Remove dependency on ring_algorithm crate (#125)

* Remove dependency on `ring_algorithm`

* Fix clippy warnings

* Rename module ring -> ring_algorithms

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "curv-kzen"
-version = "0.8.0-rc1"
+version = "0.8.0-rc2"
 edition = "2018"
 authors = [
     "Omer Shlomovits",
@@ -30,7 +30,6 @@ num-integer = "0.1"
 pairing-plus = "0.19"
 rand = "0.7"
 rand_legacy = { package = "rand", version = "0.6" }
-ring-algorithm = "0.2.3"
 rust-crypto = "^0.2"
 serde = { version = "1.0", features = ["derive"] }
 serde_bytes = "0.11"

examples/verifiable_secret_sharing.rs

@@ -42,11 +42,11 @@ pub fn secret_sharing_3_out_of_5<E: Curve>() {
 
     // test map (t,n) - (t',t')
     let s = &vec![0, 1, 2, 3, 4];
-    let l0 = VerifiableSS::<E>::map_share_to_new_params(&vss_scheme.parameters, 0, &s);
-    let l1 = VerifiableSS::<E>::map_share_to_new_params(&vss_scheme.parameters, 1, &s);
-    let l2 = VerifiableSS::<E>::map_share_to_new_params(&vss_scheme.parameters, 2, &s);
-    let l3 = VerifiableSS::<E>::map_share_to_new_params(&vss_scheme.parameters, 3, &s);
-    let l4 = VerifiableSS::<E>::map_share_to_new_params(&vss_scheme.parameters, 4, &s);
+    let l0 = VerifiableSS::<E>::map_share_to_new_params(&vss_scheme.parameters, 0, s);
+    let l1 = VerifiableSS::<E>::map_share_to_new_params(&vss_scheme.parameters, 1, s);
+    let l2 = VerifiableSS::<E>::map_share_to_new_params(&vss_scheme.parameters, 2, s);
+    let l3 = VerifiableSS::<E>::map_share_to_new_params(&vss_scheme.parameters, 3, s);
+    let l4 = VerifiableSS::<E>::map_share_to_new_params(&vss_scheme.parameters, 4, s);
 
     let w = l0 * secret_shares[0].clone()
         + l1 * secret_shares[1].clone()

src/arithmetic/big_gmp.rs

@@ -374,19 +374,6 @@ impl One for BigInt {
     }
 }
 
-impl ring_algorithm::RingNormalize for BigInt {
-    fn leading_unit(&self) -> Self {
-        match self.gmp.sign() {
-            Sign::Negative => -BigInt::one(),
-            _ => BigInt::one(),
-        }
-    }
-
-    fn normalize_mut(&mut self) {
-        self.gmp = self.gmp.abs();
-    }
-}
-
 crate::__bigint_impl_from! { u32, i32, u64 }
 
 impl From<u16> for BigInt {
@@ -404,35 +391,3 @@ impl Wrap for Mpz {
         BigInt { gmp: self }
     }
 }
-
-/// Tests that ring_algorithm work as expected
-#[cfg(test)]
-mod ring_algorithm_test {
-    const PRIME: u32 = u32::MAX - 4;
-
-    use super::*;
-
-    proptest::proptest! {
-        #[test]
-        fn fuzz_inverse(n in 1..PRIME) {
-            test_inverse(BigInt::from(n))
-        }
-        #[test]
-        fn fuzz_xgcd(a in 1u32.., b in 1u32..) {
-            test_xgcd(BigInt::from(a), BigInt::from(b))
-        }
-    }
-
-    fn test_inverse(n: BigInt) {
-        let prime = BigInt::from(PRIME);
-        let n_inv_expected = BigInt::mod_inv(&n, &prime).unwrap();
-        let n_inv_actual = ring_algorithm::modulo_inverse(n, prime.clone()).unwrap();
-        assert_eq!(n_inv_expected, n_inv_actual.modulus(&prime));
-    }
-
-    fn test_xgcd(a: BigInt, b: BigInt) {
-        let (s1, p1, q1) = BigInt::egcd(&a, &b);
-        let (s2, p2, q2) = ring_algorithm::normalized_extended_euclidian_algorithm(a, b);
-        assert_eq!((s1, p1, q1), (s2, p2, q2));
-    }
-}

src/arithmetic/big_native.rs

@@ -11,6 +11,7 @@ use num_bigint::BigInt as BN;
 use num_bigint::Sign;
 
 mod primes;
+mod ring_algorithms;
 
 /// Big integer
 ///
@@ -171,7 +172,7 @@ impl Modulo for BigInt {
     }
 
     fn mod_inv(a: &Self, modulus: &Self) -> Option<Self> {
-        ring_algorithm::modulo_inverse(a.clone(), modulus.clone()).map(|inv| inv.modulus(modulus))
+        ring_algorithms::modulo_inverse(a, modulus).map(|inv| inv.modulus(modulus))
     }
 
     fn modulus(&self, modulus: &Self) -> Self {
@@ -216,7 +217,7 @@ impl NumberTests for BigInt {
 
 impl EGCD for BigInt {
     fn egcd(a: &Self, b: &Self) -> (Self, Self, Self) {
-        ring_algorithm::normalized_extended_euclidian_algorithm(a.clone(), b.clone())
+        ring_algorithms::normalized_extended_euclidian_algorithm(a, b)
     }
 }
 
@@ -377,19 +378,6 @@ impl num_traits::One for BigInt {
     }
 }
 
-impl ring_algorithm::RingNormalize for BigInt {
-    fn leading_unit(&self) -> Self {
-        match self.num.sign() {
-            Sign::Minus => -BigInt::one(),
-            _ => BigInt::one(),
-        }
-    }
-
-    fn normalize_mut(&mut self) {
-        self.num = self.num.abs();
-    }
-}
-
 macro_rules! impl_try_from {
     ($($primitive:ty),*$(,)?) => {
         $(

src/arithmetic/big_native/ring_algorithms.rs

@@ -0,0 +1,93 @@
+// Taken from: https://gitlab.com/Toru3/ring-algorithm/-/blob/c4eaf606e88cb62cf87df98c99f923b253ad976a/src/lib.rs
+// Original code is licensed under terms of: MIT OR Apache-2.0
+
+use num_bigint::Sign;
+use num_traits::Signed;
+
+use crate::arithmetic::{One, Zero};
+
+use super::BigInt;
+
+fn leading_unit(n: &BigInt) -> BigInt {
+    match n.num.sign() {
+        Sign::Minus => -BigInt::one(),
+        _ => BigInt::one(),
+    }
+}
+
+fn abs(n: &BigInt) -> BigInt {
+    BigInt { num: n.num.abs() }
+}
+
+/// Extended euclidian algorithm with normalize
+pub fn normalized_extended_euclidian_algorithm(x: &BigInt, y: &BigInt) -> (BigInt, BigInt, BigInt) {
+    let lc_x = leading_unit(&x);
+    let lc_y = leading_unit(&y);
+    let mut old = (abs(x), &BigInt::one() / &lc_x, BigInt::zero());
+    let mut now = (abs(y), BigInt::zero(), &BigInt::one() / &lc_y);
+    while !now.0.is_zero() {
+        let q = &old.0 / &now.0;
+        let r = &old.0 % &now.0;
+        let lc_r = leading_unit(&r);
+        let new = (
+            abs(&r),
+            &(&old.1 - &(&q * &now.1)) / &lc_r,
+            &(&old.2 - &(&q * &now.2)) / &lc_r,
+        );
+        old = now;
+        now = new;
+    }
+    old
+}
+
+/// Calc inverse in modulo
+///
+/// calc x ($`ax \equiv 1 \pmod{m}`$)
+pub fn modulo_inverse(a: &BigInt, m: &BigInt) -> Option<BigInt> {
+    let (gcd, inv_a, _) = normalized_extended_euclidian_algorithm(a, m);
+    if gcd.is_one() {
+        Some(inv_a)
+    } else {
+        None
+    }
+}
+
+#[cfg(test)]
+mod test {
+    use super::*;
+    use crate::arithmetic::Modulo;
+
+    #[test]
+    fn test_gcd() {
+        let gcd = |a, b| normalized_extended_euclidian_algorithm(&a, &b).0;
+        assert_eq!(gcd(BigInt::from(0), BigInt::from(0)), BigInt::from(0));
+        assert_eq!(gcd(BigInt::from(42), BigInt::from(0)), BigInt::from(42));
+        assert_eq!(gcd(BigInt::from(0), BigInt::from(42)), BigInt::from(42));
+        assert_eq!(gcd(BigInt::from(64), BigInt::from(58)), BigInt::from(2));
+        assert_eq!(gcd(BigInt::from(97), BigInt::from(89)), BigInt::from(1));
+    }
+
+    #[test]
+    fn test_mod_inv() {
+        // not exists inverse
+        assert_eq!(check_mod_inv(&BigInt::from(0), &BigInt::from(0)), false);
+        assert_eq!(check_mod_inv(&BigInt::from(42), &BigInt::from(0)), false);
+        assert_eq!(check_mod_inv(&BigInt::from(0), &BigInt::from(42)), false);
+        assert_eq!(check_mod_inv(&BigInt::from(64), &BigInt::from(58)), false);
+        // exists inverse
+        assert_eq!(check_mod_inv(&BigInt::from(97), &BigInt::from(89)), true);
+        assert_eq!(check_mod_inv(&BigInt::from(7), &BigInt::from(15)), true);
+        assert_eq!(check_mod_inv(&BigInt::from(42), &BigInt::from(55)), true);
+        assert_eq!(check_mod_inv(&BigInt::from(15), &BigInt::from(64)), true);
+    }
+
+    fn check_mod_inv(a: &BigInt, b: &BigInt) -> bool {
+        match modulo_inverse(a, b) {
+            Some(c) => {
+                assert_eq!(BigInt::mod_mul(a, &c, b), BigInt::one());
+                true
+            }
+            None => false,
+        }
+    }
+}

src/arithmetic/mod.rs

@@ -350,9 +350,8 @@ mod test {
         T: ZeroizeBN,
         u64: ConvertFrom<BigInt>,
         // Foreign traits implementations
-        T: zeroize::Zeroize + ring_algorithm::RingNormalize + num_traits::One + num_traits::Zero,
+        T: zeroize::Zeroize + num_traits::One + num_traits::Zero,
         T: num_traits::Num + num_integer::Integer + num_integer::Roots,
-        for<'a> &'a T: ring_algorithm::EuclideanRingOperation<T>,
         // Conversion traits
         for<'a> u64: std::convert::TryFrom<&'a BigInt>,
         for<'a> i64: std::convert::TryFrom<&'a BigInt>,

src/cryptographic_primitives/proofs/low_degree_exponent_interpolation.rs

@@ -145,7 +145,7 @@ impl<E: Curve> LdeiProof<E> {
             .iter()
             .zip(&statement.alpha)
             .zip(&statement.x)
-            .map(|((g, a), x)| g * self.z.evaluate(&a) + x * &e)
+            .map(|((g, a), x)| g * self.z.evaluate(a) + x * &e)
             .collect();
 
         if self.a == expected_a {
@@ -197,7 +197,7 @@ mod tests {
         let poly = Polynomial::<E>::sample_exact(5);
         let witness = LdeiWitness { w: poly };
 
-        let alpha: Vec<Scalar<E>> = (1..=10).map(|i| Scalar::from(i)).collect();
+        let alpha: Vec<Scalar<E>> = (1..=10).map(Scalar::from).collect();
         let g: Vec<Point<E>> = iter::repeat_with(Scalar::random)
             .map(|x| Point::generator() * x)
             .take(10)

src/cryptographic_primitives/proofs/sigma_valid_pedersen.rs

@@ -73,7 +73,7 @@ impl<E: Curve> PedersenProof<E> {
         let h = Point::<E>::base_point2();
 
         let e = Sha256::new()
-            .chain_points([&g.to_point(), &h, &proof.com, &proof.a1, &proof.a2])
+            .chain_points([&g.to_point(), h, &proof.com, &proof.a1, &proof.a2])
             .result_scalar();
 
         let z1g = g * &proof.z1;

src/cryptographic_primitives/proofs/sigma_valid_pedersen_blind.rs

@@ -47,7 +47,7 @@ impl<E: Curve> PedersenBlindingProof<E> {
         let g = Point::<E>::generator();
         let e = Sha256::new()
             .chain_points([g.as_point(), h, &com, &a])
-            .chain_scalar(&m)
+            .chain_scalar(m)
             .result_scalar();
 
         let er = &e * r;

src/cryptographic_primitives/secret_sharing/feldman_vss.rs

@@ -165,7 +165,7 @@ impl<E: Curve> VerifiableSS<E> {
             .iter()
             .map(|i| Scalar::from(*i + 1))
             .collect::<Vec<_>>();
-        VerifiableSS::<E>::lagrange_interpolation_at_zero(&points, &shares)
+        VerifiableSS::<E>::lagrange_interpolation_at_zero(&points, shares)
     }
 
     // Performs a Lagrange interpolation in field Zp at the origin
@@ -355,11 +355,11 @@ mod tests {
 
         // test map (t,n) - (t',t')
         let s = &vec![0, 1, 2, 3, 4];
-        let l0 = VerifiableSS::<E>::map_share_to_new_params(&vss_scheme.parameters, 0, &s);
-        let l1 = VerifiableSS::<E>::map_share_to_new_params(&vss_scheme.parameters, 1, &s);
-        let l2 = VerifiableSS::<E>::map_share_to_new_params(&vss_scheme.parameters, 2, &s);
-        let l3 = VerifiableSS::<E>::map_share_to_new_params(&vss_scheme.parameters, 3, &s);
-        let l4 = VerifiableSS::<E>::map_share_to_new_params(&vss_scheme.parameters, 4, &s);
+        let l0 = VerifiableSS::<E>::map_share_to_new_params(&vss_scheme.parameters, 0, s);
+        let l1 = VerifiableSS::<E>::map_share_to_new_params(&vss_scheme.parameters, 1, s);
+        let l2 = VerifiableSS::<E>::map_share_to_new_params(&vss_scheme.parameters, 2, s);
+        let l3 = VerifiableSS::<E>::map_share_to_new_params(&vss_scheme.parameters, 3, s);
+        let l4 = VerifiableSS::<E>::map_share_to_new_params(&vss_scheme.parameters, 4, s);
         let w = l0 * &secret_shares[0]
             + l1 * &secret_shares[1]
             + l2 * &secret_shares[2]
@@ -394,11 +394,11 @@ mod tests {
 
         // test map (t,n) - (t',t')
         let s = &vec![0, 1, 3, 4, 6];
-        let l0 = VerifiableSS::<E>::map_share_to_new_params(&vss_scheme.parameters, 0, &s);
-        let l1 = VerifiableSS::<E>::map_share_to_new_params(&vss_scheme.parameters, 1, &s);
-        let l3 = VerifiableSS::<E>::map_share_to_new_params(&vss_scheme.parameters, 3, &s);
-        let l4 = VerifiableSS::<E>::map_share_to_new_params(&vss_scheme.parameters, 4, &s);
-        let l6 = VerifiableSS::<E>::map_share_to_new_params(&vss_scheme.parameters, 6, &s);
+        let l0 = VerifiableSS::<E>::map_share_to_new_params(&vss_scheme.parameters, 0, s);
+        let l1 = VerifiableSS::<E>::map_share_to_new_params(&vss_scheme.parameters, 1, s);
+        let l3 = VerifiableSS::<E>::map_share_to_new_params(&vss_scheme.parameters, 3, s);
+        let l4 = VerifiableSS::<E>::map_share_to_new_params(&vss_scheme.parameters, 4, s);
+        let l6 = VerifiableSS::<E>::map_share_to_new_params(&vss_scheme.parameters, 6, s);
 
         let w = l0 * &secret_shares[0]
             + l1 * &secret_shares[1]
@@ -429,8 +429,8 @@ mod tests {
 
         // test map (t,n) - (t',t')
         let s = &vec![0, 1];
-        let l0 = VerifiableSS::<E>::map_share_to_new_params(&vss_scheme.parameters, 0, &s);
-        let l1 = VerifiableSS::<E>::map_share_to_new_params(&vss_scheme.parameters, 1, &s);
+        let l0 = VerifiableSS::<E>::map_share_to_new_params(&vss_scheme.parameters, 0, s);
+        let l1 = VerifiableSS::<E>::map_share_to_new_params(&vss_scheme.parameters, 1, s);
         let w = l0 * &secret_shares[0] + l1 * &secret_shares[1];
         assert_eq!(w, secret_reconstructed);
     }
@@ -469,8 +469,8 @@ mod tests {
 
         // test map (t,n) - (t',t')
         let s = &vec![0, 2];
-        let l0 = VerifiableSS::<E>::map_share_to_new_params(&vss_scheme.parameters, 0, &s);
-        let l2 = VerifiableSS::<E>::map_share_to_new_params(&vss_scheme.parameters, 2, &s);
+        let l0 = VerifiableSS::<E>::map_share_to_new_params(&vss_scheme.parameters, 0, s);
+        let l2 = VerifiableSS::<E>::map_share_to_new_params(&vss_scheme.parameters, 2, s);
 
         let w = l0 * &secret_shares[0] + l2 * &secret_shares[2];
         assert_eq!(w, secret_reconstructed);

src/cryptographic_primitives/twoparty/coin_flip_optimal_rounds.rs

@@ -43,7 +43,7 @@ impl<E: Curve> Party1FirstMessage<E> {
 }
 impl<E: Curve> Party2FirstMessage<E> {
     pub fn share(proof: &PedersenProof<E>) -> Party2FirstMessage<E> {
-        PedersenProof::verify(&proof).expect("{(m,r),c} proof failed");
+        PedersenProof::verify(proof).expect("{(m,r),c} proof failed");
         let seed = Scalar::random();
         Party2FirstMessage { seed }
     }
@@ -54,7 +54,7 @@ impl<E: Curve> Party1SecondMessage<E> {
         party1seed: &Scalar<E>,
         party1blinding: &Scalar<E>,
     ) -> (Party1SecondMessage<E>, Scalar<E>) {
-        let proof = PedersenBlindingProof::<E>::prove(&party1seed, &party1blinding);
+        let proof = PedersenBlindingProof::<E>::prove(party1seed, party1blinding);
         let coin_flip_result = &party1seed.to_bigint() ^ &party2seed.to_bigint();
         (
             Party1SecondMessage {
@@ -72,7 +72,7 @@ pub fn finalize<E: Curve>(
     party2seed: &Scalar<E>,
     party1comm: &Point<E>,
 ) -> Scalar<E> {
-    PedersenBlindingProof::<E>::verify(&proof).expect("{r,(m,c)} proof failed");
+    PedersenBlindingProof::<E>::verify(proof).expect("{r,(m,c)} proof failed");
     assert_eq!(&proof.com, party1comm);
     let coin_flip_result = &proof.m.to_bigint() ^ &party2seed.to_bigint();
     Scalar::from(&coin_flip_result)

src/cryptographic_primitives/twoparty/dh_key_exchange_variant_with_pok_comm.rs

@@ -215,7 +215,7 @@ impl Party2SecondMessage {
         if party_one_pk_commitment
             != &HashCommitment::create_commitment_with_user_defined_randomness(
                 &BigInt::from_bytes(&party_one_public_share.to_bytes(true)),
-                &party_one_pk_commitment_blind_factor,
+                party_one_pk_commitment_blind_factor,
             )
         {
             flag = false
@@ -224,14 +224,14 @@ impl Party2SecondMessage {
         if party_one_zk_pok_commitment
             != &HashCommitment::create_commitment_with_user_defined_randomness(
                 &BigInt::from_bytes(&party_one_d_log_proof.pk_t_rand_commitment.to_bytes(true)),
-                &party_one_zk_pok_blind_factor,
+                party_one_zk_pok_blind_factor,
             )
         {
             flag = false
         };
 
         assert!(flag);
-        DLogProof::verify(&party_one_d_log_proof)?;
+        DLogProof::verify(party_one_d_log_proof)?;
         Ok(Party2SecondMessage {})
     }
 }