Smash the singular Ciphersuite trait into multiple

This helps identify where the various functionalities are used, or rather, not used. The `Ciphersuite` trait present in `patches/ciphersuite`, facilitating the entire FCMP++ tree, only requires the markers _and_ canonical point decoding. I've opened a PR to upstream such a trait into `group` (https://github.com/zkcrypto/group/pull/68). `WrappedGroup` is still justified for as long as `Group::generator` exists. Moving `::generator()` to its own trait, on an independent structure (upstream) would be massively appreciated. @tarcieri also wanted to update from `fn generator()` to `const GENERATOR`, which would encourage further discussion on https://github.com/zkcrypto/group/issues/32 and https://github.com/zkcrypto/group/issues/45, which have been stagnant. The `Id` trait is occasionally used yet really should be first off the chopping block. Finally, `WithPreferredHash` is only actually used around a third of the time, which more than justifies it being a separate trait. --- Updates `dalek_ff_group::Scalar` to directly re-export `curve25519_dalek::Scalar`, as without issue. `dalek_ff_group::RistrettoPoint` also could be replaced with an export of `curve25519_dalek::RistrettoPoint`, yet the coordinator relies on how we implemented `Hash` on it for the hell of it so it isn't worth it at this time. `dalek_ff_group::EdwardsPoint` can't be replaced for an re-export of `curve25519_dalek::SubgroupPoint` as it doesn't implement `zeroize`, `subtle` traits within a released, non-yanked version. Relevance to https://github.com/serai-dex/serai/issues/201 and https://github.com/dalek-cryptography/curve25519-dalek/issues/811#issuecomment-3247732746. Also updates the `Ristretto` ciphersuite to prefer `Blake2b-512` over `SHA2-512`. In order to maintain compliance with FROST's IETF standard, `modular-frost` defines its own ciphersuite for Ristretto which still uses `SHA2-512`.
2025-12-08 20:29:23 +00:00 · 2025-09-03 12:25:37 -04:00
parent 215e41fdb6
commit a141deaf36
124 changed files with 1003 additions and 1211 deletions
--- a/coordinator/tributary-sdk/src/blockchain.rs
+++ b/coordinator/tributary-sdk/src/blockchain.rs
@@ -1,7 +1,7 @@
 use std::collections::{VecDeque, HashSet};

 use dalek_ff_group::Ristretto;
-use ciphersuite::{group::GroupEncoding, Ciphersuite};
+use ciphersuite::{group::GroupEncoding, *};

 use serai_db::{Get, DbTxn, Db};

@@ -21,7 +21,7 @@ pub(crate) struct Blockchain<D: Db, T: TransactionTrait> {

  block_number: u64,
  tip: [u8; 32],
-  participants: HashSet<<Ristretto as Ciphersuite>::G>,
+  participants: HashSet<<Ristretto as WrappedGroup>::G>,

  provided: ProvidedTransactions<D, T>,
  mempool: Mempool<D, T>,
@@ -56,7 +56,7 @@ impl<D: Db, T: TransactionTrait> Blockchain<D, T> {
  }
  fn next_nonce_key(
    genesis: &[u8; 32],
-    signer: &<Ristretto as Ciphersuite>::G,
+    signer: &<Ristretto as WrappedGroup>::G,
    order: &[u8],
  ) -> Vec<u8> {
    D::key(
@@ -69,7 +69,7 @@ impl<D: Db, T: TransactionTrait> Blockchain<D, T> {
  pub(crate) fn new(
    db: D,
    genesis: [u8; 32],
-    participants: &[<Ristretto as Ciphersuite>::G],
+    participants: &[<Ristretto as WrappedGroup>::G],
  ) -> Self {
    let mut res = Self {
      db: Some(db.clone()),
@@ -196,7 +196,7 @@ impl<D: Db, T: TransactionTrait> Blockchain<D, T> {

  pub(crate) fn next_nonce(
    &self,
-    signer: &<Ristretto as Ciphersuite>::G,
+    signer: &<Ristretto as WrappedGroup>::G,
    order: &[u8],
  ) -> Option<u32> {
    if let Some(next_nonce) = self.mempool.next_nonce_in_mempool(signer, order.to_vec()) {
--- a/coordinator/tributary-sdk/src/lib.rs
+++ b/coordinator/tributary-sdk/src/lib.rs
@@ -3,7 +3,7 @@ use std::{sync::Arc, io};

 use zeroize::Zeroizing;

-use ciphersuite::Ciphersuite;
+use ciphersuite::*;
 use dalek_ff_group::Ristretto;

 use scale::Decode;
@@ -162,8 +162,8 @@ impl<D: Db, T: TransactionTrait, P: P2p> Tributary<D, T, P> {
    db: D,
    genesis: [u8; 32],
    start_time: u64,
-    key: Zeroizing<<Ristretto as Ciphersuite>::F>,
-    validators: Vec<(<Ristretto as Ciphersuite>::G, u64)>,
+    key: Zeroizing<<Ristretto as WrappedGroup>::F>,
+    validators: Vec<(<Ristretto as WrappedGroup>::G, u64)>,
    p2p: P,
  ) -> Option<Self> {
    log::info!("new Tributary with genesis {}", hex::encode(genesis));
@@ -235,7 +235,7 @@ impl<D: Db, T: TransactionTrait, P: P2p> Tributary<D, T, P> {

  pub async fn next_nonce(
    &self,
-    signer: &<Ristretto as Ciphersuite>::G,
+    signer: &<Ristretto as WrappedGroup>::G,
    order: &[u8],
  ) -> Option<u32> {
    self.network.blockchain.read().await.next_nonce(signer, order)
--- a/coordinator/tributary-sdk/src/mempool.rs
+++ b/coordinator/tributary-sdk/src/mempool.rs
@@ -1,7 +1,7 @@
 use std::collections::HashMap;

 use dalek_ff_group::Ristretto;
-use ciphersuite::Ciphersuite;
+use ciphersuite::*;

 use serai_db::{DbTxn, Db};

@@ -21,9 +21,9 @@ pub(crate) struct Mempool<D: Db, T: TransactionTrait> {
  db: D,
  genesis: [u8; 32],

-  last_nonce_in_mempool: HashMap<(<Ristretto as Ciphersuite>::G, Vec<u8>), u32>,
+  last_nonce_in_mempool: HashMap<(<Ristretto as WrappedGroup>::G, Vec<u8>), u32>,
  txs: HashMap<[u8; 32], Transaction<T>>,
-  txs_per_signer: HashMap<<Ristretto as Ciphersuite>::G, u32>,
+  txs_per_signer: HashMap<<Ristretto as WrappedGroup>::G, u32>,
 }

 impl<D: Db, T: TransactionTrait> Mempool<D, T> {
@@ -107,7 +107,7 @@ impl<D: Db, T: TransactionTrait> Mempool<D, T> {
  // Returns Ok(true) if new, Ok(false) if an already present unsigned, or the error.
  pub(crate) fn add<
    N: Network,
-    F: FnOnce(<Ristretto as Ciphersuite>::G, Vec<u8>) -> Option<u32>,
+    F: FnOnce(<Ristretto as WrappedGroup>::G, Vec<u8>) -> Option<u32>,
  >(
    &mut self,
    blockchain_next_nonce: F,
@@ -179,7 +179,7 @@ impl<D: Db, T: TransactionTrait> Mempool<D, T> {
  // Returns None if the mempool doesn't have a nonce tracked.
  pub(crate) fn next_nonce_in_mempool(
    &self,
-    signer: &<Ristretto as Ciphersuite>::G,
+    signer: &<Ristretto as WrappedGroup>::G,
    order: Vec<u8>,
  ) -> Option<u32> {
    self.last_nonce_in_mempool.get(&(*signer, order)).copied().map(|nonce| nonce + 1)
--- a/coordinator/tributary-sdk/src/tendermint/mod.rs
+++ b/coordinator/tributary-sdk/src/tendermint/mod.rs
@@ -10,11 +10,8 @@ use rand_chacha::ChaCha12Rng;
 use transcript::{Transcript, RecommendedTranscript};

 use ciphersuite::{
-  group::{
-    GroupEncoding,
-    ff::{Field, PrimeField},
-  },
-  Ciphersuite,
+  group::{ff::PrimeField, GroupEncoding},
+  *,
 };
 use dalek_ff_group::Ristretto;
 use schnorr::{
@@ -51,24 +48,26 @@ fn challenge(
  key: [u8; 32],
  nonce: &[u8],
  msg: &[u8],
-) -> <Ristretto as Ciphersuite>::F {
+) -> <Ristretto as WrappedGroup>::F {
  let mut transcript = RecommendedTranscript::new(b"Tributary Chain Tendermint Message");
  transcript.append_message(b"genesis", genesis);
  transcript.append_message(b"key", key);
  transcript.append_message(b"nonce", nonce);
  transcript.append_message(b"message", msg);

-  <Ristretto as Ciphersuite>::F::from_bytes_mod_order_wide(&transcript.challenge(b"schnorr").into())
+  <Ristretto as WrappedGroup>::F::from_bytes_mod_order_wide(
+    &transcript.challenge(b"schnorr").into(),
+  )
 }

 #[derive(Clone, PartialEq, Eq, Debug)]
 pub struct Signer {
  genesis: [u8; 32],
-  key: Zeroizing<<Ristretto as Ciphersuite>::F>,
+  key: Zeroizing<<Ristretto as WrappedGroup>::F>,
 }

 impl Signer {
-  pub(crate) fn new(genesis: [u8; 32], key: Zeroizing<<Ristretto as Ciphersuite>::F>) -> Signer {
+  pub(crate) fn new(genesis: [u8; 32], key: Zeroizing<<Ristretto as WrappedGroup>::F>) -> Signer {
    Signer { genesis, key }
  }
 }
@@ -101,10 +100,10 @@ impl SignerTrait for Signer {
      assert_eq!(nonce_ref, [0; 64].as_ref());

      let nonce =
-        Zeroizing::new(<Ristretto as Ciphersuite>::F::from_bytes_mod_order_wide(&nonce_arr));
+        Zeroizing::new(<Ristretto as WrappedGroup>::F::from_bytes_mod_order_wide(&nonce_arr));
      nonce_arr.zeroize();

-      assert!(!bool::from(nonce.ct_eq(&<Ristretto as Ciphersuite>::F::ZERO)));
+      assert!(!bool::from(nonce.ct_eq(&<Ristretto as WrappedGroup>::F::ZERO)));

      let challenge = challenge(
        self.genesis,
@@ -133,7 +132,7 @@ pub struct Validators {
 impl Validators {
  pub(crate) fn new(
    genesis: [u8; 32],
-    validators: Vec<(<Ristretto as Ciphersuite>::G, u64)>,
+    validators: Vec<(<Ristretto as WrappedGroup>::G, u64)>,
  ) -> Option<Validators> {
    let mut total_weight = 0;
    let mut weights = HashMap::new();
@@ -220,7 +219,7 @@ impl SignatureScheme for Validators {
      signers
        .iter()
        .zip(challenges)
-        .map(|(s, c)| (<Ristretto as Ciphersuite>::read_G(&mut s.as_slice()).unwrap(), c))
+        .map(|(s, c)| (<Ristretto as GroupIo>::read_G(&mut s.as_slice()).unwrap(), c))
        .collect::<Vec<_>>()
        .as_slice(),
    )
--- a/coordinator/tributary-sdk/src/tendermint/tx.rs
+++ b/coordinator/tributary-sdk/src/tendermint/tx.rs
@@ -5,7 +5,7 @@ use scale::{Encode, Decode, IoReader};
 use blake2::{Digest, Blake2s256};

 use dalek_ff_group::Ristretto;
-use ciphersuite::Ciphersuite;
+use ciphersuite::*;

 use crate::{
  transaction::{Transaction, TransactionKind, TransactionError},
@@ -50,7 +50,7 @@ impl Transaction for TendermintTx {
    Blake2s256::digest(self.serialize()).into()
  }

-  fn sig_hash(&self, _genesis: [u8; 32]) -> <Ristretto as Ciphersuite>::F {
+  fn sig_hash(&self, _genesis: [u8; 32]) -> <Ristretto as WrappedGroup>::F {
    match self {
      TendermintTx::SlashEvidence(_) => panic!("sig_hash called on slash evidence transaction"),
    }
--- a/coordinator/tributary-sdk/src/tests/block.rs
+++ b/coordinator/tributary-sdk/src/tests/block.rs
@@ -3,10 +3,7 @@ use std::{sync::Arc, io, collections::HashMap, fmt::Debug};
 use blake2::{Digest, Blake2s256};

 use dalek_ff_group::Ristretto;
-use ciphersuite::{
-  group::{ff::Field, Group},
-  Ciphersuite,
-};
+use ciphersuite::{group::Group, *};
 use schnorr::SchnorrSignature;

 use serai_db::MemDb;
@@ -32,11 +29,11 @@ impl NonceTransaction {
      nonce,
      distinguisher,
      Signed {
-        signer: <Ristretto as Ciphersuite>::G::identity(),
+        signer: <Ristretto as WrappedGroup>::G::identity(),
        nonce,
        signature: SchnorrSignature::<Ristretto> {
-          R: <Ristretto as Ciphersuite>::G::identity(),
-          s: <Ristretto as Ciphersuite>::F::ZERO,
+          R: <Ristretto as WrappedGroup>::G::identity(),
+          s: <Ristretto as WrappedGroup>::F::ZERO,
        },
      },
    )
--- a/coordinator/tributary-sdk/src/tests/blockchain.rs
+++ b/coordinator/tributary-sdk/src/tests/blockchain.rs
@@ -11,7 +11,7 @@ use rand::rngs::OsRng;
 use blake2::{Digest, Blake2s256};

 use dalek_ff_group::Ristretto;
-use ciphersuite::{group::ff::Field, Ciphersuite};
+use ciphersuite::*;

 use serai_db::{DbTxn, Db, MemDb};

@@ -31,7 +31,7 @@ type N = TendermintNetwork<MemDb, SignedTransaction, DummyP2p>;

 fn new_blockchain<T: TransactionTrait>(
  genesis: [u8; 32],
-  participants: &[<Ristretto as Ciphersuite>::G],
+  participants: &[<Ristretto as WrappedGroup>::G],
 ) -> (MemDb, Blockchain<MemDb, T>) {
  let db = MemDb::new();
  let blockchain = Blockchain::new(db.clone(), genesis, participants);
@@ -82,7 +82,7 @@ fn invalid_block() {
    assert!(blockchain.verify_block::<N>(&block, &validators, false).is_err());
  }

-  let key = Zeroizing::new(<Ristretto as Ciphersuite>::F::random(&mut OsRng));
+  let key = Zeroizing::new(<Ristretto as WrappedGroup>::F::random(&mut OsRng));
  let tx = crate::tests::signed_transaction(&mut OsRng, genesis, &key, 0);

  // Not a participant
@@ -134,7 +134,7 @@ fn invalid_block() {
    blockchain.verify_block::<N>(&block, &validators, false).unwrap();
    match &mut block.transactions[0] {
      Transaction::Application(tx) => {
-        tx.1.signature.s += <Ristretto as Ciphersuite>::F::ONE;
+        tx.1.signature.s += <Ristretto as WrappedGroup>::F::ONE;
      }
      _ => panic!("non-signed tx found"),
    }
@@ -150,7 +150,7 @@ fn invalid_block() {
 fn signed_transaction() {
  let genesis = new_genesis();
  let validators = Arc::new(Validators::new(genesis, vec![]).unwrap());
-  let key = Zeroizing::new(<Ristretto as Ciphersuite>::F::random(&mut OsRng));
+  let key = Zeroizing::new(<Ristretto as WrappedGroup>::F::random(&mut OsRng));
  let tx = crate::tests::signed_transaction(&mut OsRng, genesis, &key, 0);
  let signer = tx.1.signer;

@@ -339,7 +339,7 @@ fn provided_transaction() {
 #[tokio::test]
 async fn tendermint_evidence_tx() {
  let genesis = new_genesis();
-  let key = Zeroizing::new(<Ristretto as Ciphersuite>::F::random(&mut OsRng));
+  let key = Zeroizing::new(<Ristretto as WrappedGroup>::F::random(&mut OsRng));
  let signer = Signer::new(genesis, key.clone());
  let signer_id = Ristretto::generator() * key.deref();
  let validators = Arc::new(Validators::new(genesis, vec![(signer_id, 1)]).unwrap());
@@ -379,7 +379,7 @@ async fn tendermint_evidence_tx() {
  let mut mempool: Vec<Transaction<SignedTransaction>> = vec![];
  let mut signers = vec![];
  for _ in 0 .. 5 {
-    let key = Zeroizing::new(<Ristretto as Ciphersuite>::F::random(&mut OsRng));
+    let key = Zeroizing::new(<Ristretto as WrappedGroup>::F::random(&mut OsRng));
    let signer = Signer::new(genesis, key.clone());
    let signer_id = Ristretto::generator() * key.deref();
    signers.push((signer_id, 1));
@@ -446,7 +446,7 @@ async fn block_tx_ordering() {
  }

  let genesis = new_genesis();
-  let key = Zeroizing::new(<Ristretto as Ciphersuite>::F::random(&mut OsRng));
+  let key = Zeroizing::new(<Ristretto as WrappedGroup>::F::random(&mut OsRng));

  // signer
  let signer = crate::tests::signed_transaction(&mut OsRng, genesis, &key, 0).1.signer;
--- a/coordinator/tributary-sdk/src/tests/mempool.rs
+++ b/coordinator/tributary-sdk/src/tests/mempool.rs
@@ -4,7 +4,7 @@ use zeroize::Zeroizing;
 use rand::{RngCore, rngs::OsRng};

 use dalek_ff_group::Ristretto;
-use ciphersuite::{group::ff::Field, Ciphersuite};
+use ciphersuite::*;

 use tendermint::ext::Commit;

@@ -33,7 +33,7 @@ async fn mempool_addition() {
    Some(Commit::<Arc<Validators>> { end_time: 0, validators: vec![], signature: vec![] })
  };
  let unsigned_in_chain = |_: [u8; 32]| false;
-  let key = Zeroizing::new(<Ristretto as Ciphersuite>::F::random(&mut OsRng));
+  let key = Zeroizing::new(<Ristretto as WrappedGroup>::F::random(&mut OsRng));

  let first_tx = signed_transaction(&mut OsRng, genesis, &key, 0);
  let signer = first_tx.1.signer;
@@ -125,7 +125,7 @@ async fn mempool_addition() {

  // If the mempool doesn't have a nonce for an account, it should successfully use the
  // blockchain's
-  let second_key = Zeroizing::new(<Ristretto as Ciphersuite>::F::random(&mut OsRng));
+  let second_key = Zeroizing::new(<Ristretto as WrappedGroup>::F::random(&mut OsRng));
  let tx = signed_transaction(&mut OsRng, genesis, &second_key, 2);
  let second_signer = tx.1.signer;
  assert_eq!(mempool.next_nonce_in_mempool(&second_signer, vec![]), None);
@@ -165,7 +165,7 @@ fn too_many_mempool() {
    Some(Commit::<Arc<Validators>> { end_time: 0, validators: vec![], signature: vec![] })
  };
  let unsigned_in_chain = |_: [u8; 32]| false;
-  let key = Zeroizing::new(<Ristretto as Ciphersuite>::F::random(&mut OsRng));
+  let key = Zeroizing::new(<Ristretto as WrappedGroup>::F::random(&mut OsRng));

  // We should be able to add transactions up to the limit
  for i in 0 .. ACCOUNT_MEMPOOL_LIMIT {
--- a/coordinator/tributary-sdk/src/tests/transaction/mod.rs
+++ b/coordinator/tributary-sdk/src/tests/transaction/mod.rs
@@ -7,10 +7,7 @@ use rand::{RngCore, CryptoRng, rngs::OsRng};
 use blake2::{Digest, Blake2s256};

 use dalek_ff_group::Ristretto;
-use ciphersuite::{
-  group::{ff::Field, Group},
-  Ciphersuite,
-};
+use ciphersuite::{group::Group, *};
 use schnorr::SchnorrSignature;

 use scale::Encode;
@@ -34,11 +31,11 @@ mod tendermint;

 pub fn random_signed<R: RngCore + CryptoRng>(rng: &mut R) -> Signed {
  Signed {
-    signer: <Ristretto as Ciphersuite>::G::random(&mut *rng),
+    signer: <Ristretto as WrappedGroup>::G::random(&mut *rng),
    nonce: u32::try_from(rng.next_u64() >> 32 >> 1).unwrap(),
    signature: SchnorrSignature::<Ristretto> {
-      R: <Ristretto as Ciphersuite>::G::random(&mut *rng),
-      s: <Ristretto as Ciphersuite>::F::random(rng),
+      R: <Ristretto as WrappedGroup>::G::random(&mut *rng),
+      s: <Ristretto as WrappedGroup>::F::random(rng),
    },
  }
 }
@@ -137,18 +134,18 @@ impl Transaction for SignedTransaction {
 pub fn signed_transaction<R: RngCore + CryptoRng>(
  rng: &mut R,
  genesis: [u8; 32],
-  key: &Zeroizing<<Ristretto as Ciphersuite>::F>,
+  key: &Zeroizing<<Ristretto as WrappedGroup>::F>,
  nonce: u32,
 ) -> SignedTransaction {
  let mut data = vec![0; 512];
  rng.fill_bytes(&mut data);

-  let signer = <Ristretto as Ciphersuite>::generator() * **key;
+  let signer = <Ristretto as WrappedGroup>::generator() * **key;

  let mut tx =
    SignedTransaction(data, Signed { signer, nonce, signature: random_signed(rng).signature });

-  let sig_nonce = Zeroizing::new(<Ristretto as Ciphersuite>::F::random(rng));
+  let sig_nonce = Zeroizing::new(<Ristretto as WrappedGroup>::F::random(rng));
  tx.1.signature.R = Ristretto::generator() * sig_nonce.deref();
  tx.1.signature = SchnorrSignature::sign(key, sig_nonce, tx.sig_hash(genesis));

@@ -163,7 +160,7 @@ pub fn random_signed_transaction<R: RngCore + CryptoRng>(
  let mut genesis = [0; 32];
  rng.fill_bytes(&mut genesis);

-  let key = Zeroizing::new(<Ristretto as Ciphersuite>::F::random(&mut *rng));
+  let key = Zeroizing::new(<Ristretto as WrappedGroup>::F::random(&mut *rng));
  // Shift over an additional bit to ensure it won't overflow when incremented
  let nonce = u32::try_from(rng.next_u64() >> 32 >> 1).unwrap();

@@ -180,12 +177,11 @@ pub async fn tendermint_meta() -> ([u8; 32], Signer, [u8; 32], Arc<Validators>)
  // signer
  let genesis = new_genesis();
  let signer =
-    Signer::new(genesis, Zeroizing::new(<Ristretto as Ciphersuite>::F::random(&mut OsRng)));
+    Signer::new(genesis, Zeroizing::new(<Ristretto as WrappedGroup>::F::random(&mut OsRng)));
  let validator_id = signer.validator_id().await.unwrap();

  // schema
-  let signer_pub =
-    <Ristretto as Ciphersuite>::read_G::<&[u8]>(&mut validator_id.as_slice()).unwrap();
+  let signer_pub = <Ristretto as GroupIo>::read_G::<&[u8]>(&mut validator_id.as_slice()).unwrap();
  let validators = Arc::new(Validators::new(genesis, vec![(signer_pub, 1)]).unwrap());

  (genesis, signer, validator_id, validators)
--- a/coordinator/tributary-sdk/src/tests/transaction/signed.rs
+++ b/coordinator/tributary-sdk/src/tests/transaction/signed.rs
@@ -3,7 +3,7 @@ use rand::rngs::OsRng;
 use blake2::{Digest, Blake2s256};

 use dalek_ff_group::Ristretto;
-use ciphersuite::{group::ff::Field, Ciphersuite};
+use ciphersuite::*;

 use crate::{
  ReadWrite,
@@ -69,7 +69,7 @@ fn signed_transaction() {
  }
  {
    let mut tx = tx.clone();
-    tx.1.signature.s += <Ristretto as Ciphersuite>::F::ONE;
+    tx.1.signature.s += <Ristretto as WrappedGroup>::F::ONE;
    assert!(verify_transaction(&tx, genesis, &mut |_, _| Some(tx.1.nonce)).is_err());
  }

--- a/coordinator/tributary-sdk/src/tests/transaction/tendermint.rs
+++ b/coordinator/tributary-sdk/src/tests/transaction/tendermint.rs
@@ -4,7 +4,7 @@ use zeroize::Zeroizing;
 use rand::{RngCore, rngs::OsRng};

 use dalek_ff_group::Ristretto;
-use ciphersuite::{Ciphersuite, group::ff::Field};
+use ciphersuite::*;

 use scale::Encode;

@@ -261,7 +261,7 @@ async fn conflicting_msgs_evidence_tx() {
    let signed_1 = signed_for_b_r(0, 0, Data::Proposal(None, TendermintBlock(vec![0x11]))).await;

    let signer_2 =
-      Signer::new(genesis, Zeroizing::new(<Ristretto as Ciphersuite>::F::random(&mut OsRng)));
+      Signer::new(genesis, Zeroizing::new(<Ristretto as WrappedGroup>::F::random(&mut OsRng)));
    let signed_id_2 = signer_2.validator_id().await.unwrap();
    let signed_2 = signed_from_data::<N>(
      signer_2.into(),
@@ -278,10 +278,9 @@ async fn conflicting_msgs_evidence_tx() {
    ));

    // update schema so that we don't fail due to invalid signature
-    let signer_pub =
-      <Ristretto as Ciphersuite>::read_G::<&[u8]>(&mut signer_id.as_slice()).unwrap();
+    let signer_pub = <Ristretto as GroupIo>::read_G::<&[u8]>(&mut signer_id.as_slice()).unwrap();
    let signer_pub_2 =
-      <Ristretto as Ciphersuite>::read_G::<&[u8]>(&mut signed_id_2.as_slice()).unwrap();
+      <Ristretto as GroupIo>::read_G::<&[u8]>(&mut signed_id_2.as_slice()).unwrap();
    let validators =
      Arc::new(Validators::new(genesis, vec![(signer_pub, 1), (signer_pub_2, 1)]).unwrap());

--- a/coordinator/tributary-sdk/src/transaction.rs
+++ b/coordinator/tributary-sdk/src/transaction.rs
@@ -8,7 +8,7 @@ use blake2::{Digest, Blake2b512};

 use ciphersuite::{
  group::{Group, GroupEncoding},
-  Ciphersuite,
+  *,
 };
 use dalek_ff_group::Ristretto;
 use schnorr::SchnorrSignature;
@@ -43,7 +43,7 @@ pub enum TransactionError {
 /// Data for a signed transaction.
 #[derive(Clone, PartialEq, Eq, Debug)]
 pub struct Signed {
-  pub signer: <Ristretto as Ciphersuite>::G,
+  pub signer: <Ristretto as WrappedGroup>::G,
  pub nonce: u32,
  pub signature: SchnorrSignature<Ristretto>,
 }
@@ -160,10 +160,10 @@ pub trait Transaction: 'static + Send + Sync + Clone + Eq + Debug + ReadWrite {
  /// Do not override this unless you know what you're doing.
  ///
  /// Panics if called on non-signed transactions.
-  fn sig_hash(&self, genesis: [u8; 32]) -> <Ristretto as Ciphersuite>::F {
+  fn sig_hash(&self, genesis: [u8; 32]) -> <Ristretto as WrappedGroup>::F {
    match self.kind() {
      TransactionKind::Signed(order, Signed { signature, .. }) => {
-        <Ristretto as Ciphersuite>::F::from_bytes_mod_order_wide(
+        <Ristretto as WrappedGroup>::F::from_bytes_mod_order_wide(
          &Blake2b512::digest(
            [
              b"Tributary Signed Transaction",
@@ -182,8 +182,8 @@ pub trait Transaction: 'static + Send + Sync + Clone + Eq + Debug + ReadWrite {
  }
 }

-pub trait GAIN: FnMut(&<Ristretto as Ciphersuite>::G, &[u8]) -> Option<u32> {}
-impl<F: FnMut(&<Ristretto as Ciphersuite>::G, &[u8]) -> Option<u32>> GAIN for F {}
+pub trait GAIN: FnMut(&<Ristretto as WrappedGroup>::G, &[u8]) -> Option<u32> {}
+impl<F: FnMut(&<Ristretto as WrappedGroup>::G, &[u8]) -> Option<u32>> GAIN for F {}

 pub(crate) fn verify_transaction<F: GAIN, T: Transaction>(
  tx: &T,