diff --git a/synedrion/Cargo.toml b/synedrion/Cargo.toml index bf1d67a4..ed7997a8 100644 --- a/synedrion/Cargo.toml +++ b/synedrion/Cargo.toml @@ -19,7 +19,7 @@ digest = { version = "0.10", default-features = false, features = ["alloc"]} hex = { version = "0.4", default-features = false, features = ["alloc"] } base64 = { version = "0.21", default-features = false, features = ["alloc"] } hashing-serializer = { version = "0.1", default-features = false } -secrecy = { version = "0.8", default-features = false, features = ["alloc", "serde"] } +secrecy = { version = "0.9.0-pre.0", default-features = false, features = ["serde"] } zeroize = { version = "1.8", default-features = false, features = ["alloc", "zeroize_derive"] } bip32 = { version = "0.5.2", default-features = false, features = ["alloc", "secp256k1"] } @@ -29,7 +29,7 @@ crypto-bigint = { version = "0.5.3", default-features = false, features = ["serd crypto-primes = { version = "0.5", default-features = false } serde = { version = "1", default-features = false, features = ["derive"] } -bincode = "1" +bincode = { version = "2.0.0-rc.3", default-features = false, features = ["serde", "alloc"] } displaydoc = { version = "0.2", default-features = false} [dev-dependencies] diff --git a/synedrion/src/cggmp21/entities.rs b/synedrion/src/cggmp21/entities.rs index 97b79025..56e360fa 100644 --- a/synedrion/src/cggmp21/entities.rs +++ b/synedrion/src/cggmp21/entities.rs @@ -1,3 +1,4 @@ +use alloc::boxed::Box; use alloc::collections::{BTreeMap, BTreeSet}; use alloc::vec::Vec; use core::fmt::Debug; @@ -5,7 +6,7 @@ use core::marker::PhantomData; use k256::ecdsa::VerifyingKey; use rand_core::CryptoRngCore; -use secrecy::{ExposeSecret, Secret}; +use secrecy::{ExposeSecret, SecretBox}; use serde::{Deserialize, Serialize}; use crate::cggmp21::SchemeParams; @@ -24,7 +25,7 @@ use crate::paillier::RandomizerMod; pub struct KeyShare { pub(crate) owner: I, /// Secret key share of this node. - pub(crate) secret_share: Secret, // `x_i` + pub(crate) secret_share: SecretBox, // `x_i` pub(crate) public_shares: BTreeMap, // `X_j` // TODO (#27): this won't be needed when Scalar/Point are a part of `P` pub(crate) phantom: PhantomData

, @@ -43,7 +44,7 @@ pub struct AuxInfo { #[serde(bound(deserialize = "SecretKeyPaillier: for <'x> Deserialize<'x>"))] pub(crate) struct SecretAuxInfo { pub(crate) paillier_sk: SecretKeyPaillier, - pub(crate) el_gamal_sk: Secret, // `y_i` + pub(crate) el_gamal_sk: SecretBox, // `y_i` } #[derive(Debug, Clone, Serialize, Deserialize)] @@ -67,7 +68,7 @@ pub(crate) struct AuxInfoPrecomputed { pub(crate) struct SecretAuxInfoPrecomputed { pub(crate) paillier_sk: SecretKeyPaillierPrecomputed, #[allow(dead_code)] // TODO (#36): this will be needed for the 6-round presigning protocol. - pub(crate) el_gamal_sk: Secret, // `y_i` + pub(crate) el_gamal_sk: SecretBox, // `y_i` } #[derive(Clone)] @@ -83,7 +84,7 @@ pub(crate) struct PublicAuxInfoPrecomputed { pub struct KeyShareChange { pub(crate) owner: I, /// The value to be added to the secret share. - pub(crate) secret_share_change: Secret, // `x_i^* - x_i == \sum_{j} x_j^i` + pub(crate) secret_share_change: SecretBox, // `x_i^* - x_i == \sum_{j} x_j^i` /// The values to be added to the public shares of remote nodes. pub(crate) public_share_changes: BTreeMap, // `X_k^* - X_k == \sum_j X_j^k`, for all nodes // TODO (#27): this won't be needed when Scalar/Point are a part of `P` @@ -95,9 +96,9 @@ pub struct KeyShareChange { pub struct PresigningData { pub(crate) nonce: Scalar, // x-coordinate of $R$ /// An additive share of the ephemeral scalar. - pub(crate) ephemeral_scalar_share: Secret, // $k_i$ + pub(crate) ephemeral_scalar_share: SecretBox, // $k_i$ /// An additive share of `k * x` where `x` is the secret key. - pub(crate) product_share: Secret, + pub(crate) product_share: SecretBox, // Values generated during presigning, // kept in case we need to generate a proof of correctness. @@ -129,9 +130,9 @@ impl KeyShare { // TODO (#68): check that party_idx is the same for both, and the number of parties is the same assert_eq!(self.owner, change.owner); - let secret_share = Secret::new( + let secret_share = SecretBox::new(Box::new( self.secret_share.expose_secret() + change.secret_share_change.expose_secret(), - ); + )); let public_shares = self .public_shares .iter() @@ -172,7 +173,7 @@ impl KeyShare { id.clone(), KeyShare { owner: id.clone(), - secret_share: Secret::new(secret_share), + secret_share: SecretBox::new(Box::new(secret_share)), public_shares: public_shares.clone(), phantom: PhantomData, }, @@ -215,7 +216,7 @@ impl AuxInfo { let secret_aux = (0..ids.len()) .map(|_| SecretAuxInfo { paillier_sk: SecretKeyPaillier::::random(rng), - el_gamal_sk: Secret::new(Scalar::random(rng)), + el_gamal_sk: SecretBox::new(Box::new(Scalar::random(rng))), }) .collect::>(); @@ -405,8 +406,10 @@ impl PresigningData { id_i.clone(), PresigningData { nonce, - ephemeral_scalar_share: Secret::new(k_i), - product_share: Secret::new(P::scalar_from_signed(&product_share_nonreduced)), + ephemeral_scalar_share: SecretBox::new(Box::new(k_i)), + product_share: SecretBox::new(Box::new(P::scalar_from_signed( + &product_share_nonreduced, + ))), product_share_nonreduced, cap_k: all_cap_k[&id_i].clone(), values, diff --git a/synedrion/src/cggmp21/protocols/aux_gen.rs b/synedrion/src/cggmp21/protocols/aux_gen.rs index 0dee7573..92a84dea 100644 --- a/synedrion/src/cggmp21/protocols/aux_gen.rs +++ b/synedrion/src/cggmp21/protocols/aux_gen.rs @@ -1,13 +1,14 @@ //! AuxGen protocol, a part of the paper's Auxiliary Info. & Key Refresh in Three Rounds (Fig. 6) //! that only generates the auxiliary data. +use alloc::boxed::Box; use alloc::collections::{BTreeMap, BTreeSet}; use alloc::string::String; use core::fmt::Debug; use core::marker::PhantomData; use rand_core::CryptoRngCore; -use secrecy::Secret; +use secrecy::SecretBox; use serde::{Deserialize, Serialize}; use super::super::{ @@ -526,7 +527,7 @@ impl FinalizableToResult let secret_aux = SecretAuxInfo { paillier_sk: self.context.paillier_sk.to_minimal(), - el_gamal_sk: Secret::new(self.context.y), + el_gamal_sk: SecretBox::new(Box::new(self.context.y)), }; let aux_info = AuxInfo { diff --git a/synedrion/src/cggmp21/protocols/key_init.rs b/synedrion/src/cggmp21/protocols/key_init.rs index 61bd443a..5813918d 100644 --- a/synedrion/src/cggmp21/protocols/key_init.rs +++ b/synedrion/src/cggmp21/protocols/key_init.rs @@ -2,12 +2,13 @@ //! Note that this protocol only generates the key itself which is not enough to perform signing; //! auxiliary parameters need to be generated as well (during the KeyRefresh protocol). +use alloc::boxed::Box; use alloc::collections::{BTreeMap, BTreeSet}; use core::fmt::Debug; use core::marker::PhantomData; use rand_core::CryptoRngCore; -use secrecy::Secret; +use secrecy::SecretBox; use serde::{Deserialize, Serialize}; use super::super::{ @@ -367,7 +368,7 @@ impl FinalizableToResult public_shares.insert(my_id.clone(), self.context.public_data.cap_x); Ok(KeyShare { owner: my_id, - secret_share: Secret::new(self.context.x), + secret_share: SecretBox::new(Box::new(self.context.x)), public_shares, phantom: PhantomData, }) diff --git a/synedrion/src/cggmp21/protocols/key_refresh.rs b/synedrion/src/cggmp21/protocols/key_refresh.rs index 56c662e1..487cee9a 100644 --- a/synedrion/src/cggmp21/protocols/key_refresh.rs +++ b/synedrion/src/cggmp21/protocols/key_refresh.rs @@ -2,6 +2,7 @@ //! This protocol generates an update to the secret key shares and new auxiliary parameters //! for ZK proofs (e.g. Paillier keys). +use alloc::boxed::Box; use alloc::collections::{BTreeMap, BTreeSet}; use alloc::string::String; use alloc::vec::Vec; @@ -9,7 +10,7 @@ use core::fmt::Debug; use core::marker::PhantomData; use rand_core::CryptoRngCore; -use secrecy::Secret; +use secrecy::SecretBox; use serde::{Deserialize, Serialize}; use super::super::{ @@ -662,12 +663,12 @@ impl FinalizableToResult let secret_aux = SecretAuxInfo { paillier_sk: self.context.paillier_sk.to_minimal(), - el_gamal_sk: Secret::new(self.context.y), + el_gamal_sk: SecretBox::new(Box::new(self.context.y)), }; let key_share_change = KeyShareChange { owner: my_id.clone(), - secret_share_change: Secret::new(x_star), + secret_share_change: SecretBox::new(Box::new(x_star)), public_share_changes: cap_x_star, phantom: PhantomData, }; diff --git a/synedrion/src/cggmp21/protocols/presigning.rs b/synedrion/src/cggmp21/protocols/presigning.rs index 007f2ac0..7005b002 100644 --- a/synedrion/src/cggmp21/protocols/presigning.rs +++ b/synedrion/src/cggmp21/protocols/presigning.rs @@ -1,5 +1,6 @@ //! Presigning protocol, in the paper ECDSA Pre-Signing (Fig. 7). +use alloc::boxed::Box; use alloc::collections::{BTreeMap, BTreeSet}; use alloc::string::String; use alloc::vec::Vec; @@ -7,7 +8,7 @@ use core::fmt::Debug; use core::marker::PhantomData; use rand_core::CryptoRngCore; -use secrecy::{ExposeSecret, Secret}; +use secrecy::{ExposeSecret, SecretBox}; use serde::{Deserialize, Serialize}; use super::super::{ @@ -733,8 +734,8 @@ impl FinalizableToResult return Ok(PresigningData { nonce, - ephemeral_scalar_share: Secret::new(self.context.k), - product_share: Secret::new(P::scalar_from_signed(&self.chi)), + ephemeral_scalar_share: SecretBox::new(Box::new(self.context.k)), + product_share: SecretBox::new(Box::new(P::scalar_from_signed(&self.chi))), product_share_nonreduced: self.chi, cap_k: self.all_cap_k[&my_id].clone(), values, diff --git a/synedrion/src/curve/arithmetic.rs b/synedrion/src/curve/arithmetic.rs index cd18eb3a..9e7fc492 100644 --- a/synedrion/src/curve/arithmetic.rs +++ b/synedrion/src/curve/arithmetic.rs @@ -24,7 +24,7 @@ use k256::{ Secp256k1, }; use rand_core::CryptoRngCore; -use secrecy::{CloneableSecret, DebugSecret, SerializableSecret}; +use secrecy::{CloneableSecret, SerializableSecret}; use serde::{Deserialize, Deserializer, Serialize, Serializer}; use zeroize::DefaultIsZeroes; @@ -164,8 +164,6 @@ impl<'de> Deserialize<'de> for Scalar { impl DefaultIsZeroes for Scalar {} -impl DebugSecret for Scalar {} - impl CloneableSecret for Scalar {} impl SerializableSecret for Scalar {} diff --git a/synedrion/src/paillier/keys.rs b/synedrion/src/paillier/keys.rs index aeb21285..2a134134 100644 --- a/synedrion/src/paillier/keys.rs +++ b/synedrion/src/paillier/keys.rs @@ -1,7 +1,6 @@ -use core::fmt::{self, Debug}; +use core::fmt::Debug; use rand_core::CryptoRngCore; -use secrecy::DebugSecret; use serde::{Deserialize, Serialize}; use zeroize::ZeroizeOnDrop; @@ -18,11 +17,11 @@ pub(crate) struct SecretKeyPaillier { q: P::HalfUint, } -impl DebugSecret for SecretKeyPaillier

{} - impl Debug for SecretKeyPaillier

{ - fn fmt(&self, f: &mut fmt::Formatter<'_>) -> Result<(), fmt::Error> { - Self::debug_secret(f) + fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> Result<(), core::fmt::Error> { + f.write_str("[REDACTED ")?; + f.write_str(core::any::type_name::())?; + f.write_str("]") } } diff --git a/synedrion/src/sessions/type_erased.rs b/synedrion/src/sessions/type_erased.rs index cfdb3c36..6a8e0514 100644 --- a/synedrion/src/sessions/type_erased.rs +++ b/synedrion/src/sessions/type_erased.rs @@ -18,7 +18,7 @@ use crate::rounds::{ }; pub(crate) fn serialize_message(message: &impl Serialize) -> Result, LocalError> { - bincode::serialize(message) + bincode::serde::encode_to_vec(message, bincode::config::standard()) .map(|serialized| serialized.into_boxed_slice()) .map_err(|err| LocalError(format!("Failed to serialize: {err:?}"))) } @@ -26,7 +26,8 @@ pub(crate) fn serialize_message(message: &impl Serialize) -> Result, L pub(crate) fn deserialize_message Deserialize<'de>>( message_bytes: &[u8], ) -> Result { - bincode::deserialize(message_bytes).map_err(|err| err.to_string()) + bincode::serde::decode_borrowed_from_slice(message_bytes, bincode::config::standard()) + .map_err(|err| err.to_string()) } pub(crate) enum FinalizeOutcome { diff --git a/synedrion/src/www02/entities.rs b/synedrion/src/www02/entities.rs index 4cdee12d..25c556f5 100644 --- a/synedrion/src/www02/entities.rs +++ b/synedrion/src/www02/entities.rs @@ -1,3 +1,4 @@ +use alloc::boxed::Box; use alloc::collections::{BTreeMap, BTreeSet}; use alloc::vec::Vec; use core::fmt::Debug; @@ -6,7 +7,7 @@ use core::marker::PhantomData; use bip32::{DerivationPath, PrivateKey, PrivateKeyBytes, PublicKey}; use k256::ecdsa::{SigningKey, VerifyingKey}; use rand_core::CryptoRngCore; -use secrecy::{ExposeSecret, Secret}; +use secrecy::{ExposeSecret, SecretBox}; use serde::{Deserialize, Serialize}; use crate::cggmp21::{KeyShare, SchemeParams}; @@ -22,7 +23,7 @@ use crate::tools::sss::{ pub struct ThresholdKeyShare { pub(crate) owner: I, pub(crate) threshold: u32, - pub(crate) secret_share: Secret, + pub(crate) secret_share: SecretBox, pub(crate) share_ids: BTreeMap, pub(crate) public_shares: BTreeMap, // TODO (#27): this won't be needed when Scalar/Point are a part of `P` @@ -74,7 +75,7 @@ impl ThresholdKeyShare ThresholdKeyShare>(); - let secret_share = Secret::new( + let secret_share = SecretBox::new(Box::new( self.secret_share.expose_secret() * &interpolation_coeff(share_ids.values(), &share_id), - ); + )); let public_shares = ids .iter() .map(|id| { @@ -144,12 +145,12 @@ impl ThresholdKeyShare>(); - let secret_share = Secret::new( + let secret_share = SecretBox::new(Box::new( key_share.secret_share.expose_secret() * &interpolation_coeff(share_ids.values(), &share_ids[key_share.owner()]) .invert() .unwrap(), - ); + )); let public_shares = ids .iter() .map(|id| { @@ -182,10 +183,9 @@ impl ThresholdKeyShare //! (Specifically, REDIST protocol). +use alloc::boxed::Box; use alloc::collections::{BTreeMap, BTreeSet}; use alloc::vec::Vec; use core::fmt::Debug; @@ -12,7 +13,7 @@ use core::marker::PhantomData; use k256::ecdsa::VerifyingKey; use rand_core::CryptoRngCore; -use secrecy::{ExposeSecret, Secret}; +use secrecy::{ExposeSecret, SecretBox}; use serde::{Deserialize, Serialize}; use super::ThresholdKeyShare; @@ -349,7 +350,7 @@ impl FinalizableToResult for Round1< .iter() .map(|id| (payloads[id].old_share_id, payloads[id].subshare)) .collect::>(); - let secret_share = Secret::new(shamir_join_scalars(subshares.iter())); + let secret_share = SecretBox::new(Box::new(shamir_join_scalars(subshares.iter()))); // Generate the public shares of all the new holders. let public_shares = self