Cmp protocol#7
Conversation
…he following: commit 0f99555 Author: Jonathan <jonathan.weiss1@mail.huji.ac.il> Date: Tue Aug 19 09:49:36 2025 +0300 pk marshalled as (pk.x<<1| parity) (#4) * pk marshalled as (pk.x<<1| parity) * PR fixes commit 3841be3 Author: Jonathan <jonathan.weiss1@mail.huji.ac.il> Date: Thu Aug 7 15:57:12 2025 +0300 Audit fixes (#2) * fx: exponent unmarshal panic with short data * ensure phii degree == threshold (as created in round 1) * fix: Secp256k1Scalar.Act normalizes the point first * change to challenge * changed deriveHashKeyContext * fix: tuple B in round2 should've included the index of each party * static marshal size * supporting new Unmarshal of exponentPoly in keygen * tweak * Unmarshal points/scalars removed without the context of their group commit fad331e Author: Jonathan <jonathan.weiss1@mail.huji.ac.il> Date: Fri Jun 27 08:48:51 2025 +0300 update tss-common commit 41fe152 Author: Jonathan <jonathan.weiss1@mail.huji.ac.il> Date: Wed Jun 25 12:51:28 2025 +0300 upgrading tss-common dependency + msg.ToParsed() fix commit 77c3534 Author: Jonathan Weiss <jonathan.weiss1@mail.huji.ac.il> Date: Thu Jun 19 14:21:53 2025 +0300 curve.Point clone method commit c1cbdc3 Author: Jonathan Weiss <jonathan.weiss1@mail.huji.ac.il> Date: Thu Jun 19 08:50:40 2025 +0300 upgrade tss-common dependency commit b006488 Author: Jonathan <jonathan.weiss1@mail.huji.ac.il> Date: Wed Jun 18 15:33:04 2025 +0300 Frost for ecrecover and tss-lib (#1) * changed gomod, upgrade go ver * removed-non-frost * not-yet working * fix: keygen finilize issue due to self not stored * adding proto messages * upgrade gomod * moving round to be an exported package * made the eth one public * added func: to contract Bytes * marshalling frostsig * README note change * removed unused hash * nits and removed unused packages * crypto readability fix + securly setting nonce=0 * readability and comments, moved unused func into tests * clearer challenge func name * refactor frost/types.go * refreshed common-tss version. added protocol type to msgs * dropping bnb-tss old partyID style * comment improve * fix: broadcast creation funcs names * fix test helper * upgrade tss-common * branch in round3 moved code * refactor
There was a problem hiding this comment.
Pull Request Overview
This PR migrates the multi-party signature protocol implementation from the tauros framework to the xlabs APIs. The migration involves updating import paths, modifying message structures to use protocol buffers, and adjusting protocol implementations to match the xlabs API conventions.
- Updates all import paths from
github.com/taurusgroup/multi-party-sigtogithub.com/xlabs/multi-party-sig - Migrates protocol message structures to use protocol buffer definitions with serialization helpers
- Adapts FROST and CMP signing protocols to work with xlabs' round management and tracking systems
Reviewed Changes
Copilot reviewed 178 out of 181 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| protocols/frost/sign/types.go | Removes old signature types and verification logic |
| protocols/frost/sign/signature.go | Adds new EVM-compatible signature implementation with contract support |
| protocols/frost/sign/sign_test.go | Updates tests with xlabs imports and adds contract signature testing |
| protocols/frost/sign/sign.go | Updates imports and adds tracking ID support |
| protocols/frost/sign/round3.go | Migrates to protobuf messages and xlabs round handling |
| protocols/frost/sign/round2.go | Updates message handling and adds EVM-compatible challenge generation |
| protocols/frost/sign/round1.go | Updates imports and adds CanFinalize method |
| protocols/frost/sign/messages.go | Adds protobuf message creation and validation helpers |
| protocols/frost/sign/frost-signing.pb.go | Generated protobuf code for FROST signing messages |
| protocols/frost/keygen/*.go | Migrates keygen protocol to xlabs APIs with protobuf messages |
| protocols/frost/frost.go | Updates main FROST interface with xlabs imports |
| protocols/cmp/sign/*.go | Migrates CMP signing protocol to xlabs message structures |
| protocols/doerner/*.go | Removes deprecated Doerner protocol implementation |
| protocols/example/*.go | Removes example XOR protocol implementation |
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
| // Verify checks if a signature equation actually holds. | ||
| // | ||
| // Note that m is the hash of a message, and not the message itself. | ||
| func (sig Signature) Verify(public curve.Point, m []byte) error { |
There was a problem hiding this comment.
The Verify method returns an error instead of a boolean, which is inconsistent with the original implementation. This breaking change could confuse API consumers who expect a boolean return value from signature verification.
| // TODO: this assumes we've received Broadcast2 before we reach this point. | ||
| // (r.K[from] is nil and will FAIL to verify this proof). Consider how to handle this when Broadcast2 is not yet received. |
There was a problem hiding this comment.
The TODO comment indicates a potential race condition where message verification depends on broadcast message order. This could lead to verification failures if messages arrive out of order.
| return err | ||
| } | ||
|
|
||
| if len(b) > math.MaxUint16 { |
There was a problem hiding this comment.
This may be an issue because MarshalBinary could allocate more than 2^16B memory and only after that will it be filtered (e.g., this may allow someone to allocate enough memory to trigger a crash). It's better if MarshalBinary would return an error if it needs to allocate more than 2^16 B.
There was a problem hiding this comment.
How do you enforce that on marshalBinary?
| } | ||
|
|
||
| func sum(sizes []int) int { | ||
| total := 0 |
There was a problem hiding this comment.
Could this overflow?
(if len(sizes) is larger than 2^15)
There was a problem hiding this comment.
I've added a check on the number of items , ensuring smaller than 2^16 list
| } | ||
|
|
||
| sizes := make([]int, numItems) | ||
| for i := 0; i < numItems; i++ { |
There was a problem hiding this comment.
is this correct? shouldn't it skip sizes[i] worth of data bytes?
There was a problem hiding this comment.
No that's okay.
i first encode the size of all items, then put them one after the other on a single buffer.
| return false | ||
| } | ||
|
|
||
| if len(b.Di) == 0 || len(b.Di) > 33 { |
There was a problem hiding this comment.
should 33 be a global const? Also, is the check accurate?
There was a problem hiding this comment.
I hadn't change this frost file. not sure why it shows it in the diff. locally it doesn't seem to show any git diff.
| body, ok := msg.Content.(*broadcast2) | ||
| if !ok || body == nil { | ||
| body, ok := msg.Content.(*Broadcast2) | ||
| if !ok || !body.ValidateBasic() { |
There was a problem hiding this comment.
ValidateBasic also checks whether the receiver is nil?
jonathanMweiss
force-pushed
the
cmp-prot
branch
from
34e030c to
d7355d6
Compare
There was a problem hiding this comment.
Pull Request Overview
Copilot reviewed 65 out of 66 changed files in this pull request and generated 3 comments.
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
| type command struct { | ||
| search bool | ||
| // This counter indicates the number of results that still need to be produced. | ||
| ctr *int64 | ||
| // This channel is used to signal that the counter was modified | ||
| ctrChanged chan<- struct{} | ||
| // This is the index we evaluate our function at, when not searching | ||
| // also used to store results in search mode. | ||
| ctr *atomic.Int64 |
There was a problem hiding this comment.
The comment on line 37 is confusing as it mentions 'also used to store results in search mode', but ctr is a counter, not a storage mechanism for results. The results are stored in the results field. Consider clarifying that ctr tracks the number of remaining results to produce.
|
|
||
| // keep searching while we still need results | ||
| for c.ctr.Load() > 0 { | ||
| // using 0 as dummy values, since search functions don't use the index |
There was a problem hiding this comment.
The comment 'using 0 as dummy values' should be 'using 0 as a dummy value' (singular) since only one value is being passed.
| // using 0 as dummy values, since search functions don't use the index | |
| // using 0 as a dummy value, since search functions don't use the index |
| newChainKey = c.ChainKey | ||
| } | ||
| if len(newChainKey) != params.SecBytes { | ||
| return nil, fmt.Errorf("expecte %d bytes for chain key, found %d", params.SecBytes, len(newChainKey)) |
There was a problem hiding this comment.
Corrected spelling of 'expecte' to 'expected'.
| return nil, fmt.Errorf("expecte %d bytes for chain key, found %d", params.SecBytes, len(newChainKey)) | |
| return nil, fmt.Errorf("expected %d bytes for chain key, found %d", params.SecBytes, len(newChainKey)) |
jonathanMweiss
force-pushed
the
cmp-prot
branch
2 times, most recently
from
312157e to
bb53773
Compare
jonathanMweiss
force-pushed
the
cmp-prot
branch
from
bb53773 to
f369c25
Compare
|
|
||
| // get a signature in ethereum format | ||
| func (sig *Signature) SigEthereum() ([]byte, error) { | ||
| IsOverHalfOrder := sig.S.IsOverHalfOrder() // s-values greater than secp256k1n/2 are considered invalid |
| @@ -0,0 +1,105 @@ | |||
| package marshal | |||
| return | ||
| } | ||
|
|
||
| return |
There was a problem hiding this comment.
go compilation demands this return, indicating there is value (see signature)
| func makeBroadcast3( | ||
| // RID = RIDᵢ | ||
| RID types.RID, | ||
| C types.RID, //chainkey RID |
There was a problem hiding this comment.
nit: the comments should say what RID means, and what is chainkey
| func (body *Broadcast3) unmarshalVssExpoly(crv curve.Curve, threshold int, vssConstant bool) (*polynomial.Exponent, error) { | ||
| vssSize := threshold + 1 | ||
| if vssConstant { | ||
| // polynomial[0] is not sent in refresh mode ( due to it being the identity point ) as optimization. |
There was a problem hiding this comment.
is supporting resharing necessary? (or is it used in the protocol?)
* contractSig corrections * fix comments and updated gomod.
this PR adjusts the cmp protocol from tauros to match the xlabs apis.