zecfoundation
/
frost
mirror of https://github.com/ZcashFoundation/frost.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

add bound to ConstantTimeEq in Scalar

This commit is contained in:
Conrado Gouvea 2022-12-07 11:47:05 -03:00
parent 1c6f0b1694
commit 2de0f3c5df
6 changed files with 13 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
frost-core/Cargo.toml
View File

@ -23,6 +23,7 @@ digest = "0.10"
hex = { version = "0.4.3", features = ["serde"] }
rand_core = "0.6"
serde = { version = "1", optional = true, features = ["derive"] }
subtle = "2.4.1"
thiserror = "1.0"
zeroize = { version = "1.5.4", default-features = false, features = ["derive"] }

7
frost-core/src/lib.rs
View File

@ -26,6 +26,7 @@ mod verifying_key;
pub use error::Error;
pub use signature::Signature;
pub use signing_key::SigningKey;
pub use subtle::ConstantTimeEq;
pub use verifying_key::VerifyingKey;
/// A prime order finite field GF(q) over which all scalar values for our prime order group can be
@ -41,6 +42,7 @@ pub trait Field: Copy + Clone {
type Scalar: Add<Output = Self::Scalar>
+ Copy
+ Clone
+ ConstantTimeEq
+ Eq
+ Mul<Output = Self::Scalar>
+ PartialEq
@ -277,13 +279,12 @@ where
}
/// Generates a random nonzero scalar.
///
/// It assumes that the Scalar Eq/PartialEq implementation is constant-time.
pub(crate) fn random_nonzero<C: Ciphersuite, R: RngCore + CryptoRng>(rng: &mut R) -> Scalar<C> {
let zero = <<C::Group as Group>::Field>::zero();
loop {
let scalar = <<C::Group as Group>::Field>::random(rng);
if scalar != <<C::Group as Group>::Field>::zero() {
if scalar.ct_eq(&zero).into() {
return scalar;
}
}

4
frost-ed448/src/lib.rs
View File

@ -12,7 +12,7 @@ use sha3::{
Shake256,
};
use frost_core::{frost, Ciphersuite, Field, Group};
use frost_core::{frost, Ciphersuite, ConstantTimeEq, Field, Group};
#[cfg(test)]
mod tests;
@ -37,7 +37,7 @@ impl Field for Ed448ScalarField {
}
fn invert(scalar: &Self::Scalar) -> Result<Self::Scalar, Error> {
if *scalar == <Self as Field>::zero() {
if scalar.ct_eq(&<Self as Field>::zero()).into() {
Err(Error::InvalidZeroScalar)
} else {
Ok(scalar.invert())

6
frost-p256/src/lib.rs
View File

@ -14,7 +14,7 @@ use p256::{
use rand_core::{CryptoRng, RngCore};
use sha2::{digest::Update, Digest, Sha256};
use frost_core::{frost, Ciphersuite, Field, Group};
use frost_core::{frost, Ciphersuite, ConstantTimeEq, Field, Group};
#[cfg(test)]
mod tests;
@ -39,9 +39,7 @@ impl Field for P256ScalarField {
}
fn invert(scalar: &Self::Scalar) -> Result<Self::Scalar, Error> {
// [`p256::Scalar`]'s Eq/PartialEq does a constant-time comparison using
// `ConstantTimeEq`
if *scalar == <Self as Field>::zero() {
if scalar.ct_eq(&<Self as Field>::zero()).into() {
Err(Error::InvalidZeroScalar)
} else {
Ok(scalar.invert().unwrap())

6
frost-ristretto255/src/lib.rs
View File

@ -11,7 +11,7 @@ use curve25519_dalek::{
use rand_core::{CryptoRng, RngCore};
use sha2::{digest::Update, Digest, Sha512};
use frost_core::{frost, Ciphersuite, Field, Group};
use frost_core::{frost, Ciphersuite, ConstantTimeEq, Field, Group};
#[cfg(test)]
mod tests;
@ -36,9 +36,7 @@ impl Field for RistrettoScalarField {
}
fn invert(scalar: &Self::Scalar) -> Result<Self::Scalar, Error> {
// [`curve25519_dalek::scalar::Scalar`]'s Eq/PartialEq does a constant-time comparison using
// `ConstantTimeEq`
if *scalar == <Self as Field>::zero() {
if scalar.ct_eq(&<Self as Field>::zero()).into() {
Err(Error::InvalidZeroScalar)
} else {
Ok(scalar.invert())

5
frost-secp256k1/src/lib.rs
View File

@ -16,7 +16,7 @@ use k256::{
use rand_core::{CryptoRng, RngCore};
use sha2::{digest::Update, Digest, Sha256};
use frost_core::{frost, Ciphersuite, Field, Group};
use frost_core::{frost, Ciphersuite, ConstantTimeEq, Field, Group};
#[cfg(test)]
mod tests;
@ -41,8 +41,7 @@ impl Field for Secp256K1ScalarField {
}
fn invert(scalar: &Self::Scalar) -> Result<Self::Scalar, Error> {
// [`Scalar`]'s Eq/PartialEq does a constant-time comparison
if *scalar == <Self as Field>::zero() {
if scalar.ct_eq(&<Self as Field>::zero()).into() {
Err(Error::InvalidZeroScalar)
} else {
Ok(scalar.invert().unwrap())