update to frost-rerandomized 2.0.0-rc.0

Cargo.toml

@@ -31,7 +31,7 @@ pasta_curves = { version = "0.5", default-features = false }
 rand_core = { version = "0.6", default-features = false }
 serde = { version = "1", optional = true, features = ["derive"] }
 thiserror = { version = "1.0", optional = true }
-frost-rerandomized = { version = "1.0.0", optional = true }
+frost-rerandomized = { version = "2.0.0-rc.0", optional = true }
 
 [dependencies.zeroize]
 version = "1"
@@ -50,7 +50,7 @@ rand_chacha = "0.3"
 serde_json = "1.0"
 num-bigint = "0.4.5"
 num-traits = "0.2.19"
-frost-rerandomized = { version = "1.0.0", features = ["test-impl"] }
+frost-rerandomized = { version = "2.0.0-rc.0", features = ["test-impl"] }
 
 # `alloc` is only used in test code
 [dev-dependencies.pasta_curves]

src/frost/redjubjub.rs

@@ -94,8 +94,11 @@ impl Group for JubjubGroup {
         sapling::SpendAuth::basepoint()
     }
 
-    fn serialize(element: &Self::Element) -> Self::Serialization {
-        element.to_bytes()
+    fn serialize(element: &Self::Element) -> Result<Self::Serialization, GroupError> {
+        if *element == Self::identity() {
+            return Err(GroupError::InvalidIdentityElement);
+        }
+        Ok(element.to_bytes())
     }
 
     fn deserialize(buf: &Self::Serialization) -> Result<Self::Element, GroupError> {

src/frost/redpallas.rs

@@ -104,8 +104,11 @@ impl Group for PallasGroup {
         orchard::SpendAuth::basepoint()
     }
 
-    fn serialize(element: &Self::Element) -> Self::Serialization {
-        element.to_bytes()
+    fn serialize(element: &Self::Element) -> Result<Self::Serialization, GroupError> {
+        if *element == Self::identity() {
+            return Err(GroupError::InvalidIdentityElement);
+        }
+        Ok(element.to_bytes())
     }
 
     fn deserialize(buf: &Self::Serialization) -> Result<Self::Element, GroupError> {
@@ -331,8 +334,11 @@ pub mod keys {
     impl EvenY for PublicKeyPackage {
         fn has_even_y(&self) -> bool {
             let verifying_key = self.verifying_key();
-            let verifying_key_serialized = verifying_key.serialize();
-            verifying_key_serialized[31] & 0x80 == 0
+            match verifying_key.serialize() {
+                Ok(verifying_key_serialized) => verifying_key_serialized[31] & 0x80 == 0,
+                // If serialization fails then it's the identity point, which has even Y
+                Err(_) => true,
+            }
         }
 
         fn into_even_y(self, is_even: Option<bool>) -> Self {
@@ -378,7 +384,10 @@ pub mod keys {
                     .commitment()
                     .coefficients()
                     .iter()
-                    .map(|e| <PallasBlake2b512 as Ciphersuite>::Group::serialize(&-e.value()))
+                    .map(|e| {
+                        <PallasBlake2b512 as Ciphersuite>::Group::serialize(&-e.value())
+                            .expect("none of the coefficients commitments are the identity")
+                    })
                     .collect();
                 let commitments = VerifiableSecretSharingCommitment::deserialize(coefficients)
                     .expect("Should work since they were just serialized");
@@ -392,8 +401,11 @@ pub mod keys {
     impl EvenY for KeyPackage {
         fn has_even_y(&self) -> bool {
             let pubkey = self.verifying_key();
-            let pubkey_serialized = pubkey.serialize();
-            pubkey_serialized[31] & 0x80 == 0
+            match pubkey.serialize() {
+                Ok(pubkey_serialized) => pubkey_serialized[31] & 0x80 == 0,
+                // If serialization fails then it's the identity point, which has even Y
+                Err(_) => true,
+            }
         }
 
         fn into_even_y(self, is_even: Option<bool>) -> Self {

src/hash.rs

@@ -28,7 +28,7 @@ impl<T: SigType> Default for HStar<T> {
             .to_state();
         Self {
             state,
-            _marker: PhantomData::default(),
+            _marker: PhantomData,
         }
     }
 }
@@ -43,7 +43,7 @@ impl<T: SigType> HStar<T> {
             .to_state();
         Self {
             state,
-            _marker: PhantomData::default(),
+            _marker: PhantomData,
         }
     }
 

tests/frost_redjubjub.rs

@@ -1,8 +1,10 @@
 #![cfg(feature = "frost")]
 
-use frost_rerandomized::frost_core::{Ciphersuite, Group, GroupError};
+use group::GroupEncoding;
 use rand::thread_rng;
 
+use frost_rerandomized::frost_core::{Ciphersuite, Group, GroupError};
+
 use reddsa::{frost::redjubjub::JubjubBlake2b512, sapling};
 
 #[test]
@@ -26,11 +28,11 @@ fn check_randomized_sign_with_dealer() {
     // public key (interoperability test)
 
     let sig = {
-        let bytes: [u8; 64] = group_signature.serialize().as_ref().try_into().unwrap();
+        let bytes: [u8; 64] = group_signature.serialize().unwrap().try_into().unwrap();
         reddsa::Signature::<sapling::SpendAuth>::from(bytes)
     };
     let pk_bytes = {
-        let bytes: [u8; 32] = group_pubkey.serialize().as_ref().try_into().unwrap();
+        let bytes: [u8; 32] = group_pubkey.serialize().unwrap().try_into().unwrap();
         reddsa::VerificationKeyBytes::<sapling::SpendAuth>::from(bytes)
     };
 
@@ -54,18 +56,21 @@ fn check_sign_with_dkg() {
 
 #[test]
 fn check_deserialize_identity() {
-    let encoded_identity = <JubjubBlake2b512 as Ciphersuite>::Group::serialize(
+    let r = <JubjubBlake2b512 as Ciphersuite>::Group::serialize(
         &<JubjubBlake2b512 as Ciphersuite>::Group::identity(),
     );
-    let r = <JubjubBlake2b512 as Ciphersuite>::Group::deserialize(&encoded_identity);
+    assert_eq!(r, Err(GroupError::InvalidIdentityElement));
+    let raw_identity = <JubjubBlake2b512 as Ciphersuite>::Group::identity();
+    let r = <JubjubBlake2b512 as Ciphersuite>::Group::deserialize(&raw_identity.to_bytes());
     assert_eq!(r, Err(GroupError::InvalidIdentityElement));
 }
 
 #[test]
 fn check_deserialize_non_canonical() {
     let encoded_generator = <JubjubBlake2b512 as Ciphersuite>::Group::serialize(
         &<JubjubBlake2b512 as Ciphersuite>::Group::generator(),
-    );
+    )
+    .unwrap();
     let r = <JubjubBlake2b512 as Ciphersuite>::Group::deserialize(&encoded_generator);
     assert!(r.is_ok());
 

tests/frost_redpallas.rs

@@ -2,9 +2,11 @@
 
 use std::collections::BTreeMap;
 
-use frost_rerandomized::frost_core::{self as frost, Ciphersuite, Group, GroupError};
+use group::GroupEncoding;
 use rand::thread_rng;
 
+use frost_rerandomized::frost_core::{self as frost, Ciphersuite, Group, GroupError};
+
 use reddsa::{
     frost::redpallas::{keys::EvenY, PallasBlake2b512},
     orchard,
@@ -28,11 +30,11 @@ fn check_randomized_sign_with_dealer() {
     // public key (interoperability test)
 
     let sig = {
-        let bytes: [u8; 64] = group_signature.serialize().as_ref().try_into().unwrap();
+        let bytes: [u8; 64] = group_signature.serialize().unwrap().try_into().unwrap();
         reddsa::Signature::<orchard::SpendAuth>::from(bytes)
     };
     let pk_bytes = {
-        let bytes: [u8; 32] = group_pubkey.serialize().as_ref().try_into().unwrap();
+        let bytes: [u8; 32] = group_pubkey.serialize().unwrap().try_into().unwrap();
         reddsa::VerificationKeyBytes::<orchard::SpendAuth>::from(bytes)
     };
 
@@ -53,18 +55,21 @@ fn check_sign_with_dkg() {
 
 #[test]
 fn check_deserialize_identity() {
-    let encoded_identity = <PallasBlake2b512 as Ciphersuite>::Group::serialize(
+    let r = <PallasBlake2b512 as Ciphersuite>::Group::serialize(
         &<PallasBlake2b512 as Ciphersuite>::Group::identity(),
     );
-    let r = <PallasBlake2b512 as Ciphersuite>::Group::deserialize(&encoded_identity);
+    assert_eq!(r, Err(GroupError::InvalidIdentityElement));
+    let raw_identity = <PallasBlake2b512 as Ciphersuite>::Group::identity();
+    let r = <PallasBlake2b512 as Ciphersuite>::Group::deserialize(&raw_identity.to_bytes());
     assert_eq!(r, Err(GroupError::InvalidIdentityElement));
 }
 
 #[test]
 fn check_deserialize_non_canonical() {
     let encoded_generator = <PallasBlake2b512 as Ciphersuite>::Group::serialize(
         &<PallasBlake2b512 as Ciphersuite>::Group::generator(),
-    );
+    )
+    .unwrap();
     let r = <PallasBlake2b512 as Ciphersuite>::Group::deserialize(&encoded_generator);
     assert!(r.is_ok());