From 716082c9787777414abbb0c6ef6326c6faf62bf9 Mon Sep 17 00:00:00 2001 From: ChihYunChuang Date: Thu, 8 May 2025 17:24:29 +0800 Subject: [PATCH 1/3] crypto: implete bls mpc --- crypto/binaryfield/message.pb.go | 4 +- crypto/binaryquadraticform/message.pb.go | 4 +- crypto/bip32/child/message.pb.go | 5 +- crypto/bip32/master/message.pb.go | 5 +- crypto/birkhoffinterpolation/bk.pb.go | 4 +- crypto/circuit/message.pb.go | 4 +- crypto/commitment/message.pb.go | 4 +- crypto/ecpointgrouplaw/point.pb.go | 4 +- crypto/homo/cl/message.pb.go | 4 +- crypto/homo/paillier/message.pb.go | 4 +- crypto/ot/message.pb.go | 4 +- crypto/tss/bls/message.pb.go | 280 +++++++++++++++++ crypto/tss/bls/message.proto | 33 ++ crypto/tss/bls/sharevalidation.go | 142 +++++++++ crypto/tss/bls/sharevalidation_test.go | 64 ++++ crypto/tss/bls/sign.go | 169 +++++++++++ crypto/tss/bls/sign_test.go | 78 +++++ crypto/tss/dkg/message.pb.go | 5 +- crypto/tss/ecdsa/addshare/message.pb.go | 302 +++++++++---------- crypto/tss/ecdsa/cggmp/dkg/message.pb.go | 5 +- crypto/tss/ecdsa/cggmp/refresh/message.pb.go | 5 +- crypto/tss/ecdsa/cggmp/sign/message.pb.go | 5 +- crypto/tss/ecdsa/cggmp/signSix/message.pb.go | 5 +- crypto/tss/ecdsa/gg18/reshare/message.pb.go | 5 +- crypto/tss/ecdsa/gg18/signer/message.pb.go | 5 +- crypto/tss/eddsa/frost/signer/message.pb.go | 5 +- crypto/utils/message.pb.go | 14 +- crypto/zkproof/message.pb.go | 4 +- crypto/zkproof/paillier/message.pb.go | 4 +- 29 files changed, 976 insertions(+), 200 deletions(-) create mode 100644 crypto/tss/bls/message.pb.go create mode 100644 crypto/tss/bls/message.proto create mode 100644 crypto/tss/bls/sharevalidation.go create mode 100644 crypto/tss/bls/sharevalidation_test.go create mode 100644 crypto/tss/bls/sign.go create mode 100644 crypto/tss/bls/sign_test.go diff --git a/crypto/binaryfield/message.pb.go b/crypto/binaryfield/message.pb.go index 5aba9469..6d649e4a 100644 --- a/crypto/binaryfield/message.pb.go +++ b/crypto/binaryfield/message.pb.go @@ -14,8 +14,8 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.26.0 -// protoc v3.6.1 +// protoc-gen-go v1.33.0 +// protoc v5.29.3 // source: github.com/getamis/alice/crypto/binaryfield/message.proto package binaryfield diff --git a/crypto/binaryquadraticform/message.pb.go b/crypto/binaryquadraticform/message.pb.go index 862d809b..5d98b862 100644 --- a/crypto/binaryquadraticform/message.pb.go +++ b/crypto/binaryquadraticform/message.pb.go @@ -14,8 +14,8 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.26.0 -// protoc v3.6.1 +// protoc-gen-go v1.33.0 +// protoc v5.29.3 // source: github.com/getamis/alice/crypto/binaryquadraticform/message.proto package binaryquadraticform diff --git a/crypto/bip32/child/message.pb.go b/crypto/bip32/child/message.pb.go index 95826d85..feeaf6e8 100644 --- a/crypto/bip32/child/message.pb.go +++ b/crypto/bip32/child/message.pb.go @@ -14,8 +14,8 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.26.0 -// protoc v3.6.1 +// protoc-gen-go v1.33.0 +// protoc v5.29.3 // source: github.com/getamis/alice/crypto/bip32/child/message.proto package child @@ -100,6 +100,7 @@ type Message struct { Type Type `protobuf:"varint,1,opt,name=type,proto3,enum=getamis.alice.crypto.bip32.child.Type" json:"type,omitempty"` Id string `protobuf:"bytes,2,opt,name=id,proto3" json:"id,omitempty"` // Types that are assignable to Body: + // // *Message_Initial // *Message_OtReceiver // *Message_OtSendResponse diff --git a/crypto/bip32/master/message.pb.go b/crypto/bip32/master/message.pb.go index 25147cf0..e53121bb 100644 --- a/crypto/bip32/master/message.pb.go +++ b/crypto/bip32/master/message.pb.go @@ -14,8 +14,8 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.26.0 -// protoc v3.6.1 +// protoc-gen-go v1.33.0 +// protoc v5.29.3 // source: github.com/getamis/alice/crypto/bip32/master/message.proto package master @@ -109,6 +109,7 @@ type Message struct { Type Type `protobuf:"varint,1,opt,name=type,proto3,enum=getamis.alice.crypto.bip32.master.Type" json:"type,omitempty"` Id string `protobuf:"bytes,2,opt,name=id,proto3" json:"id,omitempty"` // Types that are assignable to Body: + // // *Message_Initial // *Message_OtReceiver // *Message_OtSendResponse diff --git a/crypto/birkhoffinterpolation/bk.pb.go b/crypto/birkhoffinterpolation/bk.pb.go index 2e40af39..180070a0 100644 --- a/crypto/birkhoffinterpolation/bk.pb.go +++ b/crypto/birkhoffinterpolation/bk.pb.go @@ -14,8 +14,8 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.26.0 -// protoc v3.6.1 +// protoc-gen-go v1.33.0 +// protoc v5.29.3 // source: github.com/getamis/alice/crypto/birkhoffinterpolation/bk.proto package birkhoffinterpolation diff --git a/crypto/circuit/message.pb.go b/crypto/circuit/message.pb.go index f7c6a523..74d36878 100644 --- a/crypto/circuit/message.pb.go +++ b/crypto/circuit/message.pb.go @@ -14,8 +14,8 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.26.0 -// protoc v3.6.1 +// protoc-gen-go v1.33.0 +// protoc v5.29.3 // source: github.com/getamis/alice/crypto/circuit/message.proto package circuit diff --git a/crypto/commitment/message.pb.go b/crypto/commitment/message.pb.go index 604613c1..bf58ad60 100644 --- a/crypto/commitment/message.pb.go +++ b/crypto/commitment/message.pb.go @@ -14,8 +14,8 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.26.0 -// protoc v3.6.1 +// protoc-gen-go v1.33.0 +// protoc v5.29.3 // source: github.com/getamis/alice/crypto/commitment/message.proto package commitment diff --git a/crypto/ecpointgrouplaw/point.pb.go b/crypto/ecpointgrouplaw/point.pb.go index 438fc9ad..b2b478d9 100644 --- a/crypto/ecpointgrouplaw/point.pb.go +++ b/crypto/ecpointgrouplaw/point.pb.go @@ -14,8 +14,8 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.26.0 -// protoc v3.6.1 +// protoc-gen-go v1.33.0 +// protoc v5.29.3 // source: github.com/getamis/alice/crypto/ecpointgrouplaw/point.proto package ecpointgrouplaw diff --git a/crypto/homo/cl/message.pb.go b/crypto/homo/cl/message.pb.go index 75f56ae8..6db89bdb 100644 --- a/crypto/homo/cl/message.pb.go +++ b/crypto/homo/cl/message.pb.go @@ -14,8 +14,8 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.26.0 -// protoc v3.6.1 +// protoc-gen-go v1.33.0 +// protoc v5.29.3 // source: github.com/getamis/alice/crypto/homo/cl/message.proto package cl diff --git a/crypto/homo/paillier/message.pb.go b/crypto/homo/paillier/message.pb.go index d42ec304..44f4f865 100644 --- a/crypto/homo/paillier/message.pb.go +++ b/crypto/homo/paillier/message.pb.go @@ -14,8 +14,8 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.26.0 -// protoc v3.6.1 +// protoc-gen-go v1.33.0 +// protoc v5.29.3 // source: github.com/getamis/alice/crypto/homo/paillier/message.proto package paillier diff --git a/crypto/ot/message.pb.go b/crypto/ot/message.pb.go index 34b9f695..f9f9cdc7 100644 --- a/crypto/ot/message.pb.go +++ b/crypto/ot/message.pb.go @@ -14,8 +14,8 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.26.0 -// protoc v3.6.1 +// protoc-gen-go v1.33.0 +// protoc v5.29.3 // source: github.com/getamis/alice/crypto/ot/message.proto package ot diff --git a/crypto/tss/bls/message.pb.go b/crypto/tss/bls/message.pb.go new file mode 100644 index 00000000..894c601e --- /dev/null +++ b/crypto/tss/bls/message.pb.go @@ -0,0 +1,280 @@ +// Copyright © 2025 AMIS Technologies +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.33.0 +// protoc v5.29.3 +// source: github.com/getamis/alice/crypto/tss/bls/message.proto + +package bls + +import ( + birkhoffinterpolation "github.com/getamis/alice/crypto/birkhoffinterpolation" + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type SignMessage struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Signature []byte `protobuf:"bytes,1,opt,name=signature,proto3" json:"signature,omitempty"` + PublicKey []byte `protobuf:"bytes,2,opt,name=publicKey,proto3" json:"publicKey,omitempty"` + Bk *birkhoffinterpolation.BkParameterMessage `protobuf:"bytes,3,opt,name=bk,proto3" json:"bk,omitempty"` +} + +func (x *SignMessage) Reset() { + *x = SignMessage{} + if protoimpl.UnsafeEnabled { + mi := &file_github_com_getamis_alice_crypto_tss_bls_message_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *SignMessage) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*SignMessage) ProtoMessage() {} + +func (x *SignMessage) ProtoReflect() protoreflect.Message { + mi := &file_github_com_getamis_alice_crypto_tss_bls_message_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use SignMessage.ProtoReflect.Descriptor instead. +func (*SignMessage) Descriptor() ([]byte, []int) { + return file_github_com_getamis_alice_crypto_tss_bls_message_proto_rawDescGZIP(), []int{0} +} + +func (x *SignMessage) GetSignature() []byte { + if x != nil { + return x.Signature + } + return nil +} + +func (x *SignMessage) GetPublicKey() []byte { + if x != nil { + return x.PublicKey + } + return nil +} + +func (x *SignMessage) GetBk() *birkhoffinterpolation.BkParameterMessage { + if x != nil { + return x.Bk + } + return nil +} + +type ShareValidationMessage struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + PartialPubKey []byte `protobuf:"bytes,1,opt,name=partialPubKey,proto3" json:"partialPubKey,omitempty"` + PublicKey []byte `protobuf:"bytes,2,opt,name=publicKey,proto3" json:"publicKey,omitempty"` + Bk *birkhoffinterpolation.BkParameterMessage `protobuf:"bytes,3,opt,name=bk,proto3" json:"bk,omitempty"` +} + +func (x *ShareValidationMessage) Reset() { + *x = ShareValidationMessage{} + if protoimpl.UnsafeEnabled { + mi := &file_github_com_getamis_alice_crypto_tss_bls_message_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ShareValidationMessage) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ShareValidationMessage) ProtoMessage() {} + +func (x *ShareValidationMessage) ProtoReflect() protoreflect.Message { + mi := &file_github_com_getamis_alice_crypto_tss_bls_message_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ShareValidationMessage.ProtoReflect.Descriptor instead. +func (*ShareValidationMessage) Descriptor() ([]byte, []int) { + return file_github_com_getamis_alice_crypto_tss_bls_message_proto_rawDescGZIP(), []int{1} +} + +func (x *ShareValidationMessage) GetPartialPubKey() []byte { + if x != nil { + return x.PartialPubKey + } + return nil +} + +func (x *ShareValidationMessage) GetPublicKey() []byte { + if x != nil { + return x.PublicKey + } + return nil +} + +func (x *ShareValidationMessage) GetBk() *birkhoffinterpolation.BkParameterMessage { + if x != nil { + return x.Bk + } + return nil +} + +var File_github_com_getamis_alice_crypto_tss_bls_message_proto protoreflect.FileDescriptor + +var file_github_com_getamis_alice_crypto_tss_bls_message_proto_rawDesc = []byte{ + 0x0a, 0x35, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x65, 0x74, + 0x61, 0x6d, 0x69, 0x73, 0x2f, 0x61, 0x6c, 0x69, 0x63, 0x65, 0x2f, 0x63, 0x72, 0x79, 0x70, 0x74, + 0x6f, 0x2f, 0x74, 0x73, 0x73, 0x2f, 0x62, 0x6c, 0x73, 0x2f, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, + 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x1b, 0x67, 0x65, 0x74, 0x61, 0x6d, 0x69, 0x73, + 0x2e, 0x61, 0x6c, 0x69, 0x63, 0x65, 0x2e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x2e, 0x62, 0x6c, + 0x73, 0x6d, 0x70, 0x63, 0x1a, 0x3e, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, + 0x2f, 0x67, 0x65, 0x74, 0x61, 0x6d, 0x69, 0x73, 0x2f, 0x61, 0x6c, 0x69, 0x63, 0x65, 0x2f, 0x63, + 0x72, 0x79, 0x70, 0x74, 0x6f, 0x2f, 0x62, 0x69, 0x72, 0x6b, 0x68, 0x6f, 0x66, 0x66, 0x69, 0x6e, + 0x74, 0x65, 0x72, 0x70, 0x6f, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2f, 0x62, 0x6b, 0x2e, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x99, 0x01, 0x0a, 0x0b, 0x53, 0x69, 0x67, 0x6e, 0x4d, 0x65, 0x73, + 0x73, 0x61, 0x67, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, + 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x09, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, + 0x72, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x09, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, + 0x12, 0x4e, 0x0a, 0x02, 0x62, 0x6b, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3e, 0x2e, 0x67, + 0x65, 0x74, 0x61, 0x6d, 0x69, 0x73, 0x2e, 0x61, 0x6c, 0x69, 0x63, 0x65, 0x2e, 0x63, 0x72, 0x79, + 0x70, 0x74, 0x6f, 0x2e, 0x62, 0x69, 0x72, 0x6b, 0x68, 0x6f, 0x66, 0x66, 0x69, 0x6e, 0x74, 0x65, + 0x72, 0x70, 0x6f, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x42, 0x6b, 0x50, 0x61, 0x72, 0x61, + 0x6d, 0x65, 0x74, 0x65, 0x72, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x52, 0x02, 0x62, 0x6b, + 0x22, 0xac, 0x01, 0x0a, 0x16, 0x53, 0x68, 0x61, 0x72, 0x65, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x12, 0x24, 0x0a, 0x0d, 0x70, + 0x61, 0x72, 0x74, 0x69, 0x61, 0x6c, 0x50, 0x75, 0x62, 0x4b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x0c, 0x52, 0x0d, 0x70, 0x61, 0x72, 0x74, 0x69, 0x61, 0x6c, 0x50, 0x75, 0x62, 0x4b, 0x65, + 0x79, 0x12, 0x1c, 0x0a, 0x09, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x18, 0x02, + 0x20, 0x01, 0x28, 0x0c, 0x52, 0x09, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x12, + 0x4e, 0x0a, 0x02, 0x62, 0x6b, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3e, 0x2e, 0x67, 0x65, + 0x74, 0x61, 0x6d, 0x69, 0x73, 0x2e, 0x61, 0x6c, 0x69, 0x63, 0x65, 0x2e, 0x63, 0x72, 0x79, 0x70, + 0x74, 0x6f, 0x2e, 0x62, 0x69, 0x72, 0x6b, 0x68, 0x6f, 0x66, 0x66, 0x69, 0x6e, 0x74, 0x65, 0x72, + 0x70, 0x6f, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x42, 0x6b, 0x50, 0x61, 0x72, 0x61, 0x6d, + 0x65, 0x74, 0x65, 0x72, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x52, 0x02, 0x62, 0x6b, 0x42, + 0x29, 0x5a, 0x27, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x65, + 0x74, 0x61, 0x6d, 0x69, 0x73, 0x2f, 0x61, 0x6c, 0x69, 0x63, 0x65, 0x2f, 0x63, 0x72, 0x79, 0x70, + 0x74, 0x6f, 0x2f, 0x74, 0x73, 0x73, 0x2f, 0x62, 0x6c, 0x73, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x33, +} + +var ( + file_github_com_getamis_alice_crypto_tss_bls_message_proto_rawDescOnce sync.Once + file_github_com_getamis_alice_crypto_tss_bls_message_proto_rawDescData = file_github_com_getamis_alice_crypto_tss_bls_message_proto_rawDesc +) + +func file_github_com_getamis_alice_crypto_tss_bls_message_proto_rawDescGZIP() []byte { + file_github_com_getamis_alice_crypto_tss_bls_message_proto_rawDescOnce.Do(func() { + file_github_com_getamis_alice_crypto_tss_bls_message_proto_rawDescData = protoimpl.X.CompressGZIP(file_github_com_getamis_alice_crypto_tss_bls_message_proto_rawDescData) + }) + return file_github_com_getamis_alice_crypto_tss_bls_message_proto_rawDescData +} + +var file_github_com_getamis_alice_crypto_tss_bls_message_proto_msgTypes = make([]protoimpl.MessageInfo, 2) +var file_github_com_getamis_alice_crypto_tss_bls_message_proto_goTypes = []interface{}{ + (*SignMessage)(nil), // 0: getamis.alice.crypto.blsmpc.SignMessage + (*ShareValidationMessage)(nil), // 1: getamis.alice.crypto.blsmpc.ShareValidationMessage + (*birkhoffinterpolation.BkParameterMessage)(nil), // 2: getamis.alice.crypto.birkhoffinterpolation.BkParameterMessage +} +var file_github_com_getamis_alice_crypto_tss_bls_message_proto_depIdxs = []int32{ + 2, // 0: getamis.alice.crypto.blsmpc.SignMessage.bk:type_name -> getamis.alice.crypto.birkhoffinterpolation.BkParameterMessage + 2, // 1: getamis.alice.crypto.blsmpc.ShareValidationMessage.bk:type_name -> getamis.alice.crypto.birkhoffinterpolation.BkParameterMessage + 2, // [2:2] is the sub-list for method output_type + 2, // [2:2] is the sub-list for method input_type + 2, // [2:2] is the sub-list for extension type_name + 2, // [2:2] is the sub-list for extension extendee + 0, // [0:2] is the sub-list for field type_name +} + +func init() { file_github_com_getamis_alice_crypto_tss_bls_message_proto_init() } +func file_github_com_getamis_alice_crypto_tss_bls_message_proto_init() { + if File_github_com_getamis_alice_crypto_tss_bls_message_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_github_com_getamis_alice_crypto_tss_bls_message_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*SignMessage); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_github_com_getamis_alice_crypto_tss_bls_message_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ShareValidationMessage); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_github_com_getamis_alice_crypto_tss_bls_message_proto_rawDesc, + NumEnums: 0, + NumMessages: 2, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_github_com_getamis_alice_crypto_tss_bls_message_proto_goTypes, + DependencyIndexes: file_github_com_getamis_alice_crypto_tss_bls_message_proto_depIdxs, + MessageInfos: file_github_com_getamis_alice_crypto_tss_bls_message_proto_msgTypes, + }.Build() + File_github_com_getamis_alice_crypto_tss_bls_message_proto = out.File + file_github_com_getamis_alice_crypto_tss_bls_message_proto_rawDesc = nil + file_github_com_getamis_alice_crypto_tss_bls_message_proto_goTypes = nil + file_github_com_getamis_alice_crypto_tss_bls_message_proto_depIdxs = nil +} diff --git a/crypto/tss/bls/message.proto b/crypto/tss/bls/message.proto new file mode 100644 index 00000000..42eeeab4 --- /dev/null +++ b/crypto/tss/bls/message.proto @@ -0,0 +1,33 @@ +// Copyright © 2025 AMIS Technologies +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +package getamis.alice.crypto.blsmpc; + +option go_package = "github.com/getamis/alice/crypto/tss/bls"; + +import "github.com/getamis/alice/crypto/birkhoffinterpolation/bk.proto"; + +message SignMessage { + bytes signature = 1; + bytes publicKey = 2; + birkhoffinterpolation.BkParameterMessage bk = 3; +} + +message ShareValidationMessage { + bytes partialPubKey = 1; + bytes publicKey = 2; + birkhoffinterpolation.BkParameterMessage bk = 3; +} diff --git a/crypto/tss/bls/sharevalidation.go b/crypto/tss/bls/sharevalidation.go new file mode 100644 index 00000000..1e89b60f --- /dev/null +++ b/crypto/tss/bls/sharevalidation.go @@ -0,0 +1,142 @@ +// Copyright © 2025 AMIS Technologies +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package bls + +import ( + "crypto/subtle" + "math/big" + + bls12381 "github.com/consensys/gnark-crypto/ecc/bls12-381" + "github.com/getamis/alice/crypto/birkhoffinterpolation" + "github.com/getamis/alice/crypto/utils" +) + +type ShareValidaiton struct { + ownBK *birkhoffinterpolation.BkParameter + threshold uint32 + ownShare *big.Int + pubKey []byte + + partialPubKey []byte +} + +func NewShareValidaitonManager(threshold uint32, share []byte, bk *birkhoffinterpolation.BkParameter, pubKey []byte) (*ShareValidaiton, error) { + // check the correctness of share and pubKey + bshare, _, err := validationShareAndPubKey(share, pubKey) + if err != nil { + return nil, err + } + return &ShareValidaiton{ + ownBK: bk, + threshold: threshold, + ownShare: bshare, + pubKey: pubKey, + }, nil +} + +func (sV *ShareValidaiton) ComputeShareProof(schnorrInfo []byte) (*ShareValidationMessage, error) { + // compute sharePoint + var partialPubKey bls12381.G1Affine + partialPubKey.ScalarMultiplicationBase(sV.ownShare) + partialPubKeyByte := partialPubKey.Bytes() + + // compute Schnorr Zk + + // Set data + sV.partialPubKey = partialPubKeyByte[:] + + return &ShareValidationMessage{ + PartialPubKey: partialPubKeyByte[:], + PublicKey: sV.pubKey, + Bk: sV.ownBK.ToMessage(), + }, nil +} + +func (sV *ShareValidaiton) Validation(partialPubKeyMsg []*ShareValidationMessage) error { + bkss := birkhoffinterpolation.BkParameters{ + sV.ownBK, + } + partialPubKeySlice := make([][]byte, 1) + partialPubKeySlice[0] = sV.partialPubKey + pubKeyByte := sV.pubKey + var pubKey bls12381.G1Affine + _, err := pubKey.SetBytes(pubKeyByte) + if err != nil { + return err + } + + // check the correctness of the partial Point + for i := 0; i < len(partialPubKeyMsg); i++ { + tempPartialPubKey := partialPubKeyMsg[i].PartialPubKey + // The length of a correct signature is 48 + if len(tempPartialPubKey) > G1MaxByteLength { + return ErrFailureSign + } + partialPubKeySlice = append(partialPubKeySlice, tempPartialPubKey) + tempBks, err := partialPubKeyMsg[i].Bk.ToBk(bls12381CurveOrder) + if err != nil { + return err + } + bkss = append(bkss, tempBks) + getPubKey := partialPubKeyMsg[i].PublicKey + if subtle.ConstantTimeCompare(pubKeyByte, getPubKey) != 1 { + return ErrPubKeyDifferent + } + } + bkCoefficient, err := bkss.ComputeBkCoefficient(sV.threshold, bls12381CurveOrder) + if err != nil { + return err + } + // Compute the public Key from share points + var result bls12381.G1Affine + _, err = result.SetBytes(partialPubKeySlice[0]) + if err != nil { + return err + } + result.ScalarMultiplication(&result, bkCoefficient[0]) + for i := 1; i < len(partialPubKeySlice); i++ { + var temp bls12381.G1Affine + _, err = temp.SetBytes(partialPubKeySlice[i]) + if err != nil { + return err + } + temp.ScalarMultiplication(&temp, bkCoefficient[i]) + result.Add(&result, &temp) + } + // check the same of result and pubKey + if !pubKey.Equal(&result) { + return ErrShareValidationFailure + } + return nil +} + +func validationShareAndPubKey(share []byte, pubKey []byte) (*big.Int, *bls12381.G1Affine, error) { + // check the correctness of share and pubKey + bshare := new(big.Int).SetBytes(share) + err := utils.InRange(bshare, big1, bls12381CurveOrder) + if err != nil { + return nil, nil, err + } + if len(pubKey) > G1MaxByteLength { + return nil, nil, ErrWrongLengthPubKey + } + + var pubKeyG1 bls12381.G1Affine + _, err = pubKeyG1.SetBytes(pubKey) + if err != nil { + return nil, nil, err + } + return bshare, &pubKeyG1, nil +} diff --git a/crypto/tss/bls/sharevalidation_test.go b/crypto/tss/bls/sharevalidation_test.go new file mode 100644 index 00000000..b080e9ea --- /dev/null +++ b/crypto/tss/bls/sharevalidation_test.go @@ -0,0 +1,64 @@ +// Copyright © 2025 AMIS Technologies +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +package bls + +import ( + "math/big" + + bls12381 "github.com/consensys/gnark-crypto/ecc/bls12-381" + "github.com/getamis/alice/crypto/birkhoffinterpolation" + "github.com/getamis/alice/crypto/polynomial" + "github.com/getamis/alice/crypto/utils" + + . "github.com/onsi/ginkgo" + . "github.com/onsi/gomega" +) + +var _ = Describe("bls mpc share validation", func() { + Context("It is OK", func() { + It("Share Validation", func() { + threshold := uint32(3) + totalNumber := uint32(5) + msg := []byte("Time") + bkSS := make([]*birkhoffinterpolation.BkParameter, totalNumber) + shareValManager := make([]*ShareValidaiton, totalNumber) + poly, err := polynomial.RandomPolynomial(bls12381CurveOrder, threshold-1) + Expect(err).Should(BeNil()) + secret := poly.Evaluate(big.NewInt(0)) + pubKey := new(bls12381.G1Affine).ScalarMultiplicationBase(secret) + pubKeyByte := pubKey.Bytes() + + for i := 0; i < len(shareValManager); i++ { + tempX, err := utils.RandomPositiveInt(bls12381CurveOrder) + Expect(err).Should(BeNil()) + bkSS[i] = birkhoffinterpolation.NewBkParameter(tempX, 0) + tempShareValidaitonManager, err := NewShareValidaitonManager(threshold, poly.Evaluate(tempX).Bytes(), bkSS[i], pubKeyByte[:]) + Expect(err).Should(BeNil()) + shareValManager[i] = tempShareValidaitonManager + } + shareValidaitonMsg := make([]*ShareValidationMessage, totalNumber) + + for i := 0; i < len(shareValManager); i++ { + tempMsg, err := shareValManager[i].ComputeShareProof(msg) + Expect(err).Should(BeNil()) + shareValidaitonMsg[i] = tempMsg + } + // Validation + for i := 0; i < len(shareValManager); i++ { + err = shareValManager[i].Validation(shareValidaitonMsg) + Expect(err).Should(BeNil()) + } + }) + }) +}) diff --git a/crypto/tss/bls/sign.go b/crypto/tss/bls/sign.go new file mode 100644 index 00000000..66508bd8 --- /dev/null +++ b/crypto/tss/bls/sign.go @@ -0,0 +1,169 @@ +// Copyright © 2025 AMIS Technologies +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package bls + +import ( + "crypto/subtle" + "errors" + "math/big" + + bls12381 "github.com/consensys/gnark-crypto/ecc/bls12-381" + "github.com/getamis/alice/crypto/birkhoffinterpolation" +) + +const ( + G1MaxByteLength = 48 + G2MaxByteLength = 96 +) + +var ( + dst = []byte("BLS_SIG_BLS12381G2_XMD:SHA-256_SSWU_RO_POP_") + big1 = big.NewInt(1) + bls12381CurveOrder, _ = new(big.Int).SetString("52435875175126190479447740508185965837690552500527637822603658699938581184513", 10) + + // ErrZeroMessage is returned if the hash point is the identity point. + ErrZeroMessage = errors.New("the hash point is the identity point") + // ErrFailureSign is returned if the verification of signature failures. + ErrFailureSign = errors.New("the verification of signature failures") + // ErrPubKeyDifferent is returned if the public key are different. + ErrPubKeyDifferent = errors.New("the public key are different") + // ErrWrongLengthPubKey is returned if the length of public key is wrong. + ErrWrongLengthPubKey = errors.New("the length of public key is wrong") + // ErrShareValidationFailure is returned if the validation of shares failures. + ErrShareValidationFailure = errors.New("the validation of shares failures") +) + +type SignManager struct { + ownBK *birkhoffinterpolation.BkParameter + threshold uint32 + // 0 < share < bls12381CurveOrder + ownShare *big.Int + // 96 bytes + pubKey *bls12381.G1Affine + partialSignature []byte + msgPoint bls12381.G2Affine +} + +func NewSignManager(threshold uint32, share []byte, bk *birkhoffinterpolation.BkParameter, pubKey []byte) (*SignManager, error) { + // check the correctness of share and pubKey + bshare, pubKeyG1, err := validationShareAndPubKey(share, pubKey) + if err != nil { + return nil, err + } + return &SignManager{ + ownBK: bk, + threshold: threshold, + ownShare: bshare, + pubKey: pubKeyG1, + }, nil +} + +func (sM *SignManager) Sign(msg []byte) (*SignMessage, error) { + h, err := bls12381.HashToG2(msg, dst) + if err != nil { + return nil, err + } + if h.IsInfinity() { + return nil, ErrZeroMessage + } + var signature bls12381.G2Affine + signature.ScalarMultiplication(&h, sM.ownShare) + partialPubKey := new(bls12381.G1Affine).ScalarMultiplicationBase(sM.ownShare) + // verification e(H(m), pubKey) = e(sign, g2) + err = verificationSignature(h, *partialPubKey, signature) + if err != nil { + return nil, err + } + resultByte := signature.Bytes() + pubKeyByte := sM.pubKey.Bytes() + resultMsg := &SignMessage{ + Signature: resultByte[:], + PublicKey: pubKeyByte[:], + Bk: sM.ownBK.ToMessage(), + } + sM.partialSignature = resultByte[:] + sM.msgPoint = h + return resultMsg, nil +} + +func (sM *SignManager) RecoverMPCSignature(signMsg []*SignMessage) ([G2MaxByteLength]byte, error) { + zeroByte := [G2MaxByteLength]byte{} + bkss := birkhoffinterpolation.BkParameters{ + sM.ownBK, + } + signSlice := make([][]byte, 1) + signSlice[0] = sM.partialSignature + pubKeyByte := sM.pubKey.Bytes() + + // check the correctness of the partial signatures + for i := 0; i < len(signMsg); i++ { + tempSign := signMsg[i].Signature + // The length of a correct signature is 96 + if len(tempSign) > G2MaxByteLength { + return zeroByte, ErrFailureSign + } + signSlice = append(signSlice, tempSign) + tempBks, err := signMsg[i].Bk.ToBk(bls12381CurveOrder) + if err != nil { + return zeroByte, err + } + bkss = append(bkss, tempBks) + getPubKey := signMsg[i].PublicKey + if subtle.ConstantTimeCompare(pubKeyByte[:], getPubKey) != 1 { + return zeroByte, ErrPubKeyDifferent + } + } + bkCoefficient, err := bkss.ComputeBkCoefficient(sM.threshold, bls12381CurveOrder) + if err != nil { + return zeroByte, err + } + var result bls12381.G2Affine + _, err = result.SetBytes(signSlice[0]) + if err != nil { + return zeroByte, err + } + result.ScalarMultiplication(&result, bkCoefficient[0]) + for i := 1; i < len(signSlice); i++ { + var temp bls12381.G2Affine + _, err = temp.SetBytes(signSlice[i]) + if err != nil { + return zeroByte, err + } + temp.ScalarMultiplication(&temp, bkCoefficient[i]) + result.Add(&result, &temp) + } + // check the final signature + err = verificationSignature(sM.msgPoint, *sM.pubKey, result) + if err != nil { + return zeroByte, err + } + return result.Bytes(), nil +} + +func verificationSignature(msgPoint bls12381.G2Affine, pubKey bls12381.G1Affine, sig bls12381.G2Affine) error { + // verification e(pubKey, H(m)) = e(g1, sign) + e1, err := bls12381.Pair([]bls12381.G1Affine{pubKey}, []bls12381.G2Affine{msgPoint}) + if err != nil { + return err + } + e2, err := bls12381.Pair([]bls12381.G1Affine{*new(bls12381.G1Affine).ScalarMultiplicationBase(big1)}, []bls12381.G2Affine{sig}) + if err != nil { + return nil + } + if !e1.Equal(&e2) { + return ErrFailureSign + } + return nil +} diff --git a/crypto/tss/bls/sign_test.go b/crypto/tss/bls/sign_test.go new file mode 100644 index 00000000..93426e15 --- /dev/null +++ b/crypto/tss/bls/sign_test.go @@ -0,0 +1,78 @@ +// Copyright © 2025 AMIS Technologies +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +package bls + +import ( + "math/big" + "testing" + + "github.com/OffchainLabs/prysm/v6/crypto/bls/blst" + bls12381 "github.com/consensys/gnark-crypto/ecc/bls12-381" + "github.com/getamis/alice/crypto/birkhoffinterpolation" + "github.com/getamis/alice/crypto/polynomial" + "github.com/getamis/alice/crypto/utils" + + . "github.com/onsi/ginkgo" + . "github.com/onsi/gomega" +) + +var _ = Describe("bls MPC Sign", func() { + Context("It is OK", func() { + It("Sign", func() { + threshold := uint32(3) + totalNumber := uint32(5) + msg := []byte("Time") + bkSS := make([]*birkhoffinterpolation.BkParameter, totalNumber) + signManager := make([]*SignManager, totalNumber) + poly, err := polynomial.RandomPolynomial(bls12381CurveOrder, threshold-1) + Expect(err).Should(BeNil()) + secret := poly.Evaluate(big.NewInt(0)) + pubKey := new(bls12381.G1Affine).ScalarMultiplicationBase(secret) + pubKeyByte := pubKey.Bytes() + + for i := 0; i < len(signManager); i++ { + tempX, err := utils.RandomPositiveInt(bls12381CurveOrder) + Expect(err).Should(BeNil()) + bkSS[i] = birkhoffinterpolation.NewBkParameter(tempX, 0) + tempManager, err := NewSignManager(threshold, poly.Evaluate(tempX).Bytes(), bkSS[i], pubKeyByte[:]) + Expect(err).Should(BeNil()) + signManager[i] = tempManager + } + signMsg := make([]*SignMessage, totalNumber) + + for i := 0; i < len(signManager); i++ { + tempMsg, err := signManager[i].Sign(msg) + Expect(err).Should(BeNil()) + signMsg[i] = tempMsg + } + // Validation + var mpcSignature [96]byte + for i := 0; i < len(signManager); i++ { + mpcSignature, err = signManager[i].RecoverMPCSignature(signMsg) + Expect(err).Should(BeNil()) + } + // prysm Sign: Check the same pubKey and the same Signature + secretKey, err := blst.SecretKeyFromBytes(secret.Bytes()) + Expect(err).Should(BeNil()) + Expect(secretKey.PublicKey().Marshal()).Should(Equal(pubKeyByte[:])) + prysmSig := secretKey.Sign(msg).Marshal() + Expect(prysmSig).Should(Equal(mpcSignature[:])) + }) + }) +}) + +func TestBlsMPC(t *testing.T) { + RegisterFailHandler(Fail) + RunSpecs(t, "Sign Suite") +} diff --git a/crypto/tss/dkg/message.pb.go b/crypto/tss/dkg/message.pb.go index 40080d54..c99980d8 100644 --- a/crypto/tss/dkg/message.pb.go +++ b/crypto/tss/dkg/message.pb.go @@ -14,8 +14,8 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.26.0 -// protoc v3.6.1 +// protoc-gen-go v1.33.0 +// protoc v5.29.3 // source: github.com/getamis/alice/crypto/tss/dkg/message.proto package dkg @@ -97,6 +97,7 @@ type Message struct { Type Type `protobuf:"varint,1,opt,name=type,proto3,enum=getamis.alice.crypto.tss.dkg.Type" json:"type,omitempty"` Id string `protobuf:"bytes,2,opt,name=id,proto3" json:"id,omitempty"` // Types that are assignable to Body: + // // *Message_Peer // *Message_Decommit // *Message_Verify diff --git a/crypto/tss/ecdsa/addshare/message.pb.go b/crypto/tss/ecdsa/addshare/message.pb.go index 9743247b..42306791 100644 --- a/crypto/tss/ecdsa/addshare/message.pb.go +++ b/crypto/tss/ecdsa/addshare/message.pb.go @@ -14,9 +14,9 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.26.0 -// protoc v3.6.1 -// source: github.com/getamis/alice/crypto/tss/ecdsa/gg18/addshare/message.proto +// protoc-gen-go v1.33.0 +// protoc v5.29.3 +// source: github.com/getamis/alice/crypto/tss/ecdsa/addshare/message.proto package addshare @@ -76,11 +76,11 @@ func (x Type) String() string { } func (Type) Descriptor() protoreflect.EnumDescriptor { - return file_github_com_getamis_alice_crypto_tss_ecdsa_gg18_addshare_message_proto_enumTypes[0].Descriptor() + return file_github_com_getamis_alice_crypto_tss_ecdsa_addshare_message_proto_enumTypes[0].Descriptor() } func (Type) Type() protoreflect.EnumType { - return &file_github_com_getamis_alice_crypto_tss_ecdsa_gg18_addshare_message_proto_enumTypes[0] + return &file_github_com_getamis_alice_crypto_tss_ecdsa_addshare_message_proto_enumTypes[0] } func (x Type) Number() protoreflect.EnumNumber { @@ -89,7 +89,7 @@ func (x Type) Number() protoreflect.EnumNumber { // Deprecated: Use Type.Descriptor instead. func (Type) EnumDescriptor() ([]byte, []int) { - return file_github_com_getamis_alice_crypto_tss_ecdsa_gg18_addshare_message_proto_rawDescGZIP(), []int{0} + return file_github_com_getamis_alice_crypto_tss_ecdsa_addshare_message_proto_rawDescGZIP(), []int{0} } type Message struct { @@ -100,6 +100,7 @@ type Message struct { Type Type `protobuf:"varint,1,opt,name=type,proto3,enum=getamis.alice.crypto.tss.ecdsa.gg18.addshare.Type" json:"type,omitempty"` Id string `protobuf:"bytes,2,opt,name=id,proto3" json:"id,omitempty"` // Types that are assignable to Body: + // // *Message_OldPeer // *Message_NewBk // *Message_Compute @@ -111,7 +112,7 @@ type Message struct { func (x *Message) Reset() { *x = Message{} if protoimpl.UnsafeEnabled { - mi := &file_github_com_getamis_alice_crypto_tss_ecdsa_gg18_addshare_message_proto_msgTypes[0] + mi := &file_github_com_getamis_alice_crypto_tss_ecdsa_addshare_message_proto_msgTypes[0] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -124,7 +125,7 @@ func (x *Message) String() string { func (*Message) ProtoMessage() {} func (x *Message) ProtoReflect() protoreflect.Message { - mi := &file_github_com_getamis_alice_crypto_tss_ecdsa_gg18_addshare_message_proto_msgTypes[0] + mi := &file_github_com_getamis_alice_crypto_tss_ecdsa_addshare_message_proto_msgTypes[0] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -137,7 +138,7 @@ func (x *Message) ProtoReflect() protoreflect.Message { // Deprecated: Use Message.ProtoReflect.Descriptor instead. func (*Message) Descriptor() ([]byte, []int) { - return file_github_com_getamis_alice_crypto_tss_ecdsa_gg18_addshare_message_proto_rawDescGZIP(), []int{0} + return file_github_com_getamis_alice_crypto_tss_ecdsa_addshare_message_proto_rawDescGZIP(), []int{0} } func (x *Message) GetType() Type { @@ -244,7 +245,7 @@ type BodyOldPeer struct { func (x *BodyOldPeer) Reset() { *x = BodyOldPeer{} if protoimpl.UnsafeEnabled { - mi := &file_github_com_getamis_alice_crypto_tss_ecdsa_gg18_addshare_message_proto_msgTypes[1] + mi := &file_github_com_getamis_alice_crypto_tss_ecdsa_addshare_message_proto_msgTypes[1] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -257,7 +258,7 @@ func (x *BodyOldPeer) String() string { func (*BodyOldPeer) ProtoMessage() {} func (x *BodyOldPeer) ProtoReflect() protoreflect.Message { - mi := &file_github_com_getamis_alice_crypto_tss_ecdsa_gg18_addshare_message_proto_msgTypes[1] + mi := &file_github_com_getamis_alice_crypto_tss_ecdsa_addshare_message_proto_msgTypes[1] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -270,7 +271,7 @@ func (x *BodyOldPeer) ProtoReflect() protoreflect.Message { // Deprecated: Use BodyOldPeer.ProtoReflect.Descriptor instead. func (*BodyOldPeer) Descriptor() ([]byte, []int) { - return file_github_com_getamis_alice_crypto_tss_ecdsa_gg18_addshare_message_proto_rawDescGZIP(), []int{1} + return file_github_com_getamis_alice_crypto_tss_ecdsa_addshare_message_proto_rawDescGZIP(), []int{1} } func (x *BodyOldPeer) GetBk() *birkhoffinterpolation.BkParameterMessage { @@ -312,7 +313,7 @@ type BodyNewBk struct { func (x *BodyNewBk) Reset() { *x = BodyNewBk{} if protoimpl.UnsafeEnabled { - mi := &file_github_com_getamis_alice_crypto_tss_ecdsa_gg18_addshare_message_proto_msgTypes[2] + mi := &file_github_com_getamis_alice_crypto_tss_ecdsa_addshare_message_proto_msgTypes[2] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -325,7 +326,7 @@ func (x *BodyNewBk) String() string { func (*BodyNewBk) ProtoMessage() {} func (x *BodyNewBk) ProtoReflect() protoreflect.Message { - mi := &file_github_com_getamis_alice_crypto_tss_ecdsa_gg18_addshare_message_proto_msgTypes[2] + mi := &file_github_com_getamis_alice_crypto_tss_ecdsa_addshare_message_proto_msgTypes[2] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -338,7 +339,7 @@ func (x *BodyNewBk) ProtoReflect() protoreflect.Message { // Deprecated: Use BodyNewBk.ProtoReflect.Descriptor instead. func (*BodyNewBk) Descriptor() ([]byte, []int) { - return file_github_com_getamis_alice_crypto_tss_ecdsa_gg18_addshare_message_proto_rawDescGZIP(), []int{2} + return file_github_com_getamis_alice_crypto_tss_ecdsa_addshare_message_proto_rawDescGZIP(), []int{2} } func (x *BodyNewBk) GetBk() *birkhoffinterpolation.BkParameterMessage { @@ -360,7 +361,7 @@ type BodyCompute struct { func (x *BodyCompute) Reset() { *x = BodyCompute{} if protoimpl.UnsafeEnabled { - mi := &file_github_com_getamis_alice_crypto_tss_ecdsa_gg18_addshare_message_proto_msgTypes[3] + mi := &file_github_com_getamis_alice_crypto_tss_ecdsa_addshare_message_proto_msgTypes[3] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -373,7 +374,7 @@ func (x *BodyCompute) String() string { func (*BodyCompute) ProtoMessage() {} func (x *BodyCompute) ProtoReflect() protoreflect.Message { - mi := &file_github_com_getamis_alice_crypto_tss_ecdsa_gg18_addshare_message_proto_msgTypes[3] + mi := &file_github_com_getamis_alice_crypto_tss_ecdsa_addshare_message_proto_msgTypes[3] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -386,7 +387,7 @@ func (x *BodyCompute) ProtoReflect() protoreflect.Message { // Deprecated: Use BodyCompute.ProtoReflect.Descriptor instead. func (*BodyCompute) Descriptor() ([]byte, []int) { - return file_github_com_getamis_alice_crypto_tss_ecdsa_gg18_addshare_message_proto_rawDescGZIP(), []int{3} + return file_github_com_getamis_alice_crypto_tss_ecdsa_addshare_message_proto_rawDescGZIP(), []int{3} } func (x *BodyCompute) GetDelta() []byte { @@ -414,7 +415,7 @@ type BodyResult struct { func (x *BodyResult) Reset() { *x = BodyResult{} if protoimpl.UnsafeEnabled { - mi := &file_github_com_getamis_alice_crypto_tss_ecdsa_gg18_addshare_message_proto_msgTypes[4] + mi := &file_github_com_getamis_alice_crypto_tss_ecdsa_addshare_message_proto_msgTypes[4] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -427,7 +428,7 @@ func (x *BodyResult) String() string { func (*BodyResult) ProtoMessage() {} func (x *BodyResult) ProtoReflect() protoreflect.Message { - mi := &file_github_com_getamis_alice_crypto_tss_ecdsa_gg18_addshare_message_proto_msgTypes[4] + mi := &file_github_com_getamis_alice_crypto_tss_ecdsa_addshare_message_proto_msgTypes[4] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -440,7 +441,7 @@ func (x *BodyResult) ProtoReflect() protoreflect.Message { // Deprecated: Use BodyResult.ProtoReflect.Descriptor instead. func (*BodyResult) Descriptor() ([]byte, []int) { - return file_github_com_getamis_alice_crypto_tss_ecdsa_gg18_addshare_message_proto_rawDescGZIP(), []int{4} + return file_github_com_getamis_alice_crypto_tss_ecdsa_addshare_message_proto_rawDescGZIP(), []int{4} } func (x *BodyResult) GetDelta() []byte { @@ -461,7 +462,7 @@ type BodyVerify struct { func (x *BodyVerify) Reset() { *x = BodyVerify{} if protoimpl.UnsafeEnabled { - mi := &file_github_com_getamis_alice_crypto_tss_ecdsa_gg18_addshare_message_proto_msgTypes[5] + mi := &file_github_com_getamis_alice_crypto_tss_ecdsa_addshare_message_proto_msgTypes[5] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -474,7 +475,7 @@ func (x *BodyVerify) String() string { func (*BodyVerify) ProtoMessage() {} func (x *BodyVerify) ProtoReflect() protoreflect.Message { - mi := &file_github_com_getamis_alice_crypto_tss_ecdsa_gg18_addshare_message_proto_msgTypes[5] + mi := &file_github_com_getamis_alice_crypto_tss_ecdsa_addshare_message_proto_msgTypes[5] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -487,7 +488,7 @@ func (x *BodyVerify) ProtoReflect() protoreflect.Message { // Deprecated: Use BodyVerify.ProtoReflect.Descriptor instead. func (*BodyVerify) Descriptor() ([]byte, []int) { - return file_github_com_getamis_alice_crypto_tss_ecdsa_gg18_addshare_message_proto_rawDescGZIP(), []int{5} + return file_github_com_getamis_alice_crypto_tss_ecdsa_addshare_message_proto_rawDescGZIP(), []int{5} } func (x *BodyVerify) GetSiGProofMsg() *zkproof.SchnorrProofMessage { @@ -497,127 +498,126 @@ func (x *BodyVerify) GetSiGProofMsg() *zkproof.SchnorrProofMessage { return nil } -var File_github_com_getamis_alice_crypto_tss_ecdsa_gg18_addshare_message_proto protoreflect.FileDescriptor +var File_github_com_getamis_alice_crypto_tss_ecdsa_addshare_message_proto protoreflect.FileDescriptor -var file_github_com_getamis_alice_crypto_tss_ecdsa_gg18_addshare_message_proto_rawDesc = []byte{ - 0x0a, 0x45, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x65, 0x74, +var file_github_com_getamis_alice_crypto_tss_ecdsa_addshare_message_proto_rawDesc = []byte{ + 0x0a, 0x40, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x65, 0x74, 0x61, 0x6d, 0x69, 0x73, 0x2f, 0x61, 0x6c, 0x69, 0x63, 0x65, 0x2f, 0x63, 0x72, 0x79, 0x70, 0x74, - 0x6f, 0x2f, 0x74, 0x73, 0x73, 0x2f, 0x65, 0x63, 0x64, 0x73, 0x61, 0x2f, 0x67, 0x67, 0x31, 0x38, - 0x2f, 0x61, 0x64, 0x64, 0x73, 0x68, 0x61, 0x72, 0x65, 0x2f, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, - 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x2c, 0x67, 0x65, 0x74, 0x61, 0x6d, 0x69, 0x73, - 0x2e, 0x61, 0x6c, 0x69, 0x63, 0x65, 0x2e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x2e, 0x74, 0x73, - 0x73, 0x2e, 0x65, 0x63, 0x64, 0x73, 0x61, 0x2e, 0x67, 0x67, 0x31, 0x38, 0x2e, 0x61, 0x64, 0x64, - 0x73, 0x68, 0x61, 0x72, 0x65, 0x1a, 0x3e, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, - 0x6d, 0x2f, 0x67, 0x65, 0x74, 0x61, 0x6d, 0x69, 0x73, 0x2f, 0x61, 0x6c, 0x69, 0x63, 0x65, 0x2f, - 0x63, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x2f, 0x62, 0x69, 0x72, 0x6b, 0x68, 0x6f, 0x66, 0x66, 0x69, - 0x6e, 0x74, 0x65, 0x72, 0x70, 0x6f, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2f, 0x62, 0x6b, 0x2e, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x3b, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, - 0x6d, 0x2f, 0x67, 0x65, 0x74, 0x61, 0x6d, 0x69, 0x73, 0x2f, 0x61, 0x6c, 0x69, 0x63, 0x65, 0x2f, - 0x63, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x2f, 0x65, 0x63, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x67, 0x72, - 0x6f, 0x75, 0x70, 0x6c, 0x61, 0x77, 0x2f, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x2e, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x1a, 0x35, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67, - 0x65, 0x74, 0x61, 0x6d, 0x69, 0x73, 0x2f, 0x61, 0x6c, 0x69, 0x63, 0x65, 0x2f, 0x63, 0x72, 0x79, - 0x70, 0x74, 0x6f, 0x2f, 0x7a, 0x6b, 0x70, 0x72, 0x6f, 0x6f, 0x66, 0x2f, 0x6d, 0x65, 0x73, 0x73, - 0x61, 0x67, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x92, 0x04, 0x0a, 0x07, 0x4d, 0x65, - 0x73, 0x73, 0x61, 0x67, 0x65, 0x12, 0x46, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x0e, 0x32, 0x32, 0x2e, 0x67, 0x65, 0x74, 0x61, 0x6d, 0x69, 0x73, 0x2e, 0x61, 0x6c, - 0x69, 0x63, 0x65, 0x2e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x2e, 0x74, 0x73, 0x73, 0x2e, 0x65, - 0x63, 0x64, 0x73, 0x61, 0x2e, 0x67, 0x67, 0x31, 0x38, 0x2e, 0x61, 0x64, 0x64, 0x73, 0x68, 0x61, - 0x72, 0x65, 0x2e, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x0e, 0x0a, - 0x02, 0x69, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x69, 0x64, 0x12, 0x56, 0x0a, - 0x08, 0x6f, 0x6c, 0x64, 0x5f, 0x70, 0x65, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x39, 0x2e, 0x67, 0x65, 0x74, 0x61, 0x6d, 0x69, 0x73, 0x2e, 0x61, 0x6c, 0x69, 0x63, 0x65, 0x2e, - 0x63, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x2e, 0x74, 0x73, 0x73, 0x2e, 0x65, 0x63, 0x64, 0x73, 0x61, - 0x2e, 0x67, 0x67, 0x31, 0x38, 0x2e, 0x61, 0x64, 0x64, 0x73, 0x68, 0x61, 0x72, 0x65, 0x2e, 0x42, - 0x6f, 0x64, 0x79, 0x4f, 0x6c, 0x64, 0x50, 0x65, 0x65, 0x72, 0x48, 0x00, 0x52, 0x07, 0x6f, 0x6c, - 0x64, 0x50, 0x65, 0x65, 0x72, 0x12, 0x50, 0x0a, 0x06, 0x6e, 0x65, 0x77, 0x5f, 0x62, 0x6b, 0x18, - 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x37, 0x2e, 0x67, 0x65, 0x74, 0x61, 0x6d, 0x69, 0x73, 0x2e, - 0x61, 0x6c, 0x69, 0x63, 0x65, 0x2e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x2e, 0x74, 0x73, 0x73, - 0x2e, 0x65, 0x63, 0x64, 0x73, 0x61, 0x2e, 0x67, 0x67, 0x31, 0x38, 0x2e, 0x61, 0x64, 0x64, 0x73, - 0x68, 0x61, 0x72, 0x65, 0x2e, 0x42, 0x6f, 0x64, 0x79, 0x4e, 0x65, 0x77, 0x42, 0x6b, 0x48, 0x00, - 0x52, 0x05, 0x6e, 0x65, 0x77, 0x42, 0x6b, 0x12, 0x55, 0x0a, 0x07, 0x63, 0x6f, 0x6d, 0x70, 0x75, - 0x74, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x39, 0x2e, 0x67, 0x65, 0x74, 0x61, 0x6d, - 0x69, 0x73, 0x2e, 0x61, 0x6c, 0x69, 0x63, 0x65, 0x2e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x2e, - 0x74, 0x73, 0x73, 0x2e, 0x65, 0x63, 0x64, 0x73, 0x61, 0x2e, 0x67, 0x67, 0x31, 0x38, 0x2e, 0x61, - 0x64, 0x64, 0x73, 0x68, 0x61, 0x72, 0x65, 0x2e, 0x42, 0x6f, 0x64, 0x79, 0x43, 0x6f, 0x6d, 0x70, - 0x75, 0x74, 0x65, 0x48, 0x00, 0x52, 0x07, 0x63, 0x6f, 0x6d, 0x70, 0x75, 0x74, 0x65, 0x12, 0x52, - 0x0a, 0x06, 0x72, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x38, + 0x6f, 0x2f, 0x74, 0x73, 0x73, 0x2f, 0x65, 0x63, 0x64, 0x73, 0x61, 0x2f, 0x61, 0x64, 0x64, 0x73, + 0x68, 0x61, 0x72, 0x65, 0x2f, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x2e, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x12, 0x2c, 0x67, 0x65, 0x74, 0x61, 0x6d, 0x69, 0x73, 0x2e, 0x61, 0x6c, 0x69, 0x63, + 0x65, 0x2e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x2e, 0x74, 0x73, 0x73, 0x2e, 0x65, 0x63, 0x64, + 0x73, 0x61, 0x2e, 0x67, 0x67, 0x31, 0x38, 0x2e, 0x61, 0x64, 0x64, 0x73, 0x68, 0x61, 0x72, 0x65, + 0x1a, 0x3e, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x65, 0x74, + 0x61, 0x6d, 0x69, 0x73, 0x2f, 0x61, 0x6c, 0x69, 0x63, 0x65, 0x2f, 0x63, 0x72, 0x79, 0x70, 0x74, + 0x6f, 0x2f, 0x62, 0x69, 0x72, 0x6b, 0x68, 0x6f, 0x66, 0x66, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, + 0x6f, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2f, 0x62, 0x6b, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x1a, 0x3b, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x65, 0x74, + 0x61, 0x6d, 0x69, 0x73, 0x2f, 0x61, 0x6c, 0x69, 0x63, 0x65, 0x2f, 0x63, 0x72, 0x79, 0x70, 0x74, + 0x6f, 0x2f, 0x65, 0x63, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x6c, 0x61, + 0x77, 0x2f, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x35, 0x67, + 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x65, 0x74, 0x61, 0x6d, 0x69, + 0x73, 0x2f, 0x61, 0x6c, 0x69, 0x63, 0x65, 0x2f, 0x63, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x2f, 0x7a, + 0x6b, 0x70, 0x72, 0x6f, 0x6f, 0x66, 0x2f, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x2e, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x92, 0x04, 0x0a, 0x07, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, + 0x12, 0x46, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x32, 0x2e, 0x67, 0x65, 0x74, 0x61, 0x6d, 0x69, 0x73, 0x2e, 0x61, 0x6c, 0x69, 0x63, 0x65, 0x2e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x2e, 0x74, 0x73, 0x73, 0x2e, 0x65, 0x63, 0x64, 0x73, 0x61, 0x2e, - 0x67, 0x67, 0x31, 0x38, 0x2e, 0x61, 0x64, 0x64, 0x73, 0x68, 0x61, 0x72, 0x65, 0x2e, 0x42, 0x6f, - 0x64, 0x79, 0x52, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x48, 0x00, 0x52, 0x06, 0x72, 0x65, 0x73, 0x75, - 0x6c, 0x74, 0x12, 0x52, 0x0a, 0x06, 0x76, 0x65, 0x72, 0x69, 0x66, 0x79, 0x18, 0x07, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x67, 0x65, 0x74, 0x61, 0x6d, 0x69, 0x73, 0x2e, 0x61, 0x6c, 0x69, - 0x63, 0x65, 0x2e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x2e, 0x74, 0x73, 0x73, 0x2e, 0x65, 0x63, - 0x64, 0x73, 0x61, 0x2e, 0x67, 0x67, 0x31, 0x38, 0x2e, 0x61, 0x64, 0x64, 0x73, 0x68, 0x61, 0x72, - 0x65, 0x2e, 0x42, 0x6f, 0x64, 0x79, 0x56, 0x65, 0x72, 0x69, 0x66, 0x79, 0x48, 0x00, 0x52, 0x06, - 0x76, 0x65, 0x72, 0x69, 0x66, 0x79, 0x42, 0x06, 0x0a, 0x04, 0x62, 0x6f, 0x64, 0x79, 0x22, 0x9e, - 0x02, 0x0a, 0x0b, 0x42, 0x6f, 0x64, 0x79, 0x4f, 0x6c, 0x64, 0x50, 0x65, 0x65, 0x72, 0x12, 0x4e, - 0x0a, 0x02, 0x62, 0x6b, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3e, 0x2e, 0x67, 0x65, 0x74, + 0x67, 0x67, 0x31, 0x38, 0x2e, 0x61, 0x64, 0x64, 0x73, 0x68, 0x61, 0x72, 0x65, 0x2e, 0x54, 0x79, + 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x02, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x69, 0x64, 0x12, 0x56, 0x0a, 0x08, 0x6f, 0x6c, 0x64, 0x5f, + 0x70, 0x65, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x39, 0x2e, 0x67, 0x65, 0x74, 0x61, 0x6d, 0x69, 0x73, 0x2e, 0x61, 0x6c, 0x69, 0x63, 0x65, 0x2e, 0x63, 0x72, 0x79, 0x70, 0x74, - 0x6f, 0x2e, 0x62, 0x69, 0x72, 0x6b, 0x68, 0x6f, 0x66, 0x66, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, - 0x6f, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x42, 0x6b, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, - 0x74, 0x65, 0x72, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x52, 0x02, 0x62, 0x6b, 0x12, 0x53, - 0x0a, 0x0b, 0x73, 0x69, 0x47, 0x50, 0x72, 0x6f, 0x6f, 0x66, 0x4d, 0x73, 0x67, 0x18, 0x02, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x67, 0x65, 0x74, 0x61, 0x6d, 0x69, 0x73, 0x2e, 0x61, 0x6c, - 0x69, 0x63, 0x65, 0x2e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x2e, 0x7a, 0x6b, 0x70, 0x72, 0x6f, - 0x6f, 0x66, 0x2e, 0x53, 0x63, 0x68, 0x6e, 0x6f, 0x72, 0x72, 0x50, 0x72, 0x6f, 0x6f, 0x66, 0x4d, - 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x52, 0x0b, 0x73, 0x69, 0x47, 0x50, 0x72, 0x6f, 0x6f, 0x66, - 0x4d, 0x73, 0x67, 0x12, 0x4c, 0x0a, 0x06, 0x70, 0x75, 0x62, 0x6b, 0x65, 0x79, 0x18, 0x03, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x34, 0x2e, 0x67, 0x65, 0x74, 0x61, 0x6d, 0x69, 0x73, 0x2e, 0x61, 0x6c, - 0x69, 0x63, 0x65, 0x2e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x2e, 0x65, 0x63, 0x70, 0x6f, 0x69, - 0x6e, 0x74, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x6c, 0x61, 0x77, 0x2e, 0x45, 0x63, 0x50, 0x6f, 0x69, - 0x6e, 0x74, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x52, 0x06, 0x70, 0x75, 0x62, 0x6b, 0x65, - 0x79, 0x12, 0x1c, 0x0a, 0x09, 0x74, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x18, 0x04, - 0x20, 0x01, 0x28, 0x0d, 0x52, 0x09, 0x74, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x22, - 0x5b, 0x0a, 0x09, 0x42, 0x6f, 0x64, 0x79, 0x4e, 0x65, 0x77, 0x42, 0x6b, 0x12, 0x4e, 0x0a, 0x02, - 0x62, 0x6b, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3e, 0x2e, 0x67, 0x65, 0x74, 0x61, 0x6d, - 0x69, 0x73, 0x2e, 0x61, 0x6c, 0x69, 0x63, 0x65, 0x2e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x2e, - 0x62, 0x69, 0x72, 0x6b, 0x68, 0x6f, 0x66, 0x66, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x6f, 0x6c, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x42, 0x6b, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, - 0x72, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x52, 0x02, 0x62, 0x6b, 0x22, 0x78, 0x0a, 0x0b, - 0x42, 0x6f, 0x64, 0x79, 0x43, 0x6f, 0x6d, 0x70, 0x75, 0x74, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x64, - 0x65, 0x6c, 0x74, 0x61, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x05, 0x64, 0x65, 0x6c, 0x74, - 0x61, 0x12, 0x53, 0x0a, 0x0b, 0x73, 0x69, 0x47, 0x50, 0x72, 0x6f, 0x6f, 0x66, 0x4d, 0x73, 0x67, - 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x67, 0x65, 0x74, 0x61, 0x6d, 0x69, 0x73, - 0x2e, 0x61, 0x6c, 0x69, 0x63, 0x65, 0x2e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x2e, 0x7a, 0x6b, - 0x70, 0x72, 0x6f, 0x6f, 0x66, 0x2e, 0x53, 0x63, 0x68, 0x6e, 0x6f, 0x72, 0x72, 0x50, 0x72, 0x6f, - 0x6f, 0x66, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x52, 0x0b, 0x73, 0x69, 0x47, 0x50, 0x72, - 0x6f, 0x6f, 0x66, 0x4d, 0x73, 0x67, 0x22, 0x22, 0x0a, 0x0a, 0x42, 0x6f, 0x64, 0x79, 0x52, 0x65, - 0x73, 0x75, 0x6c, 0x74, 0x12, 0x14, 0x0a, 0x05, 0x64, 0x65, 0x6c, 0x74, 0x61, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x0c, 0x52, 0x05, 0x64, 0x65, 0x6c, 0x74, 0x61, 0x22, 0x61, 0x0a, 0x0a, 0x42, 0x6f, - 0x64, 0x79, 0x56, 0x65, 0x72, 0x69, 0x66, 0x79, 0x12, 0x53, 0x0a, 0x0b, 0x73, 0x69, 0x47, 0x50, - 0x72, 0x6f, 0x6f, 0x66, 0x4d, 0x73, 0x67, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x31, 0x2e, + 0x6f, 0x2e, 0x74, 0x73, 0x73, 0x2e, 0x65, 0x63, 0x64, 0x73, 0x61, 0x2e, 0x67, 0x67, 0x31, 0x38, + 0x2e, 0x61, 0x64, 0x64, 0x73, 0x68, 0x61, 0x72, 0x65, 0x2e, 0x42, 0x6f, 0x64, 0x79, 0x4f, 0x6c, + 0x64, 0x50, 0x65, 0x65, 0x72, 0x48, 0x00, 0x52, 0x07, 0x6f, 0x6c, 0x64, 0x50, 0x65, 0x65, 0x72, + 0x12, 0x50, 0x0a, 0x06, 0x6e, 0x65, 0x77, 0x5f, 0x62, 0x6b, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x37, 0x2e, 0x67, 0x65, 0x74, 0x61, 0x6d, 0x69, 0x73, 0x2e, 0x61, 0x6c, 0x69, 0x63, 0x65, + 0x2e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x2e, 0x74, 0x73, 0x73, 0x2e, 0x65, 0x63, 0x64, 0x73, + 0x61, 0x2e, 0x67, 0x67, 0x31, 0x38, 0x2e, 0x61, 0x64, 0x64, 0x73, 0x68, 0x61, 0x72, 0x65, 0x2e, + 0x42, 0x6f, 0x64, 0x79, 0x4e, 0x65, 0x77, 0x42, 0x6b, 0x48, 0x00, 0x52, 0x05, 0x6e, 0x65, 0x77, + 0x42, 0x6b, 0x12, 0x55, 0x0a, 0x07, 0x63, 0x6f, 0x6d, 0x70, 0x75, 0x74, 0x65, 0x18, 0x05, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x39, 0x2e, 0x67, 0x65, 0x74, 0x61, 0x6d, 0x69, 0x73, 0x2e, 0x61, 0x6c, + 0x69, 0x63, 0x65, 0x2e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x2e, 0x74, 0x73, 0x73, 0x2e, 0x65, + 0x63, 0x64, 0x73, 0x61, 0x2e, 0x67, 0x67, 0x31, 0x38, 0x2e, 0x61, 0x64, 0x64, 0x73, 0x68, 0x61, + 0x72, 0x65, 0x2e, 0x42, 0x6f, 0x64, 0x79, 0x43, 0x6f, 0x6d, 0x70, 0x75, 0x74, 0x65, 0x48, 0x00, + 0x52, 0x07, 0x63, 0x6f, 0x6d, 0x70, 0x75, 0x74, 0x65, 0x12, 0x52, 0x0a, 0x06, 0x72, 0x65, 0x73, + 0x75, 0x6c, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x67, 0x65, 0x74, 0x61, + 0x6d, 0x69, 0x73, 0x2e, 0x61, 0x6c, 0x69, 0x63, 0x65, 0x2e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x6f, + 0x2e, 0x74, 0x73, 0x73, 0x2e, 0x65, 0x63, 0x64, 0x73, 0x61, 0x2e, 0x67, 0x67, 0x31, 0x38, 0x2e, + 0x61, 0x64, 0x64, 0x73, 0x68, 0x61, 0x72, 0x65, 0x2e, 0x42, 0x6f, 0x64, 0x79, 0x52, 0x65, 0x73, + 0x75, 0x6c, 0x74, 0x48, 0x00, 0x52, 0x06, 0x72, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x12, 0x52, 0x0a, + 0x06, 0x76, 0x65, 0x72, 0x69, 0x66, 0x79, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x67, 0x65, 0x74, 0x61, 0x6d, 0x69, 0x73, 0x2e, 0x61, 0x6c, 0x69, 0x63, 0x65, 0x2e, 0x63, 0x72, - 0x79, 0x70, 0x74, 0x6f, 0x2e, 0x7a, 0x6b, 0x70, 0x72, 0x6f, 0x6f, 0x66, 0x2e, 0x53, 0x63, 0x68, - 0x6e, 0x6f, 0x72, 0x72, 0x50, 0x72, 0x6f, 0x6f, 0x66, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, - 0x52, 0x0b, 0x73, 0x69, 0x47, 0x50, 0x72, 0x6f, 0x6f, 0x66, 0x4d, 0x73, 0x67, 0x2a, 0x43, 0x0a, - 0x04, 0x54, 0x79, 0x70, 0x65, 0x12, 0x0b, 0x0a, 0x07, 0x4f, 0x6c, 0x64, 0x50, 0x65, 0x65, 0x72, - 0x10, 0x00, 0x12, 0x09, 0x0a, 0x05, 0x4e, 0x65, 0x77, 0x42, 0x6b, 0x10, 0x01, 0x12, 0x0b, 0x0a, - 0x07, 0x43, 0x6f, 0x6d, 0x70, 0x75, 0x74, 0x65, 0x10, 0x02, 0x12, 0x0a, 0x0a, 0x06, 0x52, 0x65, - 0x73, 0x75, 0x6c, 0x74, 0x10, 0x03, 0x12, 0x0a, 0x0a, 0x06, 0x56, 0x65, 0x72, 0x69, 0x66, 0x79, - 0x10, 0x04, 0x42, 0x39, 0x5a, 0x37, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, - 0x2f, 0x67, 0x65, 0x74, 0x61, 0x6d, 0x69, 0x73, 0x2f, 0x61, 0x6c, 0x69, 0x63, 0x65, 0x2f, 0x63, - 0x72, 0x79, 0x70, 0x74, 0x6f, 0x2f, 0x74, 0x73, 0x73, 0x2f, 0x65, 0x63, 0x64, 0x73, 0x61, 0x2f, - 0x67, 0x67, 0x31, 0x38, 0x2f, 0x61, 0x64, 0x64, 0x73, 0x68, 0x61, 0x72, 0x65, 0x62, 0x06, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x79, 0x70, 0x74, 0x6f, 0x2e, 0x74, 0x73, 0x73, 0x2e, 0x65, 0x63, 0x64, 0x73, 0x61, 0x2e, 0x67, + 0x67, 0x31, 0x38, 0x2e, 0x61, 0x64, 0x64, 0x73, 0x68, 0x61, 0x72, 0x65, 0x2e, 0x42, 0x6f, 0x64, + 0x79, 0x56, 0x65, 0x72, 0x69, 0x66, 0x79, 0x48, 0x00, 0x52, 0x06, 0x76, 0x65, 0x72, 0x69, 0x66, + 0x79, 0x42, 0x06, 0x0a, 0x04, 0x62, 0x6f, 0x64, 0x79, 0x22, 0x9e, 0x02, 0x0a, 0x0b, 0x42, 0x6f, + 0x64, 0x79, 0x4f, 0x6c, 0x64, 0x50, 0x65, 0x65, 0x72, 0x12, 0x4e, 0x0a, 0x02, 0x62, 0x6b, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3e, 0x2e, 0x67, 0x65, 0x74, 0x61, 0x6d, 0x69, 0x73, 0x2e, + 0x61, 0x6c, 0x69, 0x63, 0x65, 0x2e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x2e, 0x62, 0x69, 0x72, + 0x6b, 0x68, 0x6f, 0x66, 0x66, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x6f, 0x6c, 0x61, 0x74, 0x69, + 0x6f, 0x6e, 0x2e, 0x42, 0x6b, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x4d, 0x65, + 0x73, 0x73, 0x61, 0x67, 0x65, 0x52, 0x02, 0x62, 0x6b, 0x12, 0x53, 0x0a, 0x0b, 0x73, 0x69, 0x47, + 0x50, 0x72, 0x6f, 0x6f, 0x66, 0x4d, 0x73, 0x67, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x31, + 0x2e, 0x67, 0x65, 0x74, 0x61, 0x6d, 0x69, 0x73, 0x2e, 0x61, 0x6c, 0x69, 0x63, 0x65, 0x2e, 0x63, + 0x72, 0x79, 0x70, 0x74, 0x6f, 0x2e, 0x7a, 0x6b, 0x70, 0x72, 0x6f, 0x6f, 0x66, 0x2e, 0x53, 0x63, + 0x68, 0x6e, 0x6f, 0x72, 0x72, 0x50, 0x72, 0x6f, 0x6f, 0x66, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, + 0x65, 0x52, 0x0b, 0x73, 0x69, 0x47, 0x50, 0x72, 0x6f, 0x6f, 0x66, 0x4d, 0x73, 0x67, 0x12, 0x4c, + 0x0a, 0x06, 0x70, 0x75, 0x62, 0x6b, 0x65, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x34, + 0x2e, 0x67, 0x65, 0x74, 0x61, 0x6d, 0x69, 0x73, 0x2e, 0x61, 0x6c, 0x69, 0x63, 0x65, 0x2e, 0x63, + 0x72, 0x79, 0x70, 0x74, 0x6f, 0x2e, 0x65, 0x63, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x67, 0x72, 0x6f, + 0x75, 0x70, 0x6c, 0x61, 0x77, 0x2e, 0x45, 0x63, 0x50, 0x6f, 0x69, 0x6e, 0x74, 0x4d, 0x65, 0x73, + 0x73, 0x61, 0x67, 0x65, 0x52, 0x06, 0x70, 0x75, 0x62, 0x6b, 0x65, 0x79, 0x12, 0x1c, 0x0a, 0x09, + 0x74, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0d, 0x52, + 0x09, 0x74, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x22, 0x5b, 0x0a, 0x09, 0x42, 0x6f, + 0x64, 0x79, 0x4e, 0x65, 0x77, 0x42, 0x6b, 0x12, 0x4e, 0x0a, 0x02, 0x62, 0x6b, 0x18, 0x01, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x3e, 0x2e, 0x67, 0x65, 0x74, 0x61, 0x6d, 0x69, 0x73, 0x2e, 0x61, 0x6c, + 0x69, 0x63, 0x65, 0x2e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x2e, 0x62, 0x69, 0x72, 0x6b, 0x68, + 0x6f, 0x66, 0x66, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x6f, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, + 0x2e, 0x42, 0x6b, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x4d, 0x65, 0x73, 0x73, + 0x61, 0x67, 0x65, 0x52, 0x02, 0x62, 0x6b, 0x22, 0x78, 0x0a, 0x0b, 0x42, 0x6f, 0x64, 0x79, 0x43, + 0x6f, 0x6d, 0x70, 0x75, 0x74, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x64, 0x65, 0x6c, 0x74, 0x61, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x05, 0x64, 0x65, 0x6c, 0x74, 0x61, 0x12, 0x53, 0x0a, 0x0b, + 0x73, 0x69, 0x47, 0x50, 0x72, 0x6f, 0x6f, 0x66, 0x4d, 0x73, 0x67, 0x18, 0x02, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x31, 0x2e, 0x67, 0x65, 0x74, 0x61, 0x6d, 0x69, 0x73, 0x2e, 0x61, 0x6c, 0x69, 0x63, + 0x65, 0x2e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x2e, 0x7a, 0x6b, 0x70, 0x72, 0x6f, 0x6f, 0x66, + 0x2e, 0x53, 0x63, 0x68, 0x6e, 0x6f, 0x72, 0x72, 0x50, 0x72, 0x6f, 0x6f, 0x66, 0x4d, 0x65, 0x73, + 0x73, 0x61, 0x67, 0x65, 0x52, 0x0b, 0x73, 0x69, 0x47, 0x50, 0x72, 0x6f, 0x6f, 0x66, 0x4d, 0x73, + 0x67, 0x22, 0x22, 0x0a, 0x0a, 0x42, 0x6f, 0x64, 0x79, 0x52, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x12, + 0x14, 0x0a, 0x05, 0x64, 0x65, 0x6c, 0x74, 0x61, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x05, + 0x64, 0x65, 0x6c, 0x74, 0x61, 0x22, 0x61, 0x0a, 0x0a, 0x42, 0x6f, 0x64, 0x79, 0x56, 0x65, 0x72, + 0x69, 0x66, 0x79, 0x12, 0x53, 0x0a, 0x0b, 0x73, 0x69, 0x47, 0x50, 0x72, 0x6f, 0x6f, 0x66, 0x4d, + 0x73, 0x67, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x67, 0x65, 0x74, 0x61, 0x6d, + 0x69, 0x73, 0x2e, 0x61, 0x6c, 0x69, 0x63, 0x65, 0x2e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x2e, + 0x7a, 0x6b, 0x70, 0x72, 0x6f, 0x6f, 0x66, 0x2e, 0x53, 0x63, 0x68, 0x6e, 0x6f, 0x72, 0x72, 0x50, + 0x72, 0x6f, 0x6f, 0x66, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x52, 0x0b, 0x73, 0x69, 0x47, + 0x50, 0x72, 0x6f, 0x6f, 0x66, 0x4d, 0x73, 0x67, 0x2a, 0x43, 0x0a, 0x04, 0x54, 0x79, 0x70, 0x65, + 0x12, 0x0b, 0x0a, 0x07, 0x4f, 0x6c, 0x64, 0x50, 0x65, 0x65, 0x72, 0x10, 0x00, 0x12, 0x09, 0x0a, + 0x05, 0x4e, 0x65, 0x77, 0x42, 0x6b, 0x10, 0x01, 0x12, 0x0b, 0x0a, 0x07, 0x43, 0x6f, 0x6d, 0x70, + 0x75, 0x74, 0x65, 0x10, 0x02, 0x12, 0x0a, 0x0a, 0x06, 0x52, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x10, + 0x03, 0x12, 0x0a, 0x0a, 0x06, 0x56, 0x65, 0x72, 0x69, 0x66, 0x79, 0x10, 0x04, 0x42, 0x34, 0x5a, + 0x32, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x65, 0x74, 0x61, + 0x6d, 0x69, 0x73, 0x2f, 0x61, 0x6c, 0x69, 0x63, 0x65, 0x2f, 0x63, 0x72, 0x79, 0x70, 0x74, 0x6f, + 0x2f, 0x74, 0x73, 0x73, 0x2f, 0x65, 0x63, 0x64, 0x73, 0x61, 0x2f, 0x61, 0x64, 0x64, 0x73, 0x68, + 0x61, 0x72, 0x65, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( - file_github_com_getamis_alice_crypto_tss_ecdsa_gg18_addshare_message_proto_rawDescOnce sync.Once - file_github_com_getamis_alice_crypto_tss_ecdsa_gg18_addshare_message_proto_rawDescData = file_github_com_getamis_alice_crypto_tss_ecdsa_gg18_addshare_message_proto_rawDesc + file_github_com_getamis_alice_crypto_tss_ecdsa_addshare_message_proto_rawDescOnce sync.Once + file_github_com_getamis_alice_crypto_tss_ecdsa_addshare_message_proto_rawDescData = file_github_com_getamis_alice_crypto_tss_ecdsa_addshare_message_proto_rawDesc ) -func file_github_com_getamis_alice_crypto_tss_ecdsa_gg18_addshare_message_proto_rawDescGZIP() []byte { - file_github_com_getamis_alice_crypto_tss_ecdsa_gg18_addshare_message_proto_rawDescOnce.Do(func() { - file_github_com_getamis_alice_crypto_tss_ecdsa_gg18_addshare_message_proto_rawDescData = protoimpl.X.CompressGZIP(file_github_com_getamis_alice_crypto_tss_ecdsa_gg18_addshare_message_proto_rawDescData) +func file_github_com_getamis_alice_crypto_tss_ecdsa_addshare_message_proto_rawDescGZIP() []byte { + file_github_com_getamis_alice_crypto_tss_ecdsa_addshare_message_proto_rawDescOnce.Do(func() { + file_github_com_getamis_alice_crypto_tss_ecdsa_addshare_message_proto_rawDescData = protoimpl.X.CompressGZIP(file_github_com_getamis_alice_crypto_tss_ecdsa_addshare_message_proto_rawDescData) }) - return file_github_com_getamis_alice_crypto_tss_ecdsa_gg18_addshare_message_proto_rawDescData + return file_github_com_getamis_alice_crypto_tss_ecdsa_addshare_message_proto_rawDescData } -var file_github_com_getamis_alice_crypto_tss_ecdsa_gg18_addshare_message_proto_enumTypes = make([]protoimpl.EnumInfo, 1) -var file_github_com_getamis_alice_crypto_tss_ecdsa_gg18_addshare_message_proto_msgTypes = make([]protoimpl.MessageInfo, 6) -var file_github_com_getamis_alice_crypto_tss_ecdsa_gg18_addshare_message_proto_goTypes = []interface{}{ +var file_github_com_getamis_alice_crypto_tss_ecdsa_addshare_message_proto_enumTypes = make([]protoimpl.EnumInfo, 1) +var file_github_com_getamis_alice_crypto_tss_ecdsa_addshare_message_proto_msgTypes = make([]protoimpl.MessageInfo, 6) +var file_github_com_getamis_alice_crypto_tss_ecdsa_addshare_message_proto_goTypes = []interface{}{ (Type)(0), // 0: getamis.alice.crypto.tss.ecdsa.gg18.addshare.Type (*Message)(nil), // 1: getamis.alice.crypto.tss.ecdsa.gg18.addshare.Message (*BodyOldPeer)(nil), // 2: getamis.alice.crypto.tss.ecdsa.gg18.addshare.BodyOldPeer @@ -629,7 +629,7 @@ var file_github_com_getamis_alice_crypto_tss_ecdsa_gg18_addshare_message_proto_g (*zkproof.SchnorrProofMessage)(nil), // 8: getamis.alice.crypto.zkproof.SchnorrProofMessage (*ecpointgrouplaw.EcPointMessage)(nil), // 9: getamis.alice.crypto.ecpointgrouplaw.EcPointMessage } -var file_github_com_getamis_alice_crypto_tss_ecdsa_gg18_addshare_message_proto_depIdxs = []int32{ +var file_github_com_getamis_alice_crypto_tss_ecdsa_addshare_message_proto_depIdxs = []int32{ 0, // 0: getamis.alice.crypto.tss.ecdsa.gg18.addshare.Message.type:type_name -> getamis.alice.crypto.tss.ecdsa.gg18.addshare.Type 2, // 1: getamis.alice.crypto.tss.ecdsa.gg18.addshare.Message.old_peer:type_name -> getamis.alice.crypto.tss.ecdsa.gg18.addshare.BodyOldPeer 3, // 2: getamis.alice.crypto.tss.ecdsa.gg18.addshare.Message.new_bk:type_name -> getamis.alice.crypto.tss.ecdsa.gg18.addshare.BodyNewBk @@ -649,13 +649,13 @@ var file_github_com_getamis_alice_crypto_tss_ecdsa_gg18_addshare_message_proto_d 0, // [0:12] is the sub-list for field type_name } -func init() { file_github_com_getamis_alice_crypto_tss_ecdsa_gg18_addshare_message_proto_init() } -func file_github_com_getamis_alice_crypto_tss_ecdsa_gg18_addshare_message_proto_init() { - if File_github_com_getamis_alice_crypto_tss_ecdsa_gg18_addshare_message_proto != nil { +func init() { file_github_com_getamis_alice_crypto_tss_ecdsa_addshare_message_proto_init() } +func file_github_com_getamis_alice_crypto_tss_ecdsa_addshare_message_proto_init() { + if File_github_com_getamis_alice_crypto_tss_ecdsa_addshare_message_proto != nil { return } if !protoimpl.UnsafeEnabled { - file_github_com_getamis_alice_crypto_tss_ecdsa_gg18_addshare_message_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + file_github_com_getamis_alice_crypto_tss_ecdsa_addshare_message_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*Message); i { case 0: return &v.state @@ -667,7 +667,7 @@ func file_github_com_getamis_alice_crypto_tss_ecdsa_gg18_addshare_message_proto_ return nil } } - file_github_com_getamis_alice_crypto_tss_ecdsa_gg18_addshare_message_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + file_github_com_getamis_alice_crypto_tss_ecdsa_addshare_message_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*BodyOldPeer); i { case 0: return &v.state @@ -679,7 +679,7 @@ func file_github_com_getamis_alice_crypto_tss_ecdsa_gg18_addshare_message_proto_ return nil } } - file_github_com_getamis_alice_crypto_tss_ecdsa_gg18_addshare_message_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { + file_github_com_getamis_alice_crypto_tss_ecdsa_addshare_message_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*BodyNewBk); i { case 0: return &v.state @@ -691,7 +691,7 @@ func file_github_com_getamis_alice_crypto_tss_ecdsa_gg18_addshare_message_proto_ return nil } } - file_github_com_getamis_alice_crypto_tss_ecdsa_gg18_addshare_message_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { + file_github_com_getamis_alice_crypto_tss_ecdsa_addshare_message_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*BodyCompute); i { case 0: return &v.state @@ -703,7 +703,7 @@ func file_github_com_getamis_alice_crypto_tss_ecdsa_gg18_addshare_message_proto_ return nil } } - file_github_com_getamis_alice_crypto_tss_ecdsa_gg18_addshare_message_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { + file_github_com_getamis_alice_crypto_tss_ecdsa_addshare_message_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*BodyResult); i { case 0: return &v.state @@ -715,7 +715,7 @@ func file_github_com_getamis_alice_crypto_tss_ecdsa_gg18_addshare_message_proto_ return nil } } - file_github_com_getamis_alice_crypto_tss_ecdsa_gg18_addshare_message_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { + file_github_com_getamis_alice_crypto_tss_ecdsa_addshare_message_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*BodyVerify); i { case 0: return &v.state @@ -728,7 +728,7 @@ func file_github_com_getamis_alice_crypto_tss_ecdsa_gg18_addshare_message_proto_ } } } - file_github_com_getamis_alice_crypto_tss_ecdsa_gg18_addshare_message_proto_msgTypes[0].OneofWrappers = []interface{}{ + file_github_com_getamis_alice_crypto_tss_ecdsa_addshare_message_proto_msgTypes[0].OneofWrappers = []interface{}{ (*Message_OldPeer)(nil), (*Message_NewBk)(nil), (*Message_Compute)(nil), @@ -739,19 +739,19 @@ func file_github_com_getamis_alice_crypto_tss_ecdsa_gg18_addshare_message_proto_ out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_github_com_getamis_alice_crypto_tss_ecdsa_gg18_addshare_message_proto_rawDesc, + RawDescriptor: file_github_com_getamis_alice_crypto_tss_ecdsa_addshare_message_proto_rawDesc, NumEnums: 1, NumMessages: 6, NumExtensions: 0, NumServices: 0, }, - GoTypes: file_github_com_getamis_alice_crypto_tss_ecdsa_gg18_addshare_message_proto_goTypes, - DependencyIndexes: file_github_com_getamis_alice_crypto_tss_ecdsa_gg18_addshare_message_proto_depIdxs, - EnumInfos: file_github_com_getamis_alice_crypto_tss_ecdsa_gg18_addshare_message_proto_enumTypes, - MessageInfos: file_github_com_getamis_alice_crypto_tss_ecdsa_gg18_addshare_message_proto_msgTypes, + GoTypes: file_github_com_getamis_alice_crypto_tss_ecdsa_addshare_message_proto_goTypes, + DependencyIndexes: file_github_com_getamis_alice_crypto_tss_ecdsa_addshare_message_proto_depIdxs, + EnumInfos: file_github_com_getamis_alice_crypto_tss_ecdsa_addshare_message_proto_enumTypes, + MessageInfos: file_github_com_getamis_alice_crypto_tss_ecdsa_addshare_message_proto_msgTypes, }.Build() - File_github_com_getamis_alice_crypto_tss_ecdsa_gg18_addshare_message_proto = out.File - file_github_com_getamis_alice_crypto_tss_ecdsa_gg18_addshare_message_proto_rawDesc = nil - file_github_com_getamis_alice_crypto_tss_ecdsa_gg18_addshare_message_proto_goTypes = nil - file_github_com_getamis_alice_crypto_tss_ecdsa_gg18_addshare_message_proto_depIdxs = nil + File_github_com_getamis_alice_crypto_tss_ecdsa_addshare_message_proto = out.File + file_github_com_getamis_alice_crypto_tss_ecdsa_addshare_message_proto_rawDesc = nil + file_github_com_getamis_alice_crypto_tss_ecdsa_addshare_message_proto_goTypes = nil + file_github_com_getamis_alice_crypto_tss_ecdsa_addshare_message_proto_depIdxs = nil } diff --git a/crypto/tss/ecdsa/cggmp/dkg/message.pb.go b/crypto/tss/ecdsa/cggmp/dkg/message.pb.go index ea21692e..53d6b835 100644 --- a/crypto/tss/ecdsa/cggmp/dkg/message.pb.go +++ b/crypto/tss/ecdsa/cggmp/dkg/message.pb.go @@ -14,8 +14,8 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.26.0 -// protoc v3.6.1 +// protoc-gen-go v1.33.0 +// protoc v5.29.3 // source: github.com/getamis/alice/crypto/tss/ecdsa/cggmp/dkg/message.proto package dkg @@ -97,6 +97,7 @@ type Message struct { Type Type `protobuf:"varint,1,opt,name=type,proto3,enum=getamis.alice.crypto.tss.ecdsa.cggmp.dkg.Type" json:"type,omitempty"` Id string `protobuf:"bytes,2,opt,name=id,proto3" json:"id,omitempty"` // Types that are assignable to Body: + // // *Message_Peer // *Message_Decommit // *Message_Verify diff --git a/crypto/tss/ecdsa/cggmp/refresh/message.pb.go b/crypto/tss/ecdsa/cggmp/refresh/message.pb.go index 7397db2b..88948bc6 100644 --- a/crypto/tss/ecdsa/cggmp/refresh/message.pb.go +++ b/crypto/tss/ecdsa/cggmp/refresh/message.pb.go @@ -14,8 +14,8 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.26.0 -// protoc v3.6.1 +// protoc-gen-go v1.33.0 +// protoc v5.29.3 // source: github.com/getamis/alice/crypto/tss/ecdsa/cggmp/refresh/message.proto package refresh @@ -95,6 +95,7 @@ type Message struct { Type Type `protobuf:"varint,1,opt,name=type,proto3,enum=getamis.alice.crypto.tss.ecdsa.cggmp.refresh.Type" json:"type,omitempty"` Id string `protobuf:"bytes,2,opt,name=id,proto3" json:"id,omitempty"` // Types that are assignable to Body: + // // *Message_Round1 // *Message_Round2 // *Message_Round3 diff --git a/crypto/tss/ecdsa/cggmp/sign/message.pb.go b/crypto/tss/ecdsa/cggmp/sign/message.pb.go index bb2a2daa..f83b52f1 100644 --- a/crypto/tss/ecdsa/cggmp/sign/message.pb.go +++ b/crypto/tss/ecdsa/cggmp/sign/message.pb.go @@ -14,8 +14,8 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.26.0 -// protoc v3.6.1 +// protoc-gen-go v1.33.0 +// protoc v5.29.3 // source: github.com/getamis/alice/crypto/tss/ecdsa/cggmp/sign/message.proto package sign @@ -102,6 +102,7 @@ type Message struct { Type Type `protobuf:"varint,1,opt,name=type,proto3,enum=getamis.alice.crypto.tss.ecdsa.cggmp.sign.Type" json:"type,omitempty"` Id string `protobuf:"bytes,2,opt,name=id,proto3" json:"id,omitempty"` // Types that are assignable to Body: + // // *Message_Round1 // *Message_Round2 // *Message_Round3 diff --git a/crypto/tss/ecdsa/cggmp/signSix/message.pb.go b/crypto/tss/ecdsa/cggmp/signSix/message.pb.go index 898f7091..277451b1 100644 --- a/crypto/tss/ecdsa/cggmp/signSix/message.pb.go +++ b/crypto/tss/ecdsa/cggmp/signSix/message.pb.go @@ -14,8 +14,8 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.26.0 -// protoc v3.6.1 +// protoc-gen-go v1.33.0 +// protoc v5.29.3 // source: github.com/getamis/alice/crypto/tss/ecdsa/cggmp/signSix/message.proto package signSix @@ -111,6 +111,7 @@ type Message struct { Type Type `protobuf:"varint,1,opt,name=type,proto3,enum=getamis.alice.crypto.tss.ecdsa.cggmp.signSix.Type" json:"type,omitempty"` Id string `protobuf:"bytes,2,opt,name=id,proto3" json:"id,omitempty"` // Types that are assignable to Body: + // // *Message_Round1 // *Message_Round2 // *Message_Round3 diff --git a/crypto/tss/ecdsa/gg18/reshare/message.pb.go b/crypto/tss/ecdsa/gg18/reshare/message.pb.go index 098460c2..11f96da4 100644 --- a/crypto/tss/ecdsa/gg18/reshare/message.pb.go +++ b/crypto/tss/ecdsa/gg18/reshare/message.pb.go @@ -14,8 +14,8 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.26.0 -// protoc v3.6.1 +// protoc-gen-go v1.33.0 +// protoc v5.29.3 // source: github.com/getamis/alice/crypto/tss/ecdsa/gg18/reshare/message.proto package reshare @@ -93,6 +93,7 @@ type Message struct { Type Type `protobuf:"varint,1,opt,name=type,proto3,enum=getamis.alice.crypto.tss.ecdsa.gg18.reshare.Type" json:"type,omitempty"` Id string `protobuf:"bytes,2,opt,name=id,proto3" json:"id,omitempty"` // Types that are assignable to Body: + // // *Message_Commit // *Message_Verify // *Message_Result diff --git a/crypto/tss/ecdsa/gg18/signer/message.pb.go b/crypto/tss/ecdsa/gg18/signer/message.pb.go index 80c7b347..1f5dc9cb 100644 --- a/crypto/tss/ecdsa/gg18/signer/message.pb.go +++ b/crypto/tss/ecdsa/gg18/signer/message.pb.go @@ -14,8 +14,8 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.26.0 -// protoc v3.6.1 +// protoc-gen-go v1.33.0 +// protoc v5.29.3 // source: github.com/getamis/alice/crypto/tss/ecdsa/gg18/signer/message.proto package signer @@ -114,6 +114,7 @@ type Message struct { Type Type `protobuf:"varint,1,opt,name=type,proto3,enum=getamis.alice.crypto.tss.ecdsa.gg18.signer.Type" json:"type,omitempty"` Id string `protobuf:"bytes,2,opt,name=id,proto3" json:"id,omitempty"` // Types that are assignable to Body: + // // *Message_Pubkey // *Message_EncK // *Message_Mta diff --git a/crypto/tss/eddsa/frost/signer/message.pb.go b/crypto/tss/eddsa/frost/signer/message.pb.go index f4a91677..66239f8d 100644 --- a/crypto/tss/eddsa/frost/signer/message.pb.go +++ b/crypto/tss/eddsa/frost/signer/message.pb.go @@ -14,8 +14,8 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.26.0 -// protoc v3.6.1 +// protoc-gen-go v1.33.0 +// protoc v5.29.3 // source: github.com/getamis/alice/crypto/tss/eddsa/frost/signer/message.proto package signer @@ -89,6 +89,7 @@ type Message struct { Type Type `protobuf:"varint,1,opt,name=type,proto3,enum=getamis.alice.crypto.tss.eddsa.frost.signer.Type" json:"type,omitempty"` Id string `protobuf:"bytes,2,opt,name=id,proto3" json:"id,omitempty"` // Types that are assignable to Body: + // // *Message_Round1 // *Message_Round2 Body isMessage_Body `protobuf_oneof:"body"` diff --git a/crypto/utils/message.pb.go b/crypto/utils/message.pb.go index 3077b5b0..68e91dd3 100644 --- a/crypto/utils/message.pb.go +++ b/crypto/utils/message.pb.go @@ -14,16 +14,16 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.26.0 -// protoc v3.6.1 +// protoc-gen-go v1.33.0 +// protoc v5.29.3 // source: github.com/getamis/alice/crypto/utils/message.proto package utils import ( - any "github.com/golang/protobuf/ptypes/any" protoreflect "google.golang.org/protobuf/reflect/protoreflect" protoimpl "google.golang.org/protobuf/runtime/protoimpl" + anypb "google.golang.org/protobuf/types/known/anypb" reflect "reflect" sync "sync" ) @@ -40,7 +40,7 @@ type Hash struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - Msgs []*any.Any `protobuf:"bytes,1,rep,name=msgs,proto3" json:"msgs,omitempty"` + Msgs []*anypb.Any `protobuf:"bytes,1,rep,name=msgs,proto3" json:"msgs,omitempty"` } func (x *Hash) Reset() { @@ -75,7 +75,7 @@ func (*Hash) Descriptor() ([]byte, []int) { return file_github_com_getamis_alice_crypto_utils_message_proto_rawDescGZIP(), []int{0} } -func (x *Hash) GetMsgs() []*any.Any { +func (x *Hash) GetMsgs() []*anypb.Any { if x != nil { return x.Msgs } @@ -114,8 +114,8 @@ func file_github_com_getamis_alice_crypto_utils_message_proto_rawDescGZIP() []by var file_github_com_getamis_alice_crypto_utils_message_proto_msgTypes = make([]protoimpl.MessageInfo, 1) var file_github_com_getamis_alice_crypto_utils_message_proto_goTypes = []interface{}{ - (*Hash)(nil), // 0: getamis.alice.crypto.utils.Hash - (*any.Any)(nil), // 1: google.protobuf.Any + (*Hash)(nil), // 0: getamis.alice.crypto.utils.Hash + (*anypb.Any)(nil), // 1: google.protobuf.Any } var file_github_com_getamis_alice_crypto_utils_message_proto_depIdxs = []int32{ 1, // 0: getamis.alice.crypto.utils.Hash.msgs:type_name -> google.protobuf.Any diff --git a/crypto/zkproof/message.pb.go b/crypto/zkproof/message.pb.go index d7cfece0..c03b767b 100644 --- a/crypto/zkproof/message.pb.go +++ b/crypto/zkproof/message.pb.go @@ -14,8 +14,8 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.26.0 -// protoc v3.6.1 +// protoc-gen-go v1.33.0 +// protoc v5.29.3 // source: github.com/getamis/alice/crypto/zkproof/message.proto package zkproof diff --git a/crypto/zkproof/paillier/message.pb.go b/crypto/zkproof/paillier/message.pb.go index 130b9d29..f6a0d039 100644 --- a/crypto/zkproof/paillier/message.pb.go +++ b/crypto/zkproof/paillier/message.pb.go @@ -14,8 +14,8 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.26.0 -// protoc v3.6.1 +// protoc-gen-go v1.33.0 +// protoc v5.29.3 // source: github.com/getamis/alice/crypto/zkproof/paillier/message.proto package paillier From 1b33b6938b4b3d8dce54960cbbe16129905dd75a Mon Sep 17 00:00:00 2001 From: ChihYunChuang Date: Fri, 9 May 2025 14:40:26 +0800 Subject: [PATCH 2/3] crypto: add tests --- crypto/tss/bls/message.pb.go | 135 +++++++++++++++++--- crypto/tss/bls/message.proto | 8 ++ crypto/tss/bls/sharevalidation.go | 137 +++++++++++++++++++- crypto/tss/bls/sharevalidation_test.go | 170 ++++++++++++++++++++++++- crypto/tss/bls/sign.go | 44 ++++--- crypto/tss/bls/sign_test.go | 68 +++++++++- 6 files changed, 516 insertions(+), 46 deletions(-) diff --git a/crypto/tss/bls/message.pb.go b/crypto/tss/bls/message.pb.go index 894c601e..ba656467 100644 --- a/crypto/tss/bls/message.pb.go +++ b/crypto/tss/bls/message.pb.go @@ -106,6 +106,7 @@ type ShareValidationMessage struct { PartialPubKey []byte `protobuf:"bytes,1,opt,name=partialPubKey,proto3" json:"partialPubKey,omitempty"` PublicKey []byte `protobuf:"bytes,2,opt,name=publicKey,proto3" json:"publicKey,omitempty"` Bk *birkhoffinterpolation.BkParameterMessage `protobuf:"bytes,3,opt,name=bk,proto3" json:"bk,omitempty"` + Proof *SchnorrProofG1Message `protobuf:"bytes,4,opt,name=proof,proto3" json:"proof,omitempty"` } func (x *ShareValidationMessage) Reset() { @@ -161,6 +162,84 @@ func (x *ShareValidationMessage) GetBk() *birkhoffinterpolation.BkParameterMessa return nil } +func (x *ShareValidationMessage) GetProof() *SchnorrProofG1Message { + if x != nil { + return x.Proof + } + return nil +} + +type SchnorrProofG1Message struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Salt []byte `protobuf:"bytes,1,opt,name=salt,proto3" json:"salt,omitempty"` + V []byte `protobuf:"bytes,2,opt,name=V,proto3" json:"V,omitempty"` + R []byte `protobuf:"bytes,3,opt,name=r,proto3" json:"r,omitempty"` + AuxMsg []byte `protobuf:"bytes,4,opt,name=auxMsg,proto3" json:"auxMsg,omitempty"` +} + +func (x *SchnorrProofG1Message) Reset() { + *x = SchnorrProofG1Message{} + if protoimpl.UnsafeEnabled { + mi := &file_github_com_getamis_alice_crypto_tss_bls_message_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *SchnorrProofG1Message) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*SchnorrProofG1Message) ProtoMessage() {} + +func (x *SchnorrProofG1Message) ProtoReflect() protoreflect.Message { + mi := &file_github_com_getamis_alice_crypto_tss_bls_message_proto_msgTypes[2] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use SchnorrProofG1Message.ProtoReflect.Descriptor instead. +func (*SchnorrProofG1Message) Descriptor() ([]byte, []int) { + return file_github_com_getamis_alice_crypto_tss_bls_message_proto_rawDescGZIP(), []int{2} +} + +func (x *SchnorrProofG1Message) GetSalt() []byte { + if x != nil { + return x.Salt + } + return nil +} + +func (x *SchnorrProofG1Message) GetV() []byte { + if x != nil { + return x.V + } + return nil +} + +func (x *SchnorrProofG1Message) GetR() []byte { + if x != nil { + return x.R + } + return nil +} + +func (x *SchnorrProofG1Message) GetAuxMsg() []byte { + if x != nil { + return x.AuxMsg + } + return nil +} + var File_github_com_getamis_alice_crypto_tss_bls_message_proto protoreflect.FileDescriptor var file_github_com_getamis_alice_crypto_tss_bls_message_proto_rawDesc = []byte{ @@ -183,7 +262,7 @@ var file_github_com_getamis_alice_crypto_tss_bls_message_proto_rawDesc = []byte{ 0x70, 0x74, 0x6f, 0x2e, 0x62, 0x69, 0x72, 0x6b, 0x68, 0x6f, 0x66, 0x66, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x6f, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x42, 0x6b, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x52, 0x02, 0x62, 0x6b, - 0x22, 0xac, 0x01, 0x0a, 0x16, 0x53, 0x68, 0x61, 0x72, 0x65, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, + 0x22, 0xf6, 0x01, 0x0a, 0x16, 0x53, 0x68, 0x61, 0x72, 0x65, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x12, 0x24, 0x0a, 0x0d, 0x70, 0x61, 0x72, 0x74, 0x69, 0x61, 0x6c, 0x50, 0x75, 0x62, 0x4b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0d, 0x70, 0x61, 0x72, 0x74, 0x69, 0x61, 0x6c, 0x50, 0x75, 0x62, 0x4b, 0x65, @@ -193,11 +272,21 @@ var file_github_com_getamis_alice_crypto_tss_bls_message_proto_rawDesc = []byte{ 0x74, 0x61, 0x6d, 0x69, 0x73, 0x2e, 0x61, 0x6c, 0x69, 0x63, 0x65, 0x2e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x2e, 0x62, 0x69, 0x72, 0x6b, 0x68, 0x6f, 0x66, 0x66, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x6f, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x42, 0x6b, 0x50, 0x61, 0x72, 0x61, 0x6d, - 0x65, 0x74, 0x65, 0x72, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x52, 0x02, 0x62, 0x6b, 0x42, - 0x29, 0x5a, 0x27, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x65, - 0x74, 0x61, 0x6d, 0x69, 0x73, 0x2f, 0x61, 0x6c, 0x69, 0x63, 0x65, 0x2f, 0x63, 0x72, 0x79, 0x70, - 0x74, 0x6f, 0x2f, 0x74, 0x73, 0x73, 0x2f, 0x62, 0x6c, 0x73, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x33, + 0x65, 0x74, 0x65, 0x72, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x52, 0x02, 0x62, 0x6b, 0x12, + 0x48, 0x0a, 0x05, 0x70, 0x72, 0x6f, 0x6f, 0x66, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x32, + 0x2e, 0x67, 0x65, 0x74, 0x61, 0x6d, 0x69, 0x73, 0x2e, 0x61, 0x6c, 0x69, 0x63, 0x65, 0x2e, 0x63, + 0x72, 0x79, 0x70, 0x74, 0x6f, 0x2e, 0x62, 0x6c, 0x73, 0x6d, 0x70, 0x63, 0x2e, 0x53, 0x63, 0x68, + 0x6e, 0x6f, 0x72, 0x72, 0x50, 0x72, 0x6f, 0x6f, 0x66, 0x47, 0x31, 0x4d, 0x65, 0x73, 0x73, 0x61, + 0x67, 0x65, 0x52, 0x05, 0x70, 0x72, 0x6f, 0x6f, 0x66, 0x22, 0x5f, 0x0a, 0x15, 0x53, 0x63, 0x68, + 0x6e, 0x6f, 0x72, 0x72, 0x50, 0x72, 0x6f, 0x6f, 0x66, 0x47, 0x31, 0x4d, 0x65, 0x73, 0x73, 0x61, + 0x67, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x73, 0x61, 0x6c, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, + 0x52, 0x04, 0x73, 0x61, 0x6c, 0x74, 0x12, 0x0c, 0x0a, 0x01, 0x56, 0x18, 0x02, 0x20, 0x01, 0x28, + 0x0c, 0x52, 0x01, 0x56, 0x12, 0x0c, 0x0a, 0x01, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0c, 0x52, + 0x01, 0x72, 0x12, 0x16, 0x0a, 0x06, 0x61, 0x75, 0x78, 0x4d, 0x73, 0x67, 0x18, 0x04, 0x20, 0x01, + 0x28, 0x0c, 0x52, 0x06, 0x61, 0x75, 0x78, 0x4d, 0x73, 0x67, 0x42, 0x29, 0x5a, 0x27, 0x67, 0x69, + 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x65, 0x74, 0x61, 0x6d, 0x69, 0x73, + 0x2f, 0x61, 0x6c, 0x69, 0x63, 0x65, 0x2f, 0x63, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x2f, 0x74, 0x73, + 0x73, 0x2f, 0x62, 0x6c, 0x73, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -212,20 +301,22 @@ func file_github_com_getamis_alice_crypto_tss_bls_message_proto_rawDescGZIP() [] return file_github_com_getamis_alice_crypto_tss_bls_message_proto_rawDescData } -var file_github_com_getamis_alice_crypto_tss_bls_message_proto_msgTypes = make([]protoimpl.MessageInfo, 2) +var file_github_com_getamis_alice_crypto_tss_bls_message_proto_msgTypes = make([]protoimpl.MessageInfo, 3) var file_github_com_getamis_alice_crypto_tss_bls_message_proto_goTypes = []interface{}{ (*SignMessage)(nil), // 0: getamis.alice.crypto.blsmpc.SignMessage (*ShareValidationMessage)(nil), // 1: getamis.alice.crypto.blsmpc.ShareValidationMessage - (*birkhoffinterpolation.BkParameterMessage)(nil), // 2: getamis.alice.crypto.birkhoffinterpolation.BkParameterMessage + (*SchnorrProofG1Message)(nil), // 2: getamis.alice.crypto.blsmpc.SchnorrProofG1Message + (*birkhoffinterpolation.BkParameterMessage)(nil), // 3: getamis.alice.crypto.birkhoffinterpolation.BkParameterMessage } var file_github_com_getamis_alice_crypto_tss_bls_message_proto_depIdxs = []int32{ - 2, // 0: getamis.alice.crypto.blsmpc.SignMessage.bk:type_name -> getamis.alice.crypto.birkhoffinterpolation.BkParameterMessage - 2, // 1: getamis.alice.crypto.blsmpc.ShareValidationMessage.bk:type_name -> getamis.alice.crypto.birkhoffinterpolation.BkParameterMessage - 2, // [2:2] is the sub-list for method output_type - 2, // [2:2] is the sub-list for method input_type - 2, // [2:2] is the sub-list for extension type_name - 2, // [2:2] is the sub-list for extension extendee - 0, // [0:2] is the sub-list for field type_name + 3, // 0: getamis.alice.crypto.blsmpc.SignMessage.bk:type_name -> getamis.alice.crypto.birkhoffinterpolation.BkParameterMessage + 3, // 1: getamis.alice.crypto.blsmpc.ShareValidationMessage.bk:type_name -> getamis.alice.crypto.birkhoffinterpolation.BkParameterMessage + 2, // 2: getamis.alice.crypto.blsmpc.ShareValidationMessage.proof:type_name -> getamis.alice.crypto.blsmpc.SchnorrProofG1Message + 3, // [3:3] is the sub-list for method output_type + 3, // [3:3] is the sub-list for method input_type + 3, // [3:3] is the sub-list for extension type_name + 3, // [3:3] is the sub-list for extension extendee + 0, // [0:3] is the sub-list for field type_name } func init() { file_github_com_getamis_alice_crypto_tss_bls_message_proto_init() } @@ -258,6 +349,18 @@ func file_github_com_getamis_alice_crypto_tss_bls_message_proto_init() { return nil } } + file_github_com_getamis_alice_crypto_tss_bls_message_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*SchnorrProofG1Message); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } } type x struct{} out := protoimpl.TypeBuilder{ @@ -265,7 +368,7 @@ func file_github_com_getamis_alice_crypto_tss_bls_message_proto_init() { GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: file_github_com_getamis_alice_crypto_tss_bls_message_proto_rawDesc, NumEnums: 0, - NumMessages: 2, + NumMessages: 3, NumExtensions: 0, NumServices: 0, }, diff --git a/crypto/tss/bls/message.proto b/crypto/tss/bls/message.proto index 42eeeab4..33ee30f2 100644 --- a/crypto/tss/bls/message.proto +++ b/crypto/tss/bls/message.proto @@ -30,4 +30,12 @@ message ShareValidationMessage { bytes partialPubKey = 1; bytes publicKey = 2; birkhoffinterpolation.BkParameterMessage bk = 3; + SchnorrProofG1Message proof = 4; +} + +message SchnorrProofG1Message { + bytes salt = 1; + bytes V = 2; + bytes r = 3; + bytes auxMsg = 4; } diff --git a/crypto/tss/bls/sharevalidation.go b/crypto/tss/bls/sharevalidation.go index 1e89b60f..00c0dbb3 100644 --- a/crypto/tss/bls/sharevalidation.go +++ b/crypto/tss/bls/sharevalidation.go @@ -16,14 +16,25 @@ package bls import ( "crypto/subtle" + "errors" "math/big" bls12381 "github.com/consensys/gnark-crypto/ecc/bls12-381" "github.com/getamis/alice/crypto/birkhoffinterpolation" "github.com/getamis/alice/crypto/utils" + "github.com/golang/protobuf/proto" + "github.com/golang/protobuf/ptypes/any" ) -type ShareValidaiton struct { +var ( + big0 = big.NewInt(0) + + + // ErrSchnorrFailure is returned if the verification of Schnorr's ZK failures. + ErrSchnorrFailure = errors.New("the verification of Schnorr's ZK failures") +) + +type ShareValidation struct { ownBK *birkhoffinterpolation.BkParameter threshold uint32 ownShare *big.Int @@ -32,13 +43,13 @@ type ShareValidaiton struct { partialPubKey []byte } -func NewShareValidaitonManager(threshold uint32, share []byte, bk *birkhoffinterpolation.BkParameter, pubKey []byte) (*ShareValidaiton, error) { +func NewShareValidationManager(threshold uint32, share []byte, bk *birkhoffinterpolation.BkParameter, pubKey []byte) (*ShareValidation, error) { // check the correctness of share and pubKey bshare, _, err := validationShareAndPubKey(share, pubKey) if err != nil { return nil, err } - return &ShareValidaiton{ + return &ShareValidation{ ownBK: bk, threshold: threshold, ownShare: bshare, @@ -46,13 +57,17 @@ func NewShareValidaitonManager(threshold uint32, share []byte, bk *birkhoffinter }, nil } -func (sV *ShareValidaiton) ComputeShareProof(schnorrInfo []byte) (*ShareValidationMessage, error) { +func (sV *ShareValidation) ComputeShareProof(schnorrInfo []byte) (*ShareValidationMessage, error) { // compute sharePoint var partialPubKey bls12381.G1Affine partialPubKey.ScalarMultiplicationBase(sV.ownShare) partialPubKeyByte := partialPubKey.Bytes() // compute Schnorr Zk + proof, err := NewG1SchnorrZkProof(sV.ownShare, partialPubKeyByte[:], schnorrInfo) + if err != nil { + return nil, err + } // Set data sV.partialPubKey = partialPubKeyByte[:] @@ -61,10 +76,11 @@ func (sV *ShareValidaiton) ComputeShareProof(schnorrInfo []byte) (*ShareValidati PartialPubKey: partialPubKeyByte[:], PublicKey: sV.pubKey, Bk: sV.ownBK.ToMessage(), + Proof: proof, }, nil } -func (sV *ShareValidaiton) Validation(partialPubKeyMsg []*ShareValidationMessage) error { +func (sV *ShareValidation) Validation(partialPubKeyMsg []*ShareValidationMessage) error { bkss := birkhoffinterpolation.BkParameters{ sV.ownBK, } @@ -76,7 +92,6 @@ func (sV *ShareValidaiton) Validation(partialPubKeyMsg []*ShareValidationMessage if err != nil { return err } - // check the correctness of the partial Point for i := 0; i < len(partialPubKeyMsg); i++ { tempPartialPubKey := partialPubKeyMsg[i].PartialPubKey @@ -94,6 +109,12 @@ func (sV *ShareValidaiton) Validation(partialPubKeyMsg []*ShareValidationMessage if subtle.ConstantTimeCompare(pubKeyByte, getPubKey) != 1 { return ErrPubKeyDifferent } + // check zk-proof + proof := partialPubKeyMsg[i].Proof + err = proof.Verify(tempPartialPubKey) + if err != nil { + return err + } } bkCoefficient, err := bkss.ComputeBkCoefficient(sV.threshold, bls12381CurveOrder) if err != nil { @@ -132,7 +153,6 @@ func validationShareAndPubKey(share []byte, pubKey []byte) (*big.Int, *bls12381. if len(pubKey) > G1MaxByteLength { return nil, nil, ErrWrongLengthPubKey } - var pubKeyG1 bls12381.G1Affine _, err = pubKeyG1.SetBytes(pubKey) if err != nil { @@ -140,3 +160,106 @@ func validationShareAndPubKey(share []byte, pubKey []byte) (*big.Int, *bls12381. } return bshare, &pubKeyG1, nil } + +// ref : https://datatracker.ietf.org/doc/html/rfc8235 +func NewG1SchnorrZkProof(secret *big.Int, pubKey []byte, auxMsg []byte) (*SchnorrProofG1Message, error) { + v, err := utils.RandomPositiveInt(bls12381CurveOrder) + if err != nil { + return nil, err + } + var VPoint bls12381.G1Affine + VPoint.ScalarMultiplicationBase(v) + VPointByte := VPoint.Bytes() + + var G1 bls12381.G1Affine + G1.ScalarMultiplicationBase(big1) + G1Byte := G1.Bytes() + // Compute c + + msgs := []proto.Message{&any.Any{ + Value: pubKey, + }, &any.Any{ + Value: auxMsg, + }, &any.Any{ + Value: G1Byte[:], + }} + + c, salt, err := utils.HashProtosRejectSampling(bls12381CurveOrder, msgs...) + if err != nil { + return nil, err + } + r := new(big.Int).Mul(secret, c) + r.Sub(v, r) + r.Mod(r, bls12381CurveOrder) + result := &SchnorrProofG1Message{ + Salt: salt, + V: VPointByte[:], + R: r.Bytes(), + AuxMsg: auxMsg, + } + err = result.Verify(pubKey) + if err != nil { + return nil, err + } + return result, nil +} + +func (msg *SchnorrProofG1Message) Verify(pubKey []byte) error { + VByte := msg.V + var VPoint bls12381.G1Affine + if len(VByte) > G1MaxByteLength { + return ErrWrongLengthPubKey + } + _, err := VPoint.SetBytes(VByte) + if err != nil { + return err + } + if len(pubKey) > G1MaxByteLength { + return ErrWrongLengthPubKey + } + var pubKeyG1 bls12381.G1Affine + _, err = pubKeyG1.SetBytes(pubKey) + if err != nil { + return err + } + + r := new(big.Int).SetBytes(msg.GetR()) + err = utils.InRange(r, big0, bls12381CurveOrder) + if err != nil { + return err + } + + salt := msg.Salt + auxMsg := msg.AuxMsg + + var G1 bls12381.G1Affine + G1.ScalarMultiplicationBase(big1) + G1Byte := G1.Bytes() + + // Calculate c + msgs := []proto.Message{&any.Any{ + Value: pubKey, + }, &any.Any{ + Value: auxMsg, + }, &any.Any{ + Value: G1Byte[:], + }} + + c, err := utils.HashProtosToInt(salt, msgs...) + if err != nil { + return err + } + err = utils.InRange(c, big1, bls12381CurveOrder) + if err != nil { + return err + } + // Calculate V = r*G + pubKey*c + var checkPoint, AcPoint bls12381.G1Affine + checkPoint.ScalarMultiplicationBase(r) + AcPoint.ScalarMultiplication(&pubKeyG1, c) + checkPoint.Add(&checkPoint, &AcPoint) + if !VPoint.Equal(&checkPoint) { + return ErrSchnorrFailure + } + return nil +} diff --git a/crypto/tss/bls/sharevalidation_test.go b/crypto/tss/bls/sharevalidation_test.go index b080e9ea..bc62356a 100644 --- a/crypto/tss/bls/sharevalidation_test.go +++ b/crypto/tss/bls/sharevalidation_test.go @@ -32,7 +32,7 @@ var _ = Describe("bls mpc share validation", func() { totalNumber := uint32(5) msg := []byte("Time") bkSS := make([]*birkhoffinterpolation.BkParameter, totalNumber) - shareValManager := make([]*ShareValidaiton, totalNumber) + shareValManager := make([]*ShareValidation, totalNumber) poly, err := polynomial.RandomPolynomial(bls12381CurveOrder, threshold-1) Expect(err).Should(BeNil()) secret := poly.Evaluate(big.NewInt(0)) @@ -43,7 +43,7 @@ var _ = Describe("bls mpc share validation", func() { tempX, err := utils.RandomPositiveInt(bls12381CurveOrder) Expect(err).Should(BeNil()) bkSS[i] = birkhoffinterpolation.NewBkParameter(tempX, 0) - tempShareValidaitonManager, err := NewShareValidaitonManager(threshold, poly.Evaluate(tempX).Bytes(), bkSS[i], pubKeyByte[:]) + tempShareValidaitonManager, err := NewShareValidationManager(threshold, poly.Evaluate(tempX).Bytes(), bkSS[i], pubKeyByte[:]) Expect(err).Should(BeNil()) shareValManager[i] = tempShareValidaitonManager } @@ -61,4 +61,170 @@ var _ = Describe("bls mpc share validation", func() { } }) }) + + Context("Negative Cases", func() { + It("the length of public Key is too large", func() { + pubKey := make([]byte, 100) + _, err := NewShareValidationManager(3, big1.Bytes(), nil, pubKey) + Expect(err).Should(Equal(ErrWrongLengthPubKey)) + }) + + It("wrong threshold", func() { + pubKey := new(bls12381.G1Affine).ScalarMultiplicationBase(big1) + pubKeyByte := pubKey.Bytes() + tempManager, err := NewShareValidationManager(3, big1.Bytes(), birkhoffinterpolation.NewBkParameter(big1, 0), pubKeyByte[:]) + Expect(err).Should(BeNil()) + msg1, err := tempManager.ComputeShareProof([]byte("")) + Expect(err).Should(BeNil()) + err = tempManager.Validation([]*ShareValidationMessage{msg1}) + Expect(err).ShouldNot(BeNil()) + }) + + It("wrong public Key for message", func() { + pubKey := new(bls12381.G1Affine).ScalarMultiplicationBase(big1) + pubKeyByte := pubKey.Bytes() + tempManager, err := NewShareValidationManager(1, big1.Bytes(), birkhoffinterpolation.NewBkParameter(big1, 0), pubKeyByte[:]) + Expect(err).Should(BeNil()) + msg1, err := tempManager.ComputeShareProof([]byte("")) + Expect(err).Should(BeNil()) + msg1.PublicKey = []byte{1} + err = tempManager.Validation([]*ShareValidationMessage{msg1}) + Expect(err).ShouldNot(BeNil()) + }) + + It("wrong public Key for Manager", func() { + pubKey := new(bls12381.G1Affine).ScalarMultiplicationBase(big1) + pubKeyByte := pubKey.Bytes() + tempManager, err := NewShareValidationManager(1, big1.Bytes(), birkhoffinterpolation.NewBkParameter(big1, 0), pubKeyByte[:]) + Expect(err).Should(BeNil()) + msg1, err := tempManager.ComputeShareProof([]byte("")) + Expect(err).Should(BeNil()) + tempManager.pubKey = []byte{1} + err = tempManager.Validation([]*ShareValidationMessage{msg1}) + Expect(err).ShouldNot(BeNil()) + }) + + It("the length of public Key for Manager is too large", func() { + pubKey := new(bls12381.G1Affine).ScalarMultiplicationBase(big1) + pubKeyByte := pubKey.Bytes() + tempManager, err := NewShareValidationManager(1, big1.Bytes(), birkhoffinterpolation.NewBkParameter(big1, 0), pubKeyByte[:]) + Expect(err).Should(BeNil()) + msg1, err := tempManager.ComputeShareProof([]byte("")) + Expect(err).Should(BeNil()) + msg1.PartialPubKey = make([]byte, 100) + err = tempManager.Validation([]*ShareValidationMessage{msg1}) + Expect(err).ShouldNot(BeNil()) + }) + + It("wrong partial-public Key for shareManager", func() { + pubKey := new(bls12381.G1Affine).ScalarMultiplicationBase(big1) + pubKeyByte := pubKey.Bytes() + tempManager, err := NewShareValidationManager(1, big1.Bytes(), birkhoffinterpolation.NewBkParameter(big1, 0), pubKeyByte[:]) + Expect(err).Should(BeNil()) + msg1, err := tempManager.ComputeShareProof([]byte("")) + Expect(err).Should(BeNil()) + tempManager.partialPubKey = []byte{1} + err = tempManager.Validation([]*ShareValidationMessage{msg1}) + Expect(err).ShouldNot(BeNil()) + }) + + It("wrong partial-public Key for message", func() { + pubKey := new(bls12381.G1Affine).ScalarMultiplicationBase(big1) + pubKeyByte := pubKey.Bytes() + tempManager, err := NewShareValidationManager(1, big1.Bytes(), birkhoffinterpolation.NewBkParameter(big1, 0), pubKeyByte[:]) + Expect(err).Should(BeNil()) + msg1, err := tempManager.ComputeShareProof([]byte("")) + Expect(err).Should(BeNil()) + msg1.PartialPubKey = []byte{1} + err = tempManager.Validation([]*ShareValidationMessage{msg1}) + Expect(err).ShouldNot(BeNil()) + }) + + It("BK wrong: X > curveOrder", func() { + pubKey := new(bls12381.G1Affine).ScalarMultiplicationBase(big1) + pubKeyByte := pubKey.Bytes() + tempManager, err := NewShareValidationManager(1, big1.Bytes(), birkhoffinterpolation.NewBkParameter(big1, 0), pubKeyByte[:]) + Expect(err).Should(BeNil()) + msg1, err := tempManager.ComputeShareProof([]byte("")) + Expect(err).Should(BeNil()) + msg1.Bk.X = new(big.Int).Add(big1, bls12381CurveOrder).Bytes() + err = tempManager.Validation([]*ShareValidationMessage{msg1}) + Expect(err).ShouldNot(BeNil()) + }) + + It("the length of pubKey is too large", func() { + pubKey := new(bls12381.G1Affine).ScalarMultiplicationBase(big.NewInt(100)) + pubKeyByte := pubKey.Bytes() + tempManager, err := NewShareValidationManager(1, big1.Bytes(), birkhoffinterpolation.NewBkParameter(big1, 0), pubKeyByte[:]) + Expect(err).Should(BeNil()) + msg1, err := tempManager.ComputeShareProof([]byte("")) + Expect(err).Should(BeNil()) + err = tempManager.Validation([]*ShareValidationMessage{msg1}) + Expect(err).ShouldNot(BeNil()) + }) + + It("wrong verification", func() { + pubKey := new(bls12381.G1Affine).ScalarMultiplicationBase(big.NewInt(100)) + pubKeyByte := pubKey.Bytes() + tempManager, err := NewSignManager(1, big1.Bytes(), birkhoffinterpolation.NewBkParameter(big1, 0), pubKeyByte[:]) + Expect(err).Should(BeNil()) + msg1, err := tempManager.Sign([]byte("")) + Expect(err).Should(BeNil()) + _, err = tempManager.RecoverMPCSignature([]*SignMessage{msg1}) + Expect(err).ShouldNot(BeNil()) + }) + + It("Schnorr verification: wrong pubKey", func() { + pubKey := new(bls12381.G1Affine).ScalarMultiplicationBase(big1) + pubKeyByte := pubKey.Bytes() + proof, err := NewG1SchnorrZkProof(big1, pubKeyByte[:], []byte("Vick Haha")) + err = proof.Verify([]byte("LLLL")) + Expect(err).ShouldNot(BeNil()) + }) + + It("Schnorr verification: the length of the public Key is too large", func() { + pubKey := new(bls12381.G1Affine).ScalarMultiplicationBase(big1) + pubKeyByte := pubKey.Bytes() + proof, err := NewG1SchnorrZkProof(big1, pubKeyByte[:], []byte("Vick Haha")) + wrongPubKey := make([]byte, 100) + err = proof.Verify(wrongPubKey) + Expect(err).ShouldNot(BeNil()) + }) + + It("Schnorr verification", func() { + pubKey := new(bls12381.G1Affine).ScalarMultiplicationBase(big1) + pubKeyByte := pubKey.Bytes() + proof, err := NewG1SchnorrZkProof(big1, pubKeyByte[:], []byte("Vick Haha")) + proof.R = new(big.Int).Add(bls12381CurveOrder, big1).Bytes() + err = proof.Verify(pubKeyByte[:]) + Expect(err).ShouldNot(BeNil()) + }) + + It("wrong Schnorr verification", func() { + pubKey := new(bls12381.G1Affine).ScalarMultiplicationBase(big1) + pubKeyByte := pubKey.Bytes() + proof, err := NewG1SchnorrZkProof(big1, pubKeyByte[:], []byte("Vick Haha")) + proof.V = make([]byte, 100) + err = proof.Verify(pubKeyByte[:]) + Expect(err).ShouldNot(BeNil()) + }) + + It("Schnorr verification: wrong proof", func() { + pubKey := new(bls12381.G1Affine).ScalarMultiplicationBase(big1) + pubKeyByte := pubKey.Bytes() + proof, err := NewG1SchnorrZkProof(big1, pubKeyByte[:], []byte("Vick Haha")) + proof.V = []byte{1} + err = proof.Verify(pubKeyByte[:]) + Expect(err).ShouldNot(BeNil()) + }) + + It("Schnorr verification: wrong R", func() { + pubKey := new(bls12381.G1Affine).ScalarMultiplicationBase(big1) + pubKeyByte := pubKey.Bytes() + proof, err := NewG1SchnorrZkProof(big1, pubKeyByte[:], []byte("Vick Haha")) + proof.R = big.NewInt(3).Bytes() + err = proof.Verify(pubKeyByte[:]) + Expect(err).ShouldNot(BeNil()) + }) + }) }) diff --git a/crypto/tss/bls/sign.go b/crypto/tss/bls/sign.go index 66508bd8..e44f828f 100644 --- a/crypto/tss/bls/sign.go +++ b/crypto/tss/bls/sign.go @@ -19,6 +19,7 @@ import ( "errors" "math/big" + "github.com/OffchainLabs/prysm/v6/crypto/bls/blst" bls12381 "github.com/consensys/gnark-crypto/ecc/bls12-381" "github.com/getamis/alice/crypto/birkhoffinterpolation" ) @@ -43,6 +44,8 @@ var ( ErrWrongLengthPubKey = errors.New("the length of public key is wrong") // ErrShareValidationFailure is returned if the validation of shares failures. ErrShareValidationFailure = errors.New("the validation of shares failures") + // ErrPrysmVerifyFailure is returned if the verification of prysm failures. + ErrPrysmVerifyFailure = errors.New("the verification of prysm failures") ) type SignManager struct { @@ -54,6 +57,7 @@ type SignManager struct { pubKey *bls12381.G1Affine partialSignature []byte msgPoint bls12381.G2Affine + originalMsg []byte } func NewSignManager(threshold uint32, share []byte, bk *birkhoffinterpolation.BkParameter, pubKey []byte) (*SignManager, error) { @@ -81,7 +85,7 @@ func (sM *SignManager) Sign(msg []byte) (*SignMessage, error) { var signature bls12381.G2Affine signature.ScalarMultiplication(&h, sM.ownShare) partialPubKey := new(bls12381.G1Affine).ScalarMultiplicationBase(sM.ownShare) - // verification e(H(m), pubKey) = e(sign, g2) + // verification e(pubKey, H(m)) = e(g1, sign) err = verificationSignature(h, *partialPubKey, signature) if err != nil { return nil, err @@ -93,13 +97,14 @@ func (sM *SignManager) Sign(msg []byte) (*SignMessage, error) { PublicKey: pubKeyByte[:], Bk: sM.ownBK.ToMessage(), } + // Set data sM.partialSignature = resultByte[:] sM.msgPoint = h + sM.originalMsg = msg return resultMsg, nil } -func (sM *SignManager) RecoverMPCSignature(signMsg []*SignMessage) ([G2MaxByteLength]byte, error) { - zeroByte := [G2MaxByteLength]byte{} +func (sM *SignManager) RecoverMPCSignature(signMsg []*SignMessage) ([]byte, error) { bkss := birkhoffinterpolation.BkParameters{ sM.ownBK, } @@ -108,48 +113,49 @@ func (sM *SignManager) RecoverMPCSignature(signMsg []*SignMessage) ([G2MaxByteLe pubKeyByte := sM.pubKey.Bytes() // check the correctness of the partial signatures + // collect all data for i := 0; i < len(signMsg); i++ { tempSign := signMsg[i].Signature - // The length of a correct signature is 96 if len(tempSign) > G2MaxByteLength { - return zeroByte, ErrFailureSign + return nil, ErrFailureSign } signSlice = append(signSlice, tempSign) tempBks, err := signMsg[i].Bk.ToBk(bls12381CurveOrder) if err != nil { - return zeroByte, err + return nil, err } bkss = append(bkss, tempBks) getPubKey := signMsg[i].PublicKey if subtle.ConstantTimeCompare(pubKeyByte[:], getPubKey) != 1 { - return zeroByte, ErrPubKeyDifferent + return nil, ErrPubKeyDifferent } } + // Verify: sum_i a_i(parSignature)_i = Signature a_i is Birkhoff coefficients bkCoefficient, err := bkss.ComputeBkCoefficient(sM.threshold, bls12381CurveOrder) if err != nil { - return zeroByte, err + return nil, err } - var result bls12381.G2Affine - _, err = result.SetBytes(signSlice[0]) + var sum bls12381.G2Affine + _, err = sum.SetBytes(signSlice[0]) if err != nil { - return zeroByte, err + return nil, err } - result.ScalarMultiplication(&result, bkCoefficient[0]) + sum.ScalarMultiplication(&sum, bkCoefficient[0]) for i := 1; i < len(signSlice); i++ { var temp bls12381.G2Affine _, err = temp.SetBytes(signSlice[i]) if err != nil { - return zeroByte, err + return nil, err } temp.ScalarMultiplication(&temp, bkCoefficient[i]) - result.Add(&result, &temp) + sum.Add(&sum, &temp) } - // check the final signature - err = verificationSignature(sM.msgPoint, *sM.pubKey, result) - if err != nil { - return zeroByte, err + signature := sum.Bytes() + result := signature[:] + if !blst.VerifyCompressed(result, pubKeyByte[:], sM.originalMsg) { + return nil, ErrPrysmVerifyFailure } - return result.Bytes(), nil + return result, nil } func verificationSignature(msgPoint bls12381.G2Affine, pubKey bls12381.G1Affine, sig bls12381.G2Affine) error { diff --git a/crypto/tss/bls/sign_test.go b/crypto/tss/bls/sign_test.go index 93426e15..863bd601 100644 --- a/crypto/tss/bls/sign_test.go +++ b/crypto/tss/bls/sign_test.go @@ -32,7 +32,8 @@ var _ = Describe("bls MPC Sign", func() { It("Sign", func() { threshold := uint32(3) totalNumber := uint32(5) - msg := []byte("Time") + msg, err := utils.GenRandomBytes(32) + Expect(err).Should(BeNil()) bkSS := make([]*birkhoffinterpolation.BkParameter, totalNumber) signManager := make([]*SignManager, totalNumber) poly, err := polynomial.RandomPolynomial(bls12381CurveOrder, threshold-1) @@ -57,7 +58,7 @@ var _ = Describe("bls MPC Sign", func() { signMsg[i] = tempMsg } // Validation - var mpcSignature [96]byte + var mpcSignature []byte for i := 0; i < len(signManager); i++ { mpcSignature, err = signManager[i].RecoverMPCSignature(signMsg) Expect(err).Should(BeNil()) @@ -70,6 +71,69 @@ var _ = Describe("bls MPC Sign", func() { Expect(prysmSig).Should(Equal(mpcSignature[:])) }) }) + + Context("Negative Cases", func() { + It("paring failure", func() { + var wrongG1 bls12381.G1Affine + var wrongG2 bls12381.G2Affine + wrongG1.ScalarMultiplicationBase(big.NewInt(3)) + wrongG2.ScalarMultiplicationBase(big.NewInt(2)) + err := verificationSignature(wrongG2, wrongG1, wrongG2) + Expect(err).Should(Equal(ErrFailureSign)) + }) + + It("wrong public Key ", func() { + pubKey := make([]byte, 100) + _, err := NewSignManager(3, big1.Bytes(), nil, pubKey) + Expect(err).Should(Equal(ErrWrongLengthPubKey)) + }) + + It("wrong threshold", func() { + pubKey := new(bls12381.G1Affine).ScalarMultiplicationBase(big1) + pubKeyByte := pubKey.Bytes() + tempManager, err := NewSignManager(3, big1.Bytes(), birkhoffinterpolation.NewBkParameter(big1, 0), pubKeyByte[:]) + Expect(err).Should(BeNil()) + msg1, err := tempManager.Sign([]byte("")) + Expect(err).Should(BeNil()) + _, err = tempManager.RecoverMPCSignature([]*SignMessage{msg1}) + Expect(err).ShouldNot(BeNil()) + }) + + It("the length of the public Key is too large", func() { + pubKey := new(bls12381.G1Affine).ScalarMultiplicationBase(big1) + pubKeyByte := pubKey.Bytes() + tempManager, err := NewSignManager(1, big1.Bytes(), birkhoffinterpolation.NewBkParameter(big1, 0), pubKeyByte[:]) + Expect(err).Should(BeNil()) + msg1, err := tempManager.Sign([]byte("")) + Expect(err).Should(BeNil()) + msg1.PublicKey = make([]byte, 100) + _, err = tempManager.RecoverMPCSignature([]*SignMessage{msg1}) + Expect(err).ShouldNot(BeNil()) + }) + + It("wrong signature", func() { + pubKey := new(bls12381.G1Affine).ScalarMultiplicationBase(big1) + pubKeyByte := pubKey.Bytes() + tempManager, err := NewSignManager(1, big1.Bytes(), birkhoffinterpolation.NewBkParameter(big1, 0), pubKeyByte[:]) + Expect(err).Should(BeNil()) + msg1, err := tempManager.Sign([]byte("")) + Expect(err).Should(BeNil()) + msg1.Signature = make([]byte, 100) + _, err = tempManager.RecoverMPCSignature([]*SignMessage{msg1}) + Expect(err).ShouldNot(BeNil()) + }) + + It("wrong verification", func() { + pubKey := new(bls12381.G1Affine).ScalarMultiplicationBase(big.NewInt(100)) + pubKeyByte := pubKey.Bytes() + tempManager, err := NewSignManager(1, big1.Bytes(), birkhoffinterpolation.NewBkParameter(big1, 0), pubKeyByte[:]) + Expect(err).Should(BeNil()) + msg1, err := tempManager.Sign([]byte("")) + Expect(err).Should(BeNil()) + _, err = tempManager.RecoverMPCSignature([]*SignMessage{msg1}) + Expect(err).ShouldNot(BeNil()) + }) + }) }) func TestBlsMPC(t *testing.T) { From 7f29905817578b620ced481e57077d4834585547 Mon Sep 17 00:00:00 2001 From: ChihYunChuang Date: Thu, 29 May 2025 14:19:12 +0800 Subject: [PATCH 3/3] crypto/tss/bls: add the check non-zero publicKey --- crypto/tss/bls/sharevalidation.go | 8 +++++--- crypto/tss/bls/sign.go | 5 +++++ 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/crypto/tss/bls/sharevalidation.go b/crypto/tss/bls/sharevalidation.go index 00c0dbb3..68da55cd 100644 --- a/crypto/tss/bls/sharevalidation.go +++ b/crypto/tss/bls/sharevalidation.go @@ -29,7 +29,6 @@ import ( var ( big0 = big.NewInt(0) - // ErrSchnorrFailure is returned if the verification of Schnorr's ZK failures. ErrSchnorrFailure = errors.New("the verification of Schnorr's ZK failures") ) @@ -45,10 +44,13 @@ type ShareValidation struct { func NewShareValidationManager(threshold uint32, share []byte, bk *birkhoffinterpolation.BkParameter, pubKey []byte) (*ShareValidation, error) { // check the correctness of share and pubKey - bshare, _, err := validationShareAndPubKey(share, pubKey) + bshare, pubKeyG1, err := validationShareAndPubKey(share, pubKey) if err != nil { return nil, err } + if pubKeyG1.IsInfinity() { + return nil, ErrZeroPublicKey + } return &ShareValidation{ ownBK: bk, threshold: threshold, @@ -226,7 +228,7 @@ func (msg *SchnorrProofG1Message) Verify(pubKey []byte) error { r := new(big.Int).SetBytes(msg.GetR()) err = utils.InRange(r, big0, bls12381CurveOrder) if err != nil { - return err + return err } salt := msg.Salt diff --git a/crypto/tss/bls/sign.go b/crypto/tss/bls/sign.go index e44f828f..90759b15 100644 --- a/crypto/tss/bls/sign.go +++ b/crypto/tss/bls/sign.go @@ -46,6 +46,8 @@ var ( ErrShareValidationFailure = errors.New("the validation of shares failures") // ErrPrysmVerifyFailure is returned if the verification of prysm failures. ErrPrysmVerifyFailure = errors.New("the verification of prysm failures") + // ErrZeroPublicKey is returned if the public key is zero. + ErrZeroPublicKey = errors.New("the public key is zero") ) type SignManager struct { @@ -66,6 +68,9 @@ func NewSignManager(threshold uint32, share []byte, bk *birkhoffinterpolation.Bk if err != nil { return nil, err } + if pubKeyG1.IsInfinity() { + return nil, ErrZeroPublicKey + } return &SignManager{ ownBK: bk, threshold: threshold,