Comments (10)
The real cause of the problem seems to be in from_bytes() where the encoded point is multiplied by 8.
from curv.
Hi @HRezaei,
So you're right, we intentionally multiply decoded point by 8, it clears a small cofactor from the point. That might seem odd, but that's how it works. FYI since [email protected], we don't do multiplication by 8 anymore.
Nevertheless, multi-party-eddsa
is tested to work, it takes into account that feature of curv
library. Could you describe how you encountered "invalid key" error?
from curv.
Hi @survived,
Thanks for your consideration.
Regarding the v0.8 we can't use it currently because upgrading to it, needs a lot of changes, not only in the eddsa project but also in many dependencies such as paillier's, centipede, bulletproofs, etc.
Nevertheless, multi-party-eddsa is tested to work, it takes into account that feature of curv library. Could you describe how you encountered "invalid key" error?
Yeah, tests in the multi-party-eddsa
work without error because all parties are executed in the same machine. Consider for example, the test function keygen_t_n_parties(), in the line 153 you have collected y_vec
by simply iterating over party_keys_vec
. But in a real scenario, each y_i
has to be collected from different parties, executed on separated machines. So they have to be serialized and deserialized in the communications between parties. I suggest changing the lines 153-155 from
let y_vec = (0..n.clone())
.map(|i| party_keys_vec[i].y_i.clone())
.collect::<Vec<GE>>();
to this snippet below, to mimic the real scenario.
let y_vec = (0..n.clone())
.map(|i| party_keys_vec[i].y_i.clone())
.map(|y_i| serde_json::to_string(&y_i).unwrap())//serialize y so to be broadcasted to other parties
.map(|y_i_json| serde_json::from_str(&y_i_json).unwrap())//deserialize y, as it happens in each recipient party
.collect::<Vec<GE>>();
You will see two tests will fail with the error "invalid key: InvalidKey".
from curv.
but also in many dependencies such as paillier's, centipede, bulletproofs, etc
All of these libraries are updated to use the latest curv
, thanks to @tmpfs. multi-party-ecdsa
is almost updated too, see ZenGo-X/multi-party-ecdsa#144. It is possible to update eddsa library as well, if you want to contribute to the project 😉
Regarding deserialization, unless the library is updated to use latest curv, you can divide deserialized point by 8, it will yield the original point.
from curv.
Updating the eddsa would be appealing if time limits permit. 😊
About division by eight, I followed your advice, but as you can see in the above commit, it needs many changes in many places as GE's are used inside vectors and more complex structs. It also would be a source of runtime errors, not easily discernible errors, because it's related to values, not data types. The developers should be careful to remedy the situation whenever a data structure containing GE is deserialized.
from curv.
Yeah that's frustrating. If it's applicable for your case — you can define a structure pub struct MyGE(GE);
and define Serialization/Deserialization traits for it. Maybe that could help you to minify the changes?
Also, you can tag the wrapping structure with #[repr(transparent)]
and this will allow you to define relatively safe zero-cost cast Vec<MyGE> -> Vec<GE>
.
from curv.
Thank you @survived for your advice.
But if I decided to define such a custom type in my own fork for my own use, why not remove that multiply by eight? What's the harm of removing that and adding a check for being on the curve?
from curv.
Multiplication by 8 is security related operation, it clears out small cofactor part from the point. Not doing this might leak some bits of your secrets, or affect the protocol in some unexpected way. Note that it's not related to checking whether a point is on curve: when we multiply point by 8, we already checked that the point is on curve.
New version of curv
performs an expensive check instead of multiplying by 8. It's less efficient, but more clear.
from curv.
@HRezaei thanks for that, can you check again with v.0.10.0?
from curv.
Hi @leontiadZen,
Sorry for late reply!
The initial issue was reported on v0.7.0, however I can confirm it is resolved in v0.9 and v0.10.0.
from curv.
Related Issues (20)
- Update `hmac` dependency HOT 1
- Suboptimal serialization of certain structs HOT 4
- Feature request: serialization in v0.7 HOT 1
- suggested additions to Polynomial HOT 2
- Zero Polynomial degree is returning 0
- Implement Zeroize for `Point<E>`
- Serialization doesn't work with bincode
- Build error: could not find `traits` in `super` HOT 4
- Update crate to latest revision of source code. HOT 1
- generate pk should know the curve
- Bump p256 to 0.11.1 HOT 3
- Incorrect documentation for `check_point_order_equals_group_order` HOT 2
- Updating `curv` dependency in `kzen-paillier`
- Choices between G1Point and Point<Bls12_381_1> in v0.10.0
- Add support for RustCrypto's crypto-bigint HOT 3
- Why use a point as generator instead of a number in feldman vss?
- Deserialization fails for `Secp256k1Scalar`
- Is pairing still considered experimental?
- Build failing on rust 1.73.0
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from curv.