simplpedpop: Refactor private side inputs/outputs

BlockstreamResearch · Oct 18, 2024 · 53959ce · 53959ce
1 parent 43237b7
commit 53959ce
Show file tree

Hide file tree

Showing 2 changed files with 34 additions and 4 deletions.
diff --git a/python/chilldkg_ref/simplpedpop.py b/python/chilldkg_ref/simplpedpop.py
@@ -101,7 +101,15 @@ class ParticipantState(NamedTuple):
 
 def participant_step1(
     seed: bytes, t: int, n: int, idx: int
-) -> Tuple[ParticipantState, ParticipantMsg, List[Scalar]]:
+) -> Tuple[
+    ParticipantState,
+    ParticipantMsg,
+    # The following return value is a list of n partial secret shares generated
+    # by this participant. The item at index i is supposed to be made available
+    # to participant i privately, e.g., via an external secure channel. See also
+    # the function participant_step2_prepare_secret_side_inputs().
+    List[Scalar],
+]:
     if t > n:
         raise ThresholdError
     if idx >= n:
@@ -110,14 +118,33 @@ def participant_step1(
         raise SecretKeyError
 
     vss = VSS.generate(seed, t)  # OverflowError if t >= 2**32
-    shares = vss.secshares(n)
+    partial_secshares_from_me = vss.secshares(n)
     pop = pop_prove(vss.secret().to_bytes(), idx)
 
     com = vss.commit()
     com_to_secret = com.commitment_to_secret()
     msg = ParticipantMsg(com, pop)
     state = ParticipantState(t, n, idx, com_to_secret)
-    return state, msg, shares
+    return state, msg, partial_secshares_from_me
+
+
+# Helper function to prepare the secret side inputs for participant idx's
+# participant_step2() from the partial_secshares returned by all participants'
+# participant_step1().
+#
+# This computation cannot be done entirely by the SimplPedPop coordinator
+# because it involves secret shares. In a pure run of SimplPedPop where secret
+# shares are sent via external secure channels (i.e., EncPedPop is not used),
+# each participant needs to run this to prepare their participant_step2().
+#
+# In EncPedPop, the coordinator will know the encrypted secret shares and will
+# take care of this preparation by exploiting the homomorphic property of the
+# encryption.
+def participant_step2_prepare_secret_side_inputs(
+    partial_secshares: List[Scalar],
+) -> Scalar:
+    secshare = Scalar.sum(*partial_secshares)
+    return secshare
 
 
 def participant_step2(

diff --git a/python/tests.py b/python/tests.py
@@ -45,7 +45,10 @@ def simulate_simplpedpop(seeds, t) -> List[Tuple[simplpedpop.DKGOutput, bytes]]:
     cmsg, cout, ceq = simplpedpop.coordinator_step(pmsgs, t, n)
     pre_finalize_rets = [(cout, ceq)]
     for i in range(n):
-        secshare = Scalar.sum(*([pret[2][i] for pret in prets]))
+        partial_secshares = [pret[2][i] for pret in prets]
+        secshare = simplpedpop.participant_step2_prepare_secret_side_inputs(
+            partial_secshares
+        )
         pre_finalize_rets += [
             simplpedpop.participant_step2(prets[i][0], cmsg, secshare)
         ]