Add embedded elliptic curve keys to Substrate

Cargo.lock

@@ -8350,7 +8350,9 @@ dependencies = [
 name = "serai-node"
 version = "0.1.0"
 dependencies = [
+ "ciphersuite",
  "clap",
+ "embedwards25519",
  "frame-benchmarking",
  "futures-util",
  "hex",
@@ -8376,6 +8378,7 @@ dependencies = [
  "sc-transaction-pool",
  "sc-transaction-pool-api",
  "schnorrkel",
+ "secq256k1",
  "serai-env",
  "serai-runtime",
  "sp-api",
@@ -8603,6 +8606,7 @@ dependencies = [
  "serai-dex-pallet",
  "serai-primitives",
  "serai-validator-sets-primitives",
+ "serde",
  "sp-application-crypto",
  "sp-core",
  "sp-io",

substrate/abi/src/validator_sets.rs

@@ -15,6 +15,10 @@ pub enum Call {
     key_pair: KeyPair,
     signature: Signature,
   },
+  set_embedded_elliptic_curve_key {
+    embedded_elliptic_curve: EmbeddedEllipticCurve,
+    key: BoundedVec<u8, ConstU32<{ MAX_KEY_LEN }>>,
+  },
   report_slashes {
     network: NetworkId,
     slashes: BoundedVec<(SeraiAddress, u32), ConstU32<{ MAX_KEY_SHARES_PER_SET / 3 }>>,

substrate/client/src/serai/validator_sets.rs

@@ -1,13 +1,14 @@
 use scale::Encode;
 
 use sp_core::sr25519::{Public, Signature};
+use sp_runtime::BoundedVec;
 
 use serai_abi::primitives::Amount;
 pub use serai_abi::validator_sets::primitives;
-use primitives::{Session, ValidatorSet, KeyPair};
+use primitives::{MAX_KEY_LEN, Session, ValidatorSet, KeyPair};
 
 use crate::{
-  primitives::{NetworkId, SeraiAddress},
+  primitives::{EmbeddedEllipticCurve, NetworkId, SeraiAddress},
   Transaction, Serai, TemporalSerai, SeraiError,
 };
 
@@ -195,6 +196,18 @@ impl<'a> SeraiValidatorSets<'a> {
     }))
   }
 
+  pub fn set_embedded_elliptic_curve_key(
+    embedded_elliptic_curve: EmbeddedEllipticCurve,
+    key: BoundedVec<u8, sp_core::ConstU32<{ MAX_KEY_LEN }>>,
+  ) -> serai_abi::Call {
+    serai_abi::Call::ValidatorSets(
+      serai_abi::validator_sets::Call::set_embedded_elliptic_curve_key {
+        embedded_elliptic_curve,
+        key,
+      },
+    )
+  }
+
   pub fn allocate(network: NetworkId, amount: Amount) -> serai_abi::Call {
     serai_abi::Call::ValidatorSets(serai_abi::validator_sets::Call::allocate { network, amount })
   }

substrate/client/tests/common/validator_sets.rs

@@ -82,6 +82,24 @@ pub async fn set_keys(
   block
 }
 
+#[allow(dead_code)]
+pub async fn set_embedded_elliptic_curve_key(
+  serai: &Serai,
+  pair: &Pair,
+  embedded_elliptic_curve: EmbeddedEllipticCurve,
+  key: BoundedVec<u8, ConstU32<{ MAX_KEY_LEN }>>,
+  nonce: u32,
+) -> [u8; 32] {
+  // get the call
+  let tx = serai.sign(
+    pair,
+    SeraiValidatorSets::set_embedded_elliptic_curve_key(embedded_elliptic_curve, key),
+    nonce,
+    0,
+  );
+  publish_tx(serai, &tx).await
+}
+
 #[allow(dead_code)]
 pub async fn allocate_stake(
   serai: &Serai,

substrate/client/tests/validator_sets.rs

@@ -221,12 +221,31 @@ async fn validator_set_rotation() {
 
         // add 1 participant
         let last_participant = accounts[4].clone();
+
+        // If this is the first iteration, set embedded elliptic curve keys
+        if i == 0 {
+          for (i, embedded_elliptic_curve) in
+            [EmbeddedEllipticCurve::Embedwards25519, EmbeddedEllipticCurve::Secq256k1]
+              .into_iter()
+              .enumerate()
+          {
+            set_embedded_elliptic_curve_key(
+              &serai,
+              embedded_elliptic_curve,
+              vec![0; 32].try_into().unwrap(),
+              &last_participant,
+              i.try_into().unwrap(),
+            )
+            .await;
+          }
+        }
+
         let hash = allocate_stake(
           &serai,
           network,
           key_shares[&network],
           &last_participant,
-          i.try_into().unwrap(),
+          (2 + i).try_into().unwrap(),
         )
         .await;
         participants.push(last_participant.public());

substrate/node/Cargo.toml

@@ -27,6 +27,10 @@ log = "0.4"
 
 schnorrkel = "0.11"
 
+ciphersuite = { path = "../../crypto/ciphersuite" }
+embedwards25519 = { path = "../../crypto/evrf/embedwards25519" }
+secq256k1 = { path = "../../crypto/evrf/secq256k1" }
+
 libp2p = "0.52"
 
 sp-core = { git = "https://github.com/serai-dex/substrate" }

substrate/node/src/chain_spec.rs

@@ -1,13 +1,20 @@
 use core::marker::PhantomData;
-use std::collections::HashSet;
 
-use sp_core::{Decode, Pair as PairTrait, sr25519::Public};
+use sp_core::Pair as PairTrait;
 
 use sc_service::ChainType;
 
+use ciphersuite::{
+  group::{ff::PrimeField, GroupEncoding},
+  Ciphersuite,
+};
+use embedwards25519::Embedwards25519;
+use secq256k1::Secq256k1;
+
 use serai_runtime::{
-  primitives::*, WASM_BINARY, BABE_GENESIS_EPOCH_CONFIG, RuntimeGenesisConfig, SystemConfig,
+  primitives::*, validator_sets::AllEmbeddedEllipticCurveKeysAtGenesis, WASM_BINARY,
-  CoinsConfig, DexConfig, ValidatorSetsConfig, SignalsConfig, BabeConfig, GrandpaConfig,
+  BABE_GENESIS_EPOCH_CONFIG, RuntimeGenesisConfig, SystemConfig, CoinsConfig, DexConfig,
+  ValidatorSetsConfig, SignalsConfig, BabeConfig, GrandpaConfig,
 };
 
 pub type ChainSpec = sc_service::GenericChainSpec<RuntimeGenesisConfig>;
@@ -16,6 +23,15 @@ fn account_from_name(name: &'static str) -> PublicKey {
   insecure_pair_from_name(name).public()
 }
 
+// Panics on names which are too long, or ciphersuites with weirdly encoded scalars
+fn insecure_ciphersuite_key_from_name<C: Ciphersuite>(name: &'static str) -> Vec<u8> {
+  let mut repr = <C::F as PrimeField>::Repr::default();
+  let repr_len = repr.as_ref().len();
+  let start = (repr_len / 2) - (name.len() / 2);
+  repr.as_mut()[start .. (start + name.len())].copy_from_slice(name.as_bytes());
+  (C::generator() * C::F::from_repr(repr).unwrap()).to_bytes().as_ref().to_vec()
+}
+
 fn wasm_binary() -> Vec<u8> {
   // TODO: Accept a config of runtime path
   const WASM_PATH: &str = "/runtime/serai.wasm";
@@ -32,7 +48,21 @@ fn devnet_genesis(
   validators: &[&'static str],
   endowed_accounts: Vec<PublicKey>,
 ) -> RuntimeGenesisConfig {
-  let validators = validators.iter().map(|name| account_from_name(name)).collect::<Vec<_>>();
+  let validators = validators
+    .iter()
+    .map(|name| {
+      (
+        account_from_name(name),
+        AllEmbeddedEllipticCurveKeysAtGenesis {
+          embedwards25519: insecure_ciphersuite_key_from_name::<Embedwards25519>(name)
+            .try_into()
+            .unwrap(),
+          secq256k1: insecure_ciphersuite_key_from_name::<Secq256k1>(name).try_into().unwrap(),
+        },
+      )
+    })
+    .collect::<Vec<_>>();
+
   RuntimeGenesisConfig {
     system: SystemConfig { code: wasm_binary.to_vec(), _config: PhantomData },
 
@@ -65,17 +95,18 @@ fn devnet_genesis(
     },
     signals: SignalsConfig::default(),
     babe: BabeConfig {
-      authorities: validators.iter().map(|validator| ((*validator).into(), 1)).collect(),
+      authorities: validators.iter().map(|validator| (validator.0.into(), 1)).collect(),
       epoch_config: Some(BABE_GENESIS_EPOCH_CONFIG),
       _config: PhantomData,
     },
     grandpa: GrandpaConfig {
-      authorities: validators.into_iter().map(|validator| (validator.into(), 1)).collect(),
+      authorities: validators.into_iter().map(|validator| (validator.0.into(), 1)).collect(),
       _config: PhantomData,
     },
   }
 }
 
+/*
 fn testnet_genesis(wasm_binary: &[u8], validators: Vec<&'static str>) -> RuntimeGenesisConfig {
   let validators = validators
     .into_iter()
@@ -126,6 +157,7 @@ fn testnet_genesis(wasm_binary: &[u8], validators: Vec<&'static str>) -> Runtime
     },
   }
 }
+*/
 
 pub fn development_config() -> ChainSpec {
   let wasm_binary = wasm_binary();
@@ -204,7 +236,7 @@ pub fn local_config() -> ChainSpec {
 }
 
 pub fn testnet_config() -> ChainSpec {
-  let wasm_binary = wasm_binary();
+  // let wasm_binary = wasm_binary();
 
   ChainSpec::from_genesis(
     // Name
@@ -213,7 +245,7 @@ pub fn testnet_config() -> ChainSpec {
     "testnet-2",
     ChainType::Live,
     move || {
-      let _ = testnet_genesis(&wasm_binary, vec![]);
+      // let _ = testnet_genesis(&wasm_binary, vec![])
       todo!()
     },
     // Bootnodes

substrate/primitives/src/networks.rs

@@ -14,6 +14,16 @@ use sp_core::{ConstU32, bounded::BoundedVec};
 #[cfg(feature = "borsh")]
 use crate::{borsh_serialize_bounded_vec, borsh_deserialize_bounded_vec};
 
+/// Identifier for an embedded elliptic curve.
+#[derive(Clone, Copy, PartialEq, Eq, Hash, Debug, Encode, Decode, MaxEncodedLen, TypeInfo)]
+#[cfg_attr(feature = "std", derive(Zeroize))]
+#[cfg_attr(feature = "borsh", derive(BorshSerialize, BorshDeserialize))]
+#[cfg_attr(feature = "serde", derive(Serialize, Deserialize))]
+pub enum EmbeddedEllipticCurve {
+  Embedwards25519,
+  Secq256k1,
+}
+
 /// The type used to identify networks.
 #[derive(Clone, Copy, PartialEq, Eq, Hash, Debug, Encode, Decode, MaxEncodedLen, TypeInfo)]
 #[cfg_attr(feature = "std", derive(Zeroize))]
@@ -26,6 +36,20 @@ pub enum NetworkId {
   Monero,
 }
 impl NetworkId {
+  /// The embedded elliptic curve actively used for this network.
+  pub fn embedded_elliptic_curves(&self) -> &'static [EmbeddedEllipticCurve] {
+    match self {
+      // We don't use any embedded elliptic curves for Serai as we don't perform a DKG for Serai
+      Self::Serai => &[],
+      // We need to generate a Ristretto key for oraclizing and a Secp256k1 key for the network
+      Self::Bitcoin | Self::Ethereum => {
+        &[EmbeddedEllipticCurve::Embedwards25519, EmbeddedEllipticCurve::Secq256k1]
+      }
+      // Since the oraclizing key curve is the same as the network's curve, we only need it
+      Self::Monero => &[EmbeddedEllipticCurve::Embedwards25519],
+    }
+  }
+
   pub fn coins(&self) -> &'static [Coin] {
     match self {
       Self::Serai => &[Coin::Serai],

substrate/runtime/src/abi.rs

@@ -115,6 +115,13 @@ impl From<Call> for RuntimeCall {
           key_pair,
           signature,
         }),
+        serai_abi::validator_sets::Call::set_embedded_elliptic_curve_key {
+          embedded_elliptic_curve,
+          key,
+        } => RuntimeCall::ValidatorSets(validator_sets::Call::set_embedded_elliptic_curve_key {
+          embedded_elliptic_curve,
+          key,
+        }),
         serai_abi::validator_sets::Call::report_slashes { network, slashes, signature } => {
           RuntimeCall::ValidatorSets(validator_sets::Call::report_slashes {
             network,
@@ -293,6 +300,12 @@ impl TryInto<Call> for RuntimeCall {
             signature,
           }
         }
+        validator_sets::Call::set_embedded_elliptic_curve_key { embedded_elliptic_curve, key } => {
+          serai_abi::validator_sets::Call::set_embedded_elliptic_curve_key {
+            embedded_elliptic_curve,
+            key,
+          }
+        }
         validator_sets::Call::report_slashes { network, slashes, signature } => {
           serai_abi::validator_sets::Call::report_slashes {
             network,

substrate/validator-sets/pallet/Cargo.toml

@@ -24,6 +24,8 @@ hashbrown = { version = "0.14", default-features = false, features = ["ahash", "
 scale = { package = "parity-scale-codec", version = "3", default-features = false, features = ["derive"] }
 scale-info = { version = "2", default-features = false, features = ["derive"] }
 
+serde = { version = "1", default-features = false, features = ["derive", "alloc"] }
+
 sp-core = { git = "https://github.com/serai-dex/substrate", default-features = false }
 sp-io = { git = "https://github.com/serai-dex/substrate", default-features = false }
 sp-std = { git = "https://github.com/serai-dex/substrate", default-features = false }

substrate/validator-sets/pallet/src/lib.rs

@@ -81,6 +81,12 @@ pub mod pallet {
     type ShouldEndSession: ShouldEndSession<BlockNumberFor<Self>>;
   }
 
+  #[derive(Clone, PartialEq, Eq, Debug, Encode, Decode, serde::Serialize, serde::Deserialize)]
+  pub struct AllEmbeddedEllipticCurveKeysAtGenesis {
+    pub embedwards25519: BoundedVec<u8, ConstU32<{ MAX_KEY_LEN }>>,
+    pub secq256k1: BoundedVec<u8, ConstU32<{ MAX_KEY_LEN }>>,
+  }
+
   #[pallet::genesis_config]
   #[derive(Clone, PartialEq, Eq, Debug, Encode, Decode)]
   pub struct GenesisConfig<T: Config> {
@@ -90,7 +96,7 @@ pub mod pallet {
     /// This stake cannot be withdrawn however as there's no actual stake behind it.
     pub networks: Vec<(NetworkId, Amount)>,
     /// List of participants to place in the initial validator sets.
-    pub participants: Vec<T::AccountId>,
+    pub participants: Vec<(T::AccountId, AllEmbeddedEllipticCurveKeysAtGenesis)>,
   }
 
   impl<T: Config> Default for GenesisConfig<T> {
@@ -189,6 +195,18 @@ pub mod pallet {
     }
   }
 
+  /// A key on an embedded elliptic curve.
+  #[pallet::storage]
+  pub type EmbeddedEllipticCurveKeys<T: Config> = StorageDoubleMap<
+    _,
+    Blake2_128Concat,
+    Public,
+    Identity,
+    EmbeddedEllipticCurve,
+    BoundedVec<u8, ConstU32<{ MAX_KEY_LEN }>>,
+    OptionQuery,
+  >;
+
   /// The total stake allocated to this network by the active set of validators.
   #[pallet::storage]
   #[pallet::getter(fn total_allocated_stake)]
@@ -398,6 +416,9 @@ pub mod pallet {
   pub enum Error<T> {
     /// Validator Set doesn't exist.
     NonExistentValidatorSet,
+    /// Trying to perform an operation requiring an embedded elliptic curve key, without an
+    /// embedded elliptic curve key.
+    MissingEmbeddedEllipticCurveKey,
     /// Not enough allocation to obtain a key share in the set.
     InsufficientAllocation,
     /// Trying to deallocate more than allocated.
@@ -441,10 +462,20 @@ pub mod pallet {
     fn build(&self) {
       for (id, stake) in self.networks.clone() {
         AllocationPerKeyShare::<T>::set(id, Some(stake));
-        for participant in self.participants.clone() {
+        for participant in &self.participants {
-          if Pallet::<T>::set_allocation(id, participant, stake) {
+          if Pallet::<T>::set_allocation(id, participant.0, stake) {
             panic!("participants contained duplicates");
           }
+          EmbeddedEllipticCurveKeys::<T>::set(
+            participant.0,
+            EmbeddedEllipticCurve::Embedwards25519,
+            Some(participant.1.embedwards25519.clone()),
+          );
+          EmbeddedEllipticCurveKeys::<T>::set(
+            participant.0,
+            EmbeddedEllipticCurve::Secq256k1,
+            Some(participant.1.secq256k1.clone()),
+          );
         }
         Pallet::<T>::new_set(id);
       }
@@ -959,8 +990,33 @@ pub mod pallet {
 
     #[pallet::call_index(2)]
     #[pallet::weight(0)] // TODO
+    pub fn set_embedded_elliptic_curve_key(
+      origin: OriginFor<T>,
+      embedded_elliptic_curve: EmbeddedEllipticCurve,
+      key: BoundedVec<u8, ConstU32<{ MAX_KEY_LEN }>>,
+    ) -> DispatchResult {
+      let validator = ensure_signed(origin)?;
+      // This does allow overwriting an existing key which... is unlikely to be done?
+      // Yet it isn't an issue as we'll fix to the key as of any set's declaration (uncaring to if
+      // it's distinct at the latest block)
+      EmbeddedEllipticCurveKeys::<T>::set(validator, embedded_elliptic_curve, Some(key));
+      Ok(())
+    }
+
+    #[pallet::call_index(3)]
+    #[pallet::weight(0)] // TODO
     pub fn allocate(origin: OriginFor<T>, network: NetworkId, amount: Amount) -> DispatchResult {
       let validator = ensure_signed(origin)?;
+      // If this network utilizes an embedded elliptic curve, require the validator to have set the
+      // appropriate key
+      for embedded_elliptic_curve in network.embedded_elliptic_curves() {
+        // Require an Embedwards25519 embedded curve key and a key for the curve for this network
+        // The Embedwards25519 embedded curve key is required for the DKG for the Substrate key
+        // used to oraclize events with
+        if !EmbeddedEllipticCurveKeys::<T>::contains_key(validator, *embedded_elliptic_curve) {
+          Err(Error::<T>::MissingEmbeddedEllipticCurveKey)?;
+        }
+      }
       Coins::<T>::transfer_internal(
         validator,
         Self::account(),
@@ -969,7 +1025,7 @@ pub mod pallet {
       Self::increase_allocation(network, validator, amount)
     }
 
-    #[pallet::call_index(3)]
+    #[pallet::call_index(4)]
     #[pallet::weight(0)] // TODO
     pub fn deallocate(origin: OriginFor<T>, network: NetworkId, amount: Amount) -> DispatchResult {
       let account = ensure_signed(origin)?;
@@ -986,7 +1042,7 @@ pub mod pallet {
       Ok(())
     }
 
-    #[pallet::call_index(4)]
+    #[pallet::call_index(5)]
     #[pallet::weight((0, DispatchClass::Operational))] // TODO
     pub fn claim_deallocation(
       origin: OriginFor<T>,
@@ -1114,9 +1170,10 @@ pub mod pallet {
             .propagate(true)
             .build()
         }
-        Call::allocate { .. } | Call::deallocate { .. } | Call::claim_deallocation { .. } => {
+        Call::set_embedded_elliptic_curve_key { .. } |
-          Err(InvalidTransaction::Call)?
+        Call::allocate { .. } |
-        }
+        Call::deallocate { .. } |
+        Call::claim_deallocation { .. } => Err(InvalidTransaction::Call)?,
         Call::__Ignore(_, _) => unreachable!(),
       }
     }