Create dedicated message structures for FROST messages (#140)

* Create message types for FROST key gen Taking in reader borrows absolutely wasn't feasible. Now, proper types which can be read (and then passed directly, without a mutable borrow) exist for key_gen. sign coming next. * Move FROST signing to messages, not Readers/Writers/Vec<u8> Also takes the nonce handling code and makes a dedicated file for it, aiming to resolve complex types and make the code more legible by replacing its previously inlined state. * clippy * Update FROST tests * read_signature_share * Update the Monero library to the new FROST packages * Update processor to latest FROST * Tweaks to terminology and documentation
2025-12-08 20:29:23 +00:00 · 2022-10-25 23:17:25 -05:00
parent ccdb834e6e
commit cbceaff678
26 changed files with 874 additions and 591 deletions
--- a/crypto/frost/src/tests/vectors.rs
+++ b/crypto/frost/src/tests/vectors.rs
@@ -1,4 +1,4 @@
-use std::{io::Cursor, collections::HashMap};
+use std::collections::HashMap;
 #[cfg(test)]
 use std::str::FromStr;

@@ -10,7 +10,10 @@ use crate::{
  curve::Curve,
  FrostCore, FrostKeys,
  algorithm::{Schnorr, Hram},
-  sign::{PreprocessPackage, SignMachine, SignatureMachine, AlgorithmMachine},
+  sign::{
+    Nonce, GeneratorCommitments, NonceCommitments, Commitments, Writable, Preprocess,
+    PreprocessData, SignMachine, SignatureMachine, AlgorithmMachine,
+  },
  tests::{
    clone_without, curve::test_curve, schnorr::test_schnorr, promote::test_promotion, recover,
  },
@@ -78,12 +81,13 @@ fn vectors_to_multisig_keys<C: Curve>(vectors: &Vectors) -> HashMap<u16, FrostKe
  let shares = vectors
    .shares
    .iter()
-    .map(|secret| C::read_F(&mut Cursor::new(hex::decode(secret).unwrap())).unwrap())
+    .map(|secret| C::read_F::<&[u8]>(&mut hex::decode(secret).unwrap().as_ref()).unwrap())
    .collect::<Vec<_>>();
  let verification_shares = shares.iter().map(|secret| C::generator() * secret).collect::<Vec<_>>();

  let mut keys = HashMap::new();
  for i in 1 ..= u16::try_from(shares.len()).unwrap() {
+    // Manually re-implement the serialization for FrostCore to import this data
    let mut serialized = vec![];
    serialized.extend(u32::try_from(C::ID.len()).unwrap().to_be_bytes());
    serialized.extend(C::ID);
@@ -95,7 +99,7 @@ fn vectors_to_multisig_keys<C: Curve>(vectors: &Vectors) -> HashMap<u16, FrostKe
      serialized.extend(share.to_bytes().as_ref());
    }

-    let these_keys = FrostCore::<C>::deserialize(&mut Cursor::new(serialized)).unwrap();
+    let these_keys = FrostCore::<C>::deserialize::<&[u8]>(&mut serialized.as_ref()).unwrap();
    assert_eq!(these_keys.params().t(), vectors.threshold);
    assert_eq!(usize::from(these_keys.params().n()), shares.len());
    assert_eq!(these_keys.params().i(), i);
@@ -118,8 +122,10 @@ pub fn test_with_vectors<R: RngCore + CryptoRng, C: Curve, H: Hram<C>>(

  // Test against the vectors
  let keys = vectors_to_multisig_keys::<C>(&vectors);
-  let group_key = C::read_G(&mut Cursor::new(hex::decode(&vectors.group_key).unwrap())).unwrap();
-  let secret = C::read_F(&mut Cursor::new(hex::decode(&vectors.group_secret).unwrap())).unwrap();
+  let group_key =
+    C::read_G::<&[u8]>(&mut hex::decode(&vectors.group_key).unwrap().as_ref()).unwrap();
+  let secret =
+    C::read_F::<&[u8]>(&mut hex::decode(&vectors.group_secret).unwrap().as_ref()).unwrap();
  assert_eq!(C::generator() * secret, group_key);
  assert_eq!(recover(&keys), secret);

@@ -142,27 +148,36 @@ pub fn test_with_vectors<R: RngCore + CryptoRng, C: Curve, H: Hram<C>>(
    .drain(..)
    .map(|(i, machine)| {
      let nonces = [
-        C::read_F(&mut Cursor::new(hex::decode(&vectors.nonces[c][0]).unwrap())).unwrap(),
-        C::read_F(&mut Cursor::new(hex::decode(&vectors.nonces[c][1]).unwrap())).unwrap(),
+        C::read_F::<&[u8]>(&mut hex::decode(&vectors.nonces[c][0]).unwrap().as_ref()).unwrap(),
+        C::read_F::<&[u8]>(&mut hex::decode(&vectors.nonces[c][1]).unwrap().as_ref()).unwrap(),
      ];
      c += 1;
-      let these_commitments = vec![[C::generator() * nonces[0], C::generator() * nonces[1]]];
-      let machine = machine.unsafe_override_preprocess(PreprocessPackage {
-        nonces: vec![nonces],
-        commitments: vec![these_commitments.clone()],
-        addendum: vec![],
+      let these_commitments = [C::generator() * nonces[0], C::generator() * nonces[1]];
+      let machine = machine.unsafe_override_preprocess(PreprocessData {
+        nonces: vec![Nonce(nonces)],
+        preprocess: Preprocess {
+          commitments: Commitments {
+            nonces: vec![NonceCommitments {
+              generators: vec![GeneratorCommitments(these_commitments)],
+              dleqs: None,
+            }],
+          },
+          addendum: (),
+        },
      });

      commitments.insert(
        *i,
-        Cursor::new(
-          [
-            these_commitments[0][0].to_bytes().as_ref(),
-            these_commitments[0][1].to_bytes().as_ref(),
-          ]
-          .concat()
-          .to_vec(),
-        ),
+        machine
+          .read_preprocess::<&[u8]>(
+            &mut [
+              these_commitments[0].to_bytes().as_ref(),
+              these_commitments[1].to_bytes().as_ref(),
+            ]
+            .concat()
+            .as_ref(),
+          )
+          .unwrap(),
      );
      (i, machine)
    })
@@ -176,10 +191,15 @@ pub fn test_with_vectors<R: RngCore + CryptoRng, C: Curve, H: Hram<C>>(
      let (machine, share) =
        machine.sign(clone_without(&commitments, i), &hex::decode(&vectors.msg).unwrap()).unwrap();

+      let share = {
+        let mut buf = vec![];
+        share.write(&mut buf).unwrap();
+        buf
+      };
      assert_eq!(share, hex::decode(&vectors.sig_shares[c]).unwrap());
      c += 1;

-      shares.insert(*i, Cursor::new(share));
+      shares.insert(*i, machine.read_share::<&[u8]>(&mut share.as_ref()).unwrap());
      (i, machine)
    })
    .collect::<HashMap<_, _>>();