add validator sets pallet tests

monero-wallet ships an Eventuality, yet it's across the entire transaction. It
can't prove a single output's state with a traditional payment proof. By adding
this new object, another library can obtain the ephemeral randomness used and
do any/every proof they want regarding a transaction's outputs.

Necessary for https://github.com/serai-dex/serai/issues/599.

.github/workflows/monero-tests.yaml

@@ -39,9 +39,6 @@ jobs:
           GITHUB_CI=true RUST_BACKTRACE=1 cargo test --package monero-simple-request-rpc --lib
           GITHUB_CI=true RUST_BACKTRACE=1 cargo test --package monero-address --lib
           GITHUB_CI=true RUST_BACKTRACE=1 cargo test --package monero-wallet --lib
-          GITHUB_CI=true RUST_BACKTRACE=1 cargo test --package monero-seed --lib
-          GITHUB_CI=true RUST_BACKTRACE=1 cargo test --package polyseed --lib
-          GITHUB_CI=true RUST_BACKTRACE=1 cargo test --package monero-wallet-util --lib
 
       # Doesn't run unit tests with features as the tests workflow will
 
@@ -65,7 +62,6 @@ jobs:
           GITHUB_CI=true RUST_BACKTRACE=1 cargo test --package monero-serai --test '*'
           GITHUB_CI=true RUST_BACKTRACE=1 cargo test --package monero-simple-request-rpc --test '*'
           GITHUB_CI=true RUST_BACKTRACE=1 cargo test --package monero-wallet --test '*'
-          GITHUB_CI=true RUST_BACKTRACE=1 cargo test --package monero-wallet-util --test '*'
 
       - name: Run Integration Tests
         # Don't run if the the tests workflow also will
@@ -74,4 +70,3 @@ jobs:
           GITHUB_CI=true RUST_BACKTRACE=1 cargo test --package monero-serai --all-features --test '*'
           GITHUB_CI=true RUST_BACKTRACE=1 cargo test --package monero-simple-request-rpc --test '*'
           GITHUB_CI=true RUST_BACKTRACE=1 cargo test --package monero-wallet --all-features --test '*'
-          GITHUB_CI=true RUST_BACKTRACE=1 cargo test --package monero-wallet-util --all-features --test '*'

.github/workflows/networks-tests.yml

@@ -45,7 +45,4 @@ jobs:
             -p monero-simple-request-rpc \
             -p monero-address \
             -p monero-wallet \
-            -p monero-seed \
-            -p polyseed \
-            -p monero-wallet-util \
             -p monero-serai-verify-chain

Cargo.lock

@@ -4959,19 +4959,6 @@ dependencies = [
  "zeroize",
 ]
 
-[[package]]
-name = "monero-seed"
-version = "0.1.0"
-dependencies = [
- "curve25519-dalek",
- "hex",
- "monero-primitives",
- "rand_core",
- "std-shims",
- "thiserror",
- "zeroize",
-]
-
 [[package]]
 name = "monero-serai"
 version = "0.1.4-alpha"
@@ -5046,21 +5033,6 @@ dependencies = [
  "zeroize",
 ]
 
-[[package]]
-name = "monero-wallet-util"
-version = "0.1.0"
-dependencies = [
- "curve25519-dalek",
- "hex",
- "monero-seed",
- "monero-wallet",
- "polyseed",
- "rand_core",
- "std-shims",
- "thiserror",
- "zeroize",
-]
-
 [[package]]
 name = "multiaddr"
 version = "0.18.1"
@@ -5775,17 +5747,6 @@ version = "0.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7924d1d0ad836f665c9065e26d016c673ece3993f30d340068b16f282afc1156"
 
-[[package]]
-name = "password-hash"
-version = "0.5.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "346f04948ba92c43e8469c1ee6736c7563d71012b17d40745260fe106aac2166"
-dependencies = [
- "base64ct",
- "rand_core",
- "subtle",
-]
-
 [[package]]
 name = "pasta_curves"
 version = "0.5.1"
@@ -5830,9 +5791,6 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f8ed6a7761f76e3b9f92dfb0a60a6a6477c61024b775147ff0973a02653abaf2"
 dependencies = [
  "digest 0.10.7",
- "hmac",
- "password-hash",
- "sha2",
 ]
 
 [[package]]
@@ -5945,20 +5903,6 @@ dependencies = [
  "universal-hash",
 ]
 
-[[package]]
-name = "polyseed"
-version = "0.1.0"
-dependencies = [
- "hex",
- "pbkdf2 0.12.2",
- "rand_core",
- "sha3",
- "std-shims",
- "subtle",
- "thiserror",
- "zeroize",
-]
-
 [[package]]
 name = "polyval"
 version = "0.6.2"
@@ -8370,7 +8314,7 @@ dependencies = [
  "dleq",
  "flexible-transcript",
  "minimal-ed448",
- "monero-wallet-util",
+ "monero-wallet",
  "multiexp",
  "schnorr-signatures",
 ]
@@ -8620,24 +8564,31 @@ dependencies = [
 name = "serai-validator-sets-pallet"
 version = "0.1.0"
 dependencies = [
+ "ciphersuite",
  "frame-support",
  "frame-system",
+ "frost-schnorrkel",
  "hashbrown 0.14.5",
+ "modular-frost",
  "pallet-babe",
  "pallet-grandpa",
+ "pallet-timestamp",
  "parity-scale-codec",
+ "rand_core",
  "scale-info",
  "serai-coins-pallet",
  "serai-dex-pallet",
  "serai-primitives",
  "serai-validator-sets-primitives",
  "sp-application-crypto",
+ "sp-consensus-babe",
  "sp-core",
  "sp-io",
  "sp-runtime",
  "sp-session",
  "sp-staking",
  "sp-std",
+ "zeroize",
 ]
 
 [[package]]

Cargo.toml

@@ -55,9 +55,6 @@ members = [
   "networks/monero/rpc/simple-request",
   "networks/monero/wallet/address",
   "networks/monero/wallet",
-  "networks/monero/wallet/seed",
-  "networks/monero/wallet/polyseed",
-  "networks/monero/wallet/util",
   "networks/monero/verify-chain",
 
   "message-queue",

networks/bitcoin/src/wallet/send.rs

@@ -44,7 +44,7 @@ pub enum TransactionError {
   #[error("fee was too low to pass the default minimum fee rate")]
   TooLowFee,
   #[error("not enough funds for these payments")]
-  NotEnoughFunds,
+  NotEnoughFunds { inputs: u64, payments: u64, fee: u64 },
   #[error("transaction was too large")]
   TooLargeTransaction,
 }
@@ -213,7 +213,11 @@ impl SignableTransaction {
     }
 
     if input_sat < (payment_sat + needed_fee) {
-      Err(TransactionError::NotEnoughFunds)?;
+      Err(TransactionError::NotEnoughFunds {
+        inputs: input_sat,
+        payments: payment_sat,
+        fee: needed_fee,
+      })?;
     }
 
     // If there's a change address, check if there's change to give it
@@ -258,9 +262,9 @@ impl SignableTransaction {
     res
   }
 
-  /// Returns the outputs this transaction will create.
-  pub fn outputs(&self) -> &[TxOut] {
-    &self.tx.output
+  /// Returns the transaction, sans witness, this will create if signed.
+  pub fn transaction(&self) -> &Transaction {
+    &self.tx
   }
 
   /// Create a multisig machine for this transaction.

networks/bitcoin/tests/wallet.rs

@@ -195,10 +195,10 @@ async_sequential! {
       Err(TransactionError::TooLowFee),
     );
 
-    assert_eq!(
+    assert!(matches!(
       SignableTransaction::new(inputs.clone(), &[(addr(), inputs[0].value() * 2)], None, None, FEE),
-      Err(TransactionError::NotEnoughFunds),
-    );
+      Err(TransactionError::NotEnoughFunds { .. }),
+    ));
 
     assert_eq!(
       SignableTransaction::new(inputs, &vec![(addr(), 1000); 10000], None, None, FEE),

networks/monero/rpc/src/lib.rs

@@ -249,7 +249,7 @@ fn rpc_point(point: &str) -> Result<EdwardsPoint, RpcError> {
 /// While no implementors are directly provided, [monero-simple-request-rpc](
 ///   https://github.com/serai-dex/serai/tree/develop/networks/monero/rpc/simple-request
 /// ) is recommended.
-pub trait Rpc: Sync + Clone + Debug {
+pub trait Rpc: Sync + Clone {
   /// Perform a POST request to the specified route with the specified body.
   ///
   /// The implementor is left to handle anything such as authentication.
@@ -1003,10 +1003,10 @@ pub trait Rpc: Sync + Clone + Debug {
 /// An implementation is provided for any satisfier of `Rpc`. It is not recommended to use an `Rpc`
 /// object to satisfy this. This should be satisfied by a local store of the output distribution,
 /// both for performance and to prevent potential attacks a remote node can perform.
-pub trait DecoyRpc: Sync + Clone + Debug {
+pub trait DecoyRpc: Sync {
   /// Get the height the output distribution ends at.
   ///
-  /// This is equivalent to the hight of the blockchain it's for. This is intended to be cheaper
+  /// This is equivalent to the height of the blockchain it's for. This is intended to be cheaper
   /// than fetching the entire output distribution.
   fn get_output_distribution_end_height(
     &self,

networks/monero/src/block.rs

@@ -79,10 +79,13 @@ pub struct Block {
 }
 
 impl Block {
-  /// The zero-index position of this block within the blockchain.
+  /// The zero-indexed position of this block within the blockchain.
   ///
   /// This information comes from the Block's miner transaction. If the miner transaction isn't
-  /// structed as expected, this will return None.
+  /// structed as expected, this will return None. This will return Some for any Block which would
+  /// pass the consensus rules.
+  // https://github.com/monero-project/monero/blob/a1dc85c5373a30f14aaf7dcfdd95f5a7375d3623
+  //   /src/cryptonote_core/blockchain.cpp#L1365-L1382
   pub fn number(&self) -> Option<usize> {
     match &self.miner_transaction {
       Transaction::V1 { prefix, .. } | Transaction::V2 { prefix, .. } => {

networks/monero/wallet/polyseed/Cargo.toml

@@ -1,46 +0,0 @@
-[package]
-name = "polyseed"
-version = "0.1.0"
-description = "Rust implementation of Polyseed"
-license = "MIT"
-repository = "https://github.com/serai-dex/serai/tree/develop/networks/monero/wallet/polyseed"
-authors = ["Luke Parker <lukeparker5132@gmail.com>"]
-edition = "2021"
-rust-version = "1.80"
-
-[package.metadata.docs.rs]
-all-features = true
-rustdoc-args = ["--cfg", "docsrs"]
-
-[lints]
-workspace = true
-
-[dependencies]
-std-shims = { path = "../../../../common/std-shims", version = "^0.1.1", default-features = false }
-
-thiserror = { version = "1", default-features = false, optional = true }
-
-subtle = { version = "^2.4", default-features = false }
-zeroize = { version = "^1.5", default-features = false, features = ["zeroize_derive"] }
-rand_core = { version = "0.6", default-features = false }
-
-sha3 = { version = "0.10", default-features = false }
-pbkdf2 = { version = "0.12", features = ["simple"], default-features = false }
-
-[dev-dependencies]
-hex = { version = "0.4", default-features = false, features = ["std"] }
-
-[features]
-std = [
-  "std-shims/std",
-
-  "thiserror",
-
-  "subtle/std",
-  "zeroize/std",
-  "rand_core/std",
-
-  "sha3/std",
-  "pbkdf2/std",
-]
-default = ["std"]

networks/monero/wallet/polyseed/LICENSE

@@ -1,21 +0,0 @@
-MIT License
-
-Copyright (c) 2022-2024 Luke Parker
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.

networks/monero/wallet/polyseed/README.md

@@ -1,11 +0,0 @@
-# Polyseed
-
-Rust implementation of [Polyseed](https://github.com/tevador/polyseed).
-
-This library is usable under no-std when the `std` feature (on by default) is
-disabled.
-
-### Cargo Features
-
-- `std` (on by default): Enables `std` (and with it, more efficient internal
-  implementations).

networks/monero/wallet/polyseed/src/lib.rs

@@ -1,473 +0,0 @@
-#![cfg_attr(docsrs, feature(doc_auto_cfg))]
-#![doc = include_str!("../README.md")]
-#![deny(missing_docs)]
-#![cfg_attr(not(feature = "std"), no_std)]
-
-use core::fmt;
-use std_shims::{sync::LazyLock, string::String, collections::HashMap};
-#[cfg(feature = "std")]
-use std::time::{SystemTime, UNIX_EPOCH};
-
-use subtle::ConstantTimeEq;
-use zeroize::{Zeroize, Zeroizing, ZeroizeOnDrop};
-use rand_core::{RngCore, CryptoRng};
-
-use sha3::Sha3_256;
-use pbkdf2::pbkdf2_hmac;
-
-#[cfg(test)]
-mod tests;
-
-// Features
-const FEATURE_BITS: u8 = 5;
-#[allow(dead_code)]
-const INTERNAL_FEATURES: u8 = 2;
-const USER_FEATURES: u8 = 3;
-
-const USER_FEATURES_MASK: u8 = (1 << USER_FEATURES) - 1;
-const ENCRYPTED_MASK: u8 = 1 << 4;
-const RESERVED_FEATURES_MASK: u8 = ((1 << FEATURE_BITS) - 1) ^ ENCRYPTED_MASK;
-
-fn user_features(features: u8) -> u8 {
-  features & USER_FEATURES_MASK
-}
-
-fn polyseed_features_supported(features: u8) -> bool {
-  (features & RESERVED_FEATURES_MASK) == 0
-}
-
-// Dates
-const DATE_BITS: u8 = 10;
-const DATE_MASK: u16 = (1u16 << DATE_BITS) - 1;
-const POLYSEED_EPOCH: u64 = 1635768000; // 1st November 2021 12:00 UTC
-const TIME_STEP: u64 = 2629746; // 30.436875 days = 1/12 of the Gregorian year
-
-// After ~85 years, this will roll over.
-fn birthday_encode(time: u64) -> u16 {
-  u16::try_from((time.saturating_sub(POLYSEED_EPOCH) / TIME_STEP) & u64::from(DATE_MASK))
-    .expect("value masked by 2**10 - 1 didn't fit into a u16")
-}
-
-fn birthday_decode(birthday: u16) -> u64 {
-  POLYSEED_EPOCH + (u64::from(birthday) * TIME_STEP)
-}
-
-// Polyseed parameters
-const SECRET_BITS: usize = 150;
-
-const BITS_PER_BYTE: usize = 8;
-const SECRET_SIZE: usize = SECRET_BITS.div_ceil(BITS_PER_BYTE); // 19
-const CLEAR_BITS: usize = (SECRET_SIZE * BITS_PER_BYTE) - SECRET_BITS; // 2
-
-// Polyseed calls this CLEAR_MASK and has a very complicated formula for this fundamental
-// equivalency
-#[allow(clippy::cast_possible_truncation)]
-const LAST_BYTE_SECRET_BITS_MASK: u8 = ((1 << (BITS_PER_BYTE - CLEAR_BITS)) - 1) as u8;
-
-const SECRET_BITS_PER_WORD: usize = 10;
-
-// The amount of words in a seed.
-const POLYSEED_LENGTH: usize = 16;
-// Amount of characters each word must have if trimmed
-pub(crate) const PREFIX_LEN: usize = 4;
-
-const POLY_NUM_CHECK_DIGITS: usize = 1;
-const DATA_WORDS: usize = POLYSEED_LENGTH - POLY_NUM_CHECK_DIGITS;
-
-// Polynomial
-const GF_BITS: usize = 11;
-const POLYSEED_MUL2_TABLE: [u16; 8] = [5, 7, 1, 3, 13, 15, 9, 11];
-
-type Poly = [u16; POLYSEED_LENGTH];
-
-fn elem_mul2(x: u16) -> u16 {
-  if x < 1024 {
-    return 2 * x;
-  }
-  POLYSEED_MUL2_TABLE[usize::from(x % 8)] + (16 * ((x - 1024) / 8))
-}
-
-fn poly_eval(poly: &Poly) -> u16 {
-  // Horner's method at x = 2
-  let mut result = poly[POLYSEED_LENGTH - 1];
-  for i in (0 .. (POLYSEED_LENGTH - 1)).rev() {
-    result = elem_mul2(result) ^ poly[i];
-  }
-  result
-}
-
-// Key gen parameters
-const POLYSEED_SALT: &[u8] = b"POLYSEED key";
-const POLYSEED_KEYGEN_ITERATIONS: u32 = 10000;
-
-// Polyseed technically supports multiple coins, and the value for Monero is 0
-// See: https://github.com/tevador/polyseed/blob/dfb05d8edb682b0e8f743b1b70c9131712ff4157
-//   /include/polyseed.h#L57
-const COIN: u16 = 0;
-
-/// An error when working with a Polyseed.
-#[derive(Clone, Copy, PartialEq, Eq, Debug)]
-#[cfg_attr(feature = "std", derive(thiserror::Error))]
-pub enum PolyseedError {
-  /// The seed was invalid.
-  #[cfg_attr(feature = "std", error("invalid seed"))]
-  InvalidSeed,
-  /// The entropy was invalid.
-  #[cfg_attr(feature = "std", error("invalid entropy"))]
-  InvalidEntropy,
-  /// The checksum did not match the data.
-  #[cfg_attr(feature = "std", error("invalid checksum"))]
-  InvalidChecksum,
-  /// Unsupported feature bits were set.
-  #[cfg_attr(feature = "std", error("unsupported features"))]
-  UnsupportedFeatures,
-}
-
-/// Language options for Polyseed.
-#[derive(Clone, Copy, PartialEq, Eq, Hash, Debug, Zeroize)]
-pub enum Language {
-  /// English language option.
-  English,
-  /// Spanish language option.
-  Spanish,
-  /// French language option.
-  French,
-  /// Italian language option.
-  Italian,
-  /// Japanese language option.
-  Japanese,
-  /// Korean language option.
-  Korean,
-  /// Czech language option.
-  Czech,
-  /// Portuguese language option.
-  Portuguese,
-  /// Simplified Chinese language option.
-  ChineseSimplified,
-  /// Traditional Chinese language option.
-  ChineseTraditional,
-}
-
-struct WordList {
-  words: &'static [&'static str],
-  has_prefix: bool,
-  has_accent: bool,
-}
-
-impl WordList {
-  fn new(words: &'static [&'static str], has_prefix: bool, has_accent: bool) -> WordList {
-    let res = WordList { words, has_prefix, has_accent };
-    // This is needed for a later unwrap to not fails
-    assert!(words.len() < usize::from(u16::MAX));
-    res
-  }
-}
-
-static LANGUAGES: LazyLock<HashMap<Language, WordList>> = LazyLock::new(|| {
-  HashMap::from([
-    (Language::Czech, WordList::new(include!("./words/cs.rs"), true, false)),
-    (Language::French, WordList::new(include!("./words/fr.rs"), true, true)),
-    (Language::Korean, WordList::new(include!("./words/ko.rs"), false, false)),
-    (Language::English, WordList::new(include!("./words/en.rs"), true, false)),
-    (Language::Italian, WordList::new(include!("./words/it.rs"), true, false)),
-    (Language::Spanish, WordList::new(include!("./words/es.rs"), true, true)),
-    (Language::Japanese, WordList::new(include!("./words/ja.rs"), false, false)),
-    (Language::Portuguese, WordList::new(include!("./words/pt.rs"), true, false)),
-    (
-      Language::ChineseSimplified,
-      WordList::new(include!("./words/zh_simplified.rs"), false, false),
-    ),
-    (
-      Language::ChineseTraditional,
-      WordList::new(include!("./words/zh_traditional.rs"), false, false),
-    ),
-  ])
-});
-
-/// A Polyseed.
-#[derive(Clone, PartialEq, Eq, Zeroize, ZeroizeOnDrop)]
-pub struct Polyseed {
-  language: Language,
-  features: u8,
-  birthday: u16,
-  entropy: Zeroizing<[u8; 32]>,
-  checksum: u16,
-}
-
-impl fmt::Debug for Polyseed {
-  fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
-    f.debug_struct("Polyseed").finish_non_exhaustive()
-  }
-}
-
-fn valid_entropy(entropy: &Zeroizing<[u8; 32]>) -> bool {
-  // Last byte of the entropy should only use certain bits
-  let mut res =
-    entropy[SECRET_SIZE - 1].ct_eq(&(entropy[SECRET_SIZE - 1] & LAST_BYTE_SECRET_BITS_MASK));
-  // Last 13 bytes of the buffer should be unused
-  for b in SECRET_SIZE .. entropy.len() {
-    res &= entropy[b].ct_eq(&0);
-  }
-  res.into()
-}
-
-impl Polyseed {
-  // TODO: Clean this
-  fn to_poly(&self) -> Poly {
-    let mut extra_bits = u32::from(FEATURE_BITS + DATE_BITS);
-    let extra_val = (u16::from(self.features) << DATE_BITS) | self.birthday;
-
-    let mut entropy_idx = 0;
-    let mut secret_bits = BITS_PER_BYTE;
-    let mut seed_rem_bits = SECRET_BITS - BITS_PER_BYTE;
-
-    let mut poly = [0; POLYSEED_LENGTH];
-    for i in 0 .. DATA_WORDS {
-      extra_bits -= 1;
-
-      let mut word_bits = 0;
-      let mut word_val = 0;
-      while word_bits < SECRET_BITS_PER_WORD {
-        if secret_bits == 0 {
-          entropy_idx += 1;
-          secret_bits = seed_rem_bits.min(BITS_PER_BYTE);
-          seed_rem_bits -= secret_bits;
-        }
-        let chunk_bits = secret_bits.min(SECRET_BITS_PER_WORD - word_bits);
-        secret_bits -= chunk_bits;
-        word_bits += chunk_bits;
-        word_val <<= chunk_bits;
-        word_val |=
-          (u16::from(self.entropy[entropy_idx]) >> secret_bits) & ((1u16 << chunk_bits) - 1);
-      }
-
-      word_val <<= 1;
-      word_val |= (extra_val >> extra_bits) & 1;
-      poly[POLY_NUM_CHECK_DIGITS + i] = word_val;
-    }
-
-    poly
-  }
-
-  fn from_internal(
-    language: Language,
-    masked_features: u8,
-    encoded_birthday: u16,
-    entropy: Zeroizing<[u8; 32]>,
-  ) -> Result<Polyseed, PolyseedError> {
-    if !polyseed_features_supported(masked_features) {
-      Err(PolyseedError::UnsupportedFeatures)?;
-    }
-
-    if !valid_entropy(&entropy) {
-      Err(PolyseedError::InvalidEntropy)?;
-    }
-
-    let mut res = Polyseed {
-      language,
-      birthday: encoded_birthday,
-      features: masked_features,
-      entropy,
-      checksum: 0,
-    };
-    res.checksum = poly_eval(&res.to_poly());
-    Ok(res)
-  }
-
-  /// Create a new `Polyseed` with specific internals.
-  ///
-  /// `birthday` is defined in seconds since the epoch.
-  pub fn from(
-    language: Language,
-    features: u8,
-    birthday: u64,
-    entropy: Zeroizing<[u8; 32]>,
-  ) -> Result<Polyseed, PolyseedError> {
-    Self::from_internal(language, user_features(features), birthday_encode(birthday), entropy)
-  }
-
-  /// Create a new `Polyseed`.
-  ///
-  /// This uses the system's time for the birthday, if available, else 0.
-  pub fn new<R: RngCore + CryptoRng>(rng: &mut R, language: Language) -> Polyseed {
-    // Get the birthday
-    #[cfg(feature = "std")]
-    let birthday =
-      SystemTime::now().duration_since(UNIX_EPOCH).unwrap_or(core::time::Duration::ZERO).as_secs();
-    #[cfg(not(feature = "std"))]
-    let birthday = 0;
-
-    // Derive entropy
-    let mut entropy = Zeroizing::new([0; 32]);
-    rng.fill_bytes(entropy.as_mut());
-    entropy[SECRET_SIZE ..].fill(0);
-    entropy[SECRET_SIZE - 1] &= LAST_BYTE_SECRET_BITS_MASK;
-
-    Self::from(language, 0, birthday, entropy).unwrap()
-  }
-
-  /// Create a new `Polyseed` from a String.
-  #[allow(clippy::needless_pass_by_value)]
-  pub fn from_string(lang: Language, seed: Zeroizing<String>) -> Result<Polyseed, PolyseedError> {
-    // Decode the seed into its polynomial coefficients
-    let mut poly = [0; POLYSEED_LENGTH];
-
-    // Validate words are in the lang word list
-    let lang_word_list: &WordList = &LANGUAGES[&lang];
-    for (i, word) in seed.split_whitespace().enumerate() {
-      // Find the word's index
-      fn check_if_matches<S: AsRef<str>, I: Iterator<Item = S>>(
-        has_prefix: bool,
-        mut lang_words: I,
-        word: &str,
-      ) -> Option<usize> {
-        if has_prefix {
-          // Get the position of the word within the iterator
-          // Doesn't use starts_with and some words are substrs of others, leading to false
-          // positives
-          let mut get_position = || {
-            lang_words.position(|lang_word| {
-              let mut lang_word = lang_word.as_ref().chars();
-              let mut word = word.chars();
-
-              let mut res = true;
-              for _ in 0 .. PREFIX_LEN {
-                res &= lang_word.next() == word.next();
-              }
-              res
-            })
-          };
-          let res = get_position();
-          // If another word has this prefix, don't call it a match
-          if get_position().is_some() {
-            return None;
-          }
-          res
-        } else {
-          lang_words.position(|lang_word| lang_word.as_ref() == word)
-        }
-      }
-
-      let Some(coeff) = (if lang_word_list.has_accent {
-        let ascii = |word: &str| word.chars().filter(char::is_ascii).collect::<String>();
-        check_if_matches(
-          lang_word_list.has_prefix,
-          lang_word_list.words.iter().map(|lang_word| ascii(lang_word)),
-          &ascii(word),
-        )
-      } else {
-        check_if_matches(lang_word_list.has_prefix, lang_word_list.words.iter(), word)
-      }) else {
-        Err(PolyseedError::InvalidSeed)?
-      };
-
-      // WordList asserts the word list length is less than u16::MAX
-      poly[i] = u16::try_from(coeff).expect("coeff exceeded u16");
-    }
-
-    // xor out the coin
-    poly[POLY_NUM_CHECK_DIGITS] ^= COIN;
-
-    // Validate the checksum
-    if poly_eval(&poly) != 0 {
-      Err(PolyseedError::InvalidChecksum)?;
-    }
-
-    // Convert the polynomial into entropy
-    let mut entropy = Zeroizing::new([0; 32]);
-
-    let mut extra = 0;
-
-    let mut entropy_idx = 0;
-    let mut entropy_bits = 0;
-
-    let checksum = poly[0];
-    for mut word_val in poly.into_iter().skip(POLY_NUM_CHECK_DIGITS) {
-      // Parse the bottom bit, which is one of the bits of extra
-      // This iterates for less than 16 iters, meaning this won't drop any bits
-      extra <<= 1;
-      extra |= word_val & 1;
-      word_val >>= 1;
-
-      // 10 bits per word creates a [8, 2], [6, 4], [4, 6], [2, 8] cycle
-      // 15 % 4 is 3, leaving 2 bits off, and 152 (19 * 8) - 2 is 150, the amount of bits in the
-      // secret
-      let mut word_bits = GF_BITS - 1;
-      while word_bits > 0 {
-        if entropy_bits == BITS_PER_BYTE {
-          entropy_idx += 1;
-          entropy_bits = 0;
-        }
-        let chunk_bits = word_bits.min(BITS_PER_BYTE - entropy_bits);
-        word_bits -= chunk_bits;
-        let chunk_mask = (1u16 << chunk_bits) - 1;
-        if chunk_bits < BITS_PER_BYTE {
-          entropy[entropy_idx] <<= chunk_bits;
-        }
-        entropy[entropy_idx] |=
-          u8::try_from((word_val >> word_bits) & chunk_mask).expect("chunk exceeded u8");
-        entropy_bits += chunk_bits;
-      }
-    }
-
-    let birthday = extra & DATE_MASK;
-    // extra is contained to u16, and DATE_BITS > 8
-    let features =
-      u8::try_from(extra >> DATE_BITS).expect("couldn't convert extra >> DATE_BITS to u8");
-
-    let res = Self::from_internal(lang, features, birthday, entropy);
-    if let Ok(res) = res.as_ref() {
-      debug_assert_eq!(res.checksum, checksum);
-    }
-    res
-  }
-
-  /// When this seed was created, defined in seconds since the epoch.
-  pub fn birthday(&self) -> u64 {
-    birthday_decode(self.birthday)
-  }
-
-  /// This seed's features.
-  pub fn features(&self) -> u8 {
-    self.features
-  }
-
-  /// This seed's entropy.
-  pub fn entropy(&self) -> &Zeroizing<[u8; 32]> {
-    &self.entropy
-  }
-
-  /// The key derived from this seed.
-  pub fn key(&self) -> Zeroizing<[u8; 32]> {
-    let mut key = Zeroizing::new([0; 32]);
-    pbkdf2_hmac::<Sha3_256>(
-      self.entropy.as_slice(),
-      POLYSEED_SALT,
-      POLYSEED_KEYGEN_ITERATIONS,
-      key.as_mut(),
-    );
-    key
-  }
-
-  /// The String representation of this seed.
-  pub fn to_string(&self) -> Zeroizing<String> {
-    // Encode the polynomial with the existing checksum
-    let mut poly = self.to_poly();
-    poly[0] = self.checksum;
-
-    // Embed the coin
-    poly[POLY_NUM_CHECK_DIGITS] ^= COIN;
-
-    // Output words
-    let mut seed = Zeroizing::new(String::new());
-    let words = &LANGUAGES[&self.language].words;
-    for i in 0 .. poly.len() {
-      seed.push_str(words[usize::from(poly[i])]);
-      if i < poly.len() - 1 {
-        seed.push(' ');
-      }
-    }
-
-    seed
-  }
-}

networks/monero/wallet/polyseed/src/tests.rs

@@ -1,218 +0,0 @@
-use zeroize::Zeroizing;
-use rand_core::OsRng;
-
-use crate::*;
-
-#[test]
-fn test_polyseed() {
-  struct Vector {
-    language: Language,
-    seed: String,
-    entropy: String,
-    birthday: u64,
-    has_prefix: bool,
-    has_accent: bool,
-  }
-
-  let vectors = [
-    Vector {
-      language: Language::English,
-      seed: "raven tail swear infant grief assist regular lamp \
-      duck valid someone little harsh puppy airport language"
-        .into(),
-      entropy: "dd76e7359a0ded37cd0ff0f3c829a5ae01673300000000000000000000000000".into(),
-      birthday: 1638446400,
-      has_prefix: true,
-      has_accent: false,
-    },
-    Vector {
-      language: Language::Spanish,
-      seed: "eje fin parte célebre tabú pestaña lienzo puma \
-      prisión hora regalo lengua existir lápiz lote sonoro"
-        .into(),
-      entropy: "5a2b02df7db21fcbe6ec6df137d54c7b20fd2b00000000000000000000000000".into(),
-      birthday: 3118651200,
-      has_prefix: true,
-      has_accent: true,
-    },
-    Vector {
-      language: Language::French,
-      seed: "valable arracher décaler jeudi amusant dresser mener épaissir risible \
-      prouesse réserve ampleur ajuster muter caméra enchère"
-        .into(),
-      entropy: "11cfd870324b26657342c37360c424a14a050b00000000000000000000000000".into(),
-      birthday: 1679314966,
-      has_prefix: true,
-      has_accent: true,
-    },
-    Vector {
-      language: Language::Italian,
-      seed: "caduco midollo copione meninge isotopo illogico riflesso tartaruga fermento \
-      olandese normale tristezza episodio voragine forbito achille"
-        .into(),
-      entropy: "7ecc57c9b4652d4e31428f62bec91cfd55500600000000000000000000000000".into(),
-      birthday: 1679316358,
-      has_prefix: true,
-      has_accent: false,
-    },
-    Vector {
-      language: Language::Portuguese,
-      seed: "caverna custear azedo adeus senador apertada sedoso omitir \
-      sujeito aurora videira molho cartaz gesso dentista tapar"
-        .into(),
-      entropy: "45473063711376cae38f1b3eba18c874124e1d00000000000000000000000000".into(),
-      birthday: 1679316657,
-      has_prefix: true,
-      has_accent: false,
-    },
-    Vector {
-      language: Language::Czech,
-      seed: "usmrtit nora dotaz komunita zavalit funkce mzda sotva akce \
-      vesta kabel herna stodola uvolnit ustrnout email"
-        .into(),
-      entropy: "7ac8a4efd62d9c3c4c02e350d32326df37821c00000000000000000000000000".into(),
-      birthday: 1679316898,
-      has_prefix: true,
-      has_accent: false,
-    },
-    Vector {
-      language: Language::Korean,
-      seed: "전망 선풍기 국제 무궁화 설사 기름 이론적 해안 절망 예선 \
-        지우개 보관 절망 말기 시각 귀신"
-        .into(),
-      entropy: "684663fda420298f42ed94b2c512ed38ddf12b00000000000000000000000000".into(),
-      birthday: 1679317073,
-      has_prefix: false,
-      has_accent: false,
-    },
-    Vector {
-      language: Language::Japanese,
-      seed: "うちあわせ　ちつじょ　つごう　しはい　けんこう　とおる　てみやげ　はんとし　たんとう \
-      といれ　おさない　おさえる　むかう　ぬぐう　なふだ　せまる"
-        .into(),
-      entropy: "94e6665518a6286c6e3ba508a2279eb62b771f00000000000000000000000000".into(),
-      birthday: 1679318722,
-      has_prefix: false,
-      has_accent: false,
-    },
-    Vector {
-      language: Language::ChineseTraditional,
-      seed: "亂 挖 斤 柄 代 圈 枝 轄 魯 論 函 開 勘 番 榮 壁".into(),
-      entropy: "b1594f585987ab0fd5a31da1f0d377dae5283f00000000000000000000000000".into(),
-      birthday: 1679426433,
-      has_prefix: false,
-      has_accent: false,
-    },
-    Vector {
-      language: Language::ChineseSimplified,
-      seed: "啊 百 族 府 票 划 伪 仓 叶 虾 借 溜 晨 左 等 鬼".into(),
-      entropy: "21cdd366f337b89b8d1bc1df9fe73047c22b0300000000000000000000000000".into(),
-      birthday: 1679426817,
-      has_prefix: false,
-      has_accent: false,
-    },
-    // The following seed requires the language specification in order to calculate
-    // a single valid checksum
-    Vector {
-      language: Language::Spanish,
-      seed: "impo sort usua cabi venu nobl oliv clim \
-        cont barr marc auto prod vaca torn fati"
-        .into(),
-      entropy: "dbfce25fe09b68a340e01c62417eeef43ad51800000000000000000000000000".into(),
-      birthday: 1701511650,
-      has_prefix: true,
-      has_accent: true,
-    },
-  ];
-
-  for vector in vectors {
-    let add_whitespace = |mut seed: String| {
-      seed.push(' ');
-      seed
-    };
-
-    let seed_without_accents = |seed: &str| {
-      seed
-        .split_whitespace()
-        .map(|w| w.chars().filter(char::is_ascii).collect::<String>())
-        .collect::<Vec<_>>()
-        .join(" ")
-    };
-
-    let trim_seed = |seed: &str| {
-      let seed_to_trim =
-        if vector.has_accent { seed_without_accents(seed) } else { seed.to_string() };
-      seed_to_trim
-        .split_whitespace()
-        .map(|w| {
-          let mut ascii = 0;
-          let mut to_take = w.len();
-          for (i, char) in w.chars().enumerate() {
-            if char.is_ascii() {
-              ascii += 1;
-            }
-            if ascii == PREFIX_LEN {
-              // +1 to include this character, which put us at the prefix length
-              to_take = i + 1;
-              break;
-            }
-          }
-          w.chars().take(to_take).collect::<String>()
-        })
-        .collect::<Vec<_>>()
-        .join(" ")
-    };
-
-    // String -> Seed
-    println!("{}. language: {:?}, seed: {}", line!(), vector.language, vector.seed.clone());
-    let seed = Polyseed::from_string(vector.language, Zeroizing::new(vector.seed.clone())).unwrap();
-    let trim = trim_seed(&vector.seed);
-    let add_whitespace = add_whitespace(vector.seed.clone());
-    let seed_without_accents = seed_without_accents(&vector.seed);
-
-    // Make sure a version with added whitespace still works
-    let whitespaced_seed =
-      Polyseed::from_string(vector.language, Zeroizing::new(add_whitespace)).unwrap();
-    assert_eq!(seed, whitespaced_seed);
-    // Check trimmed versions works
-    if vector.has_prefix {
-      let trimmed_seed = Polyseed::from_string(vector.language, Zeroizing::new(trim)).unwrap();
-      assert_eq!(seed, trimmed_seed);
-    }
-    // Check versions without accents work
-    if vector.has_accent {
-      let seed_without_accents =
-        Polyseed::from_string(vector.language, Zeroizing::new(seed_without_accents)).unwrap();
-      assert_eq!(seed, seed_without_accents);
-    }
-
-    let entropy = Zeroizing::new(hex::decode(vector.entropy).unwrap().try_into().unwrap());
-    assert_eq!(*seed.entropy(), entropy);
-    assert!(seed.birthday().abs_diff(vector.birthday) < TIME_STEP);
-
-    // Entropy -> Seed
-    let from_entropy = Polyseed::from(vector.language, 0, seed.birthday(), entropy).unwrap();
-    assert_eq!(seed.to_string(), from_entropy.to_string());
-
-    // Check against ourselves
-    {
-      let seed = Polyseed::new(&mut OsRng, vector.language);
-      println!("{}. seed: {}", line!(), *seed.to_string());
-      assert_eq!(seed, Polyseed::from_string(vector.language, seed.to_string()).unwrap());
-      assert_eq!(
-        seed,
-        Polyseed::from(vector.language, 0, seed.birthday(), seed.entropy().clone(),).unwrap()
-      );
-    }
-  }
-}
-
-#[test]
-fn test_invalid_polyseed() {
-  // This seed includes unsupported features bits and should error on decode
-  let seed = "include domain claim resemble urban hire lunch bird \
-    crucial fire best wife ring warm ignore model"
-    .into();
-  let res = Polyseed::from_string(Language::English, Zeroizing::new(seed));
-  assert_eq!(res, Err(PolyseedError::UnsupportedFeatures));
-}

networks/monero/wallet/seed/Cargo.toml

@@ -1,41 +0,0 @@
-[package]
-name = "monero-seed"
-version = "0.1.0"
-description = "Rust implementation of Monero's seed algorithm"
-license = "MIT"
-repository = "https://github.com/serai-dex/serai/tree/develop/networks/monero/wallet/seed"
-authors = ["Luke Parker <lukeparker5132@gmail.com>"]
-edition = "2021"
-rust-version = "1.80"
-
-[package.metadata.docs.rs]
-all-features = true
-rustdoc-args = ["--cfg", "docsrs"]
-
-[lints]
-workspace = true
-
-[dependencies]
-std-shims = { path = "../../../../common/std-shims", version = "^0.1.1", default-features = false }
-
-thiserror = { version = "1", default-features = false, optional = true }
-
-zeroize = { version = "^1.5", default-features = false, features = ["zeroize_derive"] }
-rand_core = { version = "0.6", default-features = false }
-
-curve25519-dalek = { version = "4", default-features = false, features = ["alloc", "zeroize"] }
-
-[dev-dependencies]
-hex = { version = "0.4", default-features = false, features = ["std"] }
-monero-primitives = { path = "../../primitives", default-features = false, features = ["std"] }
-
-[features]
-std = [
-  "std-shims/std",
-
-  "thiserror",
-
-  "zeroize/std",
-  "rand_core/std",
-]
-default = ["std"]

networks/monero/wallet/seed/LICENSE

@@ -1,21 +0,0 @@
-MIT License
-
-Copyright (c) 2022-2024 Luke Parker
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.

networks/monero/wallet/seed/README.md

@@ -1,11 +0,0 @@
-# Monero Seeds
-
-Rust implementation of Monero's seed algorithm.
-
-This library is usable under no-std when the `std` feature (on by default) is
-disabled.
-
-### Cargo Features
-
-- `std` (on by default): Enables `std` (and with it, more efficient internal
-  implementations).

networks/monero/wallet/seed/src/lib.rs

@@ -1,353 +0,0 @@
-#![cfg_attr(docsrs, feature(doc_auto_cfg))]
-#![doc = include_str!("../README.md")]
-#![deny(missing_docs)]
-#![cfg_attr(not(feature = "std"), no_std)]
-
-use core::{ops::Deref, fmt};
-use std_shims::{
-  sync::LazyLock,
-  vec,
-  vec::Vec,
-  string::{String, ToString},
-  collections::HashMap,
-};
-
-use zeroize::{Zeroize, Zeroizing};
-use rand_core::{RngCore, CryptoRng};
-
-use curve25519_dalek::scalar::Scalar;
-
-#[cfg(test)]
-mod tests;
-
-// The amount of words in a seed without a checksum.
-const SEED_LENGTH: usize = 24;
-// The amount of words in a seed with a checksum.
-const SEED_LENGTH_WITH_CHECKSUM: usize = 25;
-
-/// An error when working with a seed.
-#[derive(Clone, Copy, PartialEq, Eq, Debug)]
-#[cfg_attr(feature = "std", derive(thiserror::Error))]
-pub enum SeedError {
-  #[cfg_attr(feature = "std", error("invalid seed"))]
-  /// The seed was invalid.
-  InvalidSeed,
-  /// The checksum did not match the data.
-  #[cfg_attr(feature = "std", error("invalid checksum"))]
-  InvalidChecksum,
-  /// The deprecated English language option was used with a checksum.
-  ///
-  /// The deprecated English language option did not include a checksum.
-  #[cfg_attr(feature = "std", error("deprecated English language option included a checksum"))]
-  DeprecatedEnglishWithChecksum,
-}
-
-/// Language options.
-#[derive(Clone, Copy, PartialEq, Eq, Debug, Hash, Zeroize)]
-pub enum Language {
-  /// Chinese language option.
-  Chinese,
-  /// English language option.
-  English,
-  /// Dutch language option.
-  Dutch,
-  /// French language option.
-  French,
-  /// Spanish language option.
-  Spanish,
-  /// German language option.
-  German,
-  /// Italian language option.
-  Italian,
-  /// Portuguese language option.
-  Portuguese,
-  /// Japanese language option.
-  Japanese,
-  /// Russian language option.
-  Russian,
-  /// Esperanto language option.
-  Esperanto,
-  /// Lojban language option.
-  Lojban,
-  /// The original, and deprecated, English language.
-  DeprecatedEnglish,
-}
-
-fn trim(word: &str, len: usize) -> Zeroizing<String> {
-  Zeroizing::new(word.chars().take(len).collect())
-}
-
-struct WordList {
-  word_list: &'static [&'static str],
-  word_map: HashMap<&'static str, usize>,
-  trimmed_word_map: HashMap<String, usize>,
-  unique_prefix_length: usize,
-}
-
-impl WordList {
-  fn new(word_list: &'static [&'static str], prefix_length: usize) -> WordList {
-    let mut lang = WordList {
-      word_list,
-      word_map: HashMap::new(),
-      trimmed_word_map: HashMap::new(),
-      unique_prefix_length: prefix_length,
-    };
-
-    for (i, word) in lang.word_list.iter().enumerate() {
-      lang.word_map.insert(word, i);
-      lang.trimmed_word_map.insert(trim(word, lang.unique_prefix_length).deref().clone(), i);
-    }
-
-    lang
-  }
-}
-
-static LANGUAGES: LazyLock<HashMap<Language, WordList>> = LazyLock::new(|| {
-  HashMap::from([
-    (Language::Chinese, WordList::new(include!("./words/zh.rs"), 1)),
-    (Language::English, WordList::new(include!("./words/en.rs"), 3)),
-    (Language::Dutch, WordList::new(include!("./words/nl.rs"), 4)),
-    (Language::French, WordList::new(include!("./words/fr.rs"), 4)),
-    (Language::Spanish, WordList::new(include!("./words/es.rs"), 4)),
-    (Language::German, WordList::new(include!("./words/de.rs"), 4)),
-    (Language::Italian, WordList::new(include!("./words/it.rs"), 4)),
-    (Language::Portuguese, WordList::new(include!("./words/pt.rs"), 4)),
-    (Language::Japanese, WordList::new(include!("./words/ja.rs"), 3)),
-    (Language::Russian, WordList::new(include!("./words/ru.rs"), 4)),
-    (Language::Esperanto, WordList::new(include!("./words/eo.rs"), 4)),
-    (Language::Lojban, WordList::new(include!("./words/jbo.rs"), 4)),
-    (Language::DeprecatedEnglish, WordList::new(include!("./words/ang.rs"), 4)),
-  ])
-});
-
-fn checksum_index(words: &[Zeroizing<String>], lang: &WordList) -> usize {
-  let mut trimmed_words = Zeroizing::new(String::new());
-  for w in words {
-    *trimmed_words += &trim(w, lang.unique_prefix_length);
-  }
-
-  const fn crc32_table() -> [u32; 256] {
-    let poly = 0xedb88320u32;
-
-    let mut res = [0; 256];
-    let mut i = 0;
-    while i < 256 {
-      let mut entry = i;
-      let mut b = 0;
-      while b < 8 {
-        let trigger = entry & 1;
-        entry >>= 1;
-        if trigger == 1 {
-          entry ^= poly;
-        }
-        b += 1;
-      }
-      res[i as usize] = entry;
-      i += 1;
-    }
-
-    res
-  }
-  const CRC32_TABLE: [u32; 256] = crc32_table();
-
-  let trimmed_words = trimmed_words.as_bytes();
-  let mut checksum = u32::MAX;
-  for i in 0 .. trimmed_words.len() {
-    checksum = CRC32_TABLE[usize::from(u8::try_from(checksum % 256).unwrap() ^ trimmed_words[i])] ^
-      (checksum >> 8);
-  }
-
-  usize::try_from(!checksum).unwrap() % words.len()
-}
-
-// Convert a private key to a seed
-#[allow(clippy::needless_pass_by_value)]
-fn key_to_seed(lang: Language, key: Zeroizing<Scalar>) -> Seed {
-  let bytes = Zeroizing::new(key.to_bytes());
-
-  // get the language words
-  let words = &LANGUAGES[&lang].word_list;
-  let list_len = u64::try_from(words.len()).unwrap();
-
-  // To store the found words & add the checksum word later.
-  let mut seed = Vec::with_capacity(25);
-
-  // convert to words
-  // 4 bytes -> 3 words. 8 digits base 16 -> 3 digits base 1626
-  let mut segment = [0; 4];
-  let mut indices = [0; 4];
-  for i in 0 .. 8 {
-    // convert first 4 byte to u32 & get the word indices
-    let start = i * 4;
-    // convert 4 byte to u32
-    segment.copy_from_slice(&bytes[start .. (start + 4)]);
-    // Actually convert to a u64 so we can add without overflowing
-    indices[0] = u64::from(u32::from_le_bytes(segment));
-    indices[1] = indices[0];
-    indices[0] /= list_len;
-    indices[2] = indices[0] + indices[1];
-    indices[0] /= list_len;
-    indices[3] = indices[0] + indices[2];
-
-    // append words to seed
-    for i in indices.iter().skip(1) {
-      let word = usize::try_from(i % list_len).unwrap();
-      seed.push(Zeroizing::new(words[word].to_string()));
-    }
-  }
-  segment.zeroize();
-  indices.zeroize();
-
-  // create a checksum word for all languages except old english
-  if lang != Language::DeprecatedEnglish {
-    let checksum = seed[checksum_index(&seed, &LANGUAGES[&lang])].clone();
-    seed.push(checksum);
-  }
-
-  let mut res = Zeroizing::new(String::new());
-  for (i, word) in seed.iter().enumerate() {
-    if i != 0 {
-      *res += " ";
-    }
-    *res += word;
-  }
-  Seed(lang, res)
-}
-
-// Convert a seed to bytes
-fn seed_to_bytes(lang: Language, words: &str) -> Result<Zeroizing<[u8; 32]>, SeedError> {
-  // get seed words
-  let words = words.split_whitespace().map(|w| Zeroizing::new(w.to_string())).collect::<Vec<_>>();
-  if (words.len() != SEED_LENGTH) && (words.len() != SEED_LENGTH_WITH_CHECKSUM) {
-    panic!("invalid seed passed to seed_to_bytes");
-  }
-
-  let has_checksum = words.len() == SEED_LENGTH_WITH_CHECKSUM;
-  if has_checksum && lang == Language::DeprecatedEnglish {
-    Err(SeedError::DeprecatedEnglishWithChecksum)?;
-  }
-
-  // Validate words are in the language word list
-  let lang_word_list: &WordList = &LANGUAGES[&lang];
-  let matched_indices = (|| {
-    let has_checksum = words.len() == SEED_LENGTH_WITH_CHECKSUM;
-    let mut matched_indices = Zeroizing::new(vec![]);
-
-    // Iterate through all the words and see if they're all present
-    for word in &words {
-      let trimmed = trim(word, lang_word_list.unique_prefix_length);
-      let word = if has_checksum { &trimmed } else { word };
-
-      if let Some(index) = if has_checksum {
-        lang_word_list.trimmed_word_map.get(word.deref())
-      } else {
-        lang_word_list.word_map.get(&word.as_str())
-      } {
-        matched_indices.push(*index);
-      } else {
-        Err(SeedError::InvalidSeed)?;
-      }
-    }
-
-    if has_checksum {
-      // exclude the last word when calculating a checksum.
-      let last_word = words.last().unwrap().clone();
-      let checksum = words[checksum_index(&words[.. words.len() - 1], lang_word_list)].clone();
-
-      // check the trimmed checksum and trimmed last word line up
-      if trim(&checksum, lang_word_list.unique_prefix_length) !=
-        trim(&last_word, lang_word_list.unique_prefix_length)
-      {
-        Err(SeedError::InvalidChecksum)?;
-      }
-    }
-
-    Ok(matched_indices)
-  })()?;
-
-  // convert to bytes
-  let mut res = Zeroizing::new([0; 32]);
-  let mut indices = Zeroizing::new([0; 4]);
-  for i in 0 .. 8 {
-    // read 3 indices at a time
-    let i3 = i * 3;
-    indices[1] = matched_indices[i3];
-    indices[2] = matched_indices[i3 + 1];
-    indices[3] = matched_indices[i3 + 2];
-
-    let inner = |i| {
-      let mut base = (lang_word_list.word_list.len() - indices[i] + indices[i + 1]) %
-        lang_word_list.word_list.len();
-      // Shift the index over
-      for _ in 0 .. i {
-        base *= lang_word_list.word_list.len();
-      }
-      base
-    };
-    // set the last index
-    indices[0] = indices[1] + inner(1) + inner(2);
-    if (indices[0] % lang_word_list.word_list.len()) != indices[1] {
-      Err(SeedError::InvalidSeed)?;
-    }
-
-    let pos = i * 4;
-    let mut bytes = u32::try_from(indices[0]).unwrap().to_le_bytes();
-    res[pos .. (pos + 4)].copy_from_slice(&bytes);
-    bytes.zeroize();
-  }
-
-  Ok(res)
-}
-
-/// A Monero seed.
-#[derive(Clone, PartialEq, Eq, Zeroize)]
-pub struct Seed(Language, Zeroizing<String>);
-
-impl fmt::Debug for Seed {
-  fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
-    f.debug_struct("Seed").finish_non_exhaustive()
-  }
-}
-
-impl Seed {
-  /// Create a new seed.
-  pub fn new<R: RngCore + CryptoRng>(rng: &mut R, lang: Language) -> Seed {
-    let mut scalar_bytes = Zeroizing::new([0; 64]);
-    rng.fill_bytes(scalar_bytes.as_mut());
-    key_to_seed(lang, Zeroizing::new(Scalar::from_bytes_mod_order_wide(scalar_bytes.deref())))
-  }
-
-  /// Parse a seed from a string.
-  #[allow(clippy::needless_pass_by_value)]
-  pub fn from_string(lang: Language, words: Zeroizing<String>) -> Result<Seed, SeedError> {
-    let entropy = seed_to_bytes(lang, &words)?;
-
-    // Make sure this is a valid scalar
-    let scalar = Scalar::from_canonical_bytes(*entropy);
-    if scalar.is_none().into() {
-      Err(SeedError::InvalidSeed)?;
-    }
-    let mut scalar = scalar.unwrap();
-    scalar.zeroize();
-
-    // Call from_entropy so a trimmed seed becomes a full seed
-    Ok(Self::from_entropy(lang, entropy).unwrap())
-  }
-
-  /// Create a seed from entropy.
-  #[allow(clippy::needless_pass_by_value)]
-  pub fn from_entropy(lang: Language, entropy: Zeroizing<[u8; 32]>) -> Option<Seed> {
-    Option::from(Scalar::from_canonical_bytes(*entropy))
-      .map(|scalar| key_to_seed(lang, Zeroizing::new(scalar)))
-  }
-
-  /// Convert a seed to a string.
-  pub fn to_string(&self) -> Zeroizing<String> {
-    self.1.clone()
-  }
-
-  /// Return the entropy underlying this seed.
-  pub fn entropy(&self) -> Zeroizing<[u8; 32]> {
-    seed_to_bytes(self.0, &self.1).unwrap()
-  }
-}

networks/monero/wallet/seed/src/tests.rs

@@ -1,234 +0,0 @@
-use zeroize::Zeroizing;
-use rand_core::OsRng;
-
-use curve25519_dalek::scalar::Scalar;
-
-use monero_primitives::keccak256;
-
-use crate::*;
-
-#[test]
-fn test_original_seed() {
-  struct Vector {
-    language: Language,
-    seed: String,
-    spend: String,
-    view: String,
-  }
-
-  let vectors = [
-    Vector {
-      language: Language::Chinese,
-      seed: "摇 曲 艺 武 滴 然 效 似 赏 式 祥 歌 买 疑 小 碧 堆 博 键 房 鲜 悲 付 喷 武".into(),
-      spend: "a5e4fff1706ef9212993a69f246f5c95ad6d84371692d63e9bb0ea112a58340d".into(),
-      view: "1176c43ce541477ea2f3ef0b49b25112b084e26b8a843e1304ac4677b74cdf02".into(),
-    },
-    Vector {
-      language: Language::English,
-      seed: "washing thirsty occur lectures tuesday fainted toxic adapt \
-               abnormal memoir nylon mostly building shrugged online ember northern \
-               ruby woes dauntless boil family illness inroads northern"
-        .into(),
-      spend: "c0af65c0dd837e666b9d0dfed62745f4df35aed7ea619b2798a709f0fe545403".into(),
-      view: "513ba91c538a5a9069e0094de90e927c0cd147fa10428ce3ac1afd49f63e3b01".into(),
-    },
-    Vector {
-      language: Language::Dutch,
-      seed: "setwinst riphagen vimmetje extase blief tuitelig fuiven meifeest \
-               ponywagen zesmaal ripdeal matverf codetaal leut ivoor rotten \
-               wisgerhof winzucht typograaf atrium rein zilt traktaat verzaagd setwinst"
-        .into(),
-      spend: "e2d2873085c447c2bc7664222ac8f7d240df3aeac137f5ff2022eaa629e5b10a".into(),
-      view: "eac30b69477e3f68093d131c7fd961564458401b07f8c87ff8f6030c1a0c7301".into(),
-    },
-    Vector {
-      language: Language::French,
-      seed: "poids vaseux tarte bazar poivre effet entier nuance \
-               sensuel ennui pacte osselet poudre battre alibi mouton \
-               stade paquet pliage gibier type question position projet pliage"
-        .into(),
-      spend: "2dd39ff1a4628a94b5c2ec3e42fb3dfe15c2b2f010154dc3b3de6791e805b904".into(),
-      view: "6725b32230400a1032f31d622b44c3a227f88258939b14a7c72e00939e7bdf0e".into(),
-    },
-    Vector {
-      language: Language::Spanish,
-      seed: "minero ocupar mirar evadir octubre cal logro miope \
-               opaco disco ancla litio clase cuello nasal clase \
-               fiar avance deseo mente grumo negro cordón croqueta clase"
-        .into(),
-      spend: "ae2c9bebdddac067d73ec0180147fc92bdf9ac7337f1bcafbbe57dd13558eb02".into(),
-      view: "18deafb34d55b7a43cae2c1c1c206a3c80c12cc9d1f84640b484b95b7fec3e05".into(),
-    },
-    Vector {
-      language: Language::German,
-      seed: "Kaliber Gabelung Tapir Liveband Favorit Specht Enklave Nabel \
-               Jupiter Foliant Chronik nisten löten Vase Aussage Rekord \
-               Yeti Gesetz Eleganz Alraune Künstler Almweide Jahr Kastanie Almweide"
-        .into(),
-      spend: "79801b7a1b9796856e2397d862a113862e1fdc289a205e79d8d70995b276db06".into(),
-      view: "99f0ec556643bd9c038a4ed86edcb9c6c16032c4622ed2e000299d527a792701".into(),
-    },
-    Vector {
-      language: Language::Italian,
-      seed: "cavo pancetta auto fulmine alleanza filmato diavolo prato \
-               forzare meritare litigare lezione segreto evasione votare buio \
-               licenza cliente dorso natale crescere vento tutelare vetta evasione"
-        .into(),
-      spend: "5e7fd774eb00fa5877e2a8b4dc9c7ffe111008a3891220b56a6e49ac816d650a".into(),
-      view: "698a1dce6018aef5516e82ca0cb3e3ec7778d17dfb41a137567bfa2e55e63a03".into(),
-    },
-    Vector {
-      language: Language::Portuguese,
-      seed: "agito eventualidade onus itrio holograma sodomizar objetos dobro \
-               iugoslavo bcrepuscular odalisca abjeto iuane darwinista eczema acetona \
-               cibernetico hoquei gleba driver buffer azoto megera nogueira agito"
-        .into(),
-      spend: "13b3115f37e35c6aa1db97428b897e584698670c1b27854568d678e729200c0f".into(),
-      view: "ad1b4fd35270f5f36c4da7166672b347e75c3f4d41346ec2a06d1d0193632801".into(),
-    },
-    Vector {
-      language: Language::Japanese,
-      seed: "ぜんぶ どうぐ おたがい せんきょ おうじ そんちょう じゅしん いろえんぴつ \
-               かほう つかれる えらぶ にちじょう くのう にちようび ぬまえび さんきゃく \
-               おおや ちぬき うすめる いがく せつでん さうな すいえい せつだん おおや"
-        .into(),
-      spend: "c56e895cdb13007eda8399222974cdbab493640663804b93cbef3d8c3df80b0b".into(),
-      view: "6c3634a313ec2ee979d565c33888fd7c3502d696ce0134a8bc1a2698c7f2c508".into(),
-    },
-    Vector {
-      language: Language::Russian,
-      seed: "шатер икра нация ехать получать инерция доза реальный \
-               рыжий таможня лопата душа веселый клетка атлас лекция \
-               обгонять паек наивный лыжный дурак стать ежик задача паек"
-        .into(),
-      spend: "7cb5492df5eb2db4c84af20766391cd3e3662ab1a241c70fc881f3d02c381f05".into(),
-      view: "fcd53e41ec0df995ab43927f7c44bc3359c93523d5009fb3f5ba87431d545a03".into(),
-    },
-    Vector {
-      language: Language::Esperanto,
-      seed: "ukazo klini peco etikedo fabriko imitado onklino urino \
-               pudro incidento kumuluso ikono smirgi hirundo uretro krii \
-               sparkado super speciala pupo alpinisto cvana vokegi zombio fabriko"
-        .into(),
-      spend: "82ebf0336d3b152701964ed41df6b6e9a035e57fc98b84039ed0bd4611c58904".into(),
-      view: "cd4d120e1ea34360af528f6a3e6156063312d9cefc9aa6b5218d366c0ed6a201".into(),
-    },
-    Vector {
-      language: Language::Lojban,
-      seed: "jetnu vensa julne xrotu xamsi julne cutci dakli \
-               mlatu xedja muvgau palpi xindo sfubu ciste cinri \
-               blabi darno dembi janli blabi fenki bukpu burcu blabi"
-        .into(),
-      spend: "e4f8c6819ab6cf792cebb858caabac9307fd646901d72123e0367ebc0a79c200".into(),
-      view: "c806ce62bafaa7b2d597f1a1e2dbe4a2f96bfd804bf6f8420fc7f4a6bd700c00".into(),
-    },
-    Vector {
-      language: Language::DeprecatedEnglish,
-      seed: "glorious especially puff son moment add youth nowhere \
-               throw glide grip wrong rhythm consume very swear \
-               bitter heavy eventually begin reason flirt type unable"
-        .into(),
-      spend: "647f4765b66b636ff07170ab6280a9a6804dfbaf19db2ad37d23be024a18730b".into(),
-      view: "045da65316a906a8c30046053119c18020b07a7a3a6ef5c01ab2a8755416bd02".into(),
-    },
-    // The following seeds require the language specification in order to calculate
-    // a single valid checksum
-    Vector {
-      language: Language::Spanish,
-      seed: "pluma laico atraer pintor peor cerca balde buscar \
-               lancha batir nulo reloj resto gemelo nevera poder columna gol \
-               oveja latir amplio bolero feliz fuerza nevera"
-        .into(),
-      spend: "30303983fc8d215dd020cc6b8223793318d55c466a86e4390954f373fdc7200a".into(),
-      view: "97c649143f3c147ba59aa5506cc09c7992c5c219bb26964442142bf97980800e".into(),
-    },
-    Vector {
-      language: Language::Spanish,
-      seed: "pluma pluma pluma pluma pluma pluma pluma pluma \
-               pluma pluma pluma pluma pluma pluma pluma pluma \
-               pluma pluma pluma pluma pluma pluma pluma pluma pluma"
-        .into(),
-      spend: "b4050000b4050000b4050000b4050000b4050000b4050000b4050000b4050000".into(),
-      view: "d73534f7912b395eb70ef911791a2814eb6df7ce56528eaaa83ff2b72d9f5e0f".into(),
-    },
-    Vector {
-      language: Language::English,
-      seed: "plus plus plus plus plus plus plus plus \
-               plus plus plus plus plus plus plus plus \
-               plus plus plus plus plus plus plus plus plus"
-        .into(),
-      spend: "3b0400003b0400003b0400003b0400003b0400003b0400003b0400003b040000".into(),
-      view: "43a8a7715eed11eff145a2024ddcc39740255156da7bbd736ee66a0838053a02".into(),
-    },
-    Vector {
-      language: Language::Spanish,
-      seed: "audio audio audio audio audio audio audio audio \
-               audio audio audio audio audio audio audio audio \
-               audio audio audio audio audio audio audio audio audio"
-        .into(),
-      spend: "ba000000ba000000ba000000ba000000ba000000ba000000ba000000ba000000".into(),
-      view: "1437256da2c85d029b293d8c6b1d625d9374969301869b12f37186e3f906c708".into(),
-    },
-    Vector {
-      language: Language::English,
-      seed: "audio audio audio audio audio audio audio audio \
-               audio audio audio audio audio audio audio audio \
-               audio audio audio audio audio audio audio audio audio"
-        .into(),
-      spend: "7900000079000000790000007900000079000000790000007900000079000000".into(),
-      view: "20bec797ab96780ae6a045dd816676ca7ed1d7c6773f7022d03ad234b581d600".into(),
-    },
-  ];
-
-  for vector in vectors {
-    fn trim_by_lang(word: &str, lang: Language) -> String {
-      if lang != Language::DeprecatedEnglish {
-        word.chars().take(LANGUAGES[&lang].unique_prefix_length).collect()
-      } else {
-        word.to_string()
-      }
-    }
-
-    let trim_seed = |seed: &str| {
-      seed
-        .split_whitespace()
-        .map(|word| trim_by_lang(word, vector.language))
-        .collect::<Vec<_>>()
-        .join(" ")
-    };
-
-    // Test against Monero
-    {
-      println!("{}. language: {:?}, seed: {}", line!(), vector.language, vector.seed.clone());
-      let seed = Seed::from_string(vector.language, Zeroizing::new(vector.seed.clone())).unwrap();
-      let trim = trim_seed(&vector.seed);
-      assert_eq!(seed, Seed::from_string(vector.language, Zeroizing::new(trim)).unwrap());
-
-      let spend: [u8; 32] = hex::decode(vector.spend).unwrap().try_into().unwrap();
-      // For originalal seeds, Monero directly uses the entropy as a spend key
-      assert_eq!(
-        Option::<Scalar>::from(Scalar::from_canonical_bytes(*seed.entropy())),
-        Option::<Scalar>::from(Scalar::from_canonical_bytes(spend)),
-      );
-
-      let view: [u8; 32] = hex::decode(vector.view).unwrap().try_into().unwrap();
-      // Monero then derives the view key as H(spend)
-      assert_eq!(
-        Scalar::from_bytes_mod_order(keccak256(spend)),
-        Scalar::from_canonical_bytes(view).unwrap()
-      );
-
-      assert_eq!(Seed::from_entropy(vector.language, Zeroizing::new(spend)).unwrap(), seed);
-    }
-
-    // Test against ourselves
-    {
-      let seed = Seed::new(&mut OsRng, vector.language);
-      println!("{}. seed: {}", line!(), *seed.to_string());
-      let trim = trim_seed(&seed.to_string());
-      assert_eq!(seed, Seed::from_string(vector.language, Zeroizing::new(trim)).unwrap());
-      assert_eq!(seed, Seed::from_entropy(vector.language, seed.entropy()).unwrap());
-      assert_eq!(seed, Seed::from_string(vector.language, seed.to_string()).unwrap());
-    }
-  }
-}

networks/monero/wallet/src/extra.rs

@@ -302,7 +302,8 @@ impl Extra {
     // `fill_buf` returns the current buffer, filled if empty, only empty if the reader is
     // exhausted
     while !r.fill_buf()?.is_empty() {
-      res.0.push(ExtraField::read(r)?);
+      let Ok(field) = ExtraField::read(r) else { break };
+      res.0.push(field);
     }
     Ok(res)
   }

networks/monero/wallet/src/lib.rs

@@ -33,7 +33,7 @@ pub(crate) mod output;
 pub use output::WalletOutput;
 
 mod scan;
-pub use scan::{ScanError, Scanner, GuaranteedScanner};
+pub use scan::{Timelocked, ScanError, Scanner, GuaranteedScanner};
 
 mod decoys;
 pub use decoys::OutputWithDecoys;

networks/monero/wallet/src/scan.rs

@@ -41,9 +41,9 @@ impl Timelocked {
   ///
   /// `block` is the block number of the block the additional timelock must be satsified by.
   ///
-  /// `time` is represented in seconds since the epoch. Please note Monero uses an on-chain
-  /// deterministic clock for time which is subject to variance from the real world time. This time
-  /// argument will be evaluated against Monero's clock, not the local system's clock.
+  /// `time` is represented in seconds since the epoch and is in terms of Monero's on-chain clock.
+  /// That means outputs whose additional timelocks are statisfied by `Instant::now()` (the time
+  /// according to the local system clock) may still be locked due to variance with Monero's clock.
   #[must_use]
   pub fn additional_timelock_satisfied_by(self, block: usize, time: u64) -> Vec<WalletOutput> {
     let mut res = vec![];

networks/monero/wallet/src/send/mod.rs

@@ -29,6 +29,7 @@ use crate::{
 };
 
 mod tx_keys;
+pub use tx_keys::TransactionKeys;
 mod tx;
 mod eventuality;
 pub use eventuality::Eventuality;
@@ -100,10 +101,11 @@ impl Change {
   ///
   /// 1) The change in the TX is shunted to the fee (making it fingerprintable).
   ///
-  /// 2) If there are two outputs in the TX, Monero would create a payment ID for the non-change
-  ///    output so an observer can't tell apart TXs with a payment ID from TXs without a payment
-  ///    ID. monero-wallet will simply not create a payment ID in this case, revealing it's a
-  ///    monero-wallet TX without change.
+  /// 2) In two-output transactions, where the payment address doesn't have a payment ID, wallet2
+  ///    includes an encrypted dummy payment ID for the non-change output in order to not allow
+  ///    differentiating if transactions send to addresses with payment IDs or not. monero-wallet
+  ///    includes a dummy payment ID which at least one recipient will identify as not the expected
+  ///    dummy payment ID, revealing to the recipient(s) the sender is using non-wallet2 software.
   pub fn fingerprintable(address: Option<MoneroAddress>) -> Change {
     if let Some(address) = address {
       Change(Some(ChangeEnum::AddressOnly(address)))

networks/monero/wallet/src/send/tx.rs

@@ -76,10 +76,18 @@ impl SignableTransaction {
       PaymentId::Encrypted(id).write(&mut id_vec).unwrap();
       extra.push_nonce(id_vec);
     } else {
-      // If there's no payment ID, we push a dummy (as wallet2 does) if there's only one payment
-      if (self.payments.len() == 2) &&
-        self.payments.iter().any(|payment| matches!(payment, InternalPayment::Change(_)))
-      {
+      /*
+        If there's no payment ID, we push a dummy (as wallet2 does) to the first payment.
+
+        This does cause a random payment ID for the other recipient (a documented fingerprint).
+        Functionally, random payment IDs should be fine as wallet2 will trigger this same behavior
+        (a random payment ID being seen by the recipient) with a batch send if one of the recipient
+        addresses has a payment ID.
+
+        The alternative would be to not include any payment ID, fingerprinting to the entire
+        blockchain this is non-standard wallet software (instead of just a single recipient).
+      */
+      if self.payments.len() == 2 {
         let (_, payment_id_xor) = self
           .payments
           .iter()

networks/monero/wallet/src/send/tx_keys.rs

@@ -1,7 +1,7 @@
 use core::ops::Deref;
 use std_shims::{vec, vec::Vec};
 
-use zeroize::Zeroizing;
+use zeroize::{Zeroize, Zeroizing};
 
 use rand_core::SeedableRng;
 use rand_chacha::ChaCha20Rng;
@@ -15,28 +15,61 @@ use crate::{
   send::{ChangeEnum, InternalPayment, SignableTransaction, key_image_sort},
 };
 
+fn seeded_rng(
+  dst: &'static [u8],
+  outgoing_view_key: &[u8; 32],
+  mut input_keys: Vec<EdwardsPoint>,
+) -> ChaCha20Rng {
+  // Apply the DST
+  let mut transcript = Zeroizing::new(vec![u8::try_from(dst.len()).unwrap()]);
+  transcript.extend(dst);
+
+  // Bind to the outgoing view key to prevent foreign entities from rebuilding the transcript
+  transcript.extend(outgoing_view_key);
+
+  // We sort the inputs here to ensure a consistent order
+  // We use the key image sort as it's applicable and well-defined, not because these are key
+  // images
+  input_keys.sort_by(key_image_sort);
+
+  // Ensure uniqueness across transactions by binding to a use-once object
+  // The keys for the inputs is binding to their key images, making them use-once
+  for key in input_keys {
+    transcript.extend(key.compress().to_bytes());
+  }
+
+  let res = ChaCha20Rng::from_seed(keccak256(&transcript));
+  transcript.zeroize();
+  res
+}
+
+/// An iterator yielding an endless amount of ephemeral keys to use within a transaction.
+///
+/// This is used when sending and can be used after sending to re-derive the keys used, as
+/// necessary for payment proofs.
+pub struct TransactionKeys(ChaCha20Rng);
+impl TransactionKeys {
+  /// Construct a new `TransactionKeys`.
+  ///
+  /// `input_keys` is the list of keys from the outputs spent within this transaction.
+  pub fn new(outgoing_view_key: &Zeroizing<[u8; 32]>, input_keys: Vec<EdwardsPoint>) -> Self {
+    Self(seeded_rng(b"transaction_keys", outgoing_view_key, input_keys))
+  }
+}
+impl Iterator for TransactionKeys {
+  type Item = Zeroizing<Scalar>;
+  fn next(&mut self) -> Option<Self::Item> {
+    Some(Zeroizing::new(Scalar::random(&mut self.0)))
+  }
+}
+
 impl SignableTransaction {
+  fn input_keys(&self) -> Vec<EdwardsPoint> {
+    self.inputs.iter().map(OutputWithDecoys::key).collect()
+  }
+
   pub(crate) fn seeded_rng(&self, dst: &'static [u8]) -> ChaCha20Rng {
-    // Apply the DST
-    let mut transcript = Zeroizing::new(vec![u8::try_from(dst.len()).unwrap()]);
-    transcript.extend(dst);
-
-    // Bind to the outgoing view key to prevent foreign entities from rebuilding the transcript
-    transcript.extend(self.outgoing_view_key.as_slice());
-
-    // Ensure uniqueness across transactions by binding to a use-once object
-    // The keys for the inputs is binding to their key images, making them use-once
-    let mut input_keys = self.inputs.iter().map(OutputWithDecoys::key).collect::<Vec<_>>();
-    // We sort the inputs mid-way through TX construction, so apply our own sort to ensure a
-    // consistent order
-    // We use the key image sort as it's applicable and well-defined, not because these are key
-    // images
-    input_keys.sort_by(key_image_sort);
-    for key in input_keys {
-      transcript.extend(key.compress().to_bytes());
-    }
-
-    ChaCha20Rng::from_seed(keccak256(&transcript))
+    seeded_rng(dst, &self.outgoing_view_key, self.input_keys())
   }
 
   fn has_payments_to_subaddresses(&self) -> bool {
@@ -81,14 +114,14 @@ impl SignableTransaction {
 
   // Calculate the transaction keys used as randomness.
   fn transaction_keys(&self) -> (Zeroizing<Scalar>, Vec<Zeroizing<Scalar>>) {
-    let mut rng = self.seeded_rng(b"transaction_keys");
+    let mut tx_keys = TransactionKeys::new(&self.outgoing_view_key, self.input_keys());
 
-    let tx_key = Zeroizing::new(Scalar::random(&mut rng));
+    let tx_key = tx_keys.next().unwrap();
 
     let mut additional_keys = vec![];
     if self.should_use_additional_keys() {
       for _ in 0 .. self.payments.len() {
-        additional_keys.push(Zeroizing::new(Scalar::random(&mut rng)));
+        additional_keys.push(tx_keys.next().unwrap());
       }
     }
     (tx_key, additional_keys)

networks/monero/wallet/src/tests/extra.rs

@@ -8,7 +8,7 @@ use crate::{
 // Tests derived from
 // https://github.com/monero-project/monero/blob/ac02af92867590ca80b2779a7bbeafa99ff94dcb/
 //   tests/unit_tests/test_tx_utils.cpp
-// which is licensed
+// which is licensed as follows:
 #[rustfmt::skip]
 /*
 Copyright (c) 2014-2022, The Monero Project
@@ -105,13 +105,15 @@ fn padding_only_max_size() {
 #[test]
 fn padding_only_exceed_max_size() {
   let buf: Vec<u8> = vec![0; MAX_TX_EXTRA_PADDING_COUNT + 1];
-  Extra::read::<&[u8]>(&mut buf.as_ref()).unwrap_err();
+  let extra = Extra::read::<&[u8]>(&mut buf.as_ref()).unwrap();
+  assert!(extra.0.is_empty());
 }
 
 #[test]
 fn invalid_padding_only() {
   let buf: Vec<u8> = vec![0, 42];
-  Extra::read::<&[u8]>(&mut buf.as_ref()).unwrap_err();
+  let extra = Extra::read::<&[u8]>(&mut buf.as_ref()).unwrap();
+  assert!(extra.0.is_empty());
 }
 
 #[test]
@@ -135,7 +137,8 @@ fn extra_nonce_only_wrong_size() {
   let mut buf: Vec<u8> = vec![0; 20];
   buf[0] = 2;
   buf[1] = 255;
-  Extra::read::<&[u8]>(&mut buf.as_ref()).unwrap_err();
+  let extra = Extra::read::<&[u8]>(&mut buf.as_ref()).unwrap();
+  assert!(extra.0.is_empty());
 }
 
 #[test]
@@ -155,7 +158,8 @@ fn pub_key_and_padding() {
 fn pub_key_and_invalid_padding() {
   let mut buf: Vec<u8> = PUB_KEY_BYTES.to_vec();
   buf.extend([0, 1]);
-  Extra::read::<&[u8]>(&mut buf.as_ref()).unwrap_err();
+  let extra = Extra::read::<&[u8]>(&mut buf.as_ref()).unwrap();
+  assert_eq!(extra.0, vec![ExtraField::PublicKey(pub_key())]);
 }
 
 #[test]
@@ -181,7 +185,8 @@ fn extra_mysterious_minergate_only_wrong_size() {
   let mut buf: Vec<u8> = vec![0; 20];
   buf[0] = 222;
   buf[1] = 255;
-  Extra::read::<&[u8]>(&mut buf.as_ref()).unwrap_err();
+  let extra = Extra::read::<&[u8]>(&mut buf.as_ref()).unwrap();
+  assert!(extra.0.is_empty());
 }
 
 #[test]

networks/monero/wallet/util/Cargo.toml

@@ -1,51 +0,0 @@
-[package]
-name = "monero-wallet-util"
-version = "0.1.0"
-description = "Additional utility functions for monero-wallet"
-license = "MIT"
-repository = "https://github.com/serai-dex/serai/tree/develop/networks/monero/wallet/util"
-authors = ["Luke Parker <lukeparker5132@gmail.com>"]
-edition = "2021"
-rust-version = "1.80"
-
-[package.metadata.docs.rs]
-all-features = true
-rustdoc-args = ["--cfg", "docsrs"]
-
-[lints]
-workspace = true
-
-[dependencies]
-std-shims = { path = "../../../../common/std-shims", version = "^0.1.1", default-features = false }
-
-thiserror = { version = "1", default-features = false, optional = true }
-
-zeroize = { version = "^1.5", default-features = false, features = ["zeroize_derive"] }
-rand_core = { version = "0.6", default-features = false }
-
-monero-wallet = { path = "..", default-features = false }
-
-monero-seed = { path = "../seed", default-features = false }
-polyseed = { path = "../polyseed", default-features = false }
-
-[dev-dependencies]
-hex = { version = "0.4", default-features = false, features = ["std"] }
-curve25519-dalek = { version = "4", default-features = false, features = ["alloc", "zeroize"] }
-
-[features]
-std = [
-  "std-shims/std",
-
-  "thiserror",
-
-  "zeroize/std",
-  "rand_core/std",
-
-  "monero-wallet/std",
-
-  "monero-seed/std",
-  "polyseed/std",
-]
-compile-time-generators = ["monero-wallet/compile-time-generators"]
-multisig = ["monero-wallet/multisig", "std"]
-default = ["std", "compile-time-generators"]

networks/monero/wallet/util/LICENSE

@@ -1,21 +0,0 @@
-MIT License
-
-Copyright (c) 2022-2024 Luke Parker
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.

networks/monero/wallet/util/README.md

@@ -1,25 +0,0 @@
-# Monero Wallet Utilities
-
-Additional utility functions for monero-wallet.
-
-This library is isolated as it adds a notable amount of dependencies to the
-tree, and to be a subject to a distinct versioning policy. This library may
-more frequently undergo breaking API changes.
-
-This library is usable under no-std when the `std` feature (on by default) is
-disabled.
-
-### Features
-
-- Support for Monero's seed algorithm
-- Support for Polyseed
-
-### Cargo Features
-
-- `std` (on by default): Enables `std` (and with it, more efficient internal
-  implementations).
-- `compile-time-generators` (on by default): Derives the generators at
-  compile-time so they don't need to be derived at runtime. This is recommended
-  if program size doesn't need to be kept minimal.
-- `multisig`: Adds support for creation of transactions using a threshold
-  multisignature wallet.

networks/monero/wallet/util/src/lib.rs

@@ -1,9 +0,0 @@
-#![cfg_attr(docsrs, feature(doc_auto_cfg))]
-#![doc = include_str!("../README.md")]
-#![deny(missing_docs)]
-#![cfg_attr(not(feature = "std"), no_std)]
-
-pub use monero_wallet::*;
-
-/// Seed creation and parsing functionality.
-pub mod seed;

networks/monero/wallet/util/src/seed.rs

@@ -1,150 +0,0 @@
-use core::fmt;
-use std_shims::string::String;
-
-use zeroize::{Zeroize, ZeroizeOnDrop, Zeroizing};
-use rand_core::{RngCore, CryptoRng};
-
-pub use monero_seed as original;
-pub use polyseed;
-
-use original::{SeedError as OriginalSeedError, Seed as OriginalSeed};
-use polyseed::{PolyseedError, Polyseed};
-
-/// An error from working with seeds.
-#[derive(Clone, Copy, PartialEq, Eq, Debug)]
-#[cfg_attr(feature = "std", derive(thiserror::Error))]
-pub enum SeedError {
-  /// The seed was invalid.
-  #[cfg_attr(feature = "std", error("invalid seed"))]
-  InvalidSeed,
-  /// The entropy was invalid.
-  #[cfg_attr(feature = "std", error("invalid entropy"))]
-  InvalidEntropy,
-  /// The checksum did not match the data.
-  #[cfg_attr(feature = "std", error("invalid checksum"))]
-  InvalidChecksum,
-  /// Unsupported features were enabled.
-  #[cfg_attr(feature = "std", error("unsupported features"))]
-  UnsupportedFeatures,
-}
-
-impl From<OriginalSeedError> for SeedError {
-  fn from(error: OriginalSeedError) -> SeedError {
-    match error {
-      OriginalSeedError::DeprecatedEnglishWithChecksum | OriginalSeedError::InvalidChecksum => {
-        SeedError::InvalidChecksum
-      }
-      OriginalSeedError::InvalidSeed => SeedError::InvalidSeed,
-    }
-  }
-}
-
-impl From<PolyseedError> for SeedError {
-  fn from(error: PolyseedError) -> SeedError {
-    match error {
-      PolyseedError::UnsupportedFeatures => SeedError::UnsupportedFeatures,
-      PolyseedError::InvalidEntropy => SeedError::InvalidEntropy,
-      PolyseedError::InvalidSeed => SeedError::InvalidSeed,
-      PolyseedError::InvalidChecksum => SeedError::InvalidChecksum,
-    }
-  }
-}
-
-/// The type of the seed.
-#[derive(Clone, Copy, PartialEq, Eq, Debug)]
-pub enum SeedType {
-  /// The seed format originally used by Monero,
-  Original(monero_seed::Language),
-  /// Polyseed.
-  Polyseed(polyseed::Language),
-}
-
-/// A seed, internally either the original format or a Polyseed.
-#[derive(Clone, PartialEq, Eq, Zeroize, ZeroizeOnDrop)]
-pub enum Seed {
-  /// The originally formatted seed.
-  Original(OriginalSeed),
-  /// A Polyseed.
-  Polyseed(Polyseed),
-}
-
-impl fmt::Debug for Seed {
-  fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
-    match self {
-      Seed::Original(_) => f.debug_struct("Seed::Original").finish_non_exhaustive(),
-      Seed::Polyseed(_) => f.debug_struct("Seed::Polyseed").finish_non_exhaustive(),
-    }
-  }
-}
-
-impl Seed {
-  /// Create a new seed.
-  pub fn new<R: RngCore + CryptoRng>(rng: &mut R, seed_type: SeedType) -> Seed {
-    match seed_type {
-      SeedType::Original(lang) => Seed::Original(OriginalSeed::new(rng, lang)),
-      SeedType::Polyseed(lang) => Seed::Polyseed(Polyseed::new(rng, lang)),
-    }
-  }
-
-  /// Parse a seed from a string.
-  pub fn from_string(seed_type: SeedType, words: Zeroizing<String>) -> Result<Seed, SeedError> {
-    match seed_type {
-      SeedType::Original(lang) => Ok(OriginalSeed::from_string(lang, words).map(Seed::Original)?),
-      SeedType::Polyseed(lang) => Ok(Polyseed::from_string(lang, words).map(Seed::Polyseed)?),
-    }
-  }
-
-  /// Create a seed from entropy.
-  ///
-  /// A birthday may be optionally provided, denoted in seconds since the epoch. For
-  /// SeedType::Original, it will be ignored. For SeedType::Polyseed, it'll be embedded into the
-  /// seed.
-  ///
-  /// For SeedType::Polyseed, the last 13 bytes of `entropy` must be 0.
-  // TODO: Return Result, not Option
-  pub fn from_entropy(
-    seed_type: SeedType,
-    entropy: Zeroizing<[u8; 32]>,
-    birthday: Option<u64>,
-  ) -> Option<Seed> {
-    match seed_type {
-      SeedType::Original(lang) => OriginalSeed::from_entropy(lang, entropy).map(Seed::Original),
-      SeedType::Polyseed(lang) => {
-        Polyseed::from(lang, 0, birthday.unwrap_or(0), entropy).ok().map(Seed::Polyseed)
-      }
-    }
-  }
-
-  /// Converts the seed to a string.
-  pub fn to_string(&self) -> Zeroizing<String> {
-    match self {
-      Seed::Original(seed) => seed.to_string(),
-      Seed::Polyseed(seed) => seed.to_string(),
-    }
-  }
-
-  /// Get the entropy for this seed.
-  pub fn entropy(&self) -> Zeroizing<[u8; 32]> {
-    match self {
-      Seed::Original(seed) => seed.entropy(),
-      Seed::Polyseed(seed) => seed.entropy().clone(),
-    }
-  }
-
-  /// Get the key derived from this seed.
-  pub fn key(&self) -> Zeroizing<[u8; 32]> {
-    match self {
-      // Original does not differentiate between its entropy and its key
-      Seed::Original(seed) => seed.entropy(),
-      Seed::Polyseed(seed) => seed.key(),
-    }
-  }
-
-  /// Get the birthday of this seed, denoted in seconds since the epoch.
-  pub fn birthday(&self) -> u64 {
-    match self {
-      Seed::Original(_) => 0,
-      Seed::Polyseed(seed) => seed.birthday(),
-    }
-  }
-}

networks/monero/wallet/util/tests/tests.rs

@@ -1,3 +0,0 @@
-// TODO
-#[test]
-fn test() {}

processor/src/networks/bitcoin.rs

@@ -455,7 +455,7 @@ impl Bitcoin {
         panic!("trying to create a bitcoin transaction without inputs")
       }
       // No outputs left and the change isn't worth enough/not even enough funds to pay the fee
-      Err(TransactionError::NoOutputs | TransactionError::NotEnoughFunds) => Ok(None),
+      Err(TransactionError::NoOutputs | TransactionError::NotEnoughFunds { .. }) => Ok(None),
       // amortize_fee removes payments which fall below the dust threshold
       Err(TransactionError::DustPayment) => panic!("dust payment despite removing dust"),
       Err(TransactionError::TooMuchData) => {

substrate/validator-sets/pallet/Cargo.toml

@@ -44,6 +44,18 @@ validator-sets-primitives = { package = "serai-validator-sets-primitives", path
 coins-pallet = { package = "serai-coins-pallet", path = "../../coins/pallet", default-features = false }
 dex-pallet = { package = "serai-dex-pallet", path = "../../dex/pallet", default-features = false }
 
+[dev-dependencies]
+pallet-timestamp = { git = "https://github.com/serai-dex/substrate", default-features = false }
+
+sp-consensus-babe = { git = "https://github.com/serai-dex/substrate", default-features = false }
+
+ciphersuite = { path = "../../../crypto/ciphersuite", features = ["ristretto"] }
+frost = { package = "modular-frost", path = "../../../crypto/frost", features = ["tests"] }
+schnorrkel = { path = "../../../crypto/schnorrkel", package = "frost-schnorrkel" }
+
+zeroize = "^1.5"
+rand_core = "0.6"
+
 [features]
 std = [
   "scale/std",
@@ -56,12 +68,15 @@ std = [
   "sp-runtime/std",
   "sp-session/std",
   "sp-staking/std",
+  
+  "sp-consensus-babe/std",
 
   "frame-system/std",
   "frame-support/std",
 
   "pallet-babe/std",
   "pallet-grandpa/std",
+  "pallet-timestamp/std",
 
   "serai-primitives/std",
   "validator-sets-primitives/std",
@@ -70,8 +85,12 @@ std = [
   "dex-pallet/std",
 ]
 
-# TODO
-try-runtime = []
+try-runtime = [
+  "frame-system/try-runtime",
+  "frame-support/try-runtime",
+
+  "sp-runtime/try-runtime",
+]
 
 runtime-benchmarks = [
   "frame-system/runtime-benchmarks",

substrate/validator-sets/pallet/src/lib.rs

@@ -1,5 +1,11 @@
 #![cfg_attr(not(feature = "std"), no_std)]
 
+#[cfg(test)]
+mod mock;
+
+#[cfg(test)]
+mod tests;
+
 use core::marker::PhantomData;
 
 use scale::{Encode, Decode};
@@ -303,6 +309,7 @@ pub mod pallet {
 
   /// Pending deallocations, keyed by the Session they become unlocked on.
   #[pallet::storage]
+  #[pallet::getter(fn pending_deallocations)]
   type PendingDeallocations<T: Config> = StorageDoubleMap<
     _,
     Blake2_128Concat,
@@ -391,6 +398,7 @@ pub mod pallet {
       let allocation_per_key_share = Self::allocation_per_key_share(network).unwrap().0;
 
       let mut participants = vec![];
+      let mut total_allocated_stake = 0;
       {
         let mut iter = SortedAllocationsIter::<T>::new(network);
         let mut key_shares = 0;
@@ -401,6 +409,7 @@ pub mod pallet {
             (amount.0 / allocation_per_key_share).min(u64::from(MAX_KEY_SHARES_PER_SET));
           participants.push((key, these_key_shares));
 
+          total_allocated_stake += amount.0;
           key_shares += these_key_shares;
         }
         amortize_excess_key_shares(&mut participants);
@@ -413,6 +422,12 @@ pub mod pallet {
       let set = ValidatorSet { network, session };
       Pallet::<T>::deposit_event(Event::NewSet { set });
 
+      // other networks set their Session(0) TAS once they set their keys but serai network
+      // doesn't have that so we set it here.
+      if network == NetworkId::Serai && session == Session(0) {
+        TotalAllocatedStake::<T>::set(network, Some(Amount(total_allocated_stake)));
+      }
+
       Participants::<T>::set(network, Some(participants.try_into().unwrap()));
       SessionBeginBlock::<T>::set(
         network,
@@ -618,7 +633,7 @@ pub mod pallet {
       // If we're not removing the entire allocation, yet the allocation is no longer at or above
       // the threshold for a key share, error
       let allocation_per_key_share = Self::allocation_per_key_share(network).unwrap().0;
-      if (new_allocation != 0) && (new_allocation < allocation_per_key_share) {
+      if (new_allocation > 0) && (new_allocation < allocation_per_key_share) {
         Err(Error::<T>::DeallocationWouldRemoveParticipant)?;
       }
 
@@ -772,7 +787,7 @@ pub mod pallet {
       PendingDeallocations::<T>::take((network, key), session)
     }
 
-    fn rotate_session() {
+    pub(crate) fn rotate_session() {
       // next serai validators that is in the queue.
       let now_validators = Participants::<T>::get(NetworkId::Serai)
         .expect("no Serai participants upon rotate_session");

substrate/validator-sets/pallet/src/mock.rs

@@ -0,0 +1,210 @@
+//! Test environment for ValidatorSets pallet.
+
+use super::*;
+
+use std::collections::HashMap;
+
+use frame_support::{
+  construct_runtime,
+  traits::{ConstU16, ConstU32, ConstU64},
+};
+
+use sp_core::{
+  H256, Pair as PairTrait,
+  sr25519::{Public, Pair},
+};
+use sp_runtime::{
+  traits::{BlakeTwo256, IdentityLookup},
+  BuildStorage,
+};
+
+use serai_primitives::*;
+use validator_sets::{primitives::MAX_KEY_SHARES_PER_SET, MembershipProof};
+
+pub use crate as validator_sets;
+pub use coins_pallet as coins;
+pub use dex_pallet as dex;
+pub use pallet_babe as babe;
+pub use pallet_grandpa as grandpa;
+pub use pallet_timestamp as timestamp;
+
+type Block = frame_system::mocking::MockBlock<Test>;
+// Maximum number of authorities per session.
+pub type MaxAuthorities = ConstU32<{ MAX_KEY_SHARES_PER_SET }>;
+
+pub const PRIMARY_PROBABILITY: (u64, u64) = (1, 4);
+pub const BABE_GENESIS_EPOCH_CONFIG: sp_consensus_babe::BabeEpochConfiguration =
+  sp_consensus_babe::BabeEpochConfiguration {
+    c: PRIMARY_PROBABILITY,
+    allowed_slots: sp_consensus_babe::AllowedSlots::PrimaryAndSecondaryPlainSlots,
+  };
+
+pub const MEDIAN_PRICE_WINDOW_LENGTH: u16 = 10;
+
+construct_runtime!(
+  pub enum Test
+  {
+    System: frame_system,
+    Timestamp: timestamp,
+    Coins: coins,
+    LiquidityTokens: coins::<Instance1>::{Pallet, Call, Storage, Event<T>},
+    ValidatorSets: validator_sets,
+    Dex: dex,
+    Babe: babe,
+    Grandpa: grandpa,
+  }
+);
+
+impl frame_system::Config for Test {
+  type BaseCallFilter = frame_support::traits::Everything;
+  type BlockWeights = ();
+  type BlockLength = ();
+  type RuntimeOrigin = RuntimeOrigin;
+  type RuntimeCall = RuntimeCall;
+  type Nonce = u64;
+  type Hash = H256;
+  type Hashing = BlakeTwo256;
+  type AccountId = Public;
+  type Lookup = IdentityLookup<Self::AccountId>;
+  type Block = Block;
+  type RuntimeEvent = RuntimeEvent;
+  type BlockHashCount = ConstU64<250>;
+  type DbWeight = ();
+  type Version = ();
+  type PalletInfo = PalletInfo;
+  type AccountData = ();
+  type OnNewAccount = ();
+  type OnKilledAccount = ();
+  type SystemWeightInfo = ();
+  type SS58Prefix = ();
+  type OnSetCode = ();
+  type MaxConsumers = ConstU32<16>;
+}
+
+impl timestamp::Config for Test {
+  type Moment = u64;
+  type OnTimestampSet = Babe;
+  type MinimumPeriod = ConstU64<{ (TARGET_BLOCK_TIME * 1000) / 2 }>;
+  type WeightInfo = ();
+}
+
+impl babe::Config for Test {
+  type EpochDuration = ConstU64<{ FAST_EPOCH_DURATION }>;
+
+  type ExpectedBlockTime = ConstU64<{ TARGET_BLOCK_TIME * 1000 }>;
+  type EpochChangeTrigger = babe::ExternalTrigger;
+  type DisabledValidators = ValidatorSets;
+
+  type WeightInfo = ();
+  type MaxAuthorities = MaxAuthorities;
+
+  type KeyOwnerProof = MembershipProof<Self>;
+  type EquivocationReportSystem = ();
+}
+
+impl grandpa::Config for Test {
+  type RuntimeEvent = RuntimeEvent;
+
+  type WeightInfo = ();
+  type MaxAuthorities = MaxAuthorities;
+
+  type MaxSetIdSessionEntries = ConstU64<0>;
+  type KeyOwnerProof = MembershipProof<Self>;
+  type EquivocationReportSystem = ();
+}
+
+impl coins::Config for Test {
+  type RuntimeEvent = RuntimeEvent;
+  type AllowMint = ValidatorSets;
+}
+
+impl coins::Config<coins::Instance1> for Test {
+  type RuntimeEvent = RuntimeEvent;
+  type AllowMint = ();
+}
+
+impl dex::Config for Test {
+  type RuntimeEvent = RuntimeEvent;
+
+  type LPFee = ConstU32<3>; // 0.3%
+  type MintMinLiquidity = ConstU64<10000>;
+
+  type MaxSwapPathLength = ConstU32<3>; // coin1 -> SRI -> coin2
+
+  type MedianPriceWindowLength = ConstU16<{ MEDIAN_PRICE_WINDOW_LENGTH }>;
+
+  type WeightInfo = dex::weights::SubstrateWeight<Test>;
+}
+
+impl Config for Test {
+  type RuntimeEvent = RuntimeEvent;
+  type ShouldEndSession = Babe;
+}
+
+// For a const we can't define
+pub fn genesis_participants() -> Vec<Pair> {
+  vec![
+    insecure_pair_from_name("Alice"),
+    insecure_pair_from_name("Bob"),
+    insecure_pair_from_name("Charlie"),
+    insecure_pair_from_name("Dave"),
+  ]
+}
+
+// Amounts for single key share per network
+pub fn key_shares() -> HashMap<NetworkId, Amount> {
+  HashMap::from([
+    (NetworkId::Serai, Amount(50_000 * 10_u64.pow(8))),
+    (NetworkId::Bitcoin, Amount(1_000_000 * 10_u64.pow(8))),
+    (NetworkId::Monero, Amount(100_000 * 10_u64.pow(8))),
+    (NetworkId::Ethereum, Amount(1_000_000 * 10_u64.pow(8))),
+  ])
+}
+
+pub(crate) fn new_test_ext() -> sp_io::TestExternalities {
+  let mut t = frame_system::GenesisConfig::<Test>::default().build_storage().unwrap();
+  let networks: Vec<(NetworkId, Amount)> = key_shares().into_iter().collect::<Vec<_>>();
+
+  coins::GenesisConfig::<Test> {
+    accounts: genesis_participants()
+      .clone()
+      .into_iter()
+      .map(|a| (a.public(), Balance { coin: Coin::Serai, amount: Amount(1 << 60) }))
+      .collect(),
+    _ignore: Default::default(),
+  }
+  .assimilate_storage(&mut t)
+  .unwrap();
+
+  validator_sets::GenesisConfig::<Test> {
+    networks,
+    participants: genesis_participants().into_iter().map(|p| p.public()).collect(),
+  }
+  .assimilate_storage(&mut t)
+  .unwrap();
+
+  babe::GenesisConfig::<Test> {
+    authorities: genesis_participants()
+      .into_iter()
+      .map(|validator| (validator.public().into(), 1))
+      .collect(),
+    epoch_config: Some(BABE_GENESIS_EPOCH_CONFIG),
+    _config: PhantomData,
+  }
+  .assimilate_storage(&mut t)
+  .unwrap();
+
+  grandpa::GenesisConfig::<Test> {
+    authorities: genesis_participants()
+      .into_iter()
+      .map(|validator| (validator.public().into(), 1))
+      .collect(),
+    _config: PhantomData,
+  }
+  .assimilate_storage(&mut t)
+  .unwrap();
+
+  let mut ext = sp_io::TestExternalities::new(t);
+  ext.execute_with(|| System::set_block_number(0));
+  ext
+}

substrate/validator-sets/pallet/src/tests.rs

@@ -0,0 +1,573 @@
+use crate::{mock::*, primitives::*};
+
+use std::collections::HashMap;
+
+use ciphersuite::{Ciphersuite, Ristretto};
+use frost::dkg::musig::musig;
+use schnorrkel::Schnorrkel;
+
+use zeroize::Zeroizing;
+use rand_core::OsRng;
+
+use frame_support::{
+  assert_noop, assert_ok,
+  pallet_prelude::{InvalidTransaction, TransactionSource},
+  traits::{OnFinalize, OnInitialize},
+};
+use frame_system::RawOrigin;
+
+use sp_core::{
+  sr25519::{Public, Pair, Signature},
+  Pair as PairTrait,
+};
+use sp_runtime::{traits::ValidateUnsigned, BoundedVec};
+
+use serai_primitives::*;
+
+fn active_network_validators(network: NetworkId) -> Vec<(Public, u64)> {
+  if network == NetworkId::Serai {
+    Babe::authorities().into_iter().map(|(id, key_share)| (id.into_inner(), key_share)).collect()
+  } else {
+    ValidatorSets::participants_for_latest_decided_set(network).unwrap().into_inner()
+  }
+}
+
+fn verify_session_and_active_validators(network: NetworkId, participants: &[Public], session: u32) {
+  let mut validators: Vec<Public> = active_network_validators(network)
+    .into_iter()
+    .map(|(p, ks)| {
+      assert_eq!(ks, 1);
+      p
+    })
+    .collect();
+  validators.sort();
+
+  assert_eq!(ValidatorSets::session(network).unwrap(), Session(session));
+  assert_eq!(participants, validators);
+
+  // TODO: how to make sure block finalizations work as usual here?
+}
+
+fn get_session_at_which_changes_activate(network: NetworkId) -> u32 {
+  let current_session = ValidatorSets::session(network).unwrap().0;
+  // changes should be active in the next session
+  if network == NetworkId::Serai {
+    // it takes 1 extra session for serai net to make the changes active.
+    current_session + 2
+  } else {
+    current_session + 1
+  }
+}
+
+fn set_keys_for_session(network: NetworkId) {
+  ValidatorSets::set_keys(
+    RawOrigin::None.into(),
+    network,
+    BoundedVec::new(),
+    KeyPair(insecure_pair_from_name("Alice").public(), vec![].try_into().unwrap()),
+    Signature([0u8; 64]),
+  )
+  .unwrap();
+}
+
+fn set_keys_signature(set: &ValidatorSet, key_pair: &KeyPair, pairs: &[Pair]) -> Signature {
+  let mut pub_keys = vec![];
+  for pair in pairs {
+    let public_key =
+      <Ristretto as Ciphersuite>::read_G::<&[u8]>(&mut pair.public().0.as_ref()).unwrap();
+    pub_keys.push(public_key);
+  }
+
+  let mut threshold_keys = vec![];
+  for i in 0 .. pairs.len() {
+    let secret_key = <Ristretto as Ciphersuite>::read_F::<&[u8]>(
+      &mut pairs[i].as_ref().secret.to_bytes()[.. 32].as_ref(),
+    )
+    .unwrap();
+    assert_eq!(Ristretto::generator() * secret_key, pub_keys[i]);
+
+    threshold_keys.push(
+      musig::<Ristretto>(&musig_context(*set), &Zeroizing::new(secret_key), &pub_keys).unwrap(),
+    );
+  }
+
+  let mut musig_keys = HashMap::new();
+  for tk in threshold_keys {
+    musig_keys.insert(tk.params().i(), tk.into());
+  }
+
+  let sig = frost::tests::sign_without_caching(
+    &mut OsRng,
+    frost::tests::algorithm_machines(&mut OsRng, &Schnorrkel::new(b"substrate"), &musig_keys),
+    &set_keys_message(set, &[], key_pair),
+  );
+
+  Signature(sig.to_bytes())
+}
+
+fn get_ordered_keys(network: NetworkId, participants: &[Pair]) -> Vec<Pair> {
+  // retrieve the current session validators so that we know the order of the keys
+  // that is necessary for the correct musig signature.
+  let validators = ValidatorSets::participants_for_latest_decided_set(network).unwrap();
+
+  // collect the pairs of the validators
+  let mut pairs = vec![];
+  for (v, _) in validators {
+    let p = participants.iter().find(|pair| pair.public() == v).unwrap().clone();
+    pairs.push(p);
+  }
+
+  pairs
+}
+
+fn rotate_session_until(network: NetworkId, session: u32) {
+  let mut current = ValidatorSets::session(network).unwrap().0;
+  while current < session {
+    Babe::on_initialize(System::block_number() + 1);
+    ValidatorSets::rotate_session();
+    set_keys_for_session(network);
+    ValidatorSets::retire_set(ValidatorSet { session: Session(current), network });
+    current += 1;
+  }
+  assert_eq!(current, session);
+}
+
+#[test]
+fn rotate_session() {
+  new_test_ext().execute_with(|| {
+    let genesis_participants: Vec<Public> =
+      genesis_participants().into_iter().map(|p| p.public()).collect();
+    let key_shares = key_shares();
+
+    let mut participants = HashMap::from([
+      (NetworkId::Serai, genesis_participants.clone()),
+      (NetworkId::Bitcoin, genesis_participants.clone()),
+      (NetworkId::Monero, genesis_participants.clone()),
+      (NetworkId::Ethereum, genesis_participants),
+    ]);
+
+    // rotate session
+    for network in NETWORKS {
+      let participants = participants.get_mut(&network).unwrap();
+
+      // verify for session 0
+      participants.sort();
+      set_keys_for_session(network);
+      verify_session_and_active_validators(network, participants, 0);
+
+      // add 1 participant
+      let new_participant = insecure_pair_from_name("new-guy").public();
+      Coins::mint(new_participant, Balance { coin: Coin::Serai, amount: key_shares[&network] })
+        .unwrap();
+      ValidatorSets::allocate(
+        RawOrigin::Signed(new_participant).into(),
+        network,
+        key_shares[&network],
+      )
+      .unwrap();
+      participants.push(new_participant);
+
+      // move network to the activation session
+      let activation_session = get_session_at_which_changes_activate(network);
+      rotate_session_until(network, activation_session);
+
+      // verify
+      participants.sort();
+      verify_session_and_active_validators(network, participants, activation_session);
+
+      // remove 1 participant
+      let participant_to_remove = participants[0];
+      ValidatorSets::deallocate(
+        RawOrigin::Signed(participant_to_remove).into(),
+        network,
+        key_shares[&network],
+      )
+      .unwrap();
+      participants
+        .swap_remove(participants.iter().position(|k| *k == participant_to_remove).unwrap());
+
+      // check pending deallocations
+      let pending = ValidatorSets::pending_deallocations(
+        (network, participant_to_remove),
+        Session(if network == NetworkId::Serai {
+          activation_session + 3
+        } else {
+          activation_session + 2
+        }),
+      );
+      assert_eq!(pending, Some(key_shares[&network]));
+
+      // move network to the activation session
+      let activation_session = get_session_at_which_changes_activate(network);
+      rotate_session_until(network, activation_session);
+
+      // verify
+      participants.sort();
+      verify_session_and_active_validators(network, participants, activation_session);
+    }
+  })
+}
+
+#[test]
+fn allocate() {
+  new_test_ext().execute_with(|| {
+    let genesis_participants: Vec<Public> =
+      genesis_participants().into_iter().map(|p| p.public()).collect();
+    let key_shares = key_shares();
+    let participant = insecure_pair_from_name("random1").public();
+    let network = NetworkId::Ethereum;
+
+    // check genesis TAS
+    set_keys_for_session(network);
+    assert_eq!(
+      ValidatorSets::total_allocated_stake(network).unwrap().0,
+      key_shares[&network].0 * u64::try_from(genesis_participants.len()).unwrap()
+    );
+
+    // we can't allocate less than a key share
+    let amount = Amount(key_shares[&network].0 * 3);
+    Coins::mint(participant, Balance { coin: Coin::Serai, amount }).unwrap();
+    assert_noop!(
+      ValidatorSets::allocate(
+        RawOrigin::Signed(participant).into(),
+        network,
+        Amount(key_shares[&network].0 - 1)
+      ),
+      validator_sets::Error::<Test>::InsufficientAllocation
+    );
+
+    // we can't allocate too much that the net exhibits the ability to handle any single node
+    // becoming byzantine
+    assert_noop!(
+      ValidatorSets::allocate(RawOrigin::Signed(participant).into(), network, amount),
+      validator_sets::Error::<Test>::AllocationWouldRemoveFaultTolerance
+    );
+
+    // we should be allocate a proper amount
+    assert_ok!(ValidatorSets::allocate(
+      RawOrigin::Signed(participant).into(),
+      network,
+      key_shares[&network]
+    ));
+    assert_eq!(Coins::balance(participant, Coin::Serai).0, amount.0 - key_shares[&network].0);
+
+    // check new amount is reflected on TAS on new session
+    rotate_session_until(network, 1);
+    assert_eq!(
+      ValidatorSets::total_allocated_stake(network).unwrap().0,
+      key_shares[&network].0 * (u64::try_from(genesis_participants.len()).unwrap() + 1)
+    );
+
+    // check that new participants match
+    let mut active_participants: Vec<Public> =
+      active_network_validators(network).into_iter().map(|(p, _)| p).collect();
+
+    let mut current_participants = genesis_participants.clone();
+    current_participants.push(participant);
+
+    current_participants.sort();
+    active_participants.sort();
+    assert_eq!(current_participants, active_participants);
+  })
+}
+
+#[test]
+fn deallocate_pending() {
+  new_test_ext().execute_with(|| {
+    let genesis_participants: Vec<Public> =
+      genesis_participants().into_iter().map(|p| p.public()).collect();
+    let key_shares = key_shares();
+    let participant = insecure_pair_from_name("random1").public();
+    let network = NetworkId::Bitcoin;
+
+    // check genesis TAS
+    set_keys_for_session(network);
+    assert_eq!(
+      ValidatorSets::total_allocated_stake(network).unwrap().0,
+      key_shares[&network].0 * u64::try_from(genesis_participants.len()).unwrap()
+    );
+
+    // allocate some amount
+    Coins::mint(participant, Balance { coin: Coin::Serai, amount: key_shares[&network] }).unwrap();
+    assert_ok!(ValidatorSets::allocate(
+      RawOrigin::Signed(participant).into(),
+      network,
+      key_shares[&network]
+    ));
+    assert_eq!(Coins::balance(participant, Coin::Serai).0, 0);
+
+    // move to next session
+    let mut current_session = ValidatorSets::session(network).unwrap().0;
+    current_session += 1;
+    rotate_session_until(network, current_session);
+    assert_eq!(
+      ValidatorSets::total_allocated_stake(network).unwrap().0,
+      key_shares[&network].0 * (u64::try_from(genesis_participants.len()).unwrap() + 1)
+    );
+
+    // we can deallocate all of our allocation
+    assert_ok!(ValidatorSets::deallocate(
+      RawOrigin::Signed(participant).into(),
+      network,
+      key_shares[&network]
+    ));
+
+    // check pending deallocations
+    let pending_session =
+      if network == NetworkId::Serai { current_session + 3 } else { current_session + 2 };
+    assert_eq!(
+      ValidatorSets::pending_deallocations((network, participant), Session(pending_session)),
+      Some(key_shares[&network])
+    );
+
+    // we can't claim it immediately
+    assert_noop!(
+      ValidatorSets::claim_deallocation(
+        RawOrigin::Signed(participant).into(),
+        network,
+        Session(pending_session),
+      ),
+      validator_sets::Error::<Test>::NonExistentDeallocation
+    );
+
+    // we should be able to claim it in the pending session
+    rotate_session_until(network, pending_session);
+    assert_ok!(ValidatorSets::claim_deallocation(
+      RawOrigin::Signed(participant).into(),
+      network,
+      Session(pending_session),
+    ));
+  })
+}
+
+#[test]
+fn deallocate_immediately() {
+  new_test_ext().execute_with(|| {
+    let genesis_participants: Vec<Public> =
+      genesis_participants().into_iter().map(|p| p.public()).collect();
+    let key_shares = key_shares();
+    let participant = insecure_pair_from_name("random1").public();
+    let network = NetworkId::Monero;
+
+    // check genesis TAS
+    set_keys_for_session(network);
+    assert_eq!(
+      ValidatorSets::total_allocated_stake(network).unwrap().0,
+      key_shares[&network].0 * u64::try_from(genesis_participants.len()).unwrap()
+    );
+
+    // we can't deallocate when we don't have an allocation
+    assert_noop!(
+      ValidatorSets::deallocate(
+        RawOrigin::Signed(participant).into(),
+        network,
+        key_shares[&network]
+      ),
+      validator_sets::Error::<Test>::NonExistentValidator
+    );
+
+    // allocate some amount
+    Coins::mint(participant, Balance { coin: Coin::Serai, amount: key_shares[&network] }).unwrap();
+    assert_ok!(ValidatorSets::allocate(
+      RawOrigin::Signed(participant).into(),
+      network,
+      key_shares[&network]
+    ));
+    assert_eq!(Coins::balance(participant, Coin::Serai).0, 0);
+
+    // we can't deallocate more than our allocation
+    assert_noop!(
+      ValidatorSets::deallocate(
+        RawOrigin::Signed(participant).into(),
+        network,
+        Amount(key_shares[&network].0 + 1)
+      ),
+      validator_sets::Error::<Test>::NotEnoughAllocated
+    );
+
+    // we can't deallocate an amount that would left us less than a key share as long as it isn't 0
+    assert_noop!(
+      ValidatorSets::deallocate(
+        RawOrigin::Signed(participant).into(),
+        network,
+        Amount(key_shares[&network].0 / 2)
+      ),
+      validator_sets::Error::<Test>::DeallocationWouldRemoveParticipant
+    );
+
+    // we can deallocate all of our allocation
+    assert_ok!(ValidatorSets::deallocate(
+      RawOrigin::Signed(participant).into(),
+      network,
+      key_shares[&network]
+    ));
+
+    // It should be immediately deallocated since we are not yet in an active set
+    assert_eq!(Coins::balance(participant, Coin::Serai), key_shares[&network]);
+    assert!(ValidatorSets::pending_deallocations((network, participant), Session(1)).is_none());
+
+    // allocate again
+    assert_ok!(ValidatorSets::allocate(
+      RawOrigin::Signed(participant).into(),
+      network,
+      key_shares[&network]
+    ));
+    assert_eq!(Coins::balance(participant, Coin::Serai).0, 0);
+
+    // make a pool so that we have security oracle value for the coin
+    let liq_acc = insecure_pair_from_name("liq-acc").public();
+    let coin = Coin::Monero;
+    let balance = Balance { coin, amount: Amount(2 * key_shares[&network].0) };
+    Coins::mint(liq_acc, balance).unwrap();
+    Coins::mint(liq_acc, Balance { coin: Coin::Serai, amount: balance.amount }).unwrap();
+    Dex::add_liquidity(
+      RawOrigin::Signed(liq_acc).into(),
+      coin,
+      balance.amount.0 / 2,
+      balance.amount.0 / 2,
+      1,
+      1,
+      liq_acc,
+    )
+    .unwrap();
+    Dex::on_finalize(1);
+    assert!(Dex::security_oracle_value(coin).unwrap().0 > 0);
+
+    // we can't deallocate if it would break economic security
+    // The reason we don't have economic security for the network now is that we just set
+    // the value for coin/SRI to 1:1 when making the pool and we minted 2 * key_share amount
+    // of coin but we only allocated 1 key_share of SRI for the network although we need more than
+    // 3 for the same amount of coin.
+    assert_noop!(
+      ValidatorSets::deallocate(
+        RawOrigin::Signed(participant).into(),
+        network,
+        key_shares[&network]
+      ),
+      validator_sets::Error::<Test>::DeallocationWouldRemoveEconomicSecurity
+    );
+  })
+}
+
+#[test]
+fn set_keys_no_serai_network() {
+  new_test_ext().execute_with(|| {
+    let call = validator_sets::Call::<Test>::set_keys {
+      network: NetworkId::Serai,
+      removed_participants: Vec::new().try_into().unwrap(),
+      key_pair: KeyPair(insecure_pair_from_name("name").public(), Vec::new().try_into().unwrap()),
+      signature: Signature([0u8; 64]),
+    };
+
+    assert_eq!(
+      ValidatorSets::validate_unsigned(TransactionSource::External, &call),
+      InvalidTransaction::Custom(0).into()
+    );
+  })
+}
+
+#[test]
+fn set_keys_keys_exist() {
+  new_test_ext().execute_with(|| {
+    let network = NetworkId::Monero;
+
+    // set the keys first
+    ValidatorSets::set_keys(
+      RawOrigin::None.into(),
+      network,
+      Vec::new().try_into().unwrap(),
+      KeyPair(insecure_pair_from_name("name").public(), Vec::new().try_into().unwrap()),
+      Signature([0u8; 64]),
+    )
+    .unwrap();
+
+    let call = validator_sets::Call::<Test>::set_keys {
+      network,
+      removed_participants: Vec::new().try_into().unwrap(),
+      key_pair: KeyPair(insecure_pair_from_name("name").public(), Vec::new().try_into().unwrap()),
+      signature: Signature([0u8; 64]),
+    };
+
+    assert_eq!(
+      ValidatorSets::validate_unsigned(TransactionSource::External, &call),
+      InvalidTransaction::Stale.into()
+    );
+  })
+}
+
+#[test]
+fn set_keys_invalid_signature() {
+  new_test_ext().execute_with(|| {
+    let network = NetworkId::Ethereum;
+    let mut participants = get_ordered_keys(network, &genesis_participants());
+
+    // we can't have invalid set
+    let mut set = ValidatorSet { network, session: Session(1) };
+    let key_pair =
+      KeyPair(insecure_pair_from_name("name").public(), Vec::new().try_into().unwrap());
+    let signature = set_keys_signature(&set, &key_pair, &participants);
+
+    let call = validator_sets::Call::<Test>::set_keys {
+      network,
+      removed_participants: Vec::new().try_into().unwrap(),
+      key_pair: key_pair.clone(),
+      signature,
+    };
+    assert_eq!(
+      ValidatorSets::validate_unsigned(TransactionSource::External, &call),
+      InvalidTransaction::BadProof.into()
+    );
+
+    // fix the set
+    set.session = Session(0);
+
+    // participants should match
+    participants.push(insecure_pair_from_name("random1"));
+    let signature = set_keys_signature(&set, &key_pair, &participants);
+
+    let call = validator_sets::Call::<Test>::set_keys {
+      network,
+      removed_participants: Vec::new().try_into().unwrap(),
+      key_pair: key_pair.clone(),
+      signature,
+    };
+    assert_eq!(
+      ValidatorSets::validate_unsigned(TransactionSource::External, &call),
+      InvalidTransaction::BadProof.into()
+    );
+
+    // fix the participants
+    participants.pop();
+
+    // msg key pair and the key pair to set should match
+    let key_pair2 =
+      KeyPair(insecure_pair_from_name("name2").public(), Vec::new().try_into().unwrap());
+    let signature = set_keys_signature(&set, &key_pair2, &participants);
+
+    let call = validator_sets::Call::<Test>::set_keys {
+      network,
+      removed_participants: Vec::new().try_into().unwrap(),
+      key_pair: key_pair.clone(),
+      signature,
+    };
+    assert_eq!(
+      ValidatorSets::validate_unsigned(TransactionSource::External, &call),
+      InvalidTransaction::BadProof.into()
+    );
+
+    // use the same key pair
+    let signature = set_keys_signature(&set, &key_pair, &participants);
+    let call = validator_sets::Call::<Test>::set_keys {
+      network,
+      removed_participants: Vec::new().try_into().unwrap(),
+      key_pair,
+      signature,
+    };
+    ValidatorSets::validate_unsigned(TransactionSource::External, &call).unwrap();
+
+    // TODO: removed_participants parameter isn't tested since it will be removed in upcoming
+    // commits?
+  })
+}
+
+// TODO: add report_slashes tests when the feature is complete.

tests/no-std/Cargo.toml

@@ -35,4 +35,4 @@ dkg = { path = "../../crypto/dkg", default-features = false }
 
 bitcoin-serai = { path = "../../networks/bitcoin", default-features = false, features = ["hazmat"] }
 
-monero-wallet-util = { path = "../../networks/monero/wallet/util", default-features = false, features = ["compile-time-generators"] }
+monero-wallet = { path = "../../networks/monero/wallet", default-features = false, features = ["compile-time-generators"] }

tests/no-std/src/lib.rs

@@ -20,4 +20,4 @@ pub use frost_schnorrkel;
 
 pub use bitcoin_serai;
 
-pub use monero_wallet_util;
+pub use monero_wallet;