Derive the threshold account keypair and x25519 keypair from mnemonic using HKDF #709
Conversation
|
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
| } | ||
|
|
||
| /// For testing where we sometimes don't have access to the kvdb, derive directly from the mnemnic | ||
| #[cfg(test)] |
There was a problem hiding this comment.
can you move this to the bottom of the file plz
| @@ -63,17 +63,17 @@ pub mod tss_account_id { | |||
| /// The `DEFAULT_ALICE_MNEMONIC` is used to derive the following `AccountId`. | |||
| /// Mnemonic: "alarm mutual concert decrease hurry invest culture survey diagram crash snap click" | |||
| pub static ref ALICE: sp_runtime::AccountId32 = | |||
| super::hex!["e0543c102def9f6ef0e8b8ffa31aa259167a9391566929fd718a1ccdaabdb876"].into(); | |||
| super::hex!["306bdb49cbbe7104e3621abab3c9d31698b159f48dafe567abb7ea5d872ed329"].into(); | |||
There was a problem hiding this comment.
I get why the others are changing but why are these changing?
There was a problem hiding this comment.
They change because we now use the mnemonic as input for the key derivation function, and derive the sr25519 keypair from it. This means we can still recover both sr25519 and x25519 keypairs from the same mnemonic. We could keep these the same by continuing to use sr25519::Pair::from_phrase and also using the mnemonic as input to HKDF. But i'm not sure whether the auditors would like it.
| let sig_recovery = <sr25519::Pair as Pair>::verify( | ||
| &signing_result.clone().unwrap().1, | ||
| BASE64_STANDARD.decode(signing_result.unwrap().0).unwrap(), | ||
| &sr25519::Public(sk.public().0), | ||
| &sr25519::Public(TSS_ACCOUNTS[i].0), |
There was a problem hiding this comment.
oh ya, this is way less hacky lol
| @@ -24,25 +24,37 @@ lazy_static! { | |||
| pub static ref BOB_STASH_ADDRESS: AccountId32 = | |||
| hex!["fe65717dad0447d715f660a0a58411de509b42e6efb8375f562f58a554d5860e"].into(); // subkey inspect //Bob//stash | |||
| pub static ref TSS_ACCOUNTS: Vec<AccountId32> = vec![ | |||
| hex!["e0543c102def9f6ef0e8b8ffa31aa259167a9391566929fd718a1ccdaabdb876"].into(), | |||
| hex!["2a8200850770290c7ea3b50a8ff64c6761c882ff8393dc95fccb5d1475eff17f"].into() | |||
| hex!["306bdb49cbbe7104e3621abab3c9d31698b159f48dafe567abb7ea5d872ed329"].into(), | |||
There was a problem hiding this comment.
I mean same here, why are these changing
| ]; | ||
| pub static ref X25519_PUBLIC_KEYS: Vec<[u8; 32]> = vec
This addresses TOB-ENTROPY-13 by deriving both sr25519 and x25519 keypairs from a common secret, rather than one from the other.
It uses HKDF. TLDR - take a look at the functions in
helpers/validator- that is the important thing thats changed.