Correct verification share calculation from n * n * t to just n * t

Reduces key gen execution time by a factor of 3.
This commit is contained in:
Luke Parker 2022-05-29 19:52:27 -04:00
parent f6a41d9836
commit 5a1f273cd5
No known key found for this signature in database
GPG key ID: F9F1386DB1E119B6

View file

@ -1,4 +1,4 @@
use core::{convert::TryFrom, fmt}; use core::fmt;
use std::collections::HashMap; use std::collections::HashMap;
use rand_core::{RngCore, CryptoRng}; use rand_core::{RngCore, CryptoRng};
@ -230,19 +230,17 @@ fn complete_r2<R: RngCore + CryptoRng, C: Curve>(
} }
let mut verification_shares = HashMap::new(); let mut verification_shares = HashMap::new();
for l in 1 ..= params.n() { for i in 1 ..= params.n() {
let i_scalar = C::F::from(i.into());
let mut values = vec![]; let mut values = vec![];
for i in 1 ..= params.n() { (0 .. params.t()).into_iter().fold(C::F::one(), |exp, j| {
for j in 0 .. params.t() { values.push((
let mut exp = C::F::one(); exp,
for _ in 0 .. j { (1 ..= params.n()).into_iter().map(|l| commitments[&l][usize::from(j)]).sum()
exp *= C::F::from(u64::try_from(l).unwrap()); ));
} exp * i_scalar
values.push((exp, commitments[&i][usize::from(j)])); });
} verification_shares.insert(i, multiexp_vartime(values, C::little_endian()));
}
// Doesn't do a unified multiexp due to needing individual verification shares
verification_shares.insert(l, multiexp_vartime(values, C::little_endian()));
} }
debug_assert_eq!(C::generator_table() * secret_share, verification_shares[&params.i()]); debug_assert_eq!(C::generator_table() * secret_share, verification_shares[&params.i()]);