frost-ed448 1.0.0

A Schnorr signature scheme over Ed448 that supports FROST.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42

use crate::*;
use ed448_goldilocks::curve::ExtendedPoint;
use frost_core::Ciphersuite;

#[test]
fn check_deserialize_non_canonical() {
    let mut encoded_generator = ExtendedPoint::generator().compress().0;

    let r = <Ed448Shake256 as Ciphersuite>::Group::deserialize(&encoded_generator);
    assert!(r.is_ok());

    // The last byte only should have the sign bit. Set all other bits to
    // create a non-canonical encoding.
    encoded_generator[56] |= 0x7f;
    let r = <Ed448Shake256 as Ciphersuite>::Group::deserialize(&encoded_generator);
    assert_eq!(r, Err(GroupError::MalformedElement));

    // Besides the last byte, it is still possible to get non-canonical encodings.
    // This is y = p + 19 which is non-canonical and maps to a valid prime-order point.
    let encoded_point = hex::decode("12000000000000000000000000000000000000000000000000000000ffffffffffffffffffffffffffffffffffffffffffffffffffffffff00").unwrap().try_into().unwrap();
    let r = <Ed448Shake256 as Ciphersuite>::Group::deserialize(&encoded_point);
    assert_eq!(r, Err(GroupError::MalformedElement));
}

#[test]
fn check_deserialize_non_prime_order() {
    let encoded_point =
        hex::decode("030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000")
            .unwrap()
            .try_into()
            .unwrap();
    let r = <Ed448Shake256 as Ciphersuite>::Group::deserialize(&encoded_point);
    assert_eq!(r, Err(GroupError::InvalidNonPrimeOrderElement));
}

#[test]
fn check_deserialize_identity() {
    let encoded_identity = ExtendedPoint::identity().compress().0;

    let r = <Ed448Shake256 as Ciphersuite>::Group::deserialize(&encoded_identity);
    assert_eq!(r, Err(GroupError::InvalidIdentityElement));
}