Skip to content

Commit 0ebff0e

Browse files
chore(deps): migrate to curve25519-dalek 5.0, rand 0.10, sha3 0.12 (#24)
Land the RustCrypto + rand stack that was previously gated on curve25519-dalek 5.0. The 5.0.0-rc.1 release moves its public API to rand_core 0.10 and digest 0.11, which unblocks the coupled bumps: - curve25519-dalek 4.1 -> =5.0.0-rc.1 (pinned; pre-release) - rand_core 0.6 -> 0.10 (CryptoRng now implies Rng; drop deprecated RngCore from the generic bounds) - sha3 0.10 -> 0.12 (digest 0.11); Shake128 moved to the new `shake` crate, added as a dependency - rand (dev) 0.8 -> 0.10; OsRng removed, tests/bench/doctest use rand::rng() (ThreadRng), and thread_rng() -> rand::rng() MSRV already declares 1.91.1. no_std wasm builds, all tests, doctest and benches pass. Refs #15 Co-authored-by: dobby-yivi-agent[bot] <275734547+dobby-yivi-agent[bot]@users.noreply.github.com> Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
1 parent b482e51 commit 0ebff0e

3 files changed

Lines changed: 37 additions & 33 deletions

File tree

Cargo.toml

Lines changed: 5 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -11,21 +11,22 @@ license = "MIT OR Apache-2.0"
1111
repository = "https://github.com/encryption4all/ibs"
1212

1313
[dependencies]
14-
curve25519-dalek = { version = "4.1.1", features = [
14+
curve25519-dalek = { version = "=5.0.0-rc.1", features = [
1515
"alloc",
1616
"precomputed-tables",
1717
"digest",
1818
"rand_core",
1919
] }
20-
rand_core = { version = "0.6", default-features = false }
21-
sha3 = { version = "0.10", default-features = false }
20+
rand_core = { version = "0.10", default-features = false }
21+
sha3 = { version = "0.12", default-features = false }
22+
shake = { version = "0.1", default-features = false }
2223
zeroize = { version = "1.6.0", features = ["zeroize_derive"], optional = true }
2324
serde = { version = "1.0", default-features = false, optional = true }
2425

2526
[dev-dependencies]
2627
bincode-next = { version = "=3.0.0-rc.13", default-features = false, features = ["std", "serde"] }
2728
criterion = "0.8"
28-
rand = "0.8"
29+
rand = "0.10"
2930

3031
[features]
3132
default = ["serde", "zeroize"]

benches/bench.rs

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@ use std::hint::black_box;
88
use rand::prelude::*;
99

1010
pub fn criterion_benchmark_ibs(c: &mut Criterion) {
11-
let mut rng = thread_rng();
11+
let mut rng = rand::rng();
1212

1313
let (pk, sk) = gg::setup(&mut rng);
1414
let id = Identity::from("Johny");

src/gg.rs

Lines changed: 31 additions & 28 deletions
Original file line numberDiff line numberDiff line change
@@ -18,8 +18,8 @@
1818
//! gg::{Identity, PublicKey, SecretKey, Signer, UserSecretKey, Verifier},
1919
//! };
2020
//! use rand::prelude::*;
21-
//!
22-
//! let mut rng = thread_rng();
21+
//!
22+
//! let mut rng = rand::rng();
2323
//! let (pk, sk) = gg::setup(&mut rng);
2424
//! let id = Identity::from("Johnny");
2525
//!
@@ -43,9 +43,10 @@ use curve25519_dalek::{
4343
ristretto::CompressedRistretto, ristretto::RistrettoPoint, scalar::Scalar,
4444
traits::VartimeMultiscalarMul,
4545
};
46-
use rand_core::{CryptoRng, RngCore};
46+
use rand_core::CryptoRng;
4747
use sha3::digest::{ExtendableOutput, Update};
48-
use sha3::{Digest, Sha3_256, Sha3_512, Shake128};
48+
use sha3::{Digest, Sha3_256, Sha3_512};
49+
use shake::Shake128;
4950

5051
#[cfg(feature = "serde")]
5152
use serde::{Deserialize, Serialize};
@@ -234,15 +235,15 @@ fn h_helper(gr: &RistrettoPoint, id: &Identity) -> Scalar {
234235
}
235236

236237
/// Create a master key pair.
237-
pub fn setup<R: RngCore + CryptoRng>(r: &mut R) -> (PublicKey, SecretKey) {
238+
pub fn setup<R: CryptoRng>(r: &mut R) -> (PublicKey, SecretKey) {
238239
let z = Scalar::random(r);
239240
let gz = RISTRETTO_BASEPOINT_TABLE * &z;
240241

241242
(PublicKey(gz), SecretKey(z))
242243
}
243244

244245
/// Extract a signing key from the master secret key for a given identity.
245-
pub fn keygen<R: RngCore + CryptoRng>(sk: &SecretKey, id: &Identity, r: &mut R) -> UserSecretKey {
246+
pub fn keygen<R: CryptoRng>(sk: &SecretKey, id: &Identity, r: &mut R) -> UserSecretKey {
246247
let r = Scalar::random(r);
247248
let gr = RISTRETTO_BASEPOINT_TABLE * &r;
248249
let y = r + sk.0 * h_helper(&gr, id);
@@ -287,7 +288,7 @@ impl Signer {
287288
}
288289

289290
/// Create the signature. Call this after the message has been processed.
290-
pub fn sign<R: RngCore + CryptoRng>(mut self, usk: &UserSecretKey, r: &mut R) -> Signature {
291+
pub fn sign<R: CryptoRng>(mut self, usk: &UserSecretKey, r: &mut R) -> Signature {
291292
let a = Scalar::random(r);
292293
let ga = RISTRETTO_BASEPOINT_TABLE * &a;
293294

@@ -360,14 +361,14 @@ impl Verifier {
360361
#[cfg(test)]
361362
mod tests {
362363
use super::*;
363-
use rand_core::OsRng;
364+
use rand::Rng;
364365

365366
fn default_setup() -> (PublicKey, UserSecretKey, Identity) {
366-
let (pk, sk) = setup(&mut OsRng);
367+
let (pk, sk) = setup(&mut rand::rng());
367368
let mut rand_bytes = [0u8; 32];
368-
OsRng.fill_bytes(&mut rand_bytes);
369+
rand::rng().fill_bytes(&mut rand_bytes);
369370
let id = rand_bytes.into();
370-
let usk = keygen(&sk, &id, &mut OsRng);
371+
let usk = keygen(&sk, &id, &mut rand::rng());
371372

372373
(pk, usk, id)
373374
}
@@ -377,7 +378,7 @@ mod tests {
377378
let (pk, usk, id) = default_setup();
378379

379380
let message = b"some identical message";
380-
let sig = Signer::new().chain(message).sign(&usk, &mut OsRng);
381+
let sig = Signer::new().chain(message).sign(&usk, &mut rand::rng());
381382

382383
assert!(Verifier::new().chain(message).verify(&pk, &sig, &id));
383384
}
@@ -386,7 +387,9 @@ mod tests {
386387
fn test_sign_wrong_message() {
387388
let (pk, usk, id) = default_setup();
388389

389-
let sig = Signer::new().chain(b"some message").sign(&usk, &mut OsRng);
390+
let sig = Signer::new()
391+
.chain(b"some message")
392+
.sign(&usk, &mut rand::rng());
390393
assert!(!Verifier::new()
391394
.chain(b"some other message")
392395
.verify(&pk, &sig, &id));
@@ -398,7 +401,7 @@ mod tests {
398401
let (pk2, _, _) = default_setup();
399402

400403
let message = b"some identical message";
401-
let sig = Signer::new().chain(message).sign(&usk1, &mut OsRng);
404+
let sig = Signer::new().chain(message).sign(&usk1, &mut rand::rng());
402405

403406
assert!(!Verifier::new().chain(message).verify(&pk2, &sig, &id1));
404407
}
@@ -409,7 +412,7 @@ mod tests {
409412
let (_, _, id2) = default_setup();
410413

411414
let message = b"some identical message";
412-
let sig = Signer::new().chain(message).sign(&usk1, &mut OsRng);
415+
let sig = Signer::new().chain(message).sign(&usk1, &mut rand::rng());
413416

414417
assert!(!Verifier::new().chain(message).verify(&pk1, &sig, &id2));
415418
}
@@ -435,7 +438,7 @@ mod tests {
435438
bincode_next::serde::decode_from_slice(&usk_serialized, cfg).unwrap();
436439
let sig = Signer::new()
437440
.chain(b"some message")
438-
.sign(&usk_recovered, &mut OsRng);
441+
.sign(&usk_recovered, &mut rand::rng());
439442
let sig_serialized = bincode_next::serde::encode_to_vec(&sig, cfg).unwrap();
440443

441444
// 3. A verifier retrieves the signature from the signer and verifies it.
@@ -452,17 +455,17 @@ mod tests {
452455
let (_, usk, _) = default_setup();
453456
let message = b"message under test";
454457

455-
let sig = Signer::new().chain(message).sign(&usk, &mut OsRng);
458+
let sig = Signer::new().chain(message).sign(&usk, &mut rand::rng());
456459
let sig_clone = sig.clone();
457460
assert_eq!(sig, sig_clone);
458461

459-
let sig_other = Signer::new().chain(message).sign(&usk, &mut OsRng);
462+
let sig_other = Signer::new().chain(message).sign(&usk, &mut rand::rng());
460463
assert_ne!(sig, sig_other);
461464
}
462465

463466
#[test]
464467
fn test_byte_roundtrip_public_key() {
465-
let (pk, _) = setup(&mut OsRng);
468+
let (pk, _) = setup(&mut rand::rng());
466469
let bytes = pk.to_bytes();
467470
let recovered = PublicKey::from_bytes(&bytes).expect("valid pk bytes");
468471
assert_eq!(pk, recovered);
@@ -471,7 +474,7 @@ mod tests {
471474

472475
#[test]
473476
fn test_byte_roundtrip_secret_key() {
474-
let (_, sk) = setup(&mut OsRng);
477+
let (_, sk) = setup(&mut rand::rng());
475478
let bytes = sk.to_bytes();
476479
let recovered = SecretKey::from_bytes(&bytes).expect("valid sk bytes");
477480
assert_eq!(sk, recovered);
@@ -490,7 +493,7 @@ mod tests {
490493
#[test]
491494
fn test_byte_roundtrip_signature() {
492495
let (_, usk, _) = default_setup();
493-
let sig = Signer::new().chain(b"msg").sign(&usk, &mut OsRng);
496+
let sig = Signer::new().chain(b"msg").sign(&usk, &mut rand::rng());
494497
let bytes = sig.to_bytes();
495498
let recovered = Signature::from_bytes(&bytes).expect("valid sig bytes");
496499
assert_eq!(sig, recovered);
@@ -500,17 +503,17 @@ mod tests {
500503
#[test]
501504
fn test_byte_roundtrip_end_to_end() {
502505
// Full sign/verify across to_bytes/from_bytes on every type.
503-
let (pk, sk) = setup(&mut OsRng);
506+
let (pk, sk) = setup(&mut rand::rng());
504507
let mut id_bytes = [0u8; 32];
505-
OsRng.fill_bytes(&mut id_bytes);
508+
rand::rng().fill_bytes(&mut id_bytes);
506509
let id: Identity = id_bytes.into();
507-
let usk = keygen(&sk, &id, &mut OsRng);
510+
let usk = keygen(&sk, &id, &mut rand::rng());
508511

509512
let pk = PublicKey::from_bytes(&pk.to_bytes()).unwrap();
510513
let usk = UserSecretKey::from_bytes(&usk.to_bytes()).unwrap();
511514

512515
let message = b"the eagle has landed";
513-
let sig = Signer::new().chain(message).sign(&usk, &mut OsRng);
516+
let sig = Signer::new().chain(message).sign(&usk, &mut rand::rng());
514517
let sig = Signature::from_bytes(&sig.to_bytes()).unwrap();
515518

516519
assert!(Verifier::new().chain(message).verify(&pk, &sig, &id));
@@ -533,7 +536,7 @@ mod tests {
533536
#[test]
534537
fn test_signature_from_bytes_rejects_bad_point() {
535538
let (_, usk, _) = default_setup();
536-
let sig = Signer::new().chain(b"msg").sign(&usk, &mut OsRng);
539+
let sig = Signer::new().chain(b"msg").sign(&usk, &mut rand::rng());
537540
let mut bytes = sig.to_bytes();
538541
// Corrupt the `ga` point to an invalid encoding.
539542
bytes[..32].copy_from_slice(&[0xFFu8; 32]);
@@ -545,8 +548,8 @@ mod tests {
545548
let (pk, usk, id) = default_setup();
546549

547550
let signer = Signer::new().chain(b"a");
548-
let sig2 = signer.clone().chain(b"b").sign(&usk, &mut OsRng);
549-
let sig1 = signer.sign(&usk, &mut OsRng);
551+
let sig2 = signer.clone().chain(b"b").sign(&usk, &mut rand::rng());
552+
let sig1 = signer.sign(&usk, &mut rand::rng());
550553
let verifier = Verifier::new().chain(b"a");
551554
assert!(verifier.clone().chain(b"b").verify(&pk, &sig2, &id));
552555
assert!(verifier.verify(&pk, &sig1, &id));

0 commit comments

Comments
 (0)