add sequence of coin positions to the cert

algorand · id-ms · May 10, 2022 · Feb 16, 2022 · Mar 10, 2022 · Mar 13, 2022
commit 5446caeb9b455ad23ca0c60eeb00a53ed523eb87
diff --git a/crypto/compactcert/builder.go b/crypto/compactcert/builder.go
@@ -201,14 +201,15 @@ func (b *Builder) Build() (*Cert, error) {
 
 	var proofPositions []uint64
 
+	revealsSequence := make([]uint64, nr)
 	choice := coinChoiceSeed{
 		SignedWeight: c.SignedWeight,
 		ProvenWeight: b.ProvenWeight,
 		Sigcom:       c.SigCommit,
 		Partcom:      b.parttree.Root(),
 		MsgHash:      b.Msg,
 	}
-	coinHash := MakeCoinHash(choice)
+	coinHash := MakeCoinGenerator(choice)
 
 	for j := uint64(0); j < nr; j++ {
 		coin := coinHash.getNextCoin()
@@ -221,6 +222,8 @@ func (b *Builder) Build() (*Cert, error) {
 			return nil, fmt.Errorf("pos %d >= len(participants) %d", pos, len(b.participants))
 		}
 
+		revealsSequence[j] = pos
+
 		// If we already revealed pos, no need to do it again
 		_, alreadyRevealed := c.Reveals[pos]
 		if alreadyRevealed {
@@ -248,6 +251,7 @@ func (b *Builder) Build() (*Cert, error) {
 
 	c.SigProofs = *sigProofs
 	c.PartProofs = *partProofs
+	c.PositionsToReveal = revealsSequence
 
 	return c, nil
 }
diff --git a/crypto/compactcert/builder_test.go b/crypto/compactcert/builder_test.go
@@ -75,10 +75,7 @@ func generateTestSigner(firstValid uint64, lastValid uint64, interval uint64, a
 	return signer
 }
 
-func TestBuildVerify(t *testing.T) {
-	partitiontest.PartitionTest(t)
-
-	a := require.New(t)
+func generateCertForTesting(a *require.Assertions) (*Cert, Params, crypto.GenericDigest, uint64) {
 	currentRound := basics.Round(compactCertRoundsForTests)
 	// Doing a full test of 1M accounts takes too much CPU time in CI.
 	doLargeTest := false
@@ -118,14 +115,10 @@ func TestBuildVerify(t *testing.T) {
 	}
 
 	partcom, err := merklearray.BuildVectorCommitmentTree(basics.ParticipantsArray(parts), crypto.HashFactory{HashType: HashType})
-	if err != nil {
-		t.Error(err)
-	}
+	a.NoError(err)
 
 	b, err := MkBuilder(param, parts, partcom)
-	if err != nil {
-		t.Error(err)
-	}
+	a.NoError(err)
 
 	for i := 0; i < npart; i++ {
 		a.False(b.Present(uint64(i)))
@@ -134,9 +127,17 @@ func TestBuildVerify(t *testing.T) {
 	}
 
 	cert, err := b.Build()
-	if err != nil {
-		t.Error(err)
-	}
+	a.NoError(err)
+
+	return cert, param, partcom.Root(), uint64(npart)
+}
+
+func TestBuildVerify(t *testing.T) {
+	partitiontest.PartitionTest(t)
+
+	a := require.New(t)
+
+	cert, param, partCom, _ := generateCertForTesting(a)
 
 	var someReveal Reveal
 	for _, rev := range cert.Reveals {
@@ -156,9 +157,9 @@ func TestBuildVerify(t *testing.T) {
 	fmt.Printf("    %6d bytes reveals[*] total\n", len(protocol.Encode(&someReveal)))
 	fmt.Printf("  %6d bytes total\n", len(certenc))
 
-	verif := MkVerifier(param, partcom.Root())
-	err = verif.Verify(cert)
-	require.NoError(t, err, "failed to verify the compact cert")
+	verif := MkVerifier(param, partCom)
+	err := verif.Verify(cert)
+	a.NoError(err, "failed to verify the compact cert")
 }
 
 func generateRandomParticipant(a *require.Assertions, testname string) basics.Participant {
@@ -425,6 +426,66 @@ func findLInCert(a *require.Assertions, signature merklesignature.Signature, cer
 	return 0
 }
 
+func TestCoinIndex(t *testing.T) {
+	partitiontest.PartitionTest(t)
+
+	n := 1000
+	b := &Builder{
+		sigs:          make([]sigslot, n),
+		sigsHasValidL: true,
+	}
+
+	for i := 0; i < n; i++ {
+		b.sigs[i].L = uint64(i)
+		b.sigs[i].Weight = 1
+	}
+
+	for i := 0; i < n; i++ {
+		pos, err := b.coinIndex(uint64(i))
+		require.NoError(t, err)
+		require.Equal(t, pos, uint64(i))
+	}
+}
+
+func TestBuilder_AddRejectsInvalidSigVersion(t *testing.T) {
+	partitiontest.PartitionTest(t)
+
+	// setting up a builder
+	a := require.New(t)
+	currentRound := basics.Round(compactCertRoundsForTests)
+
+	totalWeight := 10000000
+	npartHi := 1
+	npartLo := 9
+
+	param := Params{
+		Msg:          testMessage("hello world"),
+		ProvenWeight: uint64(totalWeight / 2),
+		SigRound:     currentRound,
+		SecKQ:        compactCertSecKQForTests,
+	}
+
+	key := generateTestSigner(0, uint64(compactCertRoundsForTests)*20+1, compactCertRoundsForTests, a)
+	var parts []basics.Participant
+	parts = append(parts, createParticipantSliceWithWeight(totalWeight, npartHi, key.GetVerifier())...)
+	parts = append(parts, createParticipantSliceWithWeight(totalWeight, npartLo, key.GetVerifier())...)
+
+	partcom, err := merklearray.BuildVectorCommitmentTree(basics.ParticipantsArray(parts), crypto.HashFactory{HashType: HashType})
+	a.NoError(err)
+
+	builder, err := MkBuilder(param, parts, partcom)
+	a.NoError(err)
+
+	// actual test:
+	signerInRound := key.GetSigner(uint64(currentRound))
+	sig, err := signerInRound.SignBytes(param.Msg)
+	require.NoError(t, err, "failed to create keys")
+	// Corrupting the version of the signature:
+	sig.Signature[1]++
+
+	a.ErrorIs(builder.IsValid(0, sig, true), merklesignature.ErrInvalidSignatureVersion)
+}
+
 func BenchmarkBuildVerify(b *testing.B) {
 	totalWeight := 1000000
 	npart := 10000

diff --git a/crypto/compactcert/coinHash.go → crypto/compactcert/coinGenerator.go b/crypto/compactcert/coinHash.go → crypto/compactcert/coinGenerator.go
@@ -44,28 +44,28 @@ func (cc coinChoiceSeed) ToBeHashed() (protocol.HashID, []byte) {
 	return protocol.CompactCertCoin, protocol.Encode(&cc)
 }
 
-// coinHashContext is used for extracting "randomized" 64 bits for coin flips
-type coinHashContext struct {
+// coinGenerator is used for extracting "randomized" 64 bits for coin flips
+type coinGenerator struct {
 	shkContext   sha3.ShakeHash
 	signedWeight uint64
 }
 
-// MakeCoinHash creates a new CoinHash context.
+// MakeCoinGenerator creates a new CoinHash context.
 // it is used for squeezing 64 bits for coin flips.
 // the function inits the XOF function in the following manner
 // Shake(sumhash(coinChoiceSeed))// we extract 64 bits from shake for each coin flip and divide it by SignedWeight
-func MakeCoinHash(choice coinChoiceSeed) coinHashContext {
+func MakeCoinGenerator(choice coinChoiceSeed) coinGenerator {
 	hash := crypto.HashFactory{HashType: CoinHashType}.NewHash()
 	hashedCoin := crypto.GenericHashObj(hash, choice)
 
 	shk := sha3.NewShake256()
 	shk.Write(hashedCoin)
 
-	return coinHashContext{shkContext: shk, signedWeight: choice.SignedWeight}
+	return coinGenerator{shkContext: shk, signedWeight: choice.SignedWeight}
 }
 
 // getNextCoin returns the next 64bits integer which represents a number between [0,SignedWeight)
-func (ch *coinHashContext) getNextCoin() uint64 {
+func (ch *coinGenerator) getNextCoin() uint64 {
 	var shakeDigest [64]byte
 
 	ch.shkContext.Read(shakeDigest[:])

diff --git a/crypto/compactcert/coinHash_test.go → crypto/compactcert/coinGenerator_test.go b/crypto/compactcert/coinHash_test.go → crypto/compactcert/coinGenerator_test.go
@@ -42,7 +42,7 @@ func TestHashCoin(t *testing.T) {
 		Partcom:      partcom,
 		MsgHash:      msgHash,
 	}
-	coinHash := MakeCoinHash(choice)
+	coinHash := MakeCoinGenerator(choice)
 
 	for j := uint64(0); j < 1000; j++ {
 		coin := coinHash.getNextCoin()
@@ -79,7 +79,7 @@ func BenchmarkHashCoin(b *testing.B) {
 		Partcom:      partcom,
 		MsgHash:      msgHash,
 	}
-	coinHash := MakeCoinHash(choice)
+	coinHash := MakeCoinGenerator(choice)
 
 	for i := 0; i < b.N; i++ {
 		coinHash.getNextCoin()