Begin crate smashing

coins/monero/generators/Cargo.toml

@@ -1,7 +1,7 @@
 [package]
 name = "monero-generators"
 version = "0.4.0"
-description = "Monero's hash_to_point and generators"
+description = "Monero's hash to point function and generators"
 license = "MIT"
 repository = "https://github.com/serai-dex/serai/tree/develop/coins/monero/generators"
 authors = ["Luke Parker <lukeparker5132@gmail.com>"]
@@ -20,15 +20,28 @@ std-shims = { path = "../../../common/std-shims", version = "^0.1.1", default-fe
 subtle = { version = "^2.4", default-features = false }
 
 sha3 = { version = "0.10", default-features = false }
-
-curve25519-dalek = { version = "4", default-features = false, features = ["alloc", "zeroize", "precomputed-tables"] }
+curve25519-dalek = { version = "4", default-features = false, features = ["alloc", "zeroize"] }
 
 group = { version = "0.13", default-features = false }
 dalek-ff-group = { path = "../../../crypto/dalek-ff-group", version = "0.4", default-features = false }
 
+monero-io = { path = "../io", version = "0.1", default-features = false }
+
 [dev-dependencies]
 hex = "0.4"
 
 [features]
-std = ["std-shims/std", "subtle/std", "sha3/std", "dalek-ff-group/std"]
+std = [
+  "std-shims/std",
+
+  "subtle/std",
+
+  "sha3/std",
+  "curve25519-dalek/precomputed-tables",
+
+  "group/alloc",
+  "dalek-ff-group/std",
+
+  "monero-io/std"
+]
 default = ["std"]

coins/monero/generators/LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2022-2023 Luke Parker
+Copyright (c) 2022-2024 Luke Parker
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

coins/monero/generators/README.md

@@ -1,7 +1,8 @@
 # Monero Generators
 
 Generators used by Monero in both its Pedersen commitments and Bulletproofs(+).
-An implementation of Monero's `ge_fromfe_frombytes_vartime`, simply called
-`hash_to_point` here, is included, as needed to generate generators.
+An implementation of Monero's `hash_to_ec` is included, as needed to generate
+the generators.
 
-This library is usable under no-std when the `std` feature is disabled.
+This library is usable under no-std when the `std` feature (on by default) is
+disabled.

coins/monero/generators/src/hash_to_point.rs

@@ -1,27 +1,20 @@
 use subtle::ConditionallySelectable;
 
-use curve25519_dalek::edwards::{EdwardsPoint, CompressedEdwardsY};
+use curve25519_dalek::edwards::EdwardsPoint;
 
 use group::ff::{Field, PrimeField};
 use dalek_ff_group::FieldElement;
 
-use crate::hash;
+use monero_io::decompress_point;
 
-/// Decompress canonically encoded ed25519 point
-/// It does not check if the point is in the prime order subgroup
-pub fn decompress_point(bytes: [u8; 32]) -> Option<EdwardsPoint> {
-  CompressedEdwardsY(bytes)
-    .decompress()
-    // Ban points which are either unreduced or -0
-    .filter(|point| point.compress().to_bytes() == bytes)
-}
+use crate::keccak256;
 
 /// Monero's hash to point function, as named `hash_to_ec`.
 pub fn hash_to_point(bytes: [u8; 32]) -> EdwardsPoint {
   #[allow(non_snake_case)]
   let A = FieldElement::from(486662u64);
 
-  let v = FieldElement::from_square(hash(&bytes)).double();
+  let v = FieldElement::from_square(keccak256(&bytes)).double();
   let w = v + FieldElement::ONE;
   let x = w.square() + (-A.square() * v);
 

coins/monero/generators/src/lib.rs

@@ -1,8 +1,5 @@
-//! Generators used by Monero in both its Pedersen commitments and Bulletproofs(+).
-//!
-//! An implementation of Monero's `ge_fromfe_frombytes_vartime`, simply called
-//! `hash_to_point` here, is included, as needed to generate generators.
-
+#![cfg_attr(docsrs, feature(doc_auto_cfg))]
+#![doc = include_str!("../README.md")]
 #![cfg_attr(not(feature = "std"), no_std)]
 
 use std_shims::{sync::OnceLock, vec::Vec};
@@ -14,16 +11,15 @@ use curve25519_dalek::edwards::{EdwardsPoint as DalekPoint};
 use group::{Group, GroupEncoding};
 use dalek_ff_group::EdwardsPoint;
 
-mod varint;
-use varint::write_varint;
+use monero_io::{write_varint, decompress_point};
 
 mod hash_to_point;
-pub use hash_to_point::{hash_to_point, decompress_point};
+pub use hash_to_point::hash_to_point;
 
 #[cfg(test)]
 mod tests;
 
-fn hash(data: &[u8]) -> [u8; 32] {
+fn keccak256(data: &[u8]) -> [u8; 32] {
   Keccak256::digest(data).into()
 }
 
@@ -32,7 +28,7 @@ static H_CELL: OnceLock<DalekPoint> = OnceLock::new();
 #[allow(non_snake_case)]
 pub fn H() -> DalekPoint {
   *H_CELL.get_or_init(|| {
-    decompress_point(hash(&EdwardsPoint::generator().to_bytes())).unwrap().mul_by_cofactor()
+    decompress_point(keccak256(&EdwardsPoint::generator().to_bytes())).unwrap().mul_by_cofactor()
   })
 }
 
@@ -70,10 +66,10 @@ pub fn bulletproofs_generators(dst: &'static [u8]) -> Generators {
     even.extend(dst);
     let mut odd = even.clone();
 
-    write_varint(&i.try_into().unwrap(), &mut even).unwrap();
-    write_varint(&(i + 1).try_into().unwrap(), &mut odd).unwrap();
-    res.H.push(EdwardsPoint(hash_to_point(hash(&even))));
-    res.G.push(EdwardsPoint(hash_to_point(hash(&odd))));
+    write_varint::<Vec<u8>, u64>(&i.try_into().unwrap(), &mut even).unwrap();
+    write_varint::<Vec<u8>, u64>(&(i + 1).try_into().unwrap(), &mut odd).unwrap();
+    res.H.push(EdwardsPoint(hash_to_point(keccak256(&even))));
+    res.G.push(EdwardsPoint(hash_to_point(keccak256(&odd))));
   }
   res
 }

coins/monero/generators/src/varint.rs

@@ -1,16 +0,0 @@
-use std_shims::io::{self, Write};
-
-const VARINT_CONTINUATION_MASK: u8 = 0b1000_0000;
-pub(crate) fn write_varint<W: Write>(varint: &u64, w: &mut W) -> io::Result<()> {
-  let mut varint = *varint;
-  while {
-    let mut b = u8::try_from(varint & u64::from(!VARINT_CONTINUATION_MASK)).unwrap();
-    varint >>= 7;
-    if varint != 0 {
-      b |= VARINT_CONTINUATION_MASK;
-    }
-    w.write_all(&[b])?;
-    varint != 0
-  } {}
-  Ok(())
-}