Skip to content
This repository has been archived by the owner on Sep 1, 2023. It is now read-only.

Zeroize version 0.10.1 is no longer on crates.io #24

Closed
sandeepmukh opened this issue Jul 16, 2021 · 8 comments · Fixed by #25
Closed

Zeroize version 0.10.1 is no longer on crates.io #24

sandeepmukh opened this issue Jul 16, 2021 · 8 comments · Fixed by #25

Comments

@sandeepmukh
Copy link

sandeepmukh commented Jul 16, 2021

Title pretty much says it all, but it looks like the authors of Zeroize removed the version that this library requires. Is there a fix for this?
Here's the error I'm getting when trying to build:

$ cargo build

    Updating crates.io index
    Updating git repository `https://github.com/RustMania/rust-paillier`
    Updating git repository `https://github.com/vnermolaev/trace.git`
error: failed to select a version for the requirement `zeroize = "^0.10.1"`
candidate versions found which didn't match: 1.3.0, 1.2.0, 1.1.1, ...
location searched: crates.io index
required by package `ecdsa-mpc v0.3.0 (/Users/sandeepmukherjee/Documents/projects/threshold-signatures)`

I've tried manually updating the Cargo.toml file but got a bit tangled up in the dependency tree.

EDIT: It can be compiled using local versions of curv and rust-paillier that are all upgraded to version "1" of zeroize. I haven't tested out anything besides its compilation.

@RustMania
Copy link
Collaborator

RustMania commented Jul 17, 2021 via email

@sandeepmukh
Copy link
Author

Oops accidentally closed the issue.

@survived
Copy link

survived commented Jul 17, 2021

Hi, I'm from ZenGo team maintaining both curv and rust-paillier crates. From our side, we can release an update for version you depend on with newer zeroize. This should solve a problem until next accident 🙂 Also, we'd love to suggest our help in migrating to newest curv version!

@RustMania
Copy link
Collaborator

Hello, ZenGo team! I seem having some time finally for this issue, while being away from the job.
It is very kind of you to offer the help with these crates. First I think of taking your suggestion to migrate to new version of curv. The attempt has already been made in January to do it as a quick fix/uptick, but the volume of changes did not look like one-day effort. Another less preferred option is to retrofit latest zeroize into old curv/paillier. How much time would it take?

@sandeepmukh
Copy link
Author

Hi! I was actually able to get the library to work doing just that. Its pretty simple as both of the ZenGo libraries can be upgraded to version “1” of zeroize without breaking. I just edited their Cargo.toml and they compiled and have been running without complaint.

@survived
Copy link

survived commented Jul 27, 2021

We're currently releasing major update for the library that improves elliptic curve and bigint interfaces — v0.8.0-rc1 is already available, check out new elliptic curves interface. Once work on bigint is finished, v0.8.0 will be published.

You can already start migrating to v0.8.0-rc1 to match new elliptic curves interface. In a nutshell — in the version you depend on, there are GE and FE representing elliptic point and scalar respectively. To match the new interface you need to replace them with Point<Secp256k1> and Scalar<Secp256k1>. All arithmetic operations are supported - you can add, subtract two points, negate a point, multiply it at scalar, and so on, also point/scalar implement a bunch of convenient traits, see their documentation.

One major challenge you might have is that serialization format has been changed for points and scalars (and therefore for anything else in the library). So if you need to deserialize points/scalar/anything else from older curv, then you'll need a mapping from old format to a new one.

I can help you with any issues during migration — reach me via email denis@zengo.com or telegram @dsurv

@survived
Copy link

As a quick fix — I've released curv v0.2.8 with updated zeroize dependency. As @sandeepmukh pointed out — it required only modifying Cargo.toml.

@RustMania RustMania linked a pull request Jul 28, 2021 that will close this issue
@RustMania
Copy link
Collaborator

The dependencies are updated. Thank you very much for your help with curv!

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants