如何解决模块化算法在阈值签名 (TSS) 实现中不起作用
我正在实施 this paper 中描述的阈值签名协议,但遇到了失败的情况,我不明白原因。最后,u 和 x 应该是一样的,但它们不是。如果您有任何帮助我找到错误的建议,我将不胜感激。
这是JS代码,可以在浏览器控制台执行
/// TSS 2-of-2 case
// Field modulus,secp2561k
n = 115792089237316195423570985008687907852837564279074904382605163141518161494337n
// party 1 polynomial coeff of degree 1
coeff_1 = 103808273981011494448342588544071102049904991793672697167547228275701563388858n
// coeff_1 = 10380827398101149444834258854407110204990499179367269716754722827570156338885n // Working coeff
// party 1 polynomial coeff of degree 1
coeff_2 = 49961718147812071312795198333632033669565055597187655909241672498689891015278n
// coeff_2 = 4996171814781207131279519833363203366956505559718765590924167249868989101527n // Working coeff
// Party 1 secret
u_1 = 6989964936015280241594720270850184250394589151026058230978623558313385587815n
// Party 2 secret
u_2 = 91492373973552717359377053249757253672786176158857596037729237022345023720795n
// Party 1 Shamir points
y1_x = 1n
y1_1 = (y1_x * coeff_1 + u_1) % n
// 110798238917026774689937308814921286300299580944698755398525851834014948976673n
y1_2 = (y1_x * coeff_2 + u_2) % n
// 25662002884048593248601266574701379489513667476970347564365746379516753241736n
// Party 2 Shamir points
y2_x = 2n
y2_1 = (y2_x * coeff_1 + u_1) % n
// 98814423660722073714708912350304480497367008459296548183467916968198350871194n
y2_2 = (y2_x * coeff_2 + u_2) % n
// 75623721031860664561396464908333413159078723074158003473607418878206644257014n
// Party 1 point (y1_x,y1)
y1 = (y1_1 + y1_2) % n
// Party 2 point (y1_x,y1)
y2 = (y2_1 + y2_2) % n
// Common secret
u = (u_1 + u_2) % n
// Same secret,that went though Shamir schema
x = (y1*2n - y2) % n
// Checking calculations,should be 0
u - x
```
解决方法
您的代码几乎是正确的,只是最后缺少最后的模数。最后一行改为
(u - x) % n;
(u -x) 正好是 n。
115792089237316195423570985008687907852837564279074904382605163141518161494337
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
