2022-10-29 03:54:42 -05:00
|
|
|
[package]
|
|
|
|
|
name = "ciphersuite"
|
2025-08-20 00:06:07 -04:00
|
|
|
version = "0.4.2"
|
2022-10-29 03:54:42 -05:00
|
|
|
description = "Ciphersuites built around ff/group"
|
|
|
|
|
license = "MIT"
|
|
|
|
|
repository = "https://github.com/serai-dex/serai/tree/develop/crypto/ciphersuite"
|
|
|
|
|
authors = ["Luke Parker <lukeparker5132@gmail.com>"]
|
|
|
|
|
keywords = ["ciphersuite", "ff", "group"]
|
|
|
|
|
edition = "2021"
|
Replace `Ciphersuite::hash_to_F`
The prior-present `Ciphersuite::hash_to_F` was a sin. Implementations took a
DST, yet were not require to securely handle it. It was also biased towards the
requirements of `modular-frost` as `ciphersuite` was originally written all
those years ago, when `modular-frost` had needs exceeding what `ff`, `group`
satisfied.
Now, the hash is bound to produce an output which can be converted to a scalar
with `ff::FromUniformBytes`. A new `hash_to_F`, which accepts a single argument
of the value to hash (removing the potential to insecurely handle the DST by
removing the DST entirely). Due to `digest` yielding a `GenericArray`, yet
`FromUniformBytes` taking a `const usize`, the `ciphersuite` crate now defines
a `FromUniformBytes` trait taking an array (then implemented for all satisfiers
of `ff::FromUniformBytes`). In order to get the array type from the
`GenericArray`, the output of the hash, `digest` is updated to the `0.11`
release candidate which moves to `flexible-array` which solves that problem.
The existing, specific `hash_to_F` functions have been moved to `modular-frost`
as necessary.
`flexible-array` itself is patched to a fork due to
https://github.com/RustCrypto/hybrid-array/issues/131.
2025-08-29 05:04:03 -04:00
|
|
|
rust-version = "1.85"
|
2022-10-29 03:54:42 -05:00
|
|
|
|
|
|
|
|
[package.metadata.docs.rs]
|
|
|
|
|
all-features = true
|
|
|
|
|
rustdoc-args = ["--cfg", "docsrs"]
|
|
|
|
|
|
2023-12-16 20:54:24 -05:00
|
|
|
[lints]
|
|
|
|
|
workspace = true
|
|
|
|
|
|
2022-10-29 03:54:42 -05:00
|
|
|
[dependencies]
|
2025-09-15 21:21:30 -04:00
|
|
|
std-shims = { path = "../../common/std-shims", version = "0.1.4", default-features = false }
|
2022-10-29 03:54:42 -05:00
|
|
|
|
2023-12-23 02:13:32 -05:00
|
|
|
zeroize = { version = "^1.5", default-features = false, features = ["derive"] }
|
2023-04-22 04:38:47 -04:00
|
|
|
subtle = { version = "^2.4", default-features = false }
|
|
|
|
|
|
Smash the singular `Ciphersuite` trait into multiple
This helps identify where the various functionalities are used, or rather, not
used. The `Ciphersuite` trait present in `patches/ciphersuite`, facilitating
the entire FCMP++ tree, only requires the markers _and_ canonical point
decoding. I've opened a PR to upstream such a trait into `group`
(https://github.com/zkcrypto/group/pull/68).
`WrappedGroup` is still justified for as long as `Group::generator` exists.
Moving `::generator()` to its own trait, on an independent structure (upstream)
would be massively appreciated. @tarcieri also wanted to update from
`fn generator()` to `const GENERATOR`, which would encourage further discussion
on https://github.com/zkcrypto/group/issues/32 and
https://github.com/zkcrypto/group/issues/45, which have been stagnant.
The `Id` trait is occasionally used yet really should be first off the chopping
block.
Finally, `WithPreferredHash` is only actually used around a third of the time,
which more than justifies it being a separate trait.
---
Updates `dalek_ff_group::Scalar` to directly re-export
`curve25519_dalek::Scalar`, as without issue. `dalek_ff_group::RistrettoPoint`
also could be replaced with an export of `curve25519_dalek::RistrettoPoint`,
yet the coordinator relies on how we implemented `Hash` on it for the hell of
it so it isn't worth it at this time. `dalek_ff_group::EdwardsPoint` can't be
replaced for an re-export of `curve25519_dalek::SubgroupPoint` as it doesn't
implement `zeroize`, `subtle` traits within a released, non-yanked version.
Relevance to https://github.com/serai-dex/serai/issues/201 and
https://github.com/dalek-cryptography/curve25519-dalek/issues/811#issuecomment-3247732746.
Also updates the `Ristretto` ciphersuite to prefer `Blake2b-512` over
`SHA2-512`. In order to maintain compliance with FROST's IETF standard,
`modular-frost` defines its own ciphersuite for Ristretto which still uses
`SHA2-512`.
2025-09-03 12:25:37 -04:00
|
|
|
digest = { version = "0.11.0-rc.1", default-features = false }
|
2022-10-29 03:54:42 -05:00
|
|
|
|
2023-04-22 04:38:47 -04:00
|
|
|
ff = { version = "0.13", default-features = false, features = ["bits"] }
|
|
|
|
|
group = { version = "0.13", default-features = false }
|
2022-10-29 03:54:42 -05:00
|
|
|
|
2022-12-24 17:08:22 -05:00
|
|
|
[dev-dependencies]
|
2023-10-31 07:41:23 -04:00
|
|
|
hex = { version = "0.4", default-features = false, features = ["std"] }
|
2022-12-25 02:50:10 -05:00
|
|
|
|
2023-03-28 04:38:01 -04:00
|
|
|
ff-group-tests = { version = "0.13", path = "../ff-group-tests" }
|
2022-12-24 17:08:22 -05:00
|
|
|
|
2022-10-29 03:54:42 -05:00
|
|
|
[features]
|
2025-09-15 21:21:30 -04:00
|
|
|
alloc = ["zeroize/alloc", "digest/alloc", "ff/alloc"]
|
2023-10-31 07:41:23 -04:00
|
|
|
std = [
|
2025-08-28 21:56:28 -04:00
|
|
|
"alloc",
|
|
|
|
|
|
2023-10-31 07:41:23 -04:00
|
|
|
"std-shims/std",
|
|
|
|
|
|
|
|
|
|
"zeroize/std",
|
|
|
|
|
"subtle/std",
|
|
|
|
|
|
|
|
|
|
"ff/std",
|
|
|
|
|
]
|
2022-10-29 03:54:42 -05:00
|
|
|
|
|
|
|
|
default = ["std"]
|