Commit graph

388 commits

Author SHA1 Message Date
Luke Parker
00d61286b1
Lint Monero serialization 2022-08-21 04:41:55 -04:00
Luke Parker
76db682a25
Replace static Scalar with a uint conversion in BP+ 2022-08-21 00:46:23 -04:00
Luke Parker
f319966dca
Lint Getting Started document 2022-08-21 00:45:41 -04:00
TheArchitect108
74e2d230e8
Simple getting started doc (#91)
* simple getting started doc

* Swap Old Ubuntu and Solc

* Fixes indents and removes OS preferences

* drops indents from code blocks
2022-08-20 23:26:16 -05:00
Luke Parker
c53e7ad6c7
Bump dalek-ff-group version 2022-08-18 17:11:55 -04:00
J. Burfeind
a2aa182cc4
Conditional negate (#90)
* Reorder tests in dalek-ff-group

* Add required method for ConditionallyNegatable

Adds lifetime bound implementation `Neg`
for borrowed FieldElements in dalek-ff-group.
2022-08-18 15:02:31 -05:00
aiyion.prime
45912d6837 Add implementation for sqrt_ratio_i()
in dalek-ff-group
2022-08-18 13:38:57 -05:00
Luke Parker
0543f3c469
Patch Benchmark 2022-08-16 17:43:46 -04:00
Luke Parker
f809827acd
cargo update
Fixes https://github.com/serai-dex/serai/issues/82.
2022-08-16 03:44:32 -04:00
Luke Parker
a73bcc908f
Add missing test annotation 2022-08-13 19:43:43 -04:00
Luke Parker
75c3cdc5af
Comment the previous commit
Despite the intentions of https://github.com/serai-dex/serai/issues/85, 
it failed to be practically faster :/

Updates a DLEq test to be better as well.
2022-08-13 19:43:18 -04:00
Luke Parker
062cd77a98
Close https://github.com/serai-dex/serai/issues/85 2022-08-13 19:21:12 -04:00
Luke Parker
5d7798c5fb
FROST clippy 2022-08-13 09:46:54 -04:00
Luke Parker
280fc441a7
Lint FROST
Corrects ertrors introduced a couple commits ago as well.
2022-08-13 08:50:59 -04:00
Luke Parker
454b73aec3
Add FROST key promotion
Closes https://github.com/serai-dex/serai/issues/72.

Adds a trait, with a commented impl for a semi-unsafe niche feature, 
which will be used in https://github.com/serai-dex/serai/issues/73.
2022-08-13 08:50:59 -04:00
Luke Parker
885d816309
Use a non-constant generator in FROST 2022-08-13 08:50:59 -04:00
Luke Parker
6f776ff004
Recalculate the group key instead of serializing it
Solves an issue with promotion.
2022-08-13 08:50:59 -04:00
Luke Parker
73205c5f96
Transcript the offset as a point
Potentially improves privacy with the reversion to a coordinator 
setting, where the coordinator is the only party with the offset. While 
any signer (or anyone) can claim key A relates to B, they can't prove it 
without the discrete log of the offset. This enables creating a signing 
process without a known offset, while maintaining a consistent 
transcript format.

Doesn't affect security given a static generator. Does have a slight 
effect on performance.
2022-08-13 08:50:59 -04:00
J. Burfeind
a58b3a133c
Add implementation for is_odd() (#79)
in dalek-ff-group

Co-authored-by: Luke Parker <lukeparker5132@gmail.com>
2022-08-12 15:05:48 -05:00
J. Burfeind
169d5e26ca
Add constant EDWARDS_D in dalek-ff-group (#78) 2022-08-12 15:00:55 -05:00
Luke Parker
96a49d8a88
Remove unnecessary parentheses 2022-08-12 15:53:48 -04:00
Luke Parker
a423c23c1e
Use zeroize instead of 0-sets 2022-08-12 01:14:13 -04:00
Luke Parker
42a3d38b48
Zeroize buffer used in Scalar::from_hash
from_hash is frequently used for private key/nonce generation, making 
this buffer a copy of private keys/nonces.
2022-08-04 14:40:54 -04:00
Luke Parker
797be71eb3
Utilize zeroize (#76)
* Apply Zeroize to nonces used in Bulletproofs

Also makes bit decomposition constant time for a given amount of 
outputs.

* Fix nonce reuse for single-signer CLSAG

* Attach Zeroize to most structures in Monero, and ZOnDrop to anything with private data

* Zeroize private keys and nonces

* Merge prepare_outputs and prepare_transactions

* Ensure CLSAG is constant time

* Pass by borrow where needed, bug fixes

The past few commitments have been one in-progress chunk which I've 
broken up as best read.

* Add Zeroize to FROST structs

Still needs to zeroize internally, yet next step. Not quite as 
aggressive as Monero, partially due to the limitations of HashMaps, 
partially due to less concern about metadata, yet does still delete a 
few smaller items of metadata (group key, context string...).

* Remove Zeroize from most Monero multisig structs

These structs largely didn't have private data, just fields with private 
data, yet those fields implemented ZeroizeOnDrop making them already 
covered. While there is still traces of the transaction left in RAM, 
fully purging that was never the intent.

* Use Zeroize within dleq

bitvec doesn't offer Zeroize, so a manual zeroing has been implemented.

* Use Zeroize for random_nonce

It isn't perfect, due to the inability to zeroize the digest, and due to 
kp256 requiring a few transformations. It does the best it can though.

Does move the per-curve random_nonce to a provided one, which is allowed 
as of https://github.com/cfrg/draft-irtf-cfrg-frost/pull/231.

* Use Zeroize on FROST keygen/signing

* Zeroize constant time multiexp.

* Correct when FROST keygen zeroizes

* Move the FROST keys Arc into FrostKeys

Reduces amount of instances in memory.

* Manually implement Debug for FrostCore to not leak the secret share

* Misc bug fixes

* clippy + multiexp test bug fixes

* Correct FROST key gen share summation

It leaked our own share for ourself.

* Fix cross-group DLEq tests
2022-08-03 03:25:18 -05:00
Luke Parker
a30568ff57
Add init function for BP statics
Considering they take 7 seconds to generate, thanks to #68, the ability 
to generate them at the start instead of on first BP is greatly 
appreciated.

Also performs minor cleanups regarding BPs.
2022-08-02 15:52:27 -04:00
Luke Parker
9221dbf048
Bulletproofs+ Verification 2022-08-01 23:30:24 -04:00
Luke Parker
d07fe34a24
Reorganize bulletproofs 2022-07-31 23:12:45 -04:00
Luke Parker
1c4707136c
Ban unreduced points in Monero 2022-07-31 22:46:46 -04:00
Luke Parker
6340607827
BP Verification (#75)
* Use a struct in an enum for Bulletproofs

* verification bp working for just one proof

* add some more assert tests

* Clean BP verification

* Implement batch verification

* Add a debug assertion w_cache isn't 0

It's initially set to 0 and if not updated, this would be broken.

* Correct Monero workflow yaml

* Again try to corrent Monero workflow yaml

* Again

* Finally

* Re-apply weights as required by Bulletproofs

Removing these was insecure and my fault.

Co-authored-by: DangerousFreedom <dangfreed@tutanota.com>
2022-07-31 21:45:53 -05:00
Luke Parker
0453b6cbc1
Correct Monero workflow yaml 2022-07-30 19:32:27 -04:00
Luke Parker
8f76e67f57
Rename dleq-serai to dleq 2022-07-30 18:35:39 -04:00
Luke Parker
aeb85b47ba
Reduce amount of tests run in monero-tests 2022-07-30 04:49:55 -04:00
Luke Parker
534f951165
Consolidate GitHub CI actions, split out Monero (#71)
* Consolidate GitHub CI actions, split out Monero

build now includes the specified Rust toolchain/components.

Added a test dependencies action which grabs Foundry and Monero.

Split the Monero v14 job into a matrixed job in its own workflow flow. 
It's now only run when Monero has changes.

* Correct Monero unit/integration tests run timing

Additionally tests a feature-less Monero build.

Also removes a pointless Monero file, which already should have been 
removed, causing this workflow to be triggered.

* Correct exclusion and paths

Updates to FROST should re-run the Monero tests to ensure it didn't 
introduce API incompatibilities.
2022-07-29 09:36:09 -05:00
Luke Parker
33c55b8506
Extend the test workflow to also test against Monero v14 (v0.17) 2022-07-28 23:31:27 -04:00
Luke Parker
bba93a64c2
Implement view tags 2022-07-27 06:29:14 -04:00
Luke Parker
755dc84859
Replace rand with rand_core where possible
Turns out rand_core offers OsRng.
2022-07-27 05:45:08 -04:00
Luke Parker
023afaf7ce
Bulletproofs+ (#70)
* Initial stab at Bulletproofs+

Does move around the existing Bulletproofs code, does still work as 
expected.

* Make the Clsag RCTPrunable type work with BP and BP+

* Initial set of BP+ bug fixes

* Further bug fixes

* Remove RING_LEN as a constant

* Monero v16 TX support

Doesn't implement view tags, nor going back to v14, nor the updated BP 
clawback logic.

* Support v14 and v16 at the same time
2022-07-27 04:05:43 -05:00
Luke Parker
37b8e3c025
Modularize Bulletproofs in prep for BP+ 2022-07-26 08:06:56 -04:00
Luke Parker
60e15d5160
Remove re-calculation of N
Moves most BP assertions to debug.
2022-07-26 05:31:15 -04:00
Luke Parker
7d9834be87
Correct clippy, remove Monero build depends 2022-07-26 03:48:46 -04:00
Luke Parker
696da8228e
Remove Monero as a dependency
Introduces missing CLSAG checks. The only difference now should be the 
additional rejection of torsioned points, which is relevant to 
https://github.com/serai-dex/serai/issues/25. Considering this is only 
currently used for FROST verification, this should be fine.

Closes https://github.com/serai-dex/serai/issues/19 by making it 
irrelevant.

Increases priority of https://github.com/serai-dex/serai/issues/68, as 
now it's used for the BP generators which are done at first-proof.

Also merges BP's stricter hash_to_point with the library's, since CLSAG 
has the same bound.
2022-07-26 03:25:57 -04:00
Luke Parker
ee29f6d6d8
Implement Bulletproofs in Rust (#69)
* Initial attempt at Bulletproofs

I don't know why this doesn't work. The generators and hash_cache lines
up without issue. AFAICT, the inner product proof is valid as well, as
are all included formulas.

* Add yinvpow asserts

* Clean code

* Correct bad imports

* Fix the definition of TWO_N

Bulletproofs work now :D

* Tidy up a bit

* fmt + clippy

* Compile a variety of XMR dependencies with optimizations, even under dev

The Rust bulletproof implementation is 8% slower than C right now, under 
release. This is acceptable, even if suboptimal. Under debug, they take 
a quarter of a second to two seconds though, depending on the amount of 
outputs, which justifies this move.

* Remove unnecessary deref in BPs
2022-07-26 02:05:15 -05:00
Luke Parker
3711e13009
Remove old duplicates of the AGPL-3.0 2022-07-24 09:33:08 -04:00
Luke Parker
f25bd88030
Test bulletproof creation and verification 2022-07-24 09:00:55 -04:00
Luke Parker
10ab467160
Don't use a constant for H yet re-calculate it 2022-07-24 08:57:33 -04:00
Luke Parker
1362764b2b
Only cache cargo registry and git 2022-07-23 07:10:25 -04:00
Luke Parker
18a1d15f78
Use composite actions in CI (#65)
* Attempt composite actions in CI

* Remove needs monero-daemon for the action

* Correct actions folder layout

* Remove empty inputs/outputs, add shell

* Try moving env declaration spot

* Remove usage of env

* Cached Rust composite action

* Replace [] with ""

Remove empty outputs
2022-07-23 06:05:31 -05:00
Luke Parker
bb3ffa9021
Add social links to the README 2022-07-23 05:20:36 -04:00
Luke Parker
5b80ead18c
Remove the build CI task now
It's identical to test, except it doesn't grab Foundry nor spawn a 
Monero regtest daemon. It doubles the amount of time test takes though, 
as it's doing everything twice.

While it may have value as a component, we're not using it like that 
right now, and if desired, we could add it back. While it may have value 
to produce binaries, we're note doing that either, and it wasn't 
building in release.
2022-07-23 05:07:13 -04:00
Luke Parker
42d62c38b9
Remove the Monero build (#64)
* Remove the Monero CMake and make

* Download the Monero daemon instead of building it

* Cache the Monero daemon

Prevents hammering the Monero servers, should reduce CI time.

* Correct YAML

* Add back sodium-dev

* Create an independent job for downloading the Monero daemon

Improves parallelism while decreasing the amount of work re-done if 
build fails. Also increases modularity.

* Correct Monero job definition

* Correct skipping the Monero download on cache hit
2022-07-23 03:35:32 -05:00