tangle icon indicating copy to clipboard operation
tangle copied to clipboard
verified publisher icon webb-tools

[CHECKLIST] `dfns/cggmp21` on-chain Misbehavior Reporting and Verification

Open shekohex opened this issue 2 years ago • 0 comments

Overview

This is a brief checklist to track down all the tasks and initiatives that are required to fully cover the dfns/cggmp21 gadget in terms of misbehavior/blames on chain reporting and verification.

Prerequisites

  • [x] Add no_std support for malachite as a replacement for rug
    • [x] https://github.com/mhogrefe/malachite/pull/34
    • [x] https://github.com/mhogrefe/malachite/pull/35

Keygen

Note: we are currently only interested in threshold keygen.

  • [x] InvalidDecommitment: party decommitment doesn't match commitment.
  • [x] InvalidDataSize: party data size is not suitable for threshold parameters.
  • [x] FeldmanVerificationFailed: party secret share is not consistent.
  • [x] InvalidSchnorrProof: party provided invalid schnorr proof.

Key Refresh (aka aux_gen)

Note: we are currently only interested in aux only key refresh

  • [x] InvalidDecommitment: decommitment doesn't match commitment.
  • [x] ~InvalidSchnorrProof: provided invalid schnorr proof.~ (for non_threshold key refresh, which we're currently not using in the gadget)
  • [x] InvalidModProof: provided invalid proof for Rmod. (https://github.com/webb-tools/tangle/pull/470)
  • [x] InvalidFacProof: provided invalid proof for Rfac. (https://github.com/webb-tools/tangle/pull/470)
  • [x] InvalidRingPedersenParameters: N, s and t parameters are invalid. (https://github.com/webb-tools/tangle/pull/469)
  • [x] ~InvalidX: X is malformed.~ (for non_threshold key refresh, which we're currently not using in the gadget)
  • [x] ~InvalidXShare: x doesn't correspond to X.~ (for non_threshold key refresh, which we're currently not using in the gadget)
  • [x] ~InvalidDataSize: party sent a message with missing data.~ (for non_threshold key refresh, which we're currently not using in the gadget)
  • [x] ~PaillierDec: party message could not be decrypted.~ (for non_threshold key refresh, which we're currently not using in the gadget)

Signing

  • [ ] EncProofOfK: pi_enc::verify(K) failed.
  • [ ] InvalidPsi: ψ, ψˆ, or ψ' proofs are invalid.
  • [ ] InvalidPsiPrimePrime: ψ'' proof is invalid.
  • [x] ~MismatchedDelta: Delta != G * delta~ (not implemented in the cggmp21)

shekohex avatar Feb 08 '24 10:02 shekohex