diff --git a/applications/proof_of_work_app.go b/applications/proof_of_work_app.go index 6156938..0b88dd3 100644 --- a/applications/proof_of_work_app.go +++ b/applications/proof_of_work_app.go @@ -78,6 +78,8 @@ func (powapp *ProofOfWorkApplication) solveChallenge(challenge []byte, prng core log.Errorf("error completing challenge: %v", err) return nil } + + //lint:ignore SA1019 API this is "deprecated", but without it it will cause an allocation on every single check solution = next.Encode(encodedSolution) copy(solve[0:], solution[:]) diff --git a/go.mod b/go.mod index 592dd36..754a84f 100644 --- a/go.mod +++ b/go.mod @@ -1,13 +1,21 @@ module git.openprivacy.ca/cwtch.im/tapir -go 1.16 +go 1.17 require ( - git.openprivacy.ca/openprivacy/connectivity v1.8.5 + git.openprivacy.ca/openprivacy/connectivity v1.8.6 git.openprivacy.ca/openprivacy/log v1.0.3 - github.com/davecgh/go-spew v1.1.1 // indirect github.com/gtank/merlin v0.1.1 - github.com/gtank/ristretto255 v0.1.2 - go.etcd.io/bbolt v1.3.4 - golang.org/x/crypto v0.0.0-20201012173705-84dcc777aaee + github.com/gtank/ristretto255 v0.1.3-0.20210930101514-6bb39798585c + go.etcd.io/bbolt v1.3.6 + golang.org/x/crypto v0.0.0-20220826181053-bd7e27e6170d +) + +require ( + filippo.io/edwards25519 v1.0.0 // indirect + git.openprivacy.ca/openprivacy/bine v0.0.4 // indirect + github.com/davecgh/go-spew v1.1.1 // indirect + github.com/mimoo/StrobeGo v0.0.0-20220103164710-9a04d6ca976b // indirect + golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b // indirect + golang.org/x/sys v0.0.0-20220825204002-c680a09ffe64 // indirect ) diff --git a/go.sum b/go.sum index 3918aff..2a30915 100644 --- a/go.sum +++ b/go.sum @@ -1,18 +1,10 @@ -filippo.io/edwards25519 v1.0.0-rc.1 h1:m0VOOB23frXZvAOK44usCgLWvtsxIoMCTBGJZlpmGfU= filippo.io/edwards25519 v1.0.0-rc.1/go.mod h1:N1IkdkCkiLB6tki+MYJoSx2JTY9NUlxZE7eHn5EwJns= +filippo.io/edwards25519 v1.0.0 h1:0wAIcmJUqRdI8IJ/3eGi5/HwXZWPujYXXlkrQogz0Ek= +filippo.io/edwards25519 v1.0.0/go.mod h1:N1IkdkCkiLB6tki+MYJoSx2JTY9NUlxZE7eHn5EwJns= git.openprivacy.ca/openprivacy/bine v0.0.4 h1:CO7EkGyz+jegZ4ap8g5NWRuDHA/56KKvGySR6OBPW+c= git.openprivacy.ca/openprivacy/bine v0.0.4/go.mod h1:13ZqhKyqakDsN/ZkQkIGNULsmLyqtXc46XBcnuXm/mU= -git.openprivacy.ca/openprivacy/connectivity v1.6.0 h1:j44Kya3GBH4BDGh0f5JD/eNAb77XiQreIZtzcY8Gn28= -git.openprivacy.ca/openprivacy/connectivity v1.6.0/go.mod h1:UjQiGBnWbotmBzIw59B8H6efwDadjkKzm3RPT1UaIRw= -git.openprivacy.ca/openprivacy/connectivity v1.8.1 h1:OjWy+JTAvlrstY8PnGPBp7Ho04JaKHaQ+YdoLwSdaCo= -git.openprivacy.ca/openprivacy/connectivity v1.8.1/go.mod h1:UjQiGBnWbotmBzIw59B8H6efwDadjkKzm3RPT1UaIRw= -git.openprivacy.ca/openprivacy/connectivity v1.8.2 h1:uCFnrJXsTh3ne4GcgvamoxomQ6fMishD3C2nQGpgdMY= -git.openprivacy.ca/openprivacy/connectivity v1.8.2/go.mod h1:UjQiGBnWbotmBzIw59B8H6efwDadjkKzm3RPT1UaIRw= -git.openprivacy.ca/openprivacy/connectivity v1.8.3 h1:bWM8aQHqHIpobYQcLQ9OsNPoIl+H+4JFWbYGdG0nHlg= -git.openprivacy.ca/openprivacy/connectivity v1.8.3/go.mod h1:UjQiGBnWbotmBzIw59B8H6efwDadjkKzm3RPT1UaIRw= -git.openprivacy.ca/openprivacy/connectivity v1.8.5 h1:eAlpNyxMBVq/PK+5EkG3zpcCjRjxi6Sg+iVoamuX1co= -git.openprivacy.ca/openprivacy/connectivity v1.8.5/go.mod h1:pG50Dq4IelxFGyF1y8dU5kXrnsDGEnobbEFZlB9COLM= -git.openprivacy.ca/openprivacy/log v1.0.2/go.mod h1:gGYK8xHtndRLDymFtmjkG26GaMQNgyhioNS82m812Iw= +git.openprivacy.ca/openprivacy/connectivity v1.8.6 h1:g74PyDGvpMZ3+K0dXy3mlTJh+e0rcwNk0XF8owzkmOA= +git.openprivacy.ca/openprivacy/connectivity v1.8.6/go.mod h1:Hn1gpOx/bRZp5wvCtPQVJPXrfeUH0EGiG/Aoa0vjGLg= git.openprivacy.ca/openprivacy/log v1.0.3 h1:E/PMm4LY+Q9s3aDpfySfEDq/vYQontlvNj/scrPaga0= git.openprivacy.ca/openprivacy/log v1.0.3/go.mod h1:gGYK8xHtndRLDymFtmjkG26GaMQNgyhioNS82m812Iw= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -20,41 +12,48 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/gtank/merlin v0.1.1 h1:eQ90iG7K9pOhtereWsmyRJ6RAwcP4tHTDBHXNg+u5is= github.com/gtank/merlin v0.1.1/go.mod h1:T86dnYJhcGOh5BjZFCJWTDeTK7XW8uE+E21Cy/bIQ+s= -github.com/gtank/ristretto255 v0.1.2 h1:JEqUCPA1NvLq5DwYtuzigd7ss8fwbYay9fi4/5uMzcc= -github.com/gtank/ristretto255 v0.1.2/go.mod h1:Ph5OpO6c7xKUGROZfWVLiJf9icMDwUeIvY4OmlYW69o= -github.com/mimoo/StrobeGo v0.0.0-20181016162300-f8f6d4d2b643 h1:hLDRPB66XQT/8+wG9WsDpiCvZf1yKO7sz7scAjSlBa0= +github.com/gtank/ristretto255 v0.1.3-0.20210930101514-6bb39798585c h1:gkfmnY4Rlt3VINCo4uKdpvngiibQyoENVj5Q88sxXhE= +github.com/gtank/ristretto255 v0.1.3-0.20210930101514-6bb39798585c/go.mod h1:tDPFhGdt3hJWqtKwx57i9baiB1Cj0yAg22VOPUqm5vY= github.com/mimoo/StrobeGo v0.0.0-20181016162300-f8f6d4d2b643/go.mod h1:43+3pMjjKimDBf5Kr4ZFNGbLql1zKkbImw+fZbw3geM= +github.com/mimoo/StrobeGo v0.0.0-20220103164710-9a04d6ca976b h1:QrHweqAtyJ9EwCaGHBu1fghwxIPiopAHV06JlXrMHjk= +github.com/mimoo/StrobeGo v0.0.0-20220103164710-9a04d6ca976b/go.mod h1:xxLb2ip6sSUts3g1irPVHyk/DGslwQsNOo9I7smJfNU= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/stretchr/objx v0.1.0 h1:4G4v2dO3VZwixGIRoQ5Lfboy6nUhCyYzaqnIAPPhYs4= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0= github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= go.etcd.io/bbolt v1.3.4 h1:hi1bXHMVrlQh6WwxAy+qZCV/SYIlqo+Ushwdpa4tAKg= go.etcd.io/bbolt v1.3.4/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ= +go.etcd.io/bbolt v1.3.6 h1:/ecaJf0sk1l4l6V4awd65v2C3ILy7MSj+s/x1ADCIMU= +go.etcd.io/bbolt v1.3.6/go.mod h1:qXsaaIqmgQH0T+OPdb99Bf+PKfBBQVAdyD6TY9G8XM4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20201012173705-84dcc777aaee h1:4yd7jl+vXjalO5ztz6Vc1VADv+S/80LGJmyl1ROJ2AI= golang.org/x/crypto v0.0.0-20201012173705-84dcc777aaee/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20220826181053-bd7e27e6170d h1:3qF+Z8Hkrw9sOhrFHti9TlB1Hkac1x+DNRkv0XQiFjo= +golang.org/x/crypto v0.0.0-20220826181053-bd7e27e6170d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20201010224723-4f7140c49acb/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4 h1:4nGaVu0QrbjT/AK2PRLuQfQuh6DJve+pELhqTdAj3x0= -golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= +golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b h1:ZmngSVLe/wycRns9MKikG9OWIEjGcGAkacif7oYQaUY= +golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200923182605-d9f96fdee20d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44 h1:Bli41pIlzTzf3KEY06n+xnzK/BESIg2ze4Pgfh/aI8c= -golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1 h1:v+OssWQX+hTHEmOBgwxdZxK4zHq3yOs8F9J7mk0PY8E= +golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220825204002-c680a09ffe64 h1:UiNENfZ8gDvpiWw7IpOMQ27spWmThO1RwwdQVbJahJM= +golang.org/x/sys v0.0.0-20220825204002-c680a09ffe64/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= +golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.3 h1:cokOdA+Jmi5PJGXLlLllQSgYigAEfHXJAERHVMaCc2k= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e h1:FDhOuMEY4JVRztM/gsbk+IKUQ8kj74bxZrgw87eMMVc= +golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/primitives/core/transcript.go b/primitives/core/transcript.go index 3d5e8c9..bccd6f1 100644 --- a/primitives/core/transcript.go +++ b/primitives/core/transcript.go @@ -39,7 +39,7 @@ func (t *Transcript) AddToTranscript(label string, b []byte) { // AddElementToTranscript appends a value to the transcript with the given label // This binds the given data to the label. func (t *Transcript) AddElementToTranscript(label string, element *ristretto.Element) { - t.AddToTranscript(label, element.Encode([]byte{})) + t.AddToTranscript(label, element.Bytes()) } // OutputTranscriptToAudit outputs a human-readable copy of the transcript so far. @@ -74,7 +74,7 @@ func (prng *PRNG) Next(buf []byte, next *ristretto.Scalar) error { log.Errorf("could not read prng: %v %v", n, err) return fmt.Errorf("error fetching complete output from prng: %v", err) } - next.FromUniformBytes(buf) + next.SetUniformBytes(buf) return nil } @@ -89,7 +89,8 @@ func (t *Transcript) CommitToPRNG(label string) PRNG { // CommitToGenerator derives a verifiably random generator from the transcript func (t *Transcript) CommitToGenerator(label string) *ristretto.Element { c := t.CommitToTranscript(label) - return new(ristretto.Element).FromUniformBytes(c) + result, _ := new(ristretto.Element).SetUniformBytes(c) + return result } // CommitToGenerators derives a set of verifiably random generators from the transcript @@ -104,6 +105,6 @@ func (t *Transcript) CommitToGenerators(label string, n int) (generators []*rist func (t *Transcript) CommitToTranscriptScalar(label string) *ristretto.Scalar { c := t.CommitToTranscript(label) s := new(ristretto.Scalar) - s.FromUniformBytes(c[:]) + s.SetUniformBytes(c[:]) return s } diff --git a/primitives/privacypass/dlogeq.go b/primitives/privacypass/dlogeq.go index 438a4f3..2694771 100644 --- a/primitives/privacypass/dlogeq.go +++ b/primitives/privacypass/dlogeq.go @@ -25,17 +25,19 @@ type DLEQProof struct { func DiscreteLogEquivalenceProof(k *ristretto.Scalar, X *ristretto.Element, Y *ristretto.Element, P *ristretto.Element, Q *ristretto.Element, transcript *core.Transcript) DLEQProof { private := make([]byte, 64) rand.Read(private) - t := new(ristretto.Scalar) - t.FromUniformBytes(private) + t, err := new(ristretto.Scalar).SetUniformBytes(private) + if err != nil { + return DLEQProof{ristretto.NewScalar(), ristretto.NewScalar()} + } A := new(ristretto.Element).ScalarMult(t, X) B := new(ristretto.Element).ScalarMult(t, P) - transcript.AddToTranscript(DLEQX, X.Encode(nil)) - transcript.AddToTranscript(DLEQY, Y.Encode(nil)) - transcript.AddToTranscript(DLEQP, P.Encode(nil)) - transcript.AddToTranscript(DLEQQ, Q.Encode(nil)) - transcript.AddToTranscript(DLEQA, A.Encode(nil)) - transcript.AddToTranscript(DLEQB, B.Encode(nil)) + transcript.AddToTranscript(DLEQX, X.Bytes()) + transcript.AddToTranscript(DLEQY, Y.Bytes()) + transcript.AddToTranscript(DLEQP, P.Bytes()) + transcript.AddToTranscript(DLEQQ, Q.Bytes()) + transcript.AddToTranscript(DLEQA, A.Bytes()) + transcript.AddToTranscript(DLEQB, B.Bytes()) c := transcript.CommitToTranscriptScalar("c") s := new(ristretto.Scalar).Subtract(t, new(ristretto.Scalar).Multiply(c, k)) @@ -62,12 +64,12 @@ func VerifyDiscreteLogEquivalenceProof(dleq DLEQProof, X *ristretto.Element, Y * A := new(ristretto.Element).Add(Xs, Yc) B := new(ristretto.Element).Add(Ps, Qc) - transcript.AddToTranscript(DLEQX, X.Encode(nil)) - transcript.AddToTranscript(DLEQY, Y.Encode(nil)) - transcript.AddToTranscript(DLEQP, P.Encode(nil)) - transcript.AddToTranscript(DLEQQ, Q.Encode(nil)) - transcript.AddToTranscript(DLEQA, A.Encode(nil)) - transcript.AddToTranscript(DLEQB, B.Encode(nil)) + transcript.AddToTranscript(DLEQX, X.Bytes()) + transcript.AddToTranscript(DLEQY, Y.Bytes()) + transcript.AddToTranscript(DLEQP, P.Bytes()) + transcript.AddToTranscript(DLEQQ, Q.Bytes()) + transcript.AddToTranscript(DLEQA, A.Bytes()) + transcript.AddToTranscript(DLEQB, B.Bytes()) return transcript.CommitToTranscriptScalar("c").Equal(dleq.C) == 1 } diff --git a/primitives/privacypass/token.go b/primitives/privacypass/token.go index 28160c8..a91db76 100644 --- a/primitives/privacypass/token.go +++ b/primitives/privacypass/token.go @@ -55,10 +55,10 @@ func (t *Token) GenBlindedToken() BlindedToken { t.r = new(ristretto.Scalar) b := make([]byte, 64) rand.Read(b) - t.r.FromUniformBytes(b) + t.r.SetUniformBytes(b) Ht := sha3.Sum512(t.t) - T := new(ristretto.Element).FromUniformBytes(Ht[:]) + T, _ := new(ristretto.Element).SetUniformBytes(Ht[:]) P := new(ristretto.Element).ScalarMult(t.r, T) return BlindedToken{P} } @@ -70,7 +70,7 @@ func (t *Token) unblindSignedToken(token SignedToken) { // SpendToken binds the token with data and then redeems the token func (t *Token) SpendToken(data []byte) SpentToken { - key := sha3.Sum256(append(t.t, t.W.Encode(nil)...)) + key := sha3.Sum256(append(t.t, t.W.Bytes()...)) mac := hmac.New(sha3.New512, key[:]) mac.Write(data) return SpentToken{t.t, mac.Sum(nil)} @@ -88,13 +88,13 @@ func GenerateBlindedTokenBatch(num int) (tokens []*Token, blindedTokens []Blinde // verifyBatchProof verifies a given batch proof (see also UnblindSignedTokenBatch) func verifyBatchProof(dleq DLEQProof, Y *ristretto.Element, blindedTokens []BlindedToken, signedTokens []SignedToken, transcript *core.Transcript) bool { transcript.NewProtocol(BatchProofProtocol) - transcript.AddToTranscript(BatchProofX, new(ristretto.Element).Base().Encode(nil)) - transcript.AddToTranscript(BatchProofY, Y.Encode(nil)) + transcript.AddToTranscript(BatchProofX, ristretto.NewGeneratorElement().Bytes()) + transcript.AddToTranscript(BatchProofY, Y.Bytes()) transcript.AddToTranscript(BatchProofPVector, []byte(fmt.Sprintf("%v", blindedTokens))) transcript.AddToTranscript(BatchProofQVector, []byte(fmt.Sprintf("%v", signedTokens))) prng := transcript.CommitToPRNG("w") - M := new(ristretto.Element).Zero() - Z := new(ristretto.Element).Zero() + M := ristretto.NewIdentityElement() + Z := ristretto.NewIdentityElement() buf := make([]byte, 64) c := new(ristretto.Scalar) for i := range blindedTokens { @@ -106,7 +106,7 @@ func verifyBatchProof(dleq DLEQProof, Y *ristretto.Element, blindedTokens []Blin M = new(ristretto.Element).Add(new(ristretto.Element).ScalarMult(c, blindedTokens[i].P), M) Z = new(ristretto.Element).Add(new(ristretto.Element).ScalarMult(c, signedTokens[i].Q), Z) } - return VerifyDiscreteLogEquivalenceProof(dleq, new(ristretto.Element).Base(), Y, M, Z, transcript) + return VerifyDiscreteLogEquivalenceProof(dleq, ristretto.NewGeneratorElement(), Y, M, Z, transcript) } // UnblindSignedTokenBatch taking in a set of tokens, their blinded & signed counterparts, a server public key (Y), a DLEQ proof and a transcript diff --git a/primitives/privacypass/token_test.go b/primitives/privacypass/token_test.go index 4b4b042..15d83e4 100644 --- a/primitives/privacypass/token_test.go +++ b/primitives/privacypass/token_test.go @@ -52,7 +52,7 @@ func TestToken_ConstrainToToken(t *testing.T) { token2 := new(Token) blindedToken2 := token2.GenBlindedToken() Ht := sha3.Sum512(token.t) - T := new(ristretto255.Element).FromUniformBytes(Ht[:]) + T, _ := new(ristretto255.Element).SetUniformBytes(Ht[:]) // Constraint forces T = kW to be part of the batch proof // And because the batch proof must prove that *all* inputs share the same key and also checks the servers public key // We get a consistency check for almost free. @@ -75,7 +75,7 @@ func TestGenerateBlindedTokenBatch(t *testing.T) { db.Open("tokens.db") fakeRand := sha512.Sum512([]byte{}) - k := ristretto255.NewScalar().FromUniformBytes(fakeRand[:]) + k, _ := ristretto255.NewScalar().SetUniformBytes(fakeRand[:]) server := NewTokenServerFromStore(k, db) defer server.Close() diff --git a/primitives/privacypass/tokenserver.go b/primitives/privacypass/tokenserver.go index afa5b5e..a981ed3 100644 --- a/primitives/privacypass/tokenserver.go +++ b/primitives/privacypass/tokenserver.go @@ -39,7 +39,7 @@ func NewTokenServer() *TokenServer { // unable to generate secure random numbers panic("unable to generate secure random numbers") } - k.FromUniformBytes(b) + k.SetUniformBytes(b) return &TokenServer{k, new(ristretto.Element).ScalarBaseMult(k), make(map[string]bool), nil, sync.Mutex{}} } @@ -92,7 +92,10 @@ func (ts *TokenServer) SignBlindedTokenBatchWithConstraint(blindedTokens []Blind signedTokens = append(signedTokens, ts.SignBlindedToken(bt)) } Ht := sha3.Sum512(constraintToken) - T := new(ristretto.Element).FromUniformBytes(Ht[:]) + T, err := new(ristretto.Element).SetUniformBytes(Ht[:]) + if err != nil { + return nil, err + } // W == kT W := new(ristretto.Element).ScalarMult(ts.k, T) blindedTokens = append(blindedTokens, BlindedToken{P: T}) @@ -107,14 +110,14 @@ func (ts *TokenServer) SignBlindedTokenBatchWithConstraint(blindedTokens []Blind // constructBatchProof construct a batch proof that all the signed tokens have been signed correctly func (ts *TokenServer) constructBatchProof(blindedTokens []BlindedToken, signedTokens []SignedToken, transcript *core.Transcript) (*DLEQProof, error) { transcript.NewProtocol(BatchProofProtocol) - transcript.AddToTranscript(BatchProofX, new(ristretto.Element).Base().Encode(nil)) - transcript.AddToTranscript(BatchProofY, ts.Y.Encode(nil)) + transcript.AddToTranscript(BatchProofX, ristretto.NewGeneratorElement().Bytes()) + transcript.AddToTranscript(BatchProofY, ts.Y.Bytes()) transcript.AddToTranscript(BatchProofPVector, []byte(fmt.Sprintf("%v", blindedTokens))) transcript.AddToTranscript(BatchProofQVector, []byte(fmt.Sprintf("%v", signedTokens))) prng := transcript.CommitToPRNG("w") - M := new(ristretto.Element).Zero() - Z := new(ristretto.Element).Zero() + M := ristretto.NewIdentityElement() + Z := ristretto.NewIdentityElement() buf := make([]byte, 64) c := new(ristretto.Scalar) @@ -127,7 +130,7 @@ func (ts *TokenServer) constructBatchProof(blindedTokens []BlindedToken, signedT M = new(ristretto.Element).Add(new(ristretto.Element).ScalarMult(c, blindedTokens[i].P), M) Z = new(ristretto.Element).Add(new(ristretto.Element).ScalarMult(c, signedTokens[i].Q), Z) } - proof := DiscreteLogEquivalenceProof(ts.k, new(ristretto.Element).Base(), ts.Y, M, Z, transcript) + proof := DiscreteLogEquivalenceProof(ts.k, ristretto.NewGeneratorElement(), ts.Y, M, Z, transcript) return &proof, nil } @@ -146,9 +149,12 @@ func (ts *TokenServer) SpendToken(token SpentToken, data []byte) error { } } Ht := sha3.Sum512(token.T) - T := new(ristretto.Element).FromUniformBytes(Ht[:]) + T, err := new(ristretto.Element).SetUniformBytes(Ht[:]) + if err != nil { + return err + } W := new(ristretto.Element).ScalarMult(ts.k, T) - key := sha3.Sum256(append(token.T, W.Encode(nil)...)) + key := sha3.Sum256(append(token.T, W.Bytes()...)) mac := hmac.New(sha3.New512, key[:]) mac.Write(data) computedMAC := mac.Sum(nil)