pk from DLogProof from keygen's Round4 is now verified against VSS.

src/protocols/multi_party_ecdsa/gg_2020/party_i.rs

@@ -392,18 +392,21 @@ impl Keys {
         comm * &li
     }
 
-    pub fn verify_dlog_proofs(
+    pub fn verify_dlog_proofs_check_against_vss(
         params: &Parameters,
         dlog_proofs_vec: &[DLogProof<GE>],
         y_vec: &[GE],
+        vss_vec: &[VerifiableSS<GE>],
     ) -> Result<(), ErrorType> {
         let mut bad_actors_vec = Vec::new();
         assert_eq!(y_vec.len() as u16, params.share_count);
         assert_eq!(dlog_proofs_vec.len() as u16, params.share_count);
+        let xi_commitments = Keys::get_commitments_to_xi(vss_vec);
         let xi_dlog_verify = (0..y_vec.len())
             .map(|i| {
                 let ver_res = DLogProof::verify(&dlog_proofs_vec[i]).is_ok();
-                if ver_res == false {
+                let verify_against_vss = xi_commitments[i] == dlog_proofs_vec[i].pk;
+                if !ver_res || !verify_against_vss {
                     bad_actors_vec.push(i);
                     false
                 } else {

src/protocols/multi_party_ecdsa/gg_2020/state_machine/keygen/rounds.rs

@@ -185,7 +185,7 @@ impl Round3 {
             share_count: self.n.into(),
         };
         let (vss_schemes, party_shares): (Vec<_>, Vec<_>) = input
-            .into_vec_including_me((self.own_vss.clone(), self.own_share))
+            .into_vec_including_me((self.own_vss, self.own_share))
             .into_iter()
             .unzip();
 
@@ -212,7 +212,7 @@ impl Round3 {
             bc_vec: self.bc_vec,
             shared_keys,
             own_dlog_proof: dlog_proof.clone(),
-            own_vss: self.own_vss,
+            vss_vec: vss_schemes,
 
             party_i: self.party_i.clone(),
             t: self.t,
@@ -233,7 +233,7 @@ pub struct Round4 {
     bc_vec: Vec<gg_2020::party_i::KeyGenBroadcastMessage1>,
     shared_keys: gg_2020::party_i::SharedKeys,
     own_dlog_proof: DLogProof<GE>,
-    own_vss: VerifiableSS<GE>,
+    vss_vec: Vec<VerifiableSS<GE>>,
 
     party_i: u16,
     t: u16,
@@ -248,8 +248,13 @@ impl Round4 {
         };
         let dlog_proofs = input.into_vec_including_me(self.own_dlog_proof.clone());
 
-        Keys::verify_dlog_proofs(&params, &dlog_proofs, &self.y_vec)
-            .map_err(ProceedError::Round4VerifyDLogProof)?;
+        Keys::verify_dlog_proofs_check_against_vss(
+            &params,
+            &dlog_proofs,
+            &self.y_vec,
+            &self.vss_vec,
+        )
+        .map_err(ProceedError::Round4VerifyDLogProof)?;
         let pk_vec = (0..params.share_count as usize)
             .map(|i| dlog_proofs[i].pk)
             .collect::<Vec<GE>>();
@@ -275,7 +280,7 @@ impl Round4 {
             y_sum_s: y_sum,
             h1_h2_n_tilde_vec,
 
-            vss_scheme: self.own_vss,
+            vss_scheme: self.vss_vec[usize::from(self.party_i - 1)].clone(),
 
             i: self.party_i,
             t: self.t,

src/protocols/multi_party_ecdsa/gg_2020/test.rs

@@ -243,7 +243,12 @@ fn keygen_t_n_parties(
 
     let pk_vec = (0..n).map(|i| dlog_proof_vec[i].pk).collect::<Vec<GE>>();
 
-    let dlog_verification = Keys::verify_dlog_proofs(&params, &dlog_proof_vec, &y_vec);
+    let dlog_verification = Keys::verify_dlog_proofs_check_against_vss(
+        &params,
+        &dlog_proof_vec,
+        &y_vec,
+        &vss_scheme_vec,
+    );
 
     if dlog_verification.is_err() {
         return Err(dlog_verification.err().unwrap());