Skip to content

feat: add new signature scheme variant to contract #1658

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
kevindeforth wants to merge 5 commits into
base: main
Choose a base branch
from
Draft

feat: add new signature scheme variant to contract #1658

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
c2a8cac
chore: Introduce SignatureScheme enum variant
netrome Dec 10, 2025
b994c70
fix: remaining compilation issues
gilcu3 Dec 10, 2025
71916ff
test new signature scheme in contract unit tests
kevindeforth Dec 11, 2025
c2e245a
cleanup
kevindeforth Dec 15, 2025
ed9cb8f
.
kevindeforth Dec 15, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
79 changes: 42 additions & 37 deletions crates/contract/src/lib.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -163,7 +163,7 @@ impl MpcContract {
// It's important we fail here because the MPC nodes will fail in an identical way.
// This allows users to get the error message
match domain_config.scheme {
SignatureScheme::Secp256k1 => {
SignatureScheme::Secp256k1 | SignatureScheme::V2Secp256k1 => {
let hash = *request.payload.as_ecdsa().expect("Payload is not Ecdsa");
k256::Scalar::from_repr(hash.into())
.into_option()
Expand All @@ -173,10 +173,7 @@ impl MpcContract {
request.payload.as_eddsa().expect("Payload is not EdDSA");
}
SignatureScheme::Bls12381 => {
env::panic_str(
&InvalidParameters::InvalidDomainId.message("Selected domain is used for Bls12381, which is not compatible with this function")
.to_string(),
);
env::panic_str(&InvalidParameters::InvalidDomainId.message("Selected domain is used for Bls12381, which is not compatible with this function").to_string(),);
}
}

Expand Down Expand Up @@ -1656,6 +1653,7 @@ mod tests {
use crate::primitives::participants::{ParticipantId, ParticipantInfo};
use crate::primitives::test_utils::{
bogus_ed25519_near_public_key, bogus_ed25519_public_key, gen_account_id, gen_participant,
NUM_PROTOCOLS,
};
use crate::primitives::{
domain::{DomainConfig, DomainId, SignatureScheme},
Expand Down Expand Up @@ -1758,7 +1756,7 @@ mod tests {
rng: &mut impl CryptoRngCore,
) -> (dtos::PublicKey, SharedSecretKey) {
match domain_scheme {
SignatureScheme::Secp256k1 => {
SignatureScheme::Secp256k1 | SignatureScheme::V2Secp256k1 => {
let (pk, sk) = new_secp256k1(rng);
(pk.into(), SharedSecretKey::Secp256k1(sk))
}
Expand Down Expand Up @@ -2397,9 +2395,11 @@ mod tests {
}
}

const NUM_GENERATED_DOMAINS: usize = 1;
const NUM_DOMAINS: usize = 2 * NUM_PROTOCOLS;
#[test]
fn test_start_node_migration_failure_not_participant() {
let running_state = ProtocolContractState::Running(gen_running_state(2));
let running_state = ProtocolContractState::Running(gen_running_state(NUM_DOMAINS));
let mut contract = MpcContract::new_from_protocol_state(running_state);

// sanity check
Expand All @@ -2416,7 +2416,7 @@ mod tests {

#[test]
fn test_start_node_migration_success() {
let running_state = ProtocolContractState::Running(gen_running_state(2));
let running_state = ProtocolContractState::Running(gen_running_state(NUM_DOMAINS));
let mut contract = MpcContract::new_from_protocol_state(running_state);

// sanity check
Expand Down Expand Up @@ -2472,14 +2472,14 @@ mod tests {
#[test]
fn test_start_node_migration_failure_initializing() {
let initializing_state =
ProtocolContractState::Initializing(gen_initializing_state(2, 0).1);
ProtocolContractState::Initializing(gen_initializing_state(NUM_DOMAINS, 0).1);
let contract = MpcContract::new_from_protocol_state(initializing_state);
test_start_migration_node_failure_not_running(contract);
}

#[test]
fn test_start_node_migration_failure_resharing() {
let resharing_state = ProtocolContractState::Resharing(gen_resharing_state(2).1);
let resharing_state = ProtocolContractState::Resharing(gen_resharing_state(NUM_DOMAINS).1);
let contract = MpcContract::new_from_protocol_state(resharing_state);
test_start_migration_node_failure_not_running(contract);
}
Expand All @@ -2501,22 +2501,22 @@ mod tests {

#[test]
fn test_register_backup_service_fail_non_participant_running() {
let running_state = ProtocolContractState::Running(gen_running_state(2));
let running_state = ProtocolContractState::Running(gen_running_state(NUM_DOMAINS));
let contract = MpcContract::new_from_protocol_state(running_state);
test_register_backup_service_fail_non_participant(contract);
}

#[test]
fn test_register_backup_service_fail_non_participant_initializing() {
let initializing_state =
ProtocolContractState::Initializing(gen_initializing_state(2, 0).1);
ProtocolContractState::Initializing(gen_initializing_state(NUM_DOMAINS, 0).1);
let contract = MpcContract::new_from_protocol_state(initializing_state);
test_register_backup_service_fail_non_participant(contract);
}

#[test]
fn test_register_backup_service_fail_non_participant_resharnig() {
let resharing_state = ProtocolContractState::Resharing(gen_resharing_state(2).1);
let resharing_state = ProtocolContractState::Resharing(gen_resharing_state(NUM_DOMAINS).1);
let contract = MpcContract::new_from_protocol_state(resharing_state);
test_register_backup_service_fail_non_participant(contract);
}
Expand Down Expand Up @@ -2552,7 +2552,7 @@ mod tests {

#[test]
fn test_register_backup_service_success_running() {
let running_state = gen_running_state(2);
let running_state = gen_running_state(NUM_DOMAINS);
let participants = running_state.parameters.participants().clone();
let running_state = ProtocolContractState::Running(running_state);
let contract = MpcContract::new_from_protocol_state(running_state);
Expand All @@ -2561,7 +2561,7 @@ mod tests {

#[test]
fn test_register_backup_service_success_resharing() {
let resharing_state = gen_resharing_state(2).1;
let resharing_state = gen_resharing_state(NUM_DOMAINS).1;
let participants = resharing_state
.resharing_key
.proposed_parameters()
Expand All @@ -2574,7 +2574,7 @@ mod tests {

#[test]
fn test_register_backup_service_success_initializing() {
let initializing_state = gen_initializing_state(2, 0).1;
let initializing_state = gen_initializing_state(NUM_DOMAINS, 0).1;
let participants = initializing_state
.generating_key
.proposed_parameters()
Expand All @@ -2587,7 +2587,7 @@ mod tests {

#[test]
fn test_conclude_node_migration_success() {
let running_state = gen_running_state(2);
let running_state = gen_running_state(NUM_DOMAINS);
let keyset = running_state.keyset.clone();
let participants = running_state.parameters.participants().clone();
let running_state = ProtocolContractState::Running(running_state);
Expand Down Expand Up @@ -2617,7 +2617,7 @@ mod tests {

#[test]
fn test_conclude_node_migration_invalid_tee() {
let running_state = gen_running_state(2);
let running_state = gen_running_state(NUM_DOMAINS);
let keyset = running_state.keyset.clone();
let participants = running_state.parameters.participants().clone();
let running_state = ProtocolContractState::Running(running_state);
Expand Down Expand Up @@ -2645,7 +2645,7 @@ mod tests {

#[test]
fn test_conclude_node_migration_migration_not_found() {
let running_state = gen_running_state(2);
let running_state = gen_running_state(NUM_DOMAINS);
let keyset = running_state.keyset.clone();
let participants = running_state.parameters.participants().clone();
let running_state = ProtocolContractState::Running(running_state);
Expand Down Expand Up @@ -2678,7 +2678,7 @@ mod tests {

#[test]
fn test_conclude_node_migration_keyset_mismatch() {
let running_state = gen_running_state(2);
let running_state = gen_running_state(NUM_DOMAINS);
let mut keyset = running_state.keyset.clone();
keyset.epoch_id = keyset.epoch_id.next();
let participants = running_state.parameters.participants().clone();
Expand Down Expand Up @@ -2712,7 +2712,7 @@ mod tests {

#[test]
fn test_conclude_node_migration_not_participant() {
let running_state = gen_running_state(2);
let running_state = gen_running_state(NUM_DOMAINS);
let keyset = running_state.keyset.clone();
let running_state = ProtocolContractState::Running(running_state);
let mut contract = MpcContract::new_from_protocol_state(running_state);
Expand Down Expand Up @@ -2767,7 +2767,7 @@ mod tests {

#[test]
fn test_conclude_node_migration_failure_resharing() {
let (_, resharing_state) = gen_resharing_state(2);
let (_, resharing_state) = gen_resharing_state(NUM_DOMAINS);

let keyset = resharing_state.previous_running_state.keyset.clone();
let participants = resharing_state
Expand All @@ -2782,7 +2782,7 @@ mod tests {

#[test]
fn test_conclude_node_migration_failure_initializing() {
let (_, initializing) = gen_initializing_state(2, 0);
let (_, initializing) = gen_initializing_state(NUM_DOMAINS, 0);

let keyset = Keyset::new(
initializing.generating_key.epoch_id(),
Expand Down Expand Up @@ -2871,7 +2871,7 @@ mod tests {

#[test]
pub fn test_cleanup_orphaned_node_migrations() {
let running_state = gen_running_state(2);
let running_state = gen_running_state(NUM_DOMAINS);
let participants = running_state.parameters.participants().clone();
let running_state = ProtocolContractState::Running(running_state);
let mut contract = MpcContract::new_from_protocol_state(running_state);
Expand Down Expand Up @@ -3004,26 +3004,29 @@ mod tests {

#[test]
pub fn test_proposed_updates_interface_running() {
let protocol_contract_state = ProtocolContractState::Running(gen_running_state(2));
let protocol_contract_state =
ProtocolContractState::Running(gen_running_state(NUM_DOMAINS));
test_proposed_updates_case_given_state(protocol_contract_state);
}

#[test]
pub fn test_proposed_updates_interface_resharing() {
let protocol_contract_state = ProtocolContractState::Resharing(gen_resharing_state(2).1);
let protocol_contract_state =
ProtocolContractState::Resharing(gen_resharing_state(NUM_DOMAINS).1);
test_proposed_updates_case_given_state(protocol_contract_state);
}

#[test]
pub fn test_proposed_updates_interface_initialzing() {
let protocol_contract_state =
ProtocolContractState::Initializing(gen_initializing_state(2, 1).1);
let protocol_contract_state = ProtocolContractState::Initializing(
gen_initializing_state(NUM_DOMAINS, NUM_GENERATED_DOMAINS).1,
);
test_proposed_updates_case_given_state(protocol_contract_state);
}

#[test]
pub fn test_remove_update_vote_running() {
let running_state = gen_running_state(2);
let running_state = gen_running_state(NUM_DOMAINS);
let participants = running_state.parameters.participants().clone();
let protocol_contract_state = ProtocolContractState::Running(running_state);
let mut contract = MpcContract::new_from_protocol_state(protocol_contract_state);
Expand Down Expand Up @@ -3064,7 +3067,7 @@ mod tests {
#[test]
#[should_panic(expected = "not a voter")]
fn test_remove_update_vote_panics_if_non_voter() {
let running_state = gen_running_state(2);
let running_state = gen_running_state(NUM_DOMAINS);
let protocol_contract_state = ProtocolContractState::Running(running_state);
let mut contract = MpcContract::new_from_protocol_state(protocol_contract_state);
let expected = propose_and_vote_code(0, &mut contract);
Expand All @@ -3083,7 +3086,8 @@ mod tests {
#[test]
#[should_panic(expected = "protocol must be in running state")]
pub fn test_remove_update_vote_resharing() {
let protocol_contract_state = ProtocolContractState::Resharing(gen_resharing_state(2).1);
let protocol_contract_state =
ProtocolContractState::Resharing(gen_resharing_state(NUM_DOMAINS).1);
let mut contract = MpcContract::new_from_protocol_state(protocol_contract_state);
let account_id = gen_account_id();
testing_env!(VMContextBuilder::new()
Expand All @@ -3096,8 +3100,9 @@ mod tests {
#[test]
#[should_panic(expected = "protocol must be in running state")]
pub fn test_remove_update_vote_initializing() {
let protocol_contract_state =
ProtocolContractState::Initializing(gen_initializing_state(2, 1).1);
let protocol_contract_state = ProtocolContractState::Initializing(
gen_initializing_state(NUM_DOMAINS, NUM_GENERATED_DOMAINS).1,
);
let mut contract = MpcContract::new_from_protocol_state(protocol_contract_state);
let account_id = gen_account_id();
testing_env!(VMContextBuilder::new()
Expand Down Expand Up @@ -3167,7 +3172,7 @@ mod tests {
/// (simulating post-resharing cleanup).
#[test]
pub fn test_remove_non_participant_update_votes() {
let running_state = gen_running_state(2);
let running_state = gen_running_state(NUM_DOMAINS);
let participants = running_state.parameters.participants().clone();
let mut contract =
MpcContract::new_from_protocol_state(ProtocolContractState::Running(running_state));
Expand Down Expand Up @@ -3219,9 +3224,9 @@ mod tests {
}

#[rstest]
#[case(ProtocolContractState::Running(gen_running_state(2)))]
#[case(ProtocolContractState::Resharing(gen_resharing_state(2).1))]
#[case(ProtocolContractState::Initializing(gen_initializing_state(2, 1).1))]
#[case(ProtocolContractState::Running(gen_running_state(NUM_DOMAINS)))]
#[case(ProtocolContractState::Resharing(gen_resharing_state(NUM_DOMAINS).1))]
#[case(ProtocolContractState::Initializing(gen_initializing_state(NUM_DOMAINS, NUM_GENERATED_DOMAINS).1))]
fn test_contract_stores_allowed_hashes(#[case] protocol_state: ProtocolContractState) {
const CURRENT_BLOCK_TIME_STAMP: u64 = 10;
let mut contract = MpcContract::new_from_protocol_state(protocol_state);
Expand Down
74 changes: 24 additions & 50 deletions crates/contract/src/primitives/domain.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,7 @@ pub enum SignatureScheme {
Secp256k1,
Ed25519,
Bls12381,
V2Secp256k1, // Robust ECDSA
}

impl Default for SignatureScheme {
Expand Down Expand Up @@ -219,11 +220,11 @@ pub mod tests {
let domains2 = vec![
DomainConfig {
id: DomainId(2),
scheme: SignatureScheme::Secp256k1,
scheme: SignatureScheme::Bls12381,
},
DomainConfig {
id: DomainId(3),
scheme: SignatureScheme::Ed25519,
scheme: SignatureScheme::V2Secp256k1,
},
];
let new_registry = new_registry.add_domains(domains2.clone()).unwrap();
Expand Down Expand Up @@ -253,57 +254,30 @@ pub mod tests {

#[test]
fn test_retain_domains() {
let mut registry = DomainRegistry::from_raw_validated(
vec![
DomainConfig {
id: DomainId(0),
scheme: SignatureScheme::Secp256k1,
},
DomainConfig {
id: DomainId(2),
scheme: SignatureScheme::Ed25519,
},
DomainConfig {
id: DomainId(3),
scheme: SignatureScheme::Secp256k1,
},
],
6,
)
.unwrap();
let expected = vec![
DomainConfig {
id: DomainId(0),
scheme: SignatureScheme::Secp256k1,
},
DomainConfig {
id: DomainId(2),
scheme: SignatureScheme::Ed25519,
},
DomainConfig {
id: DomainId(3),
scheme: SignatureScheme::Bls12381,
},
DomainConfig {
id: DomainId(4),
scheme: SignatureScheme::V2Secp256k1,
},
];
let mut registry = DomainRegistry::from_raw_validated(expected.clone(), 6).unwrap();
registry.retain_domains(3);
assert_eq!(
registry.domains,
vec![
DomainConfig {
id: DomainId(0),
scheme: SignatureScheme::Secp256k1,
},
DomainConfig {
id: DomainId(2),
scheme: SignatureScheme::Ed25519,
},
DomainConfig {
id: DomainId(3),
scheme: SignatureScheme::Secp256k1,
},
]
);
assert_eq!(registry.domains, expected[0..3]);
assert_eq!(registry.next_domain_id, 6);
registry.retain_domains(2);
assert_eq!(
registry.domains,
vec![
DomainConfig {
id: DomainId(0),
scheme: SignatureScheme::Secp256k1,
},
DomainConfig {
id: DomainId(2),
scheme: SignatureScheme::Ed25519,
},
]
);
assert_eq!(registry.domains, expected[0..2]);
assert_eq!(registry.next_domain_id, 6);
registry.retain_domains(0);
assert_eq!(registry.domains, Vec::new());
Expand Down
Loading
Loading