From 8de465af87f654879513b9d39b29b33adf168538 Mon Sep 17 00:00:00 2001 From: Luke Parker Date: Sat, 5 Nov 2022 18:43:36 -0400 Subject: [PATCH] Have Transcript::append_message take in AsRef<[u8]>, not &[u8] Simplifies calling it. --- Cargo.lock | 2 +- coins/monero/Cargo.toml | 2 +- coins/monero/src/ringct/clsag/multisig.rs | 10 +++++----- coins/monero/src/wallet/send/multisig.rs | 16 ++++++++-------- crypto/dkg/Cargo.toml | 2 +- crypto/dkg/src/promote.rs | 4 ++-- crypto/dleq/Cargo.toml | 2 +- crypto/dleq/src/cross_group/aos.rs | 6 +++--- crypto/dleq/src/cross_group/bits.rs | 6 +++--- crypto/dleq/src/cross_group/mod.rs | 8 ++++---- crypto/dleq/src/cross_group/schnorr.rs | 8 ++++---- crypto/dleq/src/lib.rs | 6 +++--- crypto/frost/Cargo.toml | 2 +- crypto/frost/src/algorithm.rs | 4 ++-- crypto/frost/src/nonce.rs | 6 +++--- crypto/frost/src/sign.rs | 12 ++++++------ crypto/transcript/Cargo.toml | 2 +- crypto/transcript/src/lib.rs | 8 ++++---- crypto/transcript/src/merlin.rs | 4 ++-- processor/src/wallet.rs | 8 ++++---- 20 files changed, 59 insertions(+), 59 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 48beaf69..0f498fab 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2406,7 +2406,7 @@ dependencies = [ [[package]] name = "flexible-transcript" -version = "0.1.3" +version = "0.2.0" dependencies = [ "blake2", "digest 0.10.5", diff --git a/coins/monero/Cargo.toml b/coins/monero/Cargo.toml index 04840a0c..449f1e7c 100644 --- a/coins/monero/Cargo.toml +++ b/coins/monero/Cargo.toml @@ -33,7 +33,7 @@ group = { version = "0.12" } dalek-ff-group = { path = "../../crypto/dalek-ff-group", version = "0.1" } multiexp = { path = "../../crypto/multiexp", version = "0.2", features = ["batch"] } -transcript = { package = "flexible-transcript", path = "../../crypto/transcript", version = "0.1", features = ["recommended"], optional = true } +transcript = { package = "flexible-transcript", path = "../../crypto/transcript", version = "0.2", features = ["recommended"], optional = true } frost = { package = "modular-frost", path = "../../crypto/frost", version = "0.4", features = ["ed25519"], optional = true } dleq = { path = "../../crypto/dleq", version = "0.1", features = ["serialize"], optional = true } diff --git a/coins/monero/src/ringct/clsag/multisig.rs b/coins/monero/src/ringct/clsag/multisig.rs index 459a7073..95aa7770 100644 --- a/coins/monero/src/ringct/clsag/multisig.rs +++ b/coins/monero/src/ringct/clsag/multisig.rs @@ -41,7 +41,7 @@ impl ClsagInput { // Doesn't domain separate as this is considered part of the larger CLSAG proof // Ring index - transcript.append_message(b"ring_index", &[self.decoys.i]); + transcript.append_message(b"ring_index", [self.decoys.i]); // Ring let mut ring = vec![]; @@ -52,7 +52,7 @@ impl ClsagInput { ring.extend(pair[0].compress().to_bytes()); ring.extend(pair[1].compress().to_bytes()); } - transcript.append_message(b"ring", &ring); + transcript.append_message(b"ring", ring); // Doesn't include the commitment's parts as the above ring + index includes the commitment // The only potential malleability would be if the G/H relationship is known breaking the @@ -195,10 +195,10 @@ impl Algorithm for ClsagMultisig { if self.image.is_identity() { self.transcript.domain_separate(b"CLSAG"); self.input().transcript(&mut self.transcript); - self.transcript.append_message(b"mask", &self.mask().to_bytes()); + self.transcript.append_message(b"mask", self.mask().to_bytes()); } - self.transcript.append_message(b"participant", &l.to_be_bytes()); + self.transcript.append_message(b"participant", l.to_be_bytes()); addendum .dleq @@ -211,7 +211,7 @@ impl Algorithm for ClsagMultisig { self .transcript - .append_message(b"key_image_share", addendum.key_image.compress().to_bytes().as_ref()); + .append_message(b"key_image_share", addendum.key_image.compress().to_bytes()); self.image += addendum.key_image.0; Ok(()) diff --git a/coins/monero/src/wallet/send/multisig.rs b/coins/monero/src/wallet/send/multisig.rs index 12bd9d4d..a324fb3f 100644 --- a/coins/monero/src/wallet/send/multisig.rs +++ b/coins/monero/src/wallet/send/multisig.rs @@ -90,24 +90,24 @@ impl SignableTransaction { // Include the height we're using for our data // The data itself will be included, making this unnecessary, yet a lot of this is technically // unnecessary. Anything which further increases security at almost no cost should be followed - transcript.append_message(b"height", &u64::try_from(height).unwrap().to_le_bytes()); + transcript.append_message(b"height", u64::try_from(height).unwrap().to_le_bytes()); // Also include the spend_key as below only the key offset is included, so this transcripts the // sum product // Useful as transcripting the sum product effectively transcripts the key image, further // guaranteeing the one time properties noted below - transcript.append_message(b"spend_key", &keys.group_key().0.compress().to_bytes()); + transcript.append_message(b"spend_key", keys.group_key().0.compress().to_bytes()); for input in &self.inputs { // These outputs can only be spent once. Therefore, it forces all RNGs derived from this // transcript (such as the one used to create one time keys) to be unique - transcript.append_message(b"input_hash", &input.output.absolute.tx); - transcript.append_message(b"input_output_index", &[input.output.absolute.o]); + transcript.append_message(b"input_hash", input.output.absolute.tx); + transcript.append_message(b"input_output_index", [input.output.absolute.o]); // Not including this, with a doxxed list of payments, would allow brute forcing the inputs // to determine RNG seeds and therefore the true spends - transcript.append_message(b"input_shared_key", &input.key_offset().to_bytes()); + transcript.append_message(b"input_shared_key", input.key_offset().to_bytes()); } for payment in &self.payments { transcript.append_message(b"payment_address", payment.0.to_string().as_bytes()); - transcript.append_message(b"payment_amount", &payment.1.to_le_bytes()); + transcript.append_message(b"payment_amount", payment.1.to_le_bytes()); } // Sort included before cloning it around @@ -243,7 +243,7 @@ impl SignMachine for TransactionSignMachine { // While each CLSAG will do this as they need to for security, they have their own // transcripts cloned from this TX's initial premise's transcript. For our TX // transcript to have the CLSAG data for entropy, it'll have to be added ourselves here - self.transcript.append_message(b"participant", &(*l).to_be_bytes()); + self.transcript.append_message(b"participant", (*l).to_be_bytes()); let preprocess = if *l == self.i { self.our_preprocess[c].clone() @@ -254,7 +254,7 @@ impl SignMachine for TransactionSignMachine { { let mut buf = vec![]; preprocess.write(&mut buf).unwrap(); - self.transcript.append_message(b"preprocess", &buf); + self.transcript.append_message(b"preprocess", buf); } // While here, calculate the key image diff --git a/crypto/dkg/Cargo.toml b/crypto/dkg/Cargo.toml index 5e66f467..bec74f76 100644 --- a/crypto/dkg/Cargo.toml +++ b/crypto/dkg/Cargo.toml @@ -31,7 +31,7 @@ group = "0.12" ciphersuite = { path = "../ciphersuite", version = "0.1", features = ["std"] } -transcript = { package = "flexible-transcript", path = "../transcript", features = ["recommended"], version = "^0.1.3" } +transcript = { package = "flexible-transcript", path = "../transcript", version = "0.2", features = ["recommended"] } multiexp = { path = "../multiexp", version = "0.2", features = ["batch"] } diff --git a/crypto/dkg/src/promote.rs b/crypto/dkg/src/promote.rs index 458c2212..277ffb98 100644 --- a/crypto/dkg/src/promote.rs +++ b/crypto/dkg/src/promote.rs @@ -29,8 +29,8 @@ pub trait CiphersuitePromote { fn transcript(key: G, i: u16) -> RecommendedTranscript { let mut transcript = RecommendedTranscript::new(b"FROST Generator Update"); - transcript.append_message(b"group_key", key.to_bytes().as_ref()); - transcript.append_message(b"participant", &i.to_be_bytes()); + transcript.append_message(b"group_key", key.to_bytes()); + transcript.append_message(b"participant", i.to_be_bytes()); transcript } diff --git a/crypto/dleq/Cargo.toml b/crypto/dleq/Cargo.toml index dd69598c..cdb105c8 100644 --- a/crypto/dleq/Cargo.toml +++ b/crypto/dleq/Cargo.toml @@ -19,7 +19,7 @@ zeroize = { version = "1.3", features = ["zeroize_derive"] } digest = "0.10" -transcript = { package = "flexible-transcript", path = "../transcript", version = "0.1" } +transcript = { package = "flexible-transcript", path = "../transcript", version = "0.2" } ff = "0.12" group = "0.12" diff --git a/crypto/dleq/src/cross_group/aos.rs b/crypto/dleq/src/cross_group/aos.rs index 0c52d501..3ae5256b 100644 --- a/crypto/dleq/src/cross_group/aos.rs +++ b/crypto/dleq/src/cross_group/aos.rs @@ -62,9 +62,9 @@ where #[allow(non_snake_case)] fn nonces(mut transcript: T, nonces: (G0, G1)) -> (G0::Scalar, G1::Scalar) { transcript.domain_separate(b"aos_membership_proof"); - transcript.append_message(b"ring_len", &u8::try_from(RING_LEN).unwrap().to_le_bytes()); - transcript.append_message(b"nonce_0", nonces.0.to_bytes().as_ref()); - transcript.append_message(b"nonce_1", nonces.1.to_bytes().as_ref()); + transcript.append_message(b"ring_len", u8::try_from(RING_LEN).unwrap().to_le_bytes()); + transcript.append_message(b"nonce_0", nonces.0.to_bytes()); + transcript.append_message(b"nonce_1", nonces.1.to_bytes()); mutual_scalar_from_bytes(transcript.challenge(b"challenge").as_ref()) } diff --git a/crypto/dleq/src/cross_group/bits.rs b/crypto/dleq/src/cross_group/bits.rs index 54774cdd..4f14bda7 100644 --- a/crypto/dleq/src/cross_group/bits.rs +++ b/crypto/dleq/src/cross_group/bits.rs @@ -91,9 +91,9 @@ where { fn transcript(transcript: &mut T, i: usize, commitments: (G0, G1)) { transcript.domain_separate(b"bits"); - transcript.append_message(b"group", &u16::try_from(i).unwrap().to_le_bytes()); - transcript.append_message(b"commitment_0", commitments.0.to_bytes().as_ref()); - transcript.append_message(b"commitment_1", commitments.1.to_bytes().as_ref()); + transcript.append_message(b"group", u16::try_from(i).unwrap().to_le_bytes()); + transcript.append_message(b"commitment_0", commitments.0.to_bytes()); + transcript.append_message(b"commitment_1", commitments.1.to_bytes()); } fn ring(pow_2: (G0, G1), commitments: (G0, G1)) -> Vec<(G0, G1)> { diff --git a/crypto/dleq/src/cross_group/mod.rs b/crypto/dleq/src/cross_group/mod.rs index 57444450..17c6f737 100644 --- a/crypto/dleq/src/cross_group/mod.rs +++ b/crypto/dleq/src/cross_group/mod.rs @@ -52,8 +52,8 @@ impl Generators { fn transcript(&self, transcript: &mut T) { transcript.domain_separate(b"generators"); - transcript.append_message(b"primary", self.primary.to_bytes().as_ref()); - transcript.append_message(b"alternate", self.alt.to_bytes().as_ref()); + transcript.append_message(b"primary", self.primary.to_bytes()); + transcript.append_message(b"alternate", self.alt.to_bytes()); } } @@ -153,8 +153,8 @@ where generators.0.transcript(transcript); generators.1.transcript(transcript); transcript.domain_separate(b"points"); - transcript.append_message(b"point_0", keys.0.to_bytes().as_ref()); - transcript.append_message(b"point_1", keys.1.to_bytes().as_ref()); + transcript.append_message(b"point_0", keys.0.to_bytes()); + transcript.append_message(b"point_1", keys.1.to_bytes()); } pub(crate) fn blinding_key( diff --git a/crypto/dleq/src/cross_group/schnorr.rs b/crypto/dleq/src/cross_group/schnorr.rs index 564d868e..04aecba4 100644 --- a/crypto/dleq/src/cross_group/schnorr.rs +++ b/crypto/dleq/src/cross_group/schnorr.rs @@ -30,13 +30,13 @@ impl SchnorrPoK where G::Scalar: PrimeFieldBits + Zeroize, { - // Not hram due to the lack of m + // Not HRAm due to the lack of m #[allow(non_snake_case)] fn hra(transcript: &mut T, generator: G, R: G, A: G) -> G::Scalar { transcript.domain_separate(b"schnorr_proof_of_knowledge"); - transcript.append_message(b"generator", generator.to_bytes().as_ref()); - transcript.append_message(b"nonce", R.to_bytes().as_ref()); - transcript.append_message(b"public_key", A.to_bytes().as_ref()); + transcript.append_message(b"generator", generator.to_bytes()); + transcript.append_message(b"nonce", R.to_bytes()); + transcript.append_message(b"public_key", A.to_bytes()); challenge(transcript) } diff --git a/crypto/dleq/src/lib.rs b/crypto/dleq/src/lib.rs index f170a370..2015d747 100644 --- a/crypto/dleq/src/lib.rs +++ b/crypto/dleq/src/lib.rs @@ -70,9 +70,9 @@ pub struct DLEqProof { #[allow(non_snake_case)] impl DLEqProof { fn transcript(transcript: &mut T, generator: G, nonce: G, point: G) { - transcript.append_message(b"generator", generator.to_bytes().as_ref()); - transcript.append_message(b"nonce", nonce.to_bytes().as_ref()); - transcript.append_message(b"point", point.to_bytes().as_ref()); + transcript.append_message(b"generator", generator.to_bytes()); + transcript.append_message(b"nonce", nonce.to_bytes()); + transcript.append_message(b"point", point.to_bytes()); } pub fn prove( diff --git a/crypto/frost/Cargo.toml b/crypto/frost/Cargo.toml index 471af7ad..00194be1 100644 --- a/crypto/frost/Cargo.toml +++ b/crypto/frost/Cargo.toml @@ -34,7 +34,7 @@ minimal-ed448 = { path = "../ed448", version = "^0.1.2", optional = true } ciphersuite = { path = "../ciphersuite", version = "0.1", features = ["std"] } -transcript = { package = "flexible-transcript", path = "../transcript", features = ["recommended"], version = "^0.1.3" } +transcript = { package = "flexible-transcript", path = "../transcript", version = "0.2", features = ["recommended"] } multiexp = { path = "../multiexp", version = "0.2", features = ["batch"] } diff --git a/crypto/frost/src/algorithm.rs b/crypto/frost/src/algorithm.rs index c4f3ceb8..553b4ca7 100644 --- a/crypto/frost/src/algorithm.rs +++ b/crypto/frost/src/algorithm.rs @@ -93,8 +93,8 @@ impl Transcript for IetfTranscript { fn domain_separate(&mut self, _: &[u8]) {} - fn append_message(&mut self, _: &'static [u8], message: &[u8]) { - self.0.extend(message); + fn append_message>(&mut self, _: &'static [u8], message: M) { + self.0.extend(message.as_ref()); } fn challenge(&mut self, _: &'static [u8]) -> Vec { diff --git a/crypto/frost/src/nonce.rs b/crypto/frost/src/nonce.rs index 4c80060f..0f11acad 100644 --- a/crypto/frost/src/nonce.rs +++ b/crypto/frost/src/nonce.rs @@ -162,8 +162,8 @@ impl Commitments { pub(crate) fn transcript(&self, t: &mut T) { for nonce in &self.nonces { for commitments in &nonce.generators { - t.append_message(b"commitment_D", commitments.0[0].to_bytes().as_ref()); - t.append_message(b"commitment_E", commitments.0[1].to_bytes().as_ref()); + t.append_message(b"commitment_D", commitments.0[0].to_bytes()); + t.append_message(b"commitment_E", commitments.0[1].to_bytes()); } // Transcripting the DLEqs implicitly transcripts the exact generators used for this nonce @@ -215,7 +215,7 @@ impl BindingFactor { pub(crate) fn calculate_binding_factors(&mut self, transcript: &mut T) { for (l, binding) in self.0.iter_mut() { let mut transcript = transcript.clone(); - transcript.append_message(b"participant", C::F::from(u64::from(*l)).to_repr().as_ref()); + transcript.append_message(b"participant", C::F::from(u64::from(*l)).to_repr()); // It *should* be perfectly fine to reuse a binding factor for multiple nonces // This generates a binding factor per nonce just to ensure it never comes up as a question binding.binding_factors = Some( diff --git a/crypto/frost/src/sign.rs b/crypto/frost/src/sign.rs index a6c4c947..bae357eb 100644 --- a/crypto/frost/src/sign.rs +++ b/crypto/frost/src/sign.rs @@ -266,7 +266,7 @@ impl> SignMachine for AlgorithmSignMachi .params .algorithm .transcript() - .append_message(b"participant", C::F::from(u64::from(*l)).to_repr().as_ref()); + .append_message(b"participant", C::F::from(u64::from(*l)).to_repr()); } if *l == self.params.keys.params().i() { @@ -277,7 +277,7 @@ impl> SignMachine for AlgorithmSignMachi { let mut buf = vec![]; addendum.write(&mut buf).unwrap(); - self.params.algorithm.transcript().append_message(b"addendum", &buf); + self.params.algorithm.transcript().append_message(b"addendum", buf); } B.insert(*l, commitments); @@ -288,7 +288,7 @@ impl> SignMachine for AlgorithmSignMachi { let mut buf = vec![]; preprocess.addendum.write(&mut buf).unwrap(); - self.params.algorithm.transcript().append_message(b"addendum", &buf); + self.params.algorithm.transcript().append_message(b"addendum", buf); } B.insert(*l, preprocess.commitments); @@ -298,7 +298,7 @@ impl> SignMachine for AlgorithmSignMachi // Re-format into the FROST-expected rho transcript let mut rho_transcript = A::Transcript::new(b"FROST_rho"); - rho_transcript.append_message(b"message", &C::hash_msg(msg)); + rho_transcript.append_message(b"message", C::hash_msg(msg)); rho_transcript.append_message( b"preprocesses", &C::hash_commitments( @@ -317,7 +317,7 @@ impl> SignMachine for AlgorithmSignMachi // While further code edits would still be required for such a model (having the offset // communicated as a point along with only a single party applying the offset), this means // it wouldn't require a transcript change as well - rho_transcript.append_message(b"offset", (C::generator() * offset).to_bytes().as_ref()); + rho_transcript.append_message(b"offset", (C::generator() * offset).to_bytes()); } // Generate the per-signer binding factors @@ -329,7 +329,7 @@ impl> SignMachine for AlgorithmSignMachi .params .algorithm .transcript() - .append_message(b"rho_transcript", rho_transcript.challenge(b"merge").as_ref()); + .append_message(b"rho_transcript", rho_transcript.challenge(b"merge")); } #[allow(non_snake_case)] diff --git a/crypto/transcript/Cargo.toml b/crypto/transcript/Cargo.toml index 6cffcd94..b75d7173 100644 --- a/crypto/transcript/Cargo.toml +++ b/crypto/transcript/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "flexible-transcript" -version = "0.1.3" +version = "0.2.0" description = "A simple transcript trait definition, along with viable options" license = "MIT" repository = "https://github.com/serai-dex/serai/tree/develop/crypto/transcript" diff --git a/crypto/transcript/src/lib.rs b/crypto/transcript/src/lib.rs index 72324171..b961038a 100644 --- a/crypto/transcript/src/lib.rs +++ b/crypto/transcript/src/lib.rs @@ -18,7 +18,7 @@ pub trait Transcript { fn domain_separate(&mut self, label: &'static [u8]); /// Append a message to the transcript. - fn append_message(&mut self, label: &'static [u8], message: &[u8]); + fn append_message>(&mut self, label: &'static [u8], message: M); /// Produce a challenge. This MUST update the transcript as it does so, preventing the same /// challenge from being generated multiple times. @@ -77,13 +77,13 @@ impl Transcript for DigestTranscript { res } - fn domain_separate(&mut self, label: &[u8]) { + fn domain_separate(&mut self, label: &'static [u8]) { self.append(DigestTranscriptMember::Domain, label); } - fn append_message(&mut self, label: &'static [u8], message: &[u8]) { + fn append_message>(&mut self, label: &'static [u8], message: M) { self.append(DigestTranscriptMember::Label, label); - self.append(DigestTranscriptMember::Value, message); + self.append(DigestTranscriptMember::Value, message.as_ref()); } fn challenge(&mut self, label: &'static [u8]) -> Self::Challenge { diff --git a/crypto/transcript/src/merlin.rs b/crypto/transcript/src/merlin.rs index 242c0249..79f50858 100644 --- a/crypto/transcript/src/merlin.rs +++ b/crypto/transcript/src/merlin.rs @@ -27,8 +27,8 @@ impl Transcript for MerlinTranscript { self.append_message(b"dom-sep", label); } - fn append_message(&mut self, label: &'static [u8], message: &[u8]) { - self.0.append_message(label, message); + fn append_message>(&mut self, label: &'static [u8], message: M) { + self.0.append_message(label, message.as_ref()); } fn challenge(&mut self, label: &'static [u8]) -> Self::Challenge { diff --git a/processor/src/wallet.rs b/processor/src/wallet.rs index 82fadc8a..89bc90f7 100644 --- a/processor/src/wallet.rs +++ b/processor/src/wallet.rs @@ -39,7 +39,7 @@ impl WalletKeys { let mut transcript = RecommendedTranscript::new(DST); transcript.append_message(b"chain", chain); transcript.append_message(b"curve", C::ID); - transcript.append_message(b"group_key", self.keys.group_key().to_bytes().as_ref()); + transcript.append_message(b"group_key", self.keys.group_key().to_bytes()); self.keys.offset(::hash_to_F(DST, &transcript.challenge(b"offset"))) } } @@ -314,12 +314,12 @@ impl Wallet { // Create the transcript for this transaction let mut transcript = RecommendedTranscript::new(b"Serai Processor Wallet Send"); transcript - .append_message(b"canonical_block", &u64::try_from(canonical).unwrap().to_le_bytes()); + .append_message(b"canonical_block", u64::try_from(canonical).unwrap().to_le_bytes()); transcript.append_message( b"acknowledged_block", - &u64::try_from(acknowledged_block).unwrap().to_le_bytes(), + u64::try_from(acknowledged_block).unwrap().to_le_bytes(), ); - transcript.append_message(b"index", &u64::try_from(txs.len()).unwrap().to_le_bytes()); + transcript.append_message(b"index", u64::try_from(txs.len()).unwrap().to_le_bytes()); let tx = self .coin