Additional check when Ks mismatch in savedata and sortedID

2026-01-09 13:57:58 -05:00 · 2021-12-13 11:41:25 -05:00
parent b401af0289
commit c58e4b5ad1
4 changed files with 15 additions and 6 deletions
--- a/ecdsa/keygen/save_data.go
+++ b/ecdsa/keygen/save_data.go
@@ -8,9 +8,9 @@ package keygen

 import (
 	"encoding/hex"
+	"errors"
 	"math/big"

-	"github.com/binance-chain/tss-lib/common"
 	"github.com/binance-chain/tss-lib/crypto"
 	"github.com/binance-chain/tss-lib/crypto/paillier"
 	"github.com/binance-chain/tss-lib/ecdsa"
@@ -100,7 +100,7 @@ func BuildLocalSaveDataSubset(sourceData LocalPartySaveData, sortedIDs tss.Sorte
 		keyAndShift := new(big.Int).Add(idKey, reshareKeyOffset)
 		savedIdx, ok := keysToIndices[hex.EncodeToString(keyAndShift.Bytes())]
 		if !ok {
-			common.Logger.Warn("BuildLocalSaveDataSubset: unable to find a signer party in the local save data", id)
+			panic(errors.New("BuildLocalSaveDataSubset: unable to find a signer party in the local save data"))
 		}
 		newData.Ks[j] = sourceData.Ks[savedIdx]
 		newData.NTildej[j] = sourceData.NTildej[savedIdx]
--- a/ecdsa/signing/prepare.go
+++ b/ecdsa/signing/prepare.go
@@ -34,8 +34,13 @@ func PrepareForSigning(i, pax int, xi *big.Int, ks []*big.Int, bigXs []*crypto.E
 		if j == i {
 			continue
 		}
+		ksj := ks[j]
+		ksi := ks[i]
+		if ksj.Cmp(ksi) == 0 {
+			panic(fmt.Errorf("index of two parties are equal"))
+		}
 		// big.Int Div is calculated as: a/b = a * modInv(b,q)
-		coef := modQ.Mul(ks[j], modQ.Inverse(new(big.Int).Sub(ks[j], ks[i])))
+		coef := modQ.Mul(ks[j], modQ.Inverse(new(big.Int).Sub(ksj, ksi)))
 		wi = modQ.Mul(wi, coef)
 	}

--- a/eddsa/keygen/save_data.go
+++ b/eddsa/keygen/save_data.go
@@ -10,7 +10,6 @@ import (
 	"encoding/hex"
 	"math/big"

-	"github.com/binance-chain/tss-lib/common"
 	"github.com/binance-chain/tss-lib/crypto"
 	"github.com/binance-chain/tss-lib/tss"
 )
@@ -54,7 +53,7 @@ func BuildLocalSaveDataSubset(sourceData LocalPartySaveData, sortedIDs tss.Sorte
 	for j, id := range sortedIDs {
 		savedIdx, ok := keysToIndices[hex.EncodeToString(id.Key)]
 		if !ok {
-			common.Logger.Warn("BuildLocalSaveDataSubset: unable to find a signer party in the local save data", id)
+			panic("BuildLocalSaveDataSubset: unable to find a signer party in the local save data")
 		}
 		newData.Ks[j] = sourceData.Ks[savedIdx]
 		newData.BigXj[j] = sourceData.BigXj[savedIdx]
--- a/eddsa/signing/prepare.go
+++ b/eddsa/signing/prepare.go
@@ -30,8 +30,13 @@ func PrepareForSigning(i, pax int, xi *big.Int, ks []*big.Int) (wi *big.Int) {
 		if j == i {
 			continue
 		}
+		ksj := ks[j]
+		ksi := ks[i]
+		if ksj.Cmp(ksi) == 0 {
+			panic(fmt.Errorf("index of two parties are equal"))
+		}
 		// big.Int Div is calculated as: a/b = a * modInv(b,q)
-		coef := modQ.Mul(ks[j], modQ.Inverse(new(big.Int).Sub(ks[j], ks[i])))
+		coef := modQ.Mul(ks[j], modQ.Inverse(new(big.Int).Sub(ksj, ksi)))
 		wi = modQ.Mul(wi, coef)
 	}