Create a dedicated crate for the DKG (#141)

* Add dkg crate * Remove F_len and G_len They're generally no longer used. * Replace hash_to_vec with a provided method around associated type H: Digest Part of trying to minimize this trait so it can be moved elsewhere. Vec, which isn't std, may have been a blocker. * Encrypt secret shares within the FROST library Reduces requirements on callers in order to be correct. * Update usage of Zeroize within FROST * Inline functions in key_gen There was no reason to have them separated as they were. sign probably has the same statement available, yet that isn't the focus right now. * Add a ciphersuite package which provides hash_to_F * Set the Ciphersuite version to something valid * Have ed448 export Scalar/FieldElement/Point at the top level * Move FROST over to Ciphersuite * Correct usage of ff in ciphersuite * Correct documentation handling * Move Schnorr signatures to their own crate * Remove unused feature from schnorr * Fix Schnorr tests * Split DKG into a separate crate * Add serialize to Commitments and SecretShare Helper for buf = vec![]; .write(buf).unwrap(); buf * Move FROST over to the new dkg crate * Update Monero lib to latest FROST * Correct ethereum's usage of features * Add serialize to GeneratorProof * Add serialize helper function to FROST * Rename AddendumSerialize to WriteAddendum * Update processor * Slight fix to processor
2025-12-08 12:19:24 +00:00 · 2022-10-29 03:54:42 -05:00
parent cbceaff678
commit 2379855b31
50 changed files with 2076 additions and 1601 deletions
--- a/processor/src/coin/mod.rs
+++ b/processor/src/coin/mod.rs
@@ -4,7 +4,11 @@ use async_trait::async_trait;
 use thiserror::Error;

 use transcript::RecommendedTranscript;
-use frost::{curve::Curve, FrostKeys, sign::PreprocessMachine};
+use frost::{
+  curve::{Ciphersuite, Curve},
+  ThresholdKeys,
+  sign::PreprocessMachine,
+};

 pub mod monero;
 pub use self::monero::Monero;
@@ -45,14 +49,14 @@ pub trait Coin {
  const MAX_OUTPUTS: usize; // TODO: Decide if this includes change or not

  // Doesn't have to take self, enables some level of caching which is pleasant
-  fn address(&self, key: <Self::Curve as Curve>::G) -> Self::Address;
+  fn address(&self, key: <Self::Curve as Ciphersuite>::G) -> Self::Address;

  async fn get_latest_block_number(&self) -> Result<usize, CoinError>;
  async fn get_block(&self, number: usize) -> Result<Self::Block, CoinError>;
  async fn get_outputs(
    &self,
    block: &Self::Block,
-    key: <Self::Curve as Curve>::G,
+    key: <Self::Curve as Ciphersuite>::G,
  ) -> Result<Vec<Self::Output>, CoinError>;

  // TODO: Remove
@@ -60,7 +64,7 @@ pub trait Coin {

  async fn prepare_send(
    &self,
-    keys: FrostKeys<Self::Curve>,
+    keys: ThresholdKeys<Self::Curve>,
    transcript: RecommendedTranscript,
    block_number: usize,
    inputs: Vec<Self::Output>,
--- a/processor/src/coin/monero.rs
+++ b/processor/src/coin/monero.rs
@@ -4,7 +4,7 @@ use curve25519_dalek::scalar::Scalar;

 use dalek_ff_group as dfg;
 use transcript::RecommendedTranscript;
-use frost::{curve::Ed25519, FrostKeys};
+use frost::{curve::Ed25519, ThresholdKeys};

 use monero_serai::{
  transaction::Transaction,
@@ -55,7 +55,7 @@ impl OutputTrait for Output {

 #[derive(Debug)]
 pub struct SignableTransaction {
-  keys: FrostKeys<Ed25519>,
+  keys: ThresholdKeys<Ed25519>,
  transcript: RecommendedTranscript,
  // Monero height, defined as the length of the chain
  height: usize,
@@ -157,7 +157,7 @@ impl Coin for Monero {

  async fn prepare_send(
    &self,
-    keys: FrostKeys<Ed25519>,
+    keys: ThresholdKeys<Ed25519>,
    transcript: RecommendedTranscript,
    block_number: usize,
    mut inputs: Vec<Output>,
--- a/processor/src/lib.rs
+++ b/processor/src/lib.rs
@@ -3,7 +3,7 @@ use std::{marker::Send, collections::HashMap};
 use async_trait::async_trait;
 use thiserror::Error;

-use frost::{curve::Curve, FrostError};
+use frost::{curve::Ciphersuite, FrostError};

 mod coin;
 use coin::{CoinError, Coin};
@@ -35,6 +35,9 @@ pub enum SignError {
 // Doesn't consider the current group key to increase the simplicity of verifying Serai's status
 // Takes an index, k, to support protocols which use multiple secondary keys
 // Presumably a view key
-pub(crate) fn additional_key<C: Coin>(k: u64) -> <C::Curve as Curve>::F {
-  C::Curve::hash_to_F(b"Serai DEX Additional Key", &[C::ID, &k.to_le_bytes()].concat())
+pub(crate) fn additional_key<C: Coin>(k: u64) -> <C::Curve as Ciphersuite>::F {
+  <C::Curve as Ciphersuite>::hash_to_F(
+    b"Serai DEX Additional Key",
+    &[C::ID, &k.to_le_bytes()].concat(),
+  )
 }
--- a/processor/src/wallet.rs
+++ b/processor/src/wallet.rs
@@ -6,8 +6,8 @@ use group::GroupEncoding;

 use transcript::{Transcript, RecommendedTranscript};
 use frost::{
-  curve::Curve,
-  FrostError, FrostKeys,
+  curve::{Ciphersuite, Curve},
+  FrostError, ThresholdKeys,
  sign::{Writable, PreprocessMachine, SignMachine, SignatureMachine},
 };

@@ -17,12 +17,12 @@ use crate::{
 };

 pub struct WalletKeys<C: Curve> {
-  keys: FrostKeys<C>,
+  keys: ThresholdKeys<C>,
  creation_block: usize,
 }

 impl<C: Curve> WalletKeys<C> {
-  pub fn new(keys: FrostKeys<C>, creation_block: usize) -> WalletKeys<C> {
+  pub fn new(keys: ThresholdKeys<C>, creation_block: usize) -> WalletKeys<C> {
    WalletKeys { keys, creation_block }
  }

@@ -34,13 +34,13 @@ impl<C: Curve> WalletKeys<C> {
  // system, there are potentially other benefits to binding this to a specific group key
  // It's no longer possible to influence group key gen to key cancel without breaking the hash
  // function as well, although that degree of influence means key gen is broken already
-  fn bind(&self, chain: &[u8]) -> FrostKeys<C> {
+  fn bind(&self, chain: &[u8]) -> ThresholdKeys<C> {
    const DST: &[u8] = b"Serai Processor Wallet Chain Bind";
    let mut transcript = RecommendedTranscript::new(DST);
    transcript.append_message(b"chain", chain);
    transcript.append_message(b"curve", C::ID);
    transcript.append_message(b"group_key", self.keys.group_key().to_bytes().as_ref());
-    self.keys.offset(C::hash_to_F(DST, &transcript.challenge(b"offset")))
+    self.keys.offset(<C as Ciphersuite>::hash_to_F(DST, &transcript.challenge(b"offset")))
  }
 }

@@ -203,8 +203,8 @@ fn select_inputs_outputs<C: Coin>(
 pub struct Wallet<D: CoinDb, C: Coin> {
  db: D,
  coin: C,
-  keys: Vec<(FrostKeys<C::Curve>, Vec<C::Output>)>,
-  pending: Vec<(usize, FrostKeys<C::Curve>)>,
+  keys: Vec<(ThresholdKeys<C::Curve>, Vec<C::Output>)>,
+  pending: Vec<(usize, ThresholdKeys<C::Curve>)>,
 }

 impl<D: CoinDb, C: Coin> Wallet<D, C> {
@@ -344,11 +344,7 @@ impl<D: CoinDb, C: Coin> Wallet<D, C> {

    let (attempt, commitments) = attempt.preprocess(&mut OsRng);
    let commitments = network
-      .round({
-        let mut buf = vec![];
-        commitments.write(&mut buf).unwrap();
-        buf
-      })
+      .round(commitments.serialize())
      .await
      .map_err(SignError::NetworkError)?
      .drain()
@@ -364,11 +360,7 @@ impl<D: CoinDb, C: Coin> Wallet<D, C> {

    let (attempt, share) = attempt.sign(commitments, b"").map_err(SignError::FrostError)?;
    let shares = network
-      .round({
-        let mut buf = vec![];
-        share.write(&mut buf).unwrap();
-        buf
-      })
+      .round(share.serialize())
      .await
      .map_err(SignError::NetworkError)?
      .drain()