From f24bda1017b625dbbb23fe0d4774f037f589d5fd Mon Sep 17 00:00:00 2001 From: stringhandler Date: Sun, 27 Aug 2023 13:48:21 +0200 Subject: [PATCH 1/6] fix: zeroize temporary scalar value --- src/ristretto/pedersen/extended_commitment_factory.rs | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/ristretto/pedersen/extended_commitment_factory.rs b/src/ristretto/pedersen/extended_commitment_factory.rs index 232b24ce..c7e938eb 100644 --- a/src/ristretto/pedersen/extended_commitment_factory.rs +++ b/src/ristretto/pedersen/extended_commitment_factory.rs @@ -11,6 +11,7 @@ use curve25519_dalek::{ scalar::Scalar, traits::{Identity, MultiscalarMul}, }; +use zeroize::Zeroize; #[cfg(feature = "precomputed_tables")] use crate::ristretto::pedersen::scalar_mul_with_pre_computation_tables; @@ -84,7 +85,7 @@ impl ExtendedPedersenCommitmentFactory { } /// Creates a Pedersen commitment using the value scalar and a blinding factor vector - pub fn commit_scalars( + fn commit_scalars( &self, value: &Scalar, blinding_factors: &[Scalar], @@ -166,8 +167,9 @@ impl ExtendedHomomorphicCommitmentFactory for ExtendedPedersenCommitmentFactory k_vec: &[RistrettoSecretKey], v: &RistrettoSecretKey, ) -> Result { - let blinding_factors: Vec = k_vec.iter().map(|k| k.0).collect(); + let mut blinding_factors: Vec = k_vec.iter().map(|k| k.0).collect(); let c = self.commit_scalars(&v.0, &blinding_factors)?; + blinding_factors.zeroize(); Ok(HomomorphicCommitment(RistrettoPublicKey::new_from_pk(c))) } From 59a1957b9d4a450cd3879bb8a8fc525eba3515a6 Mon Sep 17 00:00:00 2001 From: stringhandler Date: Sun, 27 Aug 2023 14:37:43 +0200 Subject: [PATCH 2/6] more zeroizing --- src/extended_range_proof.rs | 19 +++++++++++++++++-- .../pedersen/extended_commitment_factory.rs | 8 +++----- src/ristretto/ristretto_keys.rs | 6 ------ 3 files changed, 20 insertions(+), 13 deletions(-) diff --git a/src/extended_range_proof.rs b/src/extended_range_proof.rs index 7850dc25..2e9ceb70 100644 --- a/src/extended_range_proof.rs +++ b/src/extended_range_proof.rs @@ -4,6 +4,7 @@ //! Extended range proofs use std::{string::ToString, vec::Vec}; +use zeroize::Zeroize; use crate::{ commitment::{ExtensionDegree, HomomorphicCommitment}, @@ -99,13 +100,19 @@ pub trait ExtendedRangeProofService { /// Extended blinding factor vector used as part of the witness to construct an extended proof, or rewind data /// extracted from a range proof containing the mask (e.g. blinding factor vector). -#[derive(Debug, Clone, PartialEq, Eq)] +#[derive(Debug, Clone, PartialEq, Eq, Zeroize)] pub struct ExtendedMask where K: SecretKey { secrets: Vec, } +impl Drop for ExtendedMask{ + fn drop(&mut self) { + self.secrets.zeroize(); + } +} + impl ExtendedMask where K: SecretKey { @@ -200,7 +207,7 @@ where PK: PublicKey /// The extended witness contains the extended mask (blinding factor vector), value and a minimum value /// promise; this will be used to construct the extended range proof -#[derive(Clone)] +#[derive(Clone, Zeroize)] pub struct ExtendedWitness where K: SecretKey { @@ -212,6 +219,14 @@ where K: SecretKey pub minimum_value_promise: u64, } +impl Drop for ExtendedWitness{ + fn drop(&mut self) { + self.mask.zeroize(); + self.value.zeroize(); + self.minimum_value_promise.zeroize(); + } +} + impl ExtendedWitness where K: SecretKey { diff --git a/src/ristretto/pedersen/extended_commitment_factory.rs b/src/ristretto/pedersen/extended_commitment_factory.rs index c7e938eb..e7663013 100644 --- a/src/ristretto/pedersen/extended_commitment_factory.rs +++ b/src/ristretto/pedersen/extended_commitment_factory.rs @@ -4,7 +4,7 @@ //! Extended commitments are commitments that have more than one blinding factor. use alloc::vec::Vec; -use core::{borrow::Borrow, iter::once}; +use core::{iter::once}; use curve25519_dalek::{ ristretto::{CompressedRistretto, RistrettoPoint}, @@ -90,8 +90,6 @@ impl ExtendedPedersenCommitmentFactory { value: &Scalar, blinding_factors: &[Scalar], ) -> Result - where - for<'a> &'a Scalar: Borrow, { if blinding_factors.is_empty() || blinding_factors.len() > self.extension_degree as usize { Err(CommitmentError::CommitmentExtensionDegree { @@ -106,13 +104,13 @@ impl ExtendedPedersenCommitmentFactory { } #[cfg(not(feature = "precomputed_tables"))] { - let scalars = once(value).chain(blinding_factors); + let scalars = once(value).chain(blinding_factors.iter()); let g_base_head = self.g_base_vec.iter().take(blinding_factors.len()); let points = once(&self.h_base).chain(g_base_head); Ok(RistrettoPoint::multiscalar_mul(scalars, points)) } } else { - let scalars = once(value).chain(blinding_factors); + let scalars = once(value).chain(blinding_factors.iter()); let g_base_head = self.g_base_vec.iter().take(blinding_factors.len()); let points = once(&self.h_base).chain(g_base_head); Ok(RistrettoPoint::multiscalar_mul(scalars, points)) diff --git a/src/ristretto/ristretto_keys.rs b/src/ristretto/ristretto_keys.rs index 6a53b287..a6951202 100644 --- a/src/ristretto/ristretto_keys.rs +++ b/src/ristretto/ristretto_keys.rs @@ -214,12 +214,6 @@ impl From for RistrettoSecretKey { } } -impl From for RistrettoSecretKey { - fn from(s: Scalar) -> Self { - RistrettoSecretKey(s) - } -} - //--------------------------------------------- Borrow impl -------------------------------------------------// impl<'a> Borrow for &'a RistrettoSecretKey { From a0bd6899b7033e265eb21e897d861714a7767d47 Mon Sep 17 00:00:00 2001 From: stringhandler Date: Thu, 28 Sep 2023 11:03:35 +0200 Subject: [PATCH 3/6] use zeroizing --- src/ristretto/pedersen/extended_commitment_factory.rs | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/ristretto/pedersen/extended_commitment_factory.rs b/src/ristretto/pedersen/extended_commitment_factory.rs index e7663013..3255566a 100644 --- a/src/ristretto/pedersen/extended_commitment_factory.rs +++ b/src/ristretto/pedersen/extended_commitment_factory.rs @@ -11,7 +11,7 @@ use curve25519_dalek::{ scalar::Scalar, traits::{Identity, MultiscalarMul}, }; -use zeroize::Zeroize; +use zeroize::Zeroizing; #[cfg(feature = "precomputed_tables")] use crate::ristretto::pedersen::scalar_mul_with_pre_computation_tables; @@ -165,9 +165,8 @@ impl ExtendedHomomorphicCommitmentFactory for ExtendedPedersenCommitmentFactory k_vec: &[RistrettoSecretKey], v: &RistrettoSecretKey, ) -> Result { - let mut blinding_factors: Vec = k_vec.iter().map(|k| k.0).collect(); + let blinding_factors: Zeroizing> = Zeroizing::new(k_vec.iter().map(|k| k.0).collect()); let c = self.commit_scalars(&v.0, &blinding_factors)?; - blinding_factors.zeroize(); Ok(HomomorphicCommitment(RistrettoPublicKey::new_from_pk(c))) } From f9c62523b6e6253feb529857201461c67deb2439 Mon Sep 17 00:00:00 2001 From: stringhandler Date: Thu, 28 Sep 2023 11:05:39 +0200 Subject: [PATCH 4/6] clean up deser bytes --- src/ristretto/ristretto_keys.rs | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/src/ristretto/ristretto_keys.rs b/src/ristretto/ristretto_keys.rs index a6951202..3e97d293 100644 --- a/src/ristretto/ristretto_keys.rs +++ b/src/ristretto/ristretto_keys.rs @@ -65,9 +65,19 @@ impl borsh::BorshSerialize for RistrettoSecretKey { impl borsh::BorshDeserialize for RistrettoSecretKey { fn deserialize_reader(reader: &mut R) -> Result where R: borsh::maybestd::io::Read { - let bytes: Vec = borsh::BorshDeserialize::deserialize_reader(reader)?; - Self::from_bytes(bytes.as_slice()) + let mut bytes: Vec = borsh::BorshDeserialize::deserialize_reader(reader)?; + match Self::from_bytes(bytes.as_slice()) .map_err(|e| borsh::maybestd::io::Error::new(borsh::maybestd::io::ErrorKind::InvalidInput, e.to_string())) + { + Ok(k) => { + bytes.zeroize(); + Ok(k) + }, + Err(e) => { + bytes.zeroize(); + Err(e) + }, + } } } From 65aa7422a7cf78210da03d8068e002005abd4edf Mon Sep 17 00:00:00 2001 From: stringhandler Date: Mon, 2 Oct 2023 17:40:55 +0200 Subject: [PATCH 5/6] Update src/ristretto/pedersen/extended_commitment_factory.rs --- src/ristretto/pedersen/extended_commitment_factory.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ristretto/pedersen/extended_commitment_factory.rs b/src/ristretto/pedersen/extended_commitment_factory.rs index 3255566a..a3bdee37 100644 --- a/src/ristretto/pedersen/extended_commitment_factory.rs +++ b/src/ristretto/pedersen/extended_commitment_factory.rs @@ -104,7 +104,7 @@ impl ExtendedPedersenCommitmentFactory { } #[cfg(not(feature = "precomputed_tables"))] { - let scalars = once(value).chain(blinding_factors.iter()); + let scalars = once(value).chain(blinding_factors); let g_base_head = self.g_base_vec.iter().take(blinding_factors.len()); let points = once(&self.h_base).chain(g_base_head); Ok(RistrettoPoint::multiscalar_mul(scalars, points)) From b0d0a8b3d8c8c582b7e30d6630ba160363591772 Mon Sep 17 00:00:00 2001 From: stringhandler Date: Mon, 2 Oct 2023 17:41:39 +0200 Subject: [PATCH 6/6] Update src/ristretto/pedersen/extended_commitment_factory.rs --- src/ristretto/pedersen/extended_commitment_factory.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ristretto/pedersen/extended_commitment_factory.rs b/src/ristretto/pedersen/extended_commitment_factory.rs index a3bdee37..b2a9436f 100644 --- a/src/ristretto/pedersen/extended_commitment_factory.rs +++ b/src/ristretto/pedersen/extended_commitment_factory.rs @@ -110,7 +110,7 @@ impl ExtendedPedersenCommitmentFactory { Ok(RistrettoPoint::multiscalar_mul(scalars, points)) } } else { - let scalars = once(value).chain(blinding_factors.iter()); + let scalars = once(value).chain(blinding_factors); let g_base_head = self.g_base_vec.iter().take(blinding_factors.len()); let points = once(&self.h_base).chain(g_base_head); Ok(RistrettoPoint::multiscalar_mul(scalars, points))