Smash the singular Ciphersuite trait into multiple

This helps identify where the various functionalities are used, or rather, not
used. The `Ciphersuite` trait present in `patches/ciphersuite`, facilitating
the entire FCMP++ tree, only requires the markers _and_ canonical point
decoding. I've opened a PR to upstream such a trait into `group`
(https://github.com/zkcrypto/group/pull/68).

`WrappedGroup` is still justified for as long as `Group::generator` exists.
Moving `::generator()` to its own trait, on an independent structure (upstream)
would be massively appreciated. @tarcieri also wanted to update from
`fn generator()` to `const GENERATOR`, which would encourage further discussion
on https://github.com/zkcrypto/group/issues/32 and
https://github.com/zkcrypto/group/issues/45, which have been stagnant.

The `Id` trait is occasionally used yet really should be first off the chopping
block.

Finally, `WithPreferredHash` is only actually used around a third of the time,
which more than justifies it being a separate trait.

---

Updates `dalek_ff_group::Scalar` to directly re-export
`curve25519_dalek::Scalar`, as without issue. `dalek_ff_group::RistrettoPoint`
also could be replaced with an export of `curve25519_dalek::RistrettoPoint`,
yet the coordinator relies on how we implemented `Hash` on it for the hell of
it so it isn't worth it at this time. `dalek_ff_group::EdwardsPoint` can't be
replaced for an re-export of `curve25519_dalek::SubgroupPoint` as it doesn't
implement `zeroize`, `subtle` traits within a released, non-yanked version.
Relevance to https://github.com/serai-dex/serai/issues/201 and
https://github.com/dalek-cryptography/curve25519-dalek/issues/811#issuecomment-3247732746.

Also updates the `Ristretto` ciphersuite to prefer `Blake2b-512` over
`SHA2-512`. In order to maintain compliance with FROST's IETF standard,
`modular-frost` defines its own ciphersuite for Ristretto which still uses
`SHA2-512`.

crypto/transcript/Cargo.toml

@@ -19,14 +19,14 @@ workspace = true
 [dependencies]
 zeroize = { version = "^1.5", default-features = false }
 
-digest = { version = "0.11.0-rc.0", default-features = false, features = ["block-api"] }
+digest = { version = "0.11.0-rc.1", default-features = false, features = ["block-api"] }
 
-blake2 = { version = "0.11.0-rc.0", default-features = false, optional = true }
+blake2 = { version = "0.11.0-rc.2", default-features = false, optional = true }
 merlin = { version = "3", default-features = false, optional = true }
 
 [dev-dependencies]
-sha2 = { version = "0.11.0-rc.0", default-features = false }
-blake2 = { version = "0.11.0-rc.0", default-features = false }
+sha2 = { version = "0.11.0-rc.2", default-features = false }
+blake2 = { version = "0.11.0-rc.2", default-features = false }
 
 [features]
 std = ["zeroize/std", "merlin?/std"]

crypto/transcript/src/lib.rs

@@ -4,13 +4,7 @@
 
 use zeroize::Zeroize;
 
-use digest::{
-  typenum::{
-    consts::U32, marker_traits::NonZero, type_operators::IsGreaterOrEqual, operator_aliases::GrEq,
-  },
-  block_api::BlockSizeUser,
-  Digest, Output, HashMarker,
-};
+use digest::{block_api::BlockSizeUser, Digest, Output, HashMarker};
 
 #[cfg(feature = "merlin")]
 mod merlin;
@@ -75,24 +69,11 @@ impl DigestTranscriptMember {
   }
 }
 
-/// A trait defining cryptographic Digests with at least a 256-bit output size, assuming at least a
-/// 128-bit level of security accordingly.
-pub trait SecureDigest: Digest + HashMarker {}
-impl<D: Digest + HashMarker> SecureDigest for D
-where
-  // This just lets us perform the comparison
-  D::OutputSize: IsGreaterOrEqual<U32>,
-  // Perform the comparison and make sure it's true (not zero), meaning D::OutputSize is >= U32
-  // This should be U32 as it's length in bytes, not bits
-  GrEq<D::OutputSize, U32>: NonZero,
-{
-}
-
 /// A simple transcript format constructed around the specified hash algorithm.
 #[derive(Clone, Debug)]
-pub struct DigestTranscript<D: Send + Clone + SecureDigest>(D);
+pub struct DigestTranscript<D: Send + Clone + Digest + HashMarker>(D);
 
-impl<D: Send + Clone + SecureDigest> DigestTranscript<D> {
+impl<D: Send + Clone + Digest + HashMarker> DigestTranscript<D> {
   fn append(&mut self, kind: DigestTranscriptMember, value: &[u8]) {
     self.0.update([kind.as_u8()]);
     // Assumes messages don't exceed 16 exabytes
@@ -101,7 +82,7 @@ impl<D: Send + Clone + SecureDigest> DigestTranscript<D> {
   }
 }
 
-impl<D: Send + Clone + SecureDigest> Transcript for DigestTranscript<D> {
+impl<D: Send + Clone + Digest + HashMarker> Transcript for DigestTranscript<D> {
   type Challenge = Output<D>;
 
   fn new(name: &'static [u8]) -> Self {
@@ -140,7 +121,7 @@ impl<D: Send + Clone + SecureDigest> Transcript for DigestTranscript<D> {
 // Digest doesn't implement Zeroize
 // Implement Zeroize for DigestTranscript by writing twice the block size to the digest in an
 // attempt to overwrite the internal hash state/any leftover bytes
-impl<D: Send + Clone + SecureDigest> Zeroize for DigestTranscript<D>
+impl<D: Send + Clone + Digest + HashMarker> Zeroize for DigestTranscript<D>
 where
   D: BlockSizeUser,
 {
@@ -159,7 +140,7 @@ where
     // These writes may be optimized out if they're never read
     // Attempt to get them marked as read
 
-    fn mark_read<D: Send + Clone + SecureDigest>(transcript: &DigestTranscript<D>) {
+    fn mark_read<D: Send + Clone + Digest + HashMarker>(transcript: &DigestTranscript<D>) {
       // Just get a challenge from the state
       let mut challenge = core::hint::black_box(transcript.0.clone().finalize());
       challenge.as_mut().zeroize();