update FROST (#67)

2023-07-11 12:34:21 -03:00 · 2023-07-11 12:34:21 -03:00 · b1bbad7bac
parent eec9f7c656
commit b1bbad7bac
8 changed files with 57 additions and 24 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -2,6 +2,12 @@

 Entries are listed in reverse chronological order.

+## 0.5.1
+
+* MSRV is now 1.65.0
+* Refactor & optimize the NAF (#63)
+* Updated `frost-rerandomized` to 0.6.0 (#67)
+
 ## 0.5.0

 * Add Pallas and Jubjub ciphersuites and FROST support (#33)
--- a/Cargo.toml
+++ b/Cargo.toml
@ -1,11 +1,11 @@
 [package]
 name = "reddsa"
 edition = "2021"
-rust-version = "1.60"
+rust-version = "1.65"
 # When releasing to crates.io:
 # - Update CHANGELOG.md
 # - Create git tag.
-version = "0.5.0"
+version = "0.5.1"
 authors = [
    "Henry de Valence <hdevalence@hdevalence.ca>",
    "Deirdre Connolly <durumcrustulum@gmail.com>",
@ -33,7 +33,7 @@ pasta_curves = { version = "0.5", default-features = false }
 rand_core = { version = "0.6", default-features = false }
 serde = { version = "1", optional = true, features = ["derive"] }
 thiserror = { version = "1.0", optional = true }
-frost-rerandomized = { version = "0.2", optional = true }
+frost-rerandomized = { version = "0.6.0", optional = true }

 [dependencies.zeroize]
 version = "1"
@ -50,7 +50,7 @@ proptest = "1.0"
 rand = "0.8"
 rand_chacha = "0.3"
 serde_json = "1.0"
-frost-rerandomized = { version = "0.2", features=["test-impl"] }
+frost-rerandomized = { version = "0.6.0", features=["test-impl"] }
 num-bigint = "0.4.3"
 num-traits = "0.2.15"

--- a/2
+++ b/2
@ -1 +1 @@
-1.60.0
+1.65.0
--- a/src/frost/redjubjub.rs
+++ b/src/frost/redjubjub.rs
@ -2,6 +2,8 @@
 #![allow(non_snake_case)]
 #![deny(missing_docs)]

+use std::collections::HashMap;
+
 use group::GroupEncoding;
 #[cfg(feature = "alloc")]
 use group::{ff::Field as FFField, ff::PrimeField};
@ -115,6 +117,8 @@ impl Group for JubjubGroup {
 pub struct JubjubBlake2b512;

 impl Ciphersuite for JubjubBlake2b512 {
+    const ID: &'static str = "FROST(Jubjub, BLAKE2b-512)";
+
    type Group = JubjubGroup;

    type HashOutput = [u8; 64];
@ -180,14 +184,18 @@ pub mod keys {

    use super::*;

+    /// The identifier list to use when generating key shares.
+    pub type IdentifierList<'a> = frost::keys::IdentifierList<'a, J>;
+
    /// Allows all participants' keys to be generated using a central, trusted
    /// dealer.
-    pub fn keygen_with_dealer<RNG: RngCore + CryptoRng>(
+    pub fn generate_with_dealer<RNG: RngCore + CryptoRng>(
        max_signers: u16,
        min_signers: u16,
+        identifiers: IdentifierList,
        mut rng: RNG,
    ) -> Result<(HashMap<Identifier, SecretShare>, PublicKeyPackage), Error> {
-        frost::keys::keygen_with_dealer(max_signers, min_signers, &mut rng)
+        frost::keys::generate_with_dealer(max_signers, min_signers, identifiers, &mut rng)
    }

    /// Secret and public key material generated by a dealer performing
@ -237,14 +245,13 @@ pub mod round1 {
    /// Generates the signing nonces and commitments to be used in the signing
    /// operation.
    pub fn commit<RNG>(
-        participant_identifier: frost::Identifier<J>,
        secret: &SigningShare<J>,
        rng: &mut RNG,
    ) -> (SigningNonces, SigningCommitments)
    where
        RNG: CryptoRng + RngCore,
    {
-        frost::round1::commit::<J, RNG>(participant_identifier, secret, rng)
+        frost::round1::commit::<J, RNG>(secret, rng)
    }
 }

@ -307,7 +314,7 @@ pub type Signature = frost_rerandomized::frost_core::Signature<J>;
 /// service attack due to publishing an invalid signature.
 pub fn aggregate(
    signing_package: &round2::SigningPackage,
-    signature_shares: &[round2::SignatureShare],
+    signature_shares: &HashMap<Identifier, round2::SignatureShare>,
    pubkeys: &keys::PublicKeyPackage,
    randomized_params: &RandomizedParams<J>,
 ) -> Result<Signature, Error> {
--- a/src/frost/redpallas.rs
+++ b/src/frost/redpallas.rs
@ -2,6 +2,8 @@
 #![allow(non_snake_case)]
 #![deny(missing_docs)]

+use std::collections::HashMap;
+
 use group::GroupEncoding;
 #[cfg(feature = "alloc")]
 use group::{ff::Field as FFField, ff::PrimeField, Group as FFGroup};
@ -117,6 +119,8 @@ impl Group for PallasGroup {
 pub struct PallasBlake2b512;

 impl Ciphersuite for PallasBlake2b512 {
+    const ID: &'static str = "FROST(Pallas, BLAKE2b-512)";
+
    type Group = PallasGroup;

    type HashOutput = [u8; 64];
@ -182,14 +186,18 @@ pub mod keys {

    use super::*;

+    /// The identifier list to use when generating key shares.
+    pub type IdentifierList<'a> = frost::keys::IdentifierList<'a, P>;
+
    /// Allows all participants' keys to be generated using a central, trusted
    /// dealer.
-    pub fn keygen_with_dealer<RNG: RngCore + CryptoRng>(
+    pub fn generate_with_dealer<RNG: RngCore + CryptoRng>(
        max_signers: u16,
        min_signers: u16,
+        identifiers: IdentifierList,
        mut rng: RNG,
    ) -> Result<(HashMap<Identifier, SecretShare>, PublicKeyPackage), Error> {
-        frost::keys::keygen_with_dealer(max_signers, min_signers, &mut rng)
+        frost::keys::generate_with_dealer(max_signers, min_signers, identifiers, &mut rng)
    }

    /// Secret and public key material generated by a dealer performing
@ -239,14 +247,13 @@ pub mod round1 {
    /// Generates the signing nonces and commitments to be used in the signing
    /// operation.
    pub fn commit<RNG>(
-        participant_identifier: frost::Identifier<P>,
        secret: &SigningShare<P>,
        rng: &mut RNG,
    ) -> (SigningNonces, SigningCommitments)
    where
        RNG: CryptoRng + RngCore,
    {
-        frost::round1::commit::<P, RNG>(participant_identifier, secret, rng)
+        frost::round1::commit::<P, RNG>(secret, rng)
    }
 }

@ -309,7 +316,7 @@ pub type Signature = frost_rerandomized::frost_core::Signature<P>;
 /// service attack due to publishing an invalid signature.
 pub fn aggregate(
    signing_package: &round2::SigningPackage,
-    signature_shares: &[round2::SignatureShare],
+    signature_shares: &HashMap<Identifier, round2::SignatureShare>,
    pubkeys: &keys::PublicKeyPackage,
    randomized_params: &RandomizedParams<P>,
 ) -> Result<Signature, Error> {
--- a/src/orchard/tests.rs
+++ b/src/orchard/tests.rs
@ -1,3 +1,5 @@
+use std::println;
+
 use crate::scalar_mul::{self, VartimeMultiscalarMul};
 use alloc::vec::Vec;
 use group::ff::Field;
@ -30,7 +32,6 @@ fn orchard_binding_basepoint() {
 #[allow(dead_code)]
 fn gen_pallas_test_vectors() {
    use group::Group;
-    use std::println;

    let rng = thread_rng();

--- a/tests/frost_redjubjub.rs
+++ b/tests/frost_redjubjub.rs
@ -9,7 +9,10 @@ use reddsa::{frost::redjubjub::JubjubBlake2b512, sapling};
 fn check_sign_with_dealer() {
    let rng = thread_rng();

-    frost_rerandomized::frost_core::tests::check_sign_with_dealer::<JubjubBlake2b512, _>(rng);
+    frost_rerandomized::frost_core::tests::ciphersuite_generic::check_sign_with_dealer::<
+        JubjubBlake2b512,
+        _,
+    >(rng);
 }

 #[test]
@ -23,11 +26,11 @@ fn check_randomized_sign_with_dealer() {
    // public key (interoperability test)

    let sig = {
-        let bytes: [u8; 64] = group_signature.to_bytes().as_ref().try_into().unwrap();
+        let bytes: [u8; 64] = group_signature.serialize().as_ref().try_into().unwrap();
        reddsa::Signature::<sapling::SpendAuth>::from(bytes)
    };
    let pk_bytes = {
-        let bytes: [u8; 32] = group_pubkey.to_bytes().as_ref().try_into().unwrap();
+        let bytes: [u8; 32] = group_pubkey.serialize().as_ref().try_into().unwrap();
        reddsa::VerificationKeyBytes::<sapling::SpendAuth>::from(bytes)
    };

@ -43,7 +46,10 @@ fn check_randomized_sign_with_dealer() {
 fn check_sign_with_dkg() {
    let rng = thread_rng();

-    frost_rerandomized::frost_core::tests::check_sign_with_dkg::<JubjubBlake2b512, _>(rng);
+    frost_rerandomized::frost_core::tests::ciphersuite_generic::check_sign_with_dkg::<
+        JubjubBlake2b512,
+        _,
+    >(rng);
 }

 #[test]
--- a/tests/frost_redpallas.rs
+++ b/tests/frost_redpallas.rs
@ -9,7 +9,10 @@ use reddsa::{frost::redpallas::PallasBlake2b512, orchard};
 fn check_sign_with_dealer() {
    let rng = thread_rng();

-    frost_rerandomized::frost_core::tests::check_sign_with_dealer::<PallasBlake2b512, _>(rng);
+    frost_rerandomized::frost_core::tests::ciphersuite_generic::check_sign_with_dealer::<
+        PallasBlake2b512,
+        _,
+    >(rng);
 }

 #[test]
@ -23,11 +26,11 @@ fn check_randomized_sign_with_dealer() {
    // public key (interoperability test)

    let sig = {
-        let bytes: [u8; 64] = group_signature.to_bytes().as_ref().try_into().unwrap();
+        let bytes: [u8; 64] = group_signature.serialize().as_ref().try_into().unwrap();
        reddsa::Signature::<orchard::SpendAuth>::from(bytes)
    };
    let pk_bytes = {
-        let bytes: [u8; 32] = group_pubkey.to_bytes().as_ref().try_into().unwrap();
+        let bytes: [u8; 32] = group_pubkey.serialize().as_ref().try_into().unwrap();
        reddsa::VerificationKeyBytes::<orchard::SpendAuth>::from(bytes)
    };

@ -43,7 +46,10 @@ fn check_randomized_sign_with_dealer() {
 fn check_sign_with_dkg() {
    let rng = thread_rng();

-    frost_rerandomized::frost_core::tests::check_sign_with_dkg::<PallasBlake2b512, _>(rng);
+    frost_rerandomized::frost_core::tests::ciphersuite_generic::check_sign_with_dkg::<
+        PallasBlake2b512,
+        _,
+    >(rng);
 }

 #[test]
 @ -1 +1 @@
 .60.0
 .65.0