From f6527ee73be8f58244c1eafe4bdd3c01784ea974 Mon Sep 17 00:00:00 2001 From: iquerejeta Date: Wed, 20 May 2020 08:31:02 +0100 Subject: [PATCH 1/3] change deprecated notation --- src/arith.rs | 8 ++++---- src/fields/fp.rs | 2 +- src/fields/fq2.rs | 2 +- src/groups/mod.rs | 14 +++++++------- 4 files changed, 13 insertions(+), 13 deletions(-) diff --git a/src/arith.rs b/src/arith.rs index 0f47a3c1..e103cb53 100644 --- a/src/arith.rs +++ b/src/arith.rs @@ -158,7 +158,7 @@ impl Encodable for U512 { } for i in 0..(4 * 16) { - try!(s.emit_u8(buf[i])); + s.emit_u8(buf[i])?; } Ok(()) @@ -171,7 +171,7 @@ impl Decodable for U512 { let mut buf = [0; (4 * 16)]; for i in 0..(4 * 16) { - buf[i] = try!(s.read_u8()); + buf[i] = s.read_u8()?; } Ok(U512::interpret(&buf)) @@ -188,7 +188,7 @@ impl Encodable for U256 { } for i in 0..(2 * 16) { - try!(s.emit_u8(buf[i])); + s.emit_u8(buf[i])?; } Ok(()) @@ -201,7 +201,7 @@ impl Decodable for U256 { let mut buf = [0; (2 * 16)]; for i in 0..(2 * 16) { - buf[i] = try!(s.read_u8()); + buf[i] = s.read_u8()?; } U256::from_slice(&buf).map_err(|_| s.error("Invalid input length; Also unreachable;")) diff --git a/src/fields/fp.rs b/src/fields/fp.rs index f867296d..2c00605f 100644 --- a/src/fields/fp.rs +++ b/src/fields/fp.rs @@ -34,7 +34,7 @@ macro_rules! field_impl { #[cfg(feature = "rustc-serialize")] impl Decodable for $name { fn decode(s: &mut S) -> Result<$name, S::Error> { - $name::new(try!(U256::decode(s))).ok_or_else(|| s.error("integer is not less than modulus")) + $name::new(U256::decode(s)?).ok_or_else(|| s.error("integer is not less than modulus")) } } diff --git a/src/fields/fq2.rs b/src/fields/fq2.rs index 3e05a575..a16abfa0 100644 --- a/src/fields/fq2.rs +++ b/src/fields/fq2.rs @@ -56,7 +56,7 @@ impl Encodable for Fq2 { #[cfg(feature = "rustc-serialize")] impl Decodable for Fq2 { fn decode(s: &mut S) -> Result { - let combined = try!(U512::decode(s)); + let combined = U512::decode(s)?; match combined.divrem(&Fq::modulus()) { (Some(c1), c0) => Ok(Fq2::new(Fq::new(c0).unwrap(), Fq::new(c1).unwrap())), diff --git a/src/groups/mod.rs b/src/groups/mod.rs index c07d2381..93eeae24 100644 --- a/src/groups/mod.rs +++ b/src/groups/mod.rs @@ -238,7 +238,7 @@ impl Encodable for G

{ l.encode(s) } else { let l: u8 = 4; - try!(l.encode(s)); + l.encode(s)?; self.to_affine().unwrap().encode(s) } } @@ -247,8 +247,8 @@ impl Encodable for G

{ #[cfg(feature = "rustc-serialize")] impl Encodable for AffineG

{ fn encode(&self, s: &mut S) -> Result<(), S::Error> { - try!(self.x.encode(s)); - try!(self.y.encode(s)); + self.x.encode(s)?; + self.y.encode(s)?; Ok(()) } @@ -257,11 +257,11 @@ impl Encodable for AffineG

{ #[cfg(feature = "rustc-serialize")] impl Decodable for G

{ fn decode(s: &mut S) -> Result, S::Error> { - let l = try!(u8::decode(s)); + let l = u8::decode(s)?; if l == 0 { Ok(G::zero()) } else if l == 4 { - Ok(try!(AffineG::decode(s)).to_jacobian()) + Ok(AffineG::decode(s)?.to_jacobian()) } else { Err(s.error("invalid leading byte for uncompressed group element")) } @@ -271,8 +271,8 @@ impl Decodable for G

{ #[cfg(feature = "rustc-serialize")] impl Decodable for AffineG

{ fn decode(s: &mut S) -> Result, S::Error> { - let x = try!(P::Base::decode(s)); - let y = try!(P::Base::decode(s)); + let x = P::Base::decode(s)?; + let y = P::Base::decode(s)?; Self::new(x, y).map_err(|e| match e { Error::NotOnCurve => s.error("point is not on the curve"), From 8950e572895509496f2c3a449cce4af3d479cade Mon Sep 17 00:00:00 2001 From: iquerejeta Date: Wed, 20 May 2020 08:40:05 +0100 Subject: [PATCH 2/3] tests in groups/mod.rs within a test module --- src/groups/mod.rs | 417 +++++++++++++++++++++++----------------------- 1 file changed, 211 insertions(+), 206 deletions(-) diff --git a/src/groups/mod.rs b/src/groups/mod.rs index 93eeae24..4dde5d27 100644 --- a/src/groups/mod.rs +++ b/src/groups/mod.rs @@ -980,239 +980,244 @@ pub fn pairing_batch(ps: &[G1], qs: &[G2]) -> Fq12 { miller_loop_batch(&q_precomputes, &p_affines).final_exponentiation().expect("miller loop cannot produce zero") } -#[test] -fn test_reduced_pairing() { - use fields::Fq6; +#[cfg(test)] +mod test { + use super::*; - let g1 = G1::one() - * Fr::from_str( + #[test] + fn test_reduced_pairing() { + use fields::Fq6; + + let g1 = G1::one() + * Fr::from_str( "18097487326282793650237947474982649264364522469319914492172746413872781676", ).unwrap(); - let g2 = G2::one() - * Fr::from_str( + let g2 = G2::one() + * Fr::from_str( "20390255904278144451778773028944684152769293537511418234311120800877067946", ).unwrap(); - let gt = pairing(&g1, &g2); + let gt = pairing(&g1, &g2); - let expected = Fq12::new( - Fq6::new( - Fq2::new( - Fq::from_str( - "7520311483001723614143802378045727372643587653754534704390832890681688842501", - ).unwrap(), - Fq::from_str( - "20265650864814324826731498061022229653175757397078253377158157137251452249882", - ).unwrap(), - ), - Fq2::new( - Fq::from_str( - "11942254371042183455193243679791334797733902728447312943687767053513298221130", - ).unwrap(), - Fq::from_str( - "759657045325139626991751731924144629256296901790485373000297868065176843620", - ).unwrap(), - ), - Fq2::new( - Fq::from_str( - "16045761475400271697821392803010234478356356448940805056528536884493606035236", - ).unwrap(), - Fq::from_str( - "4715626119252431692316067698189337228571577552724976915822652894333558784086", - ).unwrap(), + let expected = Fq12::new( + Fq6::new( + Fq2::new( + Fq::from_str( + "7520311483001723614143802378045727372643587653754534704390832890681688842501", + ).unwrap(), + Fq::from_str( + "20265650864814324826731498061022229653175757397078253377158157137251452249882", + ).unwrap(), + ), + Fq2::new( + Fq::from_str( + "11942254371042183455193243679791334797733902728447312943687767053513298221130", + ).unwrap(), + Fq::from_str( + "759657045325139626991751731924144629256296901790485373000297868065176843620", + ).unwrap(), + ), + Fq2::new( + Fq::from_str( + "16045761475400271697821392803010234478356356448940805056528536884493606035236", + ).unwrap(), + Fq::from_str( + "4715626119252431692316067698189337228571577552724976915822652894333558784086", + ).unwrap(), + ), ), - ), - Fq6::new( - Fq2::new( - Fq::from_str( - "14901948363362882981706797068611719724999331551064314004234728272909570402962", - ).unwrap(), - Fq::from_str( - "11093203747077241090565767003969726435272313921345853819385060670210834379103", - ).unwrap(), + Fq6::new( + Fq2::new( + Fq::from_str( + "14901948363362882981706797068611719724999331551064314004234728272909570402962", + ).unwrap(), + Fq::from_str( + "11093203747077241090565767003969726435272313921345853819385060670210834379103", + ).unwrap(), + ), + Fq2::new( + Fq::from_str( + "17897835398184801202802503586172351707502775171934235751219763553166796820753", + ).unwrap(), + Fq::from_str( + "1344517825169318161285758374052722008806261739116142912817807653057880346554", + ).unwrap(), + ), + Fq2::new( + Fq::from_str( + "11123896897251094532909582772961906225000817992624500900708432321664085800838", + ).unwrap(), + Fq::from_str( + "17453370448280081813275586256976217762629631160552329276585874071364454854650", + ).unwrap(), + ), ), + ); + + assert_eq!(expected, gt); + } + + #[test] + fn predefined_pair() { + let g1 = AffineG1::new( + Fq::from_str("1").expect("Fq(1) should exist"), + Fq::from_str("2").expect("Fq(2) should exist"), + ).expect("Point (1,2) should exist in G1") + .to_jacobian(); + + let g2 = AffineG2::new( Fq2::new( - Fq::from_str( - "17897835398184801202802503586172351707502775171934235751219763553166796820753", - ).unwrap(), - Fq::from_str( - "1344517825169318161285758374052722008806261739116142912817807653057880346554", - ).unwrap(), + Fq::from_str("10857046999023057135944570762232829481370756359578518086990519993285655852781") + .expect("a-coeff of g2 x generator is of the right order"), + Fq::from_str("11559732032986387107991004021392285783925812861821192530917403151452391805634") + .expect("b-coeff of g2 x generator is of the right order"), ), Fq2::new( - Fq::from_str( - "11123896897251094532909582772961906225000817992624500900708432321664085800838", - ).unwrap(), - Fq::from_str( - "17453370448280081813275586256976217762629631160552329276585874071364454854650", - ).unwrap(), + Fq::from_str("8495653923123431417604973247489272438418190587263600148770280649306958101930") + .expect("a-coeff of g2 y generator is of the right order"), + Fq::from_str("4082367875863433681332203403145435568316851327593401208105741076214120093531") + .expect("b-coeff of g2 y generator is of the right order"), ), - ), - ); + ).expect("Point(11559732032986387107991004021392285783925812861821192530917403151452391805634 * i + 10857046999023057135944570762232829481370756359578518086990519993285655852781, 4082367875863433681332203403145435568316851327593401208105741076214120093531 * i + 8495653923123431417604973247489272438418190587263600148770280649306958101930) is a valid generator for G2") + .to_jacobian(); - assert_eq!(expected, gt); -} + let p = pairing(&g1, &g2); -#[test] -fn predefined_pair() { - let g1 = AffineG1::new( - Fq::from_str("1").expect("Fq(1) should exist"), - Fq::from_str("2").expect("Fq(2) should exist"), - ).expect("Point (1,2) should exist in G1") - .to_jacobian(); - - let g2 = AffineG2::new( - Fq2::new( - Fq::from_str("10857046999023057135944570762232829481370756359578518086990519993285655852781") - .expect("a-coeff of g2 x generator is of the right order"), - Fq::from_str("11559732032986387107991004021392285783925812861821192530917403151452391805634") - .expect("b-coeff of g2 x generator is of the right order"), - ), - Fq2::new( - Fq::from_str("8495653923123431417604973247489272438418190587263600148770280649306958101930") - .expect("a-coeff of g2 y generator is of the right order"), - Fq::from_str("4082367875863433681332203403145435568316851327593401208105741076214120093531") - .expect("b-coeff of g2 y generator is of the right order"), - ), - ).expect("Point(11559732032986387107991004021392285783925812861821192530917403151452391805634 * i + 10857046999023057135944570762232829481370756359578518086990519993285655852781, 4082367875863433681332203403145435568316851327593401208105741076214120093531 * i + 8495653923123431417604973247489272438418190587263600148770280649306958101930) is a valid generator for G2") - .to_jacobian(); - - let p = pairing(&g1, &g2); - - let g1_vec : Vec = vec![g1, g1]; - let g2_vec : Vec = vec![g2, g2]; - let p2 = pairing_batch(&g1_vec, &g2_vec); - assert!(!p2.is_zero()); - assert!(!p.is_zero()); -} - -#[test] -fn test_batch_bilinearity_empty() { - let p_vec : Vec = Vec::new(); - let q_vec : Vec = Vec::new(); - let r = pairing_batch(&p_vec, &q_vec); - assert_eq!(r, Fq12::one()); -} - -#[test] -fn test_batch_bilinearity_one() { - use rand::{SeedableRng, StdRng}; - let seed = [ - 0, 0, 0, 0, 0, 0, 64, 13, // 103245 - 0, 0, 0, 0, 0, 0, 176, 2, // 191922 - 0, 0, 0, 0, 0, 0, 0, 13, // 1293 - 0, 0, 0, 0, 0, 0, 96, 7u8, // 192103 - ]; - let mut rng = StdRng::from_seed(seed); - let p_vec : Vec = vec![G1::random(&mut rng)]; - let q_vec : Vec = vec![G2::random(&mut rng)]; - let s = Fr::random(&mut rng); - let sp_vec : Vec = vec![p_vec[0] * s]; - let sq_vec : Vec = vec![q_vec[0] * s]; - let b = pairing_batch(&sp_vec, &q_vec); - let c = pairing_batch(&p_vec, &sq_vec); - assert_eq!(b, c); -} + let g1_vec: Vec = vec![g1, g1]; + let g2_vec: Vec = vec![g2, g2]; + let p2 = pairing_batch(&g1_vec, &g2_vec); + assert!(!p2.is_zero()); + assert!(!p.is_zero()); + } -#[test] -fn test_batch_bilinearity_fifty() { - use rand::{SeedableRng, StdRng}; - let seed = [ - 0, 0, 0, 0, 0, 0, 64, 13, // 103245 - 0, 0, 0, 0, 0, 0, 176, 2, // 191922 - 0, 0, 0, 0, 0, 0, 0, 13, // 1293 - 0, 0, 0, 0, 0, 0, 96, 7u8, // 192103 - ]; - let mut rng = StdRng::from_seed(seed); - - let mut p_vec : Vec = Vec::new(); - let mut q_vec : Vec = Vec::new(); - let mut sp_vec : Vec = Vec::new(); - let mut sq_vec : Vec = Vec::new(); - - for _ in 0..50 { - let p = G1::random(&mut rng); - let q = G2::random(&mut rng); - let s = Fr::random(&mut rng); - let sp = p * s; - let sq = q * s; - sp_vec.push(sp); - q_vec.push(q); - sq_vec.push(sq); - p_vec.push(p); - } - let b_batch = pairing_batch(&sp_vec, &q_vec); - let c_batch = pairing_batch(&p_vec, &sq_vec); - assert_eq!(b_batch, c_batch); -} + #[test] + fn test_batch_bilinearity_empty() { + let p_vec: Vec = Vec::new(); + let q_vec: Vec = Vec::new(); + let r = pairing_batch(&p_vec, &q_vec); + assert_eq!(r, Fq12::one()); + } -#[test] -fn test_bilinearity() { - use rand::{SeedableRng, StdRng}; - let seed = [ - 0, 0, 0, 0, 0, 0, 64, 13, // 103245 - 0, 0, 0, 0, 0, 0, 176, 2, // 191922 - 0, 0, 0, 0, 0, 0, 0, 13, // 1293 - 0, 0, 0, 0, 0, 0, 96, 7u8, // 192103 - ]; - let mut rng = StdRng::from_seed(seed); - - for _ in 0..50 { - let p = G1::random(&mut rng); - let q = G2::random(&mut rng); + #[test] + fn test_batch_bilinearity_one() { + use rand::{SeedableRng, StdRng}; + let seed = [ + 0, 0, 0, 0, 0, 0, 64, 13, // 103245 + 0, 0, 0, 0, 0, 0, 176, 2, // 191922 + 0, 0, 0, 0, 0, 0, 0, 13, // 1293 + 0, 0, 0, 0, 0, 0, 96, 7u8, // 192103 + ]; + let mut rng = StdRng::from_seed(seed); + let p_vec: Vec = vec![G1::random(&mut rng)]; + let q_vec: Vec = vec![G2::random(&mut rng)]; let s = Fr::random(&mut rng); - let sp = p * s; - let sq = q * s; - - let a = pairing(&p, &q).pow(s); - let b = pairing(&sp, &q); - let c = pairing(&p, &sq); - - assert_eq!(a, b); + let sp_vec: Vec = vec![p_vec[0] * s]; + let sq_vec: Vec = vec![q_vec[0] * s]; + let b = pairing_batch(&sp_vec, &q_vec); + let c = pairing_batch(&p_vec, &sq_vec); assert_eq!(b, c); + } - let t = -Fr::one(); + #[test] + fn test_batch_bilinearity_fifty() { + use rand::{SeedableRng, StdRng}; + let seed = [ + 0, 0, 0, 0, 0, 0, 64, 13, // 103245 + 0, 0, 0, 0, 0, 0, 176, 2, // 191922 + 0, 0, 0, 0, 0, 0, 0, 13, // 1293 + 0, 0, 0, 0, 0, 0, 96, 7u8, // 192103 + ]; + let mut rng = StdRng::from_seed(seed); + + let mut p_vec: Vec = Vec::new(); + let mut q_vec: Vec = Vec::new(); + let mut sp_vec: Vec = Vec::new(); + let mut sq_vec: Vec = Vec::new(); + + for _ in 0..50 { + let p = G1::random(&mut rng); + let q = G2::random(&mut rng); + let s = Fr::random(&mut rng); + let sp = p * s; + let sq = q * s; + sp_vec.push(sp); + q_vec.push(q); + sq_vec.push(sq); + p_vec.push(p); + } + let b_batch = pairing_batch(&sp_vec, &q_vec); + let c_batch = pairing_batch(&p_vec, &sq_vec); + assert_eq!(b_batch, c_batch); + } - assert!(a != Fq12::one()); - assert_eq!((a.pow(t)) * a, Fq12::one()); + #[test] + fn test_bilinearity() { + use rand::{SeedableRng, StdRng}; + let seed = [ + 0, 0, 0, 0, 0, 0, 64, 13, // 103245 + 0, 0, 0, 0, 0, 0, 176, 2, // 191922 + 0, 0, 0, 0, 0, 0, 0, 13, // 1293 + 0, 0, 0, 0, 0, 0, 96, 7u8, // 192103 + ]; + let mut rng = StdRng::from_seed(seed); + + for _ in 0..50 { + let p = G1::random(&mut rng); + let q = G2::random(&mut rng); + let s = Fr::random(&mut rng); + let sp = p * s; + let sq = q * s; + + let a = pairing(&p, &q).pow(s); + let b = pairing(&sp, &q); + let c = pairing(&p, &sq); + + assert_eq!(a, b); + assert_eq!(b, c); + + let t = -Fr::one(); + + assert!(a != Fq12::one()); + assert_eq!((a.pow(t)) * a, Fq12::one()); + } } -} -#[test] -fn internals() { - let test_p = G1::one(); + #[test] + fn internals() { + let test_p = G1::one(); - let val = G1::new(test_p.x().clone(), test_p.y().clone(), test_p.z().clone()); + let val = G1::new(test_p.x().clone(), test_p.y().clone(), test_p.z().clone()); - let affine = val.to_affine() - .expect("There should be affine coords for (0, 0)"); + let affine = val.to_affine() + .expect("There should be affine coords for (0, 0)"); - assert_eq!(affine.x(), &Fq::one()); -} + assert_eq!(affine.x(), &Fq::one()); + } -#[test] -fn affine_fail() { - let res = AffineG1::new(Fq::one(), Fq::one()); - assert!( - res.is_err(), - "Affine initialization should fail because the point is not on curve" - ); -} + #[test] + fn affine_fail() { + let res = AffineG1::new(Fq::one(), Fq::one()); + assert!( + res.is_err(), + "Affine initialization should fail because the point is not on curve" + ); + } -#[test] -fn affine_ok() { - let res = AffineG1::new(Fq::one(), G1Params::coeff_b()); - assert!( - res.is_err(), - "Affine initialization should be ok because the point is on the curve" - ); -} + #[test] + fn affine_ok() { + let res = AffineG1::new(Fq::one(), G1Params::coeff_b()); + assert!( + res.is_err(), + "Affine initialization should be ok because the point is on the curve" + ); + } -#[test] -fn test_y_at_point_at_infinity() { - assert!(G1::zero().y == Fq::one()); - assert!((-G1::zero()).y == Fq::one()); + #[test] + fn test_y_at_point_at_infinity() { + assert!(G1::zero().y == Fq::one()); + assert!((-G1::zero()).y == Fq::one()); - assert!(G2::zero().y == Fq2::one()); - assert!((-G2::zero()).y == Fq2::one()); -} + assert!(G2::zero().y == Fq2::one()); + assert!((-G2::zero()).y == Fq2::one()); + } +} \ No newline at end of file From 98e1f40ac1c25b27005c5f93cd3abeada7a3502b Mon Sep 17 00:00:00 2001 From: iquerejeta Date: Wed, 20 May 2020 08:49:38 +0100 Subject: [PATCH 3/3] Use of a Cryptographically Secure RNG --- Cargo.toml | 5 ++-- src/arith.rs | 18 +++++++++------ src/fields/fp.rs | 6 ++--- src/fields/fq12.rs | 4 ++-- src/fields/fq2.rs | 4 ++-- src/fields/fq6.rs | 4 ++-- src/fields/mod.rs | 4 ++-- src/fields/tests.rs | 27 ++++++++++++---------- src/groups/mod.rs | 56 ++++++++++++++++++++++----------------------- src/groups/tests.rs | 17 ++++++++------ src/lib.rs | 14 ++++++------ 11 files changed, 85 insertions(+), 74 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index f31bcaf2..af86e6a5 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -16,7 +16,7 @@ default = ["rustc-serialize"] name = "api" [dependencies] -rand = { version = "0.5", features = ["i128_support"], default-features = false } +rand_core = {version = "0.5", default-features = false, features = ["alloc"]} rustc-serialize = { version = "0.3", optional = true } byteorder = { version = "1.0", features = ["i128"], default-features = false } crunchy = "0.2.1" @@ -24,7 +24,8 @@ lazy_static = { version = "1.4.0", features = ["spin_no_std"] } rustc-hex = { version = "2", default-features = false } [dev-dependencies] -rand = { version = "0.5", features = ["i128_support"] } +rand = "0.7" +rand_chacha = "0.2" [dev-dependencies.bincode] version = "0.6" diff --git a/src/arith.rs b/src/arith.rs index e103cb53..08e8c6f9 100644 --- a/src/arith.rs +++ b/src/arith.rs @@ -1,5 +1,5 @@ use core::cmp::Ordering; -use rand::Rng; +use rand_core::{CryptoRng, RngCore}; #[cfg(feature = "rustc-serialize")] use rustc_serialize::{Decodable, Decoder, Encodable, Encoder}; @@ -83,7 +83,7 @@ impl U512 { pub fn from_slice(s: &[u8]) -> Result { if s.len() != 64 { return Err(Error::InvalidLength { - expected: 32, + expected: 64, actual: s.len(), }); } @@ -97,8 +97,12 @@ impl U512 { } /// Get a random U512 - pub fn random(rng: &mut R) -> U512 { - U512(rng.gen()) + pub fn random(rng: &mut R) -> U512 { + let mut u512_bytes = [0u8; 64]; + rng.fill_bytes(&mut u512_bytes); + + U512::from_slice(&u512_bytes) + .expect("I believe 64 != 64 should always be false") } pub fn get_bit(&self, n: usize) -> Option { @@ -302,7 +306,7 @@ impl U256 { } /// Produce a random number (mod `modulo`) - pub fn random(rng: &mut R, modulo: &U256) -> U256 { + pub fn random(rng: &mut R, modulo: &U256) -> U256 { U512::random(rng).divrem(modulo).1 } @@ -607,7 +611,7 @@ fn mul_reduce(this: &mut [u128; 2], by: &[u128; 2], modulus: &[u128; 2], inv: u1 #[test] fn setting_bits() { - let rng = &mut ::rand::thread_rng(); + let rng = &mut rand::thread_rng(); let modulo = U256::from([0xffffffffffffffff; 4]); let a = U256::random(rng, &modulo); @@ -648,7 +652,7 @@ fn to_big_endian() { #[test] fn testing_divrem() { - let rng = &mut ::rand::thread_rng(); + let rng = &mut rand::thread_rng(); let modulo = U256::from([ 0x3c208c16d87cfd47, diff --git a/src/fields/fp.rs b/src/fields/fp.rs index 2c00605f..329cafcd 100644 --- a/src/fields/fp.rs +++ b/src/fields/fp.rs @@ -1,6 +1,6 @@ use alloc::vec::Vec; use core::ops::{Add, Mul, Neg, Sub}; -use rand::Rng; +use rand_core::{CryptoRng, RngCore}; use fields::FieldElement; use arith::{U256, U512}; @@ -115,7 +115,7 @@ macro_rules! field_impl { $name(U256::from($one)) } - fn random(rng: &mut R) -> Self { + fn random(rng: &mut R) -> Self { $name(U256::random(rng, &U256::from($modulus))) } @@ -285,7 +285,7 @@ pub fn const_fq(i: [u64; 4]) -> Fq { #[test] fn test_rsquared() { - let rng = &mut ::rand::thread_rng(); + let rng = &mut rand::thread_rng(); for _ in 0..1000 { let a = Fr::random(rng); diff --git a/src/fields/fq12.rs b/src/fields/fq12.rs index 9939fa0f..4a975422 100644 --- a/src/fields/fq12.rs +++ b/src/fields/fq12.rs @@ -1,5 +1,5 @@ use core::ops::{Add, Mul, Neg, Sub}; -use rand::Rng; +use rand_core::{CryptoRng, RngCore}; use fields::{const_fq, FieldElement, Fq, Fq2, Fq6}; use arith::U256; @@ -281,7 +281,7 @@ impl FieldElement for Fq12 { } } - fn random(rng: &mut R) -> Self { + fn random(rng: &mut R) -> Self { Fq12 { c0: Fq6::random(rng), c1: Fq6::random(rng), diff --git a/src/fields/fq2.rs b/src/fields/fq2.rs index a16abfa0..d43871e5 100644 --- a/src/fields/fq2.rs +++ b/src/fields/fq2.rs @@ -1,5 +1,5 @@ use core::ops::{Add, Mul, Neg, Sub}; -use rand::Rng; +use rand_core::{CryptoRng, RngCore}; use fields::{const_fq, FieldElement, Fq}; use arith::{U256, U512}; @@ -116,7 +116,7 @@ impl FieldElement for Fq2 { } } - fn random(rng: &mut R) -> Self { + fn random(rng: &mut R) -> Self { Fq2 { c0: Fq::random(rng), c1: Fq::random(rng), diff --git a/src/fields/fq6.rs b/src/fields/fq6.rs index 0d2e597d..5e20e97d 100644 --- a/src/fields/fq6.rs +++ b/src/fields/fq6.rs @@ -1,6 +1,6 @@ use fields::{const_fq, FieldElement, Fq, Fq2}; use core::ops::{Add, Mul, Neg, Sub}; -use rand::Rng; +use rand_core::{CryptoRng, RngCore}; fn frobenius_coeffs_c1(n: usize) -> Fq2 { match n % 6 { @@ -148,7 +148,7 @@ impl FieldElement for Fq6 { } } - fn random(rng: &mut R) -> Self { + fn random(rng: &mut R) -> Self { Fq6 { c0: Fq2::random(rng), c1: Fq2::random(rng), diff --git a/src/fields/mod.rs b/src/fields/mod.rs index 071cb282..83ef38f3 100644 --- a/src/fields/mod.rs +++ b/src/fields/mod.rs @@ -4,7 +4,7 @@ mod fq6; mod fq12; use arith::U256; -use rand::Rng; +use rand_core::{CryptoRng, RngCore}; use core::ops::{Add, Mul, Neg, Sub}; use alloc::fmt::Debug; @@ -26,7 +26,7 @@ pub trait FieldElement + Debug { fn zero() -> Self; fn one() -> Self; - fn random(&mut R) -> Self; + fn random(&mut R) -> Self; fn is_zero(&self) -> bool; fn squared(&self) -> Self { (*self) * (*self) diff --git a/src/fields/tests.rs b/src/fields/tests.rs index 28a51f20..8417d251 100644 --- a/src/fields/tests.rs +++ b/src/fields/tests.rs @@ -1,4 +1,7 @@ -use rand::{Rng, SeedableRng, StdRng}; +extern crate rand_chacha; +use rand_core::{CryptoRng, RngCore, SeedableRng}; +use self::rand_chacha::ChaChaRng; + use super::FieldElement; fn can_invert() { @@ -20,7 +23,7 @@ fn can_invert() { assert_eq!(F::zero().inverse(), None); } -fn rand_element_eval(rng: &mut R) { +fn rand_element_eval(rng: &mut R) { for _ in 0..100 { let a = F::random(rng); let b = F::random(rng); @@ -31,7 +34,7 @@ fn rand_element_eval(rng: &mut R) { } } -fn rand_element_squaring(rng: &mut R) { +fn rand_element_squaring(rng: &mut R) { for _ in 0..100 { let a = F::random(rng); @@ -46,7 +49,7 @@ fn rand_element_squaring(rng: &mut R) { } } -fn rand_element_addition_and_negation(rng: &mut R) { +fn rand_element_addition_and_negation(rng: &mut R) { for _ in 0..100 { let a = F::random(rng); @@ -85,7 +88,7 @@ fn rand_element_addition_and_negation(rng: &mut R) { } } -fn rand_element_inverse(rng: &mut R) { +fn rand_element_inverse(rng: &mut R) { for _ in 0..10000 { let a = F::random(rng); assert!(a.inverse().unwrap() * a == F::one()); @@ -94,7 +97,7 @@ fn rand_element_inverse(rng: &mut R) { } } -fn rand_element_multiplication(rng: &mut R) { +fn rand_element_multiplication(rng: &mut R) { // If field is not associative under multiplication, 1/8 of all triplets a, b, c // will fail the test (a*b)*c = a*(b*c). @@ -120,11 +123,11 @@ pub fn field_trials() { 0, 0, 0, 0, 0, 0, 0, 13, // 1293 0, 0, 0, 0, 0, 0, 96, 7u8, // 192103 ]; - let mut rng = StdRng::from_seed(seed); + let mut rng = ChaChaRng::from_seed(seed); - rand_element_squaring::(&mut rng); - rand_element_addition_and_negation::(&mut rng); - rand_element_multiplication::(&mut rng); - rand_element_inverse::(&mut rng); - rand_element_eval::(&mut rng); + rand_element_squaring::(&mut rng); + rand_element_addition_and_negation::(&mut rng); + rand_element_multiplication::(&mut rng); + rand_element_inverse::(&mut rng); + rand_element_eval::(&mut rng); } diff --git a/src/groups/mod.rs b/src/groups/mod.rs index 4dde5d27..093b20ad 100644 --- a/src/groups/mod.rs +++ b/src/groups/mod.rs @@ -1,7 +1,7 @@ use fields::{const_fq, FieldElement, Fq, Fq12, Fq2, Fr, fq2_nonresidue}; use arith::U256; use core::{fmt, ops::{Add, Mul, Neg, Sub}}; -use rand::Rng; +use rand_core::{CryptoRng, RngCore}; use alloc::vec::Vec; #[cfg(feature = "rustc-serialize")] @@ -27,7 +27,7 @@ pub trait GroupElement + Mul { fn zero() -> Self; fn one() -> Self; - fn random(rng: &mut R) -> Self; + fn random(rng: &mut R) -> Self; fn is_zero(&self) -> bool; fn double(&self) -> Self; } @@ -294,7 +294,7 @@ impl GroupElement for G

{ P::one() } - fn random(rng: &mut R) -> Self { + fn random(rng: &mut R) -> Self { P::one() * Fr::random(rng) } @@ -532,7 +532,6 @@ pub type AffineG2 = AffineG; #[cfg(test)] mod tests; - #[test] fn test_g1() { tests::group_trials::(); @@ -545,7 +544,8 @@ fn test_g2() { #[test] fn test_affine_jacobian_conversion() { - let rng = &mut ::rand::thread_rng(); + extern crate rand; + let rng = &mut rand::thread_rng(); assert!(G1::zero().to_affine().is_none()); assert!(G2::zero().to_affine().is_none()); @@ -983,6 +983,9 @@ pub fn pairing_batch(ps: &[G1], qs: &[G2]) -> Fq12 { #[cfg(test)] mod test { use super::*; + extern crate rand_chacha; + use rand_core::SeedableRng; + use self::rand_chacha::ChaChaRng; #[test] fn test_reduced_pairing() { @@ -990,12 +993,12 @@ mod test { let g1 = G1::one() * Fr::from_str( - "18097487326282793650237947474982649264364522469319914492172746413872781676", - ).unwrap(); + "18097487326282793650237947474982649264364522469319914492172746413872781676", + ).unwrap(); let g2 = G2::one() * Fr::from_str( - "20390255904278144451778773028944684152769293537511418234311120800877067946", - ).unwrap(); + "20390255904278144451778773028944684152769293537511418234311120800877067946", + ).unwrap(); let gt = pairing(&g1, &g2); @@ -1083,8 +1086,8 @@ mod test { let p = pairing(&g1, &g2); - let g1_vec: Vec = vec![g1, g1]; - let g2_vec: Vec = vec![g2, g2]; + let g1_vec : Vec = vec![g1, g1]; + let g2_vec : Vec = vec![g2, g2]; let p2 = pairing_batch(&g1_vec, &g2_vec); assert!(!p2.is_zero()); assert!(!p.is_zero()); @@ -1092,27 +1095,26 @@ mod test { #[test] fn test_batch_bilinearity_empty() { - let p_vec: Vec = Vec::new(); - let q_vec: Vec = Vec::new(); + let p_vec : Vec = Vec::new(); + let q_vec : Vec = Vec::new(); let r = pairing_batch(&p_vec, &q_vec); assert_eq!(r, Fq12::one()); } #[test] fn test_batch_bilinearity_one() { - use rand::{SeedableRng, StdRng}; let seed = [ 0, 0, 0, 0, 0, 0, 64, 13, // 103245 0, 0, 0, 0, 0, 0, 176, 2, // 191922 0, 0, 0, 0, 0, 0, 0, 13, // 1293 0, 0, 0, 0, 0, 0, 96, 7u8, // 192103 ]; - let mut rng = StdRng::from_seed(seed); - let p_vec: Vec = vec![G1::random(&mut rng)]; - let q_vec: Vec = vec![G2::random(&mut rng)]; + let mut rng = ChaChaRng::from_seed(seed); + let p_vec : Vec = vec![G1::random(&mut rng)]; + let q_vec : Vec = vec![G2::random(&mut rng)]; let s = Fr::random(&mut rng); - let sp_vec: Vec = vec![p_vec[0] * s]; - let sq_vec: Vec = vec![q_vec[0] * s]; + let sp_vec : Vec = vec![p_vec[0] * s]; + let sq_vec : Vec = vec![q_vec[0] * s]; let b = pairing_batch(&sp_vec, &q_vec); let c = pairing_batch(&p_vec, &sq_vec); assert_eq!(b, c); @@ -1120,19 +1122,18 @@ mod test { #[test] fn test_batch_bilinearity_fifty() { - use rand::{SeedableRng, StdRng}; let seed = [ 0, 0, 0, 0, 0, 0, 64, 13, // 103245 0, 0, 0, 0, 0, 0, 176, 2, // 191922 0, 0, 0, 0, 0, 0, 0, 13, // 1293 0, 0, 0, 0, 0, 0, 96, 7u8, // 192103 ]; - let mut rng = StdRng::from_seed(seed); + let mut rng = ChaChaRng::from_seed(seed); - let mut p_vec: Vec = Vec::new(); - let mut q_vec: Vec = Vec::new(); - let mut sp_vec: Vec = Vec::new(); - let mut sq_vec: Vec = Vec::new(); + let mut p_vec : Vec = Vec::new(); + let mut q_vec : Vec = Vec::new(); + let mut sp_vec : Vec = Vec::new(); + let mut sq_vec : Vec = Vec::new(); for _ in 0..50 { let p = G1::random(&mut rng); @@ -1152,14 +1153,13 @@ mod test { #[test] fn test_bilinearity() { - use rand::{SeedableRng, StdRng}; let seed = [ 0, 0, 0, 0, 0, 0, 64, 13, // 103245 0, 0, 0, 0, 0, 0, 176, 2, // 191922 0, 0, 0, 0, 0, 0, 0, 13, // 1293 0, 0, 0, 0, 0, 0, 96, 7u8, // 192103 ]; - let mut rng = StdRng::from_seed(seed); + let mut rng = ChaChaRng::from_seed(seed); for _ in 0..50 { let p = G1::random(&mut rng); @@ -1220,4 +1220,4 @@ mod test { assert!(G2::zero().y == Fq2::one()); assert!((-G2::zero()).y == Fq2::one()); } -} \ No newline at end of file +} diff --git a/src/groups/tests.rs b/src/groups/tests.rs index b460a589..220a1ade 100644 --- a/src/groups/tests.rs +++ b/src/groups/tests.rs @@ -1,8 +1,12 @@ +extern crate rand_chacha; + use super::GroupElement; use fields::{FieldElement, Fr}; -use rand::Rng; +use rand_core::{CryptoRng, RngCore, SeedableRng}; + +use self::rand_chacha::ChaChaRng; -fn random_test_addition(rng: &mut R) { +fn random_test_addition(rng: &mut R) { for _ in 0..50 { let r1 = G::random(rng); let r2 = G::random(rng); @@ -13,7 +17,7 @@ fn random_test_addition(rng: &mut R) { } } -fn random_test_doubling(rng: &mut R) { +fn random_test_doubling(rng: &mut R) { for _ in 0..50 { let r1 = G::random(rng); let r2 = G::random(rng); @@ -24,7 +28,7 @@ fn random_test_doubling(rng: &mut R) { } } -fn random_test_dh(rng: &mut R) { +fn random_test_dh(rng: &mut R) { for _ in 0..50 { let alice_sk = Fr::random(rng); let bob_sk = Fr::random(rng); @@ -39,7 +43,7 @@ fn random_test_dh(rng: &mut R) { } } -fn random_test_equality(rng: &mut R) { +fn random_test_equality(rng: &mut R) { for _ in 0..50 { let begin = G::random(rng); @@ -90,14 +94,13 @@ pub fn group_trials() { assert!((G::one() * (-Fr::one()) + G::one()).is_zero()); - use rand::{SeedableRng, StdRng}; let seed = [ 0, 0, 0, 0, 0, 0, 64, 13, // 103245 0, 0, 0, 0, 0, 0, 176, 2, // 191922 0, 0, 0, 0, 0, 0, 0, 13, // 1293 0, 0, 0, 0, 0, 0, 96, 7u8, // 192103 ]; - let mut rng = StdRng::from_seed(seed); + let mut rng = ChaChaRng::from_seed(seed); random_test_addition::(&mut rng); random_test_doubling::(&mut rng); diff --git a/src/lib.rs b/src/lib.rs index 308973b7..da23df98 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -5,7 +5,7 @@ extern crate alloc; extern crate byteorder; #[macro_use] extern crate crunchy; -extern crate rand; +extern crate rand_core; #[cfg(feature = "rustc-serialize")] extern crate rustc_serialize; #[macro_use] extern crate lazy_static; @@ -19,7 +19,7 @@ use groups::{GroupElement, G1Params, G2Params, GroupParams}; use alloc::vec::Vec; use core::ops::{Add, Mul, Neg, Sub}; -use rand::Rng; +use rand_core::{CryptoRng, RngCore}; #[derive(Copy, Clone, Debug, PartialEq, Eq)] #[cfg_attr(feature = "rustc-serialize", derive(RustcDecodable, RustcEncodable))] @@ -33,7 +33,7 @@ impl Fr { pub fn one() -> Self { Fr(fields::Fr::one()) } - pub fn random(rng: &mut R) -> Self { + pub fn random(rng: &mut R) -> Self { Fr(fields::Fr::random(rng)) } pub fn pow(&self, exp: Fr) -> Self { @@ -143,7 +143,7 @@ impl Fq { pub fn one() -> Self { Fq(fields::Fq::one()) } - pub fn random(rng: &mut R) -> Self { + pub fn random(rng: &mut R) -> Self { Fq(fields::Fq::random(rng)) } pub fn pow(&self, exp: Fq) -> Self { @@ -324,7 +324,7 @@ pub trait Group + Mul { fn zero() -> Self; fn one() -> Self; - fn random(rng: &mut R) -> Self; + fn random(rng: &mut R) -> Self; fn is_zero(&self) -> bool; fn normalize(&mut self); } @@ -393,7 +393,7 @@ impl Group for G1 { fn one() -> Self { G1(groups::G1::one()) } - fn random(rng: &mut R) -> Self { + fn random(rng: &mut R) -> Self { G1(groups::G1::random(rng)) } fn is_zero(&self) -> bool { @@ -546,7 +546,7 @@ impl Group for G2 { fn one() -> Self { G2(groups::G2::one()) } - fn random(rng: &mut R) -> Self { + fn random(rng: &mut R) -> Self { G2(groups::G2::random(rng)) } fn is_zero(&self) -> bool {