absolutebi/serai
1
0
Fork 0
mirror of https://github.com/serai-dex/serai.git synced 2025-12-08 12:19:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update to FROST v11

Browse Source 
Ensures random functions never return zero. This, combined with a check 
commitments aren't 0, causes no serialized elements to be 0.

Also directly reads their vectors.
This commit is contained in:
Luke Parker
2022-10-13 00:38:36 -04:00
parent b334c96906
commit a0a54eb0de
19 changed files with 491 additions and 257 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
crypto/frost/src/sign.rs
View File

@@ -7,6 +7,7 @@ use std::{
use rand_core::{RngCore, CryptoRng};
use zeroize::{Zeroize, ZeroizeOnDrop};
use subtle::ConstantTimeEq;
use transcript::Transcript;
@@ -97,8 +98,6 @@ impl<C: Curve> Drop for PreprocessPackage<C> {
}
impl<C: Curve> ZeroizeOnDrop for PreprocessPackage<C> {}
// This library unifies the preprocessing step with signing due to security concerns and to provide
// a simpler UX
fn preprocess<R: RngCore + CryptoRng, C: Curve, A: Algorithm<C>>(
rng: &mut R,
params: &mut Params<C, A>,
@@ -202,14 +201,20 @@ fn sign_with_share<Re: Read, C: Curve, A: Algorithm<C>>(
// consistency. While this is suboptimal, it maintains IETF compliance, and Algorithm is
// documented accordingly
let transcript = |t: &mut A::Transcript, commitments: [C::G; 2]| {
if commitments[0].ct_eq(&C::G::identity()).into() ||
commitments[1].ct_eq(&C::G::identity()).into()
{
Err(FrostError::InvalidCommitment(*l))?;
}
t.append_message(b"commitment_D", commitments[0].to_bytes().as_ref());
t.append_message(b"commitment_E", commitments[1].to_bytes().as_ref());
Ok(())
};
if *l == params.keys.params().i {
for nonce_commitments in &our_preprocess.commitments {
for commitments in nonce_commitments {
transcript(params.algorithm.transcript(), *commitments);
transcript(params.algorithm.transcript(), *commitments).unwrap();
}
}
@@ -227,7 +232,7 @@ fn sign_with_share<Re: Read, C: Curve, A: Algorithm<C>>(
commitments.push(Vec::with_capacity(nonce_generators.len()));
for _ in 0 .. nonce_generators.len() {
commitments[n].push(read_D_E::<_, C>(&mut cursor, *l)?);
transcript(params.algorithm.transcript(), commitments[n][commitments[n].len() - 1]);
transcript(params.algorithm.transcript(), commitments[n][commitments[n].len() - 1])?;
}
if nonce_generators.len() >= 2 {