zecfoundation
/
reddsa
mirror of https://github.com/ZcashFoundation/reddsa.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

update FROST (#67)

This commit is contained in:
Conrado Gouvea 2023-07-11 12:34:21 -03:00 committed by GitHub
parent eec9f7c656
commit b1bbad7bac
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 57 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CHANGELOG.md
View File

@ -2,6 +2,12 @@
Entries are listed in reverse chronological order. Entries are listed in reverse chronological order.
## 0.5.1
* MSRV is now 1.65.0
* Refactor & optimize the NAF (#63)
* Updated `frost-rerandomized` to 0.6.0 (#67)
## 0.5.0 ## 0.5.0
* Add Pallas and Jubjub ciphersuites and FROST support (#33) * Add Pallas and Jubjub ciphersuites and FROST support (#33)

8
Cargo.toml
View File

@ -1,11 +1,11 @@
[package] [package]
name = "reddsa" name = "reddsa"
edition = "2021" edition = "2021"
rust-version = "1.60" rust-version = "1.65"
# When releasing to crates.io: # When releasing to crates.io:
# - Update CHANGELOG.md # - Update CHANGELOG.md
# - Create git tag. # - Create git tag.
version = "0.5.0" version = "0.5.1"
authors = [ authors = [
"Henry de Valence <hdevalence@hdevalence.ca>", "Henry de Valence <hdevalence@hdevalence.ca>",
"Deirdre Connolly <durumcrustulum@gmail.com>", "Deirdre Connolly <durumcrustulum@gmail.com>",
@ -33,7 +33,7 @@ pasta_curves = { version = "0.5", default-features = false }
rand_core = { version = "0.6", default-features = false } rand_core = { version = "0.6", default-features = false }
serde = { version = "1", optional = true, features = ["derive"] } serde = { version = "1", optional = true, features = ["derive"] }
thiserror = { version = "1.0", optional = true } thiserror = { version = "1.0", optional = true }
frost-rerandomized = { version = "0.2", optional = true } frost-rerandomized = { version = "0.6.0", optional = true }
[dependencies.zeroize] [dependencies.zeroize]
version = "1" version = "1"
@ -50,7 +50,7 @@ proptest = "1.0"
rand = "0.8" rand = "0.8"
rand_chacha = "0.3" rand_chacha = "0.3"
serde_json = "1.0" serde_json = "1.0"
frost-rerandomized = { version = "0.2", features=["test-impl"] } frost-rerandomized = { version = "0.6.0", features=["test-impl"] }
num-bigint = "0.4.3" num-bigint = "0.4.3"
num-traits = "0.2.15" num-traits = "0.2.15"

2
rust-toolchain
View File

@ -1 +1 @@
1.60.0 1.65.0

17
src/frost/redjubjub.rs
View File

@ -2,6 +2,8 @@
#![allow(non_snake_case)] #![allow(non_snake_case)]
#![deny(missing_docs)] #![deny(missing_docs)]
use std::collections::HashMap;
use group::GroupEncoding; use group::GroupEncoding;
#[cfg(feature = "alloc")] #[cfg(feature = "alloc")]
use group::{ff::Field as FFField, ff::PrimeField}; use group::{ff::Field as FFField, ff::PrimeField};
@ -115,6 +117,8 @@ impl Group for JubjubGroup {
pub struct JubjubBlake2b512; pub struct JubjubBlake2b512;
impl Ciphersuite for JubjubBlake2b512 { impl Ciphersuite for JubjubBlake2b512 {
const ID: &'static str = "FROST(Jubjub, BLAKE2b-512)";
type Group = JubjubGroup; type Group = JubjubGroup;
type HashOutput = [u8; 64]; type HashOutput = [u8; 64];
@ -180,14 +184,18 @@ pub mod keys {
use super::*; use super::*;
/// The identifier list to use when generating key shares.
pub type IdentifierList<'a> = frost::keys::IdentifierList<'a, J>;
/// Allows all participants' keys to be generated using a central, trusted /// Allows all participants' keys to be generated using a central, trusted
/// dealer. /// dealer.
pub fn keygen_with_dealer<RNG: RngCore + CryptoRng>( pub fn generate_with_dealer<RNG: RngCore + CryptoRng>(
max_signers: u16, max_signers: u16,
min_signers: u16, min_signers: u16,
identifiers: IdentifierList,
mut rng: RNG, mut rng: RNG,
) -> Result<(HashMap<Identifier, SecretShare>, PublicKeyPackage), Error> { ) -> Result<(HashMap<Identifier, SecretShare>, PublicKeyPackage), Error> {
frost::keys::keygen_with_dealer(max_signers, min_signers, &mut rng) frost::keys::generate_with_dealer(max_signers, min_signers, identifiers, &mut rng)
} }
/// Secret and public key material generated by a dealer performing /// Secret and public key material generated by a dealer performing
@ -237,14 +245,13 @@ pub mod round1 {
/// Generates the signing nonces and commitments to be used in the signing /// Generates the signing nonces and commitments to be used in the signing
/// operation. /// operation.
pub fn commit<RNG>( pub fn commit<RNG>(
participant_identifier: frost::Identifier<J>,
secret: &SigningShare<J>, secret: &SigningShare<J>,
rng: &mut RNG, rng: &mut RNG,
) -> (SigningNonces, SigningCommitments) ) -> (SigningNonces, SigningCommitments)
where where
RNG: CryptoRng + RngCore, RNG: CryptoRng + RngCore,
{ {
frost::round1::commit::<J, RNG>(participant_identifier, secret, rng) frost::round1::commit::<J, RNG>(secret, rng)
} }
} }
@ -307,7 +314,7 @@ pub type Signature = frost_rerandomized::frost_core::Signature<J>;
/// service attack due to publishing an invalid signature. /// service attack due to publishing an invalid signature.
pub fn aggregate( pub fn aggregate(
signing_package: &round2::SigningPackage, signing_package: &round2::SigningPackage,
signature_shares: &[round2::SignatureShare], signature_shares: &HashMap<Identifier, round2::SignatureShare>,
pubkeys: &keys::PublicKeyPackage, pubkeys: &keys::PublicKeyPackage,
randomized_params: &RandomizedParams<J>, randomized_params: &RandomizedParams<J>,
) -> Result<Signature, Error> { ) -> Result<Signature, Error> {

17
src/frost/redpallas.rs
View File

@ -2,6 +2,8 @@
#![allow(non_snake_case)] #![allow(non_snake_case)]
#![deny(missing_docs)] #![deny(missing_docs)]
use std::collections::HashMap;
use group::GroupEncoding; use group::GroupEncoding;
#[cfg(feature = "alloc")] #[cfg(feature = "alloc")]
use group::{ff::Field as FFField, ff::PrimeField, Group as FFGroup}; use group::{ff::Field as FFField, ff::PrimeField, Group as FFGroup};
@ -117,6 +119,8 @@ impl Group for PallasGroup {
pub struct PallasBlake2b512; pub struct PallasBlake2b512;
impl Ciphersuite for PallasBlake2b512 { impl Ciphersuite for PallasBlake2b512 {
const ID: &'static str = "FROST(Pallas, BLAKE2b-512)";
type Group = PallasGroup; type Group = PallasGroup;
type HashOutput = [u8; 64]; type HashOutput = [u8; 64];
@ -182,14 +186,18 @@ pub mod keys {
use super::*; use super::*;
/// The identifier list to use when generating key shares.
pub type IdentifierList<'a> = frost::keys::IdentifierList<'a, P>;
/// Allows all participants' keys to be generated using a central, trusted /// Allows all participants' keys to be generated using a central, trusted
/// dealer. /// dealer.
pub fn keygen_with_dealer<RNG: RngCore + CryptoRng>( pub fn generate_with_dealer<RNG: RngCore + CryptoRng>(
max_signers: u16, max_signers: u16,
min_signers: u16, min_signers: u16,
identifiers: IdentifierList,
mut rng: RNG, mut rng: RNG,
) -> Result<(HashMap<Identifier, SecretShare>, PublicKeyPackage), Error> { ) -> Result<(HashMap<Identifier, SecretShare>, PublicKeyPackage), Error> {
frost::keys::keygen_with_dealer(max_signers, min_signers, &mut rng) frost::keys::generate_with_dealer(max_signers, min_signers, identifiers, &mut rng)
} }
/// Secret and public key material generated by a dealer performing /// Secret and public key material generated by a dealer performing
@ -239,14 +247,13 @@ pub mod round1 {
/// Generates the signing nonces and commitments to be used in the signing /// Generates the signing nonces and commitments to be used in the signing
/// operation. /// operation.
pub fn commit<RNG>( pub fn commit<RNG>(
participant_identifier: frost::Identifier<P>,
secret: &SigningShare<P>, secret: &SigningShare<P>,
rng: &mut RNG, rng: &mut RNG,
) -> (SigningNonces, SigningCommitments) ) -> (SigningNonces, SigningCommitments)
where where
RNG: CryptoRng + RngCore, RNG: CryptoRng + RngCore,
{ {
frost::round1::commit::<P, RNG>(participant_identifier, secret, rng) frost::round1::commit::<P, RNG>(secret, rng)
} }
} }
@ -309,7 +316,7 @@ pub type Signature = frost_rerandomized::frost_core::Signature<P>;
/// service attack due to publishing an invalid signature. /// service attack due to publishing an invalid signature.
pub fn aggregate( pub fn aggregate(
signing_package: &round2::SigningPackage, signing_package: &round2::SigningPackage,
signature_shares: &[round2::SignatureShare], signature_shares: &HashMap<Identifier, round2::SignatureShare>,
pubkeys: &keys::PublicKeyPackage, pubkeys: &keys::PublicKeyPackage,
randomized_params: &RandomizedParams<P>, randomized_params: &RandomizedParams<P>,
) -> Result<Signature, Error> { ) -> Result<Signature, Error> {

3
src/orchard/tests.rs
View File

@ -1,3 +1,5 @@
use std::println;
use crate::scalar_mul::{self, VartimeMultiscalarMul}; use crate::scalar_mul::{self, VartimeMultiscalarMul};
use alloc::vec::Vec; use alloc::vec::Vec;
use group::ff::Field; use group::ff::Field;
@ -30,7 +32,6 @@ fn orchard_binding_basepoint() {
#[allow(dead_code)] #[allow(dead_code)]
fn gen_pallas_test_vectors() { fn gen_pallas_test_vectors() {
use group::Group; use group::Group;
use std::println;
let rng = thread_rng(); let rng = thread_rng();

14
tests/frost_redjubjub.rs
View File

@ -9,7 +9,10 @@ use reddsa::{frost::redjubjub::JubjubBlake2b512, sapling};
fn check_sign_with_dealer() { fn check_sign_with_dealer() {
let rng = thread_rng(); let rng = thread_rng();
frost_rerandomized::frost_core::tests::check_sign_with_dealer::<JubjubBlake2b512, _>(rng); frost_rerandomized::frost_core::tests::ciphersuite_generic::check_sign_with_dealer::<
JubjubBlake2b512,
_,
>(rng);
} }
#[test] #[test]
@ -23,11 +26,11 @@ fn check_randomized_sign_with_dealer() {
// public key (interoperability test) // public key (interoperability test)
let sig = { let sig = {
let bytes: [u8; 64] = group_signature.to_bytes().as_ref().try_into().unwrap(); let bytes: [u8; 64] = group_signature.serialize().as_ref().try_into().unwrap();
reddsa::Signature::<sapling::SpendAuth>::from(bytes) reddsa::Signature::<sapling::SpendAuth>::from(bytes)
}; };
let pk_bytes = { let pk_bytes = {
let bytes: [u8; 32] = group_pubkey.to_bytes().as_ref().try_into().unwrap(); let bytes: [u8; 32] = group_pubkey.serialize().as_ref().try_into().unwrap();
reddsa::VerificationKeyBytes::<sapling::SpendAuth>::from(bytes) reddsa::VerificationKeyBytes::<sapling::SpendAuth>::from(bytes)
}; };
@ -43,7 +46,10 @@ fn check_randomized_sign_with_dealer() {
fn check_sign_with_dkg() { fn check_sign_with_dkg() {
let rng = thread_rng(); let rng = thread_rng();
frost_rerandomized::frost_core::tests::check_sign_with_dkg::<JubjubBlake2b512, _>(rng); frost_rerandomized::frost_core::tests::ciphersuite_generic::check_sign_with_dkg::<
JubjubBlake2b512,
_,
>(rng);
} }
#[test] #[test]

14
tests/frost_redpallas.rs
View File

@ -9,7 +9,10 @@ use reddsa::{frost::redpallas::PallasBlake2b512, orchard};
fn check_sign_with_dealer() { fn check_sign_with_dealer() {
let rng = thread_rng(); let rng = thread_rng();
frost_rerandomized::frost_core::tests::check_sign_with_dealer::<PallasBlake2b512, _>(rng); frost_rerandomized::frost_core::tests::ciphersuite_generic::check_sign_with_dealer::<
PallasBlake2b512,
_,
>(rng);
} }
#[test] #[test]
@ -23,11 +26,11 @@ fn check_randomized_sign_with_dealer() {
// public key (interoperability test) // public key (interoperability test)
let sig = { let sig = {
let bytes: [u8; 64] = group_signature.to_bytes().as_ref().try_into().unwrap(); let bytes: [u8; 64] = group_signature.serialize().as_ref().try_into().unwrap();
reddsa::Signature::<orchard::SpendAuth>::from(bytes) reddsa::Signature::<orchard::SpendAuth>::from(bytes)
}; };
let pk_bytes = { let pk_bytes = {
let bytes: [u8; 32] = group_pubkey.to_bytes().as_ref().try_into().unwrap(); let bytes: [u8; 32] = group_pubkey.serialize().as_ref().try_into().unwrap();
reddsa::VerificationKeyBytes::<orchard::SpendAuth>::from(bytes) reddsa::VerificationKeyBytes::<orchard::SpendAuth>::from(bytes)
}; };
@ -43,7 +46,10 @@ fn check_randomized_sign_with_dealer() {
fn check_sign_with_dkg() { fn check_sign_with_dkg() {
let rng = thread_rng(); let rng = thread_rng();
frost_rerandomized::frost_core::tests::check_sign_with_dkg::<PallasBlake2b512, _>(rng); frost_rerandomized::frost_core::tests::ciphersuite_generic::check_sign_with_dkg::<
PallasBlake2b512,
_,
>(rng);
} }
#[test] #[test]