1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
use crate::{SecretKeyShare, Signature};
use bls12_381_plus::{G1Affine, G1Projective, Scalar};
use core::{
convert::TryFrom,
fmt::{self, Display},
ops::{BitOr, Not},
};
use group::Curve;
use serde::{Deserialize, Deserializer, Serialize, Serializer};
use subtle::Choice;
use vsss_rs::Share;
#[derive(Clone, Copy, Debug)]
pub struct PartialSignature(pub(crate) Share<PARTIAL_SIGNATURE_BYTES>);
impl Default for PartialSignature {
fn default() -> Self {
Self(Share::default())
}
}
impl Display for PartialSignature {
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
for b in &self.0 .0 {
b.fmt(f)?;
}
Ok(())
}
}
impl From<Share<PARTIAL_SIGNATURE_BYTES>> for PartialSignature {
fn from(share: Share<PARTIAL_SIGNATURE_BYTES>) -> Self {
Self(share)
}
}
impl<'a> From<&'a Share<PARTIAL_SIGNATURE_BYTES>> for PartialSignature {
fn from(share: &'a Share<PARTIAL_SIGNATURE_BYTES>) -> Self {
Self(*share)
}
}
impl Serialize for PartialSignature {
fn serialize<S>(&self, s: S) -> Result<S::Ok, S::Error>
where
S: Serializer,
{
self.0.serialize(s)
}
}
impl<'de> Deserialize<'de> for PartialSignature {
fn deserialize<D>(d: D) -> Result<Self, D::Error>
where
D: Deserializer<'de>,
{
let p = Share::<PARTIAL_SIGNATURE_BYTES>::deserialize(d)?;
Ok(Self(p))
}
}
impl PartialSignature {
pub const BYTES: usize = PARTIAL_SIGNATURE_BYTES;
pub fn new<B: AsRef<[u8]>>(sk: &SecretKeyShare, msg: B) -> Option<Self> {
if sk.is_zero() {
return None;
}
let a = Signature::hash_msg(msg.as_ref());
let t = <[u8; 32]>::try_from(sk.0.value()).unwrap();
let res = Scalar::from_bytes(&t).map(|s| {
let point = a * s;
let mut bytes = [0u8; PARTIAL_SIGNATURE_BYTES];
bytes[1..].copy_from_slice(&point.to_affine().to_compressed());
bytes[0] = sk.0.identifier();
Some(PartialSignature(Share(bytes)))
});
if res.is_some().unwrap_u8() == 1 {
res.unwrap()
} else {
None
}
}
pub fn is_valid(&self) -> Choice {
let t: [u8; 48] = <[u8; 48]>::try_from(self.0.value()).unwrap();
let p = G1Affine::from_compressed(&t).map(G1Projective::from);
p.map(|v| v.is_identity().not().bitor(v.is_on_curve()))
.unwrap_or_else(|| Choice::from(0u8))
}
pub fn is_invalid(&self) -> Choice {
let t: [u8; 48] = <[u8; 48]>::try_from(self.0.value()).unwrap();
let p = G1Affine::from_compressed(&t).map(G1Projective::from);
p.map(|v| v.is_identity().bitor(v.is_on_curve().not()))
.unwrap_or_else(|| Choice::from(0u8))
}
pub fn to_bytes(self) -> [u8; Self::BYTES] {
self.0 .0
}
pub fn from_bytes(bytes: &[u8; Self::BYTES]) -> Self {
Self(Share(*bytes))
}
}
pub(crate) const PARTIAL_SIGNATURE_BYTES: usize = 49;