Update processor key gen tests to the eVRF DKG

Cargo.lock

@@ -8350,7 +8350,9 @@ dependencies = [
 name = "serai-node"
 version = "0.1.0"
 dependencies = [
+ "ciphersuite",
  "clap",
+ "embedwards25519",
  "frame-benchmarking",
  "futures-util",
  "hex",
@@ -8376,6 +8378,7 @@ dependencies = [
  "sc-transaction-pool",
  "sc-transaction-pool-api",
  "schnorrkel",
+ "secq256k1",
  "serai-env",
  "serai-runtime",
  "sp-api",
@@ -8603,6 +8606,7 @@ dependencies = [
  "serai-dex-pallet",
  "serai-primitives",
  "serai-validator-sets-primitives",
+ "serde",
  "sp-application-crypto",
  "sp-core",
  "sp-io",

substrate/abi/src/validator_sets.rs

@@ -15,6 +15,10 @@ pub enum Call {
     key_pair: KeyPair,
     signature: Signature,
   },
+  set_embedded_elliptic_curve_key {
+    embedded_elliptic_curve: EmbeddedEllipticCurve,
+    key: BoundedVec<u8, ConstU32<{ MAX_KEY_LEN }>>,
+  },
   report_slashes {
     network: NetworkId,
     slashes: BoundedVec<(SeraiAddress, u32), ConstU32<{ MAX_KEY_SHARES_PER_SET / 3 }>>,

substrate/client/src/serai/validator_sets.rs

@@ -1,13 +1,14 @@
 use scale::Encode;
 
 use sp_core::sr25519::{Public, Signature};
+use sp_runtime::BoundedVec;
 
 use serai_abi::primitives::Amount;
 pub use serai_abi::validator_sets::primitives;
-use primitives::{Session, ValidatorSet, KeyPair};
+use primitives::{MAX_KEY_LEN, Session, ValidatorSet, KeyPair};
 
 use crate::{
-  primitives::{NetworkId, SeraiAddress},
+  primitives::{EmbeddedEllipticCurve, NetworkId, SeraiAddress},
   Transaction, Serai, TemporalSerai, SeraiError,
 };
 
@@ -195,6 +196,18 @@ impl<'a> SeraiValidatorSets<'a> {
     }))
   }
 
+  pub fn set_embedded_elliptic_curve_key(
+    embedded_elliptic_curve: EmbeddedEllipticCurve,
+    key: BoundedVec<u8, sp_core::ConstU32<{ MAX_KEY_LEN }>>,
+  ) -> serai_abi::Call {
+    serai_abi::Call::ValidatorSets(
+      serai_abi::validator_sets::Call::set_embedded_elliptic_curve_key {
+        embedded_elliptic_curve,
+        key,
+      },
+    )
+  }
+
   pub fn allocate(network: NetworkId, amount: Amount) -> serai_abi::Call {
     serai_abi::Call::ValidatorSets(serai_abi::validator_sets::Call::allocate { network, amount })
   }

substrate/client/tests/common/validator_sets.rs

@@ -82,6 +82,24 @@ pub async fn set_keys(
   block
 }
 
+#[allow(dead_code)]
+pub async fn set_embedded_elliptic_curve_key(
+  serai: &Serai,
+  pair: &Pair,
+  embedded_elliptic_curve: EmbeddedEllipticCurve,
+  key: BoundedVec<u8, ConstU32<{ MAX_KEY_LEN }>>,
+  nonce: u32,
+) -> [u8; 32] {
+  // get the call
+  let tx = serai.sign(
+    pair,
+    SeraiValidatorSets::set_embedded_elliptic_curve_key(embedded_elliptic_curve, key),
+    nonce,
+    0,
+  );
+  publish_tx(serai, &tx).await
+}
+
 #[allow(dead_code)]
 pub async fn allocate_stake(
   serai: &Serai,

substrate/client/tests/validator_sets.rs

@@ -221,12 +221,31 @@ async fn validator_set_rotation() {
 
         // add 1 participant
         let last_participant = accounts[4].clone();
+
+        // If this is the first iteration, set embedded elliptic curve keys
+        if i == 0 {
+          for (i, embedded_elliptic_curve) in
+            [EmbeddedEllipticCurve::Embedwards25519, EmbeddedEllipticCurve::Secq256k1]
+              .into_iter()
+              .enumerate()
+          {
+            set_embedded_elliptic_curve_key(
+              &serai,
+              embedded_elliptic_curve,
+              vec![0; 32].try_into().unwrap(),
+              &last_participant,
+              i.try_into().unwrap(),
+            )
+            .await;
+          }
+        }
+
         let hash = allocate_stake(
           &serai,
           network,
           key_shares[&network],
           &last_participant,
-          i.try_into().unwrap(),
+          (2 + i).try_into().unwrap(),
         )
         .await;
         participants.push(last_participant.public());

substrate/node/Cargo.toml

@@ -27,6 +27,10 @@ log = "0.4"
 
 schnorrkel = "0.11"
 
+ciphersuite = { path = "../../crypto/ciphersuite" }
+embedwards25519 = { path = "../../crypto/evrf/embedwards25519" }
+secq256k1 = { path = "../../crypto/evrf/secq256k1" }
+
 libp2p = "0.52"
 
 sp-core = { git = "https://github.com/serai-dex/substrate" }

substrate/node/src/chain_spec.rs

@@ -1,13 +1,20 @@
 use core::marker::PhantomData;
-use std::collections::HashSet;
 
-use sp_core::{Decode, Pair as PairTrait, sr25519::Public};
+use sp_core::Pair as PairTrait;
 
 use sc_service::ChainType;
 
+use ciphersuite::{
+  group::{ff::PrimeField, GroupEncoding},
+  Ciphersuite,
+};
+use embedwards25519::Embedwards25519;
+use secq256k1::Secq256k1;
+
 use serai_runtime::{
-  primitives::*, WASM_BINARY, BABE_GENESIS_EPOCH_CONFIG, RuntimeGenesisConfig, SystemConfig,
-  CoinsConfig, DexConfig, ValidatorSetsConfig, SignalsConfig, BabeConfig, GrandpaConfig,
+  primitives::*, validator_sets::AllEmbeddedEllipticCurveKeysAtGenesis, WASM_BINARY,
+  BABE_GENESIS_EPOCH_CONFIG, RuntimeGenesisConfig, SystemConfig, CoinsConfig, DexConfig,
+  ValidatorSetsConfig, SignalsConfig, BabeConfig, GrandpaConfig,
 };
 
 pub type ChainSpec = sc_service::GenericChainSpec<RuntimeGenesisConfig>;
@@ -16,6 +23,15 @@ fn account_from_name(name: &'static str) -> PublicKey {
   insecure_pair_from_name(name).public()
 }
 
+// Panics on names which are too long, or ciphersuites with weirdly encoded scalars
+fn insecure_ciphersuite_key_from_name<C: Ciphersuite>(name: &'static str) -> Vec<u8> {
+  let mut repr = <C::F as PrimeField>::Repr::default();
+  let repr_len = repr.as_ref().len();
+  let start = (repr_len / 2) - (name.len() / 2);
+  repr.as_mut()[start .. (start + name.len())].copy_from_slice(name.as_bytes());
+  (C::generator() * C::F::from_repr(repr).unwrap()).to_bytes().as_ref().to_vec()
+}
+
 fn wasm_binary() -> Vec<u8> {
   // TODO: Accept a config of runtime path
   const WASM_PATH: &str = "/runtime/serai.wasm";
@@ -32,7 +48,21 @@ fn devnet_genesis(
   validators: &[&'static str],
   endowed_accounts: Vec<PublicKey>,
 ) -> RuntimeGenesisConfig {
-  let validators = validators.iter().map(|name| account_from_name(name)).collect::<Vec<_>>();
+  let validators = validators
+    .iter()
+    .map(|name| {
+      (
+        account_from_name(name),
+        AllEmbeddedEllipticCurveKeysAtGenesis {
+          embedwards25519: insecure_ciphersuite_key_from_name::<Embedwards25519>(name)
+            .try_into()
+            .unwrap(),
+          secq256k1: insecure_ciphersuite_key_from_name::<Secq256k1>(name).try_into().unwrap(),
+        },
+      )
+    })
+    .collect::<Vec<_>>();
+
   RuntimeGenesisConfig {
     system: SystemConfig { code: wasm_binary.to_vec(), _config: PhantomData },
 
@@ -65,17 +95,18 @@ fn devnet_genesis(
     },
     signals: SignalsConfig::default(),
     babe: BabeConfig {
-      authorities: validators.iter().map(|validator| ((*validator).into(), 1)).collect(),
+      authorities: validators.iter().map(|validator| (validator.0.into(), 1)).collect(),
       epoch_config: Some(BABE_GENESIS_EPOCH_CONFIG),
       _config: PhantomData,
     },
     grandpa: GrandpaConfig {
-      authorities: validators.into_iter().map(|validator| (validator.into(), 1)).collect(),
+      authorities: validators.into_iter().map(|validator| (validator.0.into(), 1)).collect(),
       _config: PhantomData,
     },
   }
 }
 
+/*
 fn testnet_genesis(wasm_binary: &[u8], validators: Vec<&'static str>) -> RuntimeGenesisConfig {
   let validators = validators
     .into_iter()
@@ -126,6 +157,7 @@ fn testnet_genesis(wasm_binary: &[u8], validators: Vec<&'static str>) -> Runtime
     },
   }
 }
+*/
 
 pub fn development_config() -> ChainSpec {
   let wasm_binary = wasm_binary();
@@ -204,7 +236,7 @@ pub fn local_config() -> ChainSpec {
 }
 
 pub fn testnet_config() -> ChainSpec {
-  let wasm_binary = wasm_binary();
+  // let wasm_binary = wasm_binary();
 
   ChainSpec::from_genesis(
     // Name
@@ -213,7 +245,7 @@ pub fn testnet_config() -> ChainSpec {
     "testnet-2",
     ChainType::Live,
     move || {
-      let _ = testnet_genesis(&wasm_binary, vec![]);
+      // let _ = testnet_genesis(&wasm_binary, vec![])
       todo!()
     },
     // Bootnodes

substrate/primitives/src/networks.rs

@@ -14,6 +14,16 @@ use sp_core::{ConstU32, bounded::BoundedVec};
 #[cfg(feature = "borsh")]
 use crate::{borsh_serialize_bounded_vec, borsh_deserialize_bounded_vec};
 
+/// Identifier for an embedded elliptic curve.
+#[derive(Clone, Copy, PartialEq, Eq, Hash, Debug, Encode, Decode, MaxEncodedLen, TypeInfo)]
+#[cfg_attr(feature = "std", derive(Zeroize))]
+#[cfg_attr(feature = "borsh", derive(BorshSerialize, BorshDeserialize))]
+#[cfg_attr(feature = "serde", derive(Serialize, Deserialize))]
+pub enum EmbeddedEllipticCurve {
+  Embedwards25519,
+  Secq256k1,
+}
+
 /// The type used to identify networks.
 #[derive(Clone, Copy, PartialEq, Eq, Hash, Debug, Encode, Decode, MaxEncodedLen, TypeInfo)]
 #[cfg_attr(feature = "std", derive(Zeroize))]
@@ -26,6 +36,20 @@ pub enum NetworkId {
   Monero,
 }
 impl NetworkId {
+  /// The embedded elliptic curve actively used for this network.
+  pub fn embedded_elliptic_curves(&self) -> &'static [EmbeddedEllipticCurve] {
+    match self {
+      // We don't use any embedded elliptic curves for Serai as we don't perform a DKG for Serai
+      Self::Serai => &[],
+      // We need to generate a Ristretto key for oraclizing and a Secp256k1 key for the network
+      Self::Bitcoin | Self::Ethereum => {
+        &[EmbeddedEllipticCurve::Embedwards25519, EmbeddedEllipticCurve::Secq256k1]
+      }
+      // Since the oraclizing key curve is the same as the network's curve, we only need it
+      Self::Monero => &[EmbeddedEllipticCurve::Embedwards25519],
+    }
+  }
+
   pub fn coins(&self) -> &'static [Coin] {
     match self {
       Self::Serai => &[Coin::Serai],

substrate/runtime/src/abi.rs

@@ -115,6 +115,13 @@ impl From<Call> for RuntimeCall {
           key_pair,
           signature,
         }),
+        serai_abi::validator_sets::Call::set_embedded_elliptic_curve_key {
+          embedded_elliptic_curve,
+          key,
+        } => RuntimeCall::ValidatorSets(validator_sets::Call::set_embedded_elliptic_curve_key {
+          embedded_elliptic_curve,
+          key,
+        }),
         serai_abi::validator_sets::Call::report_slashes { network, slashes, signature } => {
           RuntimeCall::ValidatorSets(validator_sets::Call::report_slashes {
             network,
@@ -293,6 +300,12 @@ impl TryInto<Call> for RuntimeCall {
             signature,
           }
         }
+        validator_sets::Call::set_embedded_elliptic_curve_key { embedded_elliptic_curve, key } => {
+          serai_abi::validator_sets::Call::set_embedded_elliptic_curve_key {
+            embedded_elliptic_curve,
+            key,
+          }
+        }
         validator_sets::Call::report_slashes { network, slashes, signature } => {
           serai_abi::validator_sets::Call::report_slashes {
             network,

substrate/validator-sets/pallet/Cargo.toml

@@ -24,6 +24,8 @@ hashbrown = { version = "0.14", default-features = false, features = ["ahash", "
 scale = { package = "parity-scale-codec", version = "3", default-features = false, features = ["derive"] }
 scale-info = { version = "2", default-features = false, features = ["derive"] }
 
+serde = { version = "1", default-features = false, features = ["derive", "alloc"] }
+
 sp-core = { git = "https://github.com/serai-dex/substrate", default-features = false }
 sp-io = { git = "https://github.com/serai-dex/substrate", default-features = false }
 sp-std = { git = "https://github.com/serai-dex/substrate", default-features = false }

substrate/validator-sets/pallet/src/lib.rs

@@ -81,6 +81,12 @@ pub mod pallet {
     type ShouldEndSession: ShouldEndSession<BlockNumberFor<Self>>;
   }
 
+  #[derive(Clone, PartialEq, Eq, Debug, Encode, Decode, serde::Serialize, serde::Deserialize)]
+  pub struct AllEmbeddedEllipticCurveKeysAtGenesis {
+    pub embedwards25519: BoundedVec<u8, ConstU32<{ MAX_KEY_LEN }>>,
+    pub secq256k1: BoundedVec<u8, ConstU32<{ MAX_KEY_LEN }>>,
+  }
+
   #[pallet::genesis_config]
   #[derive(Clone, PartialEq, Eq, Debug, Encode, Decode)]
   pub struct GenesisConfig<T: Config> {
@@ -90,7 +96,7 @@ pub mod pallet {
     /// This stake cannot be withdrawn however as there's no actual stake behind it.
     pub networks: Vec<(NetworkId, Amount)>,
     /// List of participants to place in the initial validator sets.
-    pub participants: Vec<T::AccountId>,
+    pub participants: Vec<(T::AccountId, AllEmbeddedEllipticCurveKeysAtGenesis)>,
   }
 
   impl<T: Config> Default for GenesisConfig<T> {
@@ -189,6 +195,18 @@ pub mod pallet {
     }
   }
 
+  /// A key on an embedded elliptic curve.
+  #[pallet::storage]
+  pub type EmbeddedEllipticCurveKeys<T: Config> = StorageDoubleMap<
+    _,
+    Blake2_128Concat,
+    Public,
+    Identity,
+    EmbeddedEllipticCurve,
+    BoundedVec<u8, ConstU32<{ MAX_KEY_LEN }>>,
+    OptionQuery,
+  >;
+
   /// The total stake allocated to this network by the active set of validators.
   #[pallet::storage]
   #[pallet::getter(fn total_allocated_stake)]
@@ -398,6 +416,9 @@ pub mod pallet {
   pub enum Error<T> {
     /// Validator Set doesn't exist.
     NonExistentValidatorSet,
+    /// Trying to perform an operation requiring an embedded elliptic curve key, without an
+    /// embedded elliptic curve key.
+    MissingEmbeddedEllipticCurveKey,
     /// Not enough allocation to obtain a key share in the set.
     InsufficientAllocation,
     /// Trying to deallocate more than allocated.
@@ -441,10 +462,20 @@ pub mod pallet {
     fn build(&self) {
       for (id, stake) in self.networks.clone() {
         AllocationPerKeyShare::<T>::set(id, Some(stake));
-        for participant in self.participants.clone() {
-          if Pallet::<T>::set_allocation(id, participant, stake) {
+        for participant in &self.participants {
+          if Pallet::<T>::set_allocation(id, participant.0, stake) {
             panic!("participants contained duplicates");
           }
+          EmbeddedEllipticCurveKeys::<T>::set(
+            participant.0,
+            EmbeddedEllipticCurve::Embedwards25519,
+            Some(participant.1.embedwards25519.clone()),
+          );
+          EmbeddedEllipticCurveKeys::<T>::set(
+            participant.0,
+            EmbeddedEllipticCurve::Secq256k1,
+            Some(participant.1.secq256k1.clone()),
+          );
         }
         Pallet::<T>::new_set(id);
       }
@@ -959,8 +990,33 @@ pub mod pallet {
 
     #[pallet::call_index(2)]
     #[pallet::weight(0)] // TODO
+    pub fn set_embedded_elliptic_curve_key(
+      origin: OriginFor<T>,
+      embedded_elliptic_curve: EmbeddedEllipticCurve,
+      key: BoundedVec<u8, ConstU32<{ MAX_KEY_LEN }>>,
+    ) -> DispatchResult {
+      let validator = ensure_signed(origin)?;
+      // This does allow overwriting an existing key which... is unlikely to be done?
+      // Yet it isn't an issue as we'll fix to the key as of any set's declaration (uncaring to if
+      // it's distinct at the latest block)
+      EmbeddedEllipticCurveKeys::<T>::set(validator, embedded_elliptic_curve, Some(key));
+      Ok(())
+    }
+
+    #[pallet::call_index(3)]
+    #[pallet::weight(0)] // TODO
     pub fn allocate(origin: OriginFor<T>, network: NetworkId, amount: Amount) -> DispatchResult {
       let validator = ensure_signed(origin)?;
+      // If this network utilizes an embedded elliptic curve, require the validator to have set the
+      // appropriate key
+      for embedded_elliptic_curve in network.embedded_elliptic_curves() {
+        // Require an Embedwards25519 embedded curve key and a key for the curve for this network
+        // The Embedwards25519 embedded curve key is required for the DKG for the Substrate key
+        // used to oraclize events with
+        if !EmbeddedEllipticCurveKeys::<T>::contains_key(validator, *embedded_elliptic_curve) {
+          Err(Error::<T>::MissingEmbeddedEllipticCurveKey)?;
+        }
+      }
       Coins::<T>::transfer_internal(
         validator,
         Self::account(),
@@ -969,7 +1025,7 @@ pub mod pallet {
       Self::increase_allocation(network, validator, amount)
     }
 
-    #[pallet::call_index(3)]
+    #[pallet::call_index(4)]
     #[pallet::weight(0)] // TODO
     pub fn deallocate(origin: OriginFor<T>, network: NetworkId, amount: Amount) -> DispatchResult {
       let account = ensure_signed(origin)?;
@@ -986,7 +1042,7 @@ pub mod pallet {
       Ok(())
     }
 
-    #[pallet::call_index(4)]
+    #[pallet::call_index(5)]
     #[pallet::weight((0, DispatchClass::Operational))] // TODO
     pub fn claim_deallocation(
       origin: OriginFor<T>,
@@ -1114,9 +1170,10 @@ pub mod pallet {
             .propagate(true)
             .build()
         }
-        Call::allocate { .. } | Call::deallocate { .. } | Call::claim_deallocation { .. } => {
-          Err(InvalidTransaction::Call)?
-        }
+        Call::set_embedded_elliptic_curve_key { .. } |
+        Call::allocate { .. } |
+        Call::deallocate { .. } |
+        Call::claim_deallocation { .. } => Err(InvalidTransaction::Call)?,
         Call::__Ignore(_, _) => unreachable!(),
       }
     }

tests/processor/Cargo.toml

@@ -23,8 +23,8 @@ zeroize = { version = "1", default-features = false }
 rand_core = { version = "0.6", default-features = false, features = ["getrandom"] }
 
 curve25519-dalek = "4"
-ciphersuite = { path = "../../crypto/ciphersuite", default-features = false, features = ["secp256k1", "ristretto"] }
-dkg = { path = "../../crypto/dkg", default-features = false, features = ["tests"] }
+ciphersuite = { path = "../../crypto/ciphersuite", default-features = false, features = ["secp256k1", "ed25519", "ristretto"] }
+dkg = { path = "../../crypto/dkg", default-features = false, features = ["std"] }
 
 bitcoin-serai = { path = "../../networks/bitcoin" }
 

tests/processor/src/lib.rs

@@ -3,9 +3,16 @@
 use std::sync::{OnceLock, Mutex};
 
 use zeroize::Zeroizing;
-use rand_core::{RngCore, OsRng};
+use rand_core::OsRng;
 
-use ciphersuite::{group::ff::PrimeField, Ciphersuite, Ristretto};
+use ciphersuite::{
+  group::{
+    ff::{Field, PrimeField},
+    GroupEncoding,
+  },
+  Ciphersuite, Secp256k1, Ed25519, Ristretto,
+};
+use dkg::evrf::*;
 
 use serai_client::primitives::NetworkId;
 use messages::{ProcessorMessage, CoordinatorMessage};
@@ -24,13 +31,40 @@ mod tests;
 
 static UNIQUE_ID: OnceLock<Mutex<u16>> = OnceLock::new();
 
+#[allow(dead_code)]
+#[derive(Clone)]
+pub struct EvrfPublicKeys {
+  substrate: [u8; 32],
+  network: Vec<u8>,
+}
+
 pub fn processor_instance(
   network: NetworkId,
   port: u32,
   message_queue_key: <Ristretto as Ciphersuite>::F,
-) -> Vec<TestBodySpecification> {
-  let mut entropy = [0; 32];
-  OsRng.fill_bytes(&mut entropy);
+) -> (Vec<TestBodySpecification>, EvrfPublicKeys) {
+  let substrate_evrf_key =
+    <<Ristretto as EvrfCurve>::EmbeddedCurve as Ciphersuite>::F::random(&mut OsRng);
+  let substrate_evrf_pub_key =
+    (<Ristretto as EvrfCurve>::EmbeddedCurve::generator() * substrate_evrf_key).to_bytes();
+  let substrate_evrf_key = substrate_evrf_key.to_repr();
+
+  let (network_evrf_key, network_evrf_pub_key) = match network {
+    NetworkId::Serai => panic!("starting a processor for Serai"),
+    NetworkId::Bitcoin | NetworkId::Ethereum => {
+      let evrf_key =
+        <<Secp256k1 as EvrfCurve>::EmbeddedCurve as Ciphersuite>::F::random(&mut OsRng);
+      let pub_key =
+        (<Secp256k1 as EvrfCurve>::EmbeddedCurve::generator() * evrf_key).to_bytes().to_vec();
+      (evrf_key.to_repr(), pub_key)
+    }
+    NetworkId::Monero => {
+      let evrf_key = <<Ed25519 as EvrfCurve>::EmbeddedCurve as Ciphersuite>::F::random(&mut OsRng);
+      let pub_key =
+        (<Ed25519 as EvrfCurve>::EmbeddedCurve::generator() * evrf_key).to_bytes().to_vec();
+      (evrf_key.to_repr(), pub_key)
+    }
+  };
 
   let network_str = match network {
     NetworkId::Serai => panic!("starting a processor for Serai"),
@@ -47,7 +81,8 @@ pub fn processor_instance(
   .replace_env(
     [
       ("MESSAGE_QUEUE_KEY".to_string(), hex::encode(message_queue_key.to_repr())),
-      ("ENTROPY".to_string(), hex::encode(entropy)),
+      ("SUBSTRATE_EVRF_KEY".to_string(), hex::encode(substrate_evrf_key)),
+      ("NETWORK_EVRF_KEY".to_string(), hex::encode(network_evrf_key)),
       ("NETWORK".to_string(), network_str.to_string()),
       ("NETWORK_RPC_LOGIN".to_string(), format!("{RPC_USER}:{RPC_PASS}")),
       ("NETWORK_RPC_PORT".to_string(), port.to_string()),
@@ -75,20 +110,25 @@ pub fn processor_instance(
     );
   }
 
-  res
+  (res, EvrfPublicKeys { substrate: substrate_evrf_pub_key, network: network_evrf_pub_key })
+}
+
+pub struct ProcessorKeys {
+  coordinator: <Ristretto as Ciphersuite>::F,
+  evrf: EvrfPublicKeys,
 }
 
 pub type Handles = (String, String, String, String);
 pub fn processor_stack(
   network: NetworkId,
   network_hostname_override: Option<String>,
-) -> (Handles, <Ristretto as Ciphersuite>::F, Vec<TestBodySpecification>) {
+) -> (Handles, ProcessorKeys, Vec<TestBodySpecification>) {
   let (network_composition, network_rpc_port) = network_instance(network);
 
   let (coord_key, message_queue_keys, message_queue_composition) =
     serai_message_queue_tests::instance();
 
-  let mut processor_compositions =
+  let (mut processor_compositions, evrf_keys) =
     processor_instance(network, network_rpc_port, message_queue_keys[&network]);
 
   // Give every item in this stack a unique ID
@@ -155,7 +195,7 @@ pub fn processor_stack(
       handles[2].clone(),
       handles.get(3).cloned().unwrap_or(String::new()),
     ),
-    coord_key,
+    ProcessorKeys { coordinator: coord_key, evrf: evrf_keys },
     compositions,
   )
 }
@@ -170,6 +210,8 @@ pub struct Coordinator {
   processor_handle: String,
   relayer_handle: String,
 
+  evrf_keys: EvrfPublicKeys,
+
   next_send_id: u64,
   next_recv_id: u64,
   queue: MessageQueue,
@@ -180,7 +222,7 @@ impl Coordinator {
     network: NetworkId,
     ops: &DockerOperations,
     handles: Handles,
-    coord_key: <Ristretto as Ciphersuite>::F,
+    keys: ProcessorKeys,
   ) -> Coordinator {
     let rpc = ops.handle(&handles.1).host_port(2287).unwrap();
     let rpc = rpc.0.to_string() + ":" + &rpc.1.to_string();
@@ -193,9 +235,11 @@ impl Coordinator {
       processor_handle: handles.2,
       relayer_handle: handles.3,
 
+      evrf_keys: keys.evrf,
+
       next_send_id: 0,
       next_recv_id: 0,
-      queue: MessageQueue::new(Service::Coordinator, rpc, Zeroizing::new(coord_key)),
+      queue: MessageQueue::new(Service::Coordinator, rpc, Zeroizing::new(keys.coordinator)),
     };
 
     // Sleep for up to a minute in case the external network's RPC has yet to start
@@ -302,6 +346,11 @@ impl Coordinator {
     res
   }
 
+  /// Get the eVRF keys for the associated processor.
+  pub fn evrf_keys(&self) -> EvrfPublicKeys {
+    self.evrf_keys.clone()
+  }
+
   /// Send a message to a processor as its coordinator.
   pub async fn send_message(&mut self, msg: impl Into<CoordinatorMessage>) {
     let msg: CoordinatorMessage = msg.into();

tests/processor/src/tests/batch.rs

@@ -3,6 +3,8 @@ use std::{
   time::{SystemTime, Duration},
 };
 
+use rand_core::RngCore;
+
 use dkg::{Participant, tests::clone_without};
 
 use messages::{coordinator::*, SubstrateContext};

tests/processor/src/tests/key_gen.rs

@@ -1,30 +1,24 @@
-use std::{collections::HashMap, time::SystemTime};
+use std::time::SystemTime;
 
-use dkg::{Participant, ThresholdParams, tests::clone_without};
+use dkg::Participant;
 
 use serai_client::{
   primitives::{NetworkId, BlockHash, PublicKey},
   validator_sets::primitives::{Session, KeyPair},
 };
 
-use messages::{SubstrateContext, key_gen::KeyGenId, CoordinatorMessage, ProcessorMessage};
+use messages::{SubstrateContext, CoordinatorMessage, ProcessorMessage};
 
 use crate::{*, tests::*};
 
 pub(crate) async fn key_gen(coordinators: &mut [Coordinator]) -> KeyPair {
   // Perform an interaction with all processors via their coordinators
-  async fn interact_with_all<
-    FS: Fn(Participant) -> messages::key_gen::CoordinatorMessage,
-    FR: FnMut(Participant, messages::key_gen::ProcessorMessage),
-  >(
+  async fn interact_with_all<FR: FnMut(Participant, messages::key_gen::ProcessorMessage)>(
     coordinators: &mut [Coordinator],
-    message: FS,
     mut recv: FR,
   ) {
     for (i, coordinator) in coordinators.iter_mut().enumerate() {
       let participant = Participant::new(u16::try_from(i + 1).unwrap()).unwrap();
-      coordinator.send_message(CoordinatorMessage::KeyGen(message(participant))).await;
-
       match coordinator.recv_message().await {
         ProcessorMessage::KeyGen(msg) => recv(participant, msg),
         _ => panic!("processor didn't return KeyGen message"),
@@ -33,85 +27,67 @@ pub(crate) async fn key_gen(coordinators: &mut [Coordinator]) -> KeyPair {
   }
 
   // Order a key gen
-  let id = KeyGenId { session: Session(0), attempt: 0 };
+  let session = Session(0);
 
-  let mut commitments = HashMap::new();
-  interact_with_all(
-    coordinators,
-    |participant| messages::key_gen::CoordinatorMessage::GenerateKey {
-      id,
-      params: ThresholdParams::new(
-        u16::try_from(THRESHOLD).unwrap(),
-        u16::try_from(COORDINATORS).unwrap(),
+  let mut evrf_public_keys = vec![];
+  for coordinator in &*coordinators {
+    let keys = coordinator.evrf_keys();
+    evrf_public_keys.push((keys.substrate, keys.network));
+  }
+
+  let mut participations = vec![];
+  for coordinator in &mut *coordinators {
+    coordinator
+      .send_message(CoordinatorMessage::KeyGen(
+        messages::key_gen::CoordinatorMessage::GenerateKey {
+          session,
+          threshold: u16::try_from(THRESHOLD).unwrap(),
+          evrf_public_keys: evrf_public_keys.clone(),
+        },
+      ))
+      .await;
+  }
+  // This takes forever on debug, as we use in these tests
+  tokio::time::sleep(core::time::Duration::from_secs(600)).await;
+  interact_with_all(coordinators, |participant, msg| match msg {
+    messages::key_gen::ProcessorMessage::Participation { session: this_session, participation } => {
+      assert_eq!(this_session, session);
+      participations.push(messages::key_gen::CoordinatorMessage::Participation {
+        session,
         participant,
-      )
-      .unwrap(),
-      shares: 1,
-    },
-    |participant, msg| match msg {
-      messages::key_gen::ProcessorMessage::Commitments {
-        id: this_id,
-        commitments: mut these_commitments,
-      } => {
-        assert_eq!(this_id, id);
-        assert_eq!(these_commitments.len(), 1);
-        commitments.insert(participant, these_commitments.swap_remove(0));
-      }
-      _ => panic!("processor didn't return Commitments in response to GenerateKey"),
-    },
-  )
+        participation,
+      });
+    }
+    _ => panic!("processor didn't return Participation in response to GenerateKey"),
+  })
   .await;
 
-  // Send the commitments to all parties
-  let mut shares = HashMap::new();
-  interact_with_all(
-    coordinators,
-    |participant| messages::key_gen::CoordinatorMessage::Commitments {
-      id,
-      commitments: clone_without(&commitments, &participant),
-    },
-    |participant, msg| match msg {
-      messages::key_gen::ProcessorMessage::Shares { id: this_id, shares: mut these_shares } => {
-        assert_eq!(this_id, id);
-        assert_eq!(these_shares.len(), 1);
-        shares.insert(participant, these_shares.swap_remove(0));
-      }
-      _ => panic!("processor didn't return Shares in response to GenerateKey"),
-    },
-  )
-  .await;
-
-  // Send the shares
+  // Send the participations
   let mut substrate_key = None;
   let mut network_key = None;
-  interact_with_all(
-    coordinators,
-    |participant| messages::key_gen::CoordinatorMessage::Shares {
-      id,
-      shares: vec![shares
-        .iter()
-        .filter_map(|(this_participant, shares)| {
-          shares.get(&participant).cloned().map(|share| (*this_participant, share))
-        })
-        .collect()],
-    },
-    |_, msg| match msg {
-      messages::key_gen::ProcessorMessage::GeneratedKeyPair {
-        id: this_id,
-        substrate_key: this_substrate_key,
-        network_key: this_network_key,
-      } => {
-        assert_eq!(this_id, id);
-        if substrate_key.is_none() {
-          substrate_key = Some(this_substrate_key);
-          network_key = Some(this_network_key.clone());
-        }
-        assert_eq!(substrate_key.unwrap(), this_substrate_key);
-        assert_eq!(network_key.as_ref().unwrap(), &this_network_key);
+  for participation in participations {
+    for coordinator in &mut *coordinators {
+      coordinator.send_message(participation.clone()).await;
+    }
+  }
+  // This also takes a while on debug
+  tokio::time::sleep(core::time::Duration::from_secs(240)).await;
+  interact_with_all(coordinators, |_, msg| match msg {
+    messages::key_gen::ProcessorMessage::GeneratedKeyPair {
+      session: this_session,
+      substrate_key: this_substrate_key,
+      network_key: this_network_key,
+    } => {
+      assert_eq!(this_session, session);
+      if substrate_key.is_none() {
+        substrate_key = Some(this_substrate_key);
+        network_key = Some(this_network_key.clone());
       }
-      _ => panic!("processor didn't return GeneratedKeyPair in response to GenerateKey"),
-    },
-  )
+      assert_eq!(substrate_key.unwrap(), this_substrate_key);
+      assert_eq!(network_key.as_ref().unwrap(), &this_network_key);
+    }
+    _ => panic!("processor didn't return GeneratedKeyPair in response to all Participations"),
+  })
   .await;
 
   // Confirm the key pair
@@ -132,7 +108,7 @@ pub(crate) async fn key_gen(coordinators: &mut [Coordinator]) -> KeyPair {
       .send_message(CoordinatorMessage::Substrate(
         messages::substrate::CoordinatorMessage::ConfirmKeyPair {
           context,
-          session: id.session,
+          session,
           key_pair: key_pair.clone(),
         },
       ))

tests/processor/src/tests/mod.rs

@@ -1,5 +1,3 @@
-use ciphersuite::{Ciphersuite, Ristretto};
-
 use serai_client::primitives::NetworkId;
 
 use dockertest::DockerTest;
@@ -17,18 +15,18 @@ mod send;
 pub(crate) const COORDINATORS: usize = 4;
 pub(crate) const THRESHOLD: usize = ((COORDINATORS * 2) / 3) + 1;
 
-fn new_test(network: NetworkId) -> (Vec<(Handles, <Ristretto as Ciphersuite>::F)>, DockerTest) {
+fn new_test(network: NetworkId) -> (Vec<(Handles, ProcessorKeys)>, DockerTest) {
   let mut coordinators = vec![];
   let mut test = DockerTest::new().with_network(dockertest::Network::Isolated);
   let mut eth_handle = None;
   for _ in 0 .. COORDINATORS {
-    let (handles, coord_key, compositions) = processor_stack(network, eth_handle.clone());
+    let (handles, keys, compositions) = processor_stack(network, eth_handle.clone());
     // TODO: Remove this once https://github.com/foundry-rs/foundry/issues/7955
     // This has all processors share an Ethereum node until we can sync controlled nodes
     if network == NetworkId::Ethereum {
       eth_handle = eth_handle.or_else(|| Some(handles.0.clone()));
     }
-    coordinators.push((handles, coord_key));
+    coordinators.push((handles, keys));
     for composition in compositions {
       test.provide_container(composition);
     }

tests/processor/src/tests/send.rs

@@ -3,6 +3,8 @@ use std::{
   time::{SystemTime, Duration},
 };
 
+use rand_core::RngCore;
+
 use dkg::{Participant, tests::clone_without};
 
 use messages::{sign::SignId, SubstrateContext};