static int key_reshare_verify_helper()

in src/cg21/cg21_reshare.c [730:792]


static int key_reshare_verify_helper(const CG21_RESHARE_ROUND4_OUTPUT *input, CG21_RESHARE_SETTING setting,
                              CG21_RESHARE_ROUND4_STORE *r3Store, CG21_SSID *ssid, int hisID, const octet *A){

    // A received from Round1 is equal to A received from Round3
    int rc = OCT_comp(input->proof.A, A);
    if (rc != 1) {
        return CG21_A_DOES_NOT_MATCH;
    }

    ECP_SECP256K1  V;
    ECP_SECP256K1 Xi;
    BIG_256_56 x;

    char id[SGS_SECP256K1];
    octet X = {0, sizeof(id), id};

    char xi[SFS_SECP256K1 + 1];
    octet Xi_ = {0, sizeof(xi), xi};

    // convert hisID to Big and then to octet
    BIG_256_56_zero(x);
    BIG_256_56_inc(x, hisID);
    BIG_256_56_toBytes(X.val, x);
    X.len = SGS_SECP256K1;

    char round1_checks[setting.t1][setting.t2][EFS_SECP256K1 + 1];    // VSS: checks
    octet CC[(setting.t1)*setting.t2];
    init_octets((char *) round1_checks, CC, EFS_SECP256K1 + 1, (setting.t1)*setting.t2);

    // pack_all_checks is the pack of all the players' VSS checks in one octet
    rc = CG21_double_unpack(r3Store->pack_all_checks, setting.t1, setting.t2, CC);
    if (rc!=CG21_OK){
        return rc;
    }

    // copy the first xi*G
    CG21_CALC_XI(setting.t2, &X, CC , &Xi);

    // this for loop computes g^{sum_of_the_shares} of the other players using their vss checks
    for (int j = 1; j < setting.t1; j++) {
        // this functions calculates g^{x_i}, same x_i used in GG20 section 3.1 (phase 2), based on the VSS checks
        CG21_CALC_XI(setting.t2, &X, CC + j * setting.t2, &V);

        ECP_SECP256K1_add(&Xi, &V);
    }
    ECP_SECP256K1_toOctet(&Xi_, &Xi, true);

    char e2[SGS_SECP256K1];
    octet E = {0, sizeof(e2), e2};
    rc = CG21_KEY_RESHARE_GEN_CHALLENGE(hisID, setting.n1, &Xi_, ssid, r3Store->rho, &E);

    if (rc!=CG21_OK){
        return rc;
    }

    int rc2 = SCHNORR_verify(&Xi_, input->proof.A, &E, input->proof.psi);
    if (rc2)
    {
        return CG21_SCHNORR_VERIFY_FAILED;
    }

    return CG21_OK;
}