2024-09-10 03:48:06 -04:00
|
|
|
use std::io;
|
|
|
|
|
|
Smash the singular `Ciphersuite` trait into multiple
This helps identify where the various functionalities are used, or rather, not
used. The `Ciphersuite` trait present in `patches/ciphersuite`, facilitating
the entire FCMP++ tree, only requires the markers _and_ canonical point
decoding. I've opened a PR to upstream such a trait into `group`
(https://github.com/zkcrypto/group/pull/68).
`WrappedGroup` is still justified for as long as `Group::generator` exists.
Moving `::generator()` to its own trait, on an independent structure (upstream)
would be massively appreciated. @tarcieri also wanted to update from
`fn generator()` to `const GENERATOR`, which would encourage further discussion
on https://github.com/zkcrypto/group/issues/32 and
https://github.com/zkcrypto/group/issues/45, which have been stagnant.
The `Id` trait is occasionally used yet really should be first off the chopping
block.
Finally, `WithPreferredHash` is only actually used around a third of the time,
which more than justifies it being a separate trait.
---
Updates `dalek_ff_group::Scalar` to directly re-export
`curve25519_dalek::Scalar`, as without issue. `dalek_ff_group::RistrettoPoint`
also could be replaced with an export of `curve25519_dalek::RistrettoPoint`,
yet the coordinator relies on how we implemented `Hash` on it for the hell of
it so it isn't worth it at this time. `dalek_ff_group::EdwardsPoint` can't be
replaced for an re-export of `curve25519_dalek::SubgroupPoint` as it doesn't
implement `zeroize`, `subtle` traits within a released, non-yanked version.
Relevance to https://github.com/serai-dex/serai/issues/201 and
https://github.com/dalek-cryptography/curve25519-dalek/issues/811#issuecomment-3247732746.
Also updates the `Ristretto` ciphersuite to prefer `Blake2b-512` over
`SHA2-512`. In order to maintain compliance with FROST's IETF standard,
`modular-frost` defines its own ciphersuite for Ristretto which still uses
`SHA2-512`.
2025-09-03 12:25:37 -04:00
|
|
|
use ciphersuite::*;
|
2025-08-25 09:17:29 -04:00
|
|
|
use ciphersuite_kp256::Secp256k1;
|
2024-09-10 03:48:06 -04:00
|
|
|
|
|
|
|
|
use bitcoin_serai::{
|
|
|
|
|
bitcoin::{
|
2024-09-11 08:58:58 -04:00
|
|
|
hashes::Hash as HashTrait, consensus::Encodable, script::Instruction, transaction::Transaction,
|
2024-09-10 03:48:06 -04:00
|
|
|
},
|
|
|
|
|
wallet::ReceivedOutput as WalletOutput,
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
use borsh::{BorshSerialize, BorshDeserialize};
|
2024-09-11 02:46:18 -04:00
|
|
|
use serai_db::Get;
|
2024-09-10 03:48:06 -04:00
|
|
|
|
2025-11-04 19:02:37 -05:00
|
|
|
use serai_primitives::{
|
|
|
|
|
coin::ExternalCoin,
|
|
|
|
|
balance::{Amount, ExternalBalance},
|
|
|
|
|
address::ExternalAddress,
|
2024-09-10 03:48:06 -04:00
|
|
|
};
|
2025-11-04 19:02:37 -05:00
|
|
|
use serai_client_bitcoin::Address;
|
2024-09-10 03:48:06 -04:00
|
|
|
|
|
|
|
|
use primitives::{OutputType, ReceivedOutput};
|
|
|
|
|
|
2024-09-11 08:58:58 -04:00
|
|
|
use crate::{
|
|
|
|
|
primitives::x_coord_to_even_point,
|
|
|
|
|
scan::{offsets_for_key, presumed_origin, extract_serai_data},
|
|
|
|
|
};
|
2024-09-10 06:25:21 -04:00
|
|
|
|
2025-09-02 02:16:21 -04:00
|
|
|
#[derive(Clone, PartialEq, Eq, Hash, Debug, BorshSerialize, BorshDeserialize)]
|
2024-09-10 03:48:06 -04:00
|
|
|
pub(crate) struct OutputId([u8; 36]);
|
|
|
|
|
impl Default for OutputId {
|
|
|
|
|
fn default() -> Self {
|
|
|
|
|
Self([0; 36])
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
impl AsRef<[u8]> for OutputId {
|
|
|
|
|
fn as_ref(&self) -> &[u8] {
|
|
|
|
|
self.0.as_ref()
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
impl AsMut<[u8]> for OutputId {
|
|
|
|
|
fn as_mut(&mut self) -> &mut [u8] {
|
|
|
|
|
self.0.as_mut()
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#[derive(Clone, PartialEq, Eq, Debug)]
|
|
|
|
|
pub(crate) struct Output {
|
|
|
|
|
kind: OutputType,
|
|
|
|
|
presumed_origin: Option<Address>,
|
2024-09-11 00:01:40 -04:00
|
|
|
pub(crate) output: WalletOutput,
|
2024-09-10 03:48:06 -04:00
|
|
|
data: Vec<u8>,
|
|
|
|
|
}
|
|
|
|
|
|
2024-09-10 06:25:21 -04:00
|
|
|
impl Output {
|
2024-09-11 03:09:44 -04:00
|
|
|
pub(crate) fn new(
|
2024-09-11 02:46:18 -04:00
|
|
|
getter: &impl Get,
|
Smash the singular `Ciphersuite` trait into multiple
This helps identify where the various functionalities are used, or rather, not
used. The `Ciphersuite` trait present in `patches/ciphersuite`, facilitating
the entire FCMP++ tree, only requires the markers _and_ canonical point
decoding. I've opened a PR to upstream such a trait into `group`
(https://github.com/zkcrypto/group/pull/68).
`WrappedGroup` is still justified for as long as `Group::generator` exists.
Moving `::generator()` to its own trait, on an independent structure (upstream)
would be massively appreciated. @tarcieri also wanted to update from
`fn generator()` to `const GENERATOR`, which would encourage further discussion
on https://github.com/zkcrypto/group/issues/32 and
https://github.com/zkcrypto/group/issues/45, which have been stagnant.
The `Id` trait is occasionally used yet really should be first off the chopping
block.
Finally, `WithPreferredHash` is only actually used around a third of the time,
which more than justifies it being a separate trait.
---
Updates `dalek_ff_group::Scalar` to directly re-export
`curve25519_dalek::Scalar`, as without issue. `dalek_ff_group::RistrettoPoint`
also could be replaced with an export of `curve25519_dalek::RistrettoPoint`,
yet the coordinator relies on how we implemented `Hash` on it for the hell of
it so it isn't worth it at this time. `dalek_ff_group::EdwardsPoint` can't be
replaced for an re-export of `curve25519_dalek::SubgroupPoint` as it doesn't
implement `zeroize`, `subtle` traits within a released, non-yanked version.
Relevance to https://github.com/serai-dex/serai/issues/201 and
https://github.com/dalek-cryptography/curve25519-dalek/issues/811#issuecomment-3247732746.
Also updates the `Ristretto` ciphersuite to prefer `Blake2b-512` over
`SHA2-512`. In order to maintain compliance with FROST's IETF standard,
`modular-frost` defines its own ciphersuite for Ristretto which still uses
`SHA2-512`.
2025-09-03 12:25:37 -04:00
|
|
|
key: <Secp256k1 as WrappedGroup>::G,
|
2024-09-11 02:46:18 -04:00
|
|
|
tx: &Transaction,
|
|
|
|
|
output: WalletOutput,
|
|
|
|
|
) -> Self {
|
2024-09-10 06:25:21 -04:00
|
|
|
Self {
|
|
|
|
|
kind: offsets_for_key(key)
|
|
|
|
|
.into_iter()
|
|
|
|
|
.find_map(|(kind, offset)| (offset == output.offset()).then_some(kind))
|
|
|
|
|
.expect("scanned output for unknown offset"),
|
2024-09-11 02:46:18 -04:00
|
|
|
presumed_origin: presumed_origin(getter, tx),
|
|
|
|
|
output,
|
|
|
|
|
data: extract_serai_data(tx),
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2024-09-11 03:09:44 -04:00
|
|
|
pub(crate) fn new_with_presumed_origin(
|
Smash the singular `Ciphersuite` trait into multiple
This helps identify where the various functionalities are used, or rather, not
used. The `Ciphersuite` trait present in `patches/ciphersuite`, facilitating
the entire FCMP++ tree, only requires the markers _and_ canonical point
decoding. I've opened a PR to upstream such a trait into `group`
(https://github.com/zkcrypto/group/pull/68).
`WrappedGroup` is still justified for as long as `Group::generator` exists.
Moving `::generator()` to its own trait, on an independent structure (upstream)
would be massively appreciated. @tarcieri also wanted to update from
`fn generator()` to `const GENERATOR`, which would encourage further discussion
on https://github.com/zkcrypto/group/issues/32 and
https://github.com/zkcrypto/group/issues/45, which have been stagnant.
The `Id` trait is occasionally used yet really should be first off the chopping
block.
Finally, `WithPreferredHash` is only actually used around a third of the time,
which more than justifies it being a separate trait.
---
Updates `dalek_ff_group::Scalar` to directly re-export
`curve25519_dalek::Scalar`, as without issue. `dalek_ff_group::RistrettoPoint`
also could be replaced with an export of `curve25519_dalek::RistrettoPoint`,
yet the coordinator relies on how we implemented `Hash` on it for the hell of
it so it isn't worth it at this time. `dalek_ff_group::EdwardsPoint` can't be
replaced for an re-export of `curve25519_dalek::SubgroupPoint` as it doesn't
implement `zeroize`, `subtle` traits within a released, non-yanked version.
Relevance to https://github.com/serai-dex/serai/issues/201 and
https://github.com/dalek-cryptography/curve25519-dalek/issues/811#issuecomment-3247732746.
Also updates the `Ristretto` ciphersuite to prefer `Blake2b-512` over
`SHA2-512`. In order to maintain compliance with FROST's IETF standard,
`modular-frost` defines its own ciphersuite for Ristretto which still uses
`SHA2-512`.
2025-09-03 12:25:37 -04:00
|
|
|
key: <Secp256k1 as WrappedGroup>::G,
|
2024-09-11 02:46:18 -04:00
|
|
|
tx: &Transaction,
|
|
|
|
|
presumed_origin: Option<Address>,
|
|
|
|
|
output: WalletOutput,
|
|
|
|
|
) -> Self {
|
|
|
|
|
Self {
|
|
|
|
|
kind: offsets_for_key(key)
|
|
|
|
|
.into_iter()
|
|
|
|
|
.find_map(|(kind, offset)| (offset == output.offset()).then_some(kind))
|
|
|
|
|
.expect("scanned output for unknown offset"),
|
|
|
|
|
presumed_origin,
|
2024-09-10 06:25:21 -04:00
|
|
|
output,
|
|
|
|
|
data: extract_serai_data(tx),
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
Smash the singular `Ciphersuite` trait into multiple
This helps identify where the various functionalities are used, or rather, not
used. The `Ciphersuite` trait present in `patches/ciphersuite`, facilitating
the entire FCMP++ tree, only requires the markers _and_ canonical point
decoding. I've opened a PR to upstream such a trait into `group`
(https://github.com/zkcrypto/group/pull/68).
`WrappedGroup` is still justified for as long as `Group::generator` exists.
Moving `::generator()` to its own trait, on an independent structure (upstream)
would be massively appreciated. @tarcieri also wanted to update from
`fn generator()` to `const GENERATOR`, which would encourage further discussion
on https://github.com/zkcrypto/group/issues/32 and
https://github.com/zkcrypto/group/issues/45, which have been stagnant.
The `Id` trait is occasionally used yet really should be first off the chopping
block.
Finally, `WithPreferredHash` is only actually used around a third of the time,
which more than justifies it being a separate trait.
---
Updates `dalek_ff_group::Scalar` to directly re-export
`curve25519_dalek::Scalar`, as without issue. `dalek_ff_group::RistrettoPoint`
also could be replaced with an export of `curve25519_dalek::RistrettoPoint`,
yet the coordinator relies on how we implemented `Hash` on it for the hell of
it so it isn't worth it at this time. `dalek_ff_group::EdwardsPoint` can't be
replaced for an re-export of `curve25519_dalek::SubgroupPoint` as it doesn't
implement `zeroize`, `subtle` traits within a released, non-yanked version.
Relevance to https://github.com/serai-dex/serai/issues/201 and
https://github.com/dalek-cryptography/curve25519-dalek/issues/811#issuecomment-3247732746.
Also updates the `Ristretto` ciphersuite to prefer `Blake2b-512` over
`SHA2-512`. In order to maintain compliance with FROST's IETF standard,
`modular-frost` defines its own ciphersuite for Ristretto which still uses
`SHA2-512`.
2025-09-03 12:25:37 -04:00
|
|
|
impl ReceivedOutput<<Secp256k1 as WrappedGroup>::G, Address> for Output {
|
2024-09-10 03:48:06 -04:00
|
|
|
type Id = OutputId;
|
|
|
|
|
type TransactionId = [u8; 32];
|
|
|
|
|
|
|
|
|
|
fn kind(&self) -> OutputType {
|
|
|
|
|
self.kind
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
fn id(&self) -> Self::Id {
|
|
|
|
|
let mut id = OutputId::default();
|
|
|
|
|
self.output.outpoint().consensus_encode(&mut id.as_mut()).unwrap();
|
|
|
|
|
id
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
fn transaction_id(&self) -> Self::TransactionId {
|
2024-09-10 06:25:21 -04:00
|
|
|
let mut res = self.output.outpoint().txid.to_raw_hash().to_byte_array();
|
|
|
|
|
res.reverse();
|
|
|
|
|
res
|
2024-09-10 03:48:06 -04:00
|
|
|
}
|
|
|
|
|
|
Smash the singular `Ciphersuite` trait into multiple
This helps identify where the various functionalities are used, or rather, not
used. The `Ciphersuite` trait present in `patches/ciphersuite`, facilitating
the entire FCMP++ tree, only requires the markers _and_ canonical point
decoding. I've opened a PR to upstream such a trait into `group`
(https://github.com/zkcrypto/group/pull/68).
`WrappedGroup` is still justified for as long as `Group::generator` exists.
Moving `::generator()` to its own trait, on an independent structure (upstream)
would be massively appreciated. @tarcieri also wanted to update from
`fn generator()` to `const GENERATOR`, which would encourage further discussion
on https://github.com/zkcrypto/group/issues/32 and
https://github.com/zkcrypto/group/issues/45, which have been stagnant.
The `Id` trait is occasionally used yet really should be first off the chopping
block.
Finally, `WithPreferredHash` is only actually used around a third of the time,
which more than justifies it being a separate trait.
---
Updates `dalek_ff_group::Scalar` to directly re-export
`curve25519_dalek::Scalar`, as without issue. `dalek_ff_group::RistrettoPoint`
also could be replaced with an export of `curve25519_dalek::RistrettoPoint`,
yet the coordinator relies on how we implemented `Hash` on it for the hell of
it so it isn't worth it at this time. `dalek_ff_group::EdwardsPoint` can't be
replaced for an re-export of `curve25519_dalek::SubgroupPoint` as it doesn't
implement `zeroize`, `subtle` traits within a released, non-yanked version.
Relevance to https://github.com/serai-dex/serai/issues/201 and
https://github.com/dalek-cryptography/curve25519-dalek/issues/811#issuecomment-3247732746.
Also updates the `Ristretto` ciphersuite to prefer `Blake2b-512` over
`SHA2-512`. In order to maintain compliance with FROST's IETF standard,
`modular-frost` defines its own ciphersuite for Ristretto which still uses
`SHA2-512`.
2025-09-03 12:25:37 -04:00
|
|
|
fn key(&self) -> <Secp256k1 as WrappedGroup>::G {
|
2024-09-10 03:48:06 -04:00
|
|
|
// We read the key from the script pubkey so we don't have to independently store it
|
|
|
|
|
let script = &self.output.output().script_pubkey;
|
|
|
|
|
|
|
|
|
|
// These assumptions are safe since it's an output we successfully scanned
|
|
|
|
|
assert!(script.is_p2tr());
|
|
|
|
|
let Instruction::PushBytes(key) = script.instructions_minimal().last().unwrap().unwrap() else {
|
|
|
|
|
panic!("last item in v1 Taproot script wasn't bytes")
|
|
|
|
|
};
|
2024-09-11 08:58:58 -04:00
|
|
|
let key = x_coord_to_even_point(key.as_ref())
|
|
|
|
|
.expect("last item in scanned v1 Taproot script wasn't a valid x-only public key");
|
2024-09-10 03:48:06 -04:00
|
|
|
|
|
|
|
|
// The output's key minus the output's offset is the root key
|
Smash the singular `Ciphersuite` trait into multiple
This helps identify where the various functionalities are used, or rather, not
used. The `Ciphersuite` trait present in `patches/ciphersuite`, facilitating
the entire FCMP++ tree, only requires the markers _and_ canonical point
decoding. I've opened a PR to upstream such a trait into `group`
(https://github.com/zkcrypto/group/pull/68).
`WrappedGroup` is still justified for as long as `Group::generator` exists.
Moving `::generator()` to its own trait, on an independent structure (upstream)
would be massively appreciated. @tarcieri also wanted to update from
`fn generator()` to `const GENERATOR`, which would encourage further discussion
on https://github.com/zkcrypto/group/issues/32 and
https://github.com/zkcrypto/group/issues/45, which have been stagnant.
The `Id` trait is occasionally used yet really should be first off the chopping
block.
Finally, `WithPreferredHash` is only actually used around a third of the time,
which more than justifies it being a separate trait.
---
Updates `dalek_ff_group::Scalar` to directly re-export
`curve25519_dalek::Scalar`, as without issue. `dalek_ff_group::RistrettoPoint`
also could be replaced with an export of `curve25519_dalek::RistrettoPoint`,
yet the coordinator relies on how we implemented `Hash` on it for the hell of
it so it isn't worth it at this time. `dalek_ff_group::EdwardsPoint` can't be
replaced for an re-export of `curve25519_dalek::SubgroupPoint` as it doesn't
implement `zeroize`, `subtle` traits within a released, non-yanked version.
Relevance to https://github.com/serai-dex/serai/issues/201 and
https://github.com/dalek-cryptography/curve25519-dalek/issues/811#issuecomment-3247732746.
Also updates the `Ristretto` ciphersuite to prefer `Blake2b-512` over
`SHA2-512`. In order to maintain compliance with FROST's IETF standard,
`modular-frost` defines its own ciphersuite for Ristretto which still uses
`SHA2-512`.
2025-09-03 12:25:37 -04:00
|
|
|
key - (<Secp256k1 as WrappedGroup>::G::GENERATOR * self.output.offset())
|
2024-09-10 03:48:06 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
fn presumed_origin(&self) -> Option<Address> {
|
|
|
|
|
self.presumed_origin.clone()
|
|
|
|
|
}
|
|
|
|
|
|
2025-01-30 03:14:24 -05:00
|
|
|
fn balance(&self) -> ExternalBalance {
|
|
|
|
|
ExternalBalance { coin: ExternalCoin::Bitcoin, amount: Amount(self.output.value()) }
|
2024-09-10 03:48:06 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
fn data(&self) -> &[u8] {
|
|
|
|
|
&self.data
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
fn write<W: io::Write>(&self, writer: &mut W) -> io::Result<()> {
|
|
|
|
|
self.kind.write(writer)?;
|
|
|
|
|
let presumed_origin: Option<ExternalAddress> = self.presumed_origin.clone().map(Into::into);
|
2025-09-02 02:16:21 -04:00
|
|
|
presumed_origin.serialize(writer)?;
|
2024-09-10 03:48:06 -04:00
|
|
|
self.output.write(writer)?;
|
|
|
|
|
writer.write_all(&u16::try_from(self.data.len()).unwrap().to_le_bytes())?;
|
|
|
|
|
writer.write_all(&self.data)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
fn read<R: io::Read>(mut reader: &mut R) -> io::Result<Self> {
|
|
|
|
|
Ok(Output {
|
|
|
|
|
kind: OutputType::read(reader)?,
|
|
|
|
|
presumed_origin: {
|
2025-09-02 02:16:21 -04:00
|
|
|
Option::<ExternalAddress>::deserialize_reader(&mut reader)
|
2024-09-10 03:48:06 -04:00
|
|
|
.map_err(|e| io::Error::other(format!("couldn't decode ExternalAddress: {e:?}")))?
|
|
|
|
|
.map(|address| {
|
|
|
|
|
Address::try_from(address)
|
|
|
|
|
.map_err(|()| io::Error::other("couldn't decode Address from ExternalAddress"))
|
|
|
|
|
})
|
|
|
|
|
.transpose()?
|
|
|
|
|
},
|
|
|
|
|
output: WalletOutput::read(reader)?,
|
|
|
|
|
data: {
|
|
|
|
|
let mut data_len = [0; 2];
|
|
|
|
|
reader.read_exact(&mut data_len)?;
|
|
|
|
|
|
|
|
|
|
let mut data = vec![0; usize::from(u16::from_le_bytes(data_len))];
|
|
|
|
|
reader.read_exact(&mut data)?;
|
|
|
|
|
data
|
|
|
|
|
},
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
}
|