more CR fix

algorand · id-ms · May 10, 2022 · Feb 16, 2022 · Mar 10, 2022 · Mar 13, 2022
commit 106e6f4dffe562f00210b0151d7e103d08b9908a
diff --git a/compactcert/worker_test.go b/compactcert/worker_test.go
@@ -298,7 +298,7 @@ func TestWorkerAllSigs(t *testing.T) {
 				Data:           tx.Txn.CertMsg.IntoStateProofMessageHash(),
 				ProvenWeight:   provenWeight,
 				Round:          tx.Txn.CertIntervalLatestRound,
-				SecurityTarget: proto.CompactCertSecurityTarget,
+				StrengthTarget: proto.CompactCertStrengthTarget,
 			}
 
 			voters, err := s.CompactCertVoters(tx.Txn.CertIntervalLatestRound - basics.Round(proto.CompactCertRounds) - basics.Round(proto.CompactCertVotersLookback))
@@ -364,7 +364,7 @@ func TestWorkerPartialSigs(t *testing.T) {
 		Data:           msg.IntoStateProofMessageHash(),
 		ProvenWeight:   provenWeight,
 		Round:          tx.Txn.CertIntervalLatestRound,
-		SecurityTarget: proto.CompactCertSecurityTarget,
+		StrengthTarget: proto.CompactCertStrengthTarget,
 	}
 
 	voters, err := s.CompactCertVoters(tx.Txn.CertIntervalLatestRound - basics.Round(proto.CompactCertRounds) - basics.Round(proto.CompactCertVotersLookback))

diff --git a/config/consensus.go b/config/consensus.go
@@ -382,9 +382,9 @@ type ConsensusParams struct {
 	// The threshold is computed as CompactCertWeightThreshold/(1<<32).
 	CompactCertWeightThreshold uint32
 
-	// CompactCertSecurityTarget is the security parameter for the compact
+	// CompactCertStrengthTarget is the security parameter for the compact
 	// certificate scheme.
-	CompactCertSecurityTarget uint64
+	CompactCertStrengthTarget uint64
 
 	// EnableAssetCloseAmount adds an extra field to the ApplyData. The field contains the amount of the remaining
 	// asset that were sent to the close-to address.
@@ -1130,7 +1130,7 @@ func initConsensusProtocols() {
 	vFuture.CompactCertTopVoters = 1024 * 1024
 	vFuture.CompactCertVotersLookback = 16
 	vFuture.CompactCertWeightThreshold = (1 << 32) * 30 / 100
-	vFuture.CompactCertSecurityTarget = 256
+	vFuture.CompactCertStrengthTarget = 256
 
 	vFuture.LogicSigVersion = 7
 

diff --git a/crypto/compactcert/builder.go b/crypto/compactcert/builder.go
@@ -59,7 +59,7 @@ type Builder struct {
 // parttree.
 func MkBuilder(param Params, part []basics.Participant, parttree *merklearray.Tree) (*Builder, error) {
 	npart := len(part)
-	lnProvenWt, err := lnIntApproximation(param.ProvenWeight, precisionBits)
+	lnProvenWt, err := lnIntApproximation(param.ProvenWeight)
 	if err != nil {
 		return nil, err
 	}
@@ -100,7 +100,7 @@ func (b *Builder) IsValid(pos uint64, sig merklesignature.Signature, verifySig b
 
 	// Check signature
 	if verifySig {
-		if err := sig.ValidateSigVersion(merklesignature.SchemeVersion); err != nil {
+		if err := sig.IsSaltVersionEqual(merklesignature.SchemeSaltVersion); err != nil {
 			return err
 		}
 
@@ -193,13 +193,13 @@ func (b *Builder) Build() (*Cert, error) {
 
 	// Reveal sufficient number of signatures
 	c := &Cert{
-		SigCommit:              sigtree.Root(),
-		SignedWeight:           b.signedWeight,
-		Reveals:                make(map[uint64]Reveal),
-		MerkleSignatureVersion: merklesignature.SchemeVersion,
+		SigCommit:                  sigtree.Root(),
+		SignedWeight:               b.signedWeight,
+		Reveals:                    make(map[uint64]Reveal),
+		MerkleSignatureSaltVersion: merklesignature.SchemeSaltVersion,
 	}
 
-	nr, err := numReveals(b.signedWeight, b.lnProvenWeight, b.SecurityTarget)
+	nr, err := numReveals(b.signedWeight, b.lnProvenWeight, b.StrengthTarget)
 	if err != nil {
 		return nil, err
 	}
@@ -209,11 +209,11 @@ func (b *Builder) Build() (*Cert, error) {
 	revealsSequence := make([]uint64, nr)
 
 	choice := coinChoiceSeed{
-		data:           b.Params.Data,
+		partCommitment: b.parttree.Root(),
 		lnProvenWeight: b.lnProvenWeight,
-		signedWeight:   c.SignedWeight,
 		sigCommitment:  c.SigCommit,
-		partCommitment: b.parttree.Root(),
+		signedWeight:   c.SignedWeight,
+		data:           b.Params.Data,
 	}
 
 	coinHash := makeCoinGenerator(&choice)

diff --git a/crypto/compactcert/builder_test.go b/crypto/compactcert/builder_test.go
@@ -45,7 +45,7 @@ func (m testMessage) IntoStateProofMessageHash() StateProofMessageHash {
 }
 
 const compactCertRoundsForTests = 256
-const compactCertSecurityTarget = 256
+const compactCertStrengthTarget = 256
 
 func hashBytes(hash hash.Hash, m []byte) []byte {
 	hash.Reset()
@@ -95,7 +95,7 @@ func generateCertForTesting(a *require.Assertions) (*Cert, Params, crypto.Generi
 		Data:           testMessage("hello world").IntoStateProofMessageHash(),
 		ProvenWeight:   uint64(totalWeight / 2),
 		Round:          currentRound,
-		SecurityTarget: compactCertSecurityTarget,
+		StrengthTarget: compactCertStrengthTarget,
 	}
 
 	// Share the key; we allow the same vote key to appear in multiple accounts..
@@ -242,7 +242,7 @@ func TestSignatureCommitmentBinaryFormat(t *testing.T) {
 		Data:           testMessage("test!").IntoStateProofMessageHash(),
 		ProvenWeight:   uint64(totalWeight / (2 * numPart)),
 		Round:          currentRound,
-		SecurityTarget: compactCertSecurityTarget,
+		StrengthTarget: compactCertStrengthTarget,
 	}
 
 	var parts []basics.Participant
@@ -442,7 +442,7 @@ func TestBuilder_AddRejectsInvalidSigVersion(t *testing.T) {
 		Data:           testMessage("hello world").IntoStateProofMessageHash(),
 		ProvenWeight:   uint64(totalWeight / 2),
 		Round:          currentRound,
-		SecurityTarget: compactCertSecurityTarget,
+		StrengthTarget: compactCertStrengthTarget,
 	}
 
 	key := generateTestSigner(0, uint64(compactCertRoundsForTests)*20+1, compactCertRoundsForTests, a)
@@ -463,7 +463,7 @@ func TestBuilder_AddRejectsInvalidSigVersion(t *testing.T) {
 	// Corrupting the version of the signature:
 	sig.Signature[1]++
 
-	a.ErrorIs(builder.IsValid(0, sig, true), merklesignature.ErrInvalidSignatureVersion)
+	a.ErrorIs(builder.IsValid(0, sig, true), merklesignature.ErrSignatureSaltVersionMismatch)
 }
 
 func TestCoinIndex(t *testing.T) {
@@ -509,7 +509,7 @@ func BenchmarkBuildVerify(b *testing.B) {
 		Data:           testMessage("hello world").IntoStateProofMessageHash(),
 		ProvenWeight:   uint64(totalWeight / 2),
 		Round:          compactCertRoundsForTests,
-		SecurityTarget: compactCertSecurityTarget,
+		StrengthTarget: compactCertStrengthTarget,
 	}
 
 	var parts []basics.Participant

diff --git a/crypto/compactcert/coinGenerator.go b/crypto/compactcert/coinGenerator.go
@@ -28,11 +28,11 @@ import (
 // The coinChoiceSeed defines the randomness seed that will be given to an XOF function. This will be used  for choosing
 // the index of the coin to reveal as part of the compact certificate.
 type coinChoiceSeed struct {
-	data           StateProofMessageHash
-	signedWeight   uint64
+	partCommitment crypto.GenericDigest
 	lnProvenWeight uint64
 	sigCommitment  crypto.GenericDigest
-	partCommitment crypto.GenericDigest
+	signedWeight   uint64
+	data           StateProofMessageHash
 }
 
 // ToBeHashed returns a binary representation of the coinChoiceSeed structure.
@@ -46,12 +46,12 @@ func (cc *coinChoiceSeed) ToBeHashed() (protocol.HashID, []byte) {
 	lnProvenWtAsBytes := make([]byte, 8)
 	binary.LittleEndian.PutUint64(lnProvenWtAsBytes, cc.lnProvenWeight)
 
-	coinChoiceBytes := make([]byte, 0, len(cc.data)+len(signedWtAsBytes)+len(lnProvenWtAsBytes)+len(cc.sigCommitment)+len(cc.partCommitment))
-	coinChoiceBytes = append(coinChoiceBytes, cc.data[:]...)
-	coinChoiceBytes = append(coinChoiceBytes, signedWtAsBytes...)
+	coinChoiceBytes := make([]byte, 0, len(cc.partCommitment)+len(lnProvenWtAsBytes)+len(cc.sigCommitment)+len(signedWtAsBytes)+len(cc.data))
+	coinChoiceBytes = append(coinChoiceBytes, cc.partCommitment...)
 	coinChoiceBytes = append(coinChoiceBytes, lnProvenWtAsBytes...)
 	coinChoiceBytes = append(coinChoiceBytes, cc.sigCommitment...)
-	coinChoiceBytes = append(coinChoiceBytes, cc.partCommitment...)
+	coinChoiceBytes = append(coinChoiceBytes, signedWtAsBytes...)
+	coinChoiceBytes = append(coinChoiceBytes, cc.data[:]...)
 
 	return protocol.CompactCertCoin, coinChoiceBytes
 }
@@ -72,9 +72,9 @@ func makeCoinGenerator(choice *coinChoiceSeed) coinGenerator {
 	rep := crypto.HashRep(choice)
 	shk := sha3.NewShake256()
 	shk.Write(rep)
-
-	threshold, singedWt := prepareRejectionSamplingValues(choice.signedWeight)
-	return coinGenerator{shkContext: shk, signedWeight: singedWt, threshold: threshold}
+	
+	threshold, signedWt := prepareRejectionSamplingValues(choice.signedWeight)
+	return coinGenerator{shkContext: shk, signedWeight: signedWt, threshold: threshold}
 
 }
 
@@ -85,14 +85,17 @@ func prepareRejectionSamplingValues(signedWeight uint64) (*big.Int, *big.Int) {
 	// and threshold = k*signedWeight
 	threshold := &big.Int{}
 	threshold.SetUint64(1)
-	threshold.Lsh(threshold, 64)
 
-	singedWt := &big.Int{}
-	singedWt.SetUint64(signedWeight)
-	threshold.Div(threshold, singedWt)
+	const numberOfBitsPerAttempt = 64
+	threshold.Lsh(threshold, numberOfBitsPerAttempt)
+
+	signedWt := &big.Int{}
+	signedWt.SetUint64(signedWeight)
+
+	threshold.Div(threshold, signedWt)
 
-	threshold.Mul(threshold, singedWt)
-	return threshold, singedWt
+	threshold.Mul(threshold, signedWt)
+	return threshold, signedWt
 }
 
 // getNextCoin returns the next 64bits integer which represents a number between [0,signedWeight)

diff --git a/crypto/compactcert/committableSignatureSlot.go b/crypto/compactcert/committableSignatureSlot.go
@@ -78,10 +78,10 @@ func (cs *committableSignatureSlot) ToBeHashed() (protocol.HashID, []byte) {
 	}
 	binaryLValue := make([]byte, 8)
 	binary.LittleEndian.PutUint64(binaryLValue, cs.sigCommit.L)
+
+	sigSlotByteRepresentation := make([]byte, 0, len(binaryLValue)+len(cs.serializedSignature))
+	sigSlotByteRepresentation = append(sigSlotByteRepresentation, binaryLValue...)
+	sigSlotByteRepresentation = append(sigSlotByteRepresentation, cs.serializedSignature...)
 
-	sigSlotCommitment := make([]byte, 0, len(binaryLValue)+len(cs.serializedSignature))
-	sigSlotCommitment = append(sigSlotCommitment, binaryLValue...)
-	sigSlotCommitment = append(sigSlotCommitment, cs.serializedSignature...)
-
-	return protocol.CompactCertSig, sigSlotCommitment
+	return protocol.CompactCertSig, sigSlotByteRepresentation
 }
diff --git a/crypto/compactcert/const.go b/crypto/compactcert/const.go
@@ -30,6 +30,5 @@ const (
 
 const (
 	// MaxReveals is a bound on allocation and on numReveals to limit log computation
-	// CR double-check
-	MaxReveals = 2048
+	MaxReveals = 1024
 )
diff --git a/crypto/compactcert/msgp_gen.go b/crypto/compactcert/msgp_gen.go
diff --git a/crypto/compactcert/structs.go b/crypto/compactcert/structs.go
@@ -34,7 +34,7 @@ type Params struct {
 	Data           StateProofMessageHash
 	ProvenWeight   uint64       // Weight proven by the certificate
 	Round          basics.Round // The round for which the ephemeral key is committed to
-	SecurityTarget uint64
+	StrengthTarget uint64
 }
 
 // A sigslotCommit is a single slot in the sigs array that forms the certificate.
@@ -68,10 +68,8 @@ type Cert struct {
 	SignedWeight uint64               `codec:"w"`
 	SigProofs    merklearray.Proof    `codec:"S"`
 	PartProofs   merklearray.Proof    `codec:"P"`
-
-	// CR salt version - chagne the falcon to uint8 or change this to int
-	MerkleSignatureVersion int32 `codec:"v"`
-
+	// CR salt version - chagne the falcon to byte or change this to int
+	MerkleSignatureSaltVersion int32 `codec:"v"`
 	// Reveals is a sparse map from the position being revealed
 	// to the corresponding elements from the sigs and participants
 	// arrays.

diff --git a/crypto/compactcert/verifier.go b/crypto/compactcert/verifier.go
@@ -35,7 +35,7 @@ var (
 type Verifier struct {
 	data                   StateProofMessageHash
 	round                  basics.Round // The round for which the ephemeral key is committed to
-	SecurityTarget         uint64
+	strengthTarget         uint64
 	lnProvenWeight         uint64 // ln(provenWeight) as integer with 16 bits of precision
 	participantsCommitment crypto.GenericDigest
 }
@@ -44,15 +44,15 @@ type Verifier struct {
 // on the message specified in p, with participantsCommitment specifying the Merkle
 // root of the participants that must sign the message.
 func MkVerifier(p Params, partcom crypto.GenericDigest) (*Verifier, error) {
-	lnProvenWt, err := lnIntApproximation(p.ProvenWeight, precisionBits)
+	lnProvenWt, err := lnIntApproximation(p.ProvenWeight)
 	if err != nil {
 		return nil, err
 	}
 
 	return &Verifier{
 		data:                   p.Data,
 		round:                  p.Round,
-		SecurityTarget:         p.SecurityTarget,
+		strengthTarget:         p.StrengthTarget,
 		lnProvenWeight:         lnProvenWt,
 		participantsCommitment: partcom,
 	}, nil
@@ -62,21 +62,21 @@ func MkVerifier(p Params, partcom crypto.GenericDigest) (*Verifier, error) {
 // and participants that were used to construct the Verifier.
 func (v *Verifier) Verify(c *Cert) error {
 	nr := uint64(len(c.PositionsToReveal))
-	if err := verifyWeights(c.SignedWeight, v.lnProvenWeight, nr, v.SecurityTarget); err != nil {
+	if err := verifyWeights(c.SignedWeight, v.lnProvenWeight, nr, v.strengthTarget); err != nil {
 		return err
 	}
 
-	version := int(c.MerkleSignatureVersion)
+	version := int(c.MerkleSignatureSaltVersion)
 	for _, reveal := range c.Reveals {
-		if err := reveal.SigSlot.Sig.ValidateSigVersion(version); err != nil {
+		if err := reveal.SigSlot.Sig.IsSaltVersionEqual(version); err != nil {
 			return err
 		}
 	}
 
 	sigs := make(map[uint64]crypto.Hashable)
 	parts := make(map[uint64]crypto.Hashable)
 
-	msghash := v.data
+	data := v.data
 	for pos, r := range c.Reveals {
 		sig, err := buildCommittableSignature(r.SigSlot)
 		if err != nil {
@@ -89,7 +89,7 @@ func (v *Verifier) Verify(c *Cert) error {
 		// verify that the msg and the signature is valid under the given participant's Pk
 		err = r.Part.PK.VerifyBytes(
 			uint64(v.round),
-			msghash[:],
+			data[:],
 			r.SigSlot.Sig,
 		)
 
@@ -109,11 +109,11 @@ func (v *Verifier) Verify(c *Cert) error {
 	}
 
 	choice := coinChoiceSeed{
-		data:           v.data,
+		partCommitment: v.participantsCommitment,
 		lnProvenWeight: v.lnProvenWeight,
-		signedWeight:   c.SignedWeight,
 		sigCommitment:  c.SigCommit,
-		partCommitment: v.participantsCommitment,
+		signedWeight:   c.SignedWeight,
+		data:           v.data,
 	}
 
 	coinHash := makeCoinGenerator(&choice)