Commit graph

453 commits

Author SHA1 Message Date
Luke Parker
41a285ddfa
Add a TX size check to Monero
This isn't perfect yet should ensure the eventual TX is less than 100k bytes.
2023-03-12 03:54:30 -04:00
Luke Parker
36034c2f72
Move ecdh derivation up to prevent Scalar::one() * ecdh 2023-03-11 10:51:40 -05:00
Luke Parker
5e62072a0f
Fix #237 2023-03-11 10:31:58 -05:00
Luke Parker
e56495d624
Prefix arbitrary data with 127
Since we cannot expect/guarantee a payment ID will be included, the previous
position-based code for determining arbitrary data wasn't sufficient.
2023-03-11 05:47:25 -05:00
Luke Parker
71dbc798b5
Fix #251 2023-03-11 05:23:38 -05:00
akildemir
77de28f77a
add monero seed support (#252)
* add monero seed support

* fix some of the pr comments

* remove languages module and unnecessary error returns

* Clean classic seed impl

Fixes a few issues regarding Zeroize usage/API safety. Mainly a cleanup.

---------

Co-authored-by: Luke Parker <lukeparker5132@gmail.com>
2023-03-10 14:16:00 -05:00
Luke Parker
62dfc63532
Fix Ethereum, again 2023-03-07 06:25:21 -05:00
Luke Parker
6bff3866ea
Correct Ethereum 2023-03-07 05:25:25 -05:00
Luke Parker
0e8c55e050
Update and remove unused dependencies 2023-03-07 03:06:46 -05:00
Luke Parker
2729882d65
Update to {k, p}256 0.12 2023-03-07 02:34:10 -05:00
Luke Parker
c37cc0b4e2
Update Zeroize pin to ^1.5 from 1.5 2023-03-07 02:29:59 -05:00
Luke Parker
8144956f8a
Further document get_unlocked_outputs 2023-03-02 05:31:22 -05:00
Luke Parker
2d56d24d9c
3.3.3 (cont) Add a dedicated Participant type 2023-02-23 06:50:45 -05:00
Luke Parker
8260ec1a9e
Add another TODO 2023-02-15 20:44:53 -05:00
Luke Parker
07f424b484
cargo fmt 2023-02-15 20:39:22 -05:00
Luke Parker
5de8bf3295
Add additional checks/documentation to monero 2023-02-15 01:56:36 -05:00
Luke Parker
82a096e90e
Scanner assert on is_torsion_free 2023-02-14 15:49:16 -05:00
Luke Parker
df75782e54
Re-license bitcoin-serai to MIT
It's pretty basic code, yet would still be quite pleasant to the larger
community.

Also adds documentation.
2023-01-31 09:45:25 -05:00
Luke Parker
a3267034b6
Bitcoin External/Branch/Change addresses
Adds support for offset inputs to the Bitcoin lib
2023-01-31 08:10:28 -05:00
VRx
c6bd00e778
Bitcoin processor (#232)
* serai Dockerfile & Makefile fixed

* added new bitcoin mod & bitcoinhram

* couple changes

* added odd&even check for bitcoin signing

* sign message updated

* print_keys commented out

* fixed signing process

* Added new bitcoin library & added most of bitcoin processor logic

* added new crate and refactored the bitcoin coin library

* added signing test function

* moved signature.rs

* publish set to false

* tests moved back to the root

* added new functions to rpc

* added utxo test

* added new rpc methods and refactored bitcoin processor

* added spendable output & fixed errors & added new logic for sighash & opened port 18443 for bitcoin docker

* changed tweak keys

* added tweak_keys & publish transaction and refactored bitcoin processor

* added new structs and fixed problems for testing purposes

* reverted dockerfile back its original

* reverted block generation of bitcoin to 5 seconds

* deleted unnecessary test function

* added new sighash & added new dbg messages & fixed couple errors

* fixed couple issue & removed unused functions

* fix for signing process

* crypto file for bitcoin refactored

* disabled test_send & removed some of the debug logs

* signing implemented & transaction weight calculation added & change address logic added

* refactored tweak_keys

* refactored mine_block & fixed change_address logic

* implemented new traits to bitcoin processor& refactored bitcoin processor

* added new line to tests file

* added new line to bitcoin's wallet.rs

* deleted Cargo.toml from coins folder

* edited bitcoin's Cargo.toml and added LICENSE

* added new line to bitcoin's Cargo.toml

* added spaces

* added spaces

* deleted unnecessary object

* added spaces

* deleted patch numbers

* updated sha256 parameter for message

* updated tag as const

* deleted unnecessary brackets and imports

* updated rpc.rs to 2 space indent

* deleted unnecessary brackers

* deleted unnecessary brackets

* changed it to explicit

* updated to explicit

* deleted unnecessary parsing

* added ? for easy return

* updated imports

* updated height to number

* deleted unnecessary brackets

* updated clsag to sig & to_vec to as_ref

* updated _sig to schnorr_signature

* deleted unnecessary variable

* updated Cargo.toml of processor and bitcoin

* updated imports of bitcoin processor

* updated MBlock to BBlock

* updated MSignable to BSignable

* updated imports

* deleted mask from Fee

* updated get_block function return

* updated comparison logic for scripts

* updated assert to debug_assert

* updated height to number

* updated txid logic

* updated tweak_keys definition

* updated imports

* deleted new line

* delete HashMap from monero

* deleted old test code parts

* updated test amount to a round number

* changed the test code part back to its original

* updated imports of rpc.rs

* deleted unnecessary return assignments

* deleted get_fee_per_byte

* deleted create_raw_transaction

* deleted fund_raw_transaction

* deleted sign transaction rpc

* delete verify_message rpc

* deleted get_balance

* deleted decode_raw_transaction rpc

* deleted list_transactions rpc

* changed test_send to p2wpkh

* updated imports of test_send

* fixed imports of test_send

* updated bitcoin's mine_block function

* updated bitcoin's test_send

* updated bitcoin's hram and test_signing

* deleted 2 rpc function (is_confirmed & get_transaction_block_number)

* deleted get_raw_transaction_hex

* deleted get_raw_transaction_info

* deleted new_address

* deleted test_mempool_accept

* updated remove(0) to remove(index)

* deleted ger_raw_transaction

* deleted RawTx trait and converted type to Transaction

* reverted raw_hex feature back

* added NotEnoughFunds to CoinError

* changed Sighash to all

* removed lifetime of RpcParams

* changed pub to pub(crate) & changed sig_hash line

* changed taproot_key_spend_signature_hash to internal

* added Clone to RpcError & deleted get_utxo_for

* changed to_hex to as_bytes for weight calculation

* updated SpendableOutput

* deleted unnecessary parentheses

* updated serialize of Output s id field

* deleted unused crate & added lazy_static

* updated RPC init function

* added lazy_static for TAG_HASH & updated imported crates

* changed get_block_index to get_block_number

* deleted get_block_info

* updated get_height to get_latest_block_number

* removed GetBlockWithDetailResult and get_block_with_transactions

* deleted unnecessary imports from rpc_helper

* removed lock and unlock_unspent

* deleted get_transactions and get_transaction and renamed get_raw_transaction to get_transaction

* updated opt_into_json

* changed payment_address and amount to output_script and amount for transcript

* refactored error logic for rpc & deleted anyhow crate

* added a dedicated file for json helper functions

* refactored imports and deleted unused code

* added clippy::non_snake_case

* removed unused Error items

* added new line to Cargo

* rekmoved Block and used bitcoin::Block direcetly

* removed added println and futures.len check

* removed HashMap from coin mod.rs

* updated Testnet to Regtest

* removed unnecessary variable

* updated as_str to &

* removed RawTx trait

* added newline

* changed test transaction to p2pkh

* updated test_send

* updated test_send

* updated test_send

* reformatted bitcoin processor

* moved sighash logic into signmachine

* removed generate_to_address

* added test_address function to bitcoin processor

* updated RpcResponse to enum and added Clone trait

* removed old RpcResponse

* updated shared_key to internal_key

* updated fee part

* updated test_send block logic

* added a test function for getting spendables

* updated tweaking keys logic

* updated calculate_weight logic

* added todo for BitcoinSchnorr Algorithm

* updated calculate_weight

* updated calculate_weight

* updated calculate_weight

* added a TODO for bitcoin's signing process

* removed unused code

* Finish merging develop

* cargo fmt

* cargo machete

* Handle most clippy lints on bitcoin

Doesn't handle the unused transcript due to pending cryptographic considerations.

* Rearrange imports and clippy tests

* Misc processor lint

* Update deny.toml

* Remove unnecessary RPC code

* updated test_send

* added bitcoin ci & updated test-dependencies yml

* fixed bitcoin ci

* updated bitcoin ci yml

* Remove mining from the bitcoin/monero docker files

The tests should control block production in order to test various
circumstances. The automatic mining disrupts assumptions made in testing. Since
we're now using the Bitcoin docker container for testing...

* Multiple fixes to the Bitcoin processor

Doesn't unwrap on RPC errors. Returns the expected connection error.

Fee calculation has a random - 1. This has been removed.

Supports the change address being an Option, as it is. This should not have
been blindly unwrapped.

* Remove unnecessary RPC code

* Further RPC simplifications

* Simplify Bitcoin action

It should not be mining.

* cargo fmt

* Finish RPC simplifications

* Run bitcoind as a daemon

* Remove the requirement on txindex

Saves tens of GB.

Also has attempt_send no longer return a list of outputs. That's incompatible
with this and only relevant to old scheduling designs.

* Remove number from Bitcoin SignableTransaction

Monero requires the current block number for decoy selection. Bitcoin doesn't
have a use.

* Ban coinbase transactions

These are burdened by maturity, so it's critically flawed to support them.

This causes the test_send function to fail as its working was premised on
a coinbase output. While it does make an actual output, it had insufficient
funds for the test's expectations due to regtest halving every 150 blocks.

In order to workaround this, the test will invalidate any existing chain,
offering a fresh start.

Also removes test_get_spendables and simplifies test_send.

* Various simplifications

Modifies SpendableOutput further to not require RPC calls at time of sign.

Removes the need to have get_transaction in the RPC.

* Clean prepare_send

* Update the Bitcoin TransactionMachine to output a Transaction

* Bitcoin TransactionMachine simplifications

* Update XOnly key handling

* Use a single sighash cache

* Move tweak_keys

* Remove unnecessary PSBT sets

* Restore removed newlines

* Other newlines

* Replace calculate_weight's custom math with a dummy TX serialize

* Move BTC TX construction code from processor to bitcoin

* Rename transactions.rs to wallet.rs

* Remove unused crate

* Note TODO

* Clean bitcoin signature test

* Make unit test out of BTC FROST signing test

* Final lint

* Remove usage of PartiallySignedTransaction

---------

Co-authored-by: Luke Parker <lukeparker5132@gmail.com>
2023-01-31 07:48:14 -05:00
Luke Parker
b6f9a1f8b6
Rename file with dashes to having underscores 2023-01-30 04:27:39 -05:00
akildemir
9e01588b11
add test send to wallet-rpc with arb data (#246)
* add test send to wallet-rpc with arb data

* convert literals to const
2023-01-30 04:25:46 -05:00
Luke Parker
a4fdff3e3b
Make progress on #235
I'm still not exactly sure where the trap handler in Monero for this is...
until then, this remains potentially fingerprintable.
2023-01-28 03:18:41 -05:00
akildemir
f12cc2cca6
Add more tests (#240)
* add wallet-rpc-compatibility tests

* fmt + clippy

* add wallet-rpc receive tests

* add (0,0) subaddress check to standard address
2023-01-24 15:22:07 -05:00
Luke Parker
19664967ed
Use Monero-compatible additional TX keys
This still sends a fingerprinting flare up if you send to a subaddress which
needs to be fixed. Despite that, Monero no should no longer fail to scan TXs
from monero-serai regarding additional keys.

Previously it failed becuase we supplied one key as THE key, and n-1 as
additional. Monero expects n for additional.

This does correctly select when to use THE key versus when to use the additional
key when sending. That removes the ability for recipients to fingerprint
monero-serai by receiving to a standard address yet needing to use an additional
key.
2023-01-21 01:29:02 -05:00
Luke Parker
8ca90e7905
Initial In Instructions pallet and Serai client lib (#233)
* Initial work on an In Inherents pallet

* Add an event for when a batch is executed

* Add a dummy provider for InInstructions

* Add in-instructions to the node

* Add the Serai runtime API to the processor

* Move processor tests around

* Build a subxt Client around Serai

* Successfully get Batch events from Serai

Renamed processor/substrate to processor/serai.

* Much more robust InInstruction pallet

* Implement the workaround from https://github.com/paritytech/subxt/issues/602

* Initial prototype of processor generated InInstructions

* Correct PendingCoins data flow for InInstructions

* Minor lint to in-instructions

* Remove the global Serai connection for a partial re-impl

* Correct ID handling of the processor test

* Workaround the delay in the subscription

* Make an unwrap an if let Some, remove old comments

* Lint the processor toml

* Rebase and update

* Move substrate/in-instructions to substrate/in-instructions/pallet

* Start an in-instructions primitives lib

* Properly update processor to subxt 0.24

Also corrects failures from the rebase.

* in-instructions cargo update

* Implement IsFatalError

* is_inherent -> true

* Rename in-instructions crates and misc cleanup

* Update documentation

* cargo update

* Misc update fixes

* Replace height with block_number

* Update processor src to latest subxt

* Correct pipeline for InInstructions testing

* Remove runtime::AccountId for serai_primitives::NativeAddress

* Rewrite the in-instructions pallet

Complete with respect to the currently written docs.

Drops the custom serializer for just using SCALE.

Makes slight tweaks as relevant.

* Move instructions' InherentDataProvider to a client crate

* Correct doc gen

* Add serde to in-instructions-primitives

* Add in-instructions-primitives to pallet

* Heights -> BlockNumbers

* Get batch pub test loop working

* Update in instructions pallet terminology

Removes the ambiguous Coin for Update.

Removes pending/artificial latency for furture client work.

Also moves to using serai_primitives::Coin.

* Add a BlockNumber primitive

* Belated cargo fmt

* Further document why DifferentBatch isn't fatal

* Correct processor sleeps

* Remove metadata at compile time, add test framework for Serai nodes

* Remove manual RPC client

* Simplify update test

* Improve re-exporting behavior of serai-runtime

It now re-exports all pallets underneath it.

* Add a function to get storage values to the Serai RPC

* Update substrate/ to latest substrate

* Create a dedicated crate for the Serai RPC

* Remove unused dependencies in substrate/

* Remove unused dependencies in coins/

Out of scope for this branch, just minor and path of least resistance.

* Use substrate/serai/client for the Serai RPC lib

It's a bit out of place, since these client folders are intended for the node to
access pallets and so on. This is for end-users to access Serai as a whole.

In that sense, it made more sense as a top level folder, yet that also felt
out of place.

* Move InInstructions test to serai-client for now

* Final cleanup

* Update deny.toml

* Cargo.lock update from merging develop

* Update nightly

Attempt to work around the current CI failure, which is a Rust ICE.

We previously didn't upgrade due to clippy 10134, yet that's been reverted.

* clippy

* clippy

* fmt

* NativeAddress -> SeraiAddress

* Sec fix on non-provided updates and doc fixes

* Add Serai as a Coin

Necessary in order to swap to Serai.

* Add a BlockHash type, used for batch IDs

* Remove origin from InInstruction

Makes InInstructionTarget. Adds RefundableInInstruction with origin.

* Document storage items in in-instructions

* Rename serai/client/tests/serai.rs to updates.rs

It only tested publishing updates and their successful acceptance.
2023-01-20 11:00:18 -05:00
akildemir
3b920ad471
Monerolib Improvements (#224)
* convert AddressSpec subbaddress to tuple

* add wallet-rpc tests

* fix payment id decryption bug

* run fmt

* fix CI

* use monero-rs wallet-rpc for tests

* update the subaddress index type

* fix wallet-rpc CI

* fix monero-wallet-rpc CI actions

* pull latest monero for CI

* fix pr issues

* detach monero wallet  rpc

Co-authored-by: Luke Parker <lukeparker5132@gmail.com>
2023-01-16 16:17:54 -05:00
Luke Parker
375887bb29
Update licenses 2023-01-11 23:05:31 -05:00
Luke Parker
8ffa5553ff
Use ok_or_else instead of ok_or in a couple places in Monero 2023-01-10 06:57:25 -05:00
Luke Parker
6b591c0df9
Export Timelocked so documentation for it is generated 2023-01-08 09:09:03 -05:00
Luke Parker
4be3290e40
Convert the FeaturedAddress tuple to a struct
Not only did we already have multiple booleans in it, yet it theoretically
could expand in the future. Not only is this more explicit, it actually cleans
some existing code.
2023-01-07 05:37:43 -05:00
Luke Parker
7b0b8a20ec
Standardize serialization within the Monero lib
read for R: Read
write for W: Write
serialize for -> Vec<u8>

Also uses std::io::{self, Read, Write} consistently.
2023-01-07 05:18:35 -05:00
Luke Parker
7508106650
Use an explicit SubaddressIndex type 2023-01-07 04:44:23 -05:00
Luke Parker
1d6df0099c
Exposed a hash-based API for accessing blocks
Also corrects a few panics, which shouldn't have been present, and unnecessary
Cursor uses.
2023-01-07 04:00:12 -05:00
Luke Parker
a646ec5aaa
Squashed commit of the following:
commit e0a9e8825d6c22c797fb84e26ed6ef10136ca9c2
Author: Luke Parker <lukeparker5132@gmail.com>
Date:   Fri Jan 6 04:24:08 2023 -0500

    Remove Scanner::address

    It either needed to return an Option, panic on misconfiguration, or return a
    distinct Scanner type based on burning bug immunity to offer this API properly.
    Panicking wouldn't be proper, and the Option<Address> would've been... awkward.
    The new register_subaddress function, maintaining the needed functionality,
    also provides further clarity on the intended side effect of the previously
    present Scanner::address function.

commit 7359360ab2fc8c9255c6f58250c214252ce217a4
Author: Luke Parker <lukeparker5132@gmail.com>
Date:   Fri Jan 6 01:35:02 2023 -0500

    fmt/clippy from last commit

commit 80d912fc19cd268f3b019a9d9961a48b2c45e828
Author: Luke Parker <lukeparker5132@gmail.com>
Date:   Thu Jan 5 19:36:49 2023 -0500

    Add Substrate "assets" pallet

    While over-engineered for our purposes, it's still usable.

    Also cleans the runtime a bit.

commit 2ed2944b6598d75bdc3c995aaf39b717846207de
Author: Luke Parker <lukeparker5132@gmail.com>
Date:   Wed Jan 4 23:09:58 2023 -0500

    Remove the timestamp pallet

    It was needed for contracts, which has since been removed. We now no longer
    need it.

commit 7fc1fc2dccecebe1d94cb7b4c00f2b5cb271c87b
Author: Luke Parker <lukeparker5132@gmail.com>
Date:   Wed Jan 4 22:52:41 2023 -0500

    Initial validator sets pallet (#187)

    * Initial work on a Validator Sets pallet

    * Update Validator Set docs per current discussions

    * Update validator-sets primitives and storage handling

    * Add validator set pallets to deny.toml

    * Remove Curve from primitives

    Since we aren't reusing keys across coins, there's no reason for it to be
    on-chain (as previously planned).

    * Update documentation on Validator Sets

    * Use Twox64Concat instead of Identity

    Ensures an even distribution of keys. While xxhash is breakable, these keys
    aren't manipulatable by users.

    * Add math ops on Amount and define a coin as 1e8

    * Add validator-sets to the runtime and remove contracts

    Also removes the randomness pallet which was only required by the contracts
    runtime.

    Does not remove the contracts folder yet so they can still be referred to while
    validator-sets is under development. Does remove them from Cargo.toml.

    * Add vote function to validator-sets

    * Remove contracts folder

    * Create an event for the Validator Sets pallet

    * Remove old contracts crates from deny.toml

    * Remove line from staking branch

    * Remove staking from runtime

    * Correct VS Config in runtime

    * cargo update

    * Resolve a few PR comments on terminology

    * Create a serai-primitives crate

    Move types such as Amount/Coin out of validator-sets. Will be expanded in the
    future.

    * Fixes for last commit

    * Don't reserve set 0

    * Further fixes

    * Add files meant for last commit

    * Remove Staking transfer

commit 3309295911d22177bd68972d138aea2f8658eb5f
Author: Luke Parker <lukeparker5132@gmail.com>
Date:   Wed Jan 4 06:17:00 2023 -0500

    Reorder coins in README by market cap

commit db5d19cad33ccf067d876b7f5b7cca47c228e2fc
Author: Luke Parker <lukeparker5132@gmail.com>
Date:   Wed Jan 4 06:07:58 2023 -0500

    Update README

commit 606484d744b1c6cc408382994c77f1def25d3e7d
Author: Luke Parker <lukeparker5132@gmail.com>
Date:   Wed Jan 4 03:17:36 2023 -0500

    cargo update

commit 3a319b229f
Author: akildemir <aeg_asd@hotmail.com>
Date:   Wed Jan 4 16:26:25 2023 +0300

    update address public API design

commit d9fa88fa76
Author: akildemir <aeg_asd@hotmail.com>
Date:   Mon Jan 2 13:35:06 2023 +0300

    fix clippy error

commit cc722e897b
Merge: cafa9b3 eeca440
Author: akildemir <aeg_asd@hotmail.com>
Date:   Mon Jan 2 11:39:04 2023 +0300

    Merge https://github.com/serai-dex/serai into develop

commit cafa9b361e
Author: akildemir <aeg_asd@hotmail.com>
Date:   Mon Jan 2 11:38:26 2023 +0300

    fix build errors

commit ce5b5f2b37
Merge: f502d67 49c4acf
Author: akildemir <aeg_asd@hotmail.com>
Date:   Sun Jan 1 15:16:25 2023 +0300

    Merge https://github.com/serai-dex/serai into develop

commit f502d67282
Author: akildemir <aeg_asd@hotmail.com>
Date:   Thu Dec 22 13:13:09 2022 +0300

    fix pr issues

commit 26ffb226d4
Author: akildemir <aeg_asd@hotmail.com>
Date:   Thu Dec 22 13:11:43 2022 +0300

    remove extraneous rpc call

commit 0e829f8531
Author: akildemir <aeg_asd@hotmail.com>
Date:   Thu Dec 15 13:56:53 2022 +0300

    add scan tests

commit 5123c7f121
Author: akildemir <aeg_asd@hotmail.com>
Date:   Thu Dec 15 13:56:13 2022 +0300

    add new address functions & comments
2023-01-06 04:33:17 -05:00
Luke Parker
5599a052ad
Run latest nightly clippy
Also runs clippy on the tests and updates the CI accordingly
2023-01-01 04:18:23 -05:00
Luke Parker
5b3c9bf5d0
DKG Blame (#196)
* Standardize the DLEq serialization function naming

They mismatched from the rest of the project.

This commit is technically incomplete as it doesn't update the dkg crate.

* Rewrite DKG encryption to enable per-message decryption without side effects

This isn't technically true as I already know a break in this which I'll
correct for shortly.

Does update documentation to explain the new scheme. Required for blame.

* Add a verifiable system for blame during the FROST DKG

Previously, if sent an invalid key share, the participant would realize that
and could accuse the sender. Without further evidence, either the accuser
or the accused could be guilty. Now, the accuser has a proof the accused is
in the wrong.

Reworks KeyMachine to return BlameMachine. This explicitly acknowledges how
locally complete keys still need group acknowledgement before the protocol
can be complete and provides a way for others to verify blame, even after a
locally successful run.

If any blame is cast, the protocol is no longer considered complete-able
(instead aborting). Further accusations of blame can still be handled however.

Updates documentation on network behavior.

Also starts to remove "OnDrop". We now use Zeroizing for anything which should
be zeroized on drop. This is a lot more piece-meal and reduces clones.

* Tweak Zeroizing and Debug impls

Expands Zeroizing to be more comprehensive.

Also updates Zeroizing<CachedPreprocess([u8; 32])> to
CachedPreprocess(Zeroizing<[u8; 32]>) so zeroizing is the first thing done
and last step before exposing the copy-able [u8; 32].

Removes private keys from Debug.

* Fix a bug where adversaries could claim to be using another user's encryption keys to learn their messages

Mentioned a few commits ago, now fixed.

This wouldn't have affected Serai, which aborts on failure, nor any DKG
currently supported. It's just about ensuring the DKG encryption is robust and
proper.

* Finish moving dleq from ser/deser to write/read

* Add tests for dkg blame

* Add a FROST test for invalid signature shares

* Batch verify encrypted messages' ephemeral keys' PoP
2023-01-01 01:54:18 -05:00
Luke Parker
35a4f5bf9f
Use count instead of iter.map(|_| 1).sum
Also replaces the expectation the miner TX was first with a check for
Input::Gen.
2022-12-24 15:17:49 -05:00
Luke Parker
3ec5189fbf
Use Zeroize for the ViewPair 2022-12-14 09:27:49 -05:00
Luke Parker
25f1549c6c
Move verify_share to return batch-verifiable statements
While the previous construction achieved n/2 average detection,
this will run in log2(n). Unfortunately, the need to keep entropy
around (or take in an RNG here) remains.
2022-12-13 20:31:00 -05:00
Luke Parker
9c65518dc3
Have included return a reference instead of a cloned Vec 2022-12-13 19:40:54 -05:00
Luke Parker
4871fc7441 Update scan.rs 2022-12-12 11:27:42 -05:00
Luke Parker
259e5815c8
Correct global index offsetting
Technically, non-0-amount outputs can still appear and this considered them
as part of the global 0-amount pool. Now, only outputs which are 0-amount are
counted.
2022-12-11 10:26:11 -05:00
akildemir
d5a5704ba4
support add/read multiple arbitrary tx data (#189)
* support add/read multiple arbitrary tx  data

* fix clippy errors

* resolve pr issues
2022-12-09 10:58:11 -05:00
Luke Parker
9e82416e7d
Correct derives on errors 2022-12-09 09:50:00 -05:00
Luke Parker
af86b7a499
Support caching preprocesses in FROST (#190)
* Remove the explicit included participants from FROST

Now, whoever submits preprocesses becomes the signing set. Better separates
preprocess from sign, at the cost of slightly more annoying integrations
(Monero needs to now independently lagrange/offset its key images).

* Support caching preprocesses

Closes https://github.com/serai-dex/serai/issues/40.

I *could* have added a serialization trait to Algorithm and written a ton of
data to disk, while requiring Algorithm implementors also accept such work.
Instead, I moved preprocess to a seeded RNG (Chacha20) which should be as
secure as the regular RNG. Rebuilding from cache simply loads the previously
used Chacha seed, making the Algorithm oblivious to the fact it's being
rebuilt from a cache. This removes any requirements for it to be modified
while guaranteeing equivalency.

This builds on the last commit which delayed determining the signing set till
post-preprocess acquisition. Unfortunately, that commit did force preprocess
from ThresholdView to ThresholdKeys which had visible effects on Monero.

Serai will actually need delayed set determination for #163, and overall,
it remains better, hence it's inclusion.

* Document FROST preprocess caching

* Update ethereum to new FROST

* Fix bug in Monero offset calculation and update processor
2022-12-08 19:04:35 -05:00
Luke Parker
bec92c10ad
Update to ethers 1.0
Removes rust_decimal as a depend, which added borsh and multiple other misc
packages in the previous commit.
2022-12-07 18:05:06 -05:00
akildemir
ba157ea84b
fix for #166 & cleanup (#184)
* add vscode

* fix for #166 & cleanup

* remove unused self

* fix issues on pr
2022-12-07 10:08:04 -05:00
Luke Parker
7d3a06ac05
Add missing mine_blocks call to the Monero test runner 2022-12-06 06:02:13 -05:00
Luke Parker
8f352353ba
Write a test runner for Monero transactions
Also includes a few fixes for the library itself. Supersedes #172.
2022-12-05 17:25:09 -05:00
Luke Parker
0350cd803d
Add debug assertions to CLSAG/Bulletproofs proving 2022-12-01 11:50:03 -05:00
Luke Parker
f0957c8d52
Add a builder API to the Monero library
Enables more composable construction flows.
2022-12-01 11:35:05 -05:00
Luke Parker
3f503d92fb
Remove dbg! from previous commit 2022-11-24 04:57:25 -05:00
Luke Parker
409d1151b2
Add dbg to help resolve https://github.com/serai-dex/serai/issues/166 2022-11-23 22:15:50 -05:00
Luke Parker
4a3178ed8f
Support handling addresses from other networks
A type alias of MoneroAddress is provided to abstract away the generic. 
To keep the rest of the library sane, MoneroAddress is used everywhere.

If someone wants to use this library with another coin, they *should* be 
able to parse a custom address and then recreate it as a Monero address. 
While that's annoying to them, better them than any person using this 
lib for Monero.

Closes #152.
2022-11-15 00:06:15 -05:00
Luke Parker
83060a914a
Have the RPC return the unsupported version when Unsupported 2022-11-14 23:56:28 -05:00
Luke Parker
6acbfdcc45
Support custom Monero protocol definitions 2022-11-14 23:28:39 -05:00
Luke Parker
6f9cf510da
Support an authenticated Monero RPC
Closes https://github.com/serai-dex/serai/issues/143.
2022-11-14 23:24:35 -05:00
Luke Parker
b05a223b69
Monero json_rpc_call 2022-11-14 21:49:49 -05:00
Luke Parker
84de427d72
Fix https://github.com/serai-dex/serai/issues/150 2022-11-10 22:35:09 -05:00
Luke Parker
be61bff074
cargo fmt 2022-11-05 18:47:57 -04:00
Luke Parker
8de465af87
Have Transcript::append_message take in AsRef<[u8]>, not &[u8]
Simplifies calling it.
2022-11-05 18:43:36 -04:00
github-actions[bot]
8e53522780
November 2022 - Rust Nightly Update (#144)
* Update nightly

* Have the latest nightly clippy pass

Co-authored-by: GitHub Actions <>
Co-authored-by: Luke Parker <lukeparker5132@gmail.com>
2022-11-01 00:03:36 -05:00
Luke Parker
6ef624ab7e
Correct monero's dev dependencies 2022-10-29 05:52:56 -04:00
Luke Parker
e67e406d95
Correct ed448 versioning 2022-10-29 05:25:58 -04:00
Luke Parker
2379855b31
Create a dedicated crate for the DKG (#141)
* Add dkg crate

* Remove F_len and G_len

They're generally no longer used.

* Replace hash_to_vec with a provided method around associated type H: Digest

Part of trying to minimize this trait so it can be moved elsewhere. Vec, 
which isn't std, may have been a blocker.

* Encrypt secret shares within the FROST library

Reduces requirements on callers in order to be correct.

* Update usage of Zeroize within FROST

* Inline functions in key_gen

There was no reason to have them separated as they were. sign probably 
has the same statement available, yet that isn't the focus right now.

* Add a ciphersuite package which provides hash_to_F

* Set the Ciphersuite version to something valid

* Have ed448 export Scalar/FieldElement/Point at the top level

* Move FROST over to Ciphersuite

* Correct usage of ff in ciphersuite

* Correct documentation handling

* Move Schnorr signatures to their own crate

* Remove unused feature from schnorr

* Fix Schnorr tests

* Split DKG into a separate crate

* Add serialize to Commitments and SecretShare

Helper for buf = vec![]; .write(buf).unwrap(); buf

* Move FROST over to the new dkg crate

* Update Monero lib to latest FROST

* Correct ethereum's usage of features

* Add serialize to GeneratorProof

* Add serialize helper function to FROST

* Rename AddendumSerialize to WriteAddendum

* Update processor

* Slight fix to processor
2022-10-29 03:54:42 -05:00
Luke Parker
cbceaff678
Create dedicated message structures for FROST messages (#140)
* Create message types for FROST key gen

Taking in reader borrows absolutely wasn't feasible. Now, proper types
which can be read (and then passed directly, without a mutable borrow)
exist for key_gen. sign coming next.

* Move FROST signing to messages, not Readers/Writers/Vec<u8>

Also takes the nonce handling code and makes a dedicated file for it, 
aiming to resolve complex types and make the code more legible by 
replacing its previously inlined state.

* clippy

* Update FROST tests

* read_signature_share

* Update the Monero library to the new FROST packages

* Update processor to latest FROST

* Tweaks to terminology and documentation
2022-10-25 23:17:25 -05:00
Luke Parker
19488cf446
Fill out Cargo.tomls
Updated missing fields/sections, even if some won't be used, to 
standardize.

Also made FROST tests feature-gated.
2022-10-15 23:46:22 -04:00
Luke Parker
e5955f82c7
Remove Monero RPC panics for an invalid/malicious node 2022-10-15 22:32:56 -04:00
Luke Parker
514563cef0
Remove height as a term
Unbeknowst to me, height doesn't have a universal definition of the 
chain length.

Bitcoin defines height as the block number, with getblockcount existing 
for the chain length.

Ethereum uses the unambiguous term "block number".

Monero defines height as both the block number and the chain length.

Instead of arguing about who's right, it's agreed it referring to both 
isn't productive. While we could provide our own definition, taking a 
side, moving to the unambiguous block number prevents future hiccups.

height is now only a term in the Monero code, where it takes its 
Monero-specific definition, as documented in the processor.
2022-10-15 21:39:06 -04:00
Luke Parker
4629e88a28
Add is_confirmed with a TODO: Remove
Closes https://github.com/serai-dex/serai/issues/129.
2022-10-15 19:51:59 -04:00
Luke Parker
9ff4cfab0d
Add a repository field to monero-generators 2022-09-29 10:37:25 -04:00
Luke Parker
503ae02cae
Version bump monero-generators to consolidate a dependency 2022-09-29 10:36:40 -04:00
Luke Parker
695f7ec5f9
Version bump Monero for documentation purposes 2022-09-29 10:35:11 -04:00
Luke Parker
8da0743361
Use sha3 in monero-generators 2022-09-29 08:08:49 -04:00
Luke Parker
7870084b9e
Add further FROST documentation 2022-09-29 06:02:43 -04:00
Luke Parker
ca091a5f04
Expand and correct documentation 2022-09-29 05:25:29 -04:00
Luke Parker
19cd609cba
Use doc_auto_cfg 2022-09-29 04:47:55 -04:00
Luke Parker
8b0f0a3713
Publish an alpha version of the Monero crate (#123)
* Label the version as an alpha

* Add versions to Cargo.tomls

* Update to Zeroize 1.5

* Drop patch versions from monero-serai Cargo.toml

* Add a repository field

* Move generators to OUT_DIR

IIRC, I didn't do this originally as it constantly re-generated them. 
Unfortunately, since cargo is complaining about .generators, we have to.

* Remove Timelock::fee_weight

Transaction::fee_weight's has a comment, "Assumes Timelock::None since 
this library won't let you create a TX with a timelock". Accordingly, 
this is dead code.
2022-09-29 01:24:33 -05:00
Luke Parker
49749d96a0
Replace tiny_keccak with sha3 in Monero 2022-09-28 09:29:58 -04:00
Luke Parker
fd48bbd15e
Initial documentation for the Monero libraries (#122)
* Document all features

* Largely document the Monero libraries

Relevant to https://github.com/serai-dex/serai/issues/103 and likely 
sufficient to get this removed from 
https://github.com/serai-dex/serai/issues/102.
2022-09-28 07:44:49 -05:00
Luke Parker
f48a48ec3f
Support v1 transactions
Closes https://github.com/serai-dex/serai/issues/117.
2022-09-28 05:28:42 -04:00
Luke Parker
65c20638ce
fmt/clippy 2022-09-17 04:35:08 -04:00
Luke Parker
31b64b3082
Update according to the latest clippy 2022-09-04 21:23:38 -04:00
Luke Parker
faa43b6874
Move the featured address vectors to a vectors folder 2022-08-31 01:01:51 -04:00
Luke Parker
c5256d9b06
Use ChaCha20 instead of ChaCha12
Despite being slower and only used for blinding values, its still 
extremely performant. 20 is far more standard and will avoid an eye 
raise from reviewers.
2022-08-30 20:01:46 -04:00
Luke Parker
6093f4ec93
Fix clippy 2022-08-30 16:48:59 -04:00
Luke Parker
139dcde69c
Support including arbitrary data in TXs and return it with outputs
Fixes a bug where all payments identified as being to (0, 0) instead of 
their actual subaddress.
2022-08-30 15:42:23 -04:00
Luke Parker
8d56c43f5e
Update to work against the latest foundry
Links the Ethereum contract tests as well
2022-08-30 02:13:53 -04:00
Luke Parker
6045f4ae59
fmt/clippy for previous commit 2022-08-30 01:05:18 -04:00
Luke Parker
d620231530
Remove Monero torsion-free requirement and make output keys 32 bytes
Maintains the torsion-free requirement in the one place it's used (key 
images).

In the modern day, the output keys are checked to be points, yet in 
older protocol versions they were allowed to be arbitrary bytes.

Closes https://github.com/serai-dex/serai/issues/23 and 
https://github.com/serai-dex/serai/issues/25.
2022-08-30 01:02:55 -04:00
Luke Parker
4881ddae87
Update Monero crate description 2022-08-25 04:02:30 -04:00
Luke Parker
546b772be3
Clarify licensing per https://github.com/serai-dex/serai/issues/13
Implements bullets 2-4 of 
https://github.com/serai-dex/serai/issues/13#issuecomment-1212689876.
2022-08-25 04:02:13 -04:00
Luke Parker
5b2940e161
Lint previous commit 2022-08-22 13:35:49 -04:00
Luke Parker
5c106cecf6
Fix https://github.com/serai-dex/serai/issues/105 2022-08-22 12:15:14 -04:00
Luke Parker
5a1f011db8
Fix https://github.com/serai-dex/serai/issues/106 2022-08-22 08:57:36 -04:00
Luke Parker
5751204a98
Introduce a subaddress capable scanner type 2022-08-22 08:32:09 -04:00
Luke Parker
19f5fd8fe9
Include subaddress and payment ID in SpendableOutput 2022-08-22 07:22:54 -04:00
Luke Parker
f0b914c721
Support sending to integrated addresses 2022-08-22 06:54:01 -04:00
Luke Parker
331aa6c644
Implement Featured Addresses
Closes https://github.com/serai-dex/serai/issues/37.
2022-08-22 04:27:58 -04:00
Luke Parker
3fffea178f
Visibility fixes 2022-08-21 11:29:01 -04:00
Luke Parker
d596eeee6e
Update visibility of various items in Monero 2022-08-21 11:06:17 -04:00
Luke Parker
60d93c4b2d
Update BP fee_weight
Closes https://github.com/serai-dex/serai/issues/8.
2022-08-21 10:35:10 -04:00
Luke Parker
755d021f8e
Canonicalize read_varint
There is a slight note we only implement u64 varint's, while Monero does 
it for arbitrary uints, yet that's not relevant at this time. It is 
documented in #25.
2022-08-21 08:58:28 -04:00
Luke Parker
c5beee5648
Fix #48
Removes monero, yet we still use monero-rs's base58 and epee libraries.
2022-08-21 08:41:19 -04:00
Luke Parker
d12507e612
Fix a DoS in Monero
A malicious TX could cause an arbitrary amount of memory to be allocated 
despite not even containing that amount of data.
2022-08-21 07:52:49 -04:00
Luke Parker
8af3a9ea51
Correct Monero build script 2022-08-21 06:48:59 -04:00
Luke Parker
603a3f8c9f
Generate Bulletproofs(+) generators at compile time
Creates a new monero-generators crate so the monero crate can run the 
code in question at build time.

Saves several seconds from running the tests.

Closes https://github.com/serai-dex/serai/issues/101.
2022-08-21 06:36:53 -04:00
Luke Parker
577fe99a08
Fix https://github.com/serai-dex/serai/issues/18 2022-08-21 05:13:07 -04:00
Luke Parker
00d61286b1
Lint Monero serialization 2022-08-21 04:41:55 -04:00
Luke Parker
76db682a25
Replace static Scalar with a uint conversion in BP+ 2022-08-21 00:46:23 -04:00
Luke Parker
96a49d8a88
Remove unnecessary parentheses 2022-08-12 15:53:48 -04:00
Luke Parker
797be71eb3
Utilize zeroize (#76)
* Apply Zeroize to nonces used in Bulletproofs

Also makes bit decomposition constant time for a given amount of 
outputs.

* Fix nonce reuse for single-signer CLSAG

* Attach Zeroize to most structures in Monero, and ZOnDrop to anything with private data

* Zeroize private keys and nonces

* Merge prepare_outputs and prepare_transactions

* Ensure CLSAG is constant time

* Pass by borrow where needed, bug fixes

The past few commitments have been one in-progress chunk which I've 
broken up as best read.

* Add Zeroize to FROST structs

Still needs to zeroize internally, yet next step. Not quite as 
aggressive as Monero, partially due to the limitations of HashMaps, 
partially due to less concern about metadata, yet does still delete a 
few smaller items of metadata (group key, context string...).

* Remove Zeroize from most Monero multisig structs

These structs largely didn't have private data, just fields with private 
data, yet those fields implemented ZeroizeOnDrop making them already 
covered. While there is still traces of the transaction left in RAM, 
fully purging that was never the intent.

* Use Zeroize within dleq

bitvec doesn't offer Zeroize, so a manual zeroing has been implemented.

* Use Zeroize for random_nonce

It isn't perfect, due to the inability to zeroize the digest, and due to 
kp256 requiring a few transformations. It does the best it can though.

Does move the per-curve random_nonce to a provided one, which is allowed 
as of https://github.com/cfrg/draft-irtf-cfrg-frost/pull/231.

* Use Zeroize on FROST keygen/signing

* Zeroize constant time multiexp.

* Correct when FROST keygen zeroizes

* Move the FROST keys Arc into FrostKeys

Reduces amount of instances in memory.

* Manually implement Debug for FrostCore to not leak the secret share

* Misc bug fixes

* clippy + multiexp test bug fixes

* Correct FROST key gen share summation

It leaked our own share for ourself.

* Fix cross-group DLEq tests
2022-08-03 03:25:18 -05:00
Luke Parker
a30568ff57
Add init function for BP statics
Considering they take 7 seconds to generate, thanks to #68, the ability 
to generate them at the start instead of on first BP is greatly 
appreciated.

Also performs minor cleanups regarding BPs.
2022-08-02 15:52:27 -04:00
Luke Parker
9221dbf048
Bulletproofs+ Verification 2022-08-01 23:30:24 -04:00
Luke Parker
d07fe34a24
Reorganize bulletproofs 2022-07-31 23:12:45 -04:00
Luke Parker
1c4707136c
Ban unreduced points in Monero 2022-07-31 22:46:46 -04:00
Luke Parker
6340607827
BP Verification (#75)
* Use a struct in an enum for Bulletproofs

* verification bp working for just one proof

* add some more assert tests

* Clean BP verification

* Implement batch verification

* Add a debug assertion w_cache isn't 0

It's initially set to 0 and if not updated, this would be broken.

* Correct Monero workflow yaml

* Again try to corrent Monero workflow yaml

* Again

* Finally

* Re-apply weights as required by Bulletproofs

Removing these was insecure and my fault.

Co-authored-by: DangerousFreedom <dangfreed@tutanota.com>
2022-07-31 21:45:53 -05:00
Luke Parker
8f76e67f57
Rename dleq-serai to dleq 2022-07-30 18:35:39 -04:00
Luke Parker
534f951165
Consolidate GitHub CI actions, split out Monero (#71)
* Consolidate GitHub CI actions, split out Monero

build now includes the specified Rust toolchain/components.

Added a test dependencies action which grabs Foundry and Monero.

Split the Monero v14 job into a matrixed job in its own workflow flow. 
It's now only run when Monero has changes.

* Correct Monero unit/integration tests run timing

Additionally tests a feature-less Monero build.

Also removes a pointless Monero file, which already should have been 
removed, causing this workflow to be triggered.

* Correct exclusion and paths

Updates to FROST should re-run the Monero tests to ensure it didn't 
introduce API incompatibilities.
2022-07-29 09:36:09 -05:00
Luke Parker
bba93a64c2
Implement view tags 2022-07-27 06:29:14 -04:00
Luke Parker
755dc84859
Replace rand with rand_core where possible
Turns out rand_core offers OsRng.
2022-07-27 05:45:08 -04:00
Luke Parker
023afaf7ce
Bulletproofs+ (#70)
* Initial stab at Bulletproofs+

Does move around the existing Bulletproofs code, does still work as 
expected.

* Make the Clsag RCTPrunable type work with BP and BP+

* Initial set of BP+ bug fixes

* Further bug fixes

* Remove RING_LEN as a constant

* Monero v16 TX support

Doesn't implement view tags, nor going back to v14, nor the updated BP 
clawback logic.

* Support v14 and v16 at the same time
2022-07-27 04:05:43 -05:00
Luke Parker
37b8e3c025
Modularize Bulletproofs in prep for BP+ 2022-07-26 08:06:56 -04:00
Luke Parker
60e15d5160
Remove re-calculation of N
Moves most BP assertions to debug.
2022-07-26 05:31:15 -04:00
Luke Parker
7d9834be87
Correct clippy, remove Monero build depends 2022-07-26 03:48:46 -04:00
Luke Parker
696da8228e
Remove Monero as a dependency
Introduces missing CLSAG checks. The only difference now should be the 
additional rejection of torsioned points, which is relevant to 
https://github.com/serai-dex/serai/issues/25. Considering this is only 
currently used for FROST verification, this should be fine.

Closes https://github.com/serai-dex/serai/issues/19 by making it 
irrelevant.

Increases priority of https://github.com/serai-dex/serai/issues/68, as 
now it's used for the BP generators which are done at first-proof.

Also merges BP's stricter hash_to_point with the library's, since CLSAG 
has the same bound.
2022-07-26 03:25:57 -04:00
Luke Parker
ee29f6d6d8
Implement Bulletproofs in Rust (#69)
* Initial attempt at Bulletproofs

I don't know why this doesn't work. The generators and hash_cache lines
up without issue. AFAICT, the inner product proof is valid as well, as
are all included formulas.

* Add yinvpow asserts

* Clean code

* Correct bad imports

* Fix the definition of TWO_N

Bulletproofs work now :D

* Tidy up a bit

* fmt + clippy

* Compile a variety of XMR dependencies with optimizations, even under dev

The Rust bulletproof implementation is 8% slower than C right now, under 
release. This is acceptable, even if suboptimal. Under debug, they take 
a quarter of a second to two seconds though, depending on the amount of 
outputs, which justifies this move.

* Remove unnecessary deref in BPs
2022-07-26 02:05:15 -05:00
Luke Parker
f25bd88030
Test bulletproof creation and verification 2022-07-24 09:00:55 -04:00
Luke Parker
10ab467160
Don't use a constant for H yet re-calculate it 2022-07-24 08:57:33 -04:00
Luke Parker
42d62c38b9
Remove the Monero build (#64)
* Remove the Monero CMake and make

* Download the Monero daemon instead of building it

* Cache the Monero daemon

Prevents hammering the Monero servers, should reduce CI time.

* Correct YAML

* Add back sodium-dev

* Create an independent job for downloading the Monero daemon

Improves parallelism while decreasing the amount of work re-done if 
build fails. Also increases modularity.

* Correct Monero job definition

* Correct skipping the Monero download on cache hit
2022-07-23 03:35:32 -05:00
Luke Parker
b80c1bec4c
Update dependencies
ethers previously used a git spec due to depending on not-yet-published 
updates. Now that they've been released, a properly published version is 
used.
2022-07-22 12:36:30 -04:00
noot
bd93d6ec8a
set up CI (#45)
* begin to setup ci

* attempt to fix build

* fix paths in build script

* fix

* satisfy clippy

* update fmt check to use nightly

* use nightly for build

* fmt

* fix fmt install

* update test script

* try to fix fmt

* merge w develop

* maybe fix build script

* install wasm toolchain

* install solc-select, use stable rust to build

* Correct clippy warnings

Currently intended to be done with:
cargo clippy --features "recommended merlin batch serialize experimental 
ed25519 ristretto p256 secp256k1 multisig" -- -A clippy::type_complexity 
-A dead_code

* Remove try-runtime

I tried to get this to work for an hour. I have no idea why it doesn't, 
yet it doesn't.

* Rewrite workflow

Splits tasks into a more modular structure. Also uses 
actions-rs/toolchain.

* Add a cache

* Immediately try building ETH/Monero while this is fixed

Adds solc-select use.

* Revert selective advance building of ETH/XMR

ETH builds now, so it hopefully should work now.

Also moves from on push to on push to develop.

* Install Monero runtime dependencies

Specify missing Rust toolchain setting.

* Correct multi-line commands

* Fix multi-line commands again

Cache Ethereum artifacts.

* Add Foundry

* Move Clippy under build

* Minimal rustup

Adds wasm Clippy. Puts Clippy before build.

* Use nightly clippy

* Remove old clippy call from under build

* Have the Monero build script support ARCH specification

Requirement for CI.

* Add WASM toolchain to tests

* Remove Ethereum cache which did not work as needed

* Remove extraneous quotes which broke builds on Arch

Co-authored-by: Luke Parker <lukeparker5132@gmail.com>
2022-07-22 11:31:29 -05:00
Luke Parker
76a7160ea5
Correct clippy warnings
Currently intended to be done with:
cargo clippy --features "recommended merlin batch serialize experimental 
ed25519 ristretto p256 secp256k1 multisig" -- -A clippy::type_complexity 
-A dead_code
2022-07-22 02:35:17 -04:00
silverpill
194c5acebb Fix compilation errors in monero-serai 2022-07-17 16:55:49 -05:00
Luke Parker
2bddce2087
Add a patch for zip so ethereum-serai doesn't conflict with Substrate
Also commits the lock file and updates documentation.
2022-07-16 17:49:35 -04:00
noot
c589743e2b
ethereum: implement schnorr verification contract deployment and related crypto (#36)
* basic schnorr verify working

* add schnorr-verify as submodule

* remove previous code

* Misc Ethereum work which will probably be disregarded

* add ecrecover hack test, worksgit add src/

* merge w develop

* starting w/ rust-web3

* trying to use ethers

* deploy_schnorr_verifier_contract finally working

* modify EthereumHram to use 27/28 for point parity

* updated address calc, solidity schnorr verify now working

* add verify failure to test

* update readme

* move ethereum/ to coins/

* un fmt coins/monero

* update .gitmodules

* fix cargo paths

* fix coins/monero

* add #[allow(non_snake_case)]

* un-fmt stuff

* move crypto to coins/ethereum

* move unit tests to ethereum/tests

* remove js, build w ethers

* update .gitignore

* address comments

* add q != 0 check

* update contract param order

* update contract license to AGPL

* update ethereum-serai license to GPL and fmt

* GPLv3 for ethereum-serai

* AGPLv3 for ethereum-serai

* actually fix license

Co-authored-by: Luke Parker <lukeparker5132@gmail.com>
2022-07-16 16:45:41 -05:00
Luke Parker
e67033a207 Apply an initial set of rustfmt rules 2022-07-16 15:16:30 -05:00
Luke Parker
5ede5b9e8f
Update the DLEq proof for any amount of generators
The two-generator limit wasn't required nor beneficial. This does 
theoretically optimize FROST, yet not for any current constructions. A 
follow up proof which would optimize current constructions has been 
noted in #38.

Adds explicit no_std support to the core DLEq proof.

Closes #34.
2022-07-13 23:29:48 -04:00
Luke Parker
95a4101a9a
Tweak the hash_to_point test
It ran for too long and had a "test_" prefix not shared with other 
tests.
2022-07-13 02:48:36 -04:00
Luke Parker
6cc8ce840e
Move FROST to Read
Fixes https://github.com/serai-dex/serai/issues/33 and 
https://github.com/serai-dex/serai/issues/35. Also fixes a few potential 
panics/DoS AFAICT.
2022-07-13 02:38:29 -04:00
Luke Parker
d81f6270c7
Version bump and synchronize packages
Uses "dleq-serai", instead of "dleq", as the dleq crate name hasn't been 
transferred yet :(
2022-07-12 03:38:59 -04:00
Luke Parker
5eb61f3a87
Fix https://github.com/serai-dex/serai/issues/14. 2022-07-12 01:28:01 -04:00
Luke Parker
953a873338
Implement hash_to_point in Rust
Closes https://github.com/serai-dex/serai/issues/32.
2022-07-10 16:12:49 -04:00
Luke Parker
854fca3806
Close https://github.com/serai-dex/serai/issues/30.
An extremely minimal subset of Monero is now all that's built, and I'm 
sufficiently happy with it.
2022-07-09 21:51:39 -04:00
Luke Parker
53267a46c8
Return Timelocked instead of (Timelock, Vec<SpendableOutput>)
Timelocked doesn't expose the Vec yet requires calling not_locked(), 
unlocked(Timelock), or ignore_timelock().
2022-07-09 18:53:52 -04:00
Luke Parker
c5f75568cd
Add READMEs to Serai and Monero 2022-07-08 16:23:26 -04:00
Luke Parker
f7106f09ed
Add further must_uses 2022-07-07 14:28:42 -04:00
Luke Parker
6c76458063
Statically link Monero
Closes https://github.com/serai-dex/serai/issues/11.
2022-07-07 14:13:24 -04:00
Luke Parker
7d13be5797
Update Monero submodule 2022-07-07 09:53:31 -04:00
Luke Parker
5d115f1e1c
Implement a DLEq library
While Serai only needs the simple DLEq which was already present under 
monero, this migrates the implementation of the cross-group DLEq I 
maintain into Serai. This was to have full access to the ecosystem of 
libraries built under Serai while also ensuring support for it.

The cross_group curve, which is extremely experimental, is feature 
flagged off. So is the built in serialization functionality, as this 
should be possible to make nostd once const generics are full featured, 
yet the implemented serialization adds the additional barrier of 
std::io.
2022-06-30 05:42:29 -04:00
Luke Parker
0a690f5632
Update the reference link for Guaranteed Addresses
Also lints Cargo.toml.
2022-06-30 03:16:51 -04:00
Luke Parker
3de7a76051
Use GroupEncoding instead of Curve's from_slice/to_bytes
Increases usage of standardization while expanding dalek_ff_group.

Closes https://github.com/serai-dex/serai/issues/26 by moving 
dfg::EdwardsPoint to only be for the prime subgroup.
2022-06-28 01:25:26 -04:00
Luke Parker
ac17645fc8
Rename MultisigParams/MultisigKeys/MultisigView to Frost* 2022-06-28 00:09:41 -04:00
Luke Parker
7c86e4593a
Implement Guaranteed Addresses
Closes https://github.com/serai-dex/serai/issues/27.

monero-rs is now solely used for Extra encoding.
2022-06-28 00:01:20 -04:00
Luke Parker
7b70baaa96
Rename transcript-trait to flexible-transcript
It offers the trait for flexibility, yet it also offers an incredibly 
competent (and logical) transcript format, along with a Merlin wrapper.
2022-06-27 09:02:21 -04:00
Luke Parker
60254a0171
Reorganize FROST's handling of curves 2022-06-24 19:47:19 -04:00
Luke Parker
a46524f0ce
Supply a RecommendedTranscript type of DT<Blake2b512> 2022-06-24 18:58:24 -04:00
Luke Parker
1d4018c1ba
Correct when the decoys distribution lock is acquired
The existing design maintained a non-Send object across async contexts.
2022-06-24 08:41:05 -04:00
Luke Parker
1caa6a9606
Enforce FROST StateMachine progression via the type system
A comment on the matter was made in 
https://github.com/serai-dex/serai/issues/12. While I do believe the API 
is slightly worse, I appreciate the explicitness.
2022-06-24 08:40:14 -04:00
Luke Parker
462d0e74ce
Pre-allocate the distribution 2022-06-20 23:10:13 -04:00
Luke Parker
f10bd5feee
Cache output distribution
Also moves to the expected sanity median
2022-06-20 23:00:49 -04:00
Luke Parker
9d817a00b2
Correct Monero's extra length calculation for fee calculation 2022-06-19 12:19:57 -04:00
Luke Parker
f50f249468
Add fee handling code to Monero
Updates how change outputs are handled, with a far more logical 
construction offering greater flexibility.

prepare_outputs can not longer error. SignaableTransaction::new will.
2022-06-19 12:03:01 -04:00
Luke Parker
71fca06120
Correct monero/processor dependencies 2022-06-19 07:52:03 -04:00
Luke Parker
b4c1adcdfb
Rename FROST's official package name and update documentation 2022-06-19 05:21:22 -04:00
Luke Parker
32473d9976
Route networking through Wallet, not Coin 2022-06-10 09:36:07 -04:00
Luke Parker
b91279f4ce
Support sending to subaddresses 2022-06-10 02:38:19 -04:00
Luke Parker
1ef528bf8c
Bound decoy selection to prevent it from infinite looping 2022-06-10 00:32:56 -04:00
Luke Parker
e1831ee5af
Error when a message is passed to a Monero TransactionMachine 2022-06-10 00:20:59 -04:00
Luke Parker
d611300adb
Error when the wrong spend key is used to sign a transaction
Moves decoy selection to being the last step in the multisig process so 
the RPC is only polled to continue valid transactions.
2022-06-09 04:05:57 -04:00
Luke Parker
27751d8d98
Successfully get processor to send a transaction out
Modifies FROST behavior so group_key has the offset applied regardless 
of if view was called. The unaltered secret_share and 
verification_shares (as they have differing values depending on the 
signing set) are no longer publicly accessible.
2022-06-09 02:48:53 -04:00
Luke Parker
670ea3726f
Correct a warning when building Monero without multisig 2022-06-06 04:28:52 -04:00
Luke Parker
301634dd8e
Add support for Ristretto
Replaces P-256 as the curve used for testing FROST.
2022-06-06 04:22:49 -04:00
Luke Parker
e0ce6e5c12
Add Ed25519 to FROST and remove expand_xmd for elliptic_curve's
Doesn't fully utilize ec's hash2curve module as k256 Scalar doesn't have 
FromOkm for some reason. The previously present bigint reduction is 
preserved.

Updates ff/group to 0.12.

Premised on https://github.com/cfrg/draft-irtf-cfrg-frost/pull/205 being 
merged, as while this Ed25519 is vector compliant, it's technically not 
spec compliant due to that conflict.
2022-06-06 02:18:25 -04:00
Luke Parker
5313210526
Monero prepare_send 2022-06-05 15:10:50 -04:00
Luke Parker
fdb1929ba4
Move to Arc/RwLock 2022-06-05 07:33:15 -04:00
Luke Parker
3617ed4eb7
Use const values for our traits where we can 2022-06-03 23:22:08 -04:00
Luke Parker
9b52cf4d20
Generalize out the FROST test for signing/signing with an offset
Moves Schnorr signature tests from test_curve to the new test_schnorr, 
which is more a test_frost.

Relevant to https://github.com/serai-dex/serai/issues/9.
2022-06-03 19:08:25 -04:00
Luke Parker
f8d127bf8a
Add FROST Ed25519 test vectors 2022-06-03 03:56:17 -04:00
Luke Parker
b4cd29f49a
Finish implementing FROST v5
Identity check for P256 and H4 was all that was needed.
2022-06-03 02:00:38 -04:00
Luke Parker
e4fc469e58
Use a transcript when generating the per-chain binding for a given set of keys
While it was fine as-is, as it only had one variable length property, 
this is a bit more robust. Also binds the Curve ID, which should declare 
differently even for just different basepoints, and therefore adds two 
variable length properties (justifying the transcript).
2022-06-03 01:37:12 -04:00
Luke Parker
44452d9bfe
Verify being FROST v5 compliant
No functional changes have been made to signing, with solely slight API 
changes being made.

Technically not actually FROST v5 compatible, due to differing on zero 
checks and randomness, yet the vectors do confirm the core algorithm. 
For any valid FROST implementation, this will be interoperable if they 
can successfully communicate. For any devious FROST implementation, this 
will be fingerprintable, yet should still be valid.

Relevant to https://github.com/serai-dex/serai/issues/9 as any curve can 
now specify vectors for itself and be tested against them.

Moves the FROST testing curve from k256 to p256. Does not expose p256 
despite being compliant. It's not at a point I'm happy with it, notably 
regarding hash to curve, and I'm not sure I care to support p256. If it 
has value to the larger FROST ecosystem...
2022-06-03 01:25:46 -04:00
Luke Parker
dfd2f624ee
Implement a proper Monero Timelock type
Transaction scanning now returns the timelock to ensure it's 
acknowledged by wallets.

Fixes https://github.com/serai-dex/serai/issues/16.
2022-06-02 00:00:26 -04:00
Luke Parker
2ae715f899
Ignore transactions which use a timelock 2022-06-01 17:14:57 -04:00
Luke Parker
7b4c5dbe52
Remove rng_seed's additional entropy
It was never used as we derive entropy via the other fields in the 
transcript, and explicitly add fields directly as needed for entropy.

Also drops an unused crate and corrects a bug in FROST's Schnorr 
implementation which used the Group's generator, instead of the Curve's.

Also updates the Monero crate's description.
2022-05-31 02:12:14 -04:00
Luke Parker
e504266c80
Remove the experimental feature from monero
It's been unused since we redid the types.
2022-05-30 18:04:57 -04:00
Luke Parker
bfa15283f5
Remove Monero's test FROST file in favor of FROST"s exposed test files
Moves private key recovery for given keys into FROST.
2022-05-30 16:37:51 -04:00
Luke Parker
ce4c899422
Remove "as", except for floats as needed
Also updates Bulletproofs from C to not be length prefixed, yet rather 
have Rust calculate their length.

Corrects an error in key_gen where self was blamed, instead of the 
faulty participant.
2022-05-30 02:14:34 -04:00
Luke Parker
244d1b6b68
Clarify FROST's hash functions
Updates the keygen challenge to a format not vulnerable to collisions 
due to having multiple variable length elements.
2022-05-28 20:34:44 -04:00
Luke Parker
b5bdb545cc
Add basic key management to the processor 2022-05-28 19:57:10 -04:00
Luke Parker
e950b9682b
Add get_block_transactions_possible which automatically filters invalid TXs
Adds Clone to the various error types, which they already should've had.
2022-05-28 05:08:37 -04:00
Luke Parker
ba032cca4a
Optimize decoy selection
Saves roughly 0.8s when running the tests, which took 16.6s and now take 
15.8 (5%).

Removes the larger sample size, which replaced the closest selected 
decoy with the real spend, per advice of Rucknium.
2022-05-28 03:17:02 -04:00
Luke Parker
c90e957e6a
Add a batch verifier to multiexp, along with constant time variants
Saves ~8% during FROST key gen, even with dropping a vartime for a 
constant time (as needed to be secure), as the new batch verifier is 
used where batch verification previously wasn't. The new multiexp API 
itself also offered a very slight performance boost, which may solely be 
a measurement error.

Handles most of https://github.com/serai-dex/serai/issues/10. The blame 
function isn't binary searched nor randomly sorted yet.
2022-05-27 00:52:44 -04:00
Luke Parker
4ddb838a5a
Drop the Monero patch version spec now that it's no longer relevant
Also adds a comment to FROST.
2022-05-26 03:52:45 -04:00
Luke Parker
5ca0945cbf
Implement serialization for SpendableOutput
Changes the output index to a u8. While it may expand to a u16 at some 
point, this can remain canonical using little endian serialization while 
dropping the latter byte if it's 0 (or simply only using u16 when it's 
actually possible).
2022-05-26 03:51:27 -04:00
Luke Parker
3a2e5bea0d
Move the CLSAG test to the newly modular FROST test setup 2022-05-25 00:30:51 -04:00
Luke Parker
d67d6f2f98
Add PartialEq to structs 2022-05-25 00:21:01 -04:00
Luke Parker
d10c6e16dc
Move FROST to HashMaps
Honestly, the borrowed keys are frustrating, and this probably reduces 
performance while no longer offering an order when iterating. That said, 
they enable full u16 indexing and should mildly improve the API.

Cleans the Proof of Knowledge handling present in key gen.
2022-05-24 21:41:14 -04:00
Luke Parker
5ff65bd268
Move the DLEQProof to a Transcript 2022-05-23 03:24:33 -04:00
Luke Parker
0eb2386ef0
Have the C++ RNG apply a DST 2022-05-22 15:56:12 -04:00
Luke Parker
30529038f2
Move serialize from a folder to a file 2022-05-22 02:24:35 -04:00
Luke Parker
cc65b6e055
Move RingCT code to a deciated folder
Should help keep things ordered as more RingCT code is added.
2022-05-22 02:24:24 -04:00
Luke Parker
790e89902a
Override Monero's random function with a Rust-seedable random
Closes https://github.com/serai-dex/serai/issues/2. Also finishes the 
implementation of 
https://github.com/monero-project/research-lab/issues/103.
2022-05-22 01:56:17 -04:00
Luke Parker
0c01ad69d8
Correct RctPrunable decoding 2022-05-21 23:16:06 -04:00
Luke Parker
882d67838e
Fix test failure reporting 2022-05-21 22:23:16 -04:00
Luke Parker
e1fd462a50
Properly calculate uniqueness when creating change outputs
It was missing sorting its inputs by their key images.
2022-05-21 21:44:57 -04:00
Luke Parker
890f7104f7
Remove a stray dbg 2022-05-21 21:39:20 -04:00
Luke Parker
ec6927e66e
Add Clone/Debug derivations to structs 2022-05-21 21:36:28 -04:00
Luke Parker
703b18c6e8
Implement Block types
Finishes updating the RPC to not use monero, tests now pass
2022-05-21 21:35:25 -04:00
Luke Parker
3282b19536
Transaction deserialization 2022-05-21 20:27:21 -04:00
Luke Parker
aa5d95ef1d
Changes meant for the previous commit 2022-05-21 20:26:28 -04:00
Luke Parker
517db6448a
Remove monero-rs types
Still missing an updated RPC file. Restructures the library as it makes 
sense
2022-05-21 15:33:35 -04:00
Luke Parker
573f847a9b
Implement shared key derivation according to https://github.com/monero-project/research-lab/issues/103
Currently solely used for single signer change outputs, intended to be 
used for funds into Serai and multisig change outputs (dependent on #2).

Also cleans the file layout, makes scanning a bit more robust, doesn't 
return outputs of amount 0, and shuffles outputs.
2022-05-20 01:03:54 -04:00
Luke Parker
8945b50988
Minor lint 2022-05-19 16:49:45 -04:00
Luke Parker
90fccc444b
Remove .is_some() unwraps for if let Some 2022-05-18 01:08:54 -04:00
Luke Parker
7c0886a113
Support signing Monero TXs with multiple inputs
Remove's CLSAG's msg Rc for the msg available through AlgorithmMachine. 
Potentially slightly more inefficient, as it needs to be converted from 
a slice to a [u8; 32], yet removes a re-impl.

Also removes a match for an if.
2022-05-18 00:53:13 -04:00
Luke Parker
3a13f80bdd
Patch for previous commit 2022-05-17 19:51:04 -04:00
Luke Parker
fd0fd77cf5
Simplify Monero key image handling 2022-05-17 19:15:53 -04:00
Luke Parker
3f02ab3037
Optimize decoy selection by batching the get_outputs call per input 2022-05-14 02:12:54 -04:00
Luke Parker
bf4d83ba70
Remove simd_backend as a used dalek feature
It's great performance yet not mandatory.
2022-05-14 00:59:14 -04:00
Luke Parker
94bd30083b
Slightly simplify CLSAG signing
Expands its test to test all possible ring indexes, though just 0 and a 
single n would be sufficient.
2022-05-14 00:45:13 -04:00
Luke Parker
0aeab04c70
Move Rust definitions of C functions to their respective files 2022-05-13 20:26:53 -04:00
Luke Parker
3533e66c7f
Add Rust CLSAG verification
Marked experimental, not guaranteed to match Monero yet
2022-05-13 20:26:29 -04:00
Luke Parker
bb840da44d
Get Monero tests to pass on a brand new network
Updates decoy selection with an explicit panic, the removal of a divide 
by 0 (causing tests to fail on new chains), and a minor optimization 
when dealing with a large quantity of locked outputs.

Also increases documentation, acknowledging infinite loops and breakage 
from Monero more.
2022-05-13 00:05:34 -04:00
Luke Parker
3e7598315c
Reorganize CLSAG sign flow 2022-05-06 19:07:37 -04:00
Luke Parker
a541903895
Replace the term mixin with decoy
https://libera.monerologs.net/monero-research-lab/20211002#c34977
2022-05-06 08:12:30 -04:00
Luke Parker
3dab26cd94
Correct discrepancies with the IETF draft
While all the transcript/extension code works as expected, which means, 
they don't cause any conflicts, n was still capped at u64::MAX at 
creation when it needs to be u16. Furthermore, participant index and 
scalars/points were little endian instead of big endian/curve dependent.
2022-05-06 07:49:18 -04:00
Luke Parker
b443747994
Remove more specific versions from the monero package 2022-05-06 07:33:44 -04:00
Luke Parker
964cb357e6
Use a global transcript 2022-05-06 07:33:08 -04:00
Luke Parker
cc9c2e0d40
Use dom-sep tags in the transcripts
Also simplifies form in some places
2022-05-06 01:35:23 -04:00
Luke Parker
0f481773df
Use a gamma distribution for mixin selection 2022-05-04 08:18:43 -04:00
Luke Parker
f856faa762
Implement simple random mixin selection which passes sanity 2022-05-04 06:24:52 -04:00
Luke Parker
9a42391b75
Cleanup which makes transcript optional, only required for multisig 2022-05-03 08:49:46 -04:00
Luke Parker
bf257b3a1f
Transcript crate with both a merlin backend and a basic label len value backend
Moves binding factor/seeded RNGs over to the transcripts.
2022-05-03 07:20:24 -04:00
Luke Parker
87f38cafe4
Rename sign folder to crypto
Inspired by #3 and #5.
2022-05-03 00:46:50 -04:00
Luke Parker
9ccf683e9d
Working multisig TXs 2022-04-30 04:32:19 -04:00
Luke Parker
d6649fffb1
Merge InputMultisig into Multisig
There's no reason to use the latter.
2022-04-30 01:43:15 -04:00
Luke Parker
22ac5ce3b6
Update the CLSAG multisig API for TX signing 2022-04-30 01:41:05 -04:00
Luke Parker
d0506e2e9b
Make a trait out of sign::StateMachine for more complex Transaction flows 2022-04-29 22:36:43 -04:00
Luke Parker
27396a6291
Implement a CLSAG algorithm extension which also does key images
Practically, this should be mergeable. There's little reason to do a 
CLSAG and not also a key image. Keeps them isolated for now.
2022-04-29 22:03:34 -04:00
Luke Parker
45559e14ee
Various corrections to multisig API 2022-04-29 15:28:04 -04:00
Luke Parker
8821eb0984
Consolidate FROST testing code 2022-04-28 21:47:25 -04:00
Luke Parker
777bb3df34
Add a send test 2022-04-28 20:41:43 -04:00
Luke Parker
1d0a0c7c16
Clean up code, correct a few bugs, add leader based one-time-key/BP gen 2022-04-28 20:09:31 -04:00
Luke Parker
c4b7cb71d7
Move SignableInput to clsag::Input 2022-04-28 17:29:56 -04:00
Luke Parker
7ed1fca270
Use a SeedableRng for CLSAG multisig signing 2022-04-28 17:12:54 -04:00
Luke Parker
20f214c300
Update CLSAG multisig to work again 2022-04-28 12:01:20 -04:00
Luke Parker
f3a5e3c27e
Implement TX creation
Updates CLSAG signing as needed. Moves around Error types.

CLSAG multisig and the multisig feature is currently completely borked 
because of this. The created TXs are accepted by Monero nodes.
2022-04-28 03:31:09 -04:00
Luke Parker
b10b531311
Correct the placement of the wrapper rebuild in the build script 2022-04-27 22:49:18 -04:00