in src/cg21/cg21_reshare.c [108:187]
int CG21_KEY_RESHARE_ROUND1_T1(csprng *RNG, const CG21_SSID *ssid, int ID, CG21_RESHARE_SETTING setting,
const SSS_shares *myShare, CG21_RESHARE_ROUND1_STORE_SECRET_T1 *storeSecret,
CG21_RESHARE_ROUND1_STORE_PUB_T1 *storePub, CG21_RESHARE_ROUND1_OUT *pubOut){
// check ID is in T1 (T1 is the set of t1 players' IDs )
bool check = false;
for (int i=0; i<setting.t1; i++){
if (ID == *(setting.T1 + i)){
check = true;
}
}
if (check==false){
return CG21_ID_IS_INVALID;
}
if (setting.t1 < 2){
return CG21_RESHARE_t1_IS_SMALL;
}
/* converts SSS shares to additive */
BIG_256_56 w;
BIG_256_56 q;
BIG_256_56 s;
ECP_SECP256K1 G;
char x_[setting.t1 - 1][EGS_SECP256K1];
octet X[setting.t1 - 1];
init_octets((char *) x_, X, EGS_SECP256K1, setting.t1 - 1);
// convert array of integers T1 to array of octets X
CG21_lagrange_index_to_octet(setting.t1, setting.T1, ID, X);
// convert SSS shared to additive
SSS_shamir_to_additive(setting.t1, myShare->X, myShare->Y, X, storeSecret->a);
// computes public Key associated with the additive share
ECP_SECP256K1_generator(&G);
BIG_256_56_fromBytesLen(w, storeSecret->a->val, storeSecret->a->len);
ECP_SECP256K1_mul(&G, w);
ECP_SECP256K1_toOctet(storePub->Xi, &G, true);
BIG_256_56_zero(w); // clean up the secret
char cc[setting.t2][EFS_SECP256K1 + 1];
octet CC[setting.t2];
init_octets((char *)cc, CC, EFS_SECP256K1 + 1, setting.t2);
// apply VSS on the additive shares to get shares and the corresponding checks
VSS_make_shares(setting.t2, setting.n2, RNG, &storeSecret->shares, CC, storeSecret->a);
// pack the checks into one octet (storePub->checks)
CG21_pack_vss_checks(CC,setting.t2,storePub->checks);
// sample rho_i
BIG_256_56_rcopy(q, CURVE_Order_SECP256K1);
BIG_256_56_randomnum(s, q, RNG);
storePub->rho->len=EGS_SECP256K1;
BIG_256_56_toBytes(storePub->rho->val,s);
BIG_256_56_zero(s);
// sample u_i
BIG_256_56_randomnum(s, q, RNG);
storePub->u->len=EGS_SECP256K1;
BIG_256_56_toBytes(storePub->u->val,s);
BIG_256_56_zero(s);
// i component of (ssid,i,V)
*pubOut->i = ID;
*storePub->i = ID;
// commit to random r
SCHNORR_commit(RNG, storeSecret->r, storePub->A);
//compute V_i
int rc = CG21_KEY_RESHARE_GEN_V_T1(ssid, storePub, pubOut, setting);
if (rc!=CG21_OK){
return rc;
}
return CG21_OK;
}