Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[frost] Make "tweaks" mutate #190

Merged
merged 15 commits into from
Aug 9, 2024
Merged
Show file tree
Hide file tree
Changes from 13 commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions ecdsa_fun/src/adaptor/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -234,9 +234,9 @@ impl<T: Transcript<DLEQ>, NG> Adaptor<T, NG> {
/// There are two crucial things to understand when calling this:
///
/// 1. You should be certain that the encrypted signature is what you think it is by calling
/// [`verify_encrypted_signature`] on it first.
/// [`verify_encrypted_signature`] on it first.
/// 2. Once you give the decrypted signature to anyone who has seen `encrypted_signature` they will be
/// able to learn `decryption_key` by calling [`recover_decryption_key`].
/// able to learn `decryption_key` by calling [`recover_decryption_key`].
///
/// See [synopsis] for an example
///
Expand Down
2 changes: 1 addition & 1 deletion schnorr_fun/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ secp256kfun = { path = "../secp256kfun", version = "0.10", default-features = f
bech32 = { version = "0.11", optional = true, default-features = false, features = ["alloc"] }

[dev-dependencies]
secp256kfun = { path = "../secp256kfun", version = "0.10", features = ["proptest"] }
secp256kfun = { path = "../secp256kfun", version = "0.10", features = ["proptest", "bincode", "alloc"] }
rand = { version = "0.8" }
lazy_static = "1.4"
bincode = "1.0"
Expand Down
2 changes: 1 addition & 1 deletion schnorr_fun/benches/bench_schnorr.rs
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ fn verify_schnorr(c: &mut Criterion) {
});

{
let sig = sig.clone().set_secrecy::<Secret>();
let sig = sig.set_secrecy::<Secret>();
group.bench_function("fun::schnorr_verify_ct", |b| {
b.iter(|| schnorr.verify(verification_key, message, &sig))
});
Expand Down
4 changes: 2 additions & 2 deletions schnorr_fun/src/adaptor/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -153,9 +153,9 @@ pub trait Adaptor {
/// There are two crucial things to understand when calling this:
///
/// 1. You should be certain that the encrypted signature is what you think it is by calling
/// [`verify_encrypted_signature`] on it first.
/// [`verify_encrypted_signature`] on it first.
/// 2. Once you give the decrypted signature to anyone who has seen `encrypted_signature` they will be
/// able to learn `decryption_key` by calling [`recover_decryption_key`].
/// able to learn `decryption_key` by calling [`recover_decryption_key`].
///
/// See [synopsis] for an example
///
Expand Down
33 changes: 30 additions & 3 deletions schnorr_fun/src/binonce.rs
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
//! Your public nonces are derived from scalars which must be kept secret.
//! Derived binonces should be unique and and must not be reused for signing under any circumstances
//! as this can leak your secret key.
use secp256kfun::{g, marker::*, rand_core::RngCore, Point, Scalar, G};
use secp256kfun::{g, hash::HashInto, marker::*, rand_core::RngCore, Point, Scalar, G};

/// A nonce (pair of points) that each party must share with the others in the first stage of signing.
///
Expand All @@ -26,7 +26,7 @@ impl<Z: ZeroChoice> Nonce<Z> {
}
}

impl<Z> Nonce<Z> {
impl<Z: ZeroChoice> Nonce<Z> {
/// Negate the two nonces
pub fn conditional_negate(&mut self, needs_negation: bool) {
self.0[0] = self.0[0].conditional_negate(needs_negation);
Expand All @@ -42,6 +42,33 @@ impl<Z> Nonce<Z> {
bytes[33..].copy_from_slice(self.0[1].to_bytes().as_ref());
bytes
}

/// Binds an aggregated binonce to a it's binding coefficient (which is produced differently for
/// different schemes) and produces the final nonce (the one that will go into the signature).
pub fn bind(&self, binding_coeff: Scalar<Public>) -> (Point<EvenY>, bool) {
g!(self.0[0] + binding_coeff * self.0[1])
.normalize()
.non_zero()
.unwrap_or(Point::generator())
.into_point_with_even_y()
}
}

impl<Z> HashInto for Nonce<Z> {
fn hash_into(self, hash: &mut impl secp256kfun::digest::Digest) {
self.0.hash_into(hash)
}
}

impl Nonce<Zero> {
/// Adds a bunch of binonces together (one for each party signing usually).
pub fn aggregate(nonces: impl IntoIterator<Item = Nonce>) -> Self {
let agg = nonces.into_iter().fold([Point::zero(); 2], |acc, nonce| {
[g!(acc[0] + nonce.0[0]), g!(acc[1] + nonce.0[1])]
});

Self([agg[0].normalize(), agg[1].normalize()])
}
}

secp256kfun::impl_fromstr_deserialize! {
Expand All @@ -52,7 +79,7 @@ secp256kfun::impl_fromstr_deserialize! {
}

secp256kfun::impl_display_serialize! {
fn to_bytes<Z>(nonce: &Nonce<Z>) -> [u8;66] {
fn to_bytes<Z: ZeroChoice>(nonce: &Nonce<Z>) -> [u8;66] {
nonce.to_bytes()
}
}
Expand Down
Loading
Loading