Simplify challenge generation

boltlabs-inc / tss-ecdsa

An implementation of a threshold ECDSA signature scheme

Other

12 stars 5 forks source link

Simplify challenge generation #166

Closed marsella closed 1 year ago

marsella commented 1 year ago

There are two methods that derive BigNumbers from a Transcript in utils.rs (one draws from ±q and one from F_q = [0, q), for some bound q).

In practice, these are always used to generate challenges from Fiat-Shamir proofs, and the bound is always the order of the elliptic curve.

Simplify the API to hard-code the bound and document/rename the functions to be explicit about their intended use.

marsella commented 1 year ago

Notes from a chat this morning:

the correct value of q is the order of the k256 curve. There's a k256_order function in utils.rs that defines this.
I think I missed one case when I wrote this issue where the bound is not the order of the curve. So the positive_bn_random_from_transcript might still need to take a parameter (it's used with different moduli in pi-mod and pi-sch).