Show use cases of splitter.

Author: armfazh

secretsharing/ss.go

@@ -52,26 +52,6 @@ func (s SecretSharing) Shard(rnd io.Reader, secret group.Scalar, n uint) ([]Shar
 	return NewSplitter(rnd, s.t, secret).multipleShard(n)
 }
 
-// Recover returns the secret provided more than t shares are given. Returns an
-// error if the number of shares is not above the threshold t.
-func (s SecretSharing) Recover(shares []Share) (group.Scalar, error) {
-	if l := len(shares); l <= int(s.t) {
-		return nil, errThreshold(s.t, uint(l))
-	}
-
-	x := make([]group.Scalar, s.t+1)
-	px := make([]group.Scalar, s.t+1)
-	for i := range shares[:s.t+1] {
-		x[i] = shares[i].ID
-		px[i] = shares[i].Value
-	}
-
-	l := polynomial.NewLagrangePolynomial(x, px)
-	zero := shares[0].ID.Group().NewScalar()
-
-	return l.Evaluate(zero), nil
-}
-
 type SharesCommitment = []group.Element
 
 // VerifiableSecretSharing provides a (t,n) Feldman's verifiable secret sharing.
@@ -123,12 +103,6 @@ func (v VerifiableSecretSharing) Verify(s Share, c SharesCommitment) bool {
 	return polI.IsEqual(sum)
 }
 
-// Recover returns the secret provided more than t shares are given. Returns an
-// error if the number of shares is not above the threshold t.
-func (v VerifiableSecretSharing) Recover(shares []Share) (group.Scalar, error) {
-	return v.s.Recover(shares)
-}
-
 type Splitter struct {
 	g    group.Group
 	t    uint
@@ -150,6 +124,20 @@ func NewSplitter(rnd io.Reader, t uint, secret group.Scalar) (sp Splitter) {
 	return
 }
 
+func (sp Splitter) Shard(rnd io.Reader) (s Share) {
+	return sp.ShardWithID(sp.g.RandomNonZeroScalar(rnd))
+}
+
+func (sp Splitter) ShardWithID(id group.Scalar) (s Share) {
+	if id.IsZero() {
+		panic("secretsharing: id cannot be zero")
+	}
+
+	s.ID = id.Copy()
+	s.Value = sp.poly.Evaluate(s.ID)
+	return
+}
+
 func (sp Splitter) multipleShard(n uint) ([]Share, error) {
 	if n <= sp.t {
 		return nil, errThreshold(sp.t, n)
@@ -164,18 +152,25 @@ func (sp Splitter) multipleShard(n uint) ([]Share, error) {
 	return shares, nil
 }
 
-func (sp Splitter) Shard(rnd io.Reader) (s Share) {
-	return sp.ShardWithID(sp.g.RandomNonZeroScalar(rnd))
-}
+// Recover returns a secret provided more than t different shares are given.
+// Returns an error if the number of shares is not above the threshold t.
+// Panics if some shares are duplicated.
+func Recover(t uint, shares []Share) (secret group.Scalar, err error) {
+	if l := len(shares); l <= int(t) {
+		return nil, errThreshold(t, uint(l))
+	}
 
-func (sp Splitter) ShardWithID(id group.Scalar) (s Share) {
-	if id.IsZero() {
-		panic("secretsharing: id cannot be zero")
+	x := make([]group.Scalar, t+1)
+	px := make([]group.Scalar, t+1)
+	for i := range shares[:t+1] {
+		x[i] = shares[i].ID
+		px[i] = shares[i].Value
 	}
 
-	s.ID = id.Copy()
-	s.Value = sp.poly.Evaluate(s.ID)
-	return
+	l := polynomial.NewLagrangePolynomial(x, px)
+	zero := shares[0].ID.Group().NewScalar()
+
+	return l.Evaluate(zero), nil
 }
 
 func errThreshold(t, n uint) error {

secretsharing/ss_test.go

@@ -14,22 +14,23 @@ func TestSecretSharing(tt *testing.T) {
 	t := uint(2)
 	n := uint(5)
 
-	s := secretsharing.NewShamirSecretSharing(t)
+	ss := secretsharing.NewShamirSecretSharing(t)
 
-	want := g.RandomScalar(rand.Reader)
-	shares, err := s.Shard(rand.Reader, want, n)
+	secret := g.RandomScalar(rand.Reader)
+	shares, err := ss.Shard(rand.Reader, secret, n)
 	test.CheckNoErr(tt, err, "failed to shard a secret")
 	test.CheckOk(len(shares) == int(n), "bad num shares", tt)
 
 	tt.Run("subsetSize", func(ttt *testing.T) {
 		// Test any possible subset size.
 		for k := 0; k <= int(n); k++ {
-			got, err := s.Recover(shares[:k])
+			got, err := secretsharing.Recover(t, shares[:k])
 			if !(int(t) < k && k <= int(n)) {
 				test.CheckIsErr(ttt, err, "should not recover secret")
 				test.CheckOk(got == nil, "not nil secret", ttt)
 			} else {
 				test.CheckNoErr(ttt, err, "should recover secret")
+				want := secret
 				if !got.IsEqual(want) {
 					test.ReportError(ttt, got, want, t, k, n)
 				}
@@ -45,8 +46,8 @@ func TestVerifiableSecretSharing(tt *testing.T) {
 
 	vs := secretsharing.NewFeldmanSecretSharing(t)
 
-	want := g.RandomScalar(rand.Reader)
-	shares, com, err := vs.Shard(rand.Reader, want, n)
+	secret := g.RandomScalar(rand.Reader)
+	shares, com, err := vs.Shard(rand.Reader, secret, n)
 	test.CheckNoErr(tt, err, "failed to shard a secret")
 	test.CheckOk(len(shares) == int(n), "bad num shares", tt)
 	test.CheckOk(len(com) == int(t+1), "bad num commitments", tt)
@@ -60,12 +61,13 @@ func TestVerifiableSecretSharing(tt *testing.T) {
 	tt.Run("subsetSize", func(ttt *testing.T) {
 		// Test any possible subset size.
 		for k := 0; k <= int(n); k++ {
-			got, err := vs.Recover(shares[:k])
+			got, err := secretsharing.Recover(t, shares[:k])
 			if k <= int(t) {
 				test.CheckIsErr(ttt, err, "should not recover secret")
 				test.CheckOk(got == nil, "not nil secret", ttt)
 			} else {
 				test.CheckNoErr(ttt, err, "should recover secret")
+				want := secret
 				if !got.IsEqual(want) {
 					test.ReportError(ttt, got, want, t, k, n)
 				}
@@ -99,24 +101,59 @@ func TestVerifiableSecretSharing(tt *testing.T) {
 	})
 }
 
+func TestSplitter(tt *testing.T) {
+	g := group.P256
+	t := uint(2)
+	n := uint(5)
+	secret := g.RandomScalar(rand.Reader)
+	sp := secretsharing.NewSplitter(rand.Reader, t, secret)
+
+	tt.Run("recoverOk", func(ttt *testing.T) {
+		// Splitter can create shares at will, not exactly n many.
+		shares := []secretsharing.Share{
+			sp.Shard(rand.Reader),
+			sp.Shard(rand.Reader),
+			sp.Shard(rand.Reader),
+		}
+		got, err := secretsharing.Recover(t, shares)
+		test.CheckNoErr(tt, err, "failed to recover the secret")
+		want := secret
+		if !got.IsEqual(want) {
+			test.ReportError(tt, got, want, t, n)
+		}
+	})
+
+	tt.Run("duplicatedFail", func(ttt *testing.T) {
+		// Panics if trying to recover duplicated shares.
+		share := sp.Shard(rand.Reader)
+		sameShares := []secretsharing.Share{share, share, share}
+		err := test.CheckPanic(func() {
+			got, err := secretsharing.Recover(t, sameShares)
+			test.CheckIsErr(tt, err, "must fail to recover the secret")
+			test.CheckOk(got == nil, "must not recover", tt)
+		})
+		test.CheckOk(err == nil, "must panic", tt)
+	})
+}
+
 func BenchmarkSecretSharing(b *testing.B) {
 	g := group.P256
 	t := uint(3)
 	n := uint(5)
 
 	s := secretsharing.NewShamirSecretSharing(t)
-	want := g.RandomScalar(rand.Reader)
-	shares, _ := s.Shard(rand.Reader, want, n)
+	secret := g.RandomScalar(rand.Reader)
+	shares, _ := s.Shard(rand.Reader, secret, n)
 
 	b.Run("Shard", func(b *testing.B) {
 		for i := 0; i < b.N; i++ {
-			_, _ = s.Shard(rand.Reader, want, n)
+			_, _ = s.Shard(rand.Reader, secret, n)
 		}
 	})
 
 	b.Run("Recover", func(b *testing.B) {
 		for i := 0; i < b.N; i++ {
-			_, _ = s.Recover(shares)
+			_, _ = secretsharing.Recover(t, shares)
 		}
 	})
 }
@@ -127,18 +164,12 @@ func BenchmarkVerifiableSecretSharing(b *testing.B) {
 	n := uint(5)
 
 	vs := secretsharing.NewFeldmanSecretSharing(t)
-	want := g.RandomScalar(rand.Reader)
-	shares, com, _ := vs.Shard(rand.Reader, want, n)
+	secret := g.RandomScalar(rand.Reader)
+	shares, com, _ := vs.Shard(rand.Reader, secret, n)
 
 	b.Run("Shard", func(b *testing.B) {
 		for i := 0; i < b.N; i++ {
-			_, _, _ = vs.Shard(rand.Reader, want, n)
-		}
-	})
-
-	b.Run("Recover", func(b *testing.B) {
-		for i := 0; i < b.N; i++ {
-			_, _ = vs.Recover(shares)
+			_, _, _ = vs.Shard(rand.Reader, secret, n)
 		}
 	})