2025-11-16 16:44:09 -05:00
|
|
|
#![cfg_attr(docsrs, feature(doc_cfg))]
|
2025-08-26 14:32:55 -04:00
|
|
|
#![doc = include_str!("../README.md")]
|
2023-01-04 22:52:41 -05:00
|
|
|
#![cfg_attr(not(feature = "std"), no_std)]
|
|
|
|
|
|
2025-08-26 14:32:55 -04:00
|
|
|
extern crate alloc;
|
2025-09-21 13:16:43 -04:00
|
|
|
use alloc::{vec, vec::Vec};
|
2025-01-30 12:16:19 +03:00
|
|
|
|
2025-09-02 10:40:57 -04:00
|
|
|
mod embedded_elliptic_curve_keys;
|
|
|
|
|
use embedded_elliptic_curve_keys::*;
|
|
|
|
|
|
2025-08-26 14:32:55 -04:00
|
|
|
mod allocations;
|
|
|
|
|
use allocations::*;
|
2025-01-30 12:16:19 +03:00
|
|
|
|
2025-08-26 14:32:55 -04:00
|
|
|
mod sessions;
|
|
|
|
|
use sessions::{*, GenesisValidators as GenesisValidatorsContainer};
|
|
|
|
|
|
2025-09-20 02:53:14 -04:00
|
|
|
mod keys;
|
|
|
|
|
use keys::{KeysStorage, Keys as _};
|
|
|
|
|
|
2025-09-16 08:42:54 -04:00
|
|
|
#[expect(clippy::cast_possible_truncation)]
|
2023-01-04 22:52:41 -05:00
|
|
|
#[frame_support::pallet]
|
2025-08-26 14:32:55 -04:00
|
|
|
mod pallet {
|
|
|
|
|
use sp_core::sr25519::Public;
|
2025-09-20 04:16:01 -04:00
|
|
|
use sp_application_crypto::RuntimePublic;
|
2025-08-26 14:32:55 -04:00
|
|
|
|
|
|
|
|
use frame_system::pallet_prelude::*;
|
2025-09-20 01:23:02 -04:00
|
|
|
use frame_support::{pallet_prelude::*, traits::OneSessionHandler};
|
|
|
|
|
|
|
|
|
|
use pallet_session::ShouldEndSession;
|
|
|
|
|
use pallet_babe::Pallet as Babe;
|
2025-09-20 01:36:11 -04:00
|
|
|
use pallet_grandpa::Pallet as Grandpa;
|
2025-08-26 14:32:55 -04:00
|
|
|
|
2025-09-20 01:41:54 -04:00
|
|
|
use serai_abi::{
|
|
|
|
|
primitives::{
|
2025-11-16 17:27:58 -05:00
|
|
|
crypto::{
|
|
|
|
|
EmbeddedEllipticCurveKeys as EmbeddedEllipticCurveKeysStruct,
|
|
|
|
|
SignedEmbeddedEllipticCurveKeys, ExternalKey, KeyPair, Signature,
|
|
|
|
|
},
|
2025-09-20 01:41:54 -04:00
|
|
|
network_id::*,
|
|
|
|
|
coin::*,
|
|
|
|
|
balance::*,
|
2025-09-20 04:16:01 -04:00
|
|
|
validator_sets::{
|
|
|
|
|
Session, ExternalValidatorSet, ValidatorSet, KeyShares as KeySharesStruct, SlashReport,
|
|
|
|
|
},
|
2025-09-20 01:41:54 -04:00
|
|
|
address::SeraiAddress,
|
|
|
|
|
},
|
|
|
|
|
economic_security::EconomicSecurity,
|
2025-09-20 03:42:24 -04:00
|
|
|
validator_sets::{DeallocationTimeline, Event},
|
2025-08-26 14:32:55 -04:00
|
|
|
};
|
|
|
|
|
|
2025-09-20 03:42:24 -04:00
|
|
|
use serai_core_pallet::Pallet as Core;
|
2025-09-20 04:45:04 -04:00
|
|
|
use serai_coins_pallet::AllowMint;
|
|
|
|
|
type Coins<T> = serai_coins_pallet::Pallet<T, serai_coins_pallet::CoinsInstance>;
|
2025-08-26 14:32:55 -04:00
|
|
|
|
2023-11-22 14:22:46 +03:00
|
|
|
use super::*;
|
|
|
|
|
|
2023-01-04 22:52:41 -05:00
|
|
|
#[pallet::config]
|
2025-09-18 16:05:30 -04:00
|
|
|
pub trait Config:
|
2025-09-20 01:23:02 -04:00
|
|
|
frame_system::Config
|
|
|
|
|
+ pallet_session::Config
|
|
|
|
|
+ pallet_babe::Config
|
2025-09-20 01:36:11 -04:00
|
|
|
+ pallet_grandpa::Config
|
2025-09-20 03:42:24 -04:00
|
|
|
+ serai_core_pallet::Config
|
2025-09-20 01:23:02 -04:00
|
|
|
+ serai_coins_pallet::Config<serai_coins_pallet::CoinsInstance>
|
2025-09-18 16:05:30 -04:00
|
|
|
{
|
2025-09-20 01:23:02 -04:00
|
|
|
type ShouldEndSession: ShouldEndSession<BlockNumberFor<Self>>;
|
2025-09-20 01:41:54 -04:00
|
|
|
type EconomicSecurity: EconomicSecurity;
|
2023-01-04 22:52:41 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#[pallet::genesis_config]
|
2025-09-21 13:16:43 -04:00
|
|
|
#[derive(Clone, Debug)]
|
2023-01-04 22:52:41 -05:00
|
|
|
pub struct GenesisConfig<T: Config> {
|
2023-03-25 01:30:53 -04:00
|
|
|
/// List of participants to place in the initial validator sets.
|
2025-09-20 00:06:19 -04:00
|
|
|
pub participants: Vec<(T::AccountId, Vec<SignedEmbeddedEllipticCurveKeys>)>,
|
2023-01-04 22:52:41 -05:00
|
|
|
}
|
2025-09-21 13:16:43 -04:00
|
|
|
impl<T: Config> Default for GenesisConfig<T> {
|
|
|
|
|
fn default() -> Self {
|
|
|
|
|
Self { participants: Default::default() }
|
|
|
|
|
}
|
|
|
|
|
}
|
2023-01-04 22:52:41 -05:00
|
|
|
|
|
|
|
|
#[pallet::pallet]
|
|
|
|
|
pub struct Pallet<T>(PhantomData<T>);
|
|
|
|
|
|
2025-09-02 10:40:57 -04:00
|
|
|
struct Abstractions<T: Config>(PhantomData<T>);
|
|
|
|
|
|
|
|
|
|
// Satisfy the `EmbeddedEllipticCurveKeys` abstraction
|
|
|
|
|
|
One Round DKG (#589)
* Upstream GBP, divisor, circuit abstraction, and EC gadgets from FCMP++
* Initial eVRF implementation
Not quite done yet. It needs to communicate the resulting points and proofs to
extract them from the Pedersen Commitments in order to return those, and then
be tested.
* Add the openings of the PCs to the eVRF as necessary
* Add implementation of secq256k1
* Make DKG Encryption a bit more flexible
No longer requires the use of an EncryptionKeyMessage, and allows pre-defined
keys for encryption.
* Make NUM_BITS an argument for the field macro
* Have the eVRF take a Zeroizing private key
* Initial eVRF-based DKG
* Add embedwards25519 curve
* Inline the eVRF into the DKG library
Due to how we're handling share encryption, we'd either need two circuits or to
dedicate this circuit to the DKG. The latter makes sense at this time.
* Add documentation to the eVRF-based DKG
* Add paragraph claiming robustness
* Update to the new eVRF proof
* Finish routing the eVRF functionality
Still needs errors and serialization, along with a few other TODOs.
* Add initial eVRF DKG test
* Improve eVRF DKG
Updates how we calculcate verification shares, improves performance when
extracting multiple sets of keys, and adds more to the test for it.
* Start using a proper error for the eVRF DKG
* Resolve various TODOs
Supports recovering multiple key shares from the eVRF DKG.
Inlines two loops to save 2**16 iterations.
Adds support for creating a constant time representation of scalars < NUM_BITS.
* Ban zero ECDH keys, document non-zero requirements
* Implement eVRF traits, all the way up to the DKG, for secp256k1/ed25519
* Add Ristretto eVRF trait impls
* Support participating multiple times in the eVRF DKG
* Only participate once per key, not once per key share
* Rewrite processor key-gen around the eVRF DKG
Still a WIP.
* Finish routing the new key gen in the processor
Doesn't touch the tests, coordinator, nor Substrate yet.
`cargo +nightly fmt && cargo +nightly-2024-07-01 clippy --all-features -p serai-processor`
does pass.
* Deduplicate and better document in processor key_gen
* Update serai-processor tests to the new key gen
* Correct amount of yx coefficients, get processor key gen test to pass
* Add embedded elliptic curve keys to Substrate
* Update processor key gen tests to the eVRF DKG
* Have set_keys take signature_participants, not removed_participants
Now no one is removed from the DKG. Only `t` people publish the key however.
Uses a BitVec for an efficient encoding of the participants.
* Update the coordinator binary for the new DKG
This does not yet update any tests.
* Add sensible Debug to key_gen::[Processor, Coordinator]Message
* Have the DKG explicitly declare how to interpolate its shares
Removes the hack for MuSig where we multiply keys by the inverse of their
lagrange interpolation factor.
* Replace Interpolation::None with Interpolation::Constant
Allows the MuSig DKG to keep the secret share as the original private key,
enabling deriving FROST nonces consistently regardless of the MuSig context.
* Get coordinator tests to pass
* Update spec to the new DKG
* Get clippy to pass across the repo
* cargo machete
* Add an extra sleep to ensure expected ordering of `Participation`s
* Update orchestration
* Remove bad panic in coordinator
It expected ConfirmationShare to be n-of-n, not t-of-n.
* Improve documentation on functions
* Update TX size limit
We now no longer have to support the ridiculous case of having 49 DKG
participations within a 101-of-150 DKG. It does remain quite high due to
needing to _sign_ so many times. It'd may be optimal for parties with multiple
key shares to independently send their preprocesses/shares (despite the
overhead that'll cause with signatures and the transaction structure).
* Correct error in the Processor spec document
* Update a few comments in the validator-sets pallet
* Send/Recv Participation one at a time
Sending all, then attempting to receive all in an expected order, wasn't working
even with notable delays between sending messages. This points to the mempool
not working as expected...
* Correct ThresholdKeys serialization in modular-frost test
* Updating existing TX size limit test for the new DKG parameters
* Increase time allowed for the DKG on the GH CI
* Correct construction of signature_participants in serai-client tests
Fault identified by akil.
* Further contextualize DkgConfirmer by ValidatorSet
Caught by a safety check we wouldn't reuse preprocesses across messages. That
raises the question of we were prior reusing preprocesses (reusing keys)?
Except that'd have caused a variety of signing failures (suggesting we had some
staggered timing avoiding it in practice but yes, this was possible in theory).
* Add necessary calls to set_embedded_elliptic_curve_key in coordinator set rotation tests
* Correct shimmed setting of a secq256k1 key
* cargo fmt
* Don't use `[0; 32]` for the embedded keys in the coordinator rotation test
The key_gen function expects the random values already decided.
* Big-endian secq256k1 scalars
Also restores the prior, safer, Encryption::register function.
2024-08-16 11:26:07 -07:00
|
|
|
#[pallet::storage]
|
2025-09-02 10:40:57 -04:00
|
|
|
type EmbeddedEllipticCurveKeys<T: Config> = StorageDoubleMap<
|
One Round DKG (#589)
* Upstream GBP, divisor, circuit abstraction, and EC gadgets from FCMP++
* Initial eVRF implementation
Not quite done yet. It needs to communicate the resulting points and proofs to
extract them from the Pedersen Commitments in order to return those, and then
be tested.
* Add the openings of the PCs to the eVRF as necessary
* Add implementation of secq256k1
* Make DKG Encryption a bit more flexible
No longer requires the use of an EncryptionKeyMessage, and allows pre-defined
keys for encryption.
* Make NUM_BITS an argument for the field macro
* Have the eVRF take a Zeroizing private key
* Initial eVRF-based DKG
* Add embedwards25519 curve
* Inline the eVRF into the DKG library
Due to how we're handling share encryption, we'd either need two circuits or to
dedicate this circuit to the DKG. The latter makes sense at this time.
* Add documentation to the eVRF-based DKG
* Add paragraph claiming robustness
* Update to the new eVRF proof
* Finish routing the eVRF functionality
Still needs errors and serialization, along with a few other TODOs.
* Add initial eVRF DKG test
* Improve eVRF DKG
Updates how we calculcate verification shares, improves performance when
extracting multiple sets of keys, and adds more to the test for it.
* Start using a proper error for the eVRF DKG
* Resolve various TODOs
Supports recovering multiple key shares from the eVRF DKG.
Inlines two loops to save 2**16 iterations.
Adds support for creating a constant time representation of scalars < NUM_BITS.
* Ban zero ECDH keys, document non-zero requirements
* Implement eVRF traits, all the way up to the DKG, for secp256k1/ed25519
* Add Ristretto eVRF trait impls
* Support participating multiple times in the eVRF DKG
* Only participate once per key, not once per key share
* Rewrite processor key-gen around the eVRF DKG
Still a WIP.
* Finish routing the new key gen in the processor
Doesn't touch the tests, coordinator, nor Substrate yet.
`cargo +nightly fmt && cargo +nightly-2024-07-01 clippy --all-features -p serai-processor`
does pass.
* Deduplicate and better document in processor key_gen
* Update serai-processor tests to the new key gen
* Correct amount of yx coefficients, get processor key gen test to pass
* Add embedded elliptic curve keys to Substrate
* Update processor key gen tests to the eVRF DKG
* Have set_keys take signature_participants, not removed_participants
Now no one is removed from the DKG. Only `t` people publish the key however.
Uses a BitVec for an efficient encoding of the participants.
* Update the coordinator binary for the new DKG
This does not yet update any tests.
* Add sensible Debug to key_gen::[Processor, Coordinator]Message
* Have the DKG explicitly declare how to interpolate its shares
Removes the hack for MuSig where we multiply keys by the inverse of their
lagrange interpolation factor.
* Replace Interpolation::None with Interpolation::Constant
Allows the MuSig DKG to keep the secret share as the original private key,
enabling deriving FROST nonces consistently regardless of the MuSig context.
* Get coordinator tests to pass
* Update spec to the new DKG
* Get clippy to pass across the repo
* cargo machete
* Add an extra sleep to ensure expected ordering of `Participation`s
* Update orchestration
* Remove bad panic in coordinator
It expected ConfirmationShare to be n-of-n, not t-of-n.
* Improve documentation on functions
* Update TX size limit
We now no longer have to support the ridiculous case of having 49 DKG
participations within a 101-of-150 DKG. It does remain quite high due to
needing to _sign_ so many times. It'd may be optimal for parties with multiple
key shares to independently send their preprocesses/shares (despite the
overhead that'll cause with signatures and the transaction structure).
* Correct error in the Processor spec document
* Update a few comments in the validator-sets pallet
* Send/Recv Participation one at a time
Sending all, then attempting to receive all in an expected order, wasn't working
even with notable delays between sending messages. This points to the mempool
not working as expected...
* Correct ThresholdKeys serialization in modular-frost test
* Updating existing TX size limit test for the new DKG parameters
* Increase time allowed for the DKG on the GH CI
* Correct construction of signature_participants in serai-client tests
Fault identified by akil.
* Further contextualize DkgConfirmer by ValidatorSet
Caught by a safety check we wouldn't reuse preprocesses across messages. That
raises the question of we were prior reusing preprocesses (reusing keys)?
Except that'd have caused a variety of signing failures (suggesting we had some
staggered timing avoiding it in practice but yes, this was possible in theory).
* Add necessary calls to set_embedded_elliptic_curve_key in coordinator set rotation tests
* Correct shimmed setting of a secq256k1 key
* cargo fmt
* Don't use `[0; 32]` for the embedded keys in the coordinator rotation test
The key_gen function expects the random values already decided.
* Big-endian secq256k1 scalars
Also restores the prior, safer, Encryption::register function.
2024-08-16 11:26:07 -07:00
|
|
|
_,
|
|
|
|
|
Identity,
|
2025-08-26 14:32:55 -04:00
|
|
|
ExternalNetworkId,
|
2025-09-02 10:40:57 -04:00
|
|
|
Blake2_128Concat,
|
|
|
|
|
Public,
|
2025-09-20 00:06:19 -04:00
|
|
|
serai_abi::primitives::crypto::EmbeddedEllipticCurveKeys,
|
One Round DKG (#589)
* Upstream GBP, divisor, circuit abstraction, and EC gadgets from FCMP++
* Initial eVRF implementation
Not quite done yet. It needs to communicate the resulting points and proofs to
extract them from the Pedersen Commitments in order to return those, and then
be tested.
* Add the openings of the PCs to the eVRF as necessary
* Add implementation of secq256k1
* Make DKG Encryption a bit more flexible
No longer requires the use of an EncryptionKeyMessage, and allows pre-defined
keys for encryption.
* Make NUM_BITS an argument for the field macro
* Have the eVRF take a Zeroizing private key
* Initial eVRF-based DKG
* Add embedwards25519 curve
* Inline the eVRF into the DKG library
Due to how we're handling share encryption, we'd either need two circuits or to
dedicate this circuit to the DKG. The latter makes sense at this time.
* Add documentation to the eVRF-based DKG
* Add paragraph claiming robustness
* Update to the new eVRF proof
* Finish routing the eVRF functionality
Still needs errors and serialization, along with a few other TODOs.
* Add initial eVRF DKG test
* Improve eVRF DKG
Updates how we calculcate verification shares, improves performance when
extracting multiple sets of keys, and adds more to the test for it.
* Start using a proper error for the eVRF DKG
* Resolve various TODOs
Supports recovering multiple key shares from the eVRF DKG.
Inlines two loops to save 2**16 iterations.
Adds support for creating a constant time representation of scalars < NUM_BITS.
* Ban zero ECDH keys, document non-zero requirements
* Implement eVRF traits, all the way up to the DKG, for secp256k1/ed25519
* Add Ristretto eVRF trait impls
* Support participating multiple times in the eVRF DKG
* Only participate once per key, not once per key share
* Rewrite processor key-gen around the eVRF DKG
Still a WIP.
* Finish routing the new key gen in the processor
Doesn't touch the tests, coordinator, nor Substrate yet.
`cargo +nightly fmt && cargo +nightly-2024-07-01 clippy --all-features -p serai-processor`
does pass.
* Deduplicate and better document in processor key_gen
* Update serai-processor tests to the new key gen
* Correct amount of yx coefficients, get processor key gen test to pass
* Add embedded elliptic curve keys to Substrate
* Update processor key gen tests to the eVRF DKG
* Have set_keys take signature_participants, not removed_participants
Now no one is removed from the DKG. Only `t` people publish the key however.
Uses a BitVec for an efficient encoding of the participants.
* Update the coordinator binary for the new DKG
This does not yet update any tests.
* Add sensible Debug to key_gen::[Processor, Coordinator]Message
* Have the DKG explicitly declare how to interpolate its shares
Removes the hack for MuSig where we multiply keys by the inverse of their
lagrange interpolation factor.
* Replace Interpolation::None with Interpolation::Constant
Allows the MuSig DKG to keep the secret share as the original private key,
enabling deriving FROST nonces consistently regardless of the MuSig context.
* Get coordinator tests to pass
* Update spec to the new DKG
* Get clippy to pass across the repo
* cargo machete
* Add an extra sleep to ensure expected ordering of `Participation`s
* Update orchestration
* Remove bad panic in coordinator
It expected ConfirmationShare to be n-of-n, not t-of-n.
* Improve documentation on functions
* Update TX size limit
We now no longer have to support the ridiculous case of having 49 DKG
participations within a 101-of-150 DKG. It does remain quite high due to
needing to _sign_ so many times. It'd may be optimal for parties with multiple
key shares to independently send their preprocesses/shares (despite the
overhead that'll cause with signatures and the transaction structure).
* Correct error in the Processor spec document
* Update a few comments in the validator-sets pallet
* Send/Recv Participation one at a time
Sending all, then attempting to receive all in an expected order, wasn't working
even with notable delays between sending messages. This points to the mempool
not working as expected...
* Correct ThresholdKeys serialization in modular-frost test
* Updating existing TX size limit test for the new DKG parameters
* Increase time allowed for the DKG on the GH CI
* Correct construction of signature_participants in serai-client tests
Fault identified by akil.
* Further contextualize DkgConfirmer by ValidatorSet
Caught by a safety check we wouldn't reuse preprocesses across messages. That
raises the question of we were prior reusing preprocesses (reusing keys)?
Except that'd have caused a variety of signing failures (suggesting we had some
staggered timing avoiding it in practice but yes, this was possible in theory).
* Add necessary calls to set_embedded_elliptic_curve_key in coordinator set rotation tests
* Correct shimmed setting of a secq256k1 key
* cargo fmt
* Don't use `[0; 32]` for the embedded keys in the coordinator rotation test
The key_gen function expects the random values already decided.
* Big-endian secq256k1 scalars
Also restores the prior, safer, Encryption::register function.
2024-08-16 11:26:07 -07:00
|
|
|
OptionQuery,
|
|
|
|
|
>;
|
|
|
|
|
|
2025-09-02 10:40:57 -04:00
|
|
|
impl<T: Config> EmbeddedEllipticCurveKeysStorage for Abstractions<T> {
|
|
|
|
|
type EmbeddedEllipticCurveKeys = EmbeddedEllipticCurveKeys<T>;
|
|
|
|
|
}
|
2023-10-10 16:50:48 -04:00
|
|
|
|
2025-08-26 14:32:55 -04:00
|
|
|
// Satisfy the `Allocations` abstraction
|
2023-10-10 16:50:48 -04:00
|
|
|
|
2025-08-26 14:32:55 -04:00
|
|
|
#[pallet::storage]
|
|
|
|
|
type Allocations<T: Config> =
|
|
|
|
|
StorageMap<_, Blake2_128Concat, AllocationsKey, Amount, OptionQuery>;
|
|
|
|
|
// This has to use `Identity` per the documentation of `AllocationsStorage`
|
2023-10-10 13:53:24 +03:00
|
|
|
#[pallet::storage]
|
|
|
|
|
type SortedAllocations<T: Config> =
|
2025-08-26 14:32:55 -04:00
|
|
|
StorageMap<_, Identity, SortedAllocationsKey, (), OptionQuery>;
|
2023-01-04 22:52:41 -05:00
|
|
|
|
2025-08-26 14:32:55 -04:00
|
|
|
impl<T: Config> AllocationsStorage for Abstractions<T> {
|
|
|
|
|
type Allocations = Allocations<T>;
|
|
|
|
|
type SortedAllocations = SortedAllocations<T>;
|
2023-10-12 23:05:29 -04:00
|
|
|
}
|
2024-08-15 06:12:04 +03:00
|
|
|
|
2025-09-02 10:40:57 -04:00
|
|
|
// Satisfy the `Sessions` abstraction
|
2023-10-12 23:05:29 -04:00
|
|
|
|
2025-08-26 14:32:55 -04:00
|
|
|
// We use `Identity` as the hasher for `NetworkId` due to how constrained it is
|
2023-10-11 23:42:15 -04:00
|
|
|
#[pallet::storage]
|
2025-08-26 14:32:55 -04:00
|
|
|
type GenesisValidators<T: Config> = StorageValue<_, GenesisValidatorsContainer, OptionQuery>;
|
|
|
|
|
#[pallet::storage]
|
|
|
|
|
type AllocationPerKeyShare<T: Config> = StorageMap<_, Identity, NetworkId, Amount, OptionQuery>;
|
|
|
|
|
#[pallet::storage]
|
|
|
|
|
type CurrentSession<T: Config> = StorageMap<_, Identity, NetworkId, Session, OptionQuery>;
|
|
|
|
|
#[pallet::storage]
|
|
|
|
|
type LatestDecidedSession<T: Config> = StorageMap<_, Identity, NetworkId, Session, OptionQuery>;
|
2025-09-16 01:33:31 -04:00
|
|
|
#[pallet::storage]
|
|
|
|
|
type KeyShares<T: Config> = StorageMap<_, Identity, ValidatorSet, KeySharesStruct, OptionQuery>;
|
2025-08-26 14:32:55 -04:00
|
|
|
// This has to use `Identity` per the documentation of `SessionsStorage`
|
|
|
|
|
#[pallet::storage]
|
|
|
|
|
type SelectedValidators<T: Config> =
|
2025-09-16 01:33:31 -04:00
|
|
|
StorageMap<_, Identity, SelectedValidatorsKey, KeySharesStruct, OptionQuery>;
|
2025-08-26 14:32:55 -04:00
|
|
|
#[pallet::storage]
|
|
|
|
|
type TotalAllocatedStake<T: Config> = StorageMap<_, Identity, NetworkId, Amount, OptionQuery>;
|
|
|
|
|
#[pallet::storage]
|
|
|
|
|
type DelayedDeallocations<T: Config> =
|
|
|
|
|
StorageDoubleMap<_, Blake2_128Concat, Public, Identity, Session, Amount, OptionQuery>;
|
2025-09-20 04:16:01 -04:00
|
|
|
#[pallet::storage]
|
|
|
|
|
type PendingSlashReport<T: Config> = StorageMap<_, Identity, ExternalNetworkId, (), OptionQuery>;
|
2025-08-26 14:32:55 -04:00
|
|
|
|
|
|
|
|
impl<T: Config> SessionsStorage for Abstractions<T> {
|
2025-09-20 03:42:24 -04:00
|
|
|
type Config = T;
|
|
|
|
|
|
2025-08-26 14:32:55 -04:00
|
|
|
type GenesisValidators = GenesisValidators<T>;
|
|
|
|
|
type AllocationPerKeyShare = AllocationPerKeyShare<T>;
|
|
|
|
|
type CurrentSession = CurrentSession<T>;
|
|
|
|
|
type LatestDecidedSession = LatestDecidedSession<T>;
|
2025-09-16 01:33:31 -04:00
|
|
|
type KeyShares = KeyShares<T>;
|
2025-08-26 14:32:55 -04:00
|
|
|
type SelectedValidators = SelectedValidators<T>;
|
|
|
|
|
type TotalAllocatedStake = TotalAllocatedStake<T>;
|
|
|
|
|
type DelayedDeallocations = DelayedDeallocations<T>;
|
2025-09-20 04:16:01 -04:00
|
|
|
type PendingSlashReport = PendingSlashReport<T>;
|
2025-08-26 14:32:55 -04:00
|
|
|
}
|
2023-10-11 23:42:15 -04:00
|
|
|
|
2025-09-20 02:53:14 -04:00
|
|
|
// Satisfy the `Keys` abstractions
|
|
|
|
|
#[pallet::storage]
|
|
|
|
|
type OraclizationKeys<T: Config> =
|
|
|
|
|
StorageMap<_, Identity, ExternalValidatorSet, Public, OptionQuery>;
|
2023-01-04 22:52:41 -05:00
|
|
|
#[pallet::storage]
|
2025-09-20 02:53:14 -04:00
|
|
|
type ExternalKeys<T: Config> =
|
|
|
|
|
StorageMap<_, Identity, ExternalValidatorSet, ExternalKey, OptionQuery>;
|
|
|
|
|
|
|
|
|
|
impl<T: Config> KeysStorage for Abstractions<T> {
|
|
|
|
|
type OraclizationKeys = OraclizationKeys<T>;
|
|
|
|
|
type ExternalKeys = ExternalKeys<T>;
|
|
|
|
|
}
|
2023-01-04 22:52:41 -05:00
|
|
|
|
|
|
|
|
#[pallet::error]
|
|
|
|
|
pub enum Error<T> {
|
2025-09-02 11:07:45 -04:00
|
|
|
/// The provided embedded elliptic curve keys were invalid.
|
|
|
|
|
InvalidEmbeddedEllipticCurveKeys,
|
|
|
|
|
/// Allocation was erroneous.
|
|
|
|
|
AllocationError(AllocationError),
|
|
|
|
|
/// Deallocation was erroneous.
|
|
|
|
|
DeallocationError(DeallocationError),
|
2023-10-10 13:53:24 +03:00
|
|
|
}
|
|
|
|
|
|
2025-09-20 01:23:02 -04:00
|
|
|
#[pallet::genesis_build]
|
|
|
|
|
impl<T: Config> BuildGenesisConfig for GenesisConfig<T> {
|
|
|
|
|
fn build(&self) {
|
2025-09-20 02:53:14 -04:00
|
|
|
GenesisValidators::<T>::set(Some(
|
|
|
|
|
self
|
|
|
|
|
.participants
|
|
|
|
|
.iter()
|
|
|
|
|
.map(|(participant, _keys)| *participant)
|
|
|
|
|
.collect::<Vec<_>>()
|
|
|
|
|
.try_into()
|
|
|
|
|
.expect("amount of genesis validators exceeded the maximum allowed per set"),
|
|
|
|
|
));
|
2025-09-20 01:23:02 -04:00
|
|
|
for (participant, keys) in &self.participants {
|
|
|
|
|
for (network, keys) in ExternalNetworkId::all().zip(keys.iter().cloned()) {
|
|
|
|
|
assert_eq!(network, keys.network());
|
2025-11-18 20:50:32 -05:00
|
|
|
Pallet::<T>::set_embedded_elliptic_curve_keys_internal(*participant, keys)
|
|
|
|
|
.expect("genesis embedded elliptic curve keys weren't valid");
|
2025-09-20 01:23:02 -04:00
|
|
|
}
|
2023-11-22 14:22:46 +03:00
|
|
|
}
|
2025-09-20 01:23:02 -04:00
|
|
|
for network in NetworkId::all() {
|
|
|
|
|
assert!(
|
|
|
|
|
Abstractions::<T>::attempt_new_session(network, true),
|
|
|
|
|
"failed to attempt a new session on genesis"
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Immediately accept the handover for the genesis validators, for the Serai network
|
|
|
|
|
Abstractions::<T>::accept_handover(NetworkId::Serai);
|
|
|
|
|
// And decide the next session for the Serai network, as BABE requires selecting the next one
|
|
|
|
|
// already
|
|
|
|
|
assert!(
|
|
|
|
|
Abstractions::<T>::attempt_new_session(NetworkId::Serai, true),
|
|
|
|
|
"failed to attempt the next session for the Serai network on genesis"
|
|
|
|
|
);
|
|
|
|
|
|
2025-09-20 01:36:11 -04:00
|
|
|
// Spawn BABE's, GRANDPA's genesis session
|
|
|
|
|
let genesis_serai_validators = Abstractions::<T>::serai_validators(Session(0));
|
2025-09-20 01:23:02 -04:00
|
|
|
Babe::<T>::on_genesis_session(
|
2025-09-20 01:41:54 -04:00
|
|
|
genesis_serai_validators.iter().map(|(validator, key)| (validator, (*key).into())),
|
2025-09-20 01:36:11 -04:00
|
|
|
);
|
|
|
|
|
Grandpa::<T>::on_genesis_session(
|
2025-09-20 01:41:54 -04:00
|
|
|
genesis_serai_validators.iter().map(|(validator, key)| (validator, (*key).into())),
|
2025-09-20 01:23:02 -04:00
|
|
|
);
|
2023-11-22 14:22:46 +03:00
|
|
|
}
|
|
|
|
|
}
|
2023-05-13 02:02:47 -04:00
|
|
|
|
2023-01-04 22:52:41 -05:00
|
|
|
impl<T: Config> Pallet<T> {
|
2023-10-22 03:59:21 -04:00
|
|
|
fn account() -> T::AccountId {
|
2025-08-26 14:32:55 -04:00
|
|
|
SeraiAddress::system(b"ValidatorSets").into()
|
2023-05-13 02:02:47 -04:00
|
|
|
}
|
2023-01-04 22:52:41 -05:00
|
|
|
|
2025-09-16 01:33:31 -04:00
|
|
|
/// The current session for a network.
|
|
|
|
|
pub fn current_session(network: NetworkId) -> Option<Session> {
|
|
|
|
|
Abstractions::<T>::current_session(network)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// The latest decided session for a network.
|
|
|
|
|
pub fn latest_decided_session(network: NetworkId) -> Option<Session> {
|
|
|
|
|
Abstractions::<T>::latest_decided_session(network)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// The amount of key shares a validator has.
|
|
|
|
|
///
|
|
|
|
|
/// Returns `None` for historic sessions which we no longer have the data for.
|
|
|
|
|
pub fn key_shares(set: ValidatorSet) -> Option<KeySharesStruct> {
|
|
|
|
|
Abstractions::<T>::key_shares(set)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// If a validator is present within the specified validator set.
|
|
|
|
|
///
|
|
|
|
|
/// This MAY return `false` for _any_ historic session, even if the validator _was_ present,
|
|
|
|
|
pub fn in_validator_set(set: ValidatorSet, validator: Public) -> bool {
|
|
|
|
|
Abstractions::<T>::in_validator_set(set, validator)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// The key shares possessed by a validator, within a validator set.
|
|
|
|
|
///
|
|
|
|
|
/// This MAY return `None` for _any_ historic session, even if the validator _was_ present,
|
|
|
|
|
pub fn key_shares_possessed_by_validator(
|
|
|
|
|
set: ValidatorSet,
|
|
|
|
|
validator: Public,
|
|
|
|
|
) -> Option<KeySharesStruct> {
|
|
|
|
|
Abstractions::<T>::key_shares_possessed_by_validator(set, validator)
|
|
|
|
|
}
|
|
|
|
|
|
2025-09-16 08:42:54 -04:00
|
|
|
/// The stake for the current validator set.
|
|
|
|
|
pub fn stake_for_current_validator_set(network: NetworkId) -> Option<Amount> {
|
|
|
|
|
Abstractions::<T>::stake_for_current_validator_set(network)
|
|
|
|
|
}
|
|
|
|
|
|
2025-09-20 01:41:54 -04:00
|
|
|
fn include_genesis_validators(network: NetworkId) -> bool {
|
|
|
|
|
match network {
|
|
|
|
|
// For Serai, we include the genesis validators as long as any other set does
|
|
|
|
|
NetworkId::Serai => {
|
|
|
|
|
ExternalNetworkId::all().all(T::EconomicSecurity::achieved_economic_security)
|
|
|
|
|
}
|
|
|
|
|
// For the other networks, we include the genesis validators if they have yet to achieve
|
|
|
|
|
// economic security
|
|
|
|
|
NetworkId::External(network) => T::EconomicSecurity::achieved_economic_security(network),
|
2023-01-04 22:52:41 -05:00
|
|
|
}
|
2023-10-13 00:31:23 -04:00
|
|
|
}
|
2023-01-04 22:52:41 -05:00
|
|
|
|
2025-09-20 04:45:04 -04:00
|
|
|
/// The required amount of stake for a balance.
|
|
|
|
|
fn stake_requirement(balance: ExternalBalance) -> AmountRepr {
|
|
|
|
|
let value = T::EconomicSecurity::sri_value(balance).0;
|
|
|
|
|
// As 67% can misbehave, 67% of stake must be sufficient to secure this
|
|
|
|
|
let requirement = value.saturating_mul(3) / 2;
|
|
|
|
|
// We add an additional margin of 20%
|
|
|
|
|
let margin = requirement / 5;
|
|
|
|
|
requirement.saturating_add(margin)
|
2023-10-10 13:53:24 +03:00
|
|
|
}
|
|
|
|
|
|
2025-09-20 04:45:04 -04:00
|
|
|
/// The required amount of stake for a network.
|
|
|
|
|
fn network_stake_requirement(network: ExternalNetworkId) -> AmountRepr {
|
|
|
|
|
let mut requirement = AmountRepr::zero();
|
2023-12-05 16:52:50 +03:00
|
|
|
for coin in network.coins() {
|
2024-10-07 05:16:11 +03:00
|
|
|
let supply = Coins::<T>::supply(Coin::from(coin));
|
2025-09-20 04:45:04 -04:00
|
|
|
requirement = requirement
|
|
|
|
|
.saturating_add(Self::stake_requirement(ExternalBalance { coin, amount: supply }));
|
2023-12-05 16:52:50 +03:00
|
|
|
}
|
2025-09-20 04:45:04 -04:00
|
|
|
requirement
|
2023-12-05 16:52:50 +03:00
|
|
|
}
|
2023-12-17 01:44:08 +03:00
|
|
|
|
2025-11-05 01:18:21 -05:00
|
|
|
pub fn selected_validators(
|
|
|
|
|
set: ValidatorSet,
|
|
|
|
|
) -> impl Iterator<Item = (Public, KeySharesStruct)> {
|
|
|
|
|
Abstractions::<T>::selected_validators(set)
|
|
|
|
|
}
|
|
|
|
|
|
2025-11-14 03:35:38 -05:00
|
|
|
pub fn oraclization_key(set: ExternalValidatorSet) -> Option<Public> {
|
|
|
|
|
Abstractions::<T>::oraclization_key(set)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
pub fn external_key(set: ExternalValidatorSet) -> Option<ExternalKey> {
|
|
|
|
|
Abstractions::<T>::external_key(set)
|
|
|
|
|
}
|
|
|
|
|
|
2025-11-16 17:27:58 -05:00
|
|
|
pub fn pending_slash_report(network: ExternalNetworkId) -> bool {
|
|
|
|
|
Abstractions::<T>::waiting_for_slash_report(network).is_some()
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
pub fn embedded_elliptic_curve_keys(
|
|
|
|
|
validator: Public,
|
|
|
|
|
network: ExternalNetworkId,
|
|
|
|
|
) -> Option<EmbeddedEllipticCurveKeysStruct> {
|
|
|
|
|
<Abstractions<T> as crate::EmbeddedEllipticCurveKeys>::embedded_elliptic_curve_keys(
|
|
|
|
|
validator, network,
|
|
|
|
|
)
|
|
|
|
|
}
|
|
|
|
|
|
2025-11-18 20:50:32 -05:00
|
|
|
fn set_embedded_elliptic_curve_keys_internal(
|
|
|
|
|
validator: Public,
|
|
|
|
|
keys: SignedEmbeddedEllipticCurveKeys,
|
|
|
|
|
) -> DispatchResult {
|
|
|
|
|
let network = keys.network();
|
|
|
|
|
let keys =
|
|
|
|
|
<Abstractions<T> as crate::EmbeddedEllipticCurveKeys>::set_embedded_elliptic_curve_keys(
|
|
|
|
|
validator, keys,
|
|
|
|
|
)
|
|
|
|
|
.map_err(|()| Error::<T>::InvalidEmbeddedEllipticCurveKeys)?;
|
|
|
|
|
Core::<T>::emit_event(Event::SetEmbeddedEllipticCurveKeys {
|
|
|
|
|
validator: validator.into(),
|
|
|
|
|
keys,
|
|
|
|
|
});
|
|
|
|
|
Ok(())
|
|
|
|
|
}
|
|
|
|
|
|
2025-09-20 04:45:04 -04:00
|
|
|
/* TODO
|
2024-08-15 06:12:04 +03:00
|
|
|
pub fn distribute_block_rewards(
|
|
|
|
|
network: NetworkId,
|
|
|
|
|
account: T::AccountId,
|
|
|
|
|
amount: Amount,
|
|
|
|
|
) -> DispatchResult {
|
|
|
|
|
// TODO: Should this call be part of the `increase_allocation` since we have to have it
|
|
|
|
|
// before each call to it?
|
2025-09-03 00:48:15 -04:00
|
|
|
Coins::<T>::transfer_fn(
|
2024-08-15 06:12:04 +03:00
|
|
|
account,
|
|
|
|
|
Self::account(),
|
|
|
|
|
Balance { coin: Coin::Serai, amount },
|
|
|
|
|
)?;
|
|
|
|
|
Self::increase_allocation(network, account, amount, true)
|
|
|
|
|
}
|
2025-09-20 01:23:02 -04:00
|
|
|
*/
|
|
|
|
|
}
|
2025-01-30 12:23:03 +03:00
|
|
|
|
2025-09-20 01:23:02 -04:00
|
|
|
#[pallet::hooks]
|
|
|
|
|
impl<T: Config> Hooks<BlockNumberFor<T>> for Pallet<T> {
|
|
|
|
|
fn on_initialize(n: BlockNumberFor<T>) -> Weight {
|
|
|
|
|
if <T as Config>::ShouldEndSession::should_end_session(n) {
|
|
|
|
|
Babe::<T>::on_before_session_ending();
|
2025-09-20 01:36:11 -04:00
|
|
|
Grandpa::<T>::on_before_session_ending();
|
2025-09-20 01:23:02 -04:00
|
|
|
|
|
|
|
|
{
|
|
|
|
|
// Accept the hand-over to the next session for the Serai network
|
|
|
|
|
Abstractions::<T>::accept_handover(NetworkId::Serai);
|
|
|
|
|
// Decide the next session for the Serai network
|
|
|
|
|
assert!(
|
2025-09-20 01:41:54 -04:00
|
|
|
Abstractions::<T>::attempt_new_session(
|
|
|
|
|
NetworkId::Serai,
|
|
|
|
|
Self::include_genesis_validators(NetworkId::Serai)
|
|
|
|
|
),
|
2025-09-20 01:23:02 -04:00
|
|
|
"failed to attempt the next session for the Serai network"
|
|
|
|
|
);
|
|
|
|
|
}
|
2025-01-30 12:23:03 +03:00
|
|
|
|
2025-09-20 01:41:54 -04:00
|
|
|
// Update BABE, GRANDPA
|
2025-09-20 01:23:02 -04:00
|
|
|
{
|
|
|
|
|
let current_serai_session = Abstractions::<T>::current_session(NetworkId::Serai)
|
|
|
|
|
.expect("never selected a session for Serai");
|
|
|
|
|
let latest_decided_serai_session =
|
|
|
|
|
Abstractions::<T>::latest_decided_session(NetworkId::Serai)
|
|
|
|
|
.expect("current session yet no latest decided session for Serai");
|
|
|
|
|
assert_eq!(
|
|
|
|
|
Session(current_serai_session.0 + 1),
|
|
|
|
|
latest_decided_serai_session,
|
|
|
|
|
"latest decided Serai session wasn't the session after the current session"
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
let prior_serai_validators = Abstractions::<T>::serai_validators(Session(
|
|
|
|
|
current_serai_session.0.checked_sub(1).expect("ShouldEndSession triggered on genesis"),
|
|
|
|
|
));
|
|
|
|
|
assert!(
|
|
|
|
|
!prior_serai_validators.is_empty(),
|
|
|
|
|
"prior Serai validators weren't able to be fetched from storage",
|
|
|
|
|
);
|
2025-09-20 01:36:11 -04:00
|
|
|
|
2025-09-20 01:23:02 -04:00
|
|
|
let serai_validators = Abstractions::<T>::serai_validators(current_serai_session);
|
2025-09-20 01:36:11 -04:00
|
|
|
|
|
|
|
|
let validators_changed = prior_serai_validators != serai_validators;
|
|
|
|
|
|
2025-09-20 01:23:02 -04:00
|
|
|
let queued_serai_validators =
|
|
|
|
|
Abstractions::<T>::serai_validators(latest_decided_serai_session);
|
|
|
|
|
|
2025-09-20 01:36:11 -04:00
|
|
|
fn map_babe((validator, key): &(Public, Public)) -> (&Public, pallet_babe::AuthorityId) {
|
2025-09-20 01:23:02 -04:00
|
|
|
(validator, (*key).into())
|
|
|
|
|
}
|
|
|
|
|
Babe::<T>::on_new_session(
|
2025-09-20 01:36:11 -04:00
|
|
|
validators_changed,
|
|
|
|
|
serai_validators.iter().map(map_babe),
|
|
|
|
|
queued_serai_validators.iter().map(map_babe),
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
fn map_grandpa(
|
|
|
|
|
(validator, key): &(Public, Public),
|
|
|
|
|
) -> (&Public, pallet_grandpa::AuthorityId) {
|
|
|
|
|
(validator, (*key).into())
|
|
|
|
|
}
|
|
|
|
|
Grandpa::<T>::on_new_session(
|
|
|
|
|
validators_changed,
|
|
|
|
|
serai_validators.iter().map(map_grandpa),
|
|
|
|
|
queued_serai_validators.iter().map(map_grandpa),
|
2025-09-20 01:23:02 -04:00
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
2025-09-20 01:41:54 -04:00
|
|
|
// Attempt new sessions for all external networks
|
|
|
|
|
for network in ExternalNetworkId::all() {
|
|
|
|
|
Abstractions::<T>::attempt_new_session(
|
|
|
|
|
network.into(),
|
|
|
|
|
Self::include_genesis_validators(network.into()),
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// TODO Dex::<T>::on_new_session(network);
|
2025-09-20 01:23:02 -04:00
|
|
|
|
|
|
|
|
Weight::zero() // TODO
|
|
|
|
|
} else {
|
|
|
|
|
Weight::zero()
|
|
|
|
|
}
|
2025-01-30 12:23:03 +03:00
|
|
|
}
|
2023-10-10 13:53:24 +03:00
|
|
|
}
|
2023-10-22 03:59:21 -04:00
|
|
|
|
|
|
|
|
#[pallet::call]
|
|
|
|
|
impl<T: Config> Pallet<T> {
|
|
|
|
|
#[pallet::call_index(0)]
|
2025-09-15 21:32:01 -04:00
|
|
|
#[pallet::weight((0, DispatchClass::Operational))] // TODO
|
2023-10-22 03:59:21 -04:00
|
|
|
pub fn set_keys(
|
|
|
|
|
origin: OriginFor<T>,
|
2024-10-07 05:16:11 +03:00
|
|
|
network: ExternalNetworkId,
|
2023-10-22 03:59:21 -04:00
|
|
|
key_pair: KeyPair,
|
One Round DKG (#589)
* Upstream GBP, divisor, circuit abstraction, and EC gadgets from FCMP++
* Initial eVRF implementation
Not quite done yet. It needs to communicate the resulting points and proofs to
extract them from the Pedersen Commitments in order to return those, and then
be tested.
* Add the openings of the PCs to the eVRF as necessary
* Add implementation of secq256k1
* Make DKG Encryption a bit more flexible
No longer requires the use of an EncryptionKeyMessage, and allows pre-defined
keys for encryption.
* Make NUM_BITS an argument for the field macro
* Have the eVRF take a Zeroizing private key
* Initial eVRF-based DKG
* Add embedwards25519 curve
* Inline the eVRF into the DKG library
Due to how we're handling share encryption, we'd either need two circuits or to
dedicate this circuit to the DKG. The latter makes sense at this time.
* Add documentation to the eVRF-based DKG
* Add paragraph claiming robustness
* Update to the new eVRF proof
* Finish routing the eVRF functionality
Still needs errors and serialization, along with a few other TODOs.
* Add initial eVRF DKG test
* Improve eVRF DKG
Updates how we calculcate verification shares, improves performance when
extracting multiple sets of keys, and adds more to the test for it.
* Start using a proper error for the eVRF DKG
* Resolve various TODOs
Supports recovering multiple key shares from the eVRF DKG.
Inlines two loops to save 2**16 iterations.
Adds support for creating a constant time representation of scalars < NUM_BITS.
* Ban zero ECDH keys, document non-zero requirements
* Implement eVRF traits, all the way up to the DKG, for secp256k1/ed25519
* Add Ristretto eVRF trait impls
* Support participating multiple times in the eVRF DKG
* Only participate once per key, not once per key share
* Rewrite processor key-gen around the eVRF DKG
Still a WIP.
* Finish routing the new key gen in the processor
Doesn't touch the tests, coordinator, nor Substrate yet.
`cargo +nightly fmt && cargo +nightly-2024-07-01 clippy --all-features -p serai-processor`
does pass.
* Deduplicate and better document in processor key_gen
* Update serai-processor tests to the new key gen
* Correct amount of yx coefficients, get processor key gen test to pass
* Add embedded elliptic curve keys to Substrate
* Update processor key gen tests to the eVRF DKG
* Have set_keys take signature_participants, not removed_participants
Now no one is removed from the DKG. Only `t` people publish the key however.
Uses a BitVec for an efficient encoding of the participants.
* Update the coordinator binary for the new DKG
This does not yet update any tests.
* Add sensible Debug to key_gen::[Processor, Coordinator]Message
* Have the DKG explicitly declare how to interpolate its shares
Removes the hack for MuSig where we multiply keys by the inverse of their
lagrange interpolation factor.
* Replace Interpolation::None with Interpolation::Constant
Allows the MuSig DKG to keep the secret share as the original private key,
enabling deriving FROST nonces consistently regardless of the MuSig context.
* Get coordinator tests to pass
* Update spec to the new DKG
* Get clippy to pass across the repo
* cargo machete
* Add an extra sleep to ensure expected ordering of `Participation`s
* Update orchestration
* Remove bad panic in coordinator
It expected ConfirmationShare to be n-of-n, not t-of-n.
* Improve documentation on functions
* Update TX size limit
We now no longer have to support the ridiculous case of having 49 DKG
participations within a 101-of-150 DKG. It does remain quite high due to
needing to _sign_ so many times. It'd may be optimal for parties with multiple
key shares to independently send their preprocesses/shares (despite the
overhead that'll cause with signatures and the transaction structure).
* Correct error in the Processor spec document
* Update a few comments in the validator-sets pallet
* Send/Recv Participation one at a time
Sending all, then attempting to receive all in an expected order, wasn't working
even with notable delays between sending messages. This points to the mempool
not working as expected...
* Correct ThresholdKeys serialization in modular-frost test
* Updating existing TX size limit test for the new DKG parameters
* Increase time allowed for the DKG on the GH CI
* Correct construction of signature_participants in serai-client tests
Fault identified by akil.
* Further contextualize DkgConfirmer by ValidatorSet
Caught by a safety check we wouldn't reuse preprocesses across messages. That
raises the question of we were prior reusing preprocesses (reusing keys)?
Except that'd have caused a variety of signing failures (suggesting we had some
staggered timing avoiding it in practice but yes, this was possible in theory).
* Add necessary calls to set_embedded_elliptic_curve_key in coordinator set rotation tests
* Correct shimmed setting of a secq256k1 key
* cargo fmt
* Don't use `[0; 32]` for the embedded keys in the coordinator rotation test
The key_gen function expects the random values already decided.
* Big-endian secq256k1 scalars
Also restores the prior, safer, Encryption::register function.
2024-08-16 11:26:07 -07:00
|
|
|
signature_participants: bitvec::vec::BitVec<u8, bitvec::order::Lsb0>,
|
2023-10-22 03:59:21 -04:00
|
|
|
signature: Signature,
|
|
|
|
|
) -> DispatchResult {
|
|
|
|
|
ensure_none(origin)?;
|
|
|
|
|
|
2025-09-20 02:53:14 -04:00
|
|
|
// `signature_participants`, `signature` are checked within `ValidateUnsigned`
|
One Round DKG (#589)
* Upstream GBP, divisor, circuit abstraction, and EC gadgets from FCMP++
* Initial eVRF implementation
Not quite done yet. It needs to communicate the resulting points and proofs to
extract them from the Pedersen Commitments in order to return those, and then
be tested.
* Add the openings of the PCs to the eVRF as necessary
* Add implementation of secq256k1
* Make DKG Encryption a bit more flexible
No longer requires the use of an EncryptionKeyMessage, and allows pre-defined
keys for encryption.
* Make NUM_BITS an argument for the field macro
* Have the eVRF take a Zeroizing private key
* Initial eVRF-based DKG
* Add embedwards25519 curve
* Inline the eVRF into the DKG library
Due to how we're handling share encryption, we'd either need two circuits or to
dedicate this circuit to the DKG. The latter makes sense at this time.
* Add documentation to the eVRF-based DKG
* Add paragraph claiming robustness
* Update to the new eVRF proof
* Finish routing the eVRF functionality
Still needs errors and serialization, along with a few other TODOs.
* Add initial eVRF DKG test
* Improve eVRF DKG
Updates how we calculcate verification shares, improves performance when
extracting multiple sets of keys, and adds more to the test for it.
* Start using a proper error for the eVRF DKG
* Resolve various TODOs
Supports recovering multiple key shares from the eVRF DKG.
Inlines two loops to save 2**16 iterations.
Adds support for creating a constant time representation of scalars < NUM_BITS.
* Ban zero ECDH keys, document non-zero requirements
* Implement eVRF traits, all the way up to the DKG, for secp256k1/ed25519
* Add Ristretto eVRF trait impls
* Support participating multiple times in the eVRF DKG
* Only participate once per key, not once per key share
* Rewrite processor key-gen around the eVRF DKG
Still a WIP.
* Finish routing the new key gen in the processor
Doesn't touch the tests, coordinator, nor Substrate yet.
`cargo +nightly fmt && cargo +nightly-2024-07-01 clippy --all-features -p serai-processor`
does pass.
* Deduplicate and better document in processor key_gen
* Update serai-processor tests to the new key gen
* Correct amount of yx coefficients, get processor key gen test to pass
* Add embedded elliptic curve keys to Substrate
* Update processor key gen tests to the eVRF DKG
* Have set_keys take signature_participants, not removed_participants
Now no one is removed from the DKG. Only `t` people publish the key however.
Uses a BitVec for an efficient encoding of the participants.
* Update the coordinator binary for the new DKG
This does not yet update any tests.
* Add sensible Debug to key_gen::[Processor, Coordinator]Message
* Have the DKG explicitly declare how to interpolate its shares
Removes the hack for MuSig where we multiply keys by the inverse of their
lagrange interpolation factor.
* Replace Interpolation::None with Interpolation::Constant
Allows the MuSig DKG to keep the secret share as the original private key,
enabling deriving FROST nonces consistently regardless of the MuSig context.
* Get coordinator tests to pass
* Update spec to the new DKG
* Get clippy to pass across the repo
* cargo machete
* Add an extra sleep to ensure expected ordering of `Participation`s
* Update orchestration
* Remove bad panic in coordinator
It expected ConfirmationShare to be n-of-n, not t-of-n.
* Improve documentation on functions
* Update TX size limit
We now no longer have to support the ridiculous case of having 49 DKG
participations within a 101-of-150 DKG. It does remain quite high due to
needing to _sign_ so many times. It'd may be optimal for parties with multiple
key shares to independently send their preprocesses/shares (despite the
overhead that'll cause with signatures and the transaction structure).
* Correct error in the Processor spec document
* Update a few comments in the validator-sets pallet
* Send/Recv Participation one at a time
Sending all, then attempting to receive all in an expected order, wasn't working
even with notable delays between sending messages. This points to the mempool
not working as expected...
* Correct ThresholdKeys serialization in modular-frost test
* Updating existing TX size limit test for the new DKG parameters
* Increase time allowed for the DKG on the GH CI
* Correct construction of signature_participants in serai-client tests
Fault identified by akil.
* Further contextualize DkgConfirmer by ValidatorSet
Caught by a safety check we wouldn't reuse preprocesses across messages. That
raises the question of we were prior reusing preprocesses (reusing keys)?
Except that'd have caused a variety of signing failures (suggesting we had some
staggered timing avoiding it in practice but yes, this was possible in theory).
* Add necessary calls to set_embedded_elliptic_curve_key in coordinator set rotation tests
* Correct shimmed setting of a secq256k1 key
* cargo fmt
* Don't use `[0; 32]` for the embedded keys in the coordinator rotation test
The key_gen function expects the random values already decided.
* Big-endian secq256k1 scalars
Also restores the prior, safer, Encryption::register function.
2024-08-16 11:26:07 -07:00
|
|
|
let _ = signature_participants;
|
2023-10-22 03:59:21 -04:00
|
|
|
let _ = signature;
|
|
|
|
|
|
2025-09-20 02:53:14 -04:00
|
|
|
let session = Self::current_session(NetworkId::from(network))
|
|
|
|
|
.expect("validated `set_keys` for a non-existent session");
|
2024-10-07 05:16:11 +03:00
|
|
|
let set = ExternalValidatorSet { network, session };
|
2025-09-20 03:42:24 -04:00
|
|
|
Abstractions::<T>::set_keys(set, key_pair.clone());
|
|
|
|
|
|
|
|
|
|
Core::<T>::emit_event(Event::SetKeys { set, key_pair });
|
2023-10-22 03:59:21 -04:00
|
|
|
|
2025-09-20 02:53:14 -04:00
|
|
|
// If this is the first session of an external network, mark them current, not solely decided
|
2024-07-04 02:11:04 -04:00
|
|
|
if session == Session(0) {
|
2025-09-20 02:53:14 -04:00
|
|
|
Abstractions::<T>::accept_handover(network.into());
|
2024-07-04 02:11:04 -04:00
|
|
|
}
|
|
|
|
|
|
2023-12-04 07:04:44 -05:00
|
|
|
Ok(())
|
|
|
|
|
}
|
|
|
|
|
|
2024-01-29 03:48:53 -05:00
|
|
|
#[pallet::call_index(1)]
|
2025-09-15 21:32:01 -04:00
|
|
|
#[pallet::weight((0, DispatchClass::Operational))] // TODO
|
2024-01-29 03:48:53 -05:00
|
|
|
pub fn report_slashes(
|
|
|
|
|
origin: OriginFor<T>,
|
2024-10-07 05:16:11 +03:00
|
|
|
network: ExternalNetworkId,
|
2025-01-15 12:08:28 -05:00
|
|
|
slashes: SlashReport,
|
2024-01-29 03:48:53 -05:00
|
|
|
signature: Signature,
|
|
|
|
|
) -> DispatchResult {
|
|
|
|
|
ensure_none(origin)?;
|
|
|
|
|
|
2025-09-20 04:16:01 -04:00
|
|
|
// `signature` is checked within `ValidateUnsigned`
|
2024-01-29 03:48:53 -05:00
|
|
|
let _ = signature;
|
|
|
|
|
|
2025-09-20 04:16:01 -04:00
|
|
|
Abstractions::<T>::handle_slash_report(network, slashes);
|
2024-01-29 03:48:53 -05:00
|
|
|
|
|
|
|
|
Ok(())
|
|
|
|
|
}
|
|
|
|
|
|
2023-12-04 07:04:44 -05:00
|
|
|
#[pallet::call_index(2)]
|
2025-09-15 21:32:01 -04:00
|
|
|
#[pallet::weight((0, DispatchClass::Normal))] // TODO
|
2025-08-26 14:32:55 -04:00
|
|
|
pub fn set_embedded_elliptic_curve_keys(
|
One Round DKG (#589)
* Upstream GBP, divisor, circuit abstraction, and EC gadgets from FCMP++
* Initial eVRF implementation
Not quite done yet. It needs to communicate the resulting points and proofs to
extract them from the Pedersen Commitments in order to return those, and then
be tested.
* Add the openings of the PCs to the eVRF as necessary
* Add implementation of secq256k1
* Make DKG Encryption a bit more flexible
No longer requires the use of an EncryptionKeyMessage, and allows pre-defined
keys for encryption.
* Make NUM_BITS an argument for the field macro
* Have the eVRF take a Zeroizing private key
* Initial eVRF-based DKG
* Add embedwards25519 curve
* Inline the eVRF into the DKG library
Due to how we're handling share encryption, we'd either need two circuits or to
dedicate this circuit to the DKG. The latter makes sense at this time.
* Add documentation to the eVRF-based DKG
* Add paragraph claiming robustness
* Update to the new eVRF proof
* Finish routing the eVRF functionality
Still needs errors and serialization, along with a few other TODOs.
* Add initial eVRF DKG test
* Improve eVRF DKG
Updates how we calculcate verification shares, improves performance when
extracting multiple sets of keys, and adds more to the test for it.
* Start using a proper error for the eVRF DKG
* Resolve various TODOs
Supports recovering multiple key shares from the eVRF DKG.
Inlines two loops to save 2**16 iterations.
Adds support for creating a constant time representation of scalars < NUM_BITS.
* Ban zero ECDH keys, document non-zero requirements
* Implement eVRF traits, all the way up to the DKG, for secp256k1/ed25519
* Add Ristretto eVRF trait impls
* Support participating multiple times in the eVRF DKG
* Only participate once per key, not once per key share
* Rewrite processor key-gen around the eVRF DKG
Still a WIP.
* Finish routing the new key gen in the processor
Doesn't touch the tests, coordinator, nor Substrate yet.
`cargo +nightly fmt && cargo +nightly-2024-07-01 clippy --all-features -p serai-processor`
does pass.
* Deduplicate and better document in processor key_gen
* Update serai-processor tests to the new key gen
* Correct amount of yx coefficients, get processor key gen test to pass
* Add embedded elliptic curve keys to Substrate
* Update processor key gen tests to the eVRF DKG
* Have set_keys take signature_participants, not removed_participants
Now no one is removed from the DKG. Only `t` people publish the key however.
Uses a BitVec for an efficient encoding of the participants.
* Update the coordinator binary for the new DKG
This does not yet update any tests.
* Add sensible Debug to key_gen::[Processor, Coordinator]Message
* Have the DKG explicitly declare how to interpolate its shares
Removes the hack for MuSig where we multiply keys by the inverse of their
lagrange interpolation factor.
* Replace Interpolation::None with Interpolation::Constant
Allows the MuSig DKG to keep the secret share as the original private key,
enabling deriving FROST nonces consistently regardless of the MuSig context.
* Get coordinator tests to pass
* Update spec to the new DKG
* Get clippy to pass across the repo
* cargo machete
* Add an extra sleep to ensure expected ordering of `Participation`s
* Update orchestration
* Remove bad panic in coordinator
It expected ConfirmationShare to be n-of-n, not t-of-n.
* Improve documentation on functions
* Update TX size limit
We now no longer have to support the ridiculous case of having 49 DKG
participations within a 101-of-150 DKG. It does remain quite high due to
needing to _sign_ so many times. It'd may be optimal for parties with multiple
key shares to independently send their preprocesses/shares (despite the
overhead that'll cause with signatures and the transaction structure).
* Correct error in the Processor spec document
* Update a few comments in the validator-sets pallet
* Send/Recv Participation one at a time
Sending all, then attempting to receive all in an expected order, wasn't working
even with notable delays between sending messages. This points to the mempool
not working as expected...
* Correct ThresholdKeys serialization in modular-frost test
* Updating existing TX size limit test for the new DKG parameters
* Increase time allowed for the DKG on the GH CI
* Correct construction of signature_participants in serai-client tests
Fault identified by akil.
* Further contextualize DkgConfirmer by ValidatorSet
Caught by a safety check we wouldn't reuse preprocesses across messages. That
raises the question of we were prior reusing preprocesses (reusing keys)?
Except that'd have caused a variety of signing failures (suggesting we had some
staggered timing avoiding it in practice but yes, this was possible in theory).
* Add necessary calls to set_embedded_elliptic_curve_key in coordinator set rotation tests
* Correct shimmed setting of a secq256k1 key
* cargo fmt
* Don't use `[0; 32]` for the embedded keys in the coordinator rotation test
The key_gen function expects the random values already decided.
* Big-endian secq256k1 scalars
Also restores the prior, safer, Encryption::register function.
2024-08-16 11:26:07 -07:00
|
|
|
origin: OriginFor<T>,
|
2025-09-20 00:06:19 -04:00
|
|
|
keys: SignedEmbeddedEllipticCurveKeys,
|
One Round DKG (#589)
* Upstream GBP, divisor, circuit abstraction, and EC gadgets from FCMP++
* Initial eVRF implementation
Not quite done yet. It needs to communicate the resulting points and proofs to
extract them from the Pedersen Commitments in order to return those, and then
be tested.
* Add the openings of the PCs to the eVRF as necessary
* Add implementation of secq256k1
* Make DKG Encryption a bit more flexible
No longer requires the use of an EncryptionKeyMessage, and allows pre-defined
keys for encryption.
* Make NUM_BITS an argument for the field macro
* Have the eVRF take a Zeroizing private key
* Initial eVRF-based DKG
* Add embedwards25519 curve
* Inline the eVRF into the DKG library
Due to how we're handling share encryption, we'd either need two circuits or to
dedicate this circuit to the DKG. The latter makes sense at this time.
* Add documentation to the eVRF-based DKG
* Add paragraph claiming robustness
* Update to the new eVRF proof
* Finish routing the eVRF functionality
Still needs errors and serialization, along with a few other TODOs.
* Add initial eVRF DKG test
* Improve eVRF DKG
Updates how we calculcate verification shares, improves performance when
extracting multiple sets of keys, and adds more to the test for it.
* Start using a proper error for the eVRF DKG
* Resolve various TODOs
Supports recovering multiple key shares from the eVRF DKG.
Inlines two loops to save 2**16 iterations.
Adds support for creating a constant time representation of scalars < NUM_BITS.
* Ban zero ECDH keys, document non-zero requirements
* Implement eVRF traits, all the way up to the DKG, for secp256k1/ed25519
* Add Ristretto eVRF trait impls
* Support participating multiple times in the eVRF DKG
* Only participate once per key, not once per key share
* Rewrite processor key-gen around the eVRF DKG
Still a WIP.
* Finish routing the new key gen in the processor
Doesn't touch the tests, coordinator, nor Substrate yet.
`cargo +nightly fmt && cargo +nightly-2024-07-01 clippy --all-features -p serai-processor`
does pass.
* Deduplicate and better document in processor key_gen
* Update serai-processor tests to the new key gen
* Correct amount of yx coefficients, get processor key gen test to pass
* Add embedded elliptic curve keys to Substrate
* Update processor key gen tests to the eVRF DKG
* Have set_keys take signature_participants, not removed_participants
Now no one is removed from the DKG. Only `t` people publish the key however.
Uses a BitVec for an efficient encoding of the participants.
* Update the coordinator binary for the new DKG
This does not yet update any tests.
* Add sensible Debug to key_gen::[Processor, Coordinator]Message
* Have the DKG explicitly declare how to interpolate its shares
Removes the hack for MuSig where we multiply keys by the inverse of their
lagrange interpolation factor.
* Replace Interpolation::None with Interpolation::Constant
Allows the MuSig DKG to keep the secret share as the original private key,
enabling deriving FROST nonces consistently regardless of the MuSig context.
* Get coordinator tests to pass
* Update spec to the new DKG
* Get clippy to pass across the repo
* cargo machete
* Add an extra sleep to ensure expected ordering of `Participation`s
* Update orchestration
* Remove bad panic in coordinator
It expected ConfirmationShare to be n-of-n, not t-of-n.
* Improve documentation on functions
* Update TX size limit
We now no longer have to support the ridiculous case of having 49 DKG
participations within a 101-of-150 DKG. It does remain quite high due to
needing to _sign_ so many times. It'd may be optimal for parties with multiple
key shares to independently send their preprocesses/shares (despite the
overhead that'll cause with signatures and the transaction structure).
* Correct error in the Processor spec document
* Update a few comments in the validator-sets pallet
* Send/Recv Participation one at a time
Sending all, then attempting to receive all in an expected order, wasn't working
even with notable delays between sending messages. This points to the mempool
not working as expected...
* Correct ThresholdKeys serialization in modular-frost test
* Updating existing TX size limit test for the new DKG parameters
* Increase time allowed for the DKG on the GH CI
* Correct construction of signature_participants in serai-client tests
Fault identified by akil.
* Further contextualize DkgConfirmer by ValidatorSet
Caught by a safety check we wouldn't reuse preprocesses across messages. That
raises the question of we were prior reusing preprocesses (reusing keys)?
Except that'd have caused a variety of signing failures (suggesting we had some
staggered timing avoiding it in practice but yes, this was possible in theory).
* Add necessary calls to set_embedded_elliptic_curve_key in coordinator set rotation tests
* Correct shimmed setting of a secq256k1 key
* cargo fmt
* Don't use `[0; 32]` for the embedded keys in the coordinator rotation test
The key_gen function expects the random values already decided.
* Big-endian secq256k1 scalars
Also restores the prior, safer, Encryption::register function.
2024-08-16 11:26:07 -07:00
|
|
|
) -> DispatchResult {
|
2025-09-20 03:42:24 -04:00
|
|
|
let validator = ensure_signed(origin)?;
|
2025-11-18 20:50:32 -05:00
|
|
|
Self::set_embedded_elliptic_curve_keys_internal(validator, keys)
|
One Round DKG (#589)
* Upstream GBP, divisor, circuit abstraction, and EC gadgets from FCMP++
* Initial eVRF implementation
Not quite done yet. It needs to communicate the resulting points and proofs to
extract them from the Pedersen Commitments in order to return those, and then
be tested.
* Add the openings of the PCs to the eVRF as necessary
* Add implementation of secq256k1
* Make DKG Encryption a bit more flexible
No longer requires the use of an EncryptionKeyMessage, and allows pre-defined
keys for encryption.
* Make NUM_BITS an argument for the field macro
* Have the eVRF take a Zeroizing private key
* Initial eVRF-based DKG
* Add embedwards25519 curve
* Inline the eVRF into the DKG library
Due to how we're handling share encryption, we'd either need two circuits or to
dedicate this circuit to the DKG. The latter makes sense at this time.
* Add documentation to the eVRF-based DKG
* Add paragraph claiming robustness
* Update to the new eVRF proof
* Finish routing the eVRF functionality
Still needs errors and serialization, along with a few other TODOs.
* Add initial eVRF DKG test
* Improve eVRF DKG
Updates how we calculcate verification shares, improves performance when
extracting multiple sets of keys, and adds more to the test for it.
* Start using a proper error for the eVRF DKG
* Resolve various TODOs
Supports recovering multiple key shares from the eVRF DKG.
Inlines two loops to save 2**16 iterations.
Adds support for creating a constant time representation of scalars < NUM_BITS.
* Ban zero ECDH keys, document non-zero requirements
* Implement eVRF traits, all the way up to the DKG, for secp256k1/ed25519
* Add Ristretto eVRF trait impls
* Support participating multiple times in the eVRF DKG
* Only participate once per key, not once per key share
* Rewrite processor key-gen around the eVRF DKG
Still a WIP.
* Finish routing the new key gen in the processor
Doesn't touch the tests, coordinator, nor Substrate yet.
`cargo +nightly fmt && cargo +nightly-2024-07-01 clippy --all-features -p serai-processor`
does pass.
* Deduplicate and better document in processor key_gen
* Update serai-processor tests to the new key gen
* Correct amount of yx coefficients, get processor key gen test to pass
* Add embedded elliptic curve keys to Substrate
* Update processor key gen tests to the eVRF DKG
* Have set_keys take signature_participants, not removed_participants
Now no one is removed from the DKG. Only `t` people publish the key however.
Uses a BitVec for an efficient encoding of the participants.
* Update the coordinator binary for the new DKG
This does not yet update any tests.
* Add sensible Debug to key_gen::[Processor, Coordinator]Message
* Have the DKG explicitly declare how to interpolate its shares
Removes the hack for MuSig where we multiply keys by the inverse of their
lagrange interpolation factor.
* Replace Interpolation::None with Interpolation::Constant
Allows the MuSig DKG to keep the secret share as the original private key,
enabling deriving FROST nonces consistently regardless of the MuSig context.
* Get coordinator tests to pass
* Update spec to the new DKG
* Get clippy to pass across the repo
* cargo machete
* Add an extra sleep to ensure expected ordering of `Participation`s
* Update orchestration
* Remove bad panic in coordinator
It expected ConfirmationShare to be n-of-n, not t-of-n.
* Improve documentation on functions
* Update TX size limit
We now no longer have to support the ridiculous case of having 49 DKG
participations within a 101-of-150 DKG. It does remain quite high due to
needing to _sign_ so many times. It'd may be optimal for parties with multiple
key shares to independently send their preprocesses/shares (despite the
overhead that'll cause with signatures and the transaction structure).
* Correct error in the Processor spec document
* Update a few comments in the validator-sets pallet
* Send/Recv Participation one at a time
Sending all, then attempting to receive all in an expected order, wasn't working
even with notable delays between sending messages. This points to the mempool
not working as expected...
* Correct ThresholdKeys serialization in modular-frost test
* Updating existing TX size limit test for the new DKG parameters
* Increase time allowed for the DKG on the GH CI
* Correct construction of signature_participants in serai-client tests
Fault identified by akil.
* Further contextualize DkgConfirmer by ValidatorSet
Caught by a safety check we wouldn't reuse preprocesses across messages. That
raises the question of we were prior reusing preprocesses (reusing keys)?
Except that'd have caused a variety of signing failures (suggesting we had some
staggered timing avoiding it in practice but yes, this was possible in theory).
* Add necessary calls to set_embedded_elliptic_curve_key in coordinator set rotation tests
* Correct shimmed setting of a secq256k1 key
* cargo fmt
* Don't use `[0; 32]` for the embedded keys in the coordinator rotation test
The key_gen function expects the random values already decided.
* Big-endian secq256k1 scalars
Also restores the prior, safer, Encryption::register function.
2024-08-16 11:26:07 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#[pallet::call_index(3)]
|
2025-09-15 21:32:01 -04:00
|
|
|
#[pallet::weight((0, DispatchClass::Normal))] // TODO
|
2023-10-22 03:59:21 -04:00
|
|
|
pub fn allocate(origin: OriginFor<T>, network: NetworkId, amount: Amount) -> DispatchResult {
|
|
|
|
|
let validator = ensure_signed(origin)?;
|
2025-09-20 04:45:04 -04:00
|
|
|
Coins::<T>::transfer_fn(validator, Self::account(), Balance { coin: Coin::Serai, amount })?;
|
2025-09-02 11:07:45 -04:00
|
|
|
Abstractions::<T>::increase_allocation(network, validator, amount, false)
|
|
|
|
|
.map_err(Error::<T>::AllocationError)?;
|
2025-08-26 14:32:55 -04:00
|
|
|
Ok(())
|
2023-10-22 03:59:21 -04:00
|
|
|
}
|
|
|
|
|
|
One Round DKG (#589)
* Upstream GBP, divisor, circuit abstraction, and EC gadgets from FCMP++
* Initial eVRF implementation
Not quite done yet. It needs to communicate the resulting points and proofs to
extract them from the Pedersen Commitments in order to return those, and then
be tested.
* Add the openings of the PCs to the eVRF as necessary
* Add implementation of secq256k1
* Make DKG Encryption a bit more flexible
No longer requires the use of an EncryptionKeyMessage, and allows pre-defined
keys for encryption.
* Make NUM_BITS an argument for the field macro
* Have the eVRF take a Zeroizing private key
* Initial eVRF-based DKG
* Add embedwards25519 curve
* Inline the eVRF into the DKG library
Due to how we're handling share encryption, we'd either need two circuits or to
dedicate this circuit to the DKG. The latter makes sense at this time.
* Add documentation to the eVRF-based DKG
* Add paragraph claiming robustness
* Update to the new eVRF proof
* Finish routing the eVRF functionality
Still needs errors and serialization, along with a few other TODOs.
* Add initial eVRF DKG test
* Improve eVRF DKG
Updates how we calculcate verification shares, improves performance when
extracting multiple sets of keys, and adds more to the test for it.
* Start using a proper error for the eVRF DKG
* Resolve various TODOs
Supports recovering multiple key shares from the eVRF DKG.
Inlines two loops to save 2**16 iterations.
Adds support for creating a constant time representation of scalars < NUM_BITS.
* Ban zero ECDH keys, document non-zero requirements
* Implement eVRF traits, all the way up to the DKG, for secp256k1/ed25519
* Add Ristretto eVRF trait impls
* Support participating multiple times in the eVRF DKG
* Only participate once per key, not once per key share
* Rewrite processor key-gen around the eVRF DKG
Still a WIP.
* Finish routing the new key gen in the processor
Doesn't touch the tests, coordinator, nor Substrate yet.
`cargo +nightly fmt && cargo +nightly-2024-07-01 clippy --all-features -p serai-processor`
does pass.
* Deduplicate and better document in processor key_gen
* Update serai-processor tests to the new key gen
* Correct amount of yx coefficients, get processor key gen test to pass
* Add embedded elliptic curve keys to Substrate
* Update processor key gen tests to the eVRF DKG
* Have set_keys take signature_participants, not removed_participants
Now no one is removed from the DKG. Only `t` people publish the key however.
Uses a BitVec for an efficient encoding of the participants.
* Update the coordinator binary for the new DKG
This does not yet update any tests.
* Add sensible Debug to key_gen::[Processor, Coordinator]Message
* Have the DKG explicitly declare how to interpolate its shares
Removes the hack for MuSig where we multiply keys by the inverse of their
lagrange interpolation factor.
* Replace Interpolation::None with Interpolation::Constant
Allows the MuSig DKG to keep the secret share as the original private key,
enabling deriving FROST nonces consistently regardless of the MuSig context.
* Get coordinator tests to pass
* Update spec to the new DKG
* Get clippy to pass across the repo
* cargo machete
* Add an extra sleep to ensure expected ordering of `Participation`s
* Update orchestration
* Remove bad panic in coordinator
It expected ConfirmationShare to be n-of-n, not t-of-n.
* Improve documentation on functions
* Update TX size limit
We now no longer have to support the ridiculous case of having 49 DKG
participations within a 101-of-150 DKG. It does remain quite high due to
needing to _sign_ so many times. It'd may be optimal for parties with multiple
key shares to independently send their preprocesses/shares (despite the
overhead that'll cause with signatures and the transaction structure).
* Correct error in the Processor spec document
* Update a few comments in the validator-sets pallet
* Send/Recv Participation one at a time
Sending all, then attempting to receive all in an expected order, wasn't working
even with notable delays between sending messages. This points to the mempool
not working as expected...
* Correct ThresholdKeys serialization in modular-frost test
* Updating existing TX size limit test for the new DKG parameters
* Increase time allowed for the DKG on the GH CI
* Correct construction of signature_participants in serai-client tests
Fault identified by akil.
* Further contextualize DkgConfirmer by ValidatorSet
Caught by a safety check we wouldn't reuse preprocesses across messages. That
raises the question of we were prior reusing preprocesses (reusing keys)?
Except that'd have caused a variety of signing failures (suggesting we had some
staggered timing avoiding it in practice but yes, this was possible in theory).
* Add necessary calls to set_embedded_elliptic_curve_key in coordinator set rotation tests
* Correct shimmed setting of a secq256k1 key
* cargo fmt
* Don't use `[0; 32]` for the embedded keys in the coordinator rotation test
The key_gen function expects the random values already decided.
* Big-endian secq256k1 scalars
Also restores the prior, safer, Encryption::register function.
2024-08-16 11:26:07 -07:00
|
|
|
#[pallet::call_index(4)]
|
2025-09-15 21:32:01 -04:00
|
|
|
#[pallet::weight((0, DispatchClass::Normal))] // TODO
|
2023-10-22 03:59:21 -04:00
|
|
|
pub fn deallocate(origin: OriginFor<T>, network: NetworkId, amount: Amount) -> DispatchResult {
|
2025-09-20 03:42:24 -04:00
|
|
|
let validator = ensure_signed(origin)?;
|
2023-10-22 03:59:21 -04:00
|
|
|
|
2025-09-20 03:42:24 -04:00
|
|
|
let timeline = Abstractions::<T>::decrease_allocation(network, validator, amount)
|
2025-09-02 11:07:45 -04:00
|
|
|
.map_err(Error::<T>::DeallocationError)?;
|
2025-09-20 03:42:24 -04:00
|
|
|
|
|
|
|
|
Core::<T>::emit_event(Event::Deallocation {
|
|
|
|
|
validator: validator.into(),
|
|
|
|
|
network,
|
|
|
|
|
amount,
|
|
|
|
|
timeline,
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
if matches!(timeline, DeallocationTimeline::Immediate) {
|
2025-09-20 04:45:04 -04:00
|
|
|
Coins::<T>::transfer_fn(Self::account(), validator, Balance { coin: Coin::Serai, amount })?;
|
2023-10-22 03:59:21 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
Ok(())
|
|
|
|
|
}
|
|
|
|
|
|
One Round DKG (#589)
* Upstream GBP, divisor, circuit abstraction, and EC gadgets from FCMP++
* Initial eVRF implementation
Not quite done yet. It needs to communicate the resulting points and proofs to
extract them from the Pedersen Commitments in order to return those, and then
be tested.
* Add the openings of the PCs to the eVRF as necessary
* Add implementation of secq256k1
* Make DKG Encryption a bit more flexible
No longer requires the use of an EncryptionKeyMessage, and allows pre-defined
keys for encryption.
* Make NUM_BITS an argument for the field macro
* Have the eVRF take a Zeroizing private key
* Initial eVRF-based DKG
* Add embedwards25519 curve
* Inline the eVRF into the DKG library
Due to how we're handling share encryption, we'd either need two circuits or to
dedicate this circuit to the DKG. The latter makes sense at this time.
* Add documentation to the eVRF-based DKG
* Add paragraph claiming robustness
* Update to the new eVRF proof
* Finish routing the eVRF functionality
Still needs errors and serialization, along with a few other TODOs.
* Add initial eVRF DKG test
* Improve eVRF DKG
Updates how we calculcate verification shares, improves performance when
extracting multiple sets of keys, and adds more to the test for it.
* Start using a proper error for the eVRF DKG
* Resolve various TODOs
Supports recovering multiple key shares from the eVRF DKG.
Inlines two loops to save 2**16 iterations.
Adds support for creating a constant time representation of scalars < NUM_BITS.
* Ban zero ECDH keys, document non-zero requirements
* Implement eVRF traits, all the way up to the DKG, for secp256k1/ed25519
* Add Ristretto eVRF trait impls
* Support participating multiple times in the eVRF DKG
* Only participate once per key, not once per key share
* Rewrite processor key-gen around the eVRF DKG
Still a WIP.
* Finish routing the new key gen in the processor
Doesn't touch the tests, coordinator, nor Substrate yet.
`cargo +nightly fmt && cargo +nightly-2024-07-01 clippy --all-features -p serai-processor`
does pass.
* Deduplicate and better document in processor key_gen
* Update serai-processor tests to the new key gen
* Correct amount of yx coefficients, get processor key gen test to pass
* Add embedded elliptic curve keys to Substrate
* Update processor key gen tests to the eVRF DKG
* Have set_keys take signature_participants, not removed_participants
Now no one is removed from the DKG. Only `t` people publish the key however.
Uses a BitVec for an efficient encoding of the participants.
* Update the coordinator binary for the new DKG
This does not yet update any tests.
* Add sensible Debug to key_gen::[Processor, Coordinator]Message
* Have the DKG explicitly declare how to interpolate its shares
Removes the hack for MuSig where we multiply keys by the inverse of their
lagrange interpolation factor.
* Replace Interpolation::None with Interpolation::Constant
Allows the MuSig DKG to keep the secret share as the original private key,
enabling deriving FROST nonces consistently regardless of the MuSig context.
* Get coordinator tests to pass
* Update spec to the new DKG
* Get clippy to pass across the repo
* cargo machete
* Add an extra sleep to ensure expected ordering of `Participation`s
* Update orchestration
* Remove bad panic in coordinator
It expected ConfirmationShare to be n-of-n, not t-of-n.
* Improve documentation on functions
* Update TX size limit
We now no longer have to support the ridiculous case of having 49 DKG
participations within a 101-of-150 DKG. It does remain quite high due to
needing to _sign_ so many times. It'd may be optimal for parties with multiple
key shares to independently send their preprocesses/shares (despite the
overhead that'll cause with signatures and the transaction structure).
* Correct error in the Processor spec document
* Update a few comments in the validator-sets pallet
* Send/Recv Participation one at a time
Sending all, then attempting to receive all in an expected order, wasn't working
even with notable delays between sending messages. This points to the mempool
not working as expected...
* Correct ThresholdKeys serialization in modular-frost test
* Updating existing TX size limit test for the new DKG parameters
* Increase time allowed for the DKG on the GH CI
* Correct construction of signature_participants in serai-client tests
Fault identified by akil.
* Further contextualize DkgConfirmer by ValidatorSet
Caught by a safety check we wouldn't reuse preprocesses across messages. That
raises the question of we were prior reusing preprocesses (reusing keys)?
Except that'd have caused a variety of signing failures (suggesting we had some
staggered timing avoiding it in practice but yes, this was possible in theory).
* Add necessary calls to set_embedded_elliptic_curve_key in coordinator set rotation tests
* Correct shimmed setting of a secq256k1 key
* cargo fmt
* Don't use `[0; 32]` for the embedded keys in the coordinator rotation test
The key_gen function expects the random values already decided.
* Big-endian secq256k1 scalars
Also restores the prior, safer, Encryption::register function.
2024-08-16 11:26:07 -07:00
|
|
|
#[pallet::call_index(5)]
|
2025-09-15 21:32:01 -04:00
|
|
|
#[pallet::weight((0, DispatchClass::Normal))] // TODO
|
2023-10-22 03:59:21 -04:00
|
|
|
pub fn claim_deallocation(
|
|
|
|
|
origin: OriginFor<T>,
|
|
|
|
|
network: NetworkId,
|
|
|
|
|
session: Session,
|
|
|
|
|
) -> DispatchResult {
|
2025-09-20 03:42:24 -04:00
|
|
|
let validator = ensure_signed(origin)?;
|
|
|
|
|
let amount = Abstractions::<T>::claim_delayed_deallocation(validator, network, session)
|
2025-09-15 21:32:01 -04:00
|
|
|
.map_err(Error::<T>::DeallocationError)?;
|
2025-09-20 03:42:24 -04:00
|
|
|
|
|
|
|
|
Core::<T>::emit_event(Event::DelayedDeallocationClaimed {
|
|
|
|
|
validator: validator.into(),
|
|
|
|
|
deallocation: ValidatorSet { network, session },
|
|
|
|
|
});
|
|
|
|
|
|
2025-09-20 04:45:04 -04:00
|
|
|
Coins::<T>::transfer_fn(Self::account(), validator, Balance { coin: Coin::Serai, amount })?;
|
2023-10-22 03:59:21 -04:00
|
|
|
Ok(())
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#[pallet::validate_unsigned]
|
|
|
|
|
impl<T: Config> ValidateUnsigned for Pallet<T> {
|
|
|
|
|
type Call = Call<T>;
|
|
|
|
|
|
|
|
|
|
fn validate_unsigned(_: TransactionSource, call: &Self::Call) -> TransactionValidity {
|
|
|
|
|
// Match to be exhaustive
|
2023-12-04 07:04:44 -05:00
|
|
|
match call {
|
One Round DKG (#589)
* Upstream GBP, divisor, circuit abstraction, and EC gadgets from FCMP++
* Initial eVRF implementation
Not quite done yet. It needs to communicate the resulting points and proofs to
extract them from the Pedersen Commitments in order to return those, and then
be tested.
* Add the openings of the PCs to the eVRF as necessary
* Add implementation of secq256k1
* Make DKG Encryption a bit more flexible
No longer requires the use of an EncryptionKeyMessage, and allows pre-defined
keys for encryption.
* Make NUM_BITS an argument for the field macro
* Have the eVRF take a Zeroizing private key
* Initial eVRF-based DKG
* Add embedwards25519 curve
* Inline the eVRF into the DKG library
Due to how we're handling share encryption, we'd either need two circuits or to
dedicate this circuit to the DKG. The latter makes sense at this time.
* Add documentation to the eVRF-based DKG
* Add paragraph claiming robustness
* Update to the new eVRF proof
* Finish routing the eVRF functionality
Still needs errors and serialization, along with a few other TODOs.
* Add initial eVRF DKG test
* Improve eVRF DKG
Updates how we calculcate verification shares, improves performance when
extracting multiple sets of keys, and adds more to the test for it.
* Start using a proper error for the eVRF DKG
* Resolve various TODOs
Supports recovering multiple key shares from the eVRF DKG.
Inlines two loops to save 2**16 iterations.
Adds support for creating a constant time representation of scalars < NUM_BITS.
* Ban zero ECDH keys, document non-zero requirements
* Implement eVRF traits, all the way up to the DKG, for secp256k1/ed25519
* Add Ristretto eVRF trait impls
* Support participating multiple times in the eVRF DKG
* Only participate once per key, not once per key share
* Rewrite processor key-gen around the eVRF DKG
Still a WIP.
* Finish routing the new key gen in the processor
Doesn't touch the tests, coordinator, nor Substrate yet.
`cargo +nightly fmt && cargo +nightly-2024-07-01 clippy --all-features -p serai-processor`
does pass.
* Deduplicate and better document in processor key_gen
* Update serai-processor tests to the new key gen
* Correct amount of yx coefficients, get processor key gen test to pass
* Add embedded elliptic curve keys to Substrate
* Update processor key gen tests to the eVRF DKG
* Have set_keys take signature_participants, not removed_participants
Now no one is removed from the DKG. Only `t` people publish the key however.
Uses a BitVec for an efficient encoding of the participants.
* Update the coordinator binary for the new DKG
This does not yet update any tests.
* Add sensible Debug to key_gen::[Processor, Coordinator]Message
* Have the DKG explicitly declare how to interpolate its shares
Removes the hack for MuSig where we multiply keys by the inverse of their
lagrange interpolation factor.
* Replace Interpolation::None with Interpolation::Constant
Allows the MuSig DKG to keep the secret share as the original private key,
enabling deriving FROST nonces consistently regardless of the MuSig context.
* Get coordinator tests to pass
* Update spec to the new DKG
* Get clippy to pass across the repo
* cargo machete
* Add an extra sleep to ensure expected ordering of `Participation`s
* Update orchestration
* Remove bad panic in coordinator
It expected ConfirmationShare to be n-of-n, not t-of-n.
* Improve documentation on functions
* Update TX size limit
We now no longer have to support the ridiculous case of having 49 DKG
participations within a 101-of-150 DKG. It does remain quite high due to
needing to _sign_ so many times. It'd may be optimal for parties with multiple
key shares to independently send their preprocesses/shares (despite the
overhead that'll cause with signatures and the transaction structure).
* Correct error in the Processor spec document
* Update a few comments in the validator-sets pallet
* Send/Recv Participation one at a time
Sending all, then attempting to receive all in an expected order, wasn't working
even with notable delays between sending messages. This points to the mempool
not working as expected...
* Correct ThresholdKeys serialization in modular-frost test
* Updating existing TX size limit test for the new DKG parameters
* Increase time allowed for the DKG on the GH CI
* Correct construction of signature_participants in serai-client tests
Fault identified by akil.
* Further contextualize DkgConfirmer by ValidatorSet
Caught by a safety check we wouldn't reuse preprocesses across messages. That
raises the question of we were prior reusing preprocesses (reusing keys)?
Except that'd have caused a variety of signing failures (suggesting we had some
staggered timing avoiding it in practice but yes, this was possible in theory).
* Add necessary calls to set_embedded_elliptic_curve_key in coordinator set rotation tests
* Correct shimmed setting of a secq256k1 key
* cargo fmt
* Don't use `[0; 32]` for the embedded keys in the coordinator rotation test
The key_gen function expects the random values already decided.
* Big-endian secq256k1 scalars
Also restores the prior, safer, Encryption::register function.
2024-08-16 11:26:07 -07:00
|
|
|
Call::set_keys { network, ref key_pair, ref signature_participants, ref signature } => {
|
2023-12-14 23:45:15 -05:00
|
|
|
let network = *network;
|
2023-12-04 07:04:44 -05:00
|
|
|
|
2025-09-20 02:53:14 -04:00
|
|
|
// Confirm this network has a session decided
|
|
|
|
|
let Some(latest_decided_session) = Self::latest_decided_session(network.into()) else {
|
|
|
|
|
Err(InvalidTransaction::BadSigner)?
|
2023-12-04 07:04:44 -05:00
|
|
|
};
|
2023-12-14 23:45:15 -05:00
|
|
|
|
2025-09-20 02:53:14 -04:00
|
|
|
let set = ExternalValidatorSet { network, session: latest_decided_session };
|
2023-12-14 23:45:15 -05:00
|
|
|
|
2025-09-20 02:53:14 -04:00
|
|
|
// Confirm this set has yet to set keys
|
|
|
|
|
if Abstractions::<T>::needs_to_set_keys(set) {
|
2023-12-14 23:45:15 -05:00
|
|
|
Err(InvalidTransaction::Stale)?;
|
|
|
|
|
}
|
|
|
|
|
|
2025-09-20 02:53:14 -04:00
|
|
|
let participants = Abstractions::<T>::selected_validators(set.into()).collect::<Vec<_>>();
|
|
|
|
|
assert!(
|
|
|
|
|
!participants.is_empty(),
|
|
|
|
|
"set which was decided had no selected participants stored"
|
|
|
|
|
);
|
2023-12-04 07:04:44 -05:00
|
|
|
|
One Round DKG (#589)
* Upstream GBP, divisor, circuit abstraction, and EC gadgets from FCMP++
* Initial eVRF implementation
Not quite done yet. It needs to communicate the resulting points and proofs to
extract them from the Pedersen Commitments in order to return those, and then
be tested.
* Add the openings of the PCs to the eVRF as necessary
* Add implementation of secq256k1
* Make DKG Encryption a bit more flexible
No longer requires the use of an EncryptionKeyMessage, and allows pre-defined
keys for encryption.
* Make NUM_BITS an argument for the field macro
* Have the eVRF take a Zeroizing private key
* Initial eVRF-based DKG
* Add embedwards25519 curve
* Inline the eVRF into the DKG library
Due to how we're handling share encryption, we'd either need two circuits or to
dedicate this circuit to the DKG. The latter makes sense at this time.
* Add documentation to the eVRF-based DKG
* Add paragraph claiming robustness
* Update to the new eVRF proof
* Finish routing the eVRF functionality
Still needs errors and serialization, along with a few other TODOs.
* Add initial eVRF DKG test
* Improve eVRF DKG
Updates how we calculcate verification shares, improves performance when
extracting multiple sets of keys, and adds more to the test for it.
* Start using a proper error for the eVRF DKG
* Resolve various TODOs
Supports recovering multiple key shares from the eVRF DKG.
Inlines two loops to save 2**16 iterations.
Adds support for creating a constant time representation of scalars < NUM_BITS.
* Ban zero ECDH keys, document non-zero requirements
* Implement eVRF traits, all the way up to the DKG, for secp256k1/ed25519
* Add Ristretto eVRF trait impls
* Support participating multiple times in the eVRF DKG
* Only participate once per key, not once per key share
* Rewrite processor key-gen around the eVRF DKG
Still a WIP.
* Finish routing the new key gen in the processor
Doesn't touch the tests, coordinator, nor Substrate yet.
`cargo +nightly fmt && cargo +nightly-2024-07-01 clippy --all-features -p serai-processor`
does pass.
* Deduplicate and better document in processor key_gen
* Update serai-processor tests to the new key gen
* Correct amount of yx coefficients, get processor key gen test to pass
* Add embedded elliptic curve keys to Substrate
* Update processor key gen tests to the eVRF DKG
* Have set_keys take signature_participants, not removed_participants
Now no one is removed from the DKG. Only `t` people publish the key however.
Uses a BitVec for an efficient encoding of the participants.
* Update the coordinator binary for the new DKG
This does not yet update any tests.
* Add sensible Debug to key_gen::[Processor, Coordinator]Message
* Have the DKG explicitly declare how to interpolate its shares
Removes the hack for MuSig where we multiply keys by the inverse of their
lagrange interpolation factor.
* Replace Interpolation::None with Interpolation::Constant
Allows the MuSig DKG to keep the secret share as the original private key,
enabling deriving FROST nonces consistently regardless of the MuSig context.
* Get coordinator tests to pass
* Update spec to the new DKG
* Get clippy to pass across the repo
* cargo machete
* Add an extra sleep to ensure expected ordering of `Participation`s
* Update orchestration
* Remove bad panic in coordinator
It expected ConfirmationShare to be n-of-n, not t-of-n.
* Improve documentation on functions
* Update TX size limit
We now no longer have to support the ridiculous case of having 49 DKG
participations within a 101-of-150 DKG. It does remain quite high due to
needing to _sign_ so many times. It'd may be optimal for parties with multiple
key shares to independently send their preprocesses/shares (despite the
overhead that'll cause with signatures and the transaction structure).
* Correct error in the Processor spec document
* Update a few comments in the validator-sets pallet
* Send/Recv Participation one at a time
Sending all, then attempting to receive all in an expected order, wasn't working
even with notable delays between sending messages. This points to the mempool
not working as expected...
* Correct ThresholdKeys serialization in modular-frost test
* Updating existing TX size limit test for the new DKG parameters
* Increase time allowed for the DKG on the GH CI
* Correct construction of signature_participants in serai-client tests
Fault identified by akil.
* Further contextualize DkgConfirmer by ValidatorSet
Caught by a safety check we wouldn't reuse preprocesses across messages. That
raises the question of we were prior reusing preprocesses (reusing keys)?
Except that'd have caused a variety of signing failures (suggesting we had some
staggered timing avoiding it in practice but yes, this was possible in theory).
* Add necessary calls to set_embedded_elliptic_curve_key in coordinator set rotation tests
* Correct shimmed setting of a secq256k1 key
* cargo fmt
* Don't use `[0; 32]` for the embedded keys in the coordinator rotation test
The key_gen function expects the random values already decided.
* Big-endian secq256k1 scalars
Also restores the prior, safer, Encryption::register function.
2024-08-16 11:26:07 -07:00
|
|
|
// Check the bitvec is of the proper length
|
|
|
|
|
if participants.len() != signature_participants.len() {
|
2025-09-20 02:53:14 -04:00
|
|
|
Err(InvalidTransaction::BadProof)?;
|
One Round DKG (#589)
* Upstream GBP, divisor, circuit abstraction, and EC gadgets from FCMP++
* Initial eVRF implementation
Not quite done yet. It needs to communicate the resulting points and proofs to
extract them from the Pedersen Commitments in order to return those, and then
be tested.
* Add the openings of the PCs to the eVRF as necessary
* Add implementation of secq256k1
* Make DKG Encryption a bit more flexible
No longer requires the use of an EncryptionKeyMessage, and allows pre-defined
keys for encryption.
* Make NUM_BITS an argument for the field macro
* Have the eVRF take a Zeroizing private key
* Initial eVRF-based DKG
* Add embedwards25519 curve
* Inline the eVRF into the DKG library
Due to how we're handling share encryption, we'd either need two circuits or to
dedicate this circuit to the DKG. The latter makes sense at this time.
* Add documentation to the eVRF-based DKG
* Add paragraph claiming robustness
* Update to the new eVRF proof
* Finish routing the eVRF functionality
Still needs errors and serialization, along with a few other TODOs.
* Add initial eVRF DKG test
* Improve eVRF DKG
Updates how we calculcate verification shares, improves performance when
extracting multiple sets of keys, and adds more to the test for it.
* Start using a proper error for the eVRF DKG
* Resolve various TODOs
Supports recovering multiple key shares from the eVRF DKG.
Inlines two loops to save 2**16 iterations.
Adds support for creating a constant time representation of scalars < NUM_BITS.
* Ban zero ECDH keys, document non-zero requirements
* Implement eVRF traits, all the way up to the DKG, for secp256k1/ed25519
* Add Ristretto eVRF trait impls
* Support participating multiple times in the eVRF DKG
* Only participate once per key, not once per key share
* Rewrite processor key-gen around the eVRF DKG
Still a WIP.
* Finish routing the new key gen in the processor
Doesn't touch the tests, coordinator, nor Substrate yet.
`cargo +nightly fmt && cargo +nightly-2024-07-01 clippy --all-features -p serai-processor`
does pass.
* Deduplicate and better document in processor key_gen
* Update serai-processor tests to the new key gen
* Correct amount of yx coefficients, get processor key gen test to pass
* Add embedded elliptic curve keys to Substrate
* Update processor key gen tests to the eVRF DKG
* Have set_keys take signature_participants, not removed_participants
Now no one is removed from the DKG. Only `t` people publish the key however.
Uses a BitVec for an efficient encoding of the participants.
* Update the coordinator binary for the new DKG
This does not yet update any tests.
* Add sensible Debug to key_gen::[Processor, Coordinator]Message
* Have the DKG explicitly declare how to interpolate its shares
Removes the hack for MuSig where we multiply keys by the inverse of their
lagrange interpolation factor.
* Replace Interpolation::None with Interpolation::Constant
Allows the MuSig DKG to keep the secret share as the original private key,
enabling deriving FROST nonces consistently regardless of the MuSig context.
* Get coordinator tests to pass
* Update spec to the new DKG
* Get clippy to pass across the repo
* cargo machete
* Add an extra sleep to ensure expected ordering of `Participation`s
* Update orchestration
* Remove bad panic in coordinator
It expected ConfirmationShare to be n-of-n, not t-of-n.
* Improve documentation on functions
* Update TX size limit
We now no longer have to support the ridiculous case of having 49 DKG
participations within a 101-of-150 DKG. It does remain quite high due to
needing to _sign_ so many times. It'd may be optimal for parties with multiple
key shares to independently send their preprocesses/shares (despite the
overhead that'll cause with signatures and the transaction structure).
* Correct error in the Processor spec document
* Update a few comments in the validator-sets pallet
* Send/Recv Participation one at a time
Sending all, then attempting to receive all in an expected order, wasn't working
even with notable delays between sending messages. This points to the mempool
not working as expected...
* Correct ThresholdKeys serialization in modular-frost test
* Updating existing TX size limit test for the new DKG parameters
* Increase time allowed for the DKG on the GH CI
* Correct construction of signature_participants in serai-client tests
Fault identified by akil.
* Further contextualize DkgConfirmer by ValidatorSet
Caught by a safety check we wouldn't reuse preprocesses across messages. That
raises the question of we were prior reusing preprocesses (reusing keys)?
Except that'd have caused a variety of signing failures (suggesting we had some
staggered timing avoiding it in practice but yes, this was possible in theory).
* Add necessary calls to set_embedded_elliptic_curve_key in coordinator set rotation tests
* Correct shimmed setting of a secq256k1 key
* cargo fmt
* Don't use `[0; 32]` for the embedded keys in the coordinator rotation test
The key_gen function expects the random values already decided.
* Big-endian secq256k1 scalars
Also restores the prior, safer, Encryption::register function.
2024-08-16 11:26:07 -07:00
|
|
|
}
|
|
|
|
|
|
2025-09-20 02:53:14 -04:00
|
|
|
// Find the participating, total key shares
|
2023-12-14 23:45:15 -05:00
|
|
|
let mut all_key_shares = 0;
|
|
|
|
|
let mut signers = vec![];
|
2023-12-04 07:04:44 -05:00
|
|
|
let mut signing_key_shares = 0;
|
2025-09-20 02:53:14 -04:00
|
|
|
for ((participant, shares), in_use) in
|
|
|
|
|
participants.into_iter().zip(signature_participants)
|
|
|
|
|
{
|
|
|
|
|
all_key_shares += shares.0;
|
2023-12-14 23:45:15 -05:00
|
|
|
|
One Round DKG (#589)
* Upstream GBP, divisor, circuit abstraction, and EC gadgets from FCMP++
* Initial eVRF implementation
Not quite done yet. It needs to communicate the resulting points and proofs to
extract them from the Pedersen Commitments in order to return those, and then
be tested.
* Add the openings of the PCs to the eVRF as necessary
* Add implementation of secq256k1
* Make DKG Encryption a bit more flexible
No longer requires the use of an EncryptionKeyMessage, and allows pre-defined
keys for encryption.
* Make NUM_BITS an argument for the field macro
* Have the eVRF take a Zeroizing private key
* Initial eVRF-based DKG
* Add embedwards25519 curve
* Inline the eVRF into the DKG library
Due to how we're handling share encryption, we'd either need two circuits or to
dedicate this circuit to the DKG. The latter makes sense at this time.
* Add documentation to the eVRF-based DKG
* Add paragraph claiming robustness
* Update to the new eVRF proof
* Finish routing the eVRF functionality
Still needs errors and serialization, along with a few other TODOs.
* Add initial eVRF DKG test
* Improve eVRF DKG
Updates how we calculcate verification shares, improves performance when
extracting multiple sets of keys, and adds more to the test for it.
* Start using a proper error for the eVRF DKG
* Resolve various TODOs
Supports recovering multiple key shares from the eVRF DKG.
Inlines two loops to save 2**16 iterations.
Adds support for creating a constant time representation of scalars < NUM_BITS.
* Ban zero ECDH keys, document non-zero requirements
* Implement eVRF traits, all the way up to the DKG, for secp256k1/ed25519
* Add Ristretto eVRF trait impls
* Support participating multiple times in the eVRF DKG
* Only participate once per key, not once per key share
* Rewrite processor key-gen around the eVRF DKG
Still a WIP.
* Finish routing the new key gen in the processor
Doesn't touch the tests, coordinator, nor Substrate yet.
`cargo +nightly fmt && cargo +nightly-2024-07-01 clippy --all-features -p serai-processor`
does pass.
* Deduplicate and better document in processor key_gen
* Update serai-processor tests to the new key gen
* Correct amount of yx coefficients, get processor key gen test to pass
* Add embedded elliptic curve keys to Substrate
* Update processor key gen tests to the eVRF DKG
* Have set_keys take signature_participants, not removed_participants
Now no one is removed from the DKG. Only `t` people publish the key however.
Uses a BitVec for an efficient encoding of the participants.
* Update the coordinator binary for the new DKG
This does not yet update any tests.
* Add sensible Debug to key_gen::[Processor, Coordinator]Message
* Have the DKG explicitly declare how to interpolate its shares
Removes the hack for MuSig where we multiply keys by the inverse of their
lagrange interpolation factor.
* Replace Interpolation::None with Interpolation::Constant
Allows the MuSig DKG to keep the secret share as the original private key,
enabling deriving FROST nonces consistently regardless of the MuSig context.
* Get coordinator tests to pass
* Update spec to the new DKG
* Get clippy to pass across the repo
* cargo machete
* Add an extra sleep to ensure expected ordering of `Participation`s
* Update orchestration
* Remove bad panic in coordinator
It expected ConfirmationShare to be n-of-n, not t-of-n.
* Improve documentation on functions
* Update TX size limit
We now no longer have to support the ridiculous case of having 49 DKG
participations within a 101-of-150 DKG. It does remain quite high due to
needing to _sign_ so many times. It'd may be optimal for parties with multiple
key shares to independently send their preprocesses/shares (despite the
overhead that'll cause with signatures and the transaction structure).
* Correct error in the Processor spec document
* Update a few comments in the validator-sets pallet
* Send/Recv Participation one at a time
Sending all, then attempting to receive all in an expected order, wasn't working
even with notable delays between sending messages. This points to the mempool
not working as expected...
* Correct ThresholdKeys serialization in modular-frost test
* Updating existing TX size limit test for the new DKG parameters
* Increase time allowed for the DKG on the GH CI
* Correct construction of signature_participants in serai-client tests
Fault identified by akil.
* Further contextualize DkgConfirmer by ValidatorSet
Caught by a safety check we wouldn't reuse preprocesses across messages. That
raises the question of we were prior reusing preprocesses (reusing keys)?
Except that'd have caused a variety of signing failures (suggesting we had some
staggered timing avoiding it in practice but yes, this was possible in theory).
* Add necessary calls to set_embedded_elliptic_curve_key in coordinator set rotation tests
* Correct shimmed setting of a secq256k1 key
* cargo fmt
* Don't use `[0; 32]` for the embedded keys in the coordinator rotation test
The key_gen function expects the random values already decided.
* Big-endian secq256k1 scalars
Also restores the prior, safer, Encryption::register function.
2024-08-16 11:26:07 -07:00
|
|
|
if !in_use {
|
2023-12-14 23:45:15 -05:00
|
|
|
continue;
|
2023-12-04 07:04:44 -05:00
|
|
|
}
|
2023-12-14 23:45:15 -05:00
|
|
|
|
|
|
|
|
signers.push(participant);
|
2025-09-20 02:53:14 -04:00
|
|
|
signing_key_shares += shares.0;
|
2023-12-04 07:04:44 -05:00
|
|
|
}
|
|
|
|
|
|
2025-09-20 02:53:14 -04:00
|
|
|
// Check enough validators participated
|
2023-12-14 23:45:15 -05:00
|
|
|
{
|
|
|
|
|
let f = all_key_shares - signing_key_shares;
|
|
|
|
|
if signing_key_shares < ((2 * f) + 1) {
|
2025-09-20 02:53:14 -04:00
|
|
|
Err(InvalidTransaction::BadSigner)?;
|
2023-12-14 23:45:15 -05:00
|
|
|
}
|
2023-12-04 07:04:44 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Verify the signature with the MuSig key of the signers
|
2025-09-20 02:53:14 -04:00
|
|
|
if !set.musig_key(&signers).verify(&set.set_keys_message(key_pair), &signature.0.into()) {
|
2023-12-04 07:04:44 -05:00
|
|
|
Err(InvalidTransaction::BadProof)?;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ValidTransaction::with_tag_prefix("ValidatorSets")
|
2024-01-29 03:48:53 -05:00
|
|
|
.and_provides((0, set))
|
2023-12-04 07:04:44 -05:00
|
|
|
.longevity(u64::MAX)
|
|
|
|
|
.propagate(true)
|
|
|
|
|
.build()
|
|
|
|
|
}
|
2024-01-29 03:48:53 -05:00
|
|
|
Call::report_slashes { network, ref slashes, ref signature } => {
|
|
|
|
|
let network = *network;
|
2025-09-20 04:16:01 -04:00
|
|
|
|
|
|
|
|
let Some(key) = Abstractions::<T>::waiting_for_slash_report(network) else {
|
2024-01-29 03:48:53 -05:00
|
|
|
Err(InvalidTransaction::Stale)?
|
|
|
|
|
};
|
2024-10-07 05:16:11 +03:00
|
|
|
|
2025-09-20 04:16:01 -04:00
|
|
|
if !key.verify(&slashes.report_slashes_message(), &signature.0.into()) {
|
2024-01-29 03:48:53 -05:00
|
|
|
Err(InvalidTransaction::BadProof)?;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ValidTransaction::with_tag_prefix("ValidatorSets")
|
2025-09-20 04:16:01 -04:00
|
|
|
.and_provides((1, key))
|
|
|
|
|
.longevity(KeySharesStruct::MAX_PER_SET_U32.into())
|
2024-01-29 03:48:53 -05:00
|
|
|
.propagate(true)
|
|
|
|
|
.build()
|
|
|
|
|
}
|
2025-09-20 02:53:14 -04:00
|
|
|
Call::set_embedded_elliptic_curve_keys { .. } |
|
One Round DKG (#589)
* Upstream GBP, divisor, circuit abstraction, and EC gadgets from FCMP++
* Initial eVRF implementation
Not quite done yet. It needs to communicate the resulting points and proofs to
extract them from the Pedersen Commitments in order to return those, and then
be tested.
* Add the openings of the PCs to the eVRF as necessary
* Add implementation of secq256k1
* Make DKG Encryption a bit more flexible
No longer requires the use of an EncryptionKeyMessage, and allows pre-defined
keys for encryption.
* Make NUM_BITS an argument for the field macro
* Have the eVRF take a Zeroizing private key
* Initial eVRF-based DKG
* Add embedwards25519 curve
* Inline the eVRF into the DKG library
Due to how we're handling share encryption, we'd either need two circuits or to
dedicate this circuit to the DKG. The latter makes sense at this time.
* Add documentation to the eVRF-based DKG
* Add paragraph claiming robustness
* Update to the new eVRF proof
* Finish routing the eVRF functionality
Still needs errors and serialization, along with a few other TODOs.
* Add initial eVRF DKG test
* Improve eVRF DKG
Updates how we calculcate verification shares, improves performance when
extracting multiple sets of keys, and adds more to the test for it.
* Start using a proper error for the eVRF DKG
* Resolve various TODOs
Supports recovering multiple key shares from the eVRF DKG.
Inlines two loops to save 2**16 iterations.
Adds support for creating a constant time representation of scalars < NUM_BITS.
* Ban zero ECDH keys, document non-zero requirements
* Implement eVRF traits, all the way up to the DKG, for secp256k1/ed25519
* Add Ristretto eVRF trait impls
* Support participating multiple times in the eVRF DKG
* Only participate once per key, not once per key share
* Rewrite processor key-gen around the eVRF DKG
Still a WIP.
* Finish routing the new key gen in the processor
Doesn't touch the tests, coordinator, nor Substrate yet.
`cargo +nightly fmt && cargo +nightly-2024-07-01 clippy --all-features -p serai-processor`
does pass.
* Deduplicate and better document in processor key_gen
* Update serai-processor tests to the new key gen
* Correct amount of yx coefficients, get processor key gen test to pass
* Add embedded elliptic curve keys to Substrate
* Update processor key gen tests to the eVRF DKG
* Have set_keys take signature_participants, not removed_participants
Now no one is removed from the DKG. Only `t` people publish the key however.
Uses a BitVec for an efficient encoding of the participants.
* Update the coordinator binary for the new DKG
This does not yet update any tests.
* Add sensible Debug to key_gen::[Processor, Coordinator]Message
* Have the DKG explicitly declare how to interpolate its shares
Removes the hack for MuSig where we multiply keys by the inverse of their
lagrange interpolation factor.
* Replace Interpolation::None with Interpolation::Constant
Allows the MuSig DKG to keep the secret share as the original private key,
enabling deriving FROST nonces consistently regardless of the MuSig context.
* Get coordinator tests to pass
* Update spec to the new DKG
* Get clippy to pass across the repo
* cargo machete
* Add an extra sleep to ensure expected ordering of `Participation`s
* Update orchestration
* Remove bad panic in coordinator
It expected ConfirmationShare to be n-of-n, not t-of-n.
* Improve documentation on functions
* Update TX size limit
We now no longer have to support the ridiculous case of having 49 DKG
participations within a 101-of-150 DKG. It does remain quite high due to
needing to _sign_ so many times. It'd may be optimal for parties with multiple
key shares to independently send their preprocesses/shares (despite the
overhead that'll cause with signatures and the transaction structure).
* Correct error in the Processor spec document
* Update a few comments in the validator-sets pallet
* Send/Recv Participation one at a time
Sending all, then attempting to receive all in an expected order, wasn't working
even with notable delays between sending messages. This points to the mempool
not working as expected...
* Correct ThresholdKeys serialization in modular-frost test
* Updating existing TX size limit test for the new DKG parameters
* Increase time allowed for the DKG on the GH CI
* Correct construction of signature_participants in serai-client tests
Fault identified by akil.
* Further contextualize DkgConfirmer by ValidatorSet
Caught by a safety check we wouldn't reuse preprocesses across messages. That
raises the question of we were prior reusing preprocesses (reusing keys)?
Except that'd have caused a variety of signing failures (suggesting we had some
staggered timing avoiding it in practice but yes, this was possible in theory).
* Add necessary calls to set_embedded_elliptic_curve_key in coordinator set rotation tests
* Correct shimmed setting of a secq256k1 key
* cargo fmt
* Don't use `[0; 32]` for the embedded keys in the coordinator rotation test
The key_gen function expects the random values already decided.
* Big-endian secq256k1 scalars
Also restores the prior, safer, Encryption::register function.
2024-08-16 11:26:07 -07:00
|
|
|
Call::allocate { .. } |
|
|
|
|
|
Call::deallocate { .. } |
|
|
|
|
|
Call::claim_deallocation { .. } => Err(InvalidTransaction::Call)?,
|
2023-10-22 03:59:21 -04:00
|
|
|
Call::__Ignore(_, _) => unreachable!(),
|
2023-11-18 21:27:06 -05:00
|
|
|
}
|
2023-10-22 03:59:21 -04:00
|
|
|
}
|
|
|
|
|
|
2025-09-20 02:53:14 -04:00
|
|
|
// Explicitly provide a pre-dispatch which calls `validate_unsigned`
|
2023-10-22 03:59:21 -04:00
|
|
|
fn pre_dispatch(call: &Self::Call) -> Result<(), TransactionValidityError> {
|
2025-02-04 00:53:22 -05:00
|
|
|
Self::validate_unsigned(TransactionSource::InBlock, call).map(|_| ())
|
2023-10-22 03:59:21 -04:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2025-09-20 04:45:04 -04:00
|
|
|
/*
|
|
|
|
|
TODO: Add an intent. While we shouldn't allow `Transfer`, `AddLiquidity` when we're within a
|
|
|
|
|
certain range of the limit, we should still allow swaps.
|
|
|
|
|
*/
|
2023-12-05 16:52:50 +03:00
|
|
|
impl<T: Config> AllowMint for Pallet<T> {
|
2024-10-07 05:16:11 +03:00
|
|
|
fn is_allowed(balance: &ExternalBalance) -> bool {
|
2025-09-20 04:45:04 -04:00
|
|
|
let current_requirement = Self::network_stake_requirement(balance.coin.network());
|
|
|
|
|
let new_requirement = current_requirement.saturating_add(Self::stake_requirement(*balance));
|
2024-10-07 05:16:11 +03:00
|
|
|
let staked =
|
2025-09-20 04:45:04 -04:00
|
|
|
Abstractions::<T>::stake_for_current_validator_set(balance.coin.network().into())
|
|
|
|
|
.unwrap_or(Amount(0));
|
|
|
|
|
staked.0 >= new_requirement
|
2023-12-05 16:52:50 +03:00
|
|
|
}
|
|
|
|
|
}
|
2023-01-04 22:52:41 -05:00
|
|
|
}
|
2025-09-20 00:06:19 -04:00
|
|
|
pub use pallet::*;
|
2023-01-04 22:52:41 -05:00
|
|
|
|
2025-01-30 12:23:03 +03:00
|
|
|
sp_api::decl_runtime_apis! {
|
|
|
|
|
#[api_version(1)]
|
|
|
|
|
pub trait ValidatorSetsApi {
|
|
|
|
|
/// Returns the validator set for a given network.
|
2025-08-26 14:32:55 -04:00
|
|
|
fn validators(
|
2025-09-20 00:06:19 -04:00
|
|
|
network_id: serai_abi::primitives::network_id::NetworkId,
|
|
|
|
|
) -> Vec<serai_abi::primitives::crypto::Public>;
|
2025-01-30 12:23:03 +03:00
|
|
|
|
|
|
|
|
/// Returns the external network key for a given external network.
|
|
|
|
|
fn external_network_key(
|
2025-09-20 00:06:19 -04:00
|
|
|
network: serai_abi::primitives::network_id::ExternalNetworkId,
|
|
|
|
|
) -> Option<serai_abi::primitives::crypto::ExternalKey>;
|
2025-01-30 12:23:03 +03:00
|
|
|
}
|
|
|
|
|
}
|
