absolutebi/serai
1
0
Fork 0
mirror of https://github.com/serai-dex/serai.git synced 2025-12-09 04:39:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

Use GroupEncoding instead of Curve's from_slice/to_bytes

Browse Source 
Increases usage of standardization while expanding dalek_ff_group.

Closes https://github.com/serai-dex/serai/issues/26 by moving 
dfg::EdwardsPoint to only be for the prime subgroup.
This commit is contained in:
Luke Parker
2022-06-28 01:25:26 -04:00
parent ac17645fc8
commit 3de7a76051
14 changed files with 141 additions and 178 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
coins/monero/src/frost.rs
View File

@@ -3,6 +3,8 @@ use core::convert::TryInto;
use thiserror::Error;
use rand_core::{RngCore, CryptoRng};
use group::GroupEncoding;
use curve25519_dalek::{
constants::ED25519_BASEPOINT_TABLE as DTable,
scalar::Scalar as DScalar,
@@ -10,7 +12,6 @@ use curve25519_dalek::{
};
use transcript::{Transcript, RecommendedTranscript};
use frost::curve::{Curve, Ed25519};
use dalek_ff_group as dfg;
use crate::random_scalar;
@@ -118,18 +119,26 @@ impl DLEqProof {
}
#[allow(non_snake_case)]
pub fn read_dleq(
pub(crate) fn read_dleq(
serialized: &[u8],
start: usize,
H: &DPoint,
l: u16,
xG: &DPoint
) -> Result<dfg::EdwardsPoint, MultisigError> {
// Not using G_from_slice here would enable non-canonical points and break blame
// This does also ban identity points, yet those should never be a concern
let other = <Ed25519 as Curve>::G_from_slice(
&serialized[(start + 0) .. (start + 32)]
).map_err(|_| MultisigError::InvalidDLEqProof(l))?;
if serialized.len() < start + 96 {
Err(MultisigError::InvalidDLEqProof(l))?;
}
let bytes = (&serialized[(start + 0) .. (start + 32)]).try_into().unwrap();
// dfg ensures the point is torsion free
let other = Option::<dfg::EdwardsPoint>::from(
dfg::EdwardsPoint::from_bytes(&bytes)).ok_or(MultisigError::InvalidDLEqProof(l)
)?;
// Ensure this is a canonical point
if other.to_bytes() != bytes {
Err(MultisigError::InvalidDLEqProof(l))?;
}
DLEqProof::deserialize(&serialized[(start + 32) .. (start + 96)])
.ok_or(MultisigError::InvalidDLEqProof(l))?

5
coins/monero/src/wallet/send/multisig.rs
View File

@@ -226,6 +226,11 @@ impl SignMachine<Transaction> for TransactionSignMachine {
// FROST commitments, image, H commitments, and their proofs
let clsag_len = 64 + ClsagMultisig::serialized_len();
for (l, commitments) in &commitments {
if commitments.len() != (self.clsags.len() * clsag_len) {
Err(FrostError::InvalidCommitment(*l))?;
}
}
// Convert the unified commitments to a Vec of the individual commitments
let mut commitments = (0 .. self.clsags.len()).map(|_| commitments.iter_mut().map(