mirror of
https://github.com/serai-dex/serai.git
synced 2025-12-08 20:29:23 +00:00
Smash the singular Ciphersuite trait into multiple
This helps identify where the various functionalities are used, or rather, not used. The `Ciphersuite` trait present in `patches/ciphersuite`, facilitating the entire FCMP++ tree, only requires the markers _and_ canonical point decoding. I've opened a PR to upstream such a trait into `group` (https://github.com/zkcrypto/group/pull/68). `WrappedGroup` is still justified for as long as `Group::generator` exists. Moving `::generator()` to its own trait, on an independent structure (upstream) would be massively appreciated. @tarcieri also wanted to update from `fn generator()` to `const GENERATOR`, which would encourage further discussion on https://github.com/zkcrypto/group/issues/32 and https://github.com/zkcrypto/group/issues/45, which have been stagnant. The `Id` trait is occasionally used yet really should be first off the chopping block. Finally, `WithPreferredHash` is only actually used around a third of the time, which more than justifies it being a separate trait. --- Updates `dalek_ff_group::Scalar` to directly re-export `curve25519_dalek::Scalar`, as without issue. `dalek_ff_group::RistrettoPoint` also could be replaced with an export of `curve25519_dalek::RistrettoPoint`, yet the coordinator relies on how we implemented `Hash` on it for the hell of it so it isn't worth it at this time. `dalek_ff_group::EdwardsPoint` can't be replaced for an re-export of `curve25519_dalek::SubgroupPoint` as it doesn't implement `zeroize`, `subtle` traits within a released, non-yanked version. Relevance to https://github.com/serai-dex/serai/issues/201 and https://github.com/dalek-cryptography/curve25519-dalek/issues/811#issuecomment-3247732746. Also updates the `Ristretto` ciphersuite to prefer `Blake2b-512` over `SHA2-512`. In order to maintain compliance with FROST's IETF standard, `modular-frost` defines its own ciphersuite for Ristretto which still uses `SHA2-512`.
This commit is contained in:
Luke Parker
@@ -1,4 +1,4 @@
|
||||
use ciphersuite::{group::GroupEncoding, Ciphersuite};
|
||||
use ciphersuite::{group::GroupEncoding, *};
|
||||
use dkg::{ThresholdKeys, Curves, Secp256k1};
|
||||
|
||||
use crate::{primitives::x_coord_to_even_point, scan::scanner};
|
||||
@@ -18,7 +18,7 @@ impl key_gen::KeyGenParams for KeyGenParams {
|
||||
}
|
||||
|
||||
fn encode_key(
|
||||
key: <<Self::ExternalNetworkCiphersuite as Curves>::ToweringCurve as Ciphersuite>::G,
|
||||
key: <<Self::ExternalNetworkCiphersuite as Curves>::ToweringCurve as WrappedGroup>::G,
|
||||
) -> Vec<u8> {
|
||||
let key = key.to_bytes();
|
||||
let key: &[u8] = key.as_ref();
|
||||
@@ -28,7 +28,7 @@ impl key_gen::KeyGenParams for KeyGenParams {
|
||||
|
||||
fn decode_key(
|
||||
key: &[u8],
|
||||
) -> Option<<<Self::ExternalNetworkCiphersuite as Curves>::ToweringCurve as Ciphersuite>::G> {
|
||||
) -> Option<<<Self::ExternalNetworkCiphersuite as Curves>::ToweringCurve as WrappedGroup>::G> {
|
||||
x_coord_to_even_point(key)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
use core::fmt;
|
||||
use std::collections::HashMap;
|
||||
|
||||
use ciphersuite::Ciphersuite;
|
||||
use ciphersuite::*;
|
||||
use ciphersuite_kp256::Secp256k1;
|
||||
|
||||
use bitcoin_serai::bitcoin::block::{Header, Block as BBlock};
|
||||
@@ -35,7 +35,7 @@ impl<D: Db> fmt::Debug for Block<D> {
|
||||
impl<D: Db> primitives::Block for Block<D> {
|
||||
type Header = BlockHeader;
|
||||
|
||||
type Key = <Secp256k1 as Ciphersuite>::G;
|
||||
type Key = <Secp256k1 as WrappedGroup>::G;
|
||||
type Address = Address;
|
||||
type Output = Output;
|
||||
type Eventuality = Eventuality;
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
use ciphersuite::Ciphersuite;
|
||||
use ciphersuite::*;
|
||||
use ciphersuite_kp256::Secp256k1;
|
||||
|
||||
use bitcoin_serai::bitcoin::key::{Parity, XOnlyPublicKey};
|
||||
@@ -7,7 +7,7 @@ pub(crate) mod output;
|
||||
pub(crate) mod transaction;
|
||||
pub(crate) mod block;
|
||||
|
||||
pub(crate) fn x_coord_to_even_point(key: &[u8]) -> Option<<Secp256k1 as Ciphersuite>::G> {
|
||||
pub(crate) fn x_coord_to_even_point(key: &[u8]) -> Option<<Secp256k1 as WrappedGroup>::G> {
|
||||
if key.len() != 32 {
|
||||
None?
|
||||
};
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
use std::io;
|
||||
|
||||
use ciphersuite::Ciphersuite;
|
||||
use ciphersuite::*;
|
||||
use ciphersuite_kp256::Secp256k1;
|
||||
|
||||
use bitcoin_serai::{
|
||||
@@ -55,7 +55,7 @@ pub(crate) struct Output {
|
||||
impl Output {
|
||||
pub(crate) fn new(
|
||||
getter: &impl Get,
|
||||
key: <Secp256k1 as Ciphersuite>::G,
|
||||
key: <Secp256k1 as WrappedGroup>::G,
|
||||
tx: &Transaction,
|
||||
output: WalletOutput,
|
||||
) -> Self {
|
||||
@@ -71,7 +71,7 @@ impl Output {
|
||||
}
|
||||
|
||||
pub(crate) fn new_with_presumed_origin(
|
||||
key: <Secp256k1 as Ciphersuite>::G,
|
||||
key: <Secp256k1 as WrappedGroup>::G,
|
||||
tx: &Transaction,
|
||||
presumed_origin: Option<Address>,
|
||||
output: WalletOutput,
|
||||
@@ -88,7 +88,7 @@ impl Output {
|
||||
}
|
||||
}
|
||||
|
||||
impl ReceivedOutput<<Secp256k1 as Ciphersuite>::G, Address> for Output {
|
||||
impl ReceivedOutput<<Secp256k1 as WrappedGroup>::G, Address> for Output {
|
||||
type Id = OutputId;
|
||||
type TransactionId = [u8; 32];
|
||||
|
||||
@@ -108,7 +108,7 @@ impl ReceivedOutput<<Secp256k1 as Ciphersuite>::G, Address> for Output {
|
||||
res
|
||||
}
|
||||
|
||||
fn key(&self) -> <Secp256k1 as Ciphersuite>::G {
|
||||
fn key(&self) -> <Secp256k1 as WrappedGroup>::G {
|
||||
// We read the key from the script pubkey so we don't have to independently store it
|
||||
let script = &self.output.output().script_pubkey;
|
||||
|
||||
@@ -121,7 +121,7 @@ impl ReceivedOutput<<Secp256k1 as Ciphersuite>::G, Address> for Output {
|
||||
.expect("last item in scanned v1 Taproot script wasn't a valid x-only public key");
|
||||
|
||||
// The output's key minus the output's offset is the root key
|
||||
key - (<Secp256k1 as Ciphersuite>::G::GENERATOR * self.output.offset())
|
||||
key - (<Secp256k1 as WrappedGroup>::G::GENERATOR * self.output.offset())
|
||||
}
|
||||
|
||||
fn presumed_origin(&self) -> Option<Address> {
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
use std::{sync::LazyLock, collections::HashMap};
|
||||
|
||||
use ciphersuite::Ciphersuite;
|
||||
use ciphersuite::*;
|
||||
use ciphersuite_kp256::Secp256k1;
|
||||
|
||||
use bitcoin_serai::{
|
||||
@@ -20,20 +20,20 @@ use primitives::OutputType;
|
||||
use crate::hash_bytes;
|
||||
|
||||
// TODO: Bitcoin HD derivation, instead of these bespoke labels?
|
||||
static BRANCH_BASE_OFFSET: LazyLock<<Secp256k1 as Ciphersuite>::F> =
|
||||
static BRANCH_BASE_OFFSET: LazyLock<<Secp256k1 as WrappedGroup>::F> =
|
||||
LazyLock::new(|| Secp256k1::hash_to_F(b"branch"));
|
||||
static CHANGE_BASE_OFFSET: LazyLock<<Secp256k1 as Ciphersuite>::F> =
|
||||
static CHANGE_BASE_OFFSET: LazyLock<<Secp256k1 as WrappedGroup>::F> =
|
||||
LazyLock::new(|| Secp256k1::hash_to_F(b"change"));
|
||||
static FORWARD_BASE_OFFSET: LazyLock<<Secp256k1 as Ciphersuite>::F> =
|
||||
static FORWARD_BASE_OFFSET: LazyLock<<Secp256k1 as WrappedGroup>::F> =
|
||||
LazyLock::new(|| Secp256k1::hash_to_F(b"forward"));
|
||||
|
||||
// Unfortunately, we have per-key offsets as it's the root key plus the base offset may not be
|
||||
// even. While we could tweak the key until all derivations are even, that'd require significantly
|
||||
// more tweaking. This algorithmic complexity is preferred.
|
||||
pub(crate) fn offsets_for_key(
|
||||
key: <Secp256k1 as Ciphersuite>::G,
|
||||
) -> HashMap<OutputType, <Secp256k1 as Ciphersuite>::F> {
|
||||
let mut offsets = HashMap::from([(OutputType::External, <Secp256k1 as Ciphersuite>::F::ZERO)]);
|
||||
key: <Secp256k1 as WrappedGroup>::G,
|
||||
) -> HashMap<OutputType, <Secp256k1 as WrappedGroup>::F> {
|
||||
let mut offsets = HashMap::from([(OutputType::External, <Secp256k1 as WrappedGroup>::F::ZERO)]);
|
||||
|
||||
// We create an actual Bitcoin scanner as upon adding an offset, it yields the tweaked offset
|
||||
// actually used
|
||||
@@ -50,7 +50,7 @@ pub(crate) fn offsets_for_key(
|
||||
offsets
|
||||
}
|
||||
|
||||
pub(crate) fn scanner(key: <Secp256k1 as Ciphersuite>::G) -> Scanner {
|
||||
pub(crate) fn scanner(key: <Secp256k1 as WrappedGroup>::G) -> Scanner {
|
||||
let mut scanner = Scanner::new(key).unwrap();
|
||||
for (_, offset) in offsets_for_key(key) {
|
||||
let tweaked_offset = scanner.register_offset(offset).unwrap();
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
use core::future::Future;
|
||||
|
||||
use ciphersuite::Ciphersuite;
|
||||
use ciphersuite::*;
|
||||
use ciphersuite_kp256::Secp256k1;
|
||||
|
||||
use bitcoin_serai::{
|
||||
@@ -26,8 +26,8 @@ use crate::{
|
||||
rpc::Rpc,
|
||||
};
|
||||
|
||||
fn address_from_serai_key(key: <Secp256k1 as Ciphersuite>::G, kind: OutputType) -> Address {
|
||||
let offset = <Secp256k1 as Ciphersuite>::G::GENERATOR * offsets_for_key(key)[&kind];
|
||||
fn address_from_serai_key(key: <Secp256k1 as WrappedGroup>::G, kind: OutputType) -> Address {
|
||||
let offset = <Secp256k1 as WrappedGroup>::G::GENERATOR * offsets_for_key(key)[&kind];
|
||||
Address::new(
|
||||
p2tr_script_buf(key + offset)
|
||||
.expect("creating address from Serai key which wasn't properly tweaked"),
|
||||
@@ -72,7 +72,7 @@ fn signable_transaction<D: Db>(
|
||||
*/
|
||||
payments.push((
|
||||
// The generator is even so this is valid
|
||||
p2tr_script_buf(<Secp256k1 as Ciphersuite>::G::GENERATOR).unwrap(),
|
||||
p2tr_script_buf(<Secp256k1 as WrappedGroup>::G::GENERATOR).unwrap(),
|
||||
// This uses the minimum output value allowed, as defined as a constant in bitcoin-serai
|
||||
// TODO: Add a test for this comparing to bitcoin's `minimal_non_dust`
|
||||
bitcoin_serai::wallet::DUST,
|
||||
|
||||
Reference in New Issue
Block a user