Vrf Audit #156

alxiong · 2022-12-07T15:45:43Z

Description

This PR fix issues raised in our self-audit on BLS implementations.

Major changes include:

Add Zeroizing::new(ikm) internally
Add warning and rustdoc examples to remind users to provide good RNG
Add key_gen_v5 to allow generation of multiple keys using the same ikm
Update Ciphersuite ID to conform with standard
Add options to deserialize compressed, unchecked (skipping subgroup check) for Signature and PublicKey.

Before we can merge this PR, please make sure that all the following items have been
checked off. If any of the checklist items are not applicable, please leave them but
write a little note why.

Targeted PR against correct branch (main)
~~Linked to GitHub issue with discussion and accepted design OR have an explanation in the PR that describes this work.~~
Wrote unit tests
Updated relevant documentation in the code
Added a relevant changelog entry to the Pending section in CHANGELOG.md
Re-reviewed Files changed in the GitHub PR explorer

primitives/src/signatures/bls.rs

primitives/src/constants.rs

primitives/src/signatures/bls.rs

tessico · 2022-12-08T13:28:26Z

primitives/src/signatures/bls.rs

+        test_canonical_serde_helper(sig);
+    }
+
+    // TODO: (alex) update this after upgrading to arkwork 0.4.0


If I'm not mistaken this will need to be upgraded anyway, since e.g. the deserialize method will have a new signature in 0.4.0.

https://github.com/arkworks-rs/algebra/blob/master/CHANGELOG.md

oh yeah, that's exactly what I meant. CanonicalDeserialize have 4 combinations of (un)compressed + (un)check. which makes more sense.

tessico

The TODO doesn't hurt though, it was just FYI.

alxiong added 4 commits December 7, 2022 13:09

zeroize ikm, add docs and doctest to bls sig

4ffca8b

conform with CipherSuite standard

3e74826

add test to canonical serde for bls sig

19181b5

upgrade to latest tagged, auto-derive serde on bls sig structs

4adf3dd

alxiong requested a review from a team December 7, 2022 15:45

alxiong self-assigned this Dec 7, 2022

Merge branch 'main' into vrf-audit

1ee20f7

mrain reviewed Dec 7, 2022

View reviewed changes

primitives/src/signatures/bls.rs Outdated Show resolved Hide resolved

fix rustdoc failure

75efdb3

alxiong mentioned this pull request Dec 7, 2022

SignatureScheme trait bounds #148

Merged

6 tasks

alxiong added 2 commits December 8, 2022 13:01

Merge remote-tracking branch 'origin/main' into vrf-audit

8cc6462

minor doc language adjustment

2210003

alxiong requested a review from a team December 8, 2022 05:05

tessico reviewed Dec 8, 2022

View reviewed changes

address Marti's PR comments

04e6f72

tessico reviewed Dec 8, 2022

View reviewed changes

tessico previously approved these changes Dec 8, 2022

View reviewed changes

update CHANGELOG

3543246

alxiong dismissed tessico’s stale review via 3543246 December 8, 2022 13:46

tessico approved these changes Dec 8, 2022

View reviewed changes

alxiong merged commit 1cbf864 into main Dec 8, 2022

alxiong deleted the vrf-audit branch December 8, 2022 14:28

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Vrf Audit #156

Vrf Audit #156

alxiong commented Dec 7, 2022 •

edited

Loading

tessico Dec 8, 2022

tessico Dec 8, 2022

alxiong Dec 8, 2022 •

edited

Loading

tessico left a comment

Vrf Audit #156

Vrf Audit #156

Conversation

alxiong commented Dec 7, 2022 • edited Loading

Description

tessico Dec 8, 2022

Choose a reason for hiding this comment

tessico Dec 8, 2022

Choose a reason for hiding this comment

alxiong Dec 8, 2022 • edited Loading

Choose a reason for hiding this comment

tessico left a comment

Choose a reason for hiding this comment

alxiong commented Dec 7, 2022 •

edited

Loading

alxiong Dec 8, 2022 •

edited

Loading