Braid: cryptographic soundness

[ruescasd]

Tasks

Tasks

• Generating independent generators - RUG
• Generating independent generators - Ristretto
• Review generator implementations
• Generators are not compared between proof and verification, only regenerated from seed
• Fiat Shamir transforms
• Source of randomness
• Hashing to Integer (hash_to_exp, rug backend) with only 512 bits using mod
• Shuffle verify, check for identical ciphertexts (no permutation and/or no re-encryption)
• Not checking for duplicates in incoming ciphertexts (Weeding)
• Check proof of plaintext knowledge in the mixnet (as well as ballotbox)
• Generators_fips not checking quadratic residuousity (Generators_fips not checking quadratic residuousity sequentech/strand#72)
• Zeroization (https://docs.rs/zeroize/latest/zeroize/)
• Ensure that mixnet boards are never inserted with explicit ids (https://github.com/sequentech/backend-services/issues/33 https://github.com/sequentech/meta/issues/303)
• Include voter pseudonym (or signing pk) in popk context when casting vote
• Verify null mix implementation by Felix et al (when a mix has 0 ciphertexts)
• Verify message signatures before inserting in local store (at protocol:;board::immudb)