serai-dex · kayabaNerve · Aug 14, 2022 · Aug 14, 2022 · Aug 14, 2022 · Aug 14, 2022
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -2,9 +2,12 @@
 members = [
   "crypto/transcript",
 
+  "crypto/curve",
   "crypto/dalek-ff-group",
+
   "crypto/multiexp",
 
+  "crypto/schnorr",
   "crypto/dleq",
   "crypto/frost",
 

diff --git a/coins/ethereum/src/crypto.rs b/coins/ethereum/src/crypto.rs
@@ -6,7 +6,7 @@ use k256::{
   AffinePoint, ProjectivePoint, Scalar, U256,
 };
 
-use frost::{algorithm::Hram, curve::Secp256k1};
+use frost::algorithm::Hram;
 
 pub fn keccak256(data: &[u8]) -> [u8; 32] {
   Keccak256::digest(data).try_into().unwrap()
@@ -47,7 +47,7 @@ pub fn ecrecover(message: Scalar, v: u8, r: Scalar, s: Scalar) -> Option<[u8; 20
 
 #[derive(Clone, Default)]
 pub struct EthereumHram {}
-impl Hram<Secp256k1> for EthereumHram {
+impl Hram<ProjectivePoint> for EthereumHram {
   #[allow(non_snake_case)]
   fn hram(R: &ProjectivePoint, A: &ProjectivePoint, m: &[u8]) -> Scalar {
     let a_encoded_point = A.to_encoded_point(true);

diff --git a/coins/ethereum/tests/contract.rs b/coins/ethereum/tests/contract.rs
@@ -19,11 +19,10 @@ async fn test_ecrecover_hack() {
   use ethers::utils::keccak256;
   use frost::{
     algorithm::Schnorr,
-    curve::Secp256k1,
     tests::{algorithm_machines, key_gen, sign},
   };
   use k256::elliptic_curve::bigint::ArrayEncoding;
-  use k256::{Scalar, U256};
+  use k256::{U256, Scalar, ProjectivePoint};
   use rand_core::OsRng;
 
   let anvil = Anvil::new().spawn();
@@ -33,7 +32,7 @@ async fn test_ecrecover_hack() {
   let chain_id = provider.get_chainid().await.unwrap();
   let client = Arc::new(SignerMiddleware::new(provider, wallet));
 
-  let keys = key_gen::<_, Secp256k1>(&mut OsRng);
+  let keys = key_gen::<_, ProjectivePoint>(&mut OsRng);
   let group_key = keys[&1].group_key();
 
   const MESSAGE: &'static [u8] = b"Hello, World!";
@@ -44,7 +43,7 @@ async fn test_ecrecover_hack() {
 
   let sig = sign(
     &mut OsRng,
-    algorithm_machines(&mut OsRng, Schnorr::<Secp256k1, crypto::EthereumHram>::new(), &keys),
+    algorithm_machines(&mut OsRng, Schnorr::<ProjectivePoint, crypto::EthereumHram>::new(), &keys),
     full_message,
   );
   let mut processed_sig =

diff --git a/coins/ethereum/tests/crypto.rs b/coins/ethereum/tests/crypto.rs
@@ -1,10 +1,10 @@
-use ethereum_serai::crypto::*;
-use frost::curve::Secp256k1;
 use k256::{
   elliptic_curve::{bigint::ArrayEncoding, ops::Reduce, sec1::ToEncodedPoint},
   ProjectivePoint, Scalar, U256,
 };
 
+use ethereum_serai::crypto::*;
+
 #[test]
 fn test_ecrecover() {
   use k256::ecdsa::{
@@ -35,14 +35,14 @@ fn test_signing() {
   };
   use rand_core::OsRng;
 
-  let keys = key_gen::<_, Secp256k1>(&mut OsRng);
+  let keys = key_gen::<_, ProjectivePoint>(&mut OsRng);
   let _group_key = keys[&1].group_key();
 
   const MESSAGE: &'static [u8] = b"Hello, World!";
 
   let _sig = sign(
     &mut OsRng,
-    algorithm_machines(&mut OsRng, Schnorr::<Secp256k1, EthereumHram>::new(), &keys),
+    algorithm_machines(&mut OsRng, Schnorr::<ProjectivePoint, EthereumHram>::new(), &keys),
     MESSAGE,
   );
 }
@@ -55,7 +55,7 @@ fn test_ecrecover_hack() {
   };
   use rand_core::OsRng;
 
-  let keys = key_gen::<_, Secp256k1>(&mut OsRng);
+  let keys = key_gen::<_, ProjectivePoint>(&mut OsRng);
   let group_key = keys[&1].group_key();
   let group_key_encoded = group_key.to_encoded_point(true);
   let group_key_compressed = group_key_encoded.as_ref();
@@ -69,7 +69,7 @@ fn test_ecrecover_hack() {
 
   let sig = sign(
     &mut OsRng,
-    algorithm_machines(&mut OsRng, Schnorr::<Secp256k1, EthereumHram>::new(), &keys),
+    algorithm_machines(&mut OsRng, Schnorr::<ProjectivePoint, EthereumHram>::new(), &keys),
     full_message,
   );
 

diff --git a/coins/monero/src/frost.rs b/coins/monero/src/frost.rs
@@ -34,7 +34,7 @@ pub(crate) fn write_dleq<R: RngCore + CryptoRng>(
   mut x: Scalar,
 ) -> Vec<u8> {
   let mut res = Vec::with_capacity(64);
-  DLEqProof::prove(
+  DLEqProof::<dfg::EdwardsPoint>::prove(
     rng,
     // Doesn't take in a larger transcript object due to the usage of this
     // Every prover would immediately write their own DLEq proof, when they can only do so in

diff --git a/coins/monero/src/ringct/bulletproofs/mod.rs b/coins/monero/src/ringct/bulletproofs/mod.rs
@@ -2,8 +2,6 @@
 
 use rand_core::{RngCore, CryptoRng};
 
-use zeroize::Zeroize;
-
 use curve25519_dalek::edwards::EdwardsPoint;
 use multiexp::BatchVerifier;
 
@@ -75,16 +73,15 @@ impl Bulletproofs {
   }
 
   #[must_use]
-  pub fn batch_verify<ID: Copy + Zeroize, R: RngCore + CryptoRng>(
+  pub fn batch_verify<ID: Copy>(
     &self,
-    rng: &mut R,
     verifier: &mut BatchVerifier<ID, dalek_ff_group::EdwardsPoint>,
     id: ID,
     commitments: &[EdwardsPoint],
   ) -> bool {
     match self {
-      Bulletproofs::Original(bp) => bp.batch_verify(rng, verifier, id, commitments),
-      Bulletproofs::Plus(bp) => bp.batch_verify(rng, verifier, id, commitments),
+      Bulletproofs::Original(bp) => bp.batch_verify(verifier, id, commitments),
+      Bulletproofs::Plus(bp) => bp.batch_verify(verifier, id, commitments),
     }
   }
 

diff --git a/coins/monero/src/ringct/bulletproofs/original.rs b/coins/monero/src/ringct/bulletproofs/original.rs
@@ -168,9 +168,8 @@ impl OriginalStruct {
   }
 
   #[must_use]
-  fn verify_core<ID: Copy + Zeroize, R: RngCore + CryptoRng>(
+  fn verify_core<ID: Copy>(
     &self,
-    rng: &mut R,
     verifier: &mut BatchVerifier<ID, EdwardsPoint>,
     id: ID,
     commitments: &[DalekPoint],
@@ -246,7 +245,7 @@ impl OriginalStruct {
 
     proof.push((x, T1));
     proof.push((x * x, T2));
-    verifier.queue(&mut *rng, id, proof);
+    verifier.queue(id, proof);
 
     proof = Vec::with_capacity(4 + (2 * (MN + logMN)));
     let z3 = (Scalar(self.t) - (Scalar(self.a) * Scalar(self.b))) * x_ip;
@@ -277,7 +276,7 @@ impl OriginalStruct {
       proof.push((w[i] * w[i], L[i]));
       proof.push((winv[i] * winv[i], R[i]));
     }
-    verifier.queue(rng, id, proof);
+    verifier.queue(id, proof);
 
     true
   }
@@ -289,21 +288,20 @@ impl OriginalStruct {
     commitments: &[DalekPoint],
   ) -> bool {
     let mut verifier = BatchVerifier::new(1);
-    if self.verify_core(rng, &mut verifier, (), commitments) {
-      verifier.verify_vartime()
+    if self.verify_core(&mut verifier, (), commitments) {
+      verifier.verify_vartime(rng)
     } else {
       false
     }
   }
 
   #[must_use]
-  pub(crate) fn batch_verify<ID: Copy + Zeroize, R: RngCore + CryptoRng>(
+  pub(crate) fn batch_verify<ID: Copy>(
     &self,
-    rng: &mut R,
     verifier: &mut BatchVerifier<ID, EdwardsPoint>,
     id: ID,
     commitments: &[DalekPoint],
   ) -> bool {
-    self.verify_core(rng, verifier, id, commitments)
+    self.verify_core(verifier, id, commitments)
   }
 }
diff --git a/coins/monero/src/ringct/bulletproofs/plus.rs b/coins/monero/src/ringct/bulletproofs/plus.rs
@@ -177,9 +177,8 @@ impl PlusStruct {
   }
 
   #[must_use]
-  fn verify_core<ID: Copy + Zeroize, R: RngCore + CryptoRng>(
+  fn verify_core<ID: Copy>(
     &self,
-    rng: &mut R,
     verifier: &mut BatchVerifier<ID, EdwardsPoint>,
     id: ID,
     commitments: &[DalekPoint],
@@ -284,7 +283,7 @@ impl PlusStruct {
       proof.push((minus_esq * winv[i] * winv[i], R[i]));
     }
 
-    verifier.queue(rng, id, proof);
+    verifier.queue(id, proof);
     true
   }
 
@@ -295,21 +294,20 @@ impl PlusStruct {
     commitments: &[DalekPoint],
   ) -> bool {
     let mut verifier = BatchVerifier::new(1);
-    if self.verify_core(rng, &mut verifier, (), commitments) {
-      verifier.verify_vartime()
+    if self.verify_core(&mut verifier, (), commitments) {
+      verifier.verify_vartime(rng)
     } else {
       false
     }
   }
 
   #[must_use]
-  pub(crate) fn batch_verify<ID: Copy + Zeroize, R: RngCore + CryptoRng>(
+  pub(crate) fn batch_verify<ID: Copy>(
     &self,
-    rng: &mut R,
     verifier: &mut BatchVerifier<ID, EdwardsPoint>,
     id: ID,
     commitments: &[DalekPoint],
   ) -> bool {
-    self.verify_core(rng, verifier, id, commitments)
+    self.verify_core(verifier, id, commitments)
   }
 }
diff --git a/coins/monero/src/ringct/clsag/multisig.rs b/coins/monero/src/ringct/clsag/multisig.rs
@@ -19,7 +19,7 @@ use curve25519_dalek::{
 use group::Group;
 
 use transcript::{Transcript, RecommendedTranscript};
-use frost::{curve::Ed25519, FrostError, FrostView, algorithm::Algorithm};
+use frost::{FrostError, FrostView, algorithm::Algorithm};
 use dalek_ff_group as dfg;
 
 use crate::{
@@ -124,7 +124,7 @@ impl ClsagMultisig {
   }
 }
 
-impl Algorithm<Ed25519> for ClsagMultisig {
+impl Algorithm<dfg::EdwardsPoint> for ClsagMultisig {
   type Transcript = RecommendedTranscript;
   type Signature = (Clsag, EdwardsPoint);
 
@@ -135,7 +135,7 @@ impl Algorithm<Ed25519> for ClsagMultisig {
   fn preprocess_addendum<R: RngCore + CryptoRng>(
     &mut self,
     rng: &mut R,
-    view: &FrostView<Ed25519>,
+    view: &FrostView<dfg::EdwardsPoint>,
   ) -> Vec<u8> {
     let mut serialized = Vec::with_capacity(Self::serialized_len());
     serialized.extend((view.secret_share().0 * self.H).compress().to_bytes());
@@ -145,7 +145,7 @@ impl Algorithm<Ed25519> for ClsagMultisig {
 
   fn process_addendum<Re: Read>(
     &mut self,
-    view: &FrostView<Ed25519>,
+    view: &FrostView<dfg::EdwardsPoint>,
     l: u16,
     serialized: &mut Re,
   ) -> Result<(), FrostError> {
@@ -171,7 +171,7 @@ impl Algorithm<Ed25519> for ClsagMultisig {
 
   fn sign_share(
     &mut self,
-    view: &FrostView<Ed25519>,
+    view: &FrostView<dfg::EdwardsPoint>,
     nonce_sums: &[Vec<dfg::EdwardsPoint>],
     nonces: &[dfg::Scalar],
     msg: &[u8],

diff --git a/coins/monero/src/tests/bulletproofs.rs b/coins/monero/src/tests/bulletproofs.rs
@@ -76,9 +76,9 @@ macro_rules! bulletproofs_tests {
 
         let commitments = commitments.iter().map(Commitment::calculate).collect::<Vec<_>>();
         assert!(bp.verify(&mut OsRng, &commitments));
-        assert!(bp.batch_verify(&mut OsRng, &mut verifier, i, &commitments));
+        assert!(bp.batch_verify(&mut verifier, i, &commitments));
       }
-      assert!(verifier.verify_vartime());
+      assert!(verifier.verify_vartime(&mut OsRng));
     }
 
     #[test]

diff --git a/coins/monero/src/tests/clsag.rs b/coins/monero/src/tests/clsag.rs
@@ -8,7 +8,7 @@ use curve25519_dalek::{constants::ED25519_BASEPOINT_TABLE, scalar::Scalar};
 #[cfg(feature = "multisig")]
 use transcript::{Transcript, RecommendedTranscript};
 #[cfg(feature = "multisig")]
-use frost::curve::Ed25519;
+use dalek_ff_group::EdwardsPoint;
 
 use crate::{
   Commitment, random_scalar,
@@ -80,7 +80,7 @@ fn clsag() {
 #[cfg(feature = "multisig")]
 #[test]
 fn clsag_multisig() -> Result<(), MultisigError> {
-  let keys = key_gen::<_, Ed25519>(&mut OsRng);
+  let keys = key_gen::<_, EdwardsPoint>(&mut OsRng);
 
   let randomness = random_scalar(&mut OsRng);
   let mut ring = vec![];