ZcashFoundation · conradoplg · Jul 11, 2023 · Jul 4, 2023
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,12 @@
 
 Entries are listed in reverse chronological order.
 
+## 0.5.1
+
+* MSRV is now 1.65.0
+* Refactor & optimize the NAF (#63)
+* Updated `frost-rerandomized` to 0.6.0 (#67)
+
 ## 0.5.0
 
 * Add Pallas and Jubjub ciphersuites and FROST support (#33)

diff --git a/Cargo.toml b/Cargo.toml
@@ -1,11 +1,11 @@
 [package]
 name = "reddsa"
 edition = "2021"
-rust-version = "1.60"
+rust-version = "1.65"
 # When releasing to crates.io:
 # - Update CHANGELOG.md
 # - Create git tag.
-version = "0.5.0"
+version = "0.5.1"
 authors = [
     "Henry de Valence <hdevalence@hdevalence.ca>",
     "Deirdre Connolly <durumcrustulum@gmail.com>",
@@ -33,7 +33,7 @@ pasta_curves = { version = "0.5", default-features = false }
 rand_core = { version = "0.6", default-features = false }
 serde = { version = "1", optional = true, features = ["derive"] }
 thiserror = { version = "1.0", optional = true }
-frost-rerandomized = { version = "0.2", optional = true }
+frost-rerandomized = { version = "0.6.0", optional = true }
 
 [dependencies.zeroize]
 version = "1"
@@ -50,7 +50,7 @@ proptest = "1.0"
 rand = "0.8"
 rand_chacha = "0.3"
 serde_json = "1.0"
-frost-rerandomized = { version = "0.2", features=["test-impl"] }
+frost-rerandomized = { version = "0.6.0", features=["test-impl"] }
 num-bigint = "0.4.3"
 num-traits = "0.2.15"
 

diff --git a/rust-toolchain b/rust-toolchain
@@ -1 +1 @@
-1.60.0
+1.65.0
diff --git a/src/frost/redjubjub.rs b/src/frost/redjubjub.rs
@@ -2,6 +2,8 @@
 #![allow(non_snake_case)]
 #![deny(missing_docs)]
 
+use std::collections::HashMap;
+
 use group::GroupEncoding;
 #[cfg(feature = "alloc")]
 use group::{ff::Field as FFField, ff::PrimeField};
@@ -115,6 +117,8 @@ impl Group for JubjubGroup {
 pub struct JubjubBlake2b512;
 
 impl Ciphersuite for JubjubBlake2b512 {
+    const ID: &'static str = "FROST(Jubjub, BLAKE2b-512)";
+
     type Group = JubjubGroup;
 
     type HashOutput = [u8; 64];
@@ -180,14 +184,18 @@ pub mod keys {
 
     use super::*;
 
+    /// The identifier list to use when generating key shares.
+    pub type IdentifierList<'a> = frost::keys::IdentifierList<'a, J>;
+
     /// Allows all participants' keys to be generated using a central, trusted
     /// dealer.
-    pub fn keygen_with_dealer<RNG: RngCore + CryptoRng>(
+    pub fn generate_with_dealer<RNG: RngCore + CryptoRng>(
         max_signers: u16,
         min_signers: u16,
+        identifiers: IdentifierList,
         mut rng: RNG,
     ) -> Result<(HashMap<Identifier, SecretShare>, PublicKeyPackage), Error> {
-        frost::keys::keygen_with_dealer(max_signers, min_signers, &mut rng)
+        frost::keys::generate_with_dealer(max_signers, min_signers, identifiers, &mut rng)
     }
 
     /// Secret and public key material generated by a dealer performing
@@ -237,14 +245,13 @@ pub mod round1 {
     /// Generates the signing nonces and commitments to be used in the signing
     /// operation.
     pub fn commit<RNG>(
-        participant_identifier: frost::Identifier<J>,
         secret: &SigningShare<J>,
         rng: &mut RNG,
     ) -> (SigningNonces, SigningCommitments)
     where
         RNG: CryptoRng + RngCore,
     {
-        frost::round1::commit::<J, RNG>(participant_identifier, secret, rng)
+        frost::round1::commit::<J, RNG>(secret, rng)
     }
 }
 
@@ -307,7 +314,7 @@ pub type Signature = frost_rerandomized::frost_core::Signature<J>;
 /// service attack due to publishing an invalid signature.
 pub fn aggregate(
     signing_package: &round2::SigningPackage,
-    signature_shares: &[round2::SignatureShare],
+    signature_shares: &HashMap<Identifier, round2::SignatureShare>,
     pubkeys: &keys::PublicKeyPackage,
     randomized_params: &RandomizedParams<J>,
 ) -> Result<Signature, Error> {

diff --git a/src/frost/redpallas.rs b/src/frost/redpallas.rs
@@ -2,6 +2,8 @@
 #![allow(non_snake_case)]
 #![deny(missing_docs)]
 
+use std::collections::HashMap;
+
 use group::GroupEncoding;
 #[cfg(feature = "alloc")]
 use group::{ff::Field as FFField, ff::PrimeField, Group as FFGroup};
@@ -117,6 +119,8 @@ impl Group for PallasGroup {
 pub struct PallasBlake2b512;
 
 impl Ciphersuite for PallasBlake2b512 {
+    const ID: &'static str = "FROST(Pallas, BLAKE2b-512)";
+
     type Group = PallasGroup;
 
     type HashOutput = [u8; 64];
@@ -182,14 +186,18 @@ pub mod keys {
 
     use super::*;
 
+    /// The identifier list to use when generating key shares.
+    pub type IdentifierList<'a> = frost::keys::IdentifierList<'a, P>;
+
     /// Allows all participants' keys to be generated using a central, trusted
     /// dealer.
-    pub fn keygen_with_dealer<RNG: RngCore + CryptoRng>(
+    pub fn generate_with_dealer<RNG: RngCore + CryptoRng>(
         max_signers: u16,
         min_signers: u16,
+        identifiers: IdentifierList,
         mut rng: RNG,
     ) -> Result<(HashMap<Identifier, SecretShare>, PublicKeyPackage), Error> {
-        frost::keys::keygen_with_dealer(max_signers, min_signers, &mut rng)
+        frost::keys::generate_with_dealer(max_signers, min_signers, identifiers, &mut rng)
     }
 
     /// Secret and public key material generated by a dealer performing
@@ -239,14 +247,13 @@ pub mod round1 {
     /// Generates the signing nonces and commitments to be used in the signing
     /// operation.
     pub fn commit<RNG>(
-        participant_identifier: frost::Identifier<P>,
         secret: &SigningShare<P>,
         rng: &mut RNG,
     ) -> (SigningNonces, SigningCommitments)
     where
         RNG: CryptoRng + RngCore,
     {
-        frost::round1::commit::<P, RNG>(participant_identifier, secret, rng)
+        frost::round1::commit::<P, RNG>(secret, rng)
     }
 }
 
@@ -309,7 +316,7 @@ pub type Signature = frost_rerandomized::frost_core::Signature<P>;
 /// service attack due to publishing an invalid signature.
 pub fn aggregate(
     signing_package: &round2::SigningPackage,
-    signature_shares: &[round2::SignatureShare],
+    signature_shares: &HashMap<Identifier, round2::SignatureShare>,
     pubkeys: &keys::PublicKeyPackage,
     randomized_params: &RandomizedParams<P>,
 ) -> Result<Signature, Error> {

diff --git a/src/orchard/tests.rs b/src/orchard/tests.rs
@@ -1,3 +1,5 @@
+use std::println;
+
 use crate::scalar_mul::{self, VartimeMultiscalarMul};
 use alloc::vec::Vec;
 use group::ff::Field;
@@ -30,7 +32,6 @@ fn orchard_binding_basepoint() {
 #[allow(dead_code)]
 fn gen_pallas_test_vectors() {
     use group::Group;
-    use std::println;
 
     let rng = thread_rng();
 

diff --git a/tests/frost_redjubjub.rs b/tests/frost_redjubjub.rs
@@ -9,7 +9,10 @@ use reddsa::{frost::redjubjub::JubjubBlake2b512, sapling};
 fn check_sign_with_dealer() {
     let rng = thread_rng();
 
-    frost_rerandomized::frost_core::tests::check_sign_with_dealer::<JubjubBlake2b512, _>(rng);
+    frost_rerandomized::frost_core::tests::ciphersuite_generic::check_sign_with_dealer::<
+        JubjubBlake2b512,
+        _,
+    >(rng);
 }
 
 #[test]
@@ -23,11 +26,11 @@ fn check_randomized_sign_with_dealer() {
     // public key (interoperability test)
 
     let sig = {
-        let bytes: [u8; 64] = group_signature.to_bytes().as_ref().try_into().unwrap();
+        let bytes: [u8; 64] = group_signature.serialize().as_ref().try_into().unwrap();
         reddsa::Signature::<sapling::SpendAuth>::from(bytes)
     };
     let pk_bytes = {
-        let bytes: [u8; 32] = group_pubkey.to_bytes().as_ref().try_into().unwrap();
+        let bytes: [u8; 32] = group_pubkey.serialize().as_ref().try_into().unwrap();
         reddsa::VerificationKeyBytes::<sapling::SpendAuth>::from(bytes)
     };
 
@@ -43,7 +46,10 @@ fn check_randomized_sign_with_dealer() {
 fn check_sign_with_dkg() {
     let rng = thread_rng();
 
-    frost_rerandomized::frost_core::tests::check_sign_with_dkg::<JubjubBlake2b512, _>(rng);
+    frost_rerandomized::frost_core::tests::ciphersuite_generic::check_sign_with_dkg::<
+        JubjubBlake2b512,
+        _,
+    >(rng);
 }
 
 #[test]

diff --git a/tests/frost_redpallas.rs b/tests/frost_redpallas.rs
@@ -9,7 +9,10 @@ use reddsa::{frost::redpallas::PallasBlake2b512, orchard};
 fn check_sign_with_dealer() {
     let rng = thread_rng();
 
-    frost_rerandomized::frost_core::tests::check_sign_with_dealer::<PallasBlake2b512, _>(rng);
+    frost_rerandomized::frost_core::tests::ciphersuite_generic::check_sign_with_dealer::<
+        PallasBlake2b512,
+        _,
+    >(rng);
 }
 
 #[test]
@@ -23,11 +26,11 @@ fn check_randomized_sign_with_dealer() {
     // public key (interoperability test)
 
     let sig = {
-        let bytes: [u8; 64] = group_signature.to_bytes().as_ref().try_into().unwrap();
+        let bytes: [u8; 64] = group_signature.serialize().as_ref().try_into().unwrap();
         reddsa::Signature::<orchard::SpendAuth>::from(bytes)
     };
     let pk_bytes = {
-        let bytes: [u8; 32] = group_pubkey.to_bytes().as_ref().try_into().unwrap();
+        let bytes: [u8; 32] = group_pubkey.serialize().as_ref().try_into().unwrap();
         reddsa::VerificationKeyBytes::<orchard::SpendAuth>::from(bytes)
     };
 
@@ -43,7 +46,10 @@ fn check_randomized_sign_with_dealer() {
 fn check_sign_with_dkg() {
     let rng = thread_rng();
 
-    frost_rerandomized::frost_core::tests::check_sign_with_dkg::<PallasBlake2b512, _>(rng);
+    frost_rerandomized::frost_core::tests::ciphersuite_generic::check_sign_with_dkg::<
+        PallasBlake2b512,
+        _,
+    >(rng);
 }
 
 #[test]