mirror of
https://github.com/serai-dex/serai.git
synced 2025-12-09 04:39:24 +00:00
2379855b31
* Add dkg crate * Remove F_len and G_len They're generally no longer used. * Replace hash_to_vec with a provided method around associated type H: Digest Part of trying to minimize this trait so it can be moved elsewhere. Vec, which isn't std, may have been a blocker. * Encrypt secret shares within the FROST library Reduces requirements on callers in order to be correct. * Update usage of Zeroize within FROST * Inline functions in key_gen There was no reason to have them separated as they were. sign probably has the same statement available, yet that isn't the focus right now. * Add a ciphersuite package which provides hash_to_F * Set the Ciphersuite version to something valid * Have ed448 export Scalar/FieldElement/Point at the top level * Move FROST over to Ciphersuite * Correct usage of ff in ciphersuite * Correct documentation handling * Move Schnorr signatures to their own crate * Remove unused feature from schnorr * Fix Schnorr tests * Split DKG into a separate crate * Add serialize to Commitments and SecretShare Helper for buf = vec![]; .write(buf).unwrap(); buf * Move FROST over to the new dkg crate * Update Monero lib to latest FROST * Correct ethereum's usage of features * Add serialize to GeneratorProof * Add serialize helper function to FROST * Rename AddendumSerialize to WriteAddendum * Update processor * Slight fix to processor
87 lines
2.2 KiB
Rust
87 lines
2.2 KiB
Rust
use std::io::{self, Read, Write};
|
|
|
|
use rand_core::{RngCore, CryptoRng};
|
|
|
|
use zeroize::Zeroize;
|
|
|
|
use group::{
|
|
ff::{Field, PrimeField},
|
|
GroupEncoding,
|
|
};
|
|
|
|
use multiexp::BatchVerifier;
|
|
|
|
use ciphersuite::Ciphersuite;
|
|
|
|
#[cfg(test)]
|
|
mod tests;
|
|
|
|
/// A Schnorr signature of the form (R, s) where s = r + cx.
|
|
#[allow(non_snake_case)]
|
|
#[derive(Clone, Copy, PartialEq, Eq, Debug, Zeroize)]
|
|
pub struct SchnorrSignature<C: Ciphersuite> {
|
|
pub R: C::G,
|
|
pub s: C::F,
|
|
}
|
|
|
|
impl<C: Ciphersuite> SchnorrSignature<C> {
|
|
/// Read a SchnorrSignature from something implementing Read.
|
|
pub fn read<R: Read>(reader: &mut R) -> io::Result<Self> {
|
|
Ok(SchnorrSignature { R: C::read_G(reader)?, s: C::read_F(reader)? })
|
|
}
|
|
|
|
/// Write a SchnorrSignature to something implementing Read.
|
|
pub fn write<W: Write>(&self, writer: &mut W) -> io::Result<()> {
|
|
writer.write_all(self.R.to_bytes().as_ref())?;
|
|
writer.write_all(self.s.to_repr().as_ref())
|
|
}
|
|
|
|
/// Serialize a SchnorrSignature, returning a Vec<u8>.
|
|
pub fn serialize(&self) -> Vec<u8> {
|
|
let mut buf = vec![];
|
|
self.write(&mut buf).unwrap();
|
|
buf
|
|
}
|
|
|
|
/// Sign a Schnorr signature with the given nonce for the specified challenge.
|
|
pub fn sign(mut private_key: C::F, mut nonce: C::F, challenge: C::F) -> SchnorrSignature<C> {
|
|
let res = SchnorrSignature { R: C::generator() * nonce, s: nonce + (private_key * challenge) };
|
|
private_key.zeroize();
|
|
nonce.zeroize();
|
|
res
|
|
}
|
|
|
|
/// Verify a Schnorr signature for the given key with the specified challenge.
|
|
#[must_use]
|
|
pub fn verify(&self, public_key: C::G, challenge: C::F) -> bool {
|
|
(C::generator() * self.s) == (self.R + (public_key * challenge))
|
|
}
|
|
|
|
/// Queue a signature for batch verification.
|
|
pub fn batch_verify<R: RngCore + CryptoRng, I: Copy + Zeroize>(
|
|
&self,
|
|
rng: &mut R,
|
|
batch: &mut BatchVerifier<I, C::G>,
|
|
id: I,
|
|
public_key: C::G,
|
|
challenge: C::F,
|
|
) {
|
|
// s = r + ca
|
|
// sG == R + cA
|
|
// R + cA - sG == 0
|
|
|
|
batch.queue(
|
|
rng,
|
|
id,
|
|
[
|
|
// R
|
|
(C::F::one(), self.R),
|
|
// cA
|
|
(challenge, public_key),
|
|
// -sG
|
|
(-self.s, C::generator()),
|
|
],
|
|
);
|
|
}
|
|
}
|