Bump prio and adjust Prio3 key size

As VDAF-13, the seed size for XofTurboShake128 is 32 bytes. Upstream has
been adjusted accordingly as of c50bb9a47b396ad6a08a3fec36b98bcc2d9217a1.

Cargo.toml

@@ -61,7 +61,7 @@ matchit = "0.7.3"
 p256 = { version = "0.13.2", features = ["ecdsa-core", "ecdsa", "pem"] }
 paste = "1.0.15"
 prio_draft09 = { package = "prio", version = "0.16.7" }
-prio = { git = "https://github.com/divviup/libprio-rs.git", rev = "937e8a61c51019671232dee2d28dbe72413cdadc" }
+prio = { git = "https://github.com/divviup/libprio-rs.git", rev = "c50bb9a47b396ad6a08a3fec36b98bcc2d9217a1" }
 prometheus = "0.13.4"
 rand = "0.8.5"
 rayon = "1.10.0"

crates/daphne/src/vdaf/mod.rs

@@ -236,9 +236,9 @@ pub enum VdafPrepState {
     Prio3Draft09Field64(Prio3Draft09PrepareState<Field64Draft09, 16>),
     Prio3Draft09Field64HmacSha256Aes128(Prio3Draft09PrepareState<Field64Draft09, 32>),
     Prio3Draft09Field128(Prio3Draft09PrepareState<Field128Draft09, 16>),
-    Prio3Field64(Prio3PrepareState<Field64, 16>),
+    Prio3Field64(Prio3PrepareState<Field64, 32>),
     Prio3Field64HmacSha256Aes128(Prio3PrepareState<Field64, 32>),
-    Prio3Field128(Prio3PrepareState<Field128, 16>),
+    Prio3Field128(Prio3PrepareState<Field128, 32>),
     #[cfg(feature = "experimental")]
     Mastic {
         out_share: Vec<Field64>,
@@ -279,9 +279,9 @@ pub enum VdafPrepShare {
     Prio3Draft09Field64HmacSha256Aes128(Prio3Draft09PrepareShare<Field64Draft09, 32>),
     Prio3Draft09Field128(Prio3Draft09PrepareShare<Field128Draft09, 16>),
 
-    Prio3Field64(Prio3PrepareShare<Field64, 16>),
+    Prio3Field64(Prio3PrepareShare<Field64, 32>),
     Prio3Field64HmacSha256Aes128(Prio3PrepareShare<Field64, 32>),
-    Prio3Field128(Prio3PrepareShare<Field128, 16>),
+    Prio3Field128(Prio3PrepareShare<Field128, 32>),
     #[cfg(feature = "experimental")]
     Mastic(Field64),
     Pine64HmacSha256Aes128(crate::pine::msg::PrepShare<Field64Draft09, 32>),
@@ -435,12 +435,9 @@ impl VdafConfig {
     pub(crate) fn uninitialized_verify_key(&self) -> VdafVerifyKey {
         match self {
             Self::Prio3Draft09(Prio3Config::SumVecField64MultiproofHmacSha256Aes128 { .. })
-            | Self::Prio2 { .. } => VdafVerifyKey::L32([0; 32]),
+            | Self::Prio2 { .. }
+            | Self::Prio3(..) => VdafVerifyKey::L32([0; 32]),
             Self::Prio3Draft09(..) => VdafVerifyKey::L16([0; 16]),
-            Self::Prio3(Prio3Config::SumVecField64MultiproofHmacSha256Aes128 { .. }) => {
-                VdafVerifyKey::L32([0; 32])
-            }
-            Self::Prio3(..) => VdafVerifyKey::L16([0; 16]),
             #[cfg(feature = "experimental")]
             Self::Mastic { .. } => VdafVerifyKey::L16([0; 16]),
             Self::Pine(..) => VdafVerifyKey::L32([0; 32]),
@@ -451,7 +448,8 @@ impl VdafConfig {
     pub fn get_decoded_verify_key(&self, bytes: &[u8]) -> Result<VdafVerifyKey, CodecError> {
         match self {
             Self::Prio3Draft09(Prio3Config::SumVecField64MultiproofHmacSha256Aes128 { .. })
-            | Self::Prio2 { .. } => Ok(VdafVerifyKey::L32(
+            | Self::Prio2 { .. }
+            | Self::Prio3(..) => Ok(VdafVerifyKey::L32(
                 <[u8; 32]>::try_from(bytes)
                     .map_err(|e| CodecErrorDraft09::Other(Box::new(e)))
                     .map_err(from_codec_error)?,
@@ -461,9 +459,6 @@ impl VdafConfig {
                     .map_err(|e| CodecErrorDraft09::Other(Box::new(e)))
                     .map_err(from_codec_error)?,
             )),
-            Self::Prio3(..) => Ok(VdafVerifyKey::L16(
-                <[u8; 16]>::try_from(bytes).map_err(|e| CodecError::Other(Box::new(e)))?,
-            )),
             #[cfg(feature = "experimental")]
             Self::Mastic { .. } => Ok(VdafVerifyKey::L16(
                 <[u8; 16]>::try_from(bytes).map_err(|e| CodecError::Other(Box::new(e)))?,

crates/daphne/src/vdaf/prio3.rs

@@ -103,7 +103,7 @@ pub(crate) fn prio3_prep_init(
     input_share_data: &[u8],
 ) -> Result<(VdafPrepState, VdafPrepShare), VdafError> {
     return match (&config, verify_key) {
-        (Prio3Config::Count, VdafVerifyKey::L16(verify_key)) => {
+        (Prio3Config::Count, VdafVerifyKey::L32(verify_key)) => {
             let vdaf = Prio3::new_count(2).map_err(|e| {
                 VdafError::Dap(
                     fatal_error!(err = ?e, "failed to create prio3 from num_aggregators(2)"),
@@ -128,7 +128,7 @@ pub(crate) fn prio3_prep_init(
                 length,
                 chunk_length,
             },
-            VdafVerifyKey::L16(verify_key),
+            VdafVerifyKey::L32(verify_key),
         ) => {
             let vdaf = Prio3::new_histogram(2, *length, *chunk_length)
                 .map_err(|e| VdafError::Dap(fatal_error!(err = ?e, "failed to create prio3 histogram from num_aggregators(2), length({length}), chunk_length({chunk_length})")))?;
@@ -146,7 +146,7 @@ pub(crate) fn prio3_prep_init(
                 VdafPrepShare::Prio3Field128(share),
             ))
         }
-        (Prio3Config::Sum { .. }, VdafVerifyKey::L16(_)) => {
+        (Prio3Config::Sum { .. }, VdafVerifyKey::L32(_)) => {
             Err(VdafError::Dap(fatal_error!(err = "sum unimplemented")))
         }
         (
@@ -155,7 +155,7 @@ pub(crate) fn prio3_prep_init(
                 length,
                 chunk_length,
             },
-            VdafVerifyKey::L16(verify_key),
+            VdafVerifyKey::L32(verify_key),
         ) => {
             let vdaf = Prio3::new_sum_vec(2, *bits, *length, *chunk_length)
                 .map_err(|e| VdafError::Dap(fatal_error!(err = ?e, "failed to create prio3 sum vec from num_aggregators(2), bits({bits}), length({length}), chunk_length({chunk_length})")))?;