fix(repr): don't alias G{1,2}Affine with G1 G2

Some dependent crates use the G1Affine types from this crate, aliasing
made it impossible to import by the original names

Author: davidrusu

src/convert.rs

@@ -4,7 +4,7 @@ use blst::blst_scalar;
 
 use crate::{
     error::{Error, Result},
-    Fr, DST, G1, G2, PK_SIZE, SIG_SIZE, SK_SIZE,
+    Fr, G1Affine, G2Affine, DST, PK_SIZE, SIG_SIZE, SK_SIZE,
 };
 
 pub(crate) fn derivation_index_into_fr(index: &[u8]) -> Fr {
@@ -43,18 +43,18 @@ pub(crate) fn fr_from_bytes(bytes: [u8; SK_SIZE]) -> Result<Fr> {
     Ok(fr.unwrap())
 }
 
-pub(crate) fn g1_from_bytes(bytes: [u8; PK_SIZE]) -> Result<G1> {
+pub(crate) fn g1_from_bytes(bytes: [u8; PK_SIZE]) -> Result<G1Affine> {
     // TODO IC remove unwrap here? I'm not sure if it's possible with CtOption
-    let g1 = G1::from_compressed(&bytes);
+    let g1 = G1Affine::from_compressed(&bytes);
     if g1.is_none().into() {
         return Err(Error::InvalidBytes);
     };
     Ok(g1.unwrap())
 }
 
-pub(crate) fn g2_from_bytes(bytes: [u8; SIG_SIZE]) -> Result<G2> {
+pub(crate) fn g2_from_bytes(bytes: [u8; SIG_SIZE]) -> Result<G2Affine> {
     // TODO IC remove unwrap here? I'm not sure if it's possible with CtOption
-    let g2 = G2::from_compressed(&bytes);
+    let g2 = G2Affine::from_compressed(&bytes);
     if g2.is_none().into() {
         return Err(Error::InvalidBytes);
     };

src/lib.rs

@@ -44,9 +44,7 @@ use crate::poly::{Commitment, Poly};
 use crate::secret::clear_fr;
 use crate::util::sha3_256;
 
-pub use blstrs::{
-    Bls12 as PEngine, G1Affine as G1, G1Projective, G2Affine as G2, G2Projective, Scalar as Fr,
-};
+pub use blstrs::{Bls12 as PEngine, G1Affine, G1Projective, G2Affine, G2Projective, Scalar as Fr};
 
 /// The size of a secret key's representation in bytes.
 pub const SK_SIZE: usize = 32;
@@ -62,7 +60,7 @@ pub const DST: &[u8; 43] = b"BLS_SIG_BLS12381G2_XMD:SHA-256_SSWU_RO_NUL_";
 
 /// A public key.
 #[derive(Deserialize, Serialize, Copy, Clone, PartialEq, Eq)]
-pub struct PublicKey(#[serde(with = "serde_impl::affine")] G1);
+pub struct PublicKey(#[serde(with = "serde_impl::affine")] G1Affine);
 
 impl Hash for PublicKey {
     fn hash<H: Hasher>(&self, state: &mut H) {
@@ -90,15 +88,15 @@ impl Ord for PublicKey {
 }
 
 /// Utility to convert blsttc to blst types
-impl From<PublicKey> for G1 {
+impl From<PublicKey> for G1Affine {
     fn from(item: PublicKey) -> Self {
         item.0
     }
 }
 
 /// Utility to convert blsttc to blst types
-impl From<G1> for PublicKey {
-    fn from(item: G1) -> Self {
+impl From<G1Affine> for PublicKey {
+    fn from(item: G1Affine) -> Self {
         PublicKey(item)
     }
 }
@@ -118,8 +116,8 @@ impl From<G1Projective> for PublicKey {
 }
 
 /// Utility to compare between blsttc and blst types
-impl std::cmp::PartialEq<G1> for PublicKey {
-    fn eq(&self, other: &G1) -> bool {
+impl std::cmp::PartialEq<G1Affine> for PublicKey {
+    fn eq(&self, other: &G1Affine) -> bool {
         &self.0 == other
     }
 }
@@ -138,9 +136,10 @@ impl PublicKey {
     }
 
     /// Returns `true` if the signature matches the element of `G2`.
-    pub fn verify_g2<H: Into<G2>>(&self, sig: &Signature, hash: H) -> bool {
+    pub fn verify_g2<H: Into<G2Affine>>(&self, sig: &Signature, hash: H) -> bool {
         !self.is_zero()
-            && PEngine::pairing(&self.0, &hash.into()) == PEngine::pairing(&G1::generator(), &sig.0)
+            && PEngine::pairing(&self.0, &hash.into())
+                == PEngine::pairing(&G1Affine::generator(), &sig.0)
     }
 
     /// Returns `true` if the signature matches the message.
@@ -159,7 +158,7 @@ impl PublicKey {
     /// Encrypts the message.
     pub fn encrypt_with_rng<R: RngCore, M: AsRef<[u8]>>(&self, rng: &mut R, msg: M) -> Ciphertext {
         let r: Fr = Fr::random(rng);
-        let u = G1::generator().mul(r).to_affine();
+        let u = G1Affine::generator().mul(r).to_affine();
         let v: Vec<u8> = {
             let g = self.0.mul(r);
             xor_with_hash(g.to_affine(), msg.as_ref())
@@ -213,7 +212,7 @@ impl fmt::Debug for PublicKeyShare {
 
 impl PublicKeyShare {
     /// Returns `true` if the signature matches the element of `G2`.
-    pub fn verify_g2<H: Into<G2>>(&self, sig: &SignatureShare, hash: H) -> bool {
+    pub fn verify_g2<H: Into<G2Affine>>(&self, sig: &SignatureShare, hash: H) -> bool {
         self.0.verify_g2(&sig.0, hash)
     }
 
@@ -248,7 +247,7 @@ impl PublicKeyShare {
 /// A signature.
 // Note: Random signatures can be generated for testing.
 #[derive(Deserialize, Serialize, Clone, PartialEq, Eq)]
-pub struct Signature(#[serde(with = "serde_impl::affine")] G2);
+pub struct Signature(#[serde(with = "serde_impl::affine")] G2Affine);
 
 impl PartialOrd for Signature {
     fn partial_cmp(&self, other: &Self) -> Option<Ordering> {
@@ -421,11 +420,11 @@ impl SecretKey {
 
     /// Returns the matching public key.
     pub fn public_key(&self) -> PublicKey {
-        PublicKey((G1::generator() * self.0).to_affine())
+        PublicKey((G1Affine::generator() * self.0).to_affine())
     }
 
     /// Signs the given element of `G2`.
-    pub fn sign_g2<H: Into<G2>>(&self, hash: H) -> Signature {
+    pub fn sign_g2<H: Into<G2Affine>>(&self, hash: H) -> Signature {
         Signature(hash.into().mul(self.0).to_affine())
     }
 
@@ -523,7 +522,7 @@ impl SecretKeyShare {
     }
 
     /// Signs the given element of `G2`.
-    pub fn sign_g2<H: Into<G2>>(&self, hash: H) -> SignatureShare {
+    pub fn sign_g2<H: Into<G2Affine>>(&self, hash: H) -> SignatureShare {
         SignatureShare(self.0.sign_g2(hash))
     }
 
@@ -571,9 +570,9 @@ impl SecretKeyShare {
 /// An encrypted message.
 #[derive(Deserialize, Serialize, Debug, Clone, PartialEq, Eq)]
 pub struct Ciphertext(
-    #[serde(with = "serde_impl::affine")] G1,
+    #[serde(with = "serde_impl::affine")] G1Affine,
     Vec<u8>,
-    #[serde(with = "serde_impl::affine")] G2,
+    #[serde(with = "serde_impl::affine")] G2Affine,
 );
 
 impl Hash for Ciphertext {
@@ -605,7 +604,7 @@ impl Ciphertext {
     pub fn verify(&self) -> bool {
         let Ciphertext(ref u, ref v, ref w) = *self;
         let hash = hash_g1_g2(*u, v);
-        PEngine::pairing(&G1::generator(), w) == PEngine::pairing(u, &hash)
+        PEngine::pairing(&G1Affine::generator(), w) == PEngine::pairing(u, &hash)
     }
 
     /// Returns byte representation of Ciphertext
@@ -640,7 +639,7 @@ impl Ciphertext {
 
 /// A decryption share. A threshold of decryption shares can be used to decrypt a message.
 #[derive(Clone, Deserialize, Serialize, PartialEq, Eq)]
-pub struct DecryptionShare(#[serde(with = "serde_impl::affine")] G1);
+pub struct DecryptionShare(#[serde(with = "serde_impl::affine")] G1Affine);
 
 impl Distribution<DecryptionShare> for Standard {
     fn sample<R: Rng + ?Sized>(&self, rng: &mut R) -> DecryptionShare {
@@ -785,7 +784,7 @@ impl PublicKeySet {
     /// Derives a child public key set for a given index.
     pub fn derive_child(&self, index: &[u8]) -> Self {
         let index_fr = derivation_index_into_fr(index);
-        let child_coeffs: Vec<G1> = self
+        let child_coeffs: Vec<G1Affine> = self
             .commit
             .coeff
             .iter()
@@ -907,12 +906,12 @@ impl SecretKeySet {
 }
 
 /// Returns a hash of the given message in `G2`.
-pub fn hash_g2<M: AsRef<[u8]>>(msg: M) -> G2 {
+pub fn hash_g2<M: AsRef<[u8]>>(msg: M) -> G2Affine {
     G2Projective::hash_to_curve(msg.as_ref(), DST, &[]).to_affine()
 }
 
 /// Returns a hash of the group element and message, in the second group.
-fn hash_g1_g2<M: AsRef<[u8]>>(g1: G1, msg: M) -> G2 {
+fn hash_g1_g2<M: AsRef<[u8]>>(g1: G1Affine, msg: M) -> G2Affine {
     // If the message is large, hash it, otherwise copy it.
     // TODO: Benchmark and optimize the threshold.
     let mut msg = if msg.as_ref().len() > 64 {
@@ -925,7 +924,7 @@ fn hash_g1_g2<M: AsRef<[u8]>>(g1: G1, msg: M) -> G2 {
 }
 
 /// Returns the bitwise xor of `bytes` with a sequence of pseudorandom bytes determined by `g1`.
-fn xor_with_hash(g1: G1, bytes: &[u8]) -> Vec<u8> {
+fn xor_with_hash(g1: G1Affine, bytes: &[u8]) -> Vec<u8> {
     let digest = sha3_256(&g1.to_compressed());
     let rng = ChaChaRng::from_seed(digest);
     let xor = |(a, b): (u8, &u8)| a ^ b;
@@ -1905,19 +1904,19 @@ mod tests {
         assert!(!pk.is_zero());
 
         // Rogue 0 pubkey
-        let rogue_public_key = PublicKey(G1::identity());
+        let rogue_public_key = PublicKey(G1Affine::identity());
         assert!(rogue_public_key.is_zero());
 
         // Rogue 0 sig
-        let rogue_sig = Signature(G2::identity());
+        let rogue_sig = Signature(G2Affine::identity());
 
         // just any hash will do
         let hash = hash_g2(b"anything");
 
         // check that the attack works without the 0 check
         assert_eq!(
             PEngine::pairing(&rogue_public_key.0, &hash),
-            PEngine::pairing(&G1::generator(), &rogue_sig.0)
+            PEngine::pairing(&G1Affine::generator(), &rogue_sig.0)
         );
 
         // check that verify_g2 is protected against this attack

src/poly.rs

@@ -34,7 +34,7 @@ use crate::convert::{fr_from_bytes, g1_from_bytes};
 use crate::error::{Error, Result};
 use crate::into_fr::IntoFr;
 use crate::secret::clear_fr;
-use crate::{Field, Fr, G1Projective, G1, PK_SIZE, SK_SIZE};
+use crate::{Field, Fr, G1Affine, G1Projective, PK_SIZE, SK_SIZE};
 
 /// A univariate polynomial in the prime field.
 #[derive(Serialize, Deserialize, PartialEq, Eq, Clone)]
@@ -371,7 +371,7 @@ impl Poly {
 
     /// Returns the corresponding commitment.
     pub fn commitment(&self) -> Commitment {
-        let to_g1 = |c: &Fr| G1::generator().mul(c).to_affine();
+        let to_g1 = |c: &Fr| G1Affine::generator().mul(c).to_affine();
         Commitment {
             coeff: self.coeff.iter().map(to_g1).collect(),
         }
@@ -470,12 +470,12 @@ impl Poly {
 pub struct Commitment {
     /// The coefficients of the polynomial.
     #[serde(with = "super::serde_impl::affine_vec")]
-    pub(super) coeff: Vec<G1>,
+    pub(super) coeff: Vec<G1Affine>,
 }
 
 /// Creates a new `Commitment` instance
-impl From<Vec<G1>> for Commitment {
-    fn from(coeff: Vec<G1>) -> Self {
+impl From<Vec<G1Affine>> for Commitment {
+    fn from(coeff: Vec<G1Affine>) -> Self {
         Commitment { coeff }
     }
 }
@@ -510,7 +510,7 @@ impl Hash for Commitment {
 impl<B: Borrow<Commitment>> ops::AddAssign<B> for Commitment {
     fn add_assign(&mut self, rhs: B) {
         let len = cmp::max(self.coeff.len(), rhs.borrow().coeff.len());
-        self.coeff.resize(len, G1::identity());
+        self.coeff.resize(len, G1Affine::identity());
         for (self_c, rhs_c) in self.coeff.iter_mut().zip(&rhs.borrow().coeff) {
             *self_c = (*self_c + G1Projective::from(rhs_c)).to_affine();
         }
@@ -542,9 +542,9 @@ impl Commitment {
     }
 
     /// Returns the `i`-th public key share.
-    pub fn evaluate<T: IntoFr>(&self, i: T) -> G1 {
+    pub fn evaluate<T: IntoFr>(&self, i: T) -> G1Affine {
         let mut result = match self.coeff.last() {
-            None => return G1::identity(),
+            None => return G1Affine::identity(),
             Some(c) => G1Projective::from(c),
         };
         let x = i.into_fr();
@@ -573,7 +573,7 @@ impl Commitment {
 
     /// Deserializes from big endian bytes
     pub fn from_bytes(bytes: Vec<u8>) -> Result<Self> {
-        let mut c: Vec<G1> = vec![];
+        let mut c: Vec<G1Affine> = vec![];
         let coeff_size = bytes.len() / PK_SIZE;
         for i in 0..coeff_size {
             let mut g1_bytes = [0; PK_SIZE];
@@ -708,7 +708,7 @@ impl BivarPoly {
 
     /// Returns the corresponding commitment. That information can be shared publicly.
     pub fn commitment(&self) -> BivarCommitment {
-        let to_pub = |c: &Fr| G1::generator().mul(c).to_affine();
+        let to_pub = |c: &Fr| G1Affine::generator().mul(c).to_affine();
         BivarCommitment {
             degree: self.degree,
             coeff: self.coeff.iter().map(to_pub).collect(),
@@ -773,7 +773,7 @@ pub struct BivarCommitment {
     /// The polynomial's degree in each of the two variables.
     pub(crate) degree: usize,
     /// The commitments to the coefficients.
-    pub(crate) coeff: Vec<G1>,
+    pub(crate) coeff: Vec<G1Affine>,
 }
 
 impl Hash for BivarCommitment {
@@ -810,7 +810,7 @@ impl BivarCommitment {
     }
 
     /// Returns the commitment's value at the point `(x, y)`.
-    pub fn evaluate<T: IntoFr>(&self, x: T, y: T) -> G1 {
+    pub fn evaluate<T: IntoFr>(&self, x: T, y: T) -> G1Affine {
         let x_pow = self.powers(x);
         let y_pow = self.powers(y);
         // TODO: Can we save a few multiplication steps here due to the symmetry?
@@ -830,7 +830,7 @@ impl BivarCommitment {
     /// Returns the `x`-th row, as a commitment to a univariate polynomial.
     pub fn row<T: IntoFr>(&self, x: T) -> Commitment {
         let x_pow = self.powers(x);
-        let coeff: Vec<G1> = (0..=self.degree)
+        let coeff: Vec<G1Affine> = (0..=self.degree)
             .map(|i| {
                 let mut result = G1Projective::identity();
                 for (j, x_pow_j) in x_pow.iter().enumerate() {
@@ -870,7 +870,7 @@ impl BivarCommitment {
 
     /// Deserializes from big endian bytes
     pub fn from_bytes(bytes: Vec<u8>) -> Result<Self> {
-        let mut c: Vec<G1> = vec![];
+        let mut c: Vec<G1Affine> = vec![];
         let coeff_size = bytes.len() / PK_SIZE;
         for i in 0..coeff_size {
             let mut g1_bytes = [0; PK_SIZE];
@@ -966,7 +966,7 @@ mod tests {
         assert_ne!(random_commitment, zero_commitment);
         let mut rng = rand::thread_rng();
         let (x, y): (Fr, Fr) = (Fr::random(&mut rng), Fr::random(&mut rng));
-        assert_eq!(zero_commitment.evaluate(x, y), G1::identity());
+        assert_eq!(zero_commitment.evaluate(x, y), G1Affine::identity());
     }
 
     #[test]
@@ -998,7 +998,7 @@ mod tests {
                 // Node `s` receives the `s`-th value and verifies it.
                 for s in 1..=node_num {
                     let val = row_poly.evaluate(s);
-                    let val_g1 = G1::generator().mul(val);
+                    let val_g1 = G1Affine::generator().mul(val);
                     assert_eq!(bi_commit.evaluate(m, s), val_g1.to_affine());
                     // The node can't verify this directly, but it should have the correct value:
                     assert_eq!(bi_poly.evaluate(m, s), val);

src/serde_impl.rs

@@ -10,7 +10,7 @@ use serde::{Deserialize, Deserializer, Serialize, Serializer};
 
 use crate::poly::{coeff_pos, BivarCommitment};
 use crate::serde_impl::serialize_secret_internal::SerializeSecret;
-use crate::{SecretKey, G1};
+use crate::{G1Affine, SecretKey};
 
 const ERR_DEG: &str = "commitment degree does not match coefficients";
 
@@ -121,7 +121,7 @@ struct WireBivarCommitment<'a> {
     /// The polynomial's degree in each of the two variables.
     degree: usize,
     /// The commitments to the coefficients.
-    coeff: Cow<'a, [G1]>,
+    coeff: Cow<'a, [G1Affine]>,
 }
 
 impl Serialize for BivarCommitment {
@@ -312,12 +312,12 @@ mod tests {
     use serde::{Deserialize, Serialize};
 
     use crate::poly::BivarPoly;
-    use crate::{Fr, G1Projective, G1};
+    use crate::{Fr, G1Affine, G1Projective};
 
     #[derive(Debug, Serialize, Deserialize)]
     pub struct Vecs {
         #[serde(with = "super::affine_vec")]
-        curve_points: Vec<G1>,
+        curve_points: Vec<G1Affine>,
         #[serde(with = "super::field_vec")]
         field_elements: Vec<Fr>,
     }