Commit graph

1595 commits

Author SHA1 Message Date
Luke Parker
7c86e4593a
Implement Guaranteed Addresses
Closes https://github.com/serai-dex/serai/issues/27.

monero-rs is now solely used for Extra encoding.
2022-06-28 00:01:20 -04:00
Luke Parker
7b70baaa96
Rename transcript-trait to flexible-transcript
It offers the trait for flexibility, yet it also offers an incredibly 
competent (and logical) transcript format, along with a Merlin wrapper.
2022-06-27 09:02:21 -04:00
Luke Parker
020d246b8f
Reorganize processor's handling of coins 2022-06-24 19:53:41 -04:00
Luke Parker
60254a0171
Reorganize FROST's handling of curves 2022-06-24 19:47:19 -04:00
Luke Parker
6775fb471e
Version bump Transcript trait
Preparation for yanking 0.1.0 which had an insecure format due to lack 
of length prefixing labels.
2022-06-24 18:59:28 -04:00
Luke Parker
a46524f0ce
Supply a RecommendedTranscript type of DT<Blake2b512> 2022-06-24 18:58:24 -04:00
Luke Parker
963d9eab10
Have DigestTranscript require a 32-byte hash
Needed to generate RNG seeds without panicking. Mandates at least a 
128-bit security level.
2022-06-24 18:49:04 -04:00
Luke Parker
eb94abb81a
Have DigestTranscript update its digest instead of maintaining a Vec 2022-06-24 18:43:32 -04:00
Luke Parker
7ee9581d67
Use a macro to generate the Secp256k1/P-256 curves 2022-06-24 08:44:12 -04:00
Luke Parker
03e759b1fd
Fix DigestTranscript to be secure
Collisions were possible depending on static label substrings. Now, 
labels are prefixed by their length to prevent this from being possible. 
All variables are also flagged by their type, preventing other potential 
conflicts.
2022-06-24 08:42:38 -04:00
Luke Parker
1d4018c1ba
Correct when the decoys distribution lock is acquired
The existing design maintained a non-Send object across async contexts.
2022-06-24 08:41:05 -04:00
Luke Parker
1caa6a9606
Enforce FROST StateMachine progression via the type system
A comment on the matter was made in 
https://github.com/serai-dex/serai/issues/12. While I do believe the API 
is slightly worse, I appreciate the explicitness.
2022-06-24 08:40:14 -04:00
Luke Parker
462d0e74ce
Pre-allocate the distribution 2022-06-20 23:10:13 -04:00
Luke Parker
f10bd5feee
Cache output distribution
Also moves to the expected sanity median
2022-06-20 23:00:49 -04:00
Luke Parker
9d817a00b2
Correct Monero's extra length calculation for fee calculation 2022-06-19 12:19:57 -04:00
Luke Parker
b6ea654823
Update the processor to use the coin's specified fee 2022-06-19 12:19:32 -04:00
Luke Parker
f50f249468
Add fee handling code to Monero
Updates how change outputs are handled, with a far more logical 
construction offering greater flexibility.

prepare_outputs can not longer error. SignaableTransaction::new will.
2022-06-19 12:03:01 -04:00
Luke Parker
71fca06120
Correct monero/processor dependencies 2022-06-19 07:52:03 -04:00
Luke Parker
b49f8cbe4f
Prepare FROST for publishing 2022-06-19 06:38:06 -04:00
Luke Parker
382ff75455
Replace FROST's ff/group usage with just group 2022-06-19 06:36:47 -04:00
Luke Parker
5da1b4fcf8
Prepare multiexp for publishing 2022-06-19 06:35:45 -04:00
Luke Parker
9549dc6a49
Prepare transcript for publishing 2022-06-19 06:35:15 -04:00
Luke Parker
481bf7dcf3
Prepare dalek-ff-group for publishing 2022-06-19 06:34:06 -04:00
Luke Parker
b4c1adcdfb
Rename FROST's official package name and update documentation 2022-06-19 05:21:22 -04:00
Luke Parker
06e37623d0
Slightly clean FROST's dalek support 2022-06-19 05:13:42 -04:00
Luke Parker
32473d9976
Route networking through Wallet, not Coin 2022-06-10 09:36:07 -04:00
Luke Parker
4b8822cb74
Clean input/output handling
These individual functions should be much easier to test, more legible, 
more robust, and adds additional functionality to obtain the best fit.
2022-06-10 09:12:27 -04:00
Luke Parker
b91279f4ce
Support sending to subaddresses 2022-06-10 02:38:19 -04:00
Luke Parker
1ef528bf8c
Bound decoy selection to prevent it from infinite looping 2022-06-10 00:32:56 -04:00
Luke Parker
e1831ee5af
Error when a message is passed to a Monero TransactionMachine 2022-06-10 00:20:59 -04:00
Luke Parker
8e8bfabc83
Make processor's test for an arbitrary coin, instead of just Monero 2022-06-09 04:34:31 -04:00
Luke Parker
75fb9b3198
Correct input/output selection
Payments weren't properly selected, as it'd drain a sequential series 
instead of the specified set, and inputs had a memory condition Rust 
couldn't prove was safe.
2022-06-09 04:34:15 -04:00
Luke Parker
d611300adb
Error when the wrong spend key is used to sign a transaction
Moves decoy selection to being the last step in the multisig process so 
the RPC is only polled to continue valid transactions.
2022-06-09 04:05:57 -04:00
Luke Parker
27751d8d98
Successfully get processor to send a transaction out
Modifies FROST behavior so group_key has the offset applied regardless 
of if view was called. The unaltered secret_share and 
verification_shares (as they have differing values depending on the 
signing set) are no longer publicly accessible.
2022-06-09 02:48:53 -04:00
Luke Parker
714ce68deb
Add pippenger under multiexp 2022-06-07 00:02:10 -04:00
Luke Parker
670ea3726f
Correct a warning when building Monero without multisig 2022-06-06 04:28:52 -04:00
Luke Parker
ad14d0bfd0
Merge pull request #21 from serai-dex/curves
Add first-party support for Ristretto, ed25519, secp256k1, and P-256
2022-06-06 03:28:12 -05:00
Luke Parker
301634dd8e
Add support for Ristretto
Replaces P-256 as the curve used for testing FROST.
2022-06-06 04:22:49 -04:00
Luke Parker
e0ce6e5c12
Add Ed25519 to FROST and remove expand_xmd for elliptic_curve's
Doesn't fully utilize ec's hash2curve module as k256 Scalar doesn't have 
FromOkm for some reason. The previously present bigint reduction is 
preserved.

Updates ff/group to 0.12.

Premised on https://github.com/cfrg/draft-irtf-cfrg-frost/pull/205 being 
merged, as while this Ed25519 is vector compliant, it's technically not 
spec compliant due to that conflict.
2022-06-06 02:18:25 -04:00
Luke Parker
55a895d65a
Add first party support for k256 and p256 under feature flags
Given the lack of vectors for k256, it's currently a match of the p256 
spec (with a distinct context string), yet p256 is still always used 
when testing.
2022-06-05 16:08:51 -04:00
Luke Parker
5313210526
Monero prepare_send 2022-06-05 15:10:50 -04:00
Luke Parker
fdb1929ba4
Move to Arc/RwLock 2022-06-05 07:33:15 -04:00
Luke Parker
a46432b829
Add a proper database trait 2022-06-05 06:00:21 -04:00
Luke Parker
3617ed4eb7
Use const values for our traits where we can 2022-06-03 23:22:08 -04:00
Luke Parker
b83ca7d666
Implement a basic TX IO selector algorithm 2022-06-03 22:46:48 -04:00
Luke Parker
9b52cf4d20
Generalize out the FROST test for signing/signing with an offset
Moves Schnorr signature tests from test_curve to the new test_schnorr, 
which is more a test_frost.

Relevant to https://github.com/serai-dex/serai/issues/9.
2022-06-03 19:08:25 -04:00
Luke Parker
33241a5bb6
Fill out dalek-ff-group a bit more 2022-06-03 15:35:42 -04:00
Luke Parker
f8d127bf8a
Add FROST Ed25519 test vectors 2022-06-03 03:56:17 -04:00
Luke Parker
b4cd29f49a
Finish implementing FROST v5
Identity check for P256 and H4 was all that was needed.
2022-06-03 02:00:38 -04:00
Luke Parker
e4fc469e58
Use a transcript when generating the per-chain binding for a given set of keys
While it was fine as-is, as it only had one variable length property, 
this is a bit more robust. Also binds the Curve ID, which should declare 
differently even for just different basepoints, and therefore adds two 
variable length properties (justifying the transcript).
2022-06-03 01:37:12 -04:00