diff --git a/crypto/ciphersuite/src/dalek.rs b/crypto/ciphersuite/src/dalek.rs index a04195b2..bd9c70c1 100644 --- a/crypto/ciphersuite/src/dalek.rs +++ b/crypto/ciphersuite/src/dalek.rs @@ -28,12 +28,6 @@ macro_rules! dalek_curve { $Point::generator() } - fn reduce_512(mut scalar: [u8; 64]) -> Self::F { - let res = Scalar::from_bytes_mod_order_wide(&scalar); - scalar.zeroize(); - res - } - fn hash_to_F(dst: &[u8], data: &[u8]) -> Self::F { Scalar::from_hash(Sha512::new_with_prefix(&[dst, data].concat())) } diff --git a/crypto/ciphersuite/src/ed448.rs b/crypto/ciphersuite/src/ed448.rs index 0b19ffa5..8a927251 100644 --- a/crypto/ciphersuite/src/ed448.rs +++ b/crypto/ciphersuite/src/ed448.rs @@ -66,12 +66,6 @@ impl Ciphersuite for Ed448 { Point::generator() } - fn reduce_512(mut scalar: [u8; 64]) -> Self::F { - let res = Self::hash_to_F(b"Ciphersuite-reduce_512", &scalar); - scalar.zeroize(); - res - } - fn hash_to_F(dst: &[u8], data: &[u8]) -> Self::F { Scalar::wide_reduce(Self::H::digest([dst, data].concat()).as_ref().try_into().unwrap()) } diff --git a/crypto/ciphersuite/src/kp256.rs b/crypto/ciphersuite/src/kp256.rs index a1f64ae4..ceb8ee84 100644 --- a/crypto/ciphersuite/src/kp256.rs +++ b/crypto/ciphersuite/src/kp256.rs @@ -31,22 +31,6 @@ macro_rules! kp_curve { $lib::ProjectivePoint::GENERATOR } - fn reduce_512(scalar: [u8; 64]) -> Self::F { - let mut modulus = [0; 64]; - modulus[32 ..].copy_from_slice(&(Self::F::ZERO - Self::F::ONE).to_bytes()); - let modulus = U512::from_be_slice(&modulus).checked_add(&U512::ONE).unwrap(); - - let mut wide = - U512::from_be_bytes(scalar).rem(&NonZero::new(modulus).unwrap()).to_be_bytes(); - - let mut array = *GenericArray::from_slice(&wide[32 ..]); - let res = $lib::Scalar::from_repr(array).unwrap(); - - wide.zeroize(); - array.zeroize(); - res - } - fn hash_to_F(dst: &[u8], msg: &[u8]) -> Self::F { // While one of these two libraries does support directly hashing to the Scalar field, the // other doesn't. While that's probably an oversight, this is a universally working method diff --git a/crypto/ciphersuite/src/lib.rs b/crypto/ciphersuite/src/lib.rs index 6519a413..fd0c9194 100644 --- a/crypto/ciphersuite/src/lib.rs +++ b/crypto/ciphersuite/src/lib.rs @@ -62,12 +62,6 @@ pub trait Ciphersuite: // While group does provide this in its API, privacy coins may want to use a custom basepoint fn generator() -> Self::G; - /// Reduce 512 bits into a uniform scalar. - /// - /// If 512 bits is insufficient to perform a reduction into a uniform scalar, the ciphersuite - /// will perform a hash to sample the necessary bits. - fn reduce_512(scalar: [u8; 64]) -> Self::F; - /// Hash the provided domain-separation tag and message to a scalar. Ciphersuites MAY naively /// prefix the tag to the message, enabling transpotion between the two. Accordingly, this /// function should NOT be used in any scheme where one tag is a valid substring of another diff --git a/crypto/dkg/promote/src/tests.rs b/crypto/dkg/promote/src/tests.rs index b46dfbbf..a748f61d 100644 --- a/crypto/dkg/promote/src/tests.rs +++ b/crypto/dkg/promote/src/tests.rs @@ -29,10 +29,6 @@ impl Ciphersuite for AltGenerator { C::G::generator() * ::hash_to_F(b"DKG Promotion Test", b"generator") } - fn reduce_512(scalar: [u8; 64]) -> Self::F { - ::reduce_512(scalar) - } - fn hash_to_F(dst: &[u8], data: &[u8]) -> Self::F { ::hash_to_F(dst, data) }