From 3e315f5cdf94fc9d0f368c428331d248ab7a0cbe Mon Sep 17 00:00:00 2001
From: Denis <dsurv@yandex.ru>
Date: Tue, 27 Jul 2021 16:43:37 +0300
Subject: [PATCH] Finalization

---
 .../proofs/sigma_valid_pedersen_blind.rs      |  4 +-
 .../secret_sharing/feldman_vss.rs             |  6 +-
 .../dh_key_exchange_variant_with_pok_comm.rs  | 17 ++--
 src/elliptic/curves/wrappers/arithmetic.rs    |  6 ++
 src/elliptic/curves/wrappers/format.rs        | 84 -------------------
 src/elliptic/curves/wrappers/mod.rs           |  1 -
 src/elliptic/curves/wrappers/point.rs         |  7 +-
 7 files changed, 21 insertions(+), 104 deletions(-)
 delete mode 100644 src/elliptic/curves/wrappers/format.rs

diff --git a/src/cryptographic_primitives/proofs/sigma_valid_pedersen_blind.rs b/src/cryptographic_primitives/proofs/sigma_valid_pedersen_blind.rs
index 82af4240..3066616b 100644
--- a/src/cryptographic_primitives/proofs/sigma_valid_pedersen_blind.rs
+++ b/src/cryptographic_primitives/proofs/sigma_valid_pedersen_blind.rs
@@ -46,7 +46,7 @@ impl<E: Curve> PedersenBlindingProof<E> {
         );
         let g = Point::<E>::generator();
         let e = Sha256::new()
-            .chain_points([&g.to_point(), h, &com, &a])
+            .chain_points([g.as_point(), h, &com, &a])
             .chain_scalar(&m)
             .result_scalar();
 
@@ -65,7 +65,7 @@ impl<E: Curve> PedersenBlindingProof<E> {
         let g = Point::<E>::generator();
         let h = Point::<E>::base_point2();
         let e = Sha256::new()
-            .chain_points([&g.to_point(), h, &proof.com, &proof.a])
+            .chain_points([g.as_point(), h, &proof.com, &proof.a])
             .chain_scalar(&proof.m)
             .result_scalar();
 
diff --git a/src/cryptographic_primitives/secret_sharing/feldman_vss.rs b/src/cryptographic_primitives/secret_sharing/feldman_vss.rs
index e518d8b9..e1bd78a8 100644
--- a/src/cryptographic_primitives/secret_sharing/feldman_vss.rs
+++ b/src/cryptographic_primitives/secret_sharing/feldman_vss.rs
@@ -135,7 +135,7 @@ impl<E: Curve> VerifiableSS<E> {
     }
 
     // returns vector of coefficients
-    #[deprecated(since = "0.7.1", note = "please use Polynomial::sample instead")]
+    #[deprecated(since = "0.8.0", note = "please use Polynomial::sample instead")]
     pub fn sample_polynomial(t: usize, coef0: &Scalar<E>) -> Vec<Scalar<E>> {
         Polynomial::<E>::sample_exact_with_fixed_const_term(t.try_into().unwrap(), coef0.clone())
             .coefficients()
@@ -143,7 +143,7 @@ impl<E: Curve> VerifiableSS<E> {
     }
 
     #[deprecated(
-        since = "0.7.1",
+        since = "0.8.0",
         note = "please use Polynomial::evaluate_many_bigint instead"
     )]
     pub fn evaluate_polynomial(coefficients: &[Scalar<E>], index_vec: &[usize]) -> Vec<Scalar<E>> {
@@ -152,7 +152,7 @@ impl<E: Curve> VerifiableSS<E> {
             .collect()
     }
 
-    #[deprecated(since = "0.7.1", note = "please use Polynomial::evaluate instead")]
+    #[deprecated(since = "0.8.0", note = "please use Polynomial::evaluate instead")]
     pub fn mod_evaluate_polynomial(coefficients: &[Scalar<E>], point: Scalar<E>) -> Scalar<E> {
         Polynomial::<E>::from_coefficients(coefficients.to_vec()).evaluate(&point)
     }
diff --git a/src/cryptographic_primitives/twoparty/dh_key_exchange_variant_with_pok_comm.rs b/src/cryptographic_primitives/twoparty/dh_key_exchange_variant_with_pok_comm.rs
index b1578ce1..b9f2165c 100644
--- a/src/cryptographic_primitives/twoparty/dh_key_exchange_variant_with_pok_comm.rs
+++ b/src/cryptographic_primitives/twoparty/dh_key_exchange_variant_with_pok_comm.rs
@@ -77,13 +77,13 @@ impl Party1FirstMessage {
         // we use hash based commitment
         let pk_commitment_blind_factor = BigInt::sample(SECURITY_BITS);
         let pk_commitment = HashCommitment::create_commitment_with_user_defined_randomness(
-            &BigInt::from_bytes(public_share.to_bytes(true).as_ref()),
+            &BigInt::from_bytes(&public_share.to_bytes(true)),
             &pk_commitment_blind_factor,
         );
 
         let zk_pok_blind_factor = BigInt::sample(SECURITY_BITS);
         let zk_pok_commitment = HashCommitment::create_commitment_with_user_defined_randomness(
-            &BigInt::from_bytes(d_log_proof.pk_t_rand_commitment.to_bytes(true).as_ref()),
+            &BigInt::from_bytes(&d_log_proof.pk_t_rand_commitment.to_bytes(true)),
             &zk_pok_blind_factor,
         );
         let ec_key_pair = EcKeyPair {
@@ -115,13 +115,13 @@ impl Party1FirstMessage {
 
         let pk_commitment_blind_factor = BigInt::sample(SECURITY_BITS);
         let pk_commitment = HashCommitment::create_commitment_with_user_defined_randomness(
-            &BigInt::from_bytes(public_share.to_bytes(true).as_ref()),
+            &BigInt::from_bytes(&public_share.to_bytes(true)),
             &pk_commitment_blind_factor,
         );
 
         let zk_pok_blind_factor = BigInt::sample(SECURITY_BITS);
         let zk_pok_commitment = HashCommitment::create_commitment_with_user_defined_randomness(
-            &BigInt::from_bytes(d_log_proof.pk_t_rand_commitment.to_bytes(true).as_ref()),
+            &BigInt::from_bytes(&d_log_proof.pk_t_rand_commitment.to_bytes(true)),
             &zk_pok_blind_factor,
         );
 
@@ -214,7 +214,7 @@ impl Party2SecondMessage {
         let mut flag = true;
         if party_one_pk_commitment
             != &HashCommitment::create_commitment_with_user_defined_randomness(
-                &BigInt::from_bytes(party_one_public_share.to_bytes(true).as_ref()),
+                &BigInt::from_bytes(&party_one_public_share.to_bytes(true)),
                 &party_one_pk_commitment_blind_factor,
             )
         {
@@ -223,12 +223,7 @@ impl Party2SecondMessage {
 
         if party_one_zk_pok_commitment
             != &HashCommitment::create_commitment_with_user_defined_randomness(
-                &BigInt::from_bytes(
-                    party_one_d_log_proof
-                        .pk_t_rand_commitment
-                        .to_bytes(true)
-                        .as_ref(),
-                ),
+                &BigInt::from_bytes(&party_one_d_log_proof.pk_t_rand_commitment.to_bytes(true)),
                 &party_one_zk_pok_blind_factor,
             )
         {
diff --git a/src/elliptic/curves/wrappers/arithmetic.rs b/src/elliptic/curves/wrappers/arithmetic.rs
index 88a26fdb..d25b7003 100644
--- a/src/elliptic/curves/wrappers/arithmetic.rs
+++ b/src/elliptic/curves/wrappers/arithmetic.rs
@@ -129,6 +129,8 @@ macro_rules! matrix {
 }
 
 fn addition_of_two_points<E: Curve>(result: E::Point) -> Point<E> {
+    // Safety: addition of two points of group order is always either a zero point or point of group
+    // order: `A + B = aG + bG = (a + b)G`
     unsafe { Point::from_raw_unchecked(result) }
 }
 
@@ -152,6 +154,8 @@ matrix! {
 }
 
 fn subtraction_of_two_point<E: Curve>(result: E::Point) -> Point<E> {
+    // Safety: subtraction of two points of group order is always either a zero point or point of group
+    // order: `A - B = aG - bG = (a - b)G`
     unsafe { Point::from_raw_unchecked(result) }
 }
 
@@ -175,6 +179,8 @@ matrix! {
 }
 
 fn multiplication_of_point_at_scalar<E: Curve>(result: E::Point) -> Point<E> {
+    // Safety: multiplication of point of group order at a scalar is always either a zero point or
+    // point of group order: `kA = kaG`
     unsafe { Point::from_raw_unchecked(result) }
 }
 
diff --git a/src/elliptic/curves/wrappers/format.rs b/src/elliptic/curves/wrappers/format.rs
deleted file mode 100644
index 653b59ca..00000000
--- a/src/elliptic/curves/wrappers/format.rs
+++ /dev/null
@@ -1,84 +0,0 @@
-use std::borrow::Cow;
-use std::convert::TryFrom;
-use std::iter;
-
-use serde::{Deserialize, Serialize};
-use thiserror::Error;
-
-use crate::elliptic::curves::traits::*;
-
-use super::*;
-
-#[derive(Serialize, Deserialize)]
-#[serde(bound = "")]
-pub struct ScalarFormat<E: Curve> {
-    curve: Cow<'static, str>,
-    #[serde(with = "hex")]
-    scalar: ScalarHex<E>,
-}
-
-impl<E: Curve> TryFrom<ScalarFormat<E>> for Scalar<E> {
-    type Error = ConvertParsedScalarError;
-
-    fn try_from(parsed: ScalarFormat<E>) -> Result<Self, Self::Error> {
-        if parsed.curve != E::CURVE_NAME {
-            return Err(ConvertParsedScalarError::MismatchedCurve {
-                got: parsed.curve,
-                expected: E::CURVE_NAME,
-            });
-        }
-
-        Ok(Scalar::from_raw(parsed.scalar.0))
-    }
-}
-
-impl<E: Curve> From<Scalar<E>> for ScalarFormat<E> {
-    fn from(s: Scalar<E>) -> Self {
-        ScalarFormat {
-            curve: E::CURVE_NAME.into(),
-            scalar: ScalarHex(s.into_raw()),
-        }
-    }
-}
-
-struct ScalarHex<E: Curve>(E::Scalar);
-
-impl<E: Curve> hex::ToHex for &ScalarHex<E> {
-    fn encode_hex<T: iter::FromIterator<char>>(&self) -> T {
-        self.0.serialize().encode_hex()
-    }
-
-    fn encode_hex_upper<T: iter::FromIterator<char>>(&self) -> T {
-        self.0.serialize().encode_hex_upper()
-    }
-}
-
-impl<E: Curve> hex::FromHex for ScalarHex<E> {
-    type Error = ScalarFromhexError;
-
-    fn from_hex<T: AsRef<[u8]>>(hex: T) -> Result<Self, Self::Error> {
-        let bytes = Vec::from_hex(hex).map_err(ScalarFromhexError::InvalidHex)?;
-        E::Scalar::deserialize(&bytes)
-            .or(Err(ScalarFromhexError::InvalidScalar))
-            .map(ScalarHex)
-    }
-}
-
-#[derive(Debug, Error)]
-pub enum ConvertParsedScalarError {
-    #[error("scalar must not be zero")]
-    ZeroScalar,
-    #[error("expected scalar of curve {expected}, but got scalar of curve {got}")]
-    MismatchedCurve {
-        got: Cow<'static, str>,
-        expected: &'static str,
-    },
-}
-
-#[derive(Debug, Error)]
-pub enum ScalarFromhexError {
-    #[error("scalar contains invalid hex: {0}")]
-    InvalidHex(hex::FromHexError),
-    #[error("scalar is not valid")]
-    InvalidScalar,
-}
diff --git a/src/elliptic/curves/wrappers/mod.rs b/src/elliptic/curves/wrappers/mod.rs
index ef815f17..9f63f382 100644
--- a/src/elliptic/curves/wrappers/mod.rs
+++ b/src/elliptic/curves/wrappers/mod.rs
@@ -2,7 +2,6 @@ mod arithmetic;
 mod encoded_point;
 mod encoded_scalar;
 pub mod error;
-mod format;
 mod generator;
 mod point;
 mod scalar;
diff --git a/src/elliptic/curves/wrappers/point.rs b/src/elliptic/curves/wrappers/point.rs
index 765fb1f5..a5eb69be 100644
--- a/src/elliptic/curves/wrappers/point.rs
+++ b/src/elliptic/curves/wrappers/point.rs
@@ -142,8 +142,8 @@ impl<E: Curve> Point<E> {
     /// Tries to parse a point in (un)compressed form
     ///
     /// Whether it's in compressed or uncompressed form will be deduced from its length
-    pub fn from_bytes(bytes: impl AsRef<[u8]>) -> Result<Self, PointFromBytesError> {
-        let p = E::Point::deserialize(bytes.as_ref())
+    pub fn from_bytes(bytes: &[u8]) -> Result<Self, PointFromBytesError> {
+        let p = E::Point::deserialize(bytes)
             .map_err(|_: DeserializationError| PointFromBytesError::DeserializationError)?;
         Self::from_raw(p).map_err(PointFromBytesError::InvalidPoint)
     }
@@ -223,7 +223,7 @@ impl<E: Curve> Point<E> {
 
     /// Constructs a `Point<E>` from reference to low-level [ECPoint] implementor
     ///
-    /// Unsafe equivalent of [from_raw](Self::from_raw). It debug asserts that given `raw_point` is
+    /// Unsafe equivalent of [from_raw_ref](Self::from_raw_ref). It debug asserts that given `raw_point` is
     /// valid (the assertion is optimized out in release builds by default).
     ///
     /// # Safety
@@ -238,6 +238,7 @@ impl<E: Curve> Point<E> {
     /// [check_point_order_equals_group_order]: crate::elliptic::curves::ECPoint::check_point_order_equals_group_order
     /// [is_zero]: crate::elliptic::curves::ECPoint::is_zero
     pub unsafe fn from_raw_ref_unchecked(raw_point: &E::Point) -> &Self {
+        debug_assert!(raw_point.is_zero() || raw_point.check_point_order_equals_group_order());
         // Safety: Self is repr(transparent) wrapper over E::Point => cast is sound
         &*(raw_point as *const E::Point as *const Self)
     }