int CG21_PRESIGN_OUTPUT_2_1()

in src/cg21/cg21_presign.c [602:664]


int CG21_PRESIGN_OUTPUT_2_1(const CG21_PRESIGN_ROUND3_OUTPUT *r3hisOutput,
                            const CG21_PRESIGN_ROUND3_OUTPUT *r3myOutput,
                            CG21_PRESIGN_ROUND4_STORE_1 *r4Store,
                            int status){

    /*
     * status = 0      first call
     * status = 1      neither first call, nor last call
     * status = 2      last call
     * status = 3      first and last call (t=2)


     * ---------STEP 1: compute delta and Delta ----------
     * delta:           \sum delta_i
     * Delta:           \prod Delta_j
    */
    BIG_256_56 sum;

    if (status==0 || status ==3){
        OCT_copy(r4Store->Delta, r3myOutput->Delta);
        OCT_copy(r4Store->delta, r3myOutput->delta);

    }

    // \prod Delta_j
    CG21_ADD_TWO_PK(r4Store->Delta, r3hisOutput->Delta);
    BIG_256_56_fromBytesLen(sum, r4Store->delta->val, r4Store->delta->len);

    CG21_MTA_ACCUMULATOR_ADD(sum, r3hisOutput->delta);

    BIG_256_56_toBytes(r4Store->delta->val, sum);
    r4Store->delta->len = EGS_SECP256K1;
    BIG_256_56_zero(sum);


    /*
    * ---------STEP 2: check g^\delta == \prod \Delta_j -----------
    */
    if (status==2 || status ==3){
        ECP_SECP256K1 G;
        BIG_256_56 s;

        char tt[EFS_SECP256K1 + 1];
        octet deltaG = {0, sizeof(tt), tt};

        ECP_SECP256K1_generator(&G);
        BIG_256_56_fromBytesLen(s, r4Store->delta->val, r4Store->delta->len);

        ECP_SECP256K1_mul(&G, s);
        ECP_SECP256K1_toOctet(&deltaG, &G, true);

        BIG_256_56_zero(s);
        ECP_SECP256K1_inf(&G);

        int rc = OCT_comp(r4Store->Delta, &deltaG);
        OCT_clear(&deltaG);
        if (rc==0){
            return CG21_PRESIGN_DELTA_NOT_VALID;
        }
    }

    return CG21_OK;
}