Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix/guardian proof #432

Merged
merged 12 commits into from
Sep 25, 2023
Merged

Conversation

AddressXception
Copy link
Collaborator

Issue

Link your PR to an issue

Fixes #419

Description

Please describe your pull request.

Adds the hash function parameters to the guardian share challenge per the E.G. 2.0 spec.

The ParameterHash is an input to a number of other hashes and values and so it's both a property of the compiled code (and the election parameters used when using this version of the software to run elections) and also a property of the CiphertextElectionContext itself, which allows for the validation and servicing of elections that use different or earlier parameters. The serialization in the code base will assign the parameterHash when serializing an object in from json but in some cases the value is not used, such as when checking earlier versions of the spec. In the intermediate period it may lead to inconsistent hash validation for elections created against an earlier version. To overcome that limitation it is best to validate against the version of the software used to make the election until E.G. 2.0 is completely implemented.

Testing

Describe the best way to test or validate your PR.

Add the ParameterBaseHash as a static member to the compiled code as well as to the CiphertextElectionContext as a serialized member since we must maintain compatibility with different elections using different parameters for this value.
add parameter hash and sequence ordering to schnorr challenges and propagate the necessary dependencies down the stack
guardianId, sequenceOrder,
numberOfGuardians,
quorum,
CiphertextElectionContext.ParameterBaseHash,
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I considered using a default value throughout in the interface but decided against that and to force the application to provide this value because it is runtime dependent (even though it is a compiled constant). This way, the caller is forced to understand that we have a dependency on the values G,Q, and P that are used to make the guardian. Really this probably should be part of the key ceremony and then the guardian can derive agains the key ceremony but i was trying to minimize the number of changes.

namespace ElectionGuard
{
[StructLayout(LayoutKind.Sequential)]
public struct ValidationResult
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this struct is a mirror of the one in the c++ code but it is not yet hooked up so they are not equivalent - they simply have the same structure right now.


// TODO: update the constant check when hasing is updated to E.G. 2.0 spec.
// CHECK(context->getParameterHash()->toHex() ==
// "0x2B3B025E50E09C119CBA7E9448ACD1CABC9447EF39BF06327D81C665CDD86296");
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

in order to get this to validate we need to modify the internal hashing method as part of #433

/// Raise a ElementModP value to a long exponent
/// </summary>
/// <param name="b">base value for the calculation</param>
/// <param name="e">exponent to raise the base by</param>
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since this file was changed, added comments to these methods to remove the linter issues

var success = PublicKey.IsValidResidue()
&& Commitment.IsInBounds()
&& Response.IsInBounds()
&& validCommitment && validChallenge;
if (success is false)
Copy link
Collaborator

@john-s-morgan john-s-morgan Aug 16, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
if (success is false)
if (!success)

Note, there shouldn't be a large MSIL difference between the two, if (!foo) is generally more idiomatic and easier to understand.

Comment on lines +153 to +156
var success = PublicKey.IsValidResidue()
&& Commitment.IsInBounds()
&& Response.IsInBounds()
&& validCommitment && validChallenge;
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I really appreciate this being broken out and used in future stuff

}
return success;
return new ValidationResult() { Success = success, Error = messages };
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🙌🏼

Copy link
Collaborator

@SteveMaier-IRT SteveMaier-IRT left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@john-s-morgan john-s-morgan changed the base branch from main to milestone/full-19-math August 21, 2023 18:19
Copy link
Collaborator

@SteveMaier-IRT SteveMaier-IRT left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@SteveMaier-IRT SteveMaier-IRT merged commit 99ced18 into milestone/full-19-math Sep 25, 2023
@SteveMaier-IRT SteveMaier-IRT deleted the fix/guardian-proof branch September 25, 2023 15:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

🐞 Guardian Share Proof challenge Hash is incorrect
3 participants