diff --git a/coins/monero/Cargo.toml b/coins/monero/Cargo.toml index 121e4cca..8d9256f8 100644 --- a/coins/monero/Cargo.toml +++ b/coins/monero/Cargo.toml @@ -19,8 +19,8 @@ curve25519-dalek = { version = "3.2", features = ["std", "simd_backend"] } ff = { version = "0.11", optional = true } group = { version = "0.11", optional = true } -dalek-ff-group = { path = "../dalek-ff-group", optional = true } -frost = { path = "../frost", optional = true } +dalek-ff-group = { path = "../../sign/dalek-ff-group", optional = true } +frost = { path = "../../sign/frost", optional = true } monero = "0.16.0" # Locked to this specific patch version due to a bug we compensate for diff --git a/coins/monero/build.rs b/coins/monero/build.rs index 618373c7..b5b3cd24 100644 --- a/coins/monero/build.rs +++ b/coins/monero/build.rs @@ -38,7 +38,8 @@ fn main() { println!("cargo:rerun-if-env-changed=OUT_DIR"); if !Path::new( &format!( - "c/monero/src/crypto/{}cncrypto.{}", + "{}/{}cncrypto.{}", + out_dir, &env::consts::DLL_PREFIX, &env::consts::DLL_EXTENSION ) diff --git a/coins/monero/src/clsag/multisig.rs b/coins/monero/src/clsag/multisig.rs index 40e254a5..a86c7e4a 100644 --- a/coins/monero/src/clsag/multisig.rs +++ b/coins/monero/src/clsag/multisig.rs @@ -1,6 +1,6 @@ use rand_core::{RngCore, CryptoRng}; -use blake2::{Digest, Blake2b512}; +use blake2::{digest::Update, Digest, Blake2b512}; use curve25519_dalek::{ constants::ED25519_BASEPOINT_TABLE, @@ -154,7 +154,7 @@ impl Algorithm for Multisig { ) -> dfg::Scalar { // Use everyone's commitments to derive a random source all signers can agree upon // Cannot be manipulated to effect and all signers must, and will, know this - let rand_source = Keccak::v512() + let rand_source = Blake2b512::new() .chain("clsag_randomness") .chain(&self.b) .finalize() @@ -191,7 +191,7 @@ impl Algorithm for Multisig { let mut clsag = interim.clsag.clone(); clsag.s[self.ssr.i] = Key { key: s.to_bytes() }; - if verify(&clsag, self.image, &self.ssr.ring, &self.msg, interim.C_out).is_ok() { + if verify(&clsag, self.image, &self.msg, &self.ssr.ring, interim.C_out).is_ok() { return Some((clsag, interim.C_out)); } return None; diff --git a/coins/monero/src/frost.rs b/coins/monero/src/frost.rs index 41d674ce..648a9b87 100644 --- a/coins/monero/src/frost.rs +++ b/coins/monero/src/frost.rs @@ -2,7 +2,7 @@ use core::convert::TryInto; use rand_core::{RngCore, CryptoRng}; -use blake2::{Digest, Blake2b512}; +use blake2::{digest::Update, Digest, Blake2b512}; use curve25519_dalek::{ constants::ED25519_BASEPOINT_TABLE as DTable, @@ -49,7 +49,7 @@ impl Curve for Ed25519 { } fn hash_msg(msg: &[u8]) -> Vec { - Blake2b512::digest(msg) + Blake2b512::digest(msg).to_vec() } fn hash_to_F(data: &[u8]) -> Self::F { @@ -120,13 +120,13 @@ impl DLEqProof { let R1 = &DTable * &r; let R2 = r * H; - let c = DScalar::from_hash( + let c = dfg::Scalar::from_hash( Blake2b512::new() .chain(R1.compress().to_bytes()) .chain(R2.compress().to_bytes()) .chain((secret * &DTable).compress().to_bytes()) .chain(alt.compress().to_bytes()) - ); + ).0; let s = r + (c * secret); DLEqProof { s, c } @@ -144,13 +144,13 @@ impl DLEqProof { let R1 = (&s * &DTable) - (c * primary); let R2 = (s * H) - (c * alt); - let expected_c = DScalar::from_hash( + let expected_c = dfg::Scalar::from_hash( Blake2b512::new() .chain(R1.compress().to_bytes()) .chain(R2.compress().to_bytes()) .chain(primary.compress().to_bytes()) .chain(alt.compress().to_bytes()) - ); + ).0; // Take the opportunity to ensure a lack of torsion in key images/randomness commitments if (!primary.is_torsion_free()) || (!alt.is_torsion_free()) || (c != expected_c) {