serai/coins/monero
Luke Parker 11fdb6da1d
Coordinator Cleanup (#481)
* Move logic for evaluating if a cosign should occur to its own file

Cleans it up and makes it more robust.

* Have expected_next_batch return an error instead of retrying

While convenient to offer an error-free implementation, it potentially caused
very long lived lock acquisitions in handle_processor_message.

* Unify and clean DkgConfirmer and DkgRemoval

Does so via adding a new file for the common code, SigningProtocol.

Modifies from_cache to return the preprocess with the machine, as there's no
reason not to. Also removes an unused Result around the type.

Clarifies the security around deterministic nonces, removing them for
saved-to-disk cached preprocesses. The cached preprocesses are encrypted as the
DB is not a proper secret store.

Moves arguments always present in the protocol from function arguments into the
struct itself.

Removes the horribly ugly code in DkgRemoval, fixing multiple issues present
with it which would cause it to fail on use.

* Set SeraiBlockNumber in cosign.rs as it's used by the cosigning protocol

* Remove unnecessary Clone from lambdas in coordinator

* Remove the EventDb from Tributary scanner

We used per-Transaction DB TXNs so on error, we don't have to rescan the entire
block yet only the rest of it. We prevented scanning multiple transactions by
tracking which we already had.

This is over-engineered and not worth it.

* Implement borsh for HasEvents, removing the manual encoding

* Merge DkgConfirmer and DkgRemoval into signing_protocol.rs

Fixes a bug in DkgConfirmer which would cause it to improperly handle indexes
if any validator had multiple key shares.

* Strictly type DataSpecification's Label

* Correct threshold_i_map_to_keys_and_musig_i_map

It didn't include the participant's own index and accordingly was offset.

* Create TributaryBlockHandler

This struct contains all variables prior passed to handle_block and stops them
from being passed around again and again.

This also ensures fatal_slash is only called while handling a block, as needed
as it expects to operate under perfect consensus.

* Inline accumulate, store confirmation nonces with shares

Inlining accumulate makes sense due to the amount of data accumulate needed to
be passed.

Storing confirmation nonces with shares ensures that both are available or
neither. Prior, one could be yet the other may not have been (requiring an
assert in runtime to ensure we didn't bungle it somehow).

* Create helper functions for handling DkgRemoval/SubstrateSign/Sign Tributary TXs

* Move Label into SignData

All of our transactions which use SignData end up with the same common usage
pattern for Label, justifying this.

Removes 3 transactions, explicitly de-duplicating their handlers.

* Remove CurrentlyCompletingKeyPair for the non-contextual DkgKeyPair

* Remove the manual read/write for TributarySpec for borsh

This struct doesn't have any optimizations booned by the manual impl. Using
borsh reduces our scope.

* Use temporary variables to further minimize LoC in tributary handler

* Remove usage of tuples for non-trivial Tributary transactions

* Remove serde from dkg

serde could be used to deserialize intenrally inconsistent objects which could
lead to panics or faults.

The BorshDeserialize derives have been replaced with a manual implementation
which won't produce inconsistent objects.

* Abstract Future generics using new trait definitions in coordinator

* Move published_signed_transaction to tributary/mod.rs to reduce the size of main.rs

* Split coordinator/src/tributary/mod.rs into spec.rs and transaction.rs
2023-12-10 20:21:44 -05:00
..
generators Fix no-std builds 2023-11-29 03:20:49 -05:00
src Coordinator Cleanup (#481) 2023-12-10 20:21:44 -05:00
tests monero-serai: make it clear that not providing a change address is fingerprintable (#472) 2023-12-08 07:42:02 -05:00
build.rs Use a Vec for the Monero generators, preventing its massive stack usage 2023-09-20 04:31:16 -04:00
Cargo.toml Downscope usage of futures 2023-12-10 19:32:52 -05:00
LICENSE Update licenses 2023-01-11 23:05:31 -05:00
README.md Update Monero README 2023-03-31 07:02:57 -04:00

monero-serai

A modern Monero transaction library intended for usage in wallets. It prides itself on accuracy, correctness, and removing common pit falls developers may face.

monero-serai also offers the following features:

  • Featured Addresses
  • A FROST-based multisig orders of magnitude more performant than Monero's

Purpose and support

monero-serai was written for Serai, a decentralized exchange aiming to support Monero. Despite this, monero-serai is intended to be a widely usable library, accurate to Monero. monero-serai guarantees the functionality needed for Serai, yet will not deprive functionality from other users.

Various legacy transaction formats are not currently implemented, yet we are willing to add support for them. There aren't active development efforts around them however.

Caveats

This library DOES attempt to do the following:

  • Create on-chain transactions identical to how wallet2 would (unless told not to)
  • Not be detectable as monero-serai when scanning outputs
  • Not reveal spent outputs to the connected RPC node

This library DOES NOT attempt to do the following:

  • Have identical RPC behavior when creating transactions
  • Be a wallet

This means that monero-serai shouldn't be fingerprintable on-chain. It also shouldn't be fingerprintable if a targeted attack occurs to detect if the receiving wallet is monero-serai or wallet2. It also should be generally safe for usage with remote nodes.

It won't hide from remote nodes it's monero-serai however, potentially allowing a remote node to profile you. The implications of this are left to the user to consider.

It also won't act as a wallet, just as a transaction library. wallet2 has several non-transaction-level policies, such as always attempting to use two inputs to create transactions. These are considered out of scope to monero-serai.