patch-polkadot-sdk enabling libp2p 0.56

Make the MSRV lint more robust
The prior version would fail if the last entry in the final array was not originally the last entry.
2025-12-10 13:09:24 +00:00 · 2025-09-06 17:41:49 -04:00 · 2025-09-06 14:43:21 -04:00 · 2025-09-06 14:28:42 -04:00 · 2025-09-06 14:04:55 -04:00 · 2025-09-06 04:26:10 -04:00
823 changed files with 25877 additions and 89477 deletions
--- a/.github/actions/LICENSE
+++ b/.github/actions/LICENSE
@@ -1,6 +1,6 @@
 MIT License

-Copyright (c) 2022-2023 Luke Parker
+Copyright (c) 2022-2025 Luke Parker

 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
--- a/.github/actions/bitcoin/action.yml
+++ b/.github/actions/bitcoin/action.yml
@@ -5,14 +5,14 @@ inputs:
  version:
    description: "Version to download and run"
    required: false
-    default: "27.0"
+    default: "29.1"

 runs:
  using: "composite"
  steps:
    - name: Bitcoin Daemon Cache
      id: cache-bitcoind
-      uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
+      uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809
      with:
        path: bitcoin.tar.gz
        key: bitcoind-${{ runner.os }}-${{ runner.arch }}-${{ inputs.version }}
--- a/.github/actions/build-dependencies/action.yml
+++ b/.github/actions/build-dependencies/action.yml
@@ -7,13 +7,15 @@ runs:
    - name: Remove unused packages
      shell: bash
      run: |
-        sudo apt remove -y "*msbuild*" "*powershell*" "*nuget*" "*bazel*" "*ansible*" "*terraform*" "*heroku*" "*aws*" azure-cli
+        sudo apt remove -y "*powershell*" "*nuget*" "*bazel*" "*ansible*" "*terraform*" "*heroku*" "*aws*" azure-cli
        sudo apt remove -y "*nodejs*" "*npm*" "*yarn*" "*java*" "*kotlin*" "*golang*" "*swift*" "*julia*" "*fortran*" "*android*"
        sudo apt remove -y "*apache2*" "*nginx*" "*firefox*" "*chromium*" "*chrome*" "*edge*"
+
+        sudo apt remove -y --allow-remove-essential -f shim-signed *python3*
+        # This removal command requires the prior removals due to unmet dependencies otherwise
        sudo apt remove -y "*qemu*" "*sql*" "*texinfo*" "*imagemagick*"
-        sudo apt autoremove -y
-        sudo apt clean
-        docker system prune -a --volumes
+        # Reinstall python3 as a general dependency of a functional operating system
+        sudo apt install python3
      if: runner.os == 'Linux'

    - name: Remove unused packages
@@ -41,9 +43,34 @@ runs:
    - name: Install solc
      shell: bash
      run: |
-        cargo install svm-rs
+        cargo +1.89 install svm-rs --version =0.5.18
        svm install 0.8.26
        svm use 0.8.26

+    - name: Remove preinstalled Docker
+      shell: bash
+      run: |
+        docker system prune -a --volumes
+        sudo apt remove -y *docker*
+        # Install uidmap which will be required for the explicitly installed Docker
+        sudo apt install uidmap
+      if: runner.os == 'Linux'
+
+    - name: Update system dependencies
+      shell: bash
+      run: |
+        sudo apt update -y
+        sudo apt upgrade -y
+        sudo apt autoremove -y
+        sudo apt clean
+      if: runner.os == 'Linux'
+
+    - name: Install rootless Docker
+      uses: docker/setup-docker-action@b60f85385d03ac8acfca6d9996982511d8620a19
+      with:
+        rootless: true
+        set-host: true
+      if: runner.os == 'Linux'
+
    # - name: Cache Rust
    #   uses: Swatinem/rust-cache@a95ba195448af2da9b00fb742d14ffaaf3c21f43
--- a/.github/actions/monero-wallet-rpc/action.yml
+++ b/.github/actions/monero-wallet-rpc/action.yml
@@ -12,7 +12,7 @@ runs:
  steps:
    - name: Monero Wallet RPC Cache
      id: cache-monero-wallet-rpc
-      uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
+      uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809
      with:
        path: monero-wallet-rpc
        key: monero-wallet-rpc-${{ runner.os }}-${{ runner.arch }}-${{ inputs.version }}
--- a/.github/actions/monero/action.yml
+++ b/.github/actions/monero/action.yml
@@ -12,7 +12,7 @@ runs:
  steps:
    - name: Monero Daemon Cache
      id: cache-monerod
-      uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
+      uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809
      with:
        path: /usr/bin/monerod
        key: monerod-${{ runner.os }}-${{ runner.arch }}-${{ inputs.version }}
--- a/.github/actions/test-dependencies/action.yml
+++ b/.github/actions/test-dependencies/action.yml
@@ -10,7 +10,7 @@ inputs:
  bitcoin-version:
    description: "Bitcoin version to download and run as a regtest node"
    required: false
-    default: "27.1"
+    default: "29.1"

 runs:
  using: "composite"
--- a/.github/nightly-version
+++ b/.github/nightly-version
@@ -1 +1 @@
-nightly-2024-07-01
+nightly-2025-09-01
--- a/.github/workflows/crypto-tests.yml
+++ b/.github/workflows/crypto-tests.yml
@@ -32,13 +32,17 @@ jobs:
            -p dalek-ff-group \
            -p minimal-ed448 \
            -p ciphersuite \
+            -p ciphersuite-kp256 \
            -p multiexp \
            -p schnorr-signatures \
-            -p dleq \
-            -p generalized-bulletproofs \
-            -p generalized-bulletproofs-circuit-abstraction \
-            -p ec-divisors \
-            -p generalized-bulletproofs-ec-gadgets \
+            -p prime-field \
+            -p short-weierstrass \
+            -p secq256k1 \
+            -p embedwards25519 \
            -p dkg \
+            -p dkg-recovery \
+            -p dkg-dealer \
+            -p dkg-musig \
+            -p dkg-evrf \
            -p modular-frost \
            -p frost-schnorrkel
--- a/.github/workflows/daily-deny.yml
+++ b/.github/workflows/daily-deny.yml
@@ -12,13 +12,13 @@ jobs:
      - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac

      - name: Advisory Cache
-        uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
+        uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809
        with:
          path: ~/.cargo/advisory-db
          key: rust-advisory-db

      - name: Install cargo deny
-        run: cargo install --locked cargo-deny
+        run: cargo +1.89 install cargo-deny --version =0.18.3

      - name: Run cargo deny
-        run: cargo deny -L error --all-features check
+        run: cargo deny -L error --all-features check --hide-inclusion-graph
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -26,7 +26,7 @@ jobs:
        uses: ./.github/actions/build-dependencies

      - name: Install nightly rust
-        run: rustup toolchain install ${{ steps.nightly.outputs.version }} --profile minimal -t wasm32-unknown-unknown -c clippy
+        run: rustup toolchain install ${{ steps.nightly.outputs.version }} --profile minimal -t wasm32v1-none -c rust-src -c clippy

      - name: Run Clippy
        run: cargo +${{ steps.nightly.outputs.version }} clippy --all-features --all-targets -- -D warnings -A clippy::items_after_test_module
@@ -46,16 +46,16 @@ jobs:
      - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac

      - name: Advisory Cache
-        uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
+        uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809
        with:
          path: ~/.cargo/advisory-db
          key: rust-advisory-db

      - name: Install cargo deny
-        run: cargo install --locked cargo-deny
+        run: cargo +1.89 install cargo-deny --version =0.18.3

      - name: Run cargo deny
-        run: cargo deny -L error --all-features check
+        run: cargo deny -L error --all-features check --hide-inclusion-graph

  fmt:
    runs-on: ubuntu-latest
@@ -88,8 +88,105 @@ jobs:
      - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac
      - name: Verify all dependencies are in use
        run: |
-          cargo install cargo-machete
-          cargo machete
+          cargo +1.89 install cargo-machete --version =0.8.0
+          cargo +1.89 machete
+
+  msrv:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac
+      - name: Verify claimed `rust-version`
+        shell: bash
+        run: |
+          cargo +1.89 install cargo-msrv --version =0.18.4
+
+          function check_msrv {
+            # We `cd` into the directory passed as the first argument, but will return to the
+            # directory called from.
+            return_to=$(pwd)
+            echo "Checking $1"
+            cd $1
+
+            # We then find the existing `rust-version` using `grep` (for the right line) and then a
+            # regex (to strip to just the major and minor version).
+            existing=$(cat ./Cargo.toml | grep "rust-version" | grep -Eo "[0-9]+\.[0-9]+")
+
+            # We then backup the `Cargo.toml`, allowing us to restore it after, saving time on future
+            # MSRV checks (as they'll benefit from immediately exiting if the queried version is less
+            # than the declared MSRV).
+            mv ./Cargo.toml ./Cargo.toml.bak
+
+            # We then use an inverted (`-v`) grep to remove the existing `rust-version` from the
+            # `Cargo.toml`, as required because else earlier versions of Rust won't even attempt to
+            # compile this crate.
+            cat ./Cargo.toml.bak | grep -v "rust-version" > Cargo.toml
+
+            # We then find the actual `rust-version` using `cargo-msrv` (again stripping to just the
+            # major and minor version).
+            actual=$(cargo msrv find --output-format minimal | grep -Eo "^[0-9]+\.[0-9]+")
+
+            # Finally, we compare the two.
+            echo "Declared rust-version: $existing"
+            echo "Actual rust-version: $actual"
+            [ $existing == $actual ]
+            result=$?
+
+            # Restore the original `Cargo.toml`.
+            rm Cargo.toml
+            mv ./Cargo.toml.bak ./Cargo.toml
+
+            # Return to the directory called from and return the result.
+            cd $return_to
+            return $result
+          }
+
+          # Check each member of the workspace
+          function check_workspace {
+            # Get the members array from the workspace's `Cargo.toml`
+            cargo_toml_lines=$(cat ./Cargo.toml | wc -l)
+            # Keep all lines after the start of the array, then keep all lines before the next "]"
+            members=$(cat Cargo.toml | grep "members\ \=\ \[" -m1 -A$cargo_toml_lines | grep "]" -m1 -B$cargo_toml_lines)
+            # Prune `members = [` to `[` by replacing the first line with just `[`
+            members=$(echo "$members" | sed "1s/.*/\[/")
+
+            # Parse out any comments, whitespace, including comments post-fixed on the same line as an entry
+            # We accomplish the latter by pruning all characters after the entry's ","
+            members=$(echo "$members" | grep -Ev "^[[:space:]]*(#|$)" | awk -F',' '{print $1","}')
+            # Correct the last line, which was malleated to "],"
+            members=$(echo "$members" | sed "$(echo "$members" | wc -l)s/\]\,/\]/")
+
+            # Don't check the patches
+            members=$(echo "$members" | grep -v "patches")
+            # Don't check the following
+            # Most of these are binaries, with the exception of the Substrate runtime which has a
+            # bespoke build pipeline
+            members=$(echo "$members" | grep -v "networks/ethereum/relayer\"")
+            members=$(echo "$members" | grep -v "message-queue\"")
+            members=$(echo "$members" | grep -v "processor/bin\"")
+            members=$(echo "$members" | grep -v "processor/bitcoin\"")
+            members=$(echo "$members" | grep -v "processor/ethereum\"")
+            members=$(echo "$members" | grep -v "processor/monero\"")
+            members=$(echo "$members" | grep -v "coordinator\"")
+            members=$(echo "$members" | grep -v "substrate/runtime\"")
+            members=$(echo "$members" | grep -v "substrate/node\"")
+            members=$(echo "$members" | grep -v "orchestration\"")
+
+            # Don't check the tests
+            members=$(echo "$members" | grep -v "mini\"")
+            members=$(echo "$members" | grep -v "tests/")
+
+            # Remove the trailing comma by replacing the last line's "," with ""
+            members=$(echo "$members" | sed "$(($(echo "$members" | wc -l) - 1))s/\,//")
+
+            echo $members | jq -r ".[]" | while read -r member; do
+              check_msrv $member
+              correct=$?
+              if [ $correct -ne 0 ]; then
+                return $correct
+              fi
+            done
+          }
+          check_workspace

  slither:
    runs-on: ubuntu-latest
--- a/.github/workflows/monero-tests.yaml
+++ b/.github/workflows/monero-tests.yaml
@@ -1,77 +0,0 @@
-name: Monero Tests
-
-on:
-  push:
-    branches:
-      - develop
-    paths:
-      - "networks/monero/**"
-      - "processor/**"
-
-  pull_request:
-    paths:
-      - "networks/monero/**"
-      - "processor/**"
-
-  workflow_dispatch:
-
-jobs:
-  # Only run these once since they will be consistent regardless of any node
-  unit-tests:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac
-
-      - name: Test Dependencies
-        uses: ./.github/actions/test-dependencies
-
-      - name: Run Unit Tests Without Features
-        run: |
-          GITHUB_CI=true RUST_BACKTRACE=1 cargo test --package monero-io --lib
-          GITHUB_CI=true RUST_BACKTRACE=1 cargo test --package monero-generators --lib
-          GITHUB_CI=true RUST_BACKTRACE=1 cargo test --package monero-primitives --lib
-          GITHUB_CI=true RUST_BACKTRACE=1 cargo test --package monero-mlsag --lib
-          GITHUB_CI=true RUST_BACKTRACE=1 cargo test --package monero-clsag --lib
-          GITHUB_CI=true RUST_BACKTRACE=1 cargo test --package monero-borromean --lib
-          GITHUB_CI=true RUST_BACKTRACE=1 cargo test --package monero-bulletproofs --lib
-          GITHUB_CI=true RUST_BACKTRACE=1 cargo test --package monero-serai --lib
-          GITHUB_CI=true RUST_BACKTRACE=1 cargo test --package monero-rpc --lib
-          GITHUB_CI=true RUST_BACKTRACE=1 cargo test --package monero-simple-request-rpc --lib
-          GITHUB_CI=true RUST_BACKTRACE=1 cargo test --package monero-address --lib
-          GITHUB_CI=true RUST_BACKTRACE=1 cargo test --package monero-wallet --lib
-          GITHUB_CI=true RUST_BACKTRACE=1 cargo test --package monero-seed --lib
-          GITHUB_CI=true RUST_BACKTRACE=1 cargo test --package polyseed --lib
-          GITHUB_CI=true RUST_BACKTRACE=1 cargo test --package monero-wallet-util --lib
-
-      # Doesn't run unit tests with features as the tests workflow will
-
-  integration-tests:
-    runs-on: ubuntu-latest
-    # Test against all supported protocol versions
-    strategy:
-      matrix:
-        version: [v0.17.3.2, v0.18.3.4]
-
-    steps:
-      - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac
-
-      - name: Test Dependencies
-        uses: ./.github/actions/test-dependencies
-        with:
-          monero-version: ${{ matrix.version }}
-
-      - name: Run Integration Tests Without Features
-        run: |
-          GITHUB_CI=true RUST_BACKTRACE=1 cargo test --package monero-serai --test '*'
-          GITHUB_CI=true RUST_BACKTRACE=1 cargo test --package monero-simple-request-rpc --test '*'
-          GITHUB_CI=true RUST_BACKTRACE=1 cargo test --package monero-wallet --test '*'
-          GITHUB_CI=true RUST_BACKTRACE=1 cargo test --package monero-wallet-util --test '*'
-
-      - name: Run Integration Tests
-        # Don't run if the the tests workflow also will
-        if: ${{ matrix.version != 'v0.18.3.4' }}
-        run: |
-          GITHUB_CI=true RUST_BACKTRACE=1 cargo test --package monero-serai --all-features --test '*'
-          GITHUB_CI=true RUST_BACKTRACE=1 cargo test --package monero-simple-request-rpc --test '*'
-          GITHUB_CI=true RUST_BACKTRACE=1 cargo test --package monero-wallet --all-features --test '*'
-          GITHUB_CI=true RUST_BACKTRACE=1 cargo test --package monero-wallet-util --all-features --test '*'
--- a/.github/workflows/msrv.yml
+++ b/.github/workflows/msrv.yml
@@ -1,259 +0,0 @@
-name: Weekly MSRV Check
-
-on:
-  schedule:
-    - cron: "0 0 * * 0"
-  workflow_dispatch:
-
-jobs:
-  msrv-common:
-    name: Run cargo msrv on common
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac
-
-      - name: Install Build Dependencies
-        uses: ./.github/actions/build-dependencies
-
-      - name: Install cargo msrv
-        run: cargo install --locked cargo-msrv
-
-      - name: Run cargo msrv on common
-        run: |
-          cargo msrv verify --manifest-path common/zalloc/Cargo.toml
-          cargo msrv verify --manifest-path common/std-shims/Cargo.toml
-          cargo msrv verify --manifest-path common/env/Cargo.toml
-          cargo msrv verify --manifest-path common/db/Cargo.toml
-          cargo msrv verify --manifest-path common/task/Cargo.toml
-          cargo msrv verify --manifest-path common/request/Cargo.toml
-          cargo msrv verify --manifest-path common/patchable-async-sleep/Cargo.toml
-
-  msrv-crypto:
-    name: Run cargo msrv on crypto
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac
-
-      - name: Install Build Dependencies
-        uses: ./.github/actions/build-dependencies
-
-      - name: Install cargo msrv
-        run: cargo install --locked cargo-msrv
-
-      - name: Run cargo msrv on crypto
-        run: |
-          cargo msrv verify --manifest-path crypto/transcript/Cargo.toml
-
-          cargo msrv verify --manifest-path crypto/ff-group-tests/Cargo.toml
-          cargo msrv verify --manifest-path crypto/dalek-ff-group/Cargo.toml
-          cargo msrv verify --manifest-path crypto/ed448/Cargo.toml
-
-          cargo msrv verify --manifest-path crypto/multiexp/Cargo.toml
-
-          cargo msrv verify --manifest-path crypto/dleq/Cargo.toml
-          cargo msrv verify --manifest-path crypto/ciphersuite/Cargo.toml
-          cargo msrv verify --manifest-path crypto/schnorr/Cargo.toml
-
-          cargo msrv verify --manifest-path crypto/evrf/generalized-bulletproofs/Cargo.toml
-          cargo msrv verify --manifest-path crypto/evrf/circuit-abstraction/Cargo.toml
-          cargo msrv verify --manifest-path crypto/evrf/divisors/Cargo.toml
-          cargo msrv verify --manifest-path crypto/evrf/ec-gadgets/Cargo.toml
-          cargo msrv verify --manifest-path crypto/evrf/embedwards25519/Cargo.toml
-          cargo msrv verify --manifest-path crypto/evrf/secq256k1/Cargo.toml
-
-          cargo msrv verify --manifest-path crypto/dkg/Cargo.toml
-          cargo msrv verify --manifest-path crypto/frost/Cargo.toml
-          cargo msrv verify --manifest-path crypto/schnorrkel/Cargo.toml
-
-  msrv-networks:
-    name: Run cargo msrv on networks
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac
-
-      - name: Install Build Dependencies
-        uses: ./.github/actions/build-dependencies
-
-      - name: Install cargo msrv
-        run: cargo install --locked cargo-msrv
-
-      - name: Run cargo msrv on networks
-        run: |
-          cargo msrv verify --manifest-path networks/bitcoin/Cargo.toml
-
-          cargo msrv verify --manifest-path networks/ethereum/build-contracts/Cargo.toml
-          cargo msrv verify --manifest-path networks/ethereum/schnorr/Cargo.toml
-          cargo msrv verify --manifest-path networks/ethereum/alloy-simple-request-transport/Cargo.toml
-          cargo msrv verify --manifest-path networks/ethereum/relayer/Cargo.toml --features parity-db
-
-          cargo msrv verify --manifest-path networks/monero/io/Cargo.toml
-          cargo msrv verify --manifest-path networks/monero/generators/Cargo.toml
-          cargo msrv verify --manifest-path networks/monero/primitives/Cargo.toml
-          cargo msrv verify --manifest-path networks/monero/ringct/mlsag/Cargo.toml
-          cargo msrv verify --manifest-path networks/monero/ringct/clsag/Cargo.toml
-          cargo msrv verify --manifest-path networks/monero/ringct/borromean/Cargo.toml
-          cargo msrv verify --manifest-path networks/monero/ringct/bulletproofs/Cargo.toml
-          cargo msrv verify --manifest-path networks/monero/Cargo.toml
-          cargo msrv verify --manifest-path networks/monero/rpc/Cargo.toml
-          cargo msrv verify --manifest-path networks/monero/rpc/simple-request/Cargo.toml
-          cargo msrv verify --manifest-path networks/monero/wallet/address/Cargo.toml
-          cargo msrv verify --manifest-path networks/monero/wallet/Cargo.toml
-          cargo msrv verify --manifest-path networks/monero/verify-chain/Cargo.toml
-
-  msrv-message-queue:
-    name: Run cargo msrv on message-queue
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac
-
-      - name: Install Build Dependencies
-        uses: ./.github/actions/build-dependencies
-
-      - name: Install cargo msrv
-        run: cargo install --locked cargo-msrv
-
-      - name: Run cargo msrv on message-queue
-        run: |
-          cargo msrv verify --manifest-path message-queue/Cargo.toml --features parity-db
-
-  msrv-processor:
-    name: Run cargo msrv on processor
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac
-
-      - name: Install Build Dependencies
-        uses: ./.github/actions/build-dependencies
-
-      - name: Install cargo msrv
-        run: cargo install --locked cargo-msrv
-
-      - name: Run cargo msrv on processor
-        run: |
-          cargo msrv verify --manifest-path processor/view-keys/Cargo.toml
-
-          cargo msrv verify --manifest-path processor/primitives/Cargo.toml
-          cargo msrv verify --manifest-path processor/messages/Cargo.toml
-
-          cargo msrv verify --manifest-path processor/scanner/Cargo.toml
-
-          cargo msrv verify --manifest-path processor/scheduler/primitives/Cargo.toml
-          cargo msrv verify --manifest-path processor/scheduler/smart-contract/Cargo.toml
-          cargo msrv verify --manifest-path processor/scheduler/utxo/primitives/Cargo.toml
-          cargo msrv verify --manifest-path processor/scheduler/utxo/standard/Cargo.toml
-          cargo msrv verify --manifest-path processor/scheduler/utxo/transaction-chaining/Cargo.toml
-
-          cargo msrv verify --manifest-path processor/key-gen/Cargo.toml
-          cargo msrv verify --manifest-path processor/frost-attempt-manager/Cargo.toml
-          cargo msrv verify --manifest-path processor/signers/Cargo.toml
-          cargo msrv verify --manifest-path processor/bin/Cargo.toml --features parity-db
-
-          cargo msrv verify --manifest-path processor/bitcoin/Cargo.toml
-
-          cargo msrv verify --manifest-path processor/ethereum/primitives/Cargo.toml
-          cargo msrv verify --manifest-path processor/ethereum/test-primitives/Cargo.toml
-          cargo msrv verify --manifest-path processor/ethereum/erc20/Cargo.toml
-          cargo msrv verify --manifest-path processor/ethereum/deployer/Cargo.toml
-          cargo msrv verify --manifest-path processor/ethereum/router/Cargo.toml
-          cargo msrv verify --manifest-path processor/ethereum/Cargo.toml
-
-          cargo msrv verify --manifest-path processor/monero/Cargo.toml
-
-  msrv-coordinator:
-    name: Run cargo msrv on coordinator
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac
-
-      - name: Install Build Dependencies
-        uses: ./.github/actions/build-dependencies
-
-      - name: Install cargo msrv
-        run: cargo install --locked cargo-msrv
-
-      - name: Run cargo msrv on coordinator
-        run: |
-          cargo msrv verify --manifest-path coordinator/tributary-sdk/tendermint/Cargo.toml
-          cargo msrv verify --manifest-path coordinator/tributary-sdk/Cargo.toml
-          cargo msrv verify --manifest-path coordinator/cosign/Cargo.toml
-          cargo msrv verify --manifest-path coordinator/substrate/Cargo.toml
-          cargo msrv verify --manifest-path coordinator/tributary/Cargo.toml
-          cargo msrv verify --manifest-path coordinator/p2p/Cargo.toml
-          cargo msrv verify --manifest-path coordinator/p2p/libp2p/Cargo.toml
-          cargo msrv verify --manifest-path coordinator/Cargo.toml
-
-  msrv-substrate:
-    name: Run cargo msrv on substrate
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac
-
-      - name: Install Build Dependencies
-        uses: ./.github/actions/build-dependencies
-
-      - name: Install cargo msrv
-        run: cargo install --locked cargo-msrv
-
-      - name: Run cargo msrv on substrate
-        run: |
-          cargo msrv verify --manifest-path substrate/primitives/Cargo.toml
-
-          cargo msrv verify --manifest-path substrate/coins/primitives/Cargo.toml
-          cargo msrv verify --manifest-path substrate/coins/pallet/Cargo.toml
-
-          cargo msrv verify --manifest-path substrate/dex/pallet/Cargo.toml
-
-          cargo msrv verify --manifest-path substrate/economic-security/pallet/Cargo.toml
-
-          cargo msrv verify --manifest-path substrate/genesis-liquidity/primitives/Cargo.toml
-          cargo msrv verify --manifest-path substrate/genesis-liquidity/pallet/Cargo.toml
-
-          cargo msrv verify --manifest-path substrate/in-instructions/primitives/Cargo.toml
-          cargo msrv verify --manifest-path substrate/in-instructions/pallet/Cargo.toml
-
-          cargo msrv verify --manifest-path substrate/validator-sets/pallet/Cargo.toml
-          cargo msrv verify --manifest-path substrate/validator-sets/primitives/Cargo.toml
-
-          cargo msrv verify --manifest-path substrate/emissions/primitives/Cargo.toml
-          cargo msrv verify --manifest-path substrate/emissions/pallet/Cargo.toml
-
-          cargo msrv verify --manifest-path substrate/signals/primitives/Cargo.toml
-          cargo msrv verify --manifest-path substrate/signals/pallet/Cargo.toml
-
-          cargo msrv verify --manifest-path substrate/abi/Cargo.toml
-          cargo msrv verify --manifest-path substrate/client/Cargo.toml
-
-          cargo msrv verify --manifest-path substrate/runtime/Cargo.toml
-          cargo msrv verify --manifest-path substrate/node/Cargo.toml
-
-  msrv-orchestration:
-    name: Run cargo msrv on orchestration
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac
-
-      - name: Install Build Dependencies
-        uses: ./.github/actions/build-dependencies
-
-      - name: Install cargo msrv
-        run: cargo install --locked cargo-msrv
-
-      - name: Run cargo msrv on message-queue
-        run: |
-          cargo msrv verify --manifest-path orchestration/Cargo.toml
-
-  msrv-mini:
-    name: Run cargo msrv on mini
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac
-
-      - name: Install Build Dependencies
-        uses: ./.github/actions/build-dependencies
-
-      - name: Install cargo msrv
-        run: cargo install --locked cargo-msrv
-
-      - name: Run cargo msrv on mini
-        run: |
-          cargo msrv verify --manifest-path mini/Cargo.toml
--- a/.github/workflows/networks-tests.yml
+++ b/.github/workflows/networks-tests.yml
@@ -34,19 +34,3 @@ jobs:
            -p ethereum-schnorr-contract \
            -p alloy-simple-request-transport \
            -p serai-ethereum-relayer \
-            -p monero-io \
-            -p monero-generators \
-            -p monero-primitives \
-            -p monero-mlsag \
-            -p monero-clsag \
-            -p monero-borromean \
-            -p monero-bulletproofs \
-            -p monero-serai \
-            -p monero-rpc \
-            -p monero-simple-request-rpc \
-            -p monero-address \
-            -p monero-wallet \
-            -p monero-seed \
-            -p polyseed \
-            -p monero-wallet-util \
-            -p monero-serai-verify-chain
--- a/.github/workflows/no-std.yml
+++ b/.github/workflows/no-std.yml
@@ -28,8 +28,18 @@ jobs:
      - name: Install Build Dependencies
        uses: ./.github/actions/build-dependencies

+      - name: Get nightly version to use
+        id: nightly
+        shell: bash
+        run: echo "version=$(cat .github/nightly-version)" >> $GITHUB_OUTPUT
+
      - name: Install RISC-V Toolchain
-        run: sudo apt update && sudo apt install -y gcc-riscv64-unknown-elf gcc-multilib && rustup target add riscv32imac-unknown-none-elf
+        run: |
+          sudo apt update
+          sudo apt install -y gcc-riscv64-unknown-elf gcc-multilib
+          rustup toolchain install ${{ steps.nightly.outputs.version }} --profile minimal --component rust-src --target riscv32imac-unknown-none-elf

      - name: Verify no-std builds
-        run: CFLAGS=-I/usr/include cargo build --target riscv32imac-unknown-none-elf -p serai-no-std-tests
+        run: |
+          CFLAGS=-I/usr/include cargo +${{ steps.nightly.outputs.version }} build --target riscv32imac-unknown-none-elf -Z build-std=core -p serai-no-std-tests
+          CFLAGS=-I/usr/include cargo +${{ steps.nightly.outputs.version }} build --target riscv32imac-unknown-none-elf -Z build-std=core,alloc -p serai-no-std-tests --features "alloc"
--- a/.github/workflows/pages.yml
+++ b/.github/workflows/pages.yml
@@ -1,6 +1,7 @@
 # MIT License
 #
 # Copyright (c) 2022 just-the-docs
+# Copyright (c) 2022-2024 Luke Parker
 #
 # Permission is hereby granted, free of charge, to any person obtaining a copy
 # of this software and associated documentation files (the "Software"), to deal
@@ -20,31 +21,21 @@
 # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 # SOFTWARE.

-# This workflow uses actions that are not certified by GitHub.
-# They are provided by a third-party and are governed by
-# separate terms of service, privacy policy, and support
-# documentation.
-
-# Sample workflow for building and deploying a Jekyll site to GitHub Pages
-name: Deploy Jekyll site to Pages
+name: Deploy Rust docs and Jekyll site to Pages

 on:
  push:
    branches:
      - "develop"
-    paths:
-      - "docs/**"

-  # Allows you to run this workflow manually from the Actions tab
  workflow_dispatch:

-# Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages
 permissions:
  contents: read
  pages: write
  id-token: write

-# Allow one concurrent deployment
+# Only allow one concurrent deployment
 concurrency:
  group: "pages"
  cancel-in-progress: true
@@ -53,27 +44,37 @@ jobs:
  # Build job
  build:
    runs-on: ubuntu-latest
-    defaults:
-      run:
-        working-directory: docs
    steps:
      - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac
      - name: Setup Ruby
-        uses: ruby/setup-ruby@v1
+        uses: ruby/setup-ruby@44511735964dcb71245e7e55f72539531f7bc0eb
        with:
          bundler-cache: true
          cache-version: 0
          working-directory: "${{ github.workspace }}/docs"
      - name: Setup Pages
        id: pages
-        uses: actions/configure-pages@v3
+        uses: actions/configure-pages@983d7736d9b0ae728b81ab479565c72886d7745b
      - name: Build with Jekyll
-        run: bundle exec jekyll build --baseurl "${{ steps.pages.outputs.base_path }}"
+        run: cd ${{ github.workspace }}/docs && bundle exec jekyll build --baseurl "${{ steps.pages.outputs.base_path }}"
        env:
          JEKYLL_ENV: production
+
+      - name: Get nightly version to use
+        id: nightly
+        shell: bash
+        run: echo "version=$(cat .github/nightly-version)" >> $GITHUB_OUTPUT
+      - name: Build Dependencies
+        uses: ./.github/actions/build-dependencies
+      - name: Buld Rust docs
+        run: |
+          rustup toolchain install ${{ steps.nightly.outputs.version }} --profile minimal -t wasm32v1-none -c rust-docs -c rust-src
+          RUSTDOCFLAGS="--cfg docsrs" cargo +${{ steps.nightly.outputs.version }} doc --workspace --all-features
+          mv target/doc docs/_site/rust
+
      - name: Upload artifact
-        uses: actions/upload-pages-artifact@v1
+        uses: actions/upload-pages-artifact@7b1f4a764d45c48632c6b24a0339c27f5614fb0b
        with:
          path: "docs/_site/"

@@ -87,4 +88,4 @@ jobs:
    steps:
      - name: Deploy to GitHub Pages
        id: deployment
-        uses: actions/deploy-pages@v2
+        uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -61,6 +61,7 @@ jobs:
            -p serai-monero-processor \
            -p tendermint-machine \
            -p tributary-sdk \
+            -p serai-cosign-types \
            -p serai-cosign \
            -p serai-coordinator-substrate \
            -p serai-coordinator-tributary \
--- a/Cargo.lock
+++ b/Cargo.lock
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,20 +1,17 @@
 [workspace]
 resolver = "2"
 members = [
-  # Version patches
-  "patches/parking_lot_core",
-  "patches/parking_lot",
-  "patches/zstd",
-  "patches/rocksdb",
-
-  # std patches
-  "patches/matches",
-  "patches/is-terminal",
-
  # Rewrites/redirects
  "patches/option-ext",
  "patches/directories-next",

+  # monero-oxide expects `ciphersuite`, yet the `ciphersuite` in-tree here has breaking changes
+  # This re-exports the in-tree `ciphersuite` _without_ changes breaking to monero-oxide
+  # Not included in workspace to prevent having two crates with the same name (an error)
+  # "patches/ciphersuite",
+  # Same for `dalek-ff-group`
+  # "patches/dalek-ff-group",
+
  "common/std-shims",
  "common/zalloc",
  "common/patchable-async-sleep",
@@ -29,19 +26,21 @@ members = [
  "crypto/dalek-ff-group",
  "crypto/ed448",
  "crypto/ciphersuite",
+  "crypto/ciphersuite/kp256",

  "crypto/multiexp",
  "crypto/schnorr",
-  "crypto/dleq",

-  "crypto/evrf/secq256k1",
-  "crypto/evrf/embedwards25519",
-  "crypto/evrf/generalized-bulletproofs",
-  "crypto/evrf/circuit-abstraction",
-  "crypto/evrf/divisors",
-  "crypto/evrf/ec-gadgets",
+  "crypto/prime-field",
+  "crypto/short-weierstrass",
+  "crypto/secq256k1",
+  "crypto/embedwards25519",

  "crypto/dkg",
+  "crypto/dkg/recovery",
+  "crypto/dkg/dealer",
+  "crypto/dkg/musig",
+  "crypto/dkg/evrf",
  "crypto/frost",
  "crypto/schnorrkel",

@@ -52,23 +51,6 @@ members = [
  "networks/ethereum/alloy-simple-request-transport",
  "networks/ethereum/relayer",

-  "networks/monero/io",
-  "networks/monero/generators",
-  "networks/monero/primitives",
-  "networks/monero/ringct/mlsag",
-  "networks/monero/ringct/clsag",
-  "networks/monero/ringct/borromean",
-  "networks/monero/ringct/bulletproofs",
-  "networks/monero",
-  "networks/monero/rpc",
-  "networks/monero/rpc/simple-request",
-  "networks/monero/wallet/address",
-  "networks/monero/wallet",
-  "networks/monero/wallet/seed",
-  "networks/monero/wallet/polyseed",
-  "networks/monero/wallet/util",
-  "networks/monero/verify-chain",
-
  "message-queue",

  "processor/messages",
@@ -98,6 +80,7 @@ members = [

  "coordinator/tributary-sdk/tendermint",
  "coordinator/tributary-sdk",
+  "coordinator/cosign/types",
  "coordinator/cosign",
  "coordinator/substrate",
  "coordinator/tributary",
@@ -106,31 +89,17 @@ members = [
  "coordinator",

  "substrate/primitives",
-
-  "substrate/coins/primitives",
-  "substrate/coins/pallet",
-
-  "substrate/dex/pallet",
-
-  "substrate/validator-sets/primitives",
-  "substrate/validator-sets/pallet",
-
-  "substrate/genesis-liquidity/primitives",
-  "substrate/genesis-liquidity/pallet",
-
-  "substrate/emissions/primitives",
-  "substrate/emissions/pallet",
-
-  "substrate/economic-security/pallet",
-
-  "substrate/in-instructions/primitives",
-  "substrate/in-instructions/pallet",
-
-  "substrate/signals/primitives",
-  "substrate/signals/pallet",
-
  "substrate/abi",

+  "substrate/coins",
+  "substrate/validator-sets",
+  "substrate/signals",
+  "substrate/dex",
+  "substrate/genesis-liquidity",
+  "substrate/economic-security",
+  "substrate/emissions",
+  "substrate/in-instructions",
+
  "substrate/runtime",
  "substrate/node",

@@ -144,62 +113,76 @@ members = [

  "tests/docker",
  "tests/message-queue",
-  "tests/processor",
-  "tests/coordinator",
-  "tests/full-stack",
+  # TODO "tests/processor",
+  # TODO "tests/coordinator",
+  # TODO "tests/full-stack",
  "tests/reproducible-runtime",
 ]

+[profile.dev.package]
 # Always compile Monero (and a variety of dependencies) with optimizations due
 # to the extensive operations required for Bulletproofs
-[profile.dev.package]
 subtle = { opt-level = 3 }

+sha3 = { opt-level = 3 }
+blake2 = { opt-level = 3 }
+
 ff = { opt-level = 3 }
 group = { opt-level = 3 }

 crypto-bigint = { opt-level = 3 }
-secp256k1 = { opt-level = 3 }
 curve25519-dalek = { opt-level = 3 }
 dalek-ff-group = { opt-level = 3 }
-minimal-ed448 = { opt-level = 3 }

 multiexp = { opt-level = 3 }

-secq256k1 = { opt-level = 3 }
-embedwards25519 = { opt-level = 3 }
-generalized-bulletproofs = { opt-level = 3 }
-generalized-bulletproofs-circuit-abstraction = { opt-level = 3 }
-ec-divisors = { opt-level = 3 }
-generalized-bulletproofs-ec-gadgets = { opt-level = 3 }
-
-dkg = { opt-level = 3 }
-
 monero-generators = { opt-level = 3 }
 monero-borromean = { opt-level = 3 }
 monero-bulletproofs = { opt-level = 3 }
 monero-mlsag = { opt-level = 3 }
 monero-clsag = { opt-level = 3 }
+monero-oxide = { opt-level = 3 }
+
+# Always compile the eVRF DKG tree with optimizations as well
+secp256k1 = { opt-level = 3 }
+secq256k1 = { opt-level = 3 }
+embedwards25519 = { opt-level = 3 }
+generalized-bulletproofs = { opt-level = 3 }
+generalized-bulletproofs-circuit-abstraction = { opt-level = 3 }
+generalized-bulletproofs-ec-gadgets = { opt-level = 3 }
+
+# revm also effectively requires being built with optimizations
+revm = { opt-level = 3 }
+revm-bytecode = { opt-level = 3 }
+revm-context = { opt-level = 3 }
+revm-context-interface = { opt-level = 3 }
+revm-database = { opt-level = 3 }
+revm-database-interface = { opt-level = 3 }
+revm-handler = { opt-level = 3 }
+revm-inspector = { opt-level = 3 }
+revm-interpreter = { opt-level = 3 }
+revm-precompile = { opt-level = 3 }
+revm-primitives = { opt-level = 3 }
+revm-state = { opt-level = 3 }

 [profile.release]
 panic = "unwind"
+overflow-checks = true

 [patch.crates-io]
+# Dependencies from monero-oxide which originate from within our own tree
+std-shims = { path = "common/std-shims" }
+simple-request = { path = "common/request" }
+multiexp = { path = "crypto/multiexp" }
+flexible-transcript = { path = "crypto/transcript" }
+ciphersuite = { path = "patches/ciphersuite" }
+dalek-ff-group = { path = "patches/dalek-ff-group" }
+minimal-ed448 = { path = "crypto/ed448" }
+modular-frost = { path = "crypto/frost" }
+
 # https://github.com/rust-lang-nursery/lazy-static.rs/issues/201
 lazy_static = { git = "https://github.com/rust-lang-nursery/lazy-static.rs", rev = "5735630d46572f1e5377c8f2ba0f79d18f53b10c" }

-parking_lot_core = { path = "patches/parking_lot_core" }
-parking_lot = { path = "patches/parking_lot" }
-# wasmtime pulls in an old version for this
-zstd = { path = "patches/zstd" }
-# Needed for WAL compression
-rocksdb = { path = "patches/rocksdb" }
-
-# is-terminal now has an std-based solution with an equivalent API
-is-terminal = { path = "patches/is-terminal" }
-# So does matches
-matches = { path = "patches/matches" }
-
 # directories-next was created because directories was unmaintained
 # directories-next is now unmaintained while directories is maintained
 # The directories author pulls in ridiculously pointless crates and prefers
@@ -208,12 +191,19 @@ matches = { path = "patches/matches" }
 option-ext = { path = "patches/option-ext" }
 directories-next = { path = "patches/directories-next" }

-# The official pasta_curves repo doesn't support Zeroize
-pasta_curves = { git = "https://github.com/kayabaNerve/pasta_curves", rev = "a46b5be95cacbff54d06aad8d3bbcba42e05d616" }
+# Patch to include `FromUniformBytes<64>` over Scalar
+k256 = { git = "https://github.com/kayabaNerve/elliptic-curves", rev = "4994c9ab163781a88cd4a49beae812a89a44e8c3" }
+p256 = { git = "https://github.com/kayabaNerve/elliptic-curves", rev = "4994c9ab163781a88cd4a49beae812a89a44e8c3" }
+
+# Patch due to `std` now including the required functionality
+is_terminal_polyfill = { path = "./patches/is_terminal_polyfill" }

 [workspace.lints.clippy]
+incompatible_msrv = "allow" # Manually verified with a GitHub workflow
+manual_is_multiple_of = "allow"
 unwrap_or_default = "allow"
 map_unwrap_or = "allow"
+needless_continue = "allow"
 borrow_as_ptr = "deny"
 cast_lossless = "deny"
 cast_possible_truncation = "deny"
@@ -244,7 +234,6 @@ manual_string_new = "deny"
 match_bool = "deny"
 match_same_arms = "deny"
 missing_fields_in_debug = "deny"
-needless_continue = "deny"
 needless_pass_by_value = "deny"
 ptr_cast_constness = "deny"
 range_minus_one = "deny"
--- a/2
+++ b/2
@@ -5,4 +5,4 @@ a full copy of the AGPL-3.0 License is included in the root of this repository
 as a reference text. This copy should be provided with any distribution of a
 crate licensed under the AGPL-3.0, as per its terms.

-The GitHub actions (`.github/actions`) are licensed under the MIT license.
+The GitHub actions/workflows (`.github`) are licensed under the MIT license.
--- a/README.md
+++ b/README.md
@@ -59,7 +59,6 @@ issued at the discretion of the Immunefi program managers.
 - [Website](https://serai.exchange/): https://serai.exchange/
 - [Immunefi](https://immunefi.com/bounty/serai/): https://immunefi.com/bounty/serai/
 - [Twitter](https://twitter.com/SeraiDEX): https://twitter.com/SeraiDEX
- [Mastodon](https://cryptodon.lol/@serai): https://cryptodon.lol/@serai
 - [Discord](https://discord.gg/mpEUtJR3vz): https://discord.gg/mpEUtJR3vz
 - [Matrix](https://matrix.to/#/#serai:matrix.org): https://matrix.to/#/#serai:matrix.org
 - [Reddit](https://www.reddit.com/r/SeraiDEX/): https://www.reddit.com/r/SeraiDEX/
--- a/2025/README.md
+++ b/2025/README.md
@@ -0,0 +1,14 @@
+# Trail of Bits Ethereum Contracts Audit, June 2025
+
+This audit included:
+-  Our Schnorr contract and associated library (/networks/ethereum/schnorr)
+-  Our Ethereum primitives library (/processor/ethereum/primitives)
+-  Our Deployer contract and associated library (/processor/ethereum/deployer)
+-  Our ERC20 library (/processor/ethereum/erc20)
+-  Our Router contract and associated library (/processor/ethereum/router)
+
+It is encompassing up to commit 4e0c58464fc4673623938335f06e2e9ea96ca8dd.
+
+Please see
+https://github.com/trailofbits/publications/blob/30c4fa3ebf39ff8e4d23ba9567344ec9691697b5/reviews/2025-04-serai-dex-security-review.pdf
+for the actual report.
--- a/common/db/Cargo.toml
+++ b/common/db/Cargo.toml
@@ -7,7 +7,7 @@ repository = "https://github.com/serai-dex/serai/tree/develop/common/db"
 authors = ["Luke Parker <lukeparker5132@gmail.com>"]
 keywords = []
 edition = "2021"
-rust-version = "1.71"
+rust-version = "1.65"

 [package.metadata.docs.rs]
 all-features = true
@@ -17,8 +17,8 @@ rustdoc-args = ["--cfg", "docsrs"]
 workspace = true

 [dependencies]
-parity-db = { version = "0.4", default-features = false, optional = true }
-rocksdb = { version = "0.23", default-features = false, features = ["zstd"], optional = true }
+parity-db = { version = "0.5", default-features = false, features = ["arc"], optional = true }
+rocksdb = { version = "0.24", default-features = false, features = ["zstd"], optional = true }

 [features]
 parity-db = ["dep:parity-db"]
--- a/common/db/LICENSE
+++ b/common/db/LICENSE
@@ -1,6 +1,6 @@
 MIT License

-Copyright (c) 2022-2023 Luke Parker
+Copyright (c) 2022-2025 Luke Parker

 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
--- a/common/db/src/create_db.rs
+++ b/common/db/src/create_db.rs
@@ -15,7 +15,7 @@ pub fn serai_db_key(
 ///
 /// Creates a unit struct and a default implementation for the `key`, `get`, and `set`. The macro
 /// uses a syntax similar to defining a function. Parameters are concatenated to produce a key,
-/// they must be `scale` encodable. The return type is used to auto encode and decode the database
+/// they must be `borsh` serializable. The return type is used to auto (de)serialize the database
 /// value bytes using `borsh`.
 ///
 /// # Arguments
@@ -54,11 +54,10 @@ macro_rules! create_db {
      )?;
      impl$(<$($generic_name: $generic_type),+>)? $field_name$(<$($generic_name),+>)? {
        pub(crate) fn key($($arg: $arg_type),*) -> Vec<u8> {
-          use scale::Encode;
          $crate::serai_db_key(
            stringify!($db_name).as_bytes(),
            stringify!($field_name).as_bytes(),
-            ($($arg),*).encode()
+            &borsh::to_vec(&($($arg),*)).unwrap(),
          )
        }
        pub(crate) fn set(
--- a/common/db/src/lib.rs
+++ b/common/db/src/lib.rs
@@ -30,53 +30,13 @@ pub trait Get {
 /// is undefined. The transaction may block, deadlock, panic, overwrite one of the two values
 /// randomly, or any other action, at time of write or at time of commit.
 #[must_use]
-pub trait DbTxn: Sized + Send + Get {
+pub trait DbTxn: Send + Get {
  /// Write a value to this key.
  fn put(&mut self, key: impl AsRef<[u8]>, value: impl AsRef<[u8]>);
  /// Delete the value from this key.
  fn del(&mut self, key: impl AsRef<[u8]>);
  /// Commit this transaction.
  fn commit(self);
-  /// Close this transaction.
-  ///
-  /// This is equivalent to `Drop` on transactions which can be dropped. This is explicit and works
-  /// with transactions which can't be dropped.
-  fn close(self) {
-    drop(self);
-  }
-}
-
-// Credit for the idea goes to https://jack.wrenn.fyi/blog/undroppable
-pub struct Undroppable<T>(Option<T>);
-impl<T> Drop for Undroppable<T> {
-  fn drop(&mut self) {
-    // Use an assertion at compile time to prevent this code from compiling if generated
-    #[allow(clippy::assertions_on_constants)]
-    const {
-      assert!(false, "Undroppable DbTxn was dropped. Ensure all code paths call commit or close");
-    }
-  }
-}
-impl<T: DbTxn> Get for Undroppable<T> {
-  fn get(&self, key: impl AsRef<[u8]>) -> Option<Vec<u8>> {
-    self.0.as_ref().unwrap().get(key)
-  }
-}
-impl<T: DbTxn> DbTxn for Undroppable<T> {
-  fn put(&mut self, key: impl AsRef<[u8]>, value: impl AsRef<[u8]>) {
-    self.0.as_mut().unwrap().put(key, value);
-  }
-  fn del(&mut self, key: impl AsRef<[u8]>) {
-    self.0.as_mut().unwrap().del(key);
-  }
-  fn commit(mut self) {
-    self.0.take().unwrap().commit();
-    let _ = core::mem::ManuallyDrop::new(self);
-  }
-  fn close(mut self) {
-    drop(self.0.take().unwrap());
-    let _ = core::mem::ManuallyDrop::new(self);
-  }
 }

 /// A database supporting atomic transaction.
@@ -91,10 +51,6 @@ pub trait Db: 'static + Send + Sync + Clone + Get {
    let dst_len = u8::try_from(item_dst.len()).unwrap();
    [[db_len].as_ref(), db_dst, [dst_len].as_ref(), item_dst, key.as_ref()].concat()
  }
-  /// Open a new transaction which may be dropped.
-  fn unsafe_txn(&mut self) -> Self::Transaction<'_>;
-  /// Open a new transaction which must be committed or closed.
-  fn txn(&mut self) -> Undroppable<Self::Transaction<'_>> {
-    Undroppable(Some(self.unsafe_txn()))
-  }
+  /// Open a new transaction.
+  fn txn(&mut self) -> Self::Transaction<'_>;
 }
--- a/common/db/src/mem.rs
+++ b/common/db/src/mem.rs
@@ -74,7 +74,7 @@ impl Get for MemDb {
 }
 impl Db for MemDb {
  type Transaction<'a> = MemDbTxn<'a>;
-  fn unsafe_txn(&mut self) -> MemDbTxn<'_> {
+  fn txn(&mut self) -> MemDbTxn<'_> {
    MemDbTxn(self, HashMap::new(), HashSet::new())
  }
 }
--- a/common/db/src/parity_db.rs
+++ b/common/db/src/parity_db.rs
@@ -37,7 +37,7 @@ impl Get for Arc<ParityDb> {
 }
 impl Db for Arc<ParityDb> {
  type Transaction<'a> = Transaction<'a>;
-  fn unsafe_txn(&mut self) -> Self::Transaction<'_> {
+  fn txn(&mut self) -> Self::Transaction<'_> {
    Transaction(self, vec![])
  }
 }
--- a/common/db/src/rocks.rs
+++ b/common/db/src/rocks.rs
@@ -39,7 +39,7 @@ impl<T: ThreadMode> Get for Arc<OptimisticTransactionDB<T>> {
 }
 impl<T: Send + ThreadMode + 'static> Db for Arc<OptimisticTransactionDB<T>> {
  type Transaction<'a> = Transaction<'a, T>;
-  fn unsafe_txn(&mut self) -> Self::Transaction<'_> {
+  fn txn(&mut self) -> Self::Transaction<'_> {
    let mut opts = WriteOptions::default();
    opts.set_sync(true);
    Transaction(self.transaction_opt(&opts, &Default::default()), &**self)
--- a/common/env/Cargo.toml
+++ b/common/env/Cargo.toml
@@ -7,7 +7,7 @@ repository = "https://github.com/serai-dex/serai/tree/develop/common/env"
 authors = ["Luke Parker <lukeparker5132@gmail.com>"]
 keywords = []
 edition = "2021"
-rust-version = "1.71"
+rust-version = "1.64"

 [package.metadata.docs.rs]
 all-features = true
--- a/common/env/LICENSE
+++ b/common/env/LICENSE
@@ -1,6 +1,6 @@
 AGPL-3.0-only license

-Copyright (c) 2023 Luke Parker
+Copyright (c) 2023-2025 Luke Parker

 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU Affero General Public License Version 3 as
--- a/common/patchable-async-sleep/Cargo.toml
+++ b/common/patchable-async-sleep/Cargo.toml
@@ -7,7 +7,7 @@ repository = "https://github.com/serai-dex/serai/tree/develop/common/patchable-a
 authors = ["Luke Parker <lukeparker5132@gmail.com>"]
 keywords = ["async", "sleep", "tokio", "smol", "async-std"]
 edition = "2021"
-rust-version = "1.71"
+rust-version = "1.70"

 [package.metadata.docs.rs]
 all-features = true
--- a/common/patchable-async-sleep/LICENSE
+++ b/common/patchable-async-sleep/LICENSE
@@ -1,6 +1,6 @@
 MIT License

-Copyright (c) 2024 Luke Parker
+Copyright (c) 2024-2025 Luke Parker

 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
--- a/common/request/LICENSE
+++ b/common/request/LICENSE
@@ -1,6 +1,6 @@
 MIT License

-Copyright (c) 2023 Luke Parker
+Copyright (c) 2023-2025 Luke Parker

 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
--- a/common/request/src/response.rs
+++ b/common/request/src/response.rs
@@ -11,7 +11,7 @@ use crate::{Client, Error};
 #[allow(dead_code)]
 #[derive(Debug)]
 pub struct Response<'a>(pub(crate) hyper::Response<Incoming>, pub(crate) &'a Client);
-impl<'a> Response<'a> {
+impl Response<'_> {
  pub fn status(&self) -> StatusCode {
    self.0.status()
  }
--- a/common/std-shims/Cargo.toml
+++ b/common/std-shims/Cargo.toml
@@ -1,13 +1,13 @@
 [package]
 name = "std-shims"
-version = "0.1.1"
+version = "0.1.4"
 description = "A series of std shims to make alloc more feasible"
 license = "MIT"
 repository = "https://github.com/serai-dex/serai/tree/develop/common/std-shims"
 authors = ["Luke Parker <lukeparker5132@gmail.com>"]
 keywords = ["nostd", "no_std", "alloc", "io"]
 edition = "2021"
-rust-version = "1.80"
+rust-version = "1.65"

 [package.metadata.docs.rs]
 all-features = true
@@ -17,8 +17,9 @@ rustdoc-args = ["--cfg", "docsrs"]
 workspace = true

 [dependencies]
-spin = { version = "0.9", default-features = false, features = ["use_ticket_mutex", "lazy"] }
-hashbrown = { version = "0.15", default-features = false, features = ["default-hasher", "inline-more"] }
+rustversion = { version = "1", default-features = false }
+spin = { version = "0.10", default-features = false, features = ["use_ticket_mutex", "once", "lazy"] }
+hashbrown = { version = "0.16", default-features = false, features = ["default-hasher", "inline-more"] }

 [features]
 std = []
--- a/common/std-shims/LICENSE
+++ b/common/std-shims/LICENSE
@@ -1,6 +1,6 @@
 MIT License

-Copyright (c) 2023 Luke Parker
+Copyright (c) 2023-2025 Luke Parker

 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
--- a/common/std-shims/README.md
+++ b/common/std-shims/README.md
@@ -3,4 +3,9 @@
 A crate which passes through to std when the default `std` feature is enabled,
 yet provides a series of shims when it isn't.

-`HashSet` and `HashMap` are provided via `hashbrown`.
+No guarantee of one-to-one parity is provided. The shims provided aim to be sufficient for the
+average case.
+
+`HashSet` and `HashMap` are provided via `hashbrown`. Synchronization primitives are provided via
+`spin` (avoiding a requirement on `critical-section`).
+types are not guaranteed to be
--- a/common/std-shims/src/lib.rs
+++ b/common/std-shims/src/lib.rs
@@ -11,3 +11,64 @@ pub mod io;
 pub use alloc::vec;
 pub use alloc::str;
 pub use alloc::string;
+
+pub mod prelude {
+  #[rustversion::before(1.73)]
+  #[doc(hidden)]
+  pub trait StdShimsDivCeil {
+    fn div_ceil(self, rhs: Self) -> Self;
+  }
+  #[rustversion::before(1.73)]
+  mod impl_divceil {
+    use super::StdShimsDivCeil;
+    impl StdShimsDivCeil for u8 {
+      fn div_ceil(self, rhs: Self) -> Self {
+        (self + (rhs - 1)) / rhs
+      }
+    }
+    impl StdShimsDivCeil for u16 {
+      fn div_ceil(self, rhs: Self) -> Self {
+        (self + (rhs - 1)) / rhs
+      }
+    }
+    impl StdShimsDivCeil for u32 {
+      fn div_ceil(self, rhs: Self) -> Self {
+        (self + (rhs - 1)) / rhs
+      }
+    }
+    impl StdShimsDivCeil for u64 {
+      fn div_ceil(self, rhs: Self) -> Self {
+        (self + (rhs - 1)) / rhs
+      }
+    }
+    impl StdShimsDivCeil for u128 {
+      fn div_ceil(self, rhs: Self) -> Self {
+        (self + (rhs - 1)) / rhs
+      }
+    }
+    impl StdShimsDivCeil for usize {
+      fn div_ceil(self, rhs: Self) -> Self {
+        (self + (rhs - 1)) / rhs
+      }
+    }
+  }
+
+  #[cfg(feature = "std")]
+  #[rustversion::before(1.74)]
+  #[doc(hidden)]
+  pub trait StdShimsIoErrorOther {
+    fn other<E>(error: E) -> Self
+    where
+      E: Into<Box<dyn std::error::Error + Send + Sync>>;
+  }
+  #[cfg(feature = "std")]
+  #[rustversion::before(1.74)]
+  impl StdShimsIoErrorOther for std::io::Error {
+    fn other<E>(error: E) -> Self
+    where
+      E: Into<Box<dyn std::error::Error + Send + Sync>>,
+    {
+      std::io::Error::new(std::io::ErrorKind::Other, error)
+    }
+  }
+}
--- a/common/std-shims/src/sync.rs
+++ b/common/std-shims/src/sync.rs
@@ -25,7 +25,11 @@ mod mutex_shim {
 }
 pub use mutex_shim::{ShimMutex as Mutex, MutexGuard};

-#[cfg(feature = "std")]
-pub use std::sync::LazyLock;
 #[cfg(not(feature = "std"))]
 pub use spin::Lazy as LazyLock;
+#[rustversion::before(1.80)]
+#[cfg(feature = "std")]
+pub use spin::Lazy as LazyLock;
+#[rustversion::since(1.80)]
+#[cfg(feature = "std")]
+pub use std::sync::LazyLock;
--- a/common/task/LICENSE
+++ b/common/task/LICENSE
@@ -1,6 +1,6 @@
 AGPL-3.0-only license

-Copyright (c) 2022-2024 Luke Parker
+Copyright (c) 2022-2025 Luke Parker

 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU Affero General Public License Version 3 as
--- a/common/zalloc/Cargo.toml
+++ b/common/zalloc/Cargo.toml
@@ -7,7 +7,9 @@ repository = "https://github.com/serai-dex/serai/tree/develop/common/zalloc"
 authors = ["Luke Parker <lukeparker5132@gmail.com>"]
 keywords = []
 edition = "2021"
-rust-version = "1.77"
+# This must be specified with the patch version, else Rust believes `1.77` < `1.77.0` and will
+# refuse to compile due to relying on versions introduced with `1.77.0`
+rust-version = "1.77.0"

 [package.metadata.docs.rs]
 all-features = true
--- a/common/zalloc/LICENSE
+++ b/common/zalloc/LICENSE
@@ -1,6 +1,6 @@
 MIT License

-Copyright (c) 2022-2023 Luke Parker
+Copyright (c) 2022-2025 Luke Parker

 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
--- a/coordinator/Cargo.toml
+++ b/coordinator/Cargo.toml
@@ -8,7 +8,6 @@ authors = ["Luke Parker <lukeparker5132@gmail.com>"]
 keywords = []
 edition = "2021"
 publish = false
-rust-version = "1.81"

 [package.metadata.docs.rs]
 all-features = true
@@ -22,15 +21,17 @@ zeroize = { version = "^1.5", default-features = false, features = ["std"] }
 bitvec = { version = "1", default-features = false, features = ["std"] }
 rand_core = { version = "0.6", default-features = false, features = ["std"] }

-blake2 = { version = "0.10", default-features = false, features = ["std"] }
+blake2 = { version = "0.11.0-rc.0", default-features = false, features = ["alloc"] }
 schnorrkel = { version = "0.11", default-features = false, features = ["std"] }

+dalek-ff-group = { path = "../crypto/dalek-ff-group", default-features = false, features = ["std"] }
 ciphersuite = { path = "../crypto/ciphersuite", default-features = false, features = ["std"] }
-schnorr = { package = "schnorr-signatures", path = "../crypto/schnorr", default-features = false, features = ["std"] }
+dkg = { package = "dkg-musig", path = "../crypto/dkg/musig", default-features = false, features = ["std"] }
 frost = { package = "modular-frost", path = "../crypto/frost" }
 frost-schnorrkel = { path = "../crypto/schnorrkel" }

-scale = { package = "parity-scale-codec", version = "3", default-features = false, features = ["std", "derive", "bit-vec"] }
+hex = { version = "0.4", default-features = false, features = ["std"] }
+borsh = { version = "1", default-features = false, features = ["std", "derive", "de_strict_order"] }

 zalloc = { path = "../common/zalloc" }
 serai-db = { path = "../common/db" }
@@ -41,10 +42,7 @@ messages = { package = "serai-processor-messages", path = "../processor/messages
 message-queue = { package = "serai-message-queue", path = "../message-queue" }
 tributary-sdk = { path = "./tributary-sdk" }

-serai-client = { path = "../substrate/client", default-features = false, features = ["serai", "borsh"] }
-
-hex = { version = "0.4", default-features = false, features = ["std"] }
-borsh = { version = "1", default-features = false, features = ["std", "derive", "de_strict_order"] }
+serai-client = { path = "../substrate/client", default-features = false, features = ["serai"] }

 log = { version = "0.4", default-features = false, features = ["std"] }
 env_logger = { version = "0.10", default-features = false, features = ["humantime"] }
--- a/coordinator/cosign/Cargo.toml
+++ b/coordinator/cosign/Cargo.toml
@@ -8,7 +8,7 @@ authors = ["Luke Parker <lukeparker5132@gmail.com>"]
 keywords = []
 edition = "2021"
 publish = false
-rust-version = "1.81"
+rust-version = "1.85"

 [package.metadata.docs.rs]
 all-features = true
@@ -18,12 +18,11 @@ rustdoc-args = ["--cfg", "docsrs"]
 workspace = true

 [dependencies]
-blake2 = { version = "0.10", default-features = false, features = ["std"] }
+blake2 = { version = "0.11.0-rc.0", default-features = false, features = ["alloc"] }
 schnorrkel = { version = "0.11", default-features = false, features = ["std"] }

-scale = { package = "parity-scale-codec", version = "3", default-features = false, features = ["std", "derive"] }
 borsh = { version = "1", default-features = false, features = ["std", "derive", "de_strict_order"] }
-serai-client = { path = "../../substrate/client", default-features = false, features = ["serai", "borsh"] }
+serai-client = { path = "../../substrate/client", default-features = false, features = ["serai"] }

 log = { version = "0.4", default-features = false, features = ["std"] }

@@ -31,3 +30,5 @@ tokio = { version = "1", default-features = false }

 serai-db = { path = "../../common/db", version = "0.1.1" }
 serai-task = { path = "../../common/task", version = "0.1" }
+
+serai-cosign-types = { path = "./types" }
--- a/coordinator/cosign/LICENSE
+++ b/coordinator/cosign/LICENSE
@@ -1,6 +1,6 @@
 AGPL-3.0-only license

-Copyright (c) 2023-2024 Luke Parker
+Copyright (c) 2023-2025 Luke Parker

 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU Affero General Public License Version 3 as
--- a/coordinator/cosign/src/delay.rs
+++ b/coordinator/cosign/src/delay.rs
@@ -24,15 +24,6 @@ pub(crate) struct CosignDelayTask<D: Db> {
  pub(crate) db: D,
 }

-struct AwaitUndroppable<T: DbTxn>(Option<core::mem::ManuallyDrop<Undroppable<T>>>);
-impl<T: DbTxn> Drop for AwaitUndroppable<T> {
-  fn drop(&mut self) {
-    if let Some(mut txn) = self.0.take() {
-      (unsafe { core::mem::ManuallyDrop::take(&mut txn) }).close();
-    }
-  }
-}
-
 impl<D: Db> ContinuallyRan for CosignDelayTask<D> {
  type Error = DoesNotError;

@@ -44,18 +35,14 @@ impl<D: Db> ContinuallyRan for CosignDelayTask<D> {

        // Receive the next block to mark as cosigned
        let Some((block_number, time_evaluated)) = CosignedBlocks::try_recv(&mut txn) else {
-          txn.close();
          break;
        };
-
        // Calculate when we should mark it as valid
        let time_valid =
          SystemTime::UNIX_EPOCH + Duration::from_secs(time_evaluated) + ACKNOWLEDGEMENT_DELAY;
        // Sleep until then
-        let mut txn = AwaitUndroppable(Some(core::mem::ManuallyDrop::new(txn)));
        tokio::time::sleep(SystemTime::now().duration_since(time_valid).unwrap_or(Duration::ZERO))
          .await;
-        let mut txn = core::mem::ManuallyDrop::into_inner(txn.0.take().unwrap());

        // Set the cosigned block
        LatestCosignedBlockNumber::set(&mut txn, &block_number);
--- a/coordinator/cosign/src/evaluator.rs
+++ b/coordinator/cosign/src/evaluator.rs
@@ -1,5 +1,5 @@
 use core::future::Future;
-use std::time::{Duration, SystemTime};
+use std::time::{Duration, Instant, SystemTime};

 use serai_db::*;
 use serai_task::ContinuallyRan;
@@ -77,17 +77,27 @@ pub(crate) fn currently_evaluated_global_session(getter: &impl Get) -> Option<[u
 pub(crate) struct CosignEvaluatorTask<D: Db, R: RequestNotableCosigns> {
  pub(crate) db: D,
  pub(crate) request: R,
+  pub(crate) last_request_for_cosigns: Instant,
 }

 impl<D: Db, R: RequestNotableCosigns> ContinuallyRan for CosignEvaluatorTask<D, R> {
  type Error = String;

  fn run_iteration(&mut self) -> impl Send + Future<Output = Result<bool, Self::Error>> {
+    let should_request_cosigns = |last_request_for_cosigns: &mut Instant| {
+      const REQUEST_COSIGNS_SPACING: Duration = Duration::from_secs(60);
+      if Instant::now() < (*last_request_for_cosigns + REQUEST_COSIGNS_SPACING) {
+        return false;
+      }
+      *last_request_for_cosigns = Instant::now();
+      true
+    };
+
    async move {
      let mut known_cosign = None;
      let mut made_progress = false;
      loop {
-        let mut txn = self.db.unsafe_txn();
+        let mut txn = self.db.txn();
        let Some(BlockEventData { block_number, has_events }) = BlockEvents::try_recv(&mut txn)
        else {
          break;
@@ -118,12 +128,13 @@ impl<D: Db, R: RequestNotableCosigns> ContinuallyRan for CosignEvaluatorTask<D,
            // Check if the sum weight doesn't cross the required threshold
            if weight_cosigned < (((global_session_info.total_stake * 83) / 100) + 1) {
              // Request the necessary cosigns over the network
-              // TODO: Add a timer to ensure this isn't called too often
-              self
-                .request
-                .request_notable_cosigns(global_session)
-                .await
-                .map_err(|e| format!("{e:?}"))?;
+              if should_request_cosigns(&mut self.last_request_for_cosigns) {
+                self
+                  .request
+                  .request_notable_cosigns(global_session)
+                  .await
+                  .map_err(|e| format!("{e:?}"))?;
+              }
              // We return an error so the delay before this task is run again increases
              return Err(format!(
                "notable block (#{block_number}) wasn't yet cosigned. this should resolve shortly",
@@ -180,11 +191,13 @@ impl<D: Db, R: RequestNotableCosigns> ContinuallyRan for CosignEvaluatorTask<D,
                // If this session hasn't yet produced notable cosigns, then we presume we'll see
                // the desired non-notable cosigns as part of normal operations, without needing to
                // explicitly request them
-                self
-                  .request
-                  .request_notable_cosigns(global_session)
-                  .await
-                  .map_err(|e| format!("{e:?}"))?;
+                if should_request_cosigns(&mut self.last_request_for_cosigns) {
+                  self
+                    .request
+                    .request_notable_cosigns(global_session)
+                    .await
+                    .map_err(|e| format!("{e:?}"))?;
+                }
                // We return an error so the delay before this task is run again increases
                return Err(format!(
                  "block (#{block_number}) wasn't yet cosigned. this should resolve shortly",
--- a/coordinator/cosign/src/intend.rs
+++ b/coordinator/cosign/src/intend.rs
@@ -3,7 +3,7 @@ use std::{sync::Arc, collections::HashMap};

 use serai_client::{
  primitives::{SeraiAddress, Amount},
-  validator_sets::primitives::ValidatorSet,
+  validator_sets::primitives::ExternalValidatorSet,
  Serai,
 };

@@ -28,7 +28,7 @@ db_channel! {
  CosignIntendChannels {
    GlobalSessionsChannel: () -> ([u8; 32], GlobalSession),
    BlockEvents: () -> BlockEventData,
-    IntendedCosigns: (set: ValidatorSet) -> CosignIntent,
+    IntendedCosigns: (set: ExternalValidatorSet) -> CosignIntent,
  }
 }

@@ -70,7 +70,7 @@ impl<D: Db> ContinuallyRan for CosignIntendTask<D> {
        self.serai.latest_finalized_block().await.map_err(|e| format!("{e:?}"))?.number();

      for block_number in start_block_number ..= latest_block_number {
-        let mut txn = self.db.unsafe_txn();
+        let mut txn = self.db.txn();

        let (block, mut has_events) =
          block_has_events_justifying_a_cosign(&self.serai, block_number)
@@ -110,7 +110,7 @@ impl<D: Db> ContinuallyRan for CosignIntendTask<D> {
            keys.insert(set.network, SeraiAddress::from(*key));
            let stake = serai
              .validator_sets()
-              .total_allocated_stake(set.network)
+              .total_allocated_stake(set.network.into())
              .await
              .map_err(|e| format!("{e:?}"))?
              .unwrap_or(Amount(0))
@@ -155,7 +155,7 @@ impl<D: Db> ContinuallyRan for CosignIntendTask<D> {

            // Tell each set of their expectation to cosign this block
            for set in global_session_info.sets {
-              log::debug!("{:?} will be cosigning block #{block_number}", set);
+              log::debug!("{set:?} will be cosigning block #{block_number}");
              IntendedCosigns::send(
                &mut txn,
                set,
--- a/coordinator/cosign/src/lib.rs
+++ b/coordinator/cosign/src/lib.rs
@@ -3,22 +3,23 @@
 #![deny(missing_docs)]

 use core::{fmt::Debug, future::Future};
-use std::{sync::Arc, collections::HashMap};
+use std::{sync::Arc, collections::HashMap, time::Instant};

 use blake2::{Digest, Blake2s256};

-use scale::{Encode, Decode};
 use borsh::{BorshSerialize, BorshDeserialize};

 use serai_client::{
-  primitives::{NetworkId, SeraiAddress},
-  validator_sets::primitives::{Session, ValidatorSet, KeyPair},
+  primitives::{ExternalNetworkId, SeraiAddress},
+  validator_sets::primitives::{Session, ExternalValidatorSet, KeyPair},
  Public, Block, Serai, TemporalSerai,
 };

 use serai_db::*;
 use serai_task::*;

+use serai_cosign_types::*;
+
 /// The cosigns which are intended to be performed.
 mod intend;
 /// The evaluator of the cosigns.
@@ -52,13 +53,13 @@ pub const COSIGN_CONTEXT: &[u8] = b"/serai/coordinator/cosign";
 #[derive(Debug, BorshSerialize, BorshDeserialize)]
 pub(crate) struct GlobalSession {
  pub(crate) start_block_number: u64,
-  pub(crate) sets: Vec<ValidatorSet>,
-  pub(crate) keys: HashMap<NetworkId, SeraiAddress>,
-  pub(crate) stakes: HashMap<NetworkId, u64>,
+  pub(crate) sets: Vec<ExternalValidatorSet>,
+  pub(crate) keys: HashMap<ExternalNetworkId, SeraiAddress>,
+  pub(crate) stakes: HashMap<ExternalNetworkId, u64>,
  pub(crate) total_stake: u64,
 }
 impl GlobalSession {
-  fn id(mut cosigners: Vec<ValidatorSet>) -> [u8; 32] {
+  fn id(mut cosigners: Vec<ExternalValidatorSet>) -> [u8; 32] {
    cosigners.sort_by_key(|a| borsh::to_vec(a).unwrap());
    Blake2s256::digest(borsh::to_vec(&cosigners).unwrap()).into()
  }
@@ -78,50 +79,6 @@ enum HasEvents {
  No,
 }

-/// An intended cosign.
-#[derive(Clone, Copy, PartialEq, Eq, Debug, BorshSerialize, BorshDeserialize)]
-pub struct CosignIntent {
-  /// The global session this cosign is being performed under.
-  pub global_session: [u8; 32],
-  /// The number of the block to cosign.
-  pub block_number: u64,
-  /// The hash of the block to cosign.
-  pub block_hash: [u8; 32],
-  /// If this cosign must be handled before further cosigns are.
-  pub notable: bool,
-}
-
-/// A cosign.
-#[derive(Clone, PartialEq, Eq, Debug, Encode, Decode, BorshSerialize, BorshDeserialize)]
-pub struct Cosign {
-  /// The global session this cosign is being performed under.
-  pub global_session: [u8; 32],
-  /// The number of the block to cosign.
-  pub block_number: u64,
-  /// The hash of the block to cosign.
-  pub block_hash: [u8; 32],
-  /// The actual cosigner.
-  pub cosigner: NetworkId,
-}
-
-/// A signed cosign.
-#[derive(Clone, Debug, BorshSerialize, BorshDeserialize)]
-pub struct SignedCosign {
-  /// The cosign.
-  pub cosign: Cosign,
-  /// The signature for the cosign.
-  pub signature: [u8; 64],
-}
-
-impl SignedCosign {
-  fn verify_signature(&self, signer: serai_client::Public) -> bool {
-    let Ok(signer) = schnorrkel::PublicKey::from_bytes(&signer.0) else { return false };
-    let Ok(signature) = schnorrkel::Signature::from_bytes(&self.signature) else { return false };
-
-    signer.verify_simple(COSIGN_CONTEXT, &self.cosign.encode(), &signature).is_ok()
-  }
-}
-
 create_db! {
  Cosign {
    // The following are populated by the intend task and used throughout the library
@@ -148,7 +105,10 @@ create_db! {
    // one notable block. All validator sets will explicitly produce a cosign for their notable
    // block, causing the latest cosigned block for a global session to either be the global
    // session's notable cosigns or the network's latest cosigns.
-    NetworksLatestCosignedBlock: (global_session: [u8; 32], network: NetworkId) -> SignedCosign,
+    NetworksLatestCosignedBlock: (
+      global_session: [u8; 32],
+      network: ExternalNetworkId
+    ) -> SignedCosign,
    // Cosigns received for blocks not locally recognized as finalized.
    Faults: (global_session: [u8; 32]) -> Vec<SignedCosign>,
    // The global session which faulted.
@@ -159,15 +119,10 @@ create_db! {
 /// Fetch the keys used for cosigning by a specific network.
 async fn keys_for_network(
  serai: &TemporalSerai<'_>,
-  network: NetworkId,
+  network: ExternalNetworkId,
 ) -> Result<Option<(Session, KeyPair)>, String> {
-  // The Serai network never cosigns so it has no keys for cosigning
-  if network == NetworkId::Serai {
-    return Ok(None);
-  }
-
  let Some(latest_session) =
-    serai.validator_sets().session(network).await.map_err(|e| format!("{e:?}"))?
+    serai.validator_sets().session(network.into()).await.map_err(|e| format!("{e:?}"))?
  else {
    // If this network hasn't had a session declared, move on
    return Ok(None);
@@ -176,7 +131,7 @@ async fn keys_for_network(
  // Get the keys for the latest session
  if let Some(keys) = serai
    .validator_sets()
-    .keys(ValidatorSet { network, session: latest_session })
+    .keys(ExternalValidatorSet { network, session: latest_session })
    .await
    .map_err(|e| format!("{e:?}"))?
  {
@@ -187,7 +142,7 @@ async fn keys_for_network(
  if let Some(prior_session) = latest_session.0.checked_sub(1).map(Session) {
    if let Some(keys) = serai
      .validator_sets()
-      .keys(ValidatorSet { network, session: prior_session })
+      .keys(ExternalValidatorSet { network, session: prior_session })
      .await
      .map_err(|e| format!("{e:?}"))?
    {
@@ -198,16 +153,19 @@ async fn keys_for_network(
  Ok(None)
 }

-/// Fetch the `ValidatorSet`s, and their associated keys, used for cosigning as of this block.
-async fn cosigning_sets(serai: &TemporalSerai<'_>) -> Result<Vec<(ValidatorSet, Public)>, String> {
-  let mut sets = Vec::with_capacity(serai_client::primitives::NETWORKS.len());
-  for network in serai_client::primitives::NETWORKS {
+/// Fetch the `ExternalValidatorSet`s, and their associated keys, used for cosigning as of this
+/// block.
+async fn cosigning_sets(
+  serai: &TemporalSerai<'_>,
+) -> Result<Vec<(ExternalValidatorSet, Public)>, String> {
+  let mut sets = Vec::with_capacity(serai_client::primitives::EXTERNAL_NETWORKS.len());
+  for network in serai_client::primitives::EXTERNAL_NETWORKS {
    let Some((session, keys)) = keys_for_network(serai, network).await? else {
      // If this network doesn't have usable keys, move on
      continue;
    };

-    sets.push((ValidatorSet { network, session }, keys.0));
+    sets.push((ExternalValidatorSet { network, session }, keys.0));
  }
  Ok(sets)
 }
@@ -288,8 +246,12 @@ impl<D: Db> Cosigning<D> {
        .continually_run(intend_task, vec![evaluator_task_handle]),
    );
    tokio::spawn(
-      (evaluator::CosignEvaluatorTask { db: db.clone(), request })
-        .continually_run(evaluator_task, vec![delay_task_handle]),
+      (evaluator::CosignEvaluatorTask {
+        db: db.clone(),
+        request,
+        last_request_for_cosigns: Instant::now(),
+      })
+      .continually_run(evaluator_task, vec![delay_task_handle]),
    );
    tokio::spawn(
      (delay::CosignDelayTask { db: db.clone() })
@@ -323,8 +285,8 @@ impl<D: Db> Cosigning<D> {
  /// If this global session hasn't produced any notable cosigns, this will return the latest
  /// cosigns for this session.
  pub fn notable_cosigns(getter: &impl Get, global_session: [u8; 32]) -> Vec<SignedCosign> {
-    let mut cosigns = Vec::with_capacity(serai_client::primitives::NETWORKS.len());
-    for network in serai_client::primitives::NETWORKS {
+    let mut cosigns = Vec::with_capacity(serai_client::primitives::EXTERNAL_NETWORKS.len());
+    for network in serai_client::primitives::EXTERNAL_NETWORKS {
      if let Some(cosign) = NetworksLatestCosignedBlock::get(getter, global_session, network) {
        cosigns.push(cosign);
      }
@@ -341,7 +303,7 @@ impl<D: Db> Cosigning<D> {
      let mut cosigns = Faults::get(&self.db, faulted).expect("faulted with no faults");
      // Also include all of our recognized-as-honest cosigns in an attempt to induce fault
      // identification in those who see the faulty cosigns as honest
-      for network in serai_client::primitives::NETWORKS {
+      for network in serai_client::primitives::EXTERNAL_NETWORKS {
        if let Some(cosign) = NetworksLatestCosignedBlock::get(&self.db, faulted, network) {
          if cosign.cosign.global_session == faulted {
            cosigns.push(cosign);
@@ -353,8 +315,8 @@ impl<D: Db> Cosigning<D> {
      let Some(global_session) = evaluator::currently_evaluated_global_session(&self.db) else {
        return vec![];
      };
-      let mut cosigns = Vec::with_capacity(serai_client::primitives::NETWORKS.len());
-      for network in serai_client::primitives::NETWORKS {
+      let mut cosigns = Vec::with_capacity(serai_client::primitives::EXTERNAL_NETWORKS.len());
+      for network in serai_client::primitives::EXTERNAL_NETWORKS {
        if let Some(cosign) = NetworksLatestCosignedBlock::get(&self.db, global_session, network) {
          cosigns.push(cosign);
        }
@@ -424,7 +386,7 @@ impl<D: Db> Cosigning<D> {
    // Since we verified this cosign's signature, and have a chain sufficiently long, handle the
    // cosign

-    let mut txn = self.db.unsafe_txn();
+    let mut txn = self.db.txn();

    if !faulty {
      // If this is for a future global session, we don't acknowledge this cosign at this time
@@ -465,12 +427,12 @@ impl<D: Db> Cosigning<D> {
    Ok(())
  }

-  /// Receive intended cosigns to produce for this ValidatorSet.
+  /// Receive intended cosigns to produce for this ExternalValidatorSet.
  ///
  /// All cosigns intended, up to and including the next notable cosign, are returned.
  ///
  /// This will drain the internal channel and not re-yield these intentions again.
-  pub fn intended_cosigns(txn: &mut impl DbTxn, set: ValidatorSet) -> Vec<CosignIntent> {
+  pub fn intended_cosigns(txn: &mut impl DbTxn, set: ExternalValidatorSet) -> Vec<CosignIntent> {
    let mut res: Vec<CosignIntent> = vec![];
    // While we have yet to find a notable cosign...
    while !res.last().map(|cosign| cosign.notable).unwrap_or(false) {
@@ -480,30 +442,3 @@ impl<D: Db> Cosigning<D> {
    res
  }
 }
-
-mod tests {
-  use super::*;
-
-  struct RNC;
-  impl RequestNotableCosigns for RNC {
-    /// The error type which may be encountered when requesting notable cosigns.
-    type Error = ();
-
-    /// Request the notable cosigns for this global session.
-    fn request_notable_cosigns(
-      &self,
-      global_session: [u8; 32],
-    ) -> impl Send + Future<Output = Result<(), Self::Error>> {
-      async move { Ok(()) }
-    }
-  }
-  #[tokio::test]
-  async fn test() {
-    let db: serai_db::MemDb = serai_db::MemDb::new();
-    let serai = unsafe { core::mem::transmute(0u64) };
-    let request = RNC;
-    let tasks = vec![];
-    let _ = Cosigning::spawn(db, serai, request, tasks);
-    core::future::pending().await
-  }
-}
--- a/coordinator/cosign/types/Cargo.toml
+++ b/coordinator/cosign/types/Cargo.toml
@@ -0,0 +1,25 @@
+[package]
+name = "serai-cosign-types"
+version = "0.1.0"
+description = "Evaluator of cosigns for the Serai network"
+license = "AGPL-3.0-only"
+repository = "https://github.com/serai-dex/serai/tree/develop/coordinator/cosign"
+authors = ["Luke Parker <lukeparker5132@gmail.com>"]
+keywords = []
+edition = "2021"
+publish = false
+rust-version = "1.85"
+
+[package.metadata.docs.rs]
+all-features = true
+rustdoc-args = ["--cfg", "docsrs"]
+
+[lints]
+workspace = true
+
+[dependencies]
+schnorrkel = { version = "0.11", default-features = false, features = ["std"] }
+
+borsh = { version = "1", default-features = false, features = ["std", "derive", "de_strict_order"] }
+
+serai-primitives = { path = "../../../substrate/primitives", default-features = false, features = ["std"] }
--- a/substrate/economic-security/pallet/LICENSE
+++ b/substrate/economic-security/pallet/LICENSE
@@ -1,6 +1,6 @@
 AGPL-3.0-only license

-Copyright (c) 2024 Luke Parker
+Copyright (c) 2023-2025 Luke Parker

 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU Affero General Public License Version 3 as
--- a/coordinator/cosign/types/src/lib.rs
+++ b/coordinator/cosign/types/src/lib.rs
@@ -0,0 +1,72 @@
+#![cfg_attr(docsrs, feature(doc_auto_cfg))]
+#![deny(missing_docs)]
+//! Types used when cosigning Serai. For more info, please see `serai-cosign`.
+use borsh::{BorshSerialize, BorshDeserialize};
+
+use serai_primitives::{crypto::Public, network_id::ExternalNetworkId};
+
+/// The schnorrkel context to used when signing a cosign.
+pub const COSIGN_CONTEXT: &[u8] = b"/serai/coordinator/cosign";
+
+/// An intended cosign.
+#[derive(Clone, Copy, PartialEq, Eq, Debug, BorshSerialize, BorshDeserialize)]
+pub struct CosignIntent {
+  /// The global session this cosign is being performed under.
+  pub global_session: [u8; 32],
+  /// The number of the block to cosign.
+  pub block_number: u64,
+  /// The hash of the block to cosign.
+  pub block_hash: [u8; 32],
+  /// If this cosign must be handled before further cosigns are.
+  pub notable: bool,
+}
+
+/// A cosign.
+#[derive(Clone, PartialEq, Eq, Debug, BorshSerialize, BorshDeserialize)]
+pub struct Cosign {
+  /// The global session this cosign is being performed under.
+  pub global_session: [u8; 32],
+  /// The number of the block to cosign.
+  pub block_number: u64,
+  /// The hash of the block to cosign.
+  pub block_hash: [u8; 32],
+  /// The actual cosigner.
+  pub cosigner: ExternalNetworkId,
+}
+
+impl CosignIntent {
+  /// Convert this into a `Cosign`.
+  pub fn into_cosign(self, cosigner: ExternalNetworkId) -> Cosign {
+    let CosignIntent { global_session, block_number, block_hash, notable: _ } = self;
+    Cosign { global_session, block_number, block_hash, cosigner }
+  }
+}
+
+impl Cosign {
+  /// The message to sign to sign this cosign.
+  ///
+  /// This must be signed with schnorrkel, the context set to `COSIGN_CONTEXT`.
+  pub fn signature_message(&self) -> Vec<u8> {
+    // We use a schnorrkel context to domain-separate this
+    borsh::to_vec(self).unwrap()
+  }
+}
+
+/// A signed cosign.
+#[derive(Clone, Debug, BorshSerialize, BorshDeserialize)]
+pub struct SignedCosign {
+  /// The cosign.
+  pub cosign: Cosign,
+  /// The signature for the cosign.
+  pub signature: [u8; 64],
+}
+
+impl SignedCosign {
+  /// Verify a cosign's signature.
+  pub fn verify_signature(&self, signer: Public) -> bool {
+    let Ok(signer) = schnorrkel::PublicKey::from_bytes(&signer.0) else { return false };
+    let Ok(signature) = schnorrkel::Signature::from_bytes(&self.signature) else { return false };
+
+    signer.verify_simple(COSIGN_CONTEXT, &self.cosign.signature_message(), &signature).is_ok()
+  }
+}
--- a/coordinator/p2p/Cargo.toml
+++ b/coordinator/p2p/Cargo.toml
@@ -8,7 +8,7 @@ authors = ["Luke Parker <lukeparker5132@gmail.com>"]
 keywords = []
 edition = "2021"
 publish = false
-rust-version = "1.81"
+rust-version = "1.85"

 [package.metadata.docs.rs]
 all-features = true
@@ -22,7 +22,7 @@ borsh = { version = "1", default-features = false, features = ["std", "derive",

 serai-db = { path = "../../common/db", version = "0.1" }

-serai-client = { path = "../../substrate/client", default-features = false, features = ["serai", "borsh"] }
+serai-primitives = { path = "../../substrate/primitives", default-features = false, features = ["std"] }
 serai-cosign = { path = "../cosign" }
 tributary-sdk = { path = "../tributary-sdk" }

--- a/coordinator/p2p/libp2p/Cargo.toml
+++ b/coordinator/p2p/libp2p/Cargo.toml
@@ -8,7 +8,7 @@ authors = ["Luke Parker <lukeparker5132@gmail.com>"]
 keywords = []
 edition = "2021"
 publish = false
-rust-version = "1.81"
+rust-version = "1.87"

 [package.metadata.docs.rs]
 all-features = true
@@ -23,19 +23,19 @@ async-trait = { version = "0.1", default-features = false }
 rand_core = { version = "0.6", default-features = false, features = ["std"] }

 zeroize = { version = "^1.5", default-features = false, features = ["std"] }
-blake2 = { version = "0.10", default-features = false, features = ["std"] }
+blake2 = { version = "0.11.0-rc.0", default-features = false, features = ["alloc"] }
 schnorrkel = { version = "0.11", default-features = false, features = ["std"] }

 hex = { version = "0.4", default-features = false, features = ["std"] }
 borsh = { version = "1", default-features = false, features = ["std", "derive", "de_strict_order"] }

-serai-client = { path = "../../../substrate/client", default-features = false, features = ["serai", "borsh"] }
+serai-client = { path = "../../../substrate/client", default-features = false, features = ["serai"] }
 serai-cosign = { path = "../../cosign" }
 tributary-sdk = { path = "../../tributary-sdk" }

 futures-util = { version = "0.3", default-features = false, features = ["std"] }
 tokio = { version = "1", default-features = false, features = ["sync"] }
-libp2p = { version = "0.52", default-features = false, features = ["tokio", "tcp", "noise", "yamux", "ping", "request-response", "gossipsub", "macros"] }
+libp2p = { version = "0.56", default-features = false, features = ["tokio", "tcp", "noise", "yamux", "ping", "request-response", "gossipsub", "macros"] }

 log = { version = "0.4", default-features = false, features = ["std"] }
 serai-task = { path = "../../../common/task", version = "0.1" }
--- a/coordinator/p2p/libp2p/src/authenticate.rs
+++ b/coordinator/p2p/libp2p/src/authenticate.rs
@@ -11,8 +11,7 @@ use serai_client::primitives::PublicKey as Public;

 use futures_util::{AsyncRead, AsyncReadExt, AsyncWrite, AsyncWriteExt};
 use libp2p::{
-  core::UpgradeInfo,
-  InboundUpgrade, OutboundUpgrade,
+  core::upgrade::{UpgradeInfo, InboundConnectionUpgrade, OutboundConnectionUpgrade},
  identity::{self, PeerId},
  noise,
 };
@@ -119,12 +118,18 @@ impl UpgradeInfo for OnlyValidators {
  }
 }

-impl<S: 'static + Send + Unpin + AsyncRead + AsyncWrite> InboundUpgrade<S> for OnlyValidators {
+impl<S: 'static + Send + Unpin + AsyncRead + AsyncWrite> InboundConnectionUpgrade<S>
+  for OnlyValidators
+{
  type Output = (PeerId, noise::Output<S>);
  type Error = io::Error;
  type Future = Pin<Box<dyn Send + Future<Output = Result<Self::Output, Self::Error>>>>;

-  fn upgrade_inbound(self, socket: S, info: Self::Info) -> Self::Future {
+  fn upgrade_inbound(
+    self,
+    socket: S,
+    info: <Self as UpgradeInfo>::Info,
+  ) -> <Self as InboundConnectionUpgrade<S>>::Future {
    Box::pin(async move {
      let (dialer_noise_peer_id, mut socket) = noise::Config::new(&self.noise_keypair)
        .unwrap()
@@ -147,12 +152,18 @@ impl<S: 'static + Send + Unpin + AsyncRead + AsyncWrite> InboundUpgrade<S> for O
  }
 }

-impl<S: 'static + Send + Unpin + AsyncRead + AsyncWrite> OutboundUpgrade<S> for OnlyValidators {
+impl<S: 'static + Send + Unpin + AsyncRead + AsyncWrite> OutboundConnectionUpgrade<S>
+  for OnlyValidators
+{
  type Output = (PeerId, noise::Output<S>);
  type Error = io::Error;
  type Future = Pin<Box<dyn Send + Future<Output = Result<Self::Output, Self::Error>>>>;

-  fn upgrade_outbound(self, socket: S, info: Self::Info) -> Self::Future {
+  fn upgrade_outbound(
+    self,
+    socket: S,
+    info: <Self as UpgradeInfo>::Info,
+  ) -> <Self as OutboundConnectionUpgrade<S>>::Future {
    Box::pin(async move {
      let (listener_noise_peer_id, mut socket) = noise::Config::new(&self.noise_keypair)
        .unwrap()
--- a/coordinator/p2p/libp2p/src/lib.rs
+++ b/coordinator/p2p/libp2p/src/lib.rs
@@ -14,8 +14,8 @@ use zeroize::Zeroizing;
 use schnorrkel::Keypair;

 use serai_client::{
-  primitives::{NetworkId, PublicKey},
-  validator_sets::primitives::ValidatorSet,
+  primitives::{ExternalNetworkId, PublicKey},
+  validator_sets::primitives::ExternalValidatorSet,
  Serai,
 };

@@ -50,7 +50,7 @@ mod ping;

 /// The request-response messages and behavior
 mod reqres;
-use reqres::{RequestId, Request, Response};
+use reqres::{InboundRequestId, Request, Response};

 /// The gossip messages and behavior
 mod gossip;
@@ -66,14 +66,6 @@ use dial::DialTask;

 const PORT: u16 = 30563; // 5132 ^ (('c' << 8) | 'o')

-// usize::max, manually implemented, as max isn't a const fn
-const MAX_LIBP2P_MESSAGE_SIZE: usize =
-  if gossip::MAX_LIBP2P_GOSSIP_MESSAGE_SIZE > reqres::MAX_LIBP2P_REQRES_MESSAGE_SIZE {
-    gossip::MAX_LIBP2P_GOSSIP_MESSAGE_SIZE
-  } else {
-    reqres::MAX_LIBP2P_REQRES_MESSAGE_SIZE
-  };
-
 fn peer_id_from_public(public: PublicKey) -> PeerId {
  // 0 represents the identity Multihash, that no hash was performed
  // It's an internal constant so we can't refer to the constant inside libp2p
@@ -112,7 +104,7 @@ impl serai_coordinator_p2p::Peer<'_> for Peer<'_> {

 #[derive(Clone)]
 struct Peers {
-  peers: Arc<RwLock<HashMap<NetworkId, HashSet<PeerId>>>>,
+  peers: Arc<RwLock<HashMap<ExternalNetworkId, HashSet<PeerId>>>>,
 }

 // Consider adding identify/kad/autonat/rendevous/(relay + dcutr). While we currently use the Serai
@@ -143,9 +135,10 @@ struct Libp2pInner {
  signed_cosigns: Mutex<mpsc::UnboundedReceiver<SignedCosign>>,
  signed_cosigns_send: mpsc::UnboundedSender<SignedCosign>,

-  heartbeat_requests: Mutex<mpsc::UnboundedReceiver<(RequestId, ValidatorSet, [u8; 32])>>,
-  notable_cosign_requests: Mutex<mpsc::UnboundedReceiver<(RequestId, [u8; 32])>>,
-  inbound_request_responses: mpsc::UnboundedSender<(RequestId, Response)>,
+  heartbeat_requests:
+    Mutex<mpsc::UnboundedReceiver<(InboundRequestId, ExternalValidatorSet, [u8; 32])>>,
+  notable_cosign_requests: Mutex<mpsc::UnboundedReceiver<(InboundRequestId, [u8; 32])>>,
+  inbound_request_responses: mpsc::UnboundedSender<(InboundRequestId, Response)>,
 }

 /// The libp2p-backed P2P implementation.
@@ -176,19 +169,9 @@ impl Libp2p {
        Ok(OnlyValidators { serai_key: serai_key.clone(), noise_keypair: noise_keypair.clone() })
      };

-      let new_yamux = || {
-        let mut config = yamux::Config::default();
-        // 1 MiB default + max message size
-        config.set_max_buffer_size((1024 * 1024) + MAX_LIBP2P_MESSAGE_SIZE);
-        // 256 KiB default + max message size
-        config
-          .set_receive_window_size(((256 * 1024) + MAX_LIBP2P_MESSAGE_SIZE).try_into().unwrap());
-        config
-      };
-
      let mut swarm = SwarmBuilder::with_existing_identity(identity::Keypair::generate_ed25519())
        .with_tokio()
-        .with_tcp(TcpConfig::default().nodelay(true), new_only_validators, new_yamux)
+        .with_tcp(TcpConfig::default().nodelay(true), new_only_validators, yamux::Config::default)
        .unwrap()
        .with_behaviour(|_| Behavior {
          allow_list: allow_block_list::Behaviour::default(),
@@ -330,7 +313,7 @@ impl serai_cosign::RequestNotableCosigns for Libp2p {
 impl serai_coordinator_p2p::P2p for Libp2p {
  type Peer<'a> = Peer<'a>;

-  fn peers(&self, network: NetworkId) -> impl Send + Future<Output = Vec<Self::Peer<'_>>> {
+  fn peers(&self, network: ExternalNetworkId) -> impl Send + Future<Output = Vec<Self::Peer<'_>>> {
    async move {
      let Some(peer_ids) = self.0.peers.peers.read().await.get(&network).cloned() else {
        return vec![];
--- a/coordinator/p2p/libp2p/src/reqres.rs
+++ b/coordinator/p2p/libp2p/src/reqres.rs
@@ -10,7 +10,7 @@ use futures_util::{AsyncRead, AsyncReadExt, AsyncWrite, AsyncWriteExt};
 use libp2p::request_response::{
  self, Codec as CodecTrait, Event as GenericEvent, Config, Behaviour, ProtocolSupport,
 };
-pub use request_response::{RequestId, Message};
+pub use request_response::{InboundRequestId, Message};

 use serai_cosign::SignedCosign;

@@ -129,7 +129,6 @@ pub(crate) type Event = GenericEvent<Request, Response>;

 pub(crate) type Behavior = Behaviour<Codec>;
 pub(crate) fn new_behavior() -> Behavior {
-  let mut config = Config::default();
-  config.set_request_timeout(Duration::from_secs(5));
+  let config = Config::default().with_request_timeout(Duration::from_secs(5));
  Behavior::new([(PROTOCOL, ProtocolSupport::Full)], config)
 }
--- a/coordinator/p2p/libp2p/src/swarm.rs
+++ b/coordinator/p2p/libp2p/src/swarm.rs
@@ -6,7 +6,7 @@ use std::{

 use borsh::BorshDeserialize;

-use serai_client::validator_sets::primitives::ValidatorSet;
+use serai_client::validator_sets::primitives::ExternalValidatorSet;

 use tokio::sync::{mpsc, oneshot, RwLock};

@@ -17,7 +17,7 @@ use serai_cosign::SignedCosign;
 use futures_util::StreamExt;
 use libp2p::{
  identity::PeerId,
-  request_response::{RequestId, ResponseChannel},
+  request_response::{InboundRequestId, OutboundRequestId, ResponseChannel},
  swarm::{dial_opts::DialOpts, SwarmEvent, Swarm},
 };

@@ -65,12 +65,12 @@ pub(crate) struct SwarmTask {
  tributary_gossip: mpsc::UnboundedSender<([u8; 32], Vec<u8>)>,

  outbound_requests: mpsc::UnboundedReceiver<(PeerId, Request, oneshot::Sender<Response>)>,
-  outbound_request_responses: HashMap<RequestId, oneshot::Sender<Response>>,
+  outbound_request_responses: HashMap<OutboundRequestId, oneshot::Sender<Response>>,

-  inbound_request_response_channels: HashMap<RequestId, ResponseChannel<Response>>,
-  heartbeat_requests: mpsc::UnboundedSender<(RequestId, ValidatorSet, [u8; 32])>,
-  notable_cosign_requests: mpsc::UnboundedSender<(RequestId, [u8; 32])>,
-  inbound_request_responses: mpsc::UnboundedReceiver<(RequestId, Response)>,
+  inbound_request_response_channels: HashMap<InboundRequestId, ResponseChannel<Response>>,
+  heartbeat_requests: mpsc::UnboundedSender<(InboundRequestId, ExternalValidatorSet, [u8; 32])>,
+  notable_cosign_requests: mpsc::UnboundedSender<(InboundRequestId, [u8; 32])>,
+  inbound_request_responses: mpsc::UnboundedReceiver<(InboundRequestId, Response)>,
 }

 impl SwarmTask {
@@ -222,25 +222,21 @@ impl SwarmTask {
              }
            }

-            SwarmEvent::Behaviour(
-              BehaviorEvent::AllowList(event) | BehaviorEvent::ConnectionLimits(event)
-            ) => {
-              // This *is* an exhaustive match as these events are empty enums
-              match event {}
-            }
-            SwarmEvent::Behaviour(
-              BehaviorEvent::Ping(ping::Event { peer: _, connection, result, })
-            ) => {
-              if result.is_err() {
-                self.swarm.close_connection(connection);
+            SwarmEvent::Behaviour(event) => {
+              match event {
+                BehaviorEvent::AllowList(event) | BehaviorEvent::ConnectionLimits(event) => {
+                  // This *is* an exhaustive match as these events are empty enums
+                  match event {}
+                }
+                BehaviorEvent::Ping(ping::Event { peer: _, connection, result, }) => {
+                  if result.is_err() {
+                    self.swarm.close_connection(connection);
+                  }
+                }
+                BehaviorEvent::Reqres(event) => self.handle_reqres(event),
+                BehaviorEvent::Gossip(event) => self.handle_gossip(event),
              }
            }
-            SwarmEvent::Behaviour(BehaviorEvent::Reqres(event)) => {
-              self.handle_reqres(event)
-            }
-            SwarmEvent::Behaviour(BehaviorEvent::Gossip(event)) => {
-              self.handle_gossip(event)
-            }

            // We don't handle any of these
            SwarmEvent::IncomingConnection { .. } |
@@ -250,7 +246,14 @@ impl SwarmTask {
            SwarmEvent::ExpiredListenAddr { .. } |
            SwarmEvent::ListenerClosed { .. } |
            SwarmEvent::ListenerError { .. } |
-            SwarmEvent::Dialing { .. } => {}
+            SwarmEvent::Dialing { .. } |
+            SwarmEvent::NewExternalAddrCandidate { .. } |
+            SwarmEvent::ExternalAddrConfirmed { .. } |
+            SwarmEvent::ExternalAddrExpired { .. } |
+            SwarmEvent::NewExternalAddrOfPeer { .. } => {}
+
+            // Requires as SwarmEvent is non-exhaustive
+            _ => log::warn!("unhandled SwarmEvent: {event:?}"),
          }
        }

@@ -321,9 +324,9 @@ impl SwarmTask {

    outbound_requests: mpsc::UnboundedReceiver<(PeerId, Request, oneshot::Sender<Response>)>,

-    heartbeat_requests: mpsc::UnboundedSender<(RequestId, ValidatorSet, [u8; 32])>,
-    notable_cosign_requests: mpsc::UnboundedSender<(RequestId, [u8; 32])>,
-    inbound_request_responses: mpsc::UnboundedReceiver<(RequestId, Response)>,
+    heartbeat_requests: mpsc::UnboundedSender<(InboundRequestId, ExternalValidatorSet, [u8; 32])>,
+    notable_cosign_requests: mpsc::UnboundedSender<(InboundRequestId, [u8; 32])>,
+    inbound_request_responses: mpsc::UnboundedReceiver<(InboundRequestId, Response)>,
  ) {
    tokio::spawn(
      SwarmTask {
--- a/coordinator/p2p/libp2p/src/validators.rs
+++ b/coordinator/p2p/libp2p/src/validators.rs
@@ -4,7 +4,9 @@ use std::{
  collections::{HashSet, HashMap},
 };

-use serai_client::{primitives::NetworkId, validator_sets::primitives::Session, SeraiError, Serai};
+use serai_client::{
+  primitives::ExternalNetworkId, validator_sets::primitives::Session, SeraiError, Serai,
+};

 use serai_task::{Task, ContinuallyRan};

@@ -24,11 +26,11 @@ pub(crate) struct Validators {
  serai: Arc<Serai>,

  // A cache for which session we're populated with the validators of
-  sessions: HashMap<NetworkId, Session>,
+  sessions: HashMap<ExternalNetworkId, Session>,
  // The validators by network
-  by_network: HashMap<NetworkId, HashSet<PeerId>>,
+  by_network: HashMap<ExternalNetworkId, HashSet<PeerId>>,
  // The validators and their networks
-  validators: HashMap<PeerId, HashSet<NetworkId>>,
+  validators: HashMap<PeerId, HashSet<ExternalNetworkId>>,

  // The channel to send the changes down
  changes: mpsc::UnboundedSender<Changes>,
@@ -49,8 +51,16 @@ impl Validators {

  async fn session_changes(
    serai: impl Borrow<Serai>,
-    sessions: impl Borrow<HashMap<NetworkId, Session>>,
-  ) -> Result<Vec<(NetworkId, Session, HashSet<PeerId>)>, SeraiError> {
+    sessions: impl Borrow<HashMap<ExternalNetworkId, Session>>,
+  ) -> Result<Vec<(ExternalNetworkId, Session, HashSet<PeerId>)>, SeraiError> {
+    /*
+      This uses the latest finalized block, not the latest cosigned block, which should be fine as
+      in the worst case, we'd connect to unexpected validators. They still shouldn't be able to
+      bypass the cosign protocol unless a historical global session was malicious, in which case
+      the cosign protocol already breaks.
+
+      Besides, we can't connect to historical validators, only the current validators.
+    */
    let temporal_serai = serai.borrow().as_of_latest_finalized_block().await?;
    let temporal_serai = temporal_serai.validator_sets();

@@ -59,13 +69,10 @@ impl Validators {
      // FuturesUnordered can be bad practice as it'll cause timeouts if infrequently polled, but
      // we poll it till it yields all futures with the most minimal processing possible
      let mut futures = FuturesUnordered::new();
-      for network in serai_client::primitives::NETWORKS {
-        if network == NetworkId::Serai {
-          continue;
-        }
+      for network in serai_client::primitives::EXTERNAL_NETWORKS {
        let sessions = sessions.borrow();
        futures.push(async move {
-          let session = match temporal_serai.session(network).await {
+          let session = match temporal_serai.session(network.into()).await {
            Ok(Some(session)) => session,
            Ok(None) => return Ok(None),
            Err(e) => return Err(e),
@@ -74,7 +81,7 @@ impl Validators {
          if sessions.get(&network) == Some(&session) {
            Ok(None)
          } else {
-            match temporal_serai.active_network_validators(network).await {
+            match temporal_serai.active_network_validators(network.into()).await {
              Ok(validators) => Ok(Some((
                network,
                session,
@@ -97,7 +104,7 @@ impl Validators {

  fn incorporate_session_changes(
    &mut self,
-    session_changes: Vec<(NetworkId, Session, HashSet<PeerId>)>,
+    session_changes: Vec<(ExternalNetworkId, Session, HashSet<PeerId>)>,
  ) {
    let mut removed = HashSet::new();
    let mut added = HashSet::new();
@@ -152,11 +159,11 @@ impl Validators {
    Ok(())
  }

-  pub(crate) fn by_network(&self) -> &HashMap<NetworkId, HashSet<PeerId>> {
+  pub(crate) fn by_network(&self) -> &HashMap<ExternalNetworkId, HashSet<PeerId>> {
    &self.by_network
  }

-  pub(crate) fn networks(&self, peer_id: &PeerId) -> Option<&HashSet<NetworkId>> {
+  pub(crate) fn networks(&self, peer_id: &PeerId) -> Option<&HashSet<ExternalNetworkId>> {
    self.validators.get(peer_id)
  }
 }
--- a/coordinator/p2p/src/heartbeat.rs
+++ b/coordinator/p2p/src/heartbeat.rs
@@ -1,7 +1,7 @@
 use core::future::Future;
 use std::time::{Duration, SystemTime};

-use serai_client::validator_sets::primitives::{MAX_KEY_SHARES_PER_SET, ValidatorSet};
+use serai_primitives::{MAX_KEY_SHARES_PER_SET, ExternalValidatorSet};

 use futures_lite::FutureExt;

@@ -38,7 +38,7 @@ pub const BATCH_SIZE_LIMIT: usize = MIN_BLOCKS_PER_BATCH *
 /// If the other validator has more blocks then we do, they're expected to inform us. This forms
 /// the sync protocol for our Tributaries.
 pub(crate) struct HeartbeatTask<TD: Db, Tx: TransactionTrait, P: P2p> {
-  pub(crate) set: ValidatorSet,
+  pub(crate) set: ExternalValidatorSet,
  pub(crate) tributary: Tributary<TD, Tx, P>,
  pub(crate) reader: TributaryReader<TD, Tx>,
  pub(crate) p2p: P,
--- a/coordinator/p2p/src/lib.rs
+++ b/coordinator/p2p/src/lib.rs
@@ -7,7 +7,7 @@ use std::collections::HashMap;

 use borsh::{BorshSerialize, BorshDeserialize};

-use serai_client::{primitives::NetworkId, validator_sets::primitives::ValidatorSet};
+use serai_primitives::{network_id::ExternalNetworkId, validator_sets::ExternalValidatorSet};

 use serai_db::Db;
 use tributary_sdk::{ReadWrite, TransactionTrait, Tributary, TributaryReader};
@@ -25,7 +25,7 @@ use crate::heartbeat::HeartbeatTask;
 #[derive(Clone, Copy, BorshSerialize, BorshDeserialize, Debug)]
 pub struct Heartbeat {
  /// The Tributary this is the heartbeat of.
-  pub set: ValidatorSet,
+  pub set: ExternalValidatorSet,
  /// The hash of the latest block added to the Tributary.
  pub latest_block_hash: [u8; 32],
 }
@@ -56,7 +56,7 @@ pub trait P2p:
  type Peer<'a>: Peer<'a>;

  /// Fetch the peers for this network.
-  fn peers(&self, network: NetworkId) -> impl Send + Future<Output = Vec<Self::Peer<'_>>>;
+  fn peers(&self, network: ExternalNetworkId) -> impl Send + Future<Output = Vec<Self::Peer<'_>>>;

  /// Broadcast a cosign.
  fn publish_cosign(&self, cosign: SignedCosign) -> impl Send + Future<Output = ()>;
@@ -131,13 +131,13 @@ fn handle_heartbeat<D: Db, T: TransactionTrait>(
 pub async fn run<TD: Db, Tx: TransactionTrait, P: P2p>(
  db: impl Db,
  p2p: P,
-  mut add_tributary: mpsc::UnboundedReceiver<(ValidatorSet, Tributary<TD, Tx, P>)>,
-  mut retire_tributary: mpsc::UnboundedReceiver<ValidatorSet>,
+  mut add_tributary: mpsc::UnboundedReceiver<(ExternalValidatorSet, Tributary<TD, Tx, P>)>,
+  mut retire_tributary: mpsc::UnboundedReceiver<ExternalValidatorSet>,
  send_cosigns: mpsc::UnboundedSender<SignedCosign>,
 ) {
-  let mut readers = HashMap::<ValidatorSet, TributaryReader<TD, Tx>>::new();
+  let mut readers = HashMap::<ExternalValidatorSet, TributaryReader<TD, Tx>>::new();
  let mut tributaries = HashMap::<[u8; 32], mpsc::UnboundedSender<Vec<u8>>>::new();
-  let mut heartbeat_tasks = HashMap::<ValidatorSet, _>::new();
+  let mut heartbeat_tasks = HashMap::<ExternalValidatorSet, _>::new();

  loop {
    tokio::select! {
--- a/coordinator/src/db.rs
+++ b/coordinator/src/db.rs
@@ -3,9 +3,11 @@ use std::{path::Path, fs};
 pub(crate) use serai_db::{Get, DbTxn, Db as DbTrait};
 use serai_db::{create_db, db_channel};

+use dkg::Participant;
+
 use serai_client::{
-  primitives::NetworkId,
-  validator_sets::primitives::{Session, ValidatorSet},
+  primitives::ExternalNetworkId,
+  validator_sets::primitives::{Session, ExternalValidatorSet, KeyPair},
 };

 use serai_cosign::SignedCosign;
@@ -13,7 +15,7 @@ use serai_coordinator_substrate::NewSetInformation;
 use serai_coordinator_tributary::Transaction;

 #[cfg(all(feature = "parity-db", not(feature = "rocksdb")))]
-pub(crate) type Db = serai_db::ParityDb;
+pub(crate) type Db = std::sync::Arc<serai_db::ParityDb>;
 #[cfg(feature = "rocksdb")]
 pub(crate) type Db = serai_db::RocksDB;

@@ -41,22 +43,21 @@ pub(crate) fn coordinator_db() -> Db {
  db(&format!("{root_path}/coordinator/db"))
 }

-fn tributary_db_folder(set: ValidatorSet) -> String {
+fn tributary_db_folder(set: ExternalValidatorSet) -> String {
  let root_path = serai_env::var("DB_PATH").expect("path to DB wasn't specified");
  let network = match set.network {
-    NetworkId::Serai => panic!("creating Tributary for the Serai network"),
-    NetworkId::Bitcoin => "Bitcoin",
-    NetworkId::Ethereum => "Ethereum",
-    NetworkId::Monero => "Monero",
+    ExternalNetworkId::Bitcoin => "Bitcoin",
+    ExternalNetworkId::Ethereum => "Ethereum",
+    ExternalNetworkId::Monero => "Monero",
  };
  format!("{root_path}/tributary-{network}-{}", set.session.0)
 }

-pub(crate) fn tributary_db(set: ValidatorSet) -> Db {
+pub(crate) fn tributary_db(set: ExternalValidatorSet) -> Db {
  db(&format!("{}/db", tributary_db_folder(set)))
 }

-pub(crate) fn prune_tributary_db(set: ValidatorSet) {
+pub(crate) fn prune_tributary_db(set: ExternalValidatorSet) {
  log::info!("pruning data directory for tributary {set:?}");
  let db = tributary_db_folder(set);
  if fs::exists(&db).expect("couldn't check if tributary DB exists") {
@@ -71,11 +72,15 @@ create_db! {
    // The latest Tributary to have been retired for a network
    // Since Tributaries are retired sequentially, this is informative to if any Tributary has been
    // retired
-    RetiredTributary: (network: NetworkId) -> Session,
+    RetiredTributary: (network: ExternalNetworkId) -> Session,
    // The last handled message from a Processor
-    LastProcessorMessage: (network: NetworkId) -> u64,
+    LastProcessorMessage: (network: ExternalNetworkId) -> u64,
    // Cosigns we produced and tried to intake yet incurred an error while doing so
    ErroneousCosigns: () -> Vec<SignedCosign>,
+    // The keys to confirm and set on the Serai network
+    KeysToConfirm: (set: ExternalValidatorSet) -> KeyPair,
+    // The key was set on the Serai network
+    KeySet: (set: ExternalValidatorSet) -> (),
  }
 }

@@ -84,7 +89,7 @@ db_channel! {
    // Cosigns we produced
    SignedCosigns: () -> SignedCosign,
    // Tributaries to clean up upon reboot
-    TributaryCleanup: () -> ValidatorSet,
+    TributaryCleanup: () -> ExternalValidatorSet,
  }
 }

@@ -93,21 +98,51 @@ mod _internal_db {

  db_channel! {
    Coordinator {
-      // Tributary transactions to publish
-      TributaryTransactions: (set: ValidatorSet) -> Transaction,
+      // Tributary transactions to publish from the Processor messages
+      TributaryTransactionsFromProcessorMessages: (set: ExternalValidatorSet) -> Transaction,
+      // Tributary transactions to publish from the DKG confirmation task
+      TributaryTransactionsFromDkgConfirmation: (set: ExternalValidatorSet) -> Transaction,
+      // Participants to remove
+      RemoveParticipant: (set: ExternalValidatorSet) -> Participant,
    }
  }
 }

-pub(crate) struct TributaryTransactions;
-impl TributaryTransactions {
-  pub(crate) fn send(txn: &mut impl DbTxn, set: ValidatorSet, tx: &Transaction) {
+pub(crate) struct TributaryTransactionsFromProcessorMessages;
+impl TributaryTransactionsFromProcessorMessages {
+  pub(crate) fn send(txn: &mut impl DbTxn, set: ExternalValidatorSet, tx: &Transaction) {
    // If this set has yet to be retired, send this transaction
    if RetiredTributary::get(txn, set.network).map(|session| session.0) < Some(set.session.0) {
-      _internal_db::TributaryTransactions::send(txn, set, tx);
+      _internal_db::TributaryTransactionsFromProcessorMessages::send(txn, set, tx);
    }
  }
-  pub(crate) fn try_recv(txn: &mut impl DbTxn, set: ValidatorSet) -> Option<Transaction> {
-    _internal_db::TributaryTransactions::try_recv(txn, set)
+  pub(crate) fn try_recv(txn: &mut impl DbTxn, set: ExternalValidatorSet) -> Option<Transaction> {
+    _internal_db::TributaryTransactionsFromProcessorMessages::try_recv(txn, set)
+  }
+}
+
+pub(crate) struct TributaryTransactionsFromDkgConfirmation;
+impl TributaryTransactionsFromDkgConfirmation {
+  pub(crate) fn send(txn: &mut impl DbTxn, set: ExternalValidatorSet, tx: &Transaction) {
+    // If this set has yet to be retired, send this transaction
+    if RetiredTributary::get(txn, set.network).map(|session| session.0) < Some(set.session.0) {
+      _internal_db::TributaryTransactionsFromDkgConfirmation::send(txn, set, tx);
+    }
+  }
+  pub(crate) fn try_recv(txn: &mut impl DbTxn, set: ExternalValidatorSet) -> Option<Transaction> {
+    _internal_db::TributaryTransactionsFromDkgConfirmation::try_recv(txn, set)
+  }
+}
+
+pub(crate) struct RemoveParticipant;
+impl RemoveParticipant {
+  pub(crate) fn send(txn: &mut impl DbTxn, set: ExternalValidatorSet, participant: Participant) {
+    // If this set has yet to be retired, send this transaction
+    if RetiredTributary::get(txn, set.network).map(|session| session.0) < Some(set.session.0) {
+      _internal_db::RemoveParticipant::send(txn, set, &participant);
+    }
+  }
+  pub(crate) fn try_recv(txn: &mut impl DbTxn, set: ExternalValidatorSet) -> Option<Participant> {
+    _internal_db::RemoveParticipant::try_recv(txn, set)
  }
 }
--- a/coordinator/src/dkg_confirmation.rs
+++ b/coordinator/src/dkg_confirmation.rs
@@ -0,0 +1,439 @@
+use core::{ops::Deref, future::Future};
+use std::{boxed::Box, collections::HashMap};
+
+use zeroize::Zeroizing;
+use rand_core::OsRng;
+use ciphersuite::{group::GroupEncoding, *};
+use dkg::{Participant, musig};
+use frost_schnorrkel::{
+  frost::{curve::Ristretto, FrostError, sign::*},
+  Schnorrkel,
+};
+
+use serai_db::{DbTxn, Db as DbTrait};
+
+use serai_client::{
+  primitives::SeraiAddress,
+  validator_sets::primitives::{ExternalValidatorSet, musig_context, set_keys_message},
+};
+
+use serai_task::{DoesNotError, ContinuallyRan};
+
+use serai_coordinator_substrate::{NewSetInformation, Keys};
+use serai_coordinator_tributary::{Transaction, DkgConfirmationMessages};
+
+use crate::{KeysToConfirm, KeySet, TributaryTransactionsFromDkgConfirmation};
+
+fn schnorrkel() -> Schnorrkel {
+  Schnorrkel::new(b"substrate") // TODO: Pull the constant for this
+}
+
+fn our_i(
+  set: &NewSetInformation,
+  key: &Zeroizing<<Ristretto as WrappedGroup>::F>,
+  data: &HashMap<Participant, Vec<u8>>,
+) -> Participant {
+  let public = SeraiAddress((Ristretto::generator() * key.deref()).to_bytes());
+
+  let mut our_i = None;
+  for participant in data.keys() {
+    let validator_index = usize::from(u16::from(*participant) - 1);
+    let (validator, _weight) = set.validators[validator_index];
+    if validator == public {
+      our_i = Some(*participant);
+    }
+  }
+  our_i.unwrap()
+}
+
+// Take a HashMap of participations with non-contiguous Participants and convert them to a
+// contiguous sequence.
+//
+// The input data is expected to not include our own data, which also won't be in the output data.
+//
+// Returns the mapping from the contiguous Participants to the original Participants.
+fn make_contiguous<T>(
+  our_i: Participant,
+  mut data: HashMap<Participant, Vec<u8>>,
+  transform: impl Fn(Vec<u8>) -> std::io::Result<T>,
+) -> Result<HashMap<Participant, T>, Participant> {
+  assert!(!data.contains_key(&our_i));
+
+  let mut ordered_participants = data.keys().copied().collect::<Vec<_>>();
+  ordered_participants.sort_by_key(|participant| u16::from(*participant));
+
+  let mut our_i = Some(our_i);
+  let mut contiguous = HashMap::new();
+  let mut i = 1;
+  for participant in ordered_participants {
+    // If this is the first participant after our own index, increment to account for our index
+    if let Some(our_i_value) = our_i {
+      if u16::from(participant) > u16::from(our_i_value) {
+        i += 1;
+        our_i = None;
+      }
+    }
+
+    let contiguous_index = Participant::new(i).unwrap();
+    let data = match transform(data.remove(&participant).unwrap()) {
+      Ok(data) => data,
+      Err(_) => Err(participant)?,
+    };
+    contiguous.insert(contiguous_index, data);
+    i += 1;
+  }
+  Ok(contiguous)
+}
+
+fn handle_frost_error<T>(result: Result<T, FrostError>) -> Result<T, Participant> {
+  match &result {
+    Ok(_) => Ok(result.unwrap()),
+    Err(FrostError::InvalidPreprocess(participant) | FrostError::InvalidShare(participant)) => {
+      Err(*participant)
+    }
+    // All of these should be unreachable
+    Err(
+      FrostError::InternalError(_) |
+      FrostError::InvalidParticipant(_, _) |
+      FrostError::InvalidSigningSet(_) |
+      FrostError::InvalidParticipantQuantity(_, _) |
+      FrostError::DuplicatedParticipant(_) |
+      FrostError::MissingParticipant(_),
+    ) => {
+      result.unwrap();
+      unreachable!("continued execution after unwrapping Result::Err");
+    }
+  }
+}
+
+#[rustfmt::skip]
+enum Signer {
+  Preprocess { attempt: u32, seed: CachedPreprocess, preprocess: [u8; 64] },
+  Share {
+    attempt: u32,
+    musig_validators: Vec<SeraiAddress>,
+    share: [u8; 32],
+    machine: Box<AlgorithmSignatureMachine<Ristretto, Schnorrkel>>,
+  },
+}
+
+/// Performs the DKG Confirmation protocol.
+pub(crate) struct ConfirmDkgTask<CD: DbTrait, TD: DbTrait> {
+  db: CD,
+
+  set: NewSetInformation,
+  tributary_db: TD,
+
+  key: Zeroizing<<Ristretto as WrappedGroup>::F>,
+  signer: Option<Signer>,
+}
+
+impl<CD: DbTrait, TD: DbTrait> ConfirmDkgTask<CD, TD> {
+  pub(crate) fn new(
+    db: CD,
+    set: NewSetInformation,
+    tributary_db: TD,
+    key: Zeroizing<<Ristretto as WrappedGroup>::F>,
+  ) -> Self {
+    Self { db, set, tributary_db, key, signer: None }
+  }
+
+  fn slash(db: &mut CD, set: ExternalValidatorSet, validator: SeraiAddress) {
+    let mut txn = db.txn();
+    TributaryTransactionsFromDkgConfirmation::send(
+      &mut txn,
+      set,
+      &Transaction::RemoveParticipant { participant: validator, signed: Default::default() },
+    );
+    txn.commit();
+  }
+
+  fn preprocess(
+    db: &mut CD,
+    set: ExternalValidatorSet,
+    attempt: u32,
+    key: Zeroizing<<Ristretto as WrappedGroup>::F>,
+    signer: &mut Option<Signer>,
+  ) {
+    // Perform the preprocess
+    let public_key = Ristretto::generator() * key.deref();
+    let (machine, preprocess) = AlgorithmMachine::new(
+      schnorrkel(),
+      // We use a 1-of-1 Musig here as we don't know who will actually be in this Musig yet
+      musig(musig_context(set.into()), key, &[public_key]).unwrap(),
+    )
+    .preprocess(&mut OsRng);
+    // We take the preprocess so we can use it in a distinct machine with the actual Musig
+    // parameters
+    let seed = machine.cache();
+
+    let mut preprocess_bytes = [0u8; 64];
+    preprocess_bytes.copy_from_slice(&preprocess.serialize());
+    let preprocess = preprocess_bytes;
+
+    let mut txn = db.txn();
+    // If this attempt has already been preprocessed for, the Tributary will de-duplicate it
+    // This may mean the Tributary preprocess is distinct from ours, but we check for that later
+    TributaryTransactionsFromDkgConfirmation::send(
+      &mut txn,
+      set,
+      &Transaction::DkgConfirmationPreprocess { attempt, preprocess, signed: Default::default() },
+    );
+    txn.commit();
+
+    *signer = Some(Signer::Preprocess { attempt, seed, preprocess });
+  }
+}
+
+impl<CD: DbTrait, TD: DbTrait> ContinuallyRan for ConfirmDkgTask<CD, TD> {
+  type Error = DoesNotError;
+
+  fn run_iteration(&mut self) -> impl Send + Future<Output = Result<bool, Self::Error>> {
+    async move {
+      let mut made_progress = false;
+
+      // If we were sent a key to set, create the signer for it
+      if self.signer.is_none() && KeysToConfirm::get(&self.db, self.set.set).is_some() {
+        // Create and publish the initial preprocess
+        Self::preprocess(&mut self.db, self.set.set, 0, self.key.clone(), &mut self.signer);
+
+        made_progress = true;
+      }
+
+      // If we have keys to confirm, handle all messages from the tributary
+      if let Some(key_pair) = KeysToConfirm::get(&self.db, self.set.set) {
+        // Handle all messages from the Tributary
+        loop {
+          let mut tributary_txn = self.tributary_db.txn();
+          let Some(msg) = DkgConfirmationMessages::try_recv(&mut tributary_txn, self.set.set)
+          else {
+            break;
+          };
+
+          match msg {
+            messages::sign::CoordinatorMessage::Reattempt {
+              id: messages::sign::SignId { attempt, .. },
+            } => {
+              // Create and publish the preprocess for the specified attempt
+              Self::preprocess(
+                &mut self.db,
+                self.set.set,
+                attempt,
+                self.key.clone(),
+                &mut self.signer,
+              );
+            }
+            messages::sign::CoordinatorMessage::Preprocesses {
+              id: messages::sign::SignId { attempt, .. },
+              mut preprocesses,
+            } => {
+              // Confirm the preprocess we're expected to sign with is the one we locally have
+              // It may be different if we rebooted and made a second preprocess for this attempt
+              let Some(Signer::Preprocess { attempt: our_attempt, seed, preprocess }) =
+                self.signer.take()
+              else {
+                // If this message is not expected, commit the txn to drop it and move on
+                // At some point, we'll get a Reattempt and reset
+                tributary_txn.commit();
+                break;
+              };
+
+              // Determine the MuSig key signed with
+              let musig_validators = {
+                let mut ordered_participants = preprocesses.keys().copied().collect::<Vec<_>>();
+                ordered_participants.sort_by_key(|participant| u16::from(*participant));
+
+                let mut res = vec![];
+                for participant in ordered_participants {
+                  let (validator, _weight) =
+                    self.set.validators[usize::from(u16::from(participant) - 1)];
+                  res.push(validator);
+                }
+                res
+              };
+
+              let musig_public_keys = musig_validators
+                .iter()
+                .map(|key| {
+                  Ristretto::read_G(&mut key.0.as_slice())
+                    .expect("Serai validator had invalid public key")
+                })
+                .collect::<Vec<_>>();
+
+              let keys =
+                musig(musig_context(self.set.set.into()), self.key.clone(), &musig_public_keys)
+                  .unwrap();
+
+              // Rebuild the machine
+              let (machine, preprocess_from_cache) =
+                AlgorithmSignMachine::from_cache(schnorrkel(), keys, seed);
+              assert_eq!(preprocess.as_slice(), preprocess_from_cache.serialize().as_slice());
+
+              // Ensure this is a consistent signing session
+              let our_i = our_i(&self.set, &self.key, &preprocesses);
+              let consistent = (attempt == our_attempt) &&
+                (preprocesses.remove(&our_i).unwrap().as_slice() == preprocess.as_slice());
+              if !consistent {
+                tributary_txn.commit();
+                break;
+              }
+
+              // Reformat the preprocesses into the expected format for Musig
+              let preprocesses = match make_contiguous(our_i, preprocesses, |preprocess| {
+                machine.read_preprocess(&mut preprocess.as_slice())
+              }) {
+                Ok(preprocesses) => preprocesses,
+                // This yields the *original participant index*
+                Err(participant) => {
+                  Self::slash(
+                    &mut self.db,
+                    self.set.set,
+                    self.set.validators[usize::from(u16::from(participant) - 1)].0,
+                  );
+                  tributary_txn.commit();
+                  break;
+                }
+              };
+
+              // Calculate our share
+              let (machine, share) = match handle_frost_error(
+                machine.sign(preprocesses, &set_keys_message(&self.set.set, &key_pair)),
+              ) {
+                Ok((machine, share)) => (machine, share),
+                // This yields the *musig participant index*
+                Err(participant) => {
+                  Self::slash(
+                    &mut self.db,
+                    self.set.set,
+                    musig_validators[usize::from(u16::from(participant) - 1)],
+                  );
+                  tributary_txn.commit();
+                  break;
+                }
+              };
+
+              // Send our share
+              let share = <[u8; 32]>::try_from(share.serialize()).unwrap();
+              let mut txn = self.db.txn();
+              TributaryTransactionsFromDkgConfirmation::send(
+                &mut txn,
+                self.set.set,
+                &Transaction::DkgConfirmationShare { attempt, share, signed: Default::default() },
+              );
+              txn.commit();
+
+              self.signer = Some(Signer::Share {
+                attempt,
+                musig_validators,
+                share,
+                machine: Box::new(machine),
+              });
+            }
+            messages::sign::CoordinatorMessage::Shares {
+              id: messages::sign::SignId { attempt, .. },
+              mut shares,
+            } => {
+              let Some(Signer::Share { attempt: our_attempt, musig_validators, share, machine }) =
+                self.signer.take()
+              else {
+                tributary_txn.commit();
+                break;
+              };
+
+              // Ensure this is a consistent signing session
+              let our_i = our_i(&self.set, &self.key, &shares);
+              let consistent = (attempt == our_attempt) &&
+                (shares.remove(&our_i).unwrap().as_slice() == share.as_slice());
+              if !consistent {
+                tributary_txn.commit();
+                break;
+              }
+
+              // Reformat the shares into the expected format for Musig
+              let shares = match make_contiguous(our_i, shares, |share| {
+                machine.read_share(&mut share.as_slice())
+              }) {
+                Ok(shares) => shares,
+                // This yields the *original participant index*
+                Err(participant) => {
+                  Self::slash(
+                    &mut self.db,
+                    self.set.set,
+                    self.set.validators[usize::from(u16::from(participant) - 1)].0,
+                  );
+                  tributary_txn.commit();
+                  break;
+                }
+              };
+
+              match handle_frost_error(machine.complete(shares)) {
+                Ok(signature) => {
+                  // Create the bitvec of the participants
+                  let mut signature_participants;
+                  {
+                    use bitvec::prelude::*;
+                    signature_participants = bitvec![u8, Lsb0; 0; 0];
+                    let mut i = 0;
+                    for (validator, _) in &self.set.validators {
+                      if Some(validator) == musig_validators.get(i) {
+                        signature_participants.push(true);
+                        i += 1;
+                      } else {
+                        signature_participants.push(false);
+                      }
+                    }
+                  }
+
+                  // This is safe to call multiple times as it'll just change which *valid*
+                  // signature to publish
+                  let mut txn = self.db.txn();
+                  Keys::set(
+                    &mut txn,
+                    self.set.set,
+                    key_pair.clone(),
+                    signature_participants,
+                    signature.into(),
+                  );
+                  txn.commit();
+                }
+                // This yields the *musig participant index*
+                Err(participant) => {
+                  Self::slash(
+                    &mut self.db,
+                    self.set.set,
+                    musig_validators[usize::from(u16::from(participant) - 1)],
+                  );
+                  tributary_txn.commit();
+                  break;
+                }
+              }
+            }
+          }
+
+          // Because we successfully handled this message, note we made proress
+          made_progress = true;
+          tributary_txn.commit();
+        }
+      }
+
+      // Check if the key has been set on Serai
+      if KeysToConfirm::get(&self.db, self.set.set).is_some() &&
+        KeySet::get(&self.db, self.set.set).is_some()
+      {
+        // Take the keys to confirm so we never instantiate the signer again
+        let mut txn = self.db.txn();
+        KeysToConfirm::take(&mut txn, self.set.set);
+        KeySet::take(&mut txn, self.set.set);
+        txn.commit();
+
+        // Drop our own signer
+        // The task won't die until the Tributary does, but now it'll never do anything again
+        self.signer = None;
+
+        made_progress = true;
+      }
+
+      Ok(made_progress)
+    }
+  }
+}
--- a/coordinator/src/main.rs
+++ b/coordinator/src/main.rs
@@ -4,9 +4,10 @@ use std::{sync::Arc, collections::HashMap, time::Instant};
 use zeroize::{Zeroize, Zeroizing};
 use rand_core::{RngCore, OsRng};

+use dalek_ff_group::Ristretto;
 use ciphersuite::{
  group::{ff::PrimeField, GroupEncoding},
-  Ciphersuite, Ristretto,
+  *,
 };

 use borsh::BorshDeserialize;
@@ -14,8 +15,8 @@ use borsh::BorshDeserialize;
 use tokio::sync::mpsc;

 use serai_client::{
-  primitives::{NetworkId, PublicKey},
-  validator_sets::primitives::ValidatorSet,
+  primitives::{ExternalNetworkId, PublicKey, SeraiAddress, Signature},
+  validator_sets::primitives::{ExternalValidatorSet, KeyPair},
  Serai,
 };
 use message_queue::{Service, client::MessageQueue};
@@ -23,13 +24,17 @@ use message_queue::{Service, client::MessageQueue};
 use serai_task::{Task, TaskHandle, ContinuallyRan};

 use serai_cosign::{Faulted, SignedCosign, Cosigning};
-use serai_coordinator_substrate::{CanonicalEventStream, EphemeralEventStream, SignSlashReport};
-use serai_coordinator_tributary::{Signed, Transaction, SubstrateBlockPlans};
+use serai_coordinator_substrate::{
+  CanonicalEventStream, EphemeralEventStream, SignSlashReport, SetKeysTask, SignedBatches,
+  PublishBatchTask, SlashReports, PublishSlashReportTask,
+};
+use serai_coordinator_tributary::{SigningProtocolRound, Signed, Transaction, SubstrateBlockPlans};

 mod db;
 use db::*;

 mod tributary;
+mod dkg_confirmation;

 mod substrate;
 use substrate::SubstrateTask;
@@ -145,11 +150,24 @@ fn spawn_cosigning<D: serai_db::Db>(
  });
 }

-async fn handle_processor_messages(
+async fn handle_network(
  mut db: impl serai_db::Db,
  message_queue: Arc<MessageQueue>,
-  network: NetworkId,
+  serai: Arc<Serai>,
+  network: ExternalNetworkId,
 ) {
+  // Spawn the task to publish batches for this network
+  {
+    let (publish_batch_task_def, publish_batch_task) = Task::new();
+    tokio::spawn(
+      PublishBatchTask::new(db.clone(), serai.clone(), network)
+        .continually_run(publish_batch_task_def, vec![]),
+    );
+    // Forget its handle so it always runs in the background
+    core::mem::forget(publish_batch_task);
+  }
+
+  // Handle Processor messages
  loop {
    let (msg_id, msg) = {
      let msg = message_queue.next(Service::Processor(network)).await;
@@ -179,8 +197,8 @@ async fn handle_processor_messages(
    match msg {
      messages::ProcessorMessage::KeyGen(msg) => match msg {
        messages::key_gen::ProcessorMessage::Participation { session, participation } => {
-          let set = ValidatorSet { network, session };
-          TributaryTransactions::send(
+          let set = ExternalValidatorSet { network, session };
+          TributaryTransactionsFromProcessorMessages::send(
            &mut txn,
            set,
            &Transaction::DkgParticipation { participation, signed: Signed::default() },
@@ -190,45 +208,84 @@ async fn handle_processor_messages(
          session,
          substrate_key,
          network_key,
-        } => todo!("TODO Transaction::DkgConfirmationPreprocess"),
-        messages::key_gen::ProcessorMessage::Blame { session, participant } => {
-          let set = ValidatorSet { network, session };
-          TributaryTransactions::send(
+        } => {
+          KeysToConfirm::set(
            &mut txn,
-            set,
-            &Transaction::RemoveParticipant {
-              participant: todo!("TODO"),
-              signed: Signed::default(),
-            },
+            ExternalValidatorSet { network, session },
+            &KeyPair(
+              PublicKey::from_raw(substrate_key),
+              network_key
+                .try_into()
+                .expect("generated a network key which exceeds the maximum key length"),
+            ),
          );
        }
+        messages::key_gen::ProcessorMessage::Blame { session, participant } => {
+          RemoveParticipant::send(&mut txn, ExternalValidatorSet { network, session }, participant);
+        }
      },
      messages::ProcessorMessage::Sign(msg) => match msg {
        messages::sign::ProcessorMessage::InvalidParticipant { session, participant } => {
-          let set = ValidatorSet { network, session };
-          TributaryTransactions::send(
+          RemoveParticipant::send(&mut txn, ExternalValidatorSet { network, session }, participant);
+        }
+        messages::sign::ProcessorMessage::Preprocesses { id, preprocesses } => {
+          let set = ExternalValidatorSet { network, session: id.session };
+          if id.attempt == 0 {
+            // Batches are declared by their intent to be signed
+            if let messages::sign::VariantSignId::Batch(hash) = id.id {
+              TributaryTransactionsFromProcessorMessages::send(
+                &mut txn,
+                set,
+                &Transaction::Batch { hash },
+              );
+            }
+          }
+
+          TributaryTransactionsFromProcessorMessages::send(
            &mut txn,
            set,
-            &Transaction::RemoveParticipant {
-              participant: todo!("TODO"),
+            &Transaction::Sign {
+              id: id.id,
+              attempt: id.attempt,
+              round: SigningProtocolRound::Preprocess,
+              data: preprocesses,
              signed: Signed::default(),
            },
          );
        }
-        messages::sign::ProcessorMessage::Preprocesses { id, preprocesses } => {
-          todo!("TODO Transaction::Batch + Transaction::Sign")
+        messages::sign::ProcessorMessage::Shares { id, shares } => {
+          let set = ExternalValidatorSet { network, session: id.session };
+          TributaryTransactionsFromProcessorMessages::send(
+            &mut txn,
+            set,
+            &Transaction::Sign {
+              id: id.id,
+              attempt: id.attempt,
+              round: SigningProtocolRound::Share,
+              data: shares,
+              signed: Signed::default(),
+            },
+          );
        }
-        messages::sign::ProcessorMessage::Shares { id, shares } => todo!("TODO Transaction::Sign"),
      },
      messages::ProcessorMessage::Coordinator(msg) => match msg {
        messages::coordinator::ProcessorMessage::CosignedBlock { cosign } => {
          SignedCosigns::send(&mut txn, &cosign);
        }
        messages::coordinator::ProcessorMessage::SignedBatch { batch } => {
-          todo!("TODO PublishBatchTask")
+          SignedBatches::send(&mut txn, &batch);
        }
-        messages::coordinator::ProcessorMessage::SignedSlashReport { session, signature } => {
-          todo!("TODO PublishSlashReportTask")
+        messages::coordinator::ProcessorMessage::SignedSlashReport {
+          session,
+          slash_report,
+          signature,
+        } => {
+          SlashReports::set(
+            &mut txn,
+            ExternalValidatorSet { network, session },
+            slash_report,
+            Signature(signature),
+          );
        }
      },
      messages::ProcessorMessage::Substrate(msg) => match msg {
@@ -241,9 +298,9 @@ async fn handle_processor_messages(
              .push(plan.transaction_plan_id);
          }
          for (session, plans) in by_session {
-            let set = ValidatorSet { network, session };
+            let set = ExternalValidatorSet { network, session };
            SubstrateBlockPlans::set(&mut txn, set, block, &plans);
-            TributaryTransactions::send(
+            TributaryTransactionsFromProcessorMessages::send(
              &mut txn,
              set,
              &Transaction::SubstrateBlock { hash: block },
@@ -295,7 +352,7 @@ async fn main() {
    let mut key_bytes = [0; 32];
    key_bytes.copy_from_slice(&key_vec);
    key_vec.zeroize();
-    let key = Zeroizing::new(<Ristretto as Ciphersuite>::F::from_repr(key_bytes).unwrap());
+    let key = Zeroizing::new(<Ristretto as WrappedGroup>::F::from_repr(key_bytes).unwrap());
    key_bytes.zeroize();
    key
  };
@@ -309,10 +366,16 @@ async fn main() {
    // Cleanup all historic Tributaries
    while let Some(to_cleanup) = TributaryCleanup::try_recv(&mut txn) {
      prune_tributary_db(to_cleanup);
+      // Remove the keys to confirm for this network
+      KeysToConfirm::take(&mut txn, to_cleanup);
+      KeySet::take(&mut txn, to_cleanup);
      // Drain the cosign intents created for this set
      while !Cosigning::<Db>::intended_cosigns(&mut txn, to_cleanup).is_empty() {}
      // Drain the transactions to publish for this set
-      while TributaryTransactions::try_recv(&mut txn, to_cleanup).is_some() {}
+      while TributaryTransactionsFromProcessorMessages::try_recv(&mut txn, to_cleanup).is_some() {}
+      while TributaryTransactionsFromDkgConfirmation::try_recv(&mut txn, to_cleanup).is_some() {}
+      // Drain the participants to remove for this set
+      while RemoveParticipant::try_recv(&mut txn, to_cleanup).is_some() {}
      // Remove the SignSlashReport notification
      SignSlashReport::try_recv(&mut txn, to_cleanup);
    }
@@ -376,7 +439,7 @@ async fn main() {
    EphemeralEventStream::new(
      db.clone(),
      serai.clone(),
-      PublicKey::from_raw((<Ristretto as Ciphersuite>::generator() * serai_key.deref()).to_bytes()),
+      SeraiAddress((<Ristretto as WrappedGroup>::generator() * serai_key.deref()).to_bytes()),
    )
    .continually_run(substrate_ephemeral_task_def, vec![substrate_task]),
  );
@@ -417,12 +480,29 @@ async fn main() {
    .continually_run(substrate_task_def, vec![]),
  );

-  // Handle all of the Processors' messages
-  for network in serai_client::primitives::NETWORKS {
-    if network == NetworkId::Serai {
-      continue;
-    }
-    tokio::spawn(handle_processor_messages(db.clone(), message_queue.clone(), network));
+  // Handle each of the networks
+  for network in serai_client::primitives::EXTERNAL_NETWORKS {
+    tokio::spawn(handle_network(db.clone(), message_queue.clone(), serai.clone(), network));
+  }
+
+  // Spawn the task to set keys
+  {
+    let (set_keys_task_def, set_keys_task) = Task::new();
+    tokio::spawn(
+      SetKeysTask::new(db.clone(), serai.clone()).continually_run(set_keys_task_def, vec![]),
+    );
+    // Forget its handle so it always runs in the background
+    core::mem::forget(set_keys_task);
+  }
+
+  // Spawn the task to publish slash reports
+  {
+    let (publish_slash_report_task_def, publish_slash_report_task) = Task::new();
+    tokio::spawn(
+      PublishSlashReportTask::new(db, serai).continually_run(publish_slash_report_task_def, vec![]),
+    );
+    // Always have this run in the background
+    core::mem::forget(publish_slash_report_task);
  }

  // Run the spawned tasks ad-infinitum
--- a/coordinator/src/substrate.rs
+++ b/coordinator/src/substrate.rs
@@ -3,13 +3,14 @@ use std::sync::Arc;

 use zeroize::Zeroizing;

-use ciphersuite::{Ciphersuite, Ristretto};
+use ciphersuite::*;
+use dalek_ff_group::Ristretto;

 use tokio::sync::mpsc;

 use serai_db::{DbTxn, Db as DbTrait};

-use serai_client::validator_sets::primitives::{Session, ValidatorSet};
+use serai_client::validator_sets::primitives::{Session, ExternalValidatorSet};
 use message_queue::{Service, Metadata, client::MessageQueue};

 use tributary_sdk::Tributary;
@@ -19,16 +20,16 @@ use serai_task::ContinuallyRan;
 use serai_coordinator_tributary::Transaction;
 use serai_coordinator_p2p::P2p;

-use crate::Db;
+use crate::{Db, KeySet};

 pub(crate) struct SubstrateTask<P: P2p> {
-  pub(crate) serai_key: Zeroizing<<Ristretto as Ciphersuite>::F>,
+  pub(crate) serai_key: Zeroizing<<Ristretto as WrappedGroup>::F>,
  pub(crate) db: Db,
  pub(crate) message_queue: Arc<MessageQueue>,
  pub(crate) p2p: P,
  pub(crate) p2p_add_tributary:
-    mpsc::UnboundedSender<(ValidatorSet, Tributary<Db, Transaction, P>)>,
-  pub(crate) p2p_retire_tributary: mpsc::UnboundedSender<ValidatorSet>,
+    mpsc::UnboundedSender<(ExternalValidatorSet, Tributary<Db, Transaction, P>)>,
+  pub(crate) p2p_retire_tributary: mpsc::UnboundedSender<ExternalValidatorSet>,
 }

 impl<P: P2p> ContinuallyRan for SubstrateTask<P> {
@@ -38,7 +39,7 @@ impl<P: P2p> ContinuallyRan for SubstrateTask<P> {
      let mut made_progress = false;

      // Handle the Canonical events
-      for network in serai_client::primitives::NETWORKS {
+      for network in serai_client::primitives::EXTERNAL_NETWORKS {
        loop {
          let mut txn = self.db.txn();
          let Some(msg) = serai_coordinator_substrate::Canonical::try_recv(&mut txn, network)
@@ -47,8 +48,9 @@ impl<P: P2p> ContinuallyRan for SubstrateTask<P> {
          };

          match msg {
-            // TODO: Stop trying to confirm the DKG
-            messages::substrate::CoordinatorMessage::SetKeys { .. } => todo!("TODO"),
+            messages::substrate::CoordinatorMessage::SetKeys { session, .. } => {
+              KeySet::set(&mut txn, ExternalValidatorSet { network, session }, &());
+            }
            messages::substrate::CoordinatorMessage::SlashesReported { session } => {
              let prior_retired = crate::db::RetiredTributary::get(&txn, network);
              let next_to_be_retired =
@@ -57,7 +59,7 @@ impl<P: P2p> ContinuallyRan for SubstrateTask<P> {
              crate::db::RetiredTributary::set(&mut txn, network, &session);
              self
                .p2p_retire_tributary
-                .send(ValidatorSet { network, session })
+                .send(ExternalValidatorSet { network, session })
                .expect("p2p retire_tributary channel dropped?");
            }
            messages::substrate::CoordinatorMessage::Block { .. } => {}
@@ -107,7 +109,10 @@ impl<P: P2p> ContinuallyRan for SubstrateTask<P> {
          */
          crate::db::TributaryCleanup::send(
            &mut txn,
-            &ValidatorSet { network: new_set.set.network, session: Session(historic_session) },
+            &ExternalValidatorSet {
+              network: new_set.set.network,
+              session: Session(historic_session),
+            },
          );
        }

--- a/coordinator/src/tributary.rs
+++ b/coordinator/src/tributary.rs
@@ -4,14 +4,14 @@ use std::sync::Arc;
 use zeroize::Zeroizing;
 use rand_core::OsRng;
 use blake2::{digest::typenum::U32, Digest, Blake2s};
-use ciphersuite::{Ciphersuite, Ristretto};
+use ciphersuite::*;
+use dalek_ff_group::Ristretto;

 use tokio::sync::mpsc;

 use serai_db::{Get, DbTxn, Db as DbTrait, create_db, db_channel};

-use scale::Encode;
-use serai_client::validator_sets::primitives::ValidatorSet;
+use serai_client::validator_sets::primitives::ExternalValidatorSet;

 use tributary_sdk::{TransactionKind, TransactionError, ProvidedError, TransactionTrait, Tributary};

@@ -21,14 +21,25 @@ use message_queue::{Service, Metadata, client::MessageQueue};

 use serai_cosign::{Faulted, CosignIntent, Cosigning};
 use serai_coordinator_substrate::{NewSetInformation, SignSlashReport};
-use serai_coordinator_tributary::{Transaction, ProcessorMessages, CosignIntents, ScanTributaryTask};
+use serai_coordinator_tributary::{
+  Topic, Transaction, ProcessorMessages, CosignIntents, RecognizedTopics, ScanTributaryTask,
+};
 use serai_coordinator_p2p::P2p;

-use crate::{Db, TributaryTransactions};
+use crate::{
+  Db, TributaryTransactionsFromProcessorMessages, TributaryTransactionsFromDkgConfirmation,
+  RemoveParticipant, dkg_confirmation::ConfirmDkgTask,
+};
+
+create_db! {
+  Coordinator {
+     PublishOnRecognition: (set: ExternalValidatorSet, topic: Topic) -> Transaction,
+  }
+}

 db_channel! {
  Coordinator {
-    PendingCosigns: (set: ValidatorSet) -> CosignIntent,
+    PendingCosigns: (set: ExternalValidatorSet) -> CosignIntent,
  }
 }

@@ -37,7 +48,7 @@ db_channel! {
 /// This is not a well-designed function. This is specific to the context in which its called,
 /// within this file. It should only be considered an internal helper for this domain alone.
 async fn provide_transaction<TD: DbTrait, P: P2p>(
-  set: ValidatorSet,
+  set: ExternalValidatorSet,
  tributary: &Tributary<TD, Transaction, P>,
  tx: Transaction,
 ) {
@@ -56,9 +67,7 @@ async fn provide_transaction<TD: DbTrait, P: P2p>(
    // advancing
    Err(ProvidedError::LocalMismatchesOnChain) => loop {
      log::error!(
-        "Tributary {:?} was supposed to provide {:?} but peers disagree, halting Tributary",
-        set,
-        tx,
+        "Tributary {set:?} was supposed to provide {tx:?} but peers disagree, halting Tributary",
      );
      // Print this every five minutes as this does need to be handled
      tokio::time::sleep(Duration::from_secs(5 * 60)).await;
@@ -147,13 +156,102 @@ impl<CD: DbTrait, TD: DbTrait, P: P2p> ContinuallyRan
  }
 }

-/// Adds all of the transactions sent via `TributaryTransactions`.
+#[must_use]
+async fn add_signed_unsigned_transaction<TD: DbTrait, P: P2p>(
+  tributary: &Tributary<TD, Transaction, P>,
+  key: &Zeroizing<<Ristretto as WrappedGroup>::F>,
+  mut tx: Transaction,
+) -> bool {
+  // If this is a signed transaction, sign it
+  if matches!(tx.kind(), TransactionKind::Signed(_, _)) {
+    tx.sign(&mut OsRng, tributary.genesis(), key);
+  }
+
+  let res = tributary.add_transaction(tx.clone()).await;
+  match &res {
+    // Fresh publication, already published
+    Ok(true | false) => {}
+    Err(
+      TransactionError::TooLargeTransaction |
+      TransactionError::InvalidSigner |
+      TransactionError::InvalidSignature |
+      TransactionError::InvalidContent,
+    ) => {
+      panic!("created an invalid transaction, tx: {tx:?}, err: {res:?}");
+    }
+    // InvalidNonce may be out-of-order TXs, not invalid ones, but we only create nonce #n+1 after
+    // on-chain inclusion of the TX with nonce #n, so it is invalid within our context unless the
+    // issue is this transaction was already included on-chain
+    Err(TransactionError::InvalidNonce) => {
+      let TransactionKind::Signed(order, signed) = tx.kind() else {
+        panic!("non-Signed transaction had InvalidNonce");
+      };
+      let next_nonce = tributary
+        .next_nonce(&signed.signer, &order)
+        .await
+        .expect("signer who is a present validator didn't have a nonce");
+      assert!(next_nonce != signed.nonce);
+      // We're publishing an old transaction
+      if next_nonce > signed.nonce {
+        return true;
+      }
+      panic!("nonce in transaction wasn't contiguous with nonce on-chain");
+    }
+    // We've published too many transactions recently
+    Err(TransactionError::TooManyInMempool) => {
+      return false;
+    }
+    // This isn't a Provided transaction so this should never be hit
+    Err(TransactionError::ProvidedAddedToMempool) => unreachable!(),
+  }
+
+  true
+}
+
+async fn add_with_recognition_check<TD: DbTrait, P: P2p>(
+  set: ExternalValidatorSet,
+  tributary_db: &mut TD,
+  tributary: &Tributary<TD, Transaction, P>,
+  key: &Zeroizing<<Ristretto as WrappedGroup>::F>,
+  tx: Transaction,
+) -> bool {
+  let kind = tx.kind();
+  match kind {
+    TransactionKind::Provided(_) => provide_transaction(set, tributary, tx).await,
+    TransactionKind::Unsigned | TransactionKind::Signed(_, _) => {
+      // If this is a transaction with signing data, check the topic is recognized before
+      // publishing
+      let topic = tx.topic();
+      let still_requires_recognition = if let Some(topic) = topic {
+        (topic.requires_recognition() && (!RecognizedTopics::recognized(tributary_db, set, topic)))
+          .then_some(topic)
+      } else {
+        None
+      };
+      if let Some(topic) = still_requires_recognition {
+        // Queue the transaction until the topic is recognized
+        // We use the Tributary DB for this so it's cleaned up when the Tributary DB is
+        let mut tributary_txn = tributary_db.txn();
+        PublishOnRecognition::set(&mut tributary_txn, set, topic, &tx);
+        tributary_txn.commit();
+      } else {
+        // Actually add the transaction
+        if !add_signed_unsigned_transaction(tributary, key, tx).await {
+          return false;
+        }
+      }
+    }
+  }
+  true
+}
+
+/// Adds all of the transactions sent via `TributaryTransactionsFromProcessorMessages`.
 pub(crate) struct AddTributaryTransactionsTask<CD: DbTrait, TD: DbTrait, P: P2p> {
  db: CD,
  tributary_db: TD,
  tributary: Tributary<TD, Transaction, P>,
-  set: ValidatorSet,
-  key: Zeroizing<<Ristretto as Ciphersuite>::F>,
+  set: NewSetInformation,
+  key: Zeroizing<<Ristretto as WrappedGroup>::F>,
 }
 impl<CD: DbTrait, TD: DbTrait, P: P2p> ContinuallyRan for AddTributaryTransactionsTask<CD, TD, P> {
  type Error = DoesNotError;
@@ -161,49 +259,87 @@ impl<CD: DbTrait, TD: DbTrait, P: P2p> ContinuallyRan for AddTributaryTransactio
  fn run_iteration(&mut self) -> impl Send + Future<Output = Result<bool, Self::Error>> {
    async move {
      let mut made_progress = false;
+
+      // Provide/add all transactions sent our way
      loop {
        let mut txn = self.db.txn();
-        let Some(mut tx) = TributaryTransactions::try_recv(&mut txn, self.set) else { break };
+        let Some(tx) = TributaryTransactionsFromDkgConfirmation::try_recv(&mut txn, self.set.set)
+        else {
+          break;
+        };

-        let kind = tx.kind();
-        match kind {
-          TransactionKind::Provided(_) => provide_transaction(self.set, &self.tributary, tx).await,
-          TransactionKind::Unsigned | TransactionKind::Signed(_, _) => {
-            // If this is a signed transaction, sign it
-            if matches!(kind, TransactionKind::Signed(_, _)) {
-              tx.sign(&mut OsRng, self.tributary.genesis(), &self.key);
-            }
-
-            // Actually add the transaction
-            // TODO: If this is a preprocess, make sure the topic has been recognized
-            let res = self.tributary.add_transaction(tx.clone()).await;
-            match &res {
-              // Fresh publication, already published
-              Ok(true | false) => {}
-              Err(
-                TransactionError::TooLargeTransaction |
-                TransactionError::InvalidSigner |
-                TransactionError::InvalidNonce |
-                TransactionError::InvalidSignature |
-                TransactionError::InvalidContent,
-              ) => {
-                panic!("created an invalid transaction, tx: {tx:?}, err: {res:?}");
-              }
-              // We've published too many transactions recently
-              // Drop this txn to try to publish it again later on a future iteration
-              Err(TransactionError::TooManyInMempool) => {
-                drop(txn);
-                break;
-              }
-              // This isn't a Provided transaction so this should never be hit
-              Err(TransactionError::ProvidedAddedToMempool) => unreachable!(),
-            }
-          }
+        if !add_with_recognition_check(
+          self.set.set,
+          &mut self.tributary_db,
+          &self.tributary,
+          &self.key,
+          tx,
+        )
+        .await
+        {
+          break;
        }

        made_progress = true;
        txn.commit();
      }
+
+      loop {
+        let mut txn = self.db.txn();
+        let Some(tx) = TributaryTransactionsFromProcessorMessages::try_recv(&mut txn, self.set.set)
+        else {
+          break;
+        };
+
+        if !add_with_recognition_check(
+          self.set.set,
+          &mut self.tributary_db,
+          &self.tributary,
+          &self.key,
+          tx,
+        )
+        .await
+        {
+          break;
+        }
+
+        made_progress = true;
+        txn.commit();
+      }
+
+      // Provide/add all transactions due to newly recognized topics
+      loop {
+        let mut tributary_txn = self.tributary_db.txn();
+        let Some(topic) =
+          RecognizedTopics::try_recv_topic_requiring_recognition(&mut tributary_txn, self.set.set)
+        else {
+          break;
+        };
+        if let Some(tx) = PublishOnRecognition::take(&mut tributary_txn, self.set.set, topic) {
+          if !add_signed_unsigned_transaction(&self.tributary, &self.key, tx).await {
+            break;
+          }
+        }
+
+        made_progress = true;
+        tributary_txn.commit();
+      }
+
+      // Publish any participant removals
+      loop {
+        let mut txn = self.db.txn();
+        let Some(participant) = RemoveParticipant::try_recv(&mut txn, self.set.set) else { break };
+        let tx = Transaction::RemoveParticipant {
+          participant: self.set.participant_indexes_reverse_lookup[&participant],
+          signed: Default::default(),
+        };
+        if !add_signed_unsigned_transaction(&self.tributary, &self.key, tx).await {
+          break;
+        }
+        made_progress = true;
+        txn.commit();
+      }
+
      Ok(made_progress)
    }
  }
@@ -212,7 +348,7 @@ impl<CD: DbTrait, TD: DbTrait, P: P2p> ContinuallyRan for AddTributaryTransactio
 /// Takes the messages from ScanTributaryTask and publishes them to the message-queue.
 pub(crate) struct TributaryProcessorMessagesTask<TD: DbTrait> {
  tributary_db: TD,
-  set: ValidatorSet,
+  set: ExternalValidatorSet,
  message_queue: Arc<MessageQueue>,
 }
 impl<TD: DbTrait> ContinuallyRan for TributaryProcessorMessagesTask<TD> {
@@ -245,7 +381,7 @@ pub(crate) struct SignSlashReportTask<CD: DbTrait, TD: DbTrait, P: P2p> {
  tributary_db: TD,
  tributary: Tributary<TD, Transaction, P>,
  set: NewSetInformation,
-  key: Zeroizing<<Ristretto as Ciphersuite>::F>,
+  key: Zeroizing<<Ristretto as WrappedGroup>::F>,
 }
 impl<CD: DbTrait, TD: DbTrait, P: P2p> ContinuallyRan for SignSlashReportTask<CD, TD, P> {
  type Error = DoesNotError;
@@ -292,7 +428,7 @@ impl<CD: DbTrait, TD: DbTrait, P: P2p> ContinuallyRan for SignSlashReportTask<CD
 /// Run the scan task whenever the Tributary adds a new block.
 async fn scan_on_new_block<CD: DbTrait, TD: DbTrait, P: P2p>(
  db: CD,
-  set: ValidatorSet,
+  set: ExternalValidatorSet,
  tributary: Tributary<TD, Transaction, P>,
  scan_tributary_task: TaskHandle,
  tasks_to_keep_alive: Vec<TaskHandle>,
@@ -323,15 +459,17 @@ async fn scan_on_new_block<CD: DbTrait, TD: DbTrait, P: P2p>(
 /// - Spawn the ScanTributaryTask
 /// - Spawn the ProvideCosignCosignedTransactionsTask
 /// - Spawn the TributaryProcessorMessagesTask
+/// - Spawn the AddTributaryTransactionsTask
+/// - Spawn the ConfirmDkgTask
 /// - Spawn the SignSlashReportTask
 /// - Iterate the scan task whenever a new block occurs (not just on the standard interval)
 pub(crate) async fn spawn_tributary<P: P2p>(
  db: Db,
  message_queue: Arc<MessageQueue>,
  p2p: P,
-  p2p_add_tributary: &mpsc::UnboundedSender<(ValidatorSet, Tributary<Db, Transaction, P>)>,
+  p2p_add_tributary: &mpsc::UnboundedSender<(ExternalValidatorSet, Tributary<Db, Transaction, P>)>,
  set: NewSetInformation,
-  serai_key: Zeroizing<<Ristretto as Ciphersuite>::F>,
+  serai_key: Zeroizing<<Ristretto as WrappedGroup>::F>,
 ) {
  // Don't spawn retired Tributaries
  if crate::db::RetiredTributary::get(&db, set.set.network).map(|session| session.0) >=
@@ -340,7 +478,8 @@ pub(crate) async fn spawn_tributary<P: P2p>(
    return;
  }

-  let genesis = <[u8; 32]>::from(Blake2s::<U32>::digest((set.serai_block, set.set).encode()));
+  let genesis =
+    <[u8; 32]>::from(Blake2s::<U32>::digest(borsh::to_vec(&(set.serai_block, set.set)).unwrap()));

  // Since the Serai block will be finalized, then cosigned, before we handle this, this time will
  // be a couple of minutes stale. While the Tributary will still function with a start time in the
@@ -351,7 +490,7 @@ pub(crate) async fn spawn_tributary<P: P2p>(

  let mut tributary_validators = Vec::with_capacity(set.validators.len());
  for (validator, weight) in set.validators.iter().copied() {
-    let validator_key = <Ristretto as Ciphersuite>::read_G(&mut validator.0.as_slice())
+    let validator_key = <Ristretto as GroupIo>::read_G(&mut validator.0.as_slice())
      .expect("Serai validator had an invalid public key");
    let weight = u64::from(weight);
    tributary_validators.push((validator_key, weight));
@@ -403,38 +542,45 @@ pub(crate) async fn spawn_tributary<P: P2p>(
  // Spawn the scan task
  let (scan_tributary_task_def, scan_tributary_task) = Task::new();
  tokio::spawn(
-    ScanTributaryTask::<_, P>::new(tributary_db.clone(), &set, reader)
+    ScanTributaryTask::<_, P>::new(tributary_db.clone(), set.clone(), reader)
      // This is the only handle for this TributaryProcessorMessagesTask, so when this task is
      // dropped, it will be too
      .continually_run(scan_tributary_task_def, vec![scan_tributary_messages_task]),
  );

-  // Spawn the sign slash report task
-  let (sign_slash_report_task_def, sign_slash_report_task) = Task::new();
-  tokio::spawn(
-    (SignSlashReportTask {
-      db: db.clone(),
-      tributary_db: tributary_db.clone(),
-      tributary: tributary.clone(),
-      set: set.clone(),
-      key: serai_key.clone(),
-    })
-    .continually_run(sign_slash_report_task_def, vec![]),
-  );
-
  // Spawn the add transactions task
  let (add_tributary_transactions_task_def, add_tributary_transactions_task) = Task::new();
  tokio::spawn(
    (AddTributaryTransactionsTask {
      db: db.clone(),
-      tributary_db,
+      tributary_db: tributary_db.clone(),
      tributary: tributary.clone(),
-      set: set.set,
-      key: serai_key,
+      set: set.clone(),
+      key: serai_key.clone(),
    })
    .continually_run(add_tributary_transactions_task_def, vec![]),
  );

+  // Spawn the task to confirm the DKG result
+  let (confirm_dkg_task_def, confirm_dkg_task) = Task::new();
+  tokio::spawn(
+    ConfirmDkgTask::new(db.clone(), set.clone(), tributary_db.clone(), serai_key.clone())
+      .continually_run(confirm_dkg_task_def, vec![add_tributary_transactions_task]),
+  );
+
+  // Spawn the sign slash report task
+  let (sign_slash_report_task_def, sign_slash_report_task) = Task::new();
+  tokio::spawn(
+    (SignSlashReportTask {
+      db: db.clone(),
+      tributary_db,
+      tributary: tributary.clone(),
+      set: set.clone(),
+      key: serai_key,
+    })
+    .continually_run(sign_slash_report_task_def, vec![]),
+  );
+
  // Whenever a new block occurs, immediately run the scan task
  // This function also preserves the ProvideCosignCosignedTransactionsTask handle until the
  // Tributary is retired, ensuring it isn't dropped prematurely and that the task don't run ad
@@ -444,10 +590,6 @@ pub(crate) async fn spawn_tributary<P: P2p>(
    set.set,
    tributary,
    scan_tributary_task,
-    vec![
-      provide_cosign_cosigned_transactions_task,
-      sign_slash_report_task,
-      add_tributary_transactions_task,
-    ],
+    vec![provide_cosign_cosigned_transactions_task, confirm_dkg_task, sign_slash_report_task],
  ));
 }
--- a/coordinator/substrate/Cargo.toml
+++ b/coordinator/substrate/Cargo.toml
@@ -8,7 +8,7 @@ authors = ["Luke Parker <lukeparker5132@gmail.com>"]
 keywords = []
 edition = "2021"
 publish = false
-rust-version = "1.81"
+rust-version = "1.85"

 [package.metadata.docs.rs]
 all-features = true
@@ -20,9 +20,11 @@ workspace = true
 [dependencies]
 bitvec = { version = "1", default-features = false, features = ["std"] }

-scale = { package = "parity-scale-codec", version = "3", default-features = false, features = ["std", "derive", "bit-vec"] }
 borsh = { version = "1", default-features = false, features = ["std", "derive", "de_strict_order"] }
-serai-client = { path = "../../substrate/client", version = "0.1", default-features = false, features = ["serai", "borsh"] }
+
+dkg = { path = "../../crypto/dkg", default-features = false, features = ["std"] }
+
+serai-client = { path = "../../substrate/client", version = "0.1", default-features = false, features = ["serai"] }

 log = { version = "0.4", default-features = false, features = ["std"] }

--- a/coordinator/substrate/LICENSE
+++ b/coordinator/substrate/LICENSE
@@ -1,6 +1,6 @@
 AGPL-3.0-only license

-Copyright (c) 2023-2024 Luke Parker
+Copyright (c) 2023-2025 Luke Parker

 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU Affero General Public License Version 3 as
--- a/coordinator/substrate/src/canonical.rs
+++ b/coordinator/substrate/src/canonical.rs
@@ -3,7 +3,7 @@ use std::sync::Arc;

 use futures::stream::{StreamExt, FuturesOrdered};

-use serai_client::Serai;
+use serai_client::{validator_sets::primitives::ExternalValidatorSet, Serai};

 use messages::substrate::{InInstructionResult, ExecutedBatch, CoordinatorMessage};

@@ -152,6 +152,7 @@ impl<D: Db> ContinuallyRan for CanonicalEventStream<D> {
          else {
            panic!("SetRetired event wasn't a SetRetired event: {set_retired:?}");
          };
+          let Ok(set) = ExternalValidatorSet::try_from(*set) else { continue };
          crate::Canonical::send(
            &mut txn,
            set.network,
@@ -159,7 +160,7 @@ impl<D: Db> ContinuallyRan for CanonicalEventStream<D> {
          );
        }

-        for network in serai_client::primitives::NETWORKS {
+        for network in serai_client::primitives::EXTERNAL_NETWORKS {
          let mut batch = None;
          for this_batch in &block.batch_events {
            let serai_client::in_instructions::InInstructionsEvent::Batch {
@@ -180,7 +181,7 @@ impl<D: Db> ContinuallyRan for CanonicalEventStream<D> {
              batch = Some(ExecutedBatch {
                id: *id,
                publisher: *publishing_session,
-                external_network_block_hash: *external_network_block_hash,
+                external_network_block_hash: external_network_block_hash.0,
                in_instructions_hash: *in_instructions_hash,
                in_instruction_results: in_instruction_results
                  .iter()
@@ -201,7 +202,7 @@ impl<D: Db> ContinuallyRan for CanonicalEventStream<D> {
            let serai_client::coins::CoinsEvent::BurnWithInstruction { from: _, instruction } =
              &burn
            else {
-              panic!("Burn event wasn't a Burn.in event: {burn:?}");
+              panic!("BurnWithInstruction event wasn't a BurnWithInstruction event: {burn:?}");
            };
            if instruction.balance.coin.network() == network {
              burns.push(instruction.clone());
--- a/coordinator/substrate/src/ephemeral.rs
+++ b/coordinator/substrate/src/ephemeral.rs
@@ -4,8 +4,8 @@ use std::sync::Arc;
 use futures::stream::{StreamExt, FuturesOrdered};

 use serai_client::{
-  primitives::{PublicKey, NetworkId, EmbeddedEllipticCurve},
-  validator_sets::primitives::MAX_KEY_SHARES_PER_SET,
+  primitives::{SeraiAddress, EmbeddedEllipticCurve},
+  validator_sets::primitives::{MAX_KEY_SHARES_PER_SET, ExternalValidatorSet},
  Serai,
 };

@@ -26,14 +26,14 @@ create_db!(
 pub struct EphemeralEventStream<D: Db> {
  db: D,
  serai: Arc<Serai>,
-  validator: PublicKey,
+  validator: SeraiAddress,
 }

 impl<D: Db> EphemeralEventStream<D> {
  /// Create a new ephemeral event stream.
  ///
  /// Only one of these may exist over the provided database.
-  pub fn new(db: D, serai: Arc<Serai>, validator: PublicKey) -> Self {
+  pub fn new(db: D, serai: Arc<Serai>, validator: SeraiAddress) -> Self {
    Self { db, serai, validator }
  }
 }
@@ -130,21 +130,22 @@ impl<D: Db> ContinuallyRan for EphemeralEventStream<D> {
          let serai_client::validator_sets::ValidatorSetsEvent::NewSet { set } = &new_set else {
            panic!("NewSet event wasn't a NewSet event: {new_set:?}");
          };
-
          // We only coordinate over external networks
-          if set.network == NetworkId::Serai {
-            continue;
-          }
+          let Ok(set) = ExternalValidatorSet::try_from(*set) else { continue };

          let serai = self.serai.as_of(block.block_hash);
          let serai = serai.validator_sets();
          let Some(validators) =
-            serai.participants(set.network).await.map_err(|e| format!("{e:?}"))?
+            serai.participants(set.network.into()).await.map_err(|e| format!("{e:?}"))?
          else {
            Err(format!(
              "block #{block_number} declared a new set but didn't have the participants"
            ))?
          };
+          let validators = validators
+            .into_iter()
+            .map(|(validator, weight)| (SeraiAddress::from(validator), weight))
+            .collect::<Vec<_>>();
          let in_set = validators.iter().any(|(validator, _)| *validator == self.validator);
          if in_set {
            if u16::try_from(validators.len()).is_err() {
@@ -177,14 +178,16 @@ impl<D: Db> ContinuallyRan for EphemeralEventStream<D> {
              embedded_elliptic_curve_keys.push_back(async move {
                tokio::try_join!(
                  // One future to fetch the substrate embedded key
-                  serai
-                    .embedded_elliptic_curve_key(validator, EmbeddedEllipticCurve::Embedwards25519),
+                  serai.embedded_elliptic_curve_key(
+                    validator.into(),
+                    EmbeddedEllipticCurve::Embedwards25519
+                  ),
                  // One future to fetch the external embedded key, if there is a distinct curve
                  async {
                    // `embedded_elliptic_curves` is documented to have the second entry be the
                    // network-specific curve (if it exists and is distinct from Embedwards25519)
                    if let Some(curve) = set.network.embedded_elliptic_curves().get(1) {
-                      serai.embedded_elliptic_curve_key(validator, *curve).await.map(Some)
+                      serai.embedded_elliptic_curve_key(validator.into(), *curve).await.map(Some)
                    } else {
                      Ok(None)
                    }
@@ -215,19 +218,22 @@ impl<D: Db> ContinuallyRan for EphemeralEventStream<D> {
              }
            }

-            crate::NewSet::send(
-              &mut txn,
-              &NewSetInformation {
-                set: *set,
-                serai_block: block.block_hash,
-                declaration_time: block.time,
-                // TODO: Why do we have this as an explicit field here?
-                // Shouldn't thiis be inlined into the Processor's key gen code, where it's used?
-                threshold: ((total_weight * 2) / 3) + 1,
-                validators,
-                evrf_public_keys,
-              },
-            );
+            let mut new_set = NewSetInformation {
+              set,
+              serai_block: block.block_hash,
+              declaration_time: block.time,
+              // TODO: This should be inlined into the Processor's key gen code
+              // It's legacy from when we removed participants from the key gen
+              threshold: ((total_weight * 2) / 3) + 1,
+              validators,
+              evrf_public_keys,
+              participant_indexes: Default::default(),
+              participant_indexes_reverse_lookup: Default::default(),
+            };
+            // These aren't serialized, and we immediately serialize and drop this, so this isn't
+            // necessary. It's just good practice not have this be dirty
+            new_set.init_participant_indexes();
+            crate::NewSet::send(&mut txn, &new_set);
          }
        }

@@ -237,7 +243,8 @@ impl<D: Db> ContinuallyRan for EphemeralEventStream<D> {
          else {
            panic!("AcceptedHandover event wasn't a AcceptedHandover event: {accepted_handover:?}");
          };
-          crate::SignSlashReport::send(&mut txn, *set);
+          let Ok(set) = ExternalValidatorSet::try_from(*set) else { continue };
+          crate::SignSlashReport::send(&mut txn, set);
        }

        txn.commit();
--- a/coordinator/substrate/src/lib.rs
+++ b/coordinator/substrate/src/lib.rs
@@ -2,12 +2,15 @@
 #![doc = include_str!("../README.md")]
 #![deny(missing_docs)]

-use scale::{Encode, Decode};
-use borsh::{io, BorshSerialize, BorshDeserialize};
+use std::collections::HashMap;
+
+use borsh::{BorshSerialize, BorshDeserialize};
+
+use dkg::Participant;

 use serai_client::{
-  primitives::{NetworkId, PublicKey, Signature, SeraiAddress},
-  validator_sets::primitives::{Session, ValidatorSet, KeyPair},
+  primitives::{ExternalNetworkId, SeraiAddress, Signature},
+  validator_sets::primitives::{Session, ExternalValidatorSet, KeyPair, SlashReport},
  in_instructions::primitives::SignedBatch,
  Transaction,
 };
@@ -26,25 +29,12 @@ pub use publish_batch::PublishBatchTask;
 mod publish_slash_report;
 pub use publish_slash_report::PublishSlashReportTask;

-fn borsh_serialize_validators<W: io::Write>(
-  validators: &Vec<(PublicKey, u16)>,
-  writer: &mut W,
-) -> Result<(), io::Error> {
-  // This doesn't use `encode_to` as `encode_to` panics if the writer returns an error
-  writer.write_all(&validators.encode())
-}
-
-fn borsh_deserialize_validators<R: io::Read>(
-  reader: &mut R,
-) -> Result<Vec<(PublicKey, u16)>, io::Error> {
-  Decode::decode(&mut scale::IoReader(reader)).map_err(io::Error::other)
-}
-
 /// The information for a new set.
 #[derive(Clone, Debug, BorshSerialize, BorshDeserialize)]
+#[borsh(init = init_participant_indexes)]
 pub struct NewSetInformation {
  /// The set.
-  pub set: ValidatorSet,
+  pub set: ExternalValidatorSet,
  /// The Serai block which declared it.
  pub serai_block: [u8; 32],
  /// The time of the block which declared it, in seconds.
@@ -52,13 +42,37 @@ pub struct NewSetInformation {
  /// The threshold to use.
  pub threshold: u16,
  /// The validators, with the amount of key shares they have.
-  #[borsh(
-    serialize_with = "borsh_serialize_validators",
-    deserialize_with = "borsh_deserialize_validators"
-  )]
-  pub validators: Vec<(PublicKey, u16)>,
+  pub validators: Vec<(SeraiAddress, u16)>,
  /// The eVRF public keys.
+  ///
+  /// This will have the necessary copies of the keys proper for each validator's weight,
+  /// accordingly syncing up with `participant_indexes`.
  pub evrf_public_keys: Vec<([u8; 32], Vec<u8>)>,
+  /// The participant indexes, indexed by their validator.
+  #[borsh(skip)]
+  pub participant_indexes: HashMap<SeraiAddress, Vec<Participant>>,
+  /// The validators, indexed by their participant indexes.
+  #[borsh(skip)]
+  pub participant_indexes_reverse_lookup: HashMap<Participant, SeraiAddress>,
+}
+
+impl NewSetInformation {
+  fn init_participant_indexes(&mut self) {
+    let mut next_i = 1;
+    self.participant_indexes = HashMap::with_capacity(self.validators.len());
+    self.participant_indexes_reverse_lookup = HashMap::with_capacity(self.validators.len());
+    for (validator, weight) in &self.validators {
+      let mut these_is = Vec::with_capacity((*weight).into());
+      for _ in 0 .. *weight {
+        let this_i = Participant::new(next_i).unwrap();
+        next_i += 1;
+
+        these_is.push(this_i);
+        self.participant_indexes_reverse_lookup.insert(this_i, *validator);
+      }
+      self.participant_indexes.insert(*validator, these_is);
+    }
+  }
 }

 mod _public_db {
@@ -67,24 +81,24 @@ mod _public_db {
  db_channel!(
    CoordinatorSubstrate {
      // Canonical messages to send to the processor
-      Canonical: (network: NetworkId) -> messages::substrate::CoordinatorMessage,
+      Canonical: (network: ExternalNetworkId) -> messages::substrate::CoordinatorMessage,

      // Relevant new set, from an ephemeral event stream
      NewSet: () -> NewSetInformation,
      // Potentially relevant sign slash report, from an ephemeral event stream
-      SignSlashReport: (set: ValidatorSet) -> (),
+      SignSlashReport: (set: ExternalValidatorSet) -> (),

      // Signed batches to publish onto the Serai network
-      SignedBatches: (network: NetworkId) -> SignedBatch,
+      SignedBatches: (network: ExternalNetworkId) -> SignedBatch,
    }
  );

  create_db!(
    CoordinatorSubstrate {
      // Keys to set on the Serai network
-      Keys: (network: NetworkId) -> (Session, Vec<u8>),
+      Keys: (network: ExternalNetworkId) -> (Session, Vec<u8>),
      // Slash reports to publish onto the Serai network
-      SlashReports: (network: NetworkId) -> (Session, Vec<u8>),
+      SlashReports: (network: ExternalNetworkId) -> (Session, Vec<u8>),
    }
  );
 }
@@ -94,7 +108,7 @@ pub struct Canonical;
 impl Canonical {
  pub(crate) fn send(
    txn: &mut impl DbTxn,
-    network: NetworkId,
+    network: ExternalNetworkId,
    msg: &messages::substrate::CoordinatorMessage,
  ) {
    _public_db::Canonical::send(txn, network, msg);
@@ -102,7 +116,7 @@ impl Canonical {
  /// Try to receive a canonical event, returning `None` if there is none to receive.
  pub fn try_recv(
    txn: &mut impl DbTxn,
-    network: NetworkId,
+    network: ExternalNetworkId,
  ) -> Option<messages::substrate::CoordinatorMessage> {
    _public_db::Canonical::try_recv(txn, network)
  }
@@ -126,12 +140,12 @@ impl NewSet {
 /// notifications for all relevant validator sets will be included.
 pub struct SignSlashReport;
 impl SignSlashReport {
-  pub(crate) fn send(txn: &mut impl DbTxn, set: ValidatorSet) {
+  pub(crate) fn send(txn: &mut impl DbTxn, set: ExternalValidatorSet) {
    _public_db::SignSlashReport::send(txn, set, &());
  }
  /// Try to receive a notification to sign a slash report, returning `None` if there is none to
  /// receive.
-  pub fn try_recv(txn: &mut impl DbTxn, set: ValidatorSet) -> Option<()> {
+  pub fn try_recv(txn: &mut impl DbTxn, set: ExternalValidatorSet) -> Option<()> {
    _public_db::SignSlashReport::try_recv(txn, set)
  }
 }
@@ -145,7 +159,7 @@ impl Keys {
  /// reported at once.
  pub fn set(
    txn: &mut impl DbTxn,
-    set: ValidatorSet,
+    set: ExternalValidatorSet,
    key_pair: KeyPair,
    signature_participants: bitvec::vec::BitVec<u8, bitvec::order::Lsb0>,
    signature: Signature,
@@ -163,11 +177,13 @@ impl Keys {
      signature_participants,
      signature,
    );
-    _public_db::Keys::set(txn, set.network, &(set.session, tx.encode()));
+    _public_db::Keys::set(txn, set.network, &(set.session, tx));
  }
-  pub(crate) fn take(txn: &mut impl DbTxn, network: NetworkId) -> Option<(Session, Transaction)> {
-    let (session, tx) = _public_db::Keys::take(txn, network)?;
-    Some((session, <_>::decode(&mut tx.as_slice()).unwrap()))
+  pub(crate) fn take(
+    txn: &mut impl DbTxn,
+    network: ExternalNetworkId,
+  ) -> Option<(Session, Transaction)> {
+    _public_db::Keys::take(txn, network)
  }
 }

@@ -175,20 +191,14 @@ impl Keys {
 pub struct SignedBatches;
 impl SignedBatches {
  /// Send a `SignedBatch` to publish onto Serai.
-  ///
-  /// These will be published sequentially. Out-of-order sending risks hanging the task.
  pub fn send(txn: &mut impl DbTxn, batch: &SignedBatch) {
    _public_db::SignedBatches::send(txn, batch.batch.network, batch);
  }
-  pub(crate) fn try_recv(txn: &mut impl DbTxn, network: NetworkId) -> Option<SignedBatch> {
+  pub(crate) fn try_recv(txn: &mut impl DbTxn, network: ExternalNetworkId) -> Option<SignedBatch> {
    _public_db::SignedBatches::try_recv(txn, network)
  }
 }

-/// The slash report was invalid.
-#[derive(Debug)]
-pub struct InvalidSlashReport;
-
 /// The slash reports to publish onto Serai.
 pub struct SlashReports;
 impl SlashReports {
@@ -196,33 +206,30 @@ impl SlashReports {
  ///
  /// This only saves the most recent slashes as only a single session is eligible to have its
  /// slashes reported at once.
-  ///
-  /// Returns Err if the slashes are invalid. Returns Ok if the slashes weren't detected as
-  /// invalid. Slashes may be considered invalid by the Serai blockchain later even if not detected
-  /// as invalid here.
  pub fn set(
    txn: &mut impl DbTxn,
-    set: ValidatorSet,
-    slashes: Vec<(SeraiAddress, u32)>,
+    set: ExternalValidatorSet,
+    slash_report: SlashReport,
    signature: Signature,
-  ) -> Result<(), InvalidSlashReport> {
+  ) {
    // If we have a more recent slash report, don't write this historic one
    if let Some((existing_session, _)) = _public_db::SlashReports::get(txn, set.network) {
      if existing_session.0 >= set.session.0 {
-        return Ok(());
+        return;
      }
    }

    let tx = serai_client::validator_sets::SeraiValidatorSets::report_slashes(
      set.network,
-      slashes.try_into().map_err(|_| InvalidSlashReport)?,
+      slash_report,
      signature,
    );
-    _public_db::SlashReports::set(txn, set.network, &(set.session, tx.encode()));
-    Ok(())
+    _public_db::SlashReports::set(txn, set.network, &(set.session, tx));
  }
-  pub(crate) fn take(txn: &mut impl DbTxn, network: NetworkId) -> Option<(Session, Transaction)> {
-    let (session, tx) = _public_db::SlashReports::take(txn, network)?;
-    Some((session, <_>::decode(&mut tx.as_slice()).unwrap()))
+  pub(crate) fn take(
+    txn: &mut impl DbTxn,
+    network: ExternalNetworkId,
+  ) -> Option<(Session, Transaction)> {
+    _public_db::SlashReports::take(txn, network)
  }
 }
--- a/coordinator/substrate/src/publish_batch.rs
+++ b/coordinator/substrate/src/publish_batch.rs
@@ -1,31 +1,32 @@
 use core::future::Future;
 use std::sync::Arc;

-use serai_db::{DbTxn, Db};
-
-use serai_client::{primitives::NetworkId, SeraiError, Serai};
+#[rustfmt::skip]
+use serai_client::{primitives::ExternalNetworkId, in_instructions::primitives::SignedBatch, SeraiError, Serai};

+use serai_db::{Get, DbTxn, Db, create_db};
 use serai_task::ContinuallyRan;

 use crate::SignedBatches;

+create_db!(
+  CoordinatorSubstrate {
+    LastPublishedBatch: (network: ExternalNetworkId) -> u32,
+    BatchesToPublish: (network: ExternalNetworkId, batch: u32) -> SignedBatch,
+  }
+);
+
 /// Publish `SignedBatch`s from `SignedBatches` onto Serai.
 pub struct PublishBatchTask<D: Db> {
  db: D,
  serai: Arc<Serai>,
-  network: NetworkId,
+  network: ExternalNetworkId,
 }

 impl<D: Db> PublishBatchTask<D> {
  /// Create a task to publish `SignedBatch`s onto Serai.
-  ///
-  /// Returns None if `network == NetworkId::Serai`.
-  // TODO: ExternalNetworkId
-  pub fn new(db: D, serai: Arc<Serai>, network: NetworkId) -> Option<Self> {
-    if network == NetworkId::Serai {
-      None?
-    };
-    Some(Self { db, serai, network })
+  pub fn new(db: D, serai: Arc<Serai>, network: ExternalNetworkId) -> Self {
+    Self { db, serai, network }
  }
 }

@@ -34,32 +35,52 @@ impl<D: Db> ContinuallyRan for PublishBatchTask<D> {

  fn run_iteration(&mut self) -> impl Send + Future<Output = Result<bool, Self::Error>> {
    async move {
-      let mut made_progress = false;
-
+      // Read from SignedBatches, which is sequential, into our own mapping
      loop {
        let mut txn = self.db.txn();
        let Some(batch) = SignedBatches::try_recv(&mut txn, self.network) else {
-          // No batch to publish at this time
          break;
        };

-        // Publish this Batch if it hasn't already been published
+        // If this is a Batch not yet published, save it into our unordered mapping
+        if LastPublishedBatch::get(&txn, self.network) < Some(batch.batch.id) {
+          BatchesToPublish::set(&mut txn, self.network, batch.batch.id, &batch);
+        }
+
+        txn.commit();
+      }
+
+      // Synchronize our last published batch with the Serai network's
+      let next_to_publish = {
+        // This uses the latest finalized block, not the latest cosigned block, which should be
+        // fine as in the worst case, the only impact is no longer attempting TX publication
        let serai = self.serai.as_of_latest_finalized_block().await?;
        let last_batch = serai.in_instructions().last_batch_for_network(self.network).await?;
-        if last_batch < Some(batch.batch.id) {
-          // This stream of Batches *should* be sequential within the larger context of the Serai
-          // coordinator. In this library, we use a more relaxed definition and don't assert
-          // sequence. This does risk hanging the task, if Batch #n+1 is sent before Batch #n, but
-          // that is a documented fault of the `SignedBatches` API.
+
+        let mut txn = self.db.txn();
+        let mut our_last_batch = LastPublishedBatch::get(&txn, self.network);
+        while our_last_batch < last_batch {
+          let next_batch = our_last_batch.map(|batch| batch + 1).unwrap_or(0);
+          // Clean up the Batch to publish since it's already been published
+          BatchesToPublish::take(&mut txn, self.network, next_batch);
+          our_last_batch = Some(next_batch);
+        }
+        if let Some(last_batch) = our_last_batch {
+          LastPublishedBatch::set(&mut txn, self.network, &last_batch);
+        }
+        last_batch.map(|batch| batch + 1).unwrap_or(0)
+      };
+
+      let made_progress =
+        if let Some(batch) = BatchesToPublish::get(&self.db, self.network, next_to_publish) {
          self
            .serai
            .publish(&serai_client::in_instructions::SeraiInInstructions::execute_batch(batch))
            .await?;
-        }
-
-        txn.commit();
-        made_progress = true;
-      }
+          true
+        } else {
+          false
+        };
      Ok(made_progress)
    }
  }
--- a/coordinator/substrate/src/publish_slash_report.rs
+++ b/coordinator/substrate/src/publish_slash_report.rs
@@ -3,7 +3,7 @@ use std::sync::Arc;

 use serai_db::{DbTxn, Db};

-use serai_client::{primitives::NetworkId, validator_sets::primitives::Session, Serai};
+use serai_client::{primitives::ExternalNetworkId, validator_sets::primitives::Session, Serai};

 use serai_task::ContinuallyRan;

@@ -22,66 +22,78 @@ impl<D: Db> PublishSlashReportTask<D> {
  }
 }

+impl<D: Db> PublishSlashReportTask<D> {
+  // Returns if a slash report was successfully published
+  async fn publish(&mut self, network: ExternalNetworkId) -> Result<bool, String> {
+    let mut txn = self.db.txn();
+    let Some((session, slash_report)) = SlashReports::take(&mut txn, network) else {
+      // No slash report to publish
+      return Ok(false);
+    };
+
+    // This uses the latest finalized block, not the latest cosigned block, which should be
+    // fine as in the worst case, the only impact is no longer attempting TX publication
+    let serai = self.serai.as_of_latest_finalized_block().await.map_err(|e| format!("{e:?}"))?;
+    let serai = serai.validator_sets();
+    let session_after_slash_report = Session(session.0 + 1);
+    let current_session = serai.session(network.into()).await.map_err(|e| format!("{e:?}"))?;
+    let current_session = current_session.map(|session| session.0);
+    // Only attempt to publish the slash report for session #n while session #n+1 is still
+    // active
+    let session_after_slash_report_retired = current_session > Some(session_after_slash_report.0);
+    if session_after_slash_report_retired {
+      // Commit the txn to drain this slash report from the database and not try it again later
+      txn.commit();
+      return Ok(false);
+    }
+
+    if Some(session_after_slash_report.0) != current_session {
+      // We already checked the current session wasn't greater, and they're not equal
+      assert!(current_session < Some(session_after_slash_report.0));
+      // This would mean the Serai node is resyncing and is behind where it prior was
+      Err("have a slash report for a session Serai has yet to retire".to_string())?;
+    }
+
+    // If this session which should publish a slash report already has, move on
+    let key_pending_slash_report =
+      serai.key_pending_slash_report(network).await.map_err(|e| format!("{e:?}"))?;
+    if key_pending_slash_report.is_none() {
+      txn.commit();
+      return Ok(false);
+    };
+
+    match self.serai.publish(&slash_report).await {
+      Ok(()) => {
+        txn.commit();
+        Ok(true)
+      }
+      // This could be specific to this TX (such as an already in mempool error) and it may be
+      // worthwhile to continue iteration with the other pending slash reports. We assume this
+      // error ephemeral and that the latency incurred for this ephemeral error to resolve is
+      // miniscule compared to the window available to publish the slash report. That makes
+      // this a non-issue.
+      Err(e) => Err(format!("couldn't publish slash report transaction: {e:?}")),
+    }
+  }
+}
+
 impl<D: Db> ContinuallyRan for PublishSlashReportTask<D> {
  type Error = String;

  fn run_iteration(&mut self) -> impl Send + Future<Output = Result<bool, Self::Error>> {
    async move {
      let mut made_progress = false;
-      for network in serai_client::primitives::NETWORKS {
-        if network == NetworkId::Serai {
-          continue;
-        };
-
-        let mut txn = self.db.txn();
-        let Some((session, slash_report)) = SlashReports::take(&mut txn, network) else {
-          // No slash report to publish
-          continue;
-        };
-
-        let serai =
-          self.serai.as_of_latest_finalized_block().await.map_err(|e| format!("{e:?}"))?;
-        let serai = serai.validator_sets();
-        let session_after_slash_report = Session(session.0 + 1);
-        let current_session = serai.session(network).await.map_err(|e| format!("{e:?}"))?;
-        let current_session = current_session.map(|session| session.0);
-        // Only attempt to publish the slash report for session #n while session #n+1 is still
-        // active
-        let session_after_slash_report_retired =
-          current_session > Some(session_after_slash_report.0);
-        if session_after_slash_report_retired {
-          // Commit the txn to drain this slash report from the database and not try it again later
-          txn.commit();
-          continue;
-        }
-
-        if Some(session_after_slash_report.0) != current_session {
-          // We already checked the current session wasn't greater, and they're not equal
-          assert!(current_session < Some(session_after_slash_report.0));
-          // This would mean the Serai node is resyncing and is behind where it prior was
-          Err("have a slash report for a session Serai has yet to retire".to_string())?;
-        }
-
-        // If this session which should publish a slash report already has, move on
-        let key_pending_slash_report =
-          serai.key_pending_slash_report(network).await.map_err(|e| format!("{e:?}"))?;
-        if key_pending_slash_report.is_none() {
-          txn.commit();
-          continue;
-        };
-
-        match self.serai.publish(&slash_report).await {
-          Ok(()) => {
-            txn.commit();
-            made_progress = true;
-          }
-          // This could be specific to this TX (such as an already in mempool error) and it may be
-          // worthwhile to continue iteration with the other pending slash reports. We assume this
-          // error ephemeral and that the latency incurred for this ephemeral error to resolve is
-          // miniscule compared to the window available to publish the slash report. That makes
-          // this a non-issue.
-          Err(e) => Err(format!("couldn't publish slash report transaction: {e:?}"))?,
-        }
+      let mut error = None;
+      for network in serai_client::primitives::EXTERNAL_NETWORKS {
+        let network_res = self.publish(network).await;
+        // We made progress if any network successfully published their slash report
+        made_progress |= network_res == Ok(true);
+        // We want to yield the first error *after* attempting for every network
+        error = error.or(network_res.err());
+      }
+      // Yield the error
+      if let Some(error) = error {
+        Err(error)?
      }
      Ok(made_progress)
    }
--- a/coordinator/substrate/src/set_keys.rs
+++ b/coordinator/substrate/src/set_keys.rs
@@ -3,7 +3,7 @@ use std::sync::Arc;

 use serai_db::{DbTxn, Db};

-use serai_client::{primitives::NetworkId, validator_sets::primitives::ValidatorSet, Serai};
+use serai_client::{validator_sets::primitives::ExternalValidatorSet, Serai};

 use serai_task::ContinuallyRan;

@@ -28,21 +28,19 @@ impl<D: Db> ContinuallyRan for SetKeysTask<D> {
  fn run_iteration(&mut self) -> impl Send + Future<Output = Result<bool, Self::Error>> {
    async move {
      let mut made_progress = false;
-      for network in serai_client::primitives::NETWORKS {
-        if network == NetworkId::Serai {
-          continue;
-        };
-
+      for network in serai_client::primitives::EXTERNAL_NETWORKS {
        let mut txn = self.db.txn();
        let Some((session, keys)) = Keys::take(&mut txn, network) else {
          // No keys to set
          continue;
        };

+        // This uses the latest finalized block, not the latest cosigned block, which should be
+        // fine as in the worst case, the only impact is no longer attempting TX publication
        let serai =
          self.serai.as_of_latest_finalized_block().await.map_err(|e| format!("{e:?}"))?;
        let serai = serai.validator_sets();
-        let current_session = serai.session(network).await.map_err(|e| format!("{e:?}"))?;
+        let current_session = serai.session(network.into()).await.map_err(|e| format!("{e:?}"))?;
        let current_session = current_session.map(|session| session.0);
        // Only attempt to set these keys if this isn't a retired session
        if Some(session.0) < current_session {
@@ -60,7 +58,7 @@ impl<D: Db> ContinuallyRan for SetKeysTask<D> {

        // If this session already has had its keys set, move on
        if serai
-          .keys(ValidatorSet { network, session })
+          .keys(ExternalValidatorSet { network, session })
          .await
          .map_err(|e| format!("{e:?}"))?
          .is_some()
--- a/coordinator/tributary-sdk/Cargo.toml
+++ b/coordinator/tributary-sdk/Cargo.toml
@@ -6,7 +6,7 @@ license = "AGPL-3.0-only"
 repository = "https://github.com/serai-dex/serai/tree/develop/coordinator/tributary-sdk"
 authors = ["Luke Parker <lukeparker5132@gmail.com>"]
 edition = "2021"
-rust-version = "1.81"
+rust-version = "1.85"

 [package.metadata.docs.rs]
 all-features = true
@@ -24,18 +24,19 @@ zeroize = { version = "^1.5", default-features = false, features = ["std"] }
 rand = { version = "0.8", default-features = false, features = ["std"] }
 rand_chacha = { version = "0.3", default-features = false, features = ["std"] }

-blake2 = { version = "0.10", default-features = false, features = ["std"] }
+blake2 = { version = "0.11.0-rc.0", default-features = false, features = ["alloc"] }
 transcript = { package = "flexible-transcript", path = "../../crypto/transcript", version = "0.3", default-features = false, features = ["std", "recommended"] }

-ciphersuite = { package = "ciphersuite", path = "../../crypto/ciphersuite", version = "0.4", default-features = false, features = ["std", "ristretto"] }
-schnorr = { package = "schnorr-signatures", path = "../../crypto/schnorr", version = "0.5", default-features = false, features = ["std"] }
+ciphersuite = { path = "../../crypto/ciphersuite", version = "0.4", default-features = false, features = ["std"] }
+dalek-ff-group = { path = "../../crypto/dalek-ff-group", default-features = false, features = ["std"] }
+schnorr = { package = "schnorr-signatures", path = "../../crypto/schnorr", version = "0.5", default-features = false, features = ["std", "aggregate"] }

 hex = { version = "0.4", default-features = false, features = ["std"] }
 log = { version = "0.4", default-features = false, features = ["std"] }

 serai-db = { path = "../../common/db", version = "0.1" }

-scale = { package = "parity-scale-codec", version = "3", default-features = false, features = ["std", "derive"] }
+borsh = { version = "1", default-features = false, features = ["std", "derive", "de_strict_order"] }
 futures-util = { version = "0.3", default-features = false, features = ["std", "sink", "channel"] }
 futures-channel = { version = "0.3", default-features = false, features = ["std", "sink"] }
 tendermint = { package = "tendermint-machine", path = "./tendermint", version = "0.2" }
--- a/coordinator/tributary-sdk/LICENSE
+++ b/coordinator/tributary-sdk/LICENSE
@@ -1,6 +1,6 @@
 AGPL-3.0-only license

-Copyright (c) 2023 Luke Parker
+Copyright (c) 2023-2025 Luke Parker

 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU Affero General Public License Version 3 as
--- a/coordinator/tributary-sdk/src/blockchain.rs
+++ b/coordinator/tributary-sdk/src/blockchain.rs
@@ -1,10 +1,11 @@
 use std::collections::{VecDeque, HashSet};

-use ciphersuite::{group::GroupEncoding, Ciphersuite, Ristretto};
+use dalek_ff_group::Ristretto;
+use ciphersuite::{group::GroupEncoding, *};

 use serai_db::{Get, DbTxn, Db};

-use scale::Decode;
+use borsh::BorshDeserialize;

 use tendermint::ext::{Network, Commit};

@@ -20,7 +21,7 @@ pub(crate) struct Blockchain<D: Db, T: TransactionTrait> {

  block_number: u64,
  tip: [u8; 32],
-  participants: HashSet<<Ristretto as Ciphersuite>::G>,
+  participants: HashSet<[u8; 32]>,

  provided: ProvidedTransactions<D, T>,
  mempool: Mempool<D, T>,
@@ -55,25 +56,28 @@ impl<D: Db, T: TransactionTrait> Blockchain<D, T> {
  }
  fn next_nonce_key(
    genesis: &[u8; 32],
-    signer: &<Ristretto as Ciphersuite>::G,
+    signer: &<Ristretto as WrappedGroup>::G,
    order: &[u8],
  ) -> Vec<u8> {
    D::key(
      b"tributary_blockchain",
      b"next_nonce",
-      [genesis.as_ref(), signer.to_bytes().as_ref(), order].concat(),
+      [genesis.as_slice(), signer.to_bytes().as_slice(), order].concat(),
    )
  }

  pub(crate) fn new(
    db: D,
    genesis: [u8; 32],
-    participants: &[<Ristretto as Ciphersuite>::G],
+    participants: &[<Ristretto as WrappedGroup>::G],
  ) -> Self {
    let mut res = Self {
      db: Some(db.clone()),
      genesis,
-      participants: participants.iter().copied().collect(),
+      participants: participants
+        .iter()
+        .map(<<Ristretto as WrappedGroup>::G as GroupEncoding>::to_bytes)
+        .collect(),

      block_number: 0,
      tip: genesis,
@@ -105,7 +109,7 @@ impl<D: Db, T: TransactionTrait> Blockchain<D, T> {

  pub(crate) fn block_from_db(db: &D, genesis: [u8; 32], block: &[u8; 32]) -> Option<Block<T>> {
    db.get(Self::block_key(&genesis, block))
-      .map(|bytes| Block::<T>::read::<&[u8]>(&mut bytes.as_ref()).unwrap())
+      .map(|bytes| Block::<T>::read::<&[u8]>(&mut bytes.as_slice()).unwrap())
  }

  pub(crate) fn commit_from_db(db: &D, genesis: [u8; 32], block: &[u8; 32]) -> Option<Vec<u8>> {
@@ -165,14 +169,14 @@ impl<D: Db, T: TransactionTrait> Blockchain<D, T> {
      // we must have a commit per valid hash
      let commit = Self::commit_from_db(db, genesis, &hash).unwrap();
      // commit has to be valid if it is coming from our db
-      Some(Commit::<N::SignatureScheme>::decode(&mut commit.as_ref()).unwrap())
+      Some(Commit::<N::SignatureScheme>::deserialize_reader(&mut commit.as_slice()).unwrap())
    };
    let unsigned_in_chain =
      |hash: [u8; 32]| db.get(Self::unsigned_included_key(&self.genesis, &hash)).is_some();

    self.mempool.add::<N, _>(
      |signer, order| {
-        if self.participants.contains(&signer) {
+        if self.participants.contains(&signer.to_bytes()) {
          Some(
            db.get(Self::next_nonce_key(&self.genesis, &signer, &order))
              .map_or(0, |bytes| u32::from_le_bytes(bytes.try_into().unwrap())),
@@ -195,13 +199,13 @@ impl<D: Db, T: TransactionTrait> Blockchain<D, T> {

  pub(crate) fn next_nonce(
    &self,
-    signer: &<Ristretto as Ciphersuite>::G,
+    signer: &<Ristretto as WrappedGroup>::G,
    order: &[u8],
  ) -> Option<u32> {
    if let Some(next_nonce) = self.mempool.next_nonce_in_mempool(signer, order.to_vec()) {
      return Some(next_nonce);
    }
-    if self.participants.contains(signer) {
+    if self.participants.contains(&signer.to_bytes()) {
      Some(
        self
          .db
@@ -240,7 +244,7 @@ impl<D: Db, T: TransactionTrait> Blockchain<D, T> {
    let commit = |block: u64| -> Option<Commit<N::SignatureScheme>> {
      let commit = self.commit_by_block_number(block)?;
      // commit has to be valid if it is coming from our db
-      Some(Commit::<N::SignatureScheme>::decode(&mut commit.as_ref()).unwrap())
+      Some(Commit::<N::SignatureScheme>::deserialize_reader(&mut commit.as_slice()).unwrap())
    };

    let mut txn_db = db.clone();
@@ -250,7 +254,7 @@ impl<D: Db, T: TransactionTrait> Blockchain<D, T> {
      self.tip,
      self.provided.transactions.clone(),
      &mut |signer, order| {
-        if self.participants.contains(signer) {
+        if self.participants.contains(&signer.to_bytes()) {
          let key = Self::next_nonce_key(&self.genesis, signer, order);
          let next = txn
            .get(&key)
--- a/coordinator/tributary-sdk/src/lib.rs
+++ b/coordinator/tributary-sdk/src/lib.rs
@@ -3,9 +3,11 @@ use std::{sync::Arc, io};

 use zeroize::Zeroizing;

-use ciphersuite::{Ciphersuite, Ristretto};
+use borsh::BorshDeserialize;
+
+use ciphersuite::*;
+use dalek_ff_group::Ristretto;

-use scale::Decode;
 use futures_channel::mpsc::UnboundedReceiver;
 use futures_util::{StreamExt, SinkExt};
 use ::tendermint::{
@@ -161,8 +163,8 @@ impl<D: Db, T: TransactionTrait, P: P2p> Tributary<D, T, P> {
    db: D,
    genesis: [u8; 32],
    start_time: u64,
-    key: Zeroizing<<Ristretto as Ciphersuite>::F>,
-    validators: Vec<(<Ristretto as Ciphersuite>::G, u64)>,
+    key: Zeroizing<<Ristretto as WrappedGroup>::F>,
+    validators: Vec<(<Ristretto as WrappedGroup>::G, u64)>,
    p2p: P,
  ) -> Option<Self> {
    log::info!("new Tributary with genesis {}", hex::encode(genesis));
@@ -176,7 +178,7 @@ impl<D: Db, T: TransactionTrait, P: P2p> Tributary<D, T, P> {
    let block_number = BlockNumber(blockchain.block_number());

    let start_time = if let Some(commit) = blockchain.commit(&blockchain.tip()) {
-      Commit::<Validators>::decode(&mut commit.as_ref()).unwrap().end_time
+      Commit::<Validators>::deserialize_reader(&mut commit.as_slice()).unwrap().end_time
    } else {
      start_time
    };
@@ -234,7 +236,7 @@ impl<D: Db, T: TransactionTrait, P: P2p> Tributary<D, T, P> {

  pub async fn next_nonce(
    &self,
-    signer: &<Ristretto as Ciphersuite>::G,
+    signer: &<Ristretto as WrappedGroup>::G,
    order: &[u8],
  ) -> Option<u32> {
    self.network.blockchain.read().await.next_nonce(signer, order)
@@ -275,8 +277,8 @@ impl<D: Db, T: TransactionTrait, P: P2p> Tributary<D, T, P> {
    }

    let block = TendermintBlock(block.serialize());
-    let mut commit_ref = commit.as_ref();
-    let Ok(commit) = Commit::<Arc<Validators>>::decode(&mut commit_ref) else {
+    let mut commit_ref = commit.as_slice();
+    let Ok(commit) = Commit::<Arc<Validators>>::deserialize_reader(&mut commit_ref) else {
      log::error!("sent an invalidly serialized commit");
      return false;
    };
@@ -326,7 +328,7 @@ impl<D: Db, T: TransactionTrait, P: P2p> Tributary<D, T, P> {

      Some(&TENDERMINT_MESSAGE) => {
        let Ok(msg) =
-          SignedMessageFor::<TendermintNetwork<D, T, P>>::decode::<&[u8]>(&mut &msg[1 ..])
+          SignedMessageFor::<TendermintNetwork<D, T, P>>::deserialize_reader(&mut &msg[1 ..])
        else {
          log::error!("received invalid tendermint message");
          return false;
@@ -366,15 +368,17 @@ impl<D: Db, T: TransactionTrait> TributaryReader<D, T> {
    Blockchain::<D, T>::commit_from_db(&self.0, self.1, hash)
  }
  pub fn parsed_commit(&self, hash: &[u8; 32]) -> Option<Commit<Validators>> {
-    self.commit(hash).map(|commit| Commit::<Validators>::decode(&mut commit.as_ref()).unwrap())
+    self
+      .commit(hash)
+      .map(|commit| Commit::<Validators>::deserialize_reader(&mut commit.as_slice()).unwrap())
  }
  pub fn block_after(&self, hash: &[u8; 32]) -> Option<[u8; 32]> {
    Blockchain::<D, T>::block_after(&self.0, self.1, hash)
  }
  pub fn time_of_block(&self, hash: &[u8; 32]) -> Option<u64> {
-    self
-      .commit(hash)
-      .map(|commit| Commit::<Validators>::decode(&mut commit.as_ref()).unwrap().end_time)
+    self.commit(hash).map(|commit| {
+      Commit::<Validators>::deserialize_reader(&mut commit.as_slice()).unwrap().end_time
+    })
  }

  pub fn locally_provided_txs_in_block(&self, hash: &[u8; 32], order: &str) -> bool {
--- a/coordinator/tributary-sdk/src/mempool.rs
+++ b/coordinator/tributary-sdk/src/mempool.rs
@@ -1,6 +1,7 @@
 use std::collections::HashMap;

-use ciphersuite::{Ciphersuite, Ristretto};
+use dalek_ff_group::Ristretto;
+use ciphersuite::{group::GroupEncoding, *};

 use serai_db::{DbTxn, Db};

@@ -20,9 +21,9 @@ pub(crate) struct Mempool<D: Db, T: TransactionTrait> {
  db: D,
  genesis: [u8; 32],

-  last_nonce_in_mempool: HashMap<(<Ristretto as Ciphersuite>::G, Vec<u8>), u32>,
+  last_nonce_in_mempool: HashMap<([u8; 32], Vec<u8>), u32>,
  txs: HashMap<[u8; 32], Transaction<T>>,
-  txs_per_signer: HashMap<<Ristretto as Ciphersuite>::G, u32>,
+  txs_per_signer: HashMap<[u8; 32], u32>,
 }

 impl<D: Db, T: TransactionTrait> Mempool<D, T> {
@@ -81,6 +82,7 @@ impl<D: Db, T: TransactionTrait> Mempool<D, T> {
        }
        Transaction::Application(tx) => match tx.kind() {
          TransactionKind::Signed(order, Signed { signer, nonce, .. }) => {
+            let signer = signer.to_bytes();
            let amount = *res.txs_per_signer.get(&signer).unwrap_or(&0) + 1;
            res.txs_per_signer.insert(signer, amount);

@@ -106,7 +108,7 @@ impl<D: Db, T: TransactionTrait> Mempool<D, T> {
  // Returns Ok(true) if new, Ok(false) if an already present unsigned, or the error.
  pub(crate) fn add<
    N: Network,
-    F: FnOnce(<Ristretto as Ciphersuite>::G, Vec<u8>) -> Option<u32>,
+    F: FnOnce(<Ristretto as WrappedGroup>::G, Vec<u8>) -> Option<u32>,
  >(
    &mut self,
    blockchain_next_nonce: F,
@@ -139,6 +141,8 @@ impl<D: Db, T: TransactionTrait> Mempool<D, T> {
            };
            let mut next_nonce = blockchain_next_nonce;

+            let signer = signer.to_bytes();
+
            if let Some(mempool_last_nonce) =
              self.last_nonce_in_mempool.get(&(signer, order.clone()))
            {
@@ -178,10 +182,10 @@ impl<D: Db, T: TransactionTrait> Mempool<D, T> {
  // Returns None if the mempool doesn't have a nonce tracked.
  pub(crate) fn next_nonce_in_mempool(
    &self,
-    signer: &<Ristretto as Ciphersuite>::G,
+    signer: &<Ristretto as WrappedGroup>::G,
    order: Vec<u8>,
  ) -> Option<u32> {
-    self.last_nonce_in_mempool.get(&(*signer, order)).copied().map(|nonce| nonce + 1)
+    self.last_nonce_in_mempool.get(&(signer.to_bytes(), order)).copied().map(|nonce| nonce + 1)
  }

  /// Get transactions to include in a block.
@@ -242,6 +246,8 @@ impl<D: Db, T: TransactionTrait> Mempool<D, T> {

    if let Some(tx) = self.txs.remove(tx) {
      if let TransactionKind::Signed(order, Signed { signer, nonce, .. }) = tx.kind() {
+        let signer = signer.to_bytes();
+
        let amount = *self.txs_per_signer.get(&signer).unwrap() - 1;
        self.txs_per_signer.insert(signer, amount);

--- a/coordinator/tributary-sdk/src/merkle.rs
+++ b/coordinator/tributary-sdk/src/merkle.rs
@@ -9,7 +9,7 @@ pub(crate) fn merkle(hash_args: &[[u8; 32]]) -> [u8; 32] {
  let zero = [0; 32];
  let mut interim;
  while hashes.len() > 1 {
-    interim = Vec::with_capacity((hashes.len() + 1) / 2);
+    interim = Vec::with_capacity(hashes.len().div_ceil(2));

    let mut i = 0;
    while i < hashes.len() {
--- a/coordinator/tributary-sdk/src/tendermint/mod.rs
+++ b/coordinator/tributary-sdk/src/tendermint/mod.rs
@@ -10,12 +10,10 @@ use rand_chacha::ChaCha12Rng;
 use transcript::{Transcript, RecommendedTranscript};

 use ciphersuite::{
-  group::{
-    GroupEncoding,
-    ff::{Field, PrimeField},
-  },
-  Ciphersuite, Ristretto,
+  group::{ff::PrimeField, GroupEncoding},
+  *,
 };
+use dalek_ff_group::Ristretto;
 use schnorr::{
  SchnorrSignature,
  aggregate::{SchnorrAggregator, SchnorrAggregate},
@@ -23,7 +21,7 @@ use schnorr::{

 use serai_db::Db;

-use scale::{Encode, Decode};
+use borsh::{BorshSerialize, BorshDeserialize};
 use tendermint::{
  SignedMessageFor,
  ext::{
@@ -50,24 +48,26 @@ fn challenge(
  key: [u8; 32],
  nonce: &[u8],
  msg: &[u8],
-) -> <Ristretto as Ciphersuite>::F {
+) -> <Ristretto as WrappedGroup>::F {
  let mut transcript = RecommendedTranscript::new(b"Tributary Chain Tendermint Message");
  transcript.append_message(b"genesis", genesis);
  transcript.append_message(b"key", key);
  transcript.append_message(b"nonce", nonce);
  transcript.append_message(b"message", msg);

-  <Ristretto as Ciphersuite>::F::from_bytes_mod_order_wide(&transcript.challenge(b"schnorr").into())
+  <Ristretto as WrappedGroup>::F::from_bytes_mod_order_wide(
+    &transcript.challenge(b"schnorr").into(),
+  )
 }

 #[derive(Clone, PartialEq, Eq, Debug)]
 pub struct Signer {
  genesis: [u8; 32],
-  key: Zeroizing<<Ristretto as Ciphersuite>::F>,
+  key: Zeroizing<<Ristretto as WrappedGroup>::F>,
 }

 impl Signer {
-  pub(crate) fn new(genesis: [u8; 32], key: Zeroizing<<Ristretto as Ciphersuite>::F>) -> Signer {
+  pub(crate) fn new(genesis: [u8; 32], key: Zeroizing<<Ristretto as WrappedGroup>::F>) -> Signer {
    Signer { genesis, key }
  }
 }
@@ -100,10 +100,10 @@ impl SignerTrait for Signer {
      assert_eq!(nonce_ref, [0; 64].as_ref());

      let nonce =
-        Zeroizing::new(<Ristretto as Ciphersuite>::F::from_bytes_mod_order_wide(&nonce_arr));
+        Zeroizing::new(<Ristretto as WrappedGroup>::F::from_bytes_mod_order_wide(&nonce_arr));
      nonce_arr.zeroize();

-      assert!(!bool::from(nonce.ct_eq(&<Ristretto as Ciphersuite>::F::ZERO)));
+      assert!(!bool::from(nonce.ct_eq(&<Ristretto as WrappedGroup>::F::ZERO)));

      let challenge = challenge(
        self.genesis,
@@ -132,7 +132,7 @@ pub struct Validators {
 impl Validators {
  pub(crate) fn new(
    genesis: [u8; 32],
-    validators: Vec<(<Ristretto as Ciphersuite>::G, u64)>,
+    validators: Vec<(<Ristretto as WrappedGroup>::G, u64)>,
  ) -> Option<Validators> {
    let mut total_weight = 0;
    let mut weights = HashMap::new();
@@ -163,7 +163,6 @@ impl SignatureScheme for Validators {
  type AggregateSignature = Vec<u8>;
  type Signer = Arc<Signer>;

-  #[must_use]
  fn verify(&self, validator: Self::ValidatorId, msg: &[u8], sig: &Self::Signature) -> bool {
    if !self.weights.contains_key(&validator) {
      return false;
@@ -196,7 +195,6 @@ impl SignatureScheme for Validators {
    aggregate.serialize()
  }

-  #[must_use]
  fn verify_aggregate(
    &self,
    signers: &[Self::ValidatorId],
@@ -221,7 +219,7 @@ impl SignatureScheme for Validators {
      signers
        .iter()
        .zip(challenges)
-        .map(|(s, c)| (<Ristretto as Ciphersuite>::read_G(&mut s.as_slice()).unwrap(), c))
+        .map(|(s, c)| (<Ristretto as GroupIo>::read_G(&mut s.as_slice()).unwrap(), c))
        .collect::<Vec<_>>()
        .as_slice(),
    )
@@ -250,7 +248,7 @@ impl Weights for Validators {
  }
 }

-#[derive(Clone, PartialEq, Eq, Debug, Encode, Decode)]
+#[derive(Clone, PartialEq, Eq, Debug, BorshSerialize, BorshDeserialize)]
 pub struct TendermintBlock(pub Vec<u8>);
 impl BlockTrait for TendermintBlock {
  type Id = [u8; 32];
@@ -302,7 +300,7 @@ impl<D: Db, T: TransactionTrait, P: P2p> Network for TendermintNetwork<D, T, P>
  fn broadcast(&mut self, msg: SignedMessageFor<Self>) -> impl Send + Future<Output = ()> {
    async move {
      let mut to_broadcast = vec![TENDERMINT_MESSAGE];
-      to_broadcast.extend(msg.encode());
+      msg.serialize(&mut to_broadcast).unwrap();
      self.p2p.broadcast(self.genesis, to_broadcast).await
    }
  }
@@ -392,7 +390,7 @@ impl<D: Db, T: TransactionTrait, P: P2p> Network for TendermintNetwork<D, T, P>
        return invalid_block();
      };

-      let encoded_commit = commit.encode();
+      let encoded_commit = borsh::to_vec(&commit).unwrap();
      loop {
        let block_res = self.blockchain.write().await.add_block::<Self>(
          &block,
--- a/coordinator/tributary-sdk/src/tendermint/tx.rs
+++ b/coordinator/tributary-sdk/src/tendermint/tx.rs
@@ -1,10 +1,11 @@
 use std::io;

-use scale::{Encode, Decode, IoReader};
+use borsh::BorshDeserialize;

 use blake2::{Digest, Blake2s256};

-use ciphersuite::{Ciphersuite, Ristretto};
+use dalek_ff_group::Ristretto;
+use ciphersuite::*;

 use crate::{
  transaction::{Transaction, TransactionKind, TransactionError},
@@ -26,14 +27,14 @@ pub enum TendermintTx {

 impl ReadWrite for TendermintTx {
  fn read<R: io::Read>(reader: &mut R) -> io::Result<Self> {
-    Evidence::decode(&mut IoReader(reader))
+    Evidence::deserialize_reader(reader)
      .map(TendermintTx::SlashEvidence)
      .map_err(|_| io::Error::new(io::ErrorKind::InvalidData, "invalid evidence format"))
  }

  fn write<W: io::Write>(&self, writer: &mut W) -> io::Result<()> {
    match self {
-      TendermintTx::SlashEvidence(ev) => writer.write_all(&ev.encode()),
+      TendermintTx::SlashEvidence(ev) => writer.write_all(&borsh::to_vec(&ev).unwrap()),
    }
  }
 }
@@ -49,7 +50,7 @@ impl Transaction for TendermintTx {
    Blake2s256::digest(self.serialize()).into()
  }

-  fn sig_hash(&self, _genesis: [u8; 32]) -> <Ristretto as Ciphersuite>::F {
+  fn sig_hash(&self, _genesis: [u8; 32]) -> <Ristretto as WrappedGroup>::F {
    match self {
      TendermintTx::SlashEvidence(_) => panic!("sig_hash called on slash evidence transaction"),
    }
--- a/coordinator/tributary-sdk/src/tests/block.rs
+++ b/coordinator/tributary-sdk/src/tests/block.rs
@@ -1,10 +1,9 @@
 use std::{sync::Arc, io, collections::HashMap, fmt::Debug};

 use blake2::{Digest, Blake2s256};
-use ciphersuite::{
-  group::{ff::Field, Group},
-  Ciphersuite, Ristretto,
-};
+
+use dalek_ff_group::Ristretto;
+use ciphersuite::{group::Group, *};
 use schnorr::SchnorrSignature;

 use serai_db::MemDb;
@@ -30,11 +29,11 @@ impl NonceTransaction {
      nonce,
      distinguisher,
      Signed {
-        signer: <Ristretto as Ciphersuite>::G::identity(),
+        signer: <Ristretto as WrappedGroup>::G::identity(),
        nonce,
        signature: SchnorrSignature::<Ristretto> {
-          R: <Ristretto as Ciphersuite>::G::identity(),
-          s: <Ristretto as Ciphersuite>::F::ZERO,
+          R: <Ristretto as WrappedGroup>::G::identity(),
+          s: <Ristretto as WrappedGroup>::F::ZERO,
        },
      },
    )
--- a/coordinator/tributary-sdk/src/tests/blockchain.rs
+++ b/coordinator/tributary-sdk/src/tests/blockchain.rs
@@ -10,7 +10,8 @@ use rand::rngs::OsRng;

 use blake2::{Digest, Blake2s256};

-use ciphersuite::{group::ff::Field, Ciphersuite, Ristretto};
+use dalek_ff_group::Ristretto;
+use ciphersuite::*;

 use serai_db::{DbTxn, Db, MemDb};

@@ -30,7 +31,7 @@ type N = TendermintNetwork<MemDb, SignedTransaction, DummyP2p>;

 fn new_blockchain<T: TransactionTrait>(
  genesis: [u8; 32],
-  participants: &[<Ristretto as Ciphersuite>::G],
+  participants: &[<Ristretto as WrappedGroup>::G],
 ) -> (MemDb, Blockchain<MemDb, T>) {
  let db = MemDb::new();
  let blockchain = Blockchain::new(db.clone(), genesis, participants);
@@ -81,7 +82,7 @@ fn invalid_block() {
    assert!(blockchain.verify_block::<N>(&block, &validators, false).is_err());
  }

-  let key = Zeroizing::new(<Ristretto as Ciphersuite>::F::random(&mut OsRng));
+  let key = Zeroizing::new(<Ristretto as WrappedGroup>::F::random(&mut OsRng));
  let tx = crate::tests::signed_transaction(&mut OsRng, genesis, &key, 0);

  // Not a participant
@@ -133,7 +134,7 @@ fn invalid_block() {
    blockchain.verify_block::<N>(&block, &validators, false).unwrap();
    match &mut block.transactions[0] {
      Transaction::Application(tx) => {
-        tx.1.signature.s += <Ristretto as Ciphersuite>::F::ONE;
+        tx.1.signature.s += <Ristretto as WrappedGroup>::F::ONE;
      }
      _ => panic!("non-signed tx found"),
    }
@@ -149,7 +150,7 @@ fn invalid_block() {
 fn signed_transaction() {
  let genesis = new_genesis();
  let validators = Arc::new(Validators::new(genesis, vec![]).unwrap());
-  let key = Zeroizing::new(<Ristretto as Ciphersuite>::F::random(&mut OsRng));
+  let key = Zeroizing::new(<Ristretto as WrappedGroup>::F::random(&mut OsRng));
  let tx = crate::tests::signed_transaction(&mut OsRng, genesis, &key, 0);
  let signer = tx.1.signer;

@@ -338,7 +339,7 @@ fn provided_transaction() {
 #[tokio::test]
 async fn tendermint_evidence_tx() {
  let genesis = new_genesis();
-  let key = Zeroizing::new(<Ristretto as Ciphersuite>::F::random(&mut OsRng));
+  let key = Zeroizing::new(<Ristretto as WrappedGroup>::F::random(&mut OsRng));
  let signer = Signer::new(genesis, key.clone());
  let signer_id = Ristretto::generator() * key.deref();
  let validators = Arc::new(Validators::new(genesis, vec![(signer_id, 1)]).unwrap());
@@ -378,7 +379,7 @@ async fn tendermint_evidence_tx() {
  let mut mempool: Vec<Transaction<SignedTransaction>> = vec![];
  let mut signers = vec![];
  for _ in 0 .. 5 {
-    let key = Zeroizing::new(<Ristretto as Ciphersuite>::F::random(&mut OsRng));
+    let key = Zeroizing::new(<Ristretto as WrappedGroup>::F::random(&mut OsRng));
    let signer = Signer::new(genesis, key.clone());
    let signer_id = Ristretto::generator() * key.deref();
    signers.push((signer_id, 1));
@@ -445,7 +446,7 @@ async fn block_tx_ordering() {
  }

  let genesis = new_genesis();
-  let key = Zeroizing::new(<Ristretto as Ciphersuite>::F::random(&mut OsRng));
+  let key = Zeroizing::new(<Ristretto as WrappedGroup>::F::random(&mut OsRng));

  // signer
  let signer = crate::tests::signed_transaction(&mut OsRng, genesis, &key, 0).1.signer;
--- a/coordinator/tributary-sdk/src/tests/mempool.rs
+++ b/coordinator/tributary-sdk/src/tests/mempool.rs
@@ -3,7 +3,8 @@ use std::{sync::Arc, collections::HashMap};
 use zeroize::Zeroizing;
 use rand::{RngCore, rngs::OsRng};

-use ciphersuite::{group::ff::Field, Ciphersuite, Ristretto};
+use dalek_ff_group::Ristretto;
+use ciphersuite::*;

 use tendermint::ext::Commit;

@@ -32,7 +33,7 @@ async fn mempool_addition() {
    Some(Commit::<Arc<Validators>> { end_time: 0, validators: vec![], signature: vec![] })
  };
  let unsigned_in_chain = |_: [u8; 32]| false;
-  let key = Zeroizing::new(<Ristretto as Ciphersuite>::F::random(&mut OsRng));
+  let key = Zeroizing::new(<Ristretto as WrappedGroup>::F::random(&mut OsRng));

  let first_tx = signed_transaction(&mut OsRng, genesis, &key, 0);
  let signer = first_tx.1.signer;
@@ -124,7 +125,7 @@ async fn mempool_addition() {

  // If the mempool doesn't have a nonce for an account, it should successfully use the
  // blockchain's
-  let second_key = Zeroizing::new(<Ristretto as Ciphersuite>::F::random(&mut OsRng));
+  let second_key = Zeroizing::new(<Ristretto as WrappedGroup>::F::random(&mut OsRng));
  let tx = signed_transaction(&mut OsRng, genesis, &second_key, 2);
  let second_signer = tx.1.signer;
  assert_eq!(mempool.next_nonce_in_mempool(&second_signer, vec![]), None);
@@ -164,7 +165,7 @@ fn too_many_mempool() {
    Some(Commit::<Arc<Validators>> { end_time: 0, validators: vec![], signature: vec![] })
  };
  let unsigned_in_chain = |_: [u8; 32]| false;
-  let key = Zeroizing::new(<Ristretto as Ciphersuite>::F::random(&mut OsRng));
+  let key = Zeroizing::new(<Ristretto as WrappedGroup>::F::random(&mut OsRng));

  // We should be able to add transactions up to the limit
  for i in 0 .. ACCOUNT_MEMPOOL_LIMIT {
--- a/coordinator/tributary-sdk/src/tests/transaction/mod.rs
+++ b/coordinator/tributary-sdk/src/tests/transaction/mod.rs
@@ -6,14 +6,10 @@ use rand::{RngCore, CryptoRng, rngs::OsRng};

 use blake2::{Digest, Blake2s256};

-use ciphersuite::{
-  group::{ff::Field, Group},
-  Ciphersuite, Ristretto,
-};
+use dalek_ff_group::Ristretto;
+use ciphersuite::{group::Group, *};
 use schnorr::SchnorrSignature;

-use scale::Encode;
-
 use ::tendermint::{
  ext::{Network, Signer as SignerTrait, SignatureScheme, BlockNumber, RoundNumber},
  SignedMessageFor, DataFor, Message, SignedMessage, Data, Evidence,
@@ -33,11 +29,11 @@ mod tendermint;

 pub fn random_signed<R: RngCore + CryptoRng>(rng: &mut R) -> Signed {
  Signed {
-    signer: <Ristretto as Ciphersuite>::G::random(&mut *rng),
+    signer: <Ristretto as WrappedGroup>::G::random(&mut *rng),
    nonce: u32::try_from(rng.next_u64() >> 32 >> 1).unwrap(),
    signature: SchnorrSignature::<Ristretto> {
-      R: <Ristretto as Ciphersuite>::G::random(&mut *rng),
-      s: <Ristretto as Ciphersuite>::F::random(rng),
+      R: <Ristretto as WrappedGroup>::G::random(&mut *rng),
+      s: <Ristretto as WrappedGroup>::F::random(rng),
    },
  }
 }
@@ -136,18 +132,18 @@ impl Transaction for SignedTransaction {
 pub fn signed_transaction<R: RngCore + CryptoRng>(
  rng: &mut R,
  genesis: [u8; 32],
-  key: &Zeroizing<<Ristretto as Ciphersuite>::F>,
+  key: &Zeroizing<<Ristretto as WrappedGroup>::F>,
  nonce: u32,
 ) -> SignedTransaction {
  let mut data = vec![0; 512];
  rng.fill_bytes(&mut data);

-  let signer = <Ristretto as Ciphersuite>::generator() * **key;
+  let signer = <Ristretto as WrappedGroup>::generator() * **key;

  let mut tx =
    SignedTransaction(data, Signed { signer, nonce, signature: random_signed(rng).signature });

-  let sig_nonce = Zeroizing::new(<Ristretto as Ciphersuite>::F::random(rng));
+  let sig_nonce = Zeroizing::new(<Ristretto as WrappedGroup>::F::random(rng));
  tx.1.signature.R = Ristretto::generator() * sig_nonce.deref();
  tx.1.signature = SchnorrSignature::sign(key, sig_nonce, tx.sig_hash(genesis));

@@ -162,7 +158,7 @@ pub fn random_signed_transaction<R: RngCore + CryptoRng>(
  let mut genesis = [0; 32];
  rng.fill_bytes(&mut genesis);

-  let key = Zeroizing::new(<Ristretto as Ciphersuite>::F::random(&mut *rng));
+  let key = Zeroizing::new(<Ristretto as WrappedGroup>::F::random(&mut *rng));
  // Shift over an additional bit to ensure it won't overflow when incremented
  let nonce = u32::try_from(rng.next_u64() >> 32 >> 1).unwrap();

@@ -179,12 +175,11 @@ pub async fn tendermint_meta() -> ([u8; 32], Signer, [u8; 32], Arc<Validators>)
  // signer
  let genesis = new_genesis();
  let signer =
-    Signer::new(genesis, Zeroizing::new(<Ristretto as Ciphersuite>::F::random(&mut OsRng)));
+    Signer::new(genesis, Zeroizing::new(<Ristretto as WrappedGroup>::F::random(&mut OsRng)));
  let validator_id = signer.validator_id().await.unwrap();

  // schema
-  let signer_pub =
-    <Ristretto as Ciphersuite>::read_G::<&[u8]>(&mut validator_id.as_slice()).unwrap();
+  let signer_pub = <Ristretto as GroupIo>::read_G::<&[u8]>(&mut validator_id.as_slice()).unwrap();
  let validators = Arc::new(Validators::new(genesis, vec![(signer_pub, 1)]).unwrap());

  (genesis, signer, validator_id, validators)
@@ -203,7 +198,7 @@ pub async fn signed_from_data<N: Network>(
    round: RoundNumber(round_number),
    data,
  };
-  let sig = signer.sign(&msg.encode()).await;
+  let sig = signer.sign(&borsh::to_vec(&msg).unwrap()).await;
  SignedMessage { msg, sig }
 }

@@ -216,5 +211,5 @@ pub async fn random_evidence_tx<N: Network>(
  let data = Data::Proposal(Some(RoundNumber(0)), b);
  let signer_id = signer.validator_id().await.unwrap();
  let signed = signed_from_data::<N>(signer, signer_id, 0, 0, data).await;
-  TendermintTx::SlashEvidence(Evidence::InvalidValidRound(signed.encode()))
+  TendermintTx::SlashEvidence(Evidence::InvalidValidRound(borsh::to_vec(&signed).unwrap()))
 }
--- a/coordinator/tributary-sdk/src/tests/transaction/signed.rs
+++ b/coordinator/tributary-sdk/src/tests/transaction/signed.rs
@@ -2,7 +2,8 @@ use rand::rngs::OsRng;

 use blake2::{Digest, Blake2s256};

-use ciphersuite::{group::ff::Field, Ciphersuite, Ristretto};
+use dalek_ff_group::Ristretto;
+use ciphersuite::*;

 use crate::{
  ReadWrite,
@@ -68,7 +69,7 @@ fn signed_transaction() {
  }
  {
    let mut tx = tx.clone();
-    tx.1.signature.s += <Ristretto as Ciphersuite>::F::ONE;
+    tx.1.signature.s += <Ristretto as WrappedGroup>::F::ONE;
    assert!(verify_transaction(&tx, genesis, &mut |_, _| Some(tx.1.nonce)).is_err());
  }

--- a/coordinator/tributary-sdk/src/tests/transaction/tendermint.rs
+++ b/coordinator/tributary-sdk/src/tests/transaction/tendermint.rs
@@ -3,9 +3,8 @@ use std::sync::Arc;
 use zeroize::Zeroizing;
 use rand::{RngCore, rngs::OsRng};

-use ciphersuite::{Ristretto, Ciphersuite, group::ff::Field};
-
-use scale::Encode;
+use dalek_ff_group::Ristretto;
+use ciphersuite::*;

 use tendermint::{
  time::CanonicalInstant,
@@ -51,7 +50,10 @@ async fn invalid_valid_round() {
    async move {
      let data = Data::Proposal(valid_round, TendermintBlock(vec![]));
      let signed = signed_from_data::<N>(signer.clone().into(), signer_id, 0, 0, data).await;
-      (signed.clone(), TendermintTx::SlashEvidence(Evidence::InvalidValidRound(signed.encode())))
+      (
+        signed.clone(),
+        TendermintTx::SlashEvidence(Evidence::InvalidValidRound(borsh::to_vec(&signed).unwrap())),
+      )
    }
  };

@@ -69,7 +71,8 @@ async fn invalid_valid_round() {
  let mut random_sig = [0u8; 64];
  OsRng.fill_bytes(&mut random_sig);
  signed.sig = random_sig;
-  let tx = TendermintTx::SlashEvidence(Evidence::InvalidValidRound(signed.encode()));
+  let tx =
+    TendermintTx::SlashEvidence(Evidence::InvalidValidRound(borsh::to_vec(&signed).unwrap()));

  // should fail
  assert!(verify_tendermint_tx::<N>(&tx, &validators, commit).is_err());
@@ -89,7 +92,10 @@ async fn invalid_precommit_signature() {
      let signed =
        signed_from_data::<N>(signer.clone().into(), signer_id, 1, 0, Data::Precommit(precommit))
          .await;
-      (signed.clone(), TendermintTx::SlashEvidence(Evidence::InvalidPrecommit(signed.encode())))
+      (
+        signed.clone(),
+        TendermintTx::SlashEvidence(Evidence::InvalidPrecommit(borsh::to_vec(&signed).unwrap())),
+      )
    }
  };

@@ -119,7 +125,8 @@ async fn invalid_precommit_signature() {
    let mut random_sig = [0u8; 64];
    OsRng.fill_bytes(&mut random_sig);
    signed.sig = random_sig;
-    let tx = TendermintTx::SlashEvidence(Evidence::InvalidPrecommit(signed.encode()));
+    let tx =
+      TendermintTx::SlashEvidence(Evidence::InvalidPrecommit(borsh::to_vec(&signed).unwrap()));
    assert!(verify_tendermint_tx::<N>(&tx, &validators, commit).is_err());
  }
 }
@@ -137,24 +144,32 @@ async fn evidence_with_prevote() {
      // it should fail for all reasons.
      let mut txs = vec![];
      txs.push(TendermintTx::SlashEvidence(Evidence::InvalidPrecommit(
-        signed_from_data::<N>(signer.clone().into(), signer_id, 0, 0, Data::Prevote(block_id))
-          .await
-          .encode(),
+        borsh::to_vec(
+          &&signed_from_data::<N>(signer.clone().into(), signer_id, 0, 0, Data::Prevote(block_id))
+            .await,
+        )
+        .unwrap(),
      )));
      txs.push(TendermintTx::SlashEvidence(Evidence::InvalidValidRound(
-        signed_from_data::<N>(signer.clone().into(), signer_id, 0, 0, Data::Prevote(block_id))
-          .await
-          .encode(),
+        borsh::to_vec(
+          &signed_from_data::<N>(signer.clone().into(), signer_id, 0, 0, Data::Prevote(block_id))
+            .await,
+        )
+        .unwrap(),
      )));
      // Since these require a second message, provide this one again
      // ConflictingMessages can be fired for actually conflicting Prevotes however
      txs.push(TendermintTx::SlashEvidence(Evidence::ConflictingMessages(
-        signed_from_data::<N>(signer.clone().into(), signer_id, 0, 0, Data::Prevote(block_id))
-          .await
-          .encode(),
-        signed_from_data::<N>(signer.clone().into(), signer_id, 0, 0, Data::Prevote(block_id))
-          .await
-          .encode(),
+        borsh::to_vec(
+          &signed_from_data::<N>(signer.clone().into(), signer_id, 0, 0, Data::Prevote(block_id))
+            .await,
+        )
+        .unwrap(),
+        borsh::to_vec(
+          &signed_from_data::<N>(signer.clone().into(), signer_id, 0, 0, Data::Prevote(block_id))
+            .await,
+        )
+        .unwrap(),
      )));
      txs
    }
@@ -188,16 +203,16 @@ async fn conflicting_msgs_evidence_tx() {
    // non-conflicting data should fail
    let signed_1 = signed_for_b_r(0, 0, Data::Proposal(None, TendermintBlock(vec![0x11]))).await;
    let tx = TendermintTx::SlashEvidence(Evidence::ConflictingMessages(
-      signed_1.encode(),
-      signed_1.encode(),
+      borsh::to_vec(&signed_1).unwrap(),
+      borsh::to_vec(&signed_1).unwrap(),
    ));
    assert!(verify_tendermint_tx::<N>(&tx, &validators, commit).is_err());

    // conflicting data should pass
    let signed_2 = signed_for_b_r(0, 0, Data::Proposal(None, TendermintBlock(vec![0x22]))).await;
    let tx = TendermintTx::SlashEvidence(Evidence::ConflictingMessages(
-      signed_1.encode(),
-      signed_2.encode(),
+      borsh::to_vec(&signed_1).unwrap(),
+      borsh::to_vec(&signed_2).unwrap(),
    ));
    verify_tendermint_tx::<N>(&tx, &validators, commit).unwrap();

@@ -205,16 +220,16 @@ async fn conflicting_msgs_evidence_tx() {
    // (except for Precommit)
    let signed_2 = signed_for_b_r(0, 1, Data::Proposal(None, TendermintBlock(vec![0x22]))).await;
    let tx = TendermintTx::SlashEvidence(Evidence::ConflictingMessages(
-      signed_1.encode(),
-      signed_2.encode(),
+      borsh::to_vec(&signed_1).unwrap(),
+      borsh::to_vec(&signed_2).unwrap(),
    ));
    verify_tendermint_tx::<N>(&tx, &validators, commit).unwrap_err();

    // Proposals for different block numbers should also fail as evidence
    let signed_2 = signed_for_b_r(1, 0, Data::Proposal(None, TendermintBlock(vec![0x22]))).await;
    let tx = TendermintTx::SlashEvidence(Evidence::ConflictingMessages(
-      signed_1.encode(),
-      signed_2.encode(),
+      borsh::to_vec(&signed_1).unwrap(),
+      borsh::to_vec(&signed_2).unwrap(),
    ));
    verify_tendermint_tx::<N>(&tx, &validators, commit).unwrap_err();
  }
@@ -224,16 +239,16 @@ async fn conflicting_msgs_evidence_tx() {
    // non-conflicting data should fail
    let signed_1 = signed_for_b_r(0, 0, Data::Prevote(Some([0x11; 32]))).await;
    let tx = TendermintTx::SlashEvidence(Evidence::ConflictingMessages(
-      signed_1.encode(),
-      signed_1.encode(),
+      borsh::to_vec(&signed_1).unwrap(),
+      borsh::to_vec(&signed_1).unwrap(),
    ));
    assert!(verify_tendermint_tx::<N>(&tx, &validators, commit).is_err());

    // conflicting data should pass
    let signed_2 = signed_for_b_r(0, 0, Data::Prevote(Some([0x22; 32]))).await;
    let tx = TendermintTx::SlashEvidence(Evidence::ConflictingMessages(
-      signed_1.encode(),
-      signed_2.encode(),
+      borsh::to_vec(&signed_1).unwrap(),
+      borsh::to_vec(&signed_2).unwrap(),
    ));
    verify_tendermint_tx::<N>(&tx, &validators, commit).unwrap();

@@ -241,16 +256,16 @@ async fn conflicting_msgs_evidence_tx() {
    // (except for Precommit)
    let signed_2 = signed_for_b_r(0, 1, Data::Prevote(Some([0x22; 32]))).await;
    let tx = TendermintTx::SlashEvidence(Evidence::ConflictingMessages(
-      signed_1.encode(),
-      signed_2.encode(),
+      borsh::to_vec(&signed_1).unwrap(),
+      borsh::to_vec(&signed_2).unwrap(),
    ));
    verify_tendermint_tx::<N>(&tx, &validators, commit).unwrap_err();

    // Proposals for different block numbers should also fail as evidence
    let signed_2 = signed_for_b_r(1, 0, Data::Prevote(Some([0x22; 32]))).await;
    let tx = TendermintTx::SlashEvidence(Evidence::ConflictingMessages(
-      signed_1.encode(),
-      signed_2.encode(),
+      borsh::to_vec(&signed_1).unwrap(),
+      borsh::to_vec(&signed_2).unwrap(),
    ));
    verify_tendermint_tx::<N>(&tx, &validators, commit).unwrap_err();
  }
@@ -260,7 +275,7 @@ async fn conflicting_msgs_evidence_tx() {
    let signed_1 = signed_for_b_r(0, 0, Data::Proposal(None, TendermintBlock(vec![0x11]))).await;

    let signer_2 =
-      Signer::new(genesis, Zeroizing::new(<Ristretto as Ciphersuite>::F::random(&mut OsRng)));
+      Signer::new(genesis, Zeroizing::new(<Ristretto as WrappedGroup>::F::random(&mut OsRng)));
    let signed_id_2 = signer_2.validator_id().await.unwrap();
    let signed_2 = signed_from_data::<N>(
      signer_2.into(),
@@ -272,15 +287,14 @@ async fn conflicting_msgs_evidence_tx() {
    .await;

    let tx = TendermintTx::SlashEvidence(Evidence::ConflictingMessages(
-      signed_1.encode(),
-      signed_2.encode(),
+      borsh::to_vec(&signed_1).unwrap(),
+      borsh::to_vec(&signed_2).unwrap(),
    ));

    // update schema so that we don't fail due to invalid signature
-    let signer_pub =
-      <Ristretto as Ciphersuite>::read_G::<&[u8]>(&mut signer_id.as_slice()).unwrap();
+    let signer_pub = <Ristretto as GroupIo>::read_G::<&[u8]>(&mut signer_id.as_slice()).unwrap();
    let signer_pub_2 =
-      <Ristretto as Ciphersuite>::read_G::<&[u8]>(&mut signed_id_2.as_slice()).unwrap();
+      <Ristretto as GroupIo>::read_G::<&[u8]>(&mut signed_id_2.as_slice()).unwrap();
    let validators =
      Arc::new(Validators::new(genesis, vec![(signer_pub, 1), (signer_pub_2, 1)]).unwrap());

@@ -292,8 +306,8 @@ async fn conflicting_msgs_evidence_tx() {
    let signed_1 = signed_for_b_r(0, 0, Data::Proposal(None, TendermintBlock(vec![]))).await;
    let signed_2 = signed_for_b_r(0, 0, Data::Prevote(None)).await;
    let tx = TendermintTx::SlashEvidence(Evidence::ConflictingMessages(
-      signed_1.encode(),
-      signed_2.encode(),
+      borsh::to_vec(&signed_1).unwrap(),
+      borsh::to_vec(&signed_2).unwrap(),
    ));
    assert!(verify_tendermint_tx::<N>(&tx, &validators, commit).is_err());
  }
--- a/coordinator/tributary-sdk/src/transaction.rs
+++ b/coordinator/tributary-sdk/src/transaction.rs
@@ -8,8 +8,9 @@ use blake2::{Digest, Blake2b512};

 use ciphersuite::{
  group::{Group, GroupEncoding},
-  Ciphersuite, Ristretto,
+  *,
 };
+use dalek_ff_group::Ristretto;
 use schnorr::SchnorrSignature;

 use crate::{TRANSACTION_SIZE_LIMIT, ReadWrite};
@@ -42,7 +43,7 @@ pub enum TransactionError {
 /// Data for a signed transaction.
 #[derive(Clone, PartialEq, Eq, Debug)]
 pub struct Signed {
-  pub signer: <Ristretto as Ciphersuite>::G,
+  pub signer: <Ristretto as WrappedGroup>::G,
  pub nonce: u32,
  pub signature: SchnorrSignature<Ristretto>,
 }
@@ -159,10 +160,10 @@ pub trait Transaction: 'static + Send + Sync + Clone + Eq + Debug + ReadWrite {
  /// Do not override this unless you know what you're doing.
  ///
  /// Panics if called on non-signed transactions.
-  fn sig_hash(&self, genesis: [u8; 32]) -> <Ristretto as Ciphersuite>::F {
+  fn sig_hash(&self, genesis: [u8; 32]) -> <Ristretto as WrappedGroup>::F {
    match self.kind() {
      TransactionKind::Signed(order, Signed { signature, .. }) => {
-        <Ristretto as Ciphersuite>::F::from_bytes_mod_order_wide(
+        <Ristretto as WrappedGroup>::F::from_bytes_mod_order_wide(
          &Blake2b512::digest(
            [
              b"Tributary Signed Transaction",
@@ -181,8 +182,8 @@ pub trait Transaction: 'static + Send + Sync + Clone + Eq + Debug + ReadWrite {
  }
 }

-pub trait GAIN: FnMut(&<Ristretto as Ciphersuite>::G, &[u8]) -> Option<u32> {}
-impl<F: FnMut(&<Ristretto as Ciphersuite>::G, &[u8]) -> Option<u32>> GAIN for F {}
+pub trait GAIN: FnMut(&<Ristretto as WrappedGroup>::G, &[u8]) -> Option<u32> {}
+impl<F: FnMut(&<Ristretto as WrappedGroup>::G, &[u8]) -> Option<u32>> GAIN for F {}

 pub(crate) fn verify_transaction<F: GAIN, T: Transaction>(
  tx: &T,
--- a/coordinator/tributary-sdk/tendermint/Cargo.toml
+++ b/coordinator/tributary-sdk/tendermint/Cargo.toml
@@ -6,7 +6,7 @@ license = "MIT"
 repository = "https://github.com/serai-dex/serai/tree/develop/coordinator/tendermint"
 authors = ["Luke Parker <lukeparker5132@gmail.com>"]
 edition = "2021"
-rust-version = "1.81"
+rust-version = "1.75"

 [package.metadata.docs.rs]
 all-features = true
@@ -21,7 +21,7 @@ thiserror = { version = "2", default-features = false, features = ["std"] }
 hex = { version = "0.4", default-features = false, features = ["std"] }
 log = { version = "0.4", default-features = false, features = ["std"] }

-parity-scale-codec = { version = "3", default-features = false, features = ["std", "derive"] }
+borsh = { version = "1", default-features = false, features = ["std", "derive", "de_strict_order"] }

 futures-util = { version = "0.3", default-features = false, features = ["std", "async-await-macro", "sink", "channel"] }
 futures-channel = { version = "0.3", default-features = false, features = ["std", "sink"] }
--- a/coordinator/tributary-sdk/tendermint/LICENSE
+++ b/coordinator/tributary-sdk/tendermint/LICENSE
@@ -1,6 +1,6 @@
 MIT License

-Copyright (c) 2022-2023 Luke Parker
+Copyright (c) 2022-2025 Luke Parker

 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
--- a/coordinator/tributary-sdk/tendermint/src/ext.rs
+++ b/coordinator/tributary-sdk/tendermint/src/ext.rs
@@ -3,33 +3,41 @@ use std::{sync::Arc, collections::HashSet};

 use thiserror::Error;

-use parity_scale_codec::{Encode, Decode};
+use borsh::{BorshSerialize, BorshDeserialize};

 use crate::{SignedMessageFor, SlashEvent, commit_msg};

 /// An alias for a series of traits required for a type to be usable as a validator ID,
 /// automatically implemented for all types satisfying those traits.
 pub trait ValidatorId:
-  Send + Sync + Clone + Copy + PartialEq + Eq + Hash + Debug + Encode + Decode
+  Send + Sync + Clone + Copy + PartialEq + Eq + Hash + Debug + BorshSerialize + BorshDeserialize
 {
 }
-impl<V: Send + Sync + Clone + Copy + PartialEq + Eq + Hash + Debug + Encode + Decode> ValidatorId
-  for V
+#[rustfmt::skip]
+impl<
+    V: Send + Sync + Clone + Copy + PartialEq + Eq + Hash + Debug + BorshSerialize + BorshDeserialize,
+  > ValidatorId for V
 {
 }

 /// An alias for a series of traits required for a type to be usable as a signature,
 /// automatically implemented for all types satisfying those traits.
-pub trait Signature: Send + Sync + Clone + PartialEq + Eq + Debug + Encode + Decode {}
-impl<S: Send + Sync + Clone + PartialEq + Eq + Debug + Encode + Decode> Signature for S {}
+pub trait Signature:
+  Send + Sync + Clone + PartialEq + Eq + Debug + BorshSerialize + BorshDeserialize
+{
+}
+impl<S: Send + Sync + Clone + PartialEq + Eq + Debug + BorshSerialize + BorshDeserialize> Signature
+  for S
+{
+}

 // Type aliases which are distinct according to the type system

 /// A struct containing a Block Number, wrapped to have a distinct type.
-#[derive(Clone, Copy, PartialEq, Eq, Hash, Debug, Encode, Decode)]
+#[derive(Clone, Copy, PartialEq, Eq, Hash, Debug, BorshSerialize, BorshDeserialize)]
 pub struct BlockNumber(pub u64);
 /// A struct containing a round number, wrapped to have a distinct type.
-#[derive(Clone, Copy, PartialEq, Eq, Hash, Debug, Encode, Decode)]
+#[derive(Clone, Copy, PartialEq, Eq, Hash, Debug, BorshSerialize, BorshDeserialize)]
 pub struct RoundNumber(pub u32);

 /// A signer for a validator.
@@ -114,7 +122,6 @@ impl<S: SignatureScheme> SignatureScheme for Arc<S> {
    self.as_ref().aggregate(validators, msg, sigs)
  }

-  #[must_use]
  fn verify_aggregate(
    &self,
    signers: &[Self::ValidatorId],
@@ -128,7 +135,7 @@ impl<S: SignatureScheme> SignatureScheme for Arc<S> {
 /// A commit for a specific block.
 ///
 /// The list of validators have weight exceeding the threshold for a valid commit.
-#[derive(PartialEq, Debug, Encode, Decode)]
+#[derive(PartialEq, Debug, BorshSerialize, BorshDeserialize)]
 pub struct Commit<S: SignatureScheme> {
  /// End time of the round which created this commit, used as the start time of the next block.
  pub end_time: u64,
@@ -186,7 +193,7 @@ impl<W: Weights> Weights for Arc<W> {
 }

 /// Simplified error enum representing a block's validity.
-#[derive(Clone, Copy, PartialEq, Eq, Debug, Error, Encode, Decode)]
+#[derive(Clone, Copy, PartialEq, Eq, Debug, Error, BorshSerialize, BorshDeserialize)]
 pub enum BlockError {
  /// Malformed block which is wholly invalid.
  #[error("invalid block")]
@@ -198,9 +205,20 @@ pub enum BlockError {
 }

 /// Trait representing a Block.
-pub trait Block: Send + Sync + Clone + PartialEq + Eq + Debug + Encode + Decode {
+pub trait Block:
+  Send + Sync + Clone + PartialEq + Eq + Debug + BorshSerialize + BorshDeserialize
+{
  // Type used to identify blocks. Presumably a cryptographic hash of the block.
-  type Id: Send + Sync + Copy + Clone + PartialEq + Eq + AsRef<[u8]> + Debug + Encode + Decode;
+  type Id: Send
+    + Sync
+    + Copy
+    + Clone
+    + PartialEq
+    + Eq
+    + AsRef<[u8]>
+    + Debug
+    + BorshSerialize
+    + BorshDeserialize;

  /// Return the deterministic, unique ID for this block.
  fn id(&self) -> Self::Id;
--- a/coordinator/tributary-sdk/tendermint/src/lib.rs
+++ b/coordinator/tributary-sdk/tendermint/src/lib.rs
@@ -6,7 +6,7 @@ use std::{
  collections::{VecDeque, HashMap},
 };

-use parity_scale_codec::{Encode, Decode, IoReader};
+use borsh::{BorshSerialize, BorshDeserialize};

 use futures_channel::mpsc;
 use futures_util::{
@@ -41,14 +41,14 @@ pub fn commit_msg(end_time: u64, id: &[u8]) -> Vec<u8> {
  [&end_time.to_le_bytes(), id].concat()
 }

-#[derive(Clone, Copy, PartialEq, Eq, Hash, Debug, Encode, Decode)]
+#[derive(Clone, Copy, PartialEq, Eq, Hash, Debug, BorshSerialize, BorshDeserialize)]
 pub enum Step {
  Propose,
  Prevote,
  Precommit,
 }

-#[derive(Clone, Eq, Debug, Encode, Decode)]
+#[derive(Clone, Eq, Debug, BorshSerialize, BorshDeserialize)]
 pub enum Data<B: Block, S: Signature> {
  Proposal(Option<RoundNumber>, B),
  Prevote(Option<B::Id>),
@@ -90,7 +90,7 @@ impl<B: Block, S: Signature> Data<B, S> {
  }
 }

-#[derive(Clone, PartialEq, Eq, Debug, Encode, Decode)]
+#[derive(Clone, PartialEq, Eq, Debug, BorshSerialize, BorshDeserialize)]
 pub struct Message<V: ValidatorId, B: Block, S: Signature> {
  pub sender: V,
  pub block: BlockNumber,
@@ -100,7 +100,7 @@ pub struct Message<V: ValidatorId, B: Block, S: Signature> {
 }

 /// A signed Tendermint consensus message to be broadcast to the other validators.
-#[derive(Clone, PartialEq, Eq, Debug, Encode, Decode)]
+#[derive(Clone, PartialEq, Eq, Debug, BorshSerialize, BorshDeserialize)]
 pub struct SignedMessage<V: ValidatorId, B: Block, S: Signature> {
  pub msg: Message<V, B, S>,
  pub sig: S,
@@ -117,18 +117,18 @@ impl<V: ValidatorId, B: Block, S: Signature> SignedMessage<V, B, S> {
    &self,
    signer: &Scheme,
  ) -> bool {
-    signer.verify(self.msg.sender, &self.msg.encode(), &self.sig)
+    signer.verify(self.msg.sender, &borsh::to_vec(&self.msg).unwrap(), &self.sig)
  }
 }

-#[derive(Clone, Copy, PartialEq, Eq, Debug, Encode, Decode)]
+#[derive(Clone, Copy, PartialEq, Eq, Debug, BorshSerialize, BorshDeserialize)]
 pub enum SlashReason {
  FailToPropose,
  InvalidBlock,
  InvalidProposer,
 }

-#[derive(Clone, PartialEq, Eq, Debug, Encode, Decode)]
+#[derive(Clone, PartialEq, Eq, Debug, BorshSerialize, BorshDeserialize)]
 pub enum Evidence {
  ConflictingMessages(Vec<u8>, Vec<u8>),
  InvalidPrecommit(Vec<u8>),
@@ -159,7 +159,7 @@ pub type SignedMessageFor<N> = SignedMessage<
 >;

 pub fn decode_signed_message<N: Network>(mut data: &[u8]) -> Option<SignedMessageFor<N>> {
-  SignedMessageFor::<N>::decode(&mut data).ok()
+  SignedMessageFor::<N>::deserialize_reader(&mut data).ok()
 }

 fn decode_and_verify_signed_message<N: Network>(
@@ -339,7 +339,7 @@ impl<N: Network + 'static> TendermintMachine<N> {
      target: "tendermint",
      "proposer for block {}, round {round:?} was {} (me: {res})",
      self.block.number.0,
-      hex::encode(proposer.encode()),
+      hex::encode(borsh::to_vec(&proposer).unwrap()),
    );
    res
  }
@@ -420,7 +420,11 @@ impl<N: Network + 'static> TendermintMachine<N> {
    // TODO: If the new slash event has evidence, emit to prevent a low-importance slash from
    // cancelling emission of high-importance slashes
    if !self.block.slashes.contains(&validator) {
-      log::info!(target: "tendermint", "Slashing validator {}", hex::encode(validator.encode()));
+      log::info!(
+        target: "tendermint",
+        "Slashing validator {}",
+        hex::encode(borsh::to_vec(&validator).unwrap()),
+      );
      self.block.slashes.insert(validator);
      self.network.slash(validator, slash_event).await;
    }
@@ -670,7 +674,7 @@ impl<N: Network + 'static> TendermintMachine<N> {
          self
            .slash(
              msg.sender,
-              SlashEvent::WithEvidence(Evidence::InvalidPrecommit(signed.encode())),
+              SlashEvent::WithEvidence(Evidence::InvalidPrecommit(borsh::to_vec(&signed).unwrap())),
            )
            .await;
          Err(TendermintError::Malicious)?;
@@ -741,7 +745,10 @@ impl<N: Network + 'static> TendermintMachine<N> {
          self.broadcast(Data::Prevote(None));
        }
        self
-          .slash(msg.sender, SlashEvent::WithEvidence(Evidence::InvalidValidRound(msg.encode())))
+          .slash(
+            msg.sender,
+            SlashEvent::WithEvidence(Evidence::InvalidValidRound(borsh::to_vec(&msg).unwrap())),
+          )
          .await;
        Err(TendermintError::Malicious)?;
      }
@@ -1032,7 +1039,7 @@ impl<N: Network + 'static> TendermintMachine<N> {

          while !messages.is_empty() {
            self.network.broadcast(
-              SignedMessageFor::<N>::decode(&mut IoReader(&mut messages))
+              SignedMessageFor::<N>::deserialize_reader(&mut messages)
                .expect("saved invalid message to DB")
            ).await;
          }
@@ -1057,7 +1064,7 @@ impl<N: Network + 'static> TendermintMachine<N> {
      } {
        if our_message {
          assert!(sig.is_none());
-          sig = Some(self.signer.sign(&msg.encode()).await);
+          sig = Some(self.signer.sign(&borsh::to_vec(&msg).unwrap()).await);
        }
        let sig = sig.unwrap();

@@ -1077,7 +1084,7 @@ impl<N: Network + 'static> TendermintMachine<N> {
          let message_tape_key = message_tape_key(self.genesis);
          let mut txn = self.db.txn();
          let mut message_tape = txn.get(&message_tape_key).unwrap_or(vec![]);
-          message_tape.extend(signed_msg.encode());
+          signed_msg.serialize(&mut message_tape).unwrap();
          txn.put(&message_tape_key, message_tape);
          txn.commit();
        }
--- a/coordinator/tributary-sdk/tendermint/src/message_log.rs
+++ b/coordinator/tributary-sdk/tendermint/src/message_log.rs
@@ -1,7 +1,5 @@
 use std::{sync::Arc, collections::HashMap};

-use parity_scale_codec::Encode;
-
 use crate::{ext::*, RoundNumber, Step, DataFor, SignedMessageFor, Evidence};

 type RoundLog<N> = HashMap<<N as Network>::ValidatorId, HashMap<Step, SignedMessageFor<N>>>;
@@ -39,7 +37,10 @@ impl<N: Network> MessageLog<N> {
          target: "tendermint",
          "Validator sent multiple messages for the same block + round + step"
        );
-        Err(Evidence::ConflictingMessages(existing.encode(), signed.encode()))?;
+        Err(Evidence::ConflictingMessages(
+          borsh::to_vec(&existing).unwrap(),
+          borsh::to_vec(&signed).unwrap(),
+        ))?;
      }
      return Ok(false);
    }
--- a/coordinator/tributary-sdk/tendermint/tests/ext.rs
+++ b/coordinator/tributary-sdk/tendermint/tests/ext.rs
@@ -4,7 +4,7 @@ use std::{
  time::{UNIX_EPOCH, SystemTime, Duration},
 };

-use parity_scale_codec::{Encode, Decode};
+use borsh::{BorshSerialize, BorshDeserialize};

 use futures_util::sink::SinkExt;
 use tokio::{sync::RwLock, time::sleep};
@@ -46,7 +46,6 @@ impl SignatureScheme for TestSignatureScheme {
  type AggregateSignature = Vec<[u8; 32]>;
  type Signer = TestSigner;

-  #[must_use]
  fn verify(&self, validator: u16, msg: &[u8], sig: &[u8; 32]) -> bool {
    (sig[.. 2] == validator.to_le_bytes()) && (sig[2 ..] == [msg, &[0; 30]].concat()[.. 30])
  }
@@ -60,7 +59,6 @@ impl SignatureScheme for TestSignatureScheme {
    sigs.to_vec()
  }

-  #[must_use]
  fn verify_aggregate(
    &self,
    signers: &[TestValidatorId],
@@ -91,7 +89,7 @@ impl Weights for TestWeights {
  }
 }

-#[derive(Clone, PartialEq, Eq, Debug, Encode, Decode)]
+#[derive(Clone, PartialEq, Eq, Debug, BorshSerialize, BorshDeserialize)]
 struct TestBlock {
  id: TestBlockId,
  valid: Result<(), BlockError>,
--- a/coordinator/tributary/Cargo.toml
+++ b/coordinator/tributary/Cargo.toml
@@ -8,7 +8,7 @@ authors = ["Luke Parker <lukeparker5132@gmail.com>"]
 keywords = []
 edition = "2021"
 publish = false
-rust-version = "1.81"
+rust-version = "1.85"

 [package.metadata.docs.rs]
 all-features = true
@@ -21,14 +21,15 @@ workspace = true
 zeroize = { version = "^1.5", default-features = false, features = ["std"] }
 rand_core = { version = "0.6", default-features = false, features = ["std"] }

-blake2 = { version = "0.10", default-features = false, features = ["std"] }
-ciphersuite = { path = "../../crypto/ciphersuite", default-features = false, features = ["std"] }
-schnorr = { package = "schnorr-signatures", path = "../../crypto/schnorr", default-features = false, features = ["std"] }
-
-scale = { package = "parity-scale-codec", version = "3", default-features = false, features = ["std", "derive"] }
 borsh = { version = "1", default-features = false, features = ["std", "derive", "de_strict_order"] }

-serai-client = { path = "../../substrate/client", default-features = false, features = ["serai", "borsh"] }
+blake2 = { version = "0.11.0-rc.0", default-features = false, features = ["alloc"] }
+ciphersuite = { path = "../../crypto/ciphersuite", default-features = false, features = ["std"] }
+dalek-ff-group = { path = "../../crypto/dalek-ff-group", default-features = false, features = ["std"] }
+dkg = { path = "../../crypto/dkg", default-features = false, features = ["std"] }
+schnorr = { package = "schnorr-signatures", path = "../../crypto/schnorr", default-features = false, features = ["std"] }
+
+serai-primitives = { path = "../../substrate/primitives", default-features = false, features = ["std"] }

 serai-db = { path = "../../common/db" }
 serai-task = { path = "../../common/task", version = "0.1" }
--- a/coordinator/tributary/src/db.rs
+++ b/coordinator/tributary/src/db.rs
@@ -1,9 +1,8 @@
 use std::collections::HashMap;

-use scale::Encode;
 use borsh::{BorshSerialize, BorshDeserialize};

-use serai_client::{primitives::SeraiAddress, validator_sets::primitives::ValidatorSet};
+use serai_primitives::{address::SeraiAddress, validator_sets::primitives::ExternalValidatorSet};

 use messages::sign::{VariantSignId, SignId};

@@ -14,21 +13,36 @@ use serai_cosign::CosignIntent;
 use crate::transaction::SigningProtocolRound;

 /// A topic within the database which the group participates in
-#[derive(Clone, Copy, PartialEq, Eq, Debug, Encode, BorshSerialize, BorshDeserialize)]
-pub(crate) enum Topic {
+#[derive(Clone, Copy, PartialEq, Eq, Debug, BorshSerialize, BorshDeserialize)]
+pub enum Topic {
  /// Vote to remove a participant
-  RemoveParticipant { participant: SeraiAddress },
+  RemoveParticipant {
+    /// The participant to remove
+    participant: SeraiAddress,
+  },

  // DkgParticipation isn't represented here as participations are immediately sent to the
  // processor, not accumulated within this databse
  /// Participation in the signing protocol to confirm the DKG results on Substrate
-  DkgConfirmation { attempt: u32, round: SigningProtocolRound },
+  DkgConfirmation {
+    /// The attempt number this is for
+    attempt: u32,
+    /// The round of the signing protocol
+    round: SigningProtocolRound,
+  },

  /// The local view of the SlashReport, to be aggregated into the final SlashReport
  SlashReport,

  /// Participation in a signing protocol
-  Sign { id: VariantSignId, attempt: u32, round: SigningProtocolRound },
+  Sign {
+    /// The ID of the signing protocol
+    id: VariantSignId,
+    /// The attempt number this is for
+    attempt: u32,
+    /// The round of the signing protocol
+    round: SigningProtocolRound,
+  },
 }

 enum Participating {
@@ -46,7 +60,7 @@ impl Topic {
        attempt: attempt + 1,
        round: SigningProtocolRound::Preprocess,
      }),
-      Topic::SlashReport { .. } => None,
+      Topic::SlashReport => None,
      Topic::Sign { id, attempt, round: _ } => {
        Some(Topic::Sign { id, attempt: attempt + 1, round: SigningProtocolRound::Preprocess })
      }
@@ -68,7 +82,7 @@ impl Topic {
        }
        SigningProtocolRound::Share => None,
      },
-      Topic::SlashReport { .. } => None,
+      Topic::SlashReport => None,
      Topic::Sign { id, attempt, round } => match round {
        SigningProtocolRound::Preprocess => {
          let attempt = attempt + 1;
@@ -79,19 +93,46 @@ impl Topic {
    }
  }

-  // The SignId for this topic
-  //
-  // Returns None if Topic isn't Topic::Sign
-  pub(crate) fn sign_id(self, set: ValidatorSet) -> Option<messages::sign::SignId> {
+  /// The SignId for this topic
+  ///
+  /// Returns None if Topic isn't Topic::Sign
+  pub(crate) fn sign_id(self, set: ExternalValidatorSet) -> Option<messages::sign::SignId> {
    #[allow(clippy::match_same_arms)]
    match self {
      Topic::RemoveParticipant { .. } => None,
      Topic::DkgConfirmation { .. } => None,
-      Topic::SlashReport { .. } => None,
+      Topic::SlashReport => None,
      Topic::Sign { id, attempt, round: _ } => Some(SignId { session: set.session, id, attempt }),
    }
  }

+  /// The SignId for this DKG Confirmation.
+  ///
+  /// This is undefined except for being consistent to the DKG Confirmation signing protocol and
+  /// unique across sets.
+  ///
+  /// Returns None if Topic isn't Topic::DkgConfirmation.
+  pub(crate) fn dkg_confirmation_sign_id(
+    self,
+    set: ExternalValidatorSet,
+  ) -> Option<messages::sign::SignId> {
+    #[allow(clippy::match_same_arms)]
+    match self {
+      Topic::RemoveParticipant { .. } => None,
+      Topic::DkgConfirmation { attempt, round: _ } => Some({
+        let id = {
+          let mut id = [0; 32];
+          let encoded_set = borsh::to_vec(set).unwrap();
+          id[.. encoded_set.len()].copy_from_slice(&encoded_set);
+          VariantSignId::Batch(id)
+        };
+        SignId { session: set.session, id, attempt }
+      }),
+      Topic::SlashReport => None,
+      Topic::Sign { .. } => None,
+    }
+  }
+
  /// The topic which precedes this topic as a prerequisite
  ///
  /// The preceding topic must define this topic as succeeding
@@ -105,7 +146,7 @@ impl Topic {
          Some(Topic::DkgConfirmation { attempt, round: SigningProtocolRound::Preprocess })
        }
      },
-      Topic::SlashReport { .. } => None,
+      Topic::SlashReport => None,
      Topic::Sign { id, attempt, round } => match round {
        SigningProtocolRound::Preprocess => None,
        SigningProtocolRound::Share => {
@@ -128,7 +169,7 @@ impl Topic {
        }
        SigningProtocolRound::Share => None,
      },
-      Topic::SlashReport { .. } => None,
+      Topic::SlashReport => None,
      Topic::Sign { id, attempt, round } => match round {
        SigningProtocolRound::Preprocess => {
          Some(Topic::Sign { id, attempt, round: SigningProtocolRound::Share })
@@ -138,21 +179,22 @@ impl Topic {
    }
  }

-  fn requires_whitelisting(&self) -> bool {
+  /// If this topic requires recognition before entries are permitted for it.
+  pub fn requires_recognition(&self) -> bool {
    #[allow(clippy::match_same_arms)]
    match self {
-      // We don't require whitelisting to remove a participant
+      // We don't require recognition to remove a participant
      Topic::RemoveParticipant { .. } => false,
-      // We don't require whitelisting for the first attempt, solely the re-attempts
+      // We don't require recognition for the first attempt, solely the re-attempts
      Topic::DkgConfirmation { attempt, .. } => *attempt != 0,
-      // We don't require whitelisting for the slash report
-      Topic::SlashReport { .. } => false,
-      // We do require whitelisting for every sign protocol
+      // We don't require recognition for the slash report
+      Topic::SlashReport => false,
+      // We do require recognition for every sign protocol
      Topic::Sign { .. } => true,
    }
  }

-  fn required_participation(&self, n: u64) -> u64 {
+  fn required_participation(&self, n: u16) -> u16 {
    let _ = self;
    // All of our topics require 2/3rds participation
    ((2 * n) / 3) + 1
@@ -163,7 +205,7 @@ impl Topic {
    match self {
      Topic::RemoveParticipant { .. } => Participating::Everyone,
      Topic::DkgConfirmation { .. } => Participating::Participated,
-      Topic::SlashReport { .. } => Participating::Everyone,
+      Topic::SlashReport => Participating::Everyone,
      Topic::Sign { .. } => Participating::Participated,
    }
  }
@@ -184,36 +226,48 @@ pub(crate) enum DataSet<D: Borshy> {
 create_db!(
  CoordinatorTributary {
    // The last handled tributary block's (number, hash)
-    LastHandledTributaryBlock: (set: ValidatorSet) -> (u64, [u8; 32]),
+    LastHandledTributaryBlock: (set: ExternalValidatorSet) -> (u64, [u8; 32]),

    // The slash points a validator has accrued, with u32::MAX representing a fatal slash.
-    SlashPoints: (set: ValidatorSet, validator: SeraiAddress) -> u32,
+    SlashPoints: (set: ExternalValidatorSet, validator: SeraiAddress) -> u32,

    // The cosign intent for a Substrate block
-    CosignIntents: (set: ValidatorSet, substrate_block_hash: [u8; 32]) -> CosignIntent,
+    CosignIntents: (set: ExternalValidatorSet, substrate_block_hash: [u8; 32]) -> CosignIntent,
    // The latest Substrate block to cosign.
-    LatestSubstrateBlockToCosign: (set: ValidatorSet) -> [u8; 32],
+    LatestSubstrateBlockToCosign: (set: ExternalValidatorSet) -> [u8; 32],
    // The hash of the block we're actively cosigning.
-    ActivelyCosigning: (set: ValidatorSet) -> [u8; 32],
+    ActivelyCosigning: (set: ExternalValidatorSet) -> [u8; 32],
    // If this block has already been cosigned.
-    Cosigned: (set: ValidatorSet, substrate_block_hash: [u8; 32]) -> (),
+    Cosigned: (set: ExternalValidatorSet, substrate_block_hash: [u8; 32]) -> (),

-    // The plans to whitelist upon a `Transaction::SubstrateBlock` being included on-chain.
-    SubstrateBlockPlans: (set: ValidatorSet, substrate_block_hash: [u8; 32]) -> Vec<[u8; 32]>,
+    // The plans to recognize upon a `Transaction::SubstrateBlock` being included on-chain.
+    SubstrateBlockPlans: (
+      set: ExternalValidatorSet,
+      substrate_block_hash: [u8; 32]
+    ) -> Vec<[u8; 32]>,

    // The weight accumulated for a topic.
-    AccumulatedWeight: (set: ValidatorSet, topic: Topic) -> u64,
+    AccumulatedWeight: (set: ExternalValidatorSet, topic: Topic) -> u16,
    // The entries accumulated for a topic, by validator.
-    Accumulated: <D: Borshy>(set: ValidatorSet, topic: Topic, validator: SeraiAddress) -> D,
+    Accumulated: <D: Borshy>(
+      set: ExternalValidatorSet,
+      topic: Topic,
+      validator: SeraiAddress
+    ) -> D,

    // Topics to be recognized as of a certain block number due to the reattempt protocol.
-    Reattempt: (set: ValidatorSet, block_number: u64) -> Vec<Topic>,
+    Reattempt: (set: ExternalValidatorSet, block_number: u64) -> Vec<Topic>,
  }
 );

 db_channel!(
  CoordinatorTributary {
-    ProcessorMessages: (set: ValidatorSet) -> messages::CoordinatorMessage,
+    // Messages to send to the processor
+    ProcessorMessages: (set: ExternalValidatorSet) -> messages::CoordinatorMessage,
+    // Messages for the DKG confirmation
+    DkgConfirmationMessages: (set: ExternalValidatorSet) -> messages::sign::CoordinatorMessage,
+    // Topics which have been explicitly recognized
+    RecognizedTopics: (set: ExternalValidatorSet) -> Topic,
  }
 );

@@ -221,13 +275,13 @@ pub(crate) struct TributaryDb;
 impl TributaryDb {
  pub(crate) fn last_handled_tributary_block(
    getter: &impl Get,
-    set: ValidatorSet,
+    set: ExternalValidatorSet,
  ) -> Option<(u64, [u8; 32])> {
    LastHandledTributaryBlock::get(getter, set)
  }
  pub(crate) fn set_last_handled_tributary_block(
    txn: &mut impl DbTxn,
-    set: ValidatorSet,
+    set: ExternalValidatorSet,
    block_number: u64,
    block_hash: [u8; 32],
  ) {
@@ -236,23 +290,26 @@ impl TributaryDb {

  pub(crate) fn latest_substrate_block_to_cosign(
    getter: &impl Get,
-    set: ValidatorSet,
+    set: ExternalValidatorSet,
  ) -> Option<[u8; 32]> {
    LatestSubstrateBlockToCosign::get(getter, set)
  }
  pub(crate) fn set_latest_substrate_block_to_cosign(
    txn: &mut impl DbTxn,
-    set: ValidatorSet,
+    set: ExternalValidatorSet,
    substrate_block_hash: [u8; 32],
  ) {
    LatestSubstrateBlockToCosign::set(txn, set, &substrate_block_hash);
  }
-  pub(crate) fn actively_cosigning(txn: &mut impl DbTxn, set: ValidatorSet) -> Option<[u8; 32]> {
+  pub(crate) fn actively_cosigning(
+    txn: &mut impl DbTxn,
+    set: ExternalValidatorSet,
+  ) -> Option<[u8; 32]> {
    ActivelyCosigning::get(txn, set)
  }
  pub(crate) fn start_cosigning(
    txn: &mut impl DbTxn,
-    set: ValidatorSet,
+    set: ExternalValidatorSet,
    substrate_block_hash: [u8; 32],
    substrate_block_number: u64,
  ) {
@@ -262,7 +319,7 @@ impl TributaryDb {
    );
    ActivelyCosigning::set(txn, set, &substrate_block_hash);

-    TributaryDb::recognize_topic(
+    Self::recognize_topic(
      txn,
      set,
      Topic::Sign {
@@ -272,29 +329,33 @@ impl TributaryDb {
      },
    );
  }
-  pub(crate) fn finish_cosigning(txn: &mut impl DbTxn, set: ValidatorSet) {
+  pub(crate) fn finish_cosigning(txn: &mut impl DbTxn, set: ExternalValidatorSet) {
    assert!(ActivelyCosigning::take(txn, set).is_some(), "finished cosigning but not cosigning");
  }
  pub(crate) fn mark_cosigned(
    txn: &mut impl DbTxn,
-    set: ValidatorSet,
+    set: ExternalValidatorSet,
    substrate_block_hash: [u8; 32],
  ) {
    Cosigned::set(txn, set, substrate_block_hash, &());
  }
  pub(crate) fn cosigned(
    txn: &mut impl DbTxn,
-    set: ValidatorSet,
+    set: ExternalValidatorSet,
    substrate_block_hash: [u8; 32],
  ) -> bool {
    Cosigned::get(txn, set, substrate_block_hash).is_some()
  }

-  pub(crate) fn recognize_topic(txn: &mut impl DbTxn, set: ValidatorSet, topic: Topic) {
+  pub(crate) fn recognize_topic(txn: &mut impl DbTxn, set: ExternalValidatorSet, topic: Topic) {
    AccumulatedWeight::set(txn, set, topic, &0);
+    RecognizedTopics::send(txn, set, &topic);
+  }
+  pub(crate) fn recognized(getter: &impl Get, set: ExternalValidatorSet, topic: Topic) -> bool {
+    AccumulatedWeight::get(getter, set, topic).is_some()
  }

-  pub(crate) fn start_of_block(txn: &mut impl DbTxn, set: ValidatorSet, block_number: u64) {
+  pub(crate) fn start_of_block(txn: &mut impl DbTxn, set: ExternalValidatorSet, block_number: u64) {
    for topic in Reattempt::take(txn, set, block_number).unwrap_or(vec![]) {
      /*
        TODO: Slash all people who preprocessed but didn't share, and add a delay to their
@@ -312,13 +373,19 @@ impl TributaryDb {
      Self::recognize_topic(txn, set, topic);
      if let Some(id) = topic.sign_id(set) {
        Self::send_message(txn, set, messages::sign::CoordinatorMessage::Reattempt { id });
+      } else if let Some(id) = topic.dkg_confirmation_sign_id(set) {
+        DkgConfirmationMessages::send(
+          txn,
+          set,
+          &messages::sign::CoordinatorMessage::Reattempt { id },
+        );
      }
    }
  }

  pub(crate) fn fatal_slash(
    txn: &mut impl DbTxn,
-    set: ValidatorSet,
+    set: ExternalValidatorSet,
    validator: SeraiAddress,
    reason: &str,
  ) {
@@ -328,7 +395,7 @@ impl TributaryDb {

  pub(crate) fn is_fatally_slashed(
    getter: &impl Get,
-    set: ValidatorSet,
+    set: ExternalValidatorSet,
    validator: SeraiAddress,
  ) -> bool {
    SlashPoints::get(getter, set, validator).unwrap_or(0) == u32::MAX
@@ -337,21 +404,26 @@ impl TributaryDb {
  #[allow(clippy::too_many_arguments)]
  pub(crate) fn accumulate<D: Borshy>(
    txn: &mut impl DbTxn,
-    set: ValidatorSet,
+    set: ExternalValidatorSet,
    validators: &[SeraiAddress],
-    total_weight: u64,
+    total_weight: u16,
    block_number: u64,
    topic: Topic,
    validator: SeraiAddress,
-    validator_weight: u64,
+    validator_weight: u16,
    data: &D,
  ) -> DataSet<D> {
    // This function will only be called once for a (validator, topic) tuple due to how we handle
    // nonces on transactions (deterministically to the topic)

    let accumulated_weight = AccumulatedWeight::get(txn, set, topic);
-    if topic.requires_whitelisting() && accumulated_weight.is_none() {
-      Self::fatal_slash(txn, set, validator, "participated in unrecognized topic");
+    if topic.requires_recognition() && accumulated_weight.is_none() {
+      Self::fatal_slash(
+        txn,
+        set,
+        validator,
+        "participated in unrecognized topic which requires recognition",
+      );
      return DataSet::None;
    }
    let mut accumulated_weight = accumulated_weight.unwrap_or(0);
@@ -448,7 +520,7 @@ impl TributaryDb {

  pub(crate) fn send_message(
    txn: &mut impl DbTxn,
-    set: ValidatorSet,
+    set: ExternalValidatorSet,
    message: impl Into<messages::CoordinatorMessage>,
  ) {
    ProcessorMessages::send(txn, set, &message.into());
--- a/coordinator/tributary/src/lib.rs
+++ b/coordinator/tributary/src/lib.rs
@@ -6,10 +6,11 @@ use core::{marker::PhantomData, future::Future};
 use std::collections::HashMap;

 use ciphersuite::group::GroupEncoding;
+use dkg::Participant;

-use serai_client::{
-  primitives::SeraiAddress,
-  validator_sets::primitives::{ValidatorSet, Slash},
+use serai_primitives::{
+  address::SeraiAddress,
+  validator_sets::{ExternalValidatorSet, Slash},
 };

 use serai_db::*;
@@ -27,59 +28,99 @@ use tributary_sdk::{
 use serai_cosign::CosignIntent;
 use serai_coordinator_substrate::NewSetInformation;

-use messages::sign::VariantSignId;
+use messages::sign::{VariantSignId, SignId};

 mod transaction;
 pub use transaction::{SigningProtocolRound, Signed, Transaction};

 mod db;
 use db::*;
+pub use db::Topic;

 /// Messages to send to the Processors.
 pub struct ProcessorMessages;
 impl ProcessorMessages {
  /// Try to receive a message to send to a Processor.
-  pub fn try_recv(txn: &mut impl DbTxn, set: ValidatorSet) -> Option<messages::CoordinatorMessage> {
+  pub fn try_recv(
+    txn: &mut impl DbTxn,
+    set: ExternalValidatorSet,
+  ) -> Option<messages::CoordinatorMessage> {
    db::ProcessorMessages::try_recv(txn, set)
  }
 }

+/// Messages for the DKG confirmation.
+pub struct DkgConfirmationMessages;
+impl DkgConfirmationMessages {
+  /// Receive a message for the DKG confirmation.
+  ///
+  /// These messages use the ProcessorMessage API as that's what existing flows are designed
+  /// around, enabling their reuse. The ProcessorMessage includes a VariantSignId which isn't
+  /// applicable to the DKG confirmation (as there's no such variant of the VariantSignId). The
+  /// actual ID is undefined other than it will be consistent to the signing protocol and unique
+  /// across validator sets, with no guarantees of uniqueness across contexts.
+  pub fn try_recv(
+    txn: &mut impl DbTxn,
+    set: ExternalValidatorSet,
+  ) -> Option<messages::sign::CoordinatorMessage> {
+    db::DkgConfirmationMessages::try_recv(txn, set)
+  }
+}
+
 /// The cosign intents.
 pub struct CosignIntents;
 impl CosignIntents {
  /// Provide a CosignIntent for this Tributary.
  ///
  /// This must be done before the associated `Transaction::Cosign` is provided.
-  pub fn provide(txn: &mut impl DbTxn, set: ValidatorSet, intent: &CosignIntent) {
+  pub fn provide(txn: &mut impl DbTxn, set: ExternalValidatorSet, intent: &CosignIntent) {
    db::CosignIntents::set(txn, set, intent.block_hash, intent);
  }
  fn take(
    txn: &mut impl DbTxn,
-    set: ValidatorSet,
+    set: ExternalValidatorSet,
    substrate_block_hash: [u8; 32],
  ) -> Option<CosignIntent> {
    db::CosignIntents::take(txn, set, substrate_block_hash)
  }
 }

-/// The plans to whitelist upon a `Transaction::SubstrateBlock` being included on-chain.
+/// An interface to the topics recognized on this Tributary.
+pub struct RecognizedTopics;
+impl RecognizedTopics {
+  /// If this topic has been recognized by this Tributary.
+  ///
+  /// This will either be by explicit recognition or participation.
+  pub fn recognized(getter: &impl Get, set: ExternalValidatorSet, topic: Topic) -> bool {
+    TributaryDb::recognized(getter, set, topic)
+  }
+  /// The next topic requiring recognition which has been recognized by this Tributary.
+  pub fn try_recv_topic_requiring_recognition(
+    txn: &mut impl DbTxn,
+    set: ExternalValidatorSet,
+  ) -> Option<Topic> {
+    db::RecognizedTopics::try_recv(txn, set)
+  }
+}
+
+/// The plans to recognize upon a `Transaction::SubstrateBlock` being included on-chain.
 pub struct SubstrateBlockPlans;
 impl SubstrateBlockPlans {
-  /// Set the plans to whitelist upon the associated `Transaction::SubstrateBlock` being included
+  /// Set the plans to recognize upon the associated `Transaction::SubstrateBlock` being included
  /// on-chain.
  ///
  /// This must be done before the associated `Transaction::Cosign` is provided.
  pub fn set(
    txn: &mut impl DbTxn,
-    set: ValidatorSet,
+    set: ExternalValidatorSet,
    substrate_block_hash: [u8; 32],
    plans: &Vec<[u8; 32]>,
  ) {
-    db::SubstrateBlockPlans::set(txn, set, substrate_block_hash, &plans);
+    db::SubstrateBlockPlans::set(txn, set, substrate_block_hash, plans);
  }
  fn take(
    txn: &mut impl DbTxn,
-    set: ValidatorSet,
+    set: ExternalValidatorSet,
    substrate_block_hash: [u8; 32],
  ) -> Option<Vec<[u8; 32]>> {
    db::SubstrateBlockPlans::take(txn, set, substrate_block_hash)
@@ -90,32 +131,32 @@ struct ScanBlock<'a, TD: Db, TDT: DbTxn, P: P2p> {
  _td: PhantomData<TD>,
  _p2p: PhantomData<P>,
  tributary_txn: &'a mut TDT,
-  set: ValidatorSet,
+  set: &'a NewSetInformation,
  validators: &'a [SeraiAddress],
-  total_weight: u64,
-  validator_weights: &'a HashMap<SeraiAddress, u64>,
+  total_weight: u16,
+  validator_weights: &'a HashMap<SeraiAddress, u16>,
 }
-impl<'a, TD: Db, TDT: DbTxn, P: P2p> ScanBlock<'a, TD, TDT, P> {
+impl<TD: Db, TDT: DbTxn, P: P2p> ScanBlock<'_, TD, TDT, P> {
  fn potentially_start_cosign(&mut self) {
    // Don't start a new cosigning instance if we're actively running one
-    if TributaryDb::actively_cosigning(self.tributary_txn, self.set).is_some() {
+    if TributaryDb::actively_cosigning(self.tributary_txn, self.set.set).is_some() {
      return;
    }

    // Fetch the latest intended-to-be-cosigned block
    let Some(latest_substrate_block_to_cosign) =
-      TributaryDb::latest_substrate_block_to_cosign(self.tributary_txn, self.set)
+      TributaryDb::latest_substrate_block_to_cosign(self.tributary_txn, self.set.set)
    else {
      return;
    };

    // If it was already cosigned, return
-    if TributaryDb::cosigned(self.tributary_txn, self.set, latest_substrate_block_to_cosign) {
+    if TributaryDb::cosigned(self.tributary_txn, self.set.set, latest_substrate_block_to_cosign) {
      return;
    }

    let intent =
-      CosignIntents::take(self.tributary_txn, self.set, latest_substrate_block_to_cosign)
+      CosignIntents::take(self.tributary_txn, self.set.set, latest_substrate_block_to_cosign)
        .expect("Transaction::Cosign locally provided but CosignIntents wasn't populated");
    assert_eq!(
      intent.block_hash, latest_substrate_block_to_cosign,
@@ -125,20 +166,71 @@ impl<'a, TD: Db, TDT: DbTxn, P: P2p> ScanBlock<'a, TD, TDT, P> {
    // Mark us as actively cosigning
    TributaryDb::start_cosigning(
      self.tributary_txn,
-      self.set,
+      self.set.set,
      latest_substrate_block_to_cosign,
      intent.block_number,
    );
    // Send the message for the processor to start signing
    TributaryDb::send_message(
      self.tributary_txn,
-      self.set,
+      self.set.set,
      messages::coordinator::CoordinatorMessage::CosignSubstrateBlock {
-        session: self.set.session,
-        intent,
+        session: self.set.set.session,
+        cosign: intent.into_cosign(self.set.set.network),
      },
    );
  }
+
+  fn accumulate_dkg_confirmation<D: AsRef<[u8]> + Borshy>(
+    &mut self,
+    block_number: u64,
+    topic: Topic,
+    data: &D,
+    signer: SeraiAddress,
+  ) -> Option<(SignId, HashMap<Participant, Vec<u8>>)> {
+    match TributaryDb::accumulate::<D>(
+      self.tributary_txn,
+      self.set.set,
+      self.validators,
+      self.total_weight,
+      block_number,
+      topic,
+      signer,
+      self.validator_weights[&signer],
+      data,
+    ) {
+      DataSet::None => None,
+      DataSet::Participating(data_set) => {
+        let id = topic.dkg_confirmation_sign_id(self.set.set).unwrap();
+
+        // This will be used in a MuSig protocol, so the Participant indexes are the validator's
+        // position in the list regardless of their weight
+        let flatten_data_set = |data_set: HashMap<_, D>| {
+          let mut entries = HashMap::with_capacity(usize::from(self.total_weight));
+          for (validator, participation) in data_set {
+            let (index, (_validator, _weight)) = &self
+              .set
+              .validators
+              .iter()
+              .enumerate()
+              .find(|(_i, (validator_i, _weight))| validator == *validator_i)
+              .unwrap();
+            // The index is zero-indexed yet participants are one-indexed
+            let index = index + 1;
+
+            entries.insert(
+              Participant::new(u16::try_from(index).unwrap()).unwrap(),
+              participation.as_ref().to_vec(),
+            );
+          }
+          entries
+        };
+        let data_set = flatten_data_set(data_set);
+        Some((id, data_set))
+      }
+    }
+  }
+
  fn handle_application_tx(&mut self, block_number: u64, tx: Transaction) {
    let signer = |signed: Signed| SeraiAddress(signed.signer().to_bytes());

@@ -147,23 +239,24 @@ impl<'a, TD: Db, TDT: DbTxn, P: P2p> ScanBlock<'a, TD, TDT, P> {
      // TODO: The fact they can publish these TXs makes this a notable spam vector
      if TributaryDb::is_fatally_slashed(
        self.tributary_txn,
-        self.set,
+        self.set.set,
        SeraiAddress(signer.to_bytes()),
      ) {
        return;
      }
    }

+    let topic = tx.topic();
    match tx {
      // Accumulate this vote and fatally slash the participant if past the threshold
      Transaction::RemoveParticipant { participant, signed } => {
        let signer = signer(signed);

        // Check the participant voted to be removed actually exists
-        if !self.validators.iter().any(|validator| *validator == participant) {
+        if !self.validators.contains(&participant) {
          TributaryDb::fatal_slash(
            self.tributary_txn,
-            self.set,
+            self.set.set,
            signer,
            "voted to remove non-existent participant",
          );
@@ -172,18 +265,23 @@ impl<'a, TD: Db, TDT: DbTxn, P: P2p> ScanBlock<'a, TD, TDT, P> {

        match TributaryDb::accumulate(
          self.tributary_txn,
-          self.set,
+          self.set.set,
          self.validators,
          self.total_weight,
          block_number,
-          Topic::RemoveParticipant { participant },
+          topic.unwrap(),
          signer,
          self.validator_weights[&signer],
          &(),
        ) {
          DataSet::None => {}
          DataSet::Participating(_) => {
-            TributaryDb::fatal_slash(self.tributary_txn, self.set, participant, "voted to remove");
+            TributaryDb::fatal_slash(
+              self.tributary_txn,
+              self.set.set,
+              participant,
+              "voted to remove",
+            );
          }
        };
      }
@@ -192,28 +290,52 @@ impl<'a, TD: Db, TDT: DbTxn, P: P2p> ScanBlock<'a, TD, TDT, P> {
      Transaction::DkgParticipation { participation, signed } => {
        TributaryDb::send_message(
          self.tributary_txn,
-          self.set,
+          self.set.set,
          messages::key_gen::CoordinatorMessage::Participation {
-            session: self.set.session,
-            participant: todo!("TODO"),
+            session: self.set.set.session,
+            participant: self.set.participant_indexes[&signer(signed)][0],
            participation,
          },
        );
      }
-      Transaction::DkgConfirmationPreprocess { attempt, preprocess, signed } => {
-        // Accumulate the preprocesses into our own FROST attempt manager
-        todo!("TODO")
+      Transaction::DkgConfirmationPreprocess { attempt: _, preprocess, signed } => {
+        let topic = topic.unwrap();
+        let signer = signer(signed);
+
+        let Some((id, data_set)) =
+          self.accumulate_dkg_confirmation(block_number, topic, &preprocess, signer)
+        else {
+          return;
+        };
+
+        db::DkgConfirmationMessages::send(
+          self.tributary_txn,
+          self.set.set,
+          &messages::sign::CoordinatorMessage::Preprocesses { id, preprocesses: data_set },
+        );
      }
-      Transaction::DkgConfirmationShare { attempt, share, signed } => {
-        // Accumulate the shares into our own FROST attempt manager
-        todo!("TODO: SetKeysTask")
+      Transaction::DkgConfirmationShare { attempt: _, share, signed } => {
+        let topic = topic.unwrap();
+        let signer = signer(signed);
+
+        let Some((id, data_set)) =
+          self.accumulate_dkg_confirmation(block_number, topic, &share, signer)
+        else {
+          return;
+        };
+
+        db::DkgConfirmationMessages::send(
+          self.tributary_txn,
+          self.set.set,
+          &messages::sign::CoordinatorMessage::Shares { id, shares: data_set },
+        );
      }

      Transaction::Cosign { substrate_block_hash } => {
        // Update the latest intended-to-be-cosigned Substrate block
        TributaryDb::set_latest_substrate_block_to_cosign(
          self.tributary_txn,
-          self.set,
+          self.set.set,
          substrate_block_hash,
        );
        // Start a new cosign if we aren't already working on one
@@ -226,32 +348,32 @@ impl<'a, TD: Db, TDT: DbTxn, P: P2p> ScanBlock<'a, TD, TDT, P> {
          not-yet-Cosigned cosigns, we flag all cosigned blocks as cosigned. Then, when we choose
          the next block to work on, we won't if it's already been cosigned.
        */
-        TributaryDb::mark_cosigned(self.tributary_txn, self.set, substrate_block_hash);
+        TributaryDb::mark_cosigned(self.tributary_txn, self.set.set, substrate_block_hash);

        // If we aren't actively cosigning this block, return
        // This occurs when we have Cosign TXs A, B, C, we received Cosigned for A and start on C,
        // and then receive Cosigned for B
-        if TributaryDb::actively_cosigning(self.tributary_txn, self.set) !=
+        if TributaryDb::actively_cosigning(self.tributary_txn, self.set.set) !=
          Some(substrate_block_hash)
        {
          return;
        }

        // Since this is the block we were cosigning, mark us as having finished cosigning
-        TributaryDb::finish_cosigning(self.tributary_txn, self.set);
+        TributaryDb::finish_cosigning(self.tributary_txn, self.set.set);

        // Start working on the next cosign
        self.potentially_start_cosign();
      }
      Transaction::SubstrateBlock { hash } => {
-        // Whitelist all of the IDs this Substrate block causes to be signed
-        let plans = SubstrateBlockPlans::take(self.tributary_txn, self.set, hash).expect(
+        // Recognize all of the IDs this Substrate block causes to be signed
+        let plans = SubstrateBlockPlans::take(self.tributary_txn, self.set.set, hash).expect(
          "Transaction::SubstrateBlock locally provided but SubstrateBlockPlans wasn't populated",
        );
        for plan in plans {
          TributaryDb::recognize_topic(
            self.tributary_txn,
-            self.set,
+            self.set.set,
            Topic::Sign {
              id: VariantSignId::Transaction(plan),
              attempt: 0,
@@ -261,10 +383,10 @@ impl<'a, TD: Db, TDT: DbTxn, P: P2p> ScanBlock<'a, TD, TDT, P> {
        }
      }
      Transaction::Batch { hash } => {
-        // Whitelist the signing of this batch
+        // Recognize the signing of this batch
        TributaryDb::recognize_topic(
          self.tributary_txn,
-          self.set,
+          self.set.set,
          Topic::Sign {
            id: VariantSignId::Batch(hash),
            attempt: 0,
@@ -279,7 +401,7 @@ impl<'a, TD: Db, TDT: DbTxn, P: P2p> ScanBlock<'a, TD, TDT, P> {
        if slash_points.len() != self.validators.len() {
          TributaryDb::fatal_slash(
            self.tributary_txn,
-            self.set,
+            self.set.set,
            signer,
            "slash report was for a distinct amount of signers",
          );
@@ -289,11 +411,11 @@ impl<'a, TD: Db, TDT: DbTxn, P: P2p> ScanBlock<'a, TD, TDT, P> {
        // Accumulate, and if past the threshold, calculate *the* slash report and start signing it
        match TributaryDb::accumulate(
          self.tributary_txn,
-          self.set,
+          self.set.set,
          self.validators,
          self.total_weight,
          block_number,
-          Topic::SlashReport,
+          topic.unwrap(),
          signer,
          self.validator_weights[&signer],
          &slash_points,
@@ -307,10 +429,6 @@ impl<'a, TD: Db, TDT: DbTxn, P: P2p> ScanBlock<'a, TD, TDT, P> {
              have a supermajority agree the slash should be fatal. If there isn't a supermajority,
              but the median believe the slash should be fatal, we need to fallback to a large
              constant.
-
-              Also, TODO, each slash point should probably be considered as
-              `MAX_KEY_SHARES_PER_SET * BLOCK_TIME` seconds of downtime. As this time crosses
-              various thresholds (1 day, 3 days, etc), a multiplier should be attached.
            */
            let mut median_slash_report = Vec::with_capacity(self.validators.len());
            for i in 0 .. self.validators.len() {
@@ -351,7 +469,7 @@ impl<'a, TD: Db, TDT: DbTxn, P: P2p> ScanBlock<'a, TD, TDT, P> {

            // Create the resulting slash report
            let mut slash_report = vec![];
-            for (validator, points) in self.validators.iter().copied().zip(amortized_slash_report) {
+            for points in amortized_slash_report {
              // TODO: Natively store this as a `Slash`
              if points == u32::MAX {
                slash_report.push(Slash::Fatal);
@@ -364,7 +482,7 @@ impl<'a, TD: Db, TDT: DbTxn, P: P2p> ScanBlock<'a, TD, TDT, P> {
            // Recognize the topic for signing the slash report
            TributaryDb::recognize_topic(
              self.tributary_txn,
-              self.set,
+              self.set.set,
              Topic::Sign {
                id: VariantSignId::SlashReport,
                attempt: 0,
@@ -374,24 +492,24 @@ impl<'a, TD: Db, TDT: DbTxn, P: P2p> ScanBlock<'a, TD, TDT, P> {
            // Send the message for the processor to start signing
            TributaryDb::send_message(
              self.tributary_txn,
-              self.set,
+              self.set.set,
              messages::coordinator::CoordinatorMessage::SignSlashReport {
-                session: self.set.session,
-                report: slash_report,
+                session: self.set.set.session,
+                slash_report: slash_report.try_into().unwrap(),
              },
            );
          }
        };
      }

-      Transaction::Sign { id, attempt, round, data, signed } => {
-        let topic = Topic::Sign { id, attempt, round };
+      Transaction::Sign { id: _, attempt: _, round, data, signed } => {
+        let topic = topic.unwrap();
        let signer = signer(signed);

-        if u64::try_from(data.len()).unwrap() != self.validator_weights[&signer] {
+        if data.len() != usize::from(self.validator_weights[&signer]) {
          TributaryDb::fatal_slash(
            self.tributary_txn,
-            self.set,
+            self.set.set,
            signer,
            "signer signed with a distinct amount of key shares than they had key shares",
          );
@@ -400,7 +518,7 @@ impl<'a, TD: Db, TDT: DbTxn, P: P2p> ScanBlock<'a, TD, TDT, P> {

        match TributaryDb::accumulate(
          self.tributary_txn,
-          self.set,
+          self.set.set,
          self.validators,
          self.total_weight,
          block_number,
@@ -411,12 +529,22 @@ impl<'a, TD: Db, TDT: DbTxn, P: P2p> ScanBlock<'a, TD, TDT, P> {
        ) {
          DataSet::None => {}
          DataSet::Participating(data_set) => {
-            let id = topic.sign_id(self.set).expect("Topic::Sign didn't have SignId");
-            let flatten_data_set = |data_set| todo!("TODO");
+            let id = topic.sign_id(self.set.set).expect("Topic::Sign didn't have SignId");
+            let flatten_data_set = |data_set: HashMap<_, Vec<_>>| {
+              let mut entries = HashMap::with_capacity(usize::from(self.total_weight));
+              for (validator, shares) in data_set {
+                let indexes = &self.set.participant_indexes[&validator];
+                assert_eq!(indexes.len(), shares.len());
+                for (index, share) in indexes.iter().zip(shares) {
+                  entries.insert(*index, share);
+                }
+              }
+              entries
+            };
            let data_set = flatten_data_set(data_set);
            TributaryDb::send_message(
              self.tributary_txn,
-              self.set,
+              self.set.set,
              match round {
                SigningProtocolRound::Preprocess => {
                  messages::sign::CoordinatorMessage::Preprocesses { id, preprocesses: data_set }
@@ -427,13 +555,13 @@ impl<'a, TD: Db, TDT: DbTxn, P: P2p> ScanBlock<'a, TD, TDT, P> {
              },
            )
          }
-        };
+        }
      }
    }
  }

  fn handle_block(mut self, block_number: u64, block: Block<Transaction>) {
-    TributaryDb::start_of_block(self.tributary_txn, self.set, block_number);
+    TributaryDb::start_of_block(self.tributary_txn, self.set.set, block_number);

    for tx in block.transactions {
      match tx {
@@ -460,7 +588,7 @@ impl<'a, TD: Db, TDT: DbTxn, P: P2p> ScanBlock<'a, TD, TDT, P> {
          // errors, mark the node as fatally slashed
          TributaryDb::fatal_slash(
            self.tributary_txn,
-            self.set,
+            self.set.set,
            SeraiAddress(msgs.0.msg.sender),
            &format!("invalid tendermint messages: {msgs:?}"),
          );
@@ -476,10 +604,10 @@ impl<'a, TD: Db, TDT: DbTxn, P: P2p> ScanBlock<'a, TD, TDT, P> {
 /// The task to scan the Tributary, populating `ProcessorMessages`.
 pub struct ScanTributaryTask<TD: Db, P: P2p> {
  tributary_db: TD,
-  set: ValidatorSet,
+  set: NewSetInformation,
  validators: Vec<SeraiAddress>,
-  total_weight: u64,
-  validator_weights: HashMap<SeraiAddress, u64>,
+  total_weight: u16,
+  validator_weights: HashMap<SeraiAddress, u16>,
  tributary: TributaryReader<TD, Transaction>,
  _p2p: PhantomData<P>,
 }
@@ -488,15 +616,13 @@ impl<TD: Db, P: P2p> ScanTributaryTask<TD, P> {
  /// Create a new instance of this task.
  pub fn new(
    tributary_db: TD,
-    new_set: &NewSetInformation,
+    set: NewSetInformation,
    tributary: TributaryReader<TD, Transaction>,
  ) -> Self {
-    let mut validators = Vec::with_capacity(new_set.validators.len());
+    let mut validators = Vec::with_capacity(set.validators.len());
    let mut total_weight = 0;
-    let mut validator_weights = HashMap::with_capacity(new_set.validators.len());
-    for (validator, weight) in new_set.validators.iter().copied() {
-      let validator = SeraiAddress::from(validator);
-      let weight = u64::from(weight);
+    let mut validator_weights = HashMap::with_capacity(set.validators.len());
+    for (validator, weight) in set.validators.iter().copied() {
      validators.push(validator);
      total_weight += weight;
      validator_weights.insert(validator, weight);
@@ -504,7 +630,7 @@ impl<TD: Db, P: P2p> ScanTributaryTask<TD, P> {

    ScanTributaryTask {
      tributary_db,
-      set: new_set.set,
+      set,
      validators,
      total_weight,
      validator_weights,
@@ -520,7 +646,7 @@ impl<TD: Db, P: P2p> ContinuallyRan for ScanTributaryTask<TD, P> {
  fn run_iteration(&mut self) -> impl Send + Future<Output = Result<bool, Self::Error>> {
    async move {
      let (mut last_block_number, mut last_block_hash) =
-        TributaryDb::last_handled_tributary_block(&self.tributary_db, self.set)
+        TributaryDb::last_handled_tributary_block(&self.tributary_db, self.set.set)
          .unwrap_or((0, self.tributary.genesis()));

      let mut made_progress = false;
@@ -539,7 +665,7 @@ impl<TD: Db, P: P2p> ContinuallyRan for ScanTributaryTask<TD, P> {
          if !self.tributary.locally_provided_txs_in_block(&block_hash, order) {
            return Err(format!(
              "didn't have the provided Transactions on-chain for set (ephemeral error): {:?}",
-              self.set
+              self.set.set
            ));
          }
        }
@@ -549,7 +675,7 @@ impl<TD: Db, P: P2p> ContinuallyRan for ScanTributaryTask<TD, P> {
          _td: PhantomData::<TD>,
          _p2p: PhantomData::<P>,
          tributary_txn: &mut tributary_txn,
-          set: self.set,
+          set: &self.set,
          validators: &self.validators,
          total_weight: self.total_weight,
          validator_weights: &self.validator_weights,
@@ -557,7 +683,7 @@ impl<TD: Db, P: P2p> ContinuallyRan for ScanTributaryTask<TD, P> {
        .handle_block(block_number, block);
        TributaryDb::set_last_handled_tributary_block(
          &mut tributary_txn,
-          self.set,
+          self.set.set,
          block_number,
          block_hash,
        );
@@ -577,7 +703,6 @@ impl<TD: Db, P: P2p> ContinuallyRan for ScanTributaryTask<TD, P> {
 pub fn slash_report_transaction(getter: &impl Get, set: &NewSetInformation) -> Transaction {
  let mut slash_points = Vec::with_capacity(set.validators.len());
  for (validator, _weight) in set.validators.iter().copied() {
-    let validator = SeraiAddress::from(validator);
    slash_points.push(SlashPoints::get(getter, set.set, validator).unwrap_or(0));
  }
  Transaction::SlashReport { slash_points, signed: Signed::default() }
--- a/coordinator/tributary/src/transaction.rs
+++ b/coordinator/tributary/src/transaction.rs
@@ -6,15 +6,15 @@ use rand_core::{RngCore, CryptoRng};

 use blake2::{digest::typenum::U32, Digest, Blake2b};
 use ciphersuite::{
-  group::{ff::Field, Group, GroupEncoding},
-  Ciphersuite, Ristretto,
+  group::{Group, GroupEncoding},
+  *,
 };
+use dalek_ff_group::Ristretto;
 use schnorr::SchnorrSignature;

-use scale::Encode;
 use borsh::{BorshSerialize, BorshDeserialize};

-use serai_client::{primitives::SeraiAddress, validator_sets::primitives::MAX_KEY_SHARES_PER_SET};
+use serai_primitives::{addess::SeraiAddress, validator_sets::MAX_KEY_SHARES_PER_SET};

 use messages::sign::VariantSignId;

@@ -25,8 +25,10 @@ use tributary_sdk::{
  },
 };

+use crate::db::Topic;
+
 /// The round this data is for, within a signing protocol.
-#[derive(Clone, Copy, PartialEq, Eq, Debug, Encode, BorshSerialize, BorshDeserialize)]
+#[derive(Clone, Copy, PartialEq, Eq, Debug, BorshSerialize, BorshDeserialize)]
 pub enum SigningProtocolRound {
  /// A preprocess.
  Preprocess,
@@ -49,7 +51,7 @@ impl SigningProtocolRound {
 #[derive(Clone, Copy, PartialEq, Eq, Debug)]
 pub struct Signed {
  /// The signer.
-  signer: <Ristretto as Ciphersuite>::G,
+  signer: <Ristretto as WrappedGroup>::G,
  /// The signature.
  signature: SchnorrSignature<Ristretto>,
 }
@@ -70,7 +72,7 @@ impl BorshDeserialize for Signed {

 impl Signed {
  /// Fetch the signer.
-  pub(crate) fn signer(&self) -> <Ristretto as Ciphersuite>::G {
+  pub(crate) fn signer(&self) -> <Ristretto as WrappedGroup>::G {
    self.signer
  }

@@ -83,10 +85,10 @@ impl Signed {
 impl Default for Signed {
  fn default() -> Self {
    Self {
-      signer: <Ristretto as Ciphersuite>::G::identity(),
+      signer: <Ristretto as WrappedGroup>::G::identity(),
      signature: SchnorrSignature {
-        R: <Ristretto as Ciphersuite>::G::identity(),
-        s: <Ristretto as Ciphersuite>::F::ZERO,
+        R: <Ristretto as WrappedGroup>::G::identity(),
+        s: <Ristretto as WrappedGroup>::F::ZERO,
      },
    }
  }
@@ -180,7 +182,7 @@ pub enum Transaction {
  ///
  /// This is provided after the block has been cosigned.
  ///
-  /// With the acknowledgement of a Substrate block, we can whitelist all the `VariantSignId`s
+  /// With the acknowledgement of a Substrate block, we can recognize all the `VariantSignId`s
  /// resulting from its handling.
  SubstrateBlock {
    /// The hash of the Substrate block
@@ -239,37 +241,37 @@ impl TransactionTrait for Transaction {
  fn kind(&self) -> TransactionKind {
    match self {
      Transaction::RemoveParticipant { participant, signed } => TransactionKind::Signed(
-        (b"RemoveParticipant", participant).encode(),
+        borsh::to_vec(&(b"RemoveParticipant".as_slice(), participant)).unwrap(),
        signed.to_tributary_signed(0),
      ),

-      Transaction::DkgParticipation { signed, .. } => {
-        TransactionKind::Signed(b"DkgParticipation".encode(), signed.to_tributary_signed(0))
-      }
+      Transaction::DkgParticipation { signed, .. } => TransactionKind::Signed(
+        borsh::to_vec(b"DkgParticipation".as_slice()).unwrap(),
+        signed.to_tributary_signed(0),
+      ),
      Transaction::DkgConfirmationPreprocess { attempt, signed, .. } => TransactionKind::Signed(
-        (b"DkgConfirmation", attempt).encode(),
+        borsh::to_vec(b"DkgConfirmation".as_slice(), attempt).unwrap(),
        signed.to_tributary_signed(0),
      ),
      Transaction::DkgConfirmationShare { attempt, signed, .. } => TransactionKind::Signed(
-        (b"DkgConfirmation", attempt).encode(),
+        borsh::to_vec(b"DkgConfirmation".as_slice(), attempt).unwrap(),
        signed.to_tributary_signed(1),
      ),

      Transaction::Cosign { .. } => TransactionKind::Provided("Cosign"),
      Transaction::Cosigned { .. } => TransactionKind::Provided("Cosigned"),
-      // TODO: Provide this
      Transaction::SubstrateBlock { .. } => TransactionKind::Provided("SubstrateBlock"),
-      // TODO: Provide this
      Transaction::Batch { .. } => TransactionKind::Provided("Batch"),

      Transaction::Sign { id, attempt, round, signed, .. } => TransactionKind::Signed(
-        (b"Sign", id, attempt).encode(),
+        borsh::to_vec(b"Sign".as_slice(), id, attempt).unwrap(),
        signed.to_tributary_signed(round.nonce()),
      ),

-      Transaction::SlashReport { signed, .. } => {
-        TransactionKind::Signed(b"SlashReport".encode(), signed.to_tributary_signed(0))
-      }
+      Transaction::SlashReport { signed, .. } => TransactionKind::Signed(
+        borsh::to_vec(b"SlashReport".as_slice()).unwrap(),
+        signed.to_tributary_signed(0),
+      ),
    }
  }

@@ -318,6 +320,36 @@ impl TransactionTrait for Transaction {
 }

 impl Transaction {
+  /// The topic in the database for this transaction.
+  pub fn topic(&self) -> Option<Topic> {
+    #[allow(clippy::match_same_arms)] // This doesn't make semantic sense here
+    match self {
+      Transaction::RemoveParticipant { participant, .. } => {
+        Some(Topic::RemoveParticipant { participant: *participant })
+      }
+
+      Transaction::DkgParticipation { .. } => None,
+      Transaction::DkgConfirmationPreprocess { attempt, .. } => {
+        Some(Topic::DkgConfirmation { attempt: *attempt, round: SigningProtocolRound::Preprocess })
+      }
+      Transaction::DkgConfirmationShare { attempt, .. } => {
+        Some(Topic::DkgConfirmation { attempt: *attempt, round: SigningProtocolRound::Share })
+      }
+
+      // Provided TXs
+      Transaction::Cosign { .. } |
+      Transaction::Cosigned { .. } |
+      Transaction::SubstrateBlock { .. } |
+      Transaction::Batch { .. } => None,
+
+      Transaction::Sign { id, attempt, round, .. } => {
+        Some(Topic::Sign { id: *id, attempt: *attempt, round: *round })
+      }
+
+      Transaction::SlashReport { .. } => Some(Topic::SlashReport),
+    }
+  }
+
  /// Sign a transaction.
  ///
  /// Panics if signing a transaction whose type isn't `TransactionKind::Signed`.
@@ -325,7 +357,7 @@ impl Transaction {
    &mut self,
    rng: &mut R,
    genesis: [u8; 32],
-    key: &Zeroizing<<Ristretto as Ciphersuite>::F>,
+    key: &Zeroizing<<Ristretto as WrappedGroup>::F>,
  ) {
    fn signed(tx: &mut Transaction) -> &mut Signed {
      #[allow(clippy::match_same_arms)] // This doesn't make semantic sense here
@@ -335,10 +367,12 @@ impl Transaction {
        Transaction::DkgConfirmationPreprocess { ref mut signed, .. } => signed,
        Transaction::DkgConfirmationShare { ref mut signed, .. } => signed,

-        Transaction::Cosign { .. } => panic!("signing CosignSubstrateBlock"),
-        Transaction::Cosigned { .. } => panic!("signing Cosigned"),
-        Transaction::SubstrateBlock { .. } => panic!("signing SubstrateBlock"),
-        Transaction::Batch { .. } => panic!("signing Batch"),
+        Transaction::Cosign { .. } => panic!("signing Cosign transaction (provided)"),
+        Transaction::Cosigned { .. } => panic!("signing Cosigned transaction (provided)"),
+        Transaction::SubstrateBlock { .. } => {
+          panic!("signing SubstrateBlock transaction (provided)")
+        }
+        Transaction::Batch { .. } => panic!("signing Batch transaction (provided)"),

        Transaction::Sign { ref mut signed, .. } => signed,

@@ -347,13 +381,13 @@ impl Transaction {
    }

    // Decide the nonce to sign with
-    let sig_nonce = Zeroizing::new(<Ristretto as Ciphersuite>::F::random(rng));
+    let sig_nonce = Zeroizing::new(<Ristretto as WrappedGroup>::F::random(rng));

    {
      // Set the signer and the nonce
      let signed = signed(self);
      signed.signer = Ristretto::generator() * key.deref();
-      signed.signature.R = <Ristretto as Ciphersuite>::generator() * sig_nonce.deref();
+      signed.signature.R = <Ristretto as WrappedGroup>::generator() * sig_nonce.deref();
    }

    // Get the signature hash (which now includes `R || A` making it valid as the challenge)
--- a/crypto/ciphersuite/Cargo.toml
+++ b/crypto/ciphersuite/Cargo.toml
@@ -1,13 +1,13 @@
 [package]
 name = "ciphersuite"
-version = "0.4.1"
+version = "0.4.2"
 description = "Ciphersuites built around ff/group"
 license = "MIT"
 repository = "https://github.com/serai-dex/serai/tree/develop/crypto/ciphersuite"
 authors = ["Luke Parker <lukeparker5132@gmail.com>"]
 keywords = ["ciphersuite", "ff", "group"]
 edition = "2021"
-rust-version = "1.80"
+rust-version = "1.85"

 [package.metadata.docs.rs]
 all-features = true
@@ -17,69 +17,32 @@ rustdoc-args = ["--cfg", "docsrs"]
 workspace = true

 [dependencies]
-std-shims = { path = "../../common/std-shims", version = "^0.1.1", default-features = false, optional = true }
-
-rand_core = { version = "0.6", default-features = false }
+std-shims = { path = "../../common/std-shims", version = "0.1.4", default-features = false, optional = true }

 zeroize = { version = "^1.5", default-features = false, features = ["derive"] }
 subtle = { version = "^2.4", default-features = false }

-digest = { version = "0.10", default-features = false }
-transcript = { package = "flexible-transcript", path = "../transcript", version = "^0.3.2", default-features = false }
-sha2 = { version = "0.10", default-features = false, optional = true }
-sha3 = { version = "0.10", default-features = false, optional = true }
+digest = { version = "0.11.0-rc.1", default-features = false }

 ff = { version = "0.13", default-features = false, features = ["bits"] }
 group = { version = "0.13", default-features = false }

-dalek-ff-group = { path = "../dalek-ff-group", version = "0.4", default-features = false, optional = true }
-
-elliptic-curve = { version = "0.13", default-features = false, features = ["hash2curve"], optional = true }
-p256 = { version = "^0.13.1", default-features = false, features = ["arithmetic", "bits", "hash2curve"], optional = true }
-k256 = { version = "^0.13.1", default-features = false, features = ["arithmetic", "bits", "hash2curve"], optional = true }
-
-minimal-ed448 = { path = "../ed448", version = "0.4", default-features = false, optional = true }
-
 [dev-dependencies]
 hex = { version = "0.4", default-features = false, features = ["std"] }

-rand_core = { version = "0.6", default-features = false, features = ["std"] }
-
 ff-group-tests = { version = "0.13", path = "../ff-group-tests" }

 [features]
-alloc = ["std-shims"]
+alloc = ["std-shims", "zeroize/alloc", "digest/alloc", "ff/alloc"]
 std = [
-  "std-shims/std",
+  "alloc",

-  "rand_core/std",
+  "std-shims/std",

  "zeroize/std",
  "subtle/std",

-  "digest/std",
-  "transcript/std",
-  "sha2?/std",
-  "sha3?/std",
-
  "ff/std",
-
-  "dalek-ff-group?/std",
-
-  "elliptic-curve?/std",
-  "p256?/std",
-  "k256?/std",
-  "minimal-ed448?/std",
 ]

-dalek = ["sha2", "dalek-ff-group"]
-ed25519 = ["dalek"]
-ristretto = ["dalek"]
-
-kp256 = ["sha2", "elliptic-curve"]
-p256 = ["kp256", "dep:p256"]
-secp256k1 = ["kp256", "k256"]
-
-ed448 = ["sha3", "minimal-ed448"]
-
 default = ["std"]
--- a/Show More
+++ b/Show More