Merge branch 'main' of https://github.com/DavidOsipov/PostQuantum-Feldman-VSS

Author: DavidOsipov

.github/workflows/snyk-security.yml

@@ -35,21 +35,31 @@ jobs:
       actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@85e6279cec87321a52edac9c87bce653a07cf6c2
       - name: Set up Snyk CLI to check for security issues
         # Snyk can be used to break the build when it detects security issues.
         # In this case we want to upload the SAST issues to GitHub Code Scanning
         uses: snyk/actions/setup@cdb760004ba9ea4d525f2e043745dfe85bb9077e
 
-        # For Snyk Open Source you must first set up the development environment for your application's dependencies
-        # For example for Node
-        #- uses: actions/setup-node@v4
-        #  with:
-        #    node-version: 20
+      - name: Set up Python
+        uses: actions/setup-python@19e4675e06535f6b54e894da5c1f044400bb4996
+        with:
+          python-version: '3.12.7'
+          
+      - name: Install dependencies
+        run: |
+          if [ -f requirements.txt ]; then pip install -r requirements.txt; fi
+          if [ -f Pipfile ]; then pip install pipenv && pipenv install --dev; fi
+          if [ -f pyproject.toml ]; then pip install poetry && poetry install; fi
 
+      - name: Run Snyk to check for vulnerabilities
+        uses: snyk/actions/python-3.10@cdb760004ba9ea4d525f2e043745dfe85bb9077e
+        continue-on-error: true # To make sure that SARIF upload gets called
         env:
-          # This is where you will need to introduce the Snyk API token created with your Snyk account
-          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+          SNYK_TOKEN: ${{ secrets.SNYK_SECRET_TOKEN }}
+        with:
+          args: --sarif-file-output=snyk.sarif --severity-threshold=medium
+         
 
         # Runs Snyk Code (SAST) analysis and uploads result into GitHub.
         # Use || true to not fail the pipeline
@@ -74,6 +84,6 @@ jobs:
 
         # Push the Snyk Code results into GitHub Code Scanning tab
       - name: Upload result to GitHub Code Scanning
-        uses: github/codeql-action/upload-sarif@v3
+        uses: github/codeql-action/upload-sarif@6349095d19ec30397ffb02a63b7aa4f867deb563
         with:
           sarif_file: snyk-code.sarif

feldman_vss.py

@@ -130,7 +130,7 @@
     """
 
 # /// script
-# requires-python = ">=3.8"
+# requires-python = ">=3.9"
 # dependencies = [
 #   "gmpy2 == 2.2.1",
 #   "msgpack == 1.1.0",
@@ -6077,4 +6077,4 @@ def verify_dual_commitments(
             # Check equality using constant-time comparison
             all_valid &= constant_time_compare(left_side, right_side)
 
-    return all_valid
+    return all_valid

pyproject.toml

@@ -13,7 +13,7 @@ maintainers = [
 ]
 description = "Post-Quantum Secure Feldman's Verifiable Secret Sharing (VSS) in Python"
 readme = "README.md"
-requires-python = ">=3.8"
+requires-python = ">=3.9,<4.0"
 license = {text = "MIT"}
 classifiers = [
     "Development Status :: 4 - Beta",
@@ -26,6 +26,7 @@ classifiers = [
     "Programming Language :: Python :: 3.10",
     "Programming Language :: Python :: 3.11",
     "Programming Language :: Python :: 3.12",
+    "Programming Language :: Python :: 3.13",
     "Topic :: Security",
     "Topic :: Security :: Cryptography",
     "Topic :: Software Development :: Libraries :: Python Modules",
@@ -38,25 +39,10 @@ dependencies = [
 
 [project.optional-dependencies]
 memory_monitor = ["psutil == 7.0.0"]
-test = [
-    "pytest >= 7.0",
-    "pytest-cov >= 4.0",
-    "pytest-xdist >= 3.0",
-    "hypothesis >= 6.0"
-]
-docs = [
-    "sphinx >= 7.0",
-    "sphinx-rtd-theme >= 2.0",
-    "myst-parser >= 2.0",
-    "sphinx-copybutton >= 0.5",
-    "sphinx-autodoc-typehints >= 2.0",
-]
 dev = [
     "black >= 24.0",
     "isort >= 5.10",
     "flake8 >= 7.0",
-    "mypy >= 1.9",
-    "pre-commit >= 3.6",
     "types-requests",
     "types-setuptools",
     "msgpack-types == 0.5.0"
@@ -77,7 +63,6 @@ documentation = "https://github.com/DavidOsipov/PostQuantum-Feldman-VSS/wiki"
 "Telegram" = "https://telegram.me/david_osipov"
 "Signal" =  "https://signal.me/#eu/d68l1UjrWlGVRzbfkVM1bvQMNqCqiae9GM86P_af8ZK2o5E5YSNKbL4MyM9y-2WH"
 
-# Use py-modules instead of packages.find for a single-file module
 [tool.setuptools]
 py-modules = ["feldman_vss"]
 
@@ -109,33 +94,9 @@ known_first_party = ["feldman_vss"]
 line-length = 88
 target-version = ['py38', 'py39', 'py310', 'py311', 'py312']
 
-[tool.mypy]
-python_version = "3.8"
-warn_unused_configs = true
-warn_redundant_casts = true
-warn_unused_ignores = true
-disallow_untyped_defs = true
-disallow_incomplete_defs = true
-check_untyped_defs = true
-no_implicit_optional = true
-strict_optional = true
-warn_return_any = true
-show_error_codes = true
-plugins = ["pydantic.mypy"]
-
-[[tool.mypy.overrides]]
-module = [
-    "gmpy2.*",
-    "msgpack.*",
-    "blake3.*",
-    "pytest.*",
-    "hypothesis.*",
-    "sphinx.*",
-    "psutil.*"
-]
 ignore_missing_imports = true
 
 [tool.flake8]
 max-line-length = 88
 extend-ignore = ["E203", "W503"]
-per-file-ignores = ["__init__.py:F401"]
+per-file-ignores = ["__init__.py:F401"]