# Combining share decryption on Paillier threshold scheme

I am trying to implement the Paillier threshold scheme described by Fouque, et al, but I am having an issue when combining share decryptions.

The scheme calculates the plaintext $$M$$ with the formula:

$$M = Lleft(prodlimits_{j in S} c_{j}^{2mu_{0,j}^{S}} mod n^{2}right) times frac{1}{4mu^{2}theta} mod n$$

Where $$mu_{0,j}^{S} = Delta times prod_{j’ in S setminus {j}} frac{j’}{j’ – j} in mathbb{Z}$$

For a list of shares $$S$$, where on code it is represented by a list of objects $$(id: i, value: c_i)$$ where $$i$$ is the share ID and $$c_i$$ the value, I am trying calculate $$mu_{0,j}^{S}$$ with the following pseudocode Python code:

``````def combine(shares: Set[Decryption], key, params) -> int:
n = key.n
n_squared = n * n

threshold, Δ = params.threshold, params.Δ
c = 1

shares = shares[:threshold]
for i in shares:
µ = Δ

for j in shares:
print(i.id, j.id)
if i is j:
continue

µ *= j.id // (j.id - i.id)
c *= pow(i.value, 2 * µ, n_squared)

L = 4 * Δ * Δ
c //= L * key.θ
return ((c - 1) // n * modular_inverse(L, n)) % n
``````

The problem is when I get to the second iteration, where `i.id` is 2, and the inner for starts with `j.id` as 1. Thus, $$mu$$ is negative when I calculate $$frac{j’}{j’ – j}$$ because $$j’$$ (`j.id`) is smaller than $$j$$ (`i.id`), then $$j’ – j$$ becomes negative.

The effect is that $$mu$$ is negative (every other iteration yields positive factors to multiply), so $$c_{j}^{2mu_{0,j}^{S}}$$ elevates $$c_j$$ to a negative exponent.

Did I miss something from the paper, or is it working as expected and I have to handle this negative exponent some other way?

Avalanche’s first memecoin SDOG ends in a \$30M rugpull

SnowdogDAO (SDOG), the first memecoin to launch on Avalanche, lost over 90% of its value yesterday in what many believe was the platform’s largest rug pull.

Despite millions of dollars in investments lost, the SnowdogDAO team maintains that the event wasn’t a rug pull, but a “game-theory experiment” gone wrong.

## Insiders front-run a token designed to avoid front running

SnowdogDAO, a decentralized reserve memecoin based on Avalanche, failed spectacularly yesterday after being live only 8 days. Launched as an 8-day experiment scheduled to end with a giant buyback, SDOG attracted a lot of attention in the crypto community.

The development team said that they created the “game theory experiment” to create awareness for Snowbank.

“We believed that the combination of a decentralized reserve meme coin that would die after 8 days, with the perspective of a giant buyback would create interest and bring exposure to the Snowbank project.”

The pinnacle of the experiment was set to be the giant buyback, which would be financed by assets acquired by the Snowdog treasury through mint sales. In 8 days, the treasury market value grew to \$44 million, which meant that holders were able to compete for a portion of those funds during the buyback.

What the developers failed to disclose to the community, or at least failed to make it clear enough, was the fact that only 7% of the SDOG supply was eligible to be sold above market price before the buyback.

To avoid front running, Snowdog created its own AMM based on Uniswap V2, migrating all of the SDOG liquidity from Trader Joe, a popular Avalanche DEX.

However, the buyback failed spectacularly within seconds of launching, with hundreds of users losing the majority of their funds. A single address managed to make almost \$10 million by swapping SDOG for other cryptocurrencies, removing a quarter of the treasury’s buyback power.

Just before the buyback, the address bought around \$180,000 worth of SDOG with MIM in batches of \$10,000 and then staked the token. A day later, they staked the funds and were able to drain over \$10 million worth of MIM,

Two other wallets managed to drain \$7.7 and \$3.3 million using the same strategy.

While the owners of the addresses are yet to be identified, many believe that they most likely belonged to people closely connected to the development team.

## Snowdog postmortem reveals nothing

After suffering major blowback from the crypto community, the development team behind Snowdog came out with a postmortem. And while the post was meant to clarify that the event wasn’t a rug pull, it failed to convince the public that the action wasn’t pre-planned.

The team said that they designed their AMM so that it can be front-run by bots by introducing a simple mathematical challenge only available from the Snowbank front-end.

“A trivial compute once you know the requirements, but it would require manual intervention to adapt bots, therefore giving enough time for human interaction before bots could join the party,” they explained in the post. “It worked, as bots sent failed transactions one after the other.”

However, users reported that there was no way to solve the challenge, as initiating a Snowswap contract required a “challengeKey,” which almost none of the users had.

Snowdog maintains that they were responsible for the situation only through their failure to disclose the rules of the game:

“We understand that the buyback experience created frustration as only 7% of the supply holders would benefit from a price superior to the market price before the buyback. We deeply regret not having communicated more on this. We should have warned the community about the risks that waiting for the buyback to sell represented.”

Users that weren’t able to sell their SDOG, which have since lost over 90% of their value, will still be able to make some of the tokens. According to Snowdog, more utility will be provided for the token on Snowbank, which includes SDOG-MIM minting, SDOG-MIM liquidity, Trader Joe listing, and DAO governance.

The post Avalanche’s first memecoin SDOG ends in a \$30M rugpull appeared first on CryptoSlate.

#### Combining share decryption on Paillier threshold scheme

Shopping cart
There are no products in the cart!
Continue shopping
0