mirror of
https://github.com/serai-dex/serai.git
synced 2024-12-23 12:09:37 +00:00
af86b7a499
* Remove the explicit included participants from FROST Now, whoever submits preprocesses becomes the signing set. Better separates preprocess from sign, at the cost of slightly more annoying integrations (Monero needs to now independently lagrange/offset its key images). * Support caching preprocesses Closes https://github.com/serai-dex/serai/issues/40. I *could* have added a serialization trait to Algorithm and written a ton of data to disk, while requiring Algorithm implementors also accept such work. Instead, I moved preprocess to a seeded RNG (Chacha20) which should be as secure as the regular RNG. Rebuilding from cache simply loads the previously used Chacha seed, making the Algorithm oblivious to the fact it's being rebuilt from a cache. This removes any requirements for it to be modified while guaranteeing equivalency. This builds on the last commit which delayed determining the signing set till post-preprocess acquisition. Unfortunately, that commit did force preprocess from ThresholdView to ThresholdKeys which had visible effects on Monero. Serai will actually need delayed set determination for #163, and overall, it remains better, hence it's inclusion. * Document FROST preprocess caching * Update ethereum to new FROST * Fix bug in Monero offset calculation and update processor
70 lines
2 KiB
Rust
70 lines
2 KiB
Rust
use std::{convert::TryFrom, sync::Arc, time::Duration};
|
|
|
|
use rand_core::OsRng;
|
|
|
|
use k256::{elliptic_curve::bigint::ArrayEncoding, U256};
|
|
|
|
use ethers::{
|
|
prelude::*,
|
|
utils::{keccak256, Anvil, AnvilInstance},
|
|
};
|
|
|
|
use frost::{
|
|
curve::Secp256k1,
|
|
algorithm::Schnorr as Algo,
|
|
tests::{key_gen, algorithm_machines, sign},
|
|
};
|
|
|
|
use ethereum_serai::{
|
|
crypto,
|
|
contract::{Schnorr, call_verify, deploy_schnorr_verifier_contract},
|
|
};
|
|
|
|
async fn deploy_test_contract(
|
|
) -> (u32, AnvilInstance, Schnorr<SignerMiddleware<Provider<Http>, LocalWallet>>) {
|
|
let anvil = Anvil::new().spawn();
|
|
|
|
let wallet: LocalWallet = anvil.keys()[0].clone().into();
|
|
let provider =
|
|
Provider::<Http>::try_from(anvil.endpoint()).unwrap().interval(Duration::from_millis(10u64));
|
|
let chain_id = provider.get_chainid().await.unwrap().as_u32();
|
|
let client = Arc::new(SignerMiddleware::new_with_provider_chain(provider, wallet).await.unwrap());
|
|
|
|
(chain_id, anvil, deploy_schnorr_verifier_contract(client).await.unwrap())
|
|
}
|
|
|
|
#[tokio::test]
|
|
async fn test_deploy_contract() {
|
|
deploy_test_contract().await;
|
|
}
|
|
|
|
#[tokio::test]
|
|
async fn test_ecrecover_hack() {
|
|
let (chain_id, _anvil, contract) = deploy_test_contract().await;
|
|
let chain_id = U256::from(chain_id);
|
|
|
|
let keys = key_gen::<_, Secp256k1>(&mut OsRng);
|
|
let group_key = keys[&1].group_key();
|
|
|
|
const MESSAGE: &'static [u8] = b"Hello, World!";
|
|
let hashed_message = keccak256(MESSAGE);
|
|
|
|
let full_message = &[chain_id.to_be_byte_array().as_slice(), &hashed_message].concat();
|
|
|
|
let algo = Algo::<Secp256k1, crypto::EthereumHram>::new();
|
|
let sig = sign(
|
|
&mut OsRng,
|
|
algo.clone(),
|
|
keys.clone(),
|
|
algorithm_machines(&mut OsRng, algo, &keys),
|
|
full_message,
|
|
);
|
|
let mut processed_sig =
|
|
crypto::process_signature_for_contract(hashed_message, &sig.R, sig.s, &group_key, chain_id);
|
|
|
|
call_verify(&contract, &processed_sig).await.unwrap();
|
|
|
|
// test invalid signature fails
|
|
processed_sig.message[0] = 0;
|
|
assert!(call_verify(&contract, &processed_sig).await.is_err());
|
|
}
|