Smash the singular Ciphersuite trait into multiple

This helps identify where the various functionalities are used, or rather, not
used. The `Ciphersuite` trait present in `patches/ciphersuite`, facilitating
the entire FCMP++ tree, only requires the markers _and_ canonical point
decoding. I've opened a PR to upstream such a trait into `group`
(https://github.com/zkcrypto/group/pull/68).

`WrappedGroup` is still justified for as long as `Group::generator` exists.
Moving `::generator()` to its own trait, on an independent structure (upstream)
would be massively appreciated. @tarcieri also wanted to update from
`fn generator()` to `const GENERATOR`, which would encourage further discussion
on https://github.com/zkcrypto/group/issues/32 and
https://github.com/zkcrypto/group/issues/45, which have been stagnant.

The `Id` trait is occasionally used yet really should be first off the chopping
block.

Finally, `WithPreferredHash` is only actually used around a third of the time,
which more than justifies it being a separate trait.

---

Updates `dalek_ff_group::Scalar` to directly re-export
`curve25519_dalek::Scalar`, as without issue. `dalek_ff_group::RistrettoPoint`
also could be replaced with an export of `curve25519_dalek::RistrettoPoint`,
yet the coordinator relies on how we implemented `Hash` on it for the hell of
it so it isn't worth it at this time. `dalek_ff_group::EdwardsPoint` can't be
replaced for an re-export of `curve25519_dalek::SubgroupPoint` as it doesn't
implement `zeroize`, `subtle` traits within a released, non-yanked version.
Relevance to https://github.com/serai-dex/serai/issues/201 and
https://github.com/dalek-cryptography/curve25519-dalek/issues/811#issuecomment-3247732746.

Also updates the `Ristretto` ciphersuite to prefer `Blake2b-512` over
`SHA2-512`. In order to maintain compliance with FROST's IETF standard,
`modular-frost` defines its own ciphersuite for Ristretto which still uses
`SHA2-512`.

crypto/secq256k1/Cargo.toml

@@ -18,13 +18,13 @@ hex-literal = { version = "0.4", default-features = false }
 
 std-shims = { version = "0.1", path = "../../common/std-shims", default-features = false, optional = true }
 
-k256 = { version = "0.13", default-features = false, features = ["arithmetic"] }
+sha2 = { version = "0.11.0-rc.0", default-features = false }
+k256 = { version = "0.13", default-features = false, features = ["arithmetic", "expose-field"] }
 prime-field = { path = "../prime-field", default-features = false }
 short-weierstrass = { path = "../short-weierstrass", default-features = false }
 
-sha2 = { version = "0.11.0-rc.0", default-features = false }
 ciphersuite = { path = "../ciphersuite", version = "0.4", default-features = false }
-generalized-bulletproofs-ec-gadgets = { git = "https://github.com/monero-oxide/monero-oxide", rev = "a6f8797007e768488568b821435cf5006517a962", default-features = false, optional = true }
+generalized-bulletproofs-ec-gadgets = { git = "https://github.com/monero-oxide/monero-oxide", rev = "7216a2e84c7671c167c3d81eafe0d2b1f418f102", default-features = false, optional = true }
 
 [dev-dependencies]
 hex = "0.4"

crypto/secq256k1/src/lib.rs

@@ -5,17 +5,12 @@
 #[cfg(feature = "alloc")]
 #[allow(unused_imports)]
 use std_shims::prelude::*;
-#[cfg(feature = "alloc")]
-use std_shims::io::{self, Read};
 
-use sha2::{
-  digest::array::{typenum::U33, Array},
-  Sha512,
-};
+use sha2::digest::array::{typenum::U33, Array};
 use k256::elliptic_curve::{
-  subtle::{Choice, ConstantTimeEq, ConditionallySelectable},
+  subtle::{Choice, CtOption, ConstantTimeEq, ConditionallySelectable},
   zeroize::Zeroize,
-  group::{ff::PrimeField, Group},
+  group::{ff::PrimeField, Group, GroupEncoding},
   sec1::Tag,
 };
 
@@ -109,32 +104,25 @@ impl ShortWeierstrass for Secq256k1 {
 
 pub type Point = Projective<Secq256k1>;
 
-impl ciphersuite::Ciphersuite for Secq256k1 {
+impl ciphersuite::WrappedGroup for Secq256k1 {
   type F = Scalar;
   type G = Point;
-  type H = Sha512;
-
-  const ID: &'static [u8] = b"secq256k1";
 
   fn generator() -> Self::G {
-    Point::generator()
+    <Point as Group>::generator()
   }
-
-  // We override the provided impl, which compares against the reserialization, because
-  // we already require canonicity
-  #[cfg(feature = "alloc")]
-  #[allow(non_snake_case)]
-  fn read_G<R: Read>(reader: &mut R) -> io::Result<Self::G> {
-    use ciphersuite::group::GroupEncoding;
-
-    let mut encoding = <Self::G as GroupEncoding>::Repr::default();
-    reader.read_exact(encoding.as_mut())?;
-
-    let point = Option::<Self::G>::from(Self::G::from_bytes(&encoding))
-      .ok_or_else(|| io::Error::other("invalid point"))?;
-    Ok(point)
+}
+impl ciphersuite::Id for Secq256k1 {
+  const ID: &[u8] = b"secq256k1";
+}
+impl ciphersuite::GroupCanonicalEncoding for Secq256k1 {
+  fn from_canonical_bytes(bytes: &<Self::G as GroupEncoding>::Repr) -> CtOption<Self::G> {
+    Self::G::from_bytes(bytes)
   }
 }
+impl ciphersuite::WithPreferredHash for Secq256k1 {
+  type H = sha2::Sha512;
+}
 
 #[cfg(feature = "alloc")]
 impl generalized_bulletproofs_ec_gadgets::DiscreteLogParameter for Secq256k1 {
@@ -150,7 +138,7 @@ fn test_curve() {
 fn generator() {
   use ciphersuite::group::GroupEncoding;
   assert_eq!(
-    Point::generator(),
+    <Point as Group>::generator(),
     Point::from_bytes(&Array(hex_literal::hex!(
       "020000000000000000000000000000000000000000000000000000000000000001"
     )))