xmr-btc-swap/swap/src/protocol.rs

use crate::protocol::alice::swap::is_complete as alice_is_complete;
use crate::protocol::alice::AliceState;
use crate::protocol::bob::swap::is_complete as bob_is_complete;
use crate::protocol::bob::BobState;
use crate::{bitcoin, monero};
use anyhow::Result;
use async_trait::async_trait;
use conquer_once::Lazy;
use ecdsa_fun::fun::marker::Mark;
use libp2p::{Multiaddr, PeerId};
use serde::{Deserialize, Serialize};
use sha2::Sha256;
use sigma_fun::ext::dl_secp256k1_ed25519_eq::{CrossCurveDLEQ, CrossCurveDLEQProof};
use sigma_fun::HashTranscript;
use std::convert::TryInto;
use uuid::Uuid;

pub mod alice;
pub mod bob;

pub static CROSS_CURVE_PROOF_SYSTEM: Lazy<
    CrossCurveDLEQ<HashTranscript<Sha256, rand_chacha::ChaCha20Rng>>,
> = Lazy::new(|| {
    CrossCurveDLEQ::<HashTranscript<Sha256, rand_chacha::ChaCha20Rng>>::new(
        (*ecdsa_fun::fun::G).mark::<ecdsa_fun::fun::marker::Normal>(),
        curve25519_dalek::constants::ED25519_BASEPOINT_POINT,
    )
});

#[derive(Clone, Debug, Serialize, Deserialize)]
pub struct Message0 {
    swap_id: Uuid,
    B: bitcoin::PublicKey,
    S_b_monero: monero::PublicKey,
    S_b_bitcoin: bitcoin::PublicKey,
    dleq_proof_s_b: CrossCurveDLEQProof,
    v_b: monero::PrivateViewKey,
    refund_address: bitcoin::Address,
    #[serde(with = "::bitcoin::util::amount::serde::as_sat")]
    tx_refund_fee: bitcoin::Amount,
    #[serde(with = "::bitcoin::util::amount::serde::as_sat")]
    tx_cancel_fee: bitcoin::Amount,
}

#[derive(Clone, Debug, Serialize, Deserialize)]
pub struct Message1 {
    A: bitcoin::PublicKey,
    S_a_monero: monero::PublicKey,
    S_a_bitcoin: bitcoin::PublicKey,
    dleq_proof_s_a: CrossCurveDLEQProof,
    v_a: monero::PrivateViewKey,
    redeem_address: bitcoin::Address,
    punish_address: bitcoin::Address,
    #[serde(with = "::bitcoin::util::amount::serde::as_sat")]
    tx_redeem_fee: bitcoin::Amount,
    #[serde(with = "::bitcoin::util::amount::serde::as_sat")]
    tx_punish_fee: bitcoin::Amount,
}

#[derive(Clone, Debug, Serialize, Deserialize)]
pub struct Message2 {
    psbt: bitcoin::PartiallySignedTransaction,
}

#[derive(Clone, Debug, Serialize, Deserialize)]
pub struct Message3 {
    tx_cancel_sig: bitcoin::Signature,
    tx_refund_encsig: bitcoin::EncryptedSignature,
}

#[derive(Clone, Debug, Serialize, Deserialize)]
pub struct Message4 {
    tx_punish_sig: bitcoin::Signature,
    tx_cancel_sig: bitcoin::Signature,
}

#[allow(clippy::large_enum_variant)]
#[derive(Clone, Debug, PartialEq)]
pub enum State {
    Alice(AliceState),
    Bob(BobState),
}

impl State {
    pub fn swap_finished(&self) -> bool {
        match self {
            State::Alice(state) => alice_is_complete(state),
            State::Bob(state) => bob_is_complete(state),
        }
    }
}

impl From<AliceState> for State {
    fn from(alice: AliceState) -> Self {
        Self::Alice(alice)
    }
}

impl From<BobState> for State {
    fn from(bob: BobState) -> Self {
        Self::Bob(bob)
    }
}

#[derive(thiserror::Error, Debug, Clone, Copy, PartialEq)]
#[error("Not in the role of Alice")]
pub struct NotAlice;

#[derive(thiserror::Error, Debug, Clone, Copy, PartialEq)]
#[error("Not in the role of Bob")]
pub struct NotBob;

impl TryInto<BobState> for State {
    type Error = NotBob;

    fn try_into(self) -> std::result::Result<BobState, Self::Error> {
        match self {
            State::Alice(_) => Err(NotBob),
            State::Bob(state) => Ok(state),
        }
    }
}

impl TryInto<AliceState> for State {
    type Error = NotAlice;

    fn try_into(self) -> std::result::Result<AliceState, Self::Error> {
        match self {
            State::Alice(state) => Ok(state),
            State::Bob(_) => Err(NotAlice),
        }
    }
}

#[async_trait]
pub trait Database {
    async fn insert_peer_id(&self, swap_id: Uuid, peer_id: PeerId) -> Result<()>;
    async fn get_peer_id(&self, swap_id: Uuid) -> Result<PeerId>;
    async fn insert_monero_address(&self, swap_id: Uuid, address: monero::Address) -> Result<()>;
    async fn get_monero_address(&self, swap_id: Uuid) -> Result<monero::Address>;
    async fn insert_address(&self, peer_id: PeerId, address: Multiaddr) -> Result<()>;
    async fn get_addresses(&self, peer_id: PeerId) -> Result<Vec<Multiaddr>>;
    async fn insert_latest_state(&self, swap_id: Uuid, state: State) -> Result<()>;
    async fn get_state(&self, swap_id: Uuid) -> Result<State>;
    async fn all(&self) -> Result<Vec<(Uuid, State)>>;
}
Create Database trait Use domain types in database API to prevent leaking of database types. This trait will allow us to smoothly introduce the sqlite database. 2021-09-27 20:15:31 -04:00			`use crate::protocol::alice::swap::is_complete as alice_is_complete;`
			`use crate::protocol::alice::AliceState;`
			`use crate::protocol::bob::swap::is_complete as bob_is_complete;`
			`use crate::protocol::bob::BobState;`
Move messages into `protocol` module This allows us to remove all visibility modifiers from the message fields because child modules (in this case {alice,bob}::state) can always access private fields of structs. It also moves the messages into a more natural place. Previously, they were defined within the network layer even though they are independent of the libp2p implementation. 2021-03-24 01:55:00 -04:00			`use crate::{bitcoin, monero};`
Create Database trait Use domain types in database API to prevent leaking of database types. This trait will allow us to smoothly introduce the sqlite database. 2021-09-27 20:15:31 -04:00			`use anyhow::Result;`
			`use async_trait::async_trait;`
Only construct proof system once The proof system is a static element and can be reused several times. 2021-02-18 20:22:55 -05:00			`use conquer_once::Lazy;`
			`use ecdsa_fun::fun::marker::Mark;`
Create Database trait Use domain types in database API to prevent leaking of database types. This trait will allow us to smoothly introduce the sqlite database. 2021-09-27 20:15:31 -04:00			`use libp2p::{Multiaddr, PeerId};`
Move messages into `protocol` module This allows us to remove all visibility modifiers from the message fields because child modules (in this case {alice,bob}::state) can always access private fields of structs. It also moves the messages into a more natural place. Previously, they were defined within the network layer even though they are independent of the libp2p implementation. 2021-03-24 01:55:00 -04:00			`use serde::{Deserialize, Serialize};`
Only construct proof system once The proof system is a static element and can be reused several times. 2021-02-18 20:22:55 -05:00			`use sha2::Sha256;`
Move messages into `protocol` module This allows us to remove all visibility modifiers from the message fields because child modules (in this case {alice,bob}::state) can always access private fields of structs. It also moves the messages into a more natural place. Previously, they were defined within the network layer even though they are independent of the libp2p implementation. 2021-03-24 01:55:00 -04:00			`use sigma_fun::ext::dl_secp256k1_ed25519_eq::{CrossCurveDLEQ, CrossCurveDLEQProof};`
Change `imports_granularity` to module This reduces the overall amount of LoC that imports take up in our codebase by almost 100. It also makes merge-conflicts less likely because there is less grouping together of imports that may lead to layout changes which in turn can cause merge conflicts. 2021-03-03 19:28:58 -05:00			`use sigma_fun::HashTranscript;`
Create Database trait Use domain types in database API to prevent leaking of database types. This trait will allow us to smoothly introduce the sqlite database. 2021-09-27 20:15:31 -04:00			`use std::convert::TryInto;`
Multiple swaps with the same peer - Swap-id is exchanged during execution setup. CLI (Bob) sends the swap-id to be used in his first message. - Transfer poof and encryption signature messages include the swap-id so it can be properly associated with the correct swap. - ASB: Encryption signatures are associated with swaps by swap-id, not peer-id. - ASB: Transfer proofs are still associated to peer-ids (because they have to be sent to the respective peer), but the ASB can buffer multiple - CLI: Incoming transfer proofs are checked for matching swap-id. If a transfer proof with a different swap-id than the current executing swap is received it will be ignored. We can change this to saving into the database. Includes concurrent swap tests with the same Bob. - One test that pauses and starts an additional swap after the transfer proof was received. Results in both swaps being redeemed after resuming the first swap. - One test that pauses and starts an additional swap before the transfer proof is sent (just after BTC locked). Results in the second swap redeeming and the first swap being refunded (because the transfer proof on Bob's side is lost). Once we store transfer proofs that we receive during executing a different swap into the database both swaps should redeem. Note that the monero harness was adapted to allow creating wallets with multiple outputs, which is needed for Alice. 2021-04-08 04:56:26 -04:00			`use uuid::Uuid;`
Only construct proof system once The proof system is a static element and can be reused several times. 2021-02-18 20:22:55 -05:00
Merge xmr_btc crate Created network, storage and protocol modules. Organised files into the modules where the belong. xmr_btc crate moved into isolated modulein swap crate. Remove the xmr_btc module and integrate into swap crate. Consolidate message related code Reorganise imports Remove unused parent Message enum Remove unused parent State enum Remove unused dependencies from Cargo.toml 2021-01-04 22:08:36 -05:00			`pub mod alice;`
			`pub mod bob;`
Move StartingBalances into protocol module 2021-01-19 21:29:46 -05:00
Only construct proof system once The proof system is a static element and can be reused several times. 2021-02-18 20:22:55 -05:00			`pub static CROSS_CURVE_PROOF_SYSTEM: Lazy<`
			`CrossCurveDLEQ<HashTranscript<Sha256, rand_chacha::ChaCha20Rng>>,`
			`> = Lazy::new(\|\| {`
			`CrossCurveDLEQ::<HashTranscript<Sha256, rand_chacha::ChaCha20Rng>>::new(`
			`(*ecdsa_fun::fun::G).mark::<ecdsa_fun::fun::marker::Normal>(),`
			`curve25519_dalek::constants::ED25519_BASEPOINT_POINT,`
			`)`
			`});`

Move messages into `protocol` module This allows us to remove all visibility modifiers from the message fields because child modules (in this case {alice,bob}::state) can always access private fields of structs. It also moves the messages into a more natural place. Previously, they were defined within the network layer even though they are independent of the libp2p implementation. 2021-03-24 01:55:00 -04:00			`#[derive(Clone, Debug, Serialize, Deserialize)]`
			`pub struct Message0 {`
Multiple swaps with the same peer - Swap-id is exchanged during execution setup. CLI (Bob) sends the swap-id to be used in his first message. - Transfer poof and encryption signature messages include the swap-id so it can be properly associated with the correct swap. - ASB: Encryption signatures are associated with swaps by swap-id, not peer-id. - ASB: Transfer proofs are still associated to peer-ids (because they have to be sent to the respective peer), but the ASB can buffer multiple - CLI: Incoming transfer proofs are checked for matching swap-id. If a transfer proof with a different swap-id than the current executing swap is received it will be ignored. We can change this to saving into the database. Includes concurrent swap tests with the same Bob. - One test that pauses and starts an additional swap after the transfer proof was received. Results in both swaps being redeemed after resuming the first swap. - One test that pauses and starts an additional swap before the transfer proof is sent (just after BTC locked). Results in the second swap redeeming and the first swap being refunded (because the transfer proof on Bob's side is lost). Once we store transfer proofs that we receive during executing a different swap into the database both swaps should redeem. Note that the monero harness was adapted to allow creating wallets with multiple outputs, which is needed for Alice. 2021-04-08 04:56:26 -04:00			`swap_id: Uuid,`
Move messages into `protocol` module This allows us to remove all visibility modifiers from the message fields because child modules (in this case {alice,bob}::state) can always access private fields of structs. It also moves the messages into a more natural place. Previously, they were defined within the network layer even though they are independent of the libp2p implementation. 2021-03-24 01:55:00 -04:00			`B: bitcoin::PublicKey,`
			`S_b_monero: monero::PublicKey,`
			`S_b_bitcoin: bitcoin::PublicKey,`
			`dleq_proof_s_b: CrossCurveDLEQProof,`
			`v_b: monero::PrivateViewKey,`
			`refund_address: bitcoin::Address,`
Dynamically chose fee for TxRefund and TxPunish. Alice chooses the fee for TxPunish because she is the one that cares. Bob chooses the fee for TxRefund because he is the one that cares. Note must be taken here because if the fee is too low (e.g. < min tx fee) then she might not be able to publish TxRedeem at all. 2021-04-28 20:40:04 -04:00			`#[serde(with = "::bitcoin::util::amount::serde::as_sat")]`
			`tx_refund_fee: bitcoin::Amount,`
Dynamically chose fee for TxCancel. Bob chooses the fee for TxCancel because he is the one that cares. 2021-04-28 20:59:40 -04:00			`#[serde(with = "::bitcoin::util::amount::serde::as_sat")]`
			`tx_cancel_fee: bitcoin::Amount,`
Move messages into `protocol` module This allows us to remove all visibility modifiers from the message fields because child modules (in this case {alice,bob}::state) can always access private fields of structs. It also moves the messages into a more natural place. Previously, they were defined within the network layer even though they are independent of the libp2p implementation. 2021-03-24 01:55:00 -04:00			`}`

			`#[derive(Clone, Debug, Serialize, Deserialize)]`
			`pub struct Message1 {`
			`A: bitcoin::PublicKey,`
			`S_a_monero: monero::PublicKey,`
			`S_a_bitcoin: bitcoin::PublicKey,`
			`dleq_proof_s_a: CrossCurveDLEQProof,`
			`v_a: monero::PrivateViewKey,`
			`redeem_address: bitcoin::Address,`
			`punish_address: bitcoin::Address,`
Dynamically chose fee for TxRedeem. Alice chooses the fee for TxRedeem because she is the one that cares. Note must be taken here because if the fee is too low (e.g. < min tx fee) then she might not be able to publish TxRedeem at all. 2021-04-28 03:08:00 -04:00			`#[serde(with = "::bitcoin::util::amount::serde::as_sat")]`
			`tx_redeem_fee: bitcoin::Amount,`
Dynamically chose fee for TxRefund and TxPunish. Alice chooses the fee for TxPunish because she is the one that cares. Bob chooses the fee for TxRefund because he is the one that cares. Note must be taken here because if the fee is too low (e.g. < min tx fee) then she might not be able to publish TxRedeem at all. 2021-04-28 20:40:04 -04:00			`#[serde(with = "::bitcoin::util::amount::serde::as_sat")]`
			`tx_punish_fee: bitcoin::Amount,`
Move messages into `protocol` module This allows us to remove all visibility modifiers from the message fields because child modules (in this case {alice,bob}::state) can always access private fields of structs. It also moves the messages into a more natural place. Previously, they were defined within the network layer even though they are independent of the libp2p implementation. 2021-03-24 01:55:00 -04:00			`}`

			`#[derive(Clone, Debug, Serialize, Deserialize)]`
			`pub struct Message2 {`
Alice to validate Bob's PSBT for correctness In order for the re-construction of TxLock to be meaningful, we limit `Message2` to the PSBT instead of the full struct. This is a breaking change in the network layer. The PSBT is valid if: - It has at most two outputs (we allow a change output) - One of the outputs pays the agreed upon amount to a shared output script Resolves #260. 2021-03-24 03:30:55 -04:00			`psbt: bitcoin::PartiallySignedTransaction,`
Move messages into `protocol` module This allows us to remove all visibility modifiers from the message fields because child modules (in this case {alice,bob}::state) can always access private fields of structs. It also moves the messages into a more natural place. Previously, they were defined within the network layer even though they are independent of the libp2p implementation. 2021-03-24 01:55:00 -04:00			`}`

			`#[derive(Clone, Debug, Serialize, Deserialize)]`
			`pub struct Message3 {`
			`tx_cancel_sig: bitcoin::Signature,`
			`tx_refund_encsig: bitcoin::EncryptedSignature,`
			`}`

			`#[derive(Clone, Debug, Serialize, Deserialize)]`
			`pub struct Message4 {`
			`tx_punish_sig: bitcoin::Signature,`
			`tx_cancel_sig: bitcoin::Signature,`
			`}`
Create Database trait Use domain types in database API to prevent leaking of database types. This trait will allow us to smoothly introduce the sqlite database. 2021-09-27 20:15:31 -04:00
			`#[allow(clippy::large_enum_variant)]`
			`#[derive(Clone, Debug, PartialEq)]`
			`pub enum State {`
			`Alice(AliceState),`
			`Bob(BobState),`
			`}`

			`impl State {`
			`pub fn swap_finished(&self) -> bool {`
			`match self {`
			`State::Alice(state) => alice_is_complete(state),`
			`State::Bob(state) => bob_is_complete(state),`
			`}`
			`}`
			`}`

			`impl From<AliceState> for State {`
			`fn from(alice: AliceState) -> Self {`
			`Self::Alice(alice)`
			`}`
			`}`

			`impl From<BobState> for State {`
			`fn from(bob: BobState) -> Self {`
			`Self::Bob(bob)`
			`}`
			`}`

			`#[derive(thiserror::Error, Debug, Clone, Copy, PartialEq)]`
			`#[error("Not in the role of Alice")]`
			`pub struct NotAlice;`

			`#[derive(thiserror::Error, Debug, Clone, Copy, PartialEq)]`
			`#[error("Not in the role of Bob")]`
			`pub struct NotBob;`

			`impl TryInto<BobState> for State {`
			`type Error = NotBob;`

			`fn try_into(self) -> std::result::Result<BobState, Self::Error> {`
			`match self {`
			`State::Alice(_) => Err(NotBob),`
			`State::Bob(state) => Ok(state),`
			`}`
			`}`
			`}`

			`impl TryInto<AliceState> for State {`
			`type Error = NotAlice;`

			`fn try_into(self) -> std::result::Result<AliceState, Self::Error> {`
			`match self {`
			`State::Alice(state) => Ok(state),`
			`State::Bob(_) => Err(NotAlice),`
			`}`
			`}`
			`}`

			`#[async_trait]`
			`pub trait Database {`
			`async fn insert_peer_id(&self, swap_id: Uuid, peer_id: PeerId) -> Result<()>;`
			`async fn get_peer_id(&self, swap_id: Uuid) -> Result<PeerId>;`
			`async fn insert_monero_address(&self, swap_id: Uuid, address: monero::Address) -> Result<()>;`
			`async fn get_monero_address(&self, swap_id: Uuid) -> Result<monero::Address>;`
			`async fn insert_address(&self, peer_id: PeerId, address: Multiaddr) -> Result<()>;`
			`async fn get_addresses(&self, peer_id: PeerId) -> Result<Vec<Multiaddr>>;`
			`async fn insert_latest_state(&self, swap_id: Uuid, state: State) -> Result<()>;`
			`async fn get_state(&self, swap_id: Uuid) -> Result<State>;`
			`async fn all(&self) -> Result<Vec<(Uuid, State)>>;`
			`}`