Ecosystem/serai
Ecosystem/serai
1
0
Fork 0
mirror of https://github.com/serai-dex/serai.git synced 2024-12-22 19:49:22 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Use proper messages for ValidatorSets/InInstructions pallet

Browse source 
Provides a DST, and associated metadata as beneficial.

Also utilizes MuSig's context to session-bind. Since set_keys_messages also
binds to set, this is semi-redundant, yet that's appreciated.
This commit is contained in:
Luke Parker 2023-05-13 04:20:13 -04:00
parent 663b5f4b50
commit 47f8766da6
No known key found for this signature in database
17 changed files with 102 additions and 70 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
Cargo.lock generated
View file

@ -8780,6 +8780,7 @@ dependencies = [
"ciphersuite",
"dalek-ff-group",
"dkg",
"dleq",
"flexible-transcript",
"minimal-ed448",
"monero-generators",
@ -10998,8 +10999,6 @@ dependencies = [
name = "validator-sets-pallet"
version = "0.1.0"
dependencies = [
"ciphersuite",
"dkg",
"frame-support",
"frame-system",
"hashbrown 0.13.2",
@ -11015,11 +11014,14 @@ dependencies = [
name = "validator-sets-primitives"
version = "0.1.0"
dependencies = [
"ciphersuite",
"dkg",
"parity-scale-codec",
"scale-info",
"serai-primitives",
"serde",
"sp-core",
"sp-std 5.0.0",
"zeroize",
]

15
crypto/dkg/Cargo.toml
View file

@ -37,7 +37,20 @@ rand_core = { version = "0.6", default-features = false, features = ["getrandom"
ciphersuite = { path = "../ciphersuite", version = "0.3", default-features = false, features = ["ristretto"] }
[features]
std = ["thiserror", "rand_core/std", "std-shims/std", "ciphersuite/std", "multiexp/[batch, std]", "schnorr/std", "dleq/serialize"]
std = [
"thiserror",
"rand_core/std",
"std-shims/std",
"ciphersuite/std",
"multiexp/batch",
"multiexp/std",
"schnorr/std",
"dleq/serialize"
]
serde = ["dep:serde"]
tests = ["rand_core/getrandom"]
default = ["std"]

11
processor/src/substrate_signer.rs
View file

@ -20,7 +20,7 @@ use log::{info, debug, warn};
use serai_client::{
primitives::BlockHash,
in_instructions::primitives::{Batch, SignedBatch},
in_instructions::primitives::{Batch, SignedBatch, batch_message},
};
use messages::{sign::SignId, coordinator::*};
@ -253,10 +253,11 @@ impl<D: Db> SubstrateSigner<D> {
Err(e) => todo!("malicious signer: {:?}", e),
};
let (machine, share) = match machine.sign(preprocesses, &self.signable[&id.id].encode()) {
Ok(res) => res,
Err(e) => todo!("malicious signer: {:?}", e),
};
let (machine, share) =
match machine.sign(preprocesses, &batch_message(&self.signable[&id.id])) {
Ok(res) => res,
Err(e) => todo!("malicious signer: {:?}", e),
};
self.signing.insert(id.id, machine);
// Broadcast our share

3
processor/src/tests/substrate_signer.rs
View file

@ -9,7 +9,6 @@ use frost::{
dkg::tests::{key_gen, clone_without},
};
use scale::Encode;
use sp_application_crypto::{RuntimePublic, sr25519::Public};
use serai_db::{DbTxn, Db, MemDb};
@ -143,7 +142,7 @@ async fn test_substrate_signer() {
{
assert_eq!(signed_batch.batch, batch);
assert!(Public::from_raw(actual_id.key.clone().try_into().unwrap())
.verify(&batch.encode(), &signed_batch.signature));
.verify(&batch_message(&batch), &signed_batch.signature));
} else {
panic!("didn't get signed batch back");
}

6
substrate/client/tests/common/in_instructions.rs
View file

@ -1,12 +1,10 @@
use scale::Encode;
use sp_core::Pair;
use serai_client::{
primitives::insecure_pair_from_name,
validator_sets::primitives::{Session, ValidatorSet},
in_instructions::{
primitives::{Batch, SignedBatch},
primitives::{Batch, SignedBatch, batch_message},
InInstructionsEvent,
},
Serai,
@ -32,7 +30,7 @@ pub async fn provide_batch(batch: Batch) -> [u8; 32] {
let block = publish_tx(&Serai::execute_batch(SignedBatch {
batch: batch.clone(),
signature: pair.sign(&batch.encode()),
signature: pair.sign(&batch_message(&batch)),
}))
.await;

13
substrate/client/tests/common/validator_sets.rs
View file

@ -3,18 +3,16 @@ use std::collections::HashMap;
use zeroize::Zeroizing;
use rand_core::OsRng;
use scale::Encode;
use sp_core::{Pair, sr25519::Signature};
use ciphersuite::{group::GroupEncoding, Ciphersuite, Ristretto};
use frost::dkg::musig::*;
use frost::dkg::musig::musig;
use schnorrkel::Schnorrkel;
use serai_client::{
primitives::insecure_pair_from_name,
validator_sets::{
primitives::{ValidatorSet, KeyPair},
primitives::{ValidatorSet, KeyPair, musig_context, musig_key, set_keys_message},
ValidatorSetsEvent,
},
Serai,
@ -31,7 +29,7 @@ pub async fn set_validator_set_keys(set: ValidatorSet, key_pair: KeyPair) -> [u8
let public_key = <Ristretto as Ciphersuite>::read_G::<&[u8]>(&mut public.0.as_ref()).unwrap();
assert_eq!(
serai.get_validator_set_musig_key(set).await.unwrap().unwrap(),
musig_key::<Ristretto>(&[public_key]).unwrap().to_bytes()
musig_key(set, &[public]).0
);
let secret_key = <Ristretto as Ciphersuite>::read_F::<&[u8]>(
@ -39,7 +37,8 @@ pub async fn set_validator_set_keys(set: ValidatorSet, key_pair: KeyPair) -> [u8
)
.unwrap();
assert_eq!(Ristretto::generator() * secret_key, public_key);
let threshold_keys = musig::<Ristretto>(&Zeroizing::new(secret_key), &[public_key]).unwrap();
let threshold_keys =
musig::<Ristretto>(&musig_context(set), &Zeroizing::new(secret_key), &[public_key]).unwrap();
assert_eq!(
serai.get_validator_set_musig_key(set).await.unwrap().unwrap(),
threshold_keys.group_key().to_bytes()
@ -52,7 +51,7 @@ pub async fn set_validator_set_keys(set: ValidatorSet, key_pair: KeyPair) -> [u8
Schnorrkel::new(b"substrate"),
&HashMap::from([(threshold_keys.params().i(), threshold_keys.into())]),
),
&key_pair.encode(),
&set_keys_message(&set, &key_pair),
);
// Vote in a key pair

12
substrate/client/tests/validator_sets.rs
View file

@ -2,13 +2,10 @@ use rand_core::{RngCore, OsRng};
use sp_core::{sr25519::Public, Pair};
use ciphersuite::{group::GroupEncoding, Ciphersuite, Ristretto};
use frost::dkg::musig::musig_key;
use serai_client::{
primitives::{NETWORKS, NetworkId, insecure_pair_from_name},
validator_sets::{
primitives::{Session, ValidatorSet},
primitives::{Session, ValidatorSet, musig_key},
ValidatorSetsEvent,
},
Serai,
@ -56,12 +53,7 @@ serai_test!(
assert_eq!(participants_ref, [(public, set_data.bond)].as_ref());
assert_eq!(
serai.get_validator_set_musig_key(set).await.unwrap().unwrap(),
musig_key::<Ristretto>(&[<Ristretto as Ciphersuite>::read_G::<&[u8]>(
&mut public.0.as_ref()
)
.unwrap()])
.unwrap()
.to_bytes()
musig_key(set, &[public]).0
);
let block = set_validator_set_keys(set, key_pair.clone()).await;

2
substrate/in-instructions/pallet/Cargo.toml
View file

@ -23,7 +23,7 @@ sp-runtime = { git = "https://github.com/serai-dex/substrate", default-features
frame-system = { git = "https://github.com/serai-dex/substrate", default-features = false }
frame-support = { git = "https://github.com/serai-dex/substrate", default-features = false }
serai-primitives = { path = "../..//primitives", default-features = false }
serai-primitives = { path = "../../primitives", default-features = false }
in-instructions-primitives = { path = "../primitives", default-features = false }
tokens-pallet = { path = "../../tokens/pallet", default-features = false }

4
substrate/in-instructions/pallet/src/lib.rs
View file

@ -9,7 +9,7 @@ use sp_runtime::RuntimeDebug;
use serai_primitives::{BlockHash, NetworkId};
pub use in_instructions_primitives as primitives;
use primitives::{InInstruction, InInstructionWithBalance, SignedBatch};
use primitives::*;
#[derive(Clone, Copy, Encode, RuntimeDebug)]
#[cfg_attr(feature = "std", derive(scale::Decode, thiserror::Error))]
@ -141,7 +141,7 @@ pub mod pallet {
}
};
if !key.verify(&batch.batch.encode(), &batch.signature) {
if !key.verify(&batch_message(&batch.batch), &batch.signature) {
Err(InvalidTransaction::BadProof)?;
}

2
substrate/in-instructions/primitives/Cargo.toml
View file

@ -22,7 +22,7 @@ sp-application-crypto = { git = "https://github.com/serai-dex/substrate", defaul
sp-std = { git = "https://github.com/serai-dex/substrate", default-features = false }
sp-runtime = { git = "https://github.com/serai-dex/substrate", default-features = false }
serai-primitives = { path = "../..//primitives", default-features = false }
serai-primitives = { path = "../../primitives", default-features = false }
tokens-primitives = { path = "../../tokens/primitives", default-features = false }
[features]

5
substrate/in-instructions/primitives/src/lib.rs
View file

@ -79,3 +79,8 @@ impl Zeroize for SignedBatch {
self.signature.as_mut().zeroize();
}
}
/// The message for the batch signature.
pub fn batch_message(batch: &Batch) -> Vec<u8> {
[b"InInstructions-batch".as_ref(), &batch.encode()].concat()
}

2
substrate/tokens/pallet/Cargo.toml
View file

@ -20,7 +20,7 @@ frame-support = { git = "https://github.com/serai-dex/substrate", default-featur
pallet-assets = { git = "https://github.com/serai-dex/substrate", default-features = false }
serai-primitives = { path = "../..//primitives", default-features = false }
serai-primitives = { path = "../../primitives", default-features = false }
tokens-primitives = { path = "../primitives", default-features = false }
[features]

2
substrate/tokens/primitives/Cargo.toml
View file

@ -18,7 +18,7 @@ scale-info = { version = "2", default-features = false, features = ["derive"] }
serde = { version = "1", features = ["derive"], optional = true }
serai-primitives = { path = "../..//primitives", default-features = false }
serai-primitives = { path = "../../primitives", default-features = false }
[dev-dependencies]
sp-runtime = { git = "https://github.com/serai-dex/substrate", default-features = false }

9
substrate/validator-sets/pallet/Cargo.toml
View file

@ -14,9 +14,6 @@ rustdoc-args = ["--cfg", "docsrs"]
[dependencies]
hashbrown = { version = "0.13", default-features = false }
ciphersuite = { version = "0.3", path = "../../../crypto/ciphersuite", default-features = false, features = ["ristretto"] }
dkg = { version = "0.4", path = "../../../crypto/dkg", default-features = false }
scale = { package = "parity-scale-codec", version = "3", default-features = false, features = ["derive"] }
scale-info = { version = "2", default-features = false, features = ["derive"] }
@ -31,12 +28,12 @@ validator-sets-primitives = { path = "../primitives", default-features = false }
[features]
std = [
"ciphersuite/std",
"dkg/std",
"scale/std",
"scale-info/std",
"sp-core/std",
"sp-application-crypto/std",
"frame-system/std",
"frame-support/std",

23
substrate/validator-sets/pallet/src/lib.rs
View file

@ -69,23 +69,14 @@ pub mod pallet {
#[pallet::genesis_build]
impl<T: Config> GenesisBuild<T> for GenesisConfig<T> {
fn build(&self) {
use ciphersuite::{group::GroupEncoding, Ciphersuite, Ristretto};
let hash_set = self.participants.iter().map(|key| key.0).collect::<hashbrown::HashSet<[u8; 32]>>();
if hash_set.len() != self.participants.len()
{
let hash_set =
self.participants.iter().map(|key| key.0).collect::<hashbrown::HashSet<[u8; 32]>>();
if hash_set.len() != self.participants.len() {
panic!("participants contained duplicates");
}
let mut participants = Vec::new();
let mut keys = Vec::new();
for participant in self.participants.clone() {
keys.push(
<Ristretto as Ciphersuite>::read_G::<&[u8]>(
&mut participant.0.as_ref(),
)
.expect("invalid participant"),
);
participants.push((participant, self.bond));
}
let participants = BoundedVec::try_from(participants).unwrap();
@ -99,7 +90,7 @@ pub mod pallet {
Some(ValidatorSetData { bond: self.bond, network, participants: participants.clone() }),
);
MuSigKeys::<T>::set(set, Some(Public(dkg::musig::musig_key::<Ristretto>(&keys).unwrap().to_bytes())));
MuSigKeys::<T>::set(set, Some(musig_key(set, &self.participants)));
Pallet::<T>::deposit_event(Event::NewSet { set })
}
}
@ -128,7 +119,7 @@ pub mod pallet {
let Some(musig_key) = MuSigKeys::<T>::get(set) else {
Err(Error::NonExistentValidatorSet)?
};
if !musig_key.verify(&key_pair.encode(), signature) {
if !musig_key.verify(&set_keys_message(&set, key_pair), signature) {
Err(Error::BadSignature)?;
}
@ -179,7 +170,9 @@ pub mod pallet {
let set = ValidatorSet { session, network: *network };
match Self::verify_signature(set, key_pair, signature) {
Err(Error::AlreadyGeneratedKeys) => Err(InvalidTransaction::Stale)?,
Err(Error::NonExistentValidatorSet) | Err(Error::BadSignature) => Err(InvalidTransaction::BadProof)?,
Err(Error::NonExistentValidatorSet) | Err(Error::BadSignature) => {
Err(InvalidTransaction::BadProof)?
}
Err(Error::__Ignore(_, _)) => unreachable!(),
Ok(()) => (),
}

12
substrate/validator-sets/primitives/Cargo.toml
View file

@ -14,15 +14,19 @@ rustdoc-args = ["--cfg", "docsrs"]
[dependencies]
zeroize = { version = "^1.5", features = ["derive"], optional = true }
serde = { version = "1", features = ["derive"], optional = true }
ciphersuite = { path = "../../../crypto/ciphersuite", version = "0.3", default-features = false, features = ["alloc", "ristretto"] }
dkg = { path = "../../../crypto/dkg", version = "0.4", default-features = false }
scale = { package = "parity-scale-codec", version = "3", default-features = false, features = ["derive", "max-encoded-len"] }
scale-info = { version = "2", default-features = false, features = ["derive"] }
serde = { version = "1", features = ["derive"], optional = true }
sp-core = { git = "https://github.com/serai-dex/substrate", default-features = false }
sp-std = { git = "https://github.com/serai-dex/substrate", default-features = false }
serai-primitives = { path = "../..//primitives", default-features = false }
serai-primitives = { path = "../../primitives", default-features = false }
[features]
std = ["zeroize", "scale/std", "scale-info/std", "serde", "sp-core/std", "serai-primitives/std"]
std = ["zeroize", "serde", "ciphersuite/std", "dkg/std", "scale/std", "scale-info/std", "sp-core/std", "sp-std/std", "serai-primitives/std"]
default = ["std"]

45
substrate/validator-sets/primitives/src/lib.rs
View file

@ -3,13 +3,17 @@
#[cfg(feature = "std")]
use zeroize::Zeroize;
use scale::{Encode, Decode, MaxEncodedLen};
use scale_info::TypeInfo;
#[cfg(feature = "std")]
use serde::{Serialize, Deserialize};
use sp_core::{ConstU32, sr25519, bounded::BoundedVec};
use ciphersuite::{group::GroupEncoding, Ciphersuite, Ristretto};
use scale::{Encode, Decode, MaxEncodedLen};
use scale_info::TypeInfo;
use sp_core::{ConstU32, sr25519::Public, bounded::BoundedVec};
#[cfg(not(feature = "std"))]
use sp_std::vec::Vec;
use serai_primitives::{NetworkId, Network, Amount};
@ -37,13 +41,38 @@ pub struct ValidatorSetData {
// Participant and their amount bonded to this set
// Limit each set to 100 participants for now
pub participants: BoundedVec<(sr25519::Public, Amount), ConstU32<100>>,
pub participants: BoundedVec<(Public, Amount), ConstU32<100>>,
}
type MaxKeyLen = ConstU32<MAX_KEY_LEN>;
/// The type representing a Key from an external network.
pub type ExternalKey = BoundedVec<u8, MaxKeyLen>;
/// A Validator Set's Ristretto key, used for signing InInstructions, and their key on the external
/// network.
pub type KeyPair = (sr25519::Public, ExternalKey);
/// The key pair for a validator set.
///
/// This is their Ristretto key, used for signing Batches, and their key on the external network.
pub type KeyPair = (Public, ExternalKey);
/// The MuSig context for a validator set.
pub fn musig_context(set: ValidatorSet) -> Vec<u8> {
[b"ValidatorSets-musig_key".as_ref(), &set.encode()].concat()
}
/// The MuSig public key for a validator set.
///
/// This function panics on invalid input.
pub fn musig_key(set: ValidatorSet, set_keys: &[Public]) -> Public {
let mut keys = Vec::new();
for key in set_keys {
keys.push(
<Ristretto as Ciphersuite>::read_G::<&[u8]>(&mut key.0.as_ref())
.expect("invalid participant"),
);
}
Public(dkg::musig::musig_key::<Ristretto>(&musig_context(set), &keys).unwrap().to_bytes())
}
/// The message for the set_keys signature.
pub fn set_keys_message(set: &ValidatorSet, key_pair: &KeyPair) -> Vec<u8> {
[b"ValidatorSets-key_pair".as_ref(), &(set, key_pair).encode()].concat()
}