move x1 to range {q/3 , ... , 2q/3} for create_commitments

src/party_one.rs

@@ -18,7 +18,7 @@ use crate::paillier::{Decrypt, EncryptWithChosenRandomness, KeyGeneration};
 use crate::paillier::{DecryptionKey, EncryptionKey, Randomness, RawCiphertext, RawPlaintext};
 use crate::zk_paillier::zkproofs::{NICorrectKeyProof, RangeProofNi};
 use std::cmp;
-use std::ops::Shl;
+use std::ops::{Mul, Shl};
 
 use super::SECURITY_BITS;
 pub use crate::curv::arithmetic::traits::*;
@@ -136,14 +136,36 @@ pub struct EphKeyGenSecondMsg {}
 //****************** End: Party One structs ******************//
 
 impl KeyGenFirstMsg {
-    pub fn create_commitments() -> (KeyGenFirstMsg, CommWitness, EcKeyPair) {
-        let base: GE = ECPoint::generator();
 
-        let secret_share: FE = ECScalar::new_random();
-        //in Lindell's protocol range proof works only for x1<q/3
-        let secret_share: FE =
-            ECScalar::from(&secret_share.to_big_int().div_floor(&BigInt::from(3)));
+    //in Lindell's protocol range proof works only for x1 \in {q/3 , ... , 2q/3}
+    pub fn is_secret_share_in_range(secret_share: &FE) -> bool {
+        let lower_bound: BigInt = FE::q().div_floor(&BigInt::from(3));
+        let upper_bound: BigInt = FE::q().mul(&BigInt::from(2))
+            .div_floor(&BigInt::from(3));
+
+        return if secret_share.to_big_int().gt(&lower_bound) &&
+            secret_share.to_big_int().lt(&upper_bound) {
+            true
+        } else {
+            false
+        }
+    }
+
+    pub fn get_secret_share_in_range() -> FE {
+        let mut secret_share: FE = ECScalar::new_random();
+        secret_share = ECScalar::from(&secret_share.to_big_int());
 
+        while !Self::is_secret_share_in_range(&secret_share) {
+            secret_share = ECScalar::new_random();
+            secret_share = ECScalar::from(&secret_share.to_big_int());
+        }
+
+        return secret_share;
+    }
+
+    pub fn create_commitments() -> (KeyGenFirstMsg, CommWitness, EcKeyPair) {
+        let base: GE = ECPoint::generator();
+        let secret_share: FE = Self::get_secret_share_in_range();
         let public_share = base.scalar_mul(&secret_share.get_element());
 
         let d_log_proof = DLogProof::prove(&secret_share);
@@ -183,10 +205,8 @@ impl KeyGenFirstMsg {
     pub fn create_commitments_with_fixed_secret_share(
         secret_share: FE,
     ) -> (KeyGenFirstMsg, CommWitness, EcKeyPair) {
-        //in Lindell's protocol range proof works only for x1<q/3
-        let sk_bigint = secret_share.to_big_int();
-        let q_third = FE::q();
-        assert!(sk_bigint < q_third.div_floor(&BigInt::from(3)));
+
+        assert!(Self::is_secret_share_in_range(&secret_share));
         let base: GE = ECPoint::generator();
         let public_share = base.scalar_mul(&secret_share.get_element());
 

src/test.rs

@@ -7,6 +7,7 @@ mod tests {
     use crate::curv::elliptic::curves::traits::*;
     use crate::curv::BigInt;
     use crate::*;
+    use crate::party_one::KeyGenFirstMsg;
 
     #[test]
     fn test_d_log_proof_party_two_party_one() {
@@ -32,7 +33,7 @@ mod tests {
     fn test_full_key_gen() {
         let (party_one_first_message, comm_witness, ec_key_pair_party1) =
             party_one::KeyGenFirstMsg::create_commitments_with_fixed_secret_share(ECScalar::from(
-                &BigInt::sample(253),
+                &KeyGenFirstMsg::get_secret_share_in_range().to_big_int()
             ));
         let (party_two_first_message, _ec_key_pair_party2) =
             party_two::KeyGenFirstMsg::create_with_fixed_secret_share(ECScalar::from(