Merge pull request #64 from dfns-labs/sec-level

Rename default security level
LFDT-Lockness · Oct 23, 2023 · a1ab411 · a1ab411
2 parents c003381 + 3506100
commit a1ab411
Show file tree

Hide file tree

Showing 12 changed files with 34 additions and 36 deletions.
diff --git a/cggmp21/src/lib.rs b/cggmp21/src/lib.rs
@@ -75,7 +75,7 @@
 //! ### Distributed Key Generation
 //! ```rust,no_run
 //! # async fn doc() -> Result<(), cggmp21::KeygenError> {
-//! # type Msg = cggmp21::keygen::msg::threshold::Msg<cggmp21::supported_curves::Secp256k1, cggmp21::security_level::ReasonablySecure, sha2::Sha256>;
+//! # type Msg = cggmp21::keygen::msg::threshold::Msg<cggmp21::supported_curves::Secp256k1, cggmp21::security_level::SecurityLevel128, sha2::Sha256>;
 //! # let incoming = futures::stream::pending::<Result<round_based::Incoming<Msg>, std::convert::Infallible>>();
 //! # let outgoing = futures::sink::drain::<round_based::Outgoing<Msg>>();
 //! # let delivery = (incoming, outgoing);
@@ -106,7 +106,7 @@
 //! the same indexes as at keygen.
 //! ```rust,no_run
 //! # async fn doc() -> Result<(), cggmp21::KeyRefreshError> {
-//! # type Msg = cggmp21::key_refresh::msg::aux_only::Msg<sha2::Sha256, cggmp21::security_level::ReasonablySecure>;
+//! # type Msg = cggmp21::key_refresh::msg::aux_only::Msg<sha2::Sha256, cggmp21::security_level::SecurityLevel128>;
 //! # let incoming = futures::stream::pending::<Result<round_based::Incoming<Msg>, std::convert::Infallible>>();
 //! # let outgoing = futures::sink::drain::<round_based::Outgoing<Msg>>();
 //! # let delivery = (incoming, outgoing);
@@ -252,7 +252,7 @@ pub mod trusted_dealer;
 /// Defines default choice for digest and security level used across the crate
 mod default_choice {
     pub type Digest = sha2::Sha256;
-    pub type SecurityLevel = crate::security_level::ReasonablySecure;
+    pub type SecurityLevel = crate::security_level::SecurityLevel128;
 }
 
 pub use self::execution_id::ExecutionId;
@@ -269,7 +269,6 @@ pub use self::{
 /// (where $n$ is amount of parties in the protocol).
 ///
 /// [KeygenBuilder]: keygen::KeygenBuilder
-/// [ReasonablySecure]: security_level::ReasonablySecure
 /// [`set_threshold`]: keygen::GenericKeygenBuilder::set_threshold
 pub fn keygen<E>(eid: ExecutionId, i: u16, n: u16) -> keygen::KeygenBuilder<E>
 where

diff --git a/cggmp21/src/security_level.rs b/cggmp21/src/security_level.rs
@@ -3,7 +3,7 @@
 //! Security level is defined as set of parameters in the CGGMP paper. Higher security level gives more
 //! security but makes protocol execution slower.
 //!
-//! We provide a predefined default [ReasonablySecure] security level which should be sufficient for $n \le 128$.
+//! We provide a predefined default [SecurityLevel128].
 //!
 //! You can define your own security level using macro [define_security_level]. Be sure that you properly
 //! analyzed the CGGMP paper and you understand implications. Inconsistent security level may cause unexpected
@@ -184,12 +184,12 @@ macro_rules! define_security_level {
 #[doc(inline)]
 pub use define_security_level;
 
-/// Reasonably secure security level
+/// 128-bits security level
 ///
-/// This security level should be sufficient for $n \le 128$.
+/// This security level is intended to provide 128 bits of security for the protocol when run with up to 128 participants.
 #[derive(Clone)]
-pub struct ReasonablySecure;
-define_security_level!(ReasonablySecure{
+pub struct SecurityLevel128;
+define_security_level!(SecurityLevel128{
     security_bits = 384,
     epsilon = 230,
     ell = 256,

diff --git a/cggmp21/src/signing.rs b/cggmp21/src/signing.rs
@@ -1324,8 +1324,7 @@ mod test {
             let r = generic_ec::NonZero::<generic_ec::Scalar<E>>::random(&mut rng);
             let s = generic_ec::NonZero::<generic_ec::Scalar<E>>::random(&mut rng);
             let signature = super::Signature::from_raw_parts(r, s);
-            let mut bytes = Vec::new();
-            bytes.resize(super::Signature::<E>::serialized_len(), 0);
+            let mut bytes = vec![0; super::Signature::<E>::serialized_len()];
             signature.write_to_slice(&mut bytes);
             let signature2 = super::Signature::read_from_slice(&bytes).unwrap();
             assert!(signature == signature2, "signatures equal");

diff --git a/cggmp21/src/supported_curves.rs b/cggmp21/src/supported_curves.rs
@@ -3,7 +3,7 @@
 //! This crate re-exports curves that are checked to work correctly with our CGGMP implementation.
 //! Generally, this crate can work with any curve as long as it satisfies constraints (check out
 //! [`SigningBuilder`](crate::signing::SigningBuilder) generic constraints), but it might have
-//! unexpected consequences: for instance, [default security level](crate::security_level::ReasonablySecure)
+//! unexpected consequences: for instance, [default security level](crate::security_level::SecurityLevel128)
 //! might not be compatible with another curve, which might result into unexpected runtime error or
 //! reduced security of the protocol.
 

diff --git a/cggmp21/src/trusted_dealer.rs b/cggmp21/src/trusted_dealer.rs
@@ -10,12 +10,12 @@
 //! ```rust,no_run
 //! # use rand::rngs::OsRng;
 //! # let mut rng = OsRng;
-//! use cggmp21::{supported_curves::Secp256k1, security_level::ReasonablySecure};
+//! use cggmp21::{supported_curves::Secp256k1, security_level::SecurityLevel128};
 //! use cggmp21::generic_ec::SecretScalar;
 //!
 //! let secret_key_to_be_imported = SecretScalar::<Secp256k1>::random(&mut OsRng);
 //!
-//! let key_shares = cggmp21::trusted_dealer::builder::<Secp256k1, ReasonablySecure>(5)
+//! let key_shares = cggmp21::trusted_dealer::builder::<Secp256k1, SecurityLevel128>(5)
 //!     .set_threshold(Some(3))
 //!     .set_shared_secret_key(secret_key_to_be_imported)
 //!     .generate_shares(&mut rng)?;

diff --git a/tests/src/bin/measure_perf.rs b/tests/src/bin/measure_perf.rs
@@ -1,7 +1,7 @@
 use anyhow::Context;
 use cggmp21::{
     progress::PerfProfiler,
-    security_level::{ReasonablySecure, SecurityLevel},
+    security_level::{SecurityLevel, SecurityLevel128},
     signing::DataToSign,
     ExecutionId,
 };
@@ -60,7 +60,7 @@ async fn main() {
     if args.custom_sec_level {
         do_becnhmarks::<CustomSecLevel>(args).await
     } else {
-        do_becnhmarks::<ReasonablySecure>(args).await
+        do_becnhmarks::<SecurityLevel128>(args).await
     }
 }
 

diff --git a/tests/src/bin/precompute_shares.rs b/tests/src/bin/precompute_shares.rs
@@ -1,7 +1,7 @@
 use anyhow::{Context, Result};
 use cggmp21::supported_curves::{Secp256k1, Secp256r1, Stark};
 use cggmp21::{
-    security_level::{ReasonablySecure, SecurityLevel},
+    security_level::{SecurityLevel, SecurityLevel128},
     trusted_dealer,
 };
 use cggmp21_tests::{generate_blum_prime, PrecomputedKeyShares, PregeneratedPrimes};
@@ -48,7 +48,7 @@ fn precompute_shares() -> Result<()> {
 
 fn precompute_primes() -> Result<()> {
     let mut rng = OsRng;
-    let json = PregeneratedPrimes::generate::<_, ReasonablySecure>(10, &mut rng).to_serialized()?;
+    let json = PregeneratedPrimes::generate::<_, SecurityLevel128>(10, &mut rng).to_serialized()?;
     println!("{json}");
     Ok(())
 }
@@ -65,13 +65,13 @@ fn precompute_shares_for_curve<E: Curve, R: RngCore + CryptoRng>(
         {
             eprintln!("t={t:?},n={n},curve={}", E::CURVE_NAME);
             let primes = std::iter::repeat_with(|| {
-                let p = generate_blum_prime(rng, ReasonablySecure::SECURITY_BITS * 4);
-                let q = generate_blum_prime(rng, ReasonablySecure::SECURITY_BITS * 4);
+                let p = generate_blum_prime(rng, SecurityLevel128::SECURITY_BITS * 4);
+                let q = generate_blum_prime(rng, SecurityLevel128::SECURITY_BITS * 4);
                 (p, q)
             })
             .take(n.into())
             .collect();
-            let shares = trusted_dealer::builder::<E, ReasonablySecure>(n)
+            let shares = trusted_dealer::builder::<E, SecurityLevel128>(n)
                 .set_threshold(t)
                 .set_pregenerated_primes(primes)
                 .generate_shares(rng)

diff --git a/tests/tests/key_refresh.rs b/tests/tests/key_refresh.rs
@@ -6,7 +6,7 @@ mod generic {
     use round_based::simulation::Simulation;
     use sha2::Sha256;
 
-    use cggmp21::{security_level::ReasonablySecure, ExecutionId};
+    use cggmp21::{security_level::SecurityLevel128, ExecutionId};
 
     #[test_case::case(3, false; "n3")]
     #[test_case::case(5, false; "n5")]
@@ -19,7 +19,7 @@ mod generic {
         let mut rng = rand_dev::DevRng::new();
 
         let shares = cggmp21_tests::CACHED_SHARES
-            .get_shares::<E, ReasonablySecure>(None, n)
+            .get_shares::<E, SecurityLevel128>(None, n)
             .expect("retrieve cached shares");
         let mut primes = cggmp21_tests::CACHED_PRIMES.iter();
 
@@ -28,7 +28,7 @@ mod generic {
         let eid: [u8; 32] = rng.gen();
         let eid = ExecutionId::new(&eid);
         let mut simulation =
-            Simulation::<cggmp21::key_refresh::NonThresholdMsg<E, Sha256, ReasonablySecure>>::new();
+            Simulation::<cggmp21::key_refresh::NonThresholdMsg<E, Sha256, SecurityLevel128>>::new();
         let outputs = shares.iter().map(|share| {
             let party = simulation.add_party();
             let mut party_rng = rng.fork();
@@ -115,14 +115,14 @@ mod generic {
         let mut rng = rand_dev::DevRng::new();
 
         let shares = cggmp21_tests::CACHED_SHARES
-            .get_shares::<E, ReasonablySecure>(Some(t), n)
+            .get_shares::<E, SecurityLevel128>(Some(t), n)
             .expect("retrieve cached shares");
         let mut primes = cggmp21_tests::CACHED_PRIMES.iter();
 
         // Perform refresh
 
         let mut simulation =
-            Simulation::<cggmp21::key_refresh::AuxOnlyMsg<Sha256, ReasonablySecure>>::new();
+            Simulation::<cggmp21::key_refresh::AuxOnlyMsg<Sha256, SecurityLevel128>>::new();
 
         let eid: [u8; 32] = rng.gen();
         let eid = ExecutionId::new(&eid);

diff --git a/tests/tests/keygen.rs b/tests/tests/keygen.rs
@@ -9,7 +9,7 @@ mod generic {
 
     use cggmp21::keygen::{NonThresholdMsg, ThresholdMsg};
     use cggmp21::{
-        key_share::reconstruct_secret_key, security_level::ReasonablySecure, ExecutionId,
+        key_share::reconstruct_secret_key, security_level::SecurityLevel128, ExecutionId,
     };
 
     #[test_case::case(3, false; "n3")]
@@ -21,7 +21,7 @@ mod generic {
     async fn keygen_works<E: Curve>(n: u16, reliable_broadcast: bool) {
         let mut rng = DevRng::new();
 
-        let mut simulation = Simulation::<NonThresholdMsg<E, ReasonablySecure, Sha256>>::new();
+        let mut simulation = Simulation::<NonThresholdMsg<E, SecurityLevel128, Sha256>>::new();
 
         let eid: [u8; 32] = rng.gen();
         let eid = ExecutionId::new(&eid);
@@ -65,7 +65,7 @@ mod generic {
     async fn threshold_keygen_works<E: Curve>(t: u16, n: u16, reliable_broadcast: bool) {
         let mut rng = DevRng::new();
 
-        let mut simulation = Simulation::<ThresholdMsg<E, ReasonablySecure, Sha256>>::new();
+        let mut simulation = Simulation::<ThresholdMsg<E, SecurityLevel128, Sha256>>::new();
 
         let eid: [u8; 32] = rng.gen();
         let eid = ExecutionId::new(&eid);

diff --git a/tests/tests/pipeline.rs b/tests/tests/pipeline.rs
@@ -9,7 +9,7 @@ mod generic {
     use cggmp21::keygen::ThresholdMsg;
     use cggmp21::{
         key_share::{IncompleteKeyShare, KeyShare},
-        security_level::ReasonablySecure,
+        security_level::SecurityLevel128,
         ExecutionId,
     };
 
@@ -33,7 +33,7 @@ mod generic {
     where
         E: Curve,
     {
-        let mut simulation = Simulation::<ThresholdMsg<E, ReasonablySecure, Sha256>>::new();
+        let mut simulation = Simulation::<ThresholdMsg<E, SecurityLevel128, Sha256>>::new();
 
         let eid: [u8; 32] = rng.gen();
         let eid = ExecutionId::new(&eid);
@@ -64,7 +64,7 @@ mod generic {
         let n = shares.len().try_into().unwrap();
 
         let mut simulation =
-            Simulation::<cggmp21::key_refresh::AuxOnlyMsg<Sha256, ReasonablySecure>>::new();
+            Simulation::<cggmp21::key_refresh::AuxOnlyMsg<Sha256, SecurityLevel128>>::new();
 
         let eid: [u8; 32] = rng.gen();
         let eid = ExecutionId::new(&eid);

diff --git a/tests/tests/signing.rs b/tests/tests/signing.rs
@@ -10,7 +10,7 @@ mod generic {
     use sha2::Sha256;
 
     use cggmp21::signing::{msg::Msg, DataToSign};
-    use cggmp21::{security_level::ReasonablySecure, ExecutionId};
+    use cggmp21::{security_level::SecurityLevel128, ExecutionId};
 
     #[test_case::case(None, 2, false; "n2")]
     #[test_case::case(None, 2, true; "n2-reliable")]
@@ -27,7 +27,7 @@ mod generic {
         let mut rng = DevRng::new();
 
         let shares = cggmp21_tests::CACHED_SHARES
-            .get_shares::<E, ReasonablySecure>(t, n)
+            .get_shares::<E, SecurityLevel128>(t, n)
             .expect("retrieve cached shares");
 
         let mut simulation = Simulation::<Msg<E, Sha256>>::new();

diff --git a/tests/tests/stark_prehashed.rs b/tests/tests/stark_prehashed.rs
@@ -1,4 +1,4 @@
-use cggmp21::{security_level::ReasonablySecure, signing::msg::Msg};
+use cggmp21::{security_level::SecurityLevel128, signing::msg::Msg};
 use cggmp21_tests::{convert_from_stark_scalar, convert_stark_scalar};
 use generic_ec::{coords::HasAffineX, curves::Stark};
 use rand::{seq::SliceRandom, Rng, SeedableRng};
@@ -13,7 +13,7 @@ async fn sign_transaction() {
     let n = 3;
 
     let shares = cggmp21_tests::CACHED_SHARES
-        .get_shares::<Stark, ReasonablySecure>(t, n)
+        .get_shares::<Stark, SecurityLevel128>(t, n)
         .expect("retrieve cached shares");
 
     let mut simulation = Simulation::<Msg<Stark, Sha256>>::new();