Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fiono11's OLAF #110

Open
wants to merge 63 commits into
base: master
Choose a base branch
from
Open
Changes from 1 commit
Commits
Show all changes
63 commits
Select commit Hold shift + click to select a range
b93d5ea
Implementation of SimplPedPoP
Fiono11 May 6, 2024
0229035
Improvements
Fiono11 May 6, 2024
059b601
Add tests
Fiono11 May 6, 2024
bbb6b74
Fix tests
Fiono11 May 6, 2024
9f64544
WIP
Fiono11 May 6, 2024
2e557c9
Return keys from simplpedpop_recipient_all instead of points and scalars
Fiono11 May 6, 2024
999f299
WIP
Fiono11 May 6, 2024
5fc364a
Replace pub(crate) with pub(super)
Fiono11 May 6, 2024
1a2b54d
WIP
Fiono11 May 6, 2024
9b775b9
WIP
Fiono11 May 6, 2024
75dd78b
WIP
Fiono11 May 6, 2024
1b387d2
Fix in ciphertexts loop
Fiono11 May 7, 2024
cf308ba
Add wrapper types
Fiono11 May 7, 2024
ff8d132
Implement SecretShare and EncryptedSecretShare types
Fiono11 May 8, 2024
2e9b153
Implement SecretPolynomial and PolynomialCommitment types
Fiono11 May 8, 2024
9420ff4
Restructuring of files
Fiono11 May 8, 2024
69473c4
Remove derive_key_from_scalar
Fiono11 May 8, 2024
51d16cd
Remove ephemeral key
Fiono11 May 8, 2024
0be043a
Add Identifier type
Fiono11 May 8, 2024
cc2fd93
Add identifiers to dkg_output
Fiono11 May 8, 2024
d7d061d
Remove proof of possession signature
Fiono11 May 8, 2024
9ed307f
Improvements
Fiono11 May 8, 2024
8b9726e
Fix deserialization of dkg output
Fiono11 May 8, 2024
3771fd5
Remove unwrap
Fiono11 May 9, 2024
04546ed
Improve errors
Fiono11 May 9, 2024
030ce7a
Add polynomial tests
Fiono11 May 9, 2024
ec189f5
Merge final_simplpedpop branch
Fiono11 May 9, 2024
443a40f
Reimplement ephemeral key and proof of possession
Fiono11 May 10, 2024
e1c24d1
Implementation of FROST
Fiono11 May 9, 2024
d8308e0
Add test
Fiono11 May 14, 2024
3bf17d1
Add test
Fiono11 May 14, 2024
f5b0f41
Add frost benchmarks
Fiono11 May 14, 2024
8e779fc
Refractoring
Fiono11 May 14, 2024
206d051
Improvements
Fiono11 May 16, 2024
c4484b6
Implement SigningPackage
Fiono11 May 16, 2024
e3b1c63
Add (de)serialization of SigningPackage test
Fiono11 May 16, 2024
4020137
Fix frost benchmark
Fiono11 May 16, 2024
d830b7b
Implement cheater detection
Fiono11 May 16, 2024
8e091d3
Improvements
Fiono11 May 16, 2024
b0a0ed9
Improvements
Fiono11 May 17, 2024
f67a4f3
Improvements
Fiono11 May 17, 2024
524b01e
Merge changes from final_frost branch to simplpedpop
Fiono11 May 17, 2024
1a9c024
Undo formatting
Fiono11 May 17, 2024
20d539f
Undo formatting
Fiono11 May 17, 2024
1402b1e
Implementation of SimplPedPoP
Fiono11 May 6, 2024
e5b1f7b
Improvements
Fiono11 May 18, 2024
3d67f38
Sign the whole message with the secret of the polynomial
Fiono11 May 18, 2024
689bfed
Merge remote-tracking branch 'fiono/final_simplpedpop' into final_sim…
Fiono11 May 19, 2024
63cbcdf
Sign the whole message with the secret of the polynomial
Fiono11 May 18, 2024
86c8bee
Fixes
Fiono11 May 20, 2024
4835946
Complete serialization of frost
Fiono11 May 20, 2024
35518c6
Fixes
Fiono11 May 20, 2024
d8ca0dd
Use system randomness in frost
Fiono11 May 21, 2024
46b7d30
Small improvements
Fiono11 Jun 1, 2024
fddd002
Make tpk content pub
Fiono11 Jun 5, 2024
df2f948
Merge branch 'Fiono11-final_frost' into Fiono11-final
burdges Jul 30, 2024
b0741a9
Upgrade curve25519-dalek
burdges Jul 30, 2024
1cfc580
Make aead a default feature now
burdges Jul 30, 2024
6829d16
Not FROST since removing 1-round version
burdges Jul 30, 2024
f4d26d6
Again not FROST since removing 1-round version
burdges Jul 30, 2024
3940595
Remove the FRO of FROST aka the dangerous 1-round
burdges Jul 30, 2024
fa7989b
rand_chacha fix maybe?
burdges Jul 30, 2024
bde258e
Ahh maybe this
burdges Jul 30, 2024
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Add tests
Fiono11 committed May 6, 2024
commit 059b601d57c6f95a173fcf12765df2ce1356667f
28 changes: 23 additions & 5 deletions Cargo.toml
Original file line number Diff line number Diff line change
@@ -22,7 +22,7 @@ curve25519-dalek = { version = "4.1.0", default-features = false, features = [
"zeroize",
"precomputed-tables",
"legacy_compatibility",
"rand_core"
"rand_core",
] }
subtle = { version = "2.4.1", default-features = false }
merlin = { version = "3.0.0", default-features = false }
@@ -33,7 +33,9 @@ serde_bytes = { version = "0.11.5", default-features = false, optional = true }
cfg-if = { version = "1.0.0", optional = true }
sha2 = { version = "0.10.7", default-features = false }
failure = { version = "0.1.8", default-features = false, optional = true }
zeroize = { version = "1.6", default-features = false, features = ["zeroize_derive"] }
zeroize = { version = "1.6", default-features = false, features = [
"zeroize_derive",
] }
chacha20poly1305 = { version = "0.10.1", default-features = false }

[dev-dependencies]
@@ -58,13 +60,29 @@ harness = false
default = ["std", "getrandom"]
preaudit_deprecated = []
nightly = []
alloc = ["curve25519-dalek/alloc", "rand_core/alloc", "getrandom_or_panic/alloc", "serde_bytes/alloc"]
std = ["alloc", "getrandom", "serde_bytes/std", "rand_core/std", "getrandom_or_panic/std", "chacha20poly1305/std"]
alloc = [
"curve25519-dalek/alloc",
"rand_core/alloc",
"getrandom_or_panic/alloc",
"serde_bytes/alloc",
]
std = [
"alloc",
"getrandom",
"serde_bytes/std",
"rand_core/std",
"getrandom_or_panic/std",
"chacha20poly1305/std",
]
asm = ["sha2/asm"]
serde = ["serde_crate", "serde_bytes", "cfg-if"]
# We cannot make getrandom a direct dependency because rand_core makes
# getrandom a feature name, which requires forwarding.
getrandom = ["rand_core/getrandom", "getrandom_or_panic/getrandom", "aead?/getrandom"]
getrandom = [
"rand_core/getrandom",
"getrandom_or_panic/getrandom",
"aead?/getrandom",
]
# We thus cannot forward the wasm-bindgen feature of getrandom,
# but our consumers could depend upon getrandom and activate its
# wasm-bindgen feature themselve, which works due to cargo features
142 changes: 133 additions & 9 deletions src/olaf/data_structures.rs
Original file line number Diff line number Diff line change
@@ -150,19 +150,16 @@ impl MessageContent {
pub fn from_bytes(bytes: &[u8]) -> Result<MessageContent, DKGError> {
let mut cursor = 0;

// Deserialize PublicKey
let sender = PublicKey::from_bytes(&bytes[cursor..cursor + PUBLIC_KEY_LENGTH])
.map_err(DKGError::InvalidPublicKey)?;
cursor += PUBLIC_KEY_LENGTH;

// Deserialize encryption_nonce
let encryption_nonce: [u8; ENCRYPTION_NONCE_LENGTH] = bytes
[cursor..cursor + ENCRYPTION_NONCE_LENGTH]
.try_into()
.map_err(DKGError::DeserializationError)?;
cursor += ENCRYPTION_NONCE_LENGTH;

// Deserialize Parameters
let participants = u16::from_le_bytes(
bytes[cursor..cursor + U16_LENGTH]
.try_into()
@@ -283,15 +280,12 @@ impl DKGOutputContent {
pub fn to_bytes(&self) -> Vec<u8> {
let mut bytes = Vec::new();

// Serialize the group public key
let compressed_public_key = self.group_public_key.as_compressed(); // Assuming PublicKey can be compressed directly
bytes.extend(compressed_public_key.to_bytes().iter());

// Serialize the number of verifying keys
let key_count = self.verifying_keys.len() as u16;
bytes.extend(key_count.to_le_bytes());

// Serialize each verifying key
for key in &self.verifying_keys {
let compressed_key = key.compress();
bytes.extend(compressed_key.to_bytes());
@@ -306,21 +300,18 @@ impl DKGOutputContent {
pub fn from_bytes(bytes: &[u8]) -> Result<DKGOutputContent, DKGError> {
let mut cursor = 0;

// Deserialize the group public key
let public_key_bytes = &bytes[cursor..cursor + PUBLIC_KEY_LENGTH]; // Ristretto points are 32 bytes when compressed
cursor += PUBLIC_KEY_LENGTH;
let compressed_public_key = CompressedRistretto::from_slice(public_key_bytes)
.map_err(DKGError::DeserializationError)?;
let group_public_key =
compressed_public_key.decompress().ok_or(DKGError::InvalidRistrettoPoint)?;

// Deserialize the number of verifying keys
let key_count_bytes = &bytes[cursor..cursor + U16_LENGTH];
cursor += U16_LENGTH;
let key_count =
u16::from_le_bytes(key_count_bytes.try_into().map_err(DKGError::DeserializationError)?);

// Deserialize each verifying key
let mut verifying_keys = Vec::with_capacity(key_count as usize);
for _ in 0..key_count {
let key_bytes = &bytes[cursor..cursor + COMPRESSED_RISTRETTO_LENGTH];
@@ -337,3 +328,136 @@ impl DKGOutputContent {
})
}
}

#[cfg(test)]
mod tests {
use merlin::Transcript;
use rand_core::OsRng;
use crate::Keypair;
use super::*;

#[test]
fn test_serialize_deserialize_all_message() {
let sender = Keypair::generate();
let encryption_nonce = [1u8; ENCRYPTION_NONCE_LENGTH];
let parameters = Parameters { participants: 2, threshold: 1 };
let recipients_hash = [2u8; RECIPIENTS_HASH_LENGTH];
let point_polynomial =
vec![RistrettoPoint::random(&mut OsRng), RistrettoPoint::random(&mut OsRng)];
let ciphertexts = vec![vec![1; CHACHA20POLY1305_LENGTH], vec![1; CHACHA20POLY1305_LENGTH]];
let proof_of_possession = sender.sign(Transcript::new(b"pop"));
let signature = sender.sign(Transcript::new(b"sig"));
let ephemeral_key = PublicKey::from_point(RistrettoPoint::random(&mut OsRng));

let message_content = MessageContent::new(
sender.public,
encryption_nonce,
parameters,
recipients_hash,
point_polynomial,
ciphertexts,
ephemeral_key,
proof_of_possession,
);

let message = AllMessage::new(message_content, signature);

let bytes = message.to_bytes();

let deserialized_message = AllMessage::from_bytes(&bytes).expect("Failed to deserialize");

assert_eq!(message.content.sender, deserialized_message.content.sender);

assert_eq!(message.content.encryption_nonce, deserialized_message.content.encryption_nonce);

assert_eq!(
message.content.parameters.participants,
deserialized_message.content.parameters.participants
);

assert_eq!(
message.content.parameters.threshold,
deserialized_message.content.parameters.threshold
);

assert_eq!(message.content.recipients_hash, deserialized_message.content.recipients_hash);

assert!(message
.content
.point_polynomial
.iter()
.zip(deserialized_message.content.point_polynomial.iter())
.all(|(a, b)| a.compress() == b.compress()));

assert!(message
.content
.ciphertexts
.iter()
.zip(deserialized_message.content.ciphertexts.iter())
.all(|(a, b)| a == b));

assert_eq!(
message.content.proof_of_possession,
deserialized_message.content.proof_of_possession
);

assert_eq!(message.signature, deserialized_message.signature);
}

#[test]
fn test_dkg_output_serialization() {
let mut rng = OsRng;
let group_public_key = RistrettoPoint::random(&mut rng);
let verifying_keys = vec![
RistrettoPoint::random(&mut rng),
RistrettoPoint::random(&mut rng),
RistrettoPoint::random(&mut rng),
];

let dkg_output_content = DKGOutputContent {
group_public_key: PublicKey::from_point(group_public_key),
verifying_keys,
};

let keypair = Keypair::generate();
let signature = keypair.sign(Transcript::new(b"test"));

let dkg_output =
DKGOutput { sender: keypair.public, content: dkg_output_content, signature };

// Serialize the DKGOutput
let bytes = dkg_output.to_bytes();

// Deserialize the DKGOutput
let deserialized_dkg_output =
DKGOutput::from_bytes(&bytes).expect("Deserialization failed");

// Check if the deserialized content matches the original
assert_eq!(
deserialized_dkg_output.content.group_public_key.as_compressed(),
dkg_output.content.group_public_key.as_compressed(),
"Group public keys do not match"
);

assert_eq!(
deserialized_dkg_output.content.verifying_keys.len(),
dkg_output.content.verifying_keys.len(),
"Verifying keys counts do not match"
);

assert!(
deserialized_dkg_output
.content
.verifying_keys
.iter()
.zip(dkg_output.content.verifying_keys.iter())
.all(|(a, b)| a == b),
"Verifying keys do not match"
);

assert_eq!(
deserialized_dkg_output.signature.s, dkg_output.signature.s,
"Signatures do not match"
);
}
}
2 changes: 1 addition & 1 deletion src/olaf/simplpedpop.rs
Original file line number Diff line number Diff line change
@@ -80,7 +80,7 @@ impl Keypair {
i as usize,
)
})
.collect::<DKGResult<_>>()?;
.collect::<DKGResult<Vec<Vec<u8>>>>()?;

let pk = &PublicKey::from_point(
*point_polynomial
Loading