From 394059514f4d3f8d2548b2d5132f8befbce2a0b1 Mon Sep 17 00:00:00 2001 From: Jeff Burdges Date: Tue, 30 Jul 2024 19:08:41 +0200 Subject: [PATCH] Remove the FRO of FROST aka the dangerous 1-round We could expose this behind some HAZMAT feature I guess, not sure. --- src/olaf/multisig/mod.rs | 5 ++++- src/olaf/multisig/types.rs | 18 +++++++++++------- 2 files changed, 15 insertions(+), 8 deletions(-) diff --git a/src/olaf/multisig/mod.rs b/src/olaf/multisig/mod.rs index 0e5fdce..2ef8582 100644 --- a/src/olaf/multisig/mod.rs +++ b/src/olaf/multisig/mod.rs @@ -38,7 +38,9 @@ impl SigningKeypair { /// perform the first round. Batching entails generating more than one /// nonce/commitment pair at a time. Nonces should be stored in secret storage /// for later use, whereas the commitments are published. - pub fn preprocess(&self, num_nonces: u8) -> (Vec, Vec) { + /// + /// TODO: Already made private, next remove Vec or make HAZMAT + fn preprocess(&self, num_nonces: u8) -> (Vec, Vec) { let mut rng = getrandom_or_panic(); let mut signing_nonces: Vec = Vec::with_capacity(num_nonces as usize); let mut signing_commitments: Vec = @@ -476,6 +478,7 @@ mod tests { aggregate(&signing_packages).unwrap(); } + // Test is likely HAZMAT #[test] fn test_preprocessing_frost_with_simplpedpop() { let parameters = generate_parameters(); diff --git a/src/olaf/multisig/types.rs b/src/olaf/multisig/types.rs index 01ca045..dbbf14d 100644 --- a/src/olaf/multisig/types.rs +++ b/src/olaf/multisig/types.rs @@ -133,7 +133,7 @@ impl BindingFactorList { } /// A scalar that is a signing nonce. -#[derive(Debug, Clone, ZeroizeOnDrop, PartialEq, Eq)] +#[derive(Debug, ZeroizeOnDrop, PartialEq, Eq)] pub(super) struct Nonce(pub(super) Scalar); impl Nonce { @@ -167,6 +167,7 @@ impl Nonce { Self(transcript.challenge_scalar(b"nonce")) } + /* HAZMAT fn to_bytes(&self) -> [u8; SCALAR_LENGTH] { self.0.to_bytes() } @@ -174,6 +175,7 @@ impl Nonce { fn from_bytes(bytes: [u8; SCALAR_LENGTH]) -> Self { Nonce(Scalar::from_bytes_mod_order(bytes)) } + */ } /// A group element that is a commitment to a signing nonce share. @@ -207,7 +209,7 @@ impl From<&Nonce> for NonceCommitment { /// Note that [`SigningNonces`] must be used *only once* for a signing /// operation; re-using nonces will result in leakage of a signer's long-lived /// signing key. -#[derive(Debug, Clone, ZeroizeOnDrop, PartialEq, Eq)] +#[derive(Debug, ZeroizeOnDrop, PartialEq, Eq)] pub struct SigningNonces { pub(super) hiding: Nonce, pub(super) binding: Nonce, @@ -234,6 +236,7 @@ impl SigningNonces { Self::from_nonces(hiding, binding) } + /* HAZMAT /// Serializes SigningNonces into bytes. pub fn to_bytes(self) -> Vec { let mut bytes = Vec::new(); @@ -265,6 +268,7 @@ impl SigningNonces { Ok(Self { hiding, binding, commitments }) } + */ /// Generates a new [`SigningNonces`] from a pair of [`Nonce`]. /// @@ -500,7 +504,7 @@ mod tests { olaf::{simplpedpop::AllMessage, test_utils::generate_parameters}, Keypair, PublicKey, }; - use super::{SigningCommitments, SigningNonces, SigningPackage}; + use super::{SigningCommitments, SigningPackage}; // SigningNonces #[test] fn test_round1_serialization() { @@ -521,15 +525,15 @@ mod tests { let spp_output = keypairs[0].simplpedpop_recipient_all(&all_messages).unwrap(); - let (signing_nonces, signing_commitments) = spp_output.1.commit(); + let (_signing_nonces, signing_commitments) = spp_output.1.commit(); - let nonces_bytes = signing_nonces.clone().to_bytes(); + // HAZMAT: let nonces_bytes = signing_nonces.clone().to_bytes(); let commitments_bytes = signing_commitments.clone().to_bytes(); - let deserialized_nonces = SigningNonces::from_bytes(&nonces_bytes).unwrap(); + // HAZMAT: let deserialized_nonces = SigningNonces::from_bytes(&nonces_bytes).unwrap(); let deserialized_commitments = SigningCommitments::from_bytes(&commitments_bytes).unwrap(); - assert_eq!(signing_nonces, deserialized_nonces); + // HAZMAT: assert_eq!(signing_nonces, deserialized_nonces); assert_eq!(signing_commitments, deserialized_commitments); }