mirror of
https://github.com/serai-dex/serai.git
synced 2024-12-22 19:49:22 +00:00
Remove rng_seed's additional entropy
It was never used as we derive entropy via the other fields in the transcript, and explicitly add fields directly as needed for entropy. Also drops an unused crate and corrects a bug in FROST's Schnorr implementation which used the Group's generator, instead of the Curve's. Also updates the Monero crate's description.
This commit is contained in:
parent
e504266c80
commit
7b4c5dbe52
8 changed files with 11 additions and 21 deletions
|
@ -1,7 +1,7 @@
|
||||||
[package]
|
[package]
|
||||||
name = "monero-serai"
|
name = "monero-serai"
|
||||||
version = "0.1.0"
|
version = "0.1.0"
|
||||||
description = "Implementation of Monero transaction signing in Rust"
|
description = "A modern Monero wallet library"
|
||||||
license = "MIT"
|
license = "MIT"
|
||||||
authors = ["Luke Parker <lukeparker5132@gmail.com>"]
|
authors = ["Luke Parker <lukeparker5132@gmail.com>"]
|
||||||
edition = "2021"
|
edition = "2021"
|
||||||
|
|
|
@ -206,7 +206,7 @@ impl Algorithm<Ed25519> for ClsagMultisig {
|
||||||
// process even if they have access to commitments (specifically, the ring index being signed
|
// process even if they have access to commitments (specifically, the ring index being signed
|
||||||
// for, along with the mask which should not only require knowing the shared keys yet also the
|
// for, along with the mask which should not only require knowing the shared keys yet also the
|
||||||
// input commitment masks)
|
// input commitment masks)
|
||||||
let mut rng = ChaCha12Rng::from_seed(self.transcript.rng_seed(b"decoy_responses", None));
|
let mut rng = ChaCha12Rng::from_seed(self.transcript.rng_seed(b"decoy_responses"));
|
||||||
|
|
||||||
self.msg = Some(msg.try_into().expect("CLSAG message should be 32-bytes"));
|
self.msg = Some(msg.try_into().expect("CLSAG message should be 32-bytes"));
|
||||||
|
|
||||||
|
|
|
@ -90,7 +90,7 @@ impl SignableTransaction {
|
||||||
let decoys = Decoys::select(
|
let decoys = Decoys::select(
|
||||||
// Using a seeded RNG with a specific height, committed to above, should make these decoys
|
// Using a seeded RNG with a specific height, committed to above, should make these decoys
|
||||||
// committed to. They'll also be committed to later via the TX message as a whole
|
// committed to. They'll also be committed to later via the TX message as a whole
|
||||||
&mut ChaCha12Rng::from_seed(transcript.rng_seed(b"decoys", None)),
|
&mut ChaCha12Rng::from_seed(transcript.rng_seed(b"decoys")),
|
||||||
rpc,
|
rpc,
|
||||||
height,
|
height,
|
||||||
&self.inputs
|
&self.inputs
|
||||||
|
@ -216,7 +216,7 @@ impl StateMachine for TransactionMachine {
|
||||||
|
|
||||||
// Not invalid outputs due to already doing a dummy prep
|
// Not invalid outputs due to already doing a dummy prep
|
||||||
let (commitments, output_masks) = self.signable.prepare_outputs(
|
let (commitments, output_masks) = self.signable.prepare_outputs(
|
||||||
&mut ChaCha12Rng::from_seed(self.transcript.rng_seed(b"tx_keys", None)),
|
&mut ChaCha12Rng::from_seed(self.transcript.rng_seed(b"tx_keys")),
|
||||||
uniqueness(
|
uniqueness(
|
||||||
&images.iter().map(|image| Input::ToKey {
|
&images.iter().map(|image| Input::ToKey {
|
||||||
amount: 0,
|
amount: 0,
|
||||||
|
@ -230,7 +230,7 @@ impl StateMachine for TransactionMachine {
|
||||||
self.signable.prepare_transaction(
|
self.signable.prepare_transaction(
|
||||||
&commitments,
|
&commitments,
|
||||||
Bulletproofs::new(
|
Bulletproofs::new(
|
||||||
&mut ChaCha12Rng::from_seed(self.transcript.rng_seed(b"bulletproofs", None)),
|
&mut ChaCha12Rng::from_seed(self.transcript.rng_seed(b"bulletproofs")),
|
||||||
&commitments
|
&commitments
|
||||||
).unwrap()
|
).unwrap()
|
||||||
)
|
)
|
||||||
|
@ -249,7 +249,7 @@ impl StateMachine for TransactionMachine {
|
||||||
}
|
}
|
||||||
sorted.sort_by(|x, y| x.2.compress().to_bytes().cmp(&y.2.compress().to_bytes()).reverse());
|
sorted.sort_by(|x, y| x.2.compress().to_bytes().cmp(&y.2.compress().to_bytes()).reverse());
|
||||||
|
|
||||||
let mut rng = ChaCha12Rng::from_seed(self.transcript.rng_seed(b"pseudo_out_masks", None));
|
let mut rng = ChaCha12Rng::from_seed(self.transcript.rng_seed(b"pseudo_out_masks"));
|
||||||
let mut sum_pseudo_outs = Scalar::zero();
|
let mut sum_pseudo_outs = Scalar::zero();
|
||||||
while sorted.len() != 0 {
|
while sorted.len() != 0 {
|
||||||
let value = sorted.remove(0);
|
let value = sorted.remove(0);
|
||||||
|
|
|
@ -14,7 +14,6 @@ rand_core = "0.6"
|
||||||
ff = "0.11"
|
ff = "0.11"
|
||||||
group = "0.11"
|
group = "0.11"
|
||||||
|
|
||||||
blake2 = "0.10"
|
|
||||||
transcript = { path = "../transcript" }
|
transcript = { path = "../transcript" }
|
||||||
|
|
||||||
multiexp = { path = "../multiexp", features = ["batch"] }
|
multiexp = { path = "../multiexp", features = ["batch"] }
|
||||||
|
|
|
@ -72,7 +72,7 @@ impl Transcript for IetfTranscript {
|
||||||
self.0.clone()
|
self.0.clone()
|
||||||
}
|
}
|
||||||
|
|
||||||
fn rng_seed(&mut self, _: &'static [u8], _: Option<[u8; 32]>) -> [u8; 32] {
|
fn rng_seed(&mut self, _: &'static [u8]) -> [u8; 32] {
|
||||||
unimplemented!()
|
unimplemented!()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
use rand_core::{RngCore, CryptoRng};
|
use rand_core::{RngCore, CryptoRng};
|
||||||
|
|
||||||
use ff::Field;
|
use ff::Field;
|
||||||
use group::Group;
|
|
||||||
|
|
||||||
use multiexp::BatchVerifier;
|
use multiexp::BatchVerifier;
|
||||||
|
|
||||||
|
@ -46,7 +45,7 @@ pub(crate) fn batch_verify<C: Curve, R: RngCore + CryptoRng>(
|
||||||
rng: &mut R,
|
rng: &mut R,
|
||||||
triplets: &[(u16, C::G, C::F, SchnorrSignature<C>)]
|
triplets: &[(u16, C::G, C::F, SchnorrSignature<C>)]
|
||||||
) -> Result<(), u16> {
|
) -> Result<(), u16> {
|
||||||
let mut values = [(C::F::one(), C::G::generator()); 3];
|
let mut values = [(C::F::one(), C::generator()); 3];
|
||||||
let mut batch = BatchVerifier::new(triplets.len(), C::little_endian());
|
let mut batch = BatchVerifier::new(triplets.len(), C::little_endian());
|
||||||
for triple in triplets {
|
for triple in triplets {
|
||||||
// s = r + ca
|
// s = r + ca
|
||||||
|
|
|
@ -11,7 +11,7 @@ pub trait Transcript {
|
||||||
fn domain_separate(&mut self, label: &[u8]);
|
fn domain_separate(&mut self, label: &[u8]);
|
||||||
fn append_message(&mut self, label: &'static [u8], message: &[u8]);
|
fn append_message(&mut self, label: &'static [u8], message: &[u8]);
|
||||||
fn challenge(&mut self, label: &'static [u8]) -> Vec<u8>;
|
fn challenge(&mut self, label: &'static [u8]) -> Vec<u8>;
|
||||||
fn rng_seed(&mut self, label: &'static [u8], additional_entropy: Option<[u8; 32]>) -> [u8; 32];
|
fn rng_seed(&mut self, label: &'static [u8]) -> [u8; 32];
|
||||||
}
|
}
|
||||||
|
|
||||||
#[derive(Clone, Debug)]
|
#[derive(Clone, Debug)]
|
||||||
|
@ -49,11 +49,7 @@ impl<D: Digest> Transcript for DigestTranscript<D> {
|
||||||
D::new().chain_update(&self.0).finalize().to_vec()
|
D::new().chain_update(&self.0).finalize().to_vec()
|
||||||
}
|
}
|
||||||
|
|
||||||
fn rng_seed(&mut self, label: &'static [u8], additional_entropy: Option<[u8; 32]>) -> [u8; 32] {
|
fn rng_seed(&mut self, label: &'static [u8]) -> [u8; 32] {
|
||||||
if additional_entropy.is_some() {
|
|
||||||
self.append_message(b"additional_entropy", &additional_entropy.unwrap());
|
|
||||||
}
|
|
||||||
|
|
||||||
let mut seed = [0; 32];
|
let mut seed = [0; 32];
|
||||||
seed.copy_from_slice(&self.challenge(label)[0 .. 32]);
|
seed.copy_from_slice(&self.challenge(label)[0 .. 32]);
|
||||||
seed
|
seed
|
||||||
|
|
|
@ -30,11 +30,7 @@ impl Transcript for MerlinTranscript {
|
||||||
challenge
|
challenge
|
||||||
}
|
}
|
||||||
|
|
||||||
fn rng_seed(&mut self, label: &'static [u8], additional_entropy: Option<[u8; 32]>) -> [u8; 32] {
|
fn rng_seed(&mut self, label: &'static [u8]) -> [u8; 32] {
|
||||||
if additional_entropy.is_some() {
|
|
||||||
transcript.append_message(b"additional_entropy", &additional_entropy.unwrap());
|
|
||||||
}
|
|
||||||
|
|
||||||
let mut seed = [0; 32];
|
let mut seed = [0; 32];
|
||||||
transcript.challenge_bytes(label, &mut seed);
|
transcript.challenge_bytes(label, &mut seed);
|
||||||
seed
|
seed
|
||||||
|
|
Loading…
Reference in a new issue