search

ing-bank / threshold-signatures

Threshold Signature Scheme for ECDSA
MIT License
201 stars 41 forks source link

Unable to build due to dependency on yanked crypto-mac version #30

Closed bholzman closed 3 years ago

bholzman commented 3 years ago

(venv) MacBook-Pro:threshold-signatures bholzman$ cargo build Updating crates.io index Updating git repository https://github.com/RustMania/rust-paillier Updating git repository https://github.com/vnermolaev/trace.git error: failed to select a version for the requirement crypto-mac = "^0.7" candidate versions found which didn't match: 0.11.1, 0.11.0, 0.10.1, ... location searched: crates.io index required by package hmac v0.7.1 ... which is depended on by curv-kzen v0.2.8 ... which is depended on by ecdsa-mpc v0.3.0 (/Users/bholzman/dev/threshold-signatures)

I tried upgrading the curv-kzen version, but in the next higher version (0.6.1) there's no support for either the ec_secp256k1 or ecc feature as specified in the Cargo.toml.

Any ideas?

survived commented 3 years ago

Hi @bholzman, curv v0.6.1 supports secp256k1, you don't need to specify feature for that. Upgrading to v0.6 should be pretty simple, you need to replace all imports use curv::{GE, FE} with use curv::elliptic::curves::secp256k1::{GE, FE}.

However, updating to v0.6 won't resolve the issue — it still depends on hmac v0.7.1 that depends on yanked version of crypto-mac. We're going to bump dependency in the latest version of curv — https://github.com/ZenGo-X/curv/issues/132

RustMania commented 3 years ago

Thanks, Denis! Could you mention, please, whether I need to bump/port to curv 0.6 or higher?

survived commented 3 years ago

@RustMania I've fixed hmac issue only for the latest version of curv v0.8.0-rc3 (just published it). It would be perfect if you updated to the latest version of curv. Crates get yanked pretty often, it's not easy to backport fixes to the older versions. If you'll have any issues with upgrading, feel free to reach me with any questions!

bholzman commented 3 years ago

Thanks, Denis. Updating to curv 0.8.0-rc3 gets me a little further, but now cargo build fails thusly:

(venv) MacBook-Pro:threshold-signatures bholzman$ cargo build Updating crates.io index Updating git repository https://github.com/RustMania/rust-paillier Updating git repository https://github.com/vnermolaev/trace.git error: failed to select a version for the requirement zeroize = "^0.10" candidate versions found which didn't match: 1.4.1, 1.4.0, 1.3.0, ... location searched: crates.io index required by package curv-kzen v0.2.7 ... which is depended on by paillier v0.3.6 ( https://github.com/RustMania/rust-paillier#1e65d6d3) ... which is depended on by ecdsa-mpc v0.3.0 (/Users/bholzman/dev/threshold-signatures)

@RustMania I guess this will be fixed once you update rust-paillier?

On Thu, Aug 26, 2021 at 5:16 AM Denis Varlakov @.***> wrote:

@RustMania https://github.com/RustMania I've fixed hmac issue only for the latest version of curv v0.8.0-rc3 (just published it). It would be perfect if you updated to the latest version of curv. Crates get yanked pretty often, it's not easy to backport fixes to the older versions. If you'll have any issues with upgrading, feel free to reach me with any questions!

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/ing-bank/threshold-signatures/issues/30#issuecomment-906237309, or unsubscribe https://github.com/notifications/unsubscribe-auth/AATJ4GTRUWQ4R5TD57GXW23T6YA77ANCNFSM5C2AOG4Q . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&utm_campaign=notification-email .

bholzman commented 3 years ago

FYI, I tried building master on ubuntu 20.04, and got the same error:

parallels@parallels-Parallels-Virtual-Platform:~/threshold-signatures$ cargo build
    Updating crates.io index
    Updating git repository `https://github.com/RustMania/rust-paillier`
    Updating git repository `https://github.com/vnermolaev/trace.git`
error: failed to select a version for the requirement `crypto-mac = "^0.7"`
candidate versions found which didn't match: 0.11.1, 0.11.0, 0.10.1, ...
location searched: crates.io index
required by package `hmac v0.7.1`
    ... which is depended on by `curv-kzen v0.2.8`
    ... which is depended on by `ecdsa-mpc v0.3.0 (/home/parallels/threshold-signatures)`
bholzman commented 3 years ago

Hi, any update on this issue?

bholzman commented 3 years ago

Hmm, actually this problem seems to have been fixed somewhere else, as I can now build just fine. Closing this ticket.