Finalization

src/cryptographic_primitives/proofs/sigma_valid_pedersen_blind.rs

@@ -46,7 +46,7 @@ impl<E: Curve> PedersenBlindingProof<E> {
         );
         let g = Point::<E>::generator();
         let e = Sha256::new()
-            .chain_points([&g.to_point(), h, &com, &a])
+            .chain_points([g.as_point(), h, &com, &a])
             .chain_scalar(&m)
             .result_scalar();
 
@@ -65,7 +65,7 @@ impl<E: Curve> PedersenBlindingProof<E> {
         let g = Point::<E>::generator();
         let h = Point::<E>::base_point2();
         let e = Sha256::new()
-            .chain_points([&g.to_point(), h, &proof.com, &proof.a])
+            .chain_points([g.as_point(), h, &proof.com, &proof.a])
             .chain_scalar(&proof.m)
             .result_scalar();
 

src/cryptographic_primitives/secret_sharing/feldman_vss.rs

@@ -135,15 +135,15 @@ impl<E: Curve> VerifiableSS<E> {
     }
 
     // returns vector of coefficients
-    #[deprecated(since = "0.7.1", note = "please use Polynomial::sample instead")]
+    #[deprecated(since = "0.8.0", note = "please use Polynomial::sample instead")]
     pub fn sample_polynomial(t: usize, coef0: &Scalar<E>) -> Vec<Scalar<E>> {
         Polynomial::<E>::sample_exact_with_fixed_const_term(t.try_into().unwrap(), coef0.clone())
             .coefficients()
             .to_vec()
     }
 
     #[deprecated(
-        since = "0.7.1",
+        since = "0.8.0",
         note = "please use Polynomial::evaluate_many_bigint instead"
     )]
     pub fn evaluate_polynomial(coefficients: &[Scalar<E>], index_vec: &[usize]) -> Vec<Scalar<E>> {
@@ -152,7 +152,7 @@ impl<E: Curve> VerifiableSS<E> {
             .collect()
     }
 
-    #[deprecated(since = "0.7.1", note = "please use Polynomial::evaluate instead")]
+    #[deprecated(since = "0.8.0", note = "please use Polynomial::evaluate instead")]
     pub fn mod_evaluate_polynomial(coefficients: &[Scalar<E>], point: Scalar<E>) -> Scalar<E> {
         Polynomial::<E>::from_coefficients(coefficients.to_vec()).evaluate(&point)
     }

src/cryptographic_primitives/twoparty/dh_key_exchange_variant_with_pok_comm.rs

@@ -77,13 +77,13 @@ impl Party1FirstMessage {
         // we use hash based commitment
         let pk_commitment_blind_factor = BigInt::sample(SECURITY_BITS);
         let pk_commitment = HashCommitment::create_commitment_with_user_defined_randomness(
-            &BigInt::from_bytes(public_share.to_bytes(true).as_ref()),
+            &BigInt::from_bytes(&public_share.to_bytes(true)),
             &pk_commitment_blind_factor,
         );
 
         let zk_pok_blind_factor = BigInt::sample(SECURITY_BITS);
         let zk_pok_commitment = HashCommitment::create_commitment_with_user_defined_randomness(
-            &BigInt::from_bytes(d_log_proof.pk_t_rand_commitment.to_bytes(true).as_ref()),
+            &BigInt::from_bytes(&d_log_proof.pk_t_rand_commitment.to_bytes(true)),
             &zk_pok_blind_factor,
         );
         let ec_key_pair = EcKeyPair {
@@ -115,13 +115,13 @@ impl Party1FirstMessage {
 
         let pk_commitment_blind_factor = BigInt::sample(SECURITY_BITS);
         let pk_commitment = HashCommitment::create_commitment_with_user_defined_randomness(
-            &BigInt::from_bytes(public_share.to_bytes(true).as_ref()),
+            &BigInt::from_bytes(&public_share.to_bytes(true)),
             &pk_commitment_blind_factor,
         );
 
         let zk_pok_blind_factor = BigInt::sample(SECURITY_BITS);
         let zk_pok_commitment = HashCommitment::create_commitment_with_user_defined_randomness(
-            &BigInt::from_bytes(d_log_proof.pk_t_rand_commitment.to_bytes(true).as_ref()),
+            &BigInt::from_bytes(&d_log_proof.pk_t_rand_commitment.to_bytes(true)),
             &zk_pok_blind_factor,
         );
 
@@ -214,7 +214,7 @@ impl Party2SecondMessage {
         let mut flag = true;
         if party_one_pk_commitment
             != &HashCommitment::create_commitment_with_user_defined_randomness(
-                &BigInt::from_bytes(party_one_public_share.to_bytes(true).as_ref()),
+                &BigInt::from_bytes(&party_one_public_share.to_bytes(true)),
                 &party_one_pk_commitment_blind_factor,
             )
         {
@@ -223,12 +223,7 @@ impl Party2SecondMessage {
 
         if party_one_zk_pok_commitment
             != &HashCommitment::create_commitment_with_user_defined_randomness(
-                &BigInt::from_bytes(
-                    party_one_d_log_proof
-                        .pk_t_rand_commitment
-                        .to_bytes(true)
-                        .as_ref(),
-                ),
+                &BigInt::from_bytes(&party_one_d_log_proof.pk_t_rand_commitment.to_bytes(true)),
                 &party_one_zk_pok_blind_factor,
             )
         {

src/elliptic/curves/wrappers/arithmetic.rs

@@ -129,6 +129,8 @@ macro_rules! matrix {
 }
 
 fn addition_of_two_points<E: Curve>(result: E::Point) -> Point<E> {
+    // Safety: addition of two points of group order is always either a zero point or point of group
+    // order: `A + B = aG + bG = (a + b)G`
     unsafe { Point::from_raw_unchecked(result) }
 }
 
@@ -152,6 +154,8 @@ matrix! {
 }
 
 fn subtraction_of_two_point<E: Curve>(result: E::Point) -> Point<E> {
+    // Safety: subtraction of two points of group order is always either a zero point or point of group
+    // order: `A - B = aG - bG = (a - b)G`
     unsafe { Point::from_raw_unchecked(result) }
 }
 
@@ -175,6 +179,8 @@ matrix! {
 }
 
 fn multiplication_of_point_at_scalar<E: Curve>(result: E::Point) -> Point<E> {
+    // Safety: multiplication of point of group order at a scalar is always either a zero point or
+    // point of group order: `kA = kaG`
     unsafe { Point::from_raw_unchecked(result) }
 }
 

src/elliptic/curves/wrappers/mod.rs

@@ -2,7 +2,6 @@ mod arithmetic;
 mod encoded_point;
 mod encoded_scalar;
 pub mod error;
-mod format;
 mod generator;
 mod point;
 mod scalar;

src/elliptic/curves/wrappers/point.rs

@@ -142,8 +142,8 @@ impl<E: Curve> Point<E> {
     /// Tries to parse a point in (un)compressed form
     ///
     /// Whether it's in compressed or uncompressed form will be deduced from its length
-    pub fn from_bytes(bytes: impl AsRef<[u8]>) -> Result<Self, PointFromBytesError> {
-        let p = E::Point::deserialize(bytes.as_ref())
+    pub fn from_bytes(bytes: &[u8]) -> Result<Self, PointFromBytesError> {
+        let p = E::Point::deserialize(bytes)
             .map_err(|_: DeserializationError| PointFromBytesError::DeserializationError)?;
         Self::from_raw(p).map_err(PointFromBytesError::InvalidPoint)
     }
@@ -223,7 +223,7 @@ impl<E: Curve> Point<E> {
 
     /// Constructs a `Point<E>` from reference to low-level [ECPoint] implementor
     ///
-    /// Unsafe equivalent of [from_raw](Self::from_raw). It debug asserts that given `raw_point` is
+    /// Unsafe equivalent of [from_raw_ref](Self::from_raw_ref). It debug asserts that given `raw_point` is
     /// valid (the assertion is optimized out in release builds by default).
     ///
     /// # Safety
@@ -238,6 +238,7 @@ impl<E: Curve> Point<E> {
     /// [check_point_order_equals_group_order]: crate::elliptic::curves::ECPoint::check_point_order_equals_group_order
     /// [is_zero]: crate::elliptic::curves::ECPoint::is_zero
     pub unsafe fn from_raw_ref_unchecked(raw_point: &E::Point) -> &Self {
+        debug_assert!(raw_point.is_zero() || raw_point.check_point_order_equals_group_order());
         // Safety: Self is repr(transparent) wrapper over E::Point => cast is sound
         &*(raw_point as *const E::Point as *const Self)
     }