search

ZenGo-X / multi-party-ecdsa

Rust implementation of {t,n}-threshold ECDSA (elliptic curve digital signature algorithm).
GNU General Public License v3.0
966 stars 309 forks source link

GG_2020: Incorrect Alice's range proof in MtA when Signing #165

Closed Rwinwij closed 2 years ago

Rwinwij commented 2 years ago

Dear ZenGo Team,

I am currently trying to use GG_2020 multi-party ECDSA for a crypto wallet project.

I found that the signing will pass if we sign with local-share1 first followed by local-share2, but failed in other order, e.g: ./gg20_signing -p 1,2 -d "hello" -l local-share2.json ./gg20_signing -p 1,2 -d "hello" -l local-share1.json

                                    OR

./gg20_signing -p 1,2 -d "hello" -l local-share2.json ./gg20_signing -p 1,2 -d "hello" -l local-share3.json

The error is "Incorrect Alice's range proof in MtA" which is during Round 1 of signing.

I have tried to modified the DKG modules to use safe_primes when generating the keys/local shares but the problem still persists.

Hope that your team can look into this.

Many thanks,

Erwin

Rwinwij commented 2 years ago

The -p parameter need to specify the local shares used to sign in the correct order. For the case of signing with local share 3 and local share 1, the command would be: ./gg20_signing -p 3,1 -d "hello" -l local-share3.json ./gg20_signing -p 3,1 -d "hello" -l local-share1.json

drewstone commented 1 year ago

@Rwinwij any chance you're available to discuss this issue? We're facing it ourselves, if you're open to it, my email is drew@webb.tools.