From c3dd3d0e968bd47a41965389c9a08059450d1c34 Mon Sep 17 00:00:00 2001 From: Denis Varlakov Date: Tue, 16 Apr 2024 15:32:23 +0200 Subject: [PATCH 01/18] Apply multiscalar optimization --- Cargo.lock | 12 +++++----- givre/Cargo.toml | 2 +- givre/src/ciphersuite.rs | 7 ++++++ givre/src/ciphersuite/bitcoin.rs | 1 + givre/src/ciphersuite/ed25519.rs | 1 + givre/src/ciphersuite/secp256k1.rs | 1 + givre/src/signing/aggregate.rs | 2 +- givre/src/signing/round2.rs | 2 +- givre/src/signing/utils.rs | 37 +++++++++++++++++------------- 9 files changed, 40 insertions(+), 25 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index d337773..d0f9c13 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -484,9 +484,9 @@ dependencies = [ [[package]] name = "generic-ec" -version = "0.2.2" +version = "0.2.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8f27328a31bb6dcce5ab6539cb13d5d206cd18c1f4a1b36e680129b037d6ea9a" +checksum = "6f5cb6bae30037a9462484c3f8c2290314b43e2ca09f7250a573165bcea9e914" dependencies = [ "generic-ec-core", "generic-ec-curves", @@ -502,9 +502,9 @@ dependencies = [ [[package]] name = "generic-ec-core" -version = "0.1.3" +version = "0.1.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "22cab102fc88bfc017c16e69d21edae6f41ab58bfe69eed09ed0a2cf10ec923f" +checksum = "85e8a3654fc9ea7366dd5725644b3537ec516dc47ea1944afd3c150ccb6e2137" dependencies = [ "generic-array", "rand_core", @@ -515,9 +515,9 @@ dependencies = [ [[package]] name = "generic-ec-curves" -version = "0.1.4" +version = "0.1.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9a133d38cde4fef7aea4e367ca51f291db0248495a424ec4208cdace08ba59f4" +checksum = "564382bd1935579ced6e7cd896f2d8703c0800d5411e8438cc8f6d953c9fb1e7" dependencies = [ "crypto-bigint", "curve25519-dalek", diff --git a/givre/Cargo.toml b/givre/Cargo.toml index f7e7159..3025df5 100644 --- a/givre/Cargo.toml +++ b/givre/Cargo.toml @@ -9,7 +9,7 @@ edition = "2021" cggmp21-keygen = { version = "0.1", optional = true } key-share = { version = "0.2.2", default-features = false } -generic-ec = { version = "0.2", default-features = false } +generic-ec = { version = "0.2.4", default-features = false } rand_core = { version = "0.6", default-features = false } digest = { version = "0.10", default-features = false } diff --git a/givre/src/ciphersuite.rs b/givre/src/ciphersuite.rs index 76999a8..8ddf1b9 100644 --- a/givre/src/ciphersuite.rs +++ b/givre/src/ciphersuite.rs @@ -45,6 +45,13 @@ pub trait Ciphersuite: Sized + Clone + Copy + core::fmt::Debug { /// Digest that's used to feed data into [H4](Self::h4) and [H5](Self::h5) hash functions type Digest: digest::Update + digest::FixedOutput + Clone; + /// Preferred [multiscalar multiplication](generic_ec::multiscalar) algorithm + /// + /// Multiscalar multiplication optimization greatly improves performace of FROST protocol. + /// By default, we set it to [`generic_ec::multiscalar::Default`] which uses the fastest + /// algorithm available in [`generic_ec`] crate. + type MultiscalarMul: generic_ec::multiscalar::MultiscalarMul; + /// `H1` hash function as defined in the draft /// /// Accepts a list of bytestring, that'll be contatenated before hashing. diff --git a/givre/src/ciphersuite/bitcoin.rs b/givre/src/ciphersuite/bitcoin.rs index af45322..56486ed 100644 --- a/givre/src/ciphersuite/bitcoin.rs +++ b/givre/src/ciphersuite/bitcoin.rs @@ -19,6 +19,7 @@ impl Ciphersuite for Bitcoin { const NAME: &'static str = "DFNS-bitcoin-SHA256-v1"; type Curve = ::Curve; type Digest = ::Digest; + type MultiscalarMul = generic_ec::multiscalar::Default; fn h1(msg: &[&[u8]]) -> generic_ec::Scalar { Secp256k1::h1(msg) diff --git a/givre/src/ciphersuite/ed25519.rs b/givre/src/ciphersuite/ed25519.rs index f3e25a4..20f0a35 100644 --- a/givre/src/ciphersuite/ed25519.rs +++ b/givre/src/ciphersuite/ed25519.rs @@ -12,6 +12,7 @@ impl Ciphersuite for Ed25519 { type Curve = generic_ec::curves::Ed25519; type Digest = sha2::Sha512; + type MultiscalarMul = generic_ec::multiscalar::Default; fn h1(msg: &[&[u8]]) -> generic_ec::Scalar { let mut hash = sha2::Sha512::new() diff --git a/givre/src/ciphersuite/secp256k1.rs b/givre/src/ciphersuite/secp256k1.rs index a6c9143..6af3c33 100644 --- a/givre/src/ciphersuite/secp256k1.rs +++ b/givre/src/ciphersuite/secp256k1.rs @@ -12,6 +12,7 @@ impl Ciphersuite for Secp256k1 { type Curve = generic_ec::curves::Secp256k1; type Digest = sha2::Sha256; + type MultiscalarMul = generic_ec::multiscalar::Default; fn h1(msg: &[&[u8]]) -> generic_ec::Scalar { hash_to_scalar(msg, &[Self::NAME.as_bytes(), b"rho"]) diff --git a/givre/src/signing/aggregate.rs b/givre/src/signing/aggregate.rs index cf66884..f065008 100644 --- a/givre/src/signing/aggregate.rs +++ b/givre/src/signing/aggregate.rs @@ -124,7 +124,7 @@ pub fn aggregate( // --- The Aggregation let binding_factor_list = utils::compute_binding_factors::(key_info.shared_public_key, &comm_list, msg); - let group_commitment = utils::compute_group_commitment(&comm_list, &binding_factor_list); + let group_commitment = utils::compute_group_commitment::(&comm_list, &binding_factor_list); let z = signers .iter() .map(|(_j, _comm, sig_share)| sig_share.0) diff --git a/givre/src/signing/round2.rs b/givre/src/signing/round2.rs index 18fd089..39b1988 100644 --- a/givre/src/signing/round2.rs +++ b/givre/src/signing/round2.rs @@ -107,7 +107,7 @@ pub fn sign( let binding_factor = binding_factor_list.get(i).ok_or(Bug::OwnBindingFactor)?.1; debug_assert_eq!(binding_factor_list[i].0, signer_id); - let group_commitment = utils::compute_group_commitment(&comm_list, &binding_factor_list); + let group_commitment = utils::compute_group_commitment::(&comm_list, &binding_factor_list); let nonce_share = nonce.hiding_nonce + (nonce.binding_nonce * binding_factor); let (group_commitment, nonce_share) = match NormalizedPoint::try_normalize(group_commitment) { diff --git a/givre/src/signing/utils.rs b/givre/src/signing/utils.rs index 8e0c006..ec354cf 100644 --- a/givre/src/signing/utils.rs +++ b/givre/src/signing/utils.rs @@ -1,7 +1,7 @@ use alloc::vec::Vec; use digest::{FixedOutput, Update}; -use generic_ec::{Curve, NonZero, Point, Scalar}; +use generic_ec::{NonZero, Point, Scalar}; use crate::ciphersuite::Ciphersuite; @@ -76,21 +76,26 @@ pub fn compute_binding_factors( /// Differences compared to the draft: /// * Assumes that commitments and binding factors come in the same order, i.e. `commitment_list[i].0 == binding_factor_list[i].0` /// for all i. Assumtion is enforced via debug assertation. -pub fn compute_group_commitment<'a, E: Curve>( - commitment_list: impl IntoIterator>, PublicCommitments)>, - binding_factor_list: impl IntoIterator>, Scalar)>, -) -> Point { - commitment_list - .into_iter() - .zip(binding_factor_list) - .map(|((i, comm), (_i, factor))| { - debug_assert_eq!(i, _i); - (*i, *comm, *factor) - }) - .fold(Point::zero(), |acc, (_i, comm, binding_factor)| { - let binding_nonce = comm.binding_comm * binding_factor; - acc + comm.hiding_comm + binding_nonce - }) +pub fn compute_group_commitment( + commitment_list: &[(NonZero>, PublicCommitments)], + binding_factor_list: &[(NonZero>, Scalar)], +) -> Point { + use generic_ec::multiscalar::MultiscalarMul; + debug_assert_eq!(commitment_list.len(), binding_factor_list.len()); + + // binding_nonces = \sum_i commitment_list[i].1.binding_comm * binding_factor_list[i].1 + let binding_nonces = + C::MultiscalarMul::multiscalar_mul(commitment_list.iter().zip(binding_factor_list).map( + |((i, comm), (_i, factor))| { + debug_assert_eq!(i, _i); + (*factor, comm.binding_comm) + }, + )); + binding_nonces + + commitment_list + .iter() + .map(|(_, comm)| comm.hiding_comm) + .sum::>() } pub fn is_sorted(slice: &[T]) -> bool { From fcb533074441ce3a5ef8cd345a2efecbe176fed4 Mon Sep 17 00:00:00 2001 From: Denis Varlakov Date: Wed, 17 Apr 2024 16:25:14 +0200 Subject: [PATCH 02/18] Use `Dalek` multiscalar mult for ed25519 --- Cargo.lock | 10 ++++------ Cargo.toml | 3 +++ givre/src/ciphersuite/ed25519.rs | 2 +- 3 files changed, 8 insertions(+), 7 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index d0f9c13..3337b4c 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -485,9 +485,9 @@ dependencies = [ [[package]] name = "generic-ec" version = "0.2.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6f5cb6bae30037a9462484c3f8c2290314b43e2ca09f7250a573165bcea9e914" +source = "git+https://github.com/dfns/generic-ec?branch=faster-multiscalar#0448502140738f84d2d8418ead9a935bb24d9627" dependencies = [ + "curve25519-dalek", "generic-ec-core", "generic-ec-curves", "hex", @@ -503,8 +503,7 @@ dependencies = [ [[package]] name = "generic-ec-core" version = "0.1.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "85e8a3654fc9ea7366dd5725644b3537ec516dc47ea1944afd3c150ccb6e2137" +source = "git+https://github.com/dfns/generic-ec?branch=faster-multiscalar#0448502140738f84d2d8418ead9a935bb24d9627" dependencies = [ "generic-array", "rand_core", @@ -516,8 +515,7 @@ dependencies = [ [[package]] name = "generic-ec-curves" version = "0.1.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "564382bd1935579ced6e7cd896f2d8703c0800d5411e8438cc8f6d953c9fb1e7" +source = "git+https://github.com/dfns/generic-ec?branch=faster-multiscalar#0448502140738f84d2d8418ead9a935bb24d9627" dependencies = [ "crypto-bigint", "curve25519-dalek", diff --git a/Cargo.toml b/Cargo.toml index e3ca791..6312186 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -9,3 +9,6 @@ exclude = [ "wasm/no_std", ] +[patch.crates-io.generic-ec] +git = "https://github.com/dfns/generic-ec" +branch = "faster-multiscalar" diff --git a/givre/src/ciphersuite/ed25519.rs b/givre/src/ciphersuite/ed25519.rs index 20f0a35..430bd95 100644 --- a/givre/src/ciphersuite/ed25519.rs +++ b/givre/src/ciphersuite/ed25519.rs @@ -12,7 +12,7 @@ impl Ciphersuite for Ed25519 { type Curve = generic_ec::curves::Ed25519; type Digest = sha2::Sha512; - type MultiscalarMul = generic_ec::multiscalar::Default; + type MultiscalarMul = generic_ec::multiscalar::Dalek; fn h1(msg: &[&[u8]]) -> generic_ec::Scalar { let mut hash = sha2::Sha512::new() From 1be2420842d0f67270d5b0685c3ec349770c2d0a Mon Sep 17 00:00:00 2001 From: Denis Varlakov Date: Wed, 17 Apr 2024 16:30:08 +0200 Subject: [PATCH 03/18] Enable `alloc` feature on `generic-ec` --- givre/Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/givre/Cargo.toml b/givre/Cargo.toml index 3025df5..bb306bd 100644 --- a/givre/Cargo.toml +++ b/givre/Cargo.toml @@ -9,7 +9,7 @@ edition = "2021" cggmp21-keygen = { version = "0.1", optional = true } key-share = { version = "0.2.2", default-features = false } -generic-ec = { version = "0.2.4", default-features = false } +generic-ec = { version = "0.2.4", default-features = false, features = ["alloc"] } rand_core = { version = "0.6", default-features = false } digest = { version = "0.10", default-features = false } From f43bca8b29a246191bfb3feac326204324cd3437 Mon Sep 17 00:00:00 2001 From: Denis Varlakov Date: Wed, 17 Apr 2024 16:38:21 +0200 Subject: [PATCH 04/18] Update wasm nostd --- wasm/no_std/Cargo.toml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/wasm/no_std/Cargo.toml b/wasm/no_std/Cargo.toml index 4e24a72..25c923e 100644 --- a/wasm/no_std/Cargo.toml +++ b/wasm/no_std/Cargo.toml @@ -7,3 +7,7 @@ edition = "2021" [dependencies] givre = { path = "../../givre", default-features = false, features = ["all-ciphersuites", "spof"] } + +[patch.crates-io.generic-ec] +git = "https://github.com/dfns/generic-ec" +branch = "faster-multiscalar" From 6a94147863ba84c2527773002a2a31347bbfc78e Mon Sep 17 00:00:00 2001 From: Denis Varlakov Date: Fri, 19 Apr 2024 11:24:08 +0200 Subject: [PATCH 05/18] Update deps --- Cargo.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 3337b4c..1dd6cd5 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -485,7 +485,7 @@ dependencies = [ [[package]] name = "generic-ec" version = "0.2.4" -source = "git+https://github.com/dfns/generic-ec?branch=faster-multiscalar#0448502140738f84d2d8418ead9a935bb24d9627" +source = "git+https://github.com/dfns/generic-ec?branch=faster-multiscalar#2d55ded5e875c93077d4e17bb6ee255fd70287da" dependencies = [ "curve25519-dalek", "generic-ec-core", @@ -503,7 +503,7 @@ dependencies = [ [[package]] name = "generic-ec-core" version = "0.1.4" -source = "git+https://github.com/dfns/generic-ec?branch=faster-multiscalar#0448502140738f84d2d8418ead9a935bb24d9627" +source = "git+https://github.com/dfns/generic-ec?branch=faster-multiscalar#2d55ded5e875c93077d4e17bb6ee255fd70287da" dependencies = [ "generic-array", "rand_core", @@ -515,7 +515,7 @@ dependencies = [ [[package]] name = "generic-ec-curves" version = "0.1.5" -source = "git+https://github.com/dfns/generic-ec?branch=faster-multiscalar#0448502140738f84d2d8418ead9a935bb24d9627" +source = "git+https://github.com/dfns/generic-ec?branch=faster-multiscalar#2d55ded5e875c93077d4e17bb6ee255fd70287da" dependencies = [ "crypto-bigint", "curve25519-dalek", From 916380bdf853f32087467024b17a9fcd35ba67c7 Mon Sep 17 00:00:00 2001 From: Denis Varlakov Date: Fri, 19 Apr 2024 13:06:34 +0200 Subject: [PATCH 06/18] Disable dalek multiscalar --- givre/src/ciphersuite/ed25519.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/givre/src/ciphersuite/ed25519.rs b/givre/src/ciphersuite/ed25519.rs index 430bd95..20f0a35 100644 --- a/givre/src/ciphersuite/ed25519.rs +++ b/givre/src/ciphersuite/ed25519.rs @@ -12,7 +12,7 @@ impl Ciphersuite for Ed25519 { type Curve = generic_ec::curves::Ed25519; type Digest = sha2::Sha512; - type MultiscalarMul = generic_ec::multiscalar::Dalek; + type MultiscalarMul = generic_ec::multiscalar::Default; fn h1(msg: &[&[u8]]) -> generic_ec::Scalar { let mut hash = sha2::Sha512::new() From 1a788decae011c793341e1a760111bfa093fb5d4 Mon Sep 17 00:00:00 2001 From: Denis Varlakov Date: Fri, 19 Apr 2024 13:10:47 +0200 Subject: [PATCH 07/18] Verify signature in aggregation --- givre/src/signing/aggregate.rs | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/givre/src/signing/aggregate.rs b/givre/src/signing/aggregate.rs index f065008..d78e154 100644 --- a/givre/src/signing/aggregate.rs +++ b/givre/src/signing/aggregate.rs @@ -130,10 +130,14 @@ pub fn aggregate( .map(|(_j, _comm, sig_share)| sig_share.0) .sum(); - Ok(Signature { + let sig = Signature { r: C::normalize_point(group_commitment), z, - }) + }; + sig.verify(&C::normalize_point(key_info.shared_public_key), msg) + .map_err(|_| Reason::InvalidSig)?; + + Ok(sig) } /// Aggregation error @@ -144,6 +148,7 @@ pub struct AggregateError(Reason); enum Reason { UnknownSigner(SignerIndex), SameSignerTwice, + InvalidSig, } impl From for AggregateError { @@ -159,6 +164,7 @@ impl fmt::Display for AggregateError { Reason::SameSignerTwice => { f.write_str("same signer appears more than once in the list") } + Reason::InvalidSig => f.write_str("invalid signature"), } } } @@ -167,7 +173,7 @@ impl fmt::Display for AggregateError { impl std::error::Error for AggregateError { fn source(&self) -> Option<&(dyn std::error::Error + 'static)> { match &self.0 { - Reason::UnknownSigner(_) | Reason::SameSignerTwice => None, + Reason::UnknownSigner(_) | Reason::SameSignerTwice | Reason::InvalidSig => None, } } } From d8dd7fc83d263354ebd19496b0cf42e6fd3f34b8 Mon Sep 17 00:00:00 2001 From: Denis Varlakov Date: Fri, 19 Apr 2024 16:30:02 +0200 Subject: [PATCH 08/18] Allow to change multiscalar algo --- givre/src/ciphersuite.rs | 82 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 82 insertions(+) diff --git a/givre/src/ciphersuite.rs b/givre/src/ciphersuite.rs index 8ddf1b9..8f85e0d 100644 --- a/givre/src/ciphersuite.rs +++ b/givre/src/ciphersuite.rs @@ -362,3 +362,85 @@ pub fn is_key_share_normalized( ) -> bool { C::is_normalized(&key_share.shared_public_key) } + +/// Overrides multiscalar multiplication used with the ciphersuite +pub struct WithMultiscalar { + _ph: core::marker::PhantomData (C, M)>, +} + +impl Clone for WithMultiscalar { + fn clone(&self) -> Self { + Self { + _ph: core::marker::PhantomData, + } + } +} +impl Copy for WithMultiscalar {} +impl core::fmt::Debug for WithMultiscalar { + fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result { + f.write_str("WithMultiscalar") + } +} + +impl> Ciphersuite + for WithMultiscalar +{ + const NAME: &'static str = C::NAME; + type Curve = C::Curve; + type Digest = C::Digest; + type MultiscalarMul = M; + + fn h1(msg: &[&[u8]]) -> Scalar { + C::h1(msg) + } + fn compute_challenge( + group_commitment: &NormalizedPoint>, + group_public_key: &NormalizedPoint>>, + msg: &[u8], + ) -> Scalar { + let group_commitment = NormalizedPoint(group_commitment.0, core::marker::PhantomData); + let group_public_key = NormalizedPoint(group_public_key.0, core::marker::PhantomData); + C::compute_challenge(&group_commitment, &group_public_key, msg) + } + fn h3(msg: &[&[u8]]) -> Scalar { + C::h3(msg) + } + fn h4() -> Self::Digest { + C::h4() + } + fn h5() -> Self::Digest { + C::h5() + } + + type PointBytes = C::PointBytes; + fn serialize_point(point: &Point) -> Self::PointBytes { + C::serialize_point(point) + } + fn deserialize_point(bytes: &[u8]) -> Result, InvalidPoint> { + C::deserialize_point(bytes) + } + + type ScalarBytes = C::ScalarBytes; + const SCALAR_SIZE: usize = C::SCALAR_SIZE; + fn serialize_scalar(scalar: &Scalar) -> Self::ScalarBytes { + C::serialize_scalar(scalar) + } + fn deserialize_scalar(bytes: &[u8]) -> Result, InvalidScalar> { + C::deserialize_scalar(bytes) + } + + type NormalizedPointBytes = C::NormalizedPointBytes; + const NORMALIZED_POINT_SIZE: usize = C::NORMALIZED_POINT_SIZE; + fn serialize_normalized_point>>( + point: &NormalizedPoint, + ) -> Self::NormalizedPointBytes { + let point = NormalizedPoint(*point.0.as_ref(), core::marker::PhantomData); + C::serialize_normalized_point(&point) + } + fn deserialize_normalized_point( + bytes: &[u8], + ) -> Result>, InvalidPoint> { + C::deserialize_normalized_point(bytes) + .map(|point| NormalizedPoint(point.0, core::marker::PhantomData)) + } +} From ca491163c77bb4f25d9884b1525821a66e25221b Mon Sep 17 00:00:00 2001 From: Denis Varlakov Date: Fri, 19 Apr 2024 18:04:24 +0200 Subject: [PATCH 09/18] Optimize ed25519 hashing --- Cargo.lock | 2 ++ Cargo.toml | 4 ++++ givre/Cargo.toml | 5 ++++- givre/src/ciphersuite/ed25519.rs | 17 ++++++++++++++--- 4 files changed, 24 insertions(+), 4 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 1dd6cd5..d0299ea 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -576,9 +576,11 @@ name = "givre" version = "0.1.0" dependencies = [ "cggmp21-keygen", + "curve25519-dalek", "digest", "futures", "generic-ec", + "generic-ec-curves", "k256", "key-share", "rand_core", diff --git a/Cargo.toml b/Cargo.toml index 6312186..ece74a7 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -12,3 +12,7 @@ exclude = [ [patch.crates-io.generic-ec] git = "https://github.com/dfns/generic-ec" branch = "faster-multiscalar" + +[patch.crates-io.generic-ec-curves] +git = "https://github.com/dfns/generic-ec" +branch = "faster-multiscalar" diff --git a/givre/Cargo.toml b/givre/Cargo.toml index bb306bd..1a57f4a 100644 --- a/givre/Cargo.toml +++ b/givre/Cargo.toml @@ -10,6 +10,7 @@ cggmp21-keygen = { version = "0.1", optional = true } key-share = { version = "0.2.2", default-features = false } generic-ec = { version = "0.2.4", default-features = false, features = ["alloc"] } +generic-ec-curves = { version = "0.1", default-features = false, optional = true } rand_core = { version = "0.6", default-features = false } digest = { version = "0.10", default-features = false } @@ -23,6 +24,8 @@ sha2 = { version = "0.10", default-features = false, optional = true } serde = { version = "1", default-features = false, features = ["derive"], optional = true } +curve25519-dalek = { version = "4", default-features = false, optional = true } + [dev-dependencies] rand_core = { version = "0.6", default-features = false, features = ["getrandom"] } @@ -47,6 +50,6 @@ hd-wallets = ["key-share/hd-wallets", "cggmp21-keygen?/hd-wallets"] all-ciphersuites = ["ciphersuite-secp256k1", "ciphersuite-ed25519", "ciphersuite-bitcoin"] ciphersuite-secp256k1 = ["generic-ec/curve-secp256k1", "k256", "sha2", "static_assertions"] -ciphersuite-ed25519 = ["generic-ec/curve-ed25519", "sha2"] +ciphersuite-ed25519 = ["generic-ec/curve-ed25519", "sha2", "curve25519-dalek", "generic-ec-curves/ed25519"] ciphersuite-bitcoin = ["ciphersuite-secp256k1"] diff --git a/givre/src/ciphersuite/ed25519.rs b/givre/src/ciphersuite/ed25519.rs index 20f0a35..b6eaae4 100644 --- a/givre/src/ciphersuite/ed25519.rs +++ b/givre/src/ciphersuite/ed25519.rs @@ -23,7 +23,7 @@ impl Ciphersuite for Ed25519 { } let hash = hash.finalize(); - generic_ec::Scalar::from_le_bytes_mod_order(hash) + reduce_512bits_le_scalar_mod_order(&hash.into()) } fn compute_challenge( @@ -37,7 +37,7 @@ impl Ciphersuite for Ed25519 { .chain_update(msg) .finalize(); - generic_ec::Scalar::from_le_bytes_mod_order(hash) + reduce_512bits_le_scalar_mod_order(&hash.into()) } fn h3(msg: &[&[u8]]) -> generic_ec::Scalar { @@ -49,7 +49,7 @@ impl Ciphersuite for Ed25519 { } let hash = hash.finalize(); - generic_ec::Scalar::from_le_bytes_mod_order(hash) + reduce_512bits_le_scalar_mod_order(&hash.into()) } fn h4() -> Self::Digest { @@ -100,3 +100,14 @@ impl Ciphersuite for Ed25519 { Ok(Self::normalize_point(point)) } } + +/// Reduces 512 bits integer mod curve order +/// +/// This is a more efficient version of [`generic_ec::Scalar::from_le_bytes_mod_order`] +fn reduce_512bits_le_scalar_mod_order( + bytes: &[u8; 64], +) -> generic_ec::Scalar { + let out = curve25519_dalek::Scalar::from_bytes_mod_order_wide(bytes); + let out = generic_ec_curves::ed25519::Scalar(out); + generic_ec::as_raw::FromRaw::from_raw(out) +} From 23801c08c20e4f77723846bb066fa2f80da759b0 Mon Sep 17 00:00:00 2001 From: Denis Varlakov Date: Mon, 22 Apr 2024 11:34:30 +0200 Subject: [PATCH 10/18] ed25519 ciphersuite: use dalek multiscalar --- givre/src/ciphersuite.rs | 82 -------------------------------- givre/src/ciphersuite/ed25519.rs | 2 +- 2 files changed, 1 insertion(+), 83 deletions(-) diff --git a/givre/src/ciphersuite.rs b/givre/src/ciphersuite.rs index 8f85e0d..8ddf1b9 100644 --- a/givre/src/ciphersuite.rs +++ b/givre/src/ciphersuite.rs @@ -362,85 +362,3 @@ pub fn is_key_share_normalized( ) -> bool { C::is_normalized(&key_share.shared_public_key) } - -/// Overrides multiscalar multiplication used with the ciphersuite -pub struct WithMultiscalar { - _ph: core::marker::PhantomData (C, M)>, -} - -impl Clone for WithMultiscalar { - fn clone(&self) -> Self { - Self { - _ph: core::marker::PhantomData, - } - } -} -impl Copy for WithMultiscalar {} -impl core::fmt::Debug for WithMultiscalar { - fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result { - f.write_str("WithMultiscalar") - } -} - -impl> Ciphersuite - for WithMultiscalar -{ - const NAME: &'static str = C::NAME; - type Curve = C::Curve; - type Digest = C::Digest; - type MultiscalarMul = M; - - fn h1(msg: &[&[u8]]) -> Scalar { - C::h1(msg) - } - fn compute_challenge( - group_commitment: &NormalizedPoint>, - group_public_key: &NormalizedPoint>>, - msg: &[u8], - ) -> Scalar { - let group_commitment = NormalizedPoint(group_commitment.0, core::marker::PhantomData); - let group_public_key = NormalizedPoint(group_public_key.0, core::marker::PhantomData); - C::compute_challenge(&group_commitment, &group_public_key, msg) - } - fn h3(msg: &[&[u8]]) -> Scalar { - C::h3(msg) - } - fn h4() -> Self::Digest { - C::h4() - } - fn h5() -> Self::Digest { - C::h5() - } - - type PointBytes = C::PointBytes; - fn serialize_point(point: &Point) -> Self::PointBytes { - C::serialize_point(point) - } - fn deserialize_point(bytes: &[u8]) -> Result, InvalidPoint> { - C::deserialize_point(bytes) - } - - type ScalarBytes = C::ScalarBytes; - const SCALAR_SIZE: usize = C::SCALAR_SIZE; - fn serialize_scalar(scalar: &Scalar) -> Self::ScalarBytes { - C::serialize_scalar(scalar) - } - fn deserialize_scalar(bytes: &[u8]) -> Result, InvalidScalar> { - C::deserialize_scalar(bytes) - } - - type NormalizedPointBytes = C::NormalizedPointBytes; - const NORMALIZED_POINT_SIZE: usize = C::NORMALIZED_POINT_SIZE; - fn serialize_normalized_point>>( - point: &NormalizedPoint, - ) -> Self::NormalizedPointBytes { - let point = NormalizedPoint(*point.0.as_ref(), core::marker::PhantomData); - C::serialize_normalized_point(&point) - } - fn deserialize_normalized_point( - bytes: &[u8], - ) -> Result>, InvalidPoint> { - C::deserialize_normalized_point(bytes) - .map(|point| NormalizedPoint(point.0, core::marker::PhantomData)) - } -} diff --git a/givre/src/ciphersuite/ed25519.rs b/givre/src/ciphersuite/ed25519.rs index b6eaae4..458526c 100644 --- a/givre/src/ciphersuite/ed25519.rs +++ b/givre/src/ciphersuite/ed25519.rs @@ -12,7 +12,7 @@ impl Ciphersuite for Ed25519 { type Curve = generic_ec::curves::Ed25519; type Digest = sha2::Sha512; - type MultiscalarMul = generic_ec::multiscalar::Default; + type MultiscalarMul = generic_ec::multiscalar::Dalek; fn h1(msg: &[&[u8]]) -> generic_ec::Scalar { let mut hash = sha2::Sha512::new() From 90806087f3c331342958cc86786d7da3311a2135 Mon Sep 17 00:00:00 2001 From: Denis Varlakov Date: Fri, 21 Jun 2024 12:51:32 +0200 Subject: [PATCH 11/18] Update deps to latest --- Cargo.lock | 371 +++--------------------------- Cargo.toml | 12 +- givre/Cargo.toml | 13 +- givre/src/signing/full_signing.rs | 3 +- tests/Cargo.toml | 3 +- wasm/no_std/Cargo.toml | 3 - 6 files changed, 52 insertions(+), 353 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index d0299ea..af13e3e 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -17,21 +17,6 @@ version = "1.0.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f26201604c87b1e01bd3d98f8d5d9a8fcbb815e8cedb41ffccbeb4bf593a35fe" -[[package]] -name = "android-tzdata" -version = "0.1.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e999941b234f3131b00bc13c22d06e8c5ff726d1b6318ac7eb276997bbb4fef0" - -[[package]] -name = "android_system_properties" -version = "0.1.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "819e7219dbd41043ac279b19830f2efc897156490d7fd6ea916720117ee66311" -dependencies = [ - "libc", -] - [[package]] name = "autocfg" version = "1.1.0" @@ -80,12 +65,6 @@ dependencies = [ "generic-array", ] -[[package]] -name = "bumpalo" -version = "3.14.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7f30e7476521f6f8af1a1c4c0b8cc94f0bee37d91763d0ca2665f299b6cd8aec" - [[package]] name = "bytes" version = "1.5.0" @@ -109,12 +88,11 @@ checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" [[package]] name = "cggmp21-keygen" -version = "0.1.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a2a502901b03b7a77e31348435318ed5e0c01193322c145211d265e4b973f98e" +version = "0.3.0" +source = "git+https://github.com/dfnsco/cggmp21-private?rev=730e1217443eccac983d0177cab222decf07f139#730e1217443eccac983d0177cab222decf07f139" dependencies = [ "digest", - "futures", + "displaydoc", "generic-ec", "generic-ec-zkp", "hex", @@ -135,11 +113,8 @@ version = "0.4.34" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5bc015644b92d5890fab7489e49d21f879d5c990186827d42ec511919404f38b" dependencies = [ - "android-tzdata", - "iana-time-zone", "num-traits", "serde", - "windows-targets", ] [[package]] @@ -148,12 +123,6 @@ version = "0.9.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8" -[[package]] -name = "core-foundation-sys" -version = "0.8.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "06ea2b9bc92be3c2baa9334a323ebca2d6f074ff852cd1d7b11064035cd3868f" - [[package]] name = "cpufeatures" version = "0.2.12" @@ -267,7 +236,6 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b42b6fa04a440b495c8b04d0e71b707c585f83cb9cb28cf8cd0d976c315e31b4" dependencies = [ "powerfmt", - "serde", ] [[package]] @@ -381,65 +349,12 @@ version = "1.0.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1" -[[package]] -name = "futures" -version = "0.3.30" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "645c6916888f6cb6350d2550b80fb63e734897a8498abe35cfb732b6487804b0" -dependencies = [ - "futures-channel", - "futures-core", - "futures-executor", - "futures-io", - "futures-sink", - "futures-task", - "futures-util", -] - -[[package]] -name = "futures-channel" -version = "0.3.30" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "eac8f7d7865dcb88bd4373ab671c8cf4508703796caa2b1985a9ca867b3fcb78" -dependencies = [ - "futures-core", - "futures-sink", -] - [[package]] name = "futures-core" version = "0.3.30" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "dfc6580bb841c5a68e9ef15c77ccc837b40a7504914d52e47b8b0e9bbda25a1d" -[[package]] -name = "futures-executor" -version = "0.3.30" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a576fc72ae164fca6b9db127eaa9a9dda0d61316034f33a0a0d4eda41f02b01d" -dependencies = [ - "futures-core", - "futures-task", - "futures-util", -] - -[[package]] -name = "futures-io" -version = "0.3.30" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a44623e20b9681a318efdd71c299b6b222ed6f231972bfe2f224ebad6311f0c1" - -[[package]] -name = "futures-macro" -version = "0.3.30" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "87750cf4b7a4c0625b1529e4c543c2182106e4dedc60a2a6455e00d212c489ac" -dependencies = [ - "proc-macro2", - "quote", - "syn 2.0.48", -] - [[package]] name = "futures-sink" version = "0.3.30" @@ -458,16 +373,11 @@ version = "0.3.30" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3d6401deb83407ab3da39eba7e33987a73c3df0c82b4bb5813ee871c19c41d48" dependencies = [ - "futures-channel", "futures-core", - "futures-io", - "futures-macro", "futures-sink", "futures-task", - "memchr", "pin-project-lite", "pin-utils", - "slab", ] [[package]] @@ -484,15 +394,18 @@ dependencies = [ [[package]] name = "generic-ec" -version = "0.2.4" -source = "git+https://github.com/dfns/generic-ec?branch=faster-multiscalar#2d55ded5e875c93077d4e17bb6ee255fd70287da" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "10cc122ac7a2ebc45550f766cd23a9040f6d15db440230b0888e5645e8eb2cb4" dependencies = [ "curve25519-dalek", + "digest", "generic-ec-core", "generic-ec-curves", "hex", "phantom-type 0.4.2", "rand_core", + "rand_hash", "serde", "serde_with", "subtle", @@ -502,8 +415,9 @@ dependencies = [ [[package]] name = "generic-ec-core" -version = "0.1.4" -source = "git+https://github.com/dfns/generic-ec?branch=faster-multiscalar#2d55ded5e875c93077d4e17bb6ee255fd70287da" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f156564cc8aa47456da807826b1a0aa9cf420474d9f41593ffbdde65133d4bea" dependencies = [ "generic-array", "rand_core", @@ -514,10 +428,10 @@ dependencies = [ [[package]] name = "generic-ec-curves" -version = "0.1.5" -source = "git+https://github.com/dfns/generic-ec?branch=faster-multiscalar#2d55ded5e875c93077d4e17bb6ee255fd70287da" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b5926949b758d01801c7edd75357495fe54c5fc25580a193de4c994c94d22307" dependencies = [ - "crypto-bigint", "curve25519-dalek", "elliptic-curve", "generic-ec-core", @@ -531,9 +445,9 @@ dependencies = [ [[package]] name = "generic-ec-zkp" -version = "0.2.0" +version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a9b631ea71fa0294e80d479c5b952e276776c9abf1b1a542b48e66b83fe1828c" +checksum = "f360d09b920f154726c654363cef62ba3497c8037b82f94aa17df215fc05d6f9" dependencies = [ "generic-array", "generic-ec", @@ -578,7 +492,6 @@ dependencies = [ "cggmp21-keygen", "curve25519-dalek", "digest", - "futures", "generic-ec", "generic-ec-curves", "k256", @@ -595,7 +508,6 @@ name = "givre-tests" version = "0.1.0" dependencies = [ "ed25519-dalek", - "futures", "generic-tests", "givre", "hex-literal", @@ -619,12 +531,6 @@ dependencies = [ "subtle", ] -[[package]] -name = "hashbrown" -version = "0.12.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8a9ee70c43aaf417c914396645a0fa852624801b24ebb7ae78fe8272889ac888" - [[package]] name = "hex" version = "0.4.3" @@ -649,61 +555,18 @@ dependencies = [ "digest", ] -[[package]] -name = "iana-time-zone" -version = "0.1.60" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e7ffbb5a1b541ea2561f8c41c087286cc091e21e556a4f09a8f6cbf17b69b141" -dependencies = [ - "android_system_properties", - "core-foundation-sys", - "iana-time-zone-haiku", - "js-sys", - "wasm-bindgen", - "windows-core", -] - -[[package]] -name = "iana-time-zone-haiku" -version = "0.1.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f31827a206f56af32e590ba56d5d2d085f558508192593743f16b2306495269f" -dependencies = [ - "cc", -] - [[package]] name = "ident_case" version = "1.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b9e0384b61958566e926dc50660321d12159025e767c18e043daf26b70104c39" -[[package]] -name = "indexmap" -version = "1.9.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bd070e393353796e801d209ad339e89596eb4c8d430d18ede6a1cced8fafbd99" -dependencies = [ - "autocfg", - "hashbrown", - "serde", -] - [[package]] name = "itoa" version = "1.0.10" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b1a46d1a171d865aa5f83f92695765caa047a9b4cbae2cbf37dbd613a793fd4c" -[[package]] -name = "js-sys" -version = "0.3.68" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "406cda4b368d531c842222cf9d2600a9a4acce8d29423695379c6868a143a9ee" -dependencies = [ - "wasm-bindgen", -] - [[package]] name = "k256" version = "0.13.3" @@ -716,9 +579,8 @@ dependencies = [ [[package]] name = "key-share" -version = "0.2.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b92d6a48de7507329eb252365d274b2d704d35a6616ca1be1292a2d96f2b4a59" +version = "0.4.0" +source = "git+https://github.com/dfnsco/cggmp21-private?rev=730e1217443eccac983d0177cab222decf07f139#730e1217443eccac983d0177cab222decf07f139" dependencies = [ "displaydoc", "generic-ec", @@ -737,12 +599,6 @@ version = "0.2.153" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9c198f91728a82281a64e1f4f9eeb25d82cb32a5de251c6bd1b5154d63a8e7bd" -[[package]] -name = "log" -version = "0.4.20" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b5e6163cb8c49088c2c36f57875e58ccd8c87c7427f7fbd50ea6710b2f3f2e8f" - [[package]] name = "memchr" version = "2.7.1" @@ -802,12 +658,6 @@ dependencies = [ "memchr", ] -[[package]] -name = "once_cell" -version = "1.19.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3fdb12b2476b595f9358c5161aa467c2438859caa136dec86c26fdd2efe17b92" - [[package]] name = "phantom-type" version = "0.3.1" @@ -925,12 +775,24 @@ dependencies = [ "rand_core", ] +[[package]] +name = "rand_hash" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "257d7a1ad5533c1faca40f34d4a1ead75b414f16611c0ec210b7fd23e440475f" +dependencies = [ + "digest", + "rand_core", + "udigest", +] + [[package]] name = "round-based" -version = "0.2.0" +version = "0.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "50a0cb1a40a115430c0d124ee305cf118208a37f921a744d41e84d3468a2c1d0" +checksum = "55f473f56ecfa6457a75c0922c4e51ad036d4a1d27b0a697ac3a9b26f74acc3b" dependencies = [ + "displaydoc", "futures-util", "phantom-type 0.3.1", "round-based-derive", @@ -1049,7 +911,6 @@ dependencies = [ "base64", "chrono", "hex", - "indexmap", "serde", "serde_json", "serde_with_macros", @@ -1088,20 +949,11 @@ dependencies = [ "rand_core", ] -[[package]] -name = "slab" -version = "0.4.9" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8f92a496fb766b417c996b9c5e57daf2f7ad3b0bebe1ccfca4856390e3d3bb67" -dependencies = [ - "autocfg", -] - [[package]] name = "slip-10" -version = "0.2.0" +version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f20f0918d675ab26ca9fa3e2c42548356f54b7a09fb4633313756522ddd59f75" +checksum = "10c50b6de806a216bce1d98e9107e03f60b54abcfbe6be3935a528ab57c19f6a" dependencies = [ "generic-array", "generic-ec", @@ -1220,12 +1072,10 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c8248b6521bb14bc45b4067159b9b6ad792e2d6d754d6c41fb50e29fefe38749" dependencies = [ "deranged", - "itoa", "num-conv", "powerfmt", "serde", "time-core", - "time-macros", ] [[package]] @@ -1234,16 +1084,6 @@ version = "0.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ef927ca75afb808a4d64dd374f00a2adf8d0fcff8e7b184af886c3c87ec4a3f3" -[[package]] -name = "time-macros" -version = "0.2.17" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7ba3a3ef41e6672a2f0f001392bb5dcd3ff0a9992d618ca761a11c3121547774" -dependencies = [ - "num-conv", - "time-core", -] - [[package]] name = "tokio" version = "1.36.0" @@ -1298,29 +1138,14 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c3523ab5a71916ccf420eebdf5521fcef02141234bbc0b8a49f2fdc4544364ef" dependencies = [ "pin-project-lite", - "tracing-attributes", "tracing-core", ] -[[package]] -name = "tracing-attributes" -version = "0.1.27" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "34704c8d6ebcbc939824180af020566b01a7c01f80641264eba0999f6c2b6be7" -dependencies = [ - "proc-macro2", - "quote", - "syn 2.0.48", -] - [[package]] name = "tracing-core" version = "0.1.32" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c06d3da6113f116aaee68e4d601191614c9053067f9ab7f6edbcb161237daa54" -dependencies = [ - "once_cell", -] [[package]] name = "typenum" @@ -1330,9 +1155,9 @@ checksum = "42ff0bf0c66b8238c6f3b578df37d0b7848e55df8577b3f74f92a69acceeb825" [[package]] name = "udigest" -version = "0.1.0" +version = "0.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a8e4a5cb9599a5dc3d47f21ad605a5a14594e0b212c7627d68dd5ca9776ace2e" +checksum = "3a435a16abb7029ba807a45242367b087dd767e87e2e5ebc5f0e4189ea114a23" dependencies = [ "digest", "udigest-derive", @@ -1340,9 +1165,9 @@ dependencies = [ [[package]] name = "udigest-derive" -version = "0.1.0" +version = "0.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8b29f121da05aa0857e7b96cf2f8782bd4140911506518486d4a125b97d7d609" +checksum = "ee6296c12e792dbc59565a58920d8d1842997ad5a72ddf2a51f70d70bd7af2ba" dependencies = [ "proc-macro2", "quote", @@ -1367,126 +1192,6 @@ version = "0.11.0+wasi-snapshot-preview1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" -[[package]] -name = "wasm-bindgen" -version = "0.2.91" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c1e124130aee3fb58c5bdd6b639a0509486b0338acaaae0c84a5124b0f588b7f" -dependencies = [ - "cfg-if", - "wasm-bindgen-macro", -] - -[[package]] -name = "wasm-bindgen-backend" -version = "0.2.91" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c9e7e1900c352b609c8488ad12639a311045f40a35491fb69ba8c12f758af70b" -dependencies = [ - "bumpalo", - "log", - "once_cell", - "proc-macro2", - "quote", - "syn 2.0.48", - "wasm-bindgen-shared", -] - -[[package]] -name = "wasm-bindgen-macro" -version = "0.2.91" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b30af9e2d358182b5c7449424f017eba305ed32a7010509ede96cdc4696c46ed" -dependencies = [ - "quote", - "wasm-bindgen-macro-support", -] - -[[package]] -name = "wasm-bindgen-macro-support" -version = "0.2.91" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "642f325be6301eb8107a83d12a8ac6c1e1c54345a7ef1a9261962dfefda09e66" -dependencies = [ - "proc-macro2", - "quote", - "syn 2.0.48", - "wasm-bindgen-backend", - "wasm-bindgen-shared", -] - -[[package]] -name = "wasm-bindgen-shared" -version = "0.2.91" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4f186bd2dcf04330886ce82d6f33dd75a7bfcf69ecf5763b89fcde53b6ac9838" - -[[package]] -name = "windows-core" -version = "0.52.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "33ab640c8d7e35bf8ba19b884ba838ceb4fba93a4e8c65a9059d08afcfc683d9" -dependencies = [ - "windows-targets", -] - -[[package]] -name = "windows-targets" -version = "0.52.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8a18201040b24831fbb9e4eb208f8892e1f50a37feb53cc7ff887feb8f50e7cd" -dependencies = [ - "windows_aarch64_gnullvm", - "windows_aarch64_msvc", - "windows_i686_gnu", - "windows_i686_msvc", - "windows_x86_64_gnu", - "windows_x86_64_gnullvm", - "windows_x86_64_msvc", -] - -[[package]] -name = "windows_aarch64_gnullvm" -version = "0.52.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cb7764e35d4db8a7921e09562a0304bf2f93e0a51bfccee0bd0bb0b666b015ea" - -[[package]] -name = "windows_aarch64_msvc" -version = "0.52.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bbaa0368d4f1d2aaefc55b6fcfee13f41544ddf36801e793edbbfd7d7df075ef" - -[[package]] -name = "windows_i686_gnu" -version = "0.52.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a28637cb1fa3560a16915793afb20081aba2c92ee8af57b4d5f28e4b3e7df313" - -[[package]] -name = "windows_i686_msvc" -version = "0.52.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ffe5e8e31046ce6230cc7215707b816e339ff4d4d67c65dffa206fd0f7aa7b9a" - -[[package]] -name = "windows_x86_64_gnu" -version = "0.52.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3d6fa32db2bc4a2f5abeacf2b69f7992cd09dca97498da74a151a3132c26befd" - -[[package]] -name = "windows_x86_64_gnullvm" -version = "0.52.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1a657e1e9d3f514745a572a6846d3c7aa7dbe1658c056ed9c3344c4109a6949e" - -[[package]] -name = "windows_x86_64_msvc" -version = "0.52.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dff9641d1cd4be8d1a070daf9e3773c5f67e78b4d9d42263020c057706765c04" - [[package]] name = "zeroize" version = "1.7.0" diff --git a/Cargo.toml b/Cargo.toml index ece74a7..b8bf581 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -9,10 +9,10 @@ exclude = [ "wasm/no_std", ] -[patch.crates-io.generic-ec] -git = "https://github.com/dfns/generic-ec" -branch = "faster-multiscalar" +[patch.crates-io.cggmp21-keygen] +git = "https://github.com/dfnsco/cggmp21-private" +rev = "730e1217443eccac983d0177cab222decf07f139" -[patch.crates-io.generic-ec-curves] -git = "https://github.com/dfns/generic-ec" -branch = "faster-multiscalar" +[patch.crates-io.key-share] +git = "https://github.com/dfnsco/cggmp21-private" +rev = "730e1217443eccac983d0177cab222decf07f139" diff --git a/givre/Cargo.toml b/givre/Cargo.toml index 1a57f4a..0dcf72a 100644 --- a/givre/Cargo.toml +++ b/givre/Cargo.toml @@ -6,17 +6,16 @@ edition = "2021" # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html [dependencies] -cggmp21-keygen = { version = "0.1", optional = true } -key-share = { version = "0.2.2", default-features = false } +cggmp21-keygen = { version = "0.3", optional = true } +key-share = { version = "0.4", default-features = false } -generic-ec = { version = "0.2.4", default-features = false, features = ["alloc"] } -generic-ec-curves = { version = "0.1", default-features = false, optional = true } +generic-ec = { version = "0.4", default-features = false, features = ["alloc"] } +generic-ec-curves = { version = "0.2", default-features = false, optional = true } rand_core = { version = "0.6", default-features = false } digest = { version = "0.10", default-features = false } -round-based = { version = "0.2", default-features = false, features = ["derive"], optional = true } -futures = { version = "0.3", default-features = false, features = [], optional = true } +round-based = { version = "0.3", default-features = false, features = ["derive"], optional = true } k256 = { version = "0.13", default-features = false, features = ["hash2curve"], optional = true } static_assertions = { version = "1.1", optional = true } @@ -35,7 +34,7 @@ default = ["std"] std = ["key-share/std"] cggmp21-keygen = ["dep:cggmp21-keygen"] -full-signing = ["round-based", "futures"] +full-signing = ["round-based"] serde = ["dep:serde", "key-share/serde"] diff --git a/givre/src/signing/full_signing.rs b/givre/src/signing/full_signing.rs index 09e436b..12b8ca3 100644 --- a/givre/src/signing/full_signing.rs +++ b/givre/src/signing/full_signing.rs @@ -3,12 +3,11 @@ use alloc::{boxed::Box, vec::Vec}; use core::fmt; -use futures::SinkExt; use generic_ec::Curve; use rand_core::{CryptoRng, RngCore}; use round_based::{ rounds_router::{simple_store::RoundInput, RoundsRouter}, - Delivery, + Delivery, SinkExt, }; use crate::{ diff --git a/tests/Cargo.toml b/tests/Cargo.toml index b130d0b..168be4b 100644 --- a/tests/Cargo.toml +++ b/tests/Cargo.toml @@ -19,8 +19,7 @@ rand_core = "0.6" hex-literal = "0.4" tokio = { version = "1", features = ["macros", "rt"]} -round-based = { version = "0.2", features = ["dev"] } -futures = "0.3" +round-based = { version = "0.3", features = ["dev"] } ed25519 = { package = "ed25519-dalek", version = "2.1" } secp256k1 = { version = "0.28", features = ["global-context"] } diff --git a/wasm/no_std/Cargo.toml b/wasm/no_std/Cargo.toml index 25c923e..1a6d514 100644 --- a/wasm/no_std/Cargo.toml +++ b/wasm/no_std/Cargo.toml @@ -8,6 +8,3 @@ edition = "2021" [dependencies] givre = { path = "../../givre", default-features = false, features = ["all-ciphersuites", "spof"] } -[patch.crates-io.generic-ec] -git = "https://github.com/dfns/generic-ec" -branch = "faster-multiscalar" From 9398072e048c4b24eba0a114ba5de40b37986041 Mon Sep 17 00:00:00 2001 From: Denis Varlakov Date: Fri, 21 Jun 2024 12:56:20 +0200 Subject: [PATCH 12/18] Update workflow --- .github/workflows/rust.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml index 2361e6a..b764923 100644 --- a/.github/workflows/rust.yml +++ b/.github/workflows/rust.yml @@ -13,6 +13,9 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 + - uses: webfactory/ssh-agent@v0.9.0 + with: + ssh-private-key: ${{ secrets.CGGMP21 }} - uses: Swatinem/rust-cache@v2 with: cache-on-failure: "true" @@ -22,6 +25,9 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 + - uses: webfactory/ssh-agent@v0.9.0 + with: + ssh-private-key: ${{ secrets.CGGMP21 }} - uses: Swatinem/rust-cache@v2 with: cache-on-failure: "true" @@ -31,6 +37,9 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 + - uses: webfactory/ssh-agent@v0.9.0 + with: + ssh-private-key: ${{ secrets.CGGMP21 }} - uses: Swatinem/rust-cache@v2 with: cache-on-failure: "true" @@ -43,6 +52,9 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 + - uses: webfactory/ssh-agent@v0.9.0 + with: + ssh-private-key: ${{ secrets.CGGMP21 }} - uses: Swatinem/rust-cache@v2 with: cache-on-failure: "true" @@ -58,6 +70,9 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 + - uses: webfactory/ssh-agent@v0.9.0 + with: + ssh-private-key: ${{ secrets.CGGMP21 }} - uses: Swatinem/rust-cache@v2 with: cache-on-failure: "true" @@ -68,6 +83,9 @@ jobs: steps: - uses: dtolnay/rust-toolchain@nightly - uses: actions/checkout@v3 + - uses: webfactory/ssh-agent@v0.9.0 + with: + ssh-private-key: ${{ secrets.CGGMP21 }} - uses: Swatinem/rust-cache@v2 with: cache-on-failure: "true" From 5a05c5303b14ffaaf7eaa53c44567ab64e20eb90 Mon Sep 17 00:00:00 2001 From: Denis Varlakov Date: Fri, 21 Jun 2024 12:58:39 +0200 Subject: [PATCH 13/18] Fix wasm build --- wasm/no_std/Cargo.toml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/wasm/no_std/Cargo.toml b/wasm/no_std/Cargo.toml index 1a6d514..ea55f37 100644 --- a/wasm/no_std/Cargo.toml +++ b/wasm/no_std/Cargo.toml @@ -8,3 +8,10 @@ edition = "2021" [dependencies] givre = { path = "../../givre", default-features = false, features = ["all-ciphersuites", "spof"] } +[patch.crates-io.cggmp21-keygen] +git = "https://github.com/dfnsco/cggmp21-private" +rev = "730e1217443eccac983d0177cab222decf07f139" + +[patch.crates-io.key-share] +git = "https://github.com/dfnsco/cggmp21-private" +rev = "730e1217443eccac983d0177cab222decf07f139" From 687d7cfa062e216d4c238294b8cc356c2862a1d4 Mon Sep 17 00:00:00 2001 From: Denis Varlakov Date: Fri, 21 Jun 2024 13:00:25 +0200 Subject: [PATCH 14/18] Fix tests --- Cargo.lock | 68 ++++++++++++++++++++++++++++++++++++++++++++++++ tests/Cargo.toml | 1 + 2 files changed, 69 insertions(+) diff --git a/Cargo.lock b/Cargo.lock index af13e3e..0d699e3 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -349,12 +349,65 @@ version = "1.0.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1" +[[package]] +name = "futures" +version = "0.3.30" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "645c6916888f6cb6350d2550b80fb63e734897a8498abe35cfb732b6487804b0" +dependencies = [ + "futures-channel", + "futures-core", + "futures-executor", + "futures-io", + "futures-sink", + "futures-task", + "futures-util", +] + +[[package]] +name = "futures-channel" +version = "0.3.30" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "eac8f7d7865dcb88bd4373ab671c8cf4508703796caa2b1985a9ca867b3fcb78" +dependencies = [ + "futures-core", + "futures-sink", +] + [[package]] name = "futures-core" version = "0.3.30" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "dfc6580bb841c5a68e9ef15c77ccc837b40a7504914d52e47b8b0e9bbda25a1d" +[[package]] +name = "futures-executor" +version = "0.3.30" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a576fc72ae164fca6b9db127eaa9a9dda0d61316034f33a0a0d4eda41f02b01d" +dependencies = [ + "futures-core", + "futures-task", + "futures-util", +] + +[[package]] +name = "futures-io" +version = "0.3.30" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a44623e20b9681a318efdd71c299b6b222ed6f231972bfe2f224ebad6311f0c1" + +[[package]] +name = "futures-macro" +version = "0.3.30" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "87750cf4b7a4c0625b1529e4c543c2182106e4dedc60a2a6455e00d212c489ac" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.48", +] + [[package]] name = "futures-sink" version = "0.3.30" @@ -373,11 +426,16 @@ version = "0.3.30" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3d6401deb83407ab3da39eba7e33987a73c3df0c82b4bb5813ee871c19c41d48" dependencies = [ + "futures-channel", "futures-core", + "futures-io", + "futures-macro", "futures-sink", "futures-task", + "memchr", "pin-project-lite", "pin-utils", + "slab", ] [[package]] @@ -508,6 +566,7 @@ name = "givre-tests" version = "0.1.0" dependencies = [ "ed25519-dalek", + "futures", "generic-tests", "givre", "hex-literal", @@ -949,6 +1008,15 @@ dependencies = [ "rand_core", ] +[[package]] +name = "slab" +version = "0.4.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8f92a496fb766b417c996b9c5e57daf2f7ad3b0bebe1ccfca4856390e3d3bb67" +dependencies = [ + "autocfg", +] + [[package]] name = "slip-10" version = "0.4.0" diff --git a/tests/Cargo.toml b/tests/Cargo.toml index 168be4b..a088d3d 100644 --- a/tests/Cargo.toml +++ b/tests/Cargo.toml @@ -19,6 +19,7 @@ rand_core = "0.6" hex-literal = "0.4" tokio = { version = "1", features = ["macros", "rt"]} +futures = "0.3" round-based = { version = "0.3", features = ["dev"] } ed25519 = { package = "ed25519-dalek", version = "2.1" } From 1b62e83a052648e348b408bdcd6647460048295d Mon Sep 17 00:00:00 2001 From: Denis Varlakov Date: Fri, 21 Jun 2024 13:03:23 +0200 Subject: [PATCH 15/18] Fix docs --- Cargo.lock | 1 + givre/Cargo.toml | 1 + givre/src/lib.rs | 6 ++++++ 3 files changed, 8 insertions(+) diff --git a/Cargo.lock b/Cargo.lock index 0d699e3..fff3121 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -550,6 +550,7 @@ dependencies = [ "cggmp21-keygen", "curve25519-dalek", "digest", + "futures", "generic-ec", "generic-ec-curves", "k256", diff --git a/givre/Cargo.toml b/givre/Cargo.toml index 0dcf72a..64fc25b 100644 --- a/givre/Cargo.toml +++ b/givre/Cargo.toml @@ -27,6 +27,7 @@ curve25519-dalek = { version = "4", default-features = false, optional = true } [dev-dependencies] rand_core = { version = "0.6", default-features = false, features = ["getrandom"] } +futures = "0.3" [features] default = ["std"] diff --git a/givre/src/lib.rs b/givre/src/lib.rs index f7343ba..bbaada1 100644 --- a/givre/src/lib.rs +++ b/givre/src/lib.rs @@ -178,6 +178,12 @@ pub use round_based; pub mod ciphersuite; pub mod signing; +#[cfg(test)] +mod _unused_deps { + // `futures` causes false-positive because it's only used in the docs examples + use futures as _; +} + /// Key share /// /// This module re-exports type definitions from [`key_share`](::key_share) crate. From 2ecd9030f49e8d2dacd50b9daefdfbce2aa20c0d Mon Sep 17 00:00:00 2001 From: Denis Varlakov Date: Fri, 21 Jun 2024 13:06:33 +0200 Subject: [PATCH 16/18] Fix links in the docs --- givre/src/lib.rs | 3 +++ 1 file changed, 3 insertions(+) diff --git a/givre/src/lib.rs b/givre/src/lib.rs index bbaada1..9495ca0 100644 --- a/givre/src/lib.rs +++ b/givre/src/lib.rs @@ -42,6 +42,9 @@ //! * [`round_based::Incoming`] and [`round_based::Outgoing`] wrap `Msg` and provide additional data (e.g., sender/recepient) //! * [`futures::Stream`] and [`futures::Sink`] are well-known async primitives. //! +//! [`futures::Stream`]: https://docs.rs/futures/latest/futures/stream/trait.Stream.html +//! [`futures::sink`]: https://docs.rs/futures/latest/futures/sink/trait.Sink.html +//! //! Transport layer implementation needs to meet requirements: //! * All messages must be authenticated \ //! Whenever one party receives a message from another, the receiver should cryptographically From b48c0870984398f6795845e4842f6bc01e62d6fc Mon Sep 17 00:00:00 2001 From: Denis Varlakov Date: Fri, 21 Jun 2024 13:07:36 +0200 Subject: [PATCH 17/18] Update readme --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index b7bd397..0dde73d 100644 --- a/README.md +++ b/README.md @@ -42,6 +42,7 @@ where: * `round_based::Incoming` and `round_based::Outgoing` wrap `Msg` and provide additional data (e.g., sender/recepient) * `futures::Stream` and `futures::Sink` are well-known async primitives. + Transport layer implementation needs to meet requirements: * All messages must be authenticated \ Whenever one party receives a message from another, the receiver should cryptographically From f968f200aae05cfc536b34526412b51ba33f88ba Mon Sep 17 00:00:00 2001 From: Denis Varlakov Date: Mon, 8 Jul 2024 10:20:22 +0200 Subject: [PATCH 18/18] Use `Reduce<64>` trait Signed-off-by: Denis Varlakov --- Cargo.lock | 2 -- givre/Cargo.toml | 5 +---- givre/src/ciphersuite/ed25519.rs | 17 +++-------------- 3 files changed, 4 insertions(+), 20 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index fff3121..e1d1075 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -548,11 +548,9 @@ name = "givre" version = "0.1.0" dependencies = [ "cggmp21-keygen", - "curve25519-dalek", "digest", "futures", "generic-ec", - "generic-ec-curves", "k256", "key-share", "rand_core", diff --git a/givre/Cargo.toml b/givre/Cargo.toml index 64fc25b..224fe24 100644 --- a/givre/Cargo.toml +++ b/givre/Cargo.toml @@ -10,7 +10,6 @@ cggmp21-keygen = { version = "0.3", optional = true } key-share = { version = "0.4", default-features = false } generic-ec = { version = "0.4", default-features = false, features = ["alloc"] } -generic-ec-curves = { version = "0.2", default-features = false, optional = true } rand_core = { version = "0.6", default-features = false } digest = { version = "0.10", default-features = false } @@ -23,8 +22,6 @@ sha2 = { version = "0.10", default-features = false, optional = true } serde = { version = "1", default-features = false, features = ["derive"], optional = true } -curve25519-dalek = { version = "4", default-features = false, optional = true } - [dev-dependencies] rand_core = { version = "0.6", default-features = false, features = ["getrandom"] } futures = "0.3" @@ -50,6 +47,6 @@ hd-wallets = ["key-share/hd-wallets", "cggmp21-keygen?/hd-wallets"] all-ciphersuites = ["ciphersuite-secp256k1", "ciphersuite-ed25519", "ciphersuite-bitcoin"] ciphersuite-secp256k1 = ["generic-ec/curve-secp256k1", "k256", "sha2", "static_assertions"] -ciphersuite-ed25519 = ["generic-ec/curve-ed25519", "sha2", "curve25519-dalek", "generic-ec-curves/ed25519"] +ciphersuite-ed25519 = ["generic-ec/curve-ed25519", "sha2"] ciphersuite-bitcoin = ["ciphersuite-secp256k1"] diff --git a/givre/src/ciphersuite/ed25519.rs b/givre/src/ciphersuite/ed25519.rs index 458526c..8cb7df3 100644 --- a/givre/src/ciphersuite/ed25519.rs +++ b/givre/src/ciphersuite/ed25519.rs @@ -23,7 +23,7 @@ impl Ciphersuite for Ed25519 { } let hash = hash.finalize(); - reduce_512bits_le_scalar_mod_order(&hash.into()) + generic_ec::traits::Reduce::<64>::from_le_array_mod_order(&hash.into()) } fn compute_challenge( @@ -37,7 +37,7 @@ impl Ciphersuite for Ed25519 { .chain_update(msg) .finalize(); - reduce_512bits_le_scalar_mod_order(&hash.into()) + generic_ec::traits::Reduce::<64>::from_le_array_mod_order(&hash.into()) } fn h3(msg: &[&[u8]]) -> generic_ec::Scalar { @@ -49,7 +49,7 @@ impl Ciphersuite for Ed25519 { } let hash = hash.finalize(); - reduce_512bits_le_scalar_mod_order(&hash.into()) + generic_ec::traits::Reduce::<64>::from_le_array_mod_order(&hash.into()) } fn h4() -> Self::Digest { @@ -100,14 +100,3 @@ impl Ciphersuite for Ed25519 { Ok(Self::normalize_point(point)) } } - -/// Reduces 512 bits integer mod curve order -/// -/// This is a more efficient version of [`generic_ec::Scalar::from_le_bytes_mod_order`] -fn reduce_512bits_le_scalar_mod_order( - bytes: &[u8; 64], -) -> generic_ec::Scalar { - let out = curve25519_dalek::Scalar::from_bytes_mod_order_wide(bytes); - let out = generic_ec_curves::ed25519::Scalar(out); - generic_ec::as_raw::FromRaw::from_raw(out) -}