diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 00000000..641caca9 --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,126 @@ +name: ci +on: + workflow_dispatch: + pull_request: + paths-ignore: [README.md] + push: + branches: master + paths-ignore: [README.md] + +env: + CARGO_INCREMENTAL: 0 + RUSTFLAGS: "-Dwarnings" + +jobs: + wasm-build: + runs-on: ubuntu-latest + strategy: + matrix: + rust: + - 1.81.0 # MSRV + - stable + target: + - wasm32-unknown-unknown + steps: + - uses: actions/checkout@v4 + - uses: dtolnay/rust-toolchain@v1 + with: + toolchain: ${{ matrix.rust }} + targets: ${{ matrix.target }} + - run: cargo build --target ${{ matrix.target }} --no-default-features + - run: cargo build --target ${{ matrix.target }} + + test-and-coverage: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: dtolnay/rust-toolchain@v1 + with: + profile: minimal + toolchain: stable + target: x86_64-unknown-linux-gnu + override: true + - name: Install cargo-llvm-cov + uses: taiki-e/install-action@cargo-llvm-cov + - name: Generate code coverage + run: cargo llvm-cov --workspace --all-features --lcov --output-path lcov.info + - name: Upload coverage to Codecov + uses: codecov/codecov-action@v4 + with: + token: ${{ secrets.CODECOV_TOKEN }} + files: lcov.info + fail_ci_if_error: true + + # This is supposed to factor out possible bugs introduced by Rust compiler changes + # and dependency changes, making the results more reproducible. + stable-test: + runs-on: ubuntu-latest + strategy: + matrix: + include: + - target: x86_64-unknown-linux-gnu + rust: 1.81.0 # MSRV + steps: + - uses: actions/checkout@v4 + - uses: dtolnay/rust-toolchain@v1 + with: + toolchain: ${{ matrix.rust }} + target: ${{ matrix.target }} + profile: minimal + override: true + - run: ${{ matrix.deps }} + - run: cargo test --workspace --locked --all-features --target ${{ matrix.target }} + + clippy: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: actions-rs/toolchain@v1 + with: + toolchain: 1.81.0 # MSRV + components: clippy + override: true + profile: minimal + - run: cargo clippy --all --all-features --tests --benches -- -D warnings + + # Mimics the setup of docs.rs, but fails on warnings + build-docs: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: actions-rs/toolchain@v1 + with: + toolchain: nightly + override: true + profile: minimal + - run: env RUSTDOCFLAGS='--cfg docsrs -D warnings' cargo doc --all-features + + rustfmt: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: dtolnay/rust-toolchain@v1 + with: + toolchain: stable + components: rustfmt + profile: minimal + override: true + - uses: actions-rs/cargo@v1 + with: + command: fmt + args: --all -- --check + + semver: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: dtolnay/rust-toolchain@v1 + with: + toolchain: stable + components: rustfmt + profile: minimal + override: true + - uses: obi1kenobi/cargo-semver-checks-action@v2 + with: + package: synedrion + feature-group: all-features diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml deleted file mode 100644 index 32e219b1..00000000 --- a/.github/workflows/lint.yml +++ /dev/null @@ -1,41 +0,0 @@ -name: Linting - -on: - pull_request: - paths-ignore: - - README.md - push: - branches: master - paths-ignore: - - README.md - -jobs: - format: - strategy: - matrix: - os: - - ubuntu-latest - runs-on: ${{ matrix.os }} - steps: - - name: Checkout code - uses: actions/checkout@v2 - - - name: Install stable toolchain - uses: actions-rs/toolchain@v1 - with: - profile: minimal - toolchain: stable - override: true - components: rustfmt, clippy - - - name: Run cargo fmt - uses: actions-rs/cargo@v1 - with: - command: fmt - args: --all -- --check - - - name: Run cargo clippy - uses: actions-rs/cargo@v1 - with: - command: clippy - args: --all --all-features --tests --benches -- -D warnings diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml deleted file mode 100644 index 9b6044f7..00000000 --- a/.github/workflows/test.yml +++ /dev/null @@ -1,66 +0,0 @@ -name: Testing - -on: - pull_request: - paths-ignore: - - README.md - push: - branches: master - paths-ignore: - - README.md - -jobs: - - test-and-codecov: - runs-on: ubuntu-latest - strategy: - matrix: - rust: - - stable - target: - - wasm32-unknown-unknown - steps: - - name: Checkout code - uses: actions/checkout@v3 - - - name: Install stable toolchain - uses: actions-rs/toolchain@v1 - with: - profile: minimal - toolchain: ${{ matrix.rust }} - target: ${{ matrix.target }} - override: true - - - name: Install cargo-llvm-cov - uses: taiki-e/install-action@cargo-llvm-cov - - name: Generate code coverage - run: cargo llvm-cov --workspace --release --lcov --output-path lcov.info - - name: Upload coverage to Codecov - uses: codecov/codecov-action@v4 - with: - token: ${{ secrets.CODECOV_TOKEN }} - files: lcov.info - fail_ci_if_error: true - - build-wasm: - runs-on: ubuntu-latest - strategy: - matrix: - rust: - - stable - target: - - wasm32-unknown-unknown - steps: - - name: Checkout code - uses: actions/checkout@v3 - - - name: Install stable toolchain - uses: actions-rs/toolchain@v1 - with: - profile: minimal - toolchain: ${{ matrix.rust }} - target: ${{ matrix.target }} - override: true - - - name: Build - run: cargo build --target ${{ matrix.target }} --release --no-default-features diff --git a/.gitignore b/.gitignore index cd54cdf7..359abe77 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,3 @@ -target/ -synedrion-wasm/pkg/ -node_modules -Cargo.lock +/target +*.sublime-project +*.sublime-workspace diff --git a/Cargo.lock b/Cargo.lock new file mode 100644 index 00000000..016311fe --- /dev/null +++ b/Cargo.lock @@ -0,0 +1,1410 @@ +# This file is automatically @generated by Cargo. +# It is not intended for manual editing. +version = 3 + +[[package]] +name = "addr2line" +version = "0.21.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8a30b2e23b9e17a9f90641c7ab1549cd9b44f296d3ccbf309d2863cfe398a0cb" +dependencies = [ + "gimli", +] + +[[package]] +name = "adler" +version = "1.0.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f26201604c87b1e01bd3d98f8d5d9a8fcbb815e8cedb41ffccbeb4bf593a35fe" + +[[package]] +name = "aho-corasick" +version = "1.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b2969dcb958b36655471fc61f7e416fa76033bdd4bfed0678d8fee1e2d07a1f0" +dependencies = [ + "memchr", +] + +[[package]] +name = "anes" +version = "0.1.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4b46cbb362ab8752921c97e041f5e366ee6297bd428a31275b9fcf1e380f7299" + +[[package]] +name = "anstyle" +version = "1.0.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7079075b41f533b8c61d2a4d073c4676e1f8b249ff94a393b0595db304e0dd87" + +[[package]] +name = "autocfg" +version = "1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa" + +[[package]] +name = "backtrace" +version = "0.3.69" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2089b7e3f35b9dd2d0ed921ead4f6d318c27680d4a5bd167b3ee120edb105837" +dependencies = [ + "addr2line", + "cc", + "cfg-if", + "libc", + "miniz_oxide", + "object", + "rustc-demangle", +] + +[[package]] +name = "base16ct" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4c7f02d4ea65f2c1853089ffd8d2787bdbc63de2f0d29dedbcf8ccdfa0ccd4cf" + +[[package]] +name = "base64" +version = "0.21.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9d297deb1925b89f2ccc13d7635fa0714f12c87adce1c75356b39ca9b7178567" + +[[package]] +name = "base64ct" +version = "1.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8c3c1a368f70d6cf7302d78f8f7093da241fb8e8807c05cc9e51a125895a6d5b" + +[[package]] +name = "bincode" +version = "2.0.0-rc.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f11ea1a0346b94ef188834a65c068a03aec181c94896d481d7a0a40d85b0ce95" +dependencies = [ + "serde", +] + +[[package]] +name = "bip32" +version = "0.5.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "aa13fae8b6255872fd86f7faf4b41168661d7d78609f7bfe6771b85c6739a15b" +dependencies = [ + "bs58", + "hmac", + "k256", + "rand_core", + "ripemd", + "sha2", + "subtle", + "zeroize", +] + +[[package]] +name = "bitflags" +version = "2.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "327762f6e5a765692301e5bb513e0d9fef63be86bbc14528052b1cd3e6f03e07" + +[[package]] +name = "block-buffer" +version = "0.10.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3078c7629b62d3f0439517fa394996acacc5cbc91c5a20d8c658e77abd503a71" +dependencies = [ + "generic-array", +] + +[[package]] +name = "bs58" +version = "0.5.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bf88ba1141d185c399bee5288d850d63b8369520c1eafc32a0430b5b6c287bf4" +dependencies = [ + "sha2", +] + +[[package]] +name = "bumpalo" +version = "3.14.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7f30e7476521f6f8af1a1c4c0b8cc94f0bee37d91763d0ca2665f299b6cd8aec" + +[[package]] +name = "cast" +version = "0.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "37b2a672a2cb129a2e41c10b1224bb368f9f37a2b16b612598138befd7b37eb5" + +[[package]] +name = "cc" +version = "1.0.83" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f1174fb0b6ec23863f8b971027804a42614e347eafb0a95bf0b12cdae21fc4d0" +dependencies = [ + "libc", +] + +[[package]] +name = "cfg-if" +version = "1.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" + +[[package]] +name = "ciborium" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "effd91f6c78e5a4ace8a5d3c0b6bfaec9e2baaef55f3efc00e45fb2e477ee926" +dependencies = [ + "ciborium-io", + "ciborium-ll", + "serde", +] + +[[package]] +name = "ciborium-io" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cdf919175532b369853f5d5e20b26b43112613fd6fe7aee757e35f7a44642656" + +[[package]] +name = "ciborium-ll" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "defaa24ecc093c77630e6c15e17c51f5e187bf35ee514f4e2d67baaa96dae22b" +dependencies = [ + "ciborium-io", + "half", +] + +[[package]] +name = "clap" +version = "4.4.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2275f18819641850fa26c89acc84d465c1bf91ce57bc2748b28c420473352f64" +dependencies = [ + "clap_builder", +] + +[[package]] +name = "clap_builder" +version = "4.4.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "07cdf1b148b25c1e1f7a42225e30a0d99a615cd4637eae7365548dd4529b95bc" +dependencies = [ + "anstyle", + "clap_lex", +] + +[[package]] +name = "clap_lex" +version = "0.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "702fc72eb24e5a1e48ce58027a675bc24edd52096d5397d4aea7c6dd9eca0bd1" + +[[package]] +name = "cobs" +version = "0.2.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "67ba02a97a2bd10f4b59b25c7973101c79642302776489e030cd13cdab09ed15" + +[[package]] +name = "const-oid" +version = "0.9.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8" + +[[package]] +name = "cpufeatures" +version = "0.2.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ce420fe07aecd3e67c5f910618fe65e94158f6dcc0adf44e00d69ce2bdfe0fd0" +dependencies = [ + "libc", +] + +[[package]] +name = "criterion" +version = "0.5.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f2b12d017a929603d80db1831cd3a24082f8137ce19c69e6447f54f5fc8d692f" +dependencies = [ + "anes", + "cast", + "ciborium", + "clap", + "criterion-plot", + "is-terminal", + "itertools", + "num-traits", + "once_cell", + "oorandom", + "plotters", + "rayon", + "regex", + "serde", + "serde_derive", + "serde_json", + "tinytemplate", + "walkdir", +] + +[[package]] +name = "criterion-plot" +version = "0.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6b50826342786a51a89e2da3a28f1c32b06e387201bc2d19791f622c673706b1" +dependencies = [ + "cast", + "itertools", +] + +[[package]] +name = "crossbeam-deque" +version = "0.8.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ce6fd6f855243022dcecf8702fef0c297d4338e226845fe067f6341ad9fa0cef" +dependencies = [ + "cfg-if", + "crossbeam-epoch", + "crossbeam-utils", +] + +[[package]] +name = "crossbeam-epoch" +version = "0.9.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ae211234986c545741a7dc064309f67ee1e5ad243d0e48335adc0484d960bcc7" +dependencies = [ + "autocfg", + "cfg-if", + "crossbeam-utils", + "memoffset", + "scopeguard", +] + +[[package]] +name = "crossbeam-utils" +version = "0.8.16" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5a22b2d63d4d1dc0b7f1b6b2747dd0088008a9be28b6ddf0b1e7d335e3037294" +dependencies = [ + "cfg-if", +] + +[[package]] +name = "crypto-bigint" +version = "0.5.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0dc92fb57ca44df6db8059111ab3af99a63d5d0f8375d9972e319a379c6bab76" +dependencies = [ + "generic-array", + "rand_core", + "subtle", + "zeroize", +] + +[[package]] +name = "crypto-bigint" +version = "0.6.0-rc.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d748d1f5b807ee6d0df5a548d0130417295c3aaed1dcbbb3d6a2e7106e11fcca" +dependencies = [ + "num-traits", + "rand_core", + "serdect 0.3.0-rc.0", + "subtle", + "zeroize", +] + +[[package]] +name = "crypto-common" +version = "0.1.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1bfb12502f3fc46cca1bb51ac28df9d618d813cdc3d2f25b9fe775a34af26bb3" +dependencies = [ + "generic-array", + "typenum", +] + +[[package]] +name = "crypto-primes" +version = "0.6.0-pre.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d9fad3f7645c77d3e0269f3e74a8dd25746de992b16bcecbb316059836e0b366" +dependencies = [ + "crypto-bigint 0.6.0-rc.6", + "rand_core", +] + +[[package]] +name = "der" +version = "0.7.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f55bf8e7b65898637379c1b74eb1551107c8294ed26d855ceb9fd1a09cfc9bc0" +dependencies = [ + "const-oid", + "pem-rfc7468", + "zeroize", +] + +[[package]] +name = "derive-where" +version = "1.2.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "62d671cc41a825ebabc75757b62d3d168c577f9149b2d49ece1dad1f72119d25" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "digest" +version = "0.10.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292" +dependencies = [ + "block-buffer", + "const-oid", + "crypto-common", + "subtle", +] + +[[package]] +name = "displaydoc" +version = "0.2.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "487585f4d0c6655fe74905e2504d8ad6908e4db67f744eb140876906c2f3175d" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "ecdsa" +version = "0.16.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ee27f32b5c5292967d2d4a9d7f1e0b0aed2c15daded5a60300e4abb9d8020bca" +dependencies = [ + "der", + "digest", + "elliptic-curve", + "rfc6979", + "serdect 0.2.0", + "signature", +] + +[[package]] +name = "either" +version = "1.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a26ae43d7bcc3b814de94796a5e736d4029efb0ee900c12e2d54c993ad1a1e07" + +[[package]] +name = "elliptic-curve" +version = "0.13.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b5e6043086bf7973472e0c7dff2142ea0b680d30e18d9cc40f267efbf222bd47" +dependencies = [ + "base16ct", + "crypto-bigint 0.5.5", + "digest", + "ff", + "generic-array", + "group", + "pem-rfc7468", + "pkcs8", + "rand_core", + "sec1", + "serdect 0.2.0", + "subtle", + "zeroize", +] + +[[package]] +name = "embedded-io" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ef1a6892d9eef45c8fa6b9e0086428a2cca8491aca8f787c534a3d6d0bcb3ced" + +[[package]] +name = "embedded-io" +version = "0.6.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "edd0f118536f44f5ccd48bcb8b111bdc3de888b58c74639dfb034a357d0f206d" + +[[package]] +name = "erased-serde" +version = "0.4.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "24e2389d65ab4fab27dc2a5de7b191e1f6617d1f1c8855c0dc569c94a4cbb18d" +dependencies = [ + "serde", + "typeid", +] + +[[package]] +name = "errno" +version = "0.3.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f258a7194e7f7c2a7837a8913aeab7fd8c383457034fa20ce4dd3dcb813e8eb8" +dependencies = [ + "libc", + "windows-sys", +] + +[[package]] +name = "ff" +version = "0.13.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ded41244b729663b1e574f1b4fb731469f69f79c17667b5d776b16cda0479449" +dependencies = [ + "rand_core", + "subtle", +] + +[[package]] +name = "generic-array" +version = "0.14.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "85649ca51fd72272d7821adaf274ad91c288277713d9c18820d8499a7ff69e9a" +dependencies = [ + "typenum", + "version_check", + "zeroize", +] + +[[package]] +name = "getrandom" +version = "0.2.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fe9006bed769170c11f845cf00c7c1e9092aeb3f268e007c3e760ac68008070f" +dependencies = [ + "cfg-if", + "libc", + "wasi", +] + +[[package]] +name = "gimli" +version = "0.28.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6fb8d784f27acf97159b40fc4db5ecd8aa23b9ad5ef69cdd136d3bc80665f0c0" + +[[package]] +name = "group" +version = "0.13.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f0f9ef7462f7c099f518d754361858f86d8a07af53ba9af0fe635bbccb151a63" +dependencies = [ + "ff", + "rand_core", + "subtle", +] + +[[package]] +name = "half" +version = "1.8.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "eabb4a44450da02c90444cf74558da904edde8fb4e9035a9a6a4e15445af0bd7" + +[[package]] +name = "hashing-serializer" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "66c9b1a5e47c3bf40ae0f5705e84daa4cd6d8a74b2bdba43c06eb01dbc236f6e" +dependencies = [ + "digest", + "serde", +] + +[[package]] +name = "hermit-abi" +version = "0.3.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d77f7ec81a6d05a3abb01ab6eb7590f6083d08449fe5a1c8b1e620283546ccb7" + +[[package]] +name = "hex" +version = "0.4.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70" + +[[package]] +name = "hmac" +version = "0.12.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6c49c37c09c17a53d937dfbb742eb3a961d65a994e6bcdcf37e7399d0cc8ab5e" +dependencies = [ + "digest", +] + +[[package]] +name = "impls" +version = "1.0.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7a46645bbd70538861a90d0f26c31537cdf1e44aae99a794fb75a664b70951bc" + +[[package]] +name = "is-terminal" +version = "0.4.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cb0889898416213fab133e1d33a0e5858a48177452750691bde3666d0fdbaf8b" +dependencies = [ + "hermit-abi", + "rustix", + "windows-sys", +] + +[[package]] +name = "itertools" +version = "0.10.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b0fd2260e829bddf4cb6ea802289de2f86d6a7a690192fbe91b3f46e0f2c8473" +dependencies = [ + "either", +] + +[[package]] +name = "itoa" +version = "1.0.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "af150ab688ff2122fcef229be89cb50dd66af9e01a4ff320cc137eecc9bacc38" + +[[package]] +name = "js-sys" +version = "0.3.65" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "54c0c35952f67de54bb584e9fd912b3023117cbafc0a77d8f3dee1fb5f572fe8" +dependencies = [ + "wasm-bindgen", +] + +[[package]] +name = "k256" +version = "0.13.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f6e3919bbaa2945715f0bb6d3934a173d1e9a59ac23767fbaaef277265a7411b" +dependencies = [ + "cfg-if", + "ecdsa", + "elliptic-curve", + "serdect 0.2.0", + "sha2", +] + +[[package]] +name = "keccak" +version = "0.1.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ecc2af9a1119c51f12a14607e783cb977bde58bc069ff0c3da1095e635d70654" +dependencies = [ + "cpufeatures", +] + +[[package]] +name = "libc" +version = "0.2.150" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "89d92a4743f9a61002fae18374ed11e7973f530cb3a3255fb354818118b2203c" + +[[package]] +name = "linux-raw-sys" +version = "0.4.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "969488b55f8ac402214f3f5fd243ebb7206cf82de60d3172994707a4bcc2b829" + +[[package]] +name = "log" +version = "0.4.20" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b5e6163cb8c49088c2c36f57875e58ccd8c87c7427f7fbd50ea6710b2f3f2e8f" + +[[package]] +name = "manul" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "87921f77b82359f8cf85e422558455634b4a4da6211e5278bdc59b9cb4534f33" +dependencies = [ + "derive-where", + "digest", + "displaydoc", + "erased-serde", + "postcard", + "rand", + "rand_core", + "serde", + "serde-encoded-bytes", + "serde-persistent-deserializer", + "serde_json", + "signature", + "tinyvec", + "tracing", +] + +[[package]] +name = "memchr" +version = "2.6.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f665ee40bc4a3c5590afb1e9677db74a508659dfd71e126420da8274909a0167" + +[[package]] +name = "memoffset" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5a634b1c61a95585bd15607c6ab0c4e5b226e695ff2800ba0cdccddf208c406c" +dependencies = [ + "autocfg", +] + +[[package]] +name = "miniz_oxide" +version = "0.7.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e7810e0be55b428ada41041c41f32c9f1a42817901b4ccf45fa3d4b6561e74c7" +dependencies = [ + "adler", +] + +[[package]] +name = "num-traits" +version = "0.2.19" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "071dfc062690e90b734c0b2273ce72ad0ffa95f0c74596bc250dcfd960262841" +dependencies = [ + "autocfg", +] + +[[package]] +name = "object" +version = "0.32.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9cf5f9dd3933bd50a9e1f149ec995f39ae2c496d31fd772c1fd45ebc27e902b0" +dependencies = [ + "memchr", +] + +[[package]] +name = "once_cell" +version = "1.18.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dd8b5dd2ae5ed71462c540258bedcb51965123ad7e7ccf4b9a8cafaa4a63576d" + +[[package]] +name = "oorandom" +version = "11.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0ab1bc2a289d34bd04a330323ac98a1b4bc82c9d9fcb1e66b63caa84da26b575" + +[[package]] +name = "pem-rfc7468" +version = "0.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "88b39c9bfcfc231068454382784bb460aae594343fb030d46e9f50a645418412" +dependencies = [ + "base64ct", +] + +[[package]] +name = "pin-project-lite" +version = "0.2.13" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8afb450f006bf6385ca15ef45d71d2288452bc3683ce2e2cacc0d18e4be60b58" + +[[package]] +name = "pkcs8" +version = "0.10.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f950b2377845cebe5cf8b5165cb3cc1a5e0fa5cfa3e1f7f55707d8fd82e0a7b7" +dependencies = [ + "der", + "spki", +] + +[[package]] +name = "plotters" +version = "0.3.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d2c224ba00d7cadd4d5c660deaf2098e5e80e07846537c51f9cfa4be50c1fd45" +dependencies = [ + "num-traits", + "plotters-backend", + "plotters-svg", + "wasm-bindgen", + "web-sys", +] + +[[package]] +name = "plotters-backend" +version = "0.3.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9e76628b4d3a7581389a35d5b6e2139607ad7c75b17aed325f210aa91f4a9609" + +[[package]] +name = "plotters-svg" +version = "0.3.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "38f6d39893cca0701371e3c27294f09797214b86f1fb951b89ade8ec04e2abab" +dependencies = [ + "plotters-backend", +] + +[[package]] +name = "postcard" +version = "1.0.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5f7f0a8d620d71c457dd1d47df76bb18960378da56af4527aaa10f515eee732e" +dependencies = [ + "cobs", + "embedded-io 0.4.0", + "embedded-io 0.6.1", + "serde", +] + +[[package]] +name = "ppv-lite86" +version = "0.2.17" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5b40af805b3121feab8a3c29f04d8ad262fa8e0561883e7653e024ae4479e6de" + +[[package]] +name = "proc-macro2" +version = "1.0.89" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f139b0662de085916d1fb67d2b4169d1addddda1919e696f3252b740b629986e" +dependencies = [ + "unicode-ident", +] + +[[package]] +name = "quote" +version = "1.0.37" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b5b9d34b8991d19d98081b46eacdd8eb58c6f2b201139f7c5f643cc155a633af" +dependencies = [ + "proc-macro2", +] + +[[package]] +name = "rand" +version = "0.8.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404" +dependencies = [ + "libc", + "rand_chacha", + "rand_core", +] + +[[package]] +name = "rand_chacha" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88" +dependencies = [ + "ppv-lite86", + "rand_core", +] + +[[package]] +name = "rand_core" +version = "0.6.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c" +dependencies = [ + "getrandom", +] + +[[package]] +name = "rayon" +version = "1.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9c27db03db7734835b3f53954b534c91069375ce6ccaa2e065441e07d9b6cdb1" +dependencies = [ + "either", + "rayon-core", +] + +[[package]] +name = "rayon-core" +version = "1.12.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5ce3fb6ad83f861aac485e76e1985cd109d9a3713802152be56c3b1f0e0658ed" +dependencies = [ + "crossbeam-deque", + "crossbeam-utils", +] + +[[package]] +name = "regex" +version = "1.10.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "380b951a9c5e80ddfd6136919eef32310721aa4aacd4889a8d39124b026ab343" +dependencies = [ + "aho-corasick", + "memchr", + "regex-automata", + "regex-syntax", +] + +[[package]] +name = "regex-automata" +version = "0.4.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5f804c7828047e88b2d32e2d7fe5a105da8ee3264f01902f796c8e067dc2483f" +dependencies = [ + "aho-corasick", + "memchr", + "regex-syntax", +] + +[[package]] +name = "regex-syntax" +version = "0.8.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c08c74e62047bb2de4ff487b251e4a92e24f48745648451635cec7d591162d9f" + +[[package]] +name = "rfc6979" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f8dd2a808d456c4a54e300a23e9f5a67e122c3024119acbfd73e3bf664491cb2" +dependencies = [ + "hmac", + "subtle", +] + +[[package]] +name = "ripemd" +version = "0.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bd124222d17ad93a644ed9d011a40f4fb64aa54275c08cc216524a9ea82fb09f" +dependencies = [ + "digest", +] + +[[package]] +name = "rustc-demangle" +version = "0.1.23" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d626bb9dae77e28219937af045c257c28bfd3f69333c512553507f5f9798cb76" + +[[package]] +name = "rustix" +version = "0.38.24" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9ad981d6c340a49cdc40a1028d9c6084ec7e9fa33fcb839cab656a267071e234" +dependencies = [ + "bitflags", + "errno", + "libc", + "linux-raw-sys", + "windows-sys", +] + +[[package]] +name = "ryu" +version = "1.0.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1ad4cc8da4ef723ed60bced201181d83791ad433213d8c24efffda1eec85d741" + +[[package]] +name = "same-file" +version = "1.0.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "93fc1dc3aaa9bfed95e02e6eadabb4baf7e3078b0bd1b4d7b6b0b68378900502" +dependencies = [ + "winapi-util", +] + +[[package]] +name = "scopeguard" +version = "1.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49" + +[[package]] +name = "sec1" +version = "0.7.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d3e97a565f76233a6003f9f5c54be1d9c5bdfa3eccfb189469f11ec4901c47dc" +dependencies = [ + "base16ct", + "der", + "generic-array", + "pkcs8", + "serdect 0.2.0", + "subtle", + "zeroize", +] + +[[package]] +name = "secrecy" +version = "0.10.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e891af845473308773346dc847b2c23ee78fe442e0472ac50e22a18a93d3ae5a" +dependencies = [ + "serde", + "zeroize", +] + +[[package]] +name = "serde" +version = "1.0.214" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f55c3193aca71c12ad7890f1785d2b73e1b9f63a0bbc353c08ef26fe03fc56b5" +dependencies = [ + "serde_derive", +] + +[[package]] +name = "serde-encoded-bytes" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ec007ca0e3db940a5409d65780b6bd0202cbea68800861ae876b80655ee8e24b" +dependencies = [ + "base64", + "hex", + "serde", +] + +[[package]] +name = "serde-persistent-deserializer" +version = "0.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f1f52002cbca6cb233262e7ab1a04d4214c3a13f4ee93cec344286ff14b01147" +dependencies = [ + "serde", +] + +[[package]] +name = "serde_assert" +version = "0.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f7341bab0ba89c85756d5d032a66b009ed88833ea915f5997b9e8303f0c52a54" +dependencies = [ + "serde", +] + +[[package]] +name = "serde_derive" +version = "1.0.214" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "de523f781f095e28fa605cdce0f8307e451cc0fd14e2eb4cd2e98a355b147766" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "serde_json" +version = "1.0.108" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3d1c7e3eac408d115102c4c24ad393e0821bb3a5df4d506a80f85f7a742a526b" +dependencies = [ + "itoa", + "ryu", + "serde", +] + +[[package]] +name = "serdect" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a84f14a19e9a014bb9f4512488d9829a68e04ecabffb0f9904cd1ace94598177" +dependencies = [ + "base16ct", + "serde", +] + +[[package]] +name = "serdect" +version = "0.3.0-rc.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2a504c8ee181e3e594d84052f983d60afe023f4d94d050900be18062bbbf7b58" +dependencies = [ + "base16ct", + "serde", +] + +[[package]] +name = "sha2" +version = "0.10.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "793db75ad2bcafc3ffa7c68b215fee268f537982cd901d132f89c6343f3a3dc8" +dependencies = [ + "cfg-if", + "cpufeatures", + "digest", +] + +[[package]] +name = "sha3" +version = "0.10.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "75872d278a8f37ef87fa0ddbda7802605cb18344497949862c0d4dcb291eba60" +dependencies = [ + "digest", + "keccak", +] + +[[package]] +name = "signature" +version = "2.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "77549399552de45a898a580c1b41d445bf730df867cc44e6c0233bbc4b8329de" +dependencies = [ + "digest", + "rand_core", +] + +[[package]] +name = "spki" +version = "0.7.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d91ed6c858b01f942cd56b37a94b3e0a1798290327d1236e4d9cf4eaca44d29d" +dependencies = [ + "base64ct", + "der", +] + +[[package]] +name = "subtle" +version = "2.6.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292" + +[[package]] +name = "syn" +version = "2.0.85" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5023162dfcd14ef8f32034d8bcd4cc5ddc61ef7a247c024a33e24e1f24d21b56" +dependencies = [ + "proc-macro2", + "quote", + "unicode-ident", +] + +[[package]] +name = "synedrion" +version = "0.3.0-dev" +dependencies = [ + "bincode", + "bip32", + "criterion", + "crypto-bigint 0.6.0-rc.6", + "crypto-primes", + "digest", + "displaydoc", + "hashing-serializer", + "hex", + "impls", + "k256", + "manul", + "rand", + "rand_chacha", + "rand_core", + "secrecy", + "serde", + "serde-encoded-bytes", + "serde_assert", + "sha2", + "sha3", + "signature", + "tokio", + "zeroize", +] + +[[package]] +name = "tinytemplate" +version = "1.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "be4d6b5f19ff7664e8c98d03e2139cb510db9b0a60b55f8e8709b689d939b6bc" +dependencies = [ + "serde", + "serde_json", +] + +[[package]] +name = "tinyvec" +version = "1.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "445e881f4f6d382d5f27c034e25eb92edd7c784ceab92a0937db7f2e9471b938" +dependencies = [ + "serde", + "tinyvec_macros", +] + +[[package]] +name = "tinyvec_macros" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20" + +[[package]] +name = "tokio" +version = "1.34.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d0c014766411e834f7af5b8f4cf46257aab4036ca95e9d2c144a10f59ad6f5b9" +dependencies = [ + "backtrace", + "pin-project-lite", + "tokio-macros", +] + +[[package]] +name = "tokio-macros" +version = "2.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5b8a1e28f2deaa14e508979454cb3a223b10b938b45af148bc0986de36f1923b" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "tracing" +version = "0.1.40" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c3523ab5a71916ccf420eebdf5521fcef02141234bbc0b8a49f2fdc4544364ef" +dependencies = [ + "pin-project-lite", + "tracing-core", +] + +[[package]] +name = "tracing-core" +version = "0.1.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c06d3da6113f116aaee68e4d601191614c9053067f9ab7f6edbcb161237daa54" +dependencies = [ + "once_cell", +] + +[[package]] +name = "typeid" +version = "1.0.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0e13db2e0ccd5e14a544e8a246ba2312cd25223f616442d7f2cb0e3db614236e" + +[[package]] +name = "typenum" +version = "1.17.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "42ff0bf0c66b8238c6f3b578df37d0b7848e55df8577b3f74f92a69acceeb825" + +[[package]] +name = "unicode-ident" +version = "1.0.12" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b" + +[[package]] +name = "version_check" +version = "0.9.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f" + +[[package]] +name = "walkdir" +version = "2.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d71d857dc86794ca4c280d616f7da00d2dbfd8cd788846559a6813e6aa4b54ee" +dependencies = [ + "same-file", + "winapi-util", +] + +[[package]] +name = "wasi" +version = "0.11.0+wasi-snapshot-preview1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" + +[[package]] +name = "wasm-bindgen" +version = "0.2.88" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7daec296f25a1bae309c0cd5c29c4b260e510e6d813c286b19eaadf409d40fce" +dependencies = [ + "cfg-if", + "wasm-bindgen-macro", +] + +[[package]] +name = "wasm-bindgen-backend" +version = "0.2.88" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e397f4664c0e4e428e8313a469aaa58310d302159845980fd23b0f22a847f217" +dependencies = [ + "bumpalo", + "log", + "once_cell", + "proc-macro2", + "quote", + "syn", + "wasm-bindgen-shared", +] + +[[package]] +name = "wasm-bindgen-macro" +version = "0.2.88" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5961017b3b08ad5f3fe39f1e79877f8ee7c23c5e5fd5eb80de95abc41f1f16b2" +dependencies = [ + "quote", + "wasm-bindgen-macro-support", +] + +[[package]] +name = "wasm-bindgen-macro-support" +version = "0.2.88" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c5353b8dab669f5e10f5bd76df26a9360c748f054f862ff5f3f8aae0c7fb3907" +dependencies = [ + "proc-macro2", + "quote", + "syn", + "wasm-bindgen-backend", + "wasm-bindgen-shared", +] + +[[package]] +name = "wasm-bindgen-shared" +version = "0.2.88" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0d046c5d029ba91a1ed14da14dca44b68bf2f124cfbaf741c54151fdb3e0750b" + +[[package]] +name = "web-sys" +version = "0.3.65" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5db499c5f66323272151db0e666cd34f78617522fb0c1604d31a27c50c206a85" +dependencies = [ + "js-sys", + "wasm-bindgen", +] + +[[package]] +name = "winapi" +version = "0.3.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419" +dependencies = [ + "winapi-i686-pc-windows-gnu", + "winapi-x86_64-pc-windows-gnu", +] + +[[package]] +name = "winapi-i686-pc-windows-gnu" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6" + +[[package]] +name = "winapi-util" +version = "0.1.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f29e6f9198ba0d26b4c9f07dbe6f9ed633e1f3d5b8b414090084349e46a52596" +dependencies = [ + "winapi", +] + +[[package]] +name = "winapi-x86_64-pc-windows-gnu" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" + +[[package]] +name = "windows-sys" +version = "0.48.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "677d2418bec65e3338edb076e806bc1ec15693c5d0104683f2efe857f61056a9" +dependencies = [ + "windows-targets", +] + +[[package]] +name = "windows-targets" +version = "0.48.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9a2fa6e2155d7247be68c096456083145c183cbbbc2764150dda45a87197940c" +dependencies = [ + "windows_aarch64_gnullvm", + "windows_aarch64_msvc", + "windows_i686_gnu", + "windows_i686_msvc", + "windows_x86_64_gnu", + "windows_x86_64_gnullvm", + "windows_x86_64_msvc", +] + +[[package]] +name = "windows_aarch64_gnullvm" +version = "0.48.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2b38e32f0abccf9987a4e3079dfb67dcd799fb61361e53e2882c3cbaf0d905d8" + +[[package]] +name = "windows_aarch64_msvc" +version = "0.48.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dc35310971f3b2dbbf3f0690a219f40e2d9afcf64f9ab7cc1be722937c26b4bc" + +[[package]] +name = "windows_i686_gnu" +version = "0.48.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a75915e7def60c94dcef72200b9a8e58e5091744960da64ec734a6c6e9b3743e" + +[[package]] +name = "windows_i686_msvc" +version = "0.48.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8f55c233f70c4b27f66c523580f78f1004e8b5a8b659e05a4eb49d4166cca406" + +[[package]] +name = "windows_x86_64_gnu" +version = "0.48.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "53d40abd2583d23e4718fddf1ebec84dbff8381c07cae67ff7768bbf19c6718e" + +[[package]] +name = "windows_x86_64_gnullvm" +version = "0.48.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0b7b52767868a23d5bab768e390dc5f5c55825b6d30b86c844ff2dc7414044cc" + +[[package]] +name = "windows_x86_64_msvc" +version = "0.48.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ed94fce61571a4006852b7389a063ab983c02eb1bb37b47f8272ce92d06d9538" + +[[package]] +name = "zeroize" +version = "1.8.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ced3678a2879b30306d323f4542626697a464a97c0a07c9aebf7ebca65cd4dde" +dependencies = [ + "zeroize_derive", +] + +[[package]] +name = "zeroize_derive" +version = "1.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] diff --git a/README.md b/README.md index 29baa8bf..4700c712 100644 --- a/README.md +++ b/README.md @@ -1,9 +1,9 @@ # Synedrion - [![crate][crate-image]][crate-link] [![Docs][docs-image]][docs-link] ![License][license-image] +[![Build Status][build-image]][build-link] [![Coverage][coverage-image]][coverage-link] [crate-image]: https://img.shields.io/crates/v/synedrion.svg @@ -11,9 +11,12 @@ [docs-image]: https://docs.rs/synedrion/badge.svg [docs-link]: https://docs.rs/synedrion/ [license-image]: https://img.shields.io/crates/l/synedrion +[build-image]: https://github.com/entropyxyz/synedrion/actions/workflows/ci.yml/badge.svg?branch=master&event=push +[build-link]: https://github.com/entropyxyz/synedrion/actions?query=workflow%3Aci [coverage-image]: https://codecov.io/gh/entropyxyz/synedrion/branch/master/graph/badge.svg [coverage-link]: https://codecov.io/gh/entropyxyz/synedrion + ### A threshold signing library based on the CGGMP'21 scheme. **WARNING:** the library is a work in progress (see [Issues](https://github.com/entropyxyz/synedrion/issues)), and has not been audited. Use at your own risk. diff --git a/rustfmt.toml b/rustfmt.toml new file mode 100644 index 00000000..75306517 --- /dev/null +++ b/rustfmt.toml @@ -0,0 +1 @@ +max_width = 120 diff --git a/synedrion/Cargo.toml b/synedrion/Cargo.toml index c71899f0..62690259 100644 --- a/synedrion/Cargo.toml +++ b/synedrion/Cargo.toml @@ -3,6 +3,7 @@ name = "synedrion" authors = ['Entropy Cryptography '] version = "0.3.0-dev" edition = "2021" +rust-version = "1.81" license = "AGPL-3.0-or-later" description = "Threshold signing library based on Canetti-Gennaro-Goldfeder-Makriyannis-Peled '21 scheme" repository = "https://github.com/entropyxyz/synedrion" diff --git a/synedrion/benches/bench.rs b/synedrion/benches/bench.rs index 77961cc2..6c738326 100644 --- a/synedrion/benches/bench.rs +++ b/synedrion/benches/bench.rs @@ -25,8 +25,7 @@ fn bench_happy_paths(c: &mut Criterion) { signers .iter() .map(|signer| { - let entry_point = - KeyInit::::new(all_ids.clone()).unwrap(); + let entry_point = KeyInit::::new(all_ids.clone()).unwrap(); (*signer, entry_point) }) .collect::>() @@ -69,8 +68,7 @@ fn bench_happy_paths(c: &mut Criterion) { signers .iter() .map(|signer| { - let entry_point = - AuxGen::::new(all_ids.clone()).unwrap(); + let entry_point = AuxGen::::new(all_ids.clone()).unwrap(); (*signer, entry_point) }) .collect::>() diff --git a/synedrion/src/cggmp21.rs b/synedrion/src/cggmp21.rs index 1c422d9b..cd2537a8 100644 --- a/synedrion/src/cggmp21.rs +++ b/synedrion/src/cggmp21.rs @@ -7,15 +7,20 @@ //! The equation and figure numbers in the comments, and the notation used //! refers to the version of the paper published at +mod aux_gen; mod entities; +mod interactive_signing; +mod key_init; +mod key_refresh; mod params; -mod protocols; mod sigma; +#[cfg(test)] +mod signing_malicious; + +pub use aux_gen::{AuxGen, AuxGenProtocol}; pub use entities::{AuxInfo, KeyShare, KeyShareChange}; -pub(crate) use entities::{PublicAuxInfo, SecretAuxInfo}; +pub use interactive_signing::{InteractiveSigning, InteractiveSigningProtocol, PrehashedMessage}; +pub use key_init::{KeyInit, KeyInitProtocol}; +pub use key_refresh::{KeyRefresh, KeyRefreshProtocol}; pub use params::{ProductionParams, SchemeParams, TestParams}; -pub use protocols::{ - AuxGen, AuxGenProtocol, InteractiveSigning, InteractiveSigningProtocol, KeyInit, - KeyInitProtocol, KeyRefresh, KeyRefreshProtocol, PrehashedMessage, -}; diff --git a/synedrion/src/cggmp21/protocols/aux_gen.rs b/synedrion/src/cggmp21/aux_gen.rs similarity index 89% rename from synedrion/src/cggmp21/protocols/aux_gen.rs rename to synedrion/src/cggmp21/aux_gen.rs index a4a28037..6023b25e 100644 --- a/synedrion/src/cggmp21/protocols/aux_gen.rs +++ b/synedrion/src/cggmp21/aux_gen.rs @@ -12,23 +12,24 @@ use core::{fmt::Debug, marker::PhantomData}; use crypto_bigint::BitOps; use manul::protocol::{ - Artifact, BoxedRound, Deserializer, DirectMessage, EchoBroadcast, EntryPoint, FinalizeOutcome, - LocalError, NormalBroadcast, PartyId, Payload, Protocol, ProtocolError, ProtocolMessagePart, - ProtocolValidationError, ReceiveError, Round, RoundId, Serializer, + Artifact, BoxedRound, Deserializer, DirectMessage, EchoBroadcast, EntryPoint, FinalizeOutcome, LocalError, + NormalBroadcast, PartyId, Payload, Protocol, ProtocolError, ProtocolMessagePart, ProtocolValidationError, + ReceiveError, Round, RoundId, Serializer, }; use rand_core::CryptoRngCore; use secrecy::SecretBox; use serde::{Deserialize, Serialize}; -use super::super::{ +use super::{ + entities::{AuxInfo, PublicAuxInfo, SecretAuxInfo}, + params::SchemeParams, sigma::{FacProof, ModProof, PrmProof, SchCommitment, SchProof, SchSecret}, - AuxInfo, PublicAuxInfo, SchemeParams, SecretAuxInfo, }; use crate::{ curve::{Point, Scalar}, paillier::{ - PublicKeyPaillier, PublicKeyPaillierPrecomputed, RPParams, RPParamsMod, RPSecret, - SecretKeyPaillier, SecretKeyPaillierPrecomputed, + PublicKeyPaillier, PublicKeyPaillierPrecomputed, RPParams, RPParamsMod, RPSecret, SecretKeyPaillier, + SecretKeyPaillierPrecomputed, }, tools::{ bitvec::BitVec, @@ -120,9 +121,7 @@ impl EntryPoint for AuxGen { id: &I, ) -> Result, LocalError> { if !self.all_ids.contains(id) { - return Err(LocalError::new( - "The given node IDs must contain this node's ID", - )); + return Err(LocalError::new("The given node IDs must contain this node's ID")); } let other_ids = self.all_ids.clone().without(id); @@ -301,16 +300,11 @@ impl Round for Round1 { _artifacts: BTreeMap, ) -> Result, LocalError> { let payloads = payloads.downcast_all::()?; - let others_cap_v = payloads - .into_iter() - .map(|(id, payload)| (id, payload.cap_v)) - .collect(); - Ok(FinalizeOutcome::AnotherRound(BoxedRound::new_dynamic( - Round2 { - context: self.context, - others_cap_v, - }, - ))) + let others_cap_v = payloads.into_iter().map(|(id, payload)| (id, payload.cap_v)).collect(); + Ok(FinalizeOutcome::AnotherRound(BoxedRound::new_dynamic(Round2 { + context: self.context, + others_cap_v, + }))) } } @@ -381,26 +375,26 @@ impl Round for Round2 { .get(from) .ok_or_else(|| LocalError::new(format!("Missing `V` for {from:?}")))?; if &normal_broadcast.data.hash(&self.context.sid_hash, from) != cap_v { - return Err(ReceiveError::protocol(AuxGenError( - AuxGenErrorEnum::Round2("Hash mismatch".into()), - ))); + return Err(ReceiveError::protocol(AuxGenError(AuxGenErrorEnum::Round2( + "Hash mismatch".into(), + )))); } let paillier_pk = normal_broadcast.data.paillier_pk.to_precomputed(); if (paillier_pk.modulus().bits_vartime() as usize) < 8 * P::SECURITY_PARAMETER { - return Err(ReceiveError::protocol(AuxGenError( - AuxGenErrorEnum::Round2("Paillier modulus is too small".into()), - ))); + return Err(ReceiveError::protocol(AuxGenError(AuxGenErrorEnum::Round2( + "Paillier modulus is too small".into(), + )))); } let aux = (&self.context.sid_hash, &from); let rp_params = normal_broadcast.data.rp_params.to_mod(&paillier_pk); if !normal_broadcast.data.hat_psi.verify(&rp_params, &aux) { - return Err(ReceiveError::protocol(AuxGenError( - AuxGenErrorEnum::Round2("PRM verification failed".into()), - ))); + return Err(ReceiveError::protocol(AuxGenError(AuxGenErrorEnum::Round2( + "PRM verification failed".into(), + )))); } Ok(Payload::new(Round2Payload { @@ -428,9 +422,12 @@ impl Round for Round2 { rho ^= &data.data.rho; } - Ok(FinalizeOutcome::AnotherRound(BoxedRound::new_dynamic( - Round3::new(rng, self.context, others_data, rho), - ))) + Ok(FinalizeOutcome::AnotherRound(BoxedRound::new_dynamic(Round3::new( + rng, + self.context, + others_data, + rho, + )))) } } @@ -561,24 +558,20 @@ impl Round for Round3 { let aux = (&self.context.sid_hash, &from, &self.rho); + if !direct_message.data2.psi_mod.verify(rng, &sender_data.paillier_pk, &aux) { + return Err(ReceiveError::protocol(AuxGenError(AuxGenErrorEnum::Round3( + "Mod proof verification failed".into(), + )))); + } + if !direct_message .data2 - .psi_mod - .verify(rng, &sender_data.paillier_pk, &aux) + .phi + .verify(&sender_data.paillier_pk, &self.context.data_precomp.rp_params, &aux) { - return Err(ReceiveError::protocol(AuxGenError( - AuxGenErrorEnum::Round3("Mod proof verification failed".into()), - ))); - } - - if !direct_message.data2.phi.verify( - &sender_data.paillier_pk, - &self.context.data_precomp.rp_params, - &aux, - ) { - return Err(ReceiveError::protocol(AuxGenError( - AuxGenErrorEnum::Round3("Fac proof verification failed".into()), - ))); + return Err(ReceiveError::protocol(AuxGenError(AuxGenErrorEnum::Round3( + "Fac proof verification failed".into(), + )))); } if !direct_message @@ -586,9 +579,9 @@ impl Round for Round3 { .pi .verify(&sender_data.data.cap_b, &sender_data.data.cap_y, &aux) { - return Err(ReceiveError::protocol(AuxGenError( - AuxGenErrorEnum::Round3("Sch proof verification (Y) failed".into()), - ))); + return Err(ReceiveError::protocol(AuxGenError(AuxGenErrorEnum::Round3( + "Sch proof verification (Y) failed".into(), + )))); } Ok(Payload::empty()) @@ -671,11 +664,7 @@ mod tests { for (id, aux_info) in aux_infos.iter() { for other_aux_info in aux_infos.values() { assert_eq!( - aux_info - .secret_aux - .el_gamal_sk - .expose_secret() - .mul_by_generator(), + aux_info.secret_aux.el_gamal_sk.expose_secret().mul_by_generator(), other_aux_info.public_aux[id].el_gamal_pk ); } diff --git a/synedrion/src/cggmp21/entities.rs b/synedrion/src/cggmp21/entities.rs index 0d0986d9..e8e74f58 100644 --- a/synedrion/src/cggmp21/entities.rs +++ b/synedrion/src/cggmp21/entities.rs @@ -14,8 +14,8 @@ use crate::{ cggmp21::SchemeParams, curve::{Point, Scalar}, paillier::{ - CiphertextMod, PaillierParams, PublicKeyPaillier, PublicKeyPaillierPrecomputed, RPParams, - RPParamsMod, Randomizer, SecretKeyPaillier, SecretKeyPaillierPrecomputed, + CiphertextMod, PaillierParams, PublicKeyPaillier, PublicKeyPaillierPrecomputed, RPParams, RPParamsMod, + Randomizer, SecretKeyPaillier, SecretKeyPaillierPrecomputed, }, uint::Signed, }; @@ -294,8 +294,7 @@ mod tests { .map(|_| *SigningKey::random(&mut OsRng).verifying_key()) .collect::>(); - let shares = - KeyShare::::new_centralized(&mut OsRng, &ids, Some(&sk)); + let shares = KeyShare::::new_centralized(&mut OsRng, &ids, Some(&sk)); assert!(shares .values() .all(|share| &share.verifying_key().unwrap() == sk.verifying_key())); diff --git a/synedrion/src/cggmp21/protocols/interactive_signing.rs b/synedrion/src/cggmp21/interactive_signing.rs similarity index 89% rename from synedrion/src/cggmp21/protocols/interactive_signing.rs rename to synedrion/src/cggmp21/interactive_signing.rs index ad0b403c..2aaf01da 100644 --- a/synedrion/src/cggmp21/protocols/interactive_signing.rs +++ b/synedrion/src/cggmp21/interactive_signing.rs @@ -11,18 +11,18 @@ use alloc::{ use core::{fmt::Debug, marker::PhantomData}; use manul::protocol::{ - Artifact, BoxedRound, Deserializer, DirectMessage, EchoBroadcast, EntryPoint, FinalizeOutcome, - LocalError, NormalBroadcast, PartyId, Payload, Protocol, ProtocolError, ProtocolMessagePart, - ProtocolValidationError, ReceiveError, Round, RoundId, Serializer, + Artifact, BoxedRound, Deserializer, DirectMessage, EchoBroadcast, EntryPoint, FinalizeOutcome, LocalError, + NormalBroadcast, PartyId, Payload, Protocol, ProtocolError, ProtocolMessagePart, ProtocolValidationError, + ReceiveError, Round, RoundId, Serializer, }; use rand_core::CryptoRngCore; use secrecy::{ExposeSecret, SecretBox}; use serde::{Deserialize, Serialize}; -use super::super::{ - entities::{AuxInfoPrecomputed, PresigningData, PresigningValues}, +use super::{ + entities::{AuxInfo, AuxInfoPrecomputed, KeyShare, PresigningData, PresigningValues}, + params::SchemeParams, sigma::{AffGProof, DecProof, EncProof, LogStarProof, MulProof, MulStarProof}, - AuxInfo, KeyShare, SchemeParams, }; use crate::{ curve::{Point, RecoverableSignature, Scalar}, @@ -104,11 +104,7 @@ pub struct InteractiveSigning { impl InteractiveSigning { /// Creates a new entry point given a share of the secret key. - pub fn new( - prehashed_message: PrehashedMessage, - key_share: KeyShare, - aux_info: AuxInfo, - ) -> Self { + pub fn new(prehashed_message: PrehashedMessage, key_share: KeyShare, aux_info: AuxInfo) -> Self { // TODO: check that both are consistent Self { prehashed_message, @@ -165,12 +161,10 @@ impl EntryPoint for InteractiveSigning { let pk = aux_info.secret_aux.paillier_sk.public_key(); let nu = RandomizerMod::::random(rng, pk); - let cap_g = - CiphertextMod::new_with_randomizer(pk, &P::uint_from_scalar(&gamma), &nu.retrieve()); + let cap_g = CiphertextMod::new_with_randomizer(pk, &P::uint_from_scalar(&gamma), &nu.retrieve()); let rho = RandomizerMod::::random(rng, pk); - let cap_k = - CiphertextMod::new_with_randomizer(pk, &P::uint_from_scalar(&k), &rho.retrieve()); + let cap_k = CiphertextMod::new_with_randomizer(pk, &P::uint_from_scalar(&k), &rho.retrieve()); Ok(BoxedRound::new_dynamic(Round1 { context: Context { @@ -282,10 +276,7 @@ impl Round for Round1 { &aux, ); - Ok(( - DirectMessage::new(serializer, Round1DirectMessage::

{ psi0 })?, - None, - )) + Ok((DirectMessage::new(serializer, Round1DirectMessage::

{ psi0 })?, None)) } fn receive_message( @@ -300,8 +291,7 @@ impl Round for Round1 { normal_broadcast.assert_is_none()?; let direct_message = direct_message.deserialize::>(deserializer)?; - let echo_broadcast = - echo_broadcast.deserialize::>(deserializer)?; + let echo_broadcast = echo_broadcast.deserialize::>(deserializer)?; let aux = (&self.context.ssid_hash, &self.context.my_id); @@ -344,8 +334,7 @@ impl Round for Round1 { let mut all_cap_k = others_cap_k .into_iter() .map(|(id, ciphertext)| { - let ciphertext_mod = - ciphertext.to_mod(&self.context.aux_info.public_aux[&id].paillier_pk); + let ciphertext_mod = ciphertext.to_mod(&self.context.aux_info.public_aux[&id].paillier_pk); (id, ciphertext_mod) }) .collect::>(); @@ -354,20 +343,17 @@ impl Round for Round1 { let mut all_cap_g = others_cap_g .into_iter() .map(|(id, ciphertext)| { - let ciphertext_mod = - ciphertext.to_mod(&self.context.aux_info.public_aux[&id].paillier_pk); + let ciphertext_mod = ciphertext.to_mod(&self.context.aux_info.public_aux[&id].paillier_pk); (id, ciphertext_mod) }) .collect::>(); all_cap_g.insert(my_id, self.cap_g); - Ok(FinalizeOutcome::AnotherRound(BoxedRound::new_dynamic( - Round2 { - context: self.context, - all_cap_k, - all_cap_g, - }, - ))) + Ok(FinalizeOutcome::AnotherRound(BoxedRound::new_dynamic(Round2 { + context: self.context, + all_cap_k, + all_cap_g, + }))) } } @@ -461,27 +447,14 @@ impl Round for Round2 { let hat_r = RandomizerMod::random(rng, pk); let hat_s = RandomizerMod::random(rng, target_pk); - let cap_f = - CiphertextMod::new_with_randomizer_signed(pk, beta.expose_secret(), &r.retrieve()); + let cap_f = CiphertextMod::new_with_randomizer_signed(pk, beta.expose_secret(), &r.retrieve()); let cap_d = &self.all_cap_k[destination] * P::signed_from_scalar(&self.context.gamma) - + CiphertextMod::new_with_randomizer_signed( - target_pk, - &-beta.expose_secret(), - &s.retrieve(), - ); + + CiphertextMod::new_with_randomizer_signed(target_pk, &-beta.expose_secret(), &s.retrieve()); - let hat_cap_f = CiphertextMod::new_with_randomizer_signed( - pk, - hat_beta.expose_secret(), - &hat_r.retrieve(), - ); + let hat_cap_f = CiphertextMod::new_with_randomizer_signed(pk, hat_beta.expose_secret(), &hat_r.retrieve()); let hat_cap_d = &self.all_cap_k[destination] * P::signed_from_scalar(self.context.key_share.secret_share.expose_secret()) - + CiphertextMod::new_with_randomizer_signed( - target_pk, - &-hat_beta.expose_secret(), - &hat_s.retrieve(), - ); + + CiphertextMod::new_with_randomizer_signed(target_pk, &-hat_beta.expose_secret(), &hat_s.retrieve()); let public_aux = &self.context.aux_info.public_aux[destination]; let rp = &public_aux.rp_params; @@ -659,20 +632,15 @@ impl Round for Round2 { let payloads = payloads.downcast_all::>()?; let artifacts = artifacts.downcast_all::>()?; - let cap_gamma = payloads - .values() - .map(|payload| payload.cap_gamma) - .sum::() - + self.context.gamma.mul_by_generator(); + let cap_gamma = + payloads.values().map(|payload| payload.cap_gamma).sum::() + self.context.gamma.mul_by_generator(); let cap_delta = cap_gamma * self.context.k; let alpha_sum: Signed<_> = payloads.values().map(|p| p.alpha).sum(); let beta_sum: Signed<_> = artifacts.values().map(|p| p.beta.expose_secret()).sum(); - let delta = P::signed_from_scalar(&self.context.gamma) - * P::signed_from_scalar(&self.context.k) - + alpha_sum - + beta_sum; + let delta = + P::signed_from_scalar(&self.context.gamma) * P::signed_from_scalar(&self.context.k) + alpha_sum + beta_sum; let hat_alpha_sum: Signed<_> = payloads.values().map(|payload| payload.hat_alpha).sum(); let hat_beta_sum: Signed<_> = artifacts @@ -689,20 +657,18 @@ impl Round for Round2 { .map(|(id, payload)| ((id.clone(), payload.cap_d), (id, payload.hat_cap_d))) .unzip(); - Ok(FinalizeOutcome::AnotherRound(BoxedRound::new_dynamic( - Round3 { - context: self.context, - delta, - chi, - cap_delta, - cap_gamma, - all_cap_k: self.all_cap_k, - all_cap_g: self.all_cap_g, - cap_ds, - hat_cap_ds, - round2_artifacts: artifacts, - }, - ))) + Ok(FinalizeOutcome::AnotherRound(BoxedRound::new_dynamic(Round3 { + context: self.context, + delta, + chi, + cap_delta, + cap_gamma, + all_cap_k: self.all_cap_k, + all_cap_g: self.all_cap_g, + cap_ds, + hat_cap_ds, + round2_artifacts: artifacts, + }))) } } @@ -880,9 +846,10 @@ impl Round for Round3 { values, }; - return Ok(FinalizeOutcome::AnotherRound(BoxedRound::new_dynamic( - Round4::new(self.context, presigning_data), - ))); + return Ok(FinalizeOutcome::AnotherRound(BoxedRound::new_dynamic(Round4::new( + self.context, + presigning_data, + )))); } // Construct the correctness proofs @@ -943,9 +910,8 @@ impl Round for Round3 { // Mul proof let rho = RandomizerMod::random(rng, pk); - let cap_h = (&self.all_cap_g[&self.context.my_id] - * P::bounded_from_scalar(&self.context.k)) - .mul_randomizer(&rho.retrieve()); + let cap_h = (&self.all_cap_g[&self.context.my_id] * P::bounded_from_scalar(&self.context.k)) + .mul_randomizer(&rho.retrieve()); let p_mul = MulProof::

::new( rng, @@ -1102,11 +1068,7 @@ impl Round for Round4 { ) -> Result, LocalError> { let payloads = payloads.downcast_all::()?; - let assembled_sigma = payloads - .values() - .map(|payload| payload.sigma) - .sum::() - + self.sigma; + let assembled_sigma = payloads.values().map(|payload| payload.sigma).sum::() + self.sigma; let signature = RecoverableSignature::from_scalars( &self.r, @@ -1134,9 +1096,11 @@ impl Round for Round4 { let target_pk = &self.context.aux_info.public_aux[id_j].paillier_pk; let rp = &self.context.aux_info.public_aux[id_l].rp_params; - let values = self.presigning.values.get(id_j).ok_or_else(|| { - LocalError::new(format!("Missing presigning values for {id_j:?}")) - })?; + let values = self + .presigning + .values + .get(id_j) + .ok_or_else(|| LocalError::new(format!("Missing presigning values for {id_j:?}")))?; let p_aff_g = AffGProof::

::new( rng, @@ -1175,8 +1139,8 @@ impl Round for Round4 { let cap_x = self.context.key_share.public_shares[&my_id]; let rho = RandomizerMod::random(rng, pk); - let hat_cap_h = (&self.presigning.cap_k * P::bounded_from_scalar(x.expose_secret())) - .mul_randomizer(&rho.retrieve()); + let hat_cap_h = + (&self.presigning.cap_k * P::bounded_from_scalar(x.expose_secret())).mul_randomizer(&rho.retrieve()); let aux = (&self.context.ssid_hash, &my_id); @@ -1211,9 +1175,11 @@ impl Round for Round4 { let mut ciphertext = hat_cap_h.clone(); for id_j in self.context.other_ids.iter() { - let values = &self.presigning.values.get(id_j).ok_or_else(|| { - LocalError::new(format!("Missing presigning values for {id_j:?}")) - })?; + let values = &self + .presigning + .values + .get(id_j) + .ok_or_else(|| LocalError::new(format!("Missing presigning values for {id_j:?}")))?; ciphertext = ciphertext + &values.hat_cap_d_received + &values.hat_cap_f; } @@ -1225,10 +1191,9 @@ impl Round for Round4 { let rho = ciphertext.derive_randomizer(sk); // This is the same as `s_part` but if all the calculations were performed // without reducing modulo curve order. - let s_part_nonreduced = - P::signed_from_scalar(self.presigning.ephemeral_scalar_share.expose_secret()) - * P::signed_from_scalar(&self.context.message) - + self.presigning.product_share_nonreduced * P::signed_from_scalar(&r); + let s_part_nonreduced = P::signed_from_scalar(self.presigning.ephemeral_scalar_share.expose_secret()) + * P::signed_from_scalar(&self.context.message) + + self.presigning.product_share_nonreduced * P::signed_from_scalar(&r); let mut dec_proofs = Vec::new(); for id_l in self.context.other_ids.iter() { @@ -1253,9 +1218,7 @@ impl Round for Round4 { } Ok(FinalizeOutcome::AnotherRound(BoxedRound::new_dynamic( - SigningErrorRound { - context: self.context, - }, + SigningErrorRound { context: self.context }, ))) } } @@ -1306,11 +1269,10 @@ impl Round for SigningErrorRound { ) -> Result> { normal_broadcast.assert_is_none()?; direct_message.assert_is_none()?; - let _echo_broadcast = - echo_broadcast.deserialize::>(deserializer)?; - Err(ReceiveError::protocol( - InteractiveSigningError::SigningError("Signing error stub".into()), - )) + let _echo_broadcast = echo_broadcast.deserialize::>(deserializer)?; + Err(ReceiveError::protocol(InteractiveSigningError::SigningError( + "Signing error stub".into(), + ))) } fn finalize( @@ -1342,14 +1304,10 @@ mod tests { #[test] fn execute_interactive_signing() { let signers = (0..3).map(TestSigner::new).collect::>(); - let ids = signers - .iter() - .map(|signer| signer.verifying_key()) - .collect::>(); + let ids = signers.iter().map(|signer| signer.verifying_key()).collect::>(); let ids_set = BTreeSet::from_iter(ids.clone()); - let key_shares = - KeyShare::::new_centralized(&mut OsRng, &ids_set, None); + let key_shares = KeyShare::::new_centralized(&mut OsRng, &ids_set, None); let aux_infos = AuxInfo::new_centralized(&mut OsRng, &ids_set); let mut message = [0u8; 32]; @@ -1359,11 +1317,7 @@ mod tests { .into_iter() .map(|signer| { let id = signer.verifying_key(); - let entry_point = InteractiveSigning::new( - message, - key_shares[&id].clone(), - aux_infos[&id].clone(), - ); + let entry_point = InteractiveSigning::new(message, key_shares[&id].clone(), aux_infos[&id].clone()); (signer, entry_point) }) .collect(); diff --git a/synedrion/src/cggmp21/protocols/key_init.rs b/synedrion/src/cggmp21/key_init.rs similarity index 94% rename from synedrion/src/cggmp21/protocols/key_init.rs rename to synedrion/src/cggmp21/key_init.rs index 5442a8a2..fbf8bb82 100644 --- a/synedrion/src/cggmp21/protocols/key_init.rs +++ b/synedrion/src/cggmp21/key_init.rs @@ -12,17 +12,18 @@ use alloc::{ use core::{fmt::Debug, marker::PhantomData}; use manul::protocol::{ - Artifact, BoxedRound, Deserializer, DirectMessage, EchoBroadcast, EntryPoint, FinalizeOutcome, - LocalError, NormalBroadcast, PartyId, Payload, Protocol, ProtocolError, ProtocolMessagePart, - ProtocolValidationError, ReceiveError, Round, RoundId, Serializer, + Artifact, BoxedRound, Deserializer, DirectMessage, EchoBroadcast, EntryPoint, FinalizeOutcome, LocalError, + NormalBroadcast, PartyId, Payload, Protocol, ProtocolError, ProtocolMessagePart, ProtocolValidationError, + ReceiveError, Round, RoundId, Serializer, }; use rand_core::CryptoRngCore; use secrecy::SecretBox; use serde::{Deserialize, Serialize}; -use super::super::{ +use super::{ + entities::KeyShare, + params::SchemeParams, sigma::{SchCommitment, SchProof, SchSecret}, - KeyShare, SchemeParams, }; use crate::{ curve::{Point, Scalar}, @@ -130,9 +131,7 @@ impl EntryPoint for KeyInit { id: &I, ) -> Result, LocalError> { if !self.all_ids.contains(id) { - return Err(LocalError::new( - "The given node IDs must contain this node's ID", - )); + return Err(LocalError::new("The given node IDs must contain this node's ID")); } let other_ids = self.all_ids.clone().without(id); @@ -252,13 +251,11 @@ impl Round for Round1 { ) -> Result, LocalError> { let payloads = payloads.downcast_all::()?; let others_cap_v = payloads.into_iter().map(|(k, v)| (k, v.cap_v)).collect(); - Ok(FinalizeOutcome::AnotherRound(BoxedRound::new_dynamic( - Round2 { - others_cap_v, - context: self.context, - phantom: PhantomData, - }, - ))) + Ok(FinalizeOutcome::AnotherRound(BoxedRound::new_dynamic(Round2 { + others_cap_v, + context: self.context, + phantom: PhantomData, + }))) } } @@ -352,14 +349,12 @@ impl Round for Round2 { let others_data = payloads.into_iter().map(|(k, v)| (k, v.data)).collect(); - Ok(FinalizeOutcome::AnotherRound(BoxedRound::new_dynamic( - Round3 { - context: self.context, - others_data, - rid, - phantom: PhantomData, - }, - ))) + Ok(FinalizeOutcome::AnotherRound(BoxedRound::new_dynamic(Round3 { + context: self.context, + others_data, + rid, + phantom: PhantomData, + }))) } } @@ -489,8 +484,7 @@ mod tests { let entry_points = signers .into_iter() .map(|signer| { - let entry_point = - KeyInit::::new(all_ids.clone()).unwrap(); + let entry_point = KeyInit::::new(all_ids.clone()).unwrap(); (signer, entry_point) }) .collect::>(); diff --git a/synedrion/src/cggmp21/protocols/key_refresh.rs b/synedrion/src/cggmp21/key_refresh.rs similarity index 87% rename from synedrion/src/cggmp21/protocols/key_refresh.rs rename to synedrion/src/cggmp21/key_refresh.rs index 904cd975..7127feb6 100644 --- a/synedrion/src/cggmp21/protocols/key_refresh.rs +++ b/synedrion/src/cggmp21/key_refresh.rs @@ -13,23 +13,24 @@ use core::{fmt::Debug, marker::PhantomData}; use crypto_bigint::BitOps; use manul::protocol::{ - Artifact, BoxedRound, Deserializer, DirectMessage, EchoBroadcast, EntryPoint, FinalizeOutcome, - LocalError, NormalBroadcast, PartyId, Payload, Protocol, ProtocolError, ProtocolMessagePart, - ProtocolValidationError, ReceiveError, Round, RoundId, Serializer, + Artifact, BoxedRound, Deserializer, DirectMessage, EchoBroadcast, EntryPoint, FinalizeOutcome, LocalError, + NormalBroadcast, PartyId, Payload, Protocol, ProtocolError, ProtocolMessagePart, ProtocolValidationError, + ReceiveError, Round, RoundId, Serializer, }; use rand_core::CryptoRngCore; use secrecy::SecretBox; use serde::{Deserialize, Serialize}; -use super::super::{ +use super::{ + entities::{AuxInfo, KeyShareChange, PublicAuxInfo, SecretAuxInfo}, + params::SchemeParams, sigma::{FacProof, ModProof, PrmProof, SchCommitment, SchProof, SchSecret}, - AuxInfo, KeyShareChange, PublicAuxInfo, SchemeParams, SecretAuxInfo, }; use crate::{ curve::{Point, Scalar}, paillier::{ - Ciphertext, CiphertextMod, PublicKeyPaillier, PublicKeyPaillierPrecomputed, RPParams, - RPParamsMod, RPSecret, Randomizer, SecretKeyPaillier, SecretKeyPaillierPrecomputed, + Ciphertext, CiphertextMod, PublicKeyPaillier, PublicKeyPaillierPrecomputed, RPParams, RPParamsMod, RPSecret, + Randomizer, SecretKeyPaillier, SecretKeyPaillierPrecomputed, }, tools::{ bitvec::BitVec, @@ -134,9 +135,7 @@ impl EntryPoint for KeyRefresh { id: &I, ) -> Result, LocalError> { if !self.all_ids.contains(id) { - return Err(LocalError::new( - "The given node IDs must contain this node's ID", - )); + return Err(LocalError::new("The given node IDs must contain this node's ID")); } let other_ids = self.all_ids.clone().without(id); @@ -242,7 +241,7 @@ impl EntryPoint for KeyRefresh { PrmProof

: for<'x> Deserialize<'x>, "))] struct PublicData1 { - cap_x_to_send: Vec, // $X_i^j$ where $i$ is this party's index + cap_x_to_send: Vec, // $X_i^j$ where $i$ is this party's index cap_a_to_send: Vec, // $A_i^j$ where $i$ is this party's index cap_y: Point, cap_b: SchCommitment, @@ -358,16 +357,11 @@ impl Round for Round1 { _artifacts: BTreeMap, ) -> Result, LocalError> { let payloads = payloads.downcast_all::()?; - let others_cap_v = payloads - .into_iter() - .map(|(id, payload)| (id, payload.cap_v)) - .collect(); - Ok(FinalizeOutcome::AnotherRound(BoxedRound::new_dynamic( - Round2 { - context: self.context, - others_cap_v, - }, - ))) + let others_cap_v = payloads.into_iter().map(|(id, payload)| (id, payload.cap_v)).collect(); + Ok(FinalizeOutcome::AnotherRound(BoxedRound::new_dynamic(Round2 { + context: self.context, + others_cap_v, + }))) } } @@ -438,32 +432,32 @@ impl Round for Round2 { .ok_or_else(|| LocalError::new(format!("Missing `V` for {from:?}")))?; if &normal_broadcast.data.hash(&self.context.sid_hash, from) != cap_v { - return Err(ReceiveError::protocol(KeyRefreshError( - KeyRefreshErrorEnum::Round2("Hash mismatch".into()), - ))); + return Err(ReceiveError::protocol(KeyRefreshError(KeyRefreshErrorEnum::Round2( + "Hash mismatch".into(), + )))); } let paillier_pk = normal_broadcast.data.paillier_pk.to_precomputed(); if (paillier_pk.modulus().bits_vartime() as usize) < 8 * P::SECURITY_PARAMETER { - return Err(ReceiveError::protocol(KeyRefreshError( - KeyRefreshErrorEnum::Round2("Paillier modulus is too small".into()), - ))); + return Err(ReceiveError::protocol(KeyRefreshError(KeyRefreshErrorEnum::Round2( + "Paillier modulus is too small".into(), + )))); } if normal_broadcast.data.cap_x_to_send.iter().sum::() != Point::IDENTITY { - return Err(ReceiveError::protocol(KeyRefreshError( - KeyRefreshErrorEnum::Round2("Sum of X points is not identity".into()), - ))); + return Err(ReceiveError::protocol(KeyRefreshError(KeyRefreshErrorEnum::Round2( + "Sum of X points is not identity".into(), + )))); } let aux = (&self.context.sid_hash, &from); let rp_params = normal_broadcast.data.rp_params.to_mod(&paillier_pk); if !normal_broadcast.data.hat_psi.verify(&rp_params, &aux) { - return Err(ReceiveError::protocol(KeyRefreshError( - KeyRefreshErrorEnum::Round2("PRM verification failed".into()), - ))); + return Err(ReceiveError::protocol(KeyRefreshError(KeyRefreshErrorEnum::Round2( + "PRM verification failed".into(), + )))); } Ok(Payload::new(Round2Payload { @@ -491,9 +485,12 @@ impl Round for Round2 { rho ^= &data.data.rho; } - Ok(FinalizeOutcome::AnotherRound(BoxedRound::new_dynamic( - Round3::new(rng, self.context, others_data, rho), - ))) + Ok(FinalizeOutcome::AnotherRound(BoxedRound::new_dynamic(Round3::new( + rng, + self.context, + others_data, + rho, + )))) } } @@ -606,8 +603,7 @@ impl Round for Round3 { let x_secret = self.context.x_to_send[destination]; let x_public = self.context.data_precomp.data.cap_x_to_send[destination_idx]; - let ciphertext = - CiphertextMod::new(rng, &data.paillier_pk, &P::uint_from_scalar(&x_secret)); + let ciphertext = CiphertextMod::new(rng, &data.paillier_pk, &P::uint_from_scalar(&x_secret)); let psi_sch = SchProof::new( &self.context.tau_x[destination], @@ -669,24 +665,20 @@ impl Round for Round3 { let aux = (&self.context.sid_hash, &from, &self.rho); + if !direct_message.data2.psi_mod.verify(rng, &sender_data.paillier_pk, &aux) { + return Err(ReceiveError::protocol(KeyRefreshError(KeyRefreshErrorEnum::Round3( + "Mod proof verification failed".into(), + )))); + } + if !direct_message .data2 - .psi_mod - .verify(rng, &sender_data.paillier_pk, &aux) + .phi + .verify(&sender_data.paillier_pk, &self.context.data_precomp.rp_params, &aux) { - return Err(ReceiveError::protocol(KeyRefreshError( - KeyRefreshErrorEnum::Round3("Mod proof verification failed".into()), - ))); - } - - if !direct_message.data2.phi.verify( - &sender_data.paillier_pk, - &self.context.data_precomp.rp_params, - &aux, - ) { - return Err(ReceiveError::protocol(KeyRefreshError( - KeyRefreshErrorEnum::Round3("Fac proof verification failed".into()), - ))); + return Err(ReceiveError::protocol(KeyRefreshError(KeyRefreshErrorEnum::Round3( + "Fac proof verification failed".into(), + )))); } if !direct_message @@ -694,9 +686,9 @@ impl Round for Round3 { .pi .verify(&sender_data.data.cap_b, &sender_data.data.cap_y, &aux) { - return Err(ReceiveError::protocol(KeyRefreshError( - KeyRefreshErrorEnum::Round3("Sch proof verification (Y) failed".into()), - ))); + return Err(ReceiveError::protocol(KeyRefreshError(KeyRefreshErrorEnum::Round3( + "Sch proof verification (Y) failed".into(), + )))); } if !direct_message.data2.psi_sch.verify( @@ -704,9 +696,9 @@ impl Round for Round3 { &sender_data.data.cap_x_to_send[my_idx], &aux, ) { - return Err(ReceiveError::protocol(KeyRefreshError( - KeyRefreshErrorEnum::Round3("Sch proof verification (X) failed".into()), - ))); + return Err(ReceiveError::protocol(KeyRefreshError(KeyRefreshErrorEnum::Round3( + "Sch proof verification (X) failed".into(), + )))); } Ok(Payload::new(Round3Payload { x })) @@ -725,8 +717,7 @@ impl Round for Round3 { .collect::>(); // The combined secret share change - let x_star = - others_x.values().sum::() + self.context.x_to_send[&self.context.my_id]; + let x_star = others_x.values().sum::() + self.context.x_to_send[&self.context.my_id]; let my_id = self.context.my_id.clone(); let mut all_ids = self.context.other_ids; @@ -742,10 +733,7 @@ impl Round for Round3 { .map(|(idx, id)| { ( id.clone(), - all_data - .values() - .map(|data| data.data.cap_x_to_send[idx]) - .sum(), + all_data.values().map(|data| data.data.cap_x_to_send[idx]).sum(), ) }) .collect(); @@ -812,8 +800,7 @@ mod tests { let entry_points = signers .into_iter() .map(|signer| { - let entry_point = - KeyRefresh::::new(all_ids.clone()).unwrap(); + let entry_point = KeyRefresh::::new(all_ids.clone()).unwrap(); (signer, entry_point) }) .collect::>(); @@ -832,10 +819,7 @@ mod tests { for (id, change) in changes.iter() { for other_change in changes.values() { assert_eq!( - change - .secret_share_change - .expose_secret() - .mul_by_generator(), + change.secret_share_change.expose_secret().mul_by_generator(), other_change.public_share_changes[id] ); } @@ -844,11 +828,7 @@ mod tests { for (id, aux_info) in aux_infos.iter() { for other_aux_info in aux_infos.values() { assert_eq!( - aux_info - .secret_aux - .el_gamal_sk - .expose_secret() - .mul_by_generator(), + aux_info.secret_aux.el_gamal_sk.expose_secret().mul_by_generator(), other_aux_info.public_aux[id].el_gamal_pk ); } diff --git a/synedrion/src/cggmp21/params.rs b/synedrion/src/cggmp21/params.rs index b6abf3a5..74ac4abd 100644 --- a/synedrion/src/cggmp21/params.rs +++ b/synedrion/src/cggmp21/params.rs @@ -12,8 +12,8 @@ use crate::{ paillier::PaillierParams, tools::hashing::{Chain, HashableType}, uint::{ - subtle::ConditionallySelectable, Bounded, Encoding, NonZero, Signed, U1024Mod, U2048Mod, - U4096Mod, U512Mod, Uint, Zero, U1024, U2048, U4096, U512, U8192, + subtle::ConditionallySelectable, Bounded, Encoding, NonZero, Signed, U1024Mod, U2048Mod, U4096Mod, U512Mod, + Uint, Zero, U1024, U2048, U4096, U512, U8192, }, }; @@ -21,10 +21,7 @@ use crate::{ pub struct PaillierTest; const fn upcast_uint(value: K256Uint) -> K256Uint { - assert!( - N2 >= N1, - "Upcast target must be bigger than the upcast candidate" - ); + assert!(N2 >= N1, "Upcast target must be bigger than the upcast candidate"); let mut result_words = [0; N2]; let mut i = 0; while i < N1 { @@ -150,12 +147,10 @@ pub trait SchemeParams: Debug + Clone + Send + PartialEq + Eq + Send + Sync + 's /// Converts a curve scalar to the associated integer type, wrapped in `Signed`. fn signed_from_scalar(value: &Scalar) -> Signed<::Uint> { - Self::bounded_from_scalar(value) - .into_signed() - .expect(concat![ - "a curve scalar value is smaller than the half of `PaillierParams::Uint` range, ", - "so it is still positive when treated as a 2-complement signed value" - ]) + Self::bounded_from_scalar(value).into_signed().expect(concat![ + "a curve scalar value is smaller than the half of `PaillierParams::Uint` range, ", + "so it is still positive when treated as a 2-complement signed value" + ]) } /// Converts an integer to the associated curve scalar type. @@ -191,9 +186,7 @@ pub trait SchemeParams: Debug + Clone + Send + PartialEq + Eq + Send + Sync + 's } /// Converts a `Signed`-wrapped wide integer to the associated curve scalar type. - fn scalar_from_wide_signed( - value: &Signed<::WideUint>, - ) -> Scalar { + fn scalar_from_wide_signed(value: &Signed<::WideUint>) -> Scalar { let abs_value = Self::scalar_from_wide_uint(&value.abs()); Scalar::conditional_select(&abs_value, &-abs_value, value.is_negative()) } @@ -224,14 +217,12 @@ impl SchemeParams for TestParams { const LP_BOUND: usize = 256; const EPS_BOUND: usize = 320; type Paillier = PaillierTest; - const CURVE_ORDER: NonZero<::Uint> = - convert_uint(upcast_uint(ORDER)) - .to_nz() - .expect("Correct by construction"); - const CURVE_ORDER_WIDE: NonZero<::WideUint> = - convert_uint(upcast_uint(ORDER)) - .to_nz() - .expect("Correct by construction"); + const CURVE_ORDER: NonZero<::Uint> = convert_uint(upcast_uint(ORDER)) + .to_nz() + .expect("Correct by construction"); + const CURVE_ORDER_WIDE: NonZero<::WideUint> = convert_uint(upcast_uint(ORDER)) + .to_nz() + .expect("Correct by construction"); } /// Production strength parameters. @@ -244,14 +235,12 @@ impl SchemeParams for ProductionParams { const LP_BOUND: usize = Self::L_BOUND * 5; const EPS_BOUND: usize = Self::L_BOUND * 2; type Paillier = PaillierProduction; - const CURVE_ORDER: NonZero<::Uint> = - convert_uint(upcast_uint(ORDER)) - .to_nz() - .expect("Correct by construction"); - const CURVE_ORDER_WIDE: NonZero<::WideUint> = - convert_uint(upcast_uint(ORDER)) - .to_nz() - .expect("Correct by construction"); + const CURVE_ORDER: NonZero<::Uint> = convert_uint(upcast_uint(ORDER)) + .to_nz() + .expect("Correct by construction"); + const CURVE_ORDER_WIDE: NonZero<::WideUint> = convert_uint(upcast_uint(ORDER)) + .to_nz() + .expect("Correct by construction"); } #[cfg(test)] diff --git a/synedrion/src/cggmp21/protocols.rs b/synedrion/src/cggmp21/protocols.rs deleted file mode 100644 index dba241ae..00000000 --- a/synedrion/src/cggmp21/protocols.rs +++ /dev/null @@ -1,12 +0,0 @@ -pub(crate) mod aux_gen; -pub(crate) mod interactive_signing; -pub(crate) mod key_init; -pub(crate) mod key_refresh; - -#[cfg(test)] -pub(crate) mod signing_malicious; - -pub use aux_gen::{AuxGen, AuxGenProtocol}; -pub use interactive_signing::{InteractiveSigning, InteractiveSigningProtocol, PrehashedMessage}; -pub use key_init::{KeyInit, KeyInitProtocol}; -pub use key_refresh::{KeyRefresh, KeyRefreshProtocol}; diff --git a/synedrion/src/cggmp21/sigma/aff_g.rs b/synedrion/src/cggmp21/sigma/aff_g.rs index e7ba8b68..c4e6e7be 100644 --- a/synedrion/src/cggmp21/sigma/aff_g.rs +++ b/synedrion/src/cggmp21/sigma/aff_g.rs @@ -8,8 +8,8 @@ use super::super::SchemeParams; use crate::{ curve::Point, paillier::{ - Ciphertext, CiphertextMod, PaillierParams, PublicKeyPaillierPrecomputed, RPCommitment, - RPParamsMod, Randomizer, RandomizerMod, + Ciphertext, CiphertextMod, PaillierParams, PublicKeyPaillierPrecomputed, RPCommitment, RPParamsMod, Randomizer, + RandomizerMod, }, tools::hashing::{Chain, Hashable, XofHasher}, uint::Signed, @@ -93,12 +93,10 @@ impl AffGProof

{ let delta = Signed::random_bounded_bits_scaled(rng, P::L_BOUND + P::EPS_BOUND, hat_cap_n); let mu = Signed::random_bounded_bits_scaled(rng, P::L_BOUND, hat_cap_n); - let cap_a = (cap_c * alpha - + CiphertextMod::new_with_randomizer_signed(pk0, &beta, &r_mod.retrieve())) - .retrieve(); + let cap_a = + (cap_c * alpha + CiphertextMod::new_with_randomizer_signed(pk0, &beta, &r_mod.retrieve())).retrieve(); let cap_b_x = P::scalar_from_signed(&alpha).mul_by_generator(); - let cap_b_y = - CiphertextMod::new_with_randomizer_signed(pk1, &beta, &r_y_mod.retrieve()).retrieve(); + let cap_b_y = CiphertextMod::new_with_randomizer_signed(pk1, &beta, &r_y_mod.retrieve()).retrieve(); let cap_e = setup.commit(&alpha, &gamma).retrieve(); let cap_s = setup.commit(x, &m).retrieve(); let cap_f = setup.commit(&beta, &delta).retrieve(); @@ -232,9 +230,7 @@ impl AffGProof

{ } // g^{z_1} = B_x X^e - if P::scalar_from_signed(&self.z1).mul_by_generator() - != self.cap_b_x + cap_x * &P::scalar_from_signed(&e) - { + if P::scalar_from_signed(&self.z1).mul_by_generator() != self.cap_b_x + cap_x * &P::scalar_from_signed(&e) { return false; } @@ -296,20 +292,15 @@ mod tests { let aux: &[u8] = b"abcde"; let x = Signed::random_bounded_bits(&mut OsRng, Params::L_BOUND); - let y = SecretBox::new(Box::new(Signed::random_bounded_bits( - &mut OsRng, - Params::LP_BOUND, - ))); + let y = SecretBox::new(Box::new(Signed::random_bounded_bits(&mut OsRng, Params::LP_BOUND))); let rho = RandomizerMod::random(&mut OsRng, pk0); let rho_y = RandomizerMod::random(&mut OsRng, pk1); let secret = Signed::random_bounded_bits(&mut OsRng, Params::L_BOUND); let cap_c = CiphertextMod::new_signed(&mut OsRng, pk0, &secret); - let cap_d = &cap_c * x - + CiphertextMod::new_with_randomizer_signed(pk0, &-y.expose_secret(), &rho.retrieve()); - let cap_y = - CiphertextMod::new_with_randomizer_signed(pk1, y.expose_secret(), &rho_y.retrieve()); + let cap_d = &cap_c * x + CiphertextMod::new_with_randomizer_signed(pk0, &-y.expose_secret(), &rho.retrieve()); + let cap_y = CiphertextMod::new_with_randomizer_signed(pk1, y.expose_secret(), &rho_y.retrieve()); let cap_x = Params::scalar_from_signed(&x).mul_by_generator(); let proof = AffGProof::::new( diff --git a/synedrion/src/cggmp21/sigma/dec.rs b/synedrion/src/cggmp21/sigma/dec.rs index bf182d89..83e32066 100644 --- a/synedrion/src/cggmp21/sigma/dec.rs +++ b/synedrion/src/cggmp21/sigma/dec.rs @@ -7,8 +7,8 @@ use super::super::SchemeParams; use crate::{ curve::Scalar, paillier::{ - Ciphertext, CiphertextMod, PaillierParams, PublicKeyPaillierPrecomputed, RPCommitment, - RPParamsMod, Randomizer, RandomizerMod, + Ciphertext, CiphertextMod, PaillierParams, PublicKeyPaillierPrecomputed, RPCommitment, RPParamsMod, Randomizer, + RandomizerMod, }, tools::hashing::{Chain, Hashable, XofHasher}, uint::Signed, @@ -65,8 +65,7 @@ impl DecProof

{ let cap_s = setup.commit(y, &mu).retrieve(); let cap_t = setup.commit(&alpha, &nu).retrieve(); - let cap_a = - CiphertextMod::new_with_randomizer_signed(pk0, &alpha, &r.retrieve()).retrieve(); + let cap_a = CiphertextMod::new_with_randomizer_signed(pk0, &alpha, &r.retrieve()).retrieve(); let gamma = P::scalar_from_signed(&alpha); let mut reader = XofHasher::new_with_dst(HASH_TAG) @@ -138,9 +137,7 @@ impl DecProof

{ } // enc(z_1, \omega) == A (+) C (*) e - if CiphertextMod::new_with_randomizer_wide(pk0, &self.z1, &self.omega) - != self.cap_a.to_mod(pk0) + cap_c * e - { + if CiphertextMod::new_with_randomizer_wide(pk0, &self.z1, &self.omega) != self.cap_a.to_mod(pk0) + cap_c * e { return false; } diff --git a/synedrion/src/cggmp21/sigma/enc.rs b/synedrion/src/cggmp21/sigma/enc.rs index bc9a841f..e53e3a12 100644 --- a/synedrion/src/cggmp21/sigma/enc.rs +++ b/synedrion/src/cggmp21/sigma/enc.rs @@ -6,8 +6,8 @@ use serde::{Deserialize, Serialize}; use super::super::SchemeParams; use crate::{ paillier::{ - Ciphertext, CiphertextMod, PaillierParams, PublicKeyPaillierPrecomputed, RPCommitment, - RPParamsMod, Randomizer, RandomizerMod, + Ciphertext, CiphertextMod, PaillierParams, PublicKeyPaillierPrecomputed, RPCommitment, RPParamsMod, Randomizer, + RandomizerMod, }, tools::hashing::{Chain, Hashable, XofHasher}, uint::Signed, @@ -61,8 +61,7 @@ impl EncProof

{ let gamma = Signed::random_bounded_bits_scaled(rng, P::L_BOUND + P::EPS_BOUND, hat_cap_n); let cap_s = setup.commit(k, &mu).retrieve(); - let cap_a = - CiphertextMod::new_with_randomizer_signed(pk0, &alpha, &r.retrieve()).retrieve(); + let cap_a = CiphertextMod::new_with_randomizer_signed(pk0, &alpha, &r.retrieve()).retrieve(); let cap_c = setup.commit(&alpha, &gamma).retrieve(); let mut reader = XofHasher::new_with_dst(HASH_TAG) @@ -171,18 +170,9 @@ mod tests { let secret = Signed::random_bounded_bits(&mut OsRng, Params::L_BOUND); let randomizer = RandomizerMod::random(&mut OsRng, pk); - let ciphertext = - CiphertextMod::new_with_randomizer_signed(pk, &secret, &randomizer.retrieve()); - - let proof = EncProof::::new( - &mut OsRng, - &secret, - &randomizer, - pk, - &ciphertext, - &setup, - &aux, - ); + let ciphertext = CiphertextMod::new_with_randomizer_signed(pk, &secret, &randomizer.retrieve()); + + let proof = EncProof::::new(&mut OsRng, &secret, &randomizer, pk, &ciphertext, &setup, &aux); assert!(proof.verify(pk, &ciphertext, &setup, &aux)); } } diff --git a/synedrion/src/cggmp21/sigma/fac.rs b/synedrion/src/cggmp21/sigma/fac.rs index 74904f52..424f8355 100644 --- a/synedrion/src/cggmp21/sigma/fac.rs +++ b/synedrion/src/cggmp21/sigma/fac.rs @@ -6,10 +6,7 @@ use serde::{Deserialize, Serialize}; use super::super::SchemeParams; use crate::{ - paillier::{ - PaillierParams, PublicKeyPaillierPrecomputed, RPCommitment, RPParamsMod, - SecretKeyPaillierPrecomputed, - }, + paillier::{PaillierParams, PublicKeyPaillierPrecomputed, RPCommitment, RPParamsMod, SecretKeyPaillierPrecomputed}, tools::hashing::{Chain, Hashable, XofHasher}, uint::{Bounded, Integer, Signed}, }; @@ -60,8 +57,7 @@ impl FacProof

{ // Note that it has to be matched when we check the range of // `z1` and `z2` during verification. let sqrt_cap_n = Bounded::new( - ::Uint::one() - << (::PRIME_BITS - 2), + ::Uint::one() << (::PRIME_BITS - 2), ::PRIME_BITS as u32, ) .expect("the value is bounded by `2^PRIME_BITS` by construction"); @@ -75,11 +71,7 @@ impl FacProof

{ let scale = pk0.modulus_bounded().mul_wide(hat_cap_n); let sigma = - Signed::<::Uint>::random_bounded_bits_scaled_wide( - rng, - P::L_BOUND, - &scale, - ); + Signed::<::Uint>::random_bounded_bits_scaled_wide(rng, P::L_BOUND, &scale); let r = Signed::<::Uint>::random_bounded_bits_scaled_wide( rng, P::L_BOUND + P::EPS_BOUND, @@ -173,18 +165,14 @@ impl FacProof

{ // s^{z_1} t^{\omega_1} == A * P^e \mod \hat{N} let cap_a_mod = self.cap_a.to_mod(aux_pk); let cap_p_mod = self.cap_p.to_mod(aux_pk); - if setup.commit_wide(&self.z1, &self.omega1) - != &cap_a_mod * &cap_p_mod.pow_signed_vartime(&e) - { + if setup.commit_wide(&self.z1, &self.omega1) != &cap_a_mod * &cap_p_mod.pow_signed_vartime(&e) { return false; } // s^{z_2} t^{\omega_2} == B * Q^e \mod \hat{N} let cap_b_mod = self.cap_b.to_mod(aux_pk); let cap_q_mod = self.cap_q.to_mod(aux_pk); - if setup.commit_wide(&self.z2, &self.omega2) - != &cap_b_mod * &cap_q_mod.pow_signed_vartime(&e) - { + if setup.commit_wide(&self.z2, &self.omega2) != &cap_b_mod * &cap_q_mod.pow_signed_vartime(&e) { return false; } @@ -201,16 +189,18 @@ impl FacProof

{ // this is the bound we are using here as well. // z1 \in \pm \sqrt{N_0} 2^{\ell + \eps} - if !self.z1.in_range_bits( - P::L_BOUND + P::EPS_BOUND + ::PRIME_BITS - 2, - ) { + if !self + .z1 + .in_range_bits(P::L_BOUND + P::EPS_BOUND + ::PRIME_BITS - 2) + { return false; } // z2 \in \pm \sqrt{N_0} 2^{\ell + \eps} - if !self.z2.in_range_bits( - P::L_BOUND + P::EPS_BOUND + ::PRIME_BITS - 2, - ) { + if !self + .z2 + .in_range_bits(P::L_BOUND + P::EPS_BOUND + ::PRIME_BITS - 2) + { return false; } diff --git a/synedrion/src/cggmp21/sigma/log_star.rs b/synedrion/src/cggmp21/sigma/log_star.rs index 6b81c967..b5adb67f 100644 --- a/synedrion/src/cggmp21/sigma/log_star.rs +++ b/synedrion/src/cggmp21/sigma/log_star.rs @@ -7,8 +7,8 @@ use super::super::SchemeParams; use crate::{ curve::Point, paillier::{ - Ciphertext, CiphertextMod, PaillierParams, PublicKeyPaillierPrecomputed, RPCommitment, - RPParamsMod, Randomizer, RandomizerMod, + Ciphertext, CiphertextMod, PaillierParams, PublicKeyPaillierPrecomputed, RPCommitment, RPParamsMod, Randomizer, + RandomizerMod, }, tools::hashing::{Chain, Hashable, XofHasher}, uint::Signed, @@ -66,8 +66,7 @@ impl LogStarProof

{ let gamma = Signed::random_bounded_bits_scaled(rng, P::L_BOUND + P::EPS_BOUND, hat_cap_n); let cap_s = setup.commit(x, &mu).retrieve(); - let cap_a = - CiphertextMod::new_with_randomizer_signed(pk0, &alpha, &r.retrieve()).retrieve(); + let cap_a = CiphertextMod::new_with_randomizer_signed(pk0, &alpha, &r.retrieve()).retrieve(); let cap_y = g * &P::scalar_from_signed(&alpha); let cap_d = setup.commit(&alpha, &gamma).retrieve(); @@ -197,8 +196,7 @@ mod tests { let cap_c = CiphertextMod::new_with_randomizer_signed(pk, &x, &rho.retrieve()); let cap_x = g * Params::scalar_from_signed(&x); - let proof = - LogStarProof::::new(&mut OsRng, &x, &rho, pk, &cap_c, &g, &cap_x, &setup, &aux); + let proof = LogStarProof::::new(&mut OsRng, &x, &rho, pk, &cap_c, &g, &cap_x, &setup, &aux); assert!(proof.verify(pk, &cap_c, &g, &cap_x, &setup, &aux)); } } diff --git a/synedrion/src/cggmp21/sigma/mod_.rs b/synedrion/src/cggmp21/sigma/mod_.rs index 64929d29..a29ff4da 100644 --- a/synedrion/src/cggmp21/sigma/mod_.rs +++ b/synedrion/src/cggmp21/sigma/mod_.rs @@ -19,10 +19,7 @@ const HASH_TAG: &[u8] = b"P_mod"; struct ModCommitment(::Uint); impl ModCommitment

{ - fn random( - rng: &mut impl CryptoRngCore, - sk: &SecretKeyPaillierPrecomputed, - ) -> Self { + fn random(rng: &mut impl CryptoRngCore, sk: &SecretKeyPaillierPrecomputed) -> Self { Self(sk.random_nonsquare(rng)) } } @@ -31,11 +28,7 @@ impl ModCommitment

{ struct ModChallenge(Vec<::Uint>); impl ModChallenge

{ - fn new( - pk: &PublicKeyPaillierPrecomputed, - commitment: &ModCommitment

, - aux: &impl Hashable, - ) -> Self { + fn new(pk: &PublicKeyPaillierPrecomputed, commitment: &ModCommitment

, aux: &impl Hashable) -> Self { let mut reader = XofHasher::new_with_dst(HASH_TAG) .chain(pk.as_minimal()) .chain(commitment) @@ -117,8 +110,7 @@ impl ModProof

{ // If N is a Paillier-Blum modulus, that is N = pq where p, q are safe primes, // and the commitment was sampled correctly (a non-square modulo N), // these square roots will exist. - let y_sqrt = - y_sqrt.expect("the square root exists if N is a Paillier-Blum modulus"); + let y_sqrt = y_sqrt.expect("the square root exists if N is a Paillier-Blum modulus"); let y_4th_parts = sk .sqrt(&y_sqrt) .expect("the square root exists if N is a Paillier-Blum modulus"); diff --git a/synedrion/src/cggmp21/sigma/mul.rs b/synedrion/src/cggmp21/sigma/mul.rs index 8ec7f1a9..1a97481b 100644 --- a/synedrion/src/cggmp21/sigma/mul.rs +++ b/synedrion/src/cggmp21/sigma/mul.rs @@ -5,10 +5,7 @@ use serde::{Deserialize, Serialize}; use super::super::SchemeParams; use crate::{ - paillier::{ - Ciphertext, CiphertextMod, PaillierParams, PublicKeyPaillierPrecomputed, Randomizer, - RandomizerMod, - }, + paillier::{Ciphertext, CiphertextMod, PaillierParams, PublicKeyPaillierPrecomputed, Randomizer, RandomizerMod}, tools::hashing::{Chain, Hashable, XofHasher}, uint::{Bounded, Retrieve, Signed}, }; @@ -138,17 +135,13 @@ impl MulProof

{ } // Y^z u^N = A * C^e \mod N^2 - if cap_y.homomorphic_mul_wide(&self.z).mul_randomizer(&self.u) - != self.cap_a.to_mod(pk) + cap_c * e - { + if cap_y.homomorphic_mul_wide(&self.z).mul_randomizer(&self.u) != self.cap_a.to_mod(pk) + cap_c * e { return false; } // enc(z, v) == B * X^e \mod N^2 // (Note: typo in the paper, it uses `c` and not `v` here) - if CiphertextMod::new_with_randomizer_wide(pk, &self.z, &self.v) - != self.cap_b.to_mod(pk) + cap_x * e - { + if CiphertextMod::new_with_randomizer_wide(pk, &self.z, &self.v) != self.cap_b.to_mod(pk) + cap_x * e { return false; } @@ -186,9 +179,7 @@ mod tests { let cap_y = CiphertextMod::new_signed(&mut OsRng, pk, &y); let cap_c = (&cap_y * x).mul_randomizer(&rho.retrieve()); - let proof = MulProof::::new( - &mut OsRng, &x, &rho_x, &rho, pk, &cap_x, &cap_y, &cap_c, &aux, - ); + let proof = MulProof::::new(&mut OsRng, &x, &rho_x, &rho, pk, &cap_x, &cap_y, &cap_c, &aux); assert!(proof.verify(pk, &cap_x, &cap_y, &cap_c, &aux)); } } diff --git a/synedrion/src/cggmp21/sigma/mul_star.rs b/synedrion/src/cggmp21/sigma/mul_star.rs index 493419fe..6bcda199 100644 --- a/synedrion/src/cggmp21/sigma/mul_star.rs +++ b/synedrion/src/cggmp21/sigma/mul_star.rs @@ -7,8 +7,8 @@ use super::super::SchemeParams; use crate::{ curve::Point, paillier::{ - Ciphertext, CiphertextMod, PaillierParams, PublicKeyPaillierPrecomputed, RPCommitment, - RPParamsMod, Randomizer, RandomizerMod, + Ciphertext, CiphertextMod, PaillierParams, PublicKeyPaillierPrecomputed, RPCommitment, RPParamsMod, Randomizer, + RandomizerMod, }, tools::hashing::{Chain, Hashable, XofHasher}, uint::Signed, @@ -161,9 +161,7 @@ impl MulStarProof

{ } // g^{z_1} == B_x X^e - if P::scalar_from_signed(&self.z1).mul_by_generator() - != self.cap_b_x + cap_x * &P::scalar_from_signed(&e) - { + if P::scalar_from_signed(&self.z1).mul_by_generator() != self.cap_b_x + cap_x * &P::scalar_from_signed(&e) { return false; } @@ -209,9 +207,7 @@ mod tests { let cap_d = (&cap_c * x).mul_randomizer(&rho.retrieve()); let cap_x = Params::scalar_from_signed(&x).mul_by_generator(); - let proof = MulStarProof::::new( - &mut OsRng, &x, &rho, pk, &cap_c, &cap_d, &cap_x, &setup, &aux, - ); + let proof = MulStarProof::::new(&mut OsRng, &x, &rho, pk, &cap_c, &cap_d, &cap_x, &setup, &aux); assert!(proof.verify(pk, &cap_c, &cap_d, &cap_x, &setup, &aux)); } } diff --git a/synedrion/src/cggmp21/sigma/prm.rs b/synedrion/src/cggmp21/sigma/prm.rs index 7ad98fff..07e04e17 100644 --- a/synedrion/src/cggmp21/sigma/prm.rs +++ b/synedrion/src/cggmp21/sigma/prm.rs @@ -28,13 +28,8 @@ const HASH_TAG: &[u8] = b"P_prm"; struct PrmSecret(Vec::Uint>>); impl PrmSecret

{ - fn random( - rng: &mut impl CryptoRngCore, - sk: &SecretKeyPaillierPrecomputed, - ) -> Self { - let secret = (0..P::SECURITY_PARAMETER) - .map(|_| sk.random_field_elem(rng)) - .collect(); + fn random(rng: &mut impl CryptoRngCore, sk: &SecretKeyPaillierPrecomputed) -> Self { + let secret = (0..P::SECURITY_PARAMETER).map(|_| sk.random_field_elem(rng)).collect(); Self(secret) } } diff --git a/synedrion/src/cggmp21/sigma/sch.rs b/synedrion/src/cggmp21/sigma/sch.rs index 505745f5..6e52e464 100644 --- a/synedrion/src/cggmp21/sigma/sch.rs +++ b/synedrion/src/cggmp21/sigma/sch.rs @@ -85,8 +85,7 @@ impl SchProof { pub fn verify(&self, commitment: &SchCommitment, cap_x: &Point, aux: &impl Hashable) -> bool { let challenge = SchChallenge::new(cap_x, commitment, aux); - challenge == self.challenge - && self.proof.mul_by_generator() == commitment.0 + cap_x * &challenge.0 + challenge == self.challenge && self.proof.mul_by_generator() == commitment.0 + cap_x * &challenge.0 } } diff --git a/synedrion/src/cggmp21/protocols/signing_malicious.rs b/synedrion/src/cggmp21/signing_malicious.rs similarity index 86% rename from synedrion/src/cggmp21/protocols/signing_malicious.rs rename to synedrion/src/cggmp21/signing_malicious.rs index e8b86816..533b2192 100644 --- a/synedrion/src/cggmp21/protocols/signing_malicious.rs +++ b/synedrion/src/cggmp21/signing_malicious.rs @@ -5,16 +5,16 @@ use manul::{ combinators::misbehave::{Misbehaving, MisbehavingEntryPoint}, dev::{run_sync, BinaryFormat, TestSessionParams, TestSigner, TestVerifier}, protocol::{ - BoxedRound, Deserializer, EntryPoint, LocalError, NormalBroadcast, PartyId, - ProtocolMessagePart, RoundId, Serializer, + BoxedRound, Deserializer, EntryPoint, LocalError, NormalBroadcast, PartyId, ProtocolMessagePart, RoundId, + Serializer, }, session::signature::Keypair, }; use rand_core::{CryptoRngCore, OsRng, RngCore}; use super::{ - super::SchemeParams, interactive_signing::{InteractiveSigning, Round4Message}, + params::SchemeParams, }; use crate::{ cggmp21::{AuxInfo, KeyShare, TestParams}, @@ -60,14 +60,10 @@ type MaliciousSigning = MisbehavingEntryPoint>(); - let ids = signers - .iter() - .map(|signer| signer.verifying_key()) - .collect::>(); + let ids = signers.iter().map(|signer| signer.verifying_key()).collect::>(); let ids_set = BTreeSet::from_iter(ids.clone()); - let key_shares = - KeyShare::::new_centralized(&mut OsRng, &ids_set, None); + let key_shares = KeyShare::::new_centralized(&mut OsRng, &ids_set, None); let aux_infos = AuxInfo::new_centralized(&mut OsRng, &ids_set); let mut message = [0u8; 32]; @@ -77,8 +73,7 @@ fn execute_signing() { .into_iter() .map(|signer| { let id = signer.verifying_key(); - let signing = - InteractiveSigning::new(message, key_shares[&id].clone(), aux_infos[&id].clone()); + let signing = InteractiveSigning::new(message, key_shares[&id].clone(), aux_infos[&id].clone()); let behavior = if id == ids[0] { Some(Behavior::InvalidSigma) } else { diff --git a/synedrion/src/curve/arithmetic.rs b/synedrion/src/curve/arithmetic.rs index 82d02d77..5bd84ba8 100644 --- a/synedrion/src/curve/arithmetic.rs +++ b/synedrion/src/curve/arithmetic.rs @@ -33,8 +33,7 @@ use crate::tools::hashing::{Chain, HashableType}; pub(crate) type Curve = Secp256k1; pub(crate) type BackendScalar = k256::Scalar; pub(crate) type BackendPoint = k256::ProjectivePoint; -pub(crate) type CompressedPointSize = - as ModulusSize>::CompressedPointSize; +pub(crate) type CompressedPointSize = as ModulusSize>::CompressedPointSize; pub(crate) const ORDER: U256 = Secp256k1::ORDER; @@ -118,9 +117,8 @@ impl Scalar { } pub(crate) fn try_from_bytes(bytes: &[u8]) -> Result { - let arr = - GenericArray::>::from_exact_iter(bytes.iter().cloned()) - .ok_or("Invalid length of a curve scalar")?; + let arr = GenericArray::>::from_exact_iter(bytes.iter().cloned()) + .ok_or("Invalid length of a curve scalar")?; BackendScalar::from_repr_vartime(arr) .map(Self) @@ -133,9 +131,7 @@ impl Scalar { return vec![*self]; } - let mut parts = (0..(num - 1)) - .map(|_| Scalar::random(rng)) - .collect::>(); + let mut parts = (0..(num - 1)).map(|_| Scalar::random(rng)).collect::>(); let partial_sum: Scalar = parts.iter().sum(); parts.push(self - &partial_sum); parts diff --git a/synedrion/src/curve/ecdsa.rs b/synedrion/src/curve/ecdsa.rs index c915c8a8..e03fb0a6 100644 --- a/synedrion/src/curve/ecdsa.rs +++ b/synedrion/src/curve/ecdsa.rs @@ -10,12 +10,7 @@ pub struct RecoverableSignature { } impl RecoverableSignature { - pub(crate) fn from_scalars( - r: &Scalar, - s: &Scalar, - vkey: &Point, - message: &Scalar, - ) -> Option { + pub(crate) fn from_scalars(r: &Scalar, s: &Scalar, vkey: &Point, message: &Scalar) -> Option { let signature = BackendSignature::from_scalars(r.to_backend(), s.to_backend()).ok()?; // Normalize the `s` component. @@ -31,10 +26,7 @@ impl RecoverableSignature { ) .ok()?; - Some(Self { - signature, - recovery_id, - }) + Some(Self { signature, recovery_id }) } /// Unwraps into the signature and recovery info objects from the backend crate. diff --git a/synedrion/src/lib.rs b/synedrion/src/lib.rs index 7b6b688e..e45c245b 100644 --- a/synedrion/src/lib.rs +++ b/synedrion/src/lib.rs @@ -29,11 +29,9 @@ pub use k256::ecdsa; pub use signature; pub use cggmp21::{ - AuxGen, AuxGenProtocol, AuxInfo, InteractiveSigning, InteractiveSigningProtocol, KeyInit, - KeyInitProtocol, KeyRefresh, KeyRefreshProtocol, KeyShare, PrehashedMessage, ProductionParams, - SchemeParams, TestParams, + AuxGen, AuxGenProtocol, AuxInfo, InteractiveSigning, InteractiveSigningProtocol, KeyInit, KeyInitProtocol, + KeyRefresh, KeyRefreshProtocol, KeyShare, KeyShareChange, PrehashedMessage, ProductionParams, SchemeParams, + TestParams, }; pub use curve::RecoverableSignature; -pub use www02::{ - DeriveChildKey, KeyResharing, KeyResharingProtocol, NewHolder, OldHolder, ThresholdKeyShare, -}; +pub use www02::{DeriveChildKey, KeyResharing, KeyResharingProtocol, NewHolder, OldHolder, ThresholdKeyShare}; diff --git a/synedrion/src/paillier.rs b/synedrion/src/paillier.rs index df9d9407..2b5e9778 100644 --- a/synedrion/src/paillier.rs +++ b/synedrion/src/paillier.rs @@ -5,8 +5,7 @@ mod ring_pedersen; pub(crate) use encryption::{Ciphertext, CiphertextMod, Randomizer, RandomizerMod}; pub(crate) use keys::{ - PublicKeyPaillier, PublicKeyPaillierPrecomputed, SecretKeyPaillier, - SecretKeyPaillierPrecomputed, + PublicKeyPaillier, PublicKeyPaillierPrecomputed, SecretKeyPaillier, SecretKeyPaillierPrecomputed, }; pub(crate) use params::PaillierParams; pub(crate) use ring_pedersen::{RPCommitment, RPParams, RPParamsMod, RPSecret}; diff --git a/synedrion/src/paillier/encryption.rs b/synedrion/src/paillier/encryption.rs index 51fc16dc..b86d400f 100644 --- a/synedrion/src/paillier/encryption.rs +++ b/synedrion/src/paillier/encryption.rs @@ -115,9 +115,7 @@ impl Ciphertext

{ pub fn to_mod(&self, pk: &PublicKeyPaillierPrecomputed

) -> CiphertextMod

{ CiphertextMod { pk: pk.clone(), - ciphertext: self - .ciphertext - .to_montgomery(pk.precomputed_modulus_squared()), + ciphertext: self.ciphertext.to_montgomery(pk.precomputed_modulus_squared()), } } } @@ -206,11 +204,7 @@ impl CiphertextMod

{ } /// Encrypts the plaintext with a random randomizer. - pub fn new( - rng: &mut impl CryptoRngCore, - pk: &PublicKeyPaillierPrecomputed

, - plaintext: &P::Uint, - ) -> Self { + pub fn new(rng: &mut impl CryptoRngCore, pk: &PublicKeyPaillierPrecomputed

, plaintext: &P::Uint) -> Self { Self::new_with_randomizer(pk, plaintext, &Randomizer::random(rng, pk)) } @@ -260,8 +254,7 @@ impl CiphertextMod

{ let pk = sk.public_key(); let positive_result = self.decrypt(sk); // Note that this is in range `[0, N)` let negative_result = pk.modulus().wrapping_sub(&positive_result); - let is_negative = - Choice::from((positive_result > pk.modulus().wrapping_shr_vartime(1)) as u8); + let is_negative = Choice::from((positive_result > pk.modulus().wrapping_shr_vartime(1)) as u8); let mut result = Signed::new_from_unsigned( P::Uint::conditional_select(&positive_result, &negative_result, is_negative), @@ -287,17 +280,14 @@ impl CiphertextMod

{ // = rho^N + m * N * rho^N + k * N^2, // where `k` is some integer. // Therefore `C mod N = rho^N mod N`. - let ciphertext_mod_n = - P::Uint::try_from_wide(self.ciphertext.retrieve() % pk.modulus_wide_nonzero()) - .expect("a value reduced modulo N fits into `Uint`"); + let ciphertext_mod_n = P::Uint::try_from_wide(self.ciphertext.retrieve() % pk.modulus_wide_nonzero()) + .expect("a value reduced modulo N fits into `Uint`"); let ciphertext_mod_n = ciphertext_mod_n.to_montgomery(pk.precomputed_modulus()); // To isolate `rho`, calculate `(rho^N)^(N^(-1)) mod N`. // The order of `Z_N` is `phi(N)`, so the inversion in the exponent is modulo `phi(N)`. let sk_inv_modulus = sk.inv_modulus(); - RandomizerMod( - ciphertext_mod_n.pow_bounded_exp(sk_inv_modulus.as_ref(), sk_inv_modulus.bound()), - ) + RandomizerMod(ciphertext_mod_n.pow_bounded_exp(sk_inv_modulus.as_ref(), sk_inv_modulus.bound())) } // Note: while it is true that `enc(x) (*) rhs == enc((x * rhs) mod N)`, @@ -333,9 +323,7 @@ impl CiphertextMod

{ let rhs_wide = rhs.into_wide(); Self { pk: self.pk, - ciphertext: self - .ciphertext - .pow_bounded_exp(rhs_wide.as_ref(), rhs_wide.bound()), + ciphertext: self.ciphertext.pow_bounded_exp(rhs_wide.as_ref(), rhs_wide.bound()), } } @@ -343,9 +331,7 @@ impl CiphertextMod

{ let rhs_wide = rhs.into_wide(); Self { pk: self.pk.clone(), - ciphertext: self - .ciphertext - .pow_bounded_exp(rhs_wide.as_ref(), rhs_wide.bound()), + ciphertext: self.ciphertext.pow_bounded_exp(rhs_wide.as_ref(), rhs_wide.bound()), } } @@ -363,8 +349,8 @@ impl CiphertextMod

{ .into_wide() .to_montgomery(self.pk.precomputed_modulus_squared()); let pk_modulus_wide = self.pk.modulus_bounded().into_wide(); - let ciphertext = self.ciphertext - * randomizer_mod.pow_bounded_exp(pk_modulus_wide.as_ref(), pk_modulus_wide.bound()); + let ciphertext = + self.ciphertext * randomizer_mod.pow_bounded_exp(pk_modulus_wide.as_ref(), pk_modulus_wide.bound()); Self { pk: self.pk, ciphertext, @@ -454,18 +440,14 @@ mod tests { } } - fn reduce( - val: &Signed, - modulus: &NonZero, - ) -> Signed { + fn reduce(val: &Signed, modulus: &NonZero) -> Signed { let result = val.abs() % *modulus; let twos_complement_result = if result > modulus.as_ref().wrapping_shr_vartime(1) { result.wrapping_sub(modulus.as_ref()) } else { result }; - let mut signed_result = - Signed::new_from_unsigned(twos_complement_result, P::MODULUS_BITS as u32 - 1).unwrap(); + let mut signed_result = Signed::new_from_unsigned(twos_complement_result, P::MODULUS_BITS as u32 - 1).unwrap(); signed_result.conditional_negate(val.is_negative()); signed_result } @@ -474,8 +456,7 @@ mod tests { fn roundtrip() { let sk = SecretKeyPaillier::::random(&mut OsRng).to_precomputed(); let pk = sk.public_key(); - let plaintext = - ::Uint::random_mod(&mut OsRng, &pk.modulus_nonzero()); + let plaintext = ::Uint::random_mod(&mut OsRng, &pk.modulus_nonzero()); let ciphertext = CiphertextMod::::new(&mut OsRng, pk, &plaintext); let plaintext_back = ciphertext.decrypt(&sk); assert_eq!(plaintext, plaintext_back); @@ -489,10 +470,8 @@ mod tests { fn signed_roundtrip() { let sk = SecretKeyPaillier::::random(&mut OsRng).to_precomputed(); let pk = sk.public_key(); - let plaintext = Signed::random_bounded_bits( - &mut OsRng, - ::Uint::BITS as usize - 2, - ); + let plaintext = + Signed::random_bounded_bits(&mut OsRng, ::Uint::BITS as usize - 2); let ciphertext = CiphertextMod::new_signed(&mut OsRng, pk, &plaintext); let plaintext_back = ciphertext.decrypt_signed(&sk); let plaintext_reduced = reduce::(&plaintext, &pk.modulus_nonzero()); @@ -503,14 +482,9 @@ mod tests { fn derive_randomizer() { let sk = SecretKeyPaillier::::random(&mut OsRng).to_precomputed(); let pk = sk.public_key(); - let plaintext = - ::Uint::random_mod(&mut OsRng, &pk.modulus_nonzero()); + let plaintext = ::Uint::random_mod(&mut OsRng, &pk.modulus_nonzero()); let randomizer = RandomizerMod::random(&mut OsRng, pk); - let ciphertext = CiphertextMod::::new_with_randomizer( - pk, - &plaintext, - &randomizer.retrieve(), - ); + let ciphertext = CiphertextMod::::new_with_randomizer(pk, &plaintext, &randomizer.retrieve()); let randomizer_back = ciphertext.derive_randomizer(&sk); assert_eq!(randomizer, randomizer_back); } @@ -519,21 +493,14 @@ mod tests { fn homomorphic_mul() { let sk = SecretKeyPaillier::::random(&mut OsRng).to_precomputed(); let pk = sk.public_key(); - let plaintext = - ::Uint::random_mod(&mut OsRng, &pk.modulus_nonzero()); + let plaintext = ::Uint::random_mod(&mut OsRng, &pk.modulus_nonzero()); let ciphertext = CiphertextMod::::new(&mut OsRng, pk, &plaintext); - let coeff = Signed::random_bounded_bits( - &mut OsRng, - ::Uint::BITS as usize - 2, - ); + let coeff = Signed::random_bounded_bits(&mut OsRng, ::Uint::BITS as usize - 2); let new_ciphertext = ciphertext * coeff; let new_plaintext = new_ciphertext.decrypt(&sk); - assert_eq!( - mul_mod(&plaintext, &coeff, &pk.modulus_nonzero()), - new_plaintext - ); + assert_eq!(mul_mod(&plaintext, &coeff, &pk.modulus_nonzero()), new_plaintext); } #[test] @@ -541,12 +508,10 @@ mod tests { let sk = SecretKeyPaillier::::random(&mut OsRng).to_precomputed(); let pk = sk.public_key(); - let plaintext1 = - ::Uint::random_mod(&mut OsRng, &pk.modulus_nonzero()); + let plaintext1 = ::Uint::random_mod(&mut OsRng, &pk.modulus_nonzero()); let ciphertext1 = CiphertextMod::::new(&mut OsRng, pk, &plaintext1); - let plaintext2 = - ::Uint::random_mod(&mut OsRng, &pk.modulus_nonzero()); + let plaintext2 = ::Uint::random_mod(&mut OsRng, &pk.modulus_nonzero()); let ciphertext2 = CiphertextMod::::new(&mut OsRng, pk, &plaintext2); let new_ciphertext = ciphertext1 + ciphertext2; @@ -560,14 +525,10 @@ mod tests { let sk = SecretKeyPaillier::::random(&mut OsRng).to_precomputed(); let pk = sk.public_key(); - let plaintext1 = - ::Uint::random_mod(&mut OsRng, &pk.modulus_nonzero()); - let plaintext2 = Signed::random_bounded_bits( - &mut OsRng, - ::Uint::BITS as usize - 2, - ); - let plaintext3 = - ::Uint::random_mod(&mut OsRng, &pk.modulus_nonzero()); + let plaintext1 = ::Uint::random_mod(&mut OsRng, &pk.modulus_nonzero()); + let plaintext2 = + Signed::random_bounded_bits(&mut OsRng, ::Uint::BITS as usize - 2); + let plaintext3 = ::Uint::random_mod(&mut OsRng, &pk.modulus_nonzero()); let ciphertext1 = CiphertextMod::::new(&mut OsRng, pk, &plaintext1); let ciphertext3 = CiphertextMod::::new(&mut OsRng, pk, &plaintext3); @@ -575,8 +536,7 @@ mod tests { let plaintext_back = result.decrypt(&sk); assert_eq!( - mul_mod(&plaintext1, &plaintext2, &pk.modulus_nonzero()) - .add_mod(&plaintext3, pk.modulus()), + mul_mod(&plaintext1, &plaintext2, &pk.modulus_nonzero()).add_mod(&plaintext3, pk.modulus()), plaintext_back ); } diff --git a/synedrion/src/paillier/keys.rs b/synedrion/src/paillier/keys.rs index 70973743..66c14c7c 100644 --- a/synedrion/src/paillier/keys.rs +++ b/synedrion/src/paillier/keys.rs @@ -10,8 +10,8 @@ use zeroize::Zeroize; use super::params::PaillierParams; use crate::uint::{ subtle::{Choice, ConditionallySelectable}, - Bounded, CheckedAdd, CheckedSub, HasWide, Integer, Invert, NonZero, PowBoundedExp, RandomMod, - RandomPrimeWithRng, Retrieve, Signed, ToMontgomery, + Bounded, CheckedAdd, CheckedSub, HasWide, Integer, Invert, NonZero, PowBoundedExp, RandomMod, RandomPrimeWithRng, + Retrieve, Signed, ToMontgomery, }; #[derive(Debug, Deserialize)] @@ -22,8 +22,7 @@ pub(crate) struct SecretKeyPaillier { impl PartialEq for SecretKeyPaillier

{ fn eq(&self, other: &Self) -> bool { - self.p.expose_secret() == other.p.expose_secret() - && self.q.expose_secret() == other.q.expose_secret() + self.p.expose_secret() == other.p.expose_secret() && self.q.expose_secret() == other.q.expose_secret() } } @@ -75,12 +74,10 @@ impl SecretKeyPaillier

{ .expect("The pre-configured bound set in `P::MODULUS_BITS` is assumed to be valid"); let precomputed_mod_p = P::HalfUintMod::new_params_vartime( - Odd::new(self.p.expose_secret().clone()) - .expect("`p` is assumed to be a prime greater than 2"), + Odd::new(self.p.expose_secret().clone()).expect("`p` is assumed to be a prime greater than 2"), ); let precomputed_mod_q = P::HalfUintMod::new_params_vartime( - Odd::new(self.q.expose_secret().clone()) - .expect("`q` is assumed to be a prime greater than 2"), + Odd::new(self.q.expose_secret().clone()).expect("`q` is assumed to be a prime greater than 2"), ); let public_key = PublicKeyPaillier { @@ -125,9 +122,8 @@ impl SecretKeyPaillier

{ // Calculate $u$ such that $u = 1 \mod p$ and $u = -1 \mod q$. // Using step of Garner's algorithm: // $u = q - 1 + q (2 q^{-1} - 1 \mod p)$ - let t = (inv_q_mod_p.clone() + inv_q_mod_p.clone() - - ::one(precomputed_mod_p.clone())) - .retrieve(); + let t = (inv_q_mod_p.clone() + inv_q_mod_p.clone() - ::one(precomputed_mod_p.clone())) + .retrieve(); // Note that the wrapping add/sub won't overflow by construction. let nonsquare_sampling_constant = t .mul_wide(self.q.expose_secret()) @@ -182,14 +178,22 @@ where // The primes are positive, but where this method is used Signed is needed, // so we return that for convenience. ( - SecretBox::new(Box::new(Signed::new_positive(self.sk.p.expose_secret().clone().into_wide(), P::PRIME_BITS as u32) - .expect(concat!["The primes in the `SecretKeyPaillier` are 'safe primes' ", - "and positive by construction; the bound is assumed to be configured correctly by the user."]) - )), - SecretBox::new(Box::new(Signed::new_positive(self.sk.q.expose_secret().clone().into_wide(), P::PRIME_BITS as u32) - .expect(concat!["The primes in the `SecretKeyPaillier` are 'safe primes' ", - "and positive by construction; the bound is assumed to be configured correctly by the user."]) - )), + SecretBox::new(Box::new( + Signed::new_positive(self.sk.p.expose_secret().clone().into_wide(), P::PRIME_BITS as u32).expect( + concat![ + "The primes in the `SecretKeyPaillier` are 'safe primes' ", + "and positive by construction; the bound is assumed to be configured correctly by the user." + ], + ), + )), + SecretBox::new(Box::new( + Signed::new_positive(self.sk.q.expose_secret().clone().into_wide(), P::PRIME_BITS as u32).expect( + concat![ + "The primes in the `SecretKeyPaillier` are 'safe primes' ", + "and positive by construction; the bound is assumed to be configured correctly by the user." + ], + ), + )), ) } @@ -233,10 +237,8 @@ where pub fn rns_split(&self, elem: &P::Uint) -> (P::HalfUintMod, P::HalfUintMod) { // May be some speed up potential here since we know p and q are small, // but it needs to be supported by `crypto-bigint`. - let mut p_rem = *elem - % NonZero::new(self.sk.p.expose_secret().clone().into_wide()).expect("`p` is non-zero"); - let mut q_rem = *elem - % NonZero::new(self.sk.q.expose_secret().clone().into_wide()).expect("`q` is non-zero"); + let mut p_rem = *elem % NonZero::new(self.sk.p.expose_secret().clone().into_wide()).expect("`p` is non-zero"); + let mut q_rem = *elem % NonZero::new(self.sk.q.expose_secret().clone().into_wide()).expect("`q` is non-zero"); let p_rem_half = P::HalfUint::try_from_wide(p_rem).expect("`p` fits into `HalfUint`"); let q_rem_half = P::HalfUint::try_from_wide(q_rem).expect("`q` fits into `HalfUint`"); @@ -269,10 +271,7 @@ where } } - pub fn sqrt( - &self, - rns: &(P::HalfUintMod, P::HalfUintMod), - ) -> Option<(P::HalfUintMod, P::HalfUintMod)> { + pub fn sqrt(&self, rns: &(P::HalfUintMod, P::HalfUintMod)) -> Option<(P::HalfUintMod, P::HalfUintMod)> { // TODO (#73): when we can extract the modulus from `HalfUintMod`, this can be moved there. // For now we have to keep this a method of SecretKey to have access to `p` and `q`. let (p_part, q_part) = rns; @@ -392,8 +391,7 @@ impl PublicKeyPaillierPrecomputed

{ } pub fn modulus_bounded(&self) -> Bounded { - Bounded::new(*self.pk.modulus(), P::MODULUS_BITS as u32) - .expect("the modulus can be bounded by 2^MODULUS_BITS") + Bounded::new(*self.pk.modulus(), P::MODULUS_BITS as u32).expect("the modulus can be bounded by 2^MODULUS_BITS") } pub fn modulus_nonzero(&self) -> NonZero { diff --git a/synedrion/src/paillier/ring_pedersen.rs b/synedrion/src/paillier/ring_pedersen.rs index 4796f318..c35f6d75 100644 --- a/synedrion/src/paillier/ring_pedersen.rs +++ b/synedrion/src/paillier/ring_pedersen.rs @@ -68,20 +68,12 @@ impl RPParamsMod

{ // TODO (#81): swap randomizer and secret? // - this will match the order for Ciphertext, // - this will match the order in the paper - pub fn commit( - &self, - secret: &Signed, - randomizer: &Signed, - ) -> RPCommitmentMod

{ + pub fn commit(&self, secret: &Signed, randomizer: &Signed) -> RPCommitmentMod

{ // $t^\rho * s^m mod N$ where $\rho$ is the randomizer and $m$ is the secret. RPCommitmentMod(self.base.pow_signed_wide(randomizer) * self.power.pow_signed(secret)) } - pub fn commit_wide( - &self, - secret: &Signed, - randomizer: &Signed, - ) -> RPCommitmentMod

{ + pub fn commit_wide(&self, secret: &Signed, randomizer: &Signed) -> RPCommitmentMod

{ // $t^\rho * s^m mod N$ where $\rho$ is the randomizer and $m$ is the secret. RPCommitmentMod(self.base.pow_signed_wide(randomizer) * self.power.pow_signed_wide(secret)) } @@ -94,10 +86,9 @@ impl RPParamsMod

{ // $t^\rho * s^m mod N$ where $\rho$ is the randomizer and $m$ is the secret. RPCommitmentMod( self.base.pow_signed_extra_wide(randomizer) - * self.power.pow_bounded_exp( - secret.expose_secret().as_ref(), - secret.expose_secret().bound(), - ), + * self + .power + .pow_bounded_exp(secret.expose_secret().as_ref(), secret.expose_secret().bound()), ) } diff --git a/synedrion/src/tools/hashing.rs b/synedrion/src/tools/hashing.rs index c786b7eb..3cc674a6 100644 --- a/synedrion/src/tools/hashing.rs +++ b/synedrion/src/tools/hashing.rs @@ -141,8 +141,7 @@ impl Hashable for T { // The only way it can return an error is if there is // some non-serializable element encountered, which is 100% reproducible // and will be caught in tests. - self.serialize(serializer) - .expect("The type is serializable"); + self.serialize(serializer).expect("The type is serializable"); digest } diff --git a/synedrion/src/tools/sss.rs b/synedrion/src/tools/sss.rs index 678aaf2d..23277ad1 100644 --- a/synedrion/src/tools/sss.rs +++ b/synedrion/src/tools/sss.rs @@ -61,12 +61,7 @@ impl Polynomial { } pub fn public(&self) -> PublicPolynomial { - PublicPolynomial( - self.0 - .iter() - .map(|coeff| coeff.mul_by_generator()) - .collect(), - ) + PublicPolynomial(self.0.iter().map(|coeff| coeff.mul_by_generator()).collect()) } } @@ -90,10 +85,7 @@ pub(crate) fn shamir_split( indices: &[ShareId], ) -> BTreeMap { let polynomial = Polynomial::random(rng, secret, threshold); - indices - .iter() - .map(|idx| (*idx, polynomial.evaluate(idx))) - .collect() + indices.iter().map(|idx| (*idx, polynomial.evaluate(idx))).collect() } pub(crate) fn interpolation_coeff(share_ids: &BTreeSet, share_id: &ShareId) -> Scalar { @@ -134,9 +126,7 @@ mod tests { #[test] fn evaluate() { let x = Scalar::random(&mut OsRng); - let coeffs = (0..4) - .map(|_| Scalar::random(&mut OsRng)) - .collect::>(); + let coeffs = (0..4).map(|_| Scalar::random(&mut OsRng)).collect::>(); let actual = evaluate_polynomial(&coeffs, &x); let expected = coeffs[0] + coeffs[1] * x + coeffs[2] * x * x + coeffs[3] * x * x * x; diff --git a/synedrion/src/uint.rs b/synedrion/src/uint.rs index f5cbf65b..759f6421 100644 --- a/synedrion/src/uint.rs +++ b/synedrion/src/uint.rs @@ -3,14 +3,11 @@ mod signed; mod traits; pub(crate) use crypto_bigint::{ - modular::Retrieve, subtle, CheckedAdd, CheckedMul, CheckedSub, Encoding, Integer, Invert, - NonZero, PowBoundedExp, RandomMod, ShlVartime, Uint, WrappingSub, Zero, U1024, U2048, U4096, - U512, U8192, + modular::Retrieve, subtle, CheckedAdd, CheckedMul, CheckedSub, Encoding, Integer, Invert, NonZero, PowBoundedExp, + RandomMod, ShlVartime, Uint, WrappingSub, Zero, U1024, U2048, U4096, U512, U8192, }; pub(crate) use crypto_primes::RandomPrimeWithRng; pub(crate) use bounded::Bounded; pub(crate) use signed::Signed; -pub(crate) use traits::{ - Exponentiable, HasWide, ToMontgomery, U1024Mod, U2048Mod, U4096Mod, U512Mod, -}; +pub(crate) use traits::{Exponentiable, HasWide, ToMontgomery, U1024Mod, U2048Mod, U4096Mod, U512Mod}; diff --git a/synedrion/src/uint/bounded.rs b/synedrion/src/uint/bounded.rs index 1bc9cd0e..25c52b37 100644 --- a/synedrion/src/uint/bounded.rs +++ b/synedrion/src/uint/bounded.rs @@ -55,8 +55,7 @@ where repr.as_mut()[(repr_len - bytes_len)..].copy_from_slice(&val.bytes); let abs_value = T::from_be_bytes(repr); - Self::new(abs_value, val.bound) - .ok_or_else(|| "Invalid values for the signed integer".into()) + Self::new(abs_value, val.bound).ok_or_else(|| "Invalid values for the signed integer".into()) } } diff --git a/synedrion/src/uint/signed.rs b/synedrion/src/uint/signed.rs index 7b616dc1..a7968228 100644 --- a/synedrion/src/uint/signed.rs +++ b/synedrion/src/uint/signed.rs @@ -9,12 +9,8 @@ use zeroize::Zeroize; use super::{ bounded::PackedBounded, - subtle::{ - Choice, ConditionallyNegatable, ConditionallySelectable, ConstantTimeEq, ConstantTimeLess, - CtOption, - }, - Bounded, CheckedAdd, CheckedSub, Encoding, HasWide, Integer, NonZero, RandomMod, ShlVartime, - WrappingSub, + subtle::{Choice, ConditionallyNegatable, ConditionallySelectable, ConstantTimeEq, ConstantTimeLess, CtOption}, + Bounded, CheckedAdd, CheckedSub, Encoding, HasWide, Integer, NonZero, RandomMod, ShlVartime, WrappingSub, }; use crate::tools::hashing::uint_from_xof; @@ -91,10 +87,7 @@ where // Cannot get overflow from adding values of different signs, // and if for two values of the same sign the sign of the result remains the same // it means there was no overflow. - CtOption::new( - result, - !(lhs_neg.ct_eq(&rhs_neg) & !lhs_neg.ct_eq(&res_neg)) & in_range, - ) + CtOption::new(result, !(lhs_neg.ct_eq(&rhs_neg) & !lhs_neg.ct_eq(&res_neg)) & in_range) } /// Checks if a [`Signed`] is negative by checking the MSB: if it's `1` then the [`Signed`] is @@ -179,9 +172,8 @@ where pub fn abs_bounded(&self) -> Bounded { // Can unwrap here since the maximum bound on the positive Bounded // is always greater than the maximum bound on Signed - Bounded::new(self.abs(), self.bound).expect( - "Max bound for a positive Bounded is always greater than max bound for a Signed; qed", - ) + Bounded::new(self.abs(), self.bound) + .expect("Max bound for a positive Bounded is always greater than max bound for a Signed; qed") } /// Creates a signed value from an unsigned one, @@ -240,8 +232,7 @@ where .expect("does not overflow since we're adding 1 to an even number"); let positive_result = uint_from_xof( rng, - &NonZero::new(positive_bound) - .expect("Guaranteed to be greater than zero because we added 1"), + &NonZero::new(positive_bound).expect("Guaranteed to be greater than zero because we added 1"), ); Self::new_from_unsigned(positive_result.wrapping_sub(bound.as_ref()), bound_bits) .expect("Guaranteed to be Some because we checked the bounds just above") @@ -290,8 +281,7 @@ where T::BITS - 1 ); - let bound = - NonZero::new(T::one() << bound_bits).expect("Checked bound_bits just above; qed"); + let bound = NonZero::new(T::one() << bound_bits).expect("Checked bound_bits just above; qed"); Self::random_bounded(rng, &bound) } } @@ -477,11 +467,13 @@ where .expect(concat![ "`scaled_bound` is double the size of a T::Wide; we asserted that the `bound_bits` ", "will not cause overflow in T::Wide ⇒ it's safe to left-shift 1 step ", - "(aka multiply by 2)."]) + "(aka multiply by 2)." + ]) .checked_add(&::Wide::one()) .expect(concat![ "`scaled_bound` is double the size of a T::Wide; we asserted that the `bound_bits` ", - "will not cause overflow in T::Wide ⇒ it's safe to add 1."]); + "will not cause overflow in T::Wide ⇒ it's safe to add 1." + ]); let positive_result = ::Wide::random_mod( rng, &NonZero::new(positive_bound) @@ -642,21 +634,14 @@ mod tests { let p2 = Signed::new_from_unsigned(U128::from_u64(12), bound).unwrap(); assert!(p1 < p2); - assert_eq!( - p1, - Signed::new_from_unsigned(U128::from_u64(10), bound).unwrap() - ); + assert_eq!(p1, Signed::new_from_unsigned(U128::from_u64(10), bound).unwrap()); } #[test] fn partial_ord_neg_vs_neg() { let bound = 114; - let n1 = Signed::new_from_unsigned(U128::from_u64(10), bound) - .unwrap() - .neg(); - let n2 = Signed::new_from_unsigned(U128::from_u64(12), bound) - .unwrap() - .neg(); + let n1 = Signed::new_from_unsigned(U128::from_u64(10), bound).unwrap().neg(); + let n2 = Signed::new_from_unsigned(U128::from_u64(12), bound).unwrap().neg(); assert!(n2 < n1); assert_eq!( @@ -669,18 +654,14 @@ mod tests { fn partial_ord_pos_vs_neg() { let bound = 65; let p = Signed::new_from_unsigned(U128::from_u64(10), bound).unwrap(); - let n = Signed::new_from_unsigned(U128::from_u64(12), bound) - .unwrap() - .neg(); + let n = Signed::new_from_unsigned(U128::from_u64(12), bound).unwrap().neg(); assert!(n < p); } #[test] fn partial_ord_neg_vs_pos() { let bound = 93; - let n = Signed::new_from_unsigned(U128::from_u64(10), bound) - .unwrap() - .neg(); + let n = Signed::new_from_unsigned(U128::from_u64(10), bound).unwrap().neg(); let p = Signed::new_from_unsigned(U128::from_u64(12), bound).unwrap(); assert!(n < p); } @@ -746,9 +727,7 @@ mod tests { #[test] fn checked_mul_handles_sign() { - let n = Signed::new_from_unsigned(U128::from_u8(5), 27) - .unwrap() - .neg(); + let n = Signed::new_from_unsigned(U128::from_u8(5), 27).unwrap().neg(); let p = Signed::new_from_unsigned(U128::from_u8(3), 17).unwrap(); let neg_pos = n.checked_mul(&p).unwrap(); let pos_neg = p.checked_mul(&n).unwrap(); @@ -812,12 +791,8 @@ mod tests { #[test] fn neg_u128() { - let n = - Signed::new_from_unsigned(U128::from_be_hex("fffffffffffffffffffffffffffffff0"), 127) - .unwrap(); - let neg_n = - Signed::new_from_unsigned(U128::from_be_hex("00000000000000000000000000000010"), 127) - .unwrap(); + let n = Signed::new_from_unsigned(U128::from_be_hex("fffffffffffffffffffffffffffffff0"), 127).unwrap(); + let neg_n = Signed::new_from_unsigned(U128::from_be_hex("00000000000000000000000000000010"), 127).unwrap(); assert!(bool::from(n.is_negative())); assert!(!bool::from(neg_n.is_negative())); assert_eq!(n.neg(), neg_n); @@ -831,8 +806,7 @@ mod tests { use crypto_bigint::U128; let max_uint = U128::from_u128(u128::MAX >> 1); let one_signed = Signed::new_from_abs(U128::ONE, U128::BITS - 1, 0u8.into()).unwrap(); - let min_signed = Signed::new_from_abs(max_uint, U128::BITS - 1, 1u8.into()) - .expect("|2^127| is a valid Signed"); + let min_signed = Signed::new_from_abs(max_uint, U128::BITS - 1, 1u8.into()).expect("|2^127| is a valid Signed"); let _ = min_signed - one_signed; } #[test] @@ -841,8 +815,8 @@ mod tests { // Biggest/smallest Signed is |2^1023|: let max_uint = U1024::MAX >> 1; let one_signed = Signed::new_from_abs(U1024::ONE, U1024::BITS - 1, 0u8.into()).unwrap(); - let min_signed = Signed::new_from_abs(max_uint, U1024::BITS - 1, 1u8.into()) - .expect("|2^1023| is a valid Signed"); + let min_signed = + Signed::new_from_abs(max_uint, U1024::BITS - 1, 1u8.into()).expect("|2^1023| is a valid Signed"); let _ = min_signed - one_signed; } @@ -851,8 +825,8 @@ mod tests { // Biggest/smallest Signed is |2^1023| let max_uint = U1024::MAX >> 1; let one_signed = Signed::new_from_abs(U1024::ONE, U1024::BITS - 1, 0u8.into()).unwrap(); - let min_signed = Signed::new_from_abs(max_uint, U1024::BITS - 1, 1u8.into()) - .expect("|2^1023| is a valid Signed"); + let min_signed = + Signed::new_from_abs(max_uint, U1024::BITS - 1, 1u8.into()).expect("|2^1023| is a valid Signed"); let result = min_signed.checked_sub(&one_signed); assert!(bool::from(result.is_none())) diff --git a/synedrion/src/uint/traits.rs b/synedrion/src/uint/traits.rs index 26525c1f..1a08b554 100644 --- a/synedrion/src/uint/traits.rs +++ b/synedrion/src/uint/traits.rs @@ -2,8 +2,7 @@ use crypto_bigint::{ modular::MontyForm, nlimbs, subtle::{ConditionallySelectable, CtOption}, - Bounded, Encoding, Integer, Invert, PowBoundedExp, RandomMod, Square, Zero, U1024, U2048, - U4096, U512, U8192, + Bounded, Encoding, Integer, Invert, PowBoundedExp, RandomMod, Square, Zero, U1024, U2048, U4096, U512, U8192, }; use crate::uint::Signed; @@ -20,11 +19,7 @@ pub trait ToMontgomery: Integer { /// Exponentiation functions for generic integers (in our case used for integers in Montgomery form /// with `Signed` exponents). pub trait Exponentiable: - PowBoundedExp - + Invert> - + ConditionallySelectable - + Square - + core::ops::Mul + PowBoundedExp + Invert> + ConditionallySelectable + Square + core::ops::Mul where T: Integer + Bounded + Encoding + ConditionallySelectable, { @@ -36,9 +31,7 @@ where fn pow_signed(&self, exponent: &Signed) -> Self { let abs_exponent = exponent.abs(); let abs_result = self.pow_bounded_exp(&abs_exponent, exponent.bound()); - let inv_result = abs_result - .invert() - .expect("`self` is assumed to be invertible"); + let inv_result = abs_result.invert().expect("`self` is assumed to be invertible"); Self::conditional_select(&abs_result, &inv_result, exponent.is_negative()) } diff --git a/synedrion/src/www02/entities.rs b/synedrion/src/www02/entities.rs index c532bcda..b6997ce6 100644 --- a/synedrion/src/www02/entities.rs +++ b/synedrion/src/www02/entities.rs @@ -16,10 +16,7 @@ use crate::{ curve::{Point, Scalar}, tools::{ hashing::{Chain, FofHasher}, - sss::{ - interpolation_coeff, shamir_evaluation_points, shamir_join_points, shamir_split, - ShareId, - }, + sss::{interpolation_coeff, shamir_evaluation_points, shamir_join_points, shamir_split, ShareId}, }, }; @@ -65,11 +62,7 @@ impl ThresholdKeyShare>(); + let share_ids = ids.iter().cloned().zip(share_ids).collect::>(); let public_shares = share_ids .iter() @@ -133,8 +126,7 @@ impl ThresholdKeyShare ThresholdKeyShare) -> Self { let ids = key_share.all_parties(); - let num_parties: u64 = ids - .len() - .try_into() - .expect("no more than 2^64-1 shares needed"); + let num_parties: u64 = ids.len().try_into().expect("no more than 2^64-1 shares needed"); let share_ids = ids .iter() .cloned() @@ -199,9 +188,10 @@ impl ThresholdKeyShare ThresholdKeyShare Result; + fn derive_verifying_key_bip32(&self, derivation_path: &DerivationPath) -> Result; } -impl DeriveChildKey - for ThresholdKeyShare -{ - fn derive_verifying_key_bip32( - &self, - derivation_path: &DerivationPath, - ) -> Result { +impl DeriveChildKey for ThresholdKeyShare { + fn derive_verifying_key_bip32(&self, derivation_path: &DerivationPath) -> Result { let public_key = self.verifying_key(); let tweaks = derive_tweaks(public_key, derivation_path)?; apply_tweaks_public(public_key, &tweaks) @@ -248,10 +230,7 @@ impl DeriveChildKey } impl DeriveChildKey for VerifyingKey { - fn derive_verifying_key_bip32( - &self, - derivation_path: &DerivationPath, - ) -> Result { + fn derive_verifying_key_bip32(&self, derivation_path: &DerivationPath) -> Result { let tweaks = derive_tweaks(*self, derivation_path)?; apply_tweaks_public(*self, &tweaks) } @@ -280,10 +259,7 @@ fn derive_tweaks( Ok(tweaks) } -fn apply_tweaks_public( - public_key: VerifyingKey, - tweaks: &[PrivateKeyBytes], -) -> Result { +fn apply_tweaks_public(public_key: VerifyingKey, tweaks: &[PrivateKeyBytes]) -> Result { let mut public_key = public_key; for tweak in tweaks { public_key = public_key.derive_child(*tweak)?; @@ -291,10 +267,7 @@ fn apply_tweaks_public( Ok(public_key) } -fn apply_tweaks_private( - private_key: SigningKey, - tweaks: &[PrivateKeyBytes], -) -> Result { +fn apply_tweaks_private(private_key: SigningKey, tweaks: &[PrivateKeyBytes]) -> Result { let mut private_key = private_key; for tweak in tweaks { private_key = private_key.derive_child(*tweak)?; @@ -322,18 +295,10 @@ mod tests { let sk = SigningKey::random(&mut OsRng); let signers = (0..3).map(TestSigner::new).collect::>(); - let ids = signers - .iter() - .map(|signer| signer.verifying_key()) - .collect::>(); + let ids = signers.iter().map(|signer| signer.verifying_key()).collect::>(); let ids_set = ids.iter().cloned().collect::>(); - let shares = ThresholdKeyShare::::new_centralized( - &mut OsRng, - &ids_set, - 2, - Some(&sk), - ); + let shares = ThresholdKeyShare::::new_centralized(&mut OsRng, &ids_set, 2, Some(&sk)); assert_eq!(&shares[&ids[0]].verifying_key(), sk.verifying_key()); assert_eq!(&shares[&ids[1]].verifying_key(), sk.verifying_key()); diff --git a/synedrion/src/www02/key_resharing.rs b/synedrion/src/www02/key_resharing.rs index a5e1b6d8..948e4e6b 100644 --- a/synedrion/src/www02/key_resharing.rs +++ b/synedrion/src/www02/key_resharing.rs @@ -15,10 +15,9 @@ use core::{fmt::Debug, marker::PhantomData}; use k256::ecdsa::VerifyingKey; use manul::protocol::{ - Artifact, BoxedRound, Deserializer, DirectMessage, EchoBroadcast, EchoRoundParticipation, - EntryPoint, FinalizeOutcome, LocalError, NormalBroadcast, PartyId, Payload, Protocol, - ProtocolError, ProtocolMessagePart, ProtocolValidationError, ReceiveError, Round, RoundId, - Serializer, + Artifact, BoxedRound, Deserializer, DirectMessage, EchoBroadcast, EchoRoundParticipation, EntryPoint, + FinalizeOutcome, LocalError, NormalBroadcast, PartyId, Payload, Protocol, ProtocolError, ProtocolMessagePart, + ProtocolValidationError, ReceiveError, Round, RoundId, Serializer, }; use rand_core::CryptoRngCore; use secrecy::{ExposeSecret, SecretBox}; @@ -28,10 +27,7 @@ use super::ThresholdKeyShare; use crate::{ curve::{Point, Scalar}, tools::{ - sss::{ - interpolation_coeff, shamir_join_points, shamir_join_scalars, Polynomial, - PublicPolynomial, ShareId, - }, + sss::{interpolation_coeff, shamir_join_points, shamir_join_scalars, Polynomial, PublicPolynomial, ShareId}, DowncastMap, Without, }, SchemeParams, @@ -153,9 +149,7 @@ impl EntryPoint for KeyResharing { .collect(); if self.old_holder.is_none() && self.new_holder.is_none() { - return Err(LocalError::new( - "Either old holder or new holder data must be provided", - )); + return Err(LocalError::new("Either old holder or new holder data must be provided")); }; let message_destinations = if self.old_holder.is_some() { @@ -198,9 +192,7 @@ impl EntryPoint for KeyResharing { } }); - let new_holder = self - .new_holder - .map(|new_holder| NewHolderData { inputs: new_holder }); + let new_holder = self.new_holder.map(|new_holder| NewHolderData { inputs: new_holder }); Ok(BoxedRound::new_dynamic(Round1 { old_holder, @@ -306,9 +298,7 @@ impl Round for Round1 { destination: &I, ) -> Result<(DirectMessage, Option), LocalError> { if let Some(old_holder) = self.old_holder.as_ref() { - let subshare = old_holder - .polynomial - .evaluate(&self.new_share_ids[destination]); + let subshare = old_holder.polynomial.evaluate(&self.new_share_ids[destination]); let dm = DirectMessage::new(serializer, Round1DirectMessage { subshare })?; Ok((dm, None)) } else { @@ -391,8 +381,7 @@ impl Round for Round1 { let vkey = payloads .values() .map(|payload| { - payload.public_polynomial.coeff0() - * interpolation_coeff(&old_share_ids, &payload.old_share_id) + payload.public_polynomial.coeff0() * interpolation_coeff(&old_share_ids, &payload.old_share_id) }) .sum(); if Point::from_verifying_key(&new_holder.inputs.verifying_key) != vkey { @@ -454,20 +443,13 @@ mod tests { #[test] fn execute_key_reshare() { let signers = (0..4).map(TestSigner::new).collect::>(); - let ids = signers - .iter() - .map(|signer| signer.verifying_key()) - .collect::>(); + let ids = signers.iter().map(|signer| signer.verifying_key()).collect::>(); let old_holders = BTreeSet::from([ids[0], ids[1], ids[2]]); let new_holders = BTreeSet::from([ids[1], ids[2], ids[3]]); - let old_key_shares = ThresholdKeyShare::::new_centralized( - &mut OsRng, - &old_holders, - 2, - None, - ); + let old_key_shares = + ThresholdKeyShare::::new_centralized(&mut OsRng, &old_holders, 2, None); let old_vkey = old_key_shares[&ids[0]].verifying_key(); let new_threshold = 2; diff --git a/synedrion/tests/threshold.rs b/synedrion/tests/threshold.rs index 3bd3d239..f44ebfcd 100644 --- a/synedrion/tests/threshold.rs +++ b/synedrion/tests/threshold.rs @@ -7,18 +7,15 @@ use manul::{ }; use rand_core::OsRng; use synedrion::{ - AuxGen, DeriveChildKey, InteractiveSigning, KeyInit, KeyResharing, NewHolder, OldHolder, - TestParams, ThresholdKeyShare, + AuxGen, DeriveChildKey, InteractiveSigning, KeyInit, KeyResharing, NewHolder, OldHolder, TestParams, + ThresholdKeyShare, }; fn make_signers(num_parties: usize) -> (Vec, Vec) { let signers = (0..num_parties) .map(|idx| TestSigner::new(idx as u8)) .collect::>(); - let verifiers = signers - .iter() - .map(|signer| signer.verifying_key()) - .collect::>(); + let verifiers = signers.iter().map(|signer| signer.verifying_key()).collect::>(); (signers, verifiers) } @@ -35,8 +32,7 @@ fn full_sequence() { let entry_points = signers[..t] .iter() .map(|signer| { - let entry_point = - KeyInit::::new(old_holders.clone()).unwrap(); + let entry_point = KeyInit::::new(old_holders.clone()).unwrap(); (*signer, entry_point) }) .collect(); @@ -61,9 +57,7 @@ fn full_sequence() { .collect::>(); // The full verifying key can be obtained both from the original key shares and child key shares - let child_vkey = t_key_shares[&verifiers[0]] - .derive_verifying_key_bip32(&path) - .unwrap(); + let child_vkey = t_key_shares[&verifiers[0]].derive_verifying_key_bip32(&path).unwrap(); assert_eq!(child_vkey, child_key_shares[&verifiers[0]].verifying_key()); // Reshare to `n` nodes @@ -93,12 +87,8 @@ fn full_sequence() { // New holders' sessions let new_holder_entry_points = (t..n) .map(|idx| { - let entry_point = KeyResharing::::new( - None, - Some(new_holder.clone()), - all_verifiers.clone(), - t, - ); + let entry_point = + KeyResharing::::new(None, Some(new_holder.clone()), all_verifiers.clone(), t); (signers[idx], entry_point) }) .collect::>(); @@ -132,8 +122,7 @@ fn full_sequence() { let entry_points = (0..n) .map(|idx| { - let entry_point = - AuxGen::::new(all_verifiers.clone()).unwrap(); + let entry_point = AuxGen::::new(all_verifiers.clone()).unwrap(); (signers[idx], entry_point) }) .collect::>();