Luke Parker
7c86e4593a
Implement Guaranteed Addresses
...
Closes https://github.com/serai-dex/serai/issues/27 .
monero-rs is now solely used for Extra encoding.
2022-06-28 00:01:20 -04:00
Luke Parker
7b70baaa96
Rename transcript-trait to flexible-transcript
...
It offers the trait for flexibility, yet it also offers an incredibly
competent (and logical) transcript format, along with a Merlin wrapper.
2022-06-27 09:02:21 -04:00
Luke Parker
020d246b8f
Reorganize processor's handling of coins
2022-06-24 19:53:41 -04:00
Luke Parker
60254a0171
Reorganize FROST's handling of curves
2022-06-24 19:47:19 -04:00
Luke Parker
6775fb471e
Version bump Transcript trait
...
Preparation for yanking 0.1.0 which had an insecure format due to lack
of length prefixing labels.
2022-06-24 18:59:28 -04:00
Luke Parker
a46524f0ce
Supply a RecommendedTranscript type of DT<Blake2b512>
2022-06-24 18:58:24 -04:00
Luke Parker
963d9eab10
Have DigestTranscript require a 32-byte hash
...
Needed to generate RNG seeds without panicking. Mandates at least a
128-bit security level.
2022-06-24 18:49:04 -04:00
Luke Parker
eb94abb81a
Have DigestTranscript update its digest instead of maintaining a Vec
2022-06-24 18:43:32 -04:00
Luke Parker
7ee9581d67
Use a macro to generate the Secp256k1/P-256 curves
2022-06-24 08:44:12 -04:00
Luke Parker
03e759b1fd
Fix DigestTranscript to be secure
...
Collisions were possible depending on static label substrings. Now,
labels are prefixed by their length to prevent this from being possible.
All variables are also flagged by their type, preventing other potential
conflicts.
2022-06-24 08:42:38 -04:00
Luke Parker
1d4018c1ba
Correct when the decoys distribution lock is acquired
...
The existing design maintained a non-Send object across async contexts.
2022-06-24 08:41:05 -04:00
Luke Parker
1caa6a9606
Enforce FROST StateMachine progression via the type system
...
A comment on the matter was made in
https://github.com/serai-dex/serai/issues/12 . While I do believe the API
is slightly worse, I appreciate the explicitness.
2022-06-24 08:40:14 -04:00
Luke Parker
462d0e74ce
Pre-allocate the distribution
2022-06-20 23:10:13 -04:00
Luke Parker
f10bd5feee
Cache output distribution
...
Also moves to the expected sanity median
2022-06-20 23:00:49 -04:00
Luke Parker
9d817a00b2
Correct Monero's extra length calculation for fee calculation
2022-06-19 12:19:57 -04:00
Luke Parker
b6ea654823
Update the processor to use the coin's specified fee
2022-06-19 12:19:32 -04:00
Luke Parker
f50f249468
Add fee handling code to Monero
...
Updates how change outputs are handled, with a far more logical
construction offering greater flexibility.
prepare_outputs can not longer error. SignaableTransaction::new will.
2022-06-19 12:03:01 -04:00
Luke Parker
71fca06120
Correct monero/processor dependencies
2022-06-19 07:52:03 -04:00
Luke Parker
b49f8cbe4f
Prepare FROST for publishing
2022-06-19 06:38:06 -04:00
Luke Parker
382ff75455
Replace FROST's ff/group usage with just group
2022-06-19 06:36:47 -04:00
Luke Parker
5da1b4fcf8
Prepare multiexp for publishing
2022-06-19 06:35:45 -04:00
Luke Parker
9549dc6a49
Prepare transcript for publishing
2022-06-19 06:35:15 -04:00
Luke Parker
481bf7dcf3
Prepare dalek-ff-group for publishing
2022-06-19 06:34:06 -04:00
Luke Parker
b4c1adcdfb
Rename FROST's official package name and update documentation
2022-06-19 05:21:22 -04:00
Luke Parker
06e37623d0
Slightly clean FROST's dalek support
2022-06-19 05:13:42 -04:00
Luke Parker
32473d9976
Route networking through Wallet, not Coin
2022-06-10 09:36:07 -04:00
Luke Parker
4b8822cb74
Clean input/output handling
...
These individual functions should be much easier to test, more legible,
more robust, and adds additional functionality to obtain the best fit.
2022-06-10 09:12:27 -04:00
Luke Parker
b91279f4ce
Support sending to subaddresses
2022-06-10 02:38:19 -04:00
Luke Parker
1ef528bf8c
Bound decoy selection to prevent it from infinite looping
2022-06-10 00:32:56 -04:00
Luke Parker
e1831ee5af
Error when a message is passed to a Monero TransactionMachine
2022-06-10 00:20:59 -04:00
Luke Parker
8e8bfabc83
Make processor's test for an arbitrary coin, instead of just Monero
2022-06-09 04:34:31 -04:00
Luke Parker
75fb9b3198
Correct input/output selection
...
Payments weren't properly selected, as it'd drain a sequential series
instead of the specified set, and inputs had a memory condition Rust
couldn't prove was safe.
2022-06-09 04:34:15 -04:00
Luke Parker
d611300adb
Error when the wrong spend key is used to sign a transaction
...
Moves decoy selection to being the last step in the multisig process so
the RPC is only polled to continue valid transactions.
2022-06-09 04:05:57 -04:00
Luke Parker
27751d8d98
Successfully get processor to send a transaction out
...
Modifies FROST behavior so group_key has the offset applied regardless
of if view was called. The unaltered secret_share and
verification_shares (as they have differing values depending on the
signing set) are no longer publicly accessible.
2022-06-09 02:48:53 -04:00
Luke Parker
714ce68deb
Add pippenger under multiexp
2022-06-07 00:02:10 -04:00
Luke Parker
670ea3726f
Correct a warning when building Monero without multisig
2022-06-06 04:28:52 -04:00
Luke Parker
ad14d0bfd0
Merge pull request #21 from serai-dex/curves
...
Add first-party support for Ristretto, ed25519, secp256k1, and P-256
2022-06-06 03:28:12 -05:00
Luke Parker
301634dd8e
Add support for Ristretto
...
Replaces P-256 as the curve used for testing FROST.
2022-06-06 04:22:49 -04:00
Luke Parker
e0ce6e5c12
Add Ed25519 to FROST and remove expand_xmd for elliptic_curve's
...
Doesn't fully utilize ec's hash2curve module as k256 Scalar doesn't have
FromOkm for some reason. The previously present bigint reduction is
preserved.
Updates ff/group to 0.12.
Premised on https://github.com/cfrg/draft-irtf-cfrg-frost/pull/205 being
merged, as while this Ed25519 is vector compliant, it's technically not
spec compliant due to that conflict.
2022-06-06 02:18:25 -04:00
Luke Parker
55a895d65a
Add first party support for k256 and p256 under feature flags
...
Given the lack of vectors for k256, it's currently a match of the p256
spec (with a distinct context string), yet p256 is still always used
when testing.
2022-06-05 16:08:51 -04:00
Luke Parker
5313210526
Monero prepare_send
2022-06-05 15:10:50 -04:00
Luke Parker
fdb1929ba4
Move to Arc/RwLock
2022-06-05 07:33:15 -04:00
Luke Parker
a46432b829
Add a proper database trait
2022-06-05 06:00:21 -04:00
Luke Parker
3617ed4eb7
Use const values for our traits where we can
2022-06-03 23:22:08 -04:00
Luke Parker
b83ca7d666
Implement a basic TX IO selector algorithm
2022-06-03 22:46:48 -04:00
Luke Parker
9b52cf4d20
Generalize out the FROST test for signing/signing with an offset
...
Moves Schnorr signature tests from test_curve to the new test_schnorr,
which is more a test_frost.
Relevant to https://github.com/serai-dex/serai/issues/9 .
2022-06-03 19:08:25 -04:00
Luke Parker
33241a5bb6
Fill out dalek-ff-group a bit more
2022-06-03 15:35:42 -04:00
Luke Parker
f8d127bf8a
Add FROST Ed25519 test vectors
2022-06-03 03:56:17 -04:00
Luke Parker
b4cd29f49a
Finish implementing FROST v5
...
Identity check for P256 and H4 was all that was needed.
2022-06-03 02:00:38 -04:00
Luke Parker
e4fc469e58
Use a transcript when generating the per-chain binding for a given set of keys
...
While it was fine as-is, as it only had one variable length property,
this is a bit more robust. Also binds the Curve ID, which should declare
differently even for just different basepoints, and therefore adds two
variable length properties (justifying the transcript).
2022-06-03 01:37:12 -04:00