alternate lindell (#26)

* alternate lindell

* update mp-ecdsa

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "kms"
-version = "0.2.1"
+version = "0.2.2"
 authors = [
     "Omer <omer@kzencorp.com>",
     "Gary <gary@kzencorp.com>"
@@ -21,7 +21,7 @@ tag = "v0.3.4"
 
 [dependencies.zk-paillier]
 git = "https://github.com/KZen-networks/zk-paillier"
-tag = "v0.2.5"
+tag = "v0.2.8"
 
 [dependencies.multi-party-schnorr]
 git = "https://github.com/KZen-networks/multi-party-schnorr"
@@ -34,7 +34,7 @@ tag = "v0.2.3"
 
 [dependencies.multi-party-ecdsa]
 git = "https://github.com/KZen-networks/multi-party-ecdsa"
-tag = "v0.2.9"
+rev = "0a4931b8247b2f187dcb9ff7c7c096444feadcc3"
 
 [dependencies.centipede]
 git = "https://github.com/KZen-networks/centipede"

src/ecdsa/two_party/party1.rs

@@ -18,13 +18,14 @@ use super::hd_key;
 use super::{MasterKey1, MasterKey2, Party1Public};
 use ecdsa::two_party::party2::SignMessage;
 use multi_party_ecdsa::protocols::two_party_ecdsa::lindell_2017::party_two::EphKeyGenFirstMsg;
-use multi_party_ecdsa::protocols::two_party_ecdsa::lindell_2017::party_two::PDLFirstMessage as Party2PDLFirstMsg;
-use multi_party_ecdsa::protocols::two_party_ecdsa::lindell_2017::party_two::PDLSecondMessage as Party2PDLSecondMsg;
 use multi_party_ecdsa::protocols::two_party_ecdsa::lindell_2017::{party_one, party_two};
+use multi_party_ecdsa::utilities::zk_pdl_with_slack::PDLwSlackProof;
+use multi_party_ecdsa::utilities::zk_pdl_with_slack::PDLwSlackStatement;
+use zk_paillier::zkproofs::CompositeDLogProof;
 
 use paillier::EncryptionKey;
 use rotation::two_party::Rotation;
-use zk_paillier::zkproofs::{NICorrectKeyProof, RangeProofNi};
+use zk_paillier::zkproofs::NICorrectKeyProof;
 use Errors::{self, SignError};
 
 #[derive(Debug, Serialize, Deserialize)]
@@ -33,15 +34,19 @@ pub struct KeyGenParty1Message2 {
     pub ek: EncryptionKey,
     pub c_key: BigInt,
     pub correct_key_proof: NICorrectKeyProof,
-    pub range_proof: RangeProofNi,
+    pub pdl_statement: PDLwSlackStatement,
+    pub pdl_proof: PDLwSlackProof,
+    pub composite_dlog_proof: CompositeDLogProof,
 }
 
 #[derive(Debug, Serialize, Deserialize)]
 pub struct RotationParty1Message1 {
     pub ek: EncryptionKey,
     pub c_key_new: BigInt,
     pub correct_key_proof: NICorrectKeyProof,
-    pub range_proof: RangeProofNi,
+    pub pdl_statement: PDLwSlackStatement,
+    pub pdl_proof: PDLwSlackProof,
+    pub composite_dlog_proof: CompositeDLogProof,
 }
 
 impl MasterKey1 {
@@ -180,10 +185,9 @@ impl MasterKey1 {
         let party_one_private =
             party_one::Party1Private::set_private_key(&ec_key_pair_party1, &paillier_key_pair);
 
-        let range_proof = party_one::PaillierKeyPair::generate_range_proof(
-            &paillier_key_pair,
-            &party_one_private,
-        );
+        let (pdl_statement, pdl_proof, composite_dlog_proof) =
+            party_one::PaillierKeyPair::pdl_proof(&party_one_private, &paillier_key_pair);
+
         let correct_key_proof =
             party_one::PaillierKeyPair::generate_ni_proof_correct_key(&paillier_key_pair);
         (
@@ -192,39 +196,15 @@ impl MasterKey1 {
                 ek: paillier_key_pair.ek.clone(),
                 c_key: paillier_key_pair.encrypted_share.clone(),
                 correct_key_proof,
-                range_proof,
+                pdl_statement,
+                pdl_proof,
+                composite_dlog_proof,
             },
             paillier_key_pair,
             party_one_private,
         )
     }
 
-    pub fn key_gen_third_message(
-        party_two_pdl_first_message: &Party2PDLFirstMsg,
-        party_one_private: &party_one::Party1Private,
-    ) -> (party_one::PDLFirstMessage, party_one::PDLdecommit, BigInt) {
-        party_one::PaillierKeyPair::pdl_first_stage(
-            &party_one_private,
-            &party_two_pdl_first_message,
-        )
-    }
-
-    pub fn key_gen_fourth_message(
-        pdl_party_two_first_message: &Party2PDLFirstMsg,
-        pdl_party_two_second_message: &Party2PDLSecondMsg,
-        party_one_private: party_one::Party1Private,
-        pdl_decommit: party_one::PDLdecommit,
-        alpha: BigInt,
-    ) -> Result<party_one::PDLSecondMessage, ()> {
-        party_one::PaillierKeyPair::pdl_second_stage(
-            pdl_party_two_first_message,
-            pdl_party_two_second_message,
-            party_one_private,
-            pdl_decommit,
-            alpha,
-        )
-    }
-
     pub fn sign_first_message() -> (party_one::EphKeyGenFirstMsg, party_one::EphEcKeyPair) {
         party_one::EphKeyGenFirstMsg::create()
     }
@@ -272,60 +252,27 @@ impl MasterKey1 {
         }
     }
 
-    pub fn rotation_first_message(
-        &self,
-        cf: &Rotation,
-    ) -> (RotationParty1Message1, party_one::Party1Private) {
-        let (ek_new, c_key_new, new_private, correct_key_proof, range_proof) =
-            party_one::Party1Private::refresh_private_key(&self.private, &cf.rotation.to_big_int());
-
+    pub fn rotation_first_message(self, cf: &Rotation) -> (RotationParty1Message1, MasterKey1) {
+        let (
+            ek_new,
+            c_key_new,
+            new_private,
+            correct_key_proof,
+            pdl_statement,
+            pdl_proof,
+            composite_dlog_proof,
+        ) = party_one::Party1Private::refresh_private_key(&self.private, &cf.rotation.to_big_int());
+        let master_key_new = self.rotate(cf, new_private, &ek_new, &c_key_new);
         (
             RotationParty1Message1 {
                 ek: ek_new,
                 c_key_new,
                 correct_key_proof,
-                range_proof,
+                pdl_statement,
+                pdl_proof,
+                composite_dlog_proof,
             },
-            new_private,
-        )
-    }
-
-    pub fn rotation_second_message(
-        rotate_party_two_message_one: &Party2PDLFirstMsg,
-        party_one_private: &party_one::Party1Private,
-    ) -> (party_one::PDLFirstMessage, party_one::PDLdecommit, BigInt) {
-        party_one::PaillierKeyPair::pdl_first_stage(
-            &party_one_private,
-            &rotate_party_two_message_one,
+            master_key_new,
         )
     }
-
-    pub fn rotation_third_message(
-        self,
-        rotation_first_message: &RotationParty1Message1,
-        party_one_private_new: party_one::Party1Private,
-        cf: &Rotation,
-        rotate_party_two_first_message: &Party2PDLFirstMsg,
-        rotate_party_two_second_message: &Party2PDLSecondMsg,
-        pdl_decommit: party_one::PDLdecommit,
-        alpha: BigInt,
-    ) -> Result<(party_one::PDLSecondMessage, MasterKey1), ()> {
-        let rotate_party_one_third_message = party_one::PaillierKeyPair::pdl_second_stage(
-            rotate_party_two_first_message,
-            rotate_party_two_second_message,
-            party_one_private_new.clone(),
-            pdl_decommit,
-            alpha,
-        );
-        let master_key_new = self.rotate(
-            cf,
-            party_one_private_new,
-            &rotation_first_message.ek,
-            &rotation_first_message.c_key_new,
-        );
-        match rotate_party_one_third_message {
-            Ok(x) => Ok((x, master_key_new)),
-            Err(_) => Err(()),
-        }
-    }
 }

src/ecdsa/two_party/party2.rs

@@ -13,8 +13,6 @@
 use curv::{BigInt, FE, GE};
 use multi_party_ecdsa::protocols::two_party_ecdsa::lindell_2017::party_one::EphKeyGenFirstMsg as Party1EphKeyGenFirstMsg;
 use multi_party_ecdsa::protocols::two_party_ecdsa::lindell_2017::party_one::KeyGenFirstMsg as Party1KeyGenFirstMsg;
-use multi_party_ecdsa::protocols::two_party_ecdsa::lindell_2017::party_one::PDLFirstMessage as Party1PDLFirstMsg;
-use multi_party_ecdsa::protocols::two_party_ecdsa::lindell_2017::party_one::PDLSecondMessage as Party1PDLSecondMsg;
 
 use super::party1::{KeyGenParty1Message2, RotationParty1Message1};
 use multi_party_ecdsa::protocols::two_party_ecdsa::lindell_2017::{party_one, party_two};
@@ -34,7 +32,6 @@ pub struct SignMessage {
 #[derive(Debug, Serialize, Deserialize)]
 pub struct Party2SecondMessage {
     pub key_gen_second_message: party_two::KeyGenSecondMsg,
-    pub pdl_first_message: party_two::PDLFirstMessage,
 }
 
 impl MasterKey2 {
@@ -160,14 +157,7 @@ impl MasterKey2 {
     pub fn key_gen_second_message(
         party_one_first_message: &Party1KeyGenFirstMsg,
         party_one_second_message: &KeyGenParty1Message2,
-    ) -> Result<
-        (
-            Party2SecondMessage,
-            party_two::PaillierPublic,
-            party_two::PDLchallenge,
-        ),
-        (),
-    > {
+    ) -> Result<(Party2SecondMessage, party_two::PaillierPublic), ()> {
         let paillier_encryption_key = party_one_second_message.ek.clone();
         let paillier_encrypted_share = party_one_second_message.c_key.clone();
 
@@ -182,12 +172,11 @@ impl MasterKey2 {
             encrypted_secret_share: paillier_encrypted_share.clone(),
         };
 
-        let range_proof_verify = party_two::PaillierPublic::verify_range_proof(
+        let pdl_verify = party_two::PaillierPublic::pdl_verify(
+            &party_one_second_message.composite_dlog_proof,
+            &party_one_second_message.pdl_statement,
+            &party_one_second_message.pdl_proof,
             &party_two_paillier,
-            &party_one_second_message.range_proof,
-        );
-
-        let (pdl_first_message, pdl_chal) = party_two_paillier.pdl_challenge(
             &party_one_second_message
                 .ecdh_second_message
                 .comm_witness
@@ -198,43 +187,23 @@ impl MasterKey2 {
             .correct_key_proof
             .verify(&party_two_paillier.ek);
 
-        match range_proof_verify {
+        match pdl_verify {
             Ok(_proof) => match correct_key_verify {
                 Ok(_proof) => match party_two_second_message {
                     Ok(t) => Ok((
                         Party2SecondMessage {
                             key_gen_second_message: t,
-                            pdl_first_message,
                         },
                         party_two_paillier,
-                        pdl_chal,
                     )),
                     Err(_verify_com_and_dlog_party_one) => Err(()),
                 },
                 Err(_correct_key_error) => Err(()),
             },
-            Err(_range_proof_error) => Err(()),
+            Err(_pdl_error) => Err(()),
         }
     }
 
-    pub fn key_gen_third_message(
-        pdl_chal: &party_two::PDLchallenge,
-    ) -> party_two::PDLSecondMessage {
-        party_two::PaillierPublic::pdl_decommit_c_tag_tag(&pdl_chal)
-    }
-
-    pub fn key_gen_fourth_message(
-        pdl_chal: &party_two::PDLchallenge,
-        party_one_pdl_first_message: &Party1PDLFirstMsg,
-        party_one_pdl_second_message: &Party1PDLSecondMsg,
-    ) -> Result<(), ()> {
-        party_two::PaillierPublic::verify_pdl(
-            pdl_chal,
-            party_one_pdl_first_message,
-            party_one_pdl_second_message,
-        )
-    }
-
     pub fn sign_first_message() -> (
         party_two::EphKeyGenFirstMsg,
         party_two::EphCommWitness,
@@ -274,66 +243,35 @@ impl MasterKey2 {
     // is rotation and not new key gen.
     // party2 needs to verify range proof on c_key_new and correct key proof on the new paillier keys
     pub fn rotate_first_message(
-        &self,
+        self,
         cf: &Rotation,
         party_one_rotation_first_message: &RotationParty1Message1,
-    ) -> Result<
-        (
-            party_two::PDLFirstMessage,
-            party_two::PDLchallenge,
-            party_two::PaillierPublic,
-        ),
-        (),
-    > {
+    ) -> Result<MasterKey2, ()> {
         let party_two_paillier = party_two::PaillierPublic {
             ek: party_one_rotation_first_message.ek.clone(),
             encrypted_secret_share: party_one_rotation_first_message.c_key_new.clone(),
         };
-        let range_proof_verify = party_one_rotation_first_message.range_proof.verify(
-            &party_two_paillier.ek,
-            &party_two_paillier.encrypted_secret_share,
+
+        let pdl_verify = party_two::PaillierPublic::pdl_verify(
+            &party_one_rotation_first_message.composite_dlog_proof,
+            &party_one_rotation_first_message.pdl_statement,
+            &party_one_rotation_first_message.pdl_proof,
+            &party_two_paillier,
+            &(self.public.p1 * &cf.rotation),
         );
 
         let correct_key_verify = party_one_rotation_first_message
             .correct_key_proof
             .verify(&party_two_paillier.ek);
 
-        let (pdl_first_message, pdl_chal) =
-            party_two_paillier.pdl_challenge(&(&self.public.p1 * &cf.rotation));
+        let master_key = self.rotate(cf, &party_two_paillier);
 
-        match range_proof_verify {
+        match pdl_verify {
             Ok(_proof) => match correct_key_verify {
-                Ok(_proof) => Ok((pdl_first_message, pdl_chal, party_two_paillier)),
+                Ok(_proof) => Ok(master_key),
                 Err(_correct_key_error) => Err(()),
             },
             Err(_range_proof_error) => Err(()),
         }
     }
-
-    pub fn rotate_second_message(
-        pdl_chal: &party_two::PDLchallenge,
-    ) -> party_two::PDLSecondMessage {
-        party_two::PaillierPublic::pdl_decommit_c_tag_tag(&pdl_chal)
-    }
-
-    pub fn rotate_third_message(
-        self,
-        cf: &Rotation,
-        party_two_paillier: &party_two::PaillierPublic,
-        pdl_chal: &party_two::PDLchallenge,
-        party_one_pdl_first_message: &Party1PDLFirstMsg,
-        party_one_pdl_second_message: &Party1PDLSecondMsg,
-    ) -> Result<MasterKey2, ()> {
-        match party_two::PaillierPublic::verify_pdl(
-            pdl_chal,
-            party_one_pdl_first_message,
-            party_one_pdl_second_message,
-        ) {
-            Ok(_) => {
-                let master_key = self.rotate(cf, party_two_paillier);
-                Ok(master_key)
-            }
-            Err(_) => Err(()),
-        }
-    }
 }