mirror of
https://github.com/serai-dex/serai.git
synced 2025-12-13 14:39:25 +00:00
Smash the singular Ciphersuite trait into multiple
This helps identify where the various functionalities are used, or rather, not used. The `Ciphersuite` trait present in `patches/ciphersuite`, facilitating the entire FCMP++ tree, only requires the markers _and_ canonical point decoding. I've opened a PR to upstream such a trait into `group` (https://github.com/zkcrypto/group/pull/68). `WrappedGroup` is still justified for as long as `Group::generator` exists. Moving `::generator()` to its own trait, on an independent structure (upstream) would be massively appreciated. @tarcieri also wanted to update from `fn generator()` to `const GENERATOR`, which would encourage further discussion on https://github.com/zkcrypto/group/issues/32 and https://github.com/zkcrypto/group/issues/45, which have been stagnant. The `Id` trait is occasionally used yet really should be first off the chopping block. Finally, `WithPreferredHash` is only actually used around a third of the time, which more than justifies it being a separate trait. --- Updates `dalek_ff_group::Scalar` to directly re-export `curve25519_dalek::Scalar`, as without issue. `dalek_ff_group::RistrettoPoint` also could be replaced with an export of `curve25519_dalek::RistrettoPoint`, yet the coordinator relies on how we implemented `Hash` on it for the hell of it so it isn't worth it at this time. `dalek_ff_group::EdwardsPoint` can't be replaced for an re-export of `curve25519_dalek::SubgroupPoint` as it doesn't implement `zeroize`, `subtle` traits within a released, non-yanked version. Relevance to https://github.com/serai-dex/serai/issues/201 and https://github.com/dalek-cryptography/curve25519-dalek/issues/811#issuecomment-3247732746. Also updates the `Ristretto` ciphersuite to prefer `Blake2b-512` over `SHA2-512`. In order to maintain compliance with FROST's IETF standard, `modular-frost` defines its own ciphersuite for Ristretto which still uses `SHA2-512`.
This commit is contained in:
Luke Parker
@@ -3,10 +3,7 @@ use std::{sync::Arc, io, collections::HashMap, fmt::Debug};
|
||||
use blake2::{Digest, Blake2s256};
|
||||
|
||||
use dalek_ff_group::Ristretto;
|
||||
use ciphersuite::{
|
||||
group::{ff::Field, Group},
|
||||
Ciphersuite,
|
||||
};
|
||||
use ciphersuite::{group::Group, *};
|
||||
use schnorr::SchnorrSignature;
|
||||
|
||||
use serai_db::MemDb;
|
||||
@@ -32,11 +29,11 @@ impl NonceTransaction {
|
||||
nonce,
|
||||
distinguisher,
|
||||
Signed {
|
||||
signer: <Ristretto as Ciphersuite>::G::identity(),
|
||||
signer: <Ristretto as WrappedGroup>::G::identity(),
|
||||
nonce,
|
||||
signature: SchnorrSignature::<Ristretto> {
|
||||
R: <Ristretto as Ciphersuite>::G::identity(),
|
||||
s: <Ristretto as Ciphersuite>::F::ZERO,
|
||||
R: <Ristretto as WrappedGroup>::G::identity(),
|
||||
s: <Ristretto as WrappedGroup>::F::ZERO,
|
||||
},
|
||||
},
|
||||
)
|
||||
|
||||
@@ -11,7 +11,7 @@ use rand::rngs::OsRng;
|
||||
use blake2::{Digest, Blake2s256};
|
||||
|
||||
use dalek_ff_group::Ristretto;
|
||||
use ciphersuite::{group::ff::Field, Ciphersuite};
|
||||
use ciphersuite::*;
|
||||
|
||||
use serai_db::{DbTxn, Db, MemDb};
|
||||
|
||||
@@ -31,7 +31,7 @@ type N = TendermintNetwork<MemDb, SignedTransaction, DummyP2p>;
|
||||
|
||||
fn new_blockchain<T: TransactionTrait>(
|
||||
genesis: [u8; 32],
|
||||
participants: &[<Ristretto as Ciphersuite>::G],
|
||||
participants: &[<Ristretto as WrappedGroup>::G],
|
||||
) -> (MemDb, Blockchain<MemDb, T>) {
|
||||
let db = MemDb::new();
|
||||
let blockchain = Blockchain::new(db.clone(), genesis, participants);
|
||||
@@ -82,7 +82,7 @@ fn invalid_block() {
|
||||
assert!(blockchain.verify_block::<N>(&block, &validators, false).is_err());
|
||||
}
|
||||
|
||||
let key = Zeroizing::new(<Ristretto as Ciphersuite>::F::random(&mut OsRng));
|
||||
let key = Zeroizing::new(<Ristretto as WrappedGroup>::F::random(&mut OsRng));
|
||||
let tx = crate::tests::signed_transaction(&mut OsRng, genesis, &key, 0);
|
||||
|
||||
// Not a participant
|
||||
@@ -134,7 +134,7 @@ fn invalid_block() {
|
||||
blockchain.verify_block::<N>(&block, &validators, false).unwrap();
|
||||
match &mut block.transactions[0] {
|
||||
Transaction::Application(tx) => {
|
||||
tx.1.signature.s += <Ristretto as Ciphersuite>::F::ONE;
|
||||
tx.1.signature.s += <Ristretto as WrappedGroup>::F::ONE;
|
||||
}
|
||||
_ => panic!("non-signed tx found"),
|
||||
}
|
||||
@@ -150,7 +150,7 @@ fn invalid_block() {
|
||||
fn signed_transaction() {
|
||||
let genesis = new_genesis();
|
||||
let validators = Arc::new(Validators::new(genesis, vec![]).unwrap());
|
||||
let key = Zeroizing::new(<Ristretto as Ciphersuite>::F::random(&mut OsRng));
|
||||
let key = Zeroizing::new(<Ristretto as WrappedGroup>::F::random(&mut OsRng));
|
||||
let tx = crate::tests::signed_transaction(&mut OsRng, genesis, &key, 0);
|
||||
let signer = tx.1.signer;
|
||||
|
||||
@@ -339,7 +339,7 @@ fn provided_transaction() {
|
||||
#[tokio::test]
|
||||
async fn tendermint_evidence_tx() {
|
||||
let genesis = new_genesis();
|
||||
let key = Zeroizing::new(<Ristretto as Ciphersuite>::F::random(&mut OsRng));
|
||||
let key = Zeroizing::new(<Ristretto as WrappedGroup>::F::random(&mut OsRng));
|
||||
let signer = Signer::new(genesis, key.clone());
|
||||
let signer_id = Ristretto::generator() * key.deref();
|
||||
let validators = Arc::new(Validators::new(genesis, vec![(signer_id, 1)]).unwrap());
|
||||
@@ -379,7 +379,7 @@ async fn tendermint_evidence_tx() {
|
||||
let mut mempool: Vec<Transaction<SignedTransaction>> = vec![];
|
||||
let mut signers = vec![];
|
||||
for _ in 0 .. 5 {
|
||||
let key = Zeroizing::new(<Ristretto as Ciphersuite>::F::random(&mut OsRng));
|
||||
let key = Zeroizing::new(<Ristretto as WrappedGroup>::F::random(&mut OsRng));
|
||||
let signer = Signer::new(genesis, key.clone());
|
||||
let signer_id = Ristretto::generator() * key.deref();
|
||||
signers.push((signer_id, 1));
|
||||
@@ -446,7 +446,7 @@ async fn block_tx_ordering() {
|
||||
}
|
||||
|
||||
let genesis = new_genesis();
|
||||
let key = Zeroizing::new(<Ristretto as Ciphersuite>::F::random(&mut OsRng));
|
||||
let key = Zeroizing::new(<Ristretto as WrappedGroup>::F::random(&mut OsRng));
|
||||
|
||||
// signer
|
||||
let signer = crate::tests::signed_transaction(&mut OsRng, genesis, &key, 0).1.signer;
|
||||
|
||||
@@ -4,7 +4,7 @@ use zeroize::Zeroizing;
|
||||
use rand::{RngCore, rngs::OsRng};
|
||||
|
||||
use dalek_ff_group::Ristretto;
|
||||
use ciphersuite::{group::ff::Field, Ciphersuite};
|
||||
use ciphersuite::*;
|
||||
|
||||
use tendermint::ext::Commit;
|
||||
|
||||
@@ -33,7 +33,7 @@ async fn mempool_addition() {
|
||||
Some(Commit::<Arc<Validators>> { end_time: 0, validators: vec![], signature: vec![] })
|
||||
};
|
||||
let unsigned_in_chain = |_: [u8; 32]| false;
|
||||
let key = Zeroizing::new(<Ristretto as Ciphersuite>::F::random(&mut OsRng));
|
||||
let key = Zeroizing::new(<Ristretto as WrappedGroup>::F::random(&mut OsRng));
|
||||
|
||||
let first_tx = signed_transaction(&mut OsRng, genesis, &key, 0);
|
||||
let signer = first_tx.1.signer;
|
||||
@@ -125,7 +125,7 @@ async fn mempool_addition() {
|
||||
|
||||
// If the mempool doesn't have a nonce for an account, it should successfully use the
|
||||
// blockchain's
|
||||
let second_key = Zeroizing::new(<Ristretto as Ciphersuite>::F::random(&mut OsRng));
|
||||
let second_key = Zeroizing::new(<Ristretto as WrappedGroup>::F::random(&mut OsRng));
|
||||
let tx = signed_transaction(&mut OsRng, genesis, &second_key, 2);
|
||||
let second_signer = tx.1.signer;
|
||||
assert_eq!(mempool.next_nonce_in_mempool(&second_signer, vec![]), None);
|
||||
@@ -165,7 +165,7 @@ fn too_many_mempool() {
|
||||
Some(Commit::<Arc<Validators>> { end_time: 0, validators: vec![], signature: vec![] })
|
||||
};
|
||||
let unsigned_in_chain = |_: [u8; 32]| false;
|
||||
let key = Zeroizing::new(<Ristretto as Ciphersuite>::F::random(&mut OsRng));
|
||||
let key = Zeroizing::new(<Ristretto as WrappedGroup>::F::random(&mut OsRng));
|
||||
|
||||
// We should be able to add transactions up to the limit
|
||||
for i in 0 .. ACCOUNT_MEMPOOL_LIMIT {
|
||||
|
||||
@@ -7,10 +7,7 @@ use rand::{RngCore, CryptoRng, rngs::OsRng};
|
||||
use blake2::{Digest, Blake2s256};
|
||||
|
||||
use dalek_ff_group::Ristretto;
|
||||
use ciphersuite::{
|
||||
group::{ff::Field, Group},
|
||||
Ciphersuite,
|
||||
};
|
||||
use ciphersuite::{group::Group, *};
|
||||
use schnorr::SchnorrSignature;
|
||||
|
||||
use scale::Encode;
|
||||
@@ -34,11 +31,11 @@ mod tendermint;
|
||||
|
||||
pub fn random_signed<R: RngCore + CryptoRng>(rng: &mut R) -> Signed {
|
||||
Signed {
|
||||
signer: <Ristretto as Ciphersuite>::G::random(&mut *rng),
|
||||
signer: <Ristretto as WrappedGroup>::G::random(&mut *rng),
|
||||
nonce: u32::try_from(rng.next_u64() >> 32 >> 1).unwrap(),
|
||||
signature: SchnorrSignature::<Ristretto> {
|
||||
R: <Ristretto as Ciphersuite>::G::random(&mut *rng),
|
||||
s: <Ristretto as Ciphersuite>::F::random(rng),
|
||||
R: <Ristretto as WrappedGroup>::G::random(&mut *rng),
|
||||
s: <Ristretto as WrappedGroup>::F::random(rng),
|
||||
},
|
||||
}
|
||||
}
|
||||
@@ -137,18 +134,18 @@ impl Transaction for SignedTransaction {
|
||||
pub fn signed_transaction<R: RngCore + CryptoRng>(
|
||||
rng: &mut R,
|
||||
genesis: [u8; 32],
|
||||
key: &Zeroizing<<Ristretto as Ciphersuite>::F>,
|
||||
key: &Zeroizing<<Ristretto as WrappedGroup>::F>,
|
||||
nonce: u32,
|
||||
) -> SignedTransaction {
|
||||
let mut data = vec![0; 512];
|
||||
rng.fill_bytes(&mut data);
|
||||
|
||||
let signer = <Ristretto as Ciphersuite>::generator() * **key;
|
||||
let signer = <Ristretto as WrappedGroup>::generator() * **key;
|
||||
|
||||
let mut tx =
|
||||
SignedTransaction(data, Signed { signer, nonce, signature: random_signed(rng).signature });
|
||||
|
||||
let sig_nonce = Zeroizing::new(<Ristretto as Ciphersuite>::F::random(rng));
|
||||
let sig_nonce = Zeroizing::new(<Ristretto as WrappedGroup>::F::random(rng));
|
||||
tx.1.signature.R = Ristretto::generator() * sig_nonce.deref();
|
||||
tx.1.signature = SchnorrSignature::sign(key, sig_nonce, tx.sig_hash(genesis));
|
||||
|
||||
@@ -163,7 +160,7 @@ pub fn random_signed_transaction<R: RngCore + CryptoRng>(
|
||||
let mut genesis = [0; 32];
|
||||
rng.fill_bytes(&mut genesis);
|
||||
|
||||
let key = Zeroizing::new(<Ristretto as Ciphersuite>::F::random(&mut *rng));
|
||||
let key = Zeroizing::new(<Ristretto as WrappedGroup>::F::random(&mut *rng));
|
||||
// Shift over an additional bit to ensure it won't overflow when incremented
|
||||
let nonce = u32::try_from(rng.next_u64() >> 32 >> 1).unwrap();
|
||||
|
||||
@@ -180,12 +177,11 @@ pub async fn tendermint_meta() -> ([u8; 32], Signer, [u8; 32], Arc<Validators>)
|
||||
// signer
|
||||
let genesis = new_genesis();
|
||||
let signer =
|
||||
Signer::new(genesis, Zeroizing::new(<Ristretto as Ciphersuite>::F::random(&mut OsRng)));
|
||||
Signer::new(genesis, Zeroizing::new(<Ristretto as WrappedGroup>::F::random(&mut OsRng)));
|
||||
let validator_id = signer.validator_id().await.unwrap();
|
||||
|
||||
// schema
|
||||
let signer_pub =
|
||||
<Ristretto as Ciphersuite>::read_G::<&[u8]>(&mut validator_id.as_slice()).unwrap();
|
||||
let signer_pub = <Ristretto as GroupIo>::read_G::<&[u8]>(&mut validator_id.as_slice()).unwrap();
|
||||
let validators = Arc::new(Validators::new(genesis, vec![(signer_pub, 1)]).unwrap());
|
||||
|
||||
(genesis, signer, validator_id, validators)
|
||||
|
||||
@@ -3,7 +3,7 @@ use rand::rngs::OsRng;
|
||||
use blake2::{Digest, Blake2s256};
|
||||
|
||||
use dalek_ff_group::Ristretto;
|
||||
use ciphersuite::{group::ff::Field, Ciphersuite};
|
||||
use ciphersuite::*;
|
||||
|
||||
use crate::{
|
||||
ReadWrite,
|
||||
@@ -69,7 +69,7 @@ fn signed_transaction() {
|
||||
}
|
||||
{
|
||||
let mut tx = tx.clone();
|
||||
tx.1.signature.s += <Ristretto as Ciphersuite>::F::ONE;
|
||||
tx.1.signature.s += <Ristretto as WrappedGroup>::F::ONE;
|
||||
assert!(verify_transaction(&tx, genesis, &mut |_, _| Some(tx.1.nonce)).is_err());
|
||||
}
|
||||
|
||||
|
||||
@@ -4,7 +4,7 @@ use zeroize::Zeroizing;
|
||||
use rand::{RngCore, rngs::OsRng};
|
||||
|
||||
use dalek_ff_group::Ristretto;
|
||||
use ciphersuite::{Ciphersuite, group::ff::Field};
|
||||
use ciphersuite::*;
|
||||
|
||||
use scale::Encode;
|
||||
|
||||
@@ -261,7 +261,7 @@ async fn conflicting_msgs_evidence_tx() {
|
||||
let signed_1 = signed_for_b_r(0, 0, Data::Proposal(None, TendermintBlock(vec![0x11]))).await;
|
||||
|
||||
let signer_2 =
|
||||
Signer::new(genesis, Zeroizing::new(<Ristretto as Ciphersuite>::F::random(&mut OsRng)));
|
||||
Signer::new(genesis, Zeroizing::new(<Ristretto as WrappedGroup>::F::random(&mut OsRng)));
|
||||
let signed_id_2 = signer_2.validator_id().await.unwrap();
|
||||
let signed_2 = signed_from_data::<N>(
|
||||
signer_2.into(),
|
||||
@@ -278,10 +278,9 @@ async fn conflicting_msgs_evidence_tx() {
|
||||
));
|
||||
|
||||
// update schema so that we don't fail due to invalid signature
|
||||
let signer_pub =
|
||||
<Ristretto as Ciphersuite>::read_G::<&[u8]>(&mut signer_id.as_slice()).unwrap();
|
||||
let signer_pub = <Ristretto as GroupIo>::read_G::<&[u8]>(&mut signer_id.as_slice()).unwrap();
|
||||
let signer_pub_2 =
|
||||
<Ristretto as Ciphersuite>::read_G::<&[u8]>(&mut signed_id_2.as_slice()).unwrap();
|
||||
<Ristretto as GroupIo>::read_G::<&[u8]>(&mut signed_id_2.as_slice()).unwrap();
|
||||
let validators =
|
||||
Arc::new(Validators::new(genesis, vec![(signer_pub, 1), (signer_pub_2, 1)]).unwrap());
|
||||
|
||||
|
||||
Reference in New Issue
Block a user