Closed zargarzadehm closed 4 months ago
yycen
commented
4 months ago Hi Do you use the same msg to initialize NewLocalParty*(msg, ...) ? If the message to sign is not the same across all signing parties, it could possibly result in the error in round 9.
zargarzadehm
commented
4 months ago Hi Do you use the same msg to initialize NewLocalParty*(msg, ...) ? If the message to sign is not the same across all signing parties, it could possibly result in the error in round 9.
I checked, and the msg is the same for all parties. I also tested using NewLocalParty instead of NewLocalPartyWithKDD (without key derivation), and the message was signed successfully. The issue arises when attempting to sign using NewLocalPartyWithKDD.
yycen
commented
4 months ago Did you call UpdatePublicKeyAndAdjustBigXj? For a given keyDelta value, it should be noticed that the corresponding child pubkey is needed to feed in
keyDerivationDelta := big.NewInt(123)
deltaG := crypto.ScalarBaseMult(tss.S256(), keyDerivationDelta)
cPk, err := deltaG.Add(keys[0].ECDSAPub)
cPubKey := ecdsa.PublicKey{
Curve: btcec.S256(),
X: cPk.X(),
Y: cPk.Y(),
}
err = UpdatePublicKeyAndAdjustBigXj(keyDerivationDelta, keys, &cPubKey, tss.S256())Did you call UpdatePublicKeyAndAdjustBigXj? For a given keyDelta value, it should be noticed that the corresponding child pubkey is needed to feed in
keyDerivationDelta := big.NewInt(123) deltaG := crypto.ScalarBaseMult(tss.S256(), keyDerivationDelta) cPk, err := deltaG.Add(keys[0].ECDSAPub) cPubKey := ecdsa.PublicKey{ Curve: btcec.S256(), X: cPk.X(), Y: cPk.Y(), } err = UpdatePublicKeyAndAdjustBigXj(keyDerivationDelta, keys, &cPubKey, tss.S256())
Thank you for your assistance; my issue was related to updating the reference keys.
As a suggestion, I believe that UpdatePublicKeyAndAdjustBigXj should be called for a single key rather than a list of keys. In production use, each user should call this function with their key, which should be passed as a pointer.
Hi
I'm trying to use ecdsa singing with
NewLocalPartyWithKDDbut I'm getting this error in round 9:Do you have any suggestions? Which parameters in creating a party can affect the verification in round 9?