From 38d2f1e58c4c7e2d4253a8e3b3a6845667143bef Mon Sep 17 00:00:00 2001 From: Zara Date: Fri, 6 Mar 2026 15:25:58 -0800 Subject: [PATCH 1/3] split C2 into base and chunk --- circuits/bin/dkg/Nargo.toml | 6 +- .../bin/dkg/e_sm_share_computation/Nargo.toml | 7 - .../bin/dkg/e_sm_share_computation/README.md | 1 - .../dkg/e_sm_share_computation/src/main.nr | 29 -- .../dkg/esm_share_computation_base/Nargo.toml | 7 + .../esm_share_computation_base/src/main.nr | 21 ++ .../dkg/share_computation_chunk/Nargo.toml | 7 + .../dkg/share_computation_chunk/src/main.nr | 21 ++ .../bin/dkg/sk_share_computation/Nargo.toml | 8 - .../bin/dkg/sk_share_computation/README.md | 1 - .../bin/dkg/sk_share_computation/src/main.nr | 29 -- .../dkg/sk_share_computation_base/Nargo.toml | 7 + .../dkg/sk_share_computation_base/src/main.nr | 21 ++ circuits/lib/src/configs/insecure/dkg.nr | 23 +- circuits/lib/src/configs/secure/dkg.nr | 27 +- .../lib/src/core/dkg/share_computation.nr | 294 ------------------ .../src/core/dkg/share_computation/base.nr | 199 ++++++++++++ .../src/core/dkg/share_computation/chunk.nr | 87 ++++++ .../lib/src/core/dkg/share_computation/mod.nr | 2 + circuits/lib/src/math/commitments.nr | 45 +++ 20 files changed, 456 insertions(+), 386 deletions(-) delete mode 100644 circuits/bin/dkg/e_sm_share_computation/Nargo.toml delete mode 100644 circuits/bin/dkg/e_sm_share_computation/README.md delete mode 100644 circuits/bin/dkg/e_sm_share_computation/src/main.nr create mode 100644 circuits/bin/dkg/esm_share_computation_base/Nargo.toml create mode 100644 circuits/bin/dkg/esm_share_computation_base/src/main.nr create mode 100644 circuits/bin/dkg/share_computation_chunk/Nargo.toml create mode 100644 circuits/bin/dkg/share_computation_chunk/src/main.nr delete mode 100644 circuits/bin/dkg/sk_share_computation/Nargo.toml delete mode 100644 circuits/bin/dkg/sk_share_computation/README.md delete mode 100644 circuits/bin/dkg/sk_share_computation/src/main.nr create mode 100644 circuits/bin/dkg/sk_share_computation_base/Nargo.toml create mode 100644 circuits/bin/dkg/sk_share_computation_base/src/main.nr delete mode 100644 circuits/lib/src/core/dkg/share_computation.nr create mode 100644 circuits/lib/src/core/dkg/share_computation/base.nr create mode 100644 circuits/lib/src/core/dkg/share_computation/chunk.nr create mode 100644 circuits/lib/src/core/dkg/share_computation/mod.nr diff --git a/circuits/bin/dkg/Nargo.toml b/circuits/bin/dkg/Nargo.toml index a99b2343e7..f13092c377 100644 --- a/circuits/bin/dkg/Nargo.toml +++ b/circuits/bin/dkg/Nargo.toml @@ -5,4 +5,8 @@ members = [ "e_sm_share_computation", "share_encryption", "share_decryption", -] \ No newline at end of file + "sk_share_computation_base", + "esm_share_computation_base", + "share_computation_chunk", +] + diff --git a/circuits/bin/dkg/e_sm_share_computation/Nargo.toml b/circuits/bin/dkg/e_sm_share_computation/Nargo.toml deleted file mode 100644 index 5af3e6395b..0000000000 --- a/circuits/bin/dkg/e_sm_share_computation/Nargo.toml +++ /dev/null @@ -1,7 +0,0 @@ -[package] -name = "e_sm_share_computation" -type = "bin" -authors = ["Gnosis Guild / Enclave"] - -[dependencies] -lib = { path = "../../../lib" } diff --git a/circuits/bin/dkg/e_sm_share_computation/README.md b/circuits/bin/dkg/e_sm_share_computation/README.md deleted file mode 100644 index 4909c92d85..0000000000 --- a/circuits/bin/dkg/e_sm_share_computation/README.md +++ /dev/null @@ -1 +0,0 @@ -instantiation of correct Smudging Noise Secret Share Computation (PVSS #2b) diff --git a/circuits/bin/dkg/e_sm_share_computation/src/main.nr b/circuits/bin/dkg/e_sm_share_computation/src/main.nr deleted file mode 100644 index 49b28c143e..0000000000 --- a/circuits/bin/dkg/e_sm_share_computation/src/main.nr +++ /dev/null @@ -1,29 +0,0 @@ -// SPDX-License-Identifier: LGPL-3.0-only -// -// This file is provided WITHOUT ANY WARRANTY; -// without even the implied warranty of MERCHANTABILITY -// or FITNESS FOR A PARTICULAR PURPOSE. - -use lib::configs::default::dkg::{ - L_THRESHOLD, N, PARITY_MATRIX, SHARE_COMPUTATION_BIT_SHARE, SHARE_COMPUTATION_E_SM_BIT_SECRET, - SHARE_COMPUTATION_E_SM_CONFIGS, -}; -use lib::configs::default::{N_PARTIES, T}; -use lib::core::dkg::share_computation::SmudgingNoiseShareComputation; -use lib::math::polynomial::Polynomial; - -fn main( - expected_secret_commitment: pub Field, - e_sm_secret: [Polynomial; L_THRESHOLD], - y: [[[Field; N_PARTIES + 1]; L_THRESHOLD]; N], -) -> pub [[Field; L_THRESHOLD]; N_PARTIES] { - let share_computation_e_sm: SmudgingNoiseShareComputation = SmudgingNoiseShareComputation::new( - SHARE_COMPUTATION_E_SM_CONFIGS, - expected_secret_commitment, - e_sm_secret, - y, - PARITY_MATRIX, - ); - - share_computation_e_sm.execute() -} diff --git a/circuits/bin/dkg/esm_share_computation_base/Nargo.toml b/circuits/bin/dkg/esm_share_computation_base/Nargo.toml new file mode 100644 index 0000000000..9647284797 --- /dev/null +++ b/circuits/bin/dkg/esm_share_computation_base/Nargo.toml @@ -0,0 +1,7 @@ +[package] +name = "esm_share_computation_base" +type = "bin" +authors = [""] + +[dependencies] +lib = { path = "../../../lib" } \ No newline at end of file diff --git a/circuits/bin/dkg/esm_share_computation_base/src/main.nr b/circuits/bin/dkg/esm_share_computation_base/src/main.nr new file mode 100644 index 0000000000..3b18aba939 --- /dev/null +++ b/circuits/bin/dkg/esm_share_computation_base/src/main.nr @@ -0,0 +1,21 @@ +use lib::configs::default::dkg::{ + L_THRESHOLD, N, SHARE_COMPUTATION_CHUNK_SIZE, SHARE_COMPUTATION_E_SM_BASE_CONFIGS, + SHARE_COMPUTATION_E_SM_BIT_SECRET, SHARE_COMPUTATION_N_CHUNKS, +}; +use lib::configs::default::{N_PARTIES, T}; +use lib::core::dkg::share_computation::base::SmudgingNoiseShareComputationBase; +use lib::math::polynomial::Polynomial; + +fn main( + expected_secret_commitment: pub Field, + e_sm_secret: [Polynomial; L_THRESHOLD], + y: [[[Field; N_PARTIES + 1]; L_THRESHOLD]; N], +) -> pub ([Field; SHARE_COMPUTATION_N_CHUNKS], [[Field; L_THRESHOLD]; N_PARTIES]) { + let circuit: SmudgingNoiseShareComputationBase = SmudgingNoiseShareComputationBase::new( + SHARE_COMPUTATION_E_SM_BASE_CONFIGS, + expected_secret_commitment, + e_sm_secret, + y, + ); + circuit.execute() +} diff --git a/circuits/bin/dkg/share_computation_chunk/Nargo.toml b/circuits/bin/dkg/share_computation_chunk/Nargo.toml new file mode 100644 index 0000000000..83e4227462 --- /dev/null +++ b/circuits/bin/dkg/share_computation_chunk/Nargo.toml @@ -0,0 +1,7 @@ +[package] +name = "share_computation_chunk" +type = "bin" +authors = [""] + +[dependencies] +lib = { path = "../../../lib" } \ No newline at end of file diff --git a/circuits/bin/dkg/share_computation_chunk/src/main.nr b/circuits/bin/dkg/share_computation_chunk/src/main.nr new file mode 100644 index 0000000000..6a5e147cf6 --- /dev/null +++ b/circuits/bin/dkg/share_computation_chunk/src/main.nr @@ -0,0 +1,21 @@ +use lib::configs::default::dkg::{ + L_THRESHOLD, PARITY_MATRIX, SHARE_COMPUTATION_BIT_SHARE, SHARE_COMPUTATION_CHUNK_SIZE, + SHARE_COMPUTATION_SK_CHUNK_CONFIGS, +}; +use lib::configs::default::{N_PARTIES, T}; +use lib::core::dkg::share_computation::chunk::ShareComputationChunk; + +global CHUNK_IDX: u32 = 0; // change per chunk main + +fn main( + chunk_commitment: pub Field, + y_chunk: [[[Field; N_PARTIES + 1]; L_THRESHOLD]; SHARE_COMPUTATION_CHUNK_SIZE], +) { + let circuit: ShareComputationChunk = ShareComputationChunk::new( + SHARE_COMPUTATION_SK_CHUNK_CONFIGS, + chunk_commitment, + y_chunk, + PARITY_MATRIX, + ); + circuit.execute() +} diff --git a/circuits/bin/dkg/sk_share_computation/Nargo.toml b/circuits/bin/dkg/sk_share_computation/Nargo.toml deleted file mode 100644 index 25770d2eb3..0000000000 --- a/circuits/bin/dkg/sk_share_computation/Nargo.toml +++ /dev/null @@ -1,8 +0,0 @@ -[package] -name = "sk_share_computation" -type = "bin" -authors = ["Gnosis Guild / Enclave"] - - -[dependencies] -lib = { path = "../../../lib" } diff --git a/circuits/bin/dkg/sk_share_computation/README.md b/circuits/bin/dkg/sk_share_computation/README.md deleted file mode 100644 index 1090c57822..0000000000 --- a/circuits/bin/dkg/sk_share_computation/README.md +++ /dev/null @@ -1 +0,0 @@ -instantiation of correct Secret Key Secret Share Computation (PVSS #2a) diff --git a/circuits/bin/dkg/sk_share_computation/src/main.nr b/circuits/bin/dkg/sk_share_computation/src/main.nr deleted file mode 100644 index 755fc878f6..0000000000 --- a/circuits/bin/dkg/sk_share_computation/src/main.nr +++ /dev/null @@ -1,29 +0,0 @@ -// SPDX-License-Identifier: LGPL-3.0-only -// -// This file is provided WITHOUT ANY WARRANTY; -// without even the implied warranty of MERCHANTABILITY -// or FITNESS FOR A PARTICULAR PURPOSE. - -use lib::configs::default::dkg::{ - L_THRESHOLD, N, PARITY_MATRIX, SHARE_COMPUTATION_BIT_SHARE, SHARE_COMPUTATION_SK_BIT_SECRET, - SHARE_COMPUTATION_SK_CONFIGS, -}; -use lib::configs::default::{N_PARTIES, T}; -use lib::core::dkg::share_computation::SecretKeyShareComputation; -use lib::math::polynomial::Polynomial; - -fn main( - expected_secret_commitment: pub Field, - sk_secret: Polynomial, - y: [[[Field; N_PARTIES + 1]; L_THRESHOLD]; N], -) -> pub [[Field; L_THRESHOLD]; N_PARTIES] { - let sk_share_computation: SecretKeyShareComputation = SecretKeyShareComputation::new( - SHARE_COMPUTATION_SK_CONFIGS, - expected_secret_commitment, - sk_secret, - y, - PARITY_MATRIX, - ); - - sk_share_computation.execute() -} diff --git a/circuits/bin/dkg/sk_share_computation_base/Nargo.toml b/circuits/bin/dkg/sk_share_computation_base/Nargo.toml new file mode 100644 index 0000000000..6641d2761d --- /dev/null +++ b/circuits/bin/dkg/sk_share_computation_base/Nargo.toml @@ -0,0 +1,7 @@ +[package] +name = "sk_share_computation_base" +type = "bin" +authors = [""] + +[dependencies] +lib = { path = "../../../lib" } \ No newline at end of file diff --git a/circuits/bin/dkg/sk_share_computation_base/src/main.nr b/circuits/bin/dkg/sk_share_computation_base/src/main.nr new file mode 100644 index 0000000000..e5b95fa586 --- /dev/null +++ b/circuits/bin/dkg/sk_share_computation_base/src/main.nr @@ -0,0 +1,21 @@ +use lib::configs::default::dkg::{ + L_THRESHOLD, N, SHARE_COMPUTATION_CHUNK_SIZE, SHARE_COMPUTATION_N_CHUNKS, + SHARE_COMPUTATION_SK_BASE_CONFIGS, SHARE_COMPUTATION_SK_BIT_SECRET, +}; +use lib::configs::default::{N_PARTIES, T}; +use lib::core::dkg::share_computation::base::SecretKeyShareComputationBase; +use lib::math::polynomial::Polynomial; + +fn main( + expected_secret_commitment: pub Field, + sk_secret: Polynomial, + y: [[[Field; N_PARTIES + 1]; L_THRESHOLD]; N], +) -> pub ([Field; SHARE_COMPUTATION_N_CHUNKS], [[Field; L_THRESHOLD]; N_PARTIES]) { + let sk_share_computation_base: SecretKeyShareComputationBase = SecretKeyShareComputationBase::new( + SHARE_COMPUTATION_SK_BASE_CONFIGS, + expected_secret_commitment, + sk_secret, + y, + ); + sk_share_computation_base.execute() +} diff --git a/circuits/lib/src/configs/insecure/dkg.nr b/circuits/lib/src/configs/insecure/dkg.nr index d4a5cf8d7e..e6b26a0669 100644 --- a/circuits/lib/src/configs/insecure/dkg.nr +++ b/circuits/lib/src/configs/insecure/dkg.nr @@ -6,7 +6,8 @@ use crate::configs::default::{N_PARTIES, T}; pub use crate::configs::insecure::threshold::{L as L_THRESHOLD, QIS as QIS_THRESHOLD}; -use crate::core::dkg::share_computation::Configs as ShareComputationConfigs; +use crate::core::dkg::share_computation::base::Configs as ShareComputationBaseConfigs; +use crate::core::dkg::share_computation::chunk::Configs as ShareComputationChunkConfigs; use crate::core::dkg::share_encryption::Configs as ShareEncryptionConfigs; // Global configs for DKG insecure preset @@ -49,9 +50,15 @@ share_computation_sk (CIRCUIT 2a) pub global SHARE_COMPUTATION_BIT_SHARE: u32 = 36; pub global SHARE_COMPUTATION_SK_BIT_SECRET: u32 = 1; -// share_computation_sk - configs -pub global SHARE_COMPUTATION_SK_CONFIGS: ShareComputationConfigs = - ShareComputationConfigs::new(QIS_THRESHOLD); +// With N=512 and 5 parties, a single chunk covers all coefficients +pub global SHARE_COMPUTATION_CHUNK_SIZE: u32 = 512; +pub global SHARE_COMPUTATION_N_CHUNKS: u32 = 1; // N / CHUNK_SIZE = 512 / 512 + +pub global SHARE_COMPUTATION_SK_BASE_CONFIGS: ShareComputationBaseConfigs = + ShareComputationBaseConfigs::new(QIS_THRESHOLD); + +pub global SHARE_COMPUTATION_SK_CHUNK_CONFIGS: ShareComputationChunkConfigs = + ShareComputationChunkConfigs::new(QIS_THRESHOLD); /************************************ ------------------------------------- @@ -62,9 +69,11 @@ share_computation_e_sm (CIRCUIT 2b) // share_computation_e_sm - bit parameters pub global SHARE_COMPUTATION_E_SM_BIT_SECRET: u32 = 24; -// verify_shares - configs -pub global SHARE_COMPUTATION_E_SM_CONFIGS: ShareComputationConfigs = - ShareComputationConfigs::new(QIS_THRESHOLD); +pub global SHARE_COMPUTATION_E_SM_BASE_CONFIGS: ShareComputationBaseConfigs = + ShareComputationBaseConfigs::new(QIS_THRESHOLD); + +pub global SHARE_COMPUTATION_E_SM_CHUNK_CONFIGS: ShareComputationChunkConfigs = + ShareComputationChunkConfigs::new(QIS_THRESHOLD); /************************************ ------------------------------------- diff --git a/circuits/lib/src/configs/secure/dkg.nr b/circuits/lib/src/configs/secure/dkg.nr index 84182954ef..e135e9c213 100644 --- a/circuits/lib/src/configs/secure/dkg.nr +++ b/circuits/lib/src/configs/secure/dkg.nr @@ -6,7 +6,8 @@ use crate::configs::default::{N_PARTIES, T}; pub use crate::configs::secure::threshold::{L as L_THRESHOLD, QIS as QIS_THRESHOLD}; -use crate::core::dkg::share_computation::Configs as ShareComputationConfigs; +use crate::core::dkg::share_computation::base::Configs as ShareComputationBaseConfigs; +use crate::core::dkg::share_computation::chunk::Configs as ShareComputationChunkConfigs; use crate::core::dkg::share_encryption::Configs as ShareEncryptionConfigs; // Global configs for DKG secure preset @@ -55,13 +56,21 @@ share_computation_sk (CIRCUIT 2a) ------------------------------------- ************************************/ -// share_computation_sk - bit parameters pub global SHARE_COMPUTATION_BIT_SHARE: u32 = 53; pub global SHARE_COMPUTATION_SK_BIT_SECRET: u32 = 1; -// share_computation_sk - configs -pub global SHARE_COMPUTATION_SK_CONFIGS: ShareComputationConfigs = - ShareComputationConfigs::new(QIS_THRESHOLD); +// Chunk size controls circuit size vs number of chunks tradeoff. +// N_CHUNKS = N / CHUNK_SIZE +// At 5 parties: CHUNK_SIZE=512, N_CHUNKS=16 +// At 50 parties: reduce CHUNK_SIZE to keep chunk circuit constant size +pub global SHARE_COMPUTATION_CHUNK_SIZE: u32 = 512; +// N / CHUNK_SIZE = 8192 / 512 =1 6 +pub global SHARE_COMPUTATION_N_CHUNKS: u32 = 16; +pub global SHARE_COMPUTATION_SK_BASE_CONFIGS: ShareComputationBaseConfigs = + ShareComputationBaseConfigs::new(QIS_THRESHOLD); + +pub global SHARE_COMPUTATION_SK_CHUNK_CONFIGS: ShareComputationChunkConfigs = + ShareComputationChunkConfigs::new(QIS_THRESHOLD); /************************************ ------------------------------------- @@ -69,13 +78,13 @@ share_computation_e_sm (CIRCUIT 2b) ------------------------------------- ************************************/ -// share_computation_e_sm - bit parameters pub global SHARE_COMPUTATION_E_SM_BIT_SECRET: u32 = 192; -// verify_shares - configs -pub global SHARE_COMPUTATION_E_SM_CONFIGS: ShareComputationConfigs = - ShareComputationConfigs::new(QIS_THRESHOLD); +pub global SHARE_COMPUTATION_E_SM_BASE_CONFIGS: ShareComputationBaseConfigs = + ShareComputationBaseConfigs::new(QIS_THRESHOLD); +pub global SHARE_COMPUTATION_E_SM_CHUNK_CONFIGS: ShareComputationChunkConfigs = + ShareComputationChunkConfigs::new(QIS_THRESHOLD); /************************************ ------------------------------------- share_encryption_sk (CIRCUIT 3a) diff --git a/circuits/lib/src/core/dkg/share_computation.nr b/circuits/lib/src/core/dkg/share_computation.nr deleted file mode 100644 index d5edcbd253..0000000000 --- a/circuits/lib/src/core/dkg/share_computation.nr +++ /dev/null @@ -1,294 +0,0 @@ -// SPDX-License-Identifier: LGPL-3.0-only -// -// This file is provided WITHOUT ANY WARRANTY; -// without even the implied warranty of MERCHANTABILITY -// or FITNESS FOR A PARTICULAR PURPOSE. - -use crate::math::commitments::{ - compute_share_computation_e_sm_commitment, compute_share_computation_sk_commitment, - compute_share_encryption_commitment_from_shares, -}; -use crate::math::modulo::U128::ModU128; -use crate::math::polynomial::Polynomial; - -/// Cryptographic parameters for Threshold secret share verification circuit. -pub struct Configs { - /// CRT moduli: [q_0, q_1, ..., q_{L-1}] - pub qis: [Field; L], -} - -impl Configs { - pub fn new(qis: [Field; L]) -> Self { - Configs { qis } - } -} - -/// Correct Threshold Secret Key Share Computation (Circuit 2a). -/// -/// Verifies: -/// 1. secret commitment: verify secret hashes to expected_secret_commitment -/// 2. secret consistency: y[i][j][0] == sk_secret[i] for all i, j -/// 3. Range check: shares are in [0, q_j) -/// 4. Parity check: H[j] * y[i][j]^T == 0 mod q_j for all i, j -/// -/// For SK: sk_secret is the trinary coefficients -pub struct SecretKeyShareComputation { - configs: Configs, - /// Expected commitment to secret (from C1) - /// (public witness) - expected_secret_commitment: Field, - /// Secret key polynomial: Polynomial - /// trinary coefficients - /// (secret witness) - sk_secret: Polynomial, - /// Shares: y[coeff_idx][mod_idx][0..N_PARTIES+1] - /// y[i][j][0] = sk_secret[i] = f(0), y[i][j][k] = f(k) for k = 1..N_PARTIES - /// (secret witnesses) - y: [[[Field; N_PARTIES + 1]; L]; N], - /// Parity check matrices: H[mod_idx][row][col] - /// Size per modulus: (N_PARTIES - T) * (N_PARTIES + 1) - /// H * y^T = 0 mod q_j - /// (public constants) - h: [[[Field; N_PARTIES + 1]; N_PARTIES - T]; L], -} - -/// Correct Threshold Smudging Noise Share Computation (Circuit 2b). -/// -/// Verifies: -/// 1. secret commitment: verify secret hashes to expected_secret_commitment -/// 2. secret consistency: y[i][j][0] == e_sm[j][i] for all i, j -/// 3. Range check: shares are in [0, q_j) -/// 4. Parity check: H[j] * y[i][j]^T == 0 mod q_j for all i, j -/// -/// For ESM: e_sm[j] is the RNS representation at modulus j -pub struct SmudgingNoiseShareComputation { - configs: Configs, - /// Expected commitment to secret (from C1) - /// This is computed from all L RNS polynomials (matching - /// multiple_polynomial_payload's behavior which hashes all L modulus polynomials) - expected_secret_commitment: Field, - /// Smudging noise polynomial per modulus: [Polynomial; L] - /// For ESM: each modulus has its own polynomial (RNS representation) - e_sm_secret: [Polynomial; L], - /// Shares: y[coeff_idx][mod_idx][0..N_PARTIES+1] - /// y[i][j][0] = e_sm[j][i] = f(0), y[i][j][k] = f(k) for k = 1..N_PARTIES - y: [[[Field; N_PARTIES + 1]; L]; N], - /// Parity check matrices: H[mod_idx][row][col] - /// Size per modulus: (N_PARTIES - T) * (N_PARTIES + 1) - /// H * y^T = 0 mod q_j - h: [[[Field; N_PARTIES + 1]; N_PARTIES - T]; L], -} - -impl SecretKeyShareComputation { - pub fn new( - configs: Configs, - expected_secret_commitment: Field, - sk_secret: Polynomial, - y: [[[Field; N_PARTIES + 1]; L]; N], - h: [[[Field; N_PARTIES + 1]; N_PARTIES - T]; L], - ) -> Self { - SecretKeyShareComputation { configs, expected_secret_commitment, sk_secret, y, h } - } - - /// Main verification function - pub fn execute(self) -> [[Field; L]; N_PARTIES] { - // Step 1: Verify secret commitment matches expected - self.verify_secret_commitment(); - - // Step 2: Verify secret consistency - self.verify_secret_consistency(); - - // Step 3: Range checks - check_range_bounds::(self.configs.qis, self.y); - - // Step 4: Verify parity check - verify_parity_check::(self.configs.qis, self.h, self.y); - - // Step 5: Commit to shares for each party and modulus - commit_to_party_shares::(self.y) - } - - /// Verifies that secret hashes to expected_secret_commitment - fn verify_secret_commitment(self) { - assert( - compute_share_computation_sk_commitment::(self.sk_secret) - == self.expected_secret_commitment, - "SK commitment mismatch", - ); - } - - /// Verifies secret consistency: `y[i][j][0] == sk_secret[i]` for all i, j. - /// - /// This function ensures that for each coefficient i and CRT basis j, the share - /// at party ID 0 equals the corresponding secret coefficient for that modulus. - /// This is a fundamental property of Shamir secret sharing where the secret is the - /// evaluation of the sharing polynomial at point 0. - /// - /// sk_secret is the trinary coefficients, so y[i][j][0] is the same for all j. - /// - /// # Panics - /// The circuit will fail if secret consistency doesn't hold for any - /// coefficient or CRT basis. - fn verify_secret_consistency(self) { - for coeff_idx in 0..N { - let secret_coeff = self.sk_secret.coefficients[coeff_idx]; - - for mod_idx in 0..L { - assert(self.y[coeff_idx][mod_idx][0] == secret_coeff); - } - } - } -} - -impl SmudgingNoiseShareComputation { - pub fn new( - configs: Configs, - expected_secret_commitment: Field, - e_sm_secret: [Polynomial; L], - y: [[[Field; N_PARTIES + 1]; L]; N], - h: [[[Field; N_PARTIES + 1]; N_PARTIES - T]; L], - ) -> Self { - SmudgingNoiseShareComputation { configs, expected_secret_commitment, e_sm_secret, y, h } - } - - /// Main verification function - pub fn execute(self) -> [[Field; L]; N_PARTIES] { - // Step 1: Verify secret commitment matches expected - self.verify_secret_commitment(); - - // Step 2: Verify secret consistency - self.verify_secret_consistency(); - - // Step 3: Range checks - check_range_bounds::(self.configs.qis, self.y); - - // Step 4: Verify parity check - verify_parity_check::(self.configs.qis, self.h, self.y); - - // Step 5: Commit to shares for each party and modulus - commit_to_party_shares::(self.y) - } - - /// Verifies that secret hashes to expected_secret_commitment - /// The commitment is computed over all L RNS polynomials (matching - /// multiple_polynomial_payload's behavior which hashes all L modulus polynomials) - fn verify_secret_commitment(self) { - assert( - compute_share_computation_e_sm_commitment::(self.e_sm_secret) - == self.expected_secret_commitment, - "ESM commitment mismatch", - ); - } - - /// Verifies secret consistency: `y[i][j][0] == e_sm_secret[j][i]` for all i, j. - /// - /// This function ensures that for each coefficient i and CRT basis j, the share - /// at party ID 0 equals the corresponding secret coefficient for that modulus. - /// This is a fundamental property of Shamir secret sharing where the secret is the - /// evaluation of the sharing polynomial at point 0. - /// - /// e_sm_secret[j] is the RNS representation at modulus j, so y[i][j][0] varies per modulus. - /// - /// # Panics - /// The circuit will fail if secret consistency doesn't hold for any - /// coefficient or CRT basis. - fn verify_secret_consistency(self) { - for coeff_idx in 0..N { - for mod_idx in 0..L { - let secret_coeff = self.e_sm_secret[mod_idx].coefficients[coeff_idx]; - assert( - self.y[coeff_idx][mod_idx][0] == secret_coeff, - "Secret consistency check failed", - ); - } - } - } -} - -/// Performs range checks on secret key and share values. -/// -/// This function constrains all values to be within their expected bounds: -/// - Share values for parties k >= 1 must be in [0, q_j) for each CRT modulus q_j -/// -/// These bounds are critical for security and correctness of the Threshold scheme. -/// -/// # Panics -/// This function will cause the circuit to fail if any value is outside -/// its expected bounds. -pub fn check_range_bounds( - qis: [Field; L], - y: [[[Field; N_PARTIES + 1]; L]; N], -) { - // Shares y[i][j][k] for k >= 1 should be in [0, q_j) - for mod_idx in 0..L { - let q_j = qis[mod_idx]; - - for coeff_idx in 0..N { - for party_idx in 1..(N_PARTIES + 1) { - // Use range_check_standard from Polynomial by creating a single-coefficient polynomial - Polynomial::new([y[coeff_idx][mod_idx][party_idx]]) - .range_check_standard::(q_j); - } - } - } -} - -/// Verifies Reed-Solomon parity check: `H[j] * y[i][j]^T == 0 mod q_j` for all i, j. -/// -/// This function verifies that for each coefficient i and CRT basis j, the share -/// vector `y[i][j]` forms a valid Reed-Solomon codeword by satisfying the parity -/// check equation with the parity check matrix `H[j]`. -/// -/// The parity check matrix H[j] has dimensions `(N_PARTIES - T) * (N_PARTIES + 1)`, -/// and the share vector `y[i][j]` has length `N_PARTIES + 1`. The parity check -/// ensures that any T+1 shares can correctly reconstruct the secret key via -/// Lagrange interpolation. -/// -/// # Panics -/// The circuit will fail if the parity check doesn't hold for any coefficient, -/// CRT basis, or parity check row. -pub fn verify_parity_check( - qis: [Field; L], - h: [[[Field; N_PARTIES + 1]; N_PARTIES - T]; L], - y: [[[Field; N_PARTIES + 1]; L]; N], -) { - for coeff_idx in 0..N { - for mod_idx in 0..L { - let q_j = qis[mod_idx]; - - // For each row of H, compute dot product with y and verify == 0 - for row in 0..(N_PARTIES - T) { - let mut sum: Field = 0; - - for col in 0..(N_PARTIES + 1) { - sum = sum + h[mod_idx][row][col] * y[coeff_idx][mod_idx][col]; - } - - // Reduce mod q_j and verify == 0 - let m = ModU128::new(q_j); - let result = m.reduce_mod(sum); - assert(result == 0, "Parity check failed"); - } - } - } -} - -/// Commits to shares for each party and modulus -/// Returns [[Field; L]; N_PARTIES] where commitments[party_idx][mod_idx] -pub fn commit_to_party_shares( - y: [[[Field; N_PARTIES + 1]; L]; N], -) -> [[Field; L]; N_PARTIES] { - let mut commitments: [[Field; L]; N_PARTIES] = [[0; L]; N_PARTIES]; - - for party_idx in 0..N_PARTIES { - for mod_idx in 0..L { - commitments[party_idx][mod_idx] = compute_share_encryption_commitment_from_shares::( - y, - party_idx, - mod_idx, - ); - } - } - - commitments -} diff --git a/circuits/lib/src/core/dkg/share_computation/base.nr b/circuits/lib/src/core/dkg/share_computation/base.nr new file mode 100644 index 0000000000..22fb6c3571 --- /dev/null +++ b/circuits/lib/src/core/dkg/share_computation/base.nr @@ -0,0 +1,199 @@ +// SPDX-License-Identifier: LGPL-3.0-only +// +// This file is provided WITHOUT ANY WARRANTY; +// without even the implied warranty of MERCHANTABILITY +// or FITNESS FOR A PARTICULAR PURPOSE. + +// Base circuit for C2 (SecretKeyShareComputation and SmudgingNoiseShareComputation). +// Verifies secret commitment and consistency, and outputs chunk and party commitments +// to bind the chunk circuits and provide share commitments for downstream C3/C4. + +use crate::math::commitments::{ + compute_share_computation_chunk_commitment, compute_share_computation_e_sm_commitment, + compute_share_computation_sk_commitment, compute_share_encryption_commitment_from_shares, +}; +use crate::math::polynomial::Polynomial; + +pub struct Configs { + pub qis: [Field; L], +} + +impl Configs { + pub fn new(qis: [Field; L]) -> Self { + Configs { qis } + } +} + +// ===== BASE CIRCUIT FOR SK ===== + +pub struct SecretKeyShareComputationBase { + configs: Configs, + /// Expected commitment to sk secret (from C1, public input) + expected_secret_commitment: Field, + /// Secret key polynomial + sk_secret: Polynomial, + /// Full shares array y[coeff_idx][mod_idx][party_idx] + y: [[[Field; N_PARTIES + 1]; L]; N], +} + +impl SecretKeyShareComputationBase { + + pub fn new( + configs: Configs, + expected_secret_commitment: Field, + sk_secret: Polynomial, + y: [[[Field; N_PARTIES + 1]; L]; N], + ) -> Self { + SecretKeyShareComputationBase { configs, expected_secret_commitment, sk_secret, y } + } + + fn verify_secret_commitment(self) { + assert( + compute_share_computation_sk_commitment::(self.sk_secret) + == self.expected_secret_commitment, + "SK commitment mismatch", + ); + } + + /// Verifies y[i][j][0] == sk_secret[i] for all i, j + fn verify_secret_consistency(self) { + for coeff_idx in 0..N { + let secret_coeff = self.sk_secret.coefficients[coeff_idx]; + for mod_idx in 0..L { + assert( + self.y[coeff_idx][mod_idx][0] == secret_coeff, + "SK secret consistency check failed", + ); + } + } + } + + fn compute_chunk_commitments(self) -> [Field; N_CHUNKS] { + let mut chunk_commitments: [Field; N_CHUNKS] = [0; N_CHUNKS]; + for chunk_idx in 0..N_CHUNKS { + let start = chunk_idx * CHUNK_SIZE; + let mut y_chunk: [[[Field; N_PARTIES + 1]; L]; CHUNK_SIZE] = + [[[0; N_PARTIES + 1]; L]; CHUNK_SIZE]; + for i in 0..CHUNK_SIZE { + y_chunk[i] = self.y[start + i]; + } + chunk_commitments[chunk_idx] = compute_share_computation_chunk_commitment::( + y_chunk, + chunk_idx, + ); + } + chunk_commitments + } + + fn compute_party_commitments(self) -> [[Field; L]; N_PARTIES] { + let mut party_commitments: [[Field; L]; N_PARTIES] = [[0; L]; N_PARTIES]; + for party_idx in 0..N_PARTIES { + for mod_idx in 0..L { + party_commitments[party_idx][mod_idx] = compute_share_encryption_commitment_from_shares::( + self.y, + party_idx, + mod_idx, + ); + } + } + party_commitments + } + + /// Returns (chunk_commitments, party_commitments) + /// chunk_commitments bind the chunk circuits + /// party_commitments[party_idx][mod_idx] are used downstream in C3/C4 + pub fn execute(self) -> ([Field; N_CHUNKS], [[Field; L]; N_PARTIES]) { + self.verify_secret_commitment(); + self.verify_secret_consistency(); + let chunk_commitments = self.compute_chunk_commitments(); + let party_commitments = self.compute_party_commitments(); + (chunk_commitments, party_commitments) + } +} + +// ===== BASE CIRCUIT FOR ESM ===== + +pub struct SmudgingNoiseShareComputationBase { + configs: Configs, + /// Expected commitment to e_sm secret (from C1, public input) + expected_secret_commitment: Field, + /// Smudging noise polynomial per modulus + e_sm_secret: [Polynomial; L], + /// Full shares array y[coeff_idx][mod_idx][party_idx] + y: [[[Field; N_PARTIES + 1]; L]; N], +} + +impl SmudgingNoiseShareComputationBase { + + pub fn new( + configs: Configs, + expected_secret_commitment: Field, + e_sm_secret: [Polynomial; L], + y: [[[Field; N_PARTIES + 1]; L]; N], + ) -> Self { + SmudgingNoiseShareComputationBase { configs, expected_secret_commitment, e_sm_secret, y } + } + + fn verify_secret_commitment(self) { + assert( + compute_share_computation_e_sm_commitment::(self.e_sm_secret) + == self.expected_secret_commitment, + "ESM commitment mismatch", + ); + } + + /// Verifies y[i][j][0] == e_sm_secret[j][i] for all i, j + fn verify_secret_consistency(self) { + for coeff_idx in 0..N { + for mod_idx in 0..L { + let secret_coeff = self.e_sm_secret[mod_idx].coefficients[coeff_idx]; + assert( + self.y[coeff_idx][mod_idx][0] == secret_coeff, + "ESM secret consistency check failed", + ); + } + } + } + + fn compute_chunk_commitments(self) -> [Field; N_CHUNKS] { + let mut chunk_commitments: [Field; N_CHUNKS] = [0; N_CHUNKS]; + for chunk_idx in 0..N_CHUNKS { + let start = chunk_idx * CHUNK_SIZE; + let mut y_chunk: [[[Field; N_PARTIES + 1]; L]; CHUNK_SIZE] = + [[[0; N_PARTIES + 1]; L]; CHUNK_SIZE]; + for i in 0..CHUNK_SIZE { + y_chunk[i] = self.y[start + i]; + } + chunk_commitments[chunk_idx] = compute_share_computation_chunk_commitment::( + y_chunk, + chunk_idx, + ); + } + chunk_commitments + } + + fn compute_party_commitments(self) -> [[Field; L]; N_PARTIES] { + let mut party_commitments: [[Field; L]; N_PARTIES] = [[0; L]; N_PARTIES]; + for party_idx in 0..N_PARTIES { + for mod_idx in 0..L { + party_commitments[party_idx][mod_idx] = compute_share_encryption_commitment_from_shares::( + self.y, + party_idx, + mod_idx, + ); + } + } + party_commitments + } + + /// Returns (chunk_commitments, party_commitments) + /// chunk_commitments bind the chunk circuits + /// party_commitments[party_idx][mod_idx] are used downstream in C3/C4 + pub fn execute(self) -> ([Field; N_CHUNKS], [[Field; L]; N_PARTIES]) { + self.verify_secret_commitment(); + self.verify_secret_consistency(); + let chunk_commitments = self.compute_chunk_commitments(); + let party_commitments = self.compute_party_commitments(); + (chunk_commitments, party_commitments) + } +} diff --git a/circuits/lib/src/core/dkg/share_computation/chunk.nr b/circuits/lib/src/core/dkg/share_computation/chunk.nr new file mode 100644 index 0000000000..82bf2a5234 --- /dev/null +++ b/circuits/lib/src/core/dkg/share_computation/chunk.nr @@ -0,0 +1,87 @@ +// Chunk circuit for C2. Verifies range checks and parity check for a chunk of +// CHUNK_SIZE coefficients. CHUNK_IDX identifies which chunk this is, used to +// verify consistency against the chunk commitment from the base circuit. + +use crate::math::commitments::compute_share_computation_chunk_commitment; +use crate::math::modulo::U128::ModU128; +use crate::math::polynomial::Polynomial; + +pub struct Configs { + pub qis: [Field; L], +} + +impl Configs { + pub fn new(qis: [Field; L]) -> Self { + Configs { qis } + } +} + +pub struct ShareComputationChunk { + configs: Configs, + /// Public input from base circuit + chunk_commitment: Field, + /// Slice of y for this chunk: y[CHUNK_IDX*CHUNK_SIZE..(CHUNK_IDX+1)*CHUNK_SIZE] + y_chunk: [[[Field; N_PARTIES + 1]; L]; CHUNK_SIZE], + /// Parity check matrix + h: [[[Field; N_PARTIES + 1]; N_PARTIES - T]; L], +} + +impl ShareComputationChunk { + + pub fn new( + configs: Configs, + chunk_commitment: Field, + y_chunk: [[[Field; N_PARTIES + 1]; L]; CHUNK_SIZE], + h: [[[Field; N_PARTIES + 1]; N_PARTIES - T]; L], + ) -> Self { + ShareComputationChunk { configs, chunk_commitment, y_chunk, h } + } + + /// Verifies y_chunk is consistent with chunk_commitment from base circuit. + /// CHUNK_IDX is a compile-time generic so each chunk circuit is uniquely bound + /// to its position, a prover cannot reuse the same chunk data in a different position. + fn verify_chunk_commitment(self) { + let computed = compute_share_computation_chunk_commitment::( + self.y_chunk, + CHUNK_IDX, + ); + assert(computed == self.chunk_commitment, "chunk commitment mismatch"); + } + + /// Range checks: shares y[i][j][k] for k >= 1 must be in [0, q_j) + /// k == 0 is the secret itself, checked in base circuit via secret consistency + fn check_range_bounds(self) { + for mod_idx in 0..L { + let q_j = self.configs.qis[mod_idx]; + for coeff_idx in 0..CHUNK_SIZE { + for party_idx in 1..(N_PARTIES + 1) { + Polynomial::new([self.y_chunk[coeff_idx][mod_idx][party_idx]]) + .range_check_standard::(q_j); + } + } + } + } + + /// Parity check: H[j] * y[i][j]^T == 0 mod q_j for all i in chunk, j + fn verify_parity_check(self) { + for coeff_idx in 0..CHUNK_SIZE { + for mod_idx in 0..L { + let q_j = self.configs.qis[mod_idx]; + let m = ModU128::new(q_j); + for row in 0..(N_PARTIES - T) { + let mut sum: Field = 0; + for col in 0..(N_PARTIES + 1) { + sum += self.h[mod_idx][row][col] * self.y_chunk[coeff_idx][mod_idx][col]; + } + assert(m.reduce_mod(sum) == 0, "Parity check failed"); + } + } + } + } + + pub fn execute(self) { + self.verify_chunk_commitment(); + self.check_range_bounds(); + self.verify_parity_check(); + } +} diff --git a/circuits/lib/src/core/dkg/share_computation/mod.nr b/circuits/lib/src/core/dkg/share_computation/mod.nr new file mode 100644 index 0000000000..466ad29080 --- /dev/null +++ b/circuits/lib/src/core/dkg/share_computation/mod.nr @@ -0,0 +1,2 @@ +pub mod base; +pub mod chunk; diff --git a/circuits/lib/src/math/commitments.nr b/circuits/lib/src/math/commitments.nr index 4e47af542f..5e6288a953 100644 --- a/circuits/lib/src/math/commitments.nr +++ b/circuits/lib/src/math/commitments.nr @@ -109,6 +109,21 @@ pub global DS_USER_DATA_ENCRYPTION_COMMITMENT: [u8; 64] = [ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ]; +// Domain separator - "SHARE_COMPUTATION_CHUNK" +pub global DS_SHARE_COMPUTATION_CHUNK: [u8; 64] = [ + 0x53, 0x48, 0x41, 0x52, 0x45, 0x5f, 0x43, 0x4f, 0x4d, 0x50, 0x55, 0x54, 0x41, 0x54, 0x49, 0x4f, + 0x4e, 0x5f, 0x43, 0x48, 0x55, 0x4e, 0x4b, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, +]; + +// Domain separator - "SHARE_COMPUTATION_PARTY" +pub global DS_SHARE_COMPUTATION_PARTY: [u8; 64] = [ + 0x53, 0x48, 0x41, 0x52, 0x45, 0x5f, 0x43, 0x4f, 0x4d, 0x50, 0x55, 0x54, 0x41, 0x54, 0x49, 0x4f, + 0x4e, 0x5f, 0x50, 0x41, 0x52, 0x54, 0x59, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, +]; /// WRAPPERS pub fn compute_commitment(inputs: Vec, domain_separator: [u8; 64]) -> Field { @@ -274,3 +289,33 @@ pub fn compute_user_data_encryption_ct0_challenge(payload: Vec(payload: Vec) -> Vec { compute_challenge::(payload, DS_CLG_USER_DATA_ENCRYPTION) } + +pub fn compute_share_computation_chunk_commitment( + y_chunk: [[[Field; N_PARTIES + 1]; L]; CHUNK_SIZE], + chunk_idx: u32, +) -> Field { + let mut payload = Vec::new(); + for coeff_idx in 0..CHUNK_SIZE { + for mod_idx in 0..L { + for party_idx in 0..(N_PARTIES + 1) { + payload.push(y_chunk[coeff_idx][mod_idx][party_idx]); + } + } + } + payload.push(chunk_idx as Field); + compute_commitment(payload, DS_SHARE_COMPUTATION_CHUNK) +} + +pub fn compute_share_computation_party_commitment( + y: [[[Field; N_PARTIES + 1]; L]; N], + party_idx: u32, + mod_idx: u32, +) -> Field { + let mut payload = Vec::new(); + for coeff_idx in 0..N { + payload.push(y[coeff_idx][mod_idx][party_idx + 1]); + } + payload.push(party_idx as Field); + payload.push(mod_idx as Field); + compute_commitment(payload, DS_SHARE_COMPUTATION_PARTY) +} From e2cb9c8edc62e959718d8055764eb6a3c848993b Mon Sep 17 00:00:00 2001 From: 0xjei Date: Mon, 9 Mar 2026 17:19:59 +0100 Subject: [PATCH 2/3] fix stale circuits in nargo --- circuits/bin/dkg/Nargo.toml | 2 -- 1 file changed, 2 deletions(-) diff --git a/circuits/bin/dkg/Nargo.toml b/circuits/bin/dkg/Nargo.toml index f13092c377..2e99c1d1db 100644 --- a/circuits/bin/dkg/Nargo.toml +++ b/circuits/bin/dkg/Nargo.toml @@ -1,8 +1,6 @@ [workspace] members = [ "pk", - "sk_share_computation", - "e_sm_share_computation", "share_encryption", "share_decryption", "sk_share_computation_base", From 7f5040667348e853563f546059115d387479a17d Mon Sep 17 00:00:00 2001 From: 0xjei Date: Mon, 9 Mar 2026 17:21:34 +0100 Subject: [PATCH 3/3] add missing licenses --- circuits/bin/dkg/esm_share_computation_base/src/main.nr | 6 ++++++ circuits/bin/dkg/share_computation_chunk/src/main.nr | 6 ++++++ circuits/bin/dkg/sk_share_computation_base/src/main.nr | 6 ++++++ circuits/lib/src/core/dkg/share_computation/chunk.nr | 6 ++++++ circuits/lib/src/core/dkg/share_computation/mod.nr | 6 ++++++ 5 files changed, 30 insertions(+) diff --git a/circuits/bin/dkg/esm_share_computation_base/src/main.nr b/circuits/bin/dkg/esm_share_computation_base/src/main.nr index 3b18aba939..4244c75ff4 100644 --- a/circuits/bin/dkg/esm_share_computation_base/src/main.nr +++ b/circuits/bin/dkg/esm_share_computation_base/src/main.nr @@ -1,3 +1,9 @@ +// SPDX-License-Identifier: LGPL-3.0-only +// +// This file is provided WITHOUT ANY WARRANTY; +// without even the implied warranty of MERCHANTABILITY +// or FITNESS FOR A PARTICULAR PURPOSE. + use lib::configs::default::dkg::{ L_THRESHOLD, N, SHARE_COMPUTATION_CHUNK_SIZE, SHARE_COMPUTATION_E_SM_BASE_CONFIGS, SHARE_COMPUTATION_E_SM_BIT_SECRET, SHARE_COMPUTATION_N_CHUNKS, diff --git a/circuits/bin/dkg/share_computation_chunk/src/main.nr b/circuits/bin/dkg/share_computation_chunk/src/main.nr index 6a5e147cf6..a35993443e 100644 --- a/circuits/bin/dkg/share_computation_chunk/src/main.nr +++ b/circuits/bin/dkg/share_computation_chunk/src/main.nr @@ -1,3 +1,9 @@ +// SPDX-License-Identifier: LGPL-3.0-only +// +// This file is provided WITHOUT ANY WARRANTY; +// without even the implied warranty of MERCHANTABILITY +// or FITNESS FOR A PARTICULAR PURPOSE. + use lib::configs::default::dkg::{ L_THRESHOLD, PARITY_MATRIX, SHARE_COMPUTATION_BIT_SHARE, SHARE_COMPUTATION_CHUNK_SIZE, SHARE_COMPUTATION_SK_CHUNK_CONFIGS, diff --git a/circuits/bin/dkg/sk_share_computation_base/src/main.nr b/circuits/bin/dkg/sk_share_computation_base/src/main.nr index e5b95fa586..5ad1023603 100644 --- a/circuits/bin/dkg/sk_share_computation_base/src/main.nr +++ b/circuits/bin/dkg/sk_share_computation_base/src/main.nr @@ -1,3 +1,9 @@ +// SPDX-License-Identifier: LGPL-3.0-only +// +// This file is provided WITHOUT ANY WARRANTY; +// without even the implied warranty of MERCHANTABILITY +// or FITNESS FOR A PARTICULAR PURPOSE. + use lib::configs::default::dkg::{ L_THRESHOLD, N, SHARE_COMPUTATION_CHUNK_SIZE, SHARE_COMPUTATION_N_CHUNKS, SHARE_COMPUTATION_SK_BASE_CONFIGS, SHARE_COMPUTATION_SK_BIT_SECRET, diff --git a/circuits/lib/src/core/dkg/share_computation/chunk.nr b/circuits/lib/src/core/dkg/share_computation/chunk.nr index 82bf2a5234..667ee7eca3 100644 --- a/circuits/lib/src/core/dkg/share_computation/chunk.nr +++ b/circuits/lib/src/core/dkg/share_computation/chunk.nr @@ -1,3 +1,9 @@ +// SPDX-License-Identifier: LGPL-3.0-only +// +// This file is provided WITHOUT ANY WARRANTY; +// without even the implied warranty of MERCHANTABILITY +// or FITNESS FOR A PARTICULAR PURPOSE. + // Chunk circuit for C2. Verifies range checks and parity check for a chunk of // CHUNK_SIZE coefficients. CHUNK_IDX identifies which chunk this is, used to // verify consistency against the chunk commitment from the base circuit. diff --git a/circuits/lib/src/core/dkg/share_computation/mod.nr b/circuits/lib/src/core/dkg/share_computation/mod.nr index 466ad29080..4bbf3bcbba 100644 --- a/circuits/lib/src/core/dkg/share_computation/mod.nr +++ b/circuits/lib/src/core/dkg/share_computation/mod.nr @@ -1,2 +1,8 @@ +// SPDX-License-Identifier: LGPL-3.0-only +// +// This file is provided WITHOUT ANY WARRANTY; +// without even the implied warranty of MERCHANTABILITY +// or FITNESS FOR A PARTICULAR PURPOSE. + pub mod base; pub mod chunk;