Merge branch 'main' of https://github.com/ZcashFoundation/frost into …

…remove-mulassign
ZcashFoundation · Jun 19, 2024 · 338923b · 338923b
2 parents 382c0e5 + 8be644f
commit 338923b
Show file tree

Hide file tree

Showing 39 changed files with 395 additions and 338 deletions.
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -24,6 +24,30 @@ jobs:
         with:
           command: build
 
+  build_msrv:
+    name: build with MSRV (1.66.1)
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/[email protected]
+      # Re-resolve Cargo.lock with minimal versions
+      - uses: dtolnay/rust-toolchain@nightly
+      - run: cargo update -Z minimal-versions
+      # Now check that `cargo build` works with respect to the oldest possible
+      # deps and the stated MSRV
+      - uses: dtolnay/[email protected]
+      - run: cargo build --all-features
+
+  build_all_features:
+    name: build with all features combinations
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/[email protected]
+      - uses: dtolnay/rust-toolchain@stable
+      - run: cargo install cargo-all-features
+      - run: cargo build-all-features
+
   test_beta:
     name: test on beta
     runs-on: ubuntu-latest
@@ -143,7 +167,7 @@ jobs:
     continue-on-error: true
     steps:
       - uses: actions/[email protected]
-      - uses: reviewdog/action-actionlint@v1.46.0
+      - uses: reviewdog/action-actionlint@v1.48.0
         with:
           level: warning
           fail_on_error: false
diff --git a/README.md b/README.md
@@ -30,7 +30,7 @@ Besides FROST itself, this repository also provides:
 
 - Trusted dealer key generation as specified in the appendix of ['Two-Round Threshold Schnorr Signatures with FROST'](https://datatracker.ietf.org/doc/draft-irtf-cfrg-frost/);
 - Distributed key generation as specified in the original paper [FROST20](https://eprint.iacr.org/2020/852.pdf);
-- Repairable Theshold Scheme (RTS) from ['A Survey and Refinement of Repairable Threshold Schemes'](https://eprint.iacr.org/2017/1155) which allows a participant to recover a lost share with the help of a threshold of other participants;
+- Repairable Threshold Scheme (RTS) from ['A Survey and Refinement of Repairable Threshold Schemes'](https://eprint.iacr.org/2017/1155) which allows a participant to recover a lost share with the help of a threshold of other participants;
 - Rerandomized FROST (paper under review).
 
 ## Getting Started

diff --git a/book/src/dev/developer-guide.md b/book/src/dev/developer-guide.md
@@ -8,7 +8,7 @@
 
 # Coverage
 
-Test coverage checks are performed in the pipeline. This is cofigured here: `.github/workflows/coverage.yaml`
+Test coverage checks are performed in the pipeline. This is configured here: `.github/workflows/coverage.yaml`
 To run these locally:
 1. Install coverage tool by running `cargo install cargo-llvm-cov`
 2. Run `cargo llvm-cov --ignore-filename-regex '.*(tests).*|benches.rs|gencode|helpers.rs'` (you may be asked if you want to install `llvm-tools-preview`, if so type `Y`)
diff --git a/book/src/zcash/ywallet-demo.md b/book/src/zcash/ywallet-demo.md
@@ -1,6 +1,6 @@
 # Ywallet Demo Tutorial
 
-This tutorial explaing how to run the FROST demo using Ywallet that was
+This tutorial explaining how to run the FROST demo using Ywallet that was
 [presented during Zcon4](https://www.youtube.com/watch?v=xvzESdDtczo).
 
 Ywallet supports [offline

diff --git a/frost-core/CHANGELOG.md b/frost-core/CHANGELOG.md
@@ -4,8 +4,22 @@ Entries are listed in reverse chronological order.
 
 ## Unreleased
 
-## 2.0.0
-
+* Changed the `deserialize()` function of Elements and structs containing
+  Elements to return an error if the element is the identity. This is a
+  requirement in the FROST specification that wasn't being followed. We are not
+  aware of any possible security issues that could be caused by this; in the
+  unlikely case that the identity was being serialized, this would be caught by
+  deserialization methods. However, we consider this change the right thing to
+  do as a defense-in-depth mechanism. This entails the following changes:
+  * `Group::serialize()` now returns an error. When implementing it, you must
+    return an error if it attempts to serialize the identity.
+  * `VerifyingShare::serialize()`, `CoefficientCommitment::serialize()`,
+    `VerifiableSecretSharingCommitment::serialize()`,
+    `NonceCommitment::serialize()`, `Signature::serialize()`,
+    `VerifyingKey::serialize()` can now all return an error.
+* Removed `batch::Item::into()` which created a batch Item from a triple of
+  VerifyingKey, Signature and message. Use the new `batch::Item::new()` instead
+  (which can return an error).
 * Removed the `MulAssign<Identifier<C>> for Scalar<C>` implementation since it
   will result in a coherence error in future Rust versions (see #625). In the
   unlikely case you're using this, you can replace e.g. `scalar *= identifier`

diff --git a/frost-core/Cargo.toml b/frost-core/Cargo.toml
@@ -32,7 +32,7 @@ postcard = { version = "1.0.0", features = ["use-std"], optional = true }
 rand_core = "0.6"
 serde = { version = "1.0.160", features = ["derive"], optional = true }
 serdect = { version = "0.2.0", optional = true }
-thiserror = "1.0"
+thiserror = "1.0.29"
 visibility = "0.1.0"
 zeroize = { version = "1.5.4", default-features = false, features = ["derive"] }
 itertools = "0.13.0"

diff --git a/frost-core/src/batch.rs b/frost-core/src/batch.rs
@@ -25,16 +25,20 @@ pub struct Item<C: Ciphersuite> {
     c: Challenge<C>,
 }
 
-impl<'msg, C, M> From<(VerifyingKey<C>, Signature<C>, &'msg M)> for Item<C>
+impl<C> Item<C>
 where
     C: Ciphersuite,
-    M: AsRef<[u8]>,
 {
-    fn from((vk, sig, msg): (VerifyingKey<C>, Signature<C>, &'msg M)) -> Self {
+    /// Create a new batch [`Item`] from a [`VerifyingKey`], [`Signature`]
+    /// and a message to be verified.
+    pub fn new<M>(vk: VerifyingKey<C>, sig: Signature<C>, msg: M) -> Result<Self, Error<C>>
+    where
+        M: AsRef<[u8]>,
+    {
         // Compute c now to avoid dependency on the msg lifetime.
-        let c = crate::challenge(&sig.R, &vk, msg.as_ref());
+        let c = crate::challenge(&sig.R, &vk, msg.as_ref())?;
 
-        Self { vk, sig, c }
+        Ok(Self { vk, sig, c })
     }
 }
 
@@ -129,7 +133,7 @@ where
             Rs.push(R);
 
             VK_coeffs.push(<<C::Group as Group>::Field>::zero() + (blind * item.c.0));
-            VKs.push(item.vk.element);
+            VKs.push(item.vk.to_element());
         }
 
         let scalars = once(&P_coeff_acc)

diff --git a/frost-core/src/benches.rs b/frost-core/src/benches.rs
@@ -67,7 +67,8 @@ pub fn bench_batch_verify<C: Ciphersuite, R: RngCore + CryptoRng + Clone>(
                         let msg = b"Bench";
 
                         let Item { vk, sig } = item;
-                        batch.queue((*vk, *sig, msg));
+                        let item = batch::Item::<C>::new(*vk, *sig, msg).unwrap();
+                        batch.queue(item);
                     }
                     batch.verify(&mut rng)
                 })