Not only did we already have multiple booleans in it, yet it theoretically
could expand in the future. Not only is this more explicit, it actually cleans
some existing code.
commit e0a9e8825d6c22c797fb84e26ed6ef10136ca9c2
Author: Luke Parker <lukeparker5132@gmail.com>
Date: Fri Jan 6 04:24:08 2023 -0500
Remove Scanner::address
It either needed to return an Option, panic on misconfiguration, or return a
distinct Scanner type based on burning bug immunity to offer this API properly.
Panicking wouldn't be proper, and the Option<Address> would've been... awkward.
The new register_subaddress function, maintaining the needed functionality,
also provides further clarity on the intended side effect of the previously
present Scanner::address function.
commit 7359360ab2fc8c9255c6f58250c214252ce217a4
Author: Luke Parker <lukeparker5132@gmail.com>
Date: Fri Jan 6 01:35:02 2023 -0500
fmt/clippy from last commit
commit 80d912fc19cd268f3b019a9d9961a48b2c45e828
Author: Luke Parker <lukeparker5132@gmail.com>
Date: Thu Jan 5 19:36:49 2023 -0500
Add Substrate "assets" pallet
While over-engineered for our purposes, it's still usable.
Also cleans the runtime a bit.
commit 2ed2944b6598d75bdc3c995aaf39b717846207de
Author: Luke Parker <lukeparker5132@gmail.com>
Date: Wed Jan 4 23:09:58 2023 -0500
Remove the timestamp pallet
It was needed for contracts, which has since been removed. We now no longer
need it.
commit 7fc1fc2dccecebe1d94cb7b4c00f2b5cb271c87b
Author: Luke Parker <lukeparker5132@gmail.com>
Date: Wed Jan 4 22:52:41 2023 -0500
Initial validator sets pallet (#187)
* Initial work on a Validator Sets pallet
* Update Validator Set docs per current discussions
* Update validator-sets primitives and storage handling
* Add validator set pallets to deny.toml
* Remove Curve from primitives
Since we aren't reusing keys across coins, there's no reason for it to be
on-chain (as previously planned).
* Update documentation on Validator Sets
* Use Twox64Concat instead of Identity
Ensures an even distribution of keys. While xxhash is breakable, these keys
aren't manipulatable by users.
* Add math ops on Amount and define a coin as 1e8
* Add validator-sets to the runtime and remove contracts
Also removes the randomness pallet which was only required by the contracts
runtime.
Does not remove the contracts folder yet so they can still be referred to while
validator-sets is under development. Does remove them from Cargo.toml.
* Add vote function to validator-sets
* Remove contracts folder
* Create an event for the Validator Sets pallet
* Remove old contracts crates from deny.toml
* Remove line from staking branch
* Remove staking from runtime
* Correct VS Config in runtime
* cargo update
* Resolve a few PR comments on terminology
* Create a serai-primitives crate
Move types such as Amount/Coin out of validator-sets. Will be expanded in the
future.
* Fixes for last commit
* Don't reserve set 0
* Further fixes
* Add files meant for last commit
* Remove Staking transfer
commit 3309295911d22177bd68972d138aea2f8658eb5f
Author: Luke Parker <lukeparker5132@gmail.com>
Date: Wed Jan 4 06:17:00 2023 -0500
Reorder coins in README by market cap
commit db5d19cad33ccf067d876b7f5b7cca47c228e2fc
Author: Luke Parker <lukeparker5132@gmail.com>
Date: Wed Jan 4 06:07:58 2023 -0500
Update README
commit 606484d744b1c6cc408382994c77f1def25d3e7d
Author: Luke Parker <lukeparker5132@gmail.com>
Date: Wed Jan 4 03:17:36 2023 -0500
cargo update
commit 3a319b229f
Author: akildemir <aeg_asd@hotmail.com>
Date: Wed Jan 4 16:26:25 2023 +0300
update address public API design
commit d9fa88fa76
Author: akildemir <aeg_asd@hotmail.com>
Date: Mon Jan 2 13:35:06 2023 +0300
fix clippy error
commit cc722e897b
Merge: cafa9b3eeca440
Author: akildemir <aeg_asd@hotmail.com>
Date: Mon Jan 2 11:39:04 2023 +0300
Merge https://github.com/serai-dex/serai into develop
commit cafa9b361e
Author: akildemir <aeg_asd@hotmail.com>
Date: Mon Jan 2 11:38:26 2023 +0300
fix build errors
commit ce5b5f2b37
Merge: f502d6749c4acf
Author: akildemir <aeg_asd@hotmail.com>
Date: Sun Jan 1 15:16:25 2023 +0300
Merge https://github.com/serai-dex/serai into develop
commit f502d67282
Author: akildemir <aeg_asd@hotmail.com>
Date: Thu Dec 22 13:13:09 2022 +0300
fix pr issues
commit 26ffb226d4
Author: akildemir <aeg_asd@hotmail.com>
Date: Thu Dec 22 13:11:43 2022 +0300
remove extraneous rpc call
commit 0e829f8531
Author: akildemir <aeg_asd@hotmail.com>
Date: Thu Dec 15 13:56:53 2022 +0300
add scan tests
commit 5123c7f121
Author: akildemir <aeg_asd@hotmail.com>
Date: Thu Dec 15 13:56:13 2022 +0300
add new address functions & comments
* Remove the explicit included participants from FROST
Now, whoever submits preprocesses becomes the signing set. Better separates
preprocess from sign, at the cost of slightly more annoying integrations
(Monero needs to now independently lagrange/offset its key images).
* Support caching preprocesses
Closes https://github.com/serai-dex/serai/issues/40.
I *could* have added a serialization trait to Algorithm and written a ton of
data to disk, while requiring Algorithm implementors also accept such work.
Instead, I moved preprocess to a seeded RNG (Chacha20) which should be as
secure as the regular RNG. Rebuilding from cache simply loads the previously
used Chacha seed, making the Algorithm oblivious to the fact it's being
rebuilt from a cache. This removes any requirements for it to be modified
while guaranteeing equivalency.
This builds on the last commit which delayed determining the signing set till
post-preprocess acquisition. Unfortunately, that commit did force preprocess
from ThresholdView to ThresholdKeys which had visible effects on Monero.
Serai will actually need delayed set determination for #163, and overall,
it remains better, hence it's inclusion.
* Document FROST preprocess caching
* Update ethereum to new FROST
* Fix bug in Monero offset calculation and update processor
A type alias of MoneroAddress is provided to abstract away the generic.
To keep the rest of the library sane, MoneroAddress is used everywhere.
If someone wants to use this library with another coin, they *should* be
able to parse a custom address and then recreate it as a Monero address.
While that's annoying to them, better them than any person using this
lib for Monero.
Closes#152.
* Add dkg crate
* Remove F_len and G_len
They're generally no longer used.
* Replace hash_to_vec with a provided method around associated type H: Digest
Part of trying to minimize this trait so it can be moved elsewhere. Vec,
which isn't std, may have been a blocker.
* Encrypt secret shares within the FROST library
Reduces requirements on callers in order to be correct.
* Update usage of Zeroize within FROST
* Inline functions in key_gen
There was no reason to have them separated as they were. sign probably
has the same statement available, yet that isn't the focus right now.
* Add a ciphersuite package which provides hash_to_F
* Set the Ciphersuite version to something valid
* Have ed448 export Scalar/FieldElement/Point at the top level
* Move FROST over to Ciphersuite
* Correct usage of ff in ciphersuite
* Correct documentation handling
* Move Schnorr signatures to their own crate
* Remove unused feature from schnorr
* Fix Schnorr tests
* Split DKG into a separate crate
* Add serialize to Commitments and SecretShare
Helper for buf = vec![]; .write(buf).unwrap(); buf
* Move FROST over to the new dkg crate
* Update Monero lib to latest FROST
* Correct ethereum's usage of features
* Add serialize to GeneratorProof
* Add serialize helper function to FROST
* Rename AddendumSerialize to WriteAddendum
* Update processor
* Slight fix to processor
* Create message types for FROST key gen
Taking in reader borrows absolutely wasn't feasible. Now, proper types
which can be read (and then passed directly, without a mutable borrow)
exist for key_gen. sign coming next.
* Move FROST signing to messages, not Readers/Writers/Vec<u8>
Also takes the nonce handling code and makes a dedicated file for it,
aiming to resolve complex types and make the code more legible by
replacing its previously inlined state.
* clippy
* Update FROST tests
* read_signature_share
* Update the Monero library to the new FROST packages
* Update processor to latest FROST
* Tweaks to terminology and documentation
Unbeknowst to me, height doesn't have a universal definition of the
chain length.
Bitcoin defines height as the block number, with getblockcount existing
for the chain length.
Ethereum uses the unambiguous term "block number".
Monero defines height as both the block number and the chain length.
Instead of arguing about who's right, it's agreed it referring to both
isn't productive. While we could provide our own definition, taking a
side, moving to the unambiguous block number prevents future hiccups.
height is now only a term in the Monero code, where it takes its
Monero-specific definition, as documented in the processor.
Creates a new monero-generators crate so the monero crate can run the
code in question at build time.
Saves several seconds from running the tests.
Closes https://github.com/serai-dex/serai/issues/101.
* Apply Zeroize to nonces used in Bulletproofs
Also makes bit decomposition constant time for a given amount of
outputs.
* Fix nonce reuse for single-signer CLSAG
* Attach Zeroize to most structures in Monero, and ZOnDrop to anything with private data
* Zeroize private keys and nonces
* Merge prepare_outputs and prepare_transactions
* Ensure CLSAG is constant time
* Pass by borrow where needed, bug fixes
The past few commitments have been one in-progress chunk which I've
broken up as best read.
* Add Zeroize to FROST structs
Still needs to zeroize internally, yet next step. Not quite as
aggressive as Monero, partially due to the limitations of HashMaps,
partially due to less concern about metadata, yet does still delete a
few smaller items of metadata (group key, context string...).
* Remove Zeroize from most Monero multisig structs
These structs largely didn't have private data, just fields with private
data, yet those fields implemented ZeroizeOnDrop making them already
covered. While there is still traces of the transaction left in RAM,
fully purging that was never the intent.
* Use Zeroize within dleq
bitvec doesn't offer Zeroize, so a manual zeroing has been implemented.
* Use Zeroize for random_nonce
It isn't perfect, due to the inability to zeroize the digest, and due to
kp256 requiring a few transformations. It does the best it can though.
Does move the per-curve random_nonce to a provided one, which is allowed
as of https://github.com/cfrg/draft-irtf-cfrg-frost/pull/231.
* Use Zeroize on FROST keygen/signing
* Zeroize constant time multiexp.
* Correct when FROST keygen zeroizes
* Move the FROST keys Arc into FrostKeys
Reduces amount of instances in memory.
* Manually implement Debug for FrostCore to not leak the secret share
* Misc bug fixes
* clippy + multiexp test bug fixes
* Correct FROST key gen share summation
It leaked our own share for ourself.
* Fix cross-group DLEq tests
Considering they take 7 seconds to generate, thanks to #68, the ability
to generate them at the start instead of on first BP is greatly
appreciated.
Also performs minor cleanups regarding BPs.
* Initial stab at Bulletproofs+
Does move around the existing Bulletproofs code, does still work as
expected.
* Make the Clsag RCTPrunable type work with BP and BP+
* Initial set of BP+ bug fixes
* Further bug fixes
* Remove RING_LEN as a constant
* Monero v16 TX support
Doesn't implement view tags, nor going back to v14, nor the updated BP
clawback logic.
* Support v14 and v16 at the same time
Currently intended to be done with:
cargo clippy --features "recommended merlin batch serialize experimental
ed25519 ristretto p256 secp256k1 multisig" -- -A clippy::type_complexity
-A dead_code
Increases usage of standardization while expanding dalek_ff_group.
Closes https://github.com/serai-dex/serai/issues/26 by moving
dfg::EdwardsPoint to only be for the prime subgroup.
Payments weren't properly selected, as it'd drain a sequential series
instead of the specified set, and inputs had a memory condition Rust
couldn't prove was safe.
Modifies FROST behavior so group_key has the offset applied regardless
of if view was called. The unaltered secret_share and
verification_shares (as they have differing values depending on the
signing set) are no longer publicly accessible.
While it was fine as-is, as it only had one variable length property,
this is a bit more robust. Also binds the Curve ID, which should declare
differently even for just different basepoints, and therefore adds two
variable length properties (justifying the transcript).