fix shared random to use resampling

2023-04-21 11:08:49 +01:00 · 2023-04-21 11:08:49 +01:00 · b24d031524
commit b24d031524
parent 125bbd6575
2 changed files with 15 additions and 6 deletions
--- a/static/js/modules/interface/proofs.js
+++ b/static/js/modules/interface/proofs.js
@ -163,3 +163,5 @@ export function verifyRegions(obj, key) {
 window.verifyRegions = verifyRegions;

 // verifyRegions(proveRegions({A:paillier.pubKey.encrypt(0n),B:paillier.pubKey.encrypt(1n),C:paillier.pubKey.encrypt(0n),D:paillier.pubKey.encrypt(0n),E:paillier.pubKey.encrypt(0n)}), paillier.pubKey)
+
+function proveRange() {}
--- a/static/js/modules/interface/random.js
+++ b/static/js/modules/interface/random.js
@ -7,8 +7,7 @@ class RandomSession {
        this.cipherTexts = {};
        this.cipherKeys = {};
        this.ourKey = CryptoJS.lib.WordArray.random(32).toString();
-        // 32-bit as JavaScript does funny stuff at 53-bit levels.
-        this.ourNoise = CryptoJS.lib.WordArray.random(4);
+        this.ourNoise = CryptoJS.lib.WordArray.random(8);
        this.finalValue = null;
        this.resolvers = [];
    }
@ -102,7 +101,7 @@ export class Random {
            ) {
                // Lock out wait calls as they may resolve to never-ending promises.
                await navigator.locks.request(`random-${data.session}`, () => {
-                    let total = parseInt(session.ourNoise, 16);
+                    let total = BigInt("0x" + session.ourNoise.toString());

                    for (let participant of Object.keys(session.cipherKeys)) {
                        let decrypted = CryptoJS.AES.decrypt(
@ -110,10 +109,18 @@ export class Random {
                            session.cipherKeys[participant]
                        ).toString();

-                        total += parseInt(decrypted, 16);
+                        total += BigInt("0x" + decrypted);
                    }

-                    session.finalValue = total % session.range;
+                    // Find first good block of bits to avoid modular bias
+                    let blockSize = BigInt(Math.ceil(Math.log2(session.range)));
+                    let blockMask = 2n ** blockSize - 1n;
+
+                    while ((total & blockMask) >= BigInt(session.range)) {
+                        total >>= blockSize;
+                    }
+
+                    session.finalValue = total & blockMask;

                    this.resolve(data.session);
                });
@ -122,7 +129,7 @@ export class Random {
    }

    /**
-     * Resolve a session by calling any callbacks associated with the session and then deleting it.
+     * Resolve a session by calling any callbacks associated with the session.
     *
     * @param sessionId
     */