Update to use bnb-chain/tss-lib/v2 (#15)

Pulled in the latest changes from bnb-chain/tss-lib/v2. 
- Significant changes in bnb-chain
- Updated ecdsa/cggplus, crypto/zkproofs and crypto/accmta modules to
use v2
- Removed one failing known-input unit test because the constants
depended on v1 fixtures

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: ycen <[email protected]>
Co-authored-by: Wan Ziyi <[email protected]>
Co-authored-by: ZhAnGeek <[email protected]>
Co-authored-by: ycen <[email protected]>
Co-authored-by: ZhAnGeek <[email protected]>
Co-authored-by: Sun Xia <[email protected]>
Co-authored-by: Trevor Baker <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

.github/workflows/gofmt.yml

@@ -22,6 +22,6 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: check out
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
       - name: go fmt project
-        uses: Jerome1337/[email protected].2
+        uses: Jerome1337/[email protected].4

.github/workflows/test.yml

@@ -17,30 +17,32 @@ name: Go Test
 on:
   push:
     branches:
-    - master
-    - release/*
+      - master
+      - release/*
   pull_request:
     branches:
-    - master
+      - master
 
 jobs:
   build:
     name: Test
     runs-on: ubuntu-latest
     steps:
 
-    - name: Set up Go 1.18
-      uses: actions/setup-go@v1
-      with:
-        go-version: 1.18
-      id: go
+      - name: Set up Go 1.20
+        uses: actions/setup-go@v3
+        with:
+          go-version: 1.20.3
+        id: go
 
-    - name: Check out code into the Go module directory
-      uses: actions/checkout@v1
+      - name: Check out code into the Go module directory
+        uses: actions/checkout@v3
 
-    - name: Get dependencies
-      run: go get -v -t -d ./...
+      - name: Clean dependencies
+        run: go clean --modcache
 
-    - name: Run Tests
-      run: make test_unit
+      - name: Get dependencies
+        run: go mod tidy
 
+      - name: Run Tests
+        run: make test_unit

Makefile

@@ -4,7 +4,7 @@
 # SPDX-License-Identifier: Apache-2.0 AND MIT
 
 
-MODULE = github.com/bnb-chain/tss-lib
+MODULE = github.com/bnb-chain/tss-lib/v2
 PACKAGES = $(shell go list ./... | grep -v '/vendor/')
 
 all: protob test
@@ -32,14 +32,13 @@ clean_test:
 test_unit:
 	@echo "--> Running Unit Tests"
 	@echo "!!! WARNING: This will take a long time :)"
-	go test -timeout 60m github.com/bnb-chain/tss-lib/crypto/accmta
-	go test -timeout 60m github.com/bnb-chain/tss-lib/crypto/zkproofs
-	go test -timeout 60m github.com/bnb-chain/tss-lib/ecdsa/cggplus
-#	go test -timeout 60m $(PACKAGES)
+	go clean -testcache
+	go test -timeout 60m $(PACKAGES)
 
 test_unit_race:
 	@echo "--> Running Unit Tests (with Race Detection)"
 	@echo "!!! WARNING: This will take a long time :)"
+	go clean -testcache
 	go test -timeout 60m -race $(PACKAGES)
 
 test:

README.md

@@ -141,6 +141,10 @@ In a typical use case, it is expected that a transport implementation will consu
 
 This way there is no need to deal with Marshal/Unmarshalling Protocol Buffers to implement a transport.
 
+## Changes of Preparams of ECDSA in v2.0
+
+Two fields PaillierSK.P and PaillierSK.Q is added in version 2.0. They are used to generate Paillier key proofs. Key valuts generated from versions before 2.0 need to regenerate(resharing) the key valuts to update the praparams with the necessary fileds filled.
+
 ## How to use this securely
 
 ⚠️ This section is important. Be sure to read it!

common/hash.go

@@ -93,6 +93,52 @@ func SHA512_256i(in ...*big.Int) *big.Int {
 	return new(big.Int).SetBytes(state.Sum(nil))
 }
 
+// SHA512_256i_TAGGED tagged version of SHA512_256i
+func SHA512_256i_TAGGED(tag []byte, in ...*big.Int) *big.Int {
+	tagBz := SHA512_256(tag)
+	var data []byte
+	state := crypto.SHA512_256.New()
+	state.Write(tagBz)
+	state.Write(tagBz)
+	inLen := len(in)
+	if inLen == 0 {
+		return nil
+	}
+	bzSize := 0
+	// prevent hash collisions with this prefix containing the block count
+	inLenBz := make([]byte, 64/8)
+	// converting between int and uint64 doesn't change the sign bit, but it may be interpreted as a larger value.
+	// this prefix is never read/interpreted, so that doesn't matter.
+	binary.LittleEndian.PutUint64(inLenBz, uint64(inLen))
+	ptrs := make([][]byte, inLen)
+	for i, n := range in {
+		if n == nil {
+			ptrs[i] = zero.Bytes()
+		} else {
+			ptrs[i] = n.Bytes()
+		}
+		bzSize += len(ptrs[i])
+	}
+	dataCap := len(inLenBz) + bzSize + inLen + (inLen * 8)
+	data = make([]byte, 0, dataCap)
+	data = append(data, inLenBz...)
+	for i := range in {
+		data = append(data, ptrs[i]...)
+		data = append(data, hashInputDelimiter) // safety delimiter
+		dataLen := make([]byte, 8)              // 64-bits
+		binary.LittleEndian.PutUint64(dataLen, uint64(len(ptrs[i])))
+		data = append(data, dataLen...) // Security audit: length of each byte buffer should be added after
+		// each security delimiters in order to enforce proper domain separation
+	}
+	// n < len(data) or an error will never happen.
+	// see: https://golang.org/pkg/hash/#Hash and https://github.com/golang/go/wiki/Hashing#the-hashhash-interface
+	if _, err := state.Write(data); err != nil {
+		Logger.Error(err)
+		return nil
+	}
+	return new(big.Int).SetBytes(state.Sum(nil))
+}
+
 func SHA512_256iOne(in *big.Int) *big.Int {
 	var data []byte
 	state := crypto.SHA512_256.New()

common/hash_utils_test.go

@@ -11,7 +11,7 @@ import (
 	"reflect"
 	"testing"
 
-	"github.com/bnb-chain/tss-lib/common"
+	"github.com/bnb-chain/tss-lib/v2/common"
 )
 
 func TestRejectionSample(t *testing.T) {

common/int.go

@@ -86,3 +86,14 @@ func (mi *modInt) IsMultInverse(a, b *big.Int) bool {
 func (mi *modInt) i() *big.Int {
 	return (*big.Int)(mi)
 }
+
+func IsInInterval(b *big.Int, bound *big.Int) bool {
+	return b.Cmp(bound) == -1 && b.Cmp(zero) >= 0
+}
+
+func AppendBigIntToBytesSlice(commonBytes []byte, appended *big.Int) []byte {
+	resultBytes := make([]byte, len(commonBytes), len(commonBytes)+len(appended.Bytes()))
+	copy(resultBytes, commonBytes)
+	resultBytes = append(resultBytes, appended.Bytes()...)
+	return resultBytes
+}

common/random.go

@@ -106,3 +106,29 @@ func GetRandomGeneratorOfTheQuadraticResidue(n *big.Int) *big.Int {
 	fSq := new(big.Int).Mul(f, f)
 	return fSq.Mod(fSq, n)
 }
+
+// GetRandomQuadraticNonResidue returns a quadratic non residue of odd n.
+func GetRandomQuadraticNonResidue(n *big.Int) *big.Int {
+	for {
+		w := GetRandomPositiveInt(n)
+		if big.Jacobi(w, n) == -1 {
+			return w
+		}
+	}
+}
+
+// GetRandomBytes returns random bytes of length.
+func GetRandomBytes(length int) ([]byte, error) {
+	// Per [BIP32], the seed must be in range [MinSeedBytes, MaxSeedBytes].
+	if length <= 0 {
+		return nil, errors.New("invalid length")
+	}
+
+	buf := make([]byte, length)
+	_, err := rand.Read(buf)
+	if err != nil {
+		return nil, err
+	}
+
+	return buf, nil
+}

common/random_test.go

@@ -12,7 +12,7 @@ import (
 
 	"github.com/stretchr/testify/assert"
 
-	"github.com/bnb-chain/tss-lib/common"
+	"github.com/bnb-chain/tss-lib/v2/common"
 )
 
 const (

common/slice.go

@@ -50,3 +50,15 @@ func NonEmptyMultiBytes(bzs [][]byte, expectLen ...int) bool {
 	}
 	return true
 }
+
+// PadToLengthBytesInPlace pad {0, ...} to the front of src if len(src) < length
+// output length is equal to the parameter length
+func PadToLengthBytesInPlace(src []byte, length int) []byte {
+	oriLen := len(src)
+	if oriLen < length {
+		for i := 0; i < length-oriLen; i++ {
+			src = append([]byte{0}, src...)
+		}
+	}
+	return src
+}

crypto/accmta/share_protocol.go

@@ -22,10 +22,10 @@ import (
 	"math/big"
 	"sync"
 
-	"github.com/bnb-chain/tss-lib/common"
-	"github.com/bnb-chain/tss-lib/crypto"
-	"github.com/bnb-chain/tss-lib/crypto/paillier"
-	"github.com/bnb-chain/tss-lib/crypto/zkproofs"
+	"github.com/bnb-chain/tss-lib/v2/common"
+	"github.com/bnb-chain/tss-lib/v2/crypto"
+	"github.com/bnb-chain/tss-lib/v2/crypto/paillier"
+	"github.com/bnb-chain/tss-lib/v2/crypto/zkproofs"
 )
 
 func AliceInit(

crypto/accmta/share_protocol_test.go

@@ -23,13 +23,13 @@ import (
 
 	"github.com/stretchr/testify/assert"
 
-	"github.com/bnb-chain/tss-lib/common"
-	"github.com/bnb-chain/tss-lib/crypto"
-	"github.com/bnb-chain/tss-lib/crypto/accmta"
-	"github.com/bnb-chain/tss-lib/crypto/paillier"
-	"github.com/bnb-chain/tss-lib/crypto/zkproofs"
-	"github.com/bnb-chain/tss-lib/ecdsa/keygen"
-	"github.com/bnb-chain/tss-lib/tss"
+	"github.com/bnb-chain/tss-lib/v2/common"
+	"github.com/bnb-chain/tss-lib/v2/crypto"
+	"github.com/bnb-chain/tss-lib/v2/crypto/accmta"
+	"github.com/bnb-chain/tss-lib/v2/crypto/paillier"
+	"github.com/bnb-chain/tss-lib/v2/crypto/zkproofs"
+	"github.com/bnb-chain/tss-lib/v2/ecdsa/keygen"
+	"github.com/bnb-chain/tss-lib/v2/tss"
 )
 
 var (

crypto/ckd/child_key_derivation.go

@@ -14,9 +14,9 @@ import (
 	"hash"
 	"math/big"
 
-	"github.com/bnb-chain/tss-lib/common"
-	"github.com/bnb-chain/tss-lib/crypto"
-	"github.com/btcsuite/btcd/btcec"
+	"github.com/bnb-chain/tss-lib/v2/common"
+	"github.com/bnb-chain/tss-lib/v2/crypto"
+	"github.com/btcsuite/btcd/btcec/v2"
 	"github.com/btcsuite/btcutil/base58"
 	"golang.org/x/crypto/ripemd160"
 )
@@ -106,13 +106,15 @@ func NewExtendedKeyFromString(key string, curve elliptic.Curve) (*ExtendedKey, e
 	var pubKey ecdsa.PublicKey
 
 	if c, ok := curve.(*btcec.KoblitzCurve); ok {
-		// Ensure the public key parses correctly and is actually on the
-		// secp256k1 curve.
-		pk, err := btcec.ParsePubKey(keyData, c)
+		pk, err := btcec.ParsePubKey(keyData)
 		if err != nil {
 			return nil, err
 		}
-		pubKey = ecdsa.PublicKey(*pk)
+		pubKey = ecdsa.PublicKey{
+			Curve: c,
+			X:     pk.X(),
+			Y:     pk.Y(),
+		}
 	} else {
 		px, py := elliptic.Unmarshal(curve, keyData)
 		pubKey = ecdsa.PublicKey{

crypto/ckd/child_key_derivation_test.go

@@ -9,8 +9,8 @@ package ckd_test
 import (
 	"testing"
 
-	. "github.com/bnb-chain/tss-lib/crypto/ckd"
-	"github.com/btcsuite/btcd/btcec"
+	. "github.com/bnb-chain/tss-lib/v2/crypto/ckd"
+	"github.com/btcsuite/btcd/btcec/v2"
 )
 
 func TestPublicDerivation(t *testing.T) {

crypto/commitments/commitment.go

@@ -12,7 +12,7 @@ package commitments
 import (
 	"math/big"
 
-	"github.com/bnb-chain/tss-lib/common"
+	"github.com/bnb-chain/tss-lib/v2/common"
 )
 
 const (

crypto/commitments/commitment_test.go

@@ -12,7 +12,7 @@ import (
 
 	"github.com/stretchr/testify/assert"
 
-	. "github.com/bnb-chain/tss-lib/crypto/commitments"
+	. "github.com/bnb-chain/tss-lib/v2/crypto/commitments"
 )
 
 func TestCreateVerify(t *testing.T) {

crypto/dlnproof/proof.go

@@ -15,8 +15,8 @@ import (
 	"fmt"
 	"math/big"
 
-	"github.com/bnb-chain/tss-lib/common"
-	cmts "github.com/bnb-chain/tss-lib/crypto/commitments"
+	"github.com/bnb-chain/tss-lib/v2/common"
+	cmts "github.com/bnb-chain/tss-lib/v2/crypto/commitments"
 )
 
 const Iterations = 128

crypto/ecpoint.go

@@ -18,7 +18,7 @@ import (
 
 	"github.com/decred/dcrd/dcrec/edwards/v2"
 
-	"github.com/bnb-chain/tss-lib/tss"
+	"github.com/bnb-chain/tss-lib/v2/tss"
 )
 
 // ECPoint convenience helper
@@ -61,7 +61,10 @@ func (p *ECPoint) Add(p1 *ECPoint) (*ECPoint, error) {
 
 func (p *ECPoint) ScalarMult(k *big.Int) *ECPoint {
 	x, y := p.curve.ScalarMult(p.X(), p.Y(), k.Bytes())
-	newP, _ := NewECPoint(p.curve, x, y) // it must be on the curve, no need to check.
+	newP, err := NewECPoint(p.curve, x, y) // it must be on the curve, no need to check.
+	if err != nil {
+		panic(fmt.Errorf("scalar mult to an ecpoint %s", err.Error()))
+	}
 	return newP
 }
 
@@ -103,7 +106,10 @@ func (p *ECPoint) EightInvEight() *ECPoint {
 
 func ScalarBaseMult(curve elliptic.Curve, k *big.Int) *ECPoint {
 	x, y := curve.ScalarBaseMult(k.Bytes())
-	p, _ := NewECPoint(curve, x, y) // it must be on the curve, no need to check.
+	p, err := NewECPoint(curve, x, y) // it must be on the curve, no need to check.
+	if err != nil {
+		panic(fmt.Errorf("scalar mult to an ecpoint %s", err.Error()))
+	}
 	return p
 }