This adds the non-interactive signing protocol and a happy test for it.
It's quite large so I think it would benefit from review from both @gatoWololo and @hridambasu , just to have more eyes on it.
I tried to avoid adding too much miscellaneous clean-up, but I did make the following 2 changes:
I removed some redundancy around protocol executions, especially with session IDs; lots of the methods on various ProtocolParticipants take sid as a parameter, but each protocol participant also holds a session ID. We're at risk for bugs if they're different, so I reduced a bit of the usage of parameter-SIDs. This could be done more thoroughly across the library; I mainly fixed an actual bug in keygen tests where the messages had different SID from the participant, and simplified the implementation so it couldn't happen again.
There was some unnecessary separation of methods in the test_utils module that I found more confusing than helpful, so I consolidated into the two functions we actually use. No functional changes here.
From Aug 9:
I'm trying to add the complete signing protocol to the repo, but I'm getting some errors where signing generates an invalid signature. Here's what I've figured out:
Sometimes it works correctly
If a given (record, message) pair fails, changing the message will often pass
If I use the presign records to reconstruct the signing mask k and build the signature as if it were non-distributed signing, I get the same signature as the distributed algorithm (but it also fails).
This kind of reads to me like the signing algorithm is correct, but I'm generating presign records wrong, although I'm not sure how wrong they can be because even a "failing" record will work for some messages. I'm feeling pretty stuck on this.
This is a huge PR (as promised) and there's a lot to wade through. I hardcoded a seed that causes the tests to fail for reference.
Closes #425.
This adds the non-interactive signing protocol and a happy test for it.
It's quite large so I think it would benefit from review from both @gatoWololo and @hridambasu , just to have more eyes on it.
I tried to avoid adding too much miscellaneous clean-up, but I did make the following 2 changes:
ProtocolParticipant
s takesid
as a parameter, but each protocol participant also holds a session ID. We're at risk for bugs if they're different, so I reduced a bit of the usage of parameter-SIDs. This could be done more thoroughly across the library; I mainly fixed an actual bug in keygen tests where the messages had different SID from the participant, and simplified the implementation so it couldn't happen again.test_utils
module that I found more confusing than helpful, so I consolidated into the two functions we actually use. No functional changes here.From Aug 9:
I'm trying to add the complete signing protocol to the repo, but I'm getting some errors where signing generates an invalid signature. Here's what I've figured out:
k
and build the signature as if it were non-distributed signing, I get the same signature as the distributed algorithm (but it also fails).This kind of reads to me like the signing algorithm is correct, but I'm generating presign records wrong, although I'm not sure how wrong they can be because even a "failing" record will work for some messages. I'm feeling pretty stuck on this.
This is a huge PR (as promised) and there's a lot to wade through. I hardcoded a seed that causes the tests to fail for reference.