Update dependencies, 2.0.0 release (#35)

* Update deps, 2.0.0 release

* Fix minor clippy warnings (#38)

* Loop over test vectors directly

Address a clippy warning by unpacking over the container elements
directly instead of using a range and index variable. This is more
idiomatic.

* Simplify test assertion

Use the more explicit `is_err` instead of negating `is_ok`.
Addresses a clippy lint.

* Remove redundant struct label in test

Address a clippy warning. When the struct initialization value has
the same name as the member, it's idiomatic to omit the member label.

* Remove unnecessary base64 import

The base64 package is referred to by its full path, so the explict
`use` statement is redundant in contemporary rust compilers.

Addresses a clippy lint.

* Fix broken build status badge (#37)

The travis-ci.org service is no longer available. Link to the
github actions status badge and page instead.

* Update to criterion 0.5 (#36)

* Update to criterion 0.5

Use the latest release of the `criterion` benchmark framework,
v0.5.1 at the time of writing. No relevant api changes. This
aligns with more recent software releases so there's less
surprise and fewer old versions of things.

* Fix benchmark typo

Correct spelling of the "sign pre-tokens" benchmark.

* cargo fmt (#39)

---------

Co-authored-by: Ralph Giles <[email protected]>
Co-authored-by: Ralph Giles <[email protected]>

Cargo.toml

@@ -2,7 +2,7 @@
 authors = ["eV <[email protected]>"]
 edition = "2018"
 name = "challenge-bypass-ristretto"
-version = "1.0.2"
+version = "2.0.0"
 readme = "README.md"
 license = "MPL-2.0"
 repository = "https://github.com/brave-intl/challenge-bypass-ristretto"
@@ -14,13 +14,13 @@ exclude = [
 ]
 
 [dependencies]
-crypto-mac = "0.10"
-curve25519-dalek = { version = "3", default-features = false }
-digest = "0.9"
-hmac = "0.10"
-rand = { version = "0.7", default-features = false }
-rand_core = "0.5.1"
-rand_chacha = "0.2.2"
+crypto-mac = "0.11"
+curve25519-dalek = { version = "4", default-features = false, features = ["precomputed-tables", "zeroize", "rand_core", "digest"]}
+digest = "0.10"
+hmac = "0.12"
+rand = { version = "0.8", default-features = false }
+rand_core = "0.6"
+rand_chacha = "0.3"
 subtle = { version = "^2.2", default-features = false }
 zeroize = "1.3"
 
@@ -33,30 +33,21 @@ optional = true
 version = "^1.0.0"
 default-features = false
 
-[dependencies.merlin]
-optional = true
-version = "2"
-
 [dev-dependencies]
 serde_json = "1.0"
 serde = { version = "^1.0.0", features = ["derive"] }
-sha2 = "0.9"
+sha2 = "0.10"
 base64 = "0.13"
-rand = { version = "0.7", default-features = true }
-criterion = { version = "0.3.4", features = ["html_reports"] }
+rand = { version = "0.8", default-features = true }
+criterion = { version = "0.5", features = ["html_reports"] }
 
 [features]
-nightly = ["curve25519-dalek/nightly"]
-default = ["std", "u64_backend"]
-std = ["alloc", "curve25519-dalek/std", "subtle/std"]
+default = ["std"]
+std = ["alloc", "subtle/std"]
 alloc = ["curve25519-dalek/alloc"]
-u32_backend = ["curve25519-dalek/u32_backend"]
-u64_backend = ["curve25519-dalek/u64_backend"]
-avx2_backend = ["curve25519-dalek/avx2_backend"]
 serde_base64 = ["serde", "base64"]
 
 [package.metadata.docs.rs]
-features = ["nightly"]
 rustdoc-args = [
     "--document-private-items",
     "--html-in-header",

Makefile

@@ -1,4 +1,4 @@
 .PHONY: docs
 
 docs:
-	cargo rustdoc --features nightly -- --document-private-items --html-in-header ./rustdoc-include-katex-header.html
+	cargo rustdoc -- --document-private-items --html-in-header ./rustdoc-include-katex-header.html

README.md

@@ -1,4 +1,4 @@
-# challenge-bypass-ristretto [![](https://img.shields.io/crates/v/challenge-bypass-ristretto.svg)](https://crates.io/crates/challenge-bypass-ristretto) [![](https://docs.rs/challenge-bypass-ristretto/badge.svg)](https://docs.rs/challenge-bypass-ristretto) [![Build Status](https://travis-ci.org/brave-intl/challenge-bypass-ristretto.svg?branch=master)](https://travis-ci.org/brave-intl/challenge-bypass-ristretto)
+# challenge-bypass-ristretto [![](https://img.shields.io/crates/v/challenge-bypass-ristretto.svg)](https://crates.io/crates/challenge-bypass-ristretto) [![](https://docs.rs/challenge-bypass-ristretto/badge.svg)](https://docs.rs/challenge-bypass-ristretto) [![Build Status](https://github.com/brave-intl/challenge-bypass-ristretto/workflows/CI/badge.svg)](https://github.com/brave-intl/challenge-bypass-ristretto/actions)
 
 **A rust implemention of the
 [privacy pass cryptographic protocol](https://www.petsymposium.org/2018/files/papers/issue3/popets-2018-0026.pdf)
@@ -99,10 +99,6 @@ The optional features include `base64` and `serde`.
 * `base64` exposes methods for base64 encoding / decoding of the various structures.
 * `serde` implements the [serde](https://serde.rs) `Serialize` / `Deserialize` traits.
 
-`merlin` is an experimental feature that uses [merlin](https://github.com/dalek-cryptography/merlin) to implement the DLEQ proofs. This diverges from
-the original protocol specified in the privacy pass paper. It is not yet stable / intended for use and
-is implemented in [`src/dleq_merlin.rs`].
-
 # Development
 
 Install rust.
@@ -115,6 +111,5 @@ Run `cargo build`
 
 Run `cargo test`
 
-[`src/dleq_merlin.rs`]: src/dleq_merlin.rs
 [`tests/e2e.rs`]: tests/e2e.rs
 [a more detailed writeup is also available]: https://docs.rs/challenge-bypass-ristretto#cryptographic-protocol

benches/benchmarks.rs

@@ -31,7 +31,7 @@ pub fn e2e_server_benchmarks(c: &mut Criterion) {
 
     let signing_req = client.create_tokens(n_tokens);
 
-    c.bench_function("sing pre-tokens", |b| {
+    c.bench_function("sign pre-tokens", |b| {
         b.iter(|| {
             let _signing_resp = server.sign_tokens(signing_req.clone());
         });
@@ -72,7 +72,6 @@ struct Client {
     unblinded_tokens: Vec<UnblindedToken>,
 }
 
-#[cfg(not(feature = "merlin"))]
 impl Client {
     fn create_tokens(&mut self, n: u8) -> SigningRequest {
         let mut rng = OsRng;
@@ -137,7 +136,6 @@ struct Server {
     spent_tokens: Vec<TokenPreimage>,
 }
 
-#[cfg(not(feature = "merlin"))]
 impl Server {
     fn sign_tokens(&self, req: SigningRequest) -> SigningResponse {
         let mut rng = OsRng;

src/dleq.rs

@@ -49,7 +49,7 @@ impl DLEQProof {
     {
         let t = Scalar::random(rng);
 
-        let A = &t * &constants::RISTRETTO_BASEPOINT_TABLE;
+        let A = t * constants::RISTRETTO_BASEPOINT_POINT;
         let B = t * P;
 
         let mut h = D::default();
@@ -113,7 +113,7 @@ impl DLEQProof {
         let X = constants::RISTRETTO_BASEPOINT_COMPRESSED;
         let Y = public_key.0;
 
-        let A = (&self.s * &constants::RISTRETTO_BASEPOINT_TABLE)
+        let A = (self.s * constants::RISTRETTO_BASEPOINT_POINT)
             + (self.c
                 * Y.decompress()
                     .ok_or(TokenError(InternalError::PointDecompressionError))?);
@@ -195,9 +195,9 @@ impl DLEQProof {
         c_bits.copy_from_slice(&bytes[..32]);
         s_bits.copy_from_slice(&bytes[32..]);
 
-        let c = Scalar::from_canonical_bytes(c_bits)
+        let c = Option::from(Scalar::from_canonical_bytes(c_bits))
             .ok_or(TokenError(InternalError::ScalarFormatError))?;
-        let s = Scalar::from_canonical_bytes(s_bits)
+        let s = Option::from(Scalar::from_canonical_bytes(s_bits))
             .ok_or(TokenError(InternalError::ScalarFormatError))?;
 
         Ok(DLEQProof { c, s })
@@ -379,7 +379,7 @@ mod tests {
 
         let proof = DLEQProof::_new::<Sha512, _>(&mut rng, P, Q, &key1);
 
-        assert!(!proof._verify::<Sha512>(P, Q, &key1.public_key).is_ok());
+        assert!(proof._verify::<Sha512>(P, Q, &key1.public_key).is_err());
     }
 
     #[allow(non_snake_case)]
@@ -393,9 +393,7 @@ mod tests {
 ("tviSLm/W8oFds67y9lMs990fjh08hQNV17/4V2bmOQY=", "5ufRlCvVKvXp1yuxxS7Jvw9LSwQUl6Q/MlT6HY2l1Hc=", "zOVEbK4KQ1GBW97YUVNguoN+NntwtGi1t+EeioMusXY=", "lH2gNbwqSC1nYYxT3I7fNQagTsD4OvSbzwrSCpanQkQ=", "NJF9U3TWiCWMd6Qh/vA90F/2N6udsXbTvifNxf0rzgbhInoEvYDi5jZAZUQEi7x7mmP8iFq7+ukoOroy6/8jCw=="),
 ("Ge3prZ2jJSoh1A3ZvrSfaSA1kDziGW2I+Gmh6jniaAs=", "2nNCd5YN9H5EYlOL9/kmLYNBMkaLwnG3wjyd7jw2QAY=", "YHdAzlpSTAMy3mB+F4mPwlyVl+V9Yt4f3cDPNJpWdns=", "gEnqgXg3FDaCQFayTXrIfpbZ2n0P6FD/95LuMsdIfFk=", "Fj2/YunbQs5XxSyLxl/fC4dAfRlErGurTtHHSfGKyQTzrLZrO7VghmGFQaMAXZ+jg+6v99YL6FWj1Y/5WFt2Aw=="),
         ];
-        for i in 0..vectors.len() {
-            let (k, Y, P, Q_b64, dleq_b64) = vectors[i];
-
+        for (k, Y, P, Q_b64, dleq_b64) in vectors {
             let server_key = SigningKey::decode_base64(k).unwrap();
 
             assert_eq!(server_key.public_key.encode_base64(), Y);
@@ -430,9 +428,7 @@ mod tests {
 ("siv+BM3AvP8Jv1aL4MFhMs9Xa6jxUNhFXpTWDfGrZQQ=", "XgFOlHEz5zm5dtx6ptYIXNg1NsJ/3vAq+cf/9eBkbxI=", "dsaMl4/9FcOFtaW3l65y1Z9ETJR36aTcXPMp+w4HGUY=,aH2q1HiReMA/Ney2NNZCgl+5GKK9xrxVwdC+THq9pFY=,uGRqS51VD7DuK0gSpMb3owRld57W6DqOyZpygXJVpmI=,Bvv+lqtCg39SD1H218rPZdQTmYPe2HD3QScntqw1oFA=,9IHWUyv/SCwZ4WKEGi58+bQ5nHsaDBXCku2vOzGvgUY=", "4lPV/OyNjVy4VTUvaROxCuq4ryfegkt7jt5IhrX9THo=,4EAmV5Mv3a/IQFsfVlaFxErNc96Ns980FT4yLlCdoxA=,bgGM37uBMLdRRAd1cu/4Iq+FzFwzRFLVhqp2uGFnPQc=,rCn4OuWnV5tTsgcPJAYRSqfONZf9k/92fwzWHtUxxh8=,lHCDzazDlU0w735u7OQmJM96WGeaNFILanawmC9EwFE=", "jotItTWLW/kpDeh8KJQtNqM7ON0YibEJ7R8VnMHP7Cs=", "Pu49xb3Ixn+Dfg6s+wgjyoPy7ickB5lM7/MxQVdpaUI=", "N6vDmGbYZ0aa9S2JqWSYppiX1AV33QDXGc8FHaF0aQ9y6Hp68UEkI2x5AJQ3URqS+5/x1AuucMH0AOMcLNqODg=="),
 ("jTTf/D0gicaG++cQJ1X4qYaOqk4YPo0p6Mo2B95kJAg=", "LCtewONuYTXljy+oK73/m7CON/vr/e1r4aDaVE3xDnc=", "GsomH3aBo6qBHaNGzZZ/pNOviBTbZrUfpthgYU5jAmU=,wHvznjZDA9L8dgQGEj7wf1/QGxunE5/WYdxUpQX4Umc=,ZMxkDV7epUgmpix38jBfWv42VeMQefypY56dnysikWA=,aEy+/J0AFmjYGTjcv5y942fleEk/0rwqlD+kXSn0vCM=,QJMHfIYUraWdJKzenROtgLyjU9MrDtDDwFfDNIcjCHA=", "aGUXY5bBYoDmw4x1muwHzKp1w2sITQMeDfsyxv9EUDc=,qh0wfC/wAdclIJ79R+IIpPJLJM5aBe/i5i54dQOn3Vk=,zCi7XaHyO/b9SfN2AYuJcC60zqnIorkXMjjbixhEKxk=,XlBf7DyH5FtcUyr9Gfnj8i3cnKKPtWGHXm/LpIQX4gM=,wHtZg2i40wdxQvHehZEunTHiODSuEMv8suwFaqynmTQ=", "osUDqpps33Jw0k7vEHFCAk+iywlE7YrXrX5RfqC0olA=", "LnD9wlZrDo3v6dw56owm6NazoBLKwtqMPWdtxSRVWxc=", "KVEotBgIaz5Rymqpy4paroHGQyD/80FdvLCrONxDzQUWgNZxZ6aiCJ2VxIGP+6+86FZXS1sXGgs3dwft/VMCCw=="),
         ];
-        for i in 0..vectors.len() {
-            let (k, Y, P, Q, M_b64, Z_b64, dleq_b64) = vectors[i];
-
+        for (k, Y, P, Q, M_b64, Z_b64, dleq_b64) in vectors {
             let server_key = SigningKey::decode_base64(k).unwrap();
 
             assert_eq!(server_key.public_key.encode_base64(), Y);