have been verified by Update() -func (round *base) resetOK() { - for j := range round.ok { - round.ok[j] = false - } -} diff --git a/ecdsa/cggplus/ecdsa-cggplus.pb.go b/ecdsa/cggplus/ecdsa-cggplus.pb.go index 6547004..27fd71f 100644 --- a/ecdsa/cggplus/ecdsa-cggplus.pb.go +++ b/ecdsa/cggplus/ecdsa-cggplus.pb.go @@ -1,5 +1,18 @@ -// Copyright 2023 Circle +// Copyright (c) 2023, Circle Internet Financial, LTD. All rights reserved. // +// SPDX-License-Identifier: Apache-2.0 +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. // Code generated by protoc-gen-go. DO NOT EDIT. // versions: diff --git a/ecdsa/cggplus/finalize.go b/ecdsa/cggplus/finalize.go index 631f732..d35af66 100644 --- a/ecdsa/cggplus/finalize.go +++ b/ecdsa/cggplus/finalize.go @@ -1,4 +1,13 @@ -// Copyright 2023 Circle +// Copyright © 2019 Binance +// +// This file is part of Binance. The full Binance copyright notice, including +// terms governing use, modification, and redistribution, is contained in the +// file LICENSE at the root of the source code distribution tree. +// +// Portions Copyright (c) 2023, Circle Internet Financial, LTD. All rights reserved +// Circle contributions are licensed under the Apache 2.0 License. +// +// SPDX-License-Identifier: Apache-2.0 AND MIT package cggplus diff --git a/ecdsa/cggplus/local_party.go b/ecdsa/cggplus/local_party.go index 0b56bf3..1a6f310 100644 --- a/ecdsa/cggplus/local_party.go +++ b/ecdsa/cggplus/local_party.go @@ -3,6 +3,11 @@ // This file is part of Binance. The full Binance copyright notice, including // terms governing use, modification, and redistribution, is contained in the // file LICENSE at the root of the source code distribution tree. +// +// Portions Copyright (c) 2023, Circle Internet Financial, LTD. All rights reserved +// Circle contributions are licensed under the Apache 2.0 License. +// +// SPDX-License-Identifier: Apache-2.0 AND MIT package cggplus diff --git a/ecdsa/cggplus/messages.go b/ecdsa/cggplus/messages.go index 61f42c1..24aecbf 100644 --- a/ecdsa/cggplus/messages.go +++ b/ecdsa/cggplus/messages.go @@ -1,3 +1,19 @@ +// Copyright (c) 2023, Circle Internet Financial, LTD. All rights reserved. +// +// SPDX-License-Identifier: Apache-2.0 +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package cggplus import ( diff --git a/ecdsa/cggplus/round_1.go b/ecdsa/cggplus/round_1.go index d679755..7d2e213 100644 --- a/ecdsa/cggplus/round_1.go +++ b/ecdsa/cggplus/round_1.go @@ -1,4 +1,13 @@ -// Copyright 2023 Circle +// Copyright © 2019 Binance +// +// This file is part of Binance. The full Binance copyright notice, including +// terms governing use, modification, and redistribution, is contained in the +// file LICENSE at the root of the source code distribution tree. +// +// Portions Copyright (c) 2023, Circle Internet Financial, LTD. All rights reserved +// Circle contributions are licensed under the Apache 2.0 License. +// +// SPDX-License-Identifier: Apache-2.0 AND MIT package cggplus diff --git a/ecdsa/cggplus/round_2.go b/ecdsa/cggplus/round_2.go index ef70f01..8968864 100644 --- a/ecdsa/cggplus/round_2.go +++ b/ecdsa/cggplus/round_2.go @@ -1,4 +1,18 @@ -// Copyright 2023 Circle +// Copyright (c) 2023, Circle Internet Financial, LTD. All rights reserved. +// +// SPDX-License-Identifier: Apache-2.0 +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. package cggplus diff --git a/ecdsa/cggplus/round_3.go b/ecdsa/cggplus/round_3.go index 25942d2..756265f 100644 --- a/ecdsa/cggplus/round_3.go +++ b/ecdsa/cggplus/round_3.go @@ -1,4 +1,18 @@ -// Copyright 2023 Circle +// Copyright (c) 2023, Circle Internet Financial, LTD. All rights reserved. +// +// SPDX-License-Identifier: Apache-2.0 +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. package cggplus diff --git a/ecdsa/cggplus/round_4.go b/ecdsa/cggplus/round_4.go index 45dcd7b..3e85612 100644 --- a/ecdsa/cggplus/round_4.go +++ b/ecdsa/cggplus/round_4.go @@ -1,4 +1,18 @@ -// Copyright 2023 Circle +// Copyright (c) 2023, Circle Internet Financial, LTD. All rights reserved. +// +// SPDX-License-Identifier: Apache-2.0 +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. package cggplus diff --git a/ecdsa/cggplus/round_5.go b/ecdsa/cggplus/round_5.go index e343578..5a6b899 100644 --- a/ecdsa/cggplus/round_5.go +++ b/ecdsa/cggplus/round_5.go @@ -1,4 +1,18 @@ -// Copyright 2023 Circle +// Copyright (c) 2023, Circle Internet Financial, LTD. All rights reserved. +// +// SPDX-License-Identifier: Apache-2.0 +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. package cggplus diff --git a/ecdsa/cggplus/round_test.go b/ecdsa/cggplus/round_test.go index 647bb03..d56c471 100644 --- a/ecdsa/cggplus/round_test.go +++ b/ecdsa/cggplus/round_test.go @@ -1,132 +1,146 @@ -// Copyright 2023 Circle +// Copyright (c) 2023, Circle Internet Financial, LTD. All rights reserved. // +// SPDX-License-Identifier: Apache-2.0 +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. package cggplus import ( -// "github.com/bnb-chain/tss-lib/tss" -// "sync" + // "github.com/bnb-chain/tss-lib/tss" + // "sync" "testing" ) /* * Uncomment test to check individual round * -func TestRound1(t *testing.T) { - params, parties, outCh, _, _, _ := SetupParties(t) - rounds := RunRound1(t, params, parties, outCh) - wg := sync.WaitGroup{} - partyCount := len(parties) - errChs := make(chan *tss.Error, partyCount*partyCount*3) - for _, round := range rounds { - wg.Add(1) - go func(round *round1) { - defer wg.Done() - nextRound := &round2{round} - nextRound.VerifyRound1Messages(errChs) - }(round) + func TestRound1(t *testing.T) { + params, parties, outCh, _, _, _ := SetupParties(t) + rounds := RunRound1(t, params, parties, outCh) + + wg := sync.WaitGroup{} + partyCount := len(parties) + errChs := make(chan *tss.Error, partyCount*partyCount*3) + for _, round := range rounds { + wg.Add(1) + go func(round *round1) { + defer wg.Done() + nextRound := &round2{round} + nextRound.VerifyRound1Messages(errChs) + }(round) + } + wg.Wait() + close(errChs) + AssertNoErrors(t, errChs) } - wg.Wait() - close(errChs) - AssertNoErrors(t, errChs) -} -func TestRound2(t *testing.T) { - params, parties, outCh, _, _, _ := SetupParties(t) - t.Logf("round 1") - round1s := RunRound1(t, params, parties, outCh) - t.Logf("round 2") - totalMessages := len(parties) * len(parties) - round2s := RunRound[*round1, *round2](t, params, parties, round1s, totalMessages, outCh) + func TestRound2(t *testing.T) { + params, parties, outCh, _, _, _ := SetupParties(t) + t.Logf("round 1") + round1s := RunRound1(t, params, parties, outCh) + t.Logf("round 2") + totalMessages := len(parties) * len(parties) + round2s := RunRound[*round1, *round2](t, params, parties, round1s, totalMessages, outCh) - wg := sync.WaitGroup{} - partyCount := len(parties) - errChs := make(chan *tss.Error, partyCount*partyCount*partyCount) - for _, round := range round2s { - wg.Add(1) - go func(round *round2) { - defer wg.Done() - nextRound := &round3{round} - nextRound.VerifyRound2Messages(errChs) - }(round) + wg := sync.WaitGroup{} + partyCount := len(parties) + errChs := make(chan *tss.Error, partyCount*partyCount*partyCount) + for _, round := range round2s { + wg.Add(1) + go func(round *round2) { + defer wg.Done() + nextRound := &round3{round} + nextRound.VerifyRound2Messages(errChs) + }(round) + } + wg.Wait() + close(errChs) + AssertNoErrors(t, errChs) } - wg.Wait() - close(errChs) - AssertNoErrors(t, errChs) -} -func TestRound3(t *testing.T) { - params, parties, outCh, _, _, _ := SetupParties(t) - t.Logf("round 1") - round1s := RunRound1(t, params, parties, outCh) - t.Logf("round 2") - totalMessages := len(parties) * len(parties) - round2s := RunRound[*round1, *round2](t, params, parties, round1s, totalMessages, outCh) - t.Logf("round 3") - round3s := RunRound[*round2, *round3](t, params, parties, round2s, len(parties), outCh) + func TestRound3(t *testing.T) { + params, parties, outCh, _, _, _ := SetupParties(t) + t.Logf("round 1") + round1s := RunRound1(t, params, parties, outCh) + t.Logf("round 2") + totalMessages := len(parties) * len(parties) + round2s := RunRound[*round1, *round2](t, params, parties, round1s, totalMessages, outCh) + t.Logf("round 3") + round3s := RunRound[*round2, *round3](t, params, parties, round2s, len(parties), outCh) - wg := sync.WaitGroup{} - partyCount := len(parties) - errChs := make(chan *tss.Error, partyCount*partyCount*partyCount) - for _, round := range round3s { - wg.Add(1) - go func(round *round3) { - defer wg.Done() - nextRound := &round4{round} - nextRound.VerifyRound3Messages(errChs) - }(round) + wg := sync.WaitGroup{} + partyCount := len(parties) + errChs := make(chan *tss.Error, partyCount*partyCount*partyCount) + for _, round := range round3s { + wg.Add(1) + go func(round *round3) { + defer wg.Done() + nextRound := &round4{round} + nextRound.VerifyRound3Messages(errChs) + }(round) + } + wg.Wait() + close(errChs) + AssertNoErrors(t, errChs) } - wg.Wait() - close(errChs) - AssertNoErrors(t, errChs) -} -func TestRound4(t *testing.T) { - params, parties, outCh, _, _, _ := SetupParties(t) - t.Logf("round 1") - round1s := RunRound1(t, params, parties, outCh) - t.Logf("round 2") - totalMessages := len(parties) * len(parties) - round2s := RunRound[*round1, *round2](t, params, parties, round1s, totalMessages, outCh) - t.Logf("round 3") - round3s := RunRound[*round2, *round3](t, params, parties, round2s, len(parties), outCh) - t.Logf("round 4") - _ = RunRound[*round3, *round4](t, params, parties, round3s, len(parties), outCh) + func TestRound4(t *testing.T) { + params, parties, outCh, _, _, _ := SetupParties(t) + t.Logf("round 1") + round1s := RunRound1(t, params, parties, outCh) + t.Logf("round 2") + totalMessages := len(parties) * len(parties) + round2s := RunRound[*round1, *round2](t, params, parties, round1s, totalMessages, outCh) + t.Logf("round 3") + round3s := RunRound[*round2, *round3](t, params, parties, round2s, len(parties), outCh) + t.Logf("round 4") + _ = RunRound[*round3, *round4](t, params, parties, round3s, len(parties), outCh) - // skip verification; round 4 does not output messages -} + // skip verification; round 4 does not output messages + } -func TestRound5(t *testing.T) { - params, parties, outCh, _, _, _ := SetupParties(t) + func TestRound5(t *testing.T) { + params, parties, outCh, _, _, _ := SetupParties(t) - t.Logf("round 1") - round1s := RunRound1(t, params, parties, outCh) - t.Logf("round 2") - totalMessages := len(parties) * len(parties) - round2s := RunRound[*round1, *round2](t, params, parties, round1s, totalMessages, outCh) - t.Logf("round 3") - round3s := RunRound[*round2, *round3](t, params, parties, round2s, len(parties), outCh) - t.Logf("round 4") - round4s := RunRound[*round3, *round4](t, params, parties, round3s, len(parties), outCh) - t.Logf("round 5") - round5s := RunRound[*round4, *round5](t, params, parties, round4s, len(parties), outCh) + t.Logf("round 1") + round1s := RunRound1(t, params, parties, outCh) + t.Logf("round 2") + totalMessages := len(parties) * len(parties) + round2s := RunRound[*round1, *round2](t, params, parties, round1s, totalMessages, outCh) + t.Logf("round 3") + round3s := RunRound[*round2, *round3](t, params, parties, round2s, len(parties), outCh) + t.Logf("round 4") + round4s := RunRound[*round3, *round4](t, params, parties, round3s, len(parties), outCh) + t.Logf("round 5") + round5s := RunRound[*round4, *round5](t, params, parties, round4s, len(parties), outCh) - wg := sync.WaitGroup{} - partyCount := len(parties) - errChs := make(chan *tss.Error, partyCount*partyCount*partyCount) - for _, round := range round5s { - wg.Add(1) - go func(round *round5) { - defer wg.Done() - nextRound := &finalization{round} - nextRound.VerifyRound5Messages(errChs) - }(round) + wg := sync.WaitGroup{} + partyCount := len(parties) + errChs := make(chan *tss.Error, partyCount*partyCount*partyCount) + for _, round := range round5s { + wg.Add(1) + go func(round *round5) { + defer wg.Done() + nextRound := &finalization{round} + nextRound.VerifyRound5Messages(errChs) + }(round) + } + wg.Wait() + close(errChs) + AssertNoErrors(t, errChs) } - wg.Wait() - close(errChs) - AssertNoErrors(t, errChs) -} */ func TestRoundFinalization(t *testing.T) { params, parties, outCh, _, _, _ := SetupParties(t) diff --git a/ecdsa/cggplus/round_test_util.go b/ecdsa/cggplus/round_test_util.go index 7c860ff..4d374ec 100644 --- a/ecdsa/cggplus/round_test_util.go +++ b/ecdsa/cggplus/round_test_util.go @@ -1,5 +1,18 @@ -// Copyright 2023 Circle +// Copyright (c) 2023, Circle Internet Financial, LTD. All rights reserved. // +// SPDX-License-Identifier: Apache-2.0 +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. package cggplus diff --git a/ecdsa/cggplus/rounds.go b/ecdsa/cggplus/rounds.go index 7142584..a6f7697 100644 --- a/ecdsa/cggplus/rounds.go +++ b/ecdsa/cggplus/rounds.go @@ -3,6 +3,11 @@ // This file is part of Binance. The full Binance copyright notice, including // terms governing use, modification, and redistribution, is contained in the // file LICENSE at the root of the source code distribution tree. +// +// Portions Copyright (c) 2023, Circle Internet Financial, LTD. All rights reserved +// Circle contributions are licensed under the Apache 2.0 License. +// +// SPDX-License-Identifier: Apache-2.0 AND MIT package cggplus diff --git a/ecdsa/keygen/save_data.go b/ecdsa/keygen/save_data.go index 7a53293..b508602 100644 --- a/ecdsa/keygen/save_data.go +++ b/ecdsa/keygen/save_data.go @@ -3,6 +3,11 @@ // This file is part of Binance. The full Binance copyright notice, including // terms governing use, modification, and redistribution, is contained in the // file LICENSE at the root of the source code distribution tree. +// +// Portions Copyright (c) 2023, Circle Internet Financial, LTD. All rights reserved +// Circle contributions are licensed under the Apache 2.0 License. +// +// SPDX-License-Identifier: Apache-2.0 AND MIT package keygen diff --git a/protob/ecdsa-accsigning.proto b/protob/ecdsa-accsigning.proto deleted file mode 100644 index fc60866..0000000 --- a/protob/ecdsa-accsigning.proto +++ /dev/null @@ -1,79 +0,0 @@ -// Copyright 2023 Circle -// - - -syntax = "proto3"; -package binance.tsslib.ecdsa.accsigning; -option go_package = "ecdsa/accsigning"; - -/* - * Represents a P2P message sent to each party during Round 1 of the Accountable ECDSA TSS signing protocol. - */ -message SignRound1Message1 { - repeated bytes range_proof_alice = 1; - repeated bytes proof_x_gamma = 2; - repeated bytes proof_x_kw = 3; -} - -/* - * Represents a BROADCAST message sent to all parties during Round 1 of the Accountable ECDSA TSS signing protocol. - */ -message SignRound1Message2 { - bytes c_a = 1; - bytes x_gamma = 2; - bytes x_kgamma =3; - bytes x_kw = 4; - repeated bytes proof_x_kgamma =5; -} - -/* - * Represents a P2P message sent to each party during Round 2 of the Accountable ECDSA TSS signing protocol. - */ -message SignRound2Message1 { - bytes c_gamma = 1; - bytes c_w = 2; - repeated bytes proof_p = 3; - repeated bytes proof_dl = 4; -} - -/* - * Represents a BROADCAST message sent to all parties during Round 2 of the Accountable ECDSA TSS signing protocol. - */ -message SignRound2Message { - bytes recipient = 1; - bytes c_alpha = 2; - bytes c_beta = 3; - bytes c_beta_prm = 4; - bytes c_mu = 5; - bytes c_nu = 6; - bytes c_nu_prm = 7; - repeated bytes proof_p = 8; - repeated bytes proof_dl = 9; - repeated bytes proof_beta = 10; - repeated bytes proof_nu = 11; -} - -/* - * Represents a BROADCAST message sent to all parties during Round 3 of the Accountable ECDSA TSS signing protocol. - */ -message SignRound3Message { - bytes delta = 1; - bytes d = 2; - repeated bytes proof = 3; -} - -/* - * Represents a BROADCAST message sent to all parties during Round 4 of the Accountable ECDSA TSS signing protocol. - */ -message SignRound4Message { - repeated bytes gamma = 1; - repeated bytes proof = 2; -} - -/* - * Represents a BROADCAST message sent to all parties during Round 4 of the Accountable ECDSA TSS signing protocol. - */ -message SignRound5Message { - bytes s = 1; - repeated bytes proof = 2; -} diff --git a/protob/ecdsa-cggplus.proto b/protob/ecdsa-cggplus.proto index f06b2f3..2d48110 100644 --- a/protob/ecdsa-cggplus.proto +++ b/protob/ecdsa-cggplus.proto @@ -1,5 +1,18 @@ -// Copyright 2023 Circle +// Copyright (c) 2023, Circle Internet Financial, LTD. All rights reserved. // +// SPDX-License-Identifier: Apache-2.0 +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. syntax = "proto3";