Create a dedicated crate for the DKG (#141)

* Add dkg crate * Remove F_len and G_len They're generally no longer used. * Replace hash_to_vec with a provided method around associated type H: Digest Part of trying to minimize this trait so it can be moved elsewhere. Vec, which isn't std, may have been a blocker. * Encrypt secret shares within the FROST library Reduces requirements on callers in order to be correct. * Update usage of Zeroize within FROST * Inline functions in key_gen There was no reason to have them separated as they were. sign probably has the same statement available, yet that isn't the focus right now. * Add a ciphersuite package which provides hash_to_F * Set the Ciphersuite version to something valid * Have ed448 export Scalar/FieldElement/Point at the top level * Move FROST over to Ciphersuite * Correct usage of ff in ciphersuite * Correct documentation handling * Move Schnorr signatures to their own crate * Remove unused feature from schnorr * Fix Schnorr tests * Split DKG into a separate crate * Add serialize to Commitments and SecretShare Helper for buf = vec![]; .write(buf).unwrap(); buf * Move FROST over to the new dkg crate * Update Monero lib to latest FROST * Correct ethereum's usage of features * Add serialize to GeneratorProof * Add serialize helper function to FROST * Rename AddendumSerialize to WriteAddendum * Update processor * Slight fix to processor
2025-12-08 12:19:24 +00:00 · 2022-10-29 03:54:42 -05:00
parent cbceaff678
commit 2379855b31
50 changed files with 2076 additions and 1601 deletions
--- a/crypto/frost/src/curve/ed448.rs
+++ b/crypto/frost/src/curve/ed448.rs
@@ -1,41 +1,17 @@
-use zeroize::Zeroize;
+use digest::Digest;

-use sha3::{digest::ExtendableOutput, Shake256};
+use group::GroupEncoding;

-use group::{Group, GroupEncoding};
-use minimal_ed448::{scalar::Scalar, point::Point};
+use minimal_ed448::{Scalar, Point};
+
+pub use ciphersuite::{Shake256_114, Ed448};

 use crate::{curve::Curve, algorithm::Hram};

 const CONTEXT: &[u8] = b"FROST-ED448-SHAKE256-v11";

-#[derive(Clone, Copy, PartialEq, Eq, Debug, Zeroize)]
-pub struct Ed448;
-impl Ed448 {
-  fn hash(prefix: &[u8], context: &[u8], dst: &[u8], data: &[u8]) -> [u8; 114] {
-    let mut res = [0; 114];
-    Shake256::digest_xof(&[prefix, context, dst, data].concat(), &mut res);
-    res
-  }
-}
-
 impl Curve for Ed448 {
-  type F = Scalar;
-  type G = Point;
-
-  const ID: &'static [u8] = b"ed448";
-
-  fn generator() -> Self::G {
-    Point::generator()
-  }
-
-  fn hash_to_vec(dst: &[u8], data: &[u8]) -> Vec<u8> {
-    Self::hash(b"", CONTEXT, dst, data).as_ref().to_vec()
-  }
-
-  fn hash_to_F(dst: &[u8], data: &[u8]) -> Self::F {
-    Scalar::wide_reduce(Self::hash(b"", CONTEXT, dst, data))
-  }
+  const CONTEXT: &'static [u8] = CONTEXT;
 }

 #[derive(Copy, Clone)]
@@ -43,12 +19,19 @@ pub struct Ietf8032Ed448Hram;
 impl Ietf8032Ed448Hram {
  #[allow(non_snake_case)]
  pub fn hram(context: &[u8], R: &Point, A: &Point, m: &[u8]) -> Scalar {
-    Scalar::wide_reduce(Ed448::hash(
-      &[b"SigEd448".as_ref(), &[0, u8::try_from(context.len()).unwrap()]].concat(),
-      context,
-      b"",
-      &[R.to_bytes().as_ref(), A.to_bytes().as_ref(), m].concat(),
-    ))
+    Scalar::wide_reduce(
+      Shake256_114::digest(
+        &[
+          &[b"SigEd448".as_ref(), &[0, u8::try_from(context.len()).unwrap()]].concat(),
+          context,
+          &[R.to_bytes().as_ref(), A.to_bytes().as_ref(), m].concat(),
+        ]
+        .concat(),
+      )
+      .as_ref()
+      .try_into()
+      .unwrap(),
+    )
  }
 }