refactor: migrate from ed25519 to sr25519 for Substrate/Bittensor compatibility

- Update challenge-sdk decrypt_api_key() to use HKDF-based decryption
- Update challenge-sdk verify_signature() to use sr25519
- Remove ed25519-dalek, x25519-dalek, curve25519-dalek from challenge-sdk
- Update bins/utils to use sr25519 for key generation
- All 50 challenge-sdk tests passing

Author: echobt

Cargo.lock

@@ -1260,14 +1260,15 @@ async fn main() -> Result<()> {
             }
         },
 
-        Commands::Refresh(cmd) => match cmd {
-            RefreshCommands::All => {
-                println!(
-                    "{}",
-                    "Requesting all validators to re-pull and restart challenges..."
-                        .bright_yellow()
-                );
-                if Confirm::with_theme(&ColorfulTheme::default())
+        Commands::Refresh(cmd) => {
+            match cmd {
+                RefreshCommands::All => {
+                    println!(
+                        "{}",
+                        "Requesting all validators to re-pull and restart challenges..."
+                            .bright_yellow()
+                    );
+                    if Confirm::with_theme(&ColorfulTheme::default())
                     .with_prompt("This will restart all challenge containers on all validators. Continue?")
                     .default(true)
                     .interact()?
@@ -1279,53 +1280,54 @@ async fn main() -> Result<()> {
                     )
                     .await?;
                 }
-            }
-            RefreshCommands::Challenge { id } => {
-                let state = fetch_chain_state(&args.rpc).await?;
+                }
+                RefreshCommands::Challenge { id } => {
+                    let state = fetch_chain_state(&args.rpc).await?;
 
-                let challenge = if let Some(id) = id {
-                    state
-                        .challenges
-                        .iter()
-                        .find(|c| c.id.starts_with(&id))
-                        .ok_or_else(|| anyhow::anyhow!("Challenge not found: {}", id))?
-                } else {
-                    if state.challenges.is_empty() {
-                        println!("{}", "No challenges to refresh.".yellow());
-                        return Ok(());
-                    }
+                    let challenge = if let Some(id) = id {
+                        state
+                            .challenges
+                            .iter()
+                            .find(|c| c.id.starts_with(&id))
+                            .ok_or_else(|| anyhow::anyhow!("Challenge not found: {}", id))?
+                    } else {
+                        if state.challenges.is_empty() {
+                            println!("{}", "No challenges to refresh.".yellow());
+                            return Ok(());
+                        }
 
-                    let options: Vec<String> = state
-                        .challenges
-                        .iter()
-                        .map(|c| format!("{} ({})", c.name, &c.id[..8]))
-                        .collect();
+                        let options: Vec<String> = state
+                            .challenges
+                            .iter()
+                            .map(|c| format!("{} ({})", c.name, &c.id[..8]))
+                            .collect();
 
-                    let selection = FuzzySelect::with_theme(&ColorfulTheme::default())
-                        .with_prompt("Select challenge to refresh")
-                        .items(&options)
-                        .interact()?;
+                        let selection = FuzzySelect::with_theme(&ColorfulTheme::default())
+                            .with_prompt("Select challenge to refresh")
+                            .items(&options)
+                            .interact()?;
 
-                    &state.challenges[selection]
-                };
+                        &state.challenges[selection]
+                    };
 
-                println!(
-                    "Refreshing challenge: {} ({})",
-                    challenge.name.green(),
-                    &challenge.id[..8]
-                );
+                    println!(
+                        "Refreshing challenge: {} ({})",
+                        challenge.name.green(),
+                        &challenge.id[..8]
+                    );
 
-                let challenge_id = ChallengeId(uuid::Uuid::parse_str(&challenge.id)?);
-                submit_action(
-                    &args.rpc,
-                    &keypair,
-                    SudoAction::RefreshChallenges {
-                        challenge_id: Some(challenge_id),
-                    },
-                )
-                .await?;
+                    let challenge_id = ChallengeId(uuid::Uuid::parse_str(&challenge.id)?);
+                    submit_action(
+                        &args.rpc,
+                        &keypair,
+                        SudoAction::RefreshChallenges {
+                            challenge_id: Some(challenge_id),
+                        },
+                    )
+                    .await?;
+                }
             }
-        },
+        }
     }
 
     Ok(())

bins/csudo/src/main.rs

@@ -4,5 +4,5 @@ version = "0.1.0"
 edition = "2021"
 
 [dependencies]
-ed25519-dalek = "2.1"
+sp-core = { version = "31.0", default-features = false, features = ["std"] }
 hex = "0.4"

bins/utils/Cargo.toml

@@ -1,10 +1,13 @@
+use sp_core::{sr25519, Pair};
+
 fn main() {
     let secret_hex = "0000000000000000000000000000000000000000000000000000000000000001";
     let bytes = hex::decode(secret_hex).expect("Invalid hex");
     let mut arr = [0u8; 32];
     arr.copy_from_slice(&bytes);
 
-    let signing_key = ed25519_dalek::SigningKey::from_bytes(&arr);
-    let verifying_key = signing_key.verifying_key();
-    println!("{}", hex::encode(verifying_key.to_bytes()));
+    // Use sr25519 (Substrate/Bittensor standard)
+    let pair = sr25519::Pair::from_seed(&arr);
+    let public = pair.public();
+    println!("{}", hex::encode(public.0));
 }

bins/utils/src/main.rs

@@ -863,7 +863,7 @@ async fn main() -> Result<()> {
 
                                     let mut skipped_low_stake = 0;
                                     let mut add_failed = 0;
-                                    
+
                                     for neuron in metagraph.neurons.values() {
                                         // Convert AccountId32 hotkey to our Hotkey type
                                         let hotkey_bytes: &[u8; 32] = neuron.hotkey.as_ref();
@@ -873,7 +873,8 @@ async fn main() -> Result<()> {
                                         // Use total_stake from metagraph - this is the ACTUAL stake used in consensus
                                         // It includes: alpha stake + (tao stake * tao_weight)
                                         // The runtime API calculates this including parent inheritance
-                                        let stake_rao = neuron.total_stake.min(u64::MAX as u128) as u64;
+                                        let stake_rao =
+                                            neuron.total_stake.min(u64::MAX as u128) as u64;
 
                                         // ALWAYS cache stake in protection for debugging
                                         // This allows us to show actual stake when rejecting low-stake validators
@@ -915,7 +916,7 @@ async fn main() -> Result<()> {
                                             v.stake = Stake::new(stake_rao);
                                         }
                                     }
-                                    
+
                                     if skipped_low_stake > 0 {
                                         debug!(
                                             "Skipped {} neurons with stake below {} TAO threshold",
@@ -1021,7 +1022,11 @@ async fn main() -> Result<()> {
     let mut network = NetworkNode::with_hotkey(node_config.clone(), Some(&our_hotkey_hex)).await?;
     let mut event_rx = network.take_event_receiver().unwrap();
 
-    info!("Local peer ID: {} (hotkey: {})", network.local_peer_id(), keypair.ss58_address());
+    info!(
+        "Local peer ID: {} (hotkey: {})",
+        network.local_peer_id(),
+        keypair.ss58_address()
+    );
 
     // Start network
     network.start(&node_config).await?;
@@ -1032,7 +1037,8 @@ async fn main() -> Result<()> {
     // Spawn network event loop in a separate task
     tokio::spawn(async move {
         // Bootstrap retry interval - reconnect to bootnode if disconnected
-        let mut bootstrap_retry_interval = tokio::time::interval(std::time::Duration::from_secs(30));
+        let mut bootstrap_retry_interval =
+            tokio::time::interval(std::time::Duration::from_secs(30));
         bootstrap_retry_interval.set_missed_tick_behavior(tokio::time::MissedTickBehavior::Skip);
 
         loop {
@@ -1160,21 +1166,26 @@ async fn main() -> Result<()> {
                             info!("Challenge container '{}' started successfully", config.name);
 
                             // Get actual endpoint from orchestrator and update the endpoints map
-                            let endpoint = if let Some(instance) = orch.get_challenge(&config.challenge_id) {
+                            let endpoint = if let Some(instance) =
+                                orch.get_challenge(&config.challenge_id)
+                            {
                                 instance.endpoint.clone()
                             } else {
                                 // Fallback to constructed URL if instance not found
                                 let container_name = config.name.to_lowercase().replace(' ', "-");
                                 format!("http://challenge-{}:8080", container_name)
                             };
-                            
+
                             // Update endpoints map for HTTP proxying (store by both UUID and name)
                             {
                                 let mut eps = endpoints_for_orch.write();
                                 eps.insert(config.challenge_id.to_string(), endpoint.clone());
                                 eps.insert(config.name.clone(), endpoint.clone());
                             }
-                            info!("Updated endpoint for challenge '{}' ({}): {}", config.name, config.challenge_id, endpoint);
+                            info!(
+                                "Updated endpoint for challenge '{}' ({}): {}",
+                                config.name, config.challenge_id, endpoint
+                            );
 
                             // Discover routes from the container via /.well-known/routes
                             if let Some(ref routes) = routes_map {
@@ -1325,12 +1336,17 @@ async fn main() -> Result<()> {
 
             for config in configs {
                 // Get actual endpoint from orchestrator (includes validator suffix in dev mode)
-                let routes_url = if let Some(instance) = orch_for_discovery.get_challenge(&config.challenge_id) {
+                let routes_url = if let Some(instance) =
+                    orch_for_discovery.get_challenge(&config.challenge_id)
+                {
                     format!("{}/.well-known/routes", instance.endpoint)
                 } else {
                     // Fallback to constructed URL if instance not found
                     let container_name = config.name.to_lowercase().replace(' ', "-");
-                    format!("http://challenge-{}:8080/.well-known/routes", container_name)
+                    format!(
+                        "http://challenge-{}:8080/.well-known/routes",
+                        container_name
+                    )
                 };
 
                 info!(
@@ -1875,7 +1891,7 @@ async fn main() -> Result<()> {
                     NetworkEvent::PeerIdentified { peer_id, hotkey, agent_version } => {
                         let peer_str = peer_id.to_string();
                         let should_validate_stake = protection.config().validate_stake;
-                        
+
                         if let Some(ref hk) = hotkey {
                             // Convert hex hotkey to SS58 for display
                             let ss58 = if let Ok(bytes) = hex::decode(hk) {
@@ -2222,7 +2238,7 @@ async fn main() -> Result<()> {
                                                 let hotkey_bytes: &[u8; 32] = neuron.hotkey.as_ref();
                                                 let hotkey = Hotkey(*hotkey_bytes);
                                                 let hotkey_hex = hotkey.to_hex();
-                                                
+
                                                 // Use total_stake from metagraph (includes parent inheritance + TAO weight)
                                                 let stake_rao = neuron.total_stake.min(u64::MAX as u128) as u64;
 
@@ -2455,14 +2471,22 @@ async fn handle_message(
                             error!("Failed to start challenge container: {}", e);
                         } else {
                             info!("Challenge container started: {}", config.name);
-                            
+
                             // Update endpoints map with actual container endpoint
                             if let Some(endpoints) = challenge_endpoints {
-                                if let Some(instance) = orchestrator.get_challenge(&config.challenge_id) {
+                                if let Some(instance) =
+                                    orchestrator.get_challenge(&config.challenge_id)
+                                {
                                     let mut eps = endpoints.write();
-                                    eps.insert(config.challenge_id.to_string(), instance.endpoint.clone());
+                                    eps.insert(
+                                        config.challenge_id.to_string(),
+                                        instance.endpoint.clone(),
+                                    );
                                     eps.insert(config.name.clone(), instance.endpoint.clone());
-                                    info!("Updated endpoint for challenge '{}': {}", config.name, instance.endpoint);
+                                    info!(
+                                        "Updated endpoint for challenge '{}': {}",
+                                        config.name, instance.endpoint
+                                    );
                                 }
                             }
                         }
@@ -2605,14 +2629,21 @@ async fn handle_message(
                         error!("Failed to start challenge container from P2P: {}", e);
                     } else {
                         info!("Challenge container '{}' started from P2P", config.name);
-                        
+
                         // Update endpoints map with actual container endpoint
                         if let Some(endpoints) = challenge_endpoints {
-                            if let Some(instance) = orchestrator.get_challenge(&config.challenge_id) {
+                            if let Some(instance) = orchestrator.get_challenge(&config.challenge_id)
+                            {
                                 let mut eps = endpoints.write();
-                                eps.insert(config.challenge_id.to_string(), instance.endpoint.clone());
+                                eps.insert(
+                                    config.challenge_id.to_string(),
+                                    instance.endpoint.clone(),
+                                );
                                 eps.insert(config.name.clone(), instance.endpoint.clone());
-                                info!("Updated endpoint for challenge '{}' (P2P): {}", config.name, instance.endpoint);
+                                info!(
+                                    "Updated endpoint for challenge '{}' (P2P): {}",
+                                    config.name, instance.endpoint
+                                );
                             }
                         }
                     }

bins/validator-node/src/main.rs

@@ -304,7 +304,10 @@ impl DockerClient {
         // Create persistent data directory for challenge state (survives restarts)
         let challenge_data_dir = format!("/tmp/platform-challenges/{}/data", container_name);
         if let Err(e) = std::fs::create_dir_all(&challenge_data_dir) {
-            warn!("Failed to create challenge data dir {}: {}", challenge_data_dir, e);
+            warn!(
+                "Failed to create challenge data dir {}: {}",
+                challenge_data_dir, e
+            );
         }
 
         // Build host config with resource limits
@@ -320,7 +323,7 @@ impl DockerClient {
                 "/var/run/docker.sock:/var/run/docker.sock:rw".to_string(),
                 "/tmp/platform-tasks:/app/data/tasks:rw".to_string(), // Override internal tasks
                 "/tmp/platform-tasks:/tmp/platform-tasks:rw".to_string(), // For DinD path mapping
-                format!("{}:/data:rw", challenge_data_dir), // Persistent challenge state
+                format!("{}:/data:rw", challenge_data_dir),           // Persistent challenge state
             ]),
             ..Default::default()
         };

crates/challenge-orchestrator/src/docker.rs

@@ -27,10 +27,7 @@ sp-core = { workspace = true }
 parity-scale-codec = { workspace = true }
 aes-gcm = "0.10"
 rand = { workspace = true }
-ed25519-dalek = { version = "2.1", features = ["rand_core"] }
-x25519-dalek = { version = "2.0", features = ["static_secrets"] }
 chacha20poly1305 = "0.10"
-curve25519-dalek = "4.1"
 
 # Utils
 uuid = { workspace = true }