Comments (14)
Hi @LachlanGunn ! :)
yes this is by design. Can you give a concrete example where this becomes a limitation ?
from curv.
Thanks @omershlo. As an example, we sometimes need to compute (ci G), i=0…n over some polynomial, where c0 is a secret to be shared. If this secret may be zero, then to use a raw ECPoint type we need to special-case everything so that there are "polynomials with c0 = 0" and "other polynomials".
from curv.
How about the zero method?
https://github.com/ZenGo-X/curv/blob/master/src/elliptic/curves/secp256_k1.rs#L106
Are using it ?
from curv.
Yes, so for scalar operations I do the modular arithmetic directly on the equivalent bignum, then convert it back by checking for zero and using the zero method when I can't convert it to a scalar in the normal way. But there isn't an equivalent for the curve points to get the identity, meaning that I can't actually compute xG in that instance, or even (a-a)G.
from curv.
Yes but where do you need to do computation with the identity ?
from curv.
In my case it is because I need to compute xG where x might be equal to zero.
from curv.
I claim you can do the computation without using a point xG where x is zero .
Can you perhaps elaborate where do you get stuck ?
from curv.
Might you please elaborate on how you might go about doing it? At least for now, such a workaround might be enough.
But as an example of the issue, see the built-in Feldman VSS implementation, which computes:
let G: P = ECPoint::generator();
let commitments = (0..poly.len())
.map(|i| G.clone() * poly[i].clone())
.collect::<Vec<P>>();
So, if I try to share zero:
use curv::cryptographic_primitives::secret_sharing::feldman_vss::*;
use curv::elliptic::curves::traits::ECScalar;
pub type Scalar = curv::elliptic::curves::secp256_k1::Secp256k1Scalar;
pub type Point = curv::elliptic::curves::secp256_k1::Secp256k1Point;
fn main() {
let secret_one = ECScalar::from(&curv::BigInt::from(1u32));
let secret_zero = ECScalar::zero();
eprintln!("Sharing one");
VerifiableSS::<Point>::share(2, 5, &secret_one);
eprintln!("Sharing zero");
VerifiableSS::<Point>::share(2, 5, &secret_zero);
}
It panics:
Sharing one
Sharing zero
thread 'main' panicked at 'Assignment expected: InvalidTweak', /home/lachlan/.cargo/git/checkouts/curv-a122740a63e0e0af/e53db73/src/elliptic/curves/secp256_k1.rs:409:14
from curv.
Thank you for clarifying @LachlanGunn !
I actually see two issues here:
- improper handling of error
- inability to secret share zero
We can fix the second issue easily by treating separately the case of s = 0 , and using a shorter commitment vector for this case.
will this solve your specific problem ? ( I still claim that computing with identity should be avoided)
Let me know if you want to give it a try and make a PR, otherwise I will take it :)
from curv.
This was just an example—I am implementing a different protocol so am not actually using this code at the moment. But I wonder, is this the right place to fix it? It seems that this is creating a special representation for the identity element that would be used whenever this one piece of code recognises that an operation (in this case, scalar multiplication) may yield the identity element. It will have to be reimplemented, potentially dangerously, for every protocol that needs to be able to work with arbitrary scalars/points.
I am probably biased here because I would need to do this reimplementation myself in several places, but since it would need to be in so many places, could it be better for it to be exposed somehow by the API, even if behind a scary sounding RawPoint or RiskyPoint? I don't really understand why the current restrictions are in place, so it's difficult for me to tell whether this is a reasonable solution.
from curv.
sent you an email
from curv.
Hello,
Recently, I also encountered same error of "'Assignment expected: InvalidTweak'" from secp256_k1.rs while doing a VSS of scalar zero (FE::zero()).
I wanted to do this to experiment the "refresh" method (not the re-sharing method as done in tss-lib) via zero secret sharing as mentioned in section 3.2 of this paper 1.
I guess, to experiment above method, we can also try doing VSS of "a chosen random scalar instead of zero" twice with random sampled data, and the result of first VSS will be added and of the second will be subtracted, but that may require more interaction and may not be very efficient.
That's why VSS of FE::zero() is required. Any approach to resolve this issue?
from curv.
Hi,
we tried to solve for this specific issue of VSS by extending the VSS API: see this commit:
e95192f#diff-28708fca15925e1a9d0f4eb491dcb8742d943cac84c8d5ae7d1f0b374d9a90fc
please let me know if that helps you (it should)
from curv.
Hi,
This is exactly what I had in mind. Tested it and it works as expected.
Thanks a lot.
from curv.
Related Issues (20)
- Update `hmac` dependency HOT 1
- Suboptimal serialization of certain structs HOT 4
- Feature request: serialization in v0.7 HOT 1
- suggested additions to Polynomial HOT 2
- Zero Polynomial degree is returning 0
- Implement Zeroize for `Point<E>`
- ed25519::GE fails in serialization and deserialization HOT 10
- Serialization doesn't work with bincode
- Build error: could not find `traits` in `super` HOT 4
- Update crate to latest revision of source code. HOT 1
- generate pk should know the curve
- Bump p256 to 0.11.1 HOT 3
- Incorrect documentation for `check_point_order_equals_group_order` HOT 2
- Updating `curv` dependency in `kzen-paillier`
- Choices between G1Point and Point<Bls12_381_1> in v0.10.0
- Add support for RustCrypto's crypto-bigint HOT 3
- Why use a point as generator instead of a number in feldman vss?
- Deserialization fails for `Secp256k1Scalar`
- Is pairing still considered experimental?
- Build failing on rust 1.73.0
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from curv.