You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This commit was created on github.com and signed with GitHub’s verified signature.
Changed
Major Refactor and Enhancements: This version introduces significant internal changes and improvements, building upon version 0.7.5b0. While the public API remains largely compatible, many functions have been optimized, rewritten, or enhanced for security and performance.
Enhanced Security:
Improved fault injection countermeasures in secure_redundant_execution. Increased redundancy from 3 to 5 executions, added random execution ordering, and introduced small random delays to decorrelate execution timing. Used more robust constant-time comparisons for all result permutations.
hash_to_group now uses strict rejection sampling without fallback to modular reduction, eliminating a potential (though minor) bias. Increased the number of attempts and added domain separation to improve the success rate of rejection sampling.
Enhanced domain separation in _enhanced_encode_for_hash with type tagging and length prefixing to prevent collision attacks.
Improved validation during deserialization of commitments and proofs, including stricter checks on data types, structures, and cryptographic parameters (primality, generator validity, range checks).
Added more comprehensive Byzantine fault tolerance in _refresh_shares_additive, including an echo broadcast mechanism for consistency verification, adaptive quorum-based detection of Byzantine parties, and enhanced collusion detection.
Introduced _detect_byzantine_behavior for more thorough detection of malicious behavior, including inconsistent shares, invalid commitments, and equivocation.
Added cryptographic proof generation for invalid shares (_create_invalidity_proof) and for correct share refreshing (_generate_refresh_consistency_proof).
Improved collusion detection using network analysis algorithms (_enhanced_collusion_detection).
Added secure constant-time summation of shares (_secure_sum_shares) to prevent timing attacks during share refreshing.
Implemented a more secure randomized pivot selection strategy in _find_secure_pivot to prevent timing-based side-channel attacks during Gaussian elimination.
Added better handling of extra entropy during commitment creation and verification
Added more detailed diagnostics to error messages.
Improved sanitization of error messages.
Added handling for potential failures during random shuffle and delay.
Performance Optimizations:
Optimized batch_verify_shares with caching of intermediate values and batch processing for improved performance with large batches.
Optimized _refresh_shares_additive for better performance in asynchronous environments, reduced communication complexity, and more efficient verification.
Improved parallelism in _process_verification_batches.
Optimized efficient_multi_exp with adaptive window sizing and selective precomputation.
Pre-compute powers of generator with multi-level windows.
Dynamic window sizing based on prime size.
API Changes (Minor):
Added optional sanitize_error_func, function_name, and context parameters to secure_redundant_execution for better error handling and context.
Added optional original_commitments and participant_ids parameters to refresh_shares.
Renamed create_commitments_and_proof to create_commitments_with_proof for clarity.
The _find_secure_pivot function's output is now deterministic with respect to its inputs, even though it uses randomness internally. This improves testability.
Bug Fixes:
Fixed potential TypeError in constant_time_compare when comparing mixed types. Now uses a consistent conversion approach.
Fixed various potential issues in deserialization methods by adding stricter type and structure checks.
Fixed potential error in _secure_matrix_solve by using gmpy2.invert for modular inversion.
Code Quality:
Improved type hints and documentation throughout the code.
Added more comprehensive input validation and error handling.
Used gmpy2.mpz consistently for all integer arithmetic to ensure consistent handling and prevent potential type-related issues.
