Expose ECP R value for Phase5 flow
diff --git a/examples/example_ecdsa.c b/examples/example_ecdsa.c
index d546ab7..be43f53 100644
--- a/examples/example_ecdsa.c
+++ b/examples/example_ecdsa.c
@@ -297,7 +297,7 @@
printf("\n");
// Calculate the R signature component
- rc = MPC_R(&INVKGAMMA, &GAMMAPT1, &GAMMAPT2, &SIG_R);
+ rc = MPC_R(&INVKGAMMA, &GAMMAPT1, &GAMMAPT2, &SIG_R, NULL);
if (rc)
{
fprintf(stderr, "FAILURE MPC_R rc: %d\n", rc);
diff --git a/examples/example_r.c b/examples/example_r.c
index af1e2f1..43b78c5 100644
--- a/examples/example_r.c
+++ b/examples/example_r.c
@@ -479,7 +479,7 @@
}
// Calculate the R signature component
- rc = MPC_R(&INVKGAMMA, &GAMMAPT1, &GAMMAPT2, &SIG_R);
+ rc = MPC_R(&INVKGAMMA, &GAMMAPT1, &GAMMAPT2, &SIG_R, NULL);
if (rc)
{
fprintf(stderr, "FAILURE MPC_R rc: %d\n", rc);
diff --git a/include/amcl/factoring_zk.h b/include/amcl/factoring_zk.h
index bb853cd..b8738f3 100644
--- a/include/amcl/factoring_zk.h
+++ b/include/amcl/factoring_zk.h
@@ -35,8 +35,13 @@
{
#endif
+#ifndef FS_2048
#define FS_2048 MODBYTES_1024_58 * FFLEN_2048 /**< 2048 field size in bytes */
+#endif
+
+#ifndef HFS_2048
#define HFS_2048 MODBYTES_1024_58 * HFLEN_2048 /**< Half 2048 field size in bytes */
+#endif
#define FACTORING_ZK_B 16 /**< Security parameter, length in bytes */
diff --git a/include/amcl/mpc.h b/include/amcl/mpc.h
index 8818ac7..b5b8e63 100644
--- a/include/amcl/mpc.h
+++ b/include/amcl/mpc.h
@@ -86,7 +86,8 @@
/** \brief R component
*
- * Generate the ECDSA signature R component
+ * Generate the ECDSA signature R component. It also outputs the ECP
+ * associate to the R component if specified
*
* <ol>
* <li> \f$ r_x, r_y = k^{-1}G \f$ where G is the group generator
@@ -97,9 +98,10 @@
* @param GAMMAPT1 Actor 1 gamma point
* @param GAMMAPT2 Actor 2 gamma point
* @param R R component of the signature
+ * @param RP ECP associated to the R component of the signature. Optional
* @return Returns 0 or else error code
*/
-int MPC_R(octet *INVKGAMMA, octet *GAMMAPT1, octet *GAMMAPT2, octet *R);
+int MPC_R(octet *INVKGAMMA, octet *GAMMAPT1, octet *GAMMAPT2, octet *R, octet *RP);
/** \brief Hash the message value
*
diff --git a/python/amcl_mpc.py b/python/amcl_mpc.py
index 18c9156..166446e 100755
--- a/python/amcl_mpc.py
+++ b/python/amcl_mpc.py
@@ -97,7 +97,7 @@
extern void MPC_MTA_SERVER(csprng *RNG, PAILLIER_public_key *PUB, octet *B, octet *CA, octet *Z, octet *R, octet *CB, octet *BETA);
extern void MPC_SUM_MTA(octet *A, octet *B, octet *ALPHA, octet *BETA, octet *SUM);
extern void MPC_INVKGAMMA(octet *KGAMMA1, octet *KGAMMA2, octet *INVKGAMMA);
-extern extern int MPC_R(octet *INVKGAMMA, octet *GAMMAPT1, octet *GAMMAPT2, octet *R);
+extern extern int MPC_R(octet *INVKGAMMA, octet *GAMMAPT1, octet *GAMMAPT2, octet *R, octet *RP);
extern void MPC_HASH(int sha, octet *M, octet *HM);
extern int MPC_S(octet *HM, octet *R, octet *K, octet *SIGMA, octet *S);
extern void MPC_SUM_S(octet *S1, octet *S2, octet *S);
@@ -131,7 +131,7 @@
HFS_2048 = 128
FS_4096 = 512
EGS_SECP256K1 = 32
-PTS_SECP256K1 = 2*EGS_SECP256K1 + 1
+EFS_SECP256K1 = 32
SHA256 = 32
curve_order = 0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141
@@ -317,12 +317,12 @@
else:
ecdsa_sk1, ecdsa_sk1_val = make_octet(EGS_SECP256K1)
- ecdsa_pk1, ecdsa_pk1_val = make_octet(PTS_SECP256K1)
+ ecdsa_pk1, ecdsa_pk1_val = make_octet(2 * EFS_SECP256K1)
rc = libamcl_curve_secp256k1.ECP_SECP256K1_KEY_PAIR_GENERATE(rng, ecdsa_sk1, ecdsa_pk1)
ecdsa_sk2 = to_str(ecdsa_sk1)
- ecdsa_pk2 = to_str(ecdsa_pk1)
+ ecdsa_pk2 = to_str(ecdsa_pk1)
return rc, ecdsa_pk2, ecdsa_sk2
@@ -524,9 +524,9 @@
Returns::
- r: R component of the signature
rc: Zero for success or else an error code
-
+ r : R component of the signature
+ rp: ECP associated to R component of signature
Raises:
"""
@@ -535,12 +535,14 @@
gammapt21, gammapt21_val = make_octet(None, gammapt2)
r1, r1_val = make_octet(EGS_SECP256K1)
+ rp, rp_val = make_octet(EFS_SECP256K1 + 1)
- rc = libamcl_mpc.MPC_R(invkgamma1, gammapt11, gammapt21, r1)
+ rc = libamcl_mpc.MPC_R(invkgamma1, gammapt11, gammapt21, r1, rp)
r2 = to_str(r1)
+ rp_str = to_str(rp)
- return rc, r2
+ return rc, r2, rp_str
def mpc_hash(message):
"""Hash the message value
@@ -677,7 +679,7 @@
pk11, pk11_val = make_octet(None, pk1)
pk21, pk21_val = make_octet(None, pk2)
- pk1, pk1_val = make_octet(PTS_SECP256K1)
+ pk1, pk1_val = make_octet(EFS_SECP256K1 + 1)
rc = libamcl_mpc.MPC_SUM_PK(pk11, pk21, pk1);
diff --git a/python/example_ecdsa.py b/python/example_ecdsa.py
index 8156f7d..6c99a72 100755
--- a/python/example_ecdsa.py
+++ b/python/example_ecdsa.py
@@ -84,7 +84,7 @@
# Calculate the R signature component
- rc, SIG_R = amcl_mpc.mpc_r(INVKGAMMA, GAMMAPT1, GAMMAPT2)
+ rc, SIG_R, _ = amcl_mpc.mpc_r(INVKGAMMA, GAMMAPT1, GAMMAPT2)
# ALPHA1 + BETA2 = K1 * W2
diff --git a/python/example_r.py b/python/example_r.py
index b438cf0..fbed92e 100755
--- a/python/example_r.py
+++ b/python/example_r.py
@@ -169,7 +169,7 @@
assert INVKGAMMAGOLDEN_hex == INVKGAMMA_hex, f"expected {INVKGAMMAGOLDEN_hex} got {INVKGAMMA_hex}"
# Calculate the R signature component
- rc, SIG_R = amcl_mpc.mpc_r(INVKGAMMA, GAMMAPT1, GAMMAPT2)
+ rc, SIG_R, _ = amcl_mpc.mpc_r(INVKGAMMA, GAMMAPT1, GAMMAPT2)
SIG_R_hex = SIG_R.hex()
assert SIG_RGOLDEN_hex == SIG_R_hex, f"expected {SIG_RGOLDEN_hex} got {SIG_R_hex}"
diff --git a/python/test_ecdsa.py b/python/test_ecdsa.py
index 56aea4a..98c85a0 100755
--- a/python/test_ecdsa.py
+++ b/python/test_ecdsa.py
@@ -92,7 +92,7 @@
# Calculate the R signature component
- rc, SIG_R = amcl_mpc.mpc_r(INVKGAMMA, GAMMAPT1, GAMMAPT2)
+ rc, SIG_R, _ = amcl_mpc.mpc_r(INVKGAMMA, GAMMAPT1, GAMMAPT2)
# ALPHA1 + BETA2 = K1 * W2
diff --git a/python/test_r.py b/python/test_r.py
index d479f8f..f3175ea 100755
--- a/python/test_r.py
+++ b/python/test_r.py
@@ -78,7 +78,7 @@
# Calculate the R signature component
- rc, sig_r = amcl_mpc.mpc_r(invkgamma, test['GAMMAPT1'], test['GAMMAPT2'])
+ rc, sig_r, _ = amcl_mpc.mpc_r(invkgamma, test['GAMMAPT1'], test['GAMMAPT2'])
self.assertEqual(vector['SIG_R'], sig_r.hex())
self.assertEqual(rc, 0)
diff --git a/src/mpc.c b/src/mpc.c
index d8729a9..14eb75e 100644
--- a/src/mpc.c
+++ b/src/mpc.c
@@ -162,32 +162,30 @@
{
BIG_256_56 kgamma1;
BIG_256_56 kgamma2;
- BIG_256_56 kgamma;
- BIG_256_56 invkgamma;
BIG_256_56 q;
// Curve order
BIG_256_56_rcopy(q, CURVE_Order_SECP256K1);
// Load values
- BIG_256_56_fromBytes(kgamma1, KGAMMA1->val);
- BIG_256_56_fromBytes(kgamma2, KGAMMA2->val);
+ BIG_256_56_fromBytesLen(kgamma1, KGAMMA1->val, KGAMMA1->len);
+ BIG_256_56_fromBytesLen(kgamma2, KGAMMA2->val, KGAMMA2->len);
// kgamma = kgamma1 + kgamma2 mod q
- BIG_256_56_add(kgamma, kgamma1, kgamma2);
- BIG_256_56_mod(kgamma, q);
+ BIG_256_56_add(kgamma1, kgamma1, kgamma2);
+ BIG_256_56_mod(kgamma1, q);
// invkgamma = kgamma^{-1}
- BIG_256_56_invmodp(invkgamma, kgamma, q);
+ BIG_256_56_invmodp(kgamma1, kgamma1, q);
// Output result
INVKGAMMA->len = EGS_SECP256K1;
- BIG_256_56_toBytes(INVKGAMMA->val, invkgamma);
+ BIG_256_56_toBytes(INVKGAMMA->val, kgamma1);
}
/* Calculate the r component of the signature */
-int MPC_R(octet *INVKGAMMA, octet *GAMMAPT1, octet *GAMMAPT2, octet *R)
+int MPC_R(octet *INVKGAMMA, octet *GAMMAPT1, octet *GAMMAPT2, octet *R, octet *RP)
{
BIG_256_56 invkgamma;
BIG_256_56 q;
@@ -200,16 +198,16 @@
BIG_256_56_rcopy(q, CURVE_Order_SECP256K1);
// Load values
- BIG_256_56_fromBytes(invkgamma, INVKGAMMA->val);
+ BIG_256_56_fromBytesLen(invkgamma, INVKGAMMA->val, INVKGAMMA->len);
if (!ECP_SECP256K1_fromOctet(&gammapt1, GAMMAPT1))
{
- return 1;
+ return MPC_INVALID_ECP;
}
if (!ECP_SECP256K1_fromOctet(&gammapt2, GAMMAPT2))
{
- return 1;
+ return MPC_INVALID_ECP;
}
// gammapt1 + gammapt2
@@ -223,14 +221,19 @@
BIG_256_56_mod(rx, q);
if (BIG_256_56_iszilch(rx))
{
- return 1;
+ return MPC_FAIL;
}
// Output result
R->len = EGS_SECP256K1;
BIG_256_56_toBytes(R->val, rx);
- return 0;
+ if (RP != NULL)
+ {
+ ECP_SECP256K1_toOctet(RP, &gammapt1, true);
+ }
+
+ return MPC_OK;
}
// Hash the message
@@ -271,14 +274,14 @@
BIG_256_56_mod(s, q);
if (BIG_256_56_iszilch(s))
{
- return 1;
+ return MPC_FAIL;
}
// Output result
S->len = EGS_SECP256K1;
BIG_256_56_toBytes(S->val, s);
- return 0;
+ return MPC_OK;
}
/* Calculate sum of s components of signature */
@@ -314,12 +317,12 @@
// Load values
if (!ECP_SECP256K1_fromOctet(&pk1, PK1))
{
- return 1;
+ return MPC_INVALID_ECP;
}
if (!ECP_SECP256K1_fromOctet(&pk2, PK2))
{
- return 1;
+ return MPC_INVALID_ECP;
}
// pk1 + pk2
@@ -328,7 +331,7 @@
// Output result
ECP_SECP256K1_toOctet(PK, &pk1, true);
- return 0;
+ return MPC_OK;
}
int MPC_PHASE5_commit(csprng *RNG, octet *R, octet *S, octet *PHI, octet *RHO, octet *V, octet *A)
diff --git a/src/mta.c b/src/mta.c
index c8fba17..19d6b55 100644
--- a/src/mta.c
+++ b/src/mta.c
@@ -274,27 +274,27 @@
BIG_256_56 q;
// Curve order
- BIG_256_56_rcopy(q,CURVE_Order_SECP256K1);
+ BIG_256_56_rcopy(q, CURVE_Order_SECP256K1);
// Load values
- BIG_256_56_fromBytes(a,A->val);
- BIG_256_56_fromBytes(b,B->val);
- BIG_256_56_fromBytes(alpha,ALPHA->val);
- BIG_256_56_fromBytes(beta,BETA->val);
+ BIG_256_56_fromBytesLen(a, A->val, A->len);
+ BIG_256_56_fromBytesLen(b, B->val, B->len);
+ BIG_256_56_fromBytesLen(alpha, ALPHA->val, ALPHA->len);
+ BIG_256_56_fromBytesLen(beta, BETA->val, BETA->len);
// sum = a.b mod q
- BIG_256_56_modmul(sum,a,b,q);
+ BIG_256_56_modmul(sum, a, b, q);
// sum = sum + alpha + beta
- BIG_256_56_add(sum,sum,alpha);
- BIG_256_56_add(sum,sum,beta);
+ BIG_256_56_add(sum, sum, alpha);
+ BIG_256_56_add(sum, sum, beta);
// sum = sum mod q
- BIG_256_56_mod(sum,q);
+ BIG_256_56_mod(sum, q);
// Output result
- SUM->len=EGS_SECP256K1;
- BIG_256_56_toBytes(SUM->val,sum);
+ SUM->len = EGS_SECP256K1;
+ BIG_256_56_toBytes(SUM->val, sum);
// Clean memory
BIG_256_56_zero(a);
diff --git a/test/smoke/test_ecdsa_smoke.c b/test/smoke/test_ecdsa_smoke.c
index f1100a7..8e28c2c 100644
--- a/test/smoke/test_ecdsa_smoke.c
+++ b/test/smoke/test_ecdsa_smoke.c
@@ -305,7 +305,7 @@
printf("\n");
// Calculate the R signature component
- rc = MPC_R(&INVKGAMMA, &GAMMAPT1, &GAMMAPT2, &SIG_R);
+ rc = MPC_R(&INVKGAMMA, &GAMMAPT1, &GAMMAPT2, &SIG_R, NULL);
if (rc)
{
fprintf(stderr, "FAILURE MPC_R rc: %d\n", rc);
diff --git a/test/smoke/test_r_smoke.c b/test/smoke/test_r_smoke.c
index 6103d41..44407ad 100644
--- a/test/smoke/test_r_smoke.c
+++ b/test/smoke/test_r_smoke.c
@@ -79,9 +79,13 @@
char* INVKGAMMA_hex = "f9419b11580cdc098cbcbfd3ac06e70d2d4827447353f64bd97daa5667b34ef9";
-char* GAMMAPT1_hex = "03206b7c7ae7ecf8fe79ac581d8de90b9a12a27f79732268649fb0ae109faade73";
+char* GAMMAPT1_hex = "04206b7c7ae7ecf8fe79ac581d8de90b9a12a27f79732268649fb0ae109faade73385833cafe293b42e33097a79397c77c94a7d12a32304514a890a0c2d747a40d";
-char* GAMMAPT2_hex = "03fc86f69384e2b0cc3d563dc24ebb3a7ca0ac12dfa671e4cda4abdec35f33ed32";
+char* GAMMAPT2_hex = "04fc86f69384e2b0cc3d563dc24ebb3a7ca0ac12dfa671e4cda4abdec35f33ed326fdc2404c8e236d5bea82bcbe4aeeb7545c8b5d0a19a39e00bacf8a7143800a9";
+
+char* SUMGAMMAPT_hex = "04b46da316359aead5e06c983407b199465bad193dc661334aafb1d7d94bafe721e671defdf3eedef2b6f298f7cdc673a740e88dbb313f2afdb294ee6527e325c1";
+
+char* RPT_hex = "048adf50a4f51443cac2b4d488092ab49925da09e3feb57a1fc03b5b917ca6de9fdefc78277d8cb4865e3e4b17c2821017316d9b21e648e733a207aee22ec91b3c";
char* SIG_R_hex = "8adf50a4f51443cac2b4d488092ab49925da09e3feb57a1fc03b5b917ca6de9f";
@@ -203,10 +207,10 @@
char invkgammagolden[EGS_SECP256K1];
octet INVKGAMMAGOLDEN = {0,sizeof(invkgammagolden),invkgammagolden};
- char gammapt1[EFS_SECP256K1+1];
+ char gammapt1[2*EFS_SECP256K1+1];
octet GAMMAPT1 = {0,sizeof(gammapt1),gammapt1};
- char gammapt2[EFS_SECP256K1+1];
+ char gammapt2[2*EFS_SECP256K1+1];
octet GAMMAPT2 = {0,sizeof(gammapt2),gammapt2};
char sig_rgolden[EGS_SECP256K1];
@@ -477,15 +481,13 @@
}
// Calculate the R signature component
- rc = MPC_R(&INVKGAMMA, &GAMMAPT1, &GAMMAPT2, &SIG_R);
+ rc = MPC_R(&INVKGAMMA, &GAMMAPT1, &GAMMAPT2, &SIG_R, NULL);
if (rc)
{
fprintf(stderr, "FAILURE MPC_R rc: %d\n", rc);
exit(EXIT_FAILURE);
}
- printf("%d", rc);
-
printf("SIG_R: ");
OCT_output(&SIG_R);
printf("\n");
diff --git a/test/unit/test_r.c b/test/unit/test_r.c
index 03129bf..3a1b54f 100644
--- a/test/unit/test_r.c
+++ b/test/unit/test_r.c
@@ -229,7 +229,7 @@
MPC_INVKGAMMA(&SUM1, &SUM2, &INVKGAMMA);
// Calculate the R signature component
- rc = MPC_R(&INVKGAMMA, &GAMMAPT1, &GAMMAPT2, &SIG_R);
+ rc = MPC_R(&INVKGAMMA, &GAMMAPT1, &GAMMAPT2, &SIG_R, NULL);
sprintf(err_msg, "MPC_R rc: %d", rc);
assert_tv(fp, testNo, err_msg, rc == 0);
