spongefish 0.5.0

An implementation of the Fiat--Shamir transformation from Duplex Sponges.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108

//! curve25519-dalek codec implementations
use curve25519_dalek::{
    edwards::{CompressedEdwardsY, EdwardsPoint},
    ristretto::{CompressedRistretto, RistrettoPoint},
    scalar::Scalar,
};

use crate::{
    codecs::{Decoding, Encoding},
    error::VerificationError,
    io::NargDeserialize,
    VerificationResult,
};

// Make curve25519-dalek Scalar a valid Unit type
impl crate::Unit for Scalar {
    const ZERO: Self = Self::ZERO;
}

// Implement Decoding for curve25519-dalek Scalar
impl Decoding<[u8]> for Scalar {
    type Repr = super::Array64;

    fn decode(buf: Self::Repr) -> Self {
        let mut le_bytes = buf.0;
        le_bytes.reverse();
        Self::from_bytes_mod_order_wide(&le_bytes)
    }
}

impl Decoding<[u8]> for RistrettoPoint {
    type Repr = super::Array64;

    fn decode(buf: Self::Repr) -> Self {
        Self::from_uniform_bytes(&buf.0)
    }
}

// Implement Deserialize for curve25519-dalek Scalar using OS2IP (big-endian)
impl NargDeserialize for Scalar {
    fn deserialize_from_narg(buf: &mut &[u8]) -> VerificationResult<Self> {
        const N: usize = 32;
        if buf.len() < N {
            return Err(VerificationError);
        }

        let be_bytes = &buf[..N];
        let mut le_bytes = [0u8; N];
        le_bytes.copy_from_slice(be_bytes);
        le_bytes.reverse();
        Self::from_canonical_bytes(le_bytes)
            .into_option()
            .inspect(|_| *buf = &buf[N..])
            .ok_or(VerificationError)
    }
}

// Implement Deserialize for EdwardsPoint
impl NargDeserialize for EdwardsPoint {
    fn deserialize_from_narg(buf: &mut &[u8]) -> VerificationResult<Self> {
        if buf.len() < 32 {
            return Err(VerificationError);
        }
        let (head, tail) = buf.split_at(32);
        *buf = tail;
        CompressedEdwardsY(head.try_into().unwrap())
            .decompress()
            .ok_or(VerificationError)
    }
}

// Implement Deserialize for RistrettoPoint
impl NargDeserialize for RistrettoPoint {
    fn deserialize_from_narg(buf: &mut &[u8]) -> VerificationResult<Self> {
        if buf.len() < 32 {
            return Err(VerificationError);
        }
        let (head, tail) = buf.split_at(32);
        *buf = tail;
        CompressedRistretto(head.try_into().unwrap())
            .decompress()
            .ok_or(VerificationError)
    }
}

// Implement Encoding for curve25519-dalek Scalar using I2OSP (big-endian)
impl Encoding<[u8]> for Scalar {
    fn encode(&self) -> impl AsRef<[u8]> {
        let mut le_bytes = self.to_bytes();
        le_bytes.reverse();

        le_bytes
    }
}

// Implement Encoding for EdwardsPoint
impl Encoding<[u8]> for EdwardsPoint {
    fn encode(&self) -> impl AsRef<[u8]> {
        self.compress().to_bytes()
    }
}

// Implement Encoding for RistrettoPoint
impl Encoding<[u8]> for RistrettoPoint {
    fn encode(&self) -> impl AsRef<[u8]> {
        self.compress().to_bytes()
    }
}