* clippy fixes; remove old FROST code
* add RedPallas ciphersuite and FROST support
* organized code
* simplified version
* remove randomized_frost; point to frost-randomized crate
* move rerandomized test to frost-rerandomized; clean up dependencies; add 'frost' feature
* remove stale comment
* add Jubjub support
* add torsion and identity checks where needed; tests
* Apply suggestions from code review
Co-authored-by: Marek <mail@marek.onl>
* Apply suggestions from code review
Co-authored-by: Marek <mail@marek.onl>
* change Jubjub serialize() to use to_bytes(); add comment to Pallas serialize()
* update frost-rerandomized version
* unpin nightly Rust in coverage.yaml
* fix conditional hex dependency
* move FROST code inside frost folder
* Apply suggestions from code review
Co-authored-by: Marek <mail@marek.onl>
---------
Co-authored-by: Marek <mail@marek.onl>
Co-authored-by: Deirdre Connolly <deirdre@zfnd.org>
The prior `SpendAuth` and `Binding` enums have been renamed to
`sapling::{SpendAuth, Binding}`. These might subsequently be removed
from the crate entirely (moving into a wrapping `redjubjub` crate).
The code assumes that scalar and point representations are [u8; 32],
which will be the case for all curves we instantiate RedDSA with for
Zcash.
* start messages and validation
* add missing docs to constants
* change validation to matches, fix constant doc
Co-authored-by: teor <teor@riseup.net>
* fix the build
* validate share_commitment
* add new constants and validations
* fix validation
* derive serde Serialize and Deserialize in all messages structs
* update created structs
Co-authored-by: teor <teor@riseup.net>
* fix build
* define and use a new MAX_SIGNERS constant
* change group_public type
* add some test cases
* add validation and serialization tests for SigningCommitments
* add validation and serialization test to SigningPackage
* change some fields order matching the spec
* fix field order in tests according to last updates to the spec
* implement serialize and deserialize for ParticipantId
* move serde-json to dev-dependencies section
* change to pub(crate)
* fix serialize of VerificationKey
* add assert to serialize
* add note, fix typo
* improve some code in tests
* test serialization of individual fields
* start messages and validation
* add missing docs to constants
* change validation to matches, fix constant doc
Co-authored-by: teor <teor@riseup.net>
* fix the build
* validate share_commitment
* add new constants and validations
* fix validation
* define and use a new MAX_SIGNERS constant
* change group_public type
* change some fields order matching the spec
* change message fields to new spec
* remove some non needed conversions
* use a BTreeMap to guarantee the order
* remove some calls to `clone()` by implementing `Copy`
* change message type in frost and add validate_signatureshare test
* change `share_commitment` to BTreeMap
* add `serialize_signatureshare` test
* add aggregatesignature tests
* add some test header messages utility functions
* add a setup utility
* move the general serialization checks into an utility function
* fi some typos
* add and use a `generate_share_commitment` utility
* add create_signing_commitments utility function
* improve the serialization tests
* make room for prop tests
* add arbitrary tests for serialization
* remove allow dead code from messages
* fix some imports
* make signature module public only to the crate
* simplify a bit the frost tests
* improve the generated docs
* add a `prop_filter` to Header arbitrary
* (ab)use proptest_derive
* improve validation for Message
* improve some utility functions
* change frost to serialization id conversion
* add a quick btreemap test
* change the `MsgType` to `u32`
* add no leftover bytes checks
* add a full_setup utility
* add map len checks
Co-authored-by: teor <teor@riseup.net>
Implements FROST (Flexible Round Optimized Schnorr Threshold Signatures, https://eprint.iacr.org/2020/852) where key generation is performed by a trusted dealer.
Future work will include implementing distributed key generation and re-randomizability.
Co-authored-by: Chelsea Komlo <me@chelseakomlo.com>
Co-authored-by: Isis Lovecruft <isis@patternsinthevoid.net>
* Pulls in some traits and methods from curve25519-dalek around the
vartime multiscalar multiplication.
* Move scalar mul things we want to upstream to jubjub to their own crate
* Make Verify agnostic to the SigType
Co-authored-by: Henry de Valence <hdevalence@hdevalence.ca>
Co-authored-by: Jane Lusby <jlusby42@gmail.com>
When Rust derives Copy, Clone, Eq, PartialEq, etc. on a type with
`PhantomData<T>`, it adds a `T: Clone` etc. bound, regardless of whether `T` is
only ever used inside of the `PhantomData`. A better fix would be to fix the
derived bounds themselves, but in the meantime this works, even if it's
slightly ugly.
This ran into problems with Clone/Copy bounds -- it seems like the
derived impls require that the phantom type T also be Clone / Copy /
Debug for the type to be. This commit does a hacky fix that makes it
work for now, but it should be cleaned up later.
The motivation is as follows. The sealed trait pattern allows creating
a type-level equivalent of an enum: the trait corresponds to the enum
type and its implementors correspond to the enum variants; the `Sealed`
restriction ensures that there is a fixed set of enum variants.
In this picture, adding methods to the public trait corresponds to a
public method on an enum, while adding methods to the private trait
corresponds to a private method on an enum. This means that we can add
a method to get the basepoint (whose possible choices are enumerated by
SigType) and avoid having to do specialized impls.
This means that using a BindingSig as a SpendAuthSig or vice versa becomes a
compile error. Internally, we can share implementations, but having type
parameters and specialized impls means that the correct parameters can be
substituted in to whatever inner functions exist.
Conrado Gouvea
Tomas Krnak
Deirdre Connolly
Jack Grigg
Deirdre Connolly
Alfredo Garcia
Henry de Valence