From c58e4b5ad1b4243c1ce7a8dee9544744073c48fd Mon Sep 17 00:00:00 2001
From: Gustavo Frederico <gustavo@swingby.network>
Date: Mon, 13 Dec 2021 11:41:25 -0500
Subject: [PATCH] Additional check when Ks mismatch in savedata and sortedID

---
 ecdsa/keygen/save_data.go | 4 ++--
 ecdsa/signing/prepare.go  | 7 ++++++-
 eddsa/keygen/save_data.go | 3 +--
 eddsa/signing/prepare.go  | 7 ++++++-
 4 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/ecdsa/keygen/save_data.go b/ecdsa/keygen/save_data.go
index 9c73b50..1909933 100644
--- a/ecdsa/keygen/save_data.go
+++ b/ecdsa/keygen/save_data.go
@@ -8,9 +8,9 @@ package keygen
 
 import (
 	"encoding/hex"
+	"errors"
 	"math/big"
 
-	"github.com/binance-chain/tss-lib/common"
 	"github.com/binance-chain/tss-lib/crypto"
 	"github.com/binance-chain/tss-lib/crypto/paillier"
 	"github.com/binance-chain/tss-lib/ecdsa"
@@ -100,7 +100,7 @@ func BuildLocalSaveDataSubset(sourceData LocalPartySaveData, sortedIDs tss.Sorte
 		keyAndShift := new(big.Int).Add(idKey, reshareKeyOffset)
 		savedIdx, ok := keysToIndices[hex.EncodeToString(keyAndShift.Bytes())]
 		if !ok {
-			common.Logger.Warn("BuildLocalSaveDataSubset: unable to find a signer party in the local save data", id)
+			panic(errors.New("BuildLocalSaveDataSubset: unable to find a signer party in the local save data"))
 		}
 		newData.Ks[j] = sourceData.Ks[savedIdx]
 		newData.NTildej[j] = sourceData.NTildej[savedIdx]
diff --git a/ecdsa/signing/prepare.go b/ecdsa/signing/prepare.go
index 546f46c..30b5d1e 100644
--- a/ecdsa/signing/prepare.go
+++ b/ecdsa/signing/prepare.go
@@ -34,8 +34,13 @@ func PrepareForSigning(i, pax int, xi *big.Int, ks []*big.Int, bigXs []*crypto.E
 		if j == i {
 			continue
 		}
+		ksj := ks[j]
+		ksi := ks[i]
+		if ksj.Cmp(ksi) == 0 {
+			panic(fmt.Errorf("index of two parties are equal"))
+		}
 		// big.Int Div is calculated as: a/b = a * modInv(b,q)
-		coef := modQ.Mul(ks[j], modQ.Inverse(new(big.Int).Sub(ks[j], ks[i])))
+		coef := modQ.Mul(ks[j], modQ.Inverse(new(big.Int).Sub(ksj, ksi)))
 		wi = modQ.Mul(wi, coef)
 	}
 
diff --git a/eddsa/keygen/save_data.go b/eddsa/keygen/save_data.go
index eeb79c6..6373098 100644
--- a/eddsa/keygen/save_data.go
+++ b/eddsa/keygen/save_data.go
@@ -10,7 +10,6 @@ import (
 	"encoding/hex"
 	"math/big"
 
-	"github.com/binance-chain/tss-lib/common"
 	"github.com/binance-chain/tss-lib/crypto"
 	"github.com/binance-chain/tss-lib/tss"
 )
@@ -54,7 +53,7 @@ func BuildLocalSaveDataSubset(sourceData LocalPartySaveData, sortedIDs tss.Sorte
 	for j, id := range sortedIDs {
 		savedIdx, ok := keysToIndices[hex.EncodeToString(id.Key)]
 		if !ok {
-			common.Logger.Warn("BuildLocalSaveDataSubset: unable to find a signer party in the local save data", id)
+			panic("BuildLocalSaveDataSubset: unable to find a signer party in the local save data")
 		}
 		newData.Ks[j] = sourceData.Ks[savedIdx]
 		newData.BigXj[j] = sourceData.BigXj[savedIdx]
diff --git a/eddsa/signing/prepare.go b/eddsa/signing/prepare.go
index bdcc274..96cd8e9 100644
--- a/eddsa/signing/prepare.go
+++ b/eddsa/signing/prepare.go
@@ -30,8 +30,13 @@ func PrepareForSigning(i, pax int, xi *big.Int, ks []*big.Int) (wi *big.Int) {
 		if j == i {
 			continue
 		}
+		ksj := ks[j]
+		ksi := ks[i]
+		if ksj.Cmp(ksi) == 0 {
+			panic(fmt.Errorf("index of two parties are equal"))
+		}
 		// big.Int Div is calculated as: a/b = a * modInv(b,q)
-		coef := modQ.Mul(ks[j], modQ.Inverse(new(big.Int).Sub(ks[j], ks[i])))
+		coef := modQ.Mul(ks[j], modQ.Inverse(new(big.Int).Sub(ksj, ksi)))
 		wi = modQ.Mul(wi, coef)
 	}