Commit graph

8 commits

Author SHA1 Message Date
Luke Parker
03e759b1fd
Fix DigestTranscript to be secure
Collisions were possible depending on static label substrings. Now, 
labels are prefixed by their length to prevent this from being possible. 
All variables are also flagged by their type, preventing other potential 
conflicts.
2022-06-24 08:42:38 -04:00
Luke Parker
e4fc469e58
Use a transcript when generating the per-chain binding for a given set of keys
While it was fine as-is, as it only had one variable length property, 
this is a bit more robust. Also binds the Curve ID, which should declare 
differently even for just different basepoints, and therefore adds two 
variable length properties (justifying the transcript).
2022-06-03 01:37:12 -04:00
Luke Parker
7b4c5dbe52
Remove rng_seed's additional entropy
It was never used as we derive entropy via the other fields in the 
transcript, and explicitly add fields directly as needed for entropy.

Also drops an unused crate and corrects a bug in FROST's Schnorr 
implementation which used the Group's generator, instead of the Curve's.

Also updates the Monero crate's description.
2022-05-31 02:12:14 -04:00
Luke Parker
d67d6f2f98
Add PartialEq to structs 2022-05-25 00:21:01 -04:00
Luke Parker
964cb357e6
Use a global transcript 2022-05-06 07:33:08 -04:00
Luke Parker
cc9c2e0d40
Use dom-sep tags in the transcripts
Also simplifies form in some places
2022-05-06 01:35:23 -04:00
Luke Parker
9a42391b75
Cleanup which makes transcript optional, only required for multisig 2022-05-03 08:49:46 -04:00
Luke Parker
bf257b3a1f
Transcript crate with both a merlin backend and a basic label len value backend
Moves binding factor/seeded RNGs over to the transcripts.
2022-05-03 07:20:24 -04:00