Ecosystem/serai
Ecosystem/serai
1
0
Fork 0
mirror of https://github.com/serai-dex/serai.git synced 2025-01-18 08:45:00 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Do the minimal amount of work for dkg to compile under no-std

Browse source 
The Substrate runtime requires access to the MuSig key aggregation function.

\#279 related.
This commit is contained in:
Luke Parker 2023-05-12 23:24:47 -04:00
parent 4d50b6892c
commit 84c2d73093
No known key found for this signature in database
6 changed files with 462 additions and 429 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
Cargo.lock generated
View file

@ -2032,6 +2032,7 @@ dependencies = [
"rand_core 0.6.4", "rand_core 0.6.4",
"schnorr-signatures", "schnorr-signatures",
"serde", "serde",
"std-shims",
"thiserror", "thiserror",
"zeroize", "zeroize",
] ]
@ -8775,6 +8776,7 @@ version = "0.1.0"
dependencies = [ dependencies = [
"ciphersuite", "ciphersuite",
"dalek-ff-group", "dalek-ff-group",
"dkg",
"flexible-transcript", "flexible-transcript",
"minimal-ed448", "minimal-ed448",
"monero-generators", "monero-generators",

22
crypto/dkg/Cargo.toml
View file

@ -13,26 +13,30 @@ all-features = true
rustdoc-args = ["--cfg", "docsrs"] rustdoc-args = ["--cfg", "docsrs"]
[dependencies] [dependencies]
thiserror = "1" thiserror = { version = "1", default-features = false, optional = true }
rand_core = "0.6" rand_core = { version = "0.6", default-features = false }
zeroize = { version = "^1.5", features = ["zeroize_derive"] } zeroize = { version = "^1.5", default-features = false, features = ["zeroize_derive"] }
std-shims = { version = "0.1", path = "../../common/std-shims", default-features = false }
serde = { version = "1", features = ["derive"], optional = true } serde = { version = "1", features = ["derive"], optional = true }
transcript = { package = "flexible-transcript", path = "../transcript", version = "0.3", features = ["recommended"] } transcript = { package = "flexible-transcript", path = "../transcript", version = "0.3", default-features = false, features = ["recommended"] }
chacha20 = { version = "0.9", features = ["zeroize"] } chacha20 = { version = "0.9", default-features = false, features = ["zeroize"] }
ciphersuite = { path = "../ciphersuite", version = "0.3", features = ["std"] } ciphersuite = { path = "../ciphersuite", version = "0.3", default-features = false }
multiexp = { path = "../multiexp", version = "0.3", features = ["batch"] } multiexp = { path = "../multiexp", version = "0.3", default-features = false, features = ["batch"] }
schnorr = { package = "schnorr-signatures", path = "../schnorr", version = "0.4" } schnorr = { package = "schnorr-signatures", path = "../schnorr", version = "0.4" }
dleq = { path = "../dleq", version = "0.3", features = ["serialize"] } dleq = { path = "../dleq", version = "0.3", default-features = false, features = ["serialize"] }
[dev-dependencies] [dev-dependencies]
ciphersuite = { path = "../ciphersuite", version = "0.3", features = ["ristretto"] } ciphersuite = { path = "../ciphersuite", version = "0.3", default-features = false, features = ["ristretto"] }
[features] [features]
std = ["thiserror", "std-shims/std", "ciphersuite/std", "multiexp/std", "schnorr/std", "dleq/std"]
serde = ["dep:serde"] serde = ["dep:serde"]
tests = ["rand_core/getrandom"] tests = ["rand_core/getrandom"]
default = ["std"]

184
crypto/dkg/src/lib.rs
View file

@ -1,35 +1,27 @@
#![cfg_attr(docsrs, feature(doc_auto_cfg))] #![cfg_attr(docsrs, feature(doc_auto_cfg))]
#![doc = include_str!("../README.md")] #![doc = include_str!("../README.md")]
use core::{ use core::fmt::{self, Debug};
fmt::{self, Debug},
ops::Deref,
};
use std::{io, sync::Arc, collections::HashMap};
#[cfg(feature = "std")]
use thiserror::Error; use thiserror::Error;
use zeroize::{Zeroize, Zeroizing}; use zeroize::Zeroize;
use ciphersuite::{
group::{
ff::{Field, PrimeField},
GroupEncoding,
},
Ciphersuite,
};
/// Encryption types and utilities used to secure DKG messages.
pub mod encryption;
/// MuSig-style key aggregation. /// MuSig-style key aggregation.
pub mod musig; pub mod musig;
/// Encryption types and utilities used to secure DKG messages.
#[cfg(feature = "std")]
pub mod encryption;
/// The distributed key generation protocol described in the /// The distributed key generation protocol described in the
/// [FROST paper](https://eprint.iacr.org/2020/852). /// [FROST paper](https://eprint.iacr.org/2020/852).
#[cfg(feature = "std")]
pub mod frost; pub mod frost;
/// Promote keys between ciphersuites. /// Promote keys between ciphersuites.
#[cfg(feature = "std")]
pub mod promote; pub mod promote;
/// Tests for application-provided curves and algorithms. /// Tests for application-provided curves and algorithms.
@ -70,45 +62,66 @@ impl fmt::Display for Participant {
} }
/// Various errors possible during key generation. /// Various errors possible during key generation.
#[derive(Clone, PartialEq, Eq, Debug, Error)] #[derive(Clone, PartialEq, Eq, Debug)]
#[cfg_attr(feature = "std", derive(Error))]
pub enum DkgError<B: Clone + PartialEq + Eq + Debug> { pub enum DkgError<B: Clone + PartialEq + Eq + Debug> {
/// A parameter was zero. /// A parameter was zero.
#[error("a parameter was 0 (threshold {0}, participants {1})")] #[cfg_attr(feature = "std", error("a parameter was 0 (threshold {0}, participants {1})"))]
ZeroParameter(u16, u16), ZeroParameter(u16, u16),
/// The threshold exceeded the amount of participants. /// The threshold exceeded the amount of participants.
#[error("invalid threshold (max {1}, got {0})")] #[cfg_attr(feature = "std", error("invalid threshold (max {1}, got {0})"))]
InvalidThreshold(u16, u16), InvalidThreshold(u16, u16),
/// Invalid participant identifier. /// Invalid participant identifier.
#[error("invalid participant (0 < participant <= {0}, yet participant is {1})")] #[cfg_attr(
feature = "std",
error("invalid participant (0 < participant <= {0}, yet participant is {1})")
)]
InvalidParticipant(u16, Participant), InvalidParticipant(u16, Participant),
/// Invalid signing set. /// Invalid signing set.
#[error("invalid signing set")] #[cfg_attr(feature = "std", error("invalid signing set"))]
InvalidSigningSet, InvalidSigningSet,
/// Invalid amount of participants. /// Invalid amount of participants.
#[error("invalid participant quantity (expected {0}, got {1})")] #[cfg_attr(feature = "std", error("invalid participant quantity (expected {0}, got {1})"))]
InvalidParticipantQuantity(usize, usize), InvalidParticipantQuantity(usize, usize),
/// A participant was duplicated. /// A participant was duplicated.
#[error("duplicated participant ({0})")] #[cfg_attr(feature = "std", error("duplicated participant ({0})"))]
DuplicatedParticipant(Participant), DuplicatedParticipant(Participant),
/// A participant was missing. /// A participant was missing.
#[error("missing participant {0}")] #[cfg_attr(feature = "std", error("missing participant {0}"))]
MissingParticipant(Participant), MissingParticipant(Participant),
/// An invalid proof of knowledge was provided. /// An invalid proof of knowledge was provided.
#[error("invalid proof of knowledge (participant {0})")] #[cfg_attr(feature = "std", error("invalid proof of knowledge (participant {0})"))]
InvalidProofOfKnowledge(Participant), InvalidProofOfKnowledge(Participant),
/// An invalid DKG share was provided. /// An invalid DKG share was provided.
#[error("invalid share (participant {participant}, blame {blame})")] #[cfg_attr(feature = "std", error("invalid share (participant {participant}, blame {blame})"))]
InvalidShare { participant: Participant, blame: Option<B> }, InvalidShare { participant: Participant, blame: Option<B> },
} }
// Validate a map of values to have the expected included participants #[cfg(feature = "std")]
pub(crate) fn validate_map<T, B: Clone + PartialEq + Eq + Debug>( mod lib {
pub use super::*;
use core::ops::Deref;
use std::{io, sync::Arc, collections::HashMap};
use zeroize::Zeroizing;
use ciphersuite::{
group::{
ff::{Field, PrimeField},
GroupEncoding,
},
Ciphersuite,
};
// Validate a map of values to have the expected included participants
pub(crate) fn validate_map<T, B: Clone + PartialEq + Eq + Debug>(
map: &HashMap<Participant, T>, map: &HashMap<Participant, T>,
included: &[Participant], included: &[Participant],
ours: Participant, ours: Participant,
) -> Result<(), DkgError<B>> { ) -> Result<(), DkgError<B>> {
if (map.len() + 1) != included.len() { if (map.len() + 1) != included.len() {
Err(DkgError::InvalidParticipantQuantity(included.len(), map.len() + 1))?; Err(DkgError::InvalidParticipantQuantity(included.len(), map.len() + 1))?;
} }
@ -127,30 +140,28 @@ pub(crate) fn validate_map<T, B: Clone + PartialEq + Eq + Debug>(
} }
Ok(()) Ok(())
} }
/// Parameters for a multisig. /// Parameters for a multisig.
// These fields should not be made public as they should be static // These fields should not be made public as they should be static
#[derive(Clone, Copy, PartialEq, Eq, Debug, Zeroize)] #[derive(Clone, Copy, PartialEq, Eq, Debug, Zeroize)]
#[cfg_attr(feature = "serde", derive(serde::Serialize, serde::Deserialize))] #[cfg_attr(feature = "serde", derive(serde::Serialize, serde::Deserialize))]
pub struct ThresholdParams { pub struct ThresholdParams {
/// Participants needed to sign on behalf of the group. /// Participants needed to sign on behalf of the group.
t: u16, pub(crate) t: u16,
/// Amount of participants. /// Amount of participants.
n: u16, pub(crate) n: u16,
/// Index of the participant being acted for. /// Index of the participant being acted for.
i: Participant, pub(crate) i: Participant,
} }
impl ThresholdParams { impl ThresholdParams {
/// Create a new set of parameters. /// Create a new set of parameters.
pub fn new(t: u16, n: u16, i: Participant) -> Result<ThresholdParams, DkgError<()>> { pub fn new(t: u16, n: u16, i: Participant) -> Result<ThresholdParams, DkgError<()>> {
if (t == 0) || (n == 0) { if (t == 0) || (n == 0) {
Err(DkgError::ZeroParameter(t, n))?; Err(DkgError::ZeroParameter(t, n))?;
} }
// When t == n, this shouldn't be used (MuSig2 and other variants of MuSig exist for a reason),
// but it's not invalid to do so
if t > n { if t > n {
Err(DkgError::InvalidThreshold(t, n))?; Err(DkgError::InvalidThreshold(t, n))?;
} }
@ -173,10 +184,10 @@ impl ThresholdParams {
pub fn i(&self) -> Participant { pub fn i(&self) -> Participant {
self.i self.i
} }
} }
/// Calculate the lagrange coefficient for a signing set. /// Calculate the lagrange coefficient for a signing set.
pub fn lagrange<F: PrimeField>(i: Participant, included: &[Participant]) -> F { pub fn lagrange<F: PrimeField>(i: Participant, included: &[Participant]) -> F {
let i_f = F::from(u64::from(u16::from(i))); let i_f = F::from(u64::from(u16::from(i)));
let mut num = F::ONE; let mut num = F::ONE;
@ -194,24 +205,24 @@ pub fn lagrange<F: PrimeField>(i: Participant, included: &[Participant]) -> F {
// Safe as this will only be 0 if we're part of the above loop // Safe as this will only be 0 if we're part of the above loop
// (which we have an if case to avoid) // (which we have an if case to avoid)
num * denom.invert().unwrap() num * denom.invert().unwrap()
} }
/// Keys and verification shares generated by a DKG. /// Keys and verification shares generated by a DKG.
/// Called core as they're expected to be wrapped into an Arc before usage in various operations. /// Called core as they're expected to be wrapped into an Arc before usage in various operations.
#[derive(Clone, PartialEq, Eq)] #[derive(Clone, PartialEq, Eq)]
pub struct ThresholdCore<C: Ciphersuite> { pub struct ThresholdCore<C: Ciphersuite> {
/// Threshold Parameters. /// Threshold Parameters.
params: ThresholdParams, pub(crate) params: ThresholdParams,
/// Secret share key. /// Secret share key.
secret_share: Zeroizing<C::F>, pub(crate) secret_share: Zeroizing<C::F>,
/// Group key. /// Group key.
group_key: C::G, pub(crate) group_key: C::G,
/// Verification shares. /// Verification shares.
verification_shares: HashMap<Participant, C::G>, pub(crate) verification_shares: HashMap<Participant, C::G>,
} }
impl<C: Ciphersuite> fmt::Debug for ThresholdCore<C> { impl<C: Ciphersuite> fmt::Debug for ThresholdCore<C> {
fn fmt(&self, fmt: &mut fmt::Formatter<'_>) -> fmt::Result { fn fmt(&self, fmt: &mut fmt::Formatter<'_>) -> fmt::Result {
fmt fmt
.debug_struct("ThresholdCore") .debug_struct("ThresholdCore")
@ -220,9 +231,9 @@ impl<C: Ciphersuite> fmt::Debug for ThresholdCore<C> {
.field("verification_shares", &self.verification_shares) .field("verification_shares", &self.verification_shares)
.finish_non_exhaustive() .finish_non_exhaustive()
} }
} }
impl<C: Ciphersuite> Zeroize for ThresholdCore<C> { impl<C: Ciphersuite> Zeroize for ThresholdCore<C> {
fn zeroize(&mut self) { fn zeroize(&mut self) {
self.params.zeroize(); self.params.zeroize();
self.secret_share.zeroize(); self.secret_share.zeroize();
@ -231,15 +242,15 @@ impl<C: Ciphersuite> Zeroize for ThresholdCore<C> {
share.zeroize(); share.zeroize();
} }
} }
} }
impl<C: Ciphersuite> ThresholdCore<C> { impl<C: Ciphersuite> ThresholdCore<C> {
pub(crate) fn new( pub(crate) fn new(
params: ThresholdParams, params: ThresholdParams,
secret_share: Zeroizing<C::F>, secret_share: Zeroizing<C::F>,
verification_shares: HashMap<Participant, C::G>, verification_shares: HashMap<Participant, C::G>,
) -> ThresholdCore<C> { ) -> ThresholdCore<C> {
let t = (1 ..= params.t).map(Participant).collect::<Vec<_>>(); let t = (1 ..= params.t()).map(Participant).collect::<Vec<_>>();
ThresholdCore { ThresholdCore {
params, params,
secret_share, secret_share,
@ -338,33 +349,33 @@ impl<C: Ciphersuite> ThresholdCore<C> {
verification_shares, verification_shares,
)) ))
} }
} }
/// Threshold keys usable for signing. /// Threshold keys usable for signing.
#[derive(Clone, Debug, Zeroize)] #[derive(Clone, Debug, Zeroize)]
pub struct ThresholdKeys<C: Ciphersuite> { pub struct ThresholdKeys<C: Ciphersuite> {
// Core keys. // Core keys.
// If this is the last reference, the underlying keys will be dropped. When that happens, the // If this is the last reference, the underlying keys will be dropped. When that happens, the
// private key present within it will be zeroed out (as it's within Zeroizing). // private key present within it will be zeroed out (as it's within Zeroizing).
#[zeroize(skip)] #[zeroize(skip)]
core: Arc<ThresholdCore<C>>, pub(crate) core: Arc<ThresholdCore<C>>,
// Offset applied to these keys. // Offset applied to these keys.
pub(crate) offset: Option<C::F>, pub(crate) offset: Option<C::F>,
} }
/// View of keys, interpolated and offset for usage. /// View of keys, interpolated and offset for usage.
#[derive(Clone)] #[derive(Clone)]
pub struct ThresholdView<C: Ciphersuite> { pub struct ThresholdView<C: Ciphersuite> {
offset: C::F, offset: C::F,
group_key: C::G, group_key: C::G,
included: Vec<Participant>, included: Vec<Participant>,
secret_share: Zeroizing<C::F>, secret_share: Zeroizing<C::F>,
original_verification_shares: HashMap<Participant, C::G>, original_verification_shares: HashMap<Participant, C::G>,
verification_shares: HashMap<Participant, C::G>, verification_shares: HashMap<Participant, C::G>,
} }
impl<C: Ciphersuite> fmt::Debug for ThresholdView<C> { impl<C: Ciphersuite> fmt::Debug for ThresholdView<C> {
fn fmt(&self, fmt: &mut fmt::Formatter<'_>) -> fmt::Result { fn fmt(&self, fmt: &mut fmt::Formatter<'_>) -> fmt::Result {
fmt fmt
.debug_struct("ThresholdView") .debug_struct("ThresholdView")
@ -375,9 +386,9 @@ impl<C: Ciphersuite> fmt::Debug for ThresholdView<C> {
.field("verification_shares", &self.verification_shares) .field("verification_shares", &self.verification_shares)
.finish_non_exhaustive() .finish_non_exhaustive()
} }
} }
impl<C: Ciphersuite> Zeroize for ThresholdView<C> { impl<C: Ciphersuite> Zeroize for ThresholdView<C> {
fn zeroize(&mut self) { fn zeroize(&mut self) {
self.offset.zeroize(); self.offset.zeroize();
self.group_key.zeroize(); self.group_key.zeroize();
@ -390,9 +401,9 @@ impl<C: Ciphersuite> Zeroize for ThresholdView<C> {
share.zeroize(); share.zeroize();
} }
} }
} }
impl<C: Ciphersuite> ThresholdKeys<C> { impl<C: Ciphersuite> ThresholdKeys<C> {
/// Create a new set of ThresholdKeys from a ThresholdCore. /// Create a new set of ThresholdKeys from a ThresholdCore.
pub fn new(core: ThresholdCore<C>) -> ThresholdKeys<C> { pub fn new(core: ThresholdCore<C>) -> ThresholdKeys<C> {
ThresholdKeys { core: Arc::new(core), offset: None } ThresholdKeys { core: Arc::new(core), offset: None }
@ -445,14 +456,16 @@ impl<C: Ciphersuite> ThresholdKeys<C> {
/// Obtain a view of these keys, with any offset applied, interpolated for the specified signing /// Obtain a view of these keys, with any offset applied, interpolated for the specified signing
/// set. /// set.
pub fn view(&self, mut included: Vec<Participant>) -> Result<ThresholdView<C>, DkgError<()>> { pub fn view(&self, mut included: Vec<Participant>) -> Result<ThresholdView<C>, DkgError<()>> {
if (included.len() < self.params().t.into()) || (usize::from(self.params().n) < included.len()) if (included.len() < self.params().t.into()) ||
(usize::from(self.params().n()) < included.len())
{ {
Err(DkgError::InvalidSigningSet)?; Err(DkgError::InvalidSigningSet)?;
} }
included.sort(); included.sort();
let mut secret_share = let mut secret_share = Zeroizing::new(
Zeroizing::new(lagrange::<C::F>(self.params().i, &included) * self.secret_share().deref()); lagrange::<C::F>(self.params().i(), &included) * self.secret_share().deref(),
);
let mut verification_shares = self.verification_shares(); let mut verification_shares = self.verification_shares();
for (i, share) in verification_shares.iter_mut() { for (i, share) in verification_shares.iter_mut() {
@ -475,15 +488,15 @@ impl<C: Ciphersuite> ThresholdKeys<C> {
included, included,
}) })
} }
} }
impl<C: Ciphersuite> From<ThresholdCore<C>> for ThresholdKeys<C> { impl<C: Ciphersuite> From<ThresholdCore<C>> for ThresholdKeys<C> {
fn from(keys: ThresholdCore<C>) -> ThresholdKeys<C> { fn from(keys: ThresholdCore<C>) -> ThresholdKeys<C> {
ThresholdKeys::new(keys) ThresholdKeys::new(keys)
} }
} }
impl<C: Ciphersuite> ThresholdView<C> { impl<C: Ciphersuite> ThresholdView<C> {
/// Return the offset for this view. /// Return the offset for this view.
pub fn offset(&self) -> C::F { pub fn offset(&self) -> C::F {
self.offset self.offset
@ -513,4 +526,7 @@ impl<C: Ciphersuite> ThresholdView<C> {
pub fn verification_share(&self, l: Participant) -> C::G { pub fn verification_share(&self, l: Participant) -> C::G {
self.verification_shares[&l] self.verification_shares[&l]
} }
}
} }
#[cfg(feature = "std")]
pub use lib::*;

15
crypto/dkg/src/musig.rs
View file

@ -1,16 +1,24 @@
#[cfg(feature = "std")]
use core::ops::Deref; use core::ops::Deref;
use std::collections::{HashSet, HashMap}; use std_shims::collections::HashSet;
#[cfg(feature = "std")]
use std_shims::collections::HashMap;
#[cfg(feature = "std")]
use zeroize::Zeroizing; use zeroize::Zeroizing;
use transcript::{Transcript, RecommendedTranscript}; use transcript::{Transcript, RecommendedTranscript};
#[cfg(feature = "std")]
use ciphersuite::group::ff::Field;
use ciphersuite::{ use ciphersuite::{
group::{ff::Field, Group, GroupEncoding}, group::{Group, GroupEncoding},
Ciphersuite, Ciphersuite,
}; };
use crate::{Participant, DkgError, ThresholdParams, ThresholdCore, lagrange}; use crate::DkgError;
#[cfg(feature = "std")]
use crate::{Participant, ThresholdParams, ThresholdCore, lagrange};
fn check_keys<C: Ciphersuite>(keys: &[C::G]) -> Result<u16, DkgError<()>> { fn check_keys<C: Ciphersuite>(keys: &[C::G]) -> Result<u16, DkgError<()>> {
if keys.is_empty() { if keys.is_empty() {
@ -59,6 +67,7 @@ pub fn musig_key<C: Ciphersuite>(keys: &[C::G]) -> Result<C::G, DkgError<()>> {
/// A n-of-n non-interactive DKG which does not guarantee the usability of the resulting key. /// A n-of-n non-interactive DKG which does not guarantee the usability of the resulting key.
/// ///
/// Creating an aggregate key with a list containing duplicated public keys returns an error. /// Creating an aggregate key with a list containing duplicated public keys returns an error.
#[cfg(feature = "std")]
pub fn musig<C: Ciphersuite>( pub fn musig<C: Ciphersuite>(
private_key: &Zeroizing<C::F>, private_key: &Zeroizing<C::F>,
keys: &[C::G], keys: &[C::G],

4
crypto/dkg/src/tests/frost.rs
View file

@ -2,8 +2,10 @@ use std::collections::HashMap;
use rand_core::{RngCore, CryptoRng}; use rand_core::{RngCore, CryptoRng};
use ciphersuite::Ciphersuite;
use crate::{ use crate::{
Ciphersuite, Participant, ThresholdParams, ThresholdCore, Participant, ThresholdParams, ThresholdCore,
frost::{KeyGenMachine, SecretShare, KeyMachine}, frost::{KeyGenMachine, SecretShare, KeyMachine},
encryption::{EncryptionKeyMessage, EncryptedMessage}, encryption::{EncryptionKeyMessage, EncryptedMessage},
tests::{THRESHOLD, PARTICIPANTS, clone_without}, tests::{THRESHOLD, PARTICIPANTS, clone_without},

2
tests/no-std/Cargo.toml
View file

@ -26,7 +26,7 @@ multiexp = { path = "../../crypto/multiexp", default-features = false, features
# dleq = { path = "../../crypto/dleq" } # dleq = { path = "../../crypto/dleq" }
schnorr-signatures = { path = "../../crypto/schnorr", default-features = false } schnorr-signatures = { path = "../../crypto/schnorr", default-features = false }
# dkg = { path = "../../crypto/dkg" } dkg = { path = "../../crypto/dkg", default-features = false }
# modular-frost = { path = "../../crypto/frost" } # modular-frost = { path = "../../crypto/frost" }
# frost-schnorrkel = { path = "../../crypto/schnorrkel" } # frost-schnorrkel = { path = "../../crypto/schnorrkel" }