Roundtrip integration test for FROST #11
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Introduced a set of helper functions that will allow us to set up FROST protocol participants with real secret key shares.
The test executes round 1 and round 2 followed by a signature aggregation. This is a very-happy-path scenario where all signers of the group cooperate honestly.
In BIP-340 there are two places in the signing protocol where we need to invert a scalar if the elliptic curve point for that scalar has even Y coordinate. The first place is when `d` is calculated, and the second place is where `k` is calculated. For `d` calculation, we will have to take it into account for the key generation protocol. In unit tests, we simply do the inversion for the secret key, as proposed in this commit. For `k` the situation is more complicated because it is calculated according to the FROST protocol. In unit tests, we retry signing as proposed in this commit. For ROAST, when we'll be building it, this is something we need to take into account as well.
From [BIP-340]: Let k' = int(rand) mod n[13]. Fail if k' = 0. Let R = k'⋅G. Let k = k' if has_even_y(R), otherwise let k = n - k' . Although it is easy to address similar requirement for `d` by inverting the secret key earlier in the test, for `k` the situation is more complicated because it is generated by [FROST]. For now, we just retry. See #12
Added a unit test covering the case when only threshold of signers participate in FROST.
eth-r
approved these changes
Jan 10, 2024
| // For now, we just retry. | ||
| // | ||
| // See https://github.com/threshold-network/roast-go/issues/12 | ||
| for i := 0; !isSignatureValid && i < maxAttempts; i++ { |
There was a problem hiding this comment.
With maxAttempts = 5 we have around a 3% chance that this test will not pass due to bad luck. We may want to increase it to e.g. 10 (0.1% chance of not passing) or 20 (0.0001% chance of not passing).
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The roundtrip test executes round one and round two followed by a call to the coordinator to aggregate signature shares. The produced signature is then validated according to BIP-340. There are two cases covered: when the entire group participates in signing and when only a threshold of signers participate.