From d498a371da9cf85fd7ce26ad19297fc5eca74681 Mon Sep 17 00:00:00 2001
From: Robin Salen <salenrobin@gmail.com>
Date: Thu, 19 Oct 2023 10:48:54 -0400
Subject: [PATCH] Make panic messages explicit

---
 src/dkg/key_generation.rs | 34 ++++++++++++++++++++++------------
 src/dkg/participant.rs    | 14 +++++++++-----
 src/sign/signature.rs     | 13 ++++---------
 3 files changed, 35 insertions(+), 26 deletions(-)

diff --git a/src/dkg/key_generation.rs b/src/dkg/key_generation.rs
index 04899ce..35f16c5 100644
--- a/src/dkg/key_generation.rs
+++ b/src/dkg/key_generation.rs
@@ -724,17 +724,15 @@ impl<C: CipherSuite> DistributedKeyGeneration<RoundOne, C> {
                             }
                         };
 
-                        // The two unwrap() below cannot fail, as the participants here are dealers and hence
-                        // always have a proof of secret key and commitments to their private polynomial evaluations.
                         match p
                             .proof_of_secret_key
                             .as_ref()
-                            .unwrap()
+                            .expect("Dealers always have a proof of secret key.")
                             .verify(p.index, public_key)
                         {
                             Ok(_) => {
                                 valid_participants.push(p.clone());
-                                their_commitments.push(p.commitments.as_ref().unwrap().clone());
+                                their_commitments.push(p.commitments.as_ref().expect("Dealers always have commitments to their secret polynomial evaluations.").clone());
                                 their_dh_public_keys.push((p.index, p.dh_public_key.clone()));
                             }
                             Err(_) => misbehaving_participants.push(p.index),
@@ -792,9 +790,13 @@ impl<C: CipherSuite> DistributedKeyGeneration<RoundOne, C> {
             Vec::with_capacity(parameters.n as usize - 1);
 
         for p in participants.iter() {
-            // This unwrap() cannot fail, as we would have already ended if the participant was a signer.
-            let share =
-                SecretShare::<C>::evaluate_polynomial(my_index, &p.index, my_coefficients.unwrap());
+            let share = SecretShare::<C>::evaluate_polynomial(
+                my_index,
+                &p.index,
+                my_coefficients.expect(
+                    "Dealers always have coefficients to generate/redistribute secret shares.",
+                ),
+            );
 
             let dh_key = p.dh_public_key.key * dh_private_key.0;
             let mut dh_key_bytes = Vec::with_capacity(dh_key.compressed_size());
@@ -887,15 +889,14 @@ impl<C: CipherSuite> DistributedKeyGeneration<RoundOne, C> {
                     let decrypted_share = decrypt_share(encrypted_share, &dh_key_bytes);
                     let decrypted_share_ref = &decrypted_share;
 
-                    for commitment in self.state.their_commitments.as_ref().unwrap().iter() {
+                    for commitment in self.state.their_commitments.as_ref().expect("Dealers always have commitments to their secret polynomial evaluations.").iter() {
                         if commitment.index == encrypted_share.sender_index {
                             // If the decrypted share is incorrect, P_i builds a complaint.
 
-                            // This unwrap() cannot fail.
                             if decrypted_share.is_err()
                                 || decrypted_share_ref
                                     .as_ref()
-                                    .unwrap()
+                                    .expect("This cannot fail.")
                                     .verify(commitment)
                                     .is_err()
                             {
@@ -1007,7 +1008,10 @@ impl<C: CipherSuite> DistributedKeyGeneration<RoundTwo, C> {
         for commitment in commitments.iter() {
             let coeff = calculate_lagrange_coefficients::<C>(commitment.index, &index_vector)?;
 
-            group_key += commitment.public_key().unwrap().mul(coeff);
+            group_key += commitment
+                .public_key()
+                .expect("We should always be able to retrieve a public key from ")
+                .mul(coeff);
         }
 
         Ok(GroupVerifyingKey::new(group_key))
@@ -1028,7 +1032,13 @@ impl<C: CipherSuite> DistributedKeyGeneration<RoundTwo, C> {
             points: Vec::new(),
         };
 
-        for commitment in self.state.their_commitments.as_ref().unwrap().iter() {
+        for commitment in self
+            .state
+            .their_commitments
+            .as_ref()
+            .expect("Dealers always have commitments to their secret polynomial evaluations.")
+            .iter()
+        {
             if commitment.index == complaint.accused_index {
                 commitment_accused = commitment.clone();
             }
diff --git a/src/dkg/participant.rs b/src/dkg/participant.rs
index d488bb8..c74c0c8 100644
--- a/src/dkg/participant.rs
+++ b/src/dkg/participant.rs
@@ -85,8 +85,11 @@ impl<C: CipherSuite> Participant<C> {
     ) -> FrostResult<C, (Self, Coefficients<C>, DiffieHellmanPrivateKey<C>)> {
         let (dealer, coeff_option, dh_private_key) =
             Self::new_internal(parameters, false, index, None, &mut rng)?;
-        // This unwrap() cannot fail, as we always have at least an empty vector of coefficients.
-        Ok((dealer, coeff_option.unwrap(), dh_private_key))
+        Ok((
+            dealer,
+            coeff_option.expect("We always have at least an empty vector"),
+            dh_private_key,
+        ))
     }
 
     /// Construct a new signer for the distributed key generation protocol.
@@ -196,7 +199,9 @@ impl<C: CipherSuite> Participant<C> {
             let proof_of_secret_key: NizkPokOfSecretKey<C> = NizkPokOfSecretKey::prove(
                 index,
                 &coefficients.0[0],
-                commitments.public_key().unwrap(),
+                commitments
+                    .public_key()
+                    .expect("We should always be able to retrieve a public key."),
                 rng,
             )?;
 
@@ -250,8 +255,7 @@ impl<C: CipherSuite> Participant<C> {
             &mut rng,
         )?;
 
-        // This unwrap() cannot fail, as we always have at least an empty vector of coefficients.
-        let coefficients = coeff_option.unwrap();
+        let coefficients = coeff_option.expect("We always have at least an empty vector");
 
         let (participant_state, participant_lists) = DistributedKeyGeneration::new_state_internal(
             parameters,
diff --git a/src/sign/signature.rs b/src/sign/signature.rs
index b5a6135..32d5df4 100644
--- a/src/sign/signature.rs
+++ b/src/sign/signature.rs
@@ -614,13 +614,11 @@ impl<C: CipherSuite> SignatureAggregator<C, Finalized<C>> {
         // We first combine all partial signatures together, to remove the need for individual
         // signature verification in case the final group signature is valid.
         for signer in self.state.signers.iter() {
-            // This unwrap() cannot fail, because [`SignatureAggregator<Initial>::finalize()`]
-            // checks that we have partial signature for every expected signer.
             let partial_sig = self
                 .state
                 .partial_signatures
                 .get(&signer.participant_index)
-                .unwrap();
+                .expect("The SignatureAggregator ensured no partial signature was missing when calling finalize().");
 
             z += partial_sig;
         }
@@ -637,7 +635,7 @@ impl<C: CipherSuite> SignatureAggregator<C, Finalized<C>> {
             Err(_) => {
                 let mut misbehaving_participants = Vec::new();
                 for signer in self.state.signers.iter() {
-                    // This unwrap() cannot fail, since the attempted division by zero in
+                    // This cannot error, since the attempted division by zero in
                     // the calculation of the Lagrange interpolation cannot happen,
                     // because we use the typestate pattern,
                     // i.e. [`SignatureAggregator<Initial>::finalize()`], to ensure that
@@ -648,23 +646,20 @@ impl<C: CipherSuite> SignatureAggregator<C, Finalized<C>> {
                         &all_participant_indices,
                     )?;
 
-                    // This cannot fail, and has already been performed previously.
                     let partial_sig = self
                         .state
                         .partial_signatures
                         .get(&signer.participant_index)
-                        .unwrap();
+                        .expect("This has already been performed before.");
 
-                    // This cannot fail, as it is checked when calling finalize().
                     let pk_i = self
                         .state
                         .public_keys
                         .get(&signer.participant_index)
-                        .unwrap();
+                        .expect("This has already been checked when calling finalize().");
 
                     let check = C::G::generator() * partial_sig;
 
-                    // This cannot fail, as the group commitment has already been computed.
                     let participant_commitment = commitment_for_participant(
                         signer.participant_index,
                         self.aggregator.message_hash.as_ref(),