Remove permissioned (#666)

* remove permissioned

* have verifying key as key in registered state

* tss crate compile

* compiling

* fix one broken test

* fix another test

* fix more tests

* sign tx test

* more tests

* fix all tests

* at an event listener for registered

* registry tests

* more tests

* keyshare check

* clean

* clean

* tests

* fmt

* update wasm

* clean wasm tests

* fmt

* spelling

* inline docs

* fix test

* changelog

* fix event issue

* lint

* clean

* clean

* Update pallets/registry/src/lib.rs

Co-authored-by: Hernando Castano <HCastano@users.noreply.github.com>

* fix

* Update crates/test-cli/src/main.rs

Co-authored-by: peg <peg@magmacollective.org>

* fixes

* clean

* clean

* Apply suggestions from code review

Co-authored-by: Hernando Castano <HCastano@users.noreply.github.com>

* clean

* clean

* fix

* fix

* fix

* fmt

* Update pallets/registry/src/lib.rs

Co-authored-by: Hernando Castano <HCastano@users.noreply.github.com>

* lint

* fix wasm

* fix

---------

Co-authored-by: Hernando Castano <HCastano@users.noreply.github.com>
Co-authored-by: peg <peg@magmacollective.org>

CHANGELOG.md

@@ -35,6 +35,9 @@ At the moment this project **does not** adhere to
   the Registry pallet as this better describes the purpose of the pallet.
 - In [#662](https://github.com/entropyxyz/entropy-core/pull/662), the Free Transaction pallet was
   removed.
+- In [#666](https://github.com/entropyxyz/entropy-core/pull/666), Permissioned access type was removed 
+  to be handled by a program. Also in `registered` `sig_request_key` as the key for the struct was 
+  replaced by `verifying_key`. This means `verifying_key` was removed from the `registered` struct.
 
 ### Added
 - Add ValidatorSubgroupRotated event ([#618](https://github.com/entropyxyz/entropy-core/pull/618))
@@ -50,6 +53,7 @@ At the moment this project **does not** adhere to
 - Disallow using existing TSS account IDs in Staking pallet ([#657](https://github.com/entropyxyz/entropy-core/pull/657))
 - Clean ups around Staking Extension's `validate()` extrinsic ([#659](https://github.com/entropyxyz/entropy-core/pull/659))
 - Rename `pallet_relayer` to `pallet_registry` ([#661](https://github.com/entropyxyz/entropy-core/pull/661))
+- Remove permissioned access type ([#666](https://github.com/entropyxyz/entropy-core/pull/666))
 - Use SessionID in shared randomness ([#676](https://github.com/entropyxyz/entropy-core/pull/676))
 
 ### Removed

crates/protocol/src/lib.rs

@@ -158,7 +158,7 @@ pub enum SessionId {
     /// A distributed key generation protocol session for registering
     Dkg(AccountId32),
     /// A proactive refresh session
-    ProactiveRefresh(AccountId32),
+    ProactiveRefresh(Vec<u8>),
     /// A signing session
     Sign(SigningSessionInfo),
 }
@@ -167,7 +167,7 @@ pub enum SessionId {
 #[derive(Serialize, Deserialize, Debug, Clone, Eq, PartialEq)]
 pub struct SigningSessionInfo {
     /// The signature request account ID
-    pub account_id: AccountId32,
+    pub signature_verifying_key: Vec<u8>,
     /// Hash of the message to be signed
     pub message_hash: [u8; 32],
     /// Account ID of the request author (in public access mode this may differ from the signature
@@ -182,11 +182,11 @@ impl Hash for SessionId {
             SessionId::Dkg(account_id) => {
                 account_id.0.hash(state);
             },
-            SessionId::ProactiveRefresh(account_id) => {
-                account_id.0.hash(state);
+            SessionId::ProactiveRefresh(signature_verifying_key) => {
+                signature_verifying_key.hash(state);
             },
             SessionId::Sign(signing_session_info) => {
-                signing_session_info.account_id.0.hash(state);
+                signing_session_info.signature_verifying_key.hash(state);
                 signing_session_info.message_hash.hash(state);
                 signing_session_info.request_author.0.hash(state);
             },

crates/protocol/src/user/mod.rs

@@ -46,8 +46,10 @@ pub async fn user_participates_in_signing_protocol(
     user_signing_keypair: &sr25519::Pair,
     message_hash: [u8; 32],
 ) -> Result<RecoverableSignature, UserRunningProtocolErr> {
+    let verifying_key = key_share.verifying_key().to_encoded_point(true).as_bytes().to_vec();
+
     let session_id = SessionId::Sign(SigningSessionInfo {
-        account_id: AccountId32(user_signing_keypair.public().0),
+        signature_verifying_key: verifying_key,
         message_hash,
         request_author: AccountId32(user_signing_keypair.public().0),
     });

crates/shared/Cargo.toml

@@ -15,8 +15,10 @@ serde_derive="1.0.147"
 strum       ="0.25.0"
 strum_macros="0.25.3"
 
-sp-runtime={ version="28.0.0", default-features=false, optional=true }
-sp-std    ={ version="12.0.0", default-features=false }
+sp-runtime ={ version="28.0.0", default-features=false, optional=true }
+sp-std     ={ version="12.0.0", default-features=false }
+lazy_static={ version="1.4.0", features=["spin_no_std"] }
+hex-literal="0.3.4"
 
 [features]
 default    =["std"]

crates/shared/src/constants.rs

@@ -0,0 +1,39 @@
+use hex_literal::hex;
+use lazy_static::lazy_static;
+use sp_std::vec;
+use sp_std::vec::Vec;
+
+lazy_static! {
+    pub static ref DEFAULT_VERIFYING_KEY_NOT_REGISTERED: Vec<u8> = vec![10; VERIFICATION_KEY_LENGTH as usize];
+    pub static ref DAVE_VERIFYING_KEY: Vec<u8> = vec![1; VERIFICATION_KEY_LENGTH as usize];
+    // this key is associated with a constant key share generation from DETERMINISTIC_KEY_SHARE
+    pub static ref EVE_VERIFYING_KEY: Vec<u8> = vec![2, 78, 59, 129, 175, 156, 34, 52, 202, 208, 157, 103, 156, 230, 3, 94, 209, 57, 35, 71, 206, 100, 206, 64, 95, 93, 205, 54, 34, 138, 37, 222, 110];
+    pub static ref FERDIE_VERIFYING_KEY: Vec<u8> = vec![3; VERIFICATION_KEY_LENGTH as usize];
+    pub static ref DEFAULT_VERIFYING_KEY: Vec<u8> = vec![0; VERIFICATION_KEY_LENGTH as usize];
+    // key used to create a deterministic key share taken from here https://docs.rs/k256/latest/k256/ecdsa/index.html
+    pub static ref DETERMINISTIC_KEY_SHARE: [u8; 32] =  hex!("4c0883a69102937d6231471b5dbb6204fe5129617082792ae468d01a3f362318");
+}
+
+pub const SIGNING_PARTY_SIZE: usize = 2;
+
+// min balance 12 decimal chain = 0.1
+pub const MIN_BALANCE: u128 = 10000000000;
+
+// 6 seconds a block this is one day
+/// The amount of blocks before a tx request is pruned from the kvdb
+pub const PRUNE_BLOCK: u32 = 14400;
+
+/// Timeout for validators to wait for other validators to join protocol committees
+pub const SETUP_TIMEOUT_SECONDS: u64 = 20;
+
+/// The amount of proactive refreshes we do per session
+pub const REFRESHES_PER_SESSION: u32 = 10;
+
+/// Max instructions per wasm program
+pub const MAX_INSTRUCTIONS_PER_PROGRAM: u64 = 100_000;
+
+/// Blocks a transaction is valid for
+pub const MORTALITY_BLOCKS: u64 = 32;
+
+/// Size of the verification key
+pub const VERIFICATION_KEY_LENGTH: u32 = 33;

crates/shared/src/lib.rs

@@ -18,27 +18,7 @@
 //! i.e. messages sent from one to the other and structs contained in those messages
 //!
 //! This helps ensures those structs are synced among clients and nodes.
+pub use constants::*;
 pub use types::*;
-
+pub mod constants;
 pub mod types;
-
-pub const SIGNING_PARTY_SIZE: usize = 2;
-
-// min balance 12 decimal chain = 0.1
-pub const MIN_BALANCE: u128 = 10000000000;
-
-// 6 seconds a block this is one day
-/// The amount of blocks before a tx request is pruned from the kvdb
-pub const PRUNE_BLOCK: u32 = 14400;
-
-/// Timeout for validators to wait for other validators to join protocol committees
-pub const SETUP_TIMEOUT_SECONDS: u64 = 20;
-
-/// The amount of proactive refreshes we do per session
-pub const REFRESHES_PER_SESSION: u32 = 10;
-
-/// Max instructions per wasm program
-pub const MAX_INSTRUCTIONS_PER_PROGRAM: u64 = 100_000;
-
-/// Blocks a transaction is valid for
-pub const MORTALITY_BLOCKS: u64 = 32;

crates/shared/src/types.rs

@@ -33,16 +33,14 @@ pub type X25519PublicKey = [u8; 32];
 type BlockNumber = u32;
 
 /// Defines an application's accessibility
-/// Public -> Anyone can request a signature
-/// Permissioned -> Only permissioned users can request a signature
-/// Private -> Requires the keyshare holder to participate in the threshold signing process
+/// Public -> User does not hold a keyshare
+/// Private -> User holds keyshare
 #[cfg_attr(not(feature = "wasm-no-std"), derive(Debug))]
 #[cfg_attr(feature = "wasm-no-std", derive(RuntimeDebug))]
 #[cfg_attr(feature = "std", derive(Serialize, Deserialize))]
 #[derive(Copy, Clone, PartialEq, Eq, Encode, Decode, TypeInfo, MaxEncodedLen)]
 pub enum KeyVisibility {
     Public,
-    Permissioned,
     Private(X25519PublicKey),
 }
 

crates/test-cli/src/main.rs

@@ -18,7 +18,6 @@ use std::{
     fmt::{self, Display},
     fs,
     path::PathBuf,
-    str::FromStr,
     time::Instant,
 };
 
@@ -38,7 +37,7 @@ use entropy_testing_utils::{
         store_program, update_programs, KeyParams, KeyShare, KeyVisibility,
     },
 };
-use sp_core::{crypto::AccountId32, sr25519, Hasher, Pair};
+use sp_core::{sr25519, Hasher, Pair};
 use sp_runtime::traits::BlakeTwo256;
 use subxt::{
     backend::legacy::LegacyRpcMethods,
@@ -99,24 +98,18 @@ enum CliCommand {
         ///
         /// Optionally may be preceeded with "//", eg: "//Alice"
         user_account_name: String,
-        /// The account ID you wish to sign with, if different from `user_account_name` (e.g if
-        /// using public access mode).
-        ///
-        /// This may be given as a hex public key, SS58 account ID, or a name from which to generate
-        /// a keypair (e.g `//Alice`)
+        /// The verifying key of the account to sign with
         #[arg(short, long)]
-        signature_request_account: Option<String>,
+        signature_verifying_key: Vec<u8>,
         /// The message to be signed
         message: String,
         /// Optional auxiliary data passed to the program, given as hex
         auxilary_data: Option<String>,
     },
     /// Update the program for a particular account
     UpdatePrograms {
-        /// A name from which to generate a signature request keypair, eg: "Alice"
-        ///
-        /// Optionally may be preceeded with "//", eg: "//Alice"
-        signature_request_account_name: String,
+        /// The verifying key of the account to update their programs
+        signature_verifying_key: Vec<u8>,
         /// A name from which to generate a program modification keypair, eg: "Bob"
         ///
         /// Optionally may be preceeded with "//", eg: "//Bob"
@@ -151,21 +144,17 @@ enum CliCommand {
 
 #[derive(Debug, Copy, Clone, PartialEq, Eq, PartialOrd, Ord, clap::ValueEnum, Default)]
 enum Visibility {
-    /// Only the user who registers can submit a signature request, and the user holds a keyshare
-    /// themselves
+    /// User holds keyshare
     Private,
-    /// Only the user who registers can submit a signature request (default)
+    /// User does not hold a keyshare
     #[default]
-    Permissioned,
-    /// Anyone can submit a signature request
     Public,
 }
 
 impl From<KeyVisibility> for Visibility {
     fn from(key_visibility: KeyVisibility) -> Self {
         match key_visibility {
             KeyVisibility::Private(_) => Visibility::Private,
-            KeyVisibility::Permissioned => Visibility::Permissioned,
             KeyVisibility::Public => Visibility::Public,
         }
     }
@@ -219,7 +208,6 @@ async fn run_command() -> anyhow::Result<String> {
             println!("Program account: {}", program_keypair.public());
 
             let key_visibility_converted = match key_visibility {
-                Visibility::Permissioned => KeyVisibility::Permissioned,
                 Visibility::Private => {
                     let x25519_secret = derive_static_secret(&signature_request_keypair);
                     let x25519_public = x25519_dalek::PublicKey::from(&x25519_secret);
@@ -252,35 +240,21 @@ async fn run_command() -> anyhow::Result<String> {
 
             Ok(format!("{:?}", registered_info))
         },
-        CliCommand::Sign {
-            user_account_name,
-            signature_request_account,
-            message,
-            auxilary_data,
-        } => {
+        CliCommand::Sign { user_account_name, signature_verifying_key, message, auxilary_data } => {
             let user_keypair: sr25519::Pair = SeedString::new(user_account_name).try_into()?;
             println!("User account: {}", user_keypair.public());
 
             let auxilary_data =
                 if let Some(data) = auxilary_data { Some(hex::decode(data)?) } else { None };
 
-            let signature_request_account = match signature_request_account {
-                Some(s) => {
-                    let account = parse_account_id(&s)?;
-                    println!("Signature request account: {}", account);
-                    Some(account)
-                },
-                None => None,
-            };
-
             // If we have a keyshare file for this account, get it
             let private_keyshare = KeyShareFile::new(user_keypair.public()).read().ok();
 
             let recoverable_signature = sign(
                 &api,
                 &rpc,
                 user_keypair,
-                signature_request_account,
+                signature_verifying_key,
                 message.as_bytes().to_vec(),
                 private_keyshare,
                 auxilary_data,
@@ -305,15 +279,7 @@ async fn run_command() -> anyhow::Result<String> {
             let hash = store_program(&api, &rpc, &keypair, program, program_interface).await?;
             Ok(format!("Program stored {hash}"))
         },
-        CliCommand::UpdatePrograms {
-            signature_request_account_name,
-            program_account_name,
-            programs,
-        } => {
-            let signature_request_keypair: sr25519::Pair =
-                SeedString::new(signature_request_account_name).try_into()?;
-            println!("Signature request account: {}", signature_request_keypair.public());
-
+        CliCommand::UpdatePrograms { signature_verifying_key, program_account_name, programs } => {
             let program_keypair: sr25519::Pair =
                 SeedString::new(program_account_name).try_into()?;
             println!("Program account: {}", program_keypair.public());
@@ -328,7 +294,7 @@ async fn run_command() -> anyhow::Result<String> {
             update_programs(
                 &api,
                 &rpc,
-                &signature_request_keypair,
+                signature_verifying_key,
                 &program_keypair,
                 BoundedVec(programs_info),
             )
@@ -352,10 +318,9 @@ async fn run_command() -> anyhow::Result<String> {
                 for (account_id, info) in accounts {
                     let visibility: Visibility = info.key_visibility.0.into();
                     println!(
-                        "{} {:<12} {} {}",
-                        format!("{}", account_id).green(),
+                        "{} {:<12} {}",
+                        format!("{:?}", account_id.to_vec()).green(),
                         format!("{}", visibility).purple(),
-                        format!("{:<66}", hex::encode(info.verifying_key.0)).cyan(),
                         format!(
                             "{:?}",
                             info.programs_data
@@ -522,21 +487,3 @@ impl Program {
         }
     }
 }
-
-/// Parse an account ID from a user provided string.
-///
-/// This may be given as a hex public key, SS58 account ID, or a name from which to generate
-/// a keypair (e.g `//Alice`)
-fn parse_account_id(input: &str) -> anyhow::Result<SubxtAccountId32> {
-    ensure!(!input.is_empty(), "Cannot parse emptry string as account ID");
-
-    // We use sp-core's AccountId32 here because it will parse account IDs given as either hex or
-    // ss58
-    match AccountId32::from_str(input) {
-        Ok(account_id) => Ok(SubxtAccountId32(*account_id.as_ref())),
-        Err(_) => {
-            let keypair: sr25519::Pair = SeedString::new(input.to_string()).try_into()?;
-            Ok(SubxtAccountId32(keypair.public().0))
-        },
-    }
-}