private static G1 AssemblePublicKey(IEnumerable <G1> shares, int n)
{
var xs = Enumerable.Range(1, n).Select(Fr.FromInt).ToArray();
var ys = shares.ToArray();
return(MclBls12381.LagrangeInterpolate(xs, ys));
}
public ValueMessage HandleCommit(int sender, CommitMessage message)
{
if (message.EncryptedRows.Length != Players)
{
throw new ArgumentException();
}
if (_keyGenStates[sender].Commitment != null)
{
throw new ArgumentException($"Double commit from sender {sender}");
}
_keyGenStates[sender].Commitment = message.Commitment;
var myRowCommitted = message.Commitment.Evaluate(_myIdx + 1);
var myRow = DecryptRow(message.EncryptedRows[_myIdx], _keyPair.PrivateKey).ToArray();
if (!myRow.Select(x => G1.Generator * x).SequenceEqual(myRowCommitted))
{
throw new ArgumentException("Commitment does not match");
}
return(new ValueMessage
{
Proposer = sender,
EncryptedValues = Enumerable.Range(0, Players).Select(i => Crypto.Secp256K1Encrypt(
_publicKeys[i].EncodeCompressed(),
MclBls12381.EvaluatePolynomial(myRow, Fr.FromInt(i + 1)).ToBytes()
)).ToArray()
});
}
public void TestPowersCalculation()
{
var powers = Enumerable.Range(0, 30)
.Select(i => Fr.FromInt(1 << i))
.ToArray();
CollectionAssert.AreEqual(powers, MclBls12381.Powers(Fr.FromInt(2), 30));
}
public IEnumerable <PrivateKeyShare> GetPrivateShares()
{
var shares = new Fr[_parties];
for (var i = 0; i < _parties; ++i)
{
shares[i] = MclBls12381.EvaluatePolynomial(_coeffs, Fr.FromInt(i + 1));
}
return(shares.Select(share => new PrivateKeyShare(share)));
}
public void EvalFrPolyConstantTest()
{
var poly = new Fr[] { Fr.GetRandom() };
var v0 = MclBls12381.EvaluatePolynomial(poly, Fr.Zero);
var v1 = MclBls12381.EvaluatePolynomial(poly, Fr.One);
var v2 = MclBls12381.EvaluatePolynomial(poly, Fr.FromInt(319948));
Assert.AreEqual(poly[0], v0);
Assert.AreEqual(poly[0], v1);
Assert.AreEqual(poly[0], v2);
}
public Signature AssembleSignature(IEnumerable <KeyValuePair <int, Signature> > shares)
{
var keyValuePairs = shares as KeyValuePair <int, Signature>[] ?? shares.ToArray();
var xs = keyValuePairs.Take(Threshold + 1).Select(pair => Fr.FromInt(pair.Key + 1)).ToArray();
var ys = keyValuePairs.Take(Threshold + 1).Select(pair => pair.Value.RawSignature).ToArray();
if (xs.Length <= Threshold || ys.Length <= Threshold)
{
throw new ArgumentException("not enough shares for signature");
}
return(new Signature(MclBls12381.LagrangeInterpolate(xs, ys)));
}
public void TestPolyEvaluationFr()
{
const int degree = 100;
var coeffs = Enumerable.Range(0, degree)
.Select(i => Fr.GetRandom())
.ToArray();
var pt = Fr.GetRandom();
var res = Fr.Zero;
for (var i = degree - 1; i >= 0; --i)
{
res = res * pt + coeffs[i];
}
Assert.AreEqual(res, MclBls12381.EvaluatePolynomial(coeffs, pt));
}
public G1 Evaluate(int x, int y)
{
var result = G1.Zero;
var powX = MclBls12381.Powers(Fr.FromInt(x), Degree + 1);
var powY = MclBls12381.Powers(Fr.FromInt(y), Degree + 1);
for (var i = 0; i <= Degree; ++i)
{
for (var j = 0; j <= Degree; ++j)
{
result += _coefficients[Index(i, j)] * powX[i] * powY[j];
}
}
return(result);
}
public void TestPolyInterpolationG2()
{
const int degree = 100;
var coeffs = Enumerable.Range(0, degree)
.Select(i => G2.Generator * Fr.GetRandom())
.ToArray();
var xs = Enumerable.Range(1, degree)
.Select(i => Fr.GetRandom())
.ToArray();
var ys = xs
.Select(x => MclBls12381.EvaluatePolynomial(coeffs, x))
.ToArray();
var intercept = MclBls12381.EvaluatePolynomial(coeffs, Fr.FromInt(0));
Assert.AreEqual(intercept, MclBls12381.LagrangeInterpolate(xs, ys));
Assert.Throws <ArgumentException>(() => MclBls12381.LagrangeInterpolate(xs, ys.Take(degree - 1).ToArray()));
}
public void EvalInterpolateTestFr()
{
const int n = 10;
var poly = Enumerable.Range(0, n).Select(_ => Fr.GetRandom()).ToArray();
var values = Enumerable.Range(100, n + 1)
.Select(i => MclBls12381.EvaluatePolynomial(poly, Fr.FromInt(i)))
.ToArray();
for (var i = 0; i < n + 1; ++i)
{
Assert.AreEqual(DummyEval(poly, Fr.FromInt(100 + i)), values[i]);
}
var intercept = MclBls12381.LagrangeInterpolate(
Enumerable.Range(100, n + 1).Select(Fr.FromInt).ToArray(),
values
);
Assert.AreEqual(poly[0], intercept);
}
public ThresholdKeyring?TryGetKeys()
{
if (!Finished())
{
return(null);
}
var pubKeyPoly = Enumerable.Range(0, Faulty + 1)
.Select(_ => G1.Zero)
.ToArray();
var secretKey = Fr.Zero;
foreach (var dealer in _finished.Take(Faulty + 1))
{
var s = _keyGenStates[dealer];
if (s.ValueCount() <= 2 * Faulty)
{
throw new Exception("Impossible"); // just in case
}
var rowZero = s.Commitment !.Evaluate(0).ToArray();
foreach (var(x, i) in rowZero.WithIndex())
{
pubKeyPoly[i] += x;
}
secretKey += s.InterpolateValues();
}
var pubKeys = Enumerable.Range(0, Players + 1)
.Select(i => MclBls12381.EvaluatePolynomial(pubKeyPoly, Fr.FromInt(i)))
.ToArray();
return(new ThresholdKeyring
{
TpkePrivateKey = new PrivateKey(secretKey, _myIdx),
TpkePublicKey = new PublicKey(pubKeys[0], Faulty),
ThresholdSignaturePrivateKey = new PrivateKeyShare(secretKey),
ThresholdSignaturePublicKeySet =
new PublicKeySet(pubKeys.Skip(1).Select(x => new Crypto.ThresholdSignature.PublicKey(x)), Faulty)
});
}
public Fr InterpolateValues()
{
if (Commitment is null)
{
throw new ArgumentException("Cannot interpolate without commitment");
}
var xs = Acks.WithIndex()
.Where(x => x.item)
.Select(x => x.index + 1)
.Select(Fr.FromInt)
.Take(Commitment.Degree + 1)
.ToArray();
var ys = Acks.WithIndex()
.Where(x => x.item)
.Select(x => Values[x.index])
.Take(Commitment.Degree + 1)
.ToArray();
if (xs.Length != Commitment.Degree + 1 || ys.Length != Commitment.Degree + 1)
{
throw new Exception("Cannot interpolate values");
}
return(MclBls12381.LagrangeInterpolate(xs, ys));
}
public RawShare FullDecrypt(EncryptedShare share, List <PartiallyDecryptedShare> us)
{
return(FullDecryptBenchmark.Benchmark(() =>
{
if (us.Count < _t)
{
throw new Exception("Insufficient number of shares!");
}
var ids = new HashSet <int>();
foreach (var part in us)
{
if (ids.Contains(part.DecryptorId))
{
throw new Exception($"Id {part.DecryptorId} was provided more than once!");
}
if (part.ShareId != share.Id)
{
throw new Exception($"Share id mismatch for decryptor {part.DecryptorId}");
}
ids.Add(part.DecryptorId);
}
var ys = new List <G1>();
var xs = new List <Fr>();
foreach (var part in us)
{
xs.Add(Fr.FromInt(part.DecryptorId + 1));
ys.Add(part.Ui);
}
var u = MclBls12381.LagrangeInterpolate(xs.ToArray(), ys.ToArray());
return new RawShare(Utils.XorWithHash(u, share.V), share.Id);
}));
}
public PrivateKey GetPrivKey(int i)
{
return(new PrivateKey(MclBls12381.EvaluatePolynomial(_coeffs, Fr.FromInt(i + 1)), i));
}
public PublicKey GetPubKey()
{
return(new PublicKey(G1.Generator * MclBls12381.EvaluatePolynomial(_coeffs, Fr.FromInt(0)), _degree));
}
private static Fr Eval(BiVarSymmetricPolynomial p, int x, int y)
{
var t = p.Evaluate(x).ToArray();
return(MclBls12381.EvaluatePolynomial(t, Fr.FromInt(y)));
}
