static int CG21_CHECK_PARTIAL_PK()

in src/cg21/cg21_reshare.c [346:419]


static int CG21_CHECK_PARTIAL_PK(CG21_RESHARE_SETTING setting, octet *pack_pk_sum_shares, const octet *myX,
                          const CG21_RESHARE_ROUND1_STORE_PUB_T1 *ReceiveR3){

    int z = setting.n1-1;
    BIG_256_56 hisX;
    BIG_256_56 coeff;

    char cc[z][EFS_SECP256K1 + 1];
    octet CC[z];
    init_octets((char *)cc,   CC,   EFS_SECP256K1 + 1, z);

    char x_[setting.t1-1][EGS_SECP256K1];
    octet X[setting.t1-1];
    init_octets((char *) x_, X, EGS_SECP256K1, setting.t1-1);

    char x2_[EGS_SECP256K1];
    octet X2 = {0, sizeof(x2_), x2_};

    // unpack packed PK of sum-of-the-shares into array of octets
    int rc = CG21_unpack(pack_pk_sum_shares, z, CC, EFS_SECP256K1 + 1);
    if (rc!=CG21_OK){
        return rc;
    }

    /* calculate Lagrangian coefficient for the party ReceiveR3->i */
    CG21_lagrange_index_to_octet(setting.t1, setting.T1, *ReceiveR3->i, X);
    BIG_256_56_zero(hisX);
    BIG_256_56_inc(hisX, *ReceiveR3->i);

    BIG_256_56_toBytes(X2.val, hisX);
    X2.len = SGS_SECP256K1;

    CG21_lagrange_calc_coeff(setting.t1, &X2, X, &coeff);

    // convert big to int
    BIG_256_56 myXBig;
    int myXint=0;
    BIG_256_56_fromBytesLen(myXBig, myX->val, myX->len);

    while(BIG_256_56_iszilch(myXBig)!=1){
        myXint = myXint + 1;
        BIG_256_56_inc(myXBig, -1);
    }

    int index = *(ReceiveR3->i)-1;

    if (*(ReceiveR3->i) > myXint){
        index = *(ReceiveR3->i)-2;
    }

    ECP_SECP256K1 pk_sum_ss;

    rc = ECP_SECP256K1_fromOctet(&pk_sum_ss, &CC[index]);
    if (rc != 1)
    {
        return rc;
    }

    // calculate {g^{sum_of_share}}^{coeff}
    ECP_SECP256K1_mul(&pk_sum_ss, coeff);

    char o[SFS_SECP256K1 + 1];
    octet O = {0, sizeof(o), o};

    // convert ECP point to octet
    ECP_SECP256K1_toOctet(&O, &pk_sum_ss, true);

    // check whether calculated version using VSS checks and received {g^{sum_of_share}}^{coeff} are both equal
    rc = OCT_comp(&O, ReceiveR3->Xi);
    if (rc != 1) {
        return CG21_RESHARE_PARTIAL_PK_NOT_VALID;
    }
    return CG21_OK;
}