in src/cg21/cg21_reshare.c [346:419]
static int CG21_CHECK_PARTIAL_PK(CG21_RESHARE_SETTING setting, octet *pack_pk_sum_shares, const octet *myX,
const CG21_RESHARE_ROUND1_STORE_PUB_T1 *ReceiveR3){
int z = setting.n1-1;
BIG_256_56 hisX;
BIG_256_56 coeff;
char cc[z][EFS_SECP256K1 + 1];
octet CC[z];
init_octets((char *)cc, CC, EFS_SECP256K1 + 1, z);
char x_[setting.t1-1][EGS_SECP256K1];
octet X[setting.t1-1];
init_octets((char *) x_, X, EGS_SECP256K1, setting.t1-1);
char x2_[EGS_SECP256K1];
octet X2 = {0, sizeof(x2_), x2_};
// unpack packed PK of sum-of-the-shares into array of octets
int rc = CG21_unpack(pack_pk_sum_shares, z, CC, EFS_SECP256K1 + 1);
if (rc!=CG21_OK){
return rc;
}
/* calculate Lagrangian coefficient for the party ReceiveR3->i */
CG21_lagrange_index_to_octet(setting.t1, setting.T1, *ReceiveR3->i, X);
BIG_256_56_zero(hisX);
BIG_256_56_inc(hisX, *ReceiveR3->i);
BIG_256_56_toBytes(X2.val, hisX);
X2.len = SGS_SECP256K1;
CG21_lagrange_calc_coeff(setting.t1, &X2, X, &coeff);
// convert big to int
BIG_256_56 myXBig;
int myXint=0;
BIG_256_56_fromBytesLen(myXBig, myX->val, myX->len);
while(BIG_256_56_iszilch(myXBig)!=1){
myXint = myXint + 1;
BIG_256_56_inc(myXBig, -1);
}
int index = *(ReceiveR3->i)-1;
if (*(ReceiveR3->i) > myXint){
index = *(ReceiveR3->i)-2;
}
ECP_SECP256K1 pk_sum_ss;
rc = ECP_SECP256K1_fromOctet(&pk_sum_ss, &CC[index]);
if (rc != 1)
{
return rc;
}
// calculate {g^{sum_of_share}}^{coeff}
ECP_SECP256K1_mul(&pk_sum_ss, coeff);
char o[SFS_SECP256K1 + 1];
octet O = {0, sizeof(o), o};
// convert ECP point to octet
ECP_SECP256K1_toOctet(&O, &pk_sum_ss, true);
// check whether calculated version using VSS checks and received {g^{sum_of_share}}^{coeff} are both equal
rc = OCT_comp(&O, ReceiveR3->Xi);
if (rc != 1) {
return CG21_RESHARE_PARTIAL_PK_NOT_VALID;
}
return CG21_OK;
}