int CG21_KEY_GENERATE_ROUND3_1()

in src/cg21/cg21_keygen.c [195:257]


int CG21_KEY_GENERATE_ROUND3_1(const CG21_KEYGEN_ROUND1_output *r1_out,
                               CG21_KEYGEN_ROUND1_STORE_PUB *r2_out,
                               const CG21_KEYGEN_ROUND1_STORE_PRIV *myPriv,
                               const SSS_shares *r2_share,
                               const CG21_KEYGEN_SID *sid,
                               CG21_KEYGEN_ROUND3_STORE *r3){

    char v[SHA256];
    octet V = {0, sizeof(v), v};

    char cc[myPriv->t][EFS_SECP256K1 + 1];
    octet CC[myPriv->t];
    init_octets((char *)cc,   CC,   EFS_SECP256K1 + 1, myPriv->t);

    int rc;

    // compute V
    CG21_KEYGEN_ROUND1_GEN_V(r2_out, sid, &V);

    // check whether V is given from round 1 is equal to the computed version
    rc = OCT_comp(&V, r1_out->V);
    if (rc==0){
        return CG21_V_IS_NOT_VERIFIED;
    }

    // unpack VSS checks from r2_out->packed_checks into CC
    rc = CG21_unpack(r2_out->packed_checks, myPriv->t, CC, EFS_SECP256K1 + 1);
    if (rc!=CG21_OK){
        return rc;
    }

    // check whether the given partial PK is equal to the free term in the exponent
    rc = OCT_comp(&CC[0], r2_out->X);
    if (rc==0){
        return CG21_Xs_ARE_NOT_EQUAL;
    }

    // Check that given shared secrets have same x-coord
    // myPriv->i refers to the ID of the player running this script, but this ID is stored in the index myPriv->i-1
    // since IDs start from 1, but indices start from 0
    rc = OCT_comp(r2_share->X, myPriv->shares.X+(myPriv->i-1));
    if (rc==0){
        return CG21_WRONG_SHARE_IS_GIVEN;
    }

    // VSS Verification for the received share
    rc = VSS_verify_shares(myPriv->t, r2_share->X, r2_share->Y, CC);
    if (rc != VSS_OK)
    {
        return rc;
    }

    // pack packed-vss octets into one octet
    OCT_joctet(r3->packed_all_checks, r2_out->packed_checks);

    //pack received Y from point(X,Y) into one octet
    OCT_joctet(r3->packed_share_Y, r2_share->Y);

    r3->n = myPriv->n;
    r3->t = myPriv->t;

    return CG21_OK;
}