Missing inputs to Fiat-Shamir hash (in non_threshold)

LFDT-Lockness / paillier-zk

Zero-knoledge proofs of some paillier cryptosystem properties for use in CGGMP21

Apache License 2.0

0 stars 1 forks source link

Closed jkatzDfns closed 1 year ago

jkatzDfns commented 1 year ago

In line 200 of non_threshold.rs, both X_i and sch_commit should be included in the hash.

jkatzDfns commented 1 year ago

Of course, line 222 also needs to be fixed so verification works

maurges commented 1 year ago

X_i is included, it's just called Xs (for the fact that it's many exes)

maurges commented 1 year ago

Moved to cggmp repo