All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog.
At the moment this project does not adhere to Semantic Versioning.
- In #1104 the
/validator/rotate_network_key
endpoint was renamed torotate_network_key
- In #1109, the
MaxPendingAttestations
config type, theValidationQueue
storage structure, and theNodeInfoChanged
event were removed from the Staking Extension pallet. TheAttestationHandler
config type was added to the Staking Extension pallet. TheKeyProvider
andAttestationQueue
config types were removed from the Attestation pallet. - In #1068 an extra type
PckCertChainVerifier
was added to the staking extension pallet'sConfig
trait. - In #1123 the
change_endpoint()
andchange_threshold_accounts()
extrinsics got new TDXquote
related parameters added. - In #1134 the
--no-sync
option was removed. - In #1153 the program runtime was updated to accept multiple oracle inputs, this means any programs that were compiled and used need to be recompiled to the new runtime
- In #1128 mnemonics can no longer be passed
in to
entropy-tss
via the--mnemonic
command line argument, a file, or an environment variable. Instead they are randomly generated internally and can be retrieved with the/info
HTTP route. - In #1179 the format of TDX Quote input data has been changed.
- In #1147 a field is added to the
chainspec:
jump_started_signers
which allows the chain to be started in a pre-jumpstarted state for testing. If this is not desired it should be set toNone
. - In #1209 the
validate
andchange_threshold_accounts
extrinsics no longer take a PCK certificate chain. Rather, the certificate chain is extracted from the provided quote. The test CLIchange-threshold-accounts
command also no longer takes a PCK certificate chain.
- In #1128 an
/info
route was added toentropy-tss
which can be used to get the TSS account ID and x25519 public key. - Protocol message versioning (#1140)
- CLI command to get oracle headings (#1170)
- Add TSS endpoint to get TDX quote (#1173)
- Add TDX test network chainspec (#1204)
- Test CLI command to retrieve quote and change endpoint / TSS account in one command (#1198)
- On-chain unresponsiveness reporting (#1215)
- Use correct key rotation endpoint in OCW (#1104)
- Change attestation flow to be pull based (#1109)
- Handle PCK certificates (#1068)
- Add quote guards to
ServerInfo
related extrinsics (#1123) - Remove declare synced (#1134)
- Update programs to accept multiple oracle data (#1153)
- Use context, not block number in TDX quote input data (#1179)
- Allow offchain worker requests to all TSS nodes in entropy-tss test environment (#1147)
- Extract PCK certificate chain from quotes (#1209)
- Reshare in a spawned task and fix propagation pallet rotate keyshares endpoint lookup key (#1185)
0.3.0 - 2024-10-22
- In #799 the concept of subgroups was removed in favour of a single pool of signers.
- In #801 permissioned access mode was removed.
- In #879 the network migrated from N-of-N
cryptography to
t-of-N
cryptography. - In #938, the chainspec got a couple of new
fields,
pallet_staking_extension::initial_signers
,pallet_parameters::total_signers
, andpallet_parameters::threshold
, which are used to set up the initial threshold signing configuration for the network. - In #1030, the registration flow got
cleaned up. A lot of storage entries, events, and extrinsics were removed from the
Registry
pallet. The genesis build config was also removed. Additionally, thenew/user/
HTTP endpoint in the TSS was removed since it was no longer necessary. - In #1031, more Staking calls were blocked
to go through the
staking_extention
pallet. This makes sure no funds can be unbonded from a validator if they are currently in the signing comittee. This was applied tounbond
,chill
, andwithdraw_unbonded
- In #1045,
ProgramsInfo
now takesversion_number
to maintain backwards compatibility if programs runtime is updated - In #1050, the flow for signing has changed.
A user now sends their request to any validator that is not a signer. This will act as a relayer.
As such,
UserSignatureRequest
no longer requires thevalidators_info
field since the the relayer adds that in after. The response received from the validator is now aVec<Responses>
from the signers. - In #1051 an extra field representing a provisioning certification key (PCK)
was added to the Staking Extension's
threshold_server
genesis configuration in the network chainspecs. - In #1063 the
pallet_staking_extension::validate()
extrinsic was changed so that in order to populate certain data structures related to a candidates state (namelyThresholdToStash
andThresholdServer
) an attestation from the Attestation pallet must have been received. Success of thevalidate()
extrinsic does not mean the caller is a candidate or validator. - In #1086
Eve
was removed as a validator from thedevnet-local
chainspec and replaced withCharlie
.
- Jumpstart network (#918)
- Add Signer groups and rotation (#938)
- Split jumpstart and register flows (#952)
- New on-chain registration flow (#955)
- Reshare confirmation (#965)
- Set inital signers (#971)
- Add parent key threshold dynamically (#974)
- Signing flow with derived accounts (#990)
- TSS attestation endpoint (#1001)
- Attestation pallet (#1003)
- Add
network-jumpstart
command toentropy-test-cli
(#1004) - Update test CLI for new registration and signing flows (#1008)
- Add remove program function to entropy-client (#1023)
- Select validators for jumpstart DKG #1053)
- Add a programs version (#1045)
- Handle Provisioning Certification Keys (PCKs) (#1051)
- Block tss chain when signer (#1078)
- Migrate to threshold signing (#800)
- Use t of n signing in
entropy-tss
(#879) - Fix TSS
AccountId
keys in chainspec (#993) - No unbonding when signer or next signer (#1031)
- Add relay tx endpoint (#1050)
- Trigger attestation check during validate (#1063)
- Add fourth node to
devnet-local
configuration (#1086)
- Remove subgroups (#799)
- Remove permission from chain (#801)
- Remove
prune_registration
extrinsic (#1022) - Remove
confirm_registered
extrinsic (#1025) - Remove old registration flow (#1030)
0.2.0 - 2024-07-11
- In #853 the responsibility of generating a
TSS mnemonic was shifted to operators, which can be done using the
--mnemonic
flag during process startup. This also allows operators to back up the mnemonic for their TSS. - In #856 a new flag,
--mnemonic-option
, and environment variableDEPLOYER_MNEMONIC
, were added to theentropy-test-cli
as ways to indicate which account to use during registration. This replaces having an account name or mnemonic directly in the command invocation. - In #866 timestamp was removed from
UserSignatureRequest
and replaced with block_number. Thus check_stale now uses block_number for stale checks - In #881 the
HashingAlgorithm
enum is given an additional variantBlake2_256
and marked asnon_exhaustive
meaning we must handle the case that an unknown variant is added in the future. - In #900 the subgroup signer selection was sorted to ensure a predicatble order across libraries, languages and clients.
- In #901 the network's currency units were
changed. This resulted in a change to the existential deposit as well as balances of endowed
accounts (e.g development accounts like
//Alice
).
- Add a way to change program modification account (#843)
- Add support for
--mnemonic-file
andTHRESHOLD_SERVER_MNEMONIC
(#864) - Add validator helpers to cli (#870)
- Add
blake2
as built in hash function and makeHashingAlgorithm
non-exhaustive (#881) - Add sort to subgroup signer selection (#900)
- Create four node Docker Compose chainspec (#902)
- Oracle data integration (#922)
- Move TSS mnemonic out of keystore (#853)
- Prepare test CLI for use in Programs repo (#856)
- Replace timestamp with block number (#866)
- Change currency units (#901)
0.1.0 - 2024-05-20
This is the first publicly available version of Entropy 🥳
There aren't a lot of new features compared to the v0.12.0
release. However, one exciting addition
is that crates related to the threshold server (entropy-tss
) are now published on crates.io.
- Make full version of entropy-client possible to compile on wasm (#816)
- Remove certain endowed accounts from chain (#819)
- Updates for test-cli before publishing and to work nicely with v0.0.12 (#830)
- Fix
Account Deserialization
error from verifying key mismatch (#831)
0.0.12 - 2024-05-02
- #788 'Integrate oracle to programs' the
programs::set_program
extrinsic now takes an additional argumentoracle_data_pointer
of typeVec<u8>
(Uint8Array
on JS). Since oracles are not completely implemented this should be passed an empty vector/array. - In #762 'Update Substrate to Polkadot 1.7.0' the genesis chainspec builder has been updated for sc_service 0.36.0, which affects both the runtime and chainspec.
- In #709 'Derive the threshold account
keypair and x25519 keypair from mnemonic using HKDF' the JS
entropy-protocol
bindings have changed.Hpke.DecryptAndVerify
now takes a secret x25519 encryption key rather than a secret sr25519 signing key. TherunDkgProtocol
andrunSigningProtocol
functions now both take a secret x25519 key as an additional argument, since these are no longer derived from the given signing secret key. Similarly in the rust API,EncryptedSignedMessage
no longer derives x25519 keypairs internally and so the decrypt method now takes a x25519 secret key. Also, the method by which keypairs are derived from a mnemonic has changed, which means existing validators x25119 and sr25519 keypairs will be different what they were before. This includes the test accounts in the chainspec.
- Derive the threshold account keypair and x25519 keypair from mnemonic using HKDF (#709)
- TSS servers sync by default (#784)
- Improve test-cli following removal of permissioned mode (#770)
0.0.11 - 2024-04-XX
- In #623, 'Public Access Mode', the
UserSignatureRequest
given when requesting a signature with the 'sign_tx' http endpoint must now contain an additional field,signature_request_account: AccountId32
. In private and permissioned modes, this must be identical to the account used to sign theSignedMessage
containing the signature request. In public access mode this may be an Entropy account owned by someone else. - In #629, 'Add proactive refresh keys on-chain',
the
StakingExtensionConfig::proactive_refresh_validators
field used by the chain spec is nowStakingExtensionConfig::proactive_refresh_data
and takes a tuple ofVec
. Both should be empty at genesis for production. - In #631, the
config_interface
field ofProgramInfo
was renamed tointerface_description
to be more semantically accurate. This field will now be used to describe program interfaces, including the auxilary and configuration interfaces of the program. - In #658,
RegisteredInfo
andRegisteringDetails
now containversion_number
. As wellKeyVersionNumber
was added as a config parameter to theRelayer
pallet. - In #659, the Staking Extension pallet's
validate
extrinsic changed to take aServerInfo
struct instead of individual fields. - In #660, if too many request are sent
for signing by a user in a block the TSS will reject them. The chainspec now has an added field
for the new Parameters pallet, which itself has a
request_limit
field. - In #661, the Relayer pallet was renamed to the Registry pallet as this better describes the purpose of the pallet.
- In #662, the Free Transaction pallet was removed.
- In #666, Permissioned access type was
removed to be handled by a program. Also in
registered
sig_request_key
as the key for the struct was replaced byverifying_key
. This meansverifying_key
was removed from theregistered
struct. - In #678, the Registry pallet's
get_validator_info()
public method stopped returning the validator index - In #680, a new genesis config entry was
added for the Programs pallet. This entry,
initial_programs
, is a list of tuples which contains information (hash
,bytecode
,config
,auxiliary data
) about what programs to have on chain during genesis. - In #681
program_interface
inprogram_data
of thePrograms
pallet has been split intoconfiguration_schema
andauxiliary_data_schema
- In #674, 'Add HPKE implementation',
entropy-protocol
'sSignedMessage
has been replaced byEncryptedSignedMessage
which has some small API differences:derive_static_secret
was renamed toderive_x25519_static_secret
, and in theentropy-protocol
JS module the subclass dealing with encryption has been renamed fromX25519Chacha20Poly1305
toHpke
. The JS API is otherwise the same as before. - In #703 a new genesis config parameter for
the Parameters pallet was added,
max_instructions_per_program
.
- Add ValidatorSubgroupRotated event (#618)
- Public access mode (#623)
- Emit events on TSS server errors (#625)
- Add direct query for a validator's subgroup (#642)
- Add version number to registered (#658)
- Request limit check (#660)
- Add helper for checking if a validator is in the signing committee (#678)
- Note unresponsiveness reports in Slashing pallet (#679)
- Add device key program to initial chainstate (#680)
- Add aux data to program info (#681)
- Add HPKE implementation (#674)
- Add max instructions parameters onchain (#703)
- Test CLI - dont send hardcoded auxiliary data by default when signing (#614)
- Add proactive refresh keys on-chain (#629)
- Rename ProgramInfo.config_interface to interface_description (#631)
- Change test-cli default access mode and update readme for recent changes (#643)
- Add additional checks to TSS server's
/user/receive_key
endpoint (#655) - Disallow using existing TSS account IDs in Staking pallet (#657)
- Clean ups around Staking Extension's
validate()
extrinsic (#659) - Rename
pallet_relayer
topallet_registry
(#661) - Remove permissioned access type (#666)
- Use SessionID in shared randomness (#676)
- Derive the threshold account keypair and x25519 keypair from mnemonic using HKDF
- Remove
pallet-free-tx
(#662)
0.0.10 - 2024-01-24
A lot of the changes introduced in this release are program related.
The workflow around having to upload a program during registration is gone. Instead users can register with programs which have previously been uploaded on-chain by providing the hash of the program they want to use.
When registering a user can also customize the behaviour of their chosen program through the new program configuration feature.
If a single program doesn't provide enough functionality, now users can register with multiple programs. During signature generation all of these programs will be executed. Only if all of them run succesfully then a signature is produced.
Finally, users are now able to indicate which hashing algorithm they would like to use during the signing step. We provide some common ones out of the box, but custom user-provided hashing algorithms are also supported.
- In #561 several crates were renamed in
order to ensure consistent naming across the repo. The most impactful of these is that the
server
binary is now theentropy-tss
binary. From this it follows that the Docker images previously published underentropyxyz/server
are now being published underentropyxyz/entropy-tss
. - In #536 the registration interface was
changed to accept a pointer to a program. Programs are now expected to be uploaded using the
Programs::set_program
extrinsic.- The
Programs::update_program
extrinsic has been removed and replaced withset_program
andremove_program
- The
Relayer::register
extrinsic now takes a list ofprogram_pointer
instead of aninitial_program
- The
Relayer::AllowedToModifyProgram
storage struct and accompanying getter,sig_req_accounts
, was removed - The
Programs::Bytecode
storage struct and accompanying getter,bytecode
, was removed and replaced with thePrograms
storage struct - The
Programs::ProgramUpdated
event was removed and replaced with theProgramCreated
andProgramRemoved
events - A new Programs configuration parameter,
MaxOwnedPrograms
, was added
- The
- In #549, when executing the signing
protocol on the client-side, a
sig-uid
no longer needs to be given as an argument - In #566 the Wasm API to
entropy-protocol
was changed to usecamelCase
function names. - In #563 the Wasm API to functions formerly
in the
x25515chacha20poly1305
repository was changed to usecamelCase
function names. - In #568 the registration and program update
interfaces were changes to accept a vector of program hashes.
- A new Relayer configuration parameter,
MaxProgramHashes
, was added - The
Relayer::Registered
storage struct was changed to contain a list ofprogram_pointers
- A new Relayer configuration parameter,
- In #577
- the auxilary program data is now expected to be in a vector. This order of the auxilary data should match the order of the programs that are being registered.
- In #592 the
local-devnet
chain-type was renamed todevnet-local
. Additionally, the default chain type when none is specified is nowdev
instead oflocal
. - In #593 the programs interface was changed to accept a program configuration interface. This allows an uploaded program to be configured differently by different users.
- In #604, the
program_modification_account
term used in the Programs pallet was changed todeployer
. This better reflects the purpose of this account.
- Test CLI which calls the same code as in integration tests (#417)
- Pointer for Programs (#536)
- Add password file option (#555)
- Include contents of x25515chacha20poly1305 repo in entropy-protocol (#563)
- Custom Hashing Algorithms (#553)
- Add ref counter to programs (#585)
- Add
--setup-only
flag (#588) - Add --version flag and about field to TSS (#590)
- Program config storage (#593)
- Add a hashes endpoint (#600)
- Public access mode (#623)
- Crate name refactor (#561)
- Only run wasm integration tests when a feature is enabled (#565)
- Protocol sessions are now identified by a
SessionID
type rather than aString
(#549) - Change bip39 implementation (#562)
- Additive programs (#568)
- Additional
hash
field in/sign_tx
JSON body indicates which hashing algorithm to use for signing (#553) - Additive aux data (#577)
- Refactor Rust-based chain specs (#592)
- Fix test CLI for additive program pointers and update / refactor tests (#591)
- Change
program_modification_account
toprogram_deploy_key
(#604)
- Fix inconsistency between interactive and file based passwords (#589)
- Remove pallet-helpers (#581)
0.0.9 - 2023-11-30
Some of the noteworthy changes related to this release are related to better integration in Web Assembly contexts, and improvements to logging for the Threshold Signature Server.
Certain key components related to distributed key generation (DKG) are now able to be compiled to Wasm. This opens up the possiblity for users to participate in DKG themselves from the browser!
There are changes around how logging in the server
binary is done. When running the binary users
can now choose the type of output they would like to see (e.g --logger json
), and can even send
their logs to a Loki server (--loki
) for aggregation and
visualization.
- In #475, in the JSON body of the
/sign_tx
endpoint thepreimage
field has been renamed tomessage
. It remains a hex-encodedstring
.
- Wasm bindings for user to participate in DKG and signing protocols (#414)
- Auxiliary data for program evaluation (#475)
- Add a keyshare type for wasm which wraps
synedrion::KeyShare
(#512) - Add versioning to server (#516)
- Cross-compile for
linux/arm64
and push multi-platform Docker images. (#518) - Allow logger to be configured from CLI (#520)
- Add
bunyan
JSON formatter (#524) - Add Loki logging layer (#528)
- Validate proactive refresh endpoint (#483)
- No proactive refresh on private key visibility (#485)
- Use bincode rather than JSON for protocol and subscribe messages (#492)
- Allow big protocol messages (#495)
- Change
SocketAddr
type forString
(#496) - Partition proactive refresh (#504)
- Add
#[tracing::instrument]
macro to routes (#515) - Make
server
a library, and add integration test for testing protocol crate on wasm (#517) - Remove subxt-signer from server and entropy-protocol (#526)
ec-runtime
now errors for zero-sized programs (#529)entropy-protocol
- polkadot-js compatible sr25519 key generation for wasm API (#533)
- Return package version instead of rustc version (#523)
0.0.8 - 2023-11-06
There are a few breaking changes in this release, mostly related to the APIs around Programs (formerly Constraints).
Some notables changes introduced in #428, #433, and #451 are:
- The Constraint pallet's
update_v2_constraints
extrinsic has been renamed toupdate_program
.- The extrinsic arguments remain unchanged
- The Constraint pallet's
ConstraintsV2Updated
event has been renamed toProgramUpdated
and now has two fields instead of a single tuple for its body - The Constraint pallet's
V2ConstraintLengthExceeded
error has been renamed toProgramLengthExceeded
- The Relayer pallet's
register
extrinsic now takes aVec<u8>
as a program instead of anOption<Contraints>
- The Constraints pallet has been renamed to the Programs pallet
- The
entropy-constraints
crate has been removed
- Separate
entropy-protocol
crate with protocol execution logic (#404) - Proactive refresh (#413)
- Write a Dockerfile that can build both
entropy
andserver
. (#430) - Developer experience improvements: SSH auth from workstations, entirely local "devnet" functionality with Compose (#434)
- Allow local host pass for offchain url (#443)
- Add way for validators to resolve diff verifying keys (#460)
- This introduces a new
FailedRegistration
event which might be of interest to consumers of this pallet.
- This introduces a new
- Add
prune_registration
extrinsic (#472)- Allows for accounts to be moved out of registering state (e.g if DKG fails).
- This introduces a new
RegistrationCancelled
event which might be of interest to consumers of this pallet.
- Replace outdated
--ws-external
with--rpc-external
(#424) - Ensure correct validator order by using ValidatorInfo from chain rather than from user (#425)
- Place
demo_offence
dispatchable behind root origin check (#426) - Update
pallet-relayer
to use Contraints V2 (#433) - Rename
pallet-constraints
topallet-programs
(#451) - Add way for validators to resolve diff verifying keys (#460)
- Fix socket address type (#469)
- Remove
is_swapping
from registration details (#437) - Remove V1 constraints from
pallet_constraints
(#428)
- Ensure correct validator order by using ValidatorInfo from chain rather than from user (#425)
- Take a storage deposit for programs during registration (#447)
0.0.7 - 2023-09-22
0.0.6 - 2023-09-15
- User can participate in DKG (second try) (#396)
- User can participate in signing (#379)
- Dkg (#381)
- Add noise handshake to websocket connections for signing protocol (#371)
- Working proof of concept for generated API docs automatically publishable to Vercel Project. (#373)
- Use websockets rather than server sent events for signing protocol messages (#364)
0.0.5 - 2023-06-23
- Feat: server deserializes and stores client tx reqs (#291)
- Fix toolchain version (#344)
- Fix signing (#306)
- Fix typos in readme (#276)
- Fix: fix sdk testing scripts to clean tss db (#283)
- Fix batch size error (#259)
- Refactor tests (#320)
- Refactor tests (#320)
- Refactor (#290)
- Refactor substrate-common to entropy-shared (#272)
- Replace Rocket with Axum (#358)
- Add curl examples to documentation of user-facing http API endpoint (#361)
- Improve doc comments relating to HTTP endpoints (#351)
- Set the Rust toolchain explicitly for this project. (#322)
/user/tx
validates user's constraints (#300)/user/tx
starts the signing process when user submits valid EVM Transaction Request (#299)- Validator key encryption (#267)
- Add function to rotate signing selectors (#263)
- Add more explicit expect errors (#264)
0.0.2-devnet - 2022-12-16
- Refactor: remove unused deps (#224)
- Add is syncing in (#254)
- Sig error refactor (#220)
- Upgrade Substrate to follow Polkadot releases (#207)
- Fix CI pipeline (#223)
- Add scripts for running devnet (#222)
- Fix CI pipeline (#223)
- Upgrade Substrate to follow Polkadot releases (#207)
- Fix tests (#170)
- Fix: refactor substrate<>client types; fix master (#155)
- Fix: solve unknown media type warning (#154)
- Fix non deterministic tests (#145)
- Fix benchmark builds (#60)
- Free TX - council can update free tx per era, fixed benchmarks (#177)
- CI speedups (#171)
- Crypto-signing-client: spec rest of flow & remove unnec. common crate (#166)
- Fix master -- misc warnings and errors not caught in previous PR's (#164)
- Fix master -- misc warnings and errors not caught in previous PR's (#164)
- Conditional ci (#152)
- Crypto comm manager (#153)
- fix non deterministic tests (#145)
- Add CircleCI configuration (#142)
- Add starter CircleCI configuration (#141)
- Clean up and DRY up CircleCI configuration (#143)
- Fix CircleCI config (#146)
- Add no_output_timeout: 45m (#148)
- Fix syntax on timeout clause (#149)
- Remove tofnd add kvdb (#147)
- Lint Crypto (#138)
- Austin retreat (#99)
- Crypto protospec (#84)
- store json key (#88)
- Crypto protospec (#89)
- Store keys (#90)
- cli separated (#92)