frost/secp256k1-zkp
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

whitelist: remove ability to specific nonce function

Browse Source 
This functionality is inappropriate to expose for a zero-knowledge proof,
and was confusingly (and potentially dangerously) implemented.
This commit is contained in:
Andrew Poelstra 2022-01-06 19:12:14 +00:00
parent 21e2d65b79
commit 11d675dce8
4 changed files with 7 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
include/secp256k1_whitelist.h
View File

@ -101,8 +101,6 @@ SECP256K1_API int secp256k1_whitelist_signature_serialize(
* online_seckey: the secret key to the signer's online pubkey * online_seckey: the secret key to the signer's online pubkey
* summed_seckey: the secret key to the sum of (whitelisted key, signer's offline pubkey) * summed_seckey: the secret key to the sum of (whitelisted key, signer's offline pubkey)
* index: the signer's index in the lists of keys * index: the signer's index in the lists of keys
* noncefp:pointer to a nonce generation function. If NULL, secp256k1_nonce_function_default is used
* ndata: pointer to arbitrary data used by the nonce generation function (can be NULL)
* Out: sig: The produced signature. * Out: sig: The produced signature.
* *
* The signatures are of the list of all passed pubkeys in the order * The signatures are of the list of all passed pubkeys in the order
@ -120,10 +118,8 @@ SECP256K1_API int secp256k1_whitelist_sign(
const size_t n_keys, const size_t n_keys,
const secp256k1_pubkey *sub_pubkey, const secp256k1_pubkey *sub_pubkey,
const unsigned char *online_seckey, const unsigned char *online_seckey,
const unsigned char *summed_seckey, const unsigned char *summed_seckeyx,
const size_t index, const size_t index
secp256k1_nonce_function noncefp,
const void *noncedata
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4) SECP256K1_ARG_NONNULL(6) SECP256K1_ARG_NONNULL(7) SECP256K1_ARG_NONNULL(8); ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4) SECP256K1_ARG_NONNULL(6) SECP256K1_ARG_NONNULL(7) SECP256K1_ARG_NONNULL(8);
/** Verify a whitelist signature /** Verify a whitelist signature

2
src/bench_whitelist.c
View File

@ -39,7 +39,7 @@ static void bench_whitelist(void* arg, int iters) {
static void bench_whitelist_setup(void* arg) { static void bench_whitelist_setup(void* arg) {
bench_data* data = (bench_data*)arg; bench_data* data = (bench_data*)arg;
int i = 0; int i = 0;
CHECK(secp256k1_whitelist_sign(data->ctx, &data->sig, data->online_pubkeys, data->offline_pubkeys, data->n_keys, &data->sub_pubkey, data->online_seckey[i], data->summed_seckey[i], i, NULL, NULL)); CHECK(secp256k1_whitelist_sign(data->ctx, &data->sig, data->online_pubkeys, data->offline_pubkeys, data->n_keys, &data->sub_pubkey, data->online_seckey[i], data->summed_seckey[i], i));
} }
static void run_test(bench_data* data, int iters) { static void run_test(bench_data* data, int iters) {

10
src/modules/whitelist/main_impl.h
View File

@ -12,17 +12,13 @@
#define MAX_KEYS SECP256K1_WHITELIST_MAX_N_KEYS /* shorter alias */ #define MAX_KEYS SECP256K1_WHITELIST_MAX_N_KEYS /* shorter alias */
int secp256k1_whitelist_sign(const secp256k1_context* ctx, secp256k1_whitelist_signature *sig, const secp256k1_pubkey *online_pubkeys, const secp256k1_pubkey *offline_pubkeys, const size_t n_keys, const secp256k1_pubkey *sub_pubkey, const unsigned char *online_seckey, const unsigned char *summed_seckey, const size_t index, secp256k1_nonce_function noncefp, const void *noncedata) { int secp256k1_whitelist_sign(const secp256k1_context* ctx, secp256k1_whitelist_signature *sig, const secp256k1_pubkey *online_pubkeys, const secp256k1_pubkey *offline_pubkeys, const size_t n_keys, const secp256k1_pubkey *sub_pubkey, const unsigned char *online_seckey, const unsigned char *summed_seckey, const size_t index) {
secp256k1_gej pubs[MAX_KEYS]; secp256k1_gej pubs[MAX_KEYS];
secp256k1_scalar s[MAX_KEYS]; secp256k1_scalar s[MAX_KEYS];
secp256k1_scalar sec, non; secp256k1_scalar sec, non;
unsigned char msg32[32]; unsigned char msg32[32];
int ret; int ret;
if (noncefp == NULL) {
noncefp = secp256k1_nonce_function_default;
}
/* Sanity checks */ /* Sanity checks */
VERIFY_CHECK(ctx != NULL); VERIFY_CHECK(ctx != NULL);
ARG_CHECK(secp256k1_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx)); ARG_CHECK(secp256k1_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx));
@ -53,7 +49,7 @@ int secp256k1_whitelist_sign(const secp256k1_context* ctx, secp256k1_whitelist_s
size_t i; size_t i;
unsigned char nonce32[32]; unsigned char nonce32[32];
int done; int done;
ret = noncefp(nonce32, msg32, seckey32, NULL, (void*)noncedata, count); ret = secp256k1_nonce_function_default(nonce32, msg32, seckey32, NULL, NULL, count);
if (!ret) { if (!ret) {
break; break;
} }
@ -67,7 +63,7 @@ int secp256k1_whitelist_sign(const secp256k1_context* ctx, secp256k1_whitelist_s
for (i = 0; i < n_keys; i++) { for (i = 0; i < n_keys; i++) {
msg32[0] ^= i + 1; msg32[0] ^= i + 1;
msg32[1] ^= (i + 1) / 0x100; msg32[1] ^= (i + 1) / 0x100;
ret = noncefp(&sig->data[32 * (i + 1)], msg32, seckey32, NULL, (void*)noncedata, count); ret = secp256k1_nonce_function_default(&sig->data[32 * (i + 1)], msg32, seckey32, NULL, NULL, count);
if (!ret) { if (!ret) {
break; break;
} }

2
src/modules/whitelist/tests_impl.h
View File

@ -15,7 +15,7 @@ void test_whitelist_end_to_end_internal(const unsigned char *summed_seckey, cons
secp256k1_whitelist_signature sig; secp256k1_whitelist_signature sig;
secp256k1_whitelist_signature sig1; secp256k1_whitelist_signature sig1;
CHECK(secp256k1_whitelist_sign(ctx, &sig, online_pubkeys, offline_pubkeys, n_keys, sub_pubkey, online_seckey, summed_seckey, signer_i, NULL, NULL)); CHECK(secp256k1_whitelist_sign(ctx, &sig, online_pubkeys, offline_pubkeys, n_keys, sub_pubkey, online_seckey, summed_seckey, signer_i));
CHECK(secp256k1_whitelist_verify(ctx, &sig, online_pubkeys, offline_pubkeys, n_keys, sub_pubkey) == 1); CHECK(secp256k1_whitelist_verify(ctx, &sig, online_pubkeys, offline_pubkeys, n_keys, sub_pubkey) == 1);
/* Check that exchanging keys causes a failure */ /* Check that exchanging keys causes a failure */
CHECK(secp256k1_whitelist_verify(ctx, &sig, offline_pubkeys, online_pubkeys, n_keys, sub_pubkey) != 1); CHECK(secp256k1_whitelist_verify(ctx, &sig, offline_pubkeys, online_pubkeys, n_keys, sub_pubkey) != 1);