Fixed some Insecure Rngs.

src/core.rs

@@ -348,12 +348,7 @@ fn test_core(){
     //test_core_k(32,8);
 }
 
-#[test]
-fn t1est_core_test()
-{
-    rayon::ThreadPoolBuilder::new().num_threads(1).build_global().unwrap();
-    test_core_t(10,10);
-}
+
 
 
 
@@ -434,6 +429,13 @@ fn test_speed_operations() {
     println!(" {:.2?} gt exp ",start.elapsed()/1000);
 }
 
+#[test]
+fn t1est_core_test()
+{
+    rayon::ThreadPoolBuilder::new().num_threads(1).build_global().unwrap();
+    test_core_t(10,10);
+}
+
 fn test_core_t(n:i64,t:i64){
     let msg = (0..64).map(|x|(x) as u8).collect::<Vec<_>>();
     let generator = pairing(&G1Affine::generator(),&G2Affine::generator());
@@ -475,10 +477,51 @@ fn test_core_t(n:i64,t:i64){
     }).collect::<Vec<_>>();
 
     let start = Instant::now();
-    let res = phe_dec_finish_t(&res,&pps,&responses,&ss,n);
+    let resdec = phe_dec_finish_t(&res,&pps,&responses,&ss,n);
     println!("{:.2?} phe_dec_finish_t",start.elapsed());
 
-    assert_eq!(res.unwrap(),msg);
+    assert_eq!(resdec.unwrap(),msg);
+
+    // test invalid password
+    let (ss,request) = phe_init(&"test".to_string(),&"test2".to_string(),&pk);
+    let responses = (0..t as usize).into_par_iter().map(|i|{
+        let response = phe_ratelimiter(&rlkeys[i],&request,&pps[i],&pvk).unwrap();
+        response
+    }).collect::<Vec<_>>();
+    
+    let err_res = phe_dec_finish_t(&res,&pps,&responses,&ss,n);
+    assert!(err_res.is_err());
+
+    // test corrupted ciphertext
+    let mut res2 = res.clone();
+    res2.c1[0] = res2.c1[0] ^ 1;
+    let err_res = phe_dec_finish_t(&res2,&pps,&responses,&ss,n);
+    assert!(err_res.is_err());
+
+    // test changed real key
+    let real_key2 = utils::random_scalar();
+    let rlkeys2 = shamir::gen_shares_scalar(real_key2,n,t);
+    let pps2 = rlkeys2.iter().map(|x|PublicParameters{
+        gt_gen: generator,
+        ratelimiter_public_key: generator*x
+    }).collect::<Vec<_>>();
+
+    let pp_keys2 = pps2.iter().map(|x|{x.ratelimiter_public_key}).collect::<Vec<_>>();
+
+    let pp_key2 = shamir::recover_shares(&pp_keys2, n as i64);
+
+    assert_eq!(pp_key2,generator*real_key2,"Public keys do not match");
+
+    let (ss,request) = phe_init(&"test".to_string(),&"test".to_string(),&pk);
+    let responses = (0..t as usize).into_par_iter().map(|i|{
+        let response = phe_ratelimiter(&rlkeys2[i],&request,&pps2[i],&pvk).unwrap();
+        response
+    }).collect::<Vec<_>>();
+
+    let err_res = phe_dec_finish_t(&res,&pps2,&responses,&ss,n);
+    assert!(err_res.is_err());
+    
+    
 }
 
 

src/proofs.rs

@@ -195,6 +195,7 @@ pub fn generate_hash_proof(
     random: &Scalar,
     pk: &ProvingKey<Bls12_381>,
 ) -> (Scalar, Vec<u8>) {
+    let mut rng = OsRng::default();
     // hash the password and nonce to Fr
     let n_fr = Fr::from_le_bytes_mod_order(&nonce.to_bytes());
     //use sha256
@@ -228,7 +229,7 @@ pub fn generate_hash_proof(
         nonce_point: Some(n_fr),
         random_r: Some(random_fr),
     };
-    let proof = Groth16::<Bls12_381>::prove(&pk, proof, &mut ark_std::test_rng()).unwrap();
+    let proof = Groth16::<Bls12_381>::prove(&pk, proof, &mut rng).unwrap();
 
     let mut proof_serialized = Vec::<u8>::new();
     proof.serialize(&mut proof_serialized).unwrap();
@@ -322,11 +323,7 @@ fn test_type_conversion() {
 
 #[test]
 fn test_groth16() {
-    rayon::ThreadPoolBuilder::new()
-        .num_threads(1)
-        .build_global()
-        .unwrap();
-    let mut rng = &mut ark_std::test_rng();
+    let mut rng = &mut OsRng::default();
     let mimc = MiMC::<Fr, MIMC_7_91_BLS12_381_PARAMS>::new(
         1,
         Fr::zero(),