Merge pull request #5 from dfnsco/unambiguous-challenge

Derive challenges unambiguously

Author: survived

.github/changelog.sh

@@ -0,0 +1,22 @@
+#!/usr/bin/env bash
+
+m_branch=m;
+changelog_file=CHANGELOG.md;
+
+# fetch master since we might be in a shallow clone
+git fetch origin "$m_branch:$m_branch" --depth=1
+
+changed=0;
+for log in */"$changelog_file"; do
+    dir=$(dirname "$log");
+    # check if version changed
+    if git diff "$m_branch" -- "$dir/Cargo.toml" | grep -q "^-version = "; then
+        # check if changelog updated
+        if git diff --exit-code --no-patch "$m_branch" -- "$log"; then
+            echo "$dir version changed, but $log is not updated"
+            changed=1;
+        fi
+    fi
+done
+
+exit "$changed";

.github/workflows/deps.yml

@@ -16,6 +16,7 @@ jobs:
   track_deps:
     runs-on: ubuntu-latest
     permissions:
+      contents: read
       pull-requests: write
     steps:
     - uses: actions/checkout@v3
@@ -25,6 +26,9 @@ jobs:
     - uses: actions/checkout@v3
       with:
         path: pr_branch
+    - uses: webfactory/[email protected]
+      with:
+          ssh-private-key: ${{ secrets.PAILLIER_ZK }}
     - name: Retrieve base branch deps
       run: |
         cd base_branch

.github/workflows/docs.yml

@@ -6,10 +6,15 @@ on:
   push:
     branches: [ "m" ]
 
+env:
+  CARGO_TERM_COLOR: always
+  CARGO_NET_GIT_FETCH_WITH_CLI: true
+
 jobs:
   build_pdf:
     runs-on: ubuntu-latest
     permissions:
+      contents: read
       pull-requests: write
     steps:
     - uses: actions/checkout@v3
@@ -36,6 +41,9 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v3
+    - uses: webfactory/[email protected]
+      with:
+          ssh-private-key: ${{ secrets.PAILLIER_ZK }}
     - uses: dtolnay/rust-toolchain@nightly
     - uses: Swatinem/rust-cache@v2
       with:
@@ -74,4 +82,4 @@ jobs:
         path: 'website'
     - name: Deploy to GitHub Pages
       id: deployment
-      uses: actions/deploy-pages@v4
+      uses: actions/deploy-pages@v4

.github/workflows/readme.yml

@@ -4,11 +4,18 @@ on:
   pull_request:
     branches: [ "*" ]
 
+env:
+  CARGO_TERM_COLOR: always
+  CARGO_NET_GIT_FETCH_WITH_CLI: true
+
 jobs:
   check_readme:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v3
+    - uses: webfactory/[email protected]
+      with:
+          ssh-private-key: ${{ secrets.PAILLIER_ZK }}
     - name: Install cargo-hakari
       uses: baptiste0928/cargo-install@v1
       with:

.github/workflows/rust.yml

@@ -15,6 +15,9 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v3
+    - uses: webfactory/[email protected]
+      with:
+          ssh-private-key: ${{ secrets.PAILLIER_ZK }}
     - uses: Swatinem/rust-cache@v2
       with:
         cache-on-failure: "true"
@@ -35,6 +38,9 @@ jobs:
         - cggmp21
     steps:
     - uses: actions/checkout@v3
+    - uses: webfactory/[email protected]
+      with:
+          ssh-private-key: ${{ secrets.PAILLIER_ZK }}
     - uses: Swatinem/rust-cache@v2
       with:
         cache-on-failure: "true"
@@ -44,6 +50,9 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v3
+    - uses: webfactory/[email protected]
+      with:
+          ssh-private-key: ${{ secrets.PAILLIER_ZK }}
     - uses: Swatinem/rust-cache@v2
       with:
         cache-on-failure: "true"
@@ -58,6 +67,9 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v3
+    - uses: webfactory/[email protected]
+      with:
+          ssh-private-key: ${{ secrets.PAILLIER_ZK }}
     - uses: Swatinem/rust-cache@v2
       with:
         cache-on-failure: "true"
@@ -68,6 +80,9 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v3
+    - uses: webfactory/[email protected]
+      with:
+          ssh-private-key: ${{ secrets.PAILLIER_ZK }}
     - uses: Swatinem/rust-cache@v2
       with:
         cache-on-failure: "true"
@@ -84,6 +99,9 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v3
+    - uses: webfactory/[email protected]
+      with:
+          ssh-private-key: ${{ secrets.PAILLIER_ZK }}
     - uses: Swatinem/rust-cache@v2
       with:
         cache-on-failure: "true"
@@ -97,6 +115,9 @@ jobs:
     steps:
     - uses: dtolnay/rust-toolchain@nightly
     - uses: actions/checkout@v3
+    - uses: webfactory/[email protected]
+      with:
+          ssh-private-key: ${{ secrets.PAILLIER_ZK }}
     - uses: Swatinem/rust-cache@v2
       with:
         cache-on-failure: "true"
@@ -106,6 +127,7 @@ jobs:
   bench:
     runs-on: ubuntu-latest
     permissions:
+      contents: read
       pull-requests: write
     needs: build
     steps:
@@ -135,8 +157,17 @@ jobs:
         - cggmp21
     steps:
     - uses: actions/checkout@v3
+    - uses: webfactory/[email protected]
+      with:
+          ssh-private-key: ${{ secrets.PAILLIER_ZK }}
     - uses: Swatinem/rust-cache@v2
       with:
         cache-on-failure: "true"
     - name: Dry-run publish
       run: cargo publish --dry-run -p ${{ matrix.package }}
+  check-changelog:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+    - name: Check changelogs
+      run: ./.github/changelog.sh

Cargo.lock

@@ -9,3 +9,42 @@ members = [
 exclude = [
     "wasm/no_std",
 ]
+
+[workspace.dependencies]
+cggmp21 = { version = "0.4", path = "cggmp21" }
+cggmp21-keygen = { version = "0.3", path = "cggmp21-keygen" }
+key-share = { version = "0.4", path = "key-share", default-features = false }
+
+generic-ec = { version = "0.4", default-features = false } 
+generic-ec-zkp = { version = "0.4", default-features = false } 
+round-based = { version = "0.3", default-features = false }
+
+paillier-zk = "0.4" 
+udigest = { version = "0.2", default-features = false }
+
+digest = { version = "0.10", default-features = false }
+sha2 = { version = "0.10", default-features = false }
+
+rand = "0.8"
+rand_core = { version = "0.6", default-features = false }
+rand_hash = { version = "0.1" }
+rand_dev = "0.1"
+
+futures = "0.3"
+
+anyhow = "1"
+thiserror = "1"
+displaydoc = { version = "0.2", default-features = false }
+
+serde = { version = "1", default-features = false }
+serde_with = { version = "2", default-features = false }
+serde_json = "1"
+hex = { version = "0.4", default-features = false }
+
+slip-10 = { version = "0.4", default-features = false }
+
+generic-tests = "0.1"
+
+[patch.crates-io.paillier-zk]
+git = "https://github.com/dfnsco/paillier-zk-private"
+rev = "88cae377c9cbd75ca27bcd99ffbce2715486ce95"

Cargo.toml

@@ -1,5 +1,11 @@
 # Changelog
 
+## v0.3.0
+* security fix: derive challenges for zero-knowledge proof unambiguously
+* Update `udigest` to v0.2
+* Update `generic-ec` to v0.4
+* Update `slip-10` to v0.4
+
 ## v0.2.0
 * Make library `#![no_std]`-compatible and WASM-friendly [#100]
 * Provide sync API to carry out DKG protocol [#100]