From 8f9ccfa5caaaab201f5bbc799bdd159aa80ee4c0 Mon Sep 17 00:00:00 2001
From: Bobbin Threadbare <bobbinth@protonmail.com>
Date: Thu, 21 Mar 2024 22:06:49 -0700
Subject: [PATCH] refactor: minor updates signature tests, comments, and
 private key constructor

---
 Cargo.toml                               |  2 +-
 src/dsa/rpo_falcon512/keys/secret_key.rs |  4 +--
 src/dsa/rpo_falcon512/signature.rs       | 32 +++++++++++-------------
 3 files changed, 16 insertions(+), 22 deletions(-)

diff --git a/Cargo.toml b/Cargo.toml
index 4c1207a5..971885d6 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -48,7 +48,6 @@ std = [
 [dependencies]
 blake3 = { version = "1.5", default-features = false }
 clap = { version = "4.5", optional = true, features = ["derive"] }
-getrandom = { version = "0.2", features = ["js"] }
 num = { version = "0.4", default-features = false, features = ["alloc", "libm"] }
 num-complex = { version = "0.4.4", default-features = false }
 rand = { version = "0.8", default-features = false }
@@ -62,6 +61,7 @@ winter-utils = { version = "0.8", default-features = false }
 
 [dev-dependencies]
 criterion = { version = "0.5", features = ["html_reports"] }
+getrandom = { version = "0.2", features = ["js"] }
 hex = { version = "0.4", default-features = false, features = ["alloc"] }
 proptest = "1.4"
 rand_utils = { version = "0.8", package = "winter-rand-utils" }
diff --git a/src/dsa/rpo_falcon512/keys/secret_key.rs b/src/dsa/rpo_falcon512/keys/secret_key.rs
index e3e66757..934867df 100644
--- a/src/dsa/rpo_falcon512/keys/secret_key.rs
+++ b/src/dsa/rpo_falcon512/keys/secret_key.rs
@@ -63,11 +63,9 @@ impl SecretKey {
     /// Generates a secret key from OS-provided randomness.
     #[cfg(feature = "std")]
     pub fn new() -> Self {
-        use rand::{rngs::StdRng, RngCore, SeedableRng};
+        use rand::{rngs::StdRng, SeedableRng};
 
-        let mut seed: [u8; 32] = [0; 32];
         let mut rng = StdRng::from_entropy();
-        rng.fill_bytes(&mut seed);
         Self::with_rng(&mut rng)
     }
 
diff --git a/src/dsa/rpo_falcon512/signature.rs b/src/dsa/rpo_falcon512/signature.rs
index 71b8fa22..a90eeab6 100644
--- a/src/dsa/rpo_falcon512/signature.rs
+++ b/src/dsa/rpo_falcon512/signature.rs
@@ -32,19 +32,13 @@ use num::Zero;
 /// function. c is a polynomial that is the hash-to-point of the message being signed.
 ///
 /// The polynomial h is serialized as:
-///
 /// 1. 1 byte representing the log2(512) i.e., 9.
 /// 2. 896 bytes for the public key itself.
 ///
 /// The signature is serialized as:
 /// 1. A header byte specifying the algorithm used to encode the coefficients of the `s2` polynomial
-///    together with the degree of the irreducible polynomial phi.
-///    The general format of this byte is 0b0cc1nnnn where:
-///     a. cc is either 01 when the compressed encoding algorithm is used and 10 when the
-///     uncompressed algorithm is used.
-///     b. nnnn is log2(N) where N is the degree of the irreducible polynomial phi.
-///    The current implementation works always with cc equal to 0b01 and nnnn equal to 0b1001 and
-///    thus the header byte is always equal to 0b00111001.
+///    together with the degree of the irreducible polynomial phi. For RPO Falcon512, the header
+///    byte is set to `10111001` (see more in [SignatureHeader]).
 /// 2. 40 bytes for the nonce.
 /// 4. 625 bytes encoding the `s2` polynomial above.
 ///
@@ -133,15 +127,15 @@ pub struct SignatureHeader(u8);
 
 impl Default for SignatureHeader {
     /// According to section 3.11.3 in the specification [1],  the signature header has the format
-    /// `0 c c 1 n n n n` where:
+    /// `0cc1nnnn` where:
     ///
-    /// 1. `c c` signifies the encoding method. `0 1` denotes using the compression encoding method
-    /// and `1 0` denotes encoding using the uncompressed method.
-    /// 2. `n n n n` encodes `LOG_N`.
+    /// 1. `cc` signifies the encoding method. `01` denotes using the compression encoding method
+    ///    and `10` denotes encoding using the uncompressed method.
+    /// 2. `nnnn` encodes `LOG_N`.
     ///
     /// For RPO Falcon 512 we use compression encoding and N = 512. Moreover, to differentiate the
     /// RPO Falcon variant from the reference variant using SHAKE256, we flip the first bit in the
-    /// header. Thus, for RPO Falcon 512 the header is `1 0 1 1 1 0 0 1`
+    /// header. Thus, for RPO Falcon 512 the header is `10111001`
     ///
     /// [1]: https://falcon-sign.info/falcon.pdf
     fn default() -> Self {
@@ -358,16 +352,18 @@ fn are_coefficients_valid(x: &[i16]) -> bool {
 // TESTS
 // ================================================================================================
 
-#[cfg(all(test, feature = "std"))]
+#[cfg(test)]
 mod tests {
     use super::{super::SecretKey, *};
-    use rand::rngs::OsRng;
+    use crate::{rand::RpoRandomCoin, ZERO};
 
     #[test]
     fn test_serialization_round_trip() {
-        let key = SecretKey::new();
-        let mut rng = OsRng;
-        let signature = key.sign(Word::default(), &mut rng);
+        let seed = [ZERO; 4];
+        let mut rng = RpoRandomCoin::new(seed);
+
+        let sk = SecretKey::with_rng(&mut rng);
+        let signature = sk.sign(Word::default(), &mut rng);
         let serialized = signature.to_bytes();
         let deserialized = Signature::read_from_bytes(&serialized).unwrap();
         assert_eq!(signature.sig_poly(), deserialized.sig_poly());