Comments (2)
Eon Key Distribution
The keypers infrequently generate eon keys. The eon keys need to be transmitted to two types of recipients:
- users, so that they can encrypt transactions
- decryptors, so that they can validate epoch secret keys, also generated by keypers
Each eon key is valid in a range of epochs. The start of the range is explicitly specified by the keypers. The end of the range is given by the start of the following eon key. The latest generated eon key is valid indefinitely until a newer eon key is generated.
Eon keys are signed by a threshold majority of the keyper set. This allows nodes to verify that a received eon key is valid, no matter via which channel they got it, as long as they know the current keyper set. However, they cannot cryptographically verify that they received all eon keys (i.e., they might use an eon key in an epoch for which a newer eon key is available). Therefore, the eon key distribution mechanism should ensure that recipients are able to fetch all keys.
We have multiple options with pros and cons:
- Key broadcast contract
- Shuttermint
- P2P
Key broadcast contract
Keypers submit the eon key, including the signature, to a contract on a blockchain. Users and decryptors fetch the key from the contract. The contract may verify the signature directly or the caller can do so off-chain.
Pros:
- no way to miss a key
- no way to publish keys for past epochs
- users and decryptors need to watch the chain anyways to get keyper identities and other configuration parameters
Cons:
- potentially costly on mainnet or rollups
Shuttermint
Keypers send signatures to the Shuttermint chain. Users and decryptors sync the chain and fetch key and signature from there.
Pros
- cheap
- no need for keypers to send another transaction
- signatures can be verified automatically
Cons
- users and decryptors need to sync another chain, which is problematic at least for users
- keypers might decide to switch to a different chain (e.g., in case keyper set transitioning is blocked), in which users and decryptors would need to find the new chain
- lots of overhead
P2P
Keypers broadcast the eon keys with signatures on a gossip network. Every node on the network (keypers, decryptors, collator, potentially users) stores them in their db. Nodes that join ask some or all of their peers for keys the know.
Pros
- cheap
Cons
- users and decryptors need to join the p2p network, which is problematic for users
- no hard guarantee that all keys are received (peers could withhold keys)
from rolling-shutter.
During discussion, a fourth option came up: In Rolling Shutter, the collator can provide the eon keys to users.
Nevertheless, we decided to go with the key broadcast contract because it's the most practical and most secure. If necessary, it would also work with (newer versions of) On-chain Shutter (useful if we decide to unify the implementations at some point).
from rolling-shutter.
Related Issues (20)
- Add mock-sequencer startup to babashka tasks HOT 1
- Fix: missing EVM capabilities in mock-sequencer HOT 1
- Resend latest `DecryptionTrigger` message when no activity
- Let the collator trigger a `EonPublicKey` resend
- Progress batches only when a valid Eon configuration is known HOT 1
- Additional super-majority votes trigger DKG during finalisation phase
- Use `zerolog` for all stdlib `log` calls
- Add a peer-discovery mechanism to `gossipsub`
- Decryption trigger abstraction HOT 1
- Allow arbitrary epoch-ids HOT 1
- [meta] Keyper benchmarking HOT 1
- Fix flakey `p2p.TestStartNetworkNodeIntegration` test HOT 1
- Refactor DecryptionTrigger mechanism HOT 4
- Write keyper set manager contract
- Improved Performance in go-libp2p-kad-dht: New Feature Reduces PUT/Provide Latencies to <1s HOT 2
- Set up distributed shuttermint for snapshutter
- Third party keyper setup
- Public bootnodes HOT 1
- Create a docker compose setup for third party keypers
- Document third party keyper setup
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from rolling-shutter.