update k256, sha2 versions #444

boltlabs-inc · Aug 24, 2023 · 1c91522 · 1c91522
1 parent 2ac1bbd
commit 1c91522
Show file tree

Hide file tree

Showing 4 changed files with 32 additions and 27 deletions.
diff --git a/Cargo.toml b/Cargo.toml
@@ -22,14 +22,14 @@ flame = { version = "0.2", optional = true }
 flamer = { version = "0.3", optional = true }
 generic-array = "0.14"
 hex = "0.4"
-k256 = { version = "0.10", features = ["arithmetic", "digest", "sha256", "ecdsa", "serde"] }
+k256 = { version = "0.13", features = ["arithmetic", "sha256", "ecdsa", "serde"] }
 lazy_static = "1"
 libpaillier = { version = "0.5", default-features = false, features = ["gmp"] }
 merlin = "3"
 num-bigint = "0.4"
 rand = "0.8"
 serde = "1"
-sha2 = "0.9"
+sha2 = "0.10"
 thiserror = "1"
 tracing = "0.1.37"
 zeroize = "1.5"

diff --git a/src/presign/record.rs b/src/presign/record.rs
@@ -17,7 +17,7 @@ use crate::{
     utils::{bn_to_scalar, CurvePoint, ParseBytes},
 };
 use k256::{
-    elliptic_curve::{AffineXCoordinate, PrimeField},
+    elliptic_curve::{point::AffineCoordinates, PrimeField},
     Scalar,
 };
 use sha2::{Digest, Sha256};
@@ -183,9 +183,9 @@ impl PresignRecord {
             &point_len,
             &point,
             &random_share_len,
-            &random_share,
+            random_share.as_ref(),
             &chi_share_len,
-            &chi_share,
+            chi_share.as_ref(),
         ]
         .concat();
 
@@ -319,10 +319,9 @@ mod tests {
             rng: &mut (impl CryptoRng + RngCore),
         ) -> Vec<Self> {
             // Note: using slightly-biased generation for faster tests
-            let mask_shares =
-                std::iter::repeat_with(|| Scalar::generate_biased(StdRng::from_seed(rng.gen())))
-                    .take(keygen_outputs.len())
-                    .collect::<Vec<_>>();
+            let mask_shares = std::iter::repeat_with(|| Scalar::generate_biased(rng))
+                .take(keygen_outputs.len())
+                .collect::<Vec<_>>();
             let mask = mask_shares
                 .iter()
                 .fold(Scalar::ZERO, |sum, mask_share| sum + mask_share);
@@ -439,9 +438,9 @@ mod tests {
         let back = [
             point.as_slice(),
             &random_share_len,
-            &random_share,
+            random_share.as_ref(),
             &chi_share_len,
-            &chi_share,
+            chi_share.as_ref(),
         ]
         .concat();
 
@@ -479,16 +478,17 @@ mod tests {
         let random_share_len = random_share.len().to_le_bytes();
 
         let chi_share = chi.to_bytes();
+
         let front = [
             RECORD_TAG,
             &point_len,
             &point,
             &random_share_len,
-            &random_share,
+            random_share.as_ref(),
         ]
         .concat();
 
-        test_length_field(&front, chi_share.len(), &chi_share)
+        test_length_field(&front, chi_share.len(), chi_share.as_ref())
     }
 
     #[test]
@@ -534,7 +534,7 @@ mod tests {
             &point_len,
             &point,
             &random_share_len,
-            &random_share,
+            random_share.as_ref(),
             &chi_share_len,
         ]
         .concat();
@@ -545,7 +545,7 @@ mod tests {
             &point_len,
             &point,
             &random_share_len,
-            &random_share,
+            random_share.as_ref(),
             &zero_len,
         ]
         .concat();
@@ -557,9 +557,9 @@ mod tests {
             &point_len,
             &point,
             &random_share_len,
-            &random_share,
+            random_share.as_ref(),
             &chi_share_len,
-            &chi_share,
+            chi_share.as_ref(),
         ]
         .concat();
         assert!(PresignRecord::try_from_bytes(bytes).is_ok());

diff --git a/src/protocol.rs b/src/protocol.rs
@@ -18,7 +18,7 @@ use crate::{
     utils::{k256_order, CurvePoint},
     zkp::ProofContext,
 };
-use k256::elliptic_curve::IsHigh;
+use k256::elliptic_curve::scalar::IsHigh;
 use libpaillier::unknown_order::BigNumber;
 use rand::{CryptoRng, Rng, RngCore};
 use serde::{Deserialize, Serialize};
@@ -653,7 +653,7 @@ mod tests {
         auxinfo::AuxInfoParticipant, keygen::KeygenParticipant, participant::Status, presign,
         utils::testing::init_testing, PresignParticipant,
     };
-    use k256::ecdsa::signature::DigestVerifier;
+    use k256::ecdsa::signature::{DigestVerifier, Verifier};
     use rand::seq::IteratorRandom;
     use sha2::{Digest, Sha256};
     use std::collections::HashMap;
@@ -1005,6 +1005,9 @@ mod tests {
 
         // Moment of truth, does the signature verify?
         assert!(saved_public_key.verify_digest(hasher, &signature).is_ok());
+        assert!(saved_public_key
+            .verify(b"some test message", &signature)
+            .is_ok());
 
         #[cfg(feature = "flame_it")]
         flame::dump_html(&mut std::fs::File::create("dev/flame-graph.html").unwrap()).unwrap();

diff --git a/src/sign/non_interactive_sign/participant.rs b/src/sign/non_interactive_sign/participant.rs
@@ -10,7 +10,7 @@ use std::collections::HashSet;
 use generic_array::{typenum::U32, GenericArray};
 use k256::{
     ecdsa::{signature::DigestVerifier, VerifyingKey},
-    elliptic_curve::{ops::Reduce, subtle::ConditionallySelectable, IsHigh},
+    elliptic_curve::{ops::Reduce, scalar::IsHigh, subtle::ConditionallySelectable},
     Scalar, U256,
 };
 use rand::{CryptoRng, RngCore};
@@ -327,7 +327,7 @@ impl SignParticipant {
 
         // Interpret the message digest as an integer mod `q`. This matches the way that
         // the k256 library converts a digest to a scalar.
-        let digest = <Scalar as Reduce<U256>>::from_be_bytes_reduced(self.input.digest());
+        let digest = <Scalar as Reduce<U256>>::reduce_bytes(&self.input.digest());
 
         // Compute the x-projection of `R` from the `PresignRecord`
         let x_projection = record.x_projection()?;
@@ -420,7 +420,7 @@ mod test {
 
     use k256::{
         ecdsa::signature::{DigestVerifier, Verifier},
-        elliptic_curve::{ops::Reduce, subtle::ConditionallySelectable, IsHigh},
+        elliptic_curve::{ops::Reduce, scalar::IsHigh, subtle::ConditionallySelectable},
         Scalar, U256,
     };
     use rand::{CryptoRng, Rng, RngCore};
@@ -496,7 +496,7 @@ mod test {
 
         let r = records[0].x_projection().unwrap();
 
-        let m = <Scalar as Reduce<U256>>::from_be_bytes_reduced(Sha256::digest(message));
+        let m = <Scalar as Reduce<U256>>::reduce_bytes(&Sha256::digest(message));
 
         let mut s = k * (m + r * secret_key);
         s.conditional_assign(&s.negate(), s.is_high());
@@ -508,7 +508,7 @@ mod test {
 
         assert!(public_key.verify(message, &signature).is_ok());
         assert!(public_key
-            .verify_digest(Sha256::new().chain(message), &signature)
+            .verify_digest(Sha256::new().chain_update(message), &signature)
             .is_ok());
         signature
     }
@@ -526,7 +526,7 @@ mod test {
         let presign_records = PresignRecord::simulate_set(&keygen_outputs, rng);
 
         let message = b"the quick brown fox jumped over the lazy dog";
-        let message_digest = sha2::Sha256::new().chain(message);
+        let message_digest = sha2::Sha256::new().chain_update(message);
 
         // Save some things for later -- a signature constructucted from the records and
         // the public key
@@ -614,9 +614,11 @@ mod test {
         // Verify that we have a valid signature under the public key for the `message`
         assert!(public_key.verify(message, distributed_sig.as_ref()).is_ok());
         assert!(public_key
-            .verify_digest(Sha256::new().chain(message), distributed_sig.as_ref())
+            .verify_digest(
+                Sha256::new().chain_update(message),
+                distributed_sig.as_ref()
+            )
             .is_ok());
-
         Ok(())
     }
 }