Remove borsh from dkg

It pulls in a lot of bespoke dependencies for little utility directly present.

Moves the necessary code into the processor.

.github/LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2022-2023 Luke Parker
+Copyright (c) 2022-2025 Luke Parker
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

.github/actions/bitcoin/action.yml

@@ -5,14 +5,14 @@ inputs:
   version:
     description: "Version to download and run"
     required: false
-    default: "27.0"
+    default: "30.0"
 
 runs:
   using: "composite"
   steps:
     - name: Bitcoin Daemon Cache
       id: cache-bitcoind
-      uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
+      uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809
       with:
         path: bitcoin.tar.gz
         key: bitcoind-${{ runner.os }}-${{ runner.arch }}-${{ inputs.version }}

.github/actions/build-dependencies/action.yml

@@ -7,13 +7,20 @@ runs:
     - name: Remove unused packages
       shell: bash
       run: |
-        sudo apt remove -y "*msbuild*" "*powershell*" "*nuget*" "*bazel*" "*ansible*" "*terraform*" "*heroku*" "*aws*" azure-cli
+        # Ensure the repositories are synced
+        sudo apt update -y
+
+        # Actually perform the removals
+        sudo apt remove -y "*powershell*" "*nuget*" "*bazel*" "*ansible*" "*terraform*" "*heroku*" "*aws*" azure-cli
         sudo apt remove -y "*nodejs*" "*npm*" "*yarn*" "*java*" "*kotlin*" "*golang*" "*swift*" "*julia*" "*fortran*" "*android*"
         sudo apt remove -y "*apache2*" "*nginx*" "*firefox*" "*chromium*" "*chrome*" "*edge*"
+
+        sudo apt remove -y --allow-remove-essential -f shim-signed *python3*
+        # This removal command requires the prior removals due to unmet dependencies otherwise
         sudo apt remove -y "*qemu*" "*sql*" "*texinfo*" "*imagemagick*"
-        sudo apt autoremove -y
-        sudo apt clean
-        docker system prune -a --volumes
+
+        # Reinstall python3 as a general dependency of a functional operating system
+        sudo apt install -y python3 --fix-missing
       if: runner.os == 'Linux'
 
     - name: Remove unused packages
@@ -31,19 +38,48 @@ runs:
       shell: bash
       run: |
         if [ "$RUNNER_OS" == "Linux" ]; then
-          sudo apt install -y ca-certificates protobuf-compiler
+          sudo apt install -y ca-certificates protobuf-compiler libclang-dev
         elif [ "$RUNNER_OS" == "Windows" ]; then
           choco install protoc
         elif [ "$RUNNER_OS" == "macOS" ]; then
-          brew install protobuf
+          brew install protobuf llvm
+          HOMEBREW_ROOT_PATH=/opt/homebrew # Apple Silicon
+          if [ $(uname -m) = "x86_64" ]; then HOMEBREW_ROOT_PATH=/usr/local; fi # Intel
+          ls $HOMEBREW_ROOT_PATH/opt/llvm/lib | grep "libclang.dylib" # Make sure this installed `libclang`
+          echo "DYLD_LIBRARY_PATH=$HOMEBREW_ROOT_PATH/opt/llvm/lib:$DYLD_LIBRARY_PATH" >> "$GITHUB_ENV"
         fi
 
     - name: Install solc
       shell: bash
       run: |
-        cargo install svm-rs
-        svm install 0.8.26
-        svm use 0.8.26
+        cargo +1.91 install svm-rs --version =0.5.19
+        svm install 0.8.29
+        svm use 0.8.29
+
+    - name: Remove preinstalled Docker
+      shell: bash
+      run: |
+        docker system prune -a --volumes
+        sudo apt remove -y *docker*
+        # Install uidmap which will be required for the explicitly installed Docker
+        sudo apt install uidmap
+      if: runner.os == 'Linux'
+
+    - name: Update system dependencies
+      shell: bash
+      run: |
+        sudo apt update -y
+        sudo apt upgrade -y
+        sudo apt autoremove -y
+        sudo apt clean
+      if: runner.os == 'Linux'
+
+    - name: Install rootless Docker
+      uses: docker/setup-docker-action@b60f85385d03ac8acfca6d9996982511d8620a19
+      with:
+        rootless: true
+        set-host: true
+      if: runner.os == 'Linux'
 
     # - name: Cache Rust
     #   uses: Swatinem/rust-cache@a95ba195448af2da9b00fb742d14ffaaf3c21f43

.github/actions/monero-wallet-rpc/action.yml

@@ -5,14 +5,14 @@ inputs:
   version:
     description: "Version to download and run"
     required: false
-    default: v0.18.3.4
+    default: v0.18.4.3
 
 runs:
   using: "composite"
   steps:
     - name: Monero Wallet RPC Cache
       id: cache-monero-wallet-rpc
-      uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
+      uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809
       with:
         path: monero-wallet-rpc
         key: monero-wallet-rpc-${{ runner.os }}-${{ runner.arch }}-${{ inputs.version }}

.github/actions/monero/action.yml

@@ -5,14 +5,14 @@ inputs:
   version:
     description: "Version to download and run"
     required: false
-    default: v0.18.3.4
+    default: v0.18.4.3
 
 runs:
   using: "composite"
   steps:
     - name: Monero Daemon Cache
       id: cache-monerod
-      uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
+      uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809
       with:
         path: /usr/bin/monerod
         key: monerod-${{ runner.os }}-${{ runner.arch }}-${{ inputs.version }}

.github/actions/test-dependencies/action.yml

@@ -5,12 +5,12 @@ inputs:
   monero-version:
     description: "Monero version to download and run as a regtest node"
     required: false
-    default: v0.18.3.4
+    default: v0.18.4.3
 
   bitcoin-version:
     description: "Bitcoin version to download and run as a regtest node"
     required: false
-    default: "27.1"
+    default: "30.0"
 
 runs:
   using: "composite"

.github/nightly-version

@@ -1 +1 @@
-nightly-2025-02-01
+nightly-2025-11-11

.github/workflows/crypto-tests.yml

@@ -32,13 +32,17 @@ jobs:
             -p dalek-ff-group \
             -p minimal-ed448 \
             -p ciphersuite \
+            -p ciphersuite-kp256 \
             -p multiexp \
             -p schnorr-signatures \
-            -p dleq \
-            -p generalized-bulletproofs \
-            -p generalized-bulletproofs-circuit-abstraction \
-            -p ec-divisors \
-            -p generalized-bulletproofs-ec-gadgets \
+            -p prime-field \
+            -p short-weierstrass \
+            -p secq256k1 \
+            -p embedwards25519 \
             -p dkg \
+            -p dkg-recovery \
+            -p dkg-dealer \
+            -p dkg-musig \
+            -p dkg-evrf \
             -p modular-frost \
             -p frost-schnorrkel

.github/workflows/daily-deny.yml

@@ -12,13 +12,13 @@ jobs:
       - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac
 
       - name: Advisory Cache
-        uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
+        uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809
         with:
           path: ~/.cargo/advisory-db
           key: rust-advisory-db
 
       - name: Install cargo deny
-        run: cargo install --locked cargo-deny
+        run: cargo +1.91 install cargo-deny --version =0.18.5
 
       - name: Run cargo deny
-        run: cargo deny -L error --all-features check
+        run: cargo deny -L error --all-features check --hide-inclusion-graph

.github/workflows/lint.yml

@@ -11,7 +11,7 @@ jobs:
   clippy:
     strategy:
       matrix:
-        os: [ubuntu-latest, macos-13, macos-14, windows-latest]
+        os: [ubuntu-latest, macos-15-intel, macos-latest, windows-latest]
     runs-on: ${{ matrix.os }}
 
     steps:
@@ -26,7 +26,7 @@ jobs:
         uses: ./.github/actions/build-dependencies
 
       - name: Install nightly rust
-        run: rustup toolchain install ${{ steps.nightly.outputs.version }} --profile minimal -t wasm32-unknown-unknown -c clippy
+        run: rustup toolchain install ${{ steps.nightly.outputs.version }} --profile minimal -t wasm32v1-none -c clippy
 
       - name: Run Clippy
         run: cargo +${{ steps.nightly.outputs.version }} clippy --all-features --all-targets -- -D warnings -A clippy::items_after_test_module
@@ -46,16 +46,16 @@ jobs:
       - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac
 
       - name: Advisory Cache
-        uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
+        uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809
         with:
           path: ~/.cargo/advisory-db
           key: rust-advisory-db
 
       - name: Install cargo deny
-        run: cargo install --locked cargo-deny
+        run: cargo +1.91 install cargo-deny --version =0.18.5
 
       - name: Run cargo deny
-        run: cargo deny -L error --all-features check
+        run: cargo deny -L error --all-features check --hide-inclusion-graph
 
   fmt:
     runs-on: ubuntu-latest
@@ -88,19 +88,114 @@ jobs:
       - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac
       - name: Verify all dependencies are in use
         run: |
-          cargo install cargo-machete
-          cargo machete
+          cargo +1.91 install cargo-machete --version =0.9.1
+          cargo +1.91 machete
+
+  msrv:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac
+      - name: Verify claimed `rust-version`
+        shell: bash
+        run: |
+          cargo +1.91 install cargo-msrv --version =0.18.4
+
+          function check_msrv {
+            # We `cd` into the directory passed as the first argument, but will return to the
+            # directory called from.
+            return_to=$(pwd)
+            echo "Checking $1"
+            cd $1
+
+            # We then find the existing `rust-version` using `grep` (for the right line) and then a
+            # regex (to strip to just the major and minor version).
+            existing=$(cat ./Cargo.toml | grep "rust-version" | grep -Eo "[0-9]+\.[0-9]+")
+
+            # We then backup the `Cargo.toml`, allowing us to restore it after, saving time on future
+            # MSRV checks (as they'll benefit from immediately exiting if the queried version is less
+            # than the declared MSRV).
+            mv ./Cargo.toml ./Cargo.toml.bak
+
+            # We then use an inverted (`-v`) grep to remove the existing `rust-version` from the
+            # `Cargo.toml`, as required because else earlier versions of Rust won't even attempt to
+            # compile this crate.
+            cat ./Cargo.toml.bak | grep -v "rust-version" > Cargo.toml
+
+            # We then find the actual `rust-version` using `cargo-msrv` (again stripping to just the
+            # major and minor version).
+            actual=$(cargo msrv find --output-format minimal | grep -Eo "^[0-9]+\.[0-9]+")
+
+            # Finally, we compare the two.
+            echo "Declared rust-version: $existing"
+            echo "Actual rust-version: $actual"
+            [ $existing == $actual ]
+            result=$?
+
+            # Restore the original `Cargo.toml`.
+            rm Cargo.toml
+            mv ./Cargo.toml.bak ./Cargo.toml
+
+            # Return to the directory called from and return the result.
+            cd $return_to
+            return $result
+          }
+
+          # Check each member of the workspace
+          function check_workspace {
+            # Get the members array from the workspace's `Cargo.toml`
+            cargo_toml_lines=$(cat ./Cargo.toml | wc -l)
+            # Keep all lines after the start of the array, then keep all lines before the next "]"
+            members=$(cat Cargo.toml | grep "members\ \=\ \[" -m1 -A$cargo_toml_lines | grep "]" -m1 -B$cargo_toml_lines)
+
+            # Parse out any comments, whitespace, including comments post-fixed on the same line as an entry
+            # We accomplish the latter by pruning all characters after the entry's ","
+            members=$(echo "$members" | grep -Ev "^[[:space:]]*(#|$)" | awk -F',' '{print $1","}')
+            # Replace the first line, which was "members = [" and is now "members = [,", with "["
+            members=$(echo "$members" | sed "1s/.*/\[/")
+            # Correct the last line, which was malleated to "],"
+            members=$(echo "$members" | sed "$(echo "$members" | wc -l)s/\]\,/\]/")
+
+            # Don't check the following
+            # Most of these are binaries, with the exception of the Substrate runtime which has a
+            # bespoke build pipeline
+            members=$(echo "$members" | grep -v "networks/ethereum/relayer\"")
+            members=$(echo "$members" | grep -v "message-queue\"")
+            members=$(echo "$members" | grep -v "processor/bin\"")
+            members=$(echo "$members" | grep -v "processor/bitcoin\"")
+            members=$(echo "$members" | grep -v "processor/ethereum\"")
+            members=$(echo "$members" | grep -v "processor/monero\"")
+            members=$(echo "$members" | grep -v "coordinator\"")
+            members=$(echo "$members" | grep -v "substrate/runtime\"")
+            members=$(echo "$members" | grep -v "substrate/node\"")
+            members=$(echo "$members" | grep -v "orchestration\"")
+
+            # Don't check the tests
+            members=$(echo "$members" | grep -v "mini\"")
+            members=$(echo "$members" | grep -v "tests/")
+
+            # Remove the trailing comma by replacing the last line's "," with ""
+            members=$(echo "$members" | sed "$(($(echo "$members" | wc -l) - 1))s/\,//")
+
+            echo $members | jq -r ".[]" | while read -r member; do
+              check_msrv $member
+              correct=$?
+              if [ $correct -ne 0 ]; then
+                return $correct
+              fi
+            done
+          }
+          check_workspace
 
   slither:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac
+
+      - name: Build Dependencies
+        uses: ./.github/actions/build-dependencies
+
       - name: Slither
         run: |
-          python3 -m pip install solc-select
-          solc-select install 0.8.26
-          solc-select use 0.8.26
-
           python3 -m pip install slither-analyzer
 
           slither --include-paths ./networks/ethereum/schnorr/contracts/Schnorr.sol

.github/workflows/monero-tests.yaml

@@ -1,72 +0,0 @@
-name: Monero Tests
-
-on:
-  push:
-    branches:
-      - develop
-    paths:
-      - "networks/monero/**"
-      - "processor/**"
-
-  pull_request:
-    paths:
-      - "networks/monero/**"
-      - "processor/**"
-
-  workflow_dispatch:
-
-jobs:
-  # Only run these once since they will be consistent regardless of any node
-  unit-tests:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac
-
-      - name: Test Dependencies
-        uses: ./.github/actions/test-dependencies
-
-      - name: Run Unit Tests Without Features
-        run: |
-          GITHUB_CI=true RUST_BACKTRACE=1 cargo test --package monero-io --lib
-          GITHUB_CI=true RUST_BACKTRACE=1 cargo test --package monero-generators --lib
-          GITHUB_CI=true RUST_BACKTRACE=1 cargo test --package monero-primitives --lib
-          GITHUB_CI=true RUST_BACKTRACE=1 cargo test --package monero-mlsag --lib
-          GITHUB_CI=true RUST_BACKTRACE=1 cargo test --package monero-clsag --lib
-          GITHUB_CI=true RUST_BACKTRACE=1 cargo test --package monero-borromean --lib
-          GITHUB_CI=true RUST_BACKTRACE=1 cargo test --package monero-bulletproofs --lib
-          GITHUB_CI=true RUST_BACKTRACE=1 cargo test --package monero-serai --lib
-          GITHUB_CI=true RUST_BACKTRACE=1 cargo test --package monero-rpc --lib
-          GITHUB_CI=true RUST_BACKTRACE=1 cargo test --package monero-simple-request-rpc --lib
-          GITHUB_CI=true RUST_BACKTRACE=1 cargo test --package monero-address --lib
-          GITHUB_CI=true RUST_BACKTRACE=1 cargo test --package monero-wallet --lib
-
-      # Doesn't run unit tests with features as the tests workflow will
-
-  integration-tests:
-    runs-on: ubuntu-latest
-    # Test against all supported protocol versions
-    strategy:
-      matrix:
-        version: [v0.17.3.2, v0.18.3.4]
-
-    steps:
-      - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac
-
-      - name: Test Dependencies
-        uses: ./.github/actions/test-dependencies
-        with:
-          monero-version: ${{ matrix.version }}
-
-      - name: Run Integration Tests Without Features
-        run: |
-          GITHUB_CI=true RUST_BACKTRACE=1 cargo test --package monero-serai --test '*'
-          GITHUB_CI=true RUST_BACKTRACE=1 cargo test --package monero-simple-request-rpc --test '*'
-          GITHUB_CI=true RUST_BACKTRACE=1 cargo test --package monero-wallet --test '*'
-
-      - name: Run Integration Tests
-        # Don't run if the the tests workflow also will
-        if: ${{ matrix.version != 'v0.18.3.4' }}
-        run: |
-          GITHUB_CI=true RUST_BACKTRACE=1 cargo test --package monero-serai --all-features --test '*'
-          GITHUB_CI=true RUST_BACKTRACE=1 cargo test --package monero-simple-request-rpc --test '*'
-          GITHUB_CI=true RUST_BACKTRACE=1 cargo test --package monero-wallet --all-features --test '*'

.github/workflows/msrv.yml

@@ -1,259 +0,0 @@
-name: Weekly MSRV Check
-
-on:
-  schedule:
-    - cron: "0 0 * * 0"
-  workflow_dispatch:
-
-jobs:
-  msrv-common:
-    name: Run cargo msrv on common
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac
-
-      - name: Install Build Dependencies
-        uses: ./.github/actions/build-dependencies
-
-      - name: Install cargo msrv
-        run: cargo install --locked cargo-msrv
-
-      - name: Run cargo msrv on common
-        run: |
-          cargo msrv verify --manifest-path common/zalloc/Cargo.toml
-          cargo msrv verify --manifest-path common/std-shims/Cargo.toml
-          cargo msrv verify --manifest-path common/env/Cargo.toml
-          cargo msrv verify --manifest-path common/db/Cargo.toml
-          cargo msrv verify --manifest-path common/task/Cargo.toml
-          cargo msrv verify --manifest-path common/request/Cargo.toml
-          cargo msrv verify --manifest-path common/patchable-async-sleep/Cargo.toml
-
-  msrv-crypto:
-    name: Run cargo msrv on crypto
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac
-
-      - name: Install Build Dependencies
-        uses: ./.github/actions/build-dependencies
-
-      - name: Install cargo msrv
-        run: cargo install --locked cargo-msrv
-
-      - name: Run cargo msrv on crypto
-        run: |
-          cargo msrv verify --manifest-path crypto/transcript/Cargo.toml
-
-          cargo msrv verify --manifest-path crypto/ff-group-tests/Cargo.toml
-          cargo msrv verify --manifest-path crypto/dalek-ff-group/Cargo.toml
-          cargo msrv verify --manifest-path crypto/ed448/Cargo.toml
-
-          cargo msrv verify --manifest-path crypto/multiexp/Cargo.toml
-
-          cargo msrv verify --manifest-path crypto/dleq/Cargo.toml
-          cargo msrv verify --manifest-path crypto/ciphersuite/Cargo.toml
-          cargo msrv verify --manifest-path crypto/schnorr/Cargo.toml
-
-          cargo msrv verify --manifest-path crypto/evrf/generalized-bulletproofs/Cargo.toml
-          cargo msrv verify --manifest-path crypto/evrf/circuit-abstraction/Cargo.toml
-          cargo msrv verify --manifest-path crypto/evrf/divisors/Cargo.toml
-          cargo msrv verify --manifest-path crypto/evrf/ec-gadgets/Cargo.toml
-          cargo msrv verify --manifest-path crypto/evrf/embedwards25519/Cargo.toml
-          cargo msrv verify --manifest-path crypto/evrf/secq256k1/Cargo.toml
-
-          cargo msrv verify --manifest-path crypto/dkg/Cargo.toml
-          cargo msrv verify --manifest-path crypto/frost/Cargo.toml
-          cargo msrv verify --manifest-path crypto/schnorrkel/Cargo.toml
-
-  msrv-networks:
-    name: Run cargo msrv on networks
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac
-
-      - name: Install Build Dependencies
-        uses: ./.github/actions/build-dependencies
-
-      - name: Install cargo msrv
-        run: cargo install --locked cargo-msrv
-
-      - name: Run cargo msrv on networks
-        run: |
-          cargo msrv verify --manifest-path networks/bitcoin/Cargo.toml
-
-          cargo msrv verify --manifest-path networks/ethereum/build-contracts/Cargo.toml
-          cargo msrv verify --manifest-path networks/ethereum/schnorr/Cargo.toml
-          cargo msrv verify --manifest-path networks/ethereum/alloy-simple-request-transport/Cargo.toml
-          cargo msrv verify --manifest-path networks/ethereum/relayer/Cargo.toml --features parity-db
-
-          cargo msrv verify --manifest-path networks/monero/io/Cargo.toml
-          cargo msrv verify --manifest-path networks/monero/generators/Cargo.toml
-          cargo msrv verify --manifest-path networks/monero/primitives/Cargo.toml
-          cargo msrv verify --manifest-path networks/monero/ringct/mlsag/Cargo.toml
-          cargo msrv verify --manifest-path networks/monero/ringct/clsag/Cargo.toml
-          cargo msrv verify --manifest-path networks/monero/ringct/borromean/Cargo.toml
-          cargo msrv verify --manifest-path networks/monero/ringct/bulletproofs/Cargo.toml
-          cargo msrv verify --manifest-path networks/monero/Cargo.toml
-          cargo msrv verify --manifest-path networks/monero/rpc/Cargo.toml
-          cargo msrv verify --manifest-path networks/monero/rpc/simple-request/Cargo.toml
-          cargo msrv verify --manifest-path networks/monero/wallet/address/Cargo.toml
-          cargo msrv verify --manifest-path networks/monero/wallet/Cargo.toml
-          cargo msrv verify --manifest-path networks/monero/verify-chain/Cargo.toml
-
-  msrv-message-queue:
-    name: Run cargo msrv on message-queue
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac
-
-      - name: Install Build Dependencies
-        uses: ./.github/actions/build-dependencies
-
-      - name: Install cargo msrv
-        run: cargo install --locked cargo-msrv
-
-      - name: Run cargo msrv on message-queue
-        run: |
-          cargo msrv verify --manifest-path message-queue/Cargo.toml --features parity-db
-
-  msrv-processor:
-    name: Run cargo msrv on processor
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac
-
-      - name: Install Build Dependencies
-        uses: ./.github/actions/build-dependencies
-
-      - name: Install cargo msrv
-        run: cargo install --locked cargo-msrv
-
-      - name: Run cargo msrv on processor
-        run: |
-          cargo msrv verify --manifest-path processor/view-keys/Cargo.toml
-
-          cargo msrv verify --manifest-path processor/primitives/Cargo.toml
-          cargo msrv verify --manifest-path processor/messages/Cargo.toml
-
-          cargo msrv verify --manifest-path processor/scanner/Cargo.toml
-
-          cargo msrv verify --manifest-path processor/scheduler/primitives/Cargo.toml
-          cargo msrv verify --manifest-path processor/scheduler/smart-contract/Cargo.toml
-          cargo msrv verify --manifest-path processor/scheduler/utxo/primitives/Cargo.toml
-          cargo msrv verify --manifest-path processor/scheduler/utxo/standard/Cargo.toml
-          cargo msrv verify --manifest-path processor/scheduler/utxo/transaction-chaining/Cargo.toml
-
-          cargo msrv verify --manifest-path processor/key-gen/Cargo.toml
-          cargo msrv verify --manifest-path processor/frost-attempt-manager/Cargo.toml
-          cargo msrv verify --manifest-path processor/signers/Cargo.toml
-          cargo msrv verify --manifest-path processor/bin/Cargo.toml --features parity-db
-
-          cargo msrv verify --manifest-path processor/bitcoin/Cargo.toml
-
-          cargo msrv verify --manifest-path processor/ethereum/primitives/Cargo.toml
-          cargo msrv verify --manifest-path processor/ethereum/test-primitives/Cargo.toml
-          cargo msrv verify --manifest-path processor/ethereum/erc20/Cargo.toml
-          cargo msrv verify --manifest-path processor/ethereum/deployer/Cargo.toml
-          cargo msrv verify --manifest-path processor/ethereum/router/Cargo.toml
-          cargo msrv verify --manifest-path processor/ethereum/Cargo.toml
-
-          cargo msrv verify --manifest-path processor/monero/Cargo.toml
-
-  msrv-coordinator:
-    name: Run cargo msrv on coordinator
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac
-
-      - name: Install Build Dependencies
-        uses: ./.github/actions/build-dependencies
-
-      - name: Install cargo msrv
-        run: cargo install --locked cargo-msrv
-
-      - name: Run cargo msrv on coordinator
-        run: |
-          cargo msrv verify --manifest-path coordinator/tributary-sdk/tendermint/Cargo.toml
-          cargo msrv verify --manifest-path coordinator/tributary-sdk/Cargo.toml
-          cargo msrv verify --manifest-path coordinator/cosign/Cargo.toml
-          cargo msrv verify --manifest-path coordinator/substrate/Cargo.toml
-          cargo msrv verify --manifest-path coordinator/tributary/Cargo.toml
-          cargo msrv verify --manifest-path coordinator/p2p/Cargo.toml
-          cargo msrv verify --manifest-path coordinator/p2p/libp2p/Cargo.toml
-          cargo msrv verify --manifest-path coordinator/Cargo.toml
-
-  msrv-substrate:
-    name: Run cargo msrv on substrate
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac
-
-      - name: Install Build Dependencies
-        uses: ./.github/actions/build-dependencies
-
-      - name: Install cargo msrv
-        run: cargo install --locked cargo-msrv
-
-      - name: Run cargo msrv on substrate
-        run: |
-          cargo msrv verify --manifest-path substrate/primitives/Cargo.toml
-
-          cargo msrv verify --manifest-path substrate/coins/primitives/Cargo.toml
-          cargo msrv verify --manifest-path substrate/coins/pallet/Cargo.toml
-
-          cargo msrv verify --manifest-path substrate/dex/pallet/Cargo.toml
-
-          cargo msrv verify --manifest-path substrate/economic-security/pallet/Cargo.toml
-
-          cargo msrv verify --manifest-path substrate/genesis-liquidity/primitives/Cargo.toml
-          cargo msrv verify --manifest-path substrate/genesis-liquidity/pallet/Cargo.toml
-
-          cargo msrv verify --manifest-path substrate/in-instructions/primitives/Cargo.toml
-          cargo msrv verify --manifest-path substrate/in-instructions/pallet/Cargo.toml
-
-          cargo msrv verify --manifest-path substrate/validator-sets/pallet/Cargo.toml
-          cargo msrv verify --manifest-path substrate/validator-sets/primitives/Cargo.toml
-
-          cargo msrv verify --manifest-path substrate/emissions/primitives/Cargo.toml
-          cargo msrv verify --manifest-path substrate/emissions/pallet/Cargo.toml
-
-          cargo msrv verify --manifest-path substrate/signals/primitives/Cargo.toml
-          cargo msrv verify --manifest-path substrate/signals/pallet/Cargo.toml
-
-          cargo msrv verify --manifest-path substrate/abi/Cargo.toml
-          cargo msrv verify --manifest-path substrate/client/Cargo.toml
-
-          cargo msrv verify --manifest-path substrate/runtime/Cargo.toml
-          cargo msrv verify --manifest-path substrate/node/Cargo.toml
-
-  msrv-orchestration:
-    name: Run cargo msrv on orchestration
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac
-
-      - name: Install Build Dependencies
-        uses: ./.github/actions/build-dependencies
-
-      - name: Install cargo msrv
-        run: cargo install --locked cargo-msrv
-
-      - name: Run cargo msrv on message-queue
-        run: |
-          cargo msrv verify --manifest-path orchestration/Cargo.toml
-
-  msrv-mini:
-    name: Run cargo msrv on mini
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac
-
-      - name: Install Build Dependencies
-        uses: ./.github/actions/build-dependencies
-
-      - name: Install cargo msrv
-        run: cargo install --locked cargo-msrv
-
-      - name: Run cargo msrv on mini
-        run: |
-          cargo msrv verify --manifest-path mini/Cargo.toml

.github/workflows/networks-tests.yml

@@ -34,16 +34,3 @@ jobs:
             -p ethereum-schnorr-contract \
             -p alloy-simple-request-transport \
             -p serai-ethereum-relayer \
-            -p monero-io \
-            -p monero-generators \
-            -p monero-primitives \
-            -p monero-mlsag \
-            -p monero-clsag \
-            -p monero-borromean \
-            -p monero-bulletproofs \
-            -p monero-serai \
-            -p monero-rpc \
-            -p monero-simple-request-rpc \
-            -p monero-address \
-            -p monero-wallet \
-            -p monero-serai-verify-chain

.github/workflows/no-std.yml

@@ -28,8 +28,18 @@ jobs:
       - name: Install Build Dependencies
         uses: ./.github/actions/build-dependencies
 
+      - name: Get nightly version to use
+        id: nightly
+        shell: bash
+        run: echo "version=$(cat .github/nightly-version)" >> $GITHUB_OUTPUT
+
       - name: Install RISC-V Toolchain
-        run: sudo apt update && sudo apt install -y gcc-riscv64-unknown-elf gcc-multilib && rustup target add riscv32imac-unknown-none-elf
+        run: |
+          sudo apt update
+          sudo apt install -y gcc-riscv64-unknown-elf gcc-multilib
+          rustup toolchain install ${{ steps.nightly.outputs.version }} --profile minimal --component rust-src --target riscv32imac-unknown-none-elf
 
       - name: Verify no-std builds
-        run: CFLAGS=-I/usr/include cargo build --target riscv32imac-unknown-none-elf -p serai-no-std-tests
+        run: |
+          CFLAGS=-I/usr/include cargo +${{ steps.nightly.outputs.version }} build --target riscv32imac-unknown-none-elf -Z build-std=core -p serai-no-std-tests
+          CFLAGS=-I/usr/include cargo +${{ steps.nightly.outputs.version }} build --target riscv32imac-unknown-none-elf -Z build-std=core,alloc -p serai-no-std-tests --features "alloc"

.github/workflows/pages.yml

@@ -46,16 +46,16 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac
       - name: Setup Ruby
-        uses: ruby/setup-ruby@v1
+        uses: ruby/setup-ruby@44511735964dcb71245e7e55f72539531f7bc0eb
         with:
           bundler-cache: true
           cache-version: 0
           working-directory: "${{ github.workspace }}/docs"
       - name: Setup Pages
         id: pages
-        uses: actions/configure-pages@v3
+        uses: actions/configure-pages@983d7736d9b0ae728b81ab479565c72886d7745b
       - name: Build with Jekyll
         run: cd ${{ github.workspace }}/docs && bundle exec jekyll build --baseurl "${{ steps.pages.outputs.base_path }}"
         env:
@@ -69,12 +69,12 @@ jobs:
         uses: ./.github/actions/build-dependencies
       - name: Buld Rust docs
         run: |
-          rustup toolchain install ${{ steps.nightly.outputs.version }} --profile minimal -t wasm32-unknown-unknown -c rust-docs
-          RUSTDOCFLAGS="--cfg docsrs" cargo +${{ steps.nightly.outputs.version }} doc --workspace --all-features
+          rustup toolchain install ${{ steps.nightly.outputs.version }} --profile minimal -t wasm32v1-none -c rust-docs
+          RUSTDOCFLAGS="--cfg docsrs" cargo +${{ steps.nightly.outputs.version }} doc --workspace --no-deps --all-features
           mv target/doc docs/_site/rust
 
       - name: Upload artifact
-        uses: actions/upload-pages-artifact@v3
+        uses: actions/upload-pages-artifact@7b1f4a764d45c48632c6b24a0339c27f5614fb0b
         with:
           path: "docs/_site/"
 
@@ -88,4 +88,4 @@ jobs:
     steps:
       - name: Deploy to GitHub Pages
         id: deployment
-        uses: actions/deploy-pages@v4
+        uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e

.gitignore

@@ -1,7 +1,14 @@
 target
+
+# Don't commit any `Cargo.lock` which aren't the workspace's
+Cargo.lock
+!./Cargo.lock
+
+# Don't commit any `Dockerfile`, as they're auto-generated, except the only one which isn't
 Dockerfile
 Dockerfile.fast-epoch
 !orchestration/runtime/Dockerfile
+
 .test-logs
 
 .vscode

Cargo.toml

@@ -1,20 +1,6 @@
 [workspace]
 resolver = "2"
 members = [
-  # Version patches
-  "patches/parking_lot_core",
-  "patches/parking_lot",
-  "patches/zstd",
-  "patches/rocksdb",
-
-  # std patches
-  "patches/matches",
-  "patches/is-terminal",
-
-  # Rewrites/redirects
-  "patches/option-ext",
-  "patches/directories-next",
-
   "common/std-shims",
   "common/zalloc",
   "common/patchable-async-sleep",
@@ -29,19 +15,21 @@ members = [
   "crypto/dalek-ff-group",
   "crypto/ed448",
   "crypto/ciphersuite",
+  "crypto/ciphersuite/kp256",
 
   "crypto/multiexp",
   "crypto/schnorr",
-  "crypto/dleq",
 
-  "crypto/evrf/secq256k1",
-  "crypto/evrf/embedwards25519",
-  "crypto/evrf/generalized-bulletproofs",
-  "crypto/evrf/circuit-abstraction",
-  "crypto/evrf/divisors",
-  "crypto/evrf/ec-gadgets",
+  "crypto/prime-field",
+  "crypto/short-weierstrass",
+  "crypto/secq256k1",
+  "crypto/embedwards25519",
 
   "crypto/dkg",
+  "crypto/dkg/recovery",
+  "crypto/dkg/dealer",
+  "crypto/dkg/musig",
+  "crypto/dkg/evrf",
   "crypto/frost",
   "crypto/schnorrkel",
 
@@ -52,20 +40,6 @@ members = [
   "networks/ethereum/alloy-simple-request-transport",
   "networks/ethereum/relayer",
 
-  "networks/monero/io",
-  "networks/monero/generators",
-  "networks/monero/primitives",
-  "networks/monero/ringct/mlsag",
-  "networks/monero/ringct/clsag",
-  "networks/monero/ringct/borromean",
-  "networks/monero/ringct/bulletproofs",
-  "networks/monero",
-  "networks/monero/rpc",
-  "networks/monero/rpc/simple-request",
-  "networks/monero/wallet/address",
-  "networks/monero/wallet",
-  "networks/monero/verify-chain",
-
   "message-queue",
 
   "processor/messages",
@@ -147,56 +121,83 @@ members = [
   "tests/reproducible-runtime",
 ]
 
+[profile.dev.package]
 # Always compile Monero (and a variety of dependencies) with optimizations due
 # to the extensive operations required for Bulletproofs
-[profile.dev.package]
 subtle = { opt-level = 3 }
 
+sha3 = { opt-level = 3 }
+blake2 = { opt-level = 3 }
+
 ff = { opt-level = 3 }
 group = { opt-level = 3 }
 
 crypto-bigint = { opt-level = 3 }
-secp256k1 = { opt-level = 3 }
 curve25519-dalek = { opt-level = 3 }
 dalek-ff-group = { opt-level = 3 }
-minimal-ed448 = { opt-level = 3 }
 
 multiexp = { opt-level = 3 }
 
-secq256k1 = { opt-level = 3 }
-embedwards25519 = { opt-level = 3 }
-generalized-bulletproofs = { opt-level = 3 }
-generalized-bulletproofs-circuit-abstraction = { opt-level = 3 }
-ec-divisors = { opt-level = 3 }
-generalized-bulletproofs-ec-gadgets = { opt-level = 3 }
-
-dkg = { opt-level = 3 }
-
 monero-generators = { opt-level = 3 }
 monero-borromean = { opt-level = 3 }
 monero-bulletproofs = { opt-level = 3 }
 monero-mlsag = { opt-level = 3 }
 monero-clsag = { opt-level = 3 }
+monero-oxide = { opt-level = 3 }
+
+# Always compile the eVRF DKG tree with optimizations as well
+secp256k1 = { opt-level = 3 }
+secq256k1 = { opt-level = 3 }
+embedwards25519 = { opt-level = 3 }
+generalized-bulletproofs = { opt-level = 3 }
+generalized-bulletproofs-circuit-abstraction = { opt-level = 3 }
+generalized-bulletproofs-ec-gadgets = { opt-level = 3 }
+
+# revm also effectively requires being built with optimizations
+revm = { opt-level = 3 }
+revm-bytecode = { opt-level = 3 }
+revm-context = { opt-level = 3 }
+revm-context-interface = { opt-level = 3 }
+revm-database = { opt-level = 3 }
+revm-database-interface = { opt-level = 3 }
+revm-handler = { opt-level = 3 }
+revm-inspector = { opt-level = 3 }
+revm-interpreter = { opt-level = 3 }
+revm-precompile = { opt-level = 3 }
+revm-primitives = { opt-level = 3 }
+revm-state = { opt-level = 3 }
 
 [profile.release]
 panic = "unwind"
+overflow-checks = true
 
 [patch.crates-io]
+# Point to empty crates for unused crates in our tree
+ark-ff-3 = { package = "ark-ff", path = "patches/ethereum/ark-ff-0.3" }
+ark-ff-4 = { package = "ark-ff", path = "patches/ethereum/ark-ff-0.4" }
+c-kzg = { path = "patches/ethereum/c-kzg" }
+secp256k1-30 = { package = "secp256k1", path = "patches/ethereum/secp256k1-30" }
+
+# Dependencies from monero-oxide which originate from within our own tree
+std-shims = { path = "patches/std-shims" }
+simple-request = { path = "patches/simple-request" }
+multiexp = { path = "crypto/multiexp" }
+flexible-transcript = { path = "crypto/transcript" }
+ciphersuite = { path = "patches/ciphersuite" }
+dalek-ff-group = { path = "patches/dalek-ff-group" }
+minimal-ed448 = { path = "crypto/ed448" }
+modular-frost = { path = "crypto/frost" }
+
+# This has a non-deprecated `std` alternative since Rust's 2024 edition
+home = { path = "patches/home" }
+
+# Updates to the latest version
+darling = { path = "patches/darling" }
+thiserror = { path = "patches/thiserror" }
+
 # https://github.com/rust-lang-nursery/lazy-static.rs/issues/201
 lazy_static = { git = "https://github.com/rust-lang-nursery/lazy-static.rs", rev = "5735630d46572f1e5377c8f2ba0f79d18f53b10c" }
 
-parking_lot_core = { path = "patches/parking_lot_core" }
-parking_lot = { path = "patches/parking_lot" }
-# wasmtime pulls in an old version for this
-zstd = { path = "patches/zstd" }
-# Needed for WAL compression
-rocksdb = { path = "patches/rocksdb" }
-
-# is-terminal now has an std-based solution with an equivalent API
-is-terminal = { path = "patches/is-terminal" }
-# So does matches
-matches = { path = "patches/matches" }
-
 # directories-next was created because directories was unmaintained
 # directories-next is now unmaintained while directories is maintained
 # The directories author pulls in ridiculously pointless crates and prefers
@@ -205,10 +206,22 @@ matches = { path = "patches/matches" }
 option-ext = { path = "patches/option-ext" }
 directories-next = { path = "patches/directories-next" }
 
+# Patch from a fork back to upstream
+parity-bip39 = { path = "patches/parity-bip39" }
+
+# Patch to include `FromUniformBytes<64>` over `Scalar`
+k256 = { git = "https://github.com/kayabaNerve/elliptic-curves", rev = "4994c9ab163781a88cd4a49beae812a89a44e8c3" }
+p256 = { git = "https://github.com/kayabaNerve/elliptic-curves", rev = "4994c9ab163781a88cd4a49beae812a89a44e8c3" }
+
+# `jemalloc` conflicts with `mimalloc`, so patch to a `rocksdb` which never uses `jemalloc`
+librocksdb-sys = { path = "patches/librocksdb-sys" }
+
 [workspace.lints.clippy]
 unwrap_or_default = "allow"
 map_unwrap_or = "allow"
 needless_continue = "allow"
+manual_is_multiple_of = "allow"
+incompatible_msrv = "allow" # Manually verified with a GitHub workflow
 borrow_as_ptr = "deny"
 cast_lossless = "deny"
 cast_possible_truncation = "deny"
@@ -247,7 +260,7 @@ redundant_closure_for_method_calls = "deny"
 redundant_else = "deny"
 string_add_assign = "deny"
 string_slice = "deny"
-unchecked_duration_subtraction = "deny"
+unchecked_time_subtraction = "deny"
 uninlined_format_args = "deny"
 unnecessary_box_returns = "deny"
 unnecessary_join = "deny"
@@ -256,3 +269,6 @@ unnested_or_patterns = "deny"
 unused_async = "deny"
 unused_self = "deny"
 zero_sized_map_values = "deny"
+
+[workspace.lints.rust]
+unused = "allow" # TODO: https://github.com/rust-lang/rust/issues/147648

README.md

@@ -59,7 +59,6 @@ issued at the discretion of the Immunefi program managers.
 - [Website](https://serai.exchange/): https://serai.exchange/
 - [Immunefi](https://immunefi.com/bounty/serai/): https://immunefi.com/bounty/serai/
 - [Twitter](https://twitter.com/SeraiDEX): https://twitter.com/SeraiDEX
-- [Mastodon](https://cryptodon.lol/@serai): https://cryptodon.lol/@serai
 - [Discord](https://discord.gg/mpEUtJR3vz): https://discord.gg/mpEUtJR3vz
 - [Matrix](https://matrix.to/#/#serai:matrix.org): https://matrix.to/#/#serai:matrix.org
 - [Reddit](https://www.reddit.com/r/SeraiDEX/): https://www.reddit.com/r/SeraiDEX/

audits/Trail of Bits ethereum contracts April 2025/LICENSE

@@ -1,427 +0,0 @@
-Attribution-ShareAlike 4.0 International
-
-=======================================================================
-
-Creative Commons Corporation ("Creative Commons") is not a law firm and
-does not provide legal services or legal advice. Distribution of
-Creative Commons public licenses does not create a lawyer-client or
-other relationship. Creative Commons makes its licenses and related
-information available on an "as-is" basis. Creative Commons gives no
-warranties regarding its licenses, any material licensed under their
-terms and conditions, or any related information. Creative Commons
-disclaims all liability for damages resulting from their use to the
-fullest extent possible.
-
-Using Creative Commons Public Licenses
-
-Creative Commons public licenses provide a standard set of terms and
-conditions that creators and other rights holders may use to share
-original works of authorship and other material subject to copyright
-and certain other rights specified in the public license below. The
-following considerations are for informational purposes only, are not
-exhaustive, and do not form part of our licenses.
-
-     Considerations for licensors: Our public licenses are
-     intended for use by those authorized to give the public
-     permission to use material in ways otherwise restricted by
-     copyright and certain other rights. Our licenses are
-     irrevocable. Licensors should read and understand the terms
-     and conditions of the license they choose before applying it.
-     Licensors should also secure all rights necessary before
-     applying our licenses so that the public can reuse the
-     material as expected. Licensors should clearly mark any
-     material not subject to the license. This includes other CC-
-     licensed material, or material used under an exception or
-     limitation to copyright. More considerations for licensors:
-    wiki.creativecommons.org/Considerations_for_licensors
-
-     Considerations for the public: By using one of our public
-     licenses, a licensor grants the public permission to use the
-     licensed material under specified terms and conditions. If
-     the licensor's permission is not necessary for any reason--for
-     example, because of any applicable exception or limitation to
-     copyright--then that use is not regulated by the license. Our
-     licenses grant only permissions under copyright and certain
-     other rights that a licensor has authority to grant. Use of
-     the licensed material may still be restricted for other
-     reasons, including because others have copyright or other
-     rights in the material. A licensor may make special requests,
-     such as asking that all changes be marked or described.
-     Although not required by our licenses, you are encouraged to
-     respect those requests where reasonable. More considerations
-     for the public:
-    wiki.creativecommons.org/Considerations_for_licensees
-
-=======================================================================
-
-Creative Commons Attribution-ShareAlike 4.0 International Public
-License
-
-By exercising the Licensed Rights (defined below), You accept and agree
-to be bound by the terms and conditions of this Creative Commons
-Attribution-ShareAlike 4.0 International Public License ("Public
-License"). To the extent this Public License may be interpreted as a
-contract, You are granted the Licensed Rights in consideration of Your
-acceptance of these terms and conditions, and the Licensor grants You
-such rights in consideration of benefits the Licensor receives from
-making the Licensed Material available under these terms and
-conditions.
-
-
-Section 1 -- Definitions.
-
-  a. Adapted Material means material subject to Copyright and Similar
-     Rights that is derived from or based upon the Licensed Material
-     and in which the Licensed Material is translated, altered,
-     arranged, transformed, or otherwise modified in a manner requiring
-     permission under the Copyright and Similar Rights held by the
-     Licensor. For purposes of this Public License, where the Licensed
-     Material is a musical work, performance, or sound recording,
-     Adapted Material is always produced where the Licensed Material is
-     synched in timed relation with a moving image.
-
-  b. Adapter's License means the license You apply to Your Copyright
-     and Similar Rights in Your contributions to Adapted Material in
-     accordance with the terms and conditions of this Public License.
-
-  c. BY-SA Compatible License means a license listed at
-     creativecommons.org/compatiblelicenses, approved by Creative
-     Commons as essentially the equivalent of this Public License.
-
-  d. Copyright and Similar Rights means copyright and/or similar rights
-     closely related to copyright including, without limitation,
-     performance, broadcast, sound recording, and Sui Generis Database
-     Rights, without regard to how the rights are labeled or
-     categorized. For purposes of this Public License, the rights
-     specified in Section 2(b)(1)-(2) are not Copyright and Similar
-     Rights.
-
-  e. Effective Technological Measures means those measures that, in the
-     absence of proper authority, may not be circumvented under laws
-     fulfilling obligations under Article 11 of the WIPO Copyright
-     Treaty adopted on December 20, 1996, and/or similar international
-     agreements.
-
-  f. Exceptions and Limitations means fair use, fair dealing, and/or
-     any other exception or limitation to Copyright and Similar Rights
-     that applies to Your use of the Licensed Material.
-
-  g. License Elements means the license attributes listed in the name
-     of a Creative Commons Public License. The License Elements of this
-     Public License are Attribution and ShareAlike.
-
-  h. Licensed Material means the artistic or literary work, database,
-     or other material to which the Licensor applied this Public
-     License.
-
-  i. Licensed Rights means the rights granted to You subject to the
-     terms and conditions of this Public License, which are limited to
-     all Copyright and Similar Rights that apply to Your use of the
-     Licensed Material and that the Licensor has authority to license.
-
-  j. Licensor means the individual(s) or entity(ies) granting rights
-     under this Public License.
-
-  k. Share means to provide material to the public by any means or
-     process that requires permission under the Licensed Rights, such
-     as reproduction, public display, public performance, distribution,
-     dissemination, communication, or importation, and to make material
-     available to the public including in ways that members of the
-     public may access the material from a place and at a time
-     individually chosen by them.
-
-  l. Sui Generis Database Rights means rights other than copyright
-     resulting from Directive 96/9/EC of the European Parliament and of
-     the Council of 11 March 1996 on the legal protection of databases,
-     as amended and/or succeeded, as well as other essentially
-     equivalent rights anywhere in the world.
-
-  m. You means the individual or entity exercising the Licensed Rights
-     under this Public License. Your has a corresponding meaning.
-
-
-Section 2 -- Scope.
-
-  a. License grant.
-
-       1. Subject to the terms and conditions of this Public License,
-          the Licensor hereby grants You a worldwide, royalty-free,
-          non-sublicensable, non-exclusive, irrevocable license to
-          exercise the Licensed Rights in the Licensed Material to:
-
-            a. reproduce and Share the Licensed Material, in whole or
-               in part; and
-
-            b. produce, reproduce, and Share Adapted Material.
-
-       2. Exceptions and Limitations. For the avoidance of doubt, where
-          Exceptions and Limitations apply to Your use, this Public
-          License does not apply, and You do not need to comply with
-          its terms and conditions.
-
-       3. Term. The term of this Public License is specified in Section
-          6(a).
-
-       4. Media and formats; technical modifications allowed. The
-          Licensor authorizes You to exercise the Licensed Rights in
-          all media and formats whether now known or hereafter created,
-          and to make technical modifications necessary to do so. The
-          Licensor waives and/or agrees not to assert any right or
-          authority to forbid You from making technical modifications
-          necessary to exercise the Licensed Rights, including
-          technical modifications necessary to circumvent Effective
-          Technological Measures. For purposes of this Public License,
-          simply making modifications authorized by this Section 2(a)
-          (4) never produces Adapted Material.
-
-       5. Downstream recipients.
-
-            a. Offer from the Licensor -- Licensed Material. Every
-               recipient of the Licensed Material automatically
-               receives an offer from the Licensor to exercise the
-               Licensed Rights under the terms and conditions of this
-               Public License.
-
-            b. Additional offer from the Licensor -- Adapted Material.
-               Every recipient of Adapted Material from You
-               automatically receives an offer from the Licensor to
-               exercise the Licensed Rights in the Adapted Material
-               under the conditions of the Adapter's License You apply.
-
-            c. No downstream restrictions. You may not offer or impose
-               any additional or different terms or conditions on, or
-               apply any Effective Technological Measures to, the
-               Licensed Material if doing so restricts exercise of the
-               Licensed Rights by any recipient of the Licensed
-               Material.
-
-       6. No endorsement. Nothing in this Public License constitutes or
-          may be construed as permission to assert or imply that You
-          are, or that Your use of the Licensed Material is, connected
-          with, or sponsored, endorsed, or granted official status by,
-          the Licensor or others designated to receive attribution as
-          provided in Section 3(a)(1)(A)(i).
-
-  b. Other rights.
-
-       1. Moral rights, such as the right of integrity, are not
-          licensed under this Public License, nor are publicity,
-          privacy, and/or other similar personality rights; however, to
-          the extent possible, the Licensor waives and/or agrees not to
-          assert any such rights held by the Licensor to the limited
-          extent necessary to allow You to exercise the Licensed
-          Rights, but not otherwise.
-
-       2. Patent and trademark rights are not licensed under this
-          Public License.
-
-       3. To the extent possible, the Licensor waives any right to
-          collect royalties from You for the exercise of the Licensed
-          Rights, whether directly or through a collecting society
-          under any voluntary or waivable statutory or compulsory
-          licensing scheme. In all other cases the Licensor expressly
-          reserves any right to collect such royalties.
-
-
-Section 3 -- License Conditions.
-
-Your exercise of the Licensed Rights is expressly made subject to the
-following conditions.
-
-  a. Attribution.
-
-       1. If You Share the Licensed Material (including in modified
-          form), You must:
-
-            a. retain the following if it is supplied by the Licensor
-               with the Licensed Material:
-
-                 i. identification of the creator(s) of the Licensed
-                    Material and any others designated to receive
-                    attribution, in any reasonable manner requested by
-                    the Licensor (including by pseudonym if
-                    designated);
-
-                ii. a copyright notice;
-
-               iii. a notice that refers to this Public License;
-
-                iv. a notice that refers to the disclaimer of
-                    warranties;
-
-                 v. a URI or hyperlink to the Licensed Material to the
-                    extent reasonably practicable;
-
-            b. indicate if You modified the Licensed Material and
-               retain an indication of any previous modifications; and
-
-            c. indicate the Licensed Material is licensed under this
-               Public License, and include the text of, or the URI or
-               hyperlink to, this Public License.
-
-       2. You may satisfy the conditions in Section 3(a)(1) in any
-          reasonable manner based on the medium, means, and context in
-          which You Share the Licensed Material. For example, it may be
-          reasonable to satisfy the conditions by providing a URI or
-          hyperlink to a resource that includes the required
-          information.
-
-       3. If requested by the Licensor, You must remove any of the
-          information required by Section 3(a)(1)(A) to the extent
-          reasonably practicable.
-
-  b. ShareAlike.
-
-     In addition to the conditions in Section 3(a), if You Share
-     Adapted Material You produce, the following conditions also apply.
-
-       1. The Adapter's License You apply must be a Creative Commons
-          license with the same License Elements, this version or
-          later, or a BY-SA Compatible License.
-
-       2. You must include the text of, or the URI or hyperlink to, the
-          Adapter's License You apply. You may satisfy this condition
-          in any reasonable manner based on the medium, means, and
-          context in which You Share Adapted Material.
-
-       3. You may not offer or impose any additional or different terms
-          or conditions on, or apply any Effective Technological
-          Measures to, Adapted Material that restrict exercise of the
-          rights granted under the Adapter's License You apply.
-
-
-Section 4 -- Sui Generis Database Rights.
-
-Where the Licensed Rights include Sui Generis Database Rights that
-apply to Your use of the Licensed Material:
-
-  a. for the avoidance of doubt, Section 2(a)(1) grants You the right
-     to extract, reuse, reproduce, and Share all or a substantial
-     portion of the contents of the database;
-
-  b. if You include all or a substantial portion of the database
-     contents in a database in which You have Sui Generis Database
-     Rights, then the database in which You have Sui Generis Database
-     Rights (but not its individual contents) is Adapted Material,
-
-     including for purposes of Section 3(b); and
-  c. You must comply with the conditions in Section 3(a) if You Share
-     all or a substantial portion of the contents of the database.
-
-For the avoidance of doubt, this Section 4 supplements and does not
-replace Your obligations under this Public License where the Licensed
-Rights include other Copyright and Similar Rights.
-
-
-Section 5 -- Disclaimer of Warranties and Limitation of Liability.
-
-  a. UNLESS OTHERWISE SEPARATELY UNDERTAKEN BY THE LICENSOR, TO THE
-     EXTENT POSSIBLE, THE LICENSOR OFFERS THE LICENSED MATERIAL AS-IS
-     AND AS-AVAILABLE, AND MAKES NO REPRESENTATIONS OR WARRANTIES OF
-     ANY KIND CONCERNING THE LICENSED MATERIAL, WHETHER EXPRESS,
-     IMPLIED, STATUTORY, OR OTHER. THIS INCLUDES, WITHOUT LIMITATION,
-     WARRANTIES OF TITLE, MERCHANTABILITY, FITNESS FOR A PARTICULAR
-     PURPOSE, NON-INFRINGEMENT, ABSENCE OF LATENT OR OTHER DEFECTS,
-     ACCURACY, OR THE PRESENCE OR ABSENCE OF ERRORS, WHETHER OR NOT
-     KNOWN OR DISCOVERABLE. WHERE DISCLAIMERS OF WARRANTIES ARE NOT
-     ALLOWED IN FULL OR IN PART, THIS DISCLAIMER MAY NOT APPLY TO YOU.
-
-  b. TO THE EXTENT POSSIBLE, IN NO EVENT WILL THE LICENSOR BE LIABLE
-     TO YOU ON ANY LEGAL THEORY (INCLUDING, WITHOUT LIMITATION,
-     NEGLIGENCE) OR OTHERWISE FOR ANY DIRECT, SPECIAL, INDIRECT,
-     INCIDENTAL, CONSEQUENTIAL, PUNITIVE, EXEMPLARY, OR OTHER LOSSES,
-     COSTS, EXPENSES, OR DAMAGES ARISING OUT OF THIS PUBLIC LICENSE OR
-     USE OF THE LICENSED MATERIAL, EVEN IF THE LICENSOR HAS BEEN
-     ADVISED OF THE POSSIBILITY OF SUCH LOSSES, COSTS, EXPENSES, OR
-     DAMAGES. WHERE A LIMITATION OF LIABILITY IS NOT ALLOWED IN FULL OR
-     IN PART, THIS LIMITATION MAY NOT APPLY TO YOU.
-
-  c. The disclaimer of warranties and limitation of liability provided
-     above shall be interpreted in a manner that, to the extent
-     possible, most closely approximates an absolute disclaimer and
-     waiver of all liability.
-
-
-Section 6 -- Term and Termination.
-
-  a. This Public License applies for the term of the Copyright and
-     Similar Rights licensed here. However, if You fail to comply with
-     this Public License, then Your rights under this Public License
-     terminate automatically.
-
-  b. Where Your right to use the Licensed Material has terminated under
-     Section 6(a), it reinstates:
-
-       1. automatically as of the date the violation is cured, provided
-          it is cured within 30 days of Your discovery of the
-          violation; or
-
-       2. upon express reinstatement by the Licensor.
-
-     For the avoidance of doubt, this Section 6(b) does not affect any
-     right the Licensor may have to seek remedies for Your violations
-     of this Public License.
-
-  c. For the avoidance of doubt, the Licensor may also offer the
-     Licensed Material under separate terms or conditions or stop
-     distributing the Licensed Material at any time; however, doing so
-     will not terminate this Public License.
-
-  d. Sections 1, 5, 6, 7, and 8 survive termination of this Public
-     License.
-
-
-Section 7 -- Other Terms and Conditions.
-
-  a. The Licensor shall not be bound by any additional or different
-     terms or conditions communicated by You unless expressly agreed.
-
-  b. Any arrangements, understandings, or agreements regarding the
-     Licensed Material not stated herein are separate from and
-     independent of the terms and conditions of this Public License.
-
-
-Section 8 -- Interpretation.
-
-  a. For the avoidance of doubt, this Public License does not, and
-     shall not be interpreted to, reduce, limit, restrict, or impose
-     conditions on any use of the Licensed Material that could lawfully
-     be made without permission under this Public License.
-
-  b. To the extent possible, if any provision of this Public License is
-     deemed unenforceable, it shall be automatically reformed to the
-     minimum extent necessary to make it enforceable. If the provision
-     cannot be reformed, it shall be severed from this Public License
-     without affecting the enforceability of the remaining terms and
-     conditions.
-
-  c. No term or condition of this Public License will be waived and no
-     failure to comply consented to unless expressly agreed to by the
-     Licensor.
-
-  d. Nothing in this Public License constitutes or may be interpreted
-     as a limitation upon, or waiver of, any privileges and immunities
-     that apply to the Licensor or You, including from the legal
-     processes of any jurisdiction or authority.
-
-
-=======================================================================
-
-Creative Commons is not a party to its public
-licenses. Notwithstanding, Creative Commons may elect to apply one of
-its public licenses to material it publishes and in those instances
-will be considered the “Licensor.” The text of the Creative Commons
-public licenses is dedicated to the public domain under the CC0 Public
-Domain Dedication. Except for the limited purpose of indicating that
-material is shared under a Creative Commons public license or as
-otherwise permitted by the Creative Commons policies published at
-creativecommons.org/policies, Creative Commons does not authorize the
-use of the trademark "Creative Commons" or any other trademark or logo
-of Creative Commons without its prior written consent including,
-without limitation, in connection with any unauthorized modifications
-to any of its public licenses or any other arrangements,
-understandings, or agreements concerning use of licensed material. For
-the avoidance of doubt, this paragraph does not form part of the
-public licenses.
-
-Creative Commons may be contacted at creativecommons.org.

audits/Trail of Bits ethereum contracts April 2025/README.md

@@ -11,4 +11,4 @@ It is encompassing up to commit 4e0c58464fc4673623938335f06e2e9ea96ca8dd.
 
 Please see
 https://github.com/trailofbits/publications/blob/30c4fa3ebf39ff8e4d23ba9567344ec9691697b5/reviews/2025-04-serai-dex-security-review.pdf
-for provenance.
+for the actual report.

audits/crypto/dkg/evrf/README.md

@@ -0,0 +1,50 @@
+# eVRF DKG
+
+In 2024, the [eVRF paper](https://eprint.iacr.org/2024/397) was published to
+the IACR preprint server. Within it was a one-round unbiased DKG and a
+one-round unbiased threshold DKG. Unfortunately, both simply describe
+communication of the secret shares as 'Alice sends $s_b$ to Bob'. This causes,
+in practice, the need for an additional round of communication to occur where
+all participants confirm they received their secret shares.
+
+Within Serai, it was posited to use the same premises as the DDH eVRF itself to
+achieve a verifiable encryption scheme. This allows the secret shares to be
+posted to any 'bulletin board' (such as a blockchain) and for all observers to
+confirm:
+
+- A participant participated
+- The secret shares sent can be received by the intended recipient so long as
+  they can access the bulletin board
+
+Additionally, Serai desired a robust scheme (albeit with an biased key as the
+output, which is fine for our purposes). Accordingly, our implementation
+instantiates the threshold eVRF DKG from the eVRF paper, with our own proposal
+for verifiable encryption, with the caller allowed to decide the set of
+participants. They may:
+
+- Select everyone, collapsing to the non-threshold unbiased DKG from the eVRF
+  paper
+- Select a pre-determined set, collapsing to the threshold unbaised DKG from
+  the eVRF paper
+- Select a post-determined set (with any solution for the Common Subset
+  problem), allowing achieving a robust threshold biased DKG
+
+Note that the eVRF paper proposes using the eVRF to sample coefficients yet
+this is unnecessary when the resulting key will be biased. Any proof of
+knowledge for the coefficients, as necessary for their extraction within the
+security proofs, would be sufficient.
+
+MAGIC Grants contracted HashCloak to formalize Serai's proposal for a DKG and
+provide proofs for its security. This resulted in
+[this paper](<./Security Proofs.pdf>).
+
+Our implementation itself is then built on top of the audited
+[`generalized-bulletproofs`](https://github.com/kayabaNerve/monero-oxide/tree/generalized-bulletproofs/audits/crypto/generalized-bulletproofs)
+and
+[`generalized-bulletproofs-ec-gadgets`](https://github.com/monero-oxide/monero-oxide/tree/fcmp%2B%2B/audits/fcmps).
+
+Note we do not use the originally premised DDH eVRF yet the one premised on
+elliptic curve divisors, the methodology of which is commented on
+[here](https://github.com/monero-oxide/monero-oxide/tree/fcmp%2B%2B/audits/divisors).
+
+Our implementation itself is unaudited at this time however.

common/db/Cargo.toml

@@ -7,7 +7,7 @@ repository = "https://github.com/serai-dex/serai/tree/develop/common/db"
 authors = ["Luke Parker <lukeparker5132@gmail.com>"]
 keywords = []
 edition = "2021"
-rust-version = "1.71"
+rust-version = "1.65"
 
 [package.metadata.docs.rs]
 all-features = true
@@ -17,8 +17,8 @@ rustdoc-args = ["--cfg", "docsrs"]
 workspace = true
 
 [dependencies]
-parity-db = { version = "0.4", default-features = false, optional = true }
-rocksdb = { version = "0.23", default-features = false, features = ["zstd"], optional = true }
+parity-db = { version = "0.5", default-features = false, optional = true }
+rocksdb = { version = "0.24", default-features = false, features = ["zstd"], optional = true }
 
 [features]
 parity-db = ["dep:parity-db"]

common/db/LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2022-2023 Luke Parker
+Copyright (c) 2022-2025 Luke Parker
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

common/env/Cargo.toml

@@ -7,7 +7,7 @@ repository = "https://github.com/serai-dex/serai/tree/develop/common/env"
 authors = ["Luke Parker <lukeparker5132@gmail.com>"]
 keywords = []
 edition = "2021"
-rust-version = "1.71"
+rust-version = "1.64"
 
 [package.metadata.docs.rs]
 all-features = true

common/env/LICENSE

@@ -1,6 +1,6 @@
 AGPL-3.0-only license
 
-Copyright (c) 2023 Luke Parker
+Copyright (c) 2023-2025 Luke Parker
 
 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU Affero General Public License Version 3 as

common/env/src/lib.rs

@@ -1,5 +1,5 @@
 #![cfg_attr(docsrs, feature(doc_cfg))]
-#![cfg_attr(docsrs, feature(doc_auto_cfg))]
+#![cfg_attr(docsrs, feature(doc_cfg))]
 
 // Obtain a variable from the Serai environment/secret store.
 pub fn var(variable: &str) -> Option<String> {

common/patchable-async-sleep/Cargo.toml

@@ -7,7 +7,7 @@ repository = "https://github.com/serai-dex/serai/tree/develop/common/patchable-a
 authors = ["Luke Parker <lukeparker5132@gmail.com>"]
 keywords = ["async", "sleep", "tokio", "smol", "async-std"]
 edition = "2021"
-rust-version = "1.71"
+rust-version = "1.70"
 
 [package.metadata.docs.rs]
 all-features = true

common/patchable-async-sleep/LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2024 Luke Parker
+Copyright (c) 2024-2025 Luke Parker
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

common/patchable-async-sleep/src/lib.rs

@@ -1,4 +1,4 @@
-#![cfg_attr(docsrs, feature(doc_auto_cfg))]
+#![cfg_attr(docsrs, feature(doc_cfg))]
 #![doc = include_str!("../README.md")]
 #![deny(missing_docs)]
 

common/request/Cargo.toml

@@ -1,9 +1,9 @@
 [package]
 name = "simple-request"
-version = "0.1.0"
+version = "0.3.0"
 description = "A simple HTTP(S) request library"
 license = "MIT"
-repository = "https://github.com/serai-dex/serai/tree/develop/common/simple-request"
+repository = "https://github.com/serai-dex/serai/tree/develop/common/request"
 authors = ["Luke Parker <lukeparker5132@gmail.com>"]
 keywords = ["http", "https", "async", "request", "ssl"]
 edition = "2021"
@@ -19,9 +19,10 @@ workspace = true
 [dependencies]
 tower-service = { version = "0.3", default-features = false }
 hyper = { version = "1", default-features = false, features = ["http1", "client"] }
-hyper-util = { version = "0.1", default-features = false, features = ["http1", "client-legacy", "tokio"] }
+hyper-util = { version = "0.1", default-features = false, features = ["http1", "client-legacy"] }
 http-body-util = { version = "0.1", default-features = false }
-tokio = { version = "1", default-features = false }
+futures-util = { version = "0.3", default-features = false, features = ["std"] }
+tokio = { version = "1", default-features = false, features = ["sync"] }
 
 hyper-rustls = { version = "0.27", default-features = false, features = ["http1", "ring", "rustls-native-certs", "native-tokio"], optional = true }
 
@@ -29,6 +30,8 @@ zeroize = { version = "1", optional = true }
 base64ct = { version = "1", features = ["alloc"], optional = true }
 
 [features]
-tls = ["hyper-rustls"]
+tokio = ["hyper-util/tokio"]
+tls = ["tokio", "hyper-rustls"]
+webpki-roots = ["tls", "hyper-rustls/webpki-roots"]
 basic-auth = ["zeroize", "base64ct"]
 default = ["tls"]

common/request/LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2023 Luke Parker
+Copyright (c) 2023-2025 Luke Parker
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

common/request/src/lib.rs

@@ -1,19 +1,20 @@
-#![cfg_attr(docsrs, feature(doc_auto_cfg))]
+#![cfg_attr(docsrs, feature(doc_cfg))]
 #![doc = include_str!("../README.md")]
 
+use core::{pin::Pin, future::Future};
 use std::sync::Arc;
 
-use tokio::sync::Mutex;
+use futures_util::FutureExt;
+use ::tokio::sync::Mutex;
 
 use tower_service::Service as TowerService;
+use hyper::{Uri, header::HeaderValue, body::Bytes, client::conn::http1::SendRequest, rt::Executor};
+pub use hyper;
+
+use hyper_util::client::legacy::{Client as HyperClient, connect::HttpConnector};
+
 #[cfg(feature = "tls")]
 use hyper_rustls::{HttpsConnectorBuilder, HttpsConnector};
-use hyper::{Uri, header::HeaderValue, body::Bytes, client::conn::http1::SendRequest};
-use hyper_util::{
-  rt::tokio::TokioExecutor,
-  client::legacy::{Client as HyperClient, connect::HttpConnector},
-};
-pub use hyper;
 
 mod request;
 pub use request::*;
@@ -37,52 +38,86 @@ type Connector = HttpConnector;
 type Connector = HttpsConnector<HttpConnector>;
 
 #[derive(Clone, Debug)]
-enum Connection {
+enum Connection<
+  E: 'static + Send + Sync + Clone + Executor<Pin<Box<dyn Send + Future<Output = ()>>>>,
+> {
   ConnectionPool(HyperClient<Connector, Full<Bytes>>),
   Connection {
+    executor: E,
     connector: Connector,
     host: Uri,
     connection: Arc<Mutex<Option<SendRequest<Full<Bytes>>>>>,
   },
 }
 
+/// An HTTP client.
+///
+/// `tls` is only guaranteed to work when using the `tokio` executor. Instantiating a client when
+/// the `tls` feature is active without using the `tokio` executor will cause errors.
 #[derive(Clone, Debug)]
-pub struct Client {
-  connection: Connection,
+pub struct Client<
+  E: 'static + Send + Sync + Clone + Executor<Pin<Box<dyn Send + Future<Output = ()>>>>,
+> {
+  connection: Connection<E>,
 }
 
-impl Client {
-  fn connector() -> Connector {
+impl<E: 'static + Send + Sync + Clone + Executor<Pin<Box<dyn Send + Future<Output = ()>>>>>
+  Client<E>
+{
+  #[allow(clippy::unnecessary_wraps)]
+  fn connector() -> Result<Connector, Error> {
     let mut res = HttpConnector::new();
     res.set_keepalive(Some(core::time::Duration::from_secs(60)));
     res.set_nodelay(true);
     res.set_reuse_address(true);
+
+    #[cfg(feature = "tls")]
+    if core::any::TypeId::of::<E>() !=
+      core::any::TypeId::of::<hyper_util::rt::tokio::TokioExecutor>()
+    {
+      Err(Error::ConnectionError(
+        "`tls` feature enabled but not using the `tokio` executor".into(),
+      ))?;
+    }
+
     #[cfg(feature = "tls")]
     res.enforce_http(false);
     #[cfg(feature = "tls")]
-    let res = HttpsConnectorBuilder::new()
-      .with_native_roots()
-      .expect("couldn't fetch system's SSL roots")
-      .https_or_http()
-      .enable_http1()
-      .wrap_connector(res);
-    res
+    let https = HttpsConnectorBuilder::new().with_native_roots();
+    #[cfg(all(feature = "tls", not(feature = "webpki-roots")))]
+    let https = https.map_err(|e| {
+      Error::ConnectionError(
+        format!("couldn't load system's SSL root certificates and webpki-roots unavilable: {e:?}")
+          .into(),
+      )
+    })?;
+    // Fallback to `webpki-roots` if present
+    #[cfg(all(feature = "tls", feature = "webpki-roots"))]
+    let https = https.unwrap_or(HttpsConnectorBuilder::new().with_webpki_roots());
+    #[cfg(feature = "tls")]
+    let res = https.https_or_http().enable_http1().wrap_connector(res);
+
+    Ok(res)
   }
 
-  pub fn with_connection_pool() -> Client {
-    Client {
+  pub fn with_executor_and_connection_pool(executor: E) -> Result<Client<E>, Error> {
+    Ok(Client {
       connection: Connection::ConnectionPool(
-        HyperClient::builder(TokioExecutor::new())
+        HyperClient::builder(executor)
           .pool_idle_timeout(core::time::Duration::from_secs(60))
-          .build(Self::connector()),
+          .build(Self::connector()?),
       ),
-    }
+    })
   }
 
-  pub fn without_connection_pool(host: &str) -> Result<Client, Error> {
+  pub fn with_executor_and_without_connection_pool(
+    executor: E,
+    host: &str,
+  ) -> Result<Client<E>, Error> {
     Ok(Client {
       connection: Connection::Connection {
-        connector: Self::connector(),
+        executor,
+        connector: Self::connector()?,
         host: {
           let uri: Uri = host.parse().map_err(|_| Error::InvalidUri)?;
           if uri.host().is_none() {
@@ -95,9 +130,9 @@ impl Client {
     })
   }
 
-  pub async fn request<R: Into<Request>>(&self, request: R) -> Result<Response<'_>, Error> {
+  pub async fn request<R: Into<Request>>(&self, request: R) -> Result<Response<'_, E>, Error> {
     let request: Request = request.into();
-    let mut request = request.0;
+    let Request { mut request, response_size_limit } = request;
     if let Some(header_host) = request.headers().get(hyper::header::HOST) {
       match &self.connection {
         Connection::ConnectionPool(_) => {}
@@ -131,7 +166,7 @@ impl Client {
       Connection::ConnectionPool(client) => {
         client.request(request).await.map_err(Error::HyperUtil)?
       }
-      Connection::Connection { connector, host, connection } => {
+      Connection::Connection { executor, connector, host, connection } => {
         let mut connection_lock = connection.lock().await;
 
         // If there's not a connection...
@@ -143,28 +178,46 @@ impl Client {
           let call_res = call_res.map_err(Error::ConnectionError);
           let (requester, connection) =
             hyper::client::conn::http1::handshake(call_res?).await.map_err(Error::Hyper)?;
-          // This will die when we drop the requester, so we don't need to track an AbortHandle
-          // for it
-          tokio::spawn(connection);
+          // This task will die when we drop the requester
+          executor.execute(Box::pin(connection.map(|_| ())));
           *connection_lock = Some(requester);
         }
 
-        let connection = connection_lock.as_mut().unwrap();
+        let connection = connection_lock.as_mut().expect("lock over the connection was poisoned");
         let mut err = connection.ready().await.err();
         if err.is_none() {
           // Send the request
-          let res = connection.send_request(request).await;
-          if let Ok(res) = res {
-            return Ok(Response(res, self));
+          let response = connection.send_request(request).await;
+          if let Ok(response) = response {
+            return Ok(Response { response, size_limit: response_size_limit, client: self });
           }
-          err = res.err();
+          err = response.err();
         }
         // Since this connection has been put into an error state, drop it
         *connection_lock = None;
-        Err(Error::Hyper(err.unwrap()))?
+        Err(Error::Hyper(err.expect("only here if `err` is some yet no error")))?
       }
     };
 
-    Ok(Response(response, self))
+    Ok(Response { response, size_limit: response_size_limit, client: self })
   }
 }
+
+#[cfg(feature = "tokio")]
+mod tokio {
+  use hyper_util::rt::tokio::TokioExecutor;
+  use super::*;
+
+  pub type TokioClient = Client<TokioExecutor>;
+  impl Client<TokioExecutor> {
+    pub fn with_connection_pool() -> Result<Self, Error> {
+      Self::with_executor_and_connection_pool(TokioExecutor::new())
+    }
+
+    pub fn without_connection_pool(host: &str) -> Result<Self, Error> {
+      Self::with_executor_and_without_connection_pool(TokioExecutor::new(), host)
+    }
+  }
+}
+#[cfg(feature = "tokio")]
+pub use tokio::TokioClient;

common/request/src/request.rs

@@ -7,11 +7,15 @@ pub use http_body_util::Full;
 use crate::Error;
 
 #[derive(Debug)]
-pub struct Request(pub(crate) hyper::Request<Full<Bytes>>);
+pub struct Request {
+  pub(crate) request: hyper::Request<Full<Bytes>>,
+  pub(crate) response_size_limit: Option<usize>,
+}
+
 impl Request {
   #[cfg(feature = "basic-auth")]
   fn username_password_from_uri(&self) -> Result<(String, String), Error> {
-    if let Some(authority) = self.0.uri().authority() {
+    if let Some(authority) = self.request.uri().authority() {
       let authority = authority.as_str();
       if authority.contains('@') {
         // Decode the username and password from the URI
@@ -36,9 +40,10 @@ impl Request {
     let mut formatted = format!("{username}:{password}");
     let mut encoded = Base64::encode_string(formatted.as_bytes());
     formatted.zeroize();
-    self.0.headers_mut().insert(
+    self.request.headers_mut().insert(
       hyper::header::AUTHORIZATION,
-      HeaderValue::from_str(&format!("Basic {encoded}")).unwrap(),
+      HeaderValue::from_str(&format!("Basic {encoded}"))
+        .expect("couldn't form header from base64-encoded string"),
     );
     encoded.zeroize();
   }
@@ -59,9 +64,17 @@ impl Request {
   pub fn with_basic_auth(&mut self) {
     let _ = self.basic_auth_from_uri();
   }
-}
-impl From<hyper::Request<Full<Bytes>>> for Request {
-  fn from(request: hyper::Request<Full<Bytes>>) -> Request {
-    Request(request)
+
+  /// Set a size limit for the response.
+  ///
+  /// This may be exceeded by a single HTTP frame and accordingly isn't perfect.
+  pub fn set_response_size_limit(&mut self, response_size_limit: Option<usize>) {
+    self.response_size_limit = response_size_limit;
+  }
+}
+
+impl From<hyper::Request<Full<Bytes>>> for Request {
+  fn from(request: hyper::Request<Full<Bytes>>) -> Request {
+    Request { request, response_size_limit: None }
   }
 }

common/request/src/response.rs

@@ -1,24 +1,54 @@
+use core::{pin::Pin, future::Future};
+use std::io;
+
 use hyper::{
   StatusCode,
   header::{HeaderValue, HeaderMap},
-  body::{Buf, Incoming},
+  body::Incoming,
+  rt::Executor,
 };
 use http_body_util::BodyExt;
 
+use futures_util::{Stream, StreamExt};
+
 use crate::{Client, Error};
 
 // Borrows the client so its async task lives as long as this response exists.
 #[allow(dead_code)]
 #[derive(Debug)]
-pub struct Response<'a>(pub(crate) hyper::Response<Incoming>, pub(crate) &'a Client);
-impl Response<'_> {
+pub struct Response<
+  'a,
+  E: 'static + Send + Sync + Clone + Executor<Pin<Box<dyn Send + Future<Output = ()>>>>,
+> {
+  pub(crate) response: hyper::Response<Incoming>,
+  pub(crate) size_limit: Option<usize>,
+  pub(crate) client: &'a Client<E>,
+}
+
+impl<E: 'static + Send + Sync + Clone + Executor<Pin<Box<dyn Send + Future<Output = ()>>>>>
+  Response<'_, E>
+{
   pub fn status(&self) -> StatusCode {
-    self.0.status()
+    self.response.status()
   }
   pub fn headers(&self) -> &HeaderMap<HeaderValue> {
-    self.0.headers()
+    self.response.headers()
   }
   pub async fn body(self) -> Result<impl std::io::Read, Error> {
-    Ok(self.0.into_body().collect().await.map_err(Error::Hyper)?.aggregate().reader())
+    let mut body = self.response.into_body().into_data_stream();
+    let mut res: Vec<u8> = vec![];
+    loop {
+      if let Some(size_limit) = self.size_limit {
+        let (lower, upper) = body.size_hint();
+        if res.len().wrapping_add(upper.unwrap_or(lower)) > size_limit.min(usize::MAX - 1) {
+          Err(Error::ConnectionError("response exceeded size limit".into()))?;
+        }
+      }
+
+      let Some(part) = body.next().await else { break };
+      let part = part.map_err(Error::Hyper)?;
+      res.extend(part.as_ref());
+    }
+    Ok(io::Cursor::new(res))
   }
 }

common/std-shims/Cargo.toml

@@ -1,13 +1,13 @@
 [package]
 name = "std-shims"
-version = "0.1.1"
+version = "0.1.5"
 description = "A series of std shims to make alloc more feasible"
 license = "MIT"
 repository = "https://github.com/serai-dex/serai/tree/develop/common/std-shims"
 authors = ["Luke Parker <lukeparker5132@gmail.com>"]
 keywords = ["nostd", "no_std", "alloc", "io"]
 edition = "2021"
-rust-version = "1.80"
+rust-version = "1.65"
 
 [package.metadata.docs.rs]
 all-features = true
@@ -17,9 +17,11 @@ rustdoc-args = ["--cfg", "docsrs"]
 workspace = true
 
 [dependencies]
-spin = { version = "0.9", default-features = false, features = ["use_ticket_mutex", "lazy"] }
-hashbrown = { version = "0.15", default-features = false, features = ["default-hasher", "inline-more"] }
+rustversion = { version = "1", default-features = false }
+spin = { version = "0.10", default-features = false, features = ["use_ticket_mutex", "fair_mutex", "once", "lazy"] }
+hashbrown = { version = "0.16", default-features = false, features = ["default-hasher", "inline-more"], optional = true }
 
 [features]
-std = []
+alloc = ["hashbrown"]
+std = ["alloc", "spin/std"]
 default = ["std"]

common/std-shims/LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2023 Luke Parker
+Copyright (c) 2023-2025 Luke Parker
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

common/std-shims/README.md

@@ -1,6 +1,28 @@
-# std shims
+# `std` shims
 
-A crate which passes through to std when the default `std` feature is enabled,
-yet provides a series of shims when it isn't.
+`std-shims` is a Rust crate with two purposes:
+- Expand the functionality of `core` and `alloc`
+- Polyfill functionality only available on newer version of Rust
 
-`HashSet` and `HashMap` are provided via `hashbrown`.
+The goal is to make supporting no-`std` environments, and older versions of
+Rust, as simple as possible. For most use cases, replacing `std::` with
+`std_shims::` and adding `use std_shims::prelude::*` is sufficient to take full
+advantage of `std-shims`.
+
+# API Surface
+
+`std-shims` only aims to have items _mutually available_ between `alloc` (with
+extra dependencies) and `std` publicly exposed. Items exclusive to `std`, with
+no shims available, will not be exported by `std-shims`.
+
+# Dependencies
+
+`HashSet` and `HashMap` are provided via `hashbrown`. Synchronization
+primitives are provided via `spin` (avoiding a requirement on
+`critical-section`). Sections of `std::io` are independently matched as
+possible. `rustversion` is used to detect when to provide polyfills.
+
+# Disclaimer
+
+No guarantee of one-to-one parity is provided. The shims provided aim to be
+sufficient for the average case. Pull requests are _welcome_.

common/std-shims/src/collections.rs

@@ -1,7 +1,7 @@
+#[cfg(all(feature = "alloc", not(feature = "std")))]
+pub use extern_alloc::collections::*;
+#[cfg(all(feature = "alloc", not(feature = "std")))]
+pub use hashbrown::{HashSet, HashMap};
+
 #[cfg(feature = "std")]
 pub use std::collections::*;
-
-#[cfg(not(feature = "std"))]
-pub use alloc::collections::*;
-#[cfg(not(feature = "std"))]
-pub use hashbrown::{HashSet, HashMap};

common/std-shims/src/io.rs

@@ -1,42 +1,74 @@
-#[cfg(feature = "std")]
-pub use std::io::*;
-
 #[cfg(not(feature = "std"))]
 mod shims {
-  use core::fmt::{Debug, Formatter};
-  use alloc::{boxed::Box, vec::Vec};
+  use core::fmt::{self, Debug, Display, Formatter};
+  #[cfg(feature = "alloc")]
+  use extern_alloc::{boxed::Box, vec::Vec};
+  use crate::error::Error as CoreError;
 
+  /// The kind of error.
   #[derive(Clone, Copy, PartialEq, Eq, Debug)]
   pub enum ErrorKind {
     UnexpectedEof,
     Other,
   }
 
+  /// An error.
+  #[derive(Debug)]
   pub struct Error {
     kind: ErrorKind,
-    error: Box<dyn Send + Sync>,
+    #[cfg(feature = "alloc")]
+    error: Box<dyn Send + Sync + CoreError>,
   }
 
-  impl Debug for Error {
-    fn fmt(&self, fmt: &mut Formatter<'_>) -> core::result::Result<(), core::fmt::Error> {
-      fmt.debug_struct("Error").field("kind", &self.kind).finish_non_exhaustive()
+  impl Display for Error {
+    fn fmt(&self, f: &mut Formatter<'_>) -> fmt::Result {
+      <Self as Debug>::fmt(self, f)
     }
   }
+  impl CoreError for Error {}
+
+  #[cfg(not(feature = "alloc"))]
+  pub trait IntoBoxSendSyncError {}
+  #[cfg(not(feature = "alloc"))]
+  impl<I> IntoBoxSendSyncError for I {}
+  #[cfg(feature = "alloc")]
+  pub trait IntoBoxSendSyncError: Into<Box<dyn Send + Sync + CoreError>> {}
+  #[cfg(feature = "alloc")]
+  impl<I: Into<Box<dyn Send + Sync + CoreError>>> IntoBoxSendSyncError for I {}
 
   impl Error {
-    pub fn new<E: 'static + Send + Sync>(kind: ErrorKind, error: E) -> Error {
-      Error { kind, error: Box::new(error) }
+    /// Create a new error.
+    ///
+    /// The error object itself is silently dropped when `alloc` is not enabled.
+    #[allow(unused)]
+    pub fn new<E: 'static + IntoBoxSendSyncError>(kind: ErrorKind, error: E) -> Error {
+      #[cfg(not(feature = "alloc"))]
+      let res = Error { kind };
+      #[cfg(feature = "alloc")]
+      let res = Error { kind, error: error.into() };
+      res
     }
 
-    pub fn other<E: 'static + Send + Sync>(error: E) -> Error {
-      Error { kind: ErrorKind::Other, error: Box::new(error) }
+    /// Create a new error with `io::ErrorKind::Other` as its kind.
+    ///
+    /// The error object itself is silently dropped when `alloc` is not enabled.
+    #[allow(unused)]
+    pub fn other<E: 'static + IntoBoxSendSyncError>(error: E) -> Error {
+      #[cfg(not(feature = "alloc"))]
+      let res = Error { kind: ErrorKind::Other };
+      #[cfg(feature = "alloc")]
+      let res = Error { kind: ErrorKind::Other, error: error.into() };
+      res
     }
 
+    /// The kind of error.
     pub fn kind(&self) -> ErrorKind {
       self.kind
     }
 
-    pub fn into_inner(self) -> Option<Box<dyn Send + Sync>> {
+    /// Retrieve the inner error.
+    #[cfg(feature = "alloc")]
+    pub fn into_inner(self) -> Option<Box<dyn Send + Sync + CoreError>> {
       Some(self.error)
     }
   }
@@ -64,6 +96,12 @@ mod shims {
     }
   }
 
+  impl<R: Read> Read for &mut R {
+    fn read(&mut self, buf: &mut [u8]) -> Result<usize> {
+      R::read(*self, buf)
+    }
+  }
+
   pub trait BufRead: Read {
     fn fill_buf(&mut self) -> Result<&[u8]>;
     fn consume(&mut self, amt: usize);
@@ -88,6 +126,7 @@ mod shims {
     }
   }
 
+  #[cfg(feature = "alloc")]
   impl Write for Vec<u8> {
     fn write(&mut self, buf: &[u8]) -> Result<usize> {
       self.extend(buf);
@@ -95,6 +134,8 @@ mod shims {
     }
   }
 }
-
 #[cfg(not(feature = "std"))]
 pub use shims::*;
+
+#[cfg(feature = "std")]
+pub use std::io::{ErrorKind, Error, Result, Read, BufRead, Write};

common/std-shims/src/lib.rs

@@ -1,13 +1,102 @@
-#![cfg_attr(docsrs, feature(doc_auto_cfg))]
+#![cfg_attr(docsrs, feature(doc_cfg))]
 #![doc = include_str!("../README.md")]
 #![cfg_attr(not(feature = "std"), no_std)]
 
-pub extern crate alloc;
+#[cfg(not(feature = "alloc"))]
+pub use core::*;
+#[cfg(not(feature = "alloc"))]
+pub use core::{alloc, borrow, ffi, fmt, slice, str, task};
+
+#[cfg(not(feature = "std"))]
+#[rustversion::before(1.81)]
+pub mod error {
+  use core::fmt::Debug::Display;
+  pub trait Error: Debug + Display {}
+}
+#[cfg(not(feature = "std"))]
+#[rustversion::since(1.81)]
+pub use core::error;
+
+#[cfg(feature = "alloc")]
+extern crate alloc as extern_alloc;
+#[cfg(all(feature = "alloc", not(feature = "std")))]
+pub use extern_alloc::{alloc, borrow, boxed, ffi, fmt, rc, slice, str, string, task, vec, format};
+#[cfg(feature = "std")]
+pub use std::{alloc, borrow, boxed, error, ffi, fmt, rc, slice, str, string, task, vec, format};
 
-pub mod sync;
 pub mod collections;
 pub mod io;
+pub mod sync;
 
-pub use alloc::vec;
-pub use alloc::str;
-pub use alloc::string;
+pub mod prelude {
+  // Shim the `std` prelude
+  #[cfg(feature = "alloc")]
+  pub use extern_alloc::{
+    format, vec,
+    borrow::ToOwned,
+    boxed::Box,
+    vec::Vec,
+    string::{String, ToString},
+  };
+
+  // Shim `div_ceil`
+  #[rustversion::before(1.73)]
+  #[doc(hidden)]
+  pub trait StdShimsDivCeil {
+    fn div_ceil(self, rhs: Self) -> Self;
+  }
+  #[rustversion::before(1.73)]
+  mod impl_divceil {
+    use super::StdShimsDivCeil;
+    impl StdShimsDivCeil for u8 {
+      fn div_ceil(self, rhs: Self) -> Self {
+        (self + (rhs - 1)) / rhs
+      }
+    }
+    impl StdShimsDivCeil for u16 {
+      fn div_ceil(self, rhs: Self) -> Self {
+        (self + (rhs - 1)) / rhs
+      }
+    }
+    impl StdShimsDivCeil for u32 {
+      fn div_ceil(self, rhs: Self) -> Self {
+        (self + (rhs - 1)) / rhs
+      }
+    }
+    impl StdShimsDivCeil for u64 {
+      fn div_ceil(self, rhs: Self) -> Self {
+        (self + (rhs - 1)) / rhs
+      }
+    }
+    impl StdShimsDivCeil for u128 {
+      fn div_ceil(self, rhs: Self) -> Self {
+        (self + (rhs - 1)) / rhs
+      }
+    }
+    impl StdShimsDivCeil for usize {
+      fn div_ceil(self, rhs: Self) -> Self {
+        (self + (rhs - 1)) / rhs
+      }
+    }
+  }
+
+  // Shim `io::Error::other`
+  #[cfg(feature = "std")]
+  #[rustversion::before(1.74)]
+  #[doc(hidden)]
+  pub trait StdShimsIoErrorOther {
+    fn other<E>(error: E) -> Self
+    where
+      E: Into<Box<dyn std::error::Error + Send + Sync>>;
+  }
+  #[cfg(feature = "std")]
+  #[rustversion::before(1.74)]
+  impl StdShimsIoErrorOther for std::io::Error {
+    fn other<E>(error: E) -> Self
+    where
+      E: Into<Box<dyn std::error::Error + Send + Sync>>,
+    {
+      std::io::Error::new(std::io::ErrorKind::Other, error)
+    }
+  }
+}

common/std-shims/src/sync.rs

@@ -1,19 +1,28 @@
-pub use core::sync::*;
-pub use alloc::sync::*;
+pub use core::sync::atomic;
+#[cfg(all(feature = "alloc", not(feature = "std")))]
+pub use extern_alloc::sync::{Arc, Weak};
+#[cfg(feature = "std")]
+pub use std::sync::{Arc, Weak};
 
 mod mutex_shim {
-  #[cfg(feature = "std")]
-  pub use std::sync::*;
   #[cfg(not(feature = "std"))]
-  pub use spin::*;
+  pub use spin::{Mutex, MutexGuard};
+  #[cfg(feature = "std")]
+  pub use std::sync::{Mutex, MutexGuard};
 
+  /// A shimmed `Mutex` with an API mutual to `spin` and `std`.
   #[derive(Default, Debug)]
   pub struct ShimMutex<T>(Mutex<T>);
   impl<T> ShimMutex<T> {
+    /// Construct a new `Mutex`.
     pub const fn new(value: T) -> Self {
       Self(Mutex::new(value))
     }
 
+    /// Acquire a lock on the contents of the `Mutex`.
+    ///
+    /// On no-`std` environments, this may spin until the lock is acquired. On `std` environments,
+    /// this may panic if the `Mutex` was poisoned.
     pub fn lock(&self) -> MutexGuard<'_, T> {
       #[cfg(feature = "std")]
       let res = self.0.lock().unwrap();
@@ -25,7 +34,12 @@ mod mutex_shim {
 }
 pub use mutex_shim::{ShimMutex as Mutex, MutexGuard};
 
-#[cfg(feature = "std")]
-pub use std::sync::LazyLock;
+#[rustversion::before(1.80)]
+pub use spin::Lazy as LazyLock;
+
+#[rustversion::since(1.80)]
 #[cfg(not(feature = "std"))]
 pub use spin::Lazy as LazyLock;
+#[rustversion::since(1.80)]
+#[cfg(feature = "std")]
+pub use std::sync::LazyLock;

common/task/LICENSE

@@ -1,6 +1,6 @@
 AGPL-3.0-only license
 
-Copyright (c) 2022-2024 Luke Parker
+Copyright (c) 2022-2025 Luke Parker
 
 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU Affero General Public License Version 3 as

common/task/src/lib.rs

@@ -1,4 +1,4 @@
-#![cfg_attr(docsrs, feature(doc_auto_cfg))]
+#![cfg_attr(docsrs, feature(doc_cfg))]
 #![doc = include_str!("../README.md")]
 #![deny(missing_docs)]
 

common/zalloc/Cargo.toml

@@ -7,7 +7,9 @@ repository = "https://github.com/serai-dex/serai/tree/develop/common/zalloc"
 authors = ["Luke Parker <lukeparker5132@gmail.com>"]
 keywords = []
 edition = "2021"
-rust-version = "1.77"
+# This must be specified with the patch version, else Rust believes `1.77` < `1.77.0` and will
+# refuse to compile due to relying on versions introduced with `1.77.0`
+rust-version = "1.77.0"
 
 [package.metadata.docs.rs]
 all-features = true

common/zalloc/LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2022-2023 Luke Parker
+Copyright (c) 2022-2025 Luke Parker
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

common/zalloc/src/lib.rs

@@ -1,5 +1,5 @@
 #![cfg_attr(docsrs, feature(doc_cfg))]
-#![cfg_attr(docsrs, feature(doc_auto_cfg))]
+#![cfg_attr(docsrs, feature(doc_cfg))]
 #![cfg_attr(all(zalloc_rustc_nightly, feature = "allocator"), feature(allocator_api))]
 
 //! Implementation of a Zeroizing Allocator, enabling zeroizing memory on deallocation.

coordinator/Cargo.toml

@@ -8,7 +8,6 @@ authors = ["Luke Parker <lukeparker5132@gmail.com>"]
 keywords = []
 edition = "2021"
 publish = false
-rust-version = "1.81"
 
 [package.metadata.docs.rs]
 all-features = true
@@ -22,11 +21,13 @@ zeroize = { version = "^1.5", default-features = false, features = ["std"] }
 bitvec = { version = "1", default-features = false, features = ["std"] }
 rand_core = { version = "0.6", default-features = false, features = ["std"] }
 
-blake2 = { version = "0.10", default-features = false, features = ["std"] }
+blake2 = { version = "0.11.0-rc.0", default-features = false, features = ["alloc"] }
 schnorrkel = { version = "0.11", default-features = false, features = ["std"] }
 
-ciphersuite = { path = "../crypto/ciphersuite", default-features = false, features = ["std", "ristretto"] }
-dkg = { path = "../crypto/dkg", default-features = false, features = ["std"] }
+dalek-ff-group = { path = "../crypto/dalek-ff-group", default-features = false, features = ["std"] }
+ciphersuite = { path = "../crypto/ciphersuite", default-features = false, features = ["std"] }
+dkg = { package = "dkg-musig", path = "../crypto/dkg/musig", default-features = false, features = ["std"] }
+frost = { package = "modular-frost", path = "../crypto/frost" }
 frost-schnorrkel = { path = "../crypto/schnorrkel" }
 
 hex = { version = "0.4", default-features = false, features = ["std"] }

coordinator/cosign/Cargo.toml

@@ -8,7 +8,7 @@ authors = ["Luke Parker <lukeparker5132@gmail.com>"]
 keywords = []
 edition = "2021"
 publish = false
-rust-version = "1.81"
+rust-version = "1.85"
 
 [package.metadata.docs.rs]
 all-features = true
@@ -18,7 +18,7 @@ rustdoc-args = ["--cfg", "docsrs"]
 workspace = true
 
 [dependencies]
-blake2 = { version = "0.10", default-features = false, features = ["std"] }
+blake2 = { version = "0.11.0-rc.0", default-features = false, features = ["alloc"] }
 schnorrkel = { version = "0.11", default-features = false, features = ["std"] }
 
 scale = { package = "parity-scale-codec", version = "3", default-features = false, features = ["std", "derive"] }

coordinator/cosign/LICENSE

@@ -1,6 +1,6 @@
 AGPL-3.0-only license
 
-Copyright (c) 2023-2024 Luke Parker
+Copyright (c) 2023-2025 Luke Parker
 
 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU Affero General Public License Version 3 as

coordinator/cosign/src/intend.rs

@@ -155,7 +155,7 @@ impl<D: Db> ContinuallyRan for CosignIntendTask<D> {
 
             // Tell each set of their expectation to cosign this block
             for set in global_session_info.sets {
-              log::debug!("{:?} will be cosigning block #{block_number}", set);
+              log::debug!("{set:?} will be cosigning block #{block_number}");
               IntendedCosigns::send(
                 &mut txn,
                 set,

coordinator/cosign/src/lib.rs

@@ -1,4 +1,4 @@
-#![cfg_attr(docsrs, feature(doc_auto_cfg))]
+#![cfg_attr(docsrs, feature(doc_cfg))]
 #![doc = include_str!("../README.md")]
 #![deny(missing_docs)]
 

coordinator/p2p/Cargo.toml

@@ -8,7 +8,7 @@ authors = ["Luke Parker <lukeparker5132@gmail.com>"]
 keywords = []
 edition = "2021"
 publish = false
-rust-version = "1.81"
+rust-version = "1.85"
 
 [package.metadata.docs.rs]
 all-features = true

coordinator/p2p/libp2p/Cargo.toml

@@ -8,7 +8,7 @@ authors = ["Luke Parker <lukeparker5132@gmail.com>"]
 keywords = []
 edition = "2021"
 publish = false
-rust-version = "1.81"
+rust-version = "1.87"
 
 [package.metadata.docs.rs]
 all-features = true
@@ -23,7 +23,7 @@ async-trait = { version = "0.1", default-features = false }
 rand_core = { version = "0.6", default-features = false, features = ["std"] }
 
 zeroize = { version = "^1.5", default-features = false, features = ["std"] }
-blake2 = { version = "0.10", default-features = false, features = ["std"] }
+blake2 = { version = "0.11.0-rc.0", default-features = false, features = ["alloc"] }
 schnorrkel = { version = "0.11", default-features = false, features = ["std"] }
 
 hex = { version = "0.4", default-features = false, features = ["std"] }
@@ -35,7 +35,7 @@ tributary-sdk = { path = "../../tributary-sdk" }
 
 futures-util = { version = "0.3", default-features = false, features = ["std"] }
 tokio = { version = "1", default-features = false, features = ["sync"] }
-libp2p = { version = "0.54", default-features = false, features = ["tokio", "tcp", "noise", "yamux", "ping", "request-response", "gossipsub", "macros"] }
+libp2p = { version = "0.56", default-features = false, features = ["tokio", "tcp", "noise", "yamux", "ping", "request-response", "gossipsub", "macros"] }
 
 log = { version = "0.4", default-features = false, features = ["std"] }
 serai-task = { path = "../../../common/task", version = "0.1" }

coordinator/p2p/libp2p/src/lib.rs

@@ -1,4 +1,4 @@
-#![cfg_attr(docsrs, feature(doc_auto_cfg))]
+#![cfg_attr(docsrs, feature(doc_cfg))]
 #![doc = include_str!("../README.md")]
 #![deny(missing_docs)]
 

coordinator/p2p/libp2p/src/swarm.rs

@@ -92,7 +92,8 @@ impl SwarmTask {
         }
       }
       gossip::Event::Subscribed { .. } | gossip::Event::Unsubscribed { .. } => {}
-      gossip::Event::GossipsubNotSupported { peer_id } => {
+      gossip::Event::GossipsubNotSupported { peer_id } |
+      gossip::Event::SlowPeer { peer_id, .. } => {
         let _: Result<_, _> = self.swarm.disconnect_peer_id(peer_id);
       }
     }

coordinator/p2p/src/lib.rs

@@ -1,4 +1,4 @@
-#![cfg_attr(docsrs, feature(doc_auto_cfg))]
+#![cfg_attr(docsrs, feature(doc_cfg))]
 #![doc = include_str!("../README.md")]
 #![deny(missing_docs)]
 

coordinator/src/db.rs

@@ -103,7 +103,7 @@ mod _internal_db {
       // Tributary transactions to publish from the DKG confirmation task
       TributaryTransactionsFromDkgConfirmation: (set: ExternalValidatorSet) -> Transaction,
       // Participants to remove
-      RemoveParticipant: (set: ExternalValidatorSet) -> Participant,
+      RemoveParticipant: (set: ExternalValidatorSet) -> u16,
     }
   }
 }
@@ -139,10 +139,11 @@ impl RemoveParticipant {
   pub(crate) fn send(txn: &mut impl DbTxn, set: ExternalValidatorSet, participant: Participant) {
     // If this set has yet to be retired, send this transaction
     if RetiredTributary::get(txn, set.network).map(|session| session.0) < Some(set.session.0) {
-      _internal_db::RemoveParticipant::send(txn, set, &participant);
+      _internal_db::RemoveParticipant::send(txn, set, &u16::from(participant));
     }
   }
   pub(crate) fn try_recv(txn: &mut impl DbTxn, set: ExternalValidatorSet) -> Option<Participant> {
     _internal_db::RemoveParticipant::try_recv(txn, set)
+      .map(|i| Participant::new(i).expect("sent invalid participant index for removal"))
   }
 }

coordinator/src/dkg_confirmation.rs

@@ -3,13 +3,10 @@ use std::{boxed::Box, collections::HashMap};
 
 use zeroize::Zeroizing;
 use rand_core::OsRng;
-use ciphersuite::{group::GroupEncoding, Ciphersuite, Ristretto};
+use ciphersuite::{group::GroupEncoding, *};
+use dkg::{Participant, musig};
 use frost_schnorrkel::{
-  frost::{
-    dkg::{Participant, musig::musig},
-    FrostError,
-    sign::*,
-  },
+  frost::{curve::Ristretto, FrostError, sign::*},
   Schnorrkel,
 };
 
@@ -33,7 +30,7 @@ fn schnorrkel() -> Schnorrkel {
 
 fn our_i(
   set: &NewSetInformation,
-  key: &Zeroizing<<Ristretto as Ciphersuite>::F>,
+  key: &Zeroizing<<Ristretto as WrappedGroup>::F>,
   data: &HashMap<Participant, Vec<u8>>,
 ) -> Participant {
   let public = SeraiAddress((Ristretto::generator() * key.deref()).to_bytes());
@@ -127,7 +124,7 @@ pub(crate) struct ConfirmDkgTask<CD: DbTrait, TD: DbTrait> {
   set: NewSetInformation,
   tributary_db: TD,
 
-  key: Zeroizing<<Ristretto as Ciphersuite>::F>,
+  key: Zeroizing<<Ristretto as WrappedGroup>::F>,
   signer: Option<Signer>,
 }
 
@@ -136,7 +133,7 @@ impl<CD: DbTrait, TD: DbTrait> ConfirmDkgTask<CD, TD> {
     db: CD,
     set: NewSetInformation,
     tributary_db: TD,
-    key: Zeroizing<<Ristretto as Ciphersuite>::F>,
+    key: Zeroizing<<Ristretto as WrappedGroup>::F>,
   ) -> Self {
     Self { db, set, tributary_db, key, signer: None }
   }
@@ -155,16 +152,15 @@ impl<CD: DbTrait, TD: DbTrait> ConfirmDkgTask<CD, TD> {
     db: &mut CD,
     set: ExternalValidatorSet,
     attempt: u32,
-    key: &Zeroizing<<Ristretto as Ciphersuite>::F>,
+    key: Zeroizing<<Ristretto as WrappedGroup>::F>,
     signer: &mut Option<Signer>,
   ) {
     // Perform the preprocess
+    let public_key = Ristretto::generator() * key.deref();
     let (machine, preprocess) = AlgorithmMachine::new(
       schnorrkel(),
       // We use a 1-of-1 Musig here as we don't know who will actually be in this Musig yet
-      musig(&musig_context(set.into()), key, &[Ristretto::generator() * key.deref()])
-        .unwrap()
-        .into(),
+      musig(musig_context(set.into()), key, &[public_key]).unwrap(),
     )
     .preprocess(&mut OsRng);
     // We take the preprocess so we can use it in a distinct machine with the actual Musig
@@ -199,7 +195,7 @@ impl<CD: DbTrait, TD: DbTrait> ContinuallyRan for ConfirmDkgTask<CD, TD> {
       // If we were sent a key to set, create the signer for it
       if self.signer.is_none() && KeysToConfirm::get(&self.db, self.set.set).is_some() {
         // Create and publish the initial preprocess
-        Self::preprocess(&mut self.db, self.set.set, 0, &self.key, &mut self.signer);
+        Self::preprocess(&mut self.db, self.set.set, 0, self.key.clone(), &mut self.signer);
 
         made_progress = true;
       }
@@ -219,7 +215,13 @@ impl<CD: DbTrait, TD: DbTrait> ContinuallyRan for ConfirmDkgTask<CD, TD> {
               id: messages::sign::SignId { attempt, .. },
             } => {
               // Create and publish the preprocess for the specified attempt
-              Self::preprocess(&mut self.db, self.set.set, attempt, &self.key, &mut self.signer);
+              Self::preprocess(
+                &mut self.db,
+                self.set.set,
+                attempt,
+                self.key.clone(),
+                &mut self.signer,
+              );
             }
             messages::sign::CoordinatorMessage::Preprocesses {
               id: messages::sign::SignId { attempt, .. },
@@ -258,9 +260,9 @@ impl<CD: DbTrait, TD: DbTrait> ContinuallyRan for ConfirmDkgTask<CD, TD> {
                 })
                 .collect::<Vec<_>>();
 
-              let keys = musig(&musig_context(self.set.set.into()), &self.key, &musig_public_keys)
-                .unwrap()
-                .into();
+              let keys =
+                musig(musig_context(self.set.set.into()), self.key.clone(), &musig_public_keys)
+                  .unwrap();
 
               // Rebuild the machine
               let (machine, preprocess_from_cache) =

coordinator/src/main.rs

@@ -4,9 +4,10 @@ use std::{sync::Arc, collections::HashMap, time::Instant};
 use zeroize::{Zeroize, Zeroizing};
 use rand_core::{RngCore, OsRng};
 
+use dalek_ff_group::Ristretto;
 use ciphersuite::{
   group::{ff::PrimeField, GroupEncoding},
-  Ciphersuite, Ristretto,
+  *,
 };
 
 use borsh::BorshDeserialize;
@@ -283,7 +284,7 @@ async fn handle_network(
             &mut txn,
             ExternalValidatorSet { network, session },
             slash_report,
-            Signature(signature),
+            Signature::from(signature),
           );
         }
       },
@@ -351,7 +352,7 @@ async fn main() {
     let mut key_bytes = [0; 32];
     key_bytes.copy_from_slice(&key_vec);
     key_vec.zeroize();
-    let key = Zeroizing::new(<Ristretto as Ciphersuite>::F::from_repr(key_bytes).unwrap());
+    let key = Zeroizing::new(<Ristretto as WrappedGroup>::F::from_repr(key_bytes).unwrap());
     key_bytes.zeroize();
     key
   };
@@ -438,7 +439,7 @@ async fn main() {
     EphemeralEventStream::new(
       db.clone(),
       serai.clone(),
-      SeraiAddress((<Ristretto as Ciphersuite>::generator() * serai_key.deref()).to_bytes()),
+      SeraiAddress((<Ristretto as WrappedGroup>::generator() * serai_key.deref()).to_bytes()),
     )
     .continually_run(substrate_ephemeral_task_def, vec![substrate_task]),
   );

coordinator/src/substrate.rs

@@ -3,7 +3,8 @@ use std::sync::Arc;
 
 use zeroize::Zeroizing;
 
-use ciphersuite::{Ciphersuite, Ristretto};
+use ciphersuite::*;
+use dalek_ff_group::Ristretto;
 
 use tokio::sync::mpsc;
 
@@ -22,7 +23,7 @@ use serai_coordinator_p2p::P2p;
 use crate::{Db, KeySet};
 
 pub(crate) struct SubstrateTask<P: P2p> {
-  pub(crate) serai_key: Zeroizing<<Ristretto as Ciphersuite>::F>,
+  pub(crate) serai_key: Zeroizing<<Ristretto as WrappedGroup>::F>,
   pub(crate) db: Db,
   pub(crate) message_queue: Arc<MessageQueue>,
   pub(crate) p2p: P,

coordinator/src/tributary.rs

@@ -4,7 +4,8 @@ use std::sync::Arc;
 use zeroize::Zeroizing;
 use rand_core::OsRng;
 use blake2::{digest::typenum::U32, Digest, Blake2s};
-use ciphersuite::{Ciphersuite, Ristretto};
+use ciphersuite::*;
+use dalek_ff_group::Ristretto;
 
 use tokio::sync::mpsc;
 
@@ -67,9 +68,7 @@ async fn provide_transaction<TD: DbTrait, P: P2p>(
     // advancing
     Err(ProvidedError::LocalMismatchesOnChain) => loop {
       log::error!(
-        "Tributary {:?} was supposed to provide {:?} but peers disagree, halting Tributary",
-        set,
-        tx,
+        "Tributary {set:?} was supposed to provide {tx:?} but peers disagree, halting Tributary",
       );
       // Print this every five minutes as this does need to be handled
       tokio::time::sleep(Duration::from_secs(5 * 60)).await;
@@ -161,7 +160,7 @@ impl<CD: DbTrait, TD: DbTrait, P: P2p> ContinuallyRan
 #[must_use]
 async fn add_signed_unsigned_transaction<TD: DbTrait, P: P2p>(
   tributary: &Tributary<TD, Transaction, P>,
-  key: &Zeroizing<<Ristretto as Ciphersuite>::F>,
+  key: &Zeroizing<<Ristretto as WrappedGroup>::F>,
   mut tx: Transaction,
 ) -> bool {
   // If this is a signed transaction, sign it
@@ -214,7 +213,7 @@ async fn add_with_recognition_check<TD: DbTrait, P: P2p>(
   set: ExternalValidatorSet,
   tributary_db: &mut TD,
   tributary: &Tributary<TD, Transaction, P>,
-  key: &Zeroizing<<Ristretto as Ciphersuite>::F>,
+  key: &Zeroizing<<Ristretto as WrappedGroup>::F>,
   tx: Transaction,
 ) -> bool {
   let kind = tx.kind();
@@ -253,7 +252,7 @@ pub(crate) struct AddTributaryTransactionsTask<CD: DbTrait, TD: DbTrait, P: P2p>
   tributary_db: TD,
   tributary: Tributary<TD, Transaction, P>,
   set: NewSetInformation,
-  key: Zeroizing<<Ristretto as Ciphersuite>::F>,
+  key: Zeroizing<<Ristretto as WrappedGroup>::F>,
 }
 impl<CD: DbTrait, TD: DbTrait, P: P2p> ContinuallyRan for AddTributaryTransactionsTask<CD, TD, P> {
   type Error = DoesNotError;
@@ -383,7 +382,7 @@ pub(crate) struct SignSlashReportTask<CD: DbTrait, TD: DbTrait, P: P2p> {
   tributary_db: TD,
   tributary: Tributary<TD, Transaction, P>,
   set: NewSetInformation,
-  key: Zeroizing<<Ristretto as Ciphersuite>::F>,
+  key: Zeroizing<<Ristretto as WrappedGroup>::F>,
 }
 impl<CD: DbTrait, TD: DbTrait, P: P2p> ContinuallyRan for SignSlashReportTask<CD, TD, P> {
   type Error = DoesNotError;
@@ -471,7 +470,7 @@ pub(crate) async fn spawn_tributary<P: P2p>(
   p2p: P,
   p2p_add_tributary: &mpsc::UnboundedSender<(ExternalValidatorSet, Tributary<Db, Transaction, P>)>,
   set: NewSetInformation,
-  serai_key: Zeroizing<<Ristretto as Ciphersuite>::F>,
+  serai_key: Zeroizing<<Ristretto as WrappedGroup>::F>,
 ) {
   // Don't spawn retired Tributaries
   if crate::db::RetiredTributary::get(&db, set.set.network).map(|session| session.0) >=
@@ -491,7 +490,7 @@ pub(crate) async fn spawn_tributary<P: P2p>(
 
   let mut tributary_validators = Vec::with_capacity(set.validators.len());
   for (validator, weight) in set.validators.iter().copied() {
-    let validator_key = <Ristretto as Ciphersuite>::read_G(&mut validator.0.as_slice())
+    let validator_key = <Ristretto as GroupIo>::read_G(&mut validator.0.as_slice())
       .expect("Serai validator had an invalid public key");
     let weight = u64::from(weight);
     tributary_validators.push((validator_key, weight));

coordinator/substrate/Cargo.toml

@@ -8,7 +8,7 @@ authors = ["Luke Parker <lukeparker5132@gmail.com>"]
 keywords = []
 edition = "2021"
 publish = false
-rust-version = "1.81"
+rust-version = "1.85"
 
 [package.metadata.docs.rs]
 all-features = true

coordinator/substrate/LICENSE

@@ -1,6 +1,6 @@
 AGPL-3.0-only license
 
-Copyright (c) 2023-2024 Luke Parker
+Copyright (c) 2023-2025 Luke Parker
 
 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU Affero General Public License Version 3 as

coordinator/substrate/src/lib.rs

@@ -1,4 +1,4 @@
-#![cfg_attr(docsrs, feature(doc_auto_cfg))]
+#![cfg_attr(docsrs, feature(doc_cfg))]
 #![doc = include_str!("../README.md")]
 #![deny(missing_docs)]
 

coordinator/tributary-sdk/Cargo.toml

@@ -6,7 +6,7 @@ license = "AGPL-3.0-only"
 repository = "https://github.com/serai-dex/serai/tree/develop/coordinator/tributary-sdk"
 authors = ["Luke Parker <lukeparker5132@gmail.com>"]
 edition = "2021"
-rust-version = "1.81"
+rust-version = "1.85"
 
 [package.metadata.docs.rs]
 all-features = true
@@ -24,11 +24,12 @@ zeroize = { version = "^1.5", default-features = false, features = ["std"] }
 rand = { version = "0.8", default-features = false, features = ["std"] }
 rand_chacha = { version = "0.3", default-features = false, features = ["std"] }
 
-blake2 = { version = "0.10", default-features = false, features = ["std"] }
+blake2 = { version = "0.11.0-rc.0", default-features = false, features = ["alloc"] }
 transcript = { package = "flexible-transcript", path = "../../crypto/transcript", version = "0.3", default-features = false, features = ["std", "recommended"] }
 
-ciphersuite = { package = "ciphersuite", path = "../../crypto/ciphersuite", version = "0.4", default-features = false, features = ["std", "ristretto"] }
-schnorr = { package = "schnorr-signatures", path = "../../crypto/schnorr", version = "0.5", default-features = false, features = ["std"] }
+ciphersuite = { path = "../../crypto/ciphersuite", version = "0.4", default-features = false, features = ["std"] }
+dalek-ff-group = { path = "../../crypto/dalek-ff-group", default-features = false, features = ["std"] }
+schnorr = { package = "schnorr-signatures", path = "../../crypto/schnorr", version = "0.5", default-features = false, features = ["std", "aggregate"] }
 
 hex = { version = "0.4", default-features = false, features = ["std"] }
 log = { version = "0.4", default-features = false, features = ["std"] }

coordinator/tributary-sdk/LICENSE

@@ -1,6 +1,6 @@
 AGPL-3.0-only license
 
-Copyright (c) 2023 Luke Parker
+Copyright (c) 2023-2025 Luke Parker
 
 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU Affero General Public License Version 3 as

coordinator/tributary-sdk/src/blockchain.rs

@@ -1,6 +1,7 @@
 use std::collections::{VecDeque, HashSet};
 
-use ciphersuite::{group::GroupEncoding, Ciphersuite, Ristretto};
+use dalek_ff_group::Ristretto;
+use ciphersuite::{group::GroupEncoding, *};
 
 use serai_db::{Get, DbTxn, Db};
 
@@ -20,7 +21,7 @@ pub(crate) struct Blockchain<D: Db, T: TransactionTrait> {
 
   block_number: u64,
   tip: [u8; 32],
-  participants: HashSet<<Ristretto as Ciphersuite>::G>,
+  participants: HashSet<[u8; 32]>,
 
   provided: ProvidedTransactions<D, T>,
   mempool: Mempool<D, T>,
@@ -55,7 +56,7 @@ impl<D: Db, T: TransactionTrait> Blockchain<D, T> {
   }
   fn next_nonce_key(
     genesis: &[u8; 32],
-    signer: &<Ristretto as Ciphersuite>::G,
+    signer: &<Ristretto as WrappedGroup>::G,
     order: &[u8],
   ) -> Vec<u8> {
     D::key(
@@ -68,12 +69,15 @@ impl<D: Db, T: TransactionTrait> Blockchain<D, T> {
   pub(crate) fn new(
     db: D,
     genesis: [u8; 32],
-    participants: &[<Ristretto as Ciphersuite>::G],
+    participants: &[<Ristretto as WrappedGroup>::G],
   ) -> Self {
     let mut res = Self {
       db: Some(db.clone()),
       genesis,
-      participants: participants.iter().copied().collect(),
+      participants: participants
+        .iter()
+        .map(<<Ristretto as WrappedGroup>::G as GroupEncoding>::to_bytes)
+        .collect(),
 
       block_number: 0,
       tip: genesis,
@@ -172,7 +176,7 @@ impl<D: Db, T: TransactionTrait> Blockchain<D, T> {
 
     self.mempool.add::<N, _>(
       |signer, order| {
-        if self.participants.contains(&signer) {
+        if self.participants.contains(&signer.to_bytes()) {
           Some(
             db.get(Self::next_nonce_key(&self.genesis, &signer, &order))
               .map_or(0, |bytes| u32::from_le_bytes(bytes.try_into().unwrap())),
@@ -195,13 +199,13 @@ impl<D: Db, T: TransactionTrait> Blockchain<D, T> {
 
   pub(crate) fn next_nonce(
     &self,
-    signer: &<Ristretto as Ciphersuite>::G,
+    signer: &<Ristretto as WrappedGroup>::G,
     order: &[u8],
   ) -> Option<u32> {
     if let Some(next_nonce) = self.mempool.next_nonce_in_mempool(signer, order.to_vec()) {
       return Some(next_nonce);
     }
-    if self.participants.contains(signer) {
+    if self.participants.contains(&signer.to_bytes()) {
       Some(
         self
           .db
@@ -250,7 +254,7 @@ impl<D: Db, T: TransactionTrait> Blockchain<D, T> {
       self.tip,
       self.provided.transactions.clone(),
       &mut |signer, order| {
-        if self.participants.contains(signer) {
+        if self.participants.contains(&signer.to_bytes()) {
           let key = Self::next_nonce_key(&self.genesis, signer, order);
           let next = txn
             .get(&key)

coordinator/tributary-sdk/src/lib.rs

@@ -3,7 +3,8 @@ use std::{sync::Arc, io};
 
 use zeroize::Zeroizing;
 
-use ciphersuite::{Ciphersuite, Ristretto};
+use ciphersuite::*;
+use dalek_ff_group::Ristretto;
 
 use scale::Decode;
 use futures_channel::mpsc::UnboundedReceiver;
@@ -161,8 +162,8 @@ impl<D: Db, T: TransactionTrait, P: P2p> Tributary<D, T, P> {
     db: D,
     genesis: [u8; 32],
     start_time: u64,
-    key: Zeroizing<<Ristretto as Ciphersuite>::F>,
-    validators: Vec<(<Ristretto as Ciphersuite>::G, u64)>,
+    key: Zeroizing<<Ristretto as WrappedGroup>::F>,
+    validators: Vec<(<Ristretto as WrappedGroup>::G, u64)>,
     p2p: P,
   ) -> Option<Self> {
     log::info!("new Tributary with genesis {}", hex::encode(genesis));
@@ -234,7 +235,7 @@ impl<D: Db, T: TransactionTrait, P: P2p> Tributary<D, T, P> {
 
   pub async fn next_nonce(
     &self,
-    signer: &<Ristretto as Ciphersuite>::G,
+    signer: &<Ristretto as WrappedGroup>::G,
     order: &[u8],
   ) -> Option<u32> {
     self.network.blockchain.read().await.next_nonce(signer, order)

coordinator/tributary-sdk/src/mempool.rs

@@ -1,6 +1,7 @@
 use std::collections::HashMap;
 
-use ciphersuite::{Ciphersuite, Ristretto};
+use dalek_ff_group::Ristretto;
+use ciphersuite::{group::GroupEncoding, *};
 
 use serai_db::{DbTxn, Db};
 
@@ -20,9 +21,9 @@ pub(crate) struct Mempool<D: Db, T: TransactionTrait> {
   db: D,
   genesis: [u8; 32],
 
-  last_nonce_in_mempool: HashMap<(<Ristretto as Ciphersuite>::G, Vec<u8>), u32>,
+  last_nonce_in_mempool: HashMap<([u8; 32], Vec<u8>), u32>,
   txs: HashMap<[u8; 32], Transaction<T>>,
-  txs_per_signer: HashMap<<Ristretto as Ciphersuite>::G, u32>,
+  txs_per_signer: HashMap<[u8; 32], u32>,
 }
 
 impl<D: Db, T: TransactionTrait> Mempool<D, T> {
@@ -81,6 +82,7 @@ impl<D: Db, T: TransactionTrait> Mempool<D, T> {
         }
         Transaction::Application(tx) => match tx.kind() {
           TransactionKind::Signed(order, Signed { signer, nonce, .. }) => {
+            let signer = signer.to_bytes();
             let amount = *res.txs_per_signer.get(&signer).unwrap_or(&0) + 1;
             res.txs_per_signer.insert(signer, amount);
 
@@ -106,7 +108,7 @@ impl<D: Db, T: TransactionTrait> Mempool<D, T> {
   // Returns Ok(true) if new, Ok(false) if an already present unsigned, or the error.
   pub(crate) fn add<
     N: Network,
-    F: FnOnce(<Ristretto as Ciphersuite>::G, Vec<u8>) -> Option<u32>,
+    F: FnOnce(<Ristretto as WrappedGroup>::G, Vec<u8>) -> Option<u32>,
   >(
     &mut self,
     blockchain_next_nonce: F,
@@ -139,6 +141,8 @@ impl<D: Db, T: TransactionTrait> Mempool<D, T> {
             };
             let mut next_nonce = blockchain_next_nonce;
 
+            let signer = signer.to_bytes();
+
             if let Some(mempool_last_nonce) =
               self.last_nonce_in_mempool.get(&(signer, order.clone()))
             {
@@ -178,10 +182,10 @@ impl<D: Db, T: TransactionTrait> Mempool<D, T> {
   // Returns None if the mempool doesn't have a nonce tracked.
   pub(crate) fn next_nonce_in_mempool(
     &self,
-    signer: &<Ristretto as Ciphersuite>::G,
+    signer: &<Ristretto as WrappedGroup>::G,
     order: Vec<u8>,
   ) -> Option<u32> {
-    self.last_nonce_in_mempool.get(&(*signer, order)).copied().map(|nonce| nonce + 1)
+    self.last_nonce_in_mempool.get(&(signer.to_bytes(), order)).copied().map(|nonce| nonce + 1)
   }
 
   /// Get transactions to include in a block.
@@ -242,6 +246,8 @@ impl<D: Db, T: TransactionTrait> Mempool<D, T> {
 
     if let Some(tx) = self.txs.remove(tx) {
       if let TransactionKind::Signed(order, Signed { signer, nonce, .. }) = tx.kind() {
+        let signer = signer.to_bytes();
+
         let amount = *self.txs_per_signer.get(&signer).unwrap() - 1;
         self.txs_per_signer.insert(signer, amount);
 

coordinator/tributary-sdk/src/tendermint/mod.rs

@@ -10,12 +10,10 @@ use rand_chacha::ChaCha12Rng;
 use transcript::{Transcript, RecommendedTranscript};
 
 use ciphersuite::{
-  group::{
-    GroupEncoding,
-    ff::{Field, PrimeField},
-  },
-  Ciphersuite, Ristretto,
+  group::{ff::PrimeField, GroupEncoding},
+  *,
 };
+use dalek_ff_group::Ristretto;
 use schnorr::{
   SchnorrSignature,
   aggregate::{SchnorrAggregator, SchnorrAggregate},
@@ -50,24 +48,26 @@ fn challenge(
   key: [u8; 32],
   nonce: &[u8],
   msg: &[u8],
-) -> <Ristretto as Ciphersuite>::F {
+) -> <Ristretto as WrappedGroup>::F {
   let mut transcript = RecommendedTranscript::new(b"Tributary Chain Tendermint Message");
   transcript.append_message(b"genesis", genesis);
   transcript.append_message(b"key", key);
   transcript.append_message(b"nonce", nonce);
   transcript.append_message(b"message", msg);
 
-  <Ristretto as Ciphersuite>::F::from_bytes_mod_order_wide(&transcript.challenge(b"schnorr").into())
+  <Ristretto as WrappedGroup>::F::from_bytes_mod_order_wide(
+    &transcript.challenge(b"schnorr").into(),
+  )
 }
 
 #[derive(Clone, PartialEq, Eq, Debug)]
 pub struct Signer {
   genesis: [u8; 32],
-  key: Zeroizing<<Ristretto as Ciphersuite>::F>,
+  key: Zeroizing<<Ristretto as WrappedGroup>::F>,
 }
 
 impl Signer {
-  pub(crate) fn new(genesis: [u8; 32], key: Zeroizing<<Ristretto as Ciphersuite>::F>) -> Signer {
+  pub(crate) fn new(genesis: [u8; 32], key: Zeroizing<<Ristretto as WrappedGroup>::F>) -> Signer {
     Signer { genesis, key }
   }
 }
@@ -100,10 +100,10 @@ impl SignerTrait for Signer {
       assert_eq!(nonce_ref, [0; 64].as_ref());
 
       let nonce =
-        Zeroizing::new(<Ristretto as Ciphersuite>::F::from_bytes_mod_order_wide(&nonce_arr));
+        Zeroizing::new(<Ristretto as WrappedGroup>::F::from_bytes_mod_order_wide(&nonce_arr));
       nonce_arr.zeroize();
 
-      assert!(!bool::from(nonce.ct_eq(&<Ristretto as Ciphersuite>::F::ZERO)));
+      assert!(!bool::from(nonce.ct_eq(&<Ristretto as WrappedGroup>::F::ZERO)));
 
       let challenge = challenge(
         self.genesis,
@@ -132,7 +132,7 @@ pub struct Validators {
 impl Validators {
   pub(crate) fn new(
     genesis: [u8; 32],
-    validators: Vec<(<Ristretto as Ciphersuite>::G, u64)>,
+    validators: Vec<(<Ristretto as WrappedGroup>::G, u64)>,
   ) -> Option<Validators> {
     let mut total_weight = 0;
     let mut weights = HashMap::new();
@@ -163,7 +163,6 @@ impl SignatureScheme for Validators {
   type AggregateSignature = Vec<u8>;
   type Signer = Arc<Signer>;
 
-  #[must_use]
   fn verify(&self, validator: Self::ValidatorId, msg: &[u8], sig: &Self::Signature) -> bool {
     if !self.weights.contains_key(&validator) {
       return false;
@@ -196,7 +195,6 @@ impl SignatureScheme for Validators {
     aggregate.serialize()
   }
 
-  #[must_use]
   fn verify_aggregate(
     &self,
     signers: &[Self::ValidatorId],
@@ -221,7 +219,7 @@ impl SignatureScheme for Validators {
       signers
         .iter()
         .zip(challenges)
-        .map(|(s, c)| (<Ristretto as Ciphersuite>::read_G(&mut s.as_slice()).unwrap(), c))
+        .map(|(s, c)| (<Ristretto as GroupIo>::read_G(&mut s.as_slice()).unwrap(), c))
         .collect::<Vec<_>>()
         .as_slice(),
     )

coordinator/tributary-sdk/src/tendermint/tx.rs

@@ -4,7 +4,8 @@ use scale::{Encode, Decode, IoReader};
 
 use blake2::{Digest, Blake2s256};
 
-use ciphersuite::{Ciphersuite, Ristretto};
+use dalek_ff_group::Ristretto;
+use ciphersuite::*;
 
 use crate::{
   transaction::{Transaction, TransactionKind, TransactionError},
@@ -49,7 +50,7 @@ impl Transaction for TendermintTx {
     Blake2s256::digest(self.serialize()).into()
   }
 
-  fn sig_hash(&self, _genesis: [u8; 32]) -> <Ristretto as Ciphersuite>::F {
+  fn sig_hash(&self, _genesis: [u8; 32]) -> <Ristretto as WrappedGroup>::F {
     match self {
       TendermintTx::SlashEvidence(_) => panic!("sig_hash called on slash evidence transaction"),
     }

coordinator/tributary-sdk/src/tests/block.rs

@@ -1,10 +1,9 @@
 use std::{sync::Arc, io, collections::HashMap, fmt::Debug};
 
 use blake2::{Digest, Blake2s256};
-use ciphersuite::{
-  group::{ff::Field, Group},
-  Ciphersuite, Ristretto,
-};
+
+use dalek_ff_group::Ristretto;
+use ciphersuite::{group::Group, *};
 use schnorr::SchnorrSignature;
 
 use serai_db::MemDb;
@@ -30,11 +29,11 @@ impl NonceTransaction {
       nonce,
       distinguisher,
       Signed {
-        signer: <Ristretto as Ciphersuite>::G::identity(),
+        signer: <Ristretto as WrappedGroup>::G::identity(),
         nonce,
         signature: SchnorrSignature::<Ristretto> {
-          R: <Ristretto as Ciphersuite>::G::identity(),
-          s: <Ristretto as Ciphersuite>::F::ZERO,
+          R: <Ristretto as WrappedGroup>::G::identity(),
+          s: <Ristretto as WrappedGroup>::F::ZERO,
         },
       },
     )

coordinator/tributary-sdk/src/tests/blockchain.rs

@@ -10,7 +10,8 @@ use rand::rngs::OsRng;
 
 use blake2::{Digest, Blake2s256};
 
-use ciphersuite::{group::ff::Field, Ciphersuite, Ristretto};
+use dalek_ff_group::Ristretto;
+use ciphersuite::*;
 
 use serai_db::{DbTxn, Db, MemDb};
 
@@ -30,7 +31,7 @@ type N = TendermintNetwork<MemDb, SignedTransaction, DummyP2p>;
 
 fn new_blockchain<T: TransactionTrait>(
   genesis: [u8; 32],
-  participants: &[<Ristretto as Ciphersuite>::G],
+  participants: &[<Ristretto as WrappedGroup>::G],
 ) -> (MemDb, Blockchain<MemDb, T>) {
   let db = MemDb::new();
   let blockchain = Blockchain::new(db.clone(), genesis, participants);
@@ -81,7 +82,7 @@ fn invalid_block() {
     assert!(blockchain.verify_block::<N>(&block, &validators, false).is_err());
   }
 
-  let key = Zeroizing::new(<Ristretto as Ciphersuite>::F::random(&mut OsRng));
+  let key = Zeroizing::new(<Ristretto as WrappedGroup>::F::random(&mut OsRng));
   let tx = crate::tests::signed_transaction(&mut OsRng, genesis, &key, 0);
 
   // Not a participant
@@ -133,7 +134,7 @@ fn invalid_block() {
     blockchain.verify_block::<N>(&block, &validators, false).unwrap();
     match &mut block.transactions[0] {
       Transaction::Application(tx) => {
-        tx.1.signature.s += <Ristretto as Ciphersuite>::F::ONE;
+        tx.1.signature.s += <Ristretto as WrappedGroup>::F::ONE;
       }
       _ => panic!("non-signed tx found"),
     }
@@ -149,7 +150,7 @@ fn invalid_block() {
 fn signed_transaction() {
   let genesis = new_genesis();
   let validators = Arc::new(Validators::new(genesis, vec![]).unwrap());
-  let key = Zeroizing::new(<Ristretto as Ciphersuite>::F::random(&mut OsRng));
+  let key = Zeroizing::new(<Ristretto as WrappedGroup>::F::random(&mut OsRng));
   let tx = crate::tests::signed_transaction(&mut OsRng, genesis, &key, 0);
   let signer = tx.1.signer;
 
@@ -338,7 +339,7 @@ fn provided_transaction() {
 #[tokio::test]
 async fn tendermint_evidence_tx() {
   let genesis = new_genesis();
-  let key = Zeroizing::new(<Ristretto as Ciphersuite>::F::random(&mut OsRng));
+  let key = Zeroizing::new(<Ristretto as WrappedGroup>::F::random(&mut OsRng));
   let signer = Signer::new(genesis, key.clone());
   let signer_id = Ristretto::generator() * key.deref();
   let validators = Arc::new(Validators::new(genesis, vec![(signer_id, 1)]).unwrap());
@@ -378,7 +379,7 @@ async fn tendermint_evidence_tx() {
   let mut mempool: Vec<Transaction<SignedTransaction>> = vec![];
   let mut signers = vec![];
   for _ in 0 .. 5 {
-    let key = Zeroizing::new(<Ristretto as Ciphersuite>::F::random(&mut OsRng));
+    let key = Zeroizing::new(<Ristretto as WrappedGroup>::F::random(&mut OsRng));
     let signer = Signer::new(genesis, key.clone());
     let signer_id = Ristretto::generator() * key.deref();
     signers.push((signer_id, 1));
@@ -445,7 +446,7 @@ async fn block_tx_ordering() {
   }
 
   let genesis = new_genesis();
-  let key = Zeroizing::new(<Ristretto as Ciphersuite>::F::random(&mut OsRng));
+  let key = Zeroizing::new(<Ristretto as WrappedGroup>::F::random(&mut OsRng));
 
   // signer
   let signer = crate::tests::signed_transaction(&mut OsRng, genesis, &key, 0).1.signer;

coordinator/tributary-sdk/src/tests/mempool.rs

@@ -3,7 +3,8 @@ use std::{sync::Arc, collections::HashMap};
 use zeroize::Zeroizing;
 use rand::{RngCore, rngs::OsRng};
 
-use ciphersuite::{group::ff::Field, Ciphersuite, Ristretto};
+use dalek_ff_group::Ristretto;
+use ciphersuite::*;
 
 use tendermint::ext::Commit;
 
@@ -32,7 +33,7 @@ async fn mempool_addition() {
     Some(Commit::<Arc<Validators>> { end_time: 0, validators: vec![], signature: vec![] })
   };
   let unsigned_in_chain = |_: [u8; 32]| false;
-  let key = Zeroizing::new(<Ristretto as Ciphersuite>::F::random(&mut OsRng));
+  let key = Zeroizing::new(<Ristretto as WrappedGroup>::F::random(&mut OsRng));
 
   let first_tx = signed_transaction(&mut OsRng, genesis, &key, 0);
   let signer = first_tx.1.signer;
@@ -124,7 +125,7 @@ async fn mempool_addition() {
 
   // If the mempool doesn't have a nonce for an account, it should successfully use the
   // blockchain's
-  let second_key = Zeroizing::new(<Ristretto as Ciphersuite>::F::random(&mut OsRng));
+  let second_key = Zeroizing::new(<Ristretto as WrappedGroup>::F::random(&mut OsRng));
   let tx = signed_transaction(&mut OsRng, genesis, &second_key, 2);
   let second_signer = tx.1.signer;
   assert_eq!(mempool.next_nonce_in_mempool(&second_signer, vec![]), None);
@@ -164,7 +165,7 @@ fn too_many_mempool() {
     Some(Commit::<Arc<Validators>> { end_time: 0, validators: vec![], signature: vec![] })
   };
   let unsigned_in_chain = |_: [u8; 32]| false;
-  let key = Zeroizing::new(<Ristretto as Ciphersuite>::F::random(&mut OsRng));
+  let key = Zeroizing::new(<Ristretto as WrappedGroup>::F::random(&mut OsRng));
 
   // We should be able to add transactions up to the limit
   for i in 0 .. ACCOUNT_MEMPOOL_LIMIT {

coordinator/tributary-sdk/src/tests/transaction/mod.rs

@@ -6,10 +6,8 @@ use rand::{RngCore, CryptoRng, rngs::OsRng};
 
 use blake2::{Digest, Blake2s256};
 
-use ciphersuite::{
-  group::{ff::Field, Group},
-  Ciphersuite, Ristretto,
-};
+use dalek_ff_group::Ristretto;
+use ciphersuite::*;
 use schnorr::SchnorrSignature;
 
 use scale::Encode;
@@ -33,11 +31,11 @@ mod tendermint;
 
 pub fn random_signed<R: RngCore + CryptoRng>(rng: &mut R) -> Signed {
   Signed {
-    signer: <Ristretto as Ciphersuite>::G::random(&mut *rng),
+    signer: <Ristretto as WrappedGroup>::G::random(&mut *rng),
     nonce: u32::try_from(rng.next_u64() >> 32 >> 1).unwrap(),
     signature: SchnorrSignature::<Ristretto> {
-      R: <Ristretto as Ciphersuite>::G::random(&mut *rng),
-      s: <Ristretto as Ciphersuite>::F::random(rng),
+      R: <Ristretto as WrappedGroup>::G::random(&mut *rng),
+      s: <Ristretto as WrappedGroup>::F::random(rng),
     },
   }
 }
@@ -136,18 +134,18 @@ impl Transaction for SignedTransaction {
 pub fn signed_transaction<R: RngCore + CryptoRng>(
   rng: &mut R,
   genesis: [u8; 32],
-  key: &Zeroizing<<Ristretto as Ciphersuite>::F>,
+  key: &Zeroizing<<Ristretto as WrappedGroup>::F>,
   nonce: u32,
 ) -> SignedTransaction {
   let mut data = vec![0; 512];
   rng.fill_bytes(&mut data);
 
-  let signer = <Ristretto as Ciphersuite>::generator() * **key;
+  let signer = <Ristretto as WrappedGroup>::generator() * **key;
 
   let mut tx =
     SignedTransaction(data, Signed { signer, nonce, signature: random_signed(rng).signature });
 
-  let sig_nonce = Zeroizing::new(<Ristretto as Ciphersuite>::F::random(rng));
+  let sig_nonce = Zeroizing::new(<Ristretto as WrappedGroup>::F::random(rng));
   tx.1.signature.R = Ristretto::generator() * sig_nonce.deref();
   tx.1.signature = SchnorrSignature::sign(key, sig_nonce, tx.sig_hash(genesis));
 
@@ -162,7 +160,7 @@ pub fn random_signed_transaction<R: RngCore + CryptoRng>(
   let mut genesis = [0; 32];
   rng.fill_bytes(&mut genesis);
 
-  let key = Zeroizing::new(<Ristretto as Ciphersuite>::F::random(&mut *rng));
+  let key = Zeroizing::new(<Ristretto as WrappedGroup>::F::random(&mut *rng));
   // Shift over an additional bit to ensure it won't overflow when incremented
   let nonce = u32::try_from(rng.next_u64() >> 32 >> 1).unwrap();
 
@@ -179,12 +177,11 @@ pub async fn tendermint_meta() -> ([u8; 32], Signer, [u8; 32], Arc<Validators>)
   // signer
   let genesis = new_genesis();
   let signer =
-    Signer::new(genesis, Zeroizing::new(<Ristretto as Ciphersuite>::F::random(&mut OsRng)));
+    Signer::new(genesis, Zeroizing::new(<Ristretto as WrappedGroup>::F::random(&mut OsRng)));
   let validator_id = signer.validator_id().await.unwrap();
 
   // schema
-  let signer_pub =
-    <Ristretto as Ciphersuite>::read_G::<&[u8]>(&mut validator_id.as_slice()).unwrap();
+  let signer_pub = <Ristretto as GroupIo>::read_G::<&[u8]>(&mut validator_id.as_slice()).unwrap();
   let validators = Arc::new(Validators::new(genesis, vec![(signer_pub, 1)]).unwrap());
 
   (genesis, signer, validator_id, validators)

coordinator/tributary-sdk/src/tests/transaction/signed.rs

@@ -2,7 +2,8 @@ use rand::rngs::OsRng;
 
 use blake2::{Digest, Blake2s256};
 
-use ciphersuite::{group::ff::Field, Ciphersuite, Ristretto};
+use dalek_ff_group::Ristretto;
+use ciphersuite::*;
 
 use crate::{
   ReadWrite,
@@ -68,7 +69,7 @@ fn signed_transaction() {
   }
   {
     let mut tx = tx.clone();
-    tx.1.signature.s += <Ristretto as Ciphersuite>::F::ONE;
+    tx.1.signature.s += <Ristretto as WrappedGroup>::F::ONE;
     assert!(verify_transaction(&tx, genesis, &mut |_, _| Some(tx.1.nonce)).is_err());
   }
 

coordinator/tributary-sdk/src/tests/transaction/tendermint.rs

@@ -3,7 +3,8 @@ use std::sync::Arc;
 use zeroize::Zeroizing;
 use rand::{RngCore, rngs::OsRng};
 
-use ciphersuite::{Ristretto, Ciphersuite, group::ff::Field};
+use dalek_ff_group::Ristretto;
+use ciphersuite::*;
 
 use scale::Encode;
 
@@ -260,7 +261,7 @@ async fn conflicting_msgs_evidence_tx() {
     let signed_1 = signed_for_b_r(0, 0, Data::Proposal(None, TendermintBlock(vec![0x11]))).await;
 
     let signer_2 =
-      Signer::new(genesis, Zeroizing::new(<Ristretto as Ciphersuite>::F::random(&mut OsRng)));
+      Signer::new(genesis, Zeroizing::new(<Ristretto as WrappedGroup>::F::random(&mut OsRng)));
     let signed_id_2 = signer_2.validator_id().await.unwrap();
     let signed_2 = signed_from_data::<N>(
       signer_2.into(),
@@ -277,10 +278,9 @@ async fn conflicting_msgs_evidence_tx() {
     ));
 
     // update schema so that we don't fail due to invalid signature
-    let signer_pub =
-      <Ristretto as Ciphersuite>::read_G::<&[u8]>(&mut signer_id.as_slice()).unwrap();
+    let signer_pub = <Ristretto as GroupIo>::read_G::<&[u8]>(&mut signer_id.as_slice()).unwrap();
     let signer_pub_2 =
-      <Ristretto as Ciphersuite>::read_G::<&[u8]>(&mut signed_id_2.as_slice()).unwrap();
+      <Ristretto as GroupIo>::read_G::<&[u8]>(&mut signed_id_2.as_slice()).unwrap();
     let validators =
       Arc::new(Validators::new(genesis, vec![(signer_pub, 1), (signer_pub_2, 1)]).unwrap());
 

coordinator/tributary-sdk/src/transaction.rs

@@ -8,8 +8,9 @@ use blake2::{Digest, Blake2b512};
 
 use ciphersuite::{
   group::{Group, GroupEncoding},
-  Ciphersuite, Ristretto,
+  *,
 };
+use dalek_ff_group::Ristretto;
 use schnorr::SchnorrSignature;
 
 use crate::{TRANSACTION_SIZE_LIMIT, ReadWrite};
@@ -42,7 +43,7 @@ pub enum TransactionError {
 /// Data for a signed transaction.
 #[derive(Clone, PartialEq, Eq, Debug)]
 pub struct Signed {
-  pub signer: <Ristretto as Ciphersuite>::G,
+  pub signer: <Ristretto as WrappedGroup>::G,
   pub nonce: u32,
   pub signature: SchnorrSignature<Ristretto>,
 }
@@ -159,10 +160,10 @@ pub trait Transaction: 'static + Send + Sync + Clone + Eq + Debug + ReadWrite {
   /// Do not override this unless you know what you're doing.
   ///
   /// Panics if called on non-signed transactions.
-  fn sig_hash(&self, genesis: [u8; 32]) -> <Ristretto as Ciphersuite>::F {
+  fn sig_hash(&self, genesis: [u8; 32]) -> <Ristretto as WrappedGroup>::F {
     match self.kind() {
       TransactionKind::Signed(order, Signed { signature, .. }) => {
-        <Ristretto as Ciphersuite>::F::from_bytes_mod_order_wide(
+        <Ristretto as WrappedGroup>::F::from_bytes_mod_order_wide(
           &Blake2b512::digest(
             [
               b"Tributary Signed Transaction",
@@ -181,8 +182,8 @@ pub trait Transaction: 'static + Send + Sync + Clone + Eq + Debug + ReadWrite {
   }
 }
 
-pub trait GAIN: FnMut(&<Ristretto as Ciphersuite>::G, &[u8]) -> Option<u32> {}
-impl<F: FnMut(&<Ristretto as Ciphersuite>::G, &[u8]) -> Option<u32>> GAIN for F {}
+pub trait GAIN: FnMut(&<Ristretto as WrappedGroup>::G, &[u8]) -> Option<u32> {}
+impl<F: FnMut(&<Ristretto as WrappedGroup>::G, &[u8]) -> Option<u32>> GAIN for F {}
 
 pub(crate) fn verify_transaction<F: GAIN, T: Transaction>(
   tx: &T,

coordinator/tributary-sdk/tendermint/Cargo.toml

@@ -6,7 +6,7 @@ license = "MIT"
 repository = "https://github.com/serai-dex/serai/tree/develop/coordinator/tendermint"
 authors = ["Luke Parker <lukeparker5132@gmail.com>"]
 edition = "2021"
-rust-version = "1.81"
+rust-version = "1.75"
 
 [package.metadata.docs.rs]
 all-features = true

coordinator/tributary-sdk/tendermint/LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2022-2023 Luke Parker
+Copyright (c) 2022-2025 Luke Parker
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

coordinator/tributary-sdk/tendermint/src/ext.rs

@@ -114,7 +114,6 @@ impl<S: SignatureScheme> SignatureScheme for Arc<S> {
     self.as_ref().aggregate(validators, msg, sigs)
   }
 
-  #[must_use]
   fn verify_aggregate(
     &self,
     signers: &[Self::ValidatorId],

coordinator/tributary-sdk/tendermint/src/lib.rs

@@ -1,3 +1,5 @@
+#![expect(clippy::cast_possible_truncation)]
+
 use core::fmt::Debug;
 
 use std::{

coordinator/tributary-sdk/tendermint/tests/ext.rs

@@ -46,7 +46,6 @@ impl SignatureScheme for TestSignatureScheme {
   type AggregateSignature = Vec<[u8; 32]>;
   type Signer = TestSigner;
 
-  #[must_use]
   fn verify(&self, validator: u16, msg: &[u8], sig: &[u8; 32]) -> bool {
     (sig[.. 2] == validator.to_le_bytes()) && (sig[2 ..] == [msg, &[0; 30]].concat()[.. 30])
   }
@@ -60,7 +59,6 @@ impl SignatureScheme for TestSignatureScheme {
     sigs.to_vec()
   }
 
-  #[must_use]
   fn verify_aggregate(
     &self,
     signers: &[TestValidatorId],

coordinator/tributary/Cargo.toml

@@ -8,7 +8,7 @@ authors = ["Luke Parker <lukeparker5132@gmail.com>"]
 keywords = []
 edition = "2021"
 publish = false
-rust-version = "1.81"
+rust-version = "1.85"
 
 [package.metadata.docs.rs]
 all-features = true
@@ -24,8 +24,9 @@ rand_core = { version = "0.6", default-features = false, features = ["std"] }
 scale = { package = "parity-scale-codec", version = "3", default-features = false, features = ["std", "derive"] }
 borsh = { version = "1", default-features = false, features = ["std", "derive", "de_strict_order"] }
 
-blake2 = { version = "0.10", default-features = false, features = ["std"] }
+blake2 = { version = "0.11.0-rc.0", default-features = false, features = ["alloc"] }
 ciphersuite = { path = "../../crypto/ciphersuite", default-features = false, features = ["std"] }
+dalek-ff-group = { path = "../../crypto/dalek-ff-group", default-features = false, features = ["std"] }
 dkg = { path = "../../crypto/dkg", default-features = false, features = ["std"] }
 schnorr = { package = "schnorr-signatures", path = "../../crypto/schnorr", default-features = false, features = ["std"] }
 

coordinator/tributary/src/db.rs

@@ -1,3 +1,5 @@
+#![expect(clippy::cast_possible_truncation)]
+
 use std::collections::HashMap;
 
 use scale::Encode;

coordinator/tributary/src/lib.rs

@@ -1,4 +1,4 @@
-#![cfg_attr(docsrs, feature(doc_auto_cfg))]
+#![cfg_attr(docsrs, feature(doc_cfg))]
 #![doc = include_str!("../README.md")]
 #![deny(missing_docs)]
 
@@ -253,7 +253,7 @@ impl<TD: Db, TDT: DbTxn, P: P2p> ScanBlock<'_, TD, TDT, P> {
         let signer = signer(signed);
 
         // Check the participant voted to be removed actually exists
-        if !self.validators.iter().any(|validator| *validator == participant) {
+        if !self.validators.contains(&participant) {
           TributaryDb::fatal_slash(
             self.tributary_txn,
             self.set.set,

coordinator/tributary/src/transaction.rs

@@ -6,9 +6,10 @@ use rand_core::{RngCore, CryptoRng};
 
 use blake2::{digest::typenum::U32, Digest, Blake2b};
 use ciphersuite::{
-  group::{ff::Field, Group, GroupEncoding},
-  Ciphersuite, Ristretto,
+  group::{Group, GroupEncoding},
+  *,
 };
+use dalek_ff_group::Ristretto;
 use schnorr::SchnorrSignature;
 
 use scale::Encode;
@@ -51,7 +52,7 @@ impl SigningProtocolRound {
 #[derive(Clone, Copy, PartialEq, Eq, Debug)]
 pub struct Signed {
   /// The signer.
-  signer: <Ristretto as Ciphersuite>::G,
+  signer: <Ristretto as WrappedGroup>::G,
   /// The signature.
   signature: SchnorrSignature<Ristretto>,
 }
@@ -72,7 +73,7 @@ impl BorshDeserialize for Signed {
 
 impl Signed {
   /// Fetch the signer.
-  pub(crate) fn signer(&self) -> <Ristretto as Ciphersuite>::G {
+  pub(crate) fn signer(&self) -> <Ristretto as WrappedGroup>::G {
     self.signer
   }
 
@@ -85,10 +86,10 @@ impl Signed {
 impl Default for Signed {
   fn default() -> Self {
     Self {
-      signer: <Ristretto as Ciphersuite>::G::identity(),
+      signer: <Ristretto as WrappedGroup>::G::identity(),
       signature: SchnorrSignature {
-        R: <Ristretto as Ciphersuite>::G::identity(),
-        s: <Ristretto as Ciphersuite>::F::ZERO,
+        R: <Ristretto as WrappedGroup>::G::identity(),
+        s: <Ristretto as WrappedGroup>::F::ZERO,
       },
     }
   }
@@ -355,7 +356,7 @@ impl Transaction {
     &mut self,
     rng: &mut R,
     genesis: [u8; 32],
-    key: &Zeroizing<<Ristretto as Ciphersuite>::F>,
+    key: &Zeroizing<<Ristretto as WrappedGroup>::F>,
   ) {
     fn signed(tx: &mut Transaction) -> &mut Signed {
       #[allow(clippy::match_same_arms)] // This doesn't make semantic sense here
@@ -379,13 +380,13 @@ impl Transaction {
     }
 
     // Decide the nonce to sign with
-    let sig_nonce = Zeroizing::new(<Ristretto as Ciphersuite>::F::random(rng));
+    let sig_nonce = Zeroizing::new(<Ristretto as WrappedGroup>::F::random(rng));
 
     {
       // Set the signer and the nonce
       let signed = signed(self);
       signed.signer = Ristretto::generator() * key.deref();
-      signed.signature.R = <Ristretto as Ciphersuite>::generator() * sig_nonce.deref();
+      signed.signature.R = <Ristretto as WrappedGroup>::generator() * sig_nonce.deref();
     }
 
     // Get the signature hash (which now includes `R || A` making it valid as the challenge)

crypto/ciphersuite/Cargo.toml

@@ -1,13 +1,13 @@
 [package]
 name = "ciphersuite"
-version = "0.4.1"
+version = "0.4.2"
 description = "Ciphersuites built around ff/group"
 license = "MIT"
 repository = "https://github.com/serai-dex/serai/tree/develop/crypto/ciphersuite"
 authors = ["Luke Parker <lukeparker5132@gmail.com>"]
 keywords = ["ciphersuite", "ff", "group"]
 edition = "2021"
-rust-version = "1.80"
+rust-version = "1.85"
 
 [package.metadata.docs.rs]
 all-features = true
@@ -17,69 +17,32 @@ rustdoc-args = ["--cfg", "docsrs"]
 workspace = true
 
 [dependencies]
-std-shims = { path = "../../common/std-shims", version = "^0.1.1", default-features = false, optional = true }
-
-rand_core = { version = "0.6", default-features = false }
+std-shims = { path = "../../common/std-shims", version = "0.1.4", default-features = false }
 
 zeroize = { version = "^1.5", default-features = false, features = ["derive"] }
 subtle = { version = "^2.4", default-features = false }
 
-digest = { version = "0.10", default-features = false }
-transcript = { package = "flexible-transcript", path = "../transcript", version = "^0.3.2", default-features = false }
-sha2 = { version = "0.10", default-features = false, optional = true }
-sha3 = { version = "0.10", default-features = false, optional = true }
+digest = { version = "0.11.0-rc.1", default-features = false }
 
 ff = { version = "0.13", default-features = false, features = ["bits"] }
 group = { version = "0.13", default-features = false }
 
-dalek-ff-group = { path = "../dalek-ff-group", version = "0.4", default-features = false, optional = true }
-
-elliptic-curve = { version = "0.13", default-features = false, features = ["hash2curve"], optional = true }
-p256 = { version = "^0.13.1", default-features = false, features = ["arithmetic", "bits", "hash2curve"], optional = true }
-k256 = { version = "^0.13.1", default-features = false, features = ["arithmetic", "bits", "hash2curve"], optional = true }
-
-minimal-ed448 = { path = "../ed448", version = "0.4", default-features = false, optional = true }
-
 [dev-dependencies]
 hex = { version = "0.4", default-features = false, features = ["std"] }
 
-rand_core = { version = "0.6", default-features = false, features = ["std"] }
-
 ff-group-tests = { version = "0.13", path = "../ff-group-tests" }
 
 [features]
-alloc = ["std-shims"]
+alloc = ["zeroize/alloc", "digest/alloc", "ff/alloc"]
 std = [
-  "std-shims/std",
+  "alloc",
 
-  "rand_core/std",
+  "std-shims/std",
 
   "zeroize/std",
   "subtle/std",
 
-  "digest/std",
-  "transcript/std",
-  "sha2?/std",
-  "sha3?/std",
-
   "ff/std",
-
-  "dalek-ff-group?/std",
-
-  "elliptic-curve?/std",
-  "p256?/std",
-  "k256?/std",
-  "minimal-ed448?/std",
 ]
 
-dalek = ["sha2", "dalek-ff-group"]
-ed25519 = ["dalek"]
-ristretto = ["dalek"]
-
-kp256 = ["sha2", "elliptic-curve"]
-p256 = ["kp256", "dep:p256"]
-secp256k1 = ["kp256", "k256"]
-
-ed448 = ["sha3", "minimal-ed448"]
-
 default = ["std"]

crypto/ciphersuite/LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2021-2023 Luke Parker
+Copyright (c) 2021-2025 Luke Parker
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

crypto/ciphersuite/README.md

@@ -17,9 +17,7 @@ Secp256k1 and P-256 are offered via [k256](https://crates.io/crates/k256) and
 [p256](https://crates.io/crates/p256), two libraries maintained by
 [RustCrypto](https://github.com/RustCrypto).
 
-Their `hash_to_F` is the
-[IETF's hash to curve](https://www.ietf.org/archive/id/draft-irtf-cfrg-hash-to-curve-16.html),
-yet applied to their scalar field.
+Please see the [`ciphersuite-kp256`](https://docs.rs/ciphersuite-kp256) crate for more info.
 
 ### Ed25519/Ristretto
 
@@ -27,11 +25,7 @@ Ed25519/Ristretto are offered via
 [dalek-ff-group](https://crates.io/crates/dalek-ff-group), an ff/group wrapper
 around [curve25519-dalek](https://crates.io/crates/curve25519-dalek).
 
-Their `hash_to_F` is the wide reduction of SHA2-512, as used in
-[RFC-8032](https://www.rfc-editor.org/rfc/rfc8032). This is also compliant with
-the draft
-[RFC-RISTRETTO](https://www.ietf.org/archive/id/draft-irtf-cfrg-ristretto255-decaf448-05.html).
-The domain-separation tag is naively prefixed to the message.
+Please see the [`dalek-ff-group`](https://docs.rs/dalek-ff-group) crate for more info.
 
 ### Ed448
 
@@ -39,6 +33,4 @@ Ed448 is offered via [minimal-ed448](https://crates.io/crates/minimal-ed448), an
 explicitly not recommended, unaudited, incomplete Ed448 implementation, limited
 to its prime-order subgroup.
 
-Its `hash_to_F` is the wide reduction of SHAKE256, with a 114-byte output, as
-used in [RFC-8032](https://www.rfc-editor.org/rfc/rfc8032). The
-domain-separation tag is naively prefixed to the message.
+Please see the [`minimal-ed448`](https://docs.rs/minimal-ed448) crate for more info.

crypto/ciphersuite/kp256/Cargo.toml

@@ -0,0 +1,51 @@
+[package]
+name = "ciphersuite-kp256"
+version = "0.4.0"
+description = "Ciphersuites built around ff/group"
+license = "MIT"
+repository = "https://github.com/serai-dex/serai/tree/develop/crypto/ciphersuite/kp256"
+authors = ["Luke Parker <lukeparker5132@gmail.com>"]
+keywords = ["ciphersuite", "ff", "group"]
+edition = "2021"
+rust-version = "1.85"
+
+[package.metadata.docs.rs]
+all-features = true
+rustdoc-args = ["--cfg", "docsrs"]
+
+[lints]
+workspace = true
+
+[dependencies]
+rand_core = { version = "0.6", default-features = false }
+
+zeroize = { version = "^1.5", default-features = false, features = ["derive"] }
+
+sha2 = { version = "0.11.0-rc.2", default-features = false }
+
+p256 = { version = "^0.13.1", default-features = false, features = ["arithmetic", "bits", "hash2curve"] }
+k256 = { version = "^0.13.1", default-features = false, features = ["arithmetic", "bits", "hash2curve"] }
+
+ciphersuite = { path = "../", version = "0.4", default-features = false }
+
+[dev-dependencies]
+hex = { version = "0.4", default-features = false, features = ["std"] }
+
+rand_core = { version = "0.6", default-features = false, features = ["std"] }
+
+ff-group-tests = { version = "0.13", path = "../../ff-group-tests" }
+
+[features]
+alloc = ["ciphersuite/alloc"]
+std = [
+  "rand_core/std",
+
+  "zeroize/std",
+
+  "p256/std",
+  "k256/std",
+
+  "ciphersuite/std",
+]
+
+default = ["std"]

crypto/ciphersuite/kp256/LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2023-2024 Luke Parker
+Copyright (c) 2021-2025 Luke Parker
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

crypto/ciphersuite/kp256/README.md

@@ -0,0 +1,3 @@
+# Ciphersuite {k, p}256
+
+SECP256k1 and P-256 Ciphersuites around k256 and p256.

crypto/ciphersuite/kp256/src/lib.rs

@@ -0,0 +1,54 @@
+#![cfg_attr(docsrs, feature(doc_cfg))]
+#![cfg_attr(not(feature = "std"), no_std)]
+
+use zeroize::Zeroize;
+
+use sha2::Sha512;
+
+use ciphersuite::{WrappedGroup, Id, WithPreferredHash, GroupCanonicalEncoding};
+
+pub use k256;
+pub use p256;
+
+macro_rules! kp_curve {
+  (
+    $feature: literal,
+    $lib:     ident,
+
+    $Ciphersuite: ident,
+    $ID:          literal
+  ) => {
+    impl WrappedGroup for $Ciphersuite {
+      type F = $lib::Scalar;
+      type G = $lib::ProjectivePoint;
+      fn generator() -> Self::G {
+        $lib::ProjectivePoint::GENERATOR
+      }
+    }
+    impl Id for $Ciphersuite {
+      const ID: &'static [u8] = $ID;
+    }
+    impl WithPreferredHash for $Ciphersuite {
+      type H = Sha512;
+    }
+    impl GroupCanonicalEncoding for $Ciphersuite {}
+  };
+}
+
+/// Ciphersuite for Secp256k1.
+#[derive(Clone, Copy, PartialEq, Eq, Debug, Zeroize)]
+pub struct Secp256k1;
+kp_curve!("secp256k1", k256, Secp256k1, b"secp256k1");
+#[test]
+fn test_secp256k1() {
+  ff_group_tests::group::test_prime_group_bits::<_, k256::ProjectivePoint>(&mut rand_core::OsRng);
+}
+
+/// Ciphersuite for P-256.
+#[derive(Clone, Copy, PartialEq, Eq, Debug, Zeroize)]
+pub struct P256;
+kp_curve!("p256", p256, P256, b"P-256");
+#[test]
+fn test_p256() {
+  ff_group_tests::group::test_prime_group_bits::<_, p256::ProjectivePoint>(&mut rand_core::OsRng);
+}