mirror of
https://github.com/serai-dex/serai.git
synced 2025-12-13 22:49:25 +00:00
Smash the singular Ciphersuite trait into multiple
This helps identify where the various functionalities are used, or rather, not used. The `Ciphersuite` trait present in `patches/ciphersuite`, facilitating the entire FCMP++ tree, only requires the markers _and_ canonical point decoding. I've opened a PR to upstream such a trait into `group` (https://github.com/zkcrypto/group/pull/68). `WrappedGroup` is still justified for as long as `Group::generator` exists. Moving `::generator()` to its own trait, on an independent structure (upstream) would be massively appreciated. @tarcieri also wanted to update from `fn generator()` to `const GENERATOR`, which would encourage further discussion on https://github.com/zkcrypto/group/issues/32 and https://github.com/zkcrypto/group/issues/45, which have been stagnant. The `Id` trait is occasionally used yet really should be first off the chopping block. Finally, `WithPreferredHash` is only actually used around a third of the time, which more than justifies it being a separate trait. --- Updates `dalek_ff_group::Scalar` to directly re-export `curve25519_dalek::Scalar`, as without issue. `dalek_ff_group::RistrettoPoint` also could be replaced with an export of `curve25519_dalek::RistrettoPoint`, yet the coordinator relies on how we implemented `Hash` on it for the hell of it so it isn't worth it at this time. `dalek_ff_group::EdwardsPoint` can't be replaced for an re-export of `curve25519_dalek::SubgroupPoint` as it doesn't implement `zeroize`, `subtle` traits within a released, non-yanked version. Relevance to https://github.com/serai-dex/serai/issues/201 and https://github.com/dalek-cryptography/curve25519-dalek/issues/811#issuecomment-3247732746. Also updates the `Ristretto` ciphersuite to prefer `Blake2b-512` over `SHA2-512`. In order to maintain compliance with FROST's IETF standard, `modular-frost` defines its own ciphersuite for Ristretto which still uses `SHA2-512`.
This commit is contained in:
Luke Parker
@@ -6,7 +6,7 @@ use rand_core::OsRng;
|
||||
use dalek_ff_group::Ed25519;
|
||||
use ciphersuite::{
|
||||
group::{ff::Field, Group},
|
||||
Ciphersuite,
|
||||
GroupIo, WithPreferredHash,
|
||||
};
|
||||
use multiexp::BatchVerifier;
|
||||
|
||||
@@ -16,10 +16,10 @@ use crate::aggregate::{SchnorrAggregator, SchnorrAggregate};
|
||||
|
||||
mod rfc8032;
|
||||
|
||||
pub(crate) fn sign<C: Ciphersuite>() {
|
||||
let private_key = Zeroizing::new(C::random_nonzero_F(&mut OsRng));
|
||||
let nonce = Zeroizing::new(C::random_nonzero_F(&mut OsRng));
|
||||
let challenge = C::random_nonzero_F(&mut OsRng); // Doesn't bother to craft an HRAm
|
||||
pub(crate) fn sign<C: GroupIo>() {
|
||||
let private_key = Zeroizing::new(C::F::random(&mut OsRng));
|
||||
let nonce = Zeroizing::new(C::F::random(&mut OsRng));
|
||||
let challenge = C::F::random(&mut OsRng); // Doesn't bother to craft an HRAm
|
||||
assert!(SchnorrSignature::<C>::sign(&private_key, nonce, challenge)
|
||||
.verify(C::generator() * private_key.deref(), challenge));
|
||||
}
|
||||
@@ -27,22 +27,22 @@ pub(crate) fn sign<C: Ciphersuite>() {
|
||||
// The above sign function verifies signing works
|
||||
// This verifies invalid signatures don't pass, using zero signatures, which should effectively be
|
||||
// random
|
||||
pub(crate) fn verify<C: Ciphersuite>() {
|
||||
pub(crate) fn verify<C: GroupIo>() {
|
||||
assert!(!SchnorrSignature::<C> { R: C::G::identity(), s: C::F::ZERO }
|
||||
.verify(C::generator() * C::random_nonzero_F(&mut OsRng), C::random_nonzero_F(&mut OsRng)));
|
||||
.verify(C::generator() * C::F::random(&mut OsRng), C::F::random(&mut OsRng)));
|
||||
}
|
||||
|
||||
pub(crate) fn batch_verify<C: Ciphersuite>() {
|
||||
pub(crate) fn batch_verify<C: GroupIo>() {
|
||||
// Create 5 signatures
|
||||
let mut keys = vec![];
|
||||
let mut challenges = vec![];
|
||||
let mut sigs = vec![];
|
||||
for i in 0 .. 5 {
|
||||
keys.push(Zeroizing::new(C::random_nonzero_F(&mut OsRng)));
|
||||
challenges.push(C::random_nonzero_F(&mut OsRng));
|
||||
keys.push(Zeroizing::new(C::F::random(&mut OsRng)));
|
||||
challenges.push(C::F::random(&mut OsRng));
|
||||
sigs.push(SchnorrSignature::<C>::sign(
|
||||
&keys[i],
|
||||
Zeroizing::new(C::random_nonzero_F(&mut OsRng)),
|
||||
Zeroizing::new(C::F::random(&mut OsRng)),
|
||||
challenges[i],
|
||||
));
|
||||
}
|
||||
@@ -78,7 +78,7 @@ pub(crate) fn batch_verify<C: Ciphersuite>() {
|
||||
}
|
||||
|
||||
#[cfg(feature = "aggregate")]
|
||||
pub(crate) fn aggregate<C: Ciphersuite>() {
|
||||
pub(crate) fn aggregate<C: GroupIo + WithPreferredHash>() {
|
||||
const DST: &[u8] = b"Schnorr Aggregator Test";
|
||||
|
||||
// Create 5 signatures
|
||||
@@ -86,14 +86,14 @@ pub(crate) fn aggregate<C: Ciphersuite>() {
|
||||
let mut challenges = vec![];
|
||||
let mut aggregator = SchnorrAggregator::<C>::new(DST);
|
||||
for i in 0 .. 5 {
|
||||
keys.push(Zeroizing::new(C::random_nonzero_F(&mut OsRng)));
|
||||
keys.push(Zeroizing::new(C::F::random(&mut OsRng)));
|
||||
// In practice, this MUST be a secure challenge binding to the nonce, key, and any message
|
||||
challenges.push(C::random_nonzero_F(&mut OsRng));
|
||||
challenges.push(C::F::random(&mut OsRng));
|
||||
aggregator.aggregate(
|
||||
challenges[i],
|
||||
SchnorrSignature::<C>::sign(
|
||||
&keys[i],
|
||||
Zeroizing::new(C::random_nonzero_F(&mut OsRng)),
|
||||
Zeroizing::new(C::F::random(&mut OsRng)),
|
||||
challenges[i],
|
||||
),
|
||||
);
|
||||
|
||||
@@ -6,7 +6,7 @@
|
||||
use sha2::{Digest, Sha512};
|
||||
|
||||
use dalek_ff_group::{Scalar, Ed25519};
|
||||
use ciphersuite::{group::GroupEncoding, Ciphersuite};
|
||||
use ciphersuite::{group::GroupEncoding, GroupIo};
|
||||
|
||||
use crate::SchnorrSignature;
|
||||
|
||||
|
||||
Reference in New Issue
Block a user