Skip to content

Remove unused EdDSA and resharing protocols#5

Merged
piotr-roslaniec merged 4 commits into
masterfrom
codex/remove-unused-protocols
Jun 15, 2026
Merged

Remove unused EdDSA and resharing protocols#5
piotr-roslaniec merged 4 commits into
masterfrom
codex/remove-unused-protocols

Conversation

@mswilkison

Copy link
Copy Markdown

Summary

Stacked on #4. This removes protocol code that tBTC does not use from the hardened fork:

  • remove EdDSA keygen/signing/resharing packages, protobuf inputs, and EdDSA fixtures
  • remove ECDSA resharing package and protobuf input
  • drop Ed25519/Edwards-only dependencies and helpers
  • keep legacy routing fields in the generic message wrapper for wire compatibility
  • update README, BNB hardening notes, and proto generation targets for the remaining ECDSA keygen/signing scope

The downstream audit showed keep-core-security imports only ECDSA keygen/signing plus shared common/crypto/tss packages.

Validation

  • go list ./...
  • go test -count=1 -timeout 60m ./...
  • go vet ./...
  • go test -mod=mod -modfile=/private/tmp/keep-core-security-cleanup.mod ./pkg/tecdsa/dkg ./pkg/tecdsa/signing
  • git diff --check

@mswilkison mswilkison force-pushed the codex/bnb-332-tbtc-fixes branch from 492bdd6 to c09f596 Compare May 21, 2026 17:08
@mswilkison mswilkison force-pushed the codex/remove-unused-protocols branch from b366e27 to 3284c6b Compare May 21, 2026 17:10
mswilkison added a commit that referenced this pull request May 21, 2026
Doc + small defensive-code follow-ups to the PR #2/#4/#5 review thread.
None of these are security-blocking; they close out the cosmetic and
pre-existing items that did not warrant their own PR earlier.

- common/hash_utils.go: strengthen RejectionSample doc so the name does
  not mislead future readers — the function is modular reduction, not
  true rejection sampling, and the bias bound depends on q vs the hash
  width.
- crypto/paillier/factor_proof.go: document that the tagged and legacy
  FactorChallenge paths emit different challenge distributions
  (positive-only vs signed), and note that FactorVerify's CmpAbs bounds
  exist to accommodate the legacy signed encoding.
- tss/params.go: expand SetSessionNonceBytes docstring with the
  collision/uniqueness/entropy guidance reviewers asked for.
- ecdsa/{keygen,signing}/rounds.go: document the round-1-capture
  invariant for getSSID so future refactors do not silently drift the
  hashed round.number domain separator.
- crypto/ecpoint.go: flag SetCurve's in-place mutation in the doc
  comment; the chained-call style is a footgun on shared points.
- crypto/vss/feldman_vss.go: reject nil shares, nil/zero share IDs, and
  duplicate IDs in ReConstruct before the Lagrange loop, so malformed
  inputs return an error instead of panicking through ModInverse(0).
  Add focused test coverage for each rejection path.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

@piotr-roslaniec piotr-roslaniec left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Removal is clean: no orphan references to the deleted symbols, proto field numbers correctly preserved for wire-layout stability, and build/vet/tests pass. The follow-up commit on this branch (1b42437) documents the removed public surface in BNB_HARDENING_INTEGRATION.md and fixes two stale re-sharing references in README.md.

piotr-roslaniec pushed a commit that referenced this pull request Jun 15, 2026
Doc + small defensive-code follow-ups to the PR #2/#4/#5 review thread.
None of these are security-blocking; they close out the cosmetic and
pre-existing items that did not warrant their own PR earlier.

- common/hash_utils.go: strengthen RejectionSample doc so the name does
  not mislead future readers — the function is modular reduction, not
  true rejection sampling, and the bias bound depends on q vs the hash
  width.
- crypto/paillier/factor_proof.go: document that the tagged and legacy
  FactorChallenge paths emit different challenge distributions
  (positive-only vs signed), and note that FactorVerify's CmpAbs bounds
  exist to accommodate the legacy signed encoding.
- tss/params.go: expand SetSessionNonceBytes docstring with the
  collision/uniqueness/entropy guidance reviewers asked for.
- ecdsa/{keygen,signing}/rounds.go: document the round-1-capture
  invariant for getSSID so future refactors do not silently drift the
  hashed round.number domain separator.
- crypto/ecpoint.go: flag SetCurve's in-place mutation in the doc
  comment; the chained-call style is a footgun on shared points.
- crypto/vss/feldman_vss.go: reject nil shares, nil/zero share IDs, and
  duplicate IDs in ReConstruct before the Lagrange loop, so malformed
  inputs return an error instead of panicking through ModInverse(0).
  Add focused test coverage for each rejection path.
@piotr-roslaniec piotr-roslaniec force-pushed the codex/bnb-332-tbtc-fixes branch 2 times, most recently from e041e82 to ee9b6c5 Compare June 15, 2026 09:19
mswilkison and others added 3 commits June 15, 2026 09:31
Add a Removed Public Surface section to BNB_HARDENING_INTEGRATION.md
enumerating the packages and symbols deleted in this fork so downstream
consumers can grep their codebases mechanically.

Drop two stale re-sharing references in README.md: one pre-existing
session-ID line, and one introduced in the same PR that deletes the
ECDSA re-sharing package.
Prune the EdDSA and ECDSA-resharing breaking-change entries (those
protocols are deleted in this PR) and add a Removed section documenting
the dropped packages, protobufs, NewDGRound1Message constructor,
Ed25519 curve registration, and edwards dependencies. Renumber the
remaining breaking changes and record PR #5 in the composing-PRs list.
@piotr-roslaniec piotr-roslaniec force-pushed the codex/remove-unused-protocols branch from 1b42437 to 786914d Compare June 15, 2026 09:34
piotr-roslaniec pushed a commit that referenced this pull request Jun 15, 2026
Doc + small defensive-code follow-ups to the PR #2/#4/#5 review thread.
None of these are security-blocking; they close out the cosmetic and
pre-existing items that did not warrant their own PR earlier.

- common/hash_utils.go: strengthen RejectionSample doc so the name does
  not mislead future readers — the function is modular reduction, not
  true rejection sampling, and the bias bound depends on q vs the hash
  width.
- crypto/paillier/factor_proof.go: document that the tagged and legacy
  FactorChallenge paths emit different challenge distributions
  (positive-only vs signed), and note that FactorVerify's CmpAbs bounds
  exist to accommodate the legacy signed encoding.
- tss/params.go: expand SetSessionNonceBytes docstring with the
  collision/uniqueness/entropy guidance reviewers asked for.
- ecdsa/{keygen,signing}/rounds.go: document the round-1-capture
  invariant for getSSID so future refactors do not silently drift the
  hashed round.number domain separator.
- crypto/ecpoint.go: flag SetCurve's in-place mutation in the doc
  comment; the chained-call style is a footgun on shared points.
- crypto/vss/feldman_vss.go: reject nil shares, nil/zero share IDs, and
  duplicate IDs in ReConstruct before the Lagrange loop, so malformed
  inputs return an error instead of panicking through ModInverse(0).
  Add focused test coverage for each rejection path.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Add the exported tss.ReSharingParameters / NewReSharingParameters and
crypto.ECPoint.EightInvEight removals to the Removed section (both are
source/compile breaks), correct the source-compatibility note that
wrongly claimed a single source break, drop the stale EightInvEight
reference from the PR #4 EC-guard entry, and fix the protob/message.proto
attribution.
piotr-roslaniec pushed a commit that referenced this pull request Jun 15, 2026
Doc + small defensive-code follow-ups to the PR #2/#4/#5 review thread.
None of these are security-blocking; they close out the cosmetic and
pre-existing items that did not warrant their own PR earlier.

- common/hash_utils.go: strengthen RejectionSample doc so the name does
  not mislead future readers — the function is modular reduction, not
  true rejection sampling, and the bias bound depends on q vs the hash
  width.
- crypto/paillier/factor_proof.go: document that the tagged and legacy
  FactorChallenge paths emit different challenge distributions
  (positive-only vs signed), and note that FactorVerify's CmpAbs bounds
  exist to accommodate the legacy signed encoding.
- tss/params.go: expand SetSessionNonceBytes docstring with the
  collision/uniqueness/entropy guidance reviewers asked for.
- ecdsa/{keygen,signing}/rounds.go: document the round-1-capture
  invariant for getSSID so future refactors do not silently drift the
  hashed round.number domain separator.
- crypto/ecpoint.go: flag SetCurve's in-place mutation in the doc
  comment; the chained-call style is a footgun on shared points.
- crypto/vss/feldman_vss.go: reject nil shares, nil/zero share IDs, and
  duplicate IDs in ReConstruct before the Lagrange loop, so malformed
  inputs return an error instead of panicking through ModInverse(0).
  Add focused test coverage for each rejection path.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@piotr-roslaniec piotr-roslaniec changed the base branch from codex/bnb-332-tbtc-fixes to master June 15, 2026 17:37
@piotr-roslaniec piotr-roslaniec merged commit 1889d2e into master Jun 15, 2026
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants