change types from coconut to ecash types

This commit is contained in:
Simon Wicky
2024-05-07 09:58:41 +02:00
parent 2194b05310
commit 3e635473a6
12 changed files with 62 additions and 50 deletions
+2
View File
@@ -78,6 +78,8 @@ zeroize = { workspace = true }
nym-bandwidth-controller = { path = "../common/bandwidth-controller" }
nym-coconut-bandwidth-contract-common = { path = "../common/cosmwasm-smart-contracts/coconut-bandwidth-contract" }
nym-coconut-dkg-common = { path = "../common/cosmwasm-smart-contracts/coconut-dkg" }
nym-compact-ecash = { path = "../common/nym_offline_compact_ecash" }
nym-credentials-interface = { path = "../common/credentials-interface" }
#nym-ephemera-common = { path = "../common/cosmwasm-smart-contracts/ephemera" }
nym-config = { path = "../common/config" }
cosmwasm-std = { workspace = true }
+1
View File
@@ -24,6 +24,7 @@ ecdsa = { version = "0.16", features = ["serde"] }
nym-credentials-interface = { path = "../../common/credentials-interface" }
nym-crypto = { path = "../../common/crypto", features = ["serde", "asymmetric"] }
nym-compact-ecash = { path = "../../common/nym_offline_compact_ecash" }
nym-mixnet-contract-common = { path = "../../common/cosmwasm-smart-contracts/mixnet-contract" }
nym-node-requests = { path = "../../nym-node/nym-node-requests", default-features = false }
@@ -187,11 +187,11 @@ impl FreePassRequest {
#[derive(Serialize, Deserialize)]
pub struct VerificationKeyResponse {
pub key: VerificationKey,
pub key: VerificationKeyAuth,
}
impl VerificationKeyResponse {
pub fn new(key: VerificationKey) -> VerificationKeyResponse {
pub fn new(key: VerificationKeyAuth) -> VerificationKeyResponse {
VerificationKeyResponse { key }
}
}
+10 -10
View File
@@ -4,10 +4,10 @@
use crate::coconut::error::Result;
use crate::nyxd;
use crate::support::nyxd::ClientInner;
use nym_coconut::VerificationKey;
use nym_coconut_dkg_common::types::{Epoch, EpochId};
use nym_credentials::coconut::utils::obtain_aggregate_verification_key;
use nym_validator_client::coconut::all_coconut_api_clients;
use nym_compact_ecash::VerificationKeyAuth;
use nym_credentials::obtain_aggregate_verification_key;
use nym_validator_client::coconut::all_ecash_api_clients;
use nym_validator_client::nyxd::contract_traits::DkgQueryClient;
use std::cmp::min;
use std::collections::HashMap;
@@ -18,7 +18,7 @@ use tokio::sync::RwLock;
#[async_trait]
pub trait APICommunicationChannel {
async fn current_epoch(&self) -> Result<EpochId>;
async fn aggregated_verification_key(&self, epoch_id: EpochId) -> Result<VerificationKey>;
async fn aggregated_verification_key(&self, epoch_id: EpochId) -> Result<VerificationKeyAuth>;
}
struct CachedEpoch {
@@ -63,7 +63,7 @@ impl CachedEpoch {
pub(crate) struct QueryCommunicationChannel {
nyxd_client: nyxd::Client,
epoch_keys: RwLock<HashMap<EpochId, VerificationKey>>,
epoch_keys: RwLock<HashMap<EpochId, VerificationKeyAuth>>,
cached_epoch: RwLock<CachedEpoch>,
}
@@ -99,18 +99,18 @@ impl APICommunicationChannel for QueryCommunicationChannel {
return Ok(guard.current_epoch_id);
}
async fn aggregated_verification_key(&self, epoch_id: EpochId) -> Result<VerificationKey> {
async fn aggregated_verification_key(&self, epoch_id: EpochId) -> Result<VerificationKeyAuth> {
if let Some(vk) = self.epoch_keys.read().await.get(&epoch_id) {
return Ok(vk.clone());
}
let mut guard = self.epoch_keys.write().await;
let coconut_api_clients = match self.nyxd_client.read().await.deref() {
ClientInner::Query(client) => all_coconut_api_clients(client, epoch_id).await?,
ClientInner::Signing(client) => all_coconut_api_clients(client, epoch_id).await?,
let ecash_api_clients = match self.nyxd_client.read().await.deref() {
ClientInner::Query(client) => all_ecash_api_clients(client, epoch_id).await?,
ClientInner::Signing(client) => all_ecash_api_clients(client, epoch_id).await?,
};
let vk = obtain_aggregate_verification_key(&coconut_api_clients)?;
let vk = obtain_aggregate_verification_key(&ecash_api_clients)?;
guard.insert(epoch_id, vk.clone());
+3 -3
View File
@@ -475,8 +475,8 @@ pub(crate) mod tests {
dealers_fixtures, test_rng, TestingDkgControllerBuilder,
};
use crate::coconut::tests::helpers::unchecked_decode_bte_key;
use nym_coconut::{ttp_keygen, Parameters};
use nym_coconut_dkg_common::types::DealerRegistrationDetails;
use nym_compact_ecash::{setup::GroupParameters, ttp_keygen};
use nym_dkg::bte::PublicKeyWithProof;
#[tokio::test]
@@ -619,7 +619,7 @@ pub(crate) mod tests {
let epoch = 1;
let mut keys = ttp_keygen(&Parameters::new(4).unwrap(), 3, 4).unwrap();
let mut keys = ttp_keygen(&GroupParameters::new(), 3, 4).unwrap();
let coconut_keypair = KeyPair::new();
coconut_keypair
.set(KeyPairWithEpoch::new(keys.pop().unwrap(), epoch))
@@ -676,7 +676,7 @@ pub(crate) mod tests {
let epoch = 1;
let mut keys = ttp_keygen(&Parameters::new(4).unwrap(), 3, 4).unwrap();
let mut keys = ttp_keygen(&GroupParameters::new(), 3, 4).unwrap();
let coconut_keypair = KeyPair::new();
coconut_keypair
.set(KeyPairWithEpoch::new(keys.pop().unwrap(), epoch - 1))
+17 -12
View File
@@ -10,10 +10,11 @@ use crate::coconut::keys::KeyPairWithEpoch;
use crate::coconut::state::bandwidth_credential_params;
use cosmwasm_std::Addr;
use log::debug;
use nym_coconut::KeyPair as CoconutKeyPair;
use nym_coconut::{check_vk_pairing, Base58, SecretKey, VerificationKey};
use nym_coconut_dkg_common::event_attributes::DKG_PROPOSAL_ID;
use nym_coconut_dkg_common::types::{DealingIndex, EpochId, NodeIndex};
use nym_compact_ecash::scheme::keygen::SecretKeyAuth;
use nym_compact_ecash::utils::check_vk_pairing;
use nym_compact_ecash::{Base58, KeyPairAuth, VerificationKeyAuth};
use nym_dkg::{
bte::{self, decrypt_share},
combine_shares, try_recover_verification_keys, Dealing,
@@ -75,7 +76,7 @@ impl<R: RngCore + CryptoRng> DkgController<R> {
dealer: &Addr,
epoch_receivers: &BTreeMap<NodeIndex, bte::PublicKey>,
raw_dealings: HashMap<DealingIndex, Vec<u8>>,
prior_public_key: Option<VerificationKey>,
prior_public_key: Option<VerificationKeyAuth>,
) -> Result<Result<Vec<(DealingIndex, Dealing)>, DealerRejectionReason>, KeyDerivationError>
{
let threshold = self.state.threshold(epoch_id)?;
@@ -155,7 +156,7 @@ impl<R: RngCore + CryptoRng> DkgController<R> {
&self,
epoch_id: EpochId,
dealer: &Addr,
) -> Result<Option<VerificationKey>, KeyDerivationError> {
) -> Result<Option<VerificationKeyAuth>, KeyDerivationError> {
let Some(previous_epoch) = epoch_id.checked_sub(1) else {
return Err(KeyDerivationError::ZerothEpochResharing);
};
@@ -176,7 +177,7 @@ impl<R: RngCore + CryptoRng> DkgController<R> {
// since this share appears as 'verified' on the chain, it means the consensus of dealers confirmed its validity
// and thus they must have been able to parse it, so the unwrap/expect here is fine
Ok(Some(
VerificationKey::try_from_bs58(&share.share)
VerificationKeyAuth::try_from_bs58(&share.share)
.expect("failed to deserialize VERIFIED key"),
))
}
@@ -424,8 +425,8 @@ impl<R: RngCore + CryptoRng> DkgController<R> {
// SAFETY:
// we know we had a non-empty map of dealings and thus, at the very least, we must have derived a single secret
// (i.e. the x-element)
let sk = SecretKey::create_from_raw(derived_x.unwrap(), derived_secrets);
let derived_vk = sk.verification_key(bandwidth_credential_params());
let sk = SecretKeyAuth::create_from_raw(derived_x.unwrap(), derived_secrets);
let derived_vk = sk.verification_key(bandwidth_credential_params().grp());
// make the key we derived out of the decrypted shares matches the partial key
// (cryptographically there shouldn't be any reason for the mismatch,
@@ -436,21 +437,25 @@ impl<R: RngCore + CryptoRng> DkgController<R> {
.derived_partials_for(receiver_index)
.ok_or(KeyDerivationError::NoSelfPartialKey { receiver_index })?;
if !check_vk_pairing(bandwidth_credential_params(), &derived_partial, &derived_vk) {
if !check_vk_pairing(
bandwidth_credential_params().grp(),
&derived_partial,
&derived_vk,
) {
// can't do anything, we got all dealings, we derived all keys, but somehow they don't match
error!("our derived key does not match the expected partials!");
return Ok(Err(DerivationFailure::MismatchedPartialKey));
}
Ok(Ok(KeyPairWithEpoch::new(
CoconutKeyPair::from_keys(sk, derived_vk),
KeyPairAuth::from_keys(sk, derived_vk),
epoch_id,
)))
}
async fn submit_partial_verification_key(
&self,
key: &VerificationKey,
key: &VerificationKeyAuth,
resharing: bool,
) -> Result<u64, KeyDerivationError> {
fn extract_proposal_id_from_logs(
@@ -558,7 +563,7 @@ impl<R: RngCore + CryptoRng> DkgController<R> {
debug!("we have already generated keys for this epoch but failed to send them to the contract");
let proposal_id = self
.submit_partial_verification_key(keys.keys.verification_key(), resharing)
.submit_partial_verification_key(&keys.keys.verification_key(), resharing)
.await?;
Ok(Some(proposal_id))
} else {
@@ -657,7 +662,7 @@ impl<R: RngCore + CryptoRng> DkgController<R> {
}
let proposal_id = self
.submit_partial_verification_key(coconut_keypair.keys.verification_key(), resharing)
.submit_partial_verification_key(&coconut_keypair.keys.verification_key(), resharing)
.await?;
self.state.set_coconut_keypair(coconut_keypair).await;
+8 -4
View File
@@ -6,9 +6,9 @@ use crate::coconut::error::CoconutError;
use crate::coconut::state::bandwidth_credential_params;
use cosmwasm_std::Addr;
use cw3::Vote;
use nym_coconut::{check_vk_pairing, Base58, VerificationKey};
use nym_coconut_dkg_common::types::EpochId;
use nym_coconut_dkg_common::verification_key::ContractVKShare;
use nym_compact_ecash::{utils::check_vk_pairing, Base58, VerificationKeyAuth};
use rand::{CryptoRng, RngCore};
use std::collections::HashMap;
use thiserror::Error;
@@ -45,7 +45,7 @@ pub enum ShareRejectionReason {
epoch_id: EpochId,
owner: Addr,
#[source]
source: nym_coconut::CoconutError,
source: nym_compact_ecash::error::CompactEcashError,
},
#[error("did not derive partial keys for {owner} at index {receiver_index} for epoch {epoch_id} during the dealings exchange")]
@@ -95,7 +95,7 @@ impl<R: RngCore + CryptoRng> DkgController<R> {
};
// attempt to recover the underlying key from its bs58 representation
let recovered_key = match VerificationKey::try_from_bs58(share.share) {
let recovered_key = match VerificationKeyAuth::try_from_bs58(share.share) {
Ok(key) => key,
Err(source) => {
return reject(ShareRejectionReason::MalformedKeyEncoding {
@@ -119,7 +119,11 @@ impl<R: RngCore + CryptoRng> DkgController<R> {
});
};
if !check_vk_pairing(bandwidth_credential_params(), &self_derived, &recovered_key) {
if !check_vk_pairing(
bandwidth_credential_params().grp(),
&self_derived,
&recovered_key,
) {
return reject(ShareRejectionReason::InconsistentKeys {
epoch_id,
owner,
+1 -1
View File
@@ -24,7 +24,7 @@ mod tests {
derive_keypairs, exchange_dealings, finalize, init_chain, initialise_controller,
initialise_dkg, submit_public_keys, validate_keys,
};
use nym_coconut::aggregate_verification_keys;
use nym_compact_ecash::aggregate_verification_keys;
#[tokio::test]
#[ignore] // expensive test
+8 -8
View File
@@ -1,8 +1,8 @@
// Copyright 2022-2024 - Nym Technologies SA <contact@nymtech.net>
// SPDX-License-Identifier: GPL-3.0-only
use nym_coconut::VerificationKey;
use nym_coconut_dkg_common::types::EpochId;
use nym_compact_ecash::VerificationKeyAuth;
use nym_dkg::Scalar;
use std::sync::atomic::{AtomicBool, Ordering};
use std::sync::Arc;
@@ -19,12 +19,12 @@ pub struct KeyPair {
#[derive(Debug)]
pub struct KeyPairWithEpoch {
pub(crate) keys: nym_coconut::KeyPair,
pub(crate) keys: nym_compact_ecash::KeyPairAuth,
pub(crate) issued_for_epoch: EpochId,
}
impl KeyPairWithEpoch {
pub(crate) fn new(keys: nym_coconut::KeyPair, issued_for_epoch: EpochId) -> Self {
pub(crate) fn new(keys: nym_compact_ecash::KeyPairAuth, issued_for_epoch: EpochId) -> Self {
KeyPairWithEpoch {
keys,
issued_for_epoch,
@@ -64,11 +64,11 @@ impl KeyPair {
}
}
pub async fn verification_key(&self) -> Option<RwLockReadGuard<'_, VerificationKey>> {
RwLockReadGuard::try_map(self.get().await?, |maybe_keypair| {
maybe_keypair.as_ref().map(|k| k.keys.verification_key())
})
.ok()
pub async fn verification_key(&self) -> Option<VerificationKeyAuth> {
self.get()
.await?
.as_ref()
.map(|k| k.keys.verification_key())
}
pub async fn read_keys(&self) -> RwLockReadGuard<'_, Option<KeyPairWithEpoch>> {
+7 -7
View File
@@ -3,17 +3,17 @@
use crate::coconut::keys::KeyPairWithEpoch;
use crate::coconut::state::bandwidth_credential_params;
use nym_coconut::{CoconutError, KeyPair, SecretKey};
use nym_coconut_dkg_common::types::EpochId;
use nym_compact_ecash::{error::CompactEcashError, scheme::keygen::SecretKeyAuth, KeyPairAuth};
use nym_pemstore::traits::PemStorableKey;
use std::mem;
impl PemStorableKey for KeyPairWithEpoch {
// that's not the best error for this, but it felt like an overkill to define a dedicated struct just for this purpose
type Error = CoconutError;
type Error = CompactEcashError;
fn pem_type() -> &'static str {
"COCONUT KEY WITH EPOCH"
"COCONUT KEY WITH EPOCH" // avoid the invalidation of already present key
}
fn to_bytes(&self) -> Vec<u8> {
@@ -24,7 +24,7 @@ impl PemStorableKey for KeyPairWithEpoch {
fn from_bytes(bytes: &[u8]) -> Result<Self, Self::Error> {
if bytes.len() <= mem::size_of::<EpochId>() {
return Err(CoconutError::Deserialization(
return Err(CompactEcashError::Deserialization(
"insufficient number of bytes to decode secret key with epoch id".into(),
));
}
@@ -32,11 +32,11 @@ impl PemStorableKey for KeyPairWithEpoch {
bytes[0], bytes[1], bytes[2], bytes[3], bytes[4], bytes[5], bytes[6], bytes[7],
]);
let sk = SecretKey::from_bytes(&bytes[mem::size_of::<EpochId>()..])?;
let vk = sk.verification_key(bandwidth_credential_params());
let sk = SecretKeyAuth::from_bytes(&bytes[mem::size_of::<EpochId>()..])?;
let vk = sk.verification_key(bandwidth_credential_params().grp());
Ok(KeyPairWithEpoch {
keys: KeyPair::from_keys(sk, vk),
keys: KeyPairAuth::from_keys(sk, vk),
issued_for_epoch: epoch_id,
})
}
+2 -2
View File
@@ -9,9 +9,9 @@ use crate::coconut::dkg::state::State;
use crate::coconut::keys::KeyPair;
use crate::coconut::tests::{DummyClient, SharedFakeChain};
use cosmwasm_std::Addr;
use nym_coconut::VerificationKey;
use nym_coconut_dkg_common::dealer::DealerRegistrationDetails;
use nym_coconut_dkg_common::types::{DealerDetails, EpochId};
use nym_compact_ecash::VerificationKeyAuth;
use nym_crypto::asymmetric::identity;
use nym_dkg::bte::keys::KeyPair as DkgKeyPair;
use nym_dkg::{NodeIndex, Threshold};
@@ -276,7 +276,7 @@ impl TestingDkgController {
Addr::unchecked(self.address().await.as_ref())
}
pub(crate) async fn unchecked_coconut_vk(&self) -> VerificationKey {
pub(crate) async fn unchecked_coconut_vk(&self) -> VerificationKeyAuth {
self.state
.unchecked_coconut_keypair()
.await
+1 -1
View File
@@ -5,7 +5,7 @@ use crate::node_status_api::models::ErrorResponse;
use crate::status::ApiStatusState;
use nym_api_requests::models::{ApiHealthResponse, SignerInformationResponse};
use nym_bin_common::build_information::BinaryBuildInformationOwned;
use nym_coconut::Base58;
use nym_compact_ecash::Base58;
use rocket::http::Status;
use rocket::serde::json::Json;
use rocket::State;