Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update BatchCompat VRF to audited version of libsodium (and latest draft version) #341

Merged
merged 15 commits into from
Jan 25, 2023
Merged

Update BatchCompat VRF to audited version of libsodium (and latest draft version) #341

merged 15 commits into from
Jan 25, 2023

Conversation

iquerejeta
Copy link
Collaborator

@iquerejeta iquerejeta commented Nov 11, 2022
edited
Loading

We got a successful audit by Kudelski for the batch verification implementation of VRF proofs, which is implemented in this branch. This PR updates the haskell bindings, and the cbits, to the new design using the audited code. Similarly, we adapt the code in cbits/private to the code available in libsodium/stable v1.0.18, instead of some version of master we had previously. By not being based in master not only we use stable code, but we also remove the following warning we had when compiling:

# warning *** This is unstable, untested, development code.
# warning It might not compile. It might not work as expected.
# warning It might be totally insecure.
# warning Do not use this except if you are planning to contribute code.
# warning Use releases available at https://download.libsodium.org/libsodium/releases/ instead.
# warning Alternatively, use the "stable" branch in the git repository.

Similarly, we re-activate the BatchCompat module, which was deactivated in the past due to a lack of external audit.

This closes #337

tdammers
tdammers approved these changes Nov 21, 2022
View reviewed changes
Copy link
Contributor

@tdammers tdammers left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Haskell changes look trivial, have not looked at C code.

@iquerejeta iquerejeta marked this pull request as ready for review November 21, 2022 12:26
@iquerejeta iquerejeta requested a review from lehins November 21, 2022 12:26
@iquerejeta iquerejeta requested a review from lehins December 30, 2022 09:49
lehins
lehins approved these changes Jan 3, 2023
View reviewed changes
Copy link
Collaborator

@lehins lehins left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am sure the audit by Kudelski was pretty thorough, cause I am not gonna pretend like I reviewed and understood what is going on in the C implementation of the VRF.

But I did read through a good portion of the PR and commented on obvious things that jumped out at me. Didn't find anything serious, just minor suggestions and questions.

Also, I think it would make sense to squash the first three commits in the PR

cardano-crypto-praos/cbits/crypto_vrf.c Outdated Show resolved Hide resolved
cardano-crypto-praos/src/Cardano/Crypto/VRF/PraosBatchCompat.hs Outdated Show resolved Hide resolved
cardano-crypto-praos/src/Cardano/Crypto/VRF/PraosBatchCompat.hs Outdated Show resolved Hide resolved
cardano-crypto-praos/cbits/private/ed25519_ref10.c Outdated Show resolved Hide resolved
cardano-crypto-praos/cbits/private/ed25519_ref10.c Outdated Show resolved Hide resolved
cardano-crypto-praos/cbits/vrf03/vrf.c Show resolved Hide resolved
cardano-crypto-praos/cbits/vrf03/vrf.c Outdated Show resolved Hide resolved
cardano-crypto-praos/cbits/vrf13_batchcompat/crypto_vrf_ietfdraft13.h Outdated Show resolved Hide resolved
cardano-crypto-praos/src/Cardano/Crypto/VRF/PraosBatchCompat.hs Outdated Show resolved Hide resolved
cardano-crypto-praos/cbits/vrf13_batchcompat/vrf_ietfdraft13.h Outdated Show resolved Hide resolved
@iquerejeta iquerejeta force-pushed the update-vrf branch 3 times, most recently from e62d4c1 to 73a9eb4 Compare January 4, 2023 15:39
@iquerejeta
Copy link
Collaborator Author

@lehins , I have applied the suggested changes. We are now only missing that the update of libsodium is merged into iohk-nix. Just want to check that we are all good on this side to merge before pushing for that merge (just in case we need a final touch on the libsodium fork) 👍

lehins
lehins approved these changes Jan 5, 2023
View reviewed changes
Copy link
Collaborator

@lehins lehins left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just two tiny related comments, otherwise, yeah, I think it is ready to go.

cardano-crypto-praos/src/Cardano/Crypto/VRF/PraosBatchCompat.hs Outdated Show resolved Hide resolved
cardano-crypto-praos/src/Cardano/Crypto/VRF/Praos.hs Outdated Show resolved Hide resolved
@iquerejeta
Copy link
Collaborator Author

Waiting for nix PR to be merged before merging this.

iquerejeta and others added 14 commits January 25, 2023 10:35
@iquerejeta
Update to version 13 and base on libsdoium stable 1.0.18
55eeea5
@iquerejeta
Remove check on CONFIGURED var from common.h
18650a3 
In the  file from libsodium-v1.0.18-stable, the variable CONFIGURED is set to 1. We are currently using the code from stable in  treat the variable CONFIGURED as set to 1. https://github.com/jedisct1/libsodium/blob/940ef42797baa0278df6b7fd9e67c7590f87744b/configure\#L19155
@iquerejeta
Update nix to use master branch from iohk-nix
e064317
@iquerejeta @lehins
Apply suggestions from code review
403a497 
Co-authored-by: Alexey Kuleshevich <alexey.kuleshevich@iohk.io>
@iquerejeta
Revert indentation changes.
ae378b2
@iquerejeta
Rename sk -> skpk, when the variable contains also the pk
1cda852
@iquerejeta
Position batchcompat as suffix.
57ec0c5
@iquerejeta
Declare static variables in crypto_vrf.h
a323c46
@iquerejeta
Name BYTES function consistently (keep old for backwards compat)
9450589
@iquerejeta
Revert ristretto changes from diff (as ristretto is not used)
b6c99eb
@iquerejeta
Use fe25519_mul instead of fe25519_scalar_product for consistency wit…
d334ed1 
…h stable
@iquerejeta
Remove crypto_vrf_ietfdraft03_proofbytes function
fcd14f5
@iquerejeta
Update nix reference (DO NOT MERGE)
948abde
@iquerejeta
Haskell FFI fns named equally as C fns
437ad35
@iquerejeta iquerejeta merged commit c892e8e into master Jan 25, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tdammers tdammers tdammers approved these changes

@lehins lehins lehins approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Update VRF bindings to latest version
3 participants
@iquerejeta @tdammers @lehins