Merge branch 'alex/rm-v1-sks-migration-code' into 'master'

chore(crypto): CRP-2435 CRP-900 remove obsolete SKS V1->V2 migration code The latest SKS version is V3. Since genesis V2 was used and V3 was introduced later. Therefore, it's safe to assume that V1 was never used in production and the migration code from V1 to V2 can be removed. This MR also removes the related obsolete types. See merge request dfinity-lab/public/ic!18079
dfinity · Mar 6, 2024 · 778d2bb · 778d2bb
2 parents fc9b223 + dcbff43
commit 778d2bb
Show file tree

Hide file tree

Showing 9 changed files with 19 additions and 109 deletions.
diff --git a/rs/crypto/internal/crypto_lib/threshold_sig/bls12_381/src/ni_dkg/groth20_bls12_381/types.rs b/rs/crypto/internal/crypto_lib/threshold_sig/bls12_381/src/ni_dkg/groth20_bls12_381/types.rs
@@ -1,9 +1,9 @@
 //! Types for the Groth20-BLS12-381 implementation of Non-interactive
 //! Distributed Key Generation.
 
-use ic_crypto_internal_types::curves::bls12_381::{FrBytes, G1Bytes, G2Bytes};
+use ic_crypto_internal_types::curves::bls12_381::{G1Bytes, G2Bytes};
 use ic_crypto_internal_types::encrypt::forward_secure::groth20_bls12_381::{
-    FsEncryptionPok, FsEncryptionPop, FsEncryptionPublicKey,
+    FsEncryptionPop, FsEncryptionPublicKey,
 };
 use serde::{Deserialize, Serialize};
 
@@ -58,18 +58,6 @@ impl fmt::Debug for BTENodeBytes {
     }
 }
 
-/// (deprecated) Forward-secure encryption public key, secret key, and
-/// proof-of-knowledge.
-//CRP-900: Remove the following type
-#[derive(Clone, Debug, Eq, PartialEq, Serialize, Deserialize, Zeroize, ZeroizeOnDrop)]
-pub struct FsEncryptionKeySet {
-    #[zeroize(skip)]
-    pub public_key: FsEncryptionPublicKey,
-    #[zeroize(skip)]
-    pub pok: FsEncryptionPok,
-    pub secret_key: FsEncryptionSecretKey,
-}
-
 /// Forward-secure encryption public key, secret key, and proof-of-possession.
 #[derive(Clone, Debug, Eq, PartialEq, Serialize, Deserialize, Zeroize, ZeroizeOnDrop)]
 pub struct FsEncryptionKeySetWithPop {
@@ -79,26 +67,3 @@ pub struct FsEncryptionKeySetWithPop {
     pub pop: FsEncryptionPop,
     pub secret_key: FsEncryptionSecretKey,
 }
-
-/// Converts an old `FsEncryptionKeySet` to a `FsEncryptionKeySetWithPop`.
-///
-/// The old `FsEncryptionPok` is formatted as a `FsEncryptionPop` as follows:
-/// * The `blinder` of the PoK is written as the `pop_key` value in the PoP
-/// * The `challenge` of the proof of possession is set equal to `0`.
-/// * The `response` of the Pok is written as the `response` value in the PoP,
-///
-/// # Security Notice
-/// The reformatted PoK **does not** constitute a valid PoP.
-/// This function must be used for compatibility purposes only and it will be
-/// removed as part of CRP-923.
-pub fn convert_keyset_to_keyset_with_pop(key_set: FsEncryptionKeySet) -> FsEncryptionKeySetWithPop {
-    FsEncryptionKeySetWithPop {
-        public_key: key_set.public_key,
-        pop: FsEncryptionPop {
-            pop_key: key_set.pok.blinder,
-            challenge: FrBytes([0; FrBytes::SIZE]),
-            response: key_set.pok.response,
-        },
-        secret_key: key_set.secret_key.clone(),
-    }
-}
diff --git a/...ternal/crypto_lib/threshold_sig/bls12_381/src/ni_dkg/groth20_bls12_381/types/arbitrary.rs b/...ternal/crypto_lib/threshold_sig/bls12_381/src/ni_dkg/groth20_bls12_381/types/arbitrary.rs
@@ -3,27 +3,6 @@ use super::*;
 use ic_crypto_internal_types::curves::bls12_381::FrBytes;
 use proptest::prelude::{any, BoxedStrategy, Strategy};
 
-fn arbitrary_key_set() -> impl Strategy<Value = FsEncryptionKeySet> {
-    any::<u8>().prop_map(|byte| FsEncryptionKeySet {
-        public_key: FsEncryptionPublicKey(G1Bytes([byte; G1Bytes::SIZE])),
-        pok: FsEncryptionPok {
-            blinder: G1Bytes([byte; G1Bytes::SIZE]),
-            response: FrBytes([byte; FrBytes::SIZE]),
-        },
-        secret_key: FsEncryptionSecretKey {
-            bte_nodes: Vec::new(),
-        },
-    })
-}
-impl proptest::prelude::Arbitrary for FsEncryptionKeySet {
-    type Parameters = ();
-    type Strategy = BoxedStrategy<Self>;
-
-    fn arbitrary_with(_args: Self::Parameters) -> Self::Strategy {
-        arbitrary_key_set().boxed()
-    }
-}
-
 fn arbitrary_key_set_with_pop() -> impl Strategy<Value = FsEncryptionKeySetWithPop> {
     any::<u8>().prop_map(|byte| FsEncryptionKeySetWithPop {
         public_key: FsEncryptionPublicKey(G1Bytes([byte; G1Bytes::SIZE])),

diff --git a/rs/crypto/internal/crypto_lib/threshold_sig/bls12_381/src/ni_dkg/types.rs b/rs/crypto/internal/crypto_lib/threshold_sig/bls12_381/src/ni_dkg/types.rs
@@ -40,6 +40,5 @@ impl fmt::Debug for CspFsEncryptionSecretKey {
 #[cfg_attr(test, derive(Arbitrary))]
 #[allow(non_camel_case_types)]
 pub enum CspFsEncryptionKeySet {
-    Groth20_Bls12_381(groth20_bls12_381::FsEncryptionKeySet),
     Groth20WithPop_Bls12_381(groth20_bls12_381::FsEncryptionKeySetWithPop),
 }
diff --git a/rs/crypto/internal/crypto_lib/types/src/encrypt/forward_secure.rs b/rs/crypto/internal/crypto_lib/types/src/encrypt/forward_secure.rs
@@ -22,7 +22,6 @@ pub enum CspFsEncryptionPublicKey {
 #[derive(Copy, Clone, Debug, Eq, PartialEq, IntoStaticStr, Serialize, Deserialize)]
 #[allow(non_camel_case_types)]
 pub enum CspFsEncryptionPop {
-    Groth20_Bls12_381(groth20_bls12_381::FsEncryptionPok),
     Groth20WithPop_Bls12_381(groth20_bls12_381::FsEncryptionPop),
 }
 
@@ -163,14 +162,6 @@ pub mod groth20_bls12_381 {
         }
     }
 
-    //CRP-900: remove the following once the new POP is used
-    /// Old proof of knowledge
-    #[derive(Copy, Clone, Debug, Eq, PartialEq, Serialize, Deserialize)]
-    pub struct FsEncryptionPok {
-        pub blinder: G1Bytes,
-        pub response: FrBytes,
-    }
-
     /// Forward secure encryption proof of possession.
     #[derive(Copy, Clone, Debug, Eq, PartialEq, Serialize, Deserialize)]
     pub struct FsEncryptionPop {

diff --git a/rs/crypto/internal/crypto_service_provider/src/keygen/mod.rs b/rs/crypto/internal/crypto_service_provider/src/keygen/mod.rs
@@ -59,7 +59,6 @@ pub mod utils {
                 )),
                 timestamp: None
             },
-            _=> panic!("Unsupported types")
         }
     }
 

diff --git a/rs/crypto/internal/crypto_service_provider/src/secret_key_store/proto_store.rs b/rs/crypto/internal/crypto_service_provider/src/secret_key_store/proto_store.rs
@@ -9,8 +9,6 @@ use crate::types::CspSecretKey;
 use hex::{FromHex, ToHex};
 use ic_config::crypto::CryptoConfig;
 use ic_crypto_internal_logmon::metrics::CryptoMetrics;
-use ic_crypto_internal_threshold_sig_bls12381::ni_dkg::groth20_bls12_381::types::convert_keyset_to_keyset_with_pop;
-use ic_crypto_internal_threshold_sig_bls12381::ni_dkg::types::CspFsEncryptionKeySet;
 use ic_logger::{debug, info, replica_logger::no_op_logger, warn, ReplicaLogger};
 use parking_lot::RwLock;
 use prost::Message;
@@ -331,12 +329,6 @@ impl ProtoSecretKeyStore {
                     ProtoSecretKeyStore::sks_proto_to_secret_keys(&sks_proto);
                 Self::migrate_sks_from_v2_to_v3(secret_keys_from_disk)
             }
-            1 => {
-                let secret_keys_from_disk =
-                    ProtoSecretKeyStore::sks_proto_to_secret_keys(&sks_proto);
-                let sks_v2 = Self::migrate_sks_from_v1_to_v2(secret_keys_from_disk);
-                Self::migrate_sks_from_v2_to_v3(sks_v2)
-            }
             _ => panic!(
                 "Unsupported SecretKeyStore-proto version: {}",
                 sks_proto.version
@@ -356,23 +348,6 @@ impl ProtoSecretKeyStore {
         migrated_secret_keys
     }
 
-    fn migrate_sks_from_v1_to_v2(existing_secret_keys: SecretKeys) -> SecretKeys {
-        let mut migrated_secret_keys = SecretKeys::new();
-        for (key_id, (csp_key, scope)) in existing_secret_keys.into_iter() {
-            let migrated_secret_key = match &csp_key {
-                CspSecretKey::FsEncryption(CspFsEncryptionKeySet::Groth20_Bls12_381(key_set)) => {
-                    let key_set_with_pop = convert_keyset_to_keyset_with_pop(key_set.clone());
-                    CspSecretKey::FsEncryption(CspFsEncryptionKeySet::Groth20WithPop_Bls12_381(
-                        key_set_with_pop,
-                    ))
-                }
-                _ => csp_key,
-            };
-            migrated_secret_keys.insert(key_id, (migrated_secret_key, scope));
-        }
-        migrated_secret_keys
-    }
-
     fn parse_csp_secret_key(key_bytes: &[u8], key_id: &KeyId) -> CspSecretKey {
         serde_cbor::from_slice(key_bytes).unwrap_or_else(|_ignored_so_that_no_data_is_leaked| {
             panic!("Error deserializing key with ID {}", key_id)

diff --git a/rs/crypto/internal/crypto_service_provider/src/secret_key_store/proto_store/tests.rs b/rs/crypto/internal/crypto_service_provider/src/secret_key_store/proto_store/tests.rs
@@ -10,6 +10,7 @@ use assert_matches::assert_matches;
 use ic_crypto_internal_basic_sig_ed25519::types as ed25519_types;
 use ic_crypto_internal_csp_test_utils::files::mk_temp_dir_with_permissions;
 use ic_crypto_internal_multi_sig_bls12381::types::SecretKeyBytes;
+use ic_crypto_internal_threshold_sig_bls12381::ni_dkg::types::CspFsEncryptionKeySet;
 use ic_crypto_internal_threshold_sig_ecdsa::{
     EccCurveType, MEGaKeySetK256Bytes, MEGaPrivateKey, MEGaPrivateKeyK256Bytes, MEGaPublicKey,
     MEGaPublicKeyK256Bytes,

diff --git a/rs/crypto/internal/crypto_service_provider/src/types/tests.rs b/rs/crypto/internal/crypto_service_provider/src/types/tests.rs
@@ -9,15 +9,15 @@ use ic_crypto_internal_test_vectors::ed25519::{
 use ic_crypto_internal_test_vectors::multi_bls12_381::TESTVEC_MULTI_BLS12_381_1_PK;
 use ic_crypto_internal_test_vectors::unhex::hex_to_byte_vec;
 use ic_crypto_internal_threshold_sig_bls12381::ni_dkg::groth20_bls12_381::types::{
-    BTENodeBytes, FsEncryptionKeySet, FsEncryptionSecretKey,
+    BTENodeBytes, FsEncryptionKeySetWithPop, FsEncryptionSecretKey,
 };
 use ic_crypto_internal_threshold_sig_bls12381::ni_dkg::types::CspFsEncryptionKeySet;
 use ic_crypto_internal_threshold_sig_ecdsa::{
     EccCurveType, MEGaPrivateKey, MEGaPrivateKeyK256Bytes, MEGaPublicKeyK256Bytes,
 };
 use ic_crypto_internal_types::curves::bls12_381::{FrBytes, G1Bytes, G2Bytes};
 use ic_crypto_internal_types::encrypt::forward_secure::groth20_bls12_381::{
-    FsEncryptionPok, FsEncryptionPublicKey,
+    FsEncryptionPop, FsEncryptionPublicKey,
 };
 use ic_crypto_secrets_containers::SecretArray;
 use ic_types::crypto::{AlgorithmId, BasicSig, BasicSigOf, CryptoHashableTestDummy, UserPublicKey};
@@ -93,9 +93,14 @@ fn should_redact_csp_secret_key_tls_ed25519_debug() {
 
 #[test]
 fn should_redact_csp_secret_key_fs_encryption_debug() {
-    let cspsk_fs = CspSecretKey::FsEncryption(CspFsEncryptionKeySet::Groth20_Bls12_381(
-        FsEncryptionKeySet {
+    let cspsk_fs = CspSecretKey::FsEncryption(CspFsEncryptionKeySet::Groth20WithPop_Bls12_381(
+        FsEncryptionKeySetWithPop {
             public_key: FsEncryptionPublicKey(G1Bytes([1u8; G1Bytes::SIZE])),
+            pop: FsEncryptionPop {
+                pop_key: G1Bytes([1; G1Bytes::SIZE]),
+                challenge: FrBytes([1; FrBytes::SIZE]),
+                response: FrBytes([1; FrBytes::SIZE]),
+            },
             secret_key: FsEncryptionSecretKey {
                 bte_nodes: vec![
                     BTENodeBytes {
@@ -109,10 +114,6 @@ fn should_redact_csp_secret_key_fs_encryption_debug() {
                     1
                 ],
             },
-            pok: FsEncryptionPok {
-                blinder: G1Bytes([1; G1Bytes::SIZE]),
-                response: FrBytes([1; FrBytes::SIZE]),
-            },
         },
     ));
     assert_eq!(
@@ -146,14 +147,15 @@ fn should_return_correct_enum_variant() {
     assert_eq!(key.enum_variant(), "TlsEd25519");
 
     // FsEncryption
-    let key = CspSecretKey::FsEncryption(CspFsEncryptionKeySet::Groth20_Bls12_381(
-        FsEncryptionKeySet {
+    let key = CspSecretKey::FsEncryption(CspFsEncryptionKeySet::Groth20WithPop_Bls12_381(
+        FsEncryptionKeySetWithPop {
             public_key: FsEncryptionPublicKey(G1Bytes([0; G1Bytes::SIZE])),
-            secret_key: FsEncryptionSecretKey { bte_nodes: vec![] },
-            pok: FsEncryptionPok {
-                blinder: G1Bytes([0; G1Bytes::SIZE]),
-                response: FrBytes([0; FrBytes::SIZE]),
+            pop: FsEncryptionPop {
+                pop_key: G1Bytes([1; G1Bytes::SIZE]),
+                challenge: FrBytes([1; FrBytes::SIZE]),
+                response: FrBytes([1; FrBytes::SIZE]),
             },
+            secret_key: FsEncryptionSecretKey { bte_nodes: vec![] },
         },
     ));
     assert_eq!(key.enum_variant(), "FsEncryption");

diff --git a/rs/crypto/node_key_validation/src/proto_conversions/fs_ni_dkg.rs b/rs/crypto/node_key_validation/src/proto_conversions/fs_ni_dkg.rs
@@ -34,7 +34,6 @@ fn clib_fs_ni_dkg_pubkey_from_csp_pubkey_with_pop(
             CspFsEncryptionPublicKey::Groth20_Bls12_381(pubkey),
             CspFsEncryptionPop::Groth20WithPop_Bls12_381(pop),
         ) => ClibFsNiDkgPublicKey::deserialize(pubkey, pop),
-        _ => None,
     }
 }
-Original file line number
+Diff line change
@@ Expand Up / @@ -59,7 +59,6 @@ pub mod utils { @@
                     )),
                     timestamp: None
                 },
-                _=> panic!("Unsupported types")
             }
         }
@@ Expand Down @@