v1.1.0 update

Adding automated chainhash switching.

Also added a Goreleaser GHA.

Some extra cleanups and extra tests too.

.github/workflows/release.yml

@@ -0,0 +1,30 @@
+name: goreleaser
+
+on:
+  push:
+    tags:
+      - 'v*'
+
+jobs:
+  goreleaser:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Setup Go
+        uses: actions/setup-go@v4
+        with:
+          go-version: '1.21'
+      - run: go version
+
+      - name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@v5
+        with:
+          distribution: goreleaser
+          version: latest
+          args: release --clean
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.goreleaser.yml

@@ -0,0 +1,41 @@
+project_name: tlock
+
+before:
+  hooks:
+    - go mod download
+
+builds:
+  - id: tlock
+    binary: tle
+    main: ./cmd/tle/tle.go
+    flags:
+      - -trimpath
+    env:
+      - CGO_ENABLED=0
+    asmflags:
+      - all=-trimpath={{.Env.HOME}}
+    gcflags:
+      - all=-trimpath={{.Env.HOME}}
+    goos:
+      - darwin
+      - linux
+      - windows
+    goarch:
+      - amd64
+      - arm
+      - arm64
+    goarm:
+      - 6
+      - 7
+checksum:
+  name_template: 'checksums.txt'
+snapshot:
+  name_template: "{{ .Tag }}-next"
+changelog:
+  sort: asc
+  filters:
+    exclude:
+    - '^docs:'
+    - '^test:'
+release:
+  prerelease: auto

README.md

@@ -14,7 +14,7 @@ Working endpoints to access it are, on mainnet:
 On mainnet, the only chainhash supporting timelock encryption, with a 3s frequency and signatures on the G1 group is:
 `dbd506d6ef76e5f386f41c651dcb808c5bcbd75471cc4eafa3f4df7ad4e4c493`
 
-This is a production-ready network with high-availability guarantees. It is considered fully secure by the drand team 
+This is a production-ready network with high-availability guarantees. It is considered fully secure by the drand team
 and ran by the same League of Entropy that has been running drand in production since 2019.
 
 On testnet:
@@ -249,19 +249,19 @@ $ cat encrypted_data | tle -d | age -d -o data.txt
 
 Note that you could do the same with PGP or any other encryption tool.
 
---- 
+---
 
 ### Security considerations
 
 The security of our timelock encryption mechanism relies on four main things:
 - The security of the underlying [Identity Encryption Scheme](https://crypto.stanford.edu/~dabo/pubs/papers/bfibe.pdf) (proposed in 2001) and [its implementation](https://github.com/drand/kyber/blob/a780ab21355ebe7f60b441a586d5e73a40c564eb/encrypt/ibe/ibe.go#L39-L47) that we're using.
 - The security of the [threshold BLS scheme](https://link.springer.com/content/pdf/10.1007/s00145-004-0314-9.pdf) (proposed in 2003), and [its impementation](https://github.com/drand/kyber/blob/master/sign/tbls/tbls.go) by the network you're relying on.
-- The security of [age](https://age-encryption.org/)'s underlying primitives, and that of the [age implementation](https://age-encryption.org/) we're using to encrypt the data, since we rely on the [hybrid encryption](https://en.wikipedia.org/wiki/Hybrid_cryptosystem) principle, where we only timelock encrypt ("wrap") a random symmetric key that is used by age to actually symmetrically encrypt the data using [Chacha20Poly1305](https://datatracker.ietf.org/doc/html/rfc8439)).  
-- The security of the threshold network providing you with its BLS signatures **at a given frequency**, for instance the default for `tle` is to rely on drand and its existing League of Entropy network. 
- 
-In practice this means that if you trust there are never more than the threshold `t` malicious nodes on the network you're relying on, you are guaranteed that you timelocked data cannot be decrypted earlier than what you intended. 
+- The security of [age](https://age-encryption.org/)'s underlying primitives, and that of the [age implementation](https://age-encryption.org/) we're using to encrypt the data, since we rely on the [hybrid encryption](https://en.wikipedia.org/wiki/Hybrid_cryptosystem) principle, where we only timelock encrypt ("wrap") a random symmetric key that is used by age to actually symmetrically encrypt the data using [Chacha20Poly1305](https://datatracker.ietf.org/doc/html/rfc8439)).
+- The security of the threshold network providing you with its BLS signatures **at a given frequency**, for instance the default for `tle` is to rely on drand and its existing League of Entropy network.
+
+In practice this means that if you trust there are never more than the threshold `t` malicious nodes on the network you're relying on, you are guaranteed that you timelocked data cannot be decrypted earlier than what you intended.
 
-Please note that neither BLS nor the IBE scheme we are relying on are "quantum resistant", therefore shall a Quantum Computer be built that's able to threaten their security, our current design wouldn't resist. There are also no quantum resistant scheme that we're aware of that could be used to replace our current design since post-quantum signatures schemes do not "thresholdize" too well in a post-quantum IBE-compatible way. 
+Please note that neither BLS nor the IBE scheme we are relying on are "quantum resistant", therefore shall a Quantum Computer be built that's able to threaten their security, our current design wouldn't resist. There are also no quantum resistant scheme that we're aware of that could be used to replace our current design since post-quantum signatures schemes do not "thresholdize" too well in a post-quantum IBE-compatible way.
 
 However, such a quantum computer seems unlikely to be built within the next 5-10 years and therefore we currently consider that you can expect a "**long term security**" horizon of at least 5 years by relying on our design.
 
@@ -288,4 +288,3 @@ Therefore, the project is dual-licensed under Apache 2.0 and MIT terms:
 
 - Apache License, Version 2.0, ([LICENSE-APACHE](https://github.com/drand/drand/blob/master/LICENSE-APACHE) or https://www.apache.org/licenses/LICENSE-2.0)
 - MIT license ([LICENSE-MIT](https://github.com/drand/drand/blob/master/LICENSE-MIT) or https://opensource.org/licenses/MIT)
-89 

cmd/tle/commands/commands.go

@@ -13,8 +13,10 @@ import (
 
 // Default settings.
 const (
-	defaultNetwork = "https://api.drand.sh/"
-	defaultChain   = "52db9ba70e0cc0f6eaf7803dd07447a1f5477735fd3f661792ba94600c84e971"
+	// DefaultNetwork is set to the HTTPs relay from drand, you can also use Cloudflare relay or any other relay.
+	DefaultNetwork = "https://api.drand.sh/"
+	// DefaultChain is set to the League of Entropy quicknet chainhash.
+	DefaultChain = "52db9ba70e0cc0f6eaf7803dd07447a1f5477735fd3f661792ba94600c84e971"
 )
 
 // =============================================================================
@@ -88,8 +90,8 @@ func Parse() (Flags, error) {
 	flag.Usage = func() { fmt.Fprintf(os.Stderr, "%s\n", usage) }
 
 	f := Flags{
-		Network: defaultNetwork,
-		Chain:   defaultChain,
+		Network: DefaultNetwork,
+		Chain:   DefaultChain,
 	}
 
 	err := envconfig.Process("tle", &f)
@@ -176,23 +178,30 @@ func validateFlags(f *Flags) error {
 		if f.Armor {
 			return fmt.Errorf("-a/--armor can't be used with -d/--decrypt")
 		}
-		if f.Network != defaultNetwork {
-			if f.Chain == defaultChain {
+		if f.Network != DefaultNetwork {
+			if f.Chain == DefaultChain {
 				fmt.Fprintf(os.Stderr,
 					"You've specified a non-default network endpoint but still use the default chain hash.\n"+
 						"You might want to also specify a custom chainhash with the -c/--chain flag.\n\n")
 			}
 		}
 	default:
 		if f.Chain == "" {
-			return fmt.Errorf("-c/--chain can't be empty")
+			fmt.Fprintf(os.Stderr, "-c/--chain is empty, will default to quicknet chainhash (%s).\n", DefaultChain)
 		}
 		if f.Duration != "" && f.Round != 0 {
 			return fmt.Errorf("-D/--duration can't be used with -r/--round")
 		}
 		if f.Duration == "" && f.Round == 0 {
 			return fmt.Errorf("-D/--duration or -r/--round must be specified")
 		}
+		if f.Network != DefaultNetwork {
+			if f.Chain == DefaultChain {
+				fmt.Fprintf(os.Stderr,
+					"You've specified a non-default network endpoint but still use the default chain hash.\n"+
+						"You might want to also specify a custom chainhash with the -c/--chain flag.\n\n")
+			}
+		}
 	}
 
 	return nil

cmd/tle/commands/commands_test.go

@@ -2,10 +2,11 @@ package commands
 
 import (
 	"bytes"
-	"github.com/stretchr/testify/require"
 	"os"
 	"testing"
 	"time"
+
+	"github.com/stretchr/testify/require"
 )
 
 func TestParseDuration(t *testing.T) {
@@ -125,8 +126,8 @@ func TestEncryptionWithDurationOverflow(t *testing.T) {
 	flags := Flags{
 		Encrypt:  true,
 		Decrypt:  false,
-		Network:  defaultNetwork,
-		Chain:    defaultChain,
+		Network:  DefaultNetwork,
+		Chain:    DefaultChain,
 		Round:    0,
 		Duration: "292277042628y",
 		Armor:    false,
@@ -139,8 +140,8 @@ func TestEncryptionWithDurationOverflowUsingOtherUnits(t *testing.T) {
 	flags := Flags{
 		Encrypt:  true,
 		Decrypt:  false,
-		Network:  defaultNetwork,
-		Chain:    defaultChain,
+		Network:  DefaultNetwork,
+		Chain:    DefaultChain,
 		Duration: "292277042627y12m1d",
 		Armor:    false,
 	}

go.mod

@@ -4,18 +4,18 @@ go 1.19
 
 require (
 	filippo.io/age v1.1.1
-	github.com/drand/drand v1.5.7
+	github.com/drand/drand v1.5.9
 	github.com/drand/kyber v1.2.0
 	github.com/drand/kyber-bls12381 v0.3.1
 	github.com/stretchr/testify v1.8.4
+	gopkg.in/yaml.v3 v3.0.1
 )
 
 require (
 	github.com/davecgh/go-spew v1.1.1 // indirect
-	github.com/kr/pretty v0.3.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d // indirect
-	gopkg.in/yaml.v3 v3.0.1 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20231212172506-995d672761c0 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240116215550-a9fa1716bcac // indirect
 )
 
 require (
@@ -28,20 +28,17 @@ require (
 	github.com/hashicorp/golang-lru v1.0.2 // indirect
 	github.com/kelseyhightower/envconfig v1.4.0
 	github.com/kilic/bls12-381 v0.1.0 // indirect
-	github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
 	github.com/nikkolasg/hexjson v0.1.0 // indirect
-	github.com/prometheus/client_golang v1.16.0 // indirect
-	github.com/prometheus/client_model v0.4.0 // indirect
-	github.com/prometheus/common v0.44.0 // indirect
-	github.com/prometheus/procfs v0.11.1 // indirect
-	go.uber.org/atomic v1.11.0 // indirect
+	github.com/prometheus/client_golang v1.18.0 // indirect
+	github.com/prometheus/client_model v0.5.0 // indirect
+	github.com/prometheus/common v0.46.0 // indirect
+	github.com/prometheus/procfs v0.12.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
-	go.uber.org/zap v1.25.0 // indirect
-	golang.org/x/crypto v0.13.0 // indirect
-	golang.org/x/net v0.15.0 // indirect
-	golang.org/x/sys v0.12.0 // indirect
-	golang.org/x/text v0.13.0 // indirect
-	google.golang.org/genproto v0.0.0-20230803162519-f966b187b2e5 // indirect
-	google.golang.org/grpc v1.58.0 // indirect
-	google.golang.org/protobuf v1.31.0 // indirect
+	go.uber.org/zap v1.26.0 // indirect
+	golang.org/x/crypto v0.18.0 // indirect
+	golang.org/x/net v0.20.0 // indirect
+	golang.org/x/sys v0.16.0 // indirect
+	golang.org/x/text v0.14.0 // indirect
+	google.golang.org/grpc v1.60.1 // indirect
+	google.golang.org/protobuf v1.32.0 // indirect
 )