int CG21_AUX_ROUND1_GEN

int CG21_AUX_ROUND1_GEN_V()

in src/cg21/cg21_aux.c [56:152]
57 lines of code
4 McCabe index (conditional complexity)

int CG21_AUX_ROUND1_GEN_V(csprng *RNG, CG21_AUX_ROUND1_STORE_PUB *round1StorePub,
                          CG21_AUX_ROUND1_STORE_PRIV *round1storePriv,
                          CG21_AUX_ROUND1_OUT *round1Out,
                          CG21_PAILLIER_KEYS *paillier,
                          const CG21_SSID *ssid,
                          CG21_PEDERSEN_KEYS *pedersen,
                          int id, int n){

    BIG_256_56 s;
    BIG_256_56 q;



    hash256 sha;
    char w[SHA256];

    // get curve order
    BIG_256_56_rcopy(q, CURVE_Order_SECP256K1);

    // choose random rho
    BIG_256_56_randomnum(s, q, RNG);
    round1StorePub->rho->len=EGS_SECP256K1;
    BIG_256_56_toBytes(round1StorePub->rho->val,s);

    // choose random u
    BIG_256_56_zero(s);
    BIG_256_56_randomnum(s, q, RNG);
    round1StorePub->u->len=EGS_SECP256K1;
    BIG_256_56_toBytes(round1StorePub->u->val,s);
    BIG_256_56_zero(s);

    // store player ID
    round1StorePub->i = id;
    round1storePriv->i = id;
    round1Out->i = id;
    round1StorePub->t=n;

    HASH256_init(&sha);

    //Process i into sha
    HASH_UTILS_hash_i2osp4(&sha, id);
    HASH_UTILS_hash_i2osp4(&sha, sizeof(id));

    // process rho and u into sha
    HASH_UTILS_hash_oct(&sha, round1StorePub->rho);
    HASH_UTILS_hash_oct(&sha, round1StorePub->u);

    // process the curve order and generator into sha
    HASH_UTILS_hash_oct(&sha, ssid->g);
    HASH_UTILS_hash_oct(&sha, ssid->q);

    // process xor-ed rids into sha
    HASH_UTILS_hash_oct(&sha, ssid->rid);

    // sort partial X[i] based on j_packed and process them into sha
    int rc = CG21_hash_set_X(&sha, ssid->X_set_packed, ssid->j_set_packed, n, EFS_SECP256K1 + 1);
    if (rc!=CG21_OK){
        return rc;
    }

    // pack b0, b1, N into one octet
    CG21_PedersenPub_to_octet(&pedersen->pedersenPub, round1StorePub->PedPub);

    // pack N and N^2 into one octet
    CG21_PaillierPub_to_octet(&paillier->paillier_pk, round1StorePub->PaiPub);

    // pack Pedersen private params
    CG21_PedersenPriv_to_octet(&pedersen->pedersenPriv, round1storePriv->PEDERSEN_PRIV);

    // pack Paillier primes
    CG21_PaillierPriv_to_octet(&paillier->paillier_sk, round1storePriv->Paillier_PRIV);

    // we can skip hashing Paillier public key, since both Pedersen and Paillier are sharing the same N.
    // however, to keep this part generic we hash both Paillier and Pedersen N values
    HASH_UTILS_hash_oct(&sha, round1StorePub->PedPub);
    HASH_UTILS_hash_oct(&sha, round1StorePub->PaiPub);

    // PiMod and PiPRM: prove
    rc = CG21_PI_PRM_PROVE_HELPER(RNG,round1storePriv,ssid,round1StorePub);
    if (rc != CG21_OK){
        exit(rc);
    }

    HASH_UTILS_hash_oct(&sha, round1StorePub->pedersenProof.rho);
    HASH_UTILS_hash_oct(&sha, round1StorePub->pedersenProof.irho);
    HASH_UTILS_hash_oct(&sha, round1StorePub->pedersenProof.t);
    HASH_UTILS_hash_oct(&sha, round1StorePub->pedersenProof.it);

    /* Output */
    HASH256_hash(&sha, w);
    for (int j=0; j<SHA256; j++){
        round1Out->V->val[j] = w[j];
    }
    round1Out->V->len = SHA256;

    return CG21_OK;
}