It was never used as we derive entropy via the other fields in the
transcript, and explicitly add fields directly as needed for entropy.
Also drops an unused crate and corrects a bug in FROST's Schnorr
implementation which used the Group's generator, instead of the Curve's.
Also updates the Monero crate's description.
Also updates Bulletproofs from C to not be length prefixed, yet rather
have Rust calculate their length.
Corrects an error in key_gen where self was blamed, instead of the
faulty participant.
Saves roughly 0.8s when running the tests, which took 16.6s and now take
15.8 (5%).
Removes the larger sample size, which replaced the closest selected
decoy with the real spend, per advice of Rucknium.
Adds helper functions to verify and, on failure, blame, which move an
unwrap from callers into multiexp where it's guaranteed to be safe and
easily verified to be proper.
Closes https://github.com/serai-dex/serai/issues/10.
Saves ~8% during FROST key gen, even with dropping a vartime for a
constant time (as needed to be secure), as the new batch verifier is
used where batch verification previously wasn't. The new multiexp API
itself also offered a very slight performance boost, which may solely be
a measurement error.
Handles most of https://github.com/serai-dex/serai/issues/10. The blame
function isn't binary searched nor randomly sorted yet.
Changes the output index to a u8. While it may expand to a u16 at some
point, this can remain canonical using little endian serialization while
dropping the latter byte if it's 0 (or simply only using u16 when it's
actually possible).
Honestly, the borrowed keys are frustrating, and this probably reduces
performance while no longer offering an order when iterating. That said,
they enable full u16 indexing and should mildly improve the API.
Cleans the Proof of Knowledge handling present in key gen.
Currently solely used for single signer change outputs, intended to be
used for funds into Serai and multisig change outputs (dependent on #2).
Also cleans the file layout, makes scanning a bit more robust, doesn't
return outputs of amount 0, and shuffles outputs.
Remove's CLSAG's msg Rc for the msg available through AlgorithmMachine.
Potentially slightly more inefficient, as it needs to be converted from
a slice to a [u8; 32], yet removes a re-impl.
Also removes a match for an if.
