From c5256d9b064ee9e4bbad6093808d6191a793f361 Mon Sep 17 00:00:00 2001 From: Luke Parker Date: Tue, 30 Aug 2022 20:01:46 -0400 Subject: [PATCH] Use ChaCha20 instead of ChaCha12 Despite being slower and only used for blinding values, its still extremely performant. 20 is far more standard and will avoid an eye raise from reviewers. --- coins/monero/src/ringct/clsag/multisig.rs | 4 ++-- coins/monero/src/wallet/send/multisig.rs | 8 ++++---- crypto/dleq/src/lib.rs | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/coins/monero/src/ringct/clsag/multisig.rs b/coins/monero/src/ringct/clsag/multisig.rs index 7ca66a32..6bd2e984 100644 --- a/coins/monero/src/ringct/clsag/multisig.rs +++ b/coins/monero/src/ringct/clsag/multisig.rs @@ -5,7 +5,7 @@ use std::{ }; use rand_core::{RngCore, CryptoRng, SeedableRng}; -use rand_chacha::ChaCha12Rng; +use rand_chacha::ChaCha20Rng; use zeroize::{Zeroize, ZeroizeOnDrop}; @@ -181,7 +181,7 @@ impl Algorithm for ClsagMultisig { // process even if they have access to commitments (specifically, the ring index being signed // for, along with the mask which should not only require knowing the shared keys yet also the // input commitment masks) - let mut rng = ChaCha12Rng::from_seed(self.transcript.rng_seed(b"decoy_responses")); + let mut rng = ChaCha20Rng::from_seed(self.transcript.rng_seed(b"decoy_responses")); self.msg = Some(msg.try_into().expect("CLSAG message should be 32-bytes")); diff --git a/coins/monero/src/wallet/send/multisig.rs b/coins/monero/src/wallet/send/multisig.rs index 825e2951..0644a09c 100644 --- a/coins/monero/src/wallet/send/multisig.rs +++ b/coins/monero/src/wallet/send/multisig.rs @@ -5,7 +5,7 @@ use std::{ }; use rand_core::{RngCore, CryptoRng, SeedableRng}; -use rand_chacha::ChaCha12Rng; +use rand_chacha::ChaCha20Rng; use curve25519_dalek::{ traits::Identity, @@ -140,7 +140,7 @@ impl SignableTransaction { let decoys = Decoys::select( // Using a seeded RNG with a specific height, committed to above, should make these decoys // committed to. They'll also be committed to later via the TX message as a whole - &mut ChaCha12Rng::from_seed(transcript.rng_seed(b"decoys")), + &mut ChaCha20Rng::from_seed(transcript.rng_seed(b"decoys")), rpc, self.protocol.ring_len(), height, @@ -288,7 +288,7 @@ impl SignMachine for TransactionSignMachine { sorted_images.sort_by(key_image_sort); self.signable.prepare_transaction( - &mut ChaCha12Rng::from_seed(self.transcript.rng_seed(b"transaction_keys_bulletproofs")), + &mut ChaCha20Rng::from_seed(self.transcript.rng_seed(b"transaction_keys_bulletproofs")), uniqueness( &sorted_images .iter() @@ -312,7 +312,7 @@ impl SignMachine for TransactionSignMachine { } sorted.sort_by(|x, y| key_image_sort(&x.0, &y.0)); - let mut rng = ChaCha12Rng::from_seed(self.transcript.rng_seed(b"pseudo_out_masks")); + let mut rng = ChaCha20Rng::from_seed(self.transcript.rng_seed(b"pseudo_out_masks")); let mut sum_pseudo_outs = Scalar::zero(); while !sorted.is_empty() { let value = sorted.remove(0); diff --git a/crypto/dleq/src/lib.rs b/crypto/dleq/src/lib.rs index 3492bba5..605a07d5 100644 --- a/crypto/dleq/src/lib.rs +++ b/crypto/dleq/src/lib.rs @@ -20,7 +20,7 @@ mod tests; pub(crate) fn challenge(transcript: &mut T) -> F { // From here, there are three ways to get a scalar under the ff/group API - // 1: Scalar::random(ChaCha12Rng::from_seed(self.transcript.rng_seed(b"challenge"))) + // 1: Scalar::random(ChaCha20Rng::from_seed(self.transcript.rng_seed(b"challenge"))) // 2: Grabbing a UInt library to perform reduction by the modulus, then determining endianess // and loading it in // 3: Iterating over each byte and manually doubling/adding. This is simplest