SRS Oracle

A secure, distributed oracle system built on Algorand that implements Shamir's Secret Sharing (SRS) with OPRF (Oblivious Pseudorandom Function) evaluation capabilities. This is an example implementation of an oracle, written in Rust, that listens for OPRF evaluation requests on the Algorand blockchain, processes them, and posts sesults back to the blockchain using the (SRS smart contracts)[https://github.com/blockshake-io/srs_smart_contracts].

Overview

SRS Oracle is a decentralized system that provides secure secret sharing and recovery using cryptographic primitives. The system consists of:

• Oracles: Distributed nodes that perform OPRF evaluations
• Registry: A smart contract that manages user accounts and configurations
• Client: An example of a command-line interface for user registration and account recovery

Features

• Shamir Secret Sharing: Distributes secrets across multiple oracles using threshold cryptography
• OPRF Evaluation: Implements oblivious pseudorandom function evaluation for secure computation
• Argon2 Key Stretching: Configurable key derivation function for enhanced security
• Algorand Integration: Built on Algorand blockchain for decentralized operation
• Account Recovery: Secure recovery mechanism using seed phrases

Architecture

Components

1. Oracle Nodes (src/main.rs)

   • Process OPRF evaluation requests
   • Handle encrypted shard decryption
   • Respond with evaluated elements

2. Registry Smart Contract

   • Manages user accounts and configurations
   • Stores encrypted OPRF configurations
   • Handles user registration and topology management

3. Client (examples/client.rs)

   • Interactive command-line interface
   • User registration and account recovery
   • OPRF evaluation coordination

4. Shamir Implementation (src/shamir.rs)

   • Secret sharing and reconstruction
   • Lagrange interpolation
   • Threshold cryptography

Prerequisites

• Rust 1.70+ and Cargo
• Algorand node (local or testnet)
• Algorand indexer (local or testnet)
• Algonaut SDK (custom fork)

Installation

1. Clone the repository:

git clone <repository-url>
cd srs_oracle

2. Install dependencies:

cargo build

Configuration

Oracle Configuration

Each oracle expects the following environment variables:

APP_ID="1045"
ENCRYPTION_SK="d9a61a8a04114e1a59259dfa3bafdb35700ae5b24b6de08112d8140a83163095"
ACCOUNT_MNEMONIC="gallery moment cute stuff prison pyramid question spot average basic thank twin erupt spawn car roast old lens fold aware industry desert figure absorb myth"
ALGOD_URL="https://testnet-api.4160.nodely.dev"
ALGOD_TOKEN=""
INDEXER_URL="https://testnet-idx.4160.nodely.dev"
TOPOLOGY_ID=1

Generate new keypairs using:

cargo run --example generate_keypair

Registry Configuration

The registry application ID and topology must be configured in the client.

Usage

Running Oracles

Start individual oracle nodes:

# Oracle 1
./scripts/oracle1.sh

# Oracle 2
./scripts/oracle2.sh

# Oracle 3
./scripts/oracle3.sh

Running the Client

Start the interactive client:

./scripts/client.sh

Client Commands

• register: Register a new user account
• recover: Recover an existing account using seed phrase
• logout: Log out from current session
• show-topology: Display current oracle topology
• show-argon2: Show current Argon2 configuration
• configure-argon2: Configure Argon2 parameters
• help: Show available commands
• exit: Exit the client

Registration Process

1. Generate Seed Phrase: The system generates a random 4-word seed phrase
2. Shamir Sharing: The secret is split into shares using threshold cryptography
3. OPRF Evaluation: Each oracle evaluates the blinded input
4. Key Derivation: Argon2 is used to stretch the OPRF output
5. Account Creation: A new Algorand account is created and funded
6. Configuration Storage: Encrypted configuration is stored in the registry

Recovery Process

1. Input Credentials: Username and seed phrase are provided
2. Configuration Retrieval: OPRF configuration is retrieved from registry
3. OPRF Evaluation: Oracles evaluate the blinded input
4. Key Derivation: Argon2 derives the encryption key
5. Account Recovery: The original account is recovered using the decrypted seed

Security Features

• Threshold Cryptography: Secrets are distributed across multiple oracles
• Oblivious Evaluation: Oracles cannot learn the original input
• Encrypted Storage: All sensitive data is encrypted
• Key Stretching: Argon2 provides resistance against brute force attacks
• Blockchain Security: Algorand provides consensus and immutability

Cryptographic Components

OPRF (Oblivious Pseudorandom Function)

• Uses BLS12-381 curve for efficient pairing operations
• Implements blinding and unblinding for privacy
• Supports threshold evaluation across multiple oracles

Shamir Secret Sharing

• Configurable threshold for secret reconstruction
• Lagrange interpolation for share combination
• Secure against up to (threshold-1) compromised oracles

Argon2 Key Derivation

• Configurable memory, time, and parallelism parameters
• Resistant to GPU and ASIC attacks
• Supports multiple variants (Argon2d, Argon2i, Argon2id)

Development

Building

# Build the library
cargo build

# Build with optimizations
cargo build --release

Examples

# Run the client example
cargo run --example client

# Generate a new keypair
cargo run --example generate_keypair

Dependencies

• algonaut: Algorand SDK for blockchain interaction
• blstrs: BLS12-381 curve implementation
• crypto-box: Public-key authenticated encryption
• argon2: Password hashing and key derivation
• tokio: Async runtime for concurrent operations
• serde: Serialization framework

License

[Add your license information here]

Contributing

[Add contribution guidelines here]

Support

[Add support information here]