public ValueMessage HandleCommit(int sender, CommitMessage message)
{
if (message.EncryptedRows.Length != Players)
{
throw new ArgumentException();
}
if (_keyGenStates[sender].Commitment != null)
{
throw new ArgumentException($"Double commit from sender {sender}");
}
_keyGenStates[sender].Commitment = message.Commitment;
var myRowCommitted = message.Commitment.Evaluate(_myIdx + 1);
var myRow = DecryptRow(message.EncryptedRows[_myIdx], _keyPair.PrivateKey).ToArray();
if (!myRow.Select(x => G1.Generator * x).SequenceEqual(myRowCommitted))
{
throw new ArgumentException("Commitment does not match");
}
return(new ValueMessage
{
Proposer = sender,
EncryptedValues = Enumerable.Range(0, Players).Select(i => Crypto.Secp256K1Encrypt(
_publicKeys[i].EncodeCompressed(),
MclBls12381.EvaluatePolynomial(myRow, Fr.FromInt(i + 1)).ToBytes()
)).ToArray()
});
}
public IEnumerable <PrivateKeyShare> GetPrivateShares()
{
var shares = new Fr[_parties];
for (var i = 0; i < _parties; ++i)
{
shares[i] = MclBls12381.EvaluatePolynomial(_coeffs, Fr.FromInt(i + 1));
}
return(shares.Select(share => new PrivateKeyShare(share)));
}
public void EvalFrPolyConstantTest()
{
var poly = new Fr[] { Fr.GetRandom() };
var v0 = MclBls12381.EvaluatePolynomial(poly, Fr.Zero);
var v1 = MclBls12381.EvaluatePolynomial(poly, Fr.One);
var v2 = MclBls12381.EvaluatePolynomial(poly, Fr.FromInt(319948));
Assert.AreEqual(poly[0], v0);
Assert.AreEqual(poly[0], v1);
Assert.AreEqual(poly[0], v2);
}
public void TestPolyEvaluationFr()
{
const int degree = 100;
var coeffs = Enumerable.Range(0, degree)
.Select(i => Fr.GetRandom())
.ToArray();
var pt = Fr.GetRandom();
var res = Fr.Zero;
for (var i = degree - 1; i >= 0; --i)
{
res = res * pt + coeffs[i];
}
Assert.AreEqual(res, MclBls12381.EvaluatePolynomial(coeffs, pt));
}
public void TestPolyInterpolationG2()
{
const int degree = 100;
var coeffs = Enumerable.Range(0, degree)
.Select(i => G2.Generator * Fr.GetRandom())
.ToArray();
var xs = Enumerable.Range(1, degree)
.Select(i => Fr.GetRandom())
.ToArray();
var ys = xs
.Select(x => MclBls12381.EvaluatePolynomial(coeffs, x))
.ToArray();
var intercept = MclBls12381.EvaluatePolynomial(coeffs, Fr.FromInt(0));
Assert.AreEqual(intercept, MclBls12381.LagrangeInterpolate(xs, ys));
Assert.Throws <ArgumentException>(() => MclBls12381.LagrangeInterpolate(xs, ys.Take(degree - 1).ToArray()));
}
public void EvalInterpolateTestFr()
{
const int n = 10;
var poly = Enumerable.Range(0, n).Select(_ => Fr.GetRandom()).ToArray();
var values = Enumerable.Range(100, n + 1)
.Select(i => MclBls12381.EvaluatePolynomial(poly, Fr.FromInt(i)))
.ToArray();
for (var i = 0; i < n + 1; ++i)
{
Assert.AreEqual(DummyEval(poly, Fr.FromInt(100 + i)), values[i]);
}
var intercept = MclBls12381.LagrangeInterpolate(
Enumerable.Range(100, n + 1).Select(Fr.FromInt).ToArray(),
values
);
Assert.AreEqual(poly[0], intercept);
}
public ThresholdKeyring?TryGetKeys()
{
if (!Finished())
{
return(null);
}
var pubKeyPoly = Enumerable.Range(0, Faulty + 1)
.Select(_ => G1.Zero)
.ToArray();
var secretKey = Fr.Zero;
foreach (var dealer in _finished.Take(Faulty + 1))
{
var s = _keyGenStates[dealer];
if (s.ValueCount() <= 2 * Faulty)
{
throw new Exception("Impossible"); // just in case
}
var rowZero = s.Commitment !.Evaluate(0).ToArray();
foreach (var(x, i) in rowZero.WithIndex())
{
pubKeyPoly[i] += x;
}
secretKey += s.InterpolateValues();
}
var pubKeys = Enumerable.Range(0, Players + 1)
.Select(i => MclBls12381.EvaluatePolynomial(pubKeyPoly, Fr.FromInt(i)))
.ToArray();
return(new ThresholdKeyring
{
TpkePrivateKey = new PrivateKey(secretKey, _myIdx),
TpkePublicKey = new PublicKey(pubKeys[0], Faulty),
ThresholdSignaturePrivateKey = new PrivateKeyShare(secretKey),
ThresholdSignaturePublicKeySet =
new PublicKeySet(pubKeys.Skip(1).Select(x => new Crypto.ThresholdSignature.PublicKey(x)), Faulty)
});
}
public PrivateKey GetPrivKey(int i)
{
return(new PrivateKey(MclBls12381.EvaluatePolynomial(_coeffs, Fr.FromInt(i + 1)), i));
}
public PublicKey GetPubKey()
{
return(new PublicKey(G1.Generator * MclBls12381.EvaluatePolynomial(_coeffs, Fr.FromInt(0)), _degree));
}
private static Fr Eval(BiVarSymmetricPolynomial p, int x, int y)
{
var t = p.Evaluate(x).ToArray();
return(MclBls12381.EvaluatePolynomial(t, Fr.FromInt(y)));
}