From c22baccbb703886598e2aae6e874036da101b73f Mon Sep 17 00:00:00 2001
From: drewstone <drewstone329@gmail.com>
Date: Sat, 7 Dec 2024 19:35:31 -0700
Subject: [PATCH 1/2] chore: bump arkworks versions

---
 Cargo.toml | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/Cargo.toml b/Cargo.toml
index 4b97bf9..f9db222 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -18,13 +18,13 @@ sha3 = { version = "0.10", default-features = false }
 sha2 = { version = "0.10", default-features = false }
 digest = { version = "0.10", default-features = false }
 
-ark-ff = { version = "0.4.0", default-features = false }
-ark-ec = { version = "0.4.0", default-features = false }
-ark-serialize = { version = "0.4.0", default-features = false, features = [ "derive" ] }
-ark-serialize-derive = { version = "0.4.0", default-features = false }
+ark-ff = { version = "0.5.0", default-features = false }
+ark-ec = { version = "0.5.0", default-features = false }
+ark-serialize = { version = "0.5.0", default-features = false, features = [ "derive" ] }
+ark-serialize-derive = { version = "0.5.0", default-features = false }
 
-ark-bls12-381 = { version = "0.4.0", default-features = false, features = [ "curve" ] }
-ark-bls12-377 = { version = "0.4.0", default-features = false, features = [ "curve" ] }
+ark-bls12-381 = { version = "0.5.0", default-features = false, features = [ "curve" ] }
+ark-bls12-377 = { version = "0.5.0", default-features = false, features = [ "curve" ] }
 
 zeroize = { version = "1.0", default-features = false, features = [ "zeroize_derive" ] }
 serde = { version = "1.0", default-features = false, optional = true }

From 204105643891109f9fbd1063f2e3044bf574249b Mon Sep 17 00:00:00 2001
From: Drew Stone <drewstone329@gmail.com>
Date: Sat, 7 Dec 2024 19:51:16 -0700
Subject: [PATCH 2/2] chore: fix up errors, add FixedOutputReset to hashers

---
 src/chaum_pedersen_signature.rs | 39 +++++++++++++++++----------------
 src/double_pop.rs               | 20 ++++++++---------
 src/schnorr_pop.rs              | 39 ++++++++++++++++++---------------
 src/single.rs                   |  2 +-
 src/single_pop_aggregator.rs    |  4 ++--
 src/verifiers.rs                |  6 +++--
 6 files changed, 58 insertions(+), 52 deletions(-)

diff --git a/src/chaum_pedersen_signature.rs b/src/chaum_pedersen_signature.rs
index 4344946..02def59 100644
--- a/src/chaum_pedersen_signature.rs
+++ b/src/chaum_pedersen_signature.rs
@@ -1,9 +1,8 @@
 use alloc::vec::Vec;
-
-use ark_ec::Group;
+use ark_ec::PrimeGroup;
 use ark_ff::field_hashers::{DefaultFieldHasher, HashToField};
 
-use digest::DynDigest;
+use digest::{DynDigest, FixedOutputReset};
 
 use crate::double::{DoublePublicKeyScheme, PublicKeyInSignatureGroup};
 use crate::engine::EngineBLS;
@@ -15,7 +14,7 @@ use crate::{Message, SecretKeyVT};
 pub type ChaumPedersenSignature<E> = (Signature<E>, SchnorrProof<E>);
 
 /// ProofOfPossion trait which should be implemented by secret
-pub trait ChaumPedersenSigner<E: EngineBLS, H: DynDigest + Default + Clone> {
+pub trait ChaumPedersenSigner<E: EngineBLS, H: DynDigest + FixedOutputReset + Default + Clone> {
     /// The proof of possession generator is supposed to
     /// to produce a schnoor signature of the message using
     /// the secret key which it claim to possess.
@@ -24,7 +23,7 @@ pub trait ChaumPedersenSigner<E: EngineBLS, H: DynDigest + Default + Clone> {
     fn generate_witness_scaler(
         &self,
         message_point_as_bytes: &Vec<u8>,
-    ) -> <<E as EngineBLS>::PublicKeyGroup as Group>::ScalarField;
+    ) -> <<E as EngineBLS>::PublicKeyGroup as PrimeGroup>::ScalarField;
 
     fn generate_dleq_proof(
         &mut self,
@@ -34,7 +33,7 @@ pub trait ChaumPedersenSigner<E: EngineBLS, H: DynDigest + Default + Clone> {
 }
 
 /// This should be implemented by public key
-pub trait ChaumPedersenVerifier<E: EngineBLS, H: DynDigest + Default + Clone> {
+pub trait ChaumPedersenVerifier<E: EngineBLS, H: DynDigest + FixedOutputReset + Default + Clone> {
     fn verify_cp_signature(
         &self,
         message: &Message,
@@ -42,7 +41,9 @@ pub trait ChaumPedersenVerifier<E: EngineBLS, H: DynDigest + Default + Clone> {
     ) -> bool;
 }
 
-impl<E: EngineBLS, H: DynDigest + Default + Clone> ChaumPedersenSigner<E, H> for SecretKeyVT<E> {
+impl<E: EngineBLS, H: DynDigest + FixedOutputReset + Default + Clone> ChaumPedersenSigner<E, H>
+    for SecretKeyVT<E>
+{
     fn generate_cp_signature(&mut self, message: &Message) -> ChaumPedersenSignature<E> {
         //First we generate a vanila BLS Signature;
         let bls_signature = SecretKeyVT::sign(self, message);
@@ -76,7 +77,7 @@ impl<E: EngineBLS, H: DynDigest + Default + Clone> ChaumPedersenSigner<E, H> for
             &message_point_as_bytes,
         );
 
-        let A_point = <<E as EngineBLS>::SignatureGroup as Group>::generator() * k;
+        let A_point = <<E as EngineBLS>::SignatureGroup as PrimeGroup>::generator() * k;
         let B_point = message_point * k;
 
         let A_point_as_bytes = E::signature_point_to_byte(&A_point);
@@ -92,10 +93,10 @@ impl<E: EngineBLS, H: DynDigest + Default + Clone> ChaumPedersenSigner<E, H> for
         .concat();
 
         let hasher = <DefaultFieldHasher<H> as HashToField<
-            <<E as EngineBLS>::PublicKeyGroup as Group>::ScalarField,
+            <<E as EngineBLS>::PublicKeyGroup as PrimeGroup>::ScalarField,
         >>::new(&[]);
 
-        let c = hasher.hash_to_field(proof_basis.as_slice(), 1)[0];
+        let c = hasher.hash_to_field::<1>(proof_basis.as_slice())[0];
 
         let s = k - c * self.0;
 
@@ -107,24 +108,24 @@ impl<E: EngineBLS, H: DynDigest + Default + Clone> ChaumPedersenSigner<E, H> for
     fn generate_witness_scaler(
         &self,
         message_point_as_bytes: &Vec<u8>,
-    ) -> <<E as EngineBLS>::PublicKeyGroup as Group>::ScalarField {
+    ) -> <<E as EngineBLS>::PublicKeyGroup as PrimeGroup>::ScalarField {
         let secret_key_as_bytes = self.to_bytes();
 
         let mut secret_key_hasher = H::default();
-        secret_key_hasher.update(secret_key_as_bytes.as_slice());
+        DynDigest::update(&mut secret_key_hasher, secret_key_as_bytes.as_slice());
         let hashed_secret_key = secret_key_hasher.finalize_reset().to_vec();
 
         let hasher = <DefaultFieldHasher<H> as HashToField<
-            <<E as EngineBLS>::PublicKeyGroup as Group>::ScalarField,
+            <<E as EngineBLS>::PublicKeyGroup as PrimeGroup>::ScalarField,
         >>::new(&[]);
         let scalar_seed = [hashed_secret_key, message_point_as_bytes.clone()].concat();
-        hasher.hash_to_field(scalar_seed.as_slice(), 1)[0]
+        hasher.hash_to_field::<1>(scalar_seed.as_slice())[0]
     }
 }
 
 /// This should be implemented by public key
 #[allow(non_snake_case)]
-impl<E: EngineBLS, H: DynDigest + Default + Clone> ChaumPedersenVerifier<E, H>
+impl<E: EngineBLS, H: DynDigest + FixedOutputReset + Default + Clone> ChaumPedersenVerifier<E, H>
     for PublicKeyInSignatureGroup<E>
 {
     fn verify_cp_signature(
@@ -132,7 +133,7 @@ impl<E: EngineBLS, H: DynDigest + Default + Clone> ChaumPedersenVerifier<E, H>
         message: &Message,
         signature_proof: ChaumPedersenSignature<E>,
     ) -> bool {
-        let A_check_point = <<E as EngineBLS>::SignatureGroup as Group>::generator()
+        let A_check_point = <<E as EngineBLS>::SignatureGroup as PrimeGroup>::generator()
             * signature_proof.1 .1
             + self.0 * signature_proof.1 .0;
 
@@ -157,10 +158,10 @@ impl<E: EngineBLS, H: DynDigest + Default + Clone> ChaumPedersenVerifier<E, H>
         .concat();
 
         let hasher = <DefaultFieldHasher<H> as HashToField<
-            <<E as EngineBLS>::PublicKeyGroup as Group>::ScalarField,
+            <<E as EngineBLS>::PublicKeyGroup as PrimeGroup>::ScalarField,
         >>::new(&[]);
-        let c_check: <<E as EngineBLS>::PublicKeyGroup as Group>::ScalarField =
-            hasher.hash_to_field(resulting_proof_basis.as_slice(), 1)[0];
+        let c_check: <<E as EngineBLS>::PublicKeyGroup as PrimeGroup>::ScalarField =
+            hasher.hash_to_field::<1>(resulting_proof_basis.as_slice())[0];
 
         c_check == signature_proof.1 .0
     }
diff --git a/src/double_pop.rs b/src/double_pop.rs
index 74218bf..0bbc46f 100644
--- a/src/double_pop.rs
+++ b/src/double_pop.rs
@@ -11,9 +11,9 @@ use crate::serialize::SerializableToBytes;
 use crate::single::{Keypair, PublicKey};
 
 use alloc::vec::Vec;
-use digest::DynDigest;
+use digest::{DynDigest, FixedOutputReset};
 
-use ark_ec::Group;
+use ark_ec::PrimeGroup;
 use ark_ff::field_hashers::{DefaultFieldHasher, HashToField};
 use ark_serialize::{CanonicalDeserialize, CanonicalSerialize};
 
@@ -23,7 +23,7 @@ use ark_serialize::{CanonicalDeserialize, CanonicalSerialize};
 pub struct NuggetBLSPoP<E: EngineBLS>(pub E::SignatureGroup);
 
 //The bls proof of possession for single or double public key schemes are the same
-impl<E: EngineBLS, H: DynDigest + Default + Clone>
+impl<E: EngineBLS, H: DynDigest + FixedOutputReset + Default + Clone>
     ProofOfPossessionGenerator<E, H, DoublePublicKey<E>, NuggetBLSPoP<E>> for Keypair<E>
 {
     fn generate_pok(&mut self) -> NuggetBLSPoP<E> {
@@ -40,8 +40,8 @@ impl<E: EngineBLS> SerializableToBytes for NuggetBLSPoP<E> {
 
 /// The verification process for verifying both possession of one secret key
 /// for two public key is different.
-impl<E: EngineBLS, H: DynDigest + Default + Clone> ProofOfPossession<E, H, DoublePublicKey<E>>
-    for NuggetBLSPoP<E>
+impl<E: EngineBLS, H: DynDigest + FixedOutputReset + Default + Clone>
+    ProofOfPossession<E, H, DoublePublicKey<E>> for NuggetBLSPoP<E>
 {
     /// verify the validity of PoP by performing the following Pairing
     /// e(H_pop(pk_2) + t.g_1, pk_2) = e(sign(H_pop(pk_2))+ t.pk_1, g_2)
@@ -70,11 +70,11 @@ impl<E: EngineBLS, H: DynDigest + Default + Clone> ProofOfPossession<E, H, Doubl
         .concat();
 
         let hasher = <DefaultFieldHasher<H> as HashToField<
-            <<E as EngineBLS>::PublicKeyGroup as Group>::ScalarField,
+            <<E as EngineBLS>::PublicKeyGroup as PrimeGroup>::ScalarField,
         >>::new(&[]);
 
         let randomization_coefficient: E::Scalar =
-            hasher.hash_to_field(random_oracle_seed.as_slice(), 1)[0];
+            hasher.hash_to_field::<1>(random_oracle_seed.as_slice())[0];
 
         let mut randomized_pub_in_g1 = public_key_in_signature_group;
         randomized_pub_in_g1 *= randomization_coefficient;
@@ -101,7 +101,7 @@ impl<E: EngineBLS, H: DynDigest + Default + Clone> ProofOfPossession<E, H, Doubl
 pub struct NuggetBLSnCPPoP<E: EngineBLS>(pub DoubleSignature<E>);
 
 //The implement the generation of bls proof of possession including  chaum-pederesno PoP for double public key schemes
-impl<E: EngineBLS, H: DynDigest + Default + Clone>
+impl<E: EngineBLS, H: DynDigest + FixedOutputReset + Default + Clone>
     ProofOfPossessionGenerator<E, H, DoublePublicKey<E>, NuggetBLSnCPPoP<E>> for Keypair<E>
 {
     fn generate_pok(&mut self) -> NuggetBLSnCPPoP<E> {
@@ -123,8 +123,8 @@ impl<E: EngineBLS> SerializableToBytes for NuggetBLSnCPPoP<E> {
 }
 
 /// The verification process for verifying both nugget BLS and CP
-impl<E: EngineBLS, H: DynDigest + Default + Clone> ProofOfPossession<E, H, DoublePublicKey<E>>
-    for NuggetBLSnCPPoP<E>
+impl<E: EngineBLS, H: DynDigest + FixedOutputReset + Default + Clone>
+    ProofOfPossession<E, H, DoublePublicKey<E>> for NuggetBLSnCPPoP<E>
 {
     /// verify the validity of PoP by verifying nugget PoP and the CP
     /// signature
diff --git a/src/schnorr_pop.rs b/src/schnorr_pop.rs
index 31b3246..9a44762 100644
--- a/src/schnorr_pop.rs
+++ b/src/schnorr_pop.rs
@@ -10,9 +10,9 @@ use crate::serialize::SerializableToBytes;
 use crate::single::{Keypair, PublicKey};
 
 use alloc::vec::Vec;
+use ark_ec::PrimeGroup;
 use digest::DynDigest;
-
-use ark_ec::Group;
+use digest::FixedOutputReset;
 
 pub type SchnorrProof<E> = (<E as EngineBLS>::Scalar, <E as EngineBLS>::Scalar);
 
@@ -26,36 +26,38 @@ impl<E: EngineBLS> Clone for SchnorrPoP<E> {
 }
 
 /// Generate Schnorr Signature for an arbitrary message using a key ment to use in BLS scheme
-trait BLSSchnorrPoPGenerator<E: EngineBLS, H: DynDigest + Default + Clone>:
+trait BLSSchnorrPoPGenerator<E: EngineBLS, H: DynDigest + FixedOutputReset + Default + Clone>:
     ProofOfPossessionGenerator<E, H, PublicKey<E>, SchnorrPoP<E>>
 {
     /// Produce a secret witness scalar `k`, aka nonce, from hash of
     /// H( H(s) | H(public_key)) because our key does not have the
     /// randomness redundacy exists in EdDSA secret key.
-    fn witness_scalar(&self) -> <<E as EngineBLS>::PublicKeyGroup as Group>::ScalarField;
+    fn witness_scalar(&self) -> <<E as EngineBLS>::PublicKeyGroup as PrimeGroup>::ScalarField;
 }
 
-impl<E: EngineBLS, H: DynDigest + Default + Clone> BLSSchnorrPoPGenerator<E, H> for Keypair<E> {
+impl<E: EngineBLS, H: DynDigest + FixedOutputReset + Default + Clone> BLSSchnorrPoPGenerator<E, H>
+    for Keypair<E>
+{
     //The pseudo random witness is generated similar to eddsa witness
     //hash(secret_key|publick_key)
-    fn witness_scalar(&self) -> <<E as EngineBLS>::PublicKeyGroup as Group>::ScalarField {
+    fn witness_scalar(&self) -> <<E as EngineBLS>::PublicKeyGroup as PrimeGroup>::ScalarField {
         let secret_key_as_bytes = self.secret.to_bytes();
         let public_key_as_bytes = <E as EngineBLS>::public_key_point_to_byte(&self.public.0);
 
         let mut secret_key_hasher = H::default();
-        secret_key_hasher.update(secret_key_as_bytes.as_slice());
+        DynDigest::update(&mut secret_key_hasher, secret_key_as_bytes.as_slice());
         let hashed_secret_key = secret_key_hasher.finalize_reset().to_vec();
 
         let hasher = <DefaultFieldHasher<H> as HashToField<
-            <<E as EngineBLS>::PublicKeyGroup as Group>::ScalarField,
+            <<E as EngineBLS>::PublicKeyGroup as PrimeGroup>::ScalarField,
         >>::new(&[]);
 
         let scalar_seed = [hashed_secret_key, public_key_as_bytes].concat();
-        hasher.hash_to_field(scalar_seed.as_slice(), 1)[0]
+        hasher.hash_to_field::<1>(scalar_seed.as_slice())[0]
     }
 }
 
-impl<E: EngineBLS, H: DynDigest + Default + Clone>
+impl<E: EngineBLS, H: DynDigest + FixedOutputReset + Default + Clone>
     ProofOfPossessionGenerator<E, H, PublicKey<E>, SchnorrPoP<E>> for Keypair<E>
 {
     //TODO: Message must be equal to public key.
@@ -77,7 +79,7 @@ impl<E: EngineBLS, H: DynDigest + Default + Clone>
         // avoiding one curve addition (or two field divisions) in expense of a hash.
         let mut r = <dyn BLSSchnorrPoPGenerator<E, H>>::witness_scalar(self);
 
-        let mut r_point = <<E as EngineBLS>::PublicKeyGroup as Group>::generator();
+        let mut r_point = <<E as EngineBLS>::PublicKeyGroup as PrimeGroup>::generator();
         r_point *= r; //todo perhaps we need to mandate E to have  a hard coded point
 
         let r_point_as_bytes = <E as EngineBLS>::public_key_point_to_byte(&r_point);
@@ -85,9 +87,9 @@ impl<E: EngineBLS, H: DynDigest + Default + Clone>
 
         let proof_basis = [r_point_as_bytes, public_key_as_bytes].concat();
         let hasher = <DefaultFieldHasher<H> as HashToField<
-            <<E as EngineBLS>::PublicKeyGroup as Group>::ScalarField,
+            <<E as EngineBLS>::PublicKeyGroup as PrimeGroup>::ScalarField,
         >>::new(&[]);
-        let k = hasher.hash_to_field(proof_basis.as_slice(), 1)[0];
+        let k = hasher.hash_to_field::<1>(proof_basis.as_slice())[0];
 
         let s = (k * self.secret.into_vartime().0) + r;
 
@@ -97,14 +99,14 @@ impl<E: EngineBLS, H: DynDigest + Default + Clone>
     }
 }
 
-impl<E: EngineBLS, H: DynDigest + Default + Clone> ProofOfPossession<E, H, PublicKey<E>>
-    for SchnorrPoP<E>
+impl<E: EngineBLS, H: DynDigest + FixedOutputReset + Default + Clone>
+    ProofOfPossession<E, H, PublicKey<E>> for SchnorrPoP<E>
 {
     /// verify the validity of schnoor proof for a given publick key by
     /// making sure this is equal to zero
     /// H(+s*G - k*Publkey|M) ==  k  
     fn verify(&self, public_key_of_prover: &PublicKey<E>) -> bool {
-        let mut schnorr_point = <<E as EngineBLS>::PublicKeyGroup as Group>::generator();
+        let mut schnorr_point = <<E as EngineBLS>::PublicKeyGroup as PrimeGroup>::generator();
         schnorr_point *= self.0 .0;
         let mut k_public_key = public_key_of_prover.0;
         k_public_key *= -self.0 .1;
@@ -117,9 +119,10 @@ impl<E: EngineBLS, H: DynDigest + Default + Clone> ProofOfPossession<E, H, Publi
         let resulting_proof_basis = [schnorr_point_as_bytes, public_key_as_bytes].concat();
 
         let hasher = <DefaultFieldHasher<H> as HashToField<
-            <<E as EngineBLS>::PublicKeyGroup as Group>::ScalarField,
+            <<E as EngineBLS>::PublicKeyGroup as PrimeGroup>::ScalarField,
         >>::new(&[]);
-        let random_scalar: E::Scalar = hasher.hash_to_field(resulting_proof_basis.as_slice(), 1)[0];
+        let random_scalar: E::Scalar =
+            hasher.hash_to_field::<1>(resulting_proof_basis.as_slice())[0];
         random_scalar == self.0 .1
     }
 }
diff --git a/src/single.rs b/src/single.rs
index aba500b..68a6ac5 100644
--- a/src/single.rs
+++ b/src/single.rs
@@ -71,7 +71,7 @@ impl<E: EngineBLS> SecretKeyVT<E> {
 
     pub fn from_seed(seed: &[u8]) -> Self {
         let hasher = <DefaultFieldHasher<Sha256> as HashToField<E::Scalar>>::new(&[]);
-        return SecretKeyVT(hasher.hash_to_field(seed, 1)[0]);
+        return SecretKeyVT(hasher.hash_to_field::<1>(seed)[0]);
     }
 }
 
diff --git a/src/single_pop_aggregator.rs b/src/single_pop_aggregator.rs
index 4066a52..07dedda 100644
--- a/src/single_pop_aggregator.rs
+++ b/src/single_pop_aggregator.rs
@@ -41,7 +41,7 @@ use super::verifiers::{
 };
 use super::*;
 
-use digest::DynDigest;
+use digest::{DynDigest, FixedOutputReset};
 
 /// Batch or aggregate BLS signatures with attached messages and
 /// signers, for whom we previously checked proofs-of-possession.
@@ -148,7 +148,7 @@ impl<E: EngineBLS> SignatureAggregatorAssumingPoP<E> {
     // }
 
     pub fn verify_using_aggregated_auxiliary_public_keys<
-        RandomOracle: DynDigest + Default + Clone,
+        RandomOracle: DynDigest + FixedOutputReset + Default + Clone,
     >(
         &self,
     ) -> bool {
diff --git a/src/verifiers.rs b/src/verifiers.rs
index 100748d..0f46157 100644
--- a/src/verifiers.rs
+++ b/src/verifiers.rs
@@ -15,6 +15,8 @@ use ark_ff::field_hashers::{DefaultFieldHasher, HashToField};
 use ark_serialize::CanonicalSerialize;
 #[cfg(feature = "std")]
 use digest::DynDigest;
+#[cfg(feature = "std")]
+use digest::FixedOutputReset;
 
 use ark_ec::CurveGroup;
 
@@ -204,7 +206,7 @@ pub fn verify_with_distinct_messages<S: Signed>(signed: S, normalize_public_keys
 #[cfg(feature = "std")]
 pub fn verify_using_aggregated_auxiliary_public_keys<
     E: EngineBLS,
-    H: DynDigest + Default + Clone,
+    H: DynDigest + FixedOutputReset + Default + Clone,
 >(
     signed: &single_pop_aggregator::SignatureAggregatorAssumingPoP<E>,
     normalize_public_keys: bool,
@@ -259,7 +261,7 @@ pub fn verify_using_aggregated_auxiliary_public_keys<
 
     let hasher = <DefaultFieldHasher<H> as HashToField<E::Scalar>>::new(&[]);
     let pseudo_random_scalar: E::Scalar =
-        hasher.hash_to_field(&pseudo_random_scalar_seed[..], 1)[0];
+        hasher.hash_to_field::<1>(&pseudo_random_scalar_seed[..])[0];
 
     let signature = signature + aggregated_aux_pub_key * pseudo_random_scalar;