Rename sign folder to crypto

Inspired by #3 and #5.
2025-12-08 20:29:23 +00:00 · 2022-05-03 00:46:50 -04:00
parent 9ccf683e9d
commit 87f38cafe4
15 changed files with 4 additions and 4 deletions
--- a/crypto/frost/tests/common.rs
+++ b/crypto/frost/tests/common.rs
@@ -0,0 +1,112 @@
+use core::convert::TryInto;
+
+use digest::Digest;
+use ff::PrimeField;
+use group::GroupEncoding;
+
+use sha2::{Sha256, Sha512};
+
+use k256::{
+  elliptic_curve::{generic_array::GenericArray, bigint::{ArrayEncoding, U512}, ops::Reduce},
+  Scalar,
+  ProjectivePoint
+};
+
+use frost::{CurveError, Curve, multiexp_vartime, algorithm::Hram};
+
+#[derive(Clone, Copy, PartialEq, Eq, Debug)]
+pub struct Secp256k1;
+impl Curve for Secp256k1 {
+  type F = Scalar;
+  type G = ProjectivePoint;
+  type T = ProjectivePoint;
+
+  fn id() -> String {
+    "secp256k1".to_string()
+  }
+
+  fn id_len() -> u8 {
+    Self::id().len() as u8
+  }
+
+  fn generator() -> Self::G {
+    Self::G::GENERATOR
+  }
+
+  fn generator_table() -> Self::T {
+    Self::G::GENERATOR
+  }
+
+  fn multiexp_vartime(scalars: &[Self::F], points: &[Self::G]) -> Self::G {
+    multiexp_vartime::<Secp256k1>(scalars, points)
+  }
+
+  // The IETF draft doesn't specify a secp256k1 ciphersuite
+  // This test just uses the simplest ciphersuite which would still be viable to deploy
+  fn hash_msg(msg: &[u8]) -> Vec<u8> {
+    (&Sha256::digest(msg)).to_vec()
+  }
+
+  // Use wide reduction for security
+  fn hash_to_F(data: &[u8]) -> Self::F {
+    Scalar::from_uint_reduced(
+      U512::from_be_byte_array(Sha512::new().chain_update("rho").chain_update(data).finalize())
+    )
+  }
+
+  fn F_len() -> usize {
+    32
+  }
+
+  fn G_len() -> usize {
+    33
+  }
+
+  fn F_from_le_slice(slice: &[u8]) -> Result<Self::F, CurveError> {
+    let mut bytes: [u8; 32] = slice.try_into().map_err(
+      |_| CurveError::InvalidLength(32, slice.len())
+    )?;
+    bytes.reverse();
+    let scalar = Scalar::from_repr(bytes.into());
+    if scalar.is_none().unwrap_u8() == 1 {
+      Err(CurveError::InvalidScalar)?;
+    }
+    Ok(scalar.unwrap())
+  }
+
+  fn G_from_slice(slice: &[u8]) -> Result<Self::G, CurveError> {
+    let point = ProjectivePoint::from_bytes(GenericArray::from_slice(slice));
+    if point.is_none().unwrap_u8() == 1 {
+      Err(CurveError::InvalidScalar)?;
+    }
+    Ok(point.unwrap())
+  }
+
+  fn F_to_le_bytes(f: &Self::F) -> Vec<u8> {
+    let mut res: [u8; 32] = f.to_bytes().into();
+    res.reverse();
+    res.to_vec()
+  }
+
+  fn G_to_bytes(g: &Self::G) -> Vec<u8> {
+    (&g.to_bytes()).to_vec()
+  }
+}
+
+#[allow(non_snake_case)]
+#[derive(Clone)]
+pub struct TestHram {}
+impl Hram<Secp256k1> for TestHram {
+  #[allow(non_snake_case)]
+  fn hram(R: &ProjectivePoint, A: &ProjectivePoint, m: &[u8]) -> Scalar {
+    Scalar::from_uint_reduced(
+      U512::from_be_byte_array(
+        Sha512::new()
+          .chain_update(Secp256k1::G_to_bytes(R))
+          .chain_update(Secp256k1::G_to_bytes(A))
+          .chain_update(m)
+          .finalize()
+      )
+    )
+  }
+}
--- a/crypto/frost/tests/key_gen_and_sign.rs
+++ b/crypto/frost/tests/key_gen_and_sign.rs
@@ -0,0 +1,144 @@
+use std::rc::Rc;
+
+use rand::{RngCore, rngs::OsRng};
+
+use digest::Digest;
+use sha2::Sha256;
+
+use frost::{
+  Curve,
+  MultisigParams, MultisigKeys,
+  key_gen,
+  algorithm::{Algorithm, Schnorr, SchnorrSignature},
+  sign::{StateMachine, AlgorithmMachine}
+};
+
+mod common;
+use common::{Secp256k1, TestHram};
+
+const PARTICIPANTS: usize = 8;
+
+fn sign<C: Curve, A: Algorithm<C, Signature = SchnorrSignature<C>>>(
+  algorithm: A,
+  keys: Vec<Rc<MultisigKeys<C>>>
+) {
+  let t = keys[0].params().t();
+  let mut machines = vec![];
+  let mut commitments = Vec::with_capacity(PARTICIPANTS + 1);
+  commitments.resize(PARTICIPANTS + 1, None);
+  for i in 1 ..= t {
+    machines.push(
+      AlgorithmMachine::new(
+        algorithm.clone(),
+        keys[i - 1].clone(),
+        &(1 ..= t).collect::<Vec<usize>>()
+      ).unwrap()
+    );
+    commitments[i] = Some(machines[i - 1].preprocess(&mut OsRng).unwrap());
+  }
+
+  let mut shares = Vec::with_capacity(PARTICIPANTS + 1);
+  shares.resize(PARTICIPANTS + 1, None);
+  for i in 1 ..= t {
+    shares[i] = Some(
+      machines[i - 1].sign(
+        &commitments
+          .iter()
+          .enumerate()
+          .map(|(idx, value)| if idx == i { None } else { value.to_owned() })
+          .collect::<Vec<Option<Vec<u8>>>>(),
+        b"Hello World"
+      ).unwrap()
+    );
+  }
+
+  let mut signature = None;
+  for i in 1 ..= t {
+    let sig = machines[i - 1].complete(
+      &shares
+        .iter()
+        .enumerate()
+        .map(|(idx, value)| if idx == i { None } else { value.to_owned() })
+        .collect::<Vec<Option<Vec<u8>>>>()
+    ).unwrap();
+    if signature.is_none() {
+      signature = Some(sig);
+    }
+    assert_eq!(sig, signature.unwrap());
+  }
+}
+
+#[test]
+fn key_gen_and_sign() {
+  let mut params = vec![];
+  let mut machines = vec![];
+  let mut commitments = vec![vec![]];
+  for i in 1 ..= PARTICIPANTS {
+    params.push(
+      MultisigParams::new(
+        ((PARTICIPANTS / 3) * 2) + 1,
+        PARTICIPANTS,
+        i
+      ).unwrap()
+    );
+    machines.push(
+      key_gen::StateMachine::<Secp256k1>::new(
+        params[i - 1],
+        "FF/Group Rust key_gen test".to_string()
+      )
+    );
+    commitments.push(machines[i - 1].generate_coefficients(&mut OsRng).unwrap());
+  }
+
+  let mut secret_shares = vec![];
+  for i in 1 ..= PARTICIPANTS {
+    secret_shares.push(
+      machines[i - 1].generate_secret_shares(
+        &mut OsRng,
+        commitments
+          .iter()
+          .enumerate()
+          .map(|(idx, commitments)| if idx == i { vec![] } else { commitments.to_vec() })
+          .collect()
+      ).unwrap()
+    );
+  }
+
+  let mut verification_shares = vec![];
+  let mut group_key = None;
+  let mut keys = vec![];
+  for i in 1 ..= PARTICIPANTS {
+    let mut our_secret_shares = vec![vec![]];
+    our_secret_shares.extend(
+      secret_shares.iter().map(|shares| shares[i].clone()).collect::<Vec<Vec<u8>>>()
+    );
+
+    let these_keys = machines[i - 1].complete(our_secret_shares).unwrap();
+    assert_eq!(
+      MultisigKeys::<Secp256k1>::deserialize(&these_keys.serialize()).unwrap(),
+      these_keys
+    );
+    keys.push(Rc::new(these_keys.clone()));
+
+    if verification_shares.len() == 0 {
+      verification_shares = these_keys.verification_shares();
+    }
+    assert_eq!(verification_shares, these_keys.verification_shares());
+
+    if group_key.is_none() {
+      group_key = Some(these_keys.group_key());
+    }
+    assert_eq!(group_key.unwrap(), these_keys.group_key());
+  }
+
+  sign(Schnorr::<Secp256k1, TestHram>::new(), keys.clone());
+
+  let mut randomization = [0; 64];
+  (&mut OsRng).fill_bytes(&mut randomization);
+  sign(
+    Schnorr::<Secp256k1, TestHram>::new(),
+    keys.iter().map(
+      |keys| Rc::new(keys.offset(Secp256k1::hash_to_F(&Sha256::digest(&randomization))))
+    ).collect()
+  );
+}