Releases: entropyxyz/entropy-core
v0.3.0
0.3.0 - 2024-10-22
This is 0.3.0
release of Core.
This release has a large portion of the non-TDX specific changes outlined in the
Tofino spec. More TDX specific features will come in 0.4.0
.
Notably, this includes changes like:
- Fully on-chain registration
- t-of-N signing instead of N-of-N signing
- The addition of the relayer role
- The removal of signing subgroups
- The removal of permissioned access mode
For more details take a look through the CHANGELOG
.
Docker Images
If you plan on using Docker images from this release, please use the following tags:
Published Crates
The crates from the crates/
subdirectory have been published on crates.io under the v0.3.0
version.
If you want to install the entropy-test-cli
for example, you can do so using the following command:
cargo install entropy-test-cli@0.3.0
Breaking Changes
- In #799 the concept of subgroups was removed in favour of a single pool of signers.
- In #801 permissioned access mode was removed.
- In #879 the network migrated from N-of-N cryptography to
t-of-N
cryptography. - In #938, the chainspec got a couple of new fields,
pallet_staking_extension::initial_signers
, pallet_parameters::total_signers
, andpallet_parameters::threshold
, which are used to set up
the initial threshold signing configuration for the network.- In #1030, the registration flow got cleaned up. A lot of storage entries, events, and extrinsics
were removed from theRegistry
pallet. The genesis build config was also removed. Additionally,
thenew/user/
HTTP endpoint in the TSS was removed since it was no longer necessary. - In #1031, more Staking calls were blocked to go through the
staking_extention
pallet. This makes
sure no funds can be unbonded from a validator if they are currently in the signing comittee. This
was applied tounbond
,chill
, andwithdraw_unbonded
- In #1045,
ProgramsInfo
now takesversion_number
to maintain backwards compatibility if programs
runtime is updated. - In #1050, the flow for signing has changed. A user now sends their request to any validator
that is not a signer. This will act as a relayer. As such,UserSignatureRequest
no longer
requires thevalidators_info
field since the the relayer adds that in after. The response
received from the validator is now aVec<Responses>
from the signers. - In #1051 an extra field representing a provisioning certification key (PCK)
was added to the Staking Extension'sthreshold_server
genesis configuration in the network
chainspecs. - In #1063 the
pallet_staking_extension::validate()
extrinsic was changed so that in order to
populate certain data structures related to a candidates state (namelyThresholdToStash
and
ThresholdServer
) an attestation from the Attestation pallet must have been received. Success of
thevalidate()
extrinsic does not mean the caller is a candidate or validator. - In #1086
Eve
was removed as a validator from thedevnet-local
chainspec and replaced withCharlie
.
Added
- Jumpstart network (#918)
- Add Signer groups and rotation (#938)
- Split jumpstart and register flows (#952)
- New on-chain registration flow (#955)
- Reshare confirmation (#965)
- Set inital signers (#971)
- Add parent key threshold dynamically (#974)
- Signing flow with derived accounts (#990)
- TSS attestation endpoint (#1001)
- Attestation pallet (#1003)
- Add
network-jumpstart
command toentropy-test-cli
(#1004) - Update test CLI for new registration and signing flows (#1008)
- Add remove program function to entropy-client (#1023)
- Select validators for jumpstart DKG #1053)
- Add a programs version (#1045)
- Handle Provisioning Certification Keys (PCKs) (#1051)
- Block tss chain when signer (#1078)
Changed
- Migrate to threshold signing (#800)
- Use t of n signing in
entropy-tss
(#879) - Fix TSS
AccountId
keys in chainspec (#993) - No unbonding when signer or next signer (#1031)
- Add relay tx endpoint (#1050)
- Trigger attestation check during validate (#1063)
- Add fourth node to
devnet-local
configuration (#1086)
Removed
v0.3.0-rc.1
0.3.0-rc.1 - 2024-10-04
This is the release candidate for the 0.3.0
release of Core.
This release has a large portion of the non-TDX specific changes outlined in the
Tofino spec. More TDX specific features will come in 0.4.0
.
Notably, this includes changes like:
- Fully on-chain registration
- t-of-N signing instead of N-of-N signing
- The addition of the relayer role
- The removal of signing subgroups
- The removal of permissioned access mode
For more details take a look through the CHANGELOG
.
Docker Images
If you plan on using Docker images from this release, please use the following tags:
Published Crates
The crates from the crates/
subdirectory have been published on crates.io under the v0.3.0-rc.1
version.
If you want to install the entropy-test-cli
for example, you can do so using the following command:
cargo install entropy-test-cli@0.3.0-rc.1
Breaking Changes
- In #799 the concept of subgroups was removed in favour of a single pool of signers.
- In #801 permissioned access mode was removed.
- In #879 the network migrated from t-of-N cryptography to
t-of-N
cryptography. - In #938, the chainspec got a couple of new fields,
pallet_staking_extension::initial_signers
, pallet_parameters::total_signers
, andpallet_parameters::threshold
, which are used to set up
the initial threshold signing configuration for the network.- In #1030, the registration flow got cleaned up. A lot of storage entries, events, and extrinsics
were removed from theRegistry
pallet. The genesis build config was also removed. Additionally,
thenew/user/
HTTP endpoint in the TSS was removed since it was no longer necessary. - In #1031, more Staking calls were blocked to go through the
staking_extention
pallet. This makes
sure no funds can be unbonded from a validator if they are currently in the signing comittee. This
was applied tounbond
,chill
, andwithdraw_unbonded
- In #1045,
ProgramsInfo
now takesversion_number
to maintain backwards compatibility if programs
runtime is updated. - In #1050, the flow for signing has changed. A user now sends their request to any validator
that is not a signer. This will act as a relayer. As such,UserSignatureRequest
no longer
requires thevalidators_info
field since the the relayer adds that in after. The response
received from the validator is now aVec<Responses>
from the signers. - In #1063 the
pallet_staking_extension::validate()
extrinsic was changed so that in order to
populate certain data structures related to a candidates state (namelyThresholdToStash
and
ThresholdServer
) an attestation from the Attestation pallet must have been received. Success of
thevalidate()
extrinsic does not mean the caller is a candidate or validator. - In #1086
Eve
was removed as a validator from thedevnet-local
chainspec and replaced withCharlie
.
Added
- Jumpstart network (#918)
- Add Signer groups and rotation (#938)
- Split jumpstart and register flows (#952)
- New on-chain registration flow (#955)
- Reshare confirmation (#965)
- Set inital signers (#971)
- Add parent key threshold dynamically (#974)
- Signing flow with derived accounts (#990)
- TSS attestation endpoint (#1001)
- Attestation pallet (#1003)
- Add
network-jumpstart
command toentropy-test-cli
(#1004) - Update test CLI for new registration and signing flows (#1008)
- Add remove program function to entropy-client (#1023)
- Select validators for jumpstart DKG #1053)
- Add a programs version (#1045)
- Handle Provisioning Certification Keys (PCKs) (#1051)
- Block tss chain when signer (#1078)
Changed
- Migrate to threshold signing (#800)
- Use t of n signing in
entropy-tss
(#879) - Fix TSS
AccountId
keys in chainspec (#993) - No unbonding when signer or next signer (#1031)
- Add relay tx endpoint (#1050)
- Trigger attestation check during validate (#1063)
- Add fourth node to
devnet-local
configuration (#1086)
Removed
v0.2.0
0.2.0 - 2024-07-11
Docker Images
If you plan on using Docker images from this release, please use the following tags:
Published Crates
The crates from the crates/
subdirectory have been published on crates.io under the v0.2.0
version.
If you want to install the entropy-test-cli
for example, you can do so using the following command:
cargo install entropy-test-cli@0.2.0
Breaking Changes
- In #853 the responsibility of generating a
TSS mnemonic was shifted to operators, which can be done using the--mnemonic
flag during
process startup. This also allows operators to back up the mnemonic for their TSS. - In #856 a new flag,
--mnemonic-option
,
and environment variableDEPLOYER_MNEMONIC
, were added to theentropy-test-cli
as ways to
indicate which account to use during registration. This replaces having an account name or
mnemonic directly in the command invocation. - In #866
timestamp
was removed from
UserSignatureRequest
and replaced with block_number. Thuscheck_stale now
usesblock_number
for
stale checks - In #881 the
HashingAlgorithm
enum is
given an additional variantBlake2_256
and marked asnon_exhaustive
meaning we must handle the
case that an unknown variant is added in the future. - In #900 the subgroup signer selection was
sorted to ensure a predicatble order across libraries, languages and clients. - In #901 the network's currency units were
changed. This resulted in a change to the existential deposit as well as balances of endowed
accounts (e.g development accounts like//Alice
).
Added
- Add a way to change program modification account (#843)
- Add support for
--mnemonic-file
andTHRESHOLD_SERVER_MNEMONIC
(#864) - Add validator helpers to cli (#870)
- Add
blake2
as built in hash function and makeHashingAlgorithm
non-exhaustive (#881) - Add sort to subgroup signer selection (#900)
- Create four node Docker Compose chainspec (#902)
Changed
v0.2.0-rc.1
0.2.0-rc.1 - 2024-06-26
Docker Images
If you plan on using Docker images from this release, please use the following tags:
Published Crates
The crates from the crates/
subdirectory have been published on crates.io under the v0.2.0-rc.1
version.
If you want to install the entropy-test-cli
for example, you can do so using the following command:
cargo install entropy-test-cli@0.2.0-rc.1
Breaking Changes
- In #853 the responsibility of generating a
TSS mnemonic was shifted to operators, which can be done using the--mnemonic
flag during
process startup. This also allows operators to back up the mnemonic for their TSS. - In #856 a new flag,
--mnemonic-option
,
and environment variableDEPLOYER_MNEMONIC
, were added to theentropy-test-cli
as ways to
indicate which account to use during registration. This replaces having an account name or
mnemonic directly in the command invocation. - In #866
timestamp
was removed from
UserSignatureRequest
and replaced with block_number. Thuscheck_stale now
usesblock_number
for
stale checks - In #881 the
HashingAlgorithm
enum is
given an additional variantBlake2_256
and marked asnon_exhaustive
meaning we must handle the
case that an unknown variant is added in the future. - In #900 the subgroup signer selection was
sorted to ensure a predicatble order across libraries, languages and clients.
Added
- Add a way to change program modification account (#843)
- Add support for
--mnemonic-file
andTHRESHOLD_SERVER_MNEMONIC
(#864) - Add validator helpers to cli (#870)
- Add
blake2
as built in hash function and makeHashingAlgorithm
non-exhaustive (#881) - Add sort to subgroup signer selection (#900)
- Create four node Docker Compose chainspec (#902)
Changed
v0.1.0
0.1.0 - 2024-05-20
This is the first publicly available version of Entropy 🥳
There aren't a lot of new features compared to the v0.12.0
release. However, one exciting addition
is that crates related to the threshold server (entropy-tss
) are now published on crates.io.
Docker Images
If you plan on using Docker images from this release, please use the following tags:
Published Crates
The crates from the crates/
subdirectory have been published on crates.io under the v0.1.0
version.
If you want to install the entropy-test-cli
for example, you can do so using the following command:
cargo install entropy-test-cli@0.1.0
Changed
- Make full version of entropy-client possible to compile on wasm (#816)
- Remove certain endowed accounts from chain (#819)
- Updates for test-cli before publishing and to work nicely with v0.0.12 (#830)
Fixed
- Fix
Account Deserialization
error from verifying key mismatch (#831)
v0.1.0-rc.1
0.1.0-rc.1 - 2024-05-15
This is the release candidate for the first publicly available version of Entropy 🥳
There aren't a lot of new features compared to the v0.12.0
release. However, one exciting addition
is that crates related to the threshold server (entropy-tss
) are now published on crates.io.
Docker Images
If you plan on using Docker images from this release, please use the following tags:
Published Crates
The crates from the crates/
subdirectory have been published on crates.io under the v0.1.0.rc.1
version.
If you want to install the entropy-test-cli
for example, you can do so using the following command:
cargo install entropy-test-cli@0.1.0-rc.1
Changed
- Make full version of entropy-client possible to compile on wasm (#816)
- Remove certain endowed accounts from chain (#819)
- Updates for test-cli before publishing and to work nicely with v0.0.12 (#830)
Fixed
- Fix
Account Deserialization
error from verifying key mismatch (#831)
v0.0.12
0.0.12 - 2024-05-05
Breaking Changes
- #788 'Integrate oracle to programs' the
programs::set_program
extrinsic now takes an additional argumentoracle_data_pointer
of type
Vec<u8>
(Uint8Array
on JS). Since oracles are not completely implemented this should be
passed an empty vector/array. - In #762 'Update Substrate to Polkadot 1.7.0'
the genesis chainspec builder has been updated for sc_service 0.36.0, which affects both the
runtime and chainspec. - In #709 'Derive the threshold account
keypair and x25519 keypair from mnemonic using HKDF' the JSentropy-protocol
bindings have
changed.Hpke.DecryptAndVerify
now takes a secret x25519 encryption key rather than a secret
sr25519 signing key. TherunDkgProtocol
andrunSigningProtocol
functions now both take a
secret x25519 key as an additional argument, since these are no longer derived from the given
signing secret key. Similarly in the rust API,EncryptedSignedMessage
no longer derives x25519
keypairs internally and so the decrypt method now takes a x25519 secret key. Also, the method by
which keypairs are derived from a mnemonic has changed, which means existing validators x25119
and sr25519 keypairs will be different what they were before. This includes the test accounts in
the chainspec.
Added
Changed
v0.0.11
0.0.11 - 2024-04-08
It's been a minute since our last release! A few of the major changes since then include:
- The addition of Public access mode for signature requests, allowing anybody to request a from an account.
- The removal of Permissioned access mode for signature requests. Its functionality was made redundant by the Public access mode
- Request rate limiting for signing requests. This is done by the threshold servers, but the are agreed upon on-chain.
Docker Images
If you plan on using Docker images from this release, please use the following tags:
Breaking Changes
- In #623, 'Public Access Mode', the
UserSignatureRequest
given when requesting a signature with the 'sign_tx' http endpoint must now contain an additional field,signature_request_account: AccountId32
. In private and permissioned modes, this must be identical to the account used to sign theSignedMessage
containing the signature request. In public access mode this may be an Entropy account owned by someone else. - In #629, 'Add proactive refresh keys on-chain', the
StakingExtensionConfig::proactive_refresh_validators
field used by the chain spec is nowStakingExtensionConfig::proactive_refresh_data
and takes a tuple ofVec
. Both should be empty at genesis for production. - In #631, the
config_interface
field ofProgramInfo
was renamed tointerface_description
to be more semantically accurate. This field will now be used to describe program interfaces, including the auxilary and configuration interfaces of the program. - In #658,
RegisteredInfo
andRegisteringDetails
now containversion_number
. As wellKeyVersionNumber
was added as a config parameter to theRelayer
pallet. - In #659, the Staking Extension pallet's
validate
extrinsic changed to take aServerInfo
struct instead of individual fields. - In #660, if too many request are sent for signing by a user in a block the TSS will reject them. The chainspec now has an added field for the new Parameters pallet, which itself has a
request_limit
field. - In #661, the Relayer pallet was renamed to the Registry pallet as this better describes the purpose of the pallet.
- In #662, the Free Transaction pallet was removed.
- In #666, Permissioned access type was removed to be handled by a program. Also in
registered
sig_request_key
as the key for the struct was replaced byverifying_key
. This meansverifying_key
was removed from theregistered
struct. - In #678, the Registry pallet's
get_validator_info()
public method stopped returning the validator index - In #680, a new genesis config entry was added for the Programs pallet. This entry,
initial_programs
, is a list of tuples which contains information (hash
,bytecode
,config
,auxiliary data
) about what programs to have on chain during genesis. - In #681,
program_interface
inprogram_data
of thePrograms
pallet has been split intoconfiguration_schema
andauxiliary_data_schema
- In #674, 'Add HPKE implementation',
entropy-protocol
'sSignedMessage
has been replaced byEncryptedSignedMessage
which has some small API differences:derive_static_secret
was renamed toderive_x25519_static_secret
, and in theentropy-protocol
JS module the subclass dealing with encryption has been renamed fromX25519Chacha20Poly1305
toHpke
. The JS API is otherwise the same as before. - In #703, a new genesis config parameter for the Parameters pallet was added,
max_instructions_per_program
.
Added
- Add ValidatorSubgroupRotated event (#618)
- Public access mode (#623)
- Emit events on TSS server errors (#625)
- Add direct query for a validator's subgroup (#642)
- Add version number to registered (#658)
- Request limit check (#660)
- Add helper for checking if a validator is in the signing committee (#678)
- Note unresponsiveness reports in Slashing pallet (#679)
- Add device key program to initial chainstate (#680)
- Add aux data to program info (#681)
- Add HPKE implementation (#674)
- Add max instructions parameters onchain (#703)
Changed
- Test CLI - dont send hardcoded auxiliary data by default when signing (#614)
- Add proactive refresh keys on-chain (#629)
- Rename ProgramInfo.config_interface to interface_description (#631)
- Change test-cli default access mode and update readme for recent changes (#643)
- Add additional checks to TSS server's
/user/receive_key
endpoint (#655) - Disallow using existing TSS account IDs in Staking pallet (#657)
- Clean ups around Staking Extension's
validate()
extrinsic (#659) - Rename
pallet_relayer
topallet_registry
(#661) - Remove permissioned access type (#666)
- Use SessionID in shared randomness (#676)
Removed
- Remove
pallet-free-tx
(#662)
v0.0.10
0.0.10 - 2024-01-24
A lot of the changes introduced in this release are program related.
The workflow around having to upload a program during registration is gone. Instead users can
register with programs which have previously been uploaded on-chain by providing the hash of the
program they want to use.
When registering a user can also customize the behaviour of their chosen program through the new
program configuration feature.
If a single program doesn't provide enough functionality, now users can register with multiple
programs. During signature generation all of these programs will be executed. Only if all of them
run successfully then a signature is produced.
Finally, users are now able to indicate which hashing algorithm they would like to use during the
signing step. We provide some common ones out of the box, but custom user-provided hashing
algorithms are also supported.
Docker Images
If you plan on using Docker images from this release, please use the following tags:
Breaking Changes
- In #561 several crates were renamed in order to ensure consistent naming across the repo.
The most impactful of these is that theserver
binary is now theentropy-tss
binary. From
this it follows that the Docker images previously published underentropyxyz/server
are
now being published underentropyxyz/entropy-tss
. - In #536 the registration interface was changed to accept a pointer to a program.
Programs are now expected to be uploaded using thePrograms::set_program
extrinsic.- The
Programs::update_program
extrinsic has been removed and replaced withset_program
and
remove_program
- The
Relayer::register
extrinsic now takes a list ofprogram_pointer
instead of an
initial_program
- The
Relayer::AllowedToModifyProgram
storage struct and accompanying getter,
sig_req_accounts
, was removed - The
Programs::Bytecode
storage struct and accompanying getter,bytecode
, was removed and
replaced with thePrograms
storage struct - The
Programs::ProgramUpdated
event was removed and replaced with theProgramCreated
and
ProgramRemoved
events - A new Programs configuration parameter,
MaxOwnedPrograms
, was added
- The
- In #549, when executing the signing protocol on the client-side, a
sig-uid
no longer
needs to be given as an argument - In #566 the Wasm API to
entropy-protocol
was changed to usecamelCase
function names. - In #563 the Wasm API to functions formerly in the
x25515chacha20poly1305
repository
was changed to usecamelCase
function names. - In #568 the registration and program update interfaces were changes to accept a
vector of program hashes.- A new Relayer configuration parameter,
MaxProgramHashes
, was added - The
Relayer::Registered
storage struct was changed to contain a list ofprogram_pointers
- A new Relayer configuration parameter,
- In #577 the auxilary program data is now expected to be in a vector. This order of the auxilary data
should match the order of the programs that are being registered. - In #592 the
local-devnet
chain-type was renamed todevnet-local
. Additionally, the default chain
type when none is specified is nowdev
instead oflocal
. - In #593 the programs interface was changed to accept a program configuration interface. This allows
an uploaded program to be configured differently by different users. - In #604, the
program_modification_account
term used in the Programs pallet was changed to
deployer
. This better reflects the purpose of this account.
Added
- Test CLI which calls the same code as in integration tests (#417)
- Pointer for Programs (#536)
- Add password file option (#555)
- Include contents of x25515chacha20poly1305 repo in entropy-protocol (#563)
- Custom Hashing Algorithms (#553)
- Add ref counter to programs (#585)
- Add
--setup-only
flag (#588) - Add --version flag and about field to TSS (#590)
- Program config storage (#593)
- Add a hashes endpoint (#600)
Changed
- Crate name refactor (#561)
- Only run wasm integration tests when a feature is enabled (#565)
- Protocol sessions are now identified by a
SessionID
type rather than aString
(#549) - Change bip39 implementation (#562)
- Additive programs (#568)
- Additional
hash
field in/sign_tx
JSON body indicates which hashing algorithm to use for signing (#553) - Additive aux data (#577)
- Refactor Rust-based chain specs (#592)
- Fix test CLI for additive program pointers and update / refactor tests (#591)
- Change
program_modification_account
toprogram_deploy_key
(#604)
Fixed
- Fix inconsistency between interactive and file based passwords (#589)
Removed
- Remove pallet-helpers (#581)
v0.0.9
0.0.9 - 2023-11-30
Some of the noteworthy changes related to this release are related to better integration in Web
Assembly contexts, and improvements to logging for the Threshold Signature Server.
Certain key components related to distributed key generation (DKG) are now able to be compiled to
Wasm. This opens up the possiblity for users to participate in DKG themselves from the browser!
There are changes around how logging in the server
binary is done. When running the binary users
can now choose the type of output they would like to see (e.g --logger json
), and can even send
their logs to a Loki server (--loki
) for aggregation and visualization.
Docker Images
If you plan on using Docker images from this release, please use the following tags:
Breaking Changes
- In #475, in the JSON body of the
/sign_tx
endpoint thepreimage
field has been renamed to
message
. It remains a hex-encodedstring
.
Added
- Wasm bindings for user to participate in DKG and signing protocols (#414)
- Auxiliary data for program evaluation (#475)
- Add a keyshare type for wasm which wraps
synedrion::KeyShare
(#512) - Add versioning to server (#516)
- Cross-compile for
linux/arm64
and push multi-platform Docker images. (#518) - Allow logger to be configured from CLI (#520)
- Add
bunyan
JSON formatter (#524) - Add Loki logging layer (#528)
Changed
- Validate proactive refresh endpoint (#483)
- No proactive refresh on private key visibility (#485)
- Use bincode rather than JSON for protocol and subscribe messages (#492)
- Allow big protocol messages (#495)
- Change
SocketAddr
type forString
(#496) - Partition proactive refresh (#504)
- Add
#[tracing::instrument]
macro to routes (#515) - Make
server
a library, and add integration test for testing protocol crate on wasm (#517) - Remove subxt-signer from server and entropy-protocol (#526)
ec-runtime
now errors for zero-sized programs (#529)entropy-protocol
- polkadot-js compatible sr25519 key generation for wasm API (#533)
Fixed
- Return package version instead of rustc version (#523)