[update] update to newest branch from upstream (#6)

* DKG: support weights, faster verification (MystenLabs#619)

* Misc fixes of secp256r1 (MystenLabs#618)

* Sample scalars uniformly

* Ensure canonical byte representation

* Fix call to deserialize

* Add reduced x code path

* Simplify y_odd check

* Refactor

* Remove unused imports

* Check for reduction in Fq -> Fr conversion

* Delete vdf.rs

* Fix zeroize implementation

* Check that cache size is a power of two

* Fix window size = 1

* Prevent overflow

* Fix overflow in division

* Check recovery id

* Reduce z before used to generate nonce

* Clippy

* Remove borrow

* Clearer implementation of byte substring

* Fix recovery id

* Update comment

* Use associated types

* Use underlying cmp impl

* Refactor

* Fmt#

* Avoid unwrap

* Clean up zeroize (MystenLabs#621)

* fix: use forked poseidon (MystenLabs#626)

* chore: update toolchain and bump version for release (MystenLabs#627)

* fix: update verifier logic (MystenLabs#615)

* fix: update verifier logic

* api changes

* rework interface changes

* fix tests

* minor documentation change

* address comments

* add utils to fastcrypto

* fix split

* move poseidon and fix bigin bytes parse

* update crates

* use BigUint to convert to Bn254Fr

* changes from 0814

* lint fix

* fix: downgrade ark-ff (MystenLabs#629)

* Minor clean-ups/suggestions (MystenLabs#630)

* Various clean-ups

* Move cast

* SImplify

* Clippy

* Use iterator

* fix: move supported providers outside fastcrypto (MystenLabs#631)

* fix: move supported providers outside fastcrypto

* be explicit to use a wrong vk for env=prod

* Update verification key (MystenLabs#632)

* Update vkey

* fix tests

---------

Co-authored-by: Joy Wang <108701016+joyqvq@users.noreply.github.com>

* fix: remove openssl dep (MystenLabs#633)

* fix: user JwkId instead of (kid, iss) (MystenLabs#634)

* move get_proof get_salt and style fixes (MystenLabs#635)

* Add Eq to JWK (MystenLabs#636)

* Add VDF (MystenLabs#623)

* Vdf based on classgroup crate and some of class group impl

* Add class group impl

* chiavdf's verify correctly

* Align with previous commit

* Clean up code

* Clean up

* Put class group impl in new file

* Add prover

* Refactor: use non-compressed forms in public interface

* Add constructor like method

* Update tests and simplify docs

* Clean up

* Clippy

* Clean up

* Add experimental flag

* Try to fix workflow

* Try again

* Revert "Try again"

This reverts commit 87436b6.

* Revert changes

* Refactor binaryqf impl

* Make private

* Fix comment

* Remove redundant mul impl

* Clean up

* Refactor parameterized group

* Verify group membership + add vdf from challenge/seed

* Make type for discriminant

* Align interface with Boneh (2018)

* Fix vdf abstraction

* Fix doc

* Add module doc

* Align names

* Fix const names

* Doc

* Refactor

* Clean up imports

* Fix doc

* fmt

* Define difficulty/iterations in the actual vdf construction

* doc

* doc

* doc

* Rename module

* doc

* Align name

* Clean up xgcd impl

* Align notation with paper

* Implement doubling function

* Add quadratic form composition algorithm

* lower case variables

* More tests

* Refactor

* Get rid of class_group dep

* Clippy

* Clean up

* Add test

* Add tests

* Use predicate for group parameter test instead

* Swap inputs

* Add benchmarks and clean up

* Move partial euclidean algorithm into compose method

* Align partial_xgcd impl with paper

* Clippy

* Add reference

* Make multiplication algorithm iterative

* Better naming

* Fix test!

* Use num-bigint

* Avoid abbreviation

* Try to fix Cargo.lock

* Add negative test

* Review comments + todos for optimisation

* DKG nodes - reduce weights given an allowed gap in the threshold (MystenLabs#625)

* Use a single ECIES encryption for all the shares sent to one party. (MystenLabs#637)

Use a single ECIES encryption for all the shares sent to one party.
This saves about 30% communication size (only one DDH element per party), and 50% message creation time for weights > 10 (less exps to compute).

* Upgrade `reqwest` and `rustls-webpki` to patch RUSTSEC-2023-0052 (MystenLabs#639)

* Upgrade rustls-webpki version and ignore webpki warning for now

* Ignore not needed

* Optimise class group impl (MystenLabs#638)

* Add doubling algorithm

* Use euclidean algorithm to compute quotients

* Optimise doubling also

* Optimise and use test from chia blockchain

* Optimise

* Optimise partial xgcd

* Optimise

* Skip first iteration in euclidean algorithm if inputs are out of order

* Uncomment negative test (MystenLabs#640)

* Add Ord to JwkId and JWK (MystenLabs#642)

* DKG - Fix TODOs (MystenLabs#643)

* ZK - Small fixes (MystenLabs#645)

* small changes in Poseidon

* utils

* questions

* some fixes

* clean up circom structs

* more fixes

---------

Co-authored-by: Joy Wang <108701016+joyqvq@users.noreply.github.com>

* tBLS - batch sign and verify (MystenLabs#644)

* Allow larger discriminants and strong fiat-shamir (MystenLabs#641)

* Allow larger discriminants and strong fiat-shamir

* Move check

* Add discriminant bit length function

* Remove pub modifier

* Clean up

* Fix test

* Add 2048 bit benchmark and clean up

* Simplify

* Expand xgcd output

* Align naming

* Add benchmarks and tests

* Clippy

* Add documentation to fiat-shamir hash

* Move VDF to subcrate (MystenLabs#646)

* Move VDF to subcrate

* License

* Clippy

* fmt

* VDF with rug/gmp (MystenLabs#647)

* Clippy

* fmt

* Add vdf with rug/gmp

* Update benchmarks and clean up

* Clean up

* Clean up

* Clippy

* Optimise

* Refactor

* License

* Encapsulate gmp feature usage

* Clean up gmp impl

* Try to fix windows build

* Clean up

* Fix workflow

* Update rust.yml

* Update rust.yml

* Update rust.yml

* Update rust.yml

* Update rust.yml

* Update rust.yml

* Update rust.yml

* Restore workflow

* Update rust.yml

* Add experimental flag

* Set experimental feature for benchmarks

* NI-DKG V0 (MystenLabs#624)

* fix: Update zkLogin logics (MystenLabs#648)

* fix: update all changes for circuits

* Update vkey and maxHeaderLen

* Modify the right vkey

* update prover api

* use vector instead of fixed size array due to bcs constraint

* address comments

---------

Co-authored-by: Deepak Maram <deepak@mystenlabs.com>

* fix: use finalized vk (MystenLabs#651)

* Add verify_zk_login_id function (MystenLabs#650)

* Add verify_zk_login_id function

* Add negative tests

* Return invalid proof instead of false

* zklogin: update prover endpoint for tests (MystenLabs#652)

* chore: update salt server endpoint (MystenLabs#656)

* chore: update salt server endpoint

* use hardcoded google test

* chore: add ToString for OIDCProvider (MystenLabs#654)

* DKG: More benchmarks, faster computation of lagrange coeffs, and msm (MystenLabs#655)

* chore: separate e2e workflow (MystenLabs#662)

* fix: add validations and improve as_arkworks (MystenLabs#663)

* Be able to use BLS keys as ECIES keys (MystenLabs#661)

* Add benchmarks for Poseidon and zklogin verification (MystenLabs#664)

* No parallelisation for zkp verification (MystenLabs#665)

* DKG: use multi-receiver enc with PoK, some refactoring (MystenLabs#660)

* DKG - deduplicate senders in `Party::merge` instead of failing (MystenLabs#666)

* Pull `fastcrypto-tbls` out of `experimental` feature (MystenLabs#667)

Adds `beacon-dkg` flag in `fastcrypto` for dependencies.

* Move modules back to experimental (MystenLabs#669)

* DKG: clean interfaces (MystenLabs#672)

* zklogin: add new provider (MystenLabs#670)

* fix: Apple uri and Slack e2e test (MystenLabs#674)

* fix: oidc url for apple

* fix: slack fetch jwk parsing

* chore: upgrade rust toolchain (MystenLabs#675)

* Groth16 fixes (MystenLabs#673)

* Add length validation

* Align serialize and deserialize functions

* Use From trait for PreparedVerifyingKey in BN254 impl

* Align bls12381 impl with bn254 impl

* Refactor

* Fix build (MystenLabs#679)

* Add debug log output for DKG errors (MystenLabs#678)

* DKG: Add debug logs (MystenLabs#680)

* Add cli tool for VDF (MystenLabs#676)

* Add vdf-cli

* Use seperate cli function to sample discriminant

* Renamve prove -> evaluate

* Revert "Renamve prove -> evaluate"

This reverts commit 452cf6f.

* Try again: Rename Prove -> Evaluate

* Put GMP dependency under feature flag

* Add poseidon/BN254 API (MystenLabs#649)

* zklogin: add a print to e2e (MystenLabs#684)

* Fix bugs in bls12381, and add more logs to DKG (MystenLabs#681)

* Sample class group discriminant faster (MystenLabs#677)

* Renamve prove -> evaluate

* Revert "Renamve prove -> evaluate"

This reverts commit 452cf6f.

* Try again: Rename Prove -> Evaluate

* Sample discriminant with gmp when possible

* fmt

* clippy

* Adding a worklfow to tag local commits for CI (MystenLabs#686)

* removing workflow from repo (MystenLabs#687)

* fix: simplify header parsing (MystenLabs#685)

* BLS 12-381 group ops review (MystenLabs#688)

* Uncompress is safer

* Avoid bias in random sampling

* Review

* More tests

* Docs

* Use neptune implementation of Poseidon (MystenLabs#671)

* Use neptune for poseidon hashing (works)

* Add assertion to test

* Add constants for n=1,..,16

* Move neptune test

* Add comment

* Parameterize test

* Use neptune for poseidon hashing

* Fix comments

* Keep poseidon instances as static

* Clean up

* Use neptune fork

* Works

* Clean up

* Clean up imports

* Get rid of static mutable objects

* More clean ups

* Even more clean ups

* Keep clippy happy

* Try to fix rebase

* Fix tests

* Use actual neptune repo instead of fork

* Clean up after rebase

* Clean up

* Add proptest

* fmt

* Docs

* Clean up proptest

* Move test

* Comment

* More docs

* Fix proptest

* Fix messy imports

* Use new released version of neptune

* Add some clarifying comments

* fmt

* DKG: More tests (nodes, nizk, ro, polynomials, ecies) (MystenLabs#689)

* Safer function (MystenLabs#691)

* Refactor VDF: Move Rug/GMP dependent part to other repo (MystenLabs#690)

* Get rid of rug depenedency

* Clean up

* Refactor discriminant from seed

* Refactor

* Refactor and some docs

* Use ToBytes trait

* Update cli

* Update tests

* fix: accepts alternative iss for Google (MystenLabs#693)

* fix: add alternative iss to Google

* add test

* Use BLS for doctests since Ed25519 aggregate signatures are experimental (MystenLabs#694)

* DKG: many more tests, fix some bugs (MystenLabs#692)

* zklogin: refactor to handle google's alternative iss (MystenLabs#700)

* Revert "fix: accepts alternative iss for Google (MystenLabs#693)" (MystenLabs#701)

This reverts commit 22003f9.

* fix: accepts alternative iss for Google (MystenLabs#693) (MystenLabs#703)

* fix: add alternative iss to Google

* add test

* Change the multi recipient enc to a CCA secure one (MystenLabs#702)

* chore: suppress rsa cve (MystenLabs#704)

* Revert "fix: accepts alternative iss for Google (MystenLabs#693) (MystenLabs#703)" (MystenLabs#705)

This reverts commit 031bef4.

* DKG review (MystenLabs#699)

* Allow more than 32 inputs for Poseidon over BN254 (MystenLabs#698)

* Hash binary inputs with Poseidon

* Reorder

* Ensure uniformity of output

* Clean up

* Remove binary-to-binary hashing from this pr

* Align naming#

* Use slices

Co-authored-by: Joy Wang <108701016+joyqvq@users.noreply.github.com>

* Revert "Use slices"

This reverts commit 503e9a6.

* Better naming and ensure compatability with zklogin

* Use merkle tree for binary api

---------

Co-authored-by: Joy Wang <108701016+joyqvq@users.noreply.github.com>

* Optimze VDF (MystenLabs#706)

* Update reduction

* mutable reduction

* Get rid of closure

* Update numbigint

* Use multi-scalar multiplication for VDF verification

* fmt

* clippy

* Clean up

* Clean up benchmark

* Test

* Optimise fs

* Update tests

* Remove unused function

* constant

* comment

* Clean up

* Trait bounds

* align names

* Review

* cleanup

* Refactor hashprime

* Refactor: get rid of scalar_size constant

* Remove complaint function

* Rename test

* fix bench

* DKG: support zero weights, and handle "impossible" edge cases more gracefully  (MystenLabs#708)

* ThresholdBls: accept Iterator directly where possible (MystenLabs#709)

Instead of requiring a slice that we immediately and only call
`iter()` on, accept the Iterator. This can enable clients to avoid
extra copies.

* add more error logs (MystenLabs#710)

* fastcrypto: impl bech32 encoding (MystenLabs#712)

* fastcrypto: impl bech32 encoding

* add examples

* Various clean ups (MystenLabs#715)

* Use prepare_pvk_bytes in API tests (MystenLabs#716)

* BLS12-381 group elements - make the code safer (MystenLabs#714)

- Safer lifetimes
- guarantee a unique bytes representation of GT elements

* Update h2 (MystenLabs#720)

Updates h2 to 0.3.24 in response to security advisory, using:

```
cargo update -p h2
```

* add a benchmark for blst msm (MystenLabs#719)

* add Debug derives for some DKG types (MystenLabs#718)

* Add a simple tlock CLI (MystenLabs#723)

* Update README.md (MystenLabs#724)

* Add citation.cff (MystenLabs#717)

* chore: fix typos (MystenLabs#722)

* Clean up dependencies (MystenLabs#725)

* Update VDF implementation (MystenLabs#721)

* Add qf hash function

* Clean up

* Licenses and clippy

* Use slices + license

* restrict visibility

* Add e2e test and remove unused compression functions

* Refactor + clippy

* Refactor

* license

* rename

* Fix docs

* Check duplicates bound

* fmt

* Fix CLI and address review comments

* Fix doc

* Use Baillie-PSW primality test + trial divisions (MystenLabs#726)

* Use Baillie-PSW primality test + trial divisions

* revert

* revert II

* new line

* revert III

* public fields (MystenLabs#728)

* Ensure size of hash function image (MystenLabs#727)

* Use Baillie-PSW primality test + trial divisions

* revert

* revert II

* new line

* revert III

* Check k

* clippy

* fix tests

* clippy

* update test

* Add default hash function

* Add default hash function

* fix k bound

* fix e2e test

* docs

* stub

* Faster multiplication during interpolation (MystenLabs#729)

* Degrade num-traits crate (MystenLabs#730)

* Add (near) optimal default parameters (MystenLabs#732)

* Introduce UnindexedValues (MystenLabs#735)

* Add total_weight_lower_bound to Nodes::reduce (MystenLabs#733)

* Add mock dkg (MystenLabs#736)

* Update Rust version + clippy + fix deny error (MystenLabs#739)

* BLS12-381: Remove default from, add tests (MystenLabs#738)

* Add the option to deser group elements without checking if they are in the group (MystenLabs#740)

* Reorganize features and clean up dependencies (MystenLabs#741)

* Reorganize features and clean up dependencies

* Remove blaks3 and reorganize deps

* Various clean ups (MystenLabs#742)

* Check subgroup early

* Check sizes on compile time

* Clean up error handling

* Use div_ceil from core::num

* Remove newline

* Error handling

* Remove debug test

* Revert fixed sized arrays

* Align itertools version with sui

* Add test

* More tests

* Docs

* Clippy

* Fix cargo test (MystenLabs#743)

* Fix cargo test

* Clean up

* Fix flags

* fix: derive serde for ZkLoginEnv (MystenLabs#747)

* DKG: Use u16 everywhere + other small fixes (MystenLabs#744)

* DKG: return pub visibility

* fix: add more derive trait for ZkLoginEnv (MystenLabs#749)

* DKG: more pub (MystenLabs#750)

* Use rand for StdRng import instead of re-export from aes (MystenLabs#753)

* fix: add strong typing to Bn254Point (MystenLabs#751)

* fix: Use strong type during deser

* renames and more test

* fix: use schemars for string (MystenLabs#754)

* clean up error description for verify function (MystenLabs#756)

* feat: add test issuers for jwt (MystenLabs#757)

* feat: add test issuers for jwt

* update code coverage

* use proptest

* try publishing fastcrypto and fastcrypto-zkp (MystenLabs#760)

* try publishing fastcrypto and fastcrypto-zkp

* update rust version

* update ci doc publish (MystenLabs#761)

* DKG: more cleanups (MystenLabs#762)

* 1. fix a possible panic in case a message with larger than MAX_U16 polynomial is sent
2. add more comments
3. change Nodes::reduce to new_reduced so it can only be applied once

* Upgrade to blst 3.11 (MystenLabs#764)

* [schnorr] support schnorr signature in secp256k1.

* [schnorr] add example test support.

* [schnorr] refactor functions.

* [schnorr] add sigs cli.

* [rooch-network/rooch/issues/482] add ripemd-160. (#2)

Co-authored-by: Feliciss <10203-feliciss@users.noreply.0xacab.org>

* [lib] add lib tests for schnorr sig. (#3)

* Add bytes rep for Secp256k1RecoverableSignature.

* [recov] add Authenticator Signer and VerifyingKey

---------

Co-authored-by: benr-ml <112846738+benr-ml@users.noreply.github.com>
Co-authored-by: Jonas Lindstrøm <jonas-lj@users.noreply.github.com>
Co-authored-by: Joy Wang <108701016+joyqvq@users.noreply.github.com>
Co-authored-by: Deepak Maram <deepak@mystenlabs.com>
Co-authored-by: Mark Logan <103447440+mystenmark@users.noreply.github.com>
Co-authored-by: Andrew Schran <aschran@mystenlabs.com>
Co-authored-by: Eugene Boguslavsky <eugene@mystenlabs.com>
Co-authored-by: GoodDaisy <90915921+GoodDaisy@users.noreply.github.com>
Co-authored-by: Feliciss <10203-feliciss@users.noreply.0xacab.org>

.github/workflows/docs.yml

@@ -18,19 +18,17 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout sources
-        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # pin@v3
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11  # Pin v4.1.1
 
       - name: Install Rust toolchain
-        uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af # pin@v1
+        uses: actions-rs/toolchain@b2417cde72dcf67f306c0ae8e0828a81bf0b189f # pin@v1.0.7
         with:
           profile: minimal
-          toolchain: nightly
+          toolchain: stable
           override: true
 
       - name: Generate documentation
-        uses: actions-rs/cargo@844f36862e911db73fe0815f00a4a2602c279505 # pin@v1
-        env:
-          RUSTDOCFLAGS: "--enable-index-page -Zunstable-options"
+        uses: actions-rs/cargo@ae10961054e4aa8b4aa7dffede299aaf087aa33b # pin@v1.0.3
         with:
           command: doc
           args: --workspace --no-deps

.github/workflows/publish.yml

@@ -37,12 +37,12 @@ jobs:
           - fastcrypto-zkp
     steps:
       - name: Checkout
-        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # pin@v3
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11  # Pin v4.1.1
       - name: Install Rust toolchain
-        uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af # pin@v1
+        uses: actions-rs/toolchain@b2417cde72dcf67f306c0ae8e0828a81bf0b189f # pin@v1.0.7
         with:
           profile: minimal
-          toolchain: nightly
+          toolchain: stable
           override: true
       - id: check
         run: |

.github/workflows/rust.yml

@@ -54,13 +54,12 @@ jobs:
       - uses: taiki-e/install-action@d30f7ecb94d4d882276efb3967be14b8ef34d289 # pin@nextest
       # make sure benches don't bit-rot
       - name: build benches
-        run: cargo build --benches --all-features
+        run: cargo build --benches --features experimental,copy_key,unsecure_schemes
       - name: cargo test
-        run: |
-          cargo nextest run --all-features
+        run: cargo nextest run --features experimental,copy_key,unsecure_schemes
       - name: Doctests
         run: |
-          cargo test --doc --all-features
+          cargo test --doc --features experimental,copy_key,unsecure_schemes
       # Ensure there are no uncommitted changes in the repo after running tests
       - run: scripts/changed-files.sh
 

CITATION.cff

@@ -0,0 +1,20 @@
+# This CITATION.cff file was generated with cffinit.
+# Visit https://bit.ly/cffinit to generate yours today!
+
+cff-version: 1.2.0
+title: fastcrypto
+message: >-
+  If you use this software, please cite it using the
+  metadata from this file.
+type: software
+authors:
+  - name: Mysten Labs
+    website: 'https://mystenlabs.com'
+repository-code: 'https://github.com/MystenLabs/fastcrypto'
+abstract: >-
+  fastcrypto is a common cryptography library used in
+  software at Mysten Labs.
+keywords:
+  - cryptography
+license: Apache-2.0
+