Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Threshold decryption seems to not actually work? #46

Open
sbellem opened this issue Aug 29, 2018 · 2 comments
Open

Threshold decryption seems to not actually work? #46

sbellem opened this issue Aug 29, 2018 · 2 comments
Assignees
Labels
bug Something isn't working
Milestone

Comments

@sbellem
Copy link
Collaborator

sbellem commented Aug 29, 2018

From @Vagabond on April 9, 2018 23:15

When we were implementing the threshold decryption routines for erlang_tpke https://github.com/helium/erlang-tpke by following what the python code did, we noticed that threshold decryption seemed to succeed regardless of the inputs. We eventually re-implemented all the threshold decryption routines according to the Baek and Zhang paper and finally our property based tests started passing (we do negative testing with duplicate shares, shares generated with the wrong key and shares for the wrong message).

I don't have specific changes to suggest here, nor the time to assemble them, but I'm pretty convinced your threshold decrypt, as implemented, ends up being a no-op.

The commit where I reworked our implementation to follow the paper, not the python implementation is here:

helium/erlang-tpke@b2bd3c8

Later commits annotate all those functions with the specific math from the paper(s).

I realize this is not intended to be a production quality implementation, but people should be aware that the threshold decryption doesn't work as advertised and they should not rely on the python implementation of it.

Thanks again for all your work and let me know if there's any more information I can provide.

Copied from original issue: amiller/HoneyBadgerBFT#60

@sbellem
Copy link
Collaborator Author

sbellem commented Aug 29, 2018

From @amiller on April 10, 2018 2:44

Thanks for this report. From a quick glance, it does look at least like verify_share is not called from anything in the repo right now (dev branch).

For now I added a negative test case, and added verification of each share in combine_shares.
b28b835

It would be more efficient to optimistically compute the decryption and then check it, only verifying each share if the overall decryption fails. amiller/HoneyBadgerBFT#11 The right thing to do for now seems to be to err on the side of caution and reduce it to a performance issue.

@sbellem sbellem added the bug Something isn't working label Aug 29, 2018
@sbellem
Copy link
Collaborator Author

sbellem commented Aug 29, 2018

From @Vagabond on April 10, 2018 3:20

I think the breakage is more fundamental than that, I had to rewrite decrypt_share, combine_shares and verify share quite drastically to get them to pass my property tests. The python code varied drastically from the paper.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

1 participant