Skip to content

Commit

Permalink
update to frost-rerandomized 1.0.0-rc.0 (#92)
Browse files Browse the repository at this point in the history
* update to frost-rerandomized close to 1.0.0-rc.0

* point to 1.0.0-rc.0
  • Loading branch information
conradoplg authored Nov 22, 2023
1 parent 25ca7c2 commit 397f501
Show file tree
Hide file tree
Showing 10 changed files with 87 additions and 65 deletions.
14 changes: 7 additions & 7 deletions Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 2 additions & 2 deletions Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ pasta_curves = { version = "0.5", default-features = false }
rand_core = { version = "0.6", default-features = false }
serde = { version = "1", optional = true, features = ["derive"] }
thiserror = { version = "1.0", optional = true }
frost-rerandomized = { version = "0.7.0", optional = true }
frost-rerandomized = { version = "1.0.0-rc.0", optional = true }

[dependencies.zeroize]
version = "1"
Expand All @@ -50,7 +50,7 @@ rand_chacha = "0.3"
serde_json = "1.0"
num-bigint = "0.4.3"
num-traits = "0.2.17"
frost-rerandomized = { version = "0.7.0", features = ["test-impl"] }
frost-rerandomized = { version = "1.0.0-rc.0", features = ["test-impl"] }

# `alloc` is only used in test code
[dev-dependencies.pasta_curves]
Expand Down
25 changes: 18 additions & 7 deletions src/frost/redjubjub.rs
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
#![allow(non_snake_case)]
#![deny(missing_docs)]

use std::collections::HashMap;
use alloc::collections::BTreeMap;

use group::GroupEncoding;
#[cfg(feature = "alloc")]
Expand All @@ -12,8 +12,9 @@ use group::{ff::Field as FFField, ff::PrimeField};
#[cfg(feature = "serde")]
pub use frost_rerandomized::frost_core::serde;
pub use frost_rerandomized::frost_core::{
frost, Ciphersuite, Field, FieldError, Group, GroupError,
self as frost, Ciphersuite, Field, FieldError, Group, GroupError,
};
use frost_rerandomized::RandomizedCiphersuite;
pub use rand_core;

use rand_core::{CryptoRng, RngCore};
Expand Down Expand Up @@ -184,6 +185,16 @@ impl Ciphersuite for JubjubBlake2b512 {
}
}

impl RandomizedCiphersuite for JubjubBlake2b512 {
fn hash_randomizer(m: &[u8]) -> Option<<<Self::Group as Group>::Field as Field>::Scalar> {
Some(
HStar::<sapling::SpendAuth>::new(b"FROST_RedJubjubA")
.update(m)
.finalize(),
)
}
}

// Shorthand alias for the ciphersuite
type J = JubjubBlake2b512;

Expand All @@ -192,7 +203,7 @@ pub type Identifier = frost::Identifier<J>;

/// FROST(Jubjub, BLAKE2b-512) keys, key generation, key shares.
pub mod keys {
use std::collections::HashMap;
use alloc::collections::BTreeMap;

use super::*;

Expand All @@ -206,7 +217,7 @@ pub mod keys {
min_signers: u16,
identifiers: IdentifierList,
mut rng: RNG,
) -> Result<(HashMap<Identifier, SecretShare>, PublicKeyPackage), Error> {
) -> Result<(BTreeMap<Identifier, SecretShare>, PublicKeyPackage), Error> {
frost::keys::generate_with_dealer(max_signers, min_signers, identifiers, &mut rng)
}

Expand All @@ -222,7 +233,7 @@ pub mod keys {
min_signers: u16,
identifiers: IdentifierList,
rng: &mut R,
) -> Result<(HashMap<Identifier, SecretShare>, PublicKeyPackage), Error> {
) -> Result<(BTreeMap<Identifier, SecretShare>, PublicKeyPackage), Error> {
frost::keys::split(key, max_signers, min_signers, identifiers, rng)
}

Expand Down Expand Up @@ -275,7 +286,7 @@ pub mod keys {

/// FROST(Jubjub, BLAKE2b-512) Round 1 functionality and types.
pub mod round1 {
use frost_rerandomized::frost_core::frost::keys::SigningShare;
use frost_rerandomized::frost_core::keys::SigningShare;

use super::*;
/// Comprised of FROST(Jubjub, BLAKE2b-512) hiding and binding nonces.
Expand Down Expand Up @@ -365,7 +376,7 @@ pub type RandomizedParams = frost_rerandomized::RandomizedParams<J>;
/// service attack due to publishing an invalid signature.
pub fn aggregate(
signing_package: &SigningPackage,
signature_shares: &HashMap<Identifier, round2::SignatureShare>,
signature_shares: &BTreeMap<Identifier, round2::SignatureShare>,
pubkeys: &keys::PublicKeyPackage,
randomized_params: &RandomizedParams,
) -> Result<Signature, Error> {
Expand Down
22 changes: 11 additions & 11 deletions src/frost/redjubjub/dkg.md
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ they can proceed to sign messages with FROST.
```rust
# // ANCHOR: dkg_import
use rand::thread_rng;
use std::collections::HashMap;
use std::collections::BTreeMap;

use reddsa::frost::redjubjub as frost;

Expand All @@ -44,12 +44,12 @@ let min_signers = 3;
// Keep track of each participant's round 1 secret package.
// In practice each participant will keep its copy; no one
// will have all the participant's packages.
let mut round1_secret_packages = HashMap::new();
let mut round1_secret_packages = BTreeMap::new();

// Keep track of all round 1 packages sent to the given participant.
// This is used to simulate the broadcast; in practice the packages
// will be sent through some communication channel.
let mut received_round1_packages = HashMap::new();
let mut received_round1_packages = BTreeMap::new();

// For each participant, perform the first part of the DKG protocol.
// In practice, each participant will perform this on their own environments.
Expand All @@ -69,7 +69,7 @@ for participant_index in 1..=max_signers {
round1_secret_packages.insert(participant_identifier, round1_secret_package);

// "Send" the round 1 package to all other participants. In this
// test this is simulated using a HashMap; in practice this will be
// test this is simulated using a BTreeMap; in practice this will be
// sent through some communication channel.
for receiver_participant_index in 1..=max_signers {
if receiver_participant_index == participant_index {
Expand All @@ -80,7 +80,7 @@ for participant_index in 1..=max_signers {
.expect("should be nonzero");
received_round1_packages
.entry(receiver_participant_identifier)
.or_insert_with(HashMap::new)
.or_insert_with(BTreeMap::new)
.insert(participant_identifier, round1_package.clone());
}
}
Expand All @@ -92,12 +92,12 @@ for participant_index in 1..=max_signers {
// Keep track of each participant's round 2 secret package.
// In practice each participant will keep its copy; no one
// will have all the participant's packages.
let mut round2_secret_packages = HashMap::new();
let mut round2_secret_packages = BTreeMap::new();

// Keep track of all round 2 packages sent to the given participant.
// This is used to simulate the broadcast; in practice the packages
// will be sent through some communication channel.
let mut received_round2_packages = HashMap::new();
let mut received_round2_packages = BTreeMap::new();

// For each participant, perform the second part of the DKG protocol.
// In practice, each participant will perform this on their own environments.
Expand All @@ -117,14 +117,14 @@ for participant_index in 1..=max_signers {
round2_secret_packages.insert(participant_identifier, round2_secret_package);

// "Send" the round 2 package to all other participants. In this
// test this is simulated using a HashMap; in practice this will be
// test this is simulated using a BTreeMap; in practice this will be
// sent through some communication channel.
// Note that, in contrast to the previous part, here each other participant
// gets its own specific package.
for (receiver_identifier, round2_package) in round2_packages {
received_round2_packages
.entry(receiver_identifier)
.or_insert_with(HashMap::new)
.or_insert_with(BTreeMap::new)
.insert(participant_identifier, round2_package);
}
}
Expand All @@ -136,13 +136,13 @@ for participant_index in 1..=max_signers {
// Keep track of each participant's long-lived key package.
// In practice each participant will keep its copy; no one
// will have all the participant's packages.
let mut key_packages = HashMap::new();
let mut key_packages = BTreeMap::new();

// Keep track of each participant's public key package.
// In practice, if there is a Coordinator, only they need to store the set.
// If there is not, then all candidates must store their own sets.
// All participants will have the same exact public key package.
let mut pubkey_packages = HashMap::new();
let mut pubkey_packages = BTreeMap::new();

// For each participant, perform the third part of the DKG protocol.
// In practice, each participant will perform this on their own environments.
Expand Down
8 changes: 4 additions & 4 deletions src/frost/redjubjub/keys/dkg.rs
Original file line number Diff line number Diff line change
Expand Up @@ -64,8 +64,8 @@ pub fn part1<R: RngCore + CryptoRng>(
/// must be sent to other participants.
pub fn part2(
secret_package: round1::SecretPackage,
round1_packages: &HashMap<Identifier, round1::Package>,
) -> Result<(round2::SecretPackage, HashMap<Identifier, round2::Package>), Error> {
round1_packages: &BTreeMap<Identifier, round1::Package>,
) -> Result<(round2::SecretPackage, BTreeMap<Identifier, round2::Package>), Error> {
frost::keys::dkg::part2(secret_package, round1_packages)
}

Expand All @@ -80,8 +80,8 @@ pub fn part2(
/// signatures.
pub fn part3(
round2_secret_package: &round2::SecretPackage,
round1_packages: &HashMap<Identifier, round1::Package>,
round2_packages: &HashMap<Identifier, round2::Package>,
round1_packages: &BTreeMap<Identifier, round1::Package>,
round2_packages: &BTreeMap<Identifier, round2::Package>,
) -> Result<(KeyPackage, PublicKeyPackage), Error> {
frost::keys::dkg::part3(round2_secret_package, round1_packages, round2_packages)
}
4 changes: 2 additions & 2 deletions src/frost/redjubjub/keys/repairable.rs
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
//! The RTS is used to help a signer (participant) repair their lost share. This is achieved
//! using a subset of the other signers know here as `helpers`.

use std::collections::HashMap;
use alloc::collections::BTreeMap;

use jubjub::Scalar;

Expand All @@ -26,7 +26,7 @@ pub fn repair_share_step_1<C: Ciphersuite, R: RngCore + CryptoRng>(
share_i: &SecretShare,
rng: &mut R,
participant: Identifier,
) -> Result<HashMap<Identifier, Scalar>, Error> {
) -> Result<BTreeMap<Identifier, Scalar>, Error> {
frost::keys::repairable::repair_share_step_1(helpers, share_i, rng, participant)
}

Expand Down
39 changes: 25 additions & 14 deletions src/frost/redpallas.rs
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,9 @@
#![allow(non_snake_case)]
#![deny(missing_docs)]

use std::collections::HashMap;
use alloc::collections::BTreeMap;

use frost_rerandomized::RandomizedCiphersuite;
use group::GroupEncoding;
#[cfg(feature = "alloc")]
use group::{ff::Field as FFField, ff::PrimeField, Group as FFGroup};
Expand All @@ -13,7 +14,7 @@ use pasta_curves::pallas;
#[cfg(feature = "serde")]
pub use frost_rerandomized::frost_core::serde;
pub use frost_rerandomized::frost_core::{
frost, Ciphersuite, Field, FieldError, Group, GroupError,
self as frost, Ciphersuite, Field, FieldError, Group, GroupError,
};
pub use rand_core;

Expand Down Expand Up @@ -188,6 +189,16 @@ impl Ciphersuite for PallasBlake2b512 {
}
}

impl RandomizedCiphersuite for PallasBlake2b512 {
fn hash_randomizer(m: &[u8]) -> Option<<<Self::Group as Group>::Field as Field>::Scalar> {
Some(
HStar::<orchard::SpendAuth>::new(b"FROST_RedPallasA")
.update(m)
.finalize(),
)
}
}

// Shorthand alias for the ciphersuite
type P = PallasBlake2b512;

Expand All @@ -196,7 +207,7 @@ pub type Identifier = frost::Identifier<P>;

/// FROST(Pallas, BLAKE2b-512) keys, key generation, key shares.
pub mod keys {
use std::collections::HashMap;
use alloc::collections::BTreeMap;

use super::*;

Expand All @@ -210,7 +221,7 @@ pub mod keys {
min_signers: u16,
identifiers: IdentifierList,
mut rng: RNG,
) -> Result<(HashMap<Identifier, SecretShare>, PublicKeyPackage), Error> {
) -> Result<(BTreeMap<Identifier, SecretShare>, PublicKeyPackage), Error> {
frost::keys::generate_with_dealer(max_signers, min_signers, identifiers, &mut rng)
}

Expand All @@ -226,7 +237,7 @@ pub mod keys {
min_signers: u16,
identifiers: IdentifierList,
rng: &mut R,
) -> Result<(HashMap<Identifier, SecretShare>, PublicKeyPackage), Error> {
) -> Result<(BTreeMap<Identifier, SecretShare>, PublicKeyPackage), Error> {
frost::keys::split(key, max_signers, min_signers, identifiers, rng)
}

Expand Down Expand Up @@ -282,19 +293,19 @@ pub mod keys {

impl PositiveY for PublicKeyPackage {
fn into_positive_y(self) -> Self {
let pubkey = self.group_public();
let pubkey = self.verifying_key();
let pubkey_serialized = pubkey.serialize();
if pubkey_serialized[31] & 0x80 != 0 {
let pubkey = VerifyingKey::new(-pubkey.to_element());
let signer_pubkeys: HashMap<_, _> = self
.signer_pubkeys()
let verifying_shares: BTreeMap<_, _> = self
.verifying_shares()
.iter()
.map(|(i, vs)| {
let vs = VerifyingShare::new(-vs.to_element());
(*i, vs)
})
.collect();
PublicKeyPackage::new(signer_pubkeys, pubkey)
PublicKeyPackage::new(verifying_shares, pubkey)
} else {
self
}
Expand All @@ -303,12 +314,12 @@ pub mod keys {

impl PositiveY for KeyPackage {
fn into_positive_y(self) -> Self {
let pubkey = self.group_public();
let pubkey = self.verifying_key();
let pubkey_serialized = pubkey.serialize();
if pubkey_serialized[31] & 0x80 != 0 {
let pubkey = VerifyingKey::new(-pubkey.to_element());
let signing_share = SigningShare::new(-self.secret_share().to_scalar());
let verifying_share = VerifyingShare::new(-self.public().to_element());
let signing_share = SigningShare::new(-self.signing_share().to_scalar());
let verifying_share = VerifyingShare::new(-self.verifying_share().to_element());
KeyPackage::new(
*self.identifier(),
signing_share,
Expand All @@ -328,7 +339,7 @@ pub mod keys {

/// FROST(Pallas, BLAKE2b-512) Round 1 functionality and types.
pub mod round1 {
use frost_rerandomized::frost_core::frost::keys::SigningShare;
use frost_rerandomized::frost_core::keys::SigningShare;

use super::*;
/// Comprised of FROST(Pallas, BLAKE2b-512) hiding and binding nonces.
Expand Down Expand Up @@ -418,7 +429,7 @@ pub type RandomizedParams = frost_rerandomized::RandomizedParams<P>;
/// service attack due to publishing an invalid signature.
pub fn aggregate(
signing_package: &SigningPackage,
signature_shares: &HashMap<Identifier, round2::SignatureShare>,
signature_shares: &BTreeMap<Identifier, round2::SignatureShare>,
pubkeys: &keys::PublicKeyPackage,
randomized_params: &RandomizedParams,
) -> Result<Signature, Error> {
Expand Down
Loading

0 comments on commit 397f501

Please sign in to comment.