zecfoundation
/
reddsa
mirror of https://github.com/ZcashFoundation/reddsa.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Avoid null nonces

This commit is contained in:
Marek 2021-03-18 15:41:16 +00:00 committed by Deirdre Connolly
parent 5feb6b29c7
commit 3e28bf6c07
1 changed files with 20 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
src/frost.rs
View File

@ -329,13 +329,21 @@ impl SigningNonces {
where
R: CryptoRng + RngCore,
{
let mut bytes = [0; 64];
rng.fill_bytes(&mut bytes);
let hiding = Scalar::from_bytes_wide(&bytes);
fn random_nonzero_bytes<R>(rng: &mut R) -> [u8; 64]
where
R: CryptoRng + RngCore,
{
let mut bytes = [0; 64];
loop {
rng.fill_bytes(&mut bytes);
if bytes != [0; 64] {
return bytes;
}
}
}
let mut bytes = [0; 64];
rng.fill_bytes(&mut bytes);
let binding = Scalar::from_bytes_wide(&bytes);
let hiding = Scalar::from_bytes_wide(&random_nonzero_bytes(rng));
let binding = Scalar::from_bytes_wide(&random_nonzero_bytes(rng));
Self { hiding, binding }
}
@ -469,9 +477,14 @@ fn gen_group_commitment(
signing_package: &SigningPackage,
bindings: &HashMap<u32, Scalar>,
) -> Result<GroupCommitment, &'static str> {
let mut accumulator = jubjub::ExtendedPoint::identity();
let identity = jubjub::ExtendedPoint::identity();
let mut accumulator = identity;
for commitment in signing_package.signing_commitments.iter() {
if identity == commitment.binding && identity == commitment.hiding {
return Err("Commitment equals the identity.");
}
let rho_i = bindings
.get(&commitment.index)
.ok_or("No matching commitment index")?;