Giters

ZenGo-X / multi-party-ecdsa

Rust implementation of {t,n}-threshold ECDSA (elliptic curve digital signature algorithm).

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Question about safe primes in gg20

tmpfs opened this issue · comments

commented

The create_safe_primes() function calls generate_h1_h2_N_tilde():

multi-party-ecdsa/src/protocols/multi_party_ecdsa/gg_2020/party_i.rs

Lines 179 to 199 in c94065f

// we recommend using safe primes if the code is used in production
pub fn create_safe_prime(index: usize) -> Self {
let u = Scalar::<Secp256k1>::random();
let y = Point::generator() * &u;
let (ek, dk) = Paillier::keypair_safe_primes().keys();
let (N_tilde, h1, h2, xhi, xhi_inv) = generate_h1_h2_N_tilde();
Self {
u_i: u,
y_i: y,
dk,
ek,
party_index: index,
N_tilde,
h1,
h2,
xhi,
xhi_inv,
}
}

However, in generate_h1_h2_N_tilde() the call to Paillier::keypair_safe_primes() is commented out:

multi-party-ecdsa/src/protocols/multi_party_ecdsa/gg_2020/party_i.rs

Lines 138 to 140 in c94065f

// note, should be safe primes:
// let (ek_tilde, dk_tilde) = Paillier::keypair_safe_primes().keys();;
let (ek_tilde, dk_tilde) = Paillier::keypair().keys();

Does this weaken the support for safe primes? Is using safe primes still recommended for production?

Thanks for any pointers 🙏