Commit graph

318 commits

Author SHA1 Message Date
Luke Parker
5599a052ad
Run latest nightly clippy
Also runs clippy on the tests and updates the CI accordingly
2023-01-01 04:18:23 -05:00
Luke Parker
5b3c9bf5d0
DKG Blame (#196)
* Standardize the DLEq serialization function naming

They mismatched from the rest of the project.

This commit is technically incomplete as it doesn't update the dkg crate.

* Rewrite DKG encryption to enable per-message decryption without side effects

This isn't technically true as I already know a break in this which I'll
correct for shortly.

Does update documentation to explain the new scheme. Required for blame.

* Add a verifiable system for blame during the FROST DKG

Previously, if sent an invalid key share, the participant would realize that
and could accuse the sender. Without further evidence, either the accuser
or the accused could be guilty. Now, the accuser has a proof the accused is
in the wrong.

Reworks KeyMachine to return BlameMachine. This explicitly acknowledges how
locally complete keys still need group acknowledgement before the protocol
can be complete and provides a way for others to verify blame, even after a
locally successful run.

If any blame is cast, the protocol is no longer considered complete-able
(instead aborting). Further accusations of blame can still be handled however.

Updates documentation on network behavior.

Also starts to remove "OnDrop". We now use Zeroizing for anything which should
be zeroized on drop. This is a lot more piece-meal and reduces clones.

* Tweak Zeroizing and Debug impls

Expands Zeroizing to be more comprehensive.

Also updates Zeroizing<CachedPreprocess([u8; 32])> to
CachedPreprocess(Zeroizing<[u8; 32]>) so zeroizing is the first thing done
and last step before exposing the copy-able [u8; 32].

Removes private keys from Debug.

* Fix a bug where adversaries could claim to be using another user's encryption keys to learn their messages

Mentioned a few commits ago, now fixed.

This wouldn't have affected Serai, which aborts on failure, nor any DKG
currently supported. It's just about ensuring the DKG encryption is robust and
proper.

* Finish moving dleq from ser/deser to write/read

* Add tests for dkg blame

* Add a FROST test for invalid signature shares

* Batch verify encrypted messages' ephemeral keys' PoP
2023-01-01 01:54:18 -05:00
Luke Parker
35a4f5bf9f
Use count instead of iter.map(|_| 1).sum
Also replaces the expectation the miner TX was first with a check for
Input::Gen.
2022-12-24 15:17:49 -05:00
Luke Parker
3ec5189fbf
Use Zeroize for the ViewPair 2022-12-14 09:27:49 -05:00
Luke Parker
25f1549c6c
Move verify_share to return batch-verifiable statements
While the previous construction achieved n/2 average detection,
this will run in log2(n). Unfortunately, the need to keep entropy
around (or take in an RNG here) remains.
2022-12-13 20:31:00 -05:00
Luke Parker
9c65518dc3
Have included return a reference instead of a cloned Vec 2022-12-13 19:40:54 -05:00
Luke Parker
4871fc7441 Update scan.rs 2022-12-12 11:27:42 -05:00
Luke Parker
259e5815c8
Correct global index offsetting
Technically, non-0-amount outputs can still appear and this considered them
as part of the global 0-amount pool. Now, only outputs which are 0-amount are
counted.
2022-12-11 10:26:11 -05:00
akildemir
d5a5704ba4
support add/read multiple arbitrary tx data (#189)
* support add/read multiple arbitrary tx  data

* fix clippy errors

* resolve pr issues
2022-12-09 10:58:11 -05:00
Luke Parker
9e82416e7d
Correct derives on errors 2022-12-09 09:50:00 -05:00
Luke Parker
af86b7a499
Support caching preprocesses in FROST (#190)
* Remove the explicit included participants from FROST

Now, whoever submits preprocesses becomes the signing set. Better separates
preprocess from sign, at the cost of slightly more annoying integrations
(Monero needs to now independently lagrange/offset its key images).

* Support caching preprocesses

Closes https://github.com/serai-dex/serai/issues/40.

I *could* have added a serialization trait to Algorithm and written a ton of
data to disk, while requiring Algorithm implementors also accept such work.
Instead, I moved preprocess to a seeded RNG (Chacha20) which should be as
secure as the regular RNG. Rebuilding from cache simply loads the previously
used Chacha seed, making the Algorithm oblivious to the fact it's being
rebuilt from a cache. This removes any requirements for it to be modified
while guaranteeing equivalency.

This builds on the last commit which delayed determining the signing set till
post-preprocess acquisition. Unfortunately, that commit did force preprocess
from ThresholdView to ThresholdKeys which had visible effects on Monero.

Serai will actually need delayed set determination for #163, and overall,
it remains better, hence it's inclusion.

* Document FROST preprocess caching

* Update ethereum to new FROST

* Fix bug in Monero offset calculation and update processor
2022-12-08 19:04:35 -05:00
Luke Parker
bec92c10ad
Update to ethers 1.0
Removes rust_decimal as a depend, which added borsh and multiple other misc
packages in the previous commit.
2022-12-07 18:05:06 -05:00
akildemir
ba157ea84b
fix for #166 & cleanup (#184)
* add vscode

* fix for #166 & cleanup

* remove unused self

* fix issues on pr
2022-12-07 10:08:04 -05:00
Luke Parker
7d3a06ac05
Add missing mine_blocks call to the Monero test runner 2022-12-06 06:02:13 -05:00
Luke Parker
8f352353ba
Write a test runner for Monero transactions
Also includes a few fixes for the library itself. Supersedes #172.
2022-12-05 17:25:09 -05:00
Luke Parker
0350cd803d
Add debug assertions to CLSAG/Bulletproofs proving 2022-12-01 11:50:03 -05:00
Luke Parker
f0957c8d52
Add a builder API to the Monero library
Enables more composable construction flows.
2022-12-01 11:35:05 -05:00
Luke Parker
3f503d92fb
Remove dbg! from previous commit 2022-11-24 04:57:25 -05:00
Luke Parker
409d1151b2
Add dbg to help resolve https://github.com/serai-dex/serai/issues/166 2022-11-23 22:15:50 -05:00
Luke Parker
4a3178ed8f
Support handling addresses from other networks
A type alias of MoneroAddress is provided to abstract away the generic. 
To keep the rest of the library sane, MoneroAddress is used everywhere.

If someone wants to use this library with another coin, they *should* be 
able to parse a custom address and then recreate it as a Monero address. 
While that's annoying to them, better them than any person using this 
lib for Monero.

Closes #152.
2022-11-15 00:06:15 -05:00
Luke Parker
83060a914a
Have the RPC return the unsupported version when Unsupported 2022-11-14 23:56:28 -05:00
Luke Parker
6acbfdcc45
Support custom Monero protocol definitions 2022-11-14 23:28:39 -05:00
Luke Parker
6f9cf510da
Support an authenticated Monero RPC
Closes https://github.com/serai-dex/serai/issues/143.
2022-11-14 23:24:35 -05:00
Luke Parker
b05a223b69
Monero json_rpc_call 2022-11-14 21:49:49 -05:00
Luke Parker
84de427d72
Fix https://github.com/serai-dex/serai/issues/150 2022-11-10 22:35:09 -05:00
Luke Parker
be61bff074
cargo fmt 2022-11-05 18:47:57 -04:00
Luke Parker
8de465af87
Have Transcript::append_message take in AsRef<[u8]>, not &[u8]
Simplifies calling it.
2022-11-05 18:43:36 -04:00
github-actions[bot]
8e53522780
November 2022 - Rust Nightly Update (#144)
* Update nightly

* Have the latest nightly clippy pass

Co-authored-by: GitHub Actions <>
Co-authored-by: Luke Parker <lukeparker5132@gmail.com>
2022-11-01 00:03:36 -05:00
Luke Parker
6ef624ab7e
Correct monero's dev dependencies 2022-10-29 05:52:56 -04:00
Luke Parker
e67e406d95
Correct ed448 versioning 2022-10-29 05:25:58 -04:00
Luke Parker
2379855b31
Create a dedicated crate for the DKG (#141)
* Add dkg crate

* Remove F_len and G_len

They're generally no longer used.

* Replace hash_to_vec with a provided method around associated type H: Digest

Part of trying to minimize this trait so it can be moved elsewhere. Vec, 
which isn't std, may have been a blocker.

* Encrypt secret shares within the FROST library

Reduces requirements on callers in order to be correct.

* Update usage of Zeroize within FROST

* Inline functions in key_gen

There was no reason to have them separated as they were. sign probably 
has the same statement available, yet that isn't the focus right now.

* Add a ciphersuite package which provides hash_to_F

* Set the Ciphersuite version to something valid

* Have ed448 export Scalar/FieldElement/Point at the top level

* Move FROST over to Ciphersuite

* Correct usage of ff in ciphersuite

* Correct documentation handling

* Move Schnorr signatures to their own crate

* Remove unused feature from schnorr

* Fix Schnorr tests

* Split DKG into a separate crate

* Add serialize to Commitments and SecretShare

Helper for buf = vec![]; .write(buf).unwrap(); buf

* Move FROST over to the new dkg crate

* Update Monero lib to latest FROST

* Correct ethereum's usage of features

* Add serialize to GeneratorProof

* Add serialize helper function to FROST

* Rename AddendumSerialize to WriteAddendum

* Update processor

* Slight fix to processor
2022-10-29 03:54:42 -05:00
Luke Parker
cbceaff678
Create dedicated message structures for FROST messages (#140)
* Create message types for FROST key gen

Taking in reader borrows absolutely wasn't feasible. Now, proper types
which can be read (and then passed directly, without a mutable borrow)
exist for key_gen. sign coming next.

* Move FROST signing to messages, not Readers/Writers/Vec<u8>

Also takes the nonce handling code and makes a dedicated file for it, 
aiming to resolve complex types and make the code more legible by 
replacing its previously inlined state.

* clippy

* Update FROST tests

* read_signature_share

* Update the Monero library to the new FROST packages

* Update processor to latest FROST

* Tweaks to terminology and documentation
2022-10-25 23:17:25 -05:00
Luke Parker
19488cf446
Fill out Cargo.tomls
Updated missing fields/sections, even if some won't be used, to 
standardize.

Also made FROST tests feature-gated.
2022-10-15 23:46:22 -04:00
Luke Parker
e5955f82c7
Remove Monero RPC panics for an invalid/malicious node 2022-10-15 22:32:56 -04:00
Luke Parker
514563cef0
Remove height as a term
Unbeknowst to me, height doesn't have a universal definition of the 
chain length.

Bitcoin defines height as the block number, with getblockcount existing 
for the chain length.

Ethereum uses the unambiguous term "block number".

Monero defines height as both the block number and the chain length.

Instead of arguing about who's right, it's agreed it referring to both 
isn't productive. While we could provide our own definition, taking a 
side, moving to the unambiguous block number prevents future hiccups.

height is now only a term in the Monero code, where it takes its 
Monero-specific definition, as documented in the processor.
2022-10-15 21:39:06 -04:00
Luke Parker
4629e88a28
Add is_confirmed with a TODO: Remove
Closes https://github.com/serai-dex/serai/issues/129.
2022-10-15 19:51:59 -04:00
Luke Parker
9ff4cfab0d
Add a repository field to monero-generators 2022-09-29 10:37:25 -04:00
Luke Parker
503ae02cae
Version bump monero-generators to consolidate a dependency 2022-09-29 10:36:40 -04:00
Luke Parker
695f7ec5f9
Version bump Monero for documentation purposes 2022-09-29 10:35:11 -04:00
Luke Parker
8da0743361
Use sha3 in monero-generators 2022-09-29 08:08:49 -04:00
Luke Parker
7870084b9e
Add further FROST documentation 2022-09-29 06:02:43 -04:00
Luke Parker
ca091a5f04
Expand and correct documentation 2022-09-29 05:25:29 -04:00
Luke Parker
19cd609cba
Use doc_auto_cfg 2022-09-29 04:47:55 -04:00
Luke Parker
8b0f0a3713
Publish an alpha version of the Monero crate (#123)
* Label the version as an alpha

* Add versions to Cargo.tomls

* Update to Zeroize 1.5

* Drop patch versions from monero-serai Cargo.toml

* Add a repository field

* Move generators to OUT_DIR

IIRC, I didn't do this originally as it constantly re-generated them. 
Unfortunately, since cargo is complaining about .generators, we have to.

* Remove Timelock::fee_weight

Transaction::fee_weight's has a comment, "Assumes Timelock::None since 
this library won't let you create a TX with a timelock". Accordingly, 
this is dead code.
2022-09-29 01:24:33 -05:00
Luke Parker
49749d96a0
Replace tiny_keccak with sha3 in Monero 2022-09-28 09:29:58 -04:00
Luke Parker
fd48bbd15e
Initial documentation for the Monero libraries (#122)
* Document all features

* Largely document the Monero libraries

Relevant to https://github.com/serai-dex/serai/issues/103 and likely 
sufficient to get this removed from 
https://github.com/serai-dex/serai/issues/102.
2022-09-28 07:44:49 -05:00
Luke Parker
f48a48ec3f
Support v1 transactions
Closes https://github.com/serai-dex/serai/issues/117.
2022-09-28 05:28:42 -04:00
Luke Parker
65c20638ce
fmt/clippy 2022-09-17 04:35:08 -04:00
Luke Parker
31b64b3082
Update according to the latest clippy 2022-09-04 21:23:38 -04:00
Luke Parker
faa43b6874
Move the featured address vectors to a vectors folder 2022-08-31 01:01:51 -04:00
Luke Parker
c5256d9b06
Use ChaCha20 instead of ChaCha12
Despite being slower and only used for blinding values, its still 
extremely performant. 20 is far more standard and will avoid an eye 
raise from reviewers.
2022-08-30 20:01:46 -04:00
Luke Parker
6093f4ec93
Fix clippy 2022-08-30 16:48:59 -04:00
Luke Parker
139dcde69c
Support including arbitrary data in TXs and return it with outputs
Fixes a bug where all payments identified as being to (0, 0) instead of 
their actual subaddress.
2022-08-30 15:42:23 -04:00
Luke Parker
8d56c43f5e
Update to work against the latest foundry
Links the Ethereum contract tests as well
2022-08-30 02:13:53 -04:00
Luke Parker
6045f4ae59
fmt/clippy for previous commit 2022-08-30 01:05:18 -04:00
Luke Parker
d620231530
Remove Monero torsion-free requirement and make output keys 32 bytes
Maintains the torsion-free requirement in the one place it's used (key 
images).

In the modern day, the output keys are checked to be points, yet in 
older protocol versions they were allowed to be arbitrary bytes.

Closes https://github.com/serai-dex/serai/issues/23 and 
https://github.com/serai-dex/serai/issues/25.
2022-08-30 01:02:55 -04:00
Luke Parker
4881ddae87
Update Monero crate description 2022-08-25 04:02:30 -04:00
Luke Parker
546b772be3
Clarify licensing per https://github.com/serai-dex/serai/issues/13
Implements bullets 2-4 of 
https://github.com/serai-dex/serai/issues/13#issuecomment-1212689876.
2022-08-25 04:02:13 -04:00
Luke Parker
5b2940e161
Lint previous commit 2022-08-22 13:35:49 -04:00
Luke Parker
5c106cecf6
Fix https://github.com/serai-dex/serai/issues/105 2022-08-22 12:15:14 -04:00
Luke Parker
5a1f011db8
Fix https://github.com/serai-dex/serai/issues/106 2022-08-22 08:57:36 -04:00
Luke Parker
5751204a98
Introduce a subaddress capable scanner type 2022-08-22 08:32:09 -04:00
Luke Parker
19f5fd8fe9
Include subaddress and payment ID in SpendableOutput 2022-08-22 07:22:54 -04:00
Luke Parker
f0b914c721
Support sending to integrated addresses 2022-08-22 06:54:01 -04:00
Luke Parker
331aa6c644
Implement Featured Addresses
Closes https://github.com/serai-dex/serai/issues/37.
2022-08-22 04:27:58 -04:00
Luke Parker
3fffea178f
Visibility fixes 2022-08-21 11:29:01 -04:00
Luke Parker
d596eeee6e
Update visibility of various items in Monero 2022-08-21 11:06:17 -04:00
Luke Parker
60d93c4b2d
Update BP fee_weight
Closes https://github.com/serai-dex/serai/issues/8.
2022-08-21 10:35:10 -04:00
Luke Parker
755d021f8e
Canonicalize read_varint
There is a slight note we only implement u64 varint's, while Monero does 
it for arbitrary uints, yet that's not relevant at this time. It is 
documented in #25.
2022-08-21 08:58:28 -04:00
Luke Parker
c5beee5648
Fix #48
Removes monero, yet we still use monero-rs's base58 and epee libraries.
2022-08-21 08:41:19 -04:00
Luke Parker
d12507e612
Fix a DoS in Monero
A malicious TX could cause an arbitrary amount of memory to be allocated 
despite not even containing that amount of data.
2022-08-21 07:52:49 -04:00
Luke Parker
8af3a9ea51
Correct Monero build script 2022-08-21 06:48:59 -04:00
Luke Parker
603a3f8c9f
Generate Bulletproofs(+) generators at compile time
Creates a new monero-generators crate so the monero crate can run the 
code in question at build time.

Saves several seconds from running the tests.

Closes https://github.com/serai-dex/serai/issues/101.
2022-08-21 06:36:53 -04:00
Luke Parker
577fe99a08
Fix https://github.com/serai-dex/serai/issues/18 2022-08-21 05:13:07 -04:00
Luke Parker
00d61286b1
Lint Monero serialization 2022-08-21 04:41:55 -04:00
Luke Parker
76db682a25
Replace static Scalar with a uint conversion in BP+ 2022-08-21 00:46:23 -04:00
Luke Parker
96a49d8a88
Remove unnecessary parentheses 2022-08-12 15:53:48 -04:00
Luke Parker
797be71eb3
Utilize zeroize (#76)
* Apply Zeroize to nonces used in Bulletproofs

Also makes bit decomposition constant time for a given amount of 
outputs.

* Fix nonce reuse for single-signer CLSAG

* Attach Zeroize to most structures in Monero, and ZOnDrop to anything with private data

* Zeroize private keys and nonces

* Merge prepare_outputs and prepare_transactions

* Ensure CLSAG is constant time

* Pass by borrow where needed, bug fixes

The past few commitments have been one in-progress chunk which I've 
broken up as best read.

* Add Zeroize to FROST structs

Still needs to zeroize internally, yet next step. Not quite as 
aggressive as Monero, partially due to the limitations of HashMaps, 
partially due to less concern about metadata, yet does still delete a 
few smaller items of metadata (group key, context string...).

* Remove Zeroize from most Monero multisig structs

These structs largely didn't have private data, just fields with private 
data, yet those fields implemented ZeroizeOnDrop making them already 
covered. While there is still traces of the transaction left in RAM, 
fully purging that was never the intent.

* Use Zeroize within dleq

bitvec doesn't offer Zeroize, so a manual zeroing has been implemented.

* Use Zeroize for random_nonce

It isn't perfect, due to the inability to zeroize the digest, and due to 
kp256 requiring a few transformations. It does the best it can though.

Does move the per-curve random_nonce to a provided one, which is allowed 
as of https://github.com/cfrg/draft-irtf-cfrg-frost/pull/231.

* Use Zeroize on FROST keygen/signing

* Zeroize constant time multiexp.

* Correct when FROST keygen zeroizes

* Move the FROST keys Arc into FrostKeys

Reduces amount of instances in memory.

* Manually implement Debug for FrostCore to not leak the secret share

* Misc bug fixes

* clippy + multiexp test bug fixes

* Correct FROST key gen share summation

It leaked our own share for ourself.

* Fix cross-group DLEq tests
2022-08-03 03:25:18 -05:00
Luke Parker
a30568ff57
Add init function for BP statics
Considering they take 7 seconds to generate, thanks to #68, the ability 
to generate them at the start instead of on first BP is greatly 
appreciated.

Also performs minor cleanups regarding BPs.
2022-08-02 15:52:27 -04:00
Luke Parker
9221dbf048
Bulletproofs+ Verification 2022-08-01 23:30:24 -04:00
Luke Parker
d07fe34a24
Reorganize bulletproofs 2022-07-31 23:12:45 -04:00
Luke Parker
1c4707136c
Ban unreduced points in Monero 2022-07-31 22:46:46 -04:00
Luke Parker
6340607827
BP Verification (#75)
* Use a struct in an enum for Bulletproofs

* verification bp working for just one proof

* add some more assert tests

* Clean BP verification

* Implement batch verification

* Add a debug assertion w_cache isn't 0

It's initially set to 0 and if not updated, this would be broken.

* Correct Monero workflow yaml

* Again try to corrent Monero workflow yaml

* Again

* Finally

* Re-apply weights as required by Bulletproofs

Removing these was insecure and my fault.

Co-authored-by: DangerousFreedom <dangfreed@tutanota.com>
2022-07-31 21:45:53 -05:00
Luke Parker
8f76e67f57
Rename dleq-serai to dleq 2022-07-30 18:35:39 -04:00
Luke Parker
534f951165
Consolidate GitHub CI actions, split out Monero (#71)
* Consolidate GitHub CI actions, split out Monero

build now includes the specified Rust toolchain/components.

Added a test dependencies action which grabs Foundry and Monero.

Split the Monero v14 job into a matrixed job in its own workflow flow. 
It's now only run when Monero has changes.

* Correct Monero unit/integration tests run timing

Additionally tests a feature-less Monero build.

Also removes a pointless Monero file, which already should have been 
removed, causing this workflow to be triggered.

* Correct exclusion and paths

Updates to FROST should re-run the Monero tests to ensure it didn't 
introduce API incompatibilities.
2022-07-29 09:36:09 -05:00
Luke Parker
bba93a64c2
Implement view tags 2022-07-27 06:29:14 -04:00
Luke Parker
755dc84859
Replace rand with rand_core where possible
Turns out rand_core offers OsRng.
2022-07-27 05:45:08 -04:00
Luke Parker
023afaf7ce
Bulletproofs+ (#70)
* Initial stab at Bulletproofs+

Does move around the existing Bulletproofs code, does still work as 
expected.

* Make the Clsag RCTPrunable type work with BP and BP+

* Initial set of BP+ bug fixes

* Further bug fixes

* Remove RING_LEN as a constant

* Monero v16 TX support

Doesn't implement view tags, nor going back to v14, nor the updated BP 
clawback logic.

* Support v14 and v16 at the same time
2022-07-27 04:05:43 -05:00
Luke Parker
37b8e3c025
Modularize Bulletproofs in prep for BP+ 2022-07-26 08:06:56 -04:00
Luke Parker
60e15d5160
Remove re-calculation of N
Moves most BP assertions to debug.
2022-07-26 05:31:15 -04:00
Luke Parker
7d9834be87
Correct clippy, remove Monero build depends 2022-07-26 03:48:46 -04:00
Luke Parker
696da8228e
Remove Monero as a dependency
Introduces missing CLSAG checks. The only difference now should be the 
additional rejection of torsioned points, which is relevant to 
https://github.com/serai-dex/serai/issues/25. Considering this is only 
currently used for FROST verification, this should be fine.

Closes https://github.com/serai-dex/serai/issues/19 by making it 
irrelevant.

Increases priority of https://github.com/serai-dex/serai/issues/68, as 
now it's used for the BP generators which are done at first-proof.

Also merges BP's stricter hash_to_point with the library's, since CLSAG 
has the same bound.
2022-07-26 03:25:57 -04:00
Luke Parker
ee29f6d6d8
Implement Bulletproofs in Rust (#69)
* Initial attempt at Bulletproofs

I don't know why this doesn't work. The generators and hash_cache lines
up without issue. AFAICT, the inner product proof is valid as well, as
are all included formulas.

* Add yinvpow asserts

* Clean code

* Correct bad imports

* Fix the definition of TWO_N

Bulletproofs work now :D

* Tidy up a bit

* fmt + clippy

* Compile a variety of XMR dependencies with optimizations, even under dev

The Rust bulletproof implementation is 8% slower than C right now, under 
release. This is acceptable, even if suboptimal. Under debug, they take 
a quarter of a second to two seconds though, depending on the amount of 
outputs, which justifies this move.

* Remove unnecessary deref in BPs
2022-07-26 02:05:15 -05:00
Luke Parker
f25bd88030
Test bulletproof creation and verification 2022-07-24 09:00:55 -04:00
Luke Parker
10ab467160
Don't use a constant for H yet re-calculate it 2022-07-24 08:57:33 -04:00
Luke Parker
42d62c38b9
Remove the Monero build (#64)
* Remove the Monero CMake and make

* Download the Monero daemon instead of building it

* Cache the Monero daemon

Prevents hammering the Monero servers, should reduce CI time.

* Correct YAML

* Add back sodium-dev

* Create an independent job for downloading the Monero daemon

Improves parallelism while decreasing the amount of work re-done if 
build fails. Also increases modularity.

* Correct Monero job definition

* Correct skipping the Monero download on cache hit
2022-07-23 03:35:32 -05:00
Luke Parker
b80c1bec4c
Update dependencies
ethers previously used a git spec due to depending on not-yet-published 
updates. Now that they've been released, a properly published version is 
used.
2022-07-22 12:36:30 -04:00
noot
bd93d6ec8a
set up CI (#45)
* begin to setup ci

* attempt to fix build

* fix paths in build script

* fix

* satisfy clippy

* update fmt check to use nightly

* use nightly for build

* fmt

* fix fmt install

* update test script

* try to fix fmt

* merge w develop

* maybe fix build script

* install wasm toolchain

* install solc-select, use stable rust to build

* Correct clippy warnings

Currently intended to be done with:
cargo clippy --features "recommended merlin batch serialize experimental 
ed25519 ristretto p256 secp256k1 multisig" -- -A clippy::type_complexity 
-A dead_code

* Remove try-runtime

I tried to get this to work for an hour. I have no idea why it doesn't, 
yet it doesn't.

* Rewrite workflow

Splits tasks into a more modular structure. Also uses 
actions-rs/toolchain.

* Add a cache

* Immediately try building ETH/Monero while this is fixed

Adds solc-select use.

* Revert selective advance building of ETH/XMR

ETH builds now, so it hopefully should work now.

Also moves from on push to on push to develop.

* Install Monero runtime dependencies

Specify missing Rust toolchain setting.

* Correct multi-line commands

* Fix multi-line commands again

Cache Ethereum artifacts.

* Add Foundry

* Move Clippy under build

* Minimal rustup

Adds wasm Clippy. Puts Clippy before build.

* Use nightly clippy

* Remove old clippy call from under build

* Have the Monero build script support ARCH specification

Requirement for CI.

* Add WASM toolchain to tests

* Remove Ethereum cache which did not work as needed

* Remove extraneous quotes which broke builds on Arch

Co-authored-by: Luke Parker <lukeparker5132@gmail.com>
2022-07-22 11:31:29 -05:00
Luke Parker
76a7160ea5
Correct clippy warnings
Currently intended to be done with:
cargo clippy --features "recommended merlin batch serialize experimental 
ed25519 ristretto p256 secp256k1 multisig" -- -A clippy::type_complexity 
-A dead_code
2022-07-22 02:35:17 -04:00
silverpill
194c5acebb Fix compilation errors in monero-serai 2022-07-17 16:55:49 -05:00
Luke Parker
2bddce2087
Add a patch for zip so ethereum-serai doesn't conflict with Substrate
Also commits the lock file and updates documentation.
2022-07-16 17:49:35 -04:00
noot
c589743e2b
ethereum: implement schnorr verification contract deployment and related crypto (#36)
* basic schnorr verify working

* add schnorr-verify as submodule

* remove previous code

* Misc Ethereum work which will probably be disregarded

* add ecrecover hack test, worksgit add src/

* merge w develop

* starting w/ rust-web3

* trying to use ethers

* deploy_schnorr_verifier_contract finally working

* modify EthereumHram to use 27/28 for point parity

* updated address calc, solidity schnorr verify now working

* add verify failure to test

* update readme

* move ethereum/ to coins/

* un fmt coins/monero

* update .gitmodules

* fix cargo paths

* fix coins/monero

* add #[allow(non_snake_case)]

* un-fmt stuff

* move crypto to coins/ethereum

* move unit tests to ethereum/tests

* remove js, build w ethers

* update .gitignore

* address comments

* add q != 0 check

* update contract param order

* update contract license to AGPL

* update ethereum-serai license to GPL and fmt

* GPLv3 for ethereum-serai

* AGPLv3 for ethereum-serai

* actually fix license

Co-authored-by: Luke Parker <lukeparker5132@gmail.com>
2022-07-16 16:45:41 -05:00
Luke Parker
e67033a207 Apply an initial set of rustfmt rules 2022-07-16 15:16:30 -05:00
Luke Parker
5ede5b9e8f
Update the DLEq proof for any amount of generators
The two-generator limit wasn't required nor beneficial. This does 
theoretically optimize FROST, yet not for any current constructions. A 
follow up proof which would optimize current constructions has been 
noted in #38.

Adds explicit no_std support to the core DLEq proof.

Closes #34.
2022-07-13 23:29:48 -04:00
Luke Parker
95a4101a9a
Tweak the hash_to_point test
It ran for too long and had a "test_" prefix not shared with other 
tests.
2022-07-13 02:48:36 -04:00
Luke Parker
6cc8ce840e
Move FROST to Read
Fixes https://github.com/serai-dex/serai/issues/33 and 
https://github.com/serai-dex/serai/issues/35. Also fixes a few potential 
panics/DoS AFAICT.
2022-07-13 02:38:29 -04:00
Luke Parker
d81f6270c7
Version bump and synchronize packages
Uses "dleq-serai", instead of "dleq", as the dleq crate name hasn't been 
transferred yet :(
2022-07-12 03:38:59 -04:00
Luke Parker
5eb61f3a87
Fix https://github.com/serai-dex/serai/issues/14. 2022-07-12 01:28:01 -04:00
Luke Parker
953a873338
Implement hash_to_point in Rust
Closes https://github.com/serai-dex/serai/issues/32.
2022-07-10 16:12:49 -04:00
Luke Parker
854fca3806
Close https://github.com/serai-dex/serai/issues/30.
An extremely minimal subset of Monero is now all that's built, and I'm 
sufficiently happy with it.
2022-07-09 21:51:39 -04:00
Luke Parker
53267a46c8
Return Timelocked instead of (Timelock, Vec<SpendableOutput>)
Timelocked doesn't expose the Vec yet requires calling not_locked(), 
unlocked(Timelock), or ignore_timelock().
2022-07-09 18:53:52 -04:00
Luke Parker
c5f75568cd
Add READMEs to Serai and Monero 2022-07-08 16:23:26 -04:00
Luke Parker
f7106f09ed
Add further must_uses 2022-07-07 14:28:42 -04:00
Luke Parker
6c76458063
Statically link Monero
Closes https://github.com/serai-dex/serai/issues/11.
2022-07-07 14:13:24 -04:00
Luke Parker
7d13be5797
Update Monero submodule 2022-07-07 09:53:31 -04:00
Luke Parker
5d115f1e1c
Implement a DLEq library
While Serai only needs the simple DLEq which was already present under 
monero, this migrates the implementation of the cross-group DLEq I 
maintain into Serai. This was to have full access to the ecosystem of 
libraries built under Serai while also ensuring support for it.

The cross_group curve, which is extremely experimental, is feature 
flagged off. So is the built in serialization functionality, as this 
should be possible to make nostd once const generics are full featured, 
yet the implemented serialization adds the additional barrier of 
std::io.
2022-06-30 05:42:29 -04:00
Luke Parker
0a690f5632
Update the reference link for Guaranteed Addresses
Also lints Cargo.toml.
2022-06-30 03:16:51 -04:00
Luke Parker
3de7a76051
Use GroupEncoding instead of Curve's from_slice/to_bytes
Increases usage of standardization while expanding dalek_ff_group.

Closes https://github.com/serai-dex/serai/issues/26 by moving 
dfg::EdwardsPoint to only be for the prime subgroup.
2022-06-28 01:25:26 -04:00
Luke Parker
ac17645fc8
Rename MultisigParams/MultisigKeys/MultisigView to Frost* 2022-06-28 00:09:41 -04:00
Luke Parker
7c86e4593a
Implement Guaranteed Addresses
Closes https://github.com/serai-dex/serai/issues/27.

monero-rs is now solely used for Extra encoding.
2022-06-28 00:01:20 -04:00
Luke Parker
7b70baaa96
Rename transcript-trait to flexible-transcript
It offers the trait for flexibility, yet it also offers an incredibly 
competent (and logical) transcript format, along with a Merlin wrapper.
2022-06-27 09:02:21 -04:00
Luke Parker
60254a0171
Reorganize FROST's handling of curves 2022-06-24 19:47:19 -04:00
Luke Parker
a46524f0ce
Supply a RecommendedTranscript type of DT<Blake2b512> 2022-06-24 18:58:24 -04:00
Luke Parker
1d4018c1ba
Correct when the decoys distribution lock is acquired
The existing design maintained a non-Send object across async contexts.
2022-06-24 08:41:05 -04:00
Luke Parker
1caa6a9606
Enforce FROST StateMachine progression via the type system
A comment on the matter was made in 
https://github.com/serai-dex/serai/issues/12. While I do believe the API 
is slightly worse, I appreciate the explicitness.
2022-06-24 08:40:14 -04:00
Luke Parker
462d0e74ce
Pre-allocate the distribution 2022-06-20 23:10:13 -04:00
Luke Parker
f10bd5feee
Cache output distribution
Also moves to the expected sanity median
2022-06-20 23:00:49 -04:00
Luke Parker
9d817a00b2
Correct Monero's extra length calculation for fee calculation 2022-06-19 12:19:57 -04:00
Luke Parker
f50f249468
Add fee handling code to Monero
Updates how change outputs are handled, with a far more logical 
construction offering greater flexibility.

prepare_outputs can not longer error. SignaableTransaction::new will.
2022-06-19 12:03:01 -04:00
Luke Parker
71fca06120
Correct monero/processor dependencies 2022-06-19 07:52:03 -04:00
Luke Parker
b4c1adcdfb
Rename FROST's official package name and update documentation 2022-06-19 05:21:22 -04:00
Luke Parker
32473d9976
Route networking through Wallet, not Coin 2022-06-10 09:36:07 -04:00
Luke Parker
b91279f4ce
Support sending to subaddresses 2022-06-10 02:38:19 -04:00
Luke Parker
1ef528bf8c
Bound decoy selection to prevent it from infinite looping 2022-06-10 00:32:56 -04:00
Luke Parker
e1831ee5af
Error when a message is passed to a Monero TransactionMachine 2022-06-10 00:20:59 -04:00
Luke Parker
d611300adb
Error when the wrong spend key is used to sign a transaction
Moves decoy selection to being the last step in the multisig process so 
the RPC is only polled to continue valid transactions.
2022-06-09 04:05:57 -04:00
Luke Parker
27751d8d98
Successfully get processor to send a transaction out
Modifies FROST behavior so group_key has the offset applied regardless 
of if view was called. The unaltered secret_share and 
verification_shares (as they have differing values depending on the 
signing set) are no longer publicly accessible.
2022-06-09 02:48:53 -04:00
Luke Parker
670ea3726f
Correct a warning when building Monero without multisig 2022-06-06 04:28:52 -04:00
Luke Parker
301634dd8e
Add support for Ristretto
Replaces P-256 as the curve used for testing FROST.
2022-06-06 04:22:49 -04:00
Luke Parker
e0ce6e5c12
Add Ed25519 to FROST and remove expand_xmd for elliptic_curve's
Doesn't fully utilize ec's hash2curve module as k256 Scalar doesn't have 
FromOkm for some reason. The previously present bigint reduction is 
preserved.

Updates ff/group to 0.12.

Premised on https://github.com/cfrg/draft-irtf-cfrg-frost/pull/205 being 
merged, as while this Ed25519 is vector compliant, it's technically not 
spec compliant due to that conflict.
2022-06-06 02:18:25 -04:00
Luke Parker
5313210526
Monero prepare_send 2022-06-05 15:10:50 -04:00
Luke Parker
fdb1929ba4
Move to Arc/RwLock 2022-06-05 07:33:15 -04:00
Luke Parker
3617ed4eb7
Use const values for our traits where we can 2022-06-03 23:22:08 -04:00
Luke Parker
9b52cf4d20
Generalize out the FROST test for signing/signing with an offset
Moves Schnorr signature tests from test_curve to the new test_schnorr, 
which is more a test_frost.

Relevant to https://github.com/serai-dex/serai/issues/9.
2022-06-03 19:08:25 -04:00
Luke Parker
f8d127bf8a
Add FROST Ed25519 test vectors 2022-06-03 03:56:17 -04:00
Luke Parker
b4cd29f49a
Finish implementing FROST v5
Identity check for P256 and H4 was all that was needed.
2022-06-03 02:00:38 -04:00
Luke Parker
e4fc469e58
Use a transcript when generating the per-chain binding for a given set of keys
While it was fine as-is, as it only had one variable length property, 
this is a bit more robust. Also binds the Curve ID, which should declare 
differently even for just different basepoints, and therefore adds two 
variable length properties (justifying the transcript).
2022-06-03 01:37:12 -04:00
Luke Parker
44452d9bfe
Verify being FROST v5 compliant
No functional changes have been made to signing, with solely slight API 
changes being made.

Technically not actually FROST v5 compatible, due to differing on zero 
checks and randomness, yet the vectors do confirm the core algorithm. 
For any valid FROST implementation, this will be interoperable if they 
can successfully communicate. For any devious FROST implementation, this 
will be fingerprintable, yet should still be valid.

Relevant to https://github.com/serai-dex/serai/issues/9 as any curve can 
now specify vectors for itself and be tested against them.

Moves the FROST testing curve from k256 to p256. Does not expose p256 
despite being compliant. It's not at a point I'm happy with it, notably 
regarding hash to curve, and I'm not sure I care to support p256. If it 
has value to the larger FROST ecosystem...
2022-06-03 01:25:46 -04:00
Luke Parker
dfd2f624ee
Implement a proper Monero Timelock type
Transaction scanning now returns the timelock to ensure it's 
acknowledged by wallets.

Fixes https://github.com/serai-dex/serai/issues/16.
2022-06-02 00:00:26 -04:00
Luke Parker
2ae715f899
Ignore transactions which use a timelock 2022-06-01 17:14:57 -04:00