feat(adkg/acss): distribute both feldman & pedersen shares

crates/adkg/src/adkg.rs

@@ -17,7 +17,7 @@ use crate::rand::{AdkgRng, AdkgRngType};
 use crate::rbc::ReliableBroadcastConfig;
 use crate::rbc::multi_rbc::MultiRbc;
 use crate::vss::acss::AcssConfig;
-use crate::vss::acss::hbacss0::PedersenSecret;
+use crate::vss::acss::hbacss0::{Hbacss0Input, PedersenSecret};
 use crate::vss::acss::multi_acss::MultiAcss;
 use ark_ec::{AffineRepr, CurveGroup, PrimeGroup};
 use ark_ff::Zero;
@@ -186,7 +186,7 @@ where
     CG::ScalarField: FqSerialize + FqDeserialize,
     H: Default + DynDigest + FixedOutputReset + BlockSizeUser + Clone + 'static,
     RBCConfig: ReliableBroadcastConfig<'static, PartyId>,
-    ACSSConfig: AcssConfig<'static, CG, PartyId, Input = Vec<PedersenSecret<CG::ScalarField>>>,
+    ACSSConfig: AcssConfig<'static, CG, PartyId, Input = Hbacss0Input<CG::ScalarField>>,
     ACSSConfig::Output: Into<ShareWithPoly<CG>>,
     ABAConfig: AbaConfig<'static, PartyId, Input = AbaCrainInput<CG>>,
 {
@@ -286,13 +286,20 @@ where
             .map_err(|e| AdkgError::Rng(e.into(), "failed to get acss secret rng"))?;
 
         // Generate random secret scalars to be used in the node's ACSS
-        let s: Vec<_> = (0..shares_per_acss)
+        let pedersen_in: Vec<_> = (0..shares_per_acss)
             .map(|_| {
                 let a = CG::ScalarField::rand(&mut acss_rng);
                 let a_hat = CG::ScalarField::rand(&mut acss_rng);
                 PedersenSecret { s: a, r: a_hat }
             })
             .collect();
+        // Additional feldman secret used in the coin toss of the multi-valued validated byzantine agreement (MVBA)
+        let feldman_in = CG::ScalarField::rand(&mut acss_rng);
+
+        let s = Hbacss0Input {
+            feld: feldman_in,
+            peds: pedersen_in,
+        };
 
         // Generate predicates for each of the RBCs
         let rbc_predicates: Vec<_> = PartyId::iter_all(self.n)
@@ -1152,6 +1159,7 @@ mod tests {
     use std::collections::{HashMap, VecDeque};
     use std::sync::Arc;
     use tokio::task::JoinSet;
+    use tracing_subscriber::EnvFilter;
     use utils::dst::{NamedCurveGroup, NamedDynDigest, Rfc9380DstBuilder};
     use utils::hash_to_curve::HashToCurve;
     use utils::serialize::fq::{FqDeserialize, FqSerialize};
@@ -1183,6 +1191,26 @@ mod tests {
         CG::hash_to_curve_custom::<H>(b"ADKG_GENERATOR_G", &dst)
     }
 
+    #[tokio::test(flavor = "multi_thread", worker_threads = 32)]
+    #[ignore]
+    async fn adkg_loop_bn254() {
+        // Static configuration and long term keys
+        let t = 2;
+        let n = 3 * t + 1;
+
+        const SEED: &[u8] = b"ADKG_BN254_TEST_SEED";
+
+        // We use h == Bn254 G1 as the generator for the group public key
+        // and an independent generator g for the ADKG operations.
+        let g = get_generator_g::<_, sha3::Sha3_256>();
+        let h = ark_bn254::G1Projective::generator();
+
+        // run adkg with reconstruction threshold of t
+        loop {
+            run_adkg_test::<_, sha3::Sha3_256>(t, t, n, g, h, SEED).await;
+        }
+    }
+
     #[tokio::test(flavor = "multi_thread", worker_threads = 32)]
     async fn adkg_test_bn254() {
         // Static configuration and long term keys
@@ -1231,7 +1259,9 @@ mod tests {
         H: Default + NamedDynDigest + FixedOutputReset + BlockSizeUser + Clone + 'static,
     {
         _ = tracing_subscriber::fmt()
-            .with_max_level(tracing::Level::WARN)
+            .with_env_filter(
+                EnvFilter::try_from_env("ADKG_DEBUG").unwrap_or_else(|_| "warn".parse().unwrap()),
+            )
             .try_init();
 
         let sks: VecDeque<CG::ScalarField> = (1..=n)

crates/adkg/src/adkg/types.rs

@@ -6,7 +6,7 @@ use crate::pok::PokProof;
 use crate::rbc::multi_rbc::MultiRbc;
 use crate::rbc::{RbcPredicate, ReliableBroadcastConfig};
 use crate::vss::acss::AcssConfig;
-use crate::vss::acss::hbacss0::PublicPoly;
+use crate::vss::acss::hbacss0::{FeldPublicPoly, PedPublicPoly};
 use crate::vss::acss::multi_acss::MultiAcss;
 use crate::vss::pedersen::PedersenPartyShare;
 use ark_ec::CurveGroup;
@@ -32,8 +32,10 @@ pub struct LazyCoinKeys<CG: CurveGroup> {
 /// ACSS output required by ADKG.
 #[derive(Clone)]
 pub struct ShareWithPoly<CG: CurveGroup> {
+    pub mvba_share: CG::ScalarField,
+    pub mvba_public_poly: FeldPublicPoly<CG>,
     pub shares: Vec<PedersenPartyShare<CG::ScalarField>>,
-    pub public_polys: Vec<PublicPoly<CG>>,
+    pub public_polys: Vec<PedPublicPoly<CG>>,
 }
 
 /// Predicate used by reliable broadcasts.
@@ -120,19 +122,19 @@ impl<CG: CurveGroup> LazyCoinKeys<CG> {
 impl<CG: CurveGroup> From<LazyCoinKeys<CG>> for CoinKeys<CG> {
     fn from(val: LazyCoinKeys<CG>) -> Self {
         // Obtain the combined public polynomial as p_j = \sum_{k \in rbc_parties} p_k(x)
-        // which is the sum of the public polynomial output by each ACSS specified in the j-th RBC
+        // which is the sum of the MVBA public polynomial output by each ACSS specified in the j-th RBC
         let public_poly: Vec<CG> = (0..=val.t)
             .map(|i| {
                 val.outputs
                     .iter()
-                    .map(|(_, out)| out.public_polys[0].as_vec()[i])
+                    .map(|(_, out)| out.mvba_public_poly.0[i])
                     .sum()
             })
             .collect();
 
-        // Our own secret share, the sum of our ACSS shares
+        // Our own secret share, the sum of our ACSS MVBA shares
         // u_{i,j} = \sum_{k \in rbc_parties} s_{k,j} =
-        let u_i_j: CG::ScalarField = val.outputs.iter().map(|(_, out)| out.shares[0].si).sum();
+        let u_i_j: CG::ScalarField = val.outputs.iter().map(|(_, out)| out.mvba_share).sum();
 
         // Obtain commitments to the secret shares of the other parties
         // (g^{u_{1,j}}, ... g^{u_{n,j}}) = (g^p*(1), ..., g^p*(n))

crates/adkg/src/scheme.rs

@@ -9,8 +9,7 @@ use crate::network::RetryStrategy;
 use crate::rbc::ReliableBroadcastConfig;
 use crate::rbc::r4::Rbc4RoundsConfig;
 use crate::vss::acss::AcssConfig;
-use crate::vss::acss::hbacss0::HbAcss0Config;
-use crate::vss::acss::hbacss0::PedersenSecret;
+use crate::vss::acss::hbacss0::{HbAcss0Config, Hbacss0Input};
 use ark_ec::{CurveGroup, PrimeGroup};
 use ark_std::UniformRand;
 use digest::core_api::BlockSizeUser;
@@ -51,7 +50,7 @@ where
             'static,
             Self::Curve,
             PartyId,
-            Input = Vec<PedersenSecret<<Self::Curve as PrimeGroup>::ScalarField>>,
+            Input = Hbacss0Input<<Self::Curve as PrimeGroup>::ScalarField>,
         >;
     type ABAConfig: AbaConfig<'static, PartyId>;