2023-04-10 06:05:17 -04:00
|
|
|
[package]
|
|
|
|
|
name = "frost-schnorrkel"
|
2025-08-18 04:55:27 -04:00
|
|
|
version = "0.2.0"
|
2023-04-10 06:05:17 -04:00
|
|
|
description = "modular-frost Algorithm compatible with Schnorrkel"
|
|
|
|
|
license = "MIT"
|
|
|
|
|
repository = "https://github.com/serai-dex/serai/tree/develop/crypto/schnorrkel"
|
|
|
|
|
authors = ["Luke Parker <lukeparker5132@gmail.com>"]
|
|
|
|
|
keywords = ["frost", "multisig", "threshold", "schnorrkel"]
|
|
|
|
|
edition = "2021"
|
Replace `Ciphersuite::hash_to_F`
The prior-present `Ciphersuite::hash_to_F` was a sin. Implementations took a
DST, yet were not require to securely handle it. It was also biased towards the
requirements of `modular-frost` as `ciphersuite` was originally written all
those years ago, when `modular-frost` had needs exceeding what `ff`, `group`
satisfied.
Now, the hash is bound to produce an output which can be converted to a scalar
with `ff::FromUniformBytes`. A new `hash_to_F`, which accepts a single argument
of the value to hash (removing the potential to insecurely handle the DST by
removing the DST entirely). Due to `digest` yielding a `GenericArray`, yet
`FromUniformBytes` taking a `const usize`, the `ciphersuite` crate now defines
a `FromUniformBytes` trait taking an array (then implemented for all satisfiers
of `ff::FromUniformBytes`). In order to get the array type from the
`GenericArray`, the output of the hash, `digest` is updated to the `0.11`
release candidate which moves to `flexible-array` which solves that problem.
The existing, specific `hash_to_F` functions have been moved to `modular-frost`
as necessary.
`flexible-array` itself is patched to a fork due to
https://github.com/RustCrypto/hybrid-array/issues/131.
2025-08-29 05:04:03 -04:00
|
|
|
rust-version = "1.85"
|
2023-04-10 06:05:17 -04:00
|
|
|
|
|
|
|
|
[package.metadata.docs.rs]
|
|
|
|
|
all-features = true
|
|
|
|
|
rustdoc-args = ["--cfg", "docsrs"]
|
|
|
|
|
|
2023-12-16 20:54:24 -05:00
|
|
|
[lints]
|
|
|
|
|
workspace = true
|
|
|
|
|
|
2023-04-10 06:05:17 -04:00
|
|
|
[dependencies]
|
|
|
|
|
rand_core = "0.6"
|
|
|
|
|
zeroize = "^1.5"
|
|
|
|
|
|
2023-08-08 18:30:19 -04:00
|
|
|
transcript = { package = "flexible-transcript", path = "../transcript", version = "^0.3.2", features = ["merlin"] }
|
2023-04-10 06:05:17 -04:00
|
|
|
|
|
|
|
|
group = "0.13"
|
|
|
|
|
|
2025-08-20 04:50:37 -04:00
|
|
|
ciphersuite = { path = "../ciphersuite", version = "^0.4.1", features = ["std"] }
|
2023-08-08 18:30:19 -04:00
|
|
|
schnorr = { package = "schnorr-signatures", path = "../schnorr", version = "^0.5.1" }
|
Smash the singular `Ciphersuite` trait into multiple
This helps identify where the various functionalities are used, or rather, not
used. The `Ciphersuite` trait present in `patches/ciphersuite`, facilitating
the entire FCMP++ tree, only requires the markers _and_ canonical point
decoding. I've opened a PR to upstream such a trait into `group`
(https://github.com/zkcrypto/group/pull/68).
`WrappedGroup` is still justified for as long as `Group::generator` exists.
Moving `::generator()` to its own trait, on an independent structure (upstream)
would be massively appreciated. @tarcieri also wanted to update from
`fn generator()` to `const GENERATOR`, which would encourage further discussion
on https://github.com/zkcrypto/group/issues/32 and
https://github.com/zkcrypto/group/issues/45, which have been stagnant.
The `Id` trait is occasionally used yet really should be first off the chopping
block.
Finally, `WithPreferredHash` is only actually used around a third of the time,
which more than justifies it being a separate trait.
---
Updates `dalek_ff_group::Scalar` to directly re-export
`curve25519_dalek::Scalar`, as without issue. `dalek_ff_group::RistrettoPoint`
also could be replaced with an export of `curve25519_dalek::RistrettoPoint`,
yet the coordinator relies on how we implemented `Hash` on it for the hell of
it so it isn't worth it at this time. `dalek_ff_group::EdwardsPoint` can't be
replaced for an re-export of `curve25519_dalek::SubgroupPoint` as it doesn't
implement `zeroize`, `subtle` traits within a released, non-yanked version.
Relevance to https://github.com/serai-dex/serai/issues/201 and
https://github.com/dalek-cryptography/curve25519-dalek/issues/811#issuecomment-3247732746.
Also updates the `Ristretto` ciphersuite to prefer `Blake2b-512` over
`SHA2-512`. In order to maintain compliance with FROST's IETF standard,
`modular-frost` defines its own ciphersuite for Ristretto which still uses
`SHA2-512`.
2025-09-03 12:25:37 -04:00
|
|
|
frost = { path = "../frost", package = "modular-frost", version = "0.11.0", features = ["ristretto"] }
|
2023-04-10 06:05:17 -04:00
|
|
|
|
2023-09-12 08:42:55 -04:00
|
|
|
schnorrkel = { version = "0.11" }
|
2023-04-10 06:05:17 -04:00
|
|
|
|
|
|
|
|
[dev-dependencies]
|
|
|
|
|
frost = { path = "../frost", package = "modular-frost", features = ["tests"] }
|