Include group public key in binding value computation#165
Include group public key in binding value computation#165
Conversation
djordon
left a comment
djordon
left a comment
There was a problem hiding this comment.
I haven't really absorbed this one yet.
|
Well, there isn't much to absorb. I'm just saying that I need one more pass |
xoloki
force-pushed
the
bind-group-key
branch
2 times, most recently
from
fa598a0 to
d5edaf7
Compare
| let Some(group_key) = self.aggregate_public_key else { | ||
| return Err(Error::MissingAggregatePublicKey); | ||
| }; | ||
| let (_, R) = compute::intermediate(&self.message, group_key, &party_ids, &nonces); |
There was a problem hiding this comment.
We should probably use the same aggregate_nonce language for variables here as well.
|
|
||
| let party_ids: Vec<u32> = sig_shares.iter().map(|ss| ss.id).collect(); | ||
| let (Rs, R) = compute::intermediate(msg, &party_ids, nonces); | ||
| let (Rs, R) = compute::intermediate(msg, self.poly[0], &party_ids, nonces); |
There was a problem hiding this comment.
Hmmm, we shouldn't use direct array access here. Same thing in the changes above in this file.
I mean, it should always be fine, but we should add some encapsulation to the type so that we have that guarantee. No need to add encapsulation to this PR though.
There was a problem hiding this comment.
Also, why can't we use self.group_key here?
There was a problem hiding this comment.
The aggregators don't have a self.group_key field. We could certainly add one, it's just duplicating a single 32-byte value.
Aggregator::init does return a Result, so we could always check there to make sure that the polynomial isn't empty. We could also check that each poly is appropriately size for the threshold, that the threshold isn't zero, etc. Do you want me to add an issue for this so we remember to handle it outside of this PR?
…pt spends (#199) * add btc_sign_verify test that uses state machines to sign/verify btc taproot key and script spends * dont take a reference of a slice * clean up module imports and references
…lue computation pass group key when necessary to compute binding value use iter instead of into_iter when possible set aggregate public key in nonce tests; use aggregate public key not tweaked public key when computing binding values use RFC names for nonce commitments; add comments explaining what goes into the commitment lists; prefer let/else rather than if let/else replace R with aggregate_nonce
|
Fixed in #228, closing |
2 participants
Fixes #162