diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml index 2361e6a..b764923 100644 --- a/.github/workflows/rust.yml +++ b/.github/workflows/rust.yml @@ -13,6 +13,9 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 + - uses: webfactory/ssh-agent@v0.9.0 + with: + ssh-private-key: ${{ secrets.CGGMP21 }} - uses: Swatinem/rust-cache@v2 with: cache-on-failure: "true" @@ -22,6 +25,9 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 + - uses: webfactory/ssh-agent@v0.9.0 + with: + ssh-private-key: ${{ secrets.CGGMP21 }} - uses: Swatinem/rust-cache@v2 with: cache-on-failure: "true" @@ -31,6 +37,9 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 + - uses: webfactory/ssh-agent@v0.9.0 + with: + ssh-private-key: ${{ secrets.CGGMP21 }} - uses: Swatinem/rust-cache@v2 with: cache-on-failure: "true" @@ -43,6 +52,9 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 + - uses: webfactory/ssh-agent@v0.9.0 + with: + ssh-private-key: ${{ secrets.CGGMP21 }} - uses: Swatinem/rust-cache@v2 with: cache-on-failure: "true" @@ -58,6 +70,9 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 + - uses: webfactory/ssh-agent@v0.9.0 + with: + ssh-private-key: ${{ secrets.CGGMP21 }} - uses: Swatinem/rust-cache@v2 with: cache-on-failure: "true" @@ -68,6 +83,9 @@ jobs: steps: - uses: dtolnay/rust-toolchain@nightly - uses: actions/checkout@v3 + - uses: webfactory/ssh-agent@v0.9.0 + with: + ssh-private-key: ${{ secrets.CGGMP21 }} - uses: Swatinem/rust-cache@v2 with: cache-on-failure: "true" diff --git a/Cargo.lock b/Cargo.lock index d337773..e1d1075 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -17,21 +17,6 @@ version = "1.0.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f26201604c87b1e01bd3d98f8d5d9a8fcbb815e8cedb41ffccbeb4bf593a35fe" -[[package]] -name = "android-tzdata" -version = "0.1.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e999941b234f3131b00bc13c22d06e8c5ff726d1b6318ac7eb276997bbb4fef0" - -[[package]] -name = "android_system_properties" -version = "0.1.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "819e7219dbd41043ac279b19830f2efc897156490d7fd6ea916720117ee66311" -dependencies = [ - "libc", -] - [[package]] name = "autocfg" version = "1.1.0" @@ -80,12 +65,6 @@ dependencies = [ "generic-array", ] -[[package]] -name = "bumpalo" -version = "3.14.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7f30e7476521f6f8af1a1c4c0b8cc94f0bee37d91763d0ca2665f299b6cd8aec" - [[package]] name = "bytes" version = "1.5.0" @@ -109,12 +88,11 @@ checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" [[package]] name = "cggmp21-keygen" -version = "0.1.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a2a502901b03b7a77e31348435318ed5e0c01193322c145211d265e4b973f98e" +version = "0.3.0" +source = "git+https://github.com/dfnsco/cggmp21-private?rev=730e1217443eccac983d0177cab222decf07f139#730e1217443eccac983d0177cab222decf07f139" dependencies = [ "digest", - "futures", + "displaydoc", "generic-ec", "generic-ec-zkp", "hex", @@ -135,11 +113,8 @@ version = "0.4.34" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5bc015644b92d5890fab7489e49d21f879d5c990186827d42ec511919404f38b" dependencies = [ - "android-tzdata", - "iana-time-zone", "num-traits", "serde", - "windows-targets", ] [[package]] @@ -148,12 +123,6 @@ version = "0.9.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8" -[[package]] -name = "core-foundation-sys" -version = "0.8.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "06ea2b9bc92be3c2baa9334a323ebca2d6f074ff852cd1d7b11064035cd3868f" - [[package]] name = "cpufeatures" version = "0.2.12" @@ -267,7 +236,6 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b42b6fa04a440b495c8b04d0e71b707c585f83cb9cb28cf8cd0d976c315e31b4" dependencies = [ "powerfmt", - "serde", ] [[package]] @@ -484,15 +452,18 @@ dependencies = [ [[package]] name = "generic-ec" -version = "0.2.2" +version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8f27328a31bb6dcce5ab6539cb13d5d206cd18c1f4a1b36e680129b037d6ea9a" +checksum = "10cc122ac7a2ebc45550f766cd23a9040f6d15db440230b0888e5645e8eb2cb4" dependencies = [ + "curve25519-dalek", + "digest", "generic-ec-core", "generic-ec-curves", "hex", "phantom-type 0.4.2", "rand_core", + "rand_hash", "serde", "serde_with", "subtle", @@ -502,9 +473,9 @@ dependencies = [ [[package]] name = "generic-ec-core" -version = "0.1.3" +version = "0.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "22cab102fc88bfc017c16e69d21edae6f41ab58bfe69eed09ed0a2cf10ec923f" +checksum = "f156564cc8aa47456da807826b1a0aa9cf420474d9f41593ffbdde65133d4bea" dependencies = [ "generic-array", "rand_core", @@ -515,11 +486,10 @@ dependencies = [ [[package]] name = "generic-ec-curves" -version = "0.1.4" +version = "0.2.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9a133d38cde4fef7aea4e367ca51f291db0248495a424ec4208cdace08ba59f4" +checksum = "b5926949b758d01801c7edd75357495fe54c5fc25580a193de4c994c94d22307" dependencies = [ - "crypto-bigint", "curve25519-dalek", "elliptic-curve", "generic-ec-core", @@ -533,9 +503,9 @@ dependencies = [ [[package]] name = "generic-ec-zkp" -version = "0.2.0" +version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a9b631ea71fa0294e80d479c5b952e276776c9abf1b1a542b48e66b83fe1828c" +checksum = "f360d09b920f154726c654363cef62ba3497c8037b82f94aa17df215fc05d6f9" dependencies = [ "generic-array", "generic-ec", @@ -619,12 +589,6 @@ dependencies = [ "subtle", ] -[[package]] -name = "hashbrown" -version = "0.12.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8a9ee70c43aaf417c914396645a0fa852624801b24ebb7ae78fe8272889ac888" - [[package]] name = "hex" version = "0.4.3" @@ -649,61 +613,18 @@ dependencies = [ "digest", ] -[[package]] -name = "iana-time-zone" -version = "0.1.60" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e7ffbb5a1b541ea2561f8c41c087286cc091e21e556a4f09a8f6cbf17b69b141" -dependencies = [ - "android_system_properties", - "core-foundation-sys", - "iana-time-zone-haiku", - "js-sys", - "wasm-bindgen", - "windows-core", -] - -[[package]] -name = "iana-time-zone-haiku" -version = "0.1.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f31827a206f56af32e590ba56d5d2d085f558508192593743f16b2306495269f" -dependencies = [ - "cc", -] - [[package]] name = "ident_case" version = "1.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b9e0384b61958566e926dc50660321d12159025e767c18e043daf26b70104c39" -[[package]] -name = "indexmap" -version = "1.9.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bd070e393353796e801d209ad339e89596eb4c8d430d18ede6a1cced8fafbd99" -dependencies = [ - "autocfg", - "hashbrown", - "serde", -] - [[package]] name = "itoa" version = "1.0.10" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b1a46d1a171d865aa5f83f92695765caa047a9b4cbae2cbf37dbd613a793fd4c" -[[package]] -name = "js-sys" -version = "0.3.68" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "406cda4b368d531c842222cf9d2600a9a4acce8d29423695379c6868a143a9ee" -dependencies = [ - "wasm-bindgen", -] - [[package]] name = "k256" version = "0.13.3" @@ -716,9 +637,8 @@ dependencies = [ [[package]] name = "key-share" -version = "0.2.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b92d6a48de7507329eb252365d274b2d704d35a6616ca1be1292a2d96f2b4a59" +version = "0.4.0" +source = "git+https://github.com/dfnsco/cggmp21-private?rev=730e1217443eccac983d0177cab222decf07f139#730e1217443eccac983d0177cab222decf07f139" dependencies = [ "displaydoc", "generic-ec", @@ -737,12 +657,6 @@ version = "0.2.153" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9c198f91728a82281a64e1f4f9eeb25d82cb32a5de251c6bd1b5154d63a8e7bd" -[[package]] -name = "log" -version = "0.4.20" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b5e6163cb8c49088c2c36f57875e58ccd8c87c7427f7fbd50ea6710b2f3f2e8f" - [[package]] name = "memchr" version = "2.7.1" @@ -802,12 +716,6 @@ dependencies = [ "memchr", ] -[[package]] -name = "once_cell" -version = "1.19.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3fdb12b2476b595f9358c5161aa467c2438859caa136dec86c26fdd2efe17b92" - [[package]] name = "phantom-type" version = "0.3.1" @@ -925,12 +833,24 @@ dependencies = [ "rand_core", ] +[[package]] +name = "rand_hash" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "257d7a1ad5533c1faca40f34d4a1ead75b414f16611c0ec210b7fd23e440475f" +dependencies = [ + "digest", + "rand_core", + "udigest", +] + [[package]] name = "round-based" -version = "0.2.0" +version = "0.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "50a0cb1a40a115430c0d124ee305cf118208a37f921a744d41e84d3468a2c1d0" +checksum = "55f473f56ecfa6457a75c0922c4e51ad036d4a1d27b0a697ac3a9b26f74acc3b" dependencies = [ + "displaydoc", "futures-util", "phantom-type 0.3.1", "round-based-derive", @@ -1049,7 +969,6 @@ dependencies = [ "base64", "chrono", "hex", - "indexmap", "serde", "serde_json", "serde_with_macros", @@ -1099,9 +1018,9 @@ dependencies = [ [[package]] name = "slip-10" -version = "0.2.0" +version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f20f0918d675ab26ca9fa3e2c42548356f54b7a09fb4633313756522ddd59f75" +checksum = "10c50b6de806a216bce1d98e9107e03f60b54abcfbe6be3935a528ab57c19f6a" dependencies = [ "generic-array", "generic-ec", @@ -1220,12 +1139,10 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c8248b6521bb14bc45b4067159b9b6ad792e2d6d754d6c41fb50e29fefe38749" dependencies = [ "deranged", - "itoa", "num-conv", "powerfmt", "serde", "time-core", - "time-macros", ] [[package]] @@ -1234,16 +1151,6 @@ version = "0.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ef927ca75afb808a4d64dd374f00a2adf8d0fcff8e7b184af886c3c87ec4a3f3" -[[package]] -name = "time-macros" -version = "0.2.17" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7ba3a3ef41e6672a2f0f001392bb5dcd3ff0a9992d618ca761a11c3121547774" -dependencies = [ - "num-conv", - "time-core", -] - [[package]] name = "tokio" version = "1.36.0" @@ -1298,29 +1205,14 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c3523ab5a71916ccf420eebdf5521fcef02141234bbc0b8a49f2fdc4544364ef" dependencies = [ "pin-project-lite", - "tracing-attributes", "tracing-core", ] -[[package]] -name = "tracing-attributes" -version = "0.1.27" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "34704c8d6ebcbc939824180af020566b01a7c01f80641264eba0999f6c2b6be7" -dependencies = [ - "proc-macro2", - "quote", - "syn 2.0.48", -] - [[package]] name = "tracing-core" version = "0.1.32" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c06d3da6113f116aaee68e4d601191614c9053067f9ab7f6edbcb161237daa54" -dependencies = [ - "once_cell", -] [[package]] name = "typenum" @@ -1330,9 +1222,9 @@ checksum = "42ff0bf0c66b8238c6f3b578df37d0b7848e55df8577b3f74f92a69acceeb825" [[package]] name = "udigest" -version = "0.1.0" +version = "0.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a8e4a5cb9599a5dc3d47f21ad605a5a14594e0b212c7627d68dd5ca9776ace2e" +checksum = "3a435a16abb7029ba807a45242367b087dd767e87e2e5ebc5f0e4189ea114a23" dependencies = [ "digest", "udigest-derive", @@ -1340,9 +1232,9 @@ dependencies = [ [[package]] name = "udigest-derive" -version = "0.1.0" +version = "0.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8b29f121da05aa0857e7b96cf2f8782bd4140911506518486d4a125b97d7d609" +checksum = "ee6296c12e792dbc59565a58920d8d1842997ad5a72ddf2a51f70d70bd7af2ba" dependencies = [ "proc-macro2", "quote", @@ -1367,126 +1259,6 @@ version = "0.11.0+wasi-snapshot-preview1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" -[[package]] -name = "wasm-bindgen" -version = "0.2.91" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c1e124130aee3fb58c5bdd6b639a0509486b0338acaaae0c84a5124b0f588b7f" -dependencies = [ - "cfg-if", - "wasm-bindgen-macro", -] - -[[package]] -name = "wasm-bindgen-backend" -version = "0.2.91" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c9e7e1900c352b609c8488ad12639a311045f40a35491fb69ba8c12f758af70b" -dependencies = [ - "bumpalo", - "log", - "once_cell", - "proc-macro2", - "quote", - "syn 2.0.48", - "wasm-bindgen-shared", -] - -[[package]] -name = "wasm-bindgen-macro" -version = "0.2.91" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b30af9e2d358182b5c7449424f017eba305ed32a7010509ede96cdc4696c46ed" -dependencies = [ - "quote", - "wasm-bindgen-macro-support", -] - -[[package]] -name = "wasm-bindgen-macro-support" -version = "0.2.91" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "642f325be6301eb8107a83d12a8ac6c1e1c54345a7ef1a9261962dfefda09e66" -dependencies = [ - "proc-macro2", - "quote", - "syn 2.0.48", - "wasm-bindgen-backend", - "wasm-bindgen-shared", -] - -[[package]] -name = "wasm-bindgen-shared" -version = "0.2.91" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4f186bd2dcf04330886ce82d6f33dd75a7bfcf69ecf5763b89fcde53b6ac9838" - -[[package]] -name = "windows-core" -version = "0.52.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "33ab640c8d7e35bf8ba19b884ba838ceb4fba93a4e8c65a9059d08afcfc683d9" -dependencies = [ - "windows-targets", -] - -[[package]] -name = "windows-targets" -version = "0.52.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8a18201040b24831fbb9e4eb208f8892e1f50a37feb53cc7ff887feb8f50e7cd" -dependencies = [ - "windows_aarch64_gnullvm", - "windows_aarch64_msvc", - "windows_i686_gnu", - "windows_i686_msvc", - "windows_x86_64_gnu", - "windows_x86_64_gnullvm", - "windows_x86_64_msvc", -] - -[[package]] -name = "windows_aarch64_gnullvm" -version = "0.52.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cb7764e35d4db8a7921e09562a0304bf2f93e0a51bfccee0bd0bb0b666b015ea" - -[[package]] -name = "windows_aarch64_msvc" -version = "0.52.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bbaa0368d4f1d2aaefc55b6fcfee13f41544ddf36801e793edbbfd7d7df075ef" - -[[package]] -name = "windows_i686_gnu" -version = "0.52.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a28637cb1fa3560a16915793afb20081aba2c92ee8af57b4d5f28e4b3e7df313" - -[[package]] -name = "windows_i686_msvc" -version = "0.52.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ffe5e8e31046ce6230cc7215707b816e339ff4d4d67c65dffa206fd0f7aa7b9a" - -[[package]] -name = "windows_x86_64_gnu" -version = "0.52.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3d6fa32db2bc4a2f5abeacf2b69f7992cd09dca97498da74a151a3132c26befd" - -[[package]] -name = "windows_x86_64_gnullvm" -version = "0.52.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1a657e1e9d3f514745a572a6846d3c7aa7dbe1658c056ed9c3344c4109a6949e" - -[[package]] -name = "windows_x86_64_msvc" -version = "0.52.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dff9641d1cd4be8d1a070daf9e3773c5f67e78b4d9d42263020c057706765c04" - [[package]] name = "zeroize" version = "1.7.0" diff --git a/Cargo.toml b/Cargo.toml index e3ca791..b8bf581 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -9,3 +9,10 @@ exclude = [ "wasm/no_std", ] +[patch.crates-io.cggmp21-keygen] +git = "https://github.com/dfnsco/cggmp21-private" +rev = "730e1217443eccac983d0177cab222decf07f139" + +[patch.crates-io.key-share] +git = "https://github.com/dfnsco/cggmp21-private" +rev = "730e1217443eccac983d0177cab222decf07f139" diff --git a/README.md b/README.md index b7bd397..0dde73d 100644 --- a/README.md +++ b/README.md @@ -42,6 +42,7 @@ where: * `round_based::Incoming` and `round_based::Outgoing` wrap `Msg` and provide additional data (e.g., sender/recepient) * `futures::Stream` and `futures::Sink` are well-known async primitives. + Transport layer implementation needs to meet requirements: * All messages must be authenticated \ Whenever one party receives a message from another, the receiver should cryptographically diff --git a/givre/Cargo.toml b/givre/Cargo.toml index f7e7159..224fe24 100644 --- a/givre/Cargo.toml +++ b/givre/Cargo.toml @@ -6,16 +6,15 @@ edition = "2021" # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html [dependencies] -cggmp21-keygen = { version = "0.1", optional = true } -key-share = { version = "0.2.2", default-features = false } +cggmp21-keygen = { version = "0.3", optional = true } +key-share = { version = "0.4", default-features = false } -generic-ec = { version = "0.2", default-features = false } +generic-ec = { version = "0.4", default-features = false, features = ["alloc"] } rand_core = { version = "0.6", default-features = false } digest = { version = "0.10", default-features = false } -round-based = { version = "0.2", default-features = false, features = ["derive"], optional = true } -futures = { version = "0.3", default-features = false, features = [], optional = true } +round-based = { version = "0.3", default-features = false, features = ["derive"], optional = true } k256 = { version = "0.13", default-features = false, features = ["hash2curve"], optional = true } static_assertions = { version = "1.1", optional = true } @@ -25,6 +24,7 @@ serde = { version = "1", default-features = false, features = ["derive"], option [dev-dependencies] rand_core = { version = "0.6", default-features = false, features = ["getrandom"] } +futures = "0.3" [features] default = ["std"] @@ -32,7 +32,7 @@ default = ["std"] std = ["key-share/std"] cggmp21-keygen = ["dep:cggmp21-keygen"] -full-signing = ["round-based", "futures"] +full-signing = ["round-based"] serde = ["dep:serde", "key-share/serde"] diff --git a/givre/src/ciphersuite.rs b/givre/src/ciphersuite.rs index 76999a8..8ddf1b9 100644 --- a/givre/src/ciphersuite.rs +++ b/givre/src/ciphersuite.rs @@ -45,6 +45,13 @@ pub trait Ciphersuite: Sized + Clone + Copy + core::fmt::Debug { /// Digest that's used to feed data into [H4](Self::h4) and [H5](Self::h5) hash functions type Digest: digest::Update + digest::FixedOutput + Clone; + /// Preferred [multiscalar multiplication](generic_ec::multiscalar) algorithm + /// + /// Multiscalar multiplication optimization greatly improves performace of FROST protocol. + /// By default, we set it to [`generic_ec::multiscalar::Default`] which uses the fastest + /// algorithm available in [`generic_ec`] crate. + type MultiscalarMul: generic_ec::multiscalar::MultiscalarMul; + /// `H1` hash function as defined in the draft /// /// Accepts a list of bytestring, that'll be contatenated before hashing. diff --git a/givre/src/ciphersuite/bitcoin.rs b/givre/src/ciphersuite/bitcoin.rs index af45322..56486ed 100644 --- a/givre/src/ciphersuite/bitcoin.rs +++ b/givre/src/ciphersuite/bitcoin.rs @@ -19,6 +19,7 @@ impl Ciphersuite for Bitcoin { const NAME: &'static str = "DFNS-bitcoin-SHA256-v1"; type Curve = ::Curve; type Digest = ::Digest; + type MultiscalarMul = generic_ec::multiscalar::Default; fn h1(msg: &[&[u8]]) -> generic_ec::Scalar { Secp256k1::h1(msg) diff --git a/givre/src/ciphersuite/ed25519.rs b/givre/src/ciphersuite/ed25519.rs index f3e25a4..8cb7df3 100644 --- a/givre/src/ciphersuite/ed25519.rs +++ b/givre/src/ciphersuite/ed25519.rs @@ -12,6 +12,7 @@ impl Ciphersuite for Ed25519 { type Curve = generic_ec::curves::Ed25519; type Digest = sha2::Sha512; + type MultiscalarMul = generic_ec::multiscalar::Dalek; fn h1(msg: &[&[u8]]) -> generic_ec::Scalar { let mut hash = sha2::Sha512::new() @@ -22,7 +23,7 @@ impl Ciphersuite for Ed25519 { } let hash = hash.finalize(); - generic_ec::Scalar::from_le_bytes_mod_order(hash) + generic_ec::traits::Reduce::<64>::from_le_array_mod_order(&hash.into()) } fn compute_challenge( @@ -36,7 +37,7 @@ impl Ciphersuite for Ed25519 { .chain_update(msg) .finalize(); - generic_ec::Scalar::from_le_bytes_mod_order(hash) + generic_ec::traits::Reduce::<64>::from_le_array_mod_order(&hash.into()) } fn h3(msg: &[&[u8]]) -> generic_ec::Scalar { @@ -48,7 +49,7 @@ impl Ciphersuite for Ed25519 { } let hash = hash.finalize(); - generic_ec::Scalar::from_le_bytes_mod_order(hash) + generic_ec::traits::Reduce::<64>::from_le_array_mod_order(&hash.into()) } fn h4() -> Self::Digest { diff --git a/givre/src/ciphersuite/secp256k1.rs b/givre/src/ciphersuite/secp256k1.rs index a6c9143..6af3c33 100644 --- a/givre/src/ciphersuite/secp256k1.rs +++ b/givre/src/ciphersuite/secp256k1.rs @@ -12,6 +12,7 @@ impl Ciphersuite for Secp256k1 { type Curve = generic_ec::curves::Secp256k1; type Digest = sha2::Sha256; + type MultiscalarMul = generic_ec::multiscalar::Default; fn h1(msg: &[&[u8]]) -> generic_ec::Scalar { hash_to_scalar(msg, &[Self::NAME.as_bytes(), b"rho"]) diff --git a/givre/src/lib.rs b/givre/src/lib.rs index f7343ba..9495ca0 100644 --- a/givre/src/lib.rs +++ b/givre/src/lib.rs @@ -42,6 +42,9 @@ //! * [`round_based::Incoming`] and [`round_based::Outgoing`] wrap `Msg` and provide additional data (e.g., sender/recepient) //! * [`futures::Stream`] and [`futures::Sink`] are well-known async primitives. //! +//! [`futures::Stream`]: https://docs.rs/futures/latest/futures/stream/trait.Stream.html +//! [`futures::sink`]: https://docs.rs/futures/latest/futures/sink/trait.Sink.html +//! //! Transport layer implementation needs to meet requirements: //! * All messages must be authenticated \ //! Whenever one party receives a message from another, the receiver should cryptographically @@ -178,6 +181,12 @@ pub use round_based; pub mod ciphersuite; pub mod signing; +#[cfg(test)] +mod _unused_deps { + // `futures` causes false-positive because it's only used in the docs examples + use futures as _; +} + /// Key share /// /// This module re-exports type definitions from [`key_share`](::key_share) crate. diff --git a/givre/src/signing/aggregate.rs b/givre/src/signing/aggregate.rs index cf66884..d78e154 100644 --- a/givre/src/signing/aggregate.rs +++ b/givre/src/signing/aggregate.rs @@ -124,16 +124,20 @@ pub fn aggregate( // --- The Aggregation let binding_factor_list = utils::compute_binding_factors::(key_info.shared_public_key, &comm_list, msg); - let group_commitment = utils::compute_group_commitment(&comm_list, &binding_factor_list); + let group_commitment = utils::compute_group_commitment::(&comm_list, &binding_factor_list); let z = signers .iter() .map(|(_j, _comm, sig_share)| sig_share.0) .sum(); - Ok(Signature { + let sig = Signature { r: C::normalize_point(group_commitment), z, - }) + }; + sig.verify(&C::normalize_point(key_info.shared_public_key), msg) + .map_err(|_| Reason::InvalidSig)?; + + Ok(sig) } /// Aggregation error @@ -144,6 +148,7 @@ pub struct AggregateError(Reason); enum Reason { UnknownSigner(SignerIndex), SameSignerTwice, + InvalidSig, } impl From for AggregateError { @@ -159,6 +164,7 @@ impl fmt::Display for AggregateError { Reason::SameSignerTwice => { f.write_str("same signer appears more than once in the list") } + Reason::InvalidSig => f.write_str("invalid signature"), } } } @@ -167,7 +173,7 @@ impl fmt::Display for AggregateError { impl std::error::Error for AggregateError { fn source(&self) -> Option<&(dyn std::error::Error + 'static)> { match &self.0 { - Reason::UnknownSigner(_) | Reason::SameSignerTwice => None, + Reason::UnknownSigner(_) | Reason::SameSignerTwice | Reason::InvalidSig => None, } } } diff --git a/givre/src/signing/full_signing.rs b/givre/src/signing/full_signing.rs index 09e436b..12b8ca3 100644 --- a/givre/src/signing/full_signing.rs +++ b/givre/src/signing/full_signing.rs @@ -3,12 +3,11 @@ use alloc::{boxed::Box, vec::Vec}; use core::fmt; -use futures::SinkExt; use generic_ec::Curve; use rand_core::{CryptoRng, RngCore}; use round_based::{ rounds_router::{simple_store::RoundInput, RoundsRouter}, - Delivery, + Delivery, SinkExt, }; use crate::{ diff --git a/givre/src/signing/round2.rs b/givre/src/signing/round2.rs index 18fd089..39b1988 100644 --- a/givre/src/signing/round2.rs +++ b/givre/src/signing/round2.rs @@ -107,7 +107,7 @@ pub fn sign( let binding_factor = binding_factor_list.get(i).ok_or(Bug::OwnBindingFactor)?.1; debug_assert_eq!(binding_factor_list[i].0, signer_id); - let group_commitment = utils::compute_group_commitment(&comm_list, &binding_factor_list); + let group_commitment = utils::compute_group_commitment::(&comm_list, &binding_factor_list); let nonce_share = nonce.hiding_nonce + (nonce.binding_nonce * binding_factor); let (group_commitment, nonce_share) = match NormalizedPoint::try_normalize(group_commitment) { diff --git a/givre/src/signing/utils.rs b/givre/src/signing/utils.rs index 8e0c006..ec354cf 100644 --- a/givre/src/signing/utils.rs +++ b/givre/src/signing/utils.rs @@ -1,7 +1,7 @@ use alloc::vec::Vec; use digest::{FixedOutput, Update}; -use generic_ec::{Curve, NonZero, Point, Scalar}; +use generic_ec::{NonZero, Point, Scalar}; use crate::ciphersuite::Ciphersuite; @@ -76,21 +76,26 @@ pub fn compute_binding_factors( /// Differences compared to the draft: /// * Assumes that commitments and binding factors come in the same order, i.e. `commitment_list[i].0 == binding_factor_list[i].0` /// for all i. Assumtion is enforced via debug assertation. -pub fn compute_group_commitment<'a, E: Curve>( - commitment_list: impl IntoIterator>, PublicCommitments)>, - binding_factor_list: impl IntoIterator>, Scalar)>, -) -> Point { - commitment_list - .into_iter() - .zip(binding_factor_list) - .map(|((i, comm), (_i, factor))| { - debug_assert_eq!(i, _i); - (*i, *comm, *factor) - }) - .fold(Point::zero(), |acc, (_i, comm, binding_factor)| { - let binding_nonce = comm.binding_comm * binding_factor; - acc + comm.hiding_comm + binding_nonce - }) +pub fn compute_group_commitment( + commitment_list: &[(NonZero>, PublicCommitments)], + binding_factor_list: &[(NonZero>, Scalar)], +) -> Point { + use generic_ec::multiscalar::MultiscalarMul; + debug_assert_eq!(commitment_list.len(), binding_factor_list.len()); + + // binding_nonces = \sum_i commitment_list[i].1.binding_comm * binding_factor_list[i].1 + let binding_nonces = + C::MultiscalarMul::multiscalar_mul(commitment_list.iter().zip(binding_factor_list).map( + |((i, comm), (_i, factor))| { + debug_assert_eq!(i, _i); + (*factor, comm.binding_comm) + }, + )); + binding_nonces + + commitment_list + .iter() + .map(|(_, comm)| comm.hiding_comm) + .sum::>() } pub fn is_sorted(slice: &[T]) -> bool { diff --git a/tests/Cargo.toml b/tests/Cargo.toml index b130d0b..a088d3d 100644 --- a/tests/Cargo.toml +++ b/tests/Cargo.toml @@ -19,8 +19,8 @@ rand_core = "0.6" hex-literal = "0.4" tokio = { version = "1", features = ["macros", "rt"]} -round-based = { version = "0.2", features = ["dev"] } futures = "0.3" +round-based = { version = "0.3", features = ["dev"] } ed25519 = { package = "ed25519-dalek", version = "2.1" } secp256k1 = { version = "0.28", features = ["global-context"] } diff --git a/wasm/no_std/Cargo.toml b/wasm/no_std/Cargo.toml index 4e24a72..ea55f37 100644 --- a/wasm/no_std/Cargo.toml +++ b/wasm/no_std/Cargo.toml @@ -7,3 +7,11 @@ edition = "2021" [dependencies] givre = { path = "../../givre", default-features = false, features = ["all-ciphersuites", "spof"] } + +[patch.crates-io.cggmp21-keygen] +git = "https://github.com/dfnsco/cggmp21-private" +rev = "730e1217443eccac983d0177cab222decf07f139" + +[patch.crates-io.key-share] +git = "https://github.com/dfnsco/cggmp21-private" +rev = "730e1217443eccac983d0177cab222decf07f139"