[ALPHANET] 1 Quantum

CMakeLists.txt

@@ -84,6 +84,7 @@ endif()
 
 ###
 
+include(deps/dilithium)
 include(deps/Boost)
 find_package(OpenSSL 1.1.1 REQUIRED)
 set_target_properties(OpenSSL::SSL PROPERTIES

cmake/XrplCore.cmake

@@ -63,6 +63,7 @@ target_link_libraries(xrpl.imports.main
     Xrpl::opts
     Xrpl::syslibs
     secp256k1::secp256k1
+    NIH::dilithium2_ref
     xrpl.libpb
     xxHash::xxhash
     $<$<BOOL:${voidstar}>:antithesis-sdk-cpp>

cmake/deps/dilithium.cmake

@@ -0,0 +1,57 @@
+include(FetchContent)
+
+ExternalProject_Add(
+  dilithium_src
+  PREFIX ${nih_cache_path}
+  GIT_REPOSITORY https://github.com/Transia-RnD/dilithium.git
+  GIT_TAG master
+  CONFIGURE_COMMAND ""
+  LOG_BUILD ON
+  BUILD_IN_SOURCE 0
+  BUILD_COMMAND
+    COMMAND ${CMAKE_COMMAND} -E copy_directory <SOURCE_DIR>/ref <BINARY_DIR>/ref
+    COMMAND make -C <BINARY_DIR>/ref clean
+    COMMAND /bin/sh -c "CFLAGS='-DDILITHIUM_MODE=2 -DDILITHIUM_RANDOMIZED_SIGNING' make -C <BINARY_DIR>/ref libdilithium2_ref.a libfips202_ref.a"
+  INSTALL_COMMAND ""
+  BUILD_BYPRODUCTS
+      <BINARY_DIR>/ref/libdilithium2_ref.a
+      <BINARY_DIR>/ref/libfips202_ref.a
+)
+
+ExternalProject_Get_Property(dilithium_src SOURCE_DIR BINARY_DIR)
+set(dilithium_src_SOURCE_DIR "${SOURCE_DIR}")
+set(dilithium_src_BINARY_DIR "${BINARY_DIR}")
+
+# Include the reference implementation headers from source
+include_directories("${dilithium_src_SOURCE_DIR}/ref")
+
+# Create imported targets for each static library using BINARY_DIR
+add_library(dilithium::dilithium2_ref STATIC IMPORTED GLOBAL)
+set_target_properties(dilithium::dilithium2_ref PROPERTIES
+  IMPORTED_LOCATION "${dilithium_src_BINARY_DIR}/ref/libdilithium2_ref.a"
+  INTERFACE_INCLUDE_DIRECTORIES "${dilithium_src_SOURCE_DIR}/ref/"
+)
+
+add_library(dilithium::libfips202_ref STATIC IMPORTED GLOBAL)
+set_target_properties(dilithium::libfips202_ref PROPERTIES
+  IMPORTED_LOCATION "${dilithium_src_BINARY_DIR}/ref/libfips202_ref.a"
+  INTERFACE_INCLUDE_DIRECTORIES "${dilithium_src_SOURCE_DIR}/ref/"
+)
+
+# Add dependencies to ensure the external project is built first
+add_dependencies(dilithium::dilithium2_ref dilithium_src)
+add_dependencies(dilithium::libfips202_ref dilithium_src)
+
+# Note: We do NOT link the Dilithium library's randombytes.c because we provide
+# our own thread-safe implementation in src/libxrpl/protocol/SecretKey.cpp
+# that uses xrpld's crypto_prng() instead of direct /dev/urandom access.
+
+# Create an interface library that links to the Dilithium libraries
+# Note: Link order matters - libraries that provide symbols must come AFTER libraries that use them
+target_link_libraries(xrpl_libs INTERFACE
+  dilithium::dilithium2_ref
+  dilithium::libfips202_ref
+)
+
+# Create alias for convenience
+add_library(NIH::dilithium2_ref ALIAS dilithium::dilithium2_ref)

include/xrpl/protocol/KeyType.h

@@ -9,6 +9,7 @@ namespace xrpl {
 enum class KeyType {
     secp256k1 = 0,
     ed25519 = 1,
+    dilithium = 2,
 };
 
 inline std::optional<KeyType>
@@ -20,6 +21,9 @@ keyTypeFromString(std::string const& s)
     if (s == "ed25519")
         return KeyType::ed25519;
 
+    if (s == "dilithium")
+        return KeyType::dilithium;
+
     return {};
 }
 
@@ -31,6 +35,9 @@ to_string(KeyType type)
 
     if (type == KeyType::ed25519)
         return "ed25519";
+
+    if (type == KeyType::dilithium)
+        return "dilithium";
 
     return "INVALID";
 }

include/xrpl/protocol/LedgerFormats.h

@@ -115,9 +115,6 @@ enum LedgerSpecificFlags {
     lsfDefaultRipple =
         0x00800000,               // True, incoming trust lines allow rippling by default
     lsfDepositAuth = 0x01000000,  // True, all deposits require authorization
-/*  // reserved for Hooks amendment
-    lsfTshCollect = 0x02000000,     // True, allow TSH collect-calls to acc hooks
-*/
     lsfDisallowIncomingNFTokenOffer =
         0x04000000,               // True, reject new incoming NFT offers
     lsfDisallowIncomingCheck =

include/xrpl/protocol/PublicKey.h

@@ -26,10 +26,11 @@ namespace xrpl {
     information needed to determine the cryptosystem
     parameters used is stored inside the key.
 
-    As of this writing two systems are supported:
+    As of this writing three systems are supported:
 
         secp256k1
         ed25519
+        dilithium
 
     secp256k1 public keys consist of a 33 byte
     compressed public key, with the lead byte equal
@@ -38,14 +39,14 @@ namespace xrpl {
     The ed25519 public keys consist of a 1 byte
     prefix constant 0xED, followed by 32 bytes of
     public key data.
+
+    The dilithium public keys will have their own specific format.
 */
 class PublicKey
 {
 protected:
-    // All the constructed public keys are valid, non-empty and contain 33
-    // bytes of data.
-    static constexpr std::size_t size_ = 33;
-    std::uint8_t buf_[size_];  // should be large enough
+    std::uint8_t buf_[1312];
+    std::size_t size_ = 0;
 
 public:
     using const_iterator = std::uint8_t const*;

include/xrpl/protocol/STValidation.h

@@ -159,7 +159,7 @@ STValidation::STValidation(
     , signingPubKey_([this]() {
         auto const spk = getFieldVL(sfSigningPubKey);
 
-        if (publicKeyType(makeSlice(spk)) != KeyType::secp256k1)
+        if (publicKeyType(makeSlice(spk)) != KeyType::dilithium)
             Throw<std::runtime_error>("Invalid public key in validation");
 
         return PublicKey{makeSlice(spk)};
@@ -204,8 +204,8 @@ STValidation::STValidation(
         "node");
 
     // First, set our own public key:
-    if (publicKeyType(pk) != KeyType::secp256k1)
-        LogicError("We can only use secp256k1 keys for signing validations");
+    if (publicKeyType(pk) != KeyType::dilithium)
+        LogicError("We can only use dilithium keys for signing validations");
 
     setFieldVL(sfSigningPubKey, pk.slice());
     setFieldU32(sfSigningTime, signTime.time_since_epoch().count());

include/xrpl/protocol/SecretKey.h

@@ -18,7 +18,8 @@ namespace xrpl {
 class SecretKey
 {
 private:
-    std::uint8_t buf_[32];
+    std::uint8_t buf_[2560];
+    std::size_t size_ = 0;
 
 public:
     using const_iterator = std::uint8_t const*;
@@ -31,6 +32,7 @@ class SecretKey
     ~SecretKey();
 
     SecretKey(std::array<std::uint8_t, 32> const& data);
+    SecretKey(std::array<std::uint8_t, 2560> const& data);
     SecretKey(Slice const& slice);
 
     std::uint8_t const*
@@ -42,7 +44,7 @@ class SecretKey
     std::size_t
     size() const
     {
-        return sizeof(buf_);
+        return size_;
     }
 
     /** Convert the secret key to a hexadecimal string.
@@ -68,13 +70,13 @@ class SecretKey
     const_iterator
     end() const noexcept
     {
-        return buf_ + sizeof(buf_);
+        return buf_ + size_;
     }
 
     const_iterator
     cend() const noexcept
     {
-        return buf_ + sizeof(buf_);
+        return buf_ + size_;
     }
 };
 
@@ -108,6 +110,10 @@ toBase58(TokenType type, SecretKey const& sk)
 SecretKey
 randomSecretKey();
 
+/** Create a secret key using secure random numbers. */
+SecretKey
+randomSecretKey(KeyType type);
+
 /** Generate a new secret key deterministically. */
 SecretKey
 generateSecretKey(KeyType type, Seed const& seed);

include/xrpl/protocol/TxFlags.h

@@ -65,9 +65,6 @@ constexpr std::uint32_t asfGlobalFreeze                    =  7;
 constexpr std::uint32_t asfDefaultRipple                   =  8;
 constexpr std::uint32_t asfDepositAuth                     =  9;
 constexpr std::uint32_t asfAuthorizedNFTokenMinter         = 10;
-/*  // reserved for Hooks amendment
-constexpr std::uint32_t asfTshCollect                      = 11;
-*/
 constexpr std::uint32_t asfDisallowIncomingNFTokenOffer    = 12;
 constexpr std::uint32_t asfDisallowIncomingCheck           = 13;
 constexpr std::uint32_t asfDisallowIncomingPayChan         = 14;

include/xrpl/protocol/detail/features.macro

@@ -16,6 +16,7 @@
 // Add new amendments to the top of this list.
 // Keep it sorted in reverse chronological order.
 
+XRPL_FEATURE(Quantum,                    Supported::yes, VoteBehavior::DefaultNo)
 XRPL_FEATURE(LendingProtocol,            Supported::no,  VoteBehavior::DefaultNo)
 XRPL_FEATURE(PermissionDelegationV1_1,   Supported::no,  VoteBehavior::DefaultNo)
 XRPL_FIX    (DirectoryLimit,             Supported::yes, VoteBehavior::DefaultNo)