Add BSGS for new field PVSS

[waamm]

Description

• Removes ThresholdConfig trait from WeightedConfig
• Moves most of aptos-dkg's arkworks code from using ark_std::rand for randomness, to our (older) crate rand
• Removes Fiat-Shamir entirely from das (weighted and unweighted), now it uses thread_rng() to generate random numbers.
• Simplified the remaining FS code since we now no longer use it for blstrs::Scalar
• Added a generate() method to existing range proof and sigma proof code, in order to make the generate() method of the new PVSS cleaner.
• Removed the sample() method from GroupGenerators and replaces it with default() since we can't sample securely at the moment, and don't really seem to need it anyway.
• Adds the baby-step giant-step algorithm.
• Extended sigma protocol to lifted homomorphisms
• Added a change_lifetime method to sigma proofs, so it can be made independent of the homomorphism
• Add pp: &Self::PublicParameters to decrypt_own_share(), this reverberates through a lot of code

How Has This Been Tested?

• Existing aptos-dkg tests
• A new test for the baby-step giant-step algorithm.

Key Areas to Review

• It's important that the new random number generation for das is secure.
• aptos-core/types had to be modified due to the decrypt_own_share() change, hopefully not an issue.

Type of Change

• New feature
• Bug fix
• Breaking change
• Performance improvement
• Refactoring
• Dependency update
• Documentation update
• Tests

Which Components or Systems Does This Change Impact?

• Validator Node
• Full Node (API, Indexer, etc.)
• Move/Aptos Virtual Machine
• Aptos Framework
• Aptos CLI/SDK
• Developer Infrastructure
• Move Compiler
• Other: most of this code is not yet in use

Checklist

• I have read and followed the CONTRIBUTING doc
• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I identified and added all stakeholders and component owners affected by this change as reviewers
• I tested both happy and unhappy path of the functionality
• I have made corresponding changes to the documentation

---

Note

Introduces a BSGS dlog helper, switches DKG/arkworks code to rand-based RNGs with new random utilities, removes Fiat‑Shamir from DAS, adds pp to decrypt_own_share, and extends sigma/range proof infra (incl. generators), updating benches/tests/types accordingly.

• Core crypto/utils:
  • Add dlog/bsgs (baby-step giant-step) with table builder and tests.
  • New aptos_crypto::arkworks::random utilities (UniformRand, sample_field_element[s], unsafe_random_point[s]).
  • Replace ark_std::rand with rand across modules; GroupGenerators now Default() (generator-based) instead of sample().
• PVSS (DAS and traits):
  • Remove Fiat–Shamir from DAS verification; use thread_rng()/random scalars.
  • Change Transcript::decrypt_own_share(...) signature to include pp: &Self::PublicParameters; propagate through weighted/unweighted PVSS, generic weighting, tests, benches, and types/real_dkg.
  • Delete obsolete pvss/das/fiat_shamir.rs.
• Sigma protocol & homomorphisms:
  • Support lifted homomorphisms in fixed-base MSMs; implement Trait for LiftHomomorphism and add proper DST composition.
  • Add Proof::change_lifetime and enable verification with generic hom types.
  • Use rand_core bounds consistently in witnesses and proofs.
• Range proofs / KZG:
  • Update hiding KZG: redefine Commitment and CommitmentRandomness (alias to Scalar), adapt open/verify.
  • Extend Univariate DeKART (v1, v2): switch RNG, add proof generate() helpers, minor API tweaks (commit randomness handling), FS helpers streamlined.
• Benches/Tests:
  • Update benches to GroupGenerators::default() and new APIs; add random proof generators.
  • Adjust tests for new decrypt_own_share param and RNG changes; add BSGS test.
• Misc:
  • Remove ThresholdConfig impl from WeightedConfig.
  • Dependency bumps (e.g., fastrand 2.3.0, proc-macro2 1.0.103).

^{Written by Cursor Bugbot for commit 013d7f1. This will update automatically on new commits. Configure here.}

[cursor]

This is the final PR Bugbot will review for you during this billing cycle

Your free Bugbot reviews will reset on November 7

Details

Your team is on the Bugbot Free tier. On this plan, Bugbot will review limited PRs each billing cycle for each member of your team.

To receive Bugbot reviews on all of your PRs, visit the Cursor dashboard to activate Pro and start your 14-day free trial.

[alinush]

Let's discuss!

[alinush]

I think we gotta be a bit careful here. It may be easier to use hashing to ensure non-ambiguity.

Not saying what you have is wrong, but it may be harder to reason about.

[alinush]

In general, please also take a look at my thoughts here regarding domain separation & let's discuss a little.

I think out of those 3 things we are missing a session ID which we may want to add.

[alinush]

How come this was not a problem so far?

[alinush]

(Perpetually worried about how this abstraction is getting out of hand... 😨 )

[waamm]

How come this was not a problem so far?

It was, this stuff is largely inspired by the old PR.

[alinush]

I am so confused right now...

[waamm]

Homomorphisms often carry references to public parameters, but the Proof does not. So the lifetime of the Proof should not depend on that, but for some reason Rust doesn't think that way and ties the lifetime of Proof to its generic parameters.

A different workaround would be to make Proof generic over eg <E, H::Domain, H::Codomain> instead, but that seems uglier to me.

[github-actions]

✅ Forge suite compat success on eace41639a33cfd0e2ba783814be05cc2a8e7dbd ==> 013d7f178b7a39878179d95403a209cfb18aaa3e

Compatibility test results for eace41639a33cfd0e2ba783814be05cc2a8e7dbd ==> 013d7f178b7a39878179d95403a209cfb18aaa3e (PR)
1. Check liveness of validators at old version: eace41639a33cfd0e2ba783814be05cc2a8e7dbd
compatibility::simple-validator-upgrade::liveness-check : committed: 14405.07 txn/s, latency: 2381.21 ms, (p50: 2500 ms, p70: 2600, p90: 2800 ms, p99: 3700 ms), latency samples: 471860
2. Upgrading first Validator to new version: 013d7f178b7a39878179d95403a209cfb18aaa3e
compatibility::simple-validator-upgrade::single-validator-upgrade : committed: 5315.10 txn/s, latency: 6483.68 ms, (p50: 7200 ms, p70: 7300, p90: 7300 ms, p99: 7400 ms), latency samples: 182700
3. Upgrading rest of first batch to new version: 013d7f178b7a39878179d95403a209cfb18aaa3e
compatibility::simple-validator-upgrade::half-validator-upgrade : committed: 5215.52 txn/s, latency: 6632.32 ms, (p50: 7300 ms, p70: 7400, p90: 7500 ms, p99: 7600 ms), latency samples: 180360
4. upgrading second batch to new version: 013d7f178b7a39878179d95403a209cfb18aaa3e
compatibility::simple-validator-upgrade::rest-validator-upgrade : committed: 8243.86 txn/s, latency: 4133.50 ms, (p50: 4500 ms, p70: 4500, p90: 4700 ms, p99: 4800 ms), latency samples: 275860
5. check swarm health
Compatibility test for eace41639a33cfd0e2ba783814be05cc2a8e7dbd ==> 013d7f178b7a39878179d95403a209cfb18aaa3e passed
Test Ok

• Grafana dashboard
• Humio Logs
• Axiom Logs
• Validator CPU Profile
• Fullnode CPU Profile
• Test runner output
• Test run is land-blocking

[github-actions]

✅ Forge suite realistic_env_max_load success on 013d7f178b7a39878179d95403a209cfb18aaa3e

two traffics test: inner traffic : committed: 13503.41 txn/s, submitted: 13503.47 txn/s, expired: 0.05 txn/s, latency: 2788.24 ms, (p50: 2700 ms, p70: 2700, p90: 3000 ms, p99: 3900 ms), latency samples: 5028340
two traffics test : committed: 100.02 txn/s, latency: 801.77 ms, (p50: 800 ms, p70: 800, p90: 900 ms, p99: 1600 ms), latency samples: 1620
Latency breakdown for phase 0: ["MempoolToBlockCreation: max: 2.412, avg: 2.167", "ConsensusProposalToOrdered: max: 0.166, avg: 0.164", "ConsensusOrderedToCommit: max: 0.081, avg: 0.074", "ConsensusProposalToCommit: max: 0.247, avg: 0.238"]
Max non-epoch-change gap was: 1 rounds at version 2778408 (avg 0.00) [limit 4], 1.22s no progress at version 4192948 (avg 0.07s) [limit 15].
Max epoch-change gap was: 0 rounds at version 0 (avg 0.00) [limit 4], 0.29s no progress at version 2373583 (avg 0.29s) [limit 16].
Test Ok

• Grafana dashboard
• Humio Logs
• Axiom Logs
• Validator CPU Profile
• Fullnode CPU Profile
• Test runner output
• Test run is land-blocking

[github-actions]

✅ Forge suite framework_upgrade success on eace41639a33cfd0e2ba783814be05cc2a8e7dbd ==> 013d7f178b7a39878179d95403a209cfb18aaa3e

Compatibility test results for eace41639a33cfd0e2ba783814be05cc2a8e7dbd ==> 013d7f178b7a39878179d95403a209cfb18aaa3e (PR)
Upgrade the nodes to version: 013d7f178b7a39878179d95403a209cfb18aaa3e
framework_upgrade::framework-upgrade::full-framework-upgrade : committed: 2102.16 txn/s, submitted: 2107.24 txn/s, failed submission: 5.08 txn/s, expired: 5.08 txn/s, latency: 1390.42 ms, (p50: 1200 ms, p70: 1500, p90: 1800 ms, p99: 2700 ms), latency samples: 190501
framework_upgrade::framework-upgrade::full-framework-upgrade : committed: 2152.75 txn/s, submitted: 2160.81 txn/s, failed submission: 8.06 txn/s, expired: 8.06 txn/s, latency: 1358.34 ms, (p50: 1200 ms, p70: 1500, p90: 1800 ms, p99: 2700 ms), latency samples: 192341
5. check swarm health
Compatibility test for eace41639a33cfd0e2ba783814be05cc2a8e7dbd ==> 013d7f178b7a39878179d95403a209cfb18aaa3e passed
Upgrade the remaining nodes to version: 013d7f178b7a39878179d95403a209cfb18aaa3e
framework_upgrade::framework-upgrade::full-framework-upgrade : committed: 2068.90 txn/s, submitted: 2076.11 txn/s, failed submission: 7.21 txn/s, expired: 7.21 txn/s, latency: 1409.38 ms, (p50: 1300 ms, p70: 1500, p90: 1800 ms, p99: 2500 ms), latency samples: 189320
Test Ok

• Grafana dashboard
• Humio Logs
• Axiom Logs
• Validator CPU Profile
• Fullnode CPU Profile
• Test runner output
• Test run is land-blocking