int CG21_PRESIGN_ROUND1()

in src/cg21/cg21_presign.c [87:174]


int CG21_PRESIGN_ROUND1(csprng *RNG, const CG21_RESHARE_OUTPUT *reshareOutput,
                        CG21_RESHARE_SETTING *setting, CG21_PRESIGN_ROUND1_OUTPUT *output,
                        CG21_PRESIGN_ROUND1_STORE *store, PAILLIER_public_key *keys){

    /* define and initialize variables to form SSID */
    char oct1[FS_2048];
    char oct2[FS_2048];
    char x_[setting->t2 - 1][EGS_SECP256K1];

    octet OCT1 = {0, sizeof(oct1), oct1};
    octet OCT2 = {0, sizeof(oct2), oct2};
    octet X[setting->t2 - 1];
    init_octets((char *) x_, X, EGS_SECP256K1, setting->t2 - 1);

    BIG_512_60 ss[FFLEN_4096];
    BIG_256_56 s;
    BIG_256_56 q;


    /*
     * ---------STEP 1: choosing randoms -----------
     * k:               q bits
     * gamma:           q bits
     * rho:             Z^*_N
     * nu:              Z^*_N
     */

    // sample random k
    BIG_256_56_rcopy(q, CURVE_Order_SECP256K1);     // get the curve order
    BIG_256_56_randomnum(s, q, RNG);             // sample random mod q
    store->k->len=EGS_SECP256K1;
    BIG_256_56_toBytes(store->k->val, s);           // convert sampled random to octet
    BIG_256_56_zero(s);                               // zeroize s

    // sample random gamma
    BIG_256_56_randomnum(s, q, RNG);
    store->gamma->len=EGS_SECP256K1;
    BIG_256_56_toBytes(store->gamma->val, s);
    BIG_256_56_zero(s);

    // sample rho
    FF_4096_zero(ss, FFLEN_4096);
    FF_4096_randomnum(ss, keys->n, RNG,HFLEN_4096);
    FF_4096_toOctet(store->rho,ss,FFLEN_4096);
    FF_4096_zero(ss, FFLEN_4096);

    // sample nu
    FF_4096_randomnum(ss, keys->n, RNG,HFLEN_4096);
    FF_4096_toOctet(store->nu,ss,FFLEN_4096);
    FF_4096_zero(ss, FFLEN_4096);

    // copy player's ID into different variables to be used later
    store->i = reshareOutput->myID;
    output->i = reshareOutput->myID;


    /*
     * ---------STEP 2: compute G and K -----------
     * G:               Enc(gamma, nu)
     * K:               Enc(k    , rho)
     */

    // copy gamma and k into local variables
    OCT_copy(&OCT1, store->gamma);
    OCT_copy(&OCT2, store->k);

    // PAILLIER_ENCRYPT takes plaintext as a 2048-bit input, so k and gamma should be padded
    OCT_pad(&OCT1, FS_2048);
    OCT_pad(&OCT2, FS_2048);

    PAILLIER_ENCRYPT(NULL, keys, &OCT1, output->G, store->nu); // encrypt(gamma;nu)
    PAILLIER_ENCRYPT(NULL, keys, &OCT2, output->K, store->rho); // encrypt(k;rho)

    /*
     * ---------STEP 3: convert sum-of-the-shares to additive shares -----------
     */
    // packed ID of the players in T2 into one octet X
    CG21_lagrange_index_to_octet(setting->t2, setting->T2, reshareOutput->myID, X);

    // convert SSS shared to additive
    SSS_shamir_to_additive(setting->t2, reshareOutput->shares.X, reshareOutput->shares.Y, X, store->a);

    //clean up
    OCT_clear(&OCT1);
    OCT_clear(&OCT2);

    return CG21_OK;
}