Additional check when Ks mismatch in savedata and sortedID

Gustavo Frederico · creamwhip · commit c58e4b5ad1b4 · 2021-12-14T07:54:27.000Z
diff --git a/ecdsa/keygen/save_data.go b/ecdsa/keygen/save_data.go
@@ -8,9 +8,9 @@ package keygen
 
 import (
 	"encoding/hex"
+	"errors"
 	"math/big"
 
-	"github.com/binance-chain/tss-lib/common"
 	"github.com/binance-chain/tss-lib/crypto"
 	"github.com/binance-chain/tss-lib/crypto/paillier"
 	"github.com/binance-chain/tss-lib/ecdsa"
@@ -100,7 +100,7 @@ func BuildLocalSaveDataSubset(sourceData LocalPartySaveData, sortedIDs tss.Sorte
 		keyAndShift := new(big.Int).Add(idKey, reshareKeyOffset)
 		savedIdx, ok := keysToIndices[hex.EncodeToString(keyAndShift.Bytes())]
 		if !ok {
-			common.Logger.Warn("BuildLocalSaveDataSubset: unable to find a signer party in the local save data", id)
+			panic(errors.New("BuildLocalSaveDataSubset: unable to find a signer party in the local save data"))
 		}
 		newData.Ks[j] = sourceData.Ks[savedIdx]
 		newData.NTildej[j] = sourceData.NTildej[savedIdx]
diff --git a/ecdsa/signing/prepare.go b/ecdsa/signing/prepare.go
@@ -34,8 +34,13 @@ func PrepareForSigning(i, pax int, xi *big.Int, ks []*big.Int, bigXs []*crypto.E
 		if j == i {
 			continue
 		}
+		ksj := ks[j]
+		ksi := ks[i]
+		if ksj.Cmp(ksi) == 0 {
+			panic(fmt.Errorf("index of two parties are equal"))
+		}
 		// big.Int Div is calculated as: a/b = a * modInv(b,q)
-		coef := modQ.Mul(ks[j], modQ.Inverse(new(big.Int).Sub(ks[j], ks[i])))
+		coef := modQ.Mul(ks[j], modQ.Inverse(new(big.Int).Sub(ksj, ksi)))
 		wi = modQ.Mul(wi, coef)
 	}
 
diff --git a/eddsa/keygen/save_data.go b/eddsa/keygen/save_data.go
@@ -10,7 +10,6 @@ import (
 	"encoding/hex"
 	"math/big"
 
-	"github.com/binance-chain/tss-lib/common"
 	"github.com/binance-chain/tss-lib/crypto"
 	"github.com/binance-chain/tss-lib/tss"
 )
@@ -54,7 +53,7 @@ func BuildLocalSaveDataSubset(sourceData LocalPartySaveData, sortedIDs tss.Sorte
 	for j, id := range sortedIDs {
 		savedIdx, ok := keysToIndices[hex.EncodeToString(id.Key)]
 		if !ok {
-			common.Logger.Warn("BuildLocalSaveDataSubset: unable to find a signer party in the local save data", id)
+			panic("BuildLocalSaveDataSubset: unable to find a signer party in the local save data")
 		}
 		newData.Ks[j] = sourceData.Ks[savedIdx]
 		newData.BigXj[j] = sourceData.BigXj[savedIdx]
diff --git a/eddsa/signing/prepare.go b/eddsa/signing/prepare.go
@@ -30,8 +30,13 @@ func PrepareForSigning(i, pax int, xi *big.Int, ks []*big.Int) (wi *big.Int) {
 		if j == i {
 			continue
 		}
+		ksj := ks[j]
+		ksi := ks[i]
+		if ksj.Cmp(ksi) == 0 {
+			panic(fmt.Errorf("index of two parties are equal"))
+		}
 		// big.Int Div is calculated as: a/b = a * modInv(b,q)
-		coef := modQ.Mul(ks[j], modQ.Inverse(new(big.Int).Sub(ks[j], ks[i])))
+		coef := modQ.Mul(ks[j], modQ.Inverse(new(big.Int).Sub(ksj, ksi)))
 		wi = modQ.Mul(wi, coef)
 	}
 

Original file line number	Diff line number	Diff line change
`@@ -34,8 +34,13 @@ func PrepareForSigning(i, pax int, xi big.Int, ks []big.Int, bigXs []*crypto.E`
`34`	`34`	`if j == i {`
`35`	`35`	`continue`
`36`	`36`	`}`
	`37`	`+ ksj := ks[j]`
	`38`	`+ ksi := ks[i]`
	`39`	`+ if ksj.Cmp(ksi) == 0 {`
	`40`	`+ panic(fmt.Errorf("index of two parties are equal"))`
	`41`	`+ }`
`37`	`42`	`// big.Int Div is calculated as: a/b = a * modInv(b,q)`
`38`		`- coef := modQ.Mul(ks[j], modQ.Inverse(new(big.Int).Sub(ks[j], ks[i])))`
	`43`	`+ coef := modQ.Mul(ks[j], modQ.Inverse(new(big.Int).Sub(ksj, ksi)))`
`39`	`44`	`wi = modQ.Mul(wi, coef)`
`40`	`45`	`}`
`41`	`46`
Original file line number	Diff line number	Diff line change
`@@ -30,8 +30,13 @@ func PrepareForSigning(i, pax int, xi big.Int, ks []big.Int) (wi *big.Int) {`
`30`	`30`	`if j == i {`
`31`	`31`	`continue`
`32`	`32`	`}`
	`33`	`+ ksj := ks[j]`
	`34`	`+ ksi := ks[i]`
	`35`	`+ if ksj.Cmp(ksi) == 0 {`
	`36`	`+ panic(fmt.Errorf("index of two parties are equal"))`
	`37`	`+ }`
`33`	`38`	`// big.Int Div is calculated as: a/b = a * modInv(b,q)`
`34`		`- coef := modQ.Mul(ks[j], modQ.Inverse(new(big.Int).Sub(ks[j], ks[i])))`
	`39`	`+ coef := modQ.Mul(ks[j], modQ.Inverse(new(big.Int).Sub(ksj, ksi)))`
`35`	`40`	`wi = modQ.Mul(wi, coef)`
`36`	`41`	`}`
`37`	`42`