zecfoundation
/
frost
mirror of https://github.com/ZcashFoundation/frost.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

remove random_nonzero from Field trait (#176)

This commit is contained in:
Conrado Gouvea 2022-11-02 14:52:38 -03:00 committed by GitHub
parent 7b83737137
commit e97257a6ca
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 22 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
frost-core/src/frost/keys.rs
View File

@ -12,7 +12,10 @@ use hex::FromHex;
use rand_core::{CryptoRng, RngCore};
use zeroize::{DefaultIsZeroes, Zeroize};
use crate::{frost::Identifier, Ciphersuite, Element, Error, Field, Group, Scalar, VerifyingKey};
use crate::{
frost::Identifier, random_nonzero, Ciphersuite, Element, Error, Field, Group, Scalar,
VerifyingKey,
};
pub mod dkg;
@ -56,7 +59,7 @@ where
where
R: CryptoRng + RngCore,
{
Self(<<C::Group as Group>::Field>::random_nonzero(&mut rng))
Self(random_nonzero::<C, R>(&mut rng))
}
}

19
frost-core/src/lib.rs
View File

@ -37,6 +37,7 @@ pub use verifying_key::VerifyingKey;
/// don't own.
pub trait Field: Copy + Clone {
/// An element of the scalar field GF(p).
/// The Eq/PartialEq implementation MUST be constant-time.
type Scalar: Add<Output = Self::Scalar>
+ Copy
+ Clone
@ -63,11 +64,6 @@ pub trait Field: Copy + Clone {
/// <https://www.ietf.org/archive/id/draft-irtf-cfrg-frost-11.html#section-3.1-3.3>
fn random<R: RngCore + CryptoRng>(rng: &mut R) -> Self::Scalar;
/// Generate a random scalar from the entire space [1, l-1]
///
/// <https://www.ietf.org/archive/id/draft-irtf-cfrg-frost-05.html#section-3.1-3.4>
fn random_nonzero<R: RngCore + CryptoRng>(rng: &mut R) -> Self::Scalar;
/// A member function of a [`Field`] that maps a [`Scalar`] to a unique byte array buf of
/// fixed length Ne.
///
@ -279,3 +275,16 @@ where
Challenge(C::H2(&preimage[..]))
}
/// Generates a random nonzero scalar.
///
/// It assumes that the Scalar Eq/PartialEq implementation is constant-time.
pub(crate) fn random_nonzero<C: Ciphersuite, R: RngCore + CryptoRng>(rng: &mut R) -> Scalar<C> {
loop {
let scalar = <<C::Group as Group>::Field>::random(rng);
if scalar != <<C::Group as Group>::Field>::zero() {
return scalar;
}
}
}

6
frost-core/src/signing_key.rs
View File

@ -2,7 +2,7 @@
use rand_core::{CryptoRng, RngCore};
use crate::{Ciphersuite, Error, Field, Group, Scalar, Signature, VerifyingKey};
use crate::{random_nonzero, Ciphersuite, Error, Field, Group, Scalar, Signature, VerifyingKey};
/// A signing key for a Schnorr signature on a FROST [`Ciphersuite::Group`].
#[derive(Copy, Clone)]
@ -19,7 +19,7 @@ where
{
/// Generate a new signing key.
pub fn new<R: RngCore + CryptoRng>(mut rng: R) -> SigningKey<C> {
let scalar = <<C::Group as Group>::Field>::random_nonzero(&mut rng);
let scalar = random_nonzero::<C, R>(&mut rng);
SigningKey { scalar }
}
@ -39,7 +39,7 @@ where
/// Create a signature `msg` using this `SigningKey`.
pub fn sign<R: RngCore + CryptoRng>(&self, mut rng: R, msg: &[u8]) -> Signature<C> {
let k = <<C::Group as Group>::Field>::random_nonzero(&mut rng);
let k = random_nonzero::<C, R>(&mut rng);
let R = <C::Group>::generator() * k;

11
frost-p256/src/lib.rs
View File

@ -52,17 +52,6 @@ impl Field for P256ScalarField {
Scalar::random(rng)
}
fn random_nonzero<R: RngCore + CryptoRng>(rng: &mut R) -> Self::Scalar {
loop {
let scalar = Scalar::random(&mut *rng);
// This impl of `Eq` calls to `ConstantTimeEq` under the hood
if scalar != Scalar::zero() {
return scalar;
}
}
}
fn serialize(scalar: &Self::Scalar) -> Self::Serialization {
scalar.to_bytes().into()
}

11
frost-ristretto255/src/lib.rs
View File

@ -49,17 +49,6 @@ impl Field for RistrettoScalarField {
Scalar::random(rng)
}
fn random_nonzero<R: RngCore + CryptoRng>(rng: &mut R) -> Self::Scalar {
loop {
let scalar = Scalar::random(rng);
// This impl of `Eq` calls to `ConstantTimeEq` under the hood
if scalar != Scalar::zero() {
return scalar;
}
}
}
fn serialize(scalar: &Self::Scalar) -> Self::Serialization {
scalar.to_bytes()
}