From 8ef8bc797f6055175e53632c15527ca4aa5d0ee2 Mon Sep 17 00:00:00 2001 From: Tim Ruffing Date: Wed, 18 Dec 2024 21:52:33 +0100 Subject: [PATCH] simplpedpop: Move group addition to error path --- python/chilldkg_ref/simplpedpop.py | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/python/chilldkg_ref/simplpedpop.py b/python/chilldkg_ref/simplpedpop.py index dba0c7e..e760a86 100644 --- a/python/chilldkg_ref/simplpedpop.py +++ b/python/chilldkg_ref/simplpedpop.py @@ -202,20 +202,24 @@ def participant_step2( ) sum_coms = assemble_sum_coms(coms_to_secrets, sum_coms_to_nonconst_terms) - pubshare = sum_coms.pubshare(idx) - if not VSSCommitment.verify_secshare(secshare, pubshare): + # Verifying the tweaked secshare against the tweaked pubshare is equivalent + # to verifying the untweaked secshare against the untweaked pubshare, but + # avoids computing the untweaked pubshare in the happy path and thereby + # moves a group addition to the error path. + sum_coms_tweaked, tweak, pubtweak = sum_coms.invalid_taproot_commit() + pubshare_tweaked = sum_coms_tweaked.pubshare(idx) + secshare_tweaked = secshare + tweak + if not VSSCommitment.verify_secshare(secshare_tweaked, pubshare_tweaked): + pubshare = pubshare_tweaked - pubtweak raise UnknownFaultyParticipantOrCoordinatorError( ParticipantInvestigationData(n, idx, secshare, pubshare), "Received invalid secshare, " "consider investigation procedure to determine faulty party", ) - sum_coms_tweaked, tweak, pubshare_tweak = sum_coms.invalid_taproot_commit() - secshare_tweaked = secshare + tweak threshold_pubkey = sum_coms_tweaked.commitment_to_secret() pubshares = [ - sum_coms_tweaked.pubshare(i) if i != idx else pubshare + pubshare_tweak - for i in range(n) + sum_coms_tweaked.pubshare(i) if i != idx else pubshare_tweaked for i in range(n) ] dkg_output = DKGOutput( secshare_tweaked.to_bytes(),