in src/cg21/cg21_reshare.c [730:792]
static int key_reshare_verify_helper(const CG21_RESHARE_ROUND4_OUTPUT *input, CG21_RESHARE_SETTING setting,
CG21_RESHARE_ROUND4_STORE *r3Store, CG21_SSID *ssid, int hisID, const octet *A){
// A received from Round1 is equal to A received from Round3
int rc = OCT_comp(input->proof.A, A);
if (rc != 1) {
return CG21_A_DOES_NOT_MATCH;
}
ECP_SECP256K1 V;
ECP_SECP256K1 Xi;
BIG_256_56 x;
char id[SGS_SECP256K1];
octet X = {0, sizeof(id), id};
char xi[SFS_SECP256K1 + 1];
octet Xi_ = {0, sizeof(xi), xi};
// convert hisID to Big and then to octet
BIG_256_56_zero(x);
BIG_256_56_inc(x, hisID);
BIG_256_56_toBytes(X.val, x);
X.len = SGS_SECP256K1;
char round1_checks[setting.t1][setting.t2][EFS_SECP256K1 + 1]; // VSS: checks
octet CC[(setting.t1)*setting.t2];
init_octets((char *) round1_checks, CC, EFS_SECP256K1 + 1, (setting.t1)*setting.t2);
// pack_all_checks is the pack of all the players' VSS checks in one octet
rc = CG21_double_unpack(r3Store->pack_all_checks, setting.t1, setting.t2, CC);
if (rc!=CG21_OK){
return rc;
}
// copy the first xi*G
CG21_CALC_XI(setting.t2, &X, CC , &Xi);
// this for loop computes g^{sum_of_the_shares} of the other players using their vss checks
for (int j = 1; j < setting.t1; j++) {
// this functions calculates g^{x_i}, same x_i used in GG20 section 3.1 (phase 2), based on the VSS checks
CG21_CALC_XI(setting.t2, &X, CC + j * setting.t2, &V);
ECP_SECP256K1_add(&Xi, &V);
}
ECP_SECP256K1_toOctet(&Xi_, &Xi, true);
char e2[SGS_SECP256K1];
octet E = {0, sizeof(e2), e2};
rc = CG21_KEY_RESHARE_GEN_CHALLENGE(hisID, setting.n1, &Xi_, ssid, r3Store->rho, &E);
if (rc!=CG21_OK){
return rc;
}
int rc2 = SCHNORR_verify(&Xi_, input->proof.A, &E, input->proof.psi);
if (rc2)
{
return CG21_SCHNORR_VERIFY_FAILED;
}
return CG21_OK;
}