GG_2020: Incorrect Alice's range proof in MtA when Signing

Question

GG_2020: Incorrect Alice's range proof in MtA when Signing

Rwinwij opened this issue 2 years ago · comments

Dear ZenGo Team,

I am currently trying to use GG_2020 multi-party ECDSA for a crypto wallet project.

I found that the signing will pass if we sign with local-share1 first followed by local-share2, but failed in other order, e.g:
./gg20_signing -p 1,2 -d "hello" -l local-share2.json
./gg20_signing -p 1,2 -d "hello" -l local-share1.json

OR

./gg20_signing -p 1,2 -d "hello" -l local-share2.json
./gg20_signing -p 1,2 -d "hello" -l local-share3.json

The error is "Incorrect Alice's range proof in MtA" which is during Round 1 of signing.

I have tried to modified the DKG modules to use safe_primes when generating the keys/local shares but the problem still persists.

Hope that your team can look into this.

Many thanks,

Erwin

Erwin MW · Answer 1 · Tue Apr 05 2022 10:37:12 GMT+0800 (China Standard Time)

The -p parameter need to specify the local shares used to sign in the correct order.
For the case of signing with local share 3 and local share 1, the command would be:
./gg20_signing -p 3,1 -d "hello" -l local-share3.json
./gg20_signing -p 3,1 -d "hello" -l local-share1.json

drewstone · Answer 2 · Sat Dec 24 2022 03:11:39 GMT+0800 (China Standard Time)

@Rwinwij any chance you're available to discuss this issue? We're facing it ourselves, if you're open to it, my email is drew@webb.tools.