Commit graph

173 commits

Author SHA1 Message Date
Luke Parker
4edba7eb7a
Cite #151 in the dkg TODOs 2022-12-07 18:10:20 -05:00
Luke Parker
6787e44664
Minor bug fix which missed the last commit 2022-12-07 17:41:07 -05:00
Luke Parker
13977f6287
Clean and document the DKG library's encryption
Encryption used to be inlined into FROST. When writing the documentation, I
realized it was decently hard to review. It also was antagonistic to other
hosted DKG algorithms by not allowing code re-use.

Encryption is now a standalone module, providing clear boundaries and
reusability.

Additionally, the DKG protocol itself used to use the ciphersuite's specified
hash function (with an HKDF to prevent length extension attacks). Now,
RecommendedTranscript is used to achieve much more robust transcripting and
remove the HKDF dependency. This does add Blake2 into all consumers yet is
preferred for its security properties and ease of review.
2022-12-07 17:30:42 -05:00
Luke Parker
0ca52a36ee
Restore type complexity checks in CI
Passes due to the remaining type complexity cases being explicitly allowed.
2022-12-01 17:50:52 -05:00
Luke Parker
138f7cdfa4
Correct dev-dependencies for modular-frost 2022-11-14 19:20:56 -05:00
Luke Parker
b85801b524
Correct the MerlinTranscript Debug impl 2022-11-11 07:07:42 -05:00
Luke Parker
84de427d72
Fix https://github.com/serai-dex/serai/issues/150 2022-11-10 22:35:09 -05:00
Luke Parker
d714f2202d
Document multiexp
Bumps the crate version to enable publishing.
2022-11-07 18:31:20 -05:00
Luke Parker
8de465af87
Have Transcript::append_message take in AsRef<[u8]>, not &[u8]
Simplifies calling it.
2022-11-05 18:43:36 -04:00
Luke Parker
5977aeb489
Implement Schnorr half-aggregation from https://eprint.iacr.org/2021/350.pdf
Relevant to https://github.com/serai-dex/serai/issues/99.
2022-11-04 08:04:49 -04:00
github-actions[bot]
8e53522780
November 2022 - Rust Nightly Update (#144)
* Update nightly

* Have the latest nightly clippy pass

Co-authored-by: GitHub Actions <>
Co-authored-by: Luke Parker <lukeparker5132@gmail.com>
2022-11-01 00:03:36 -05:00
Luke Parker
e67e406d95
Correct ed448 versioning 2022-10-29 05:25:58 -04:00
Luke Parker
43e38e463f
Update FROST version 2022-10-29 05:14:29 -04:00
Luke Parker
1464eefbe3
Correct dleq's zeroize dependency 2022-10-29 05:13:20 -04:00
Luke Parker
6eaed17952
Inline FROST processing functions into the machines' impls
This was done for the DKG and this similarly cleans up here.
2022-10-29 05:10:07 -04:00
Luke Parker
2379855b31
Create a dedicated crate for the DKG (#141)
* Add dkg crate

* Remove F_len and G_len

They're generally no longer used.

* Replace hash_to_vec with a provided method around associated type H: Digest

Part of trying to minimize this trait so it can be moved elsewhere. Vec, 
which isn't std, may have been a blocker.

* Encrypt secret shares within the FROST library

Reduces requirements on callers in order to be correct.

* Update usage of Zeroize within FROST

* Inline functions in key_gen

There was no reason to have them separated as they were. sign probably 
has the same statement available, yet that isn't the focus right now.

* Add a ciphersuite package which provides hash_to_F

* Set the Ciphersuite version to something valid

* Have ed448 export Scalar/FieldElement/Point at the top level

* Move FROST over to Ciphersuite

* Correct usage of ff in ciphersuite

* Correct documentation handling

* Move Schnorr signatures to their own crate

* Remove unused feature from schnorr

* Fix Schnorr tests

* Split DKG into a separate crate

* Add serialize to Commitments and SecretShare

Helper for buf = vec![]; .write(buf).unwrap(); buf

* Move FROST over to the new dkg crate

* Update Monero lib to latest FROST

* Correct ethereum's usage of features

* Add serialize to GeneratorProof

* Add serialize helper function to FROST

* Rename AddendumSerialize to WriteAddendum

* Update processor

* Slight fix to processor
2022-10-29 03:54:42 -05:00
Luke Parker
cbceaff678
Create dedicated message structures for FROST messages (#140)
* Create message types for FROST key gen

Taking in reader borrows absolutely wasn't feasible. Now, proper types
which can be read (and then passed directly, without a mutable borrow)
exist for key_gen. sign coming next.

* Move FROST signing to messages, not Readers/Writers/Vec<u8>

Also takes the nonce handling code and makes a dedicated file for it, 
aiming to resolve complex types and make the code more legible by 
replacing its previously inlined state.

* clippy

* Update FROST tests

* read_signature_share

* Update the Monero library to the new FROST packages

* Update processor to latest FROST

* Tweaks to terminology and documentation
2022-10-25 23:17:25 -05:00
Luke Parker
19488cf446
Fill out Cargo.tomls
Updated missing fields/sections, even if some won't be used, to 
standardize.

Also made FROST tests feature-gated.
2022-10-15 23:46:22 -04:00
Luke Parker
9d376d29e1
Bump FROST version to publish a v11-compliant lib 2022-10-15 22:34:12 -04:00
Luke Parker
a0a54eb0de
Update to FROST v11
Ensures random functions never return zero. This, combined with a check 
commitments aren't 0, causes no serialized elements to be 0.

Also directly reads their vectors.
2022-10-13 00:38:36 -04:00
Luke Parker
2b7c9378c0
Update to FROST v10
Further expands documentation to near-completion.
2022-09-29 07:08:20 -04:00
Luke Parker
7870084b9e
Add further FROST documentation 2022-09-29 06:02:43 -04:00
Luke Parker
8d9315b797
Use HashMarker for Transcript and when generating scalars from digests 2022-09-29 05:33:46 -04:00
Luke Parker
ca091a5f04
Expand and correct documentation 2022-09-29 05:25:29 -04:00
Luke Parker
19cd609cba
Use doc_auto_cfg 2022-09-29 04:47:55 -04:00
Luke Parker
8b0f0a3713
Publish an alpha version of the Monero crate (#123)
* Label the version as an alpha

* Add versions to Cargo.tomls

* Update to Zeroize 1.5

* Drop patch versions from monero-serai Cargo.toml

* Add a repository field

* Move generators to OUT_DIR

IIRC, I didn't do this originally as it constantly re-generated them. 
Unfortunately, since cargo is complaining about .generators, we have to.

* Remove Timelock::fee_weight

Transaction::fee_weight's has a comment, "Assumes Timelock::None since 
this library won't let you create a TX with a timelock". Accordingly, 
this is dead code.
2022-09-29 01:24:33 -05:00
Luke Parker
fd48bbd15e
Initial documentation for the Monero libraries (#122)
* Document all features

* Largely document the Monero libraries

Relevant to https://github.com/serai-dex/serai/issues/103 and likely 
sufficient to get this removed from 
https://github.com/serai-dex/serai/issues/102.
2022-09-28 07:44:49 -05:00
Luke Parker
b2f6c23e2f
clippy --all-features 2022-09-17 06:07:49 -04:00
Luke Parker
65c20638ce
fmt/clippy 2022-09-17 04:35:08 -04:00
Luke Parker
7d4fcdea9e
Update FROST Ed448 per request 2022-09-16 12:16:37 -04:00
Luke Parker
31b64b3082
Update according to the latest clippy 2022-09-04 21:23:38 -04:00
Luke Parker
73566e756d
Minimize use of lazy_static in ed448
Increases usage of const values along with overall Field impl sanity 
with regards to the crypto_bigint backend.
2022-08-31 03:33:19 -04:00
Luke Parker
a59bbe7635
Impl is_odd for dfg::Scalar 2022-08-31 01:05:30 -04:00
Luke Parker
cc0c6fb5ac
Apply the optimized pow to dalek-ff-group
Saves ~40% from Monero hash_to_curve, assisting with #68.
2022-08-31 00:57:23 -04:00
Luke Parker
c5256d9b06
Use ChaCha20 instead of ChaCha12
Despite being slower and only used for blinding values, its still 
extremely performant. 20 is far more standard and will avoid an eye 
raise from reviewers.
2022-08-30 20:01:46 -04:00
Luke Parker
ee6316b26b
Use a Group::random which doesn't have a known DL
While Group::random shouldn't be used instead of a hash to curve, anyone 
who did would've previously been insecure and now isn't.

Could've done a recover_x and a raw Point construction, followed by a 
cofactor mul, to avoid the serialization, yet the serialization ensures 
full validity under the standard from_bytes function. THis also doesn't 
need to be micro-optimized.
2022-08-29 13:02:20 -04:00
Luke Parker
b97713aac7
Add unnecessary imports to the Ed448 backend to enable publishing
Doesn't change dependencies.
2022-08-29 03:49:40 -04:00
Luke Parker
d6a31863c4
Version bump dalek-ff-group 2022-08-29 03:46:48 -04:00
Luke Parker
081b9a1975
FROST Ed448 (#107)
* Theoretical ed448 impl

* Fixes

* Basic tests

* More efficient scalarmul

Precomputes a table to minimize additions required.

* Add a torsion test

* Split into a constant and variable time backend

The variable time one is still far too slow, at 53s for the tests (~5s a 
scalarmul). It should be usable as a PoC though.

* Rename unsafe Ed448

It's not only unworthy of the Serai branding and deserves more clarity
in the name.

* Add wide reduction to ed448

* Add Zeroize to Ed448

* Rename Ed448 group.rs to point.rs

* Minor lint to FROST

* Ed448 ciphersuite with 8032 test vector

* Macro out the backend fields

* Slight efficiency improvement to point decompression

* Disable the multiexp test in FROST for Ed448

* fmt + clippy ed448

* Fix an infinite loop in the constant time ed448 backend

* Add b"chal" to the 8032 context string for Ed448

Successfully tests against proposed vectors for the FROST IETF draft.

* Fix fmt and clippy

* Use a tabled pow algorithm in ed448's const backend

* Slight tweaks to variable time backend

Stop from_repr(MODULUS) from passing.

* Use extended points

Almost two orders of magnitude faster.

* Efficient ed448 doubling

* Remove the variable time backend

With the recent performance improvements, the constant time backend is 
now 4x faster than the variable time backend was. While the variable 
time backend remains much faster, and the constant time backend is still 
slow compared to other libraries, it's sufficiently performant now.

The FROST test, which runs a series of multiexps over the curve, does 
take 218.26s while Ristretto takes 1 and secp256k1 takes 4.57s.

While 50x slower than secp256k1 is horrible, it's ~1.5 orders of 
magntiude, which is close enough to the desire stated in 
https://github.com/serai-dex/serai/issues/108 to meet it.

Largely makes this library safe to use.

* Correct constants in ed448

* Rename unsafe-ed448 to minimal-ed448

Enables all FROST tests against it.

* No longer require the hazmat feature to use ed448

* Remove extraneous as_refs
2022-08-29 02:32:59 -05:00
Luke Parker
f71f19e26c
Add a repository field to the DLEq Cargo.toml 2022-08-26 09:10:34 -04:00
Luke Parker
33ee6b7a02
Bump FROST version 2022-08-26 09:09:18 -04:00
Luke Parker
a8a00598e4
Update to FROST v8 2022-08-26 05:59:43 -04:00
Luke Parker
c53e7ad6c7
Bump dalek-ff-group version 2022-08-18 17:11:55 -04:00
J. Burfeind
a2aa182cc4
Conditional negate (#90)
* Reorder tests in dalek-ff-group

* Add required method for ConditionallyNegatable

Adds lifetime bound implementation `Neg`
for borrowed FieldElements in dalek-ff-group.
2022-08-18 15:02:31 -05:00
aiyion.prime
45912d6837 Add implementation for sqrt_ratio_i()
in dalek-ff-group
2022-08-18 13:38:57 -05:00
Luke Parker
a73bcc908f
Add missing test annotation 2022-08-13 19:43:43 -04:00
Luke Parker
75c3cdc5af
Comment the previous commit
Despite the intentions of https://github.com/serai-dex/serai/issues/85, 
it failed to be practically faster :/

Updates a DLEq test to be better as well.
2022-08-13 19:43:18 -04:00
Luke Parker
062cd77a98
Close https://github.com/serai-dex/serai/issues/85 2022-08-13 19:21:12 -04:00
Luke Parker
5d7798c5fb
FROST clippy 2022-08-13 09:46:54 -04:00
Luke Parker
280fc441a7
Lint FROST
Corrects ertrors introduced a couple commits ago as well.
2022-08-13 08:50:59 -04:00