Smash the singular Ciphersuite trait into multiple

This helps identify where the various functionalities are used, or rather, not used. The `Ciphersuite` trait present in `patches/ciphersuite`, facilitating the entire FCMP++ tree, only requires the markers _and_ canonical point decoding. I've opened a PR to upstream such a trait into `group` (https://github.com/zkcrypto/group/pull/68). `WrappedGroup` is still justified for as long as `Group::generator` exists. Moving `::generator()` to its own trait, on an independent structure (upstream) would be massively appreciated. @tarcieri also wanted to update from `fn generator()` to `const GENERATOR`, which would encourage further discussion on https://github.com/zkcrypto/group/issues/32 and https://github.com/zkcrypto/group/issues/45, which have been stagnant. The `Id` trait is occasionally used yet really should be first off the chopping block. Finally, `WithPreferredHash` is only actually used around a third of the time, which more than justifies it being a separate trait. --- Updates `dalek_ff_group::Scalar` to directly re-export `curve25519_dalek::Scalar`, as without issue. `dalek_ff_group::RistrettoPoint` also could be replaced with an export of `curve25519_dalek::RistrettoPoint`, yet the coordinator relies on how we implemented `Hash` on it for the hell of it so it isn't worth it at this time. `dalek_ff_group::EdwardsPoint` can't be replaced for an re-export of `curve25519_dalek::SubgroupPoint` as it doesn't implement `zeroize`, `subtle` traits within a released, non-yanked version. Relevance to https://github.com/serai-dex/serai/issues/201 and https://github.com/dalek-cryptography/curve25519-dalek/issues/811#issuecomment-3247732746. Also updates the `Ristretto` ciphersuite to prefer `Blake2b-512` over `SHA2-512`. In order to maintain compliance with FROST's IETF standard, `modular-frost` defines its own ciphersuite for Ristretto which still uses `SHA2-512`.
2025-12-09 12:49:23 +00:00 · 2025-09-03 12:25:37 -04:00
parent 215e41fdb6
commit a141deaf36
124 changed files with 1003 additions and 1211 deletions
--- a/processor/bitcoin/src/primitives/output.rs
+++ b/processor/bitcoin/src/primitives/output.rs
@@ -1,6 +1,6 @@
 use std::io;

-use ciphersuite::Ciphersuite;
+use ciphersuite::*;
 use ciphersuite_kp256::Secp256k1;

 use bitcoin_serai::{
@@ -55,7 +55,7 @@ pub(crate) struct Output {
 impl Output {
  pub(crate) fn new(
    getter: &impl Get,
-    key: <Secp256k1 as Ciphersuite>::G,
+    key: <Secp256k1 as WrappedGroup>::G,
    tx: &Transaction,
    output: WalletOutput,
  ) -> Self {
@@ -71,7 +71,7 @@ impl Output {
  }

  pub(crate) fn new_with_presumed_origin(
-    key: <Secp256k1 as Ciphersuite>::G,
+    key: <Secp256k1 as WrappedGroup>::G,
    tx: &Transaction,
    presumed_origin: Option<Address>,
    output: WalletOutput,
@@ -88,7 +88,7 @@ impl Output {
  }
 }

-impl ReceivedOutput<<Secp256k1 as Ciphersuite>::G, Address> for Output {
+impl ReceivedOutput<<Secp256k1 as WrappedGroup>::G, Address> for Output {
  type Id = OutputId;
  type TransactionId = [u8; 32];

@@ -108,7 +108,7 @@ impl ReceivedOutput<<Secp256k1 as Ciphersuite>::G, Address> for Output {
    res
  }

-  fn key(&self) -> <Secp256k1 as Ciphersuite>::G {
+  fn key(&self) -> <Secp256k1 as WrappedGroup>::G {
    // We read the key from the script pubkey so we don't have to independently store it
    let script = &self.output.output().script_pubkey;

@@ -121,7 +121,7 @@ impl ReceivedOutput<<Secp256k1 as Ciphersuite>::G, Address> for Output {
      .expect("last item in scanned v1 Taproot script wasn't a valid x-only public key");

    // The output's key minus the output's offset is the root key
-    key - (<Secp256k1 as Ciphersuite>::G::GENERATOR * self.output.offset())
+    key - (<Secp256k1 as WrappedGroup>::G::GENERATOR * self.output.offset())
  }

  fn presumed_origin(&self) -> Option<Address> {