From 647da3515c2f076295885cc715c034da4e262fc1 Mon Sep 17 00:00:00 2001
From: Conrado Gouvea <conrado@zfnd.org>
Date: Wed, 19 Jun 2024 17:04:19 -0300
Subject: [PATCH] core: remove MulAssign impl for Scalar (#626)

---
 frost-core/CHANGELOG.md      | 4 ++++
 frost-core/src/identifier.rs | 9 ---------
 frost-core/src/keys.rs       | 2 +-
 frost-core/src/lib.rs        | 8 ++++----
 4 files changed, 9 insertions(+), 14 deletions(-)

diff --git a/frost-core/CHANGELOG.md b/frost-core/CHANGELOG.md
index 7ddbe73e..08196012 100644
--- a/frost-core/CHANGELOG.md
+++ b/frost-core/CHANGELOG.md
@@ -20,6 +20,10 @@ Entries are listed in reverse chronological order.
 * Removed `batch::Item::into()` which created a batch Item from a triple of
   VerifyingKey, Signature and message. Use the new `batch::Item::new()` instead
   (which can return an error).
+* Removed the `MulAssign<Identifier<C>> for Scalar<C>` implementation since it
+  will result in a coherence error in future Rust versions (see #625). In the
+  unlikely case you're using this, you can replace e.g. `scalar *= identifier`
+  with `scalar = identifier * scalar`.
 
 ## 1.0.1
 
diff --git a/frost-core/src/identifier.rs b/frost-core/src/identifier.rs
index 5525197b..edb64cff 100644
--- a/frost-core/src/identifier.rs
+++ b/frost-core/src/identifier.rs
@@ -149,15 +149,6 @@ where
     }
 }
 
-impl<C> std::ops::MulAssign<Identifier<C>> for Scalar<C>
-where
-    C: Ciphersuite,
-{
-    fn mul_assign(&mut self, identifier: Identifier<C>) {
-        *self = *self * identifier.0
-    }
-}
-
 impl<C> std::ops::Sub for Identifier<C>
 where
     C: Ciphersuite,
diff --git a/frost-core/src/keys.rs b/frost-core/src/keys.rs
index 75ffc8fd..38adfe86 100644
--- a/frost-core/src/keys.rs
+++ b/frost-core/src/keys.rs
@@ -582,7 +582,7 @@ fn evaluate_polynomial<C: Ciphersuite>(
     let ell_scalar = identifier;
     for coeff in coefficients.iter().skip(1).rev() {
         value = value + *coeff;
-        value *= ell_scalar;
+        value = ell_scalar * value;
     }
     value = value
         + *coefficients
diff --git a/frost-core/src/lib.rs b/frost-core/src/lib.rs
index 96c5cba6..3f6655bc 100644
--- a/frost-core/src/lib.rs
+++ b/frost-core/src/lib.rs
@@ -306,12 +306,12 @@ fn compute_lagrange_coefficient<C: Ciphersuite>(
         }
 
         if let Some(x) = x {
-            num *= x - *x_j;
-            den *= x_i - *x_j;
+            num = (x - *x_j) * num;
+            den = (x_i - *x_j) * den;
         } else {
             // Both signs inverted just to avoid requiring Neg (-*xj)
-            num *= *x_j;
-            den *= *x_j - x_i;
+            num = *x_j * num;
+            den = (*x_j - x_i) * den;
         }
     }
     if !x_i_found {