feat(crypto): CRP-2609 Introduce master key ID variant for vetKD (#2108)

Adds a variant for vetKD in the `MasterPublicKeyId` in the
1. registry protobuf definitions,
   
where it is used in the `KeyConfig` (which is used in the
`ChainKeyConfig`, which is used in the `SubnetRecord`).
2. management canister types,

where it is used in the `ComputeInitialIDkgDealingsArgs` (which will be
generalized in a later step, e.g., to `ReshareChainKeyArgs`).
3. registry canister API (registry.did),

where it is used in the `KeyConfig` (which is used in the
`KeyConfigRequest`, which is used in the `InitialChainKeyConfig`, which
is used in `CreateSubnetPayload` and `RecoverSubnetPayload`), and in the
`UpdateSubnetPayload`'s
`chain_key_signing_enable`/`chain_key_signing_disable`.

This is the very first step for the vetKeys feature.

As discussed with the Consensus team, various consensus tests related to
pre-signatures are adapted so that the tests panic if the vetKD variant
is used, because vetKD doesn't have pre-signatures.

### Registry API backwards-compatibility

The changes in the registry canister API should be
safe/backwards-compatible based on the following argumentation (see [Can
I add a variant
alternative?](https://mmapped.blog/posts/20-candid-for-engineers#faq-remove-alternative)):

The `MasterPublicKeyId` variant in `registry.did` is extended with a new
alternative as follows:
```
- type MasterPublicKeyId = variant { Schnorr : SchnorrKeyId; Ecdsa : EcdsaKeyId };
+ type MasterPublicKeyId = variant { Schnorr : SchnorrKeyId; Ecdsa : EcdsaKeyId; VetKd : VetKdKeyId };
```
This variant is used in two places:
1. ```
   type KeyConfig = record {
      key_id : opt MasterPublicKeyId;
      [...]
   };
   ```
Here, adding the alternative is safe, given that the variant field
`key_id` is optional.
2. ```
   type UpdateSubnetPayload = record {
      [...]
      chain_key_signing_enable : opt vec MasterPublicKeyId;
      chain_key_signing_disable : opt vec MasterPublicKeyId;
      [...]
   }
   ```
Although `chain_key_signing_enable` and `chain_key_signing_disable` are
not (directly) optional variant fields (because they are contained in a
`vec`), adding the alternative is safe, given that the
`MasterPublicKeyId` variant is only ever used (as part of
`UpdateSubnetPayload`) in method arguments but never as method result.

This argumentation is also supported by the fact that the
`//rs/registry/canister:registry-canister_did_git_test` test passes.

### Registry protobuf backwards-compatibility

The changes in the registry protocol buffer definitions is
backwards-compatible. On the one hand, adding a new field to a `oneof`
is generally backward-compatible in Protocol Buffers (with some
[nuances](https://protobuf.dev/programming-guides/proto3/#backward) that
are not relevant here). On the other hand, the new field/variant in the
`MasterPublicKeyId` is not yet written by any code, and this new variant
won't be written for many weeks to come. In particular, it will only be
written to the registry once subnets will actually hold master public
keys for vetKD, which will only happen in 2025.

### Crypto Algorithm ID

For the time being, we don't need a particular `AlgorithmId` for vetKD,
so we use the `AlgorithmId::Placeholder`. In any case, the exact
algorithm also doesn't matter for now because neither the intended
Crypto APIs will use an algorithm ID nor will this algorithm be
persisted anywhere (e.g., in the registry or in a key store).

Author: fspreiss

rs/consensus/src/idkg/payload_builder.rs

@@ -1082,6 +1082,7 @@ mod tests {
                         signature: vec![2; 32],
                     })
                 }
+                MasterPublicKeyId::VetKd(_) => panic!("not applicable to vetKD"),
             },
         );
 
@@ -1924,6 +1925,7 @@ mod tests {
                         &mut rng,
                     ))
                 }
+                MasterPublicKeyId::VetKd(_) => panic!("not applicable to vetKD"),
             };
             payload_0.available_pre_signatures.insert(
                 payload_0.uid_generator.next_pre_signature_id(),

rs/consensus/src/idkg/payload_builder/pre_signatures.rs

@@ -359,6 +359,12 @@ fn make_new_pre_signatures_if_needed_helper(
     let Some(pre_signatures_to_create) = chain_key_config
         .key_configs
         .iter()
+        .filter(|key_config| {
+            matches!(
+                &key_config.key_id,
+                MasterPublicKeyId::Ecdsa(_) | MasterPublicKeyId::Schnorr(_)
+            )
+        })
         .find(|key_config| &key_config.key_id == key_id)
         .map(|key_config| key_config.pre_signatures_to_create_in_advance as usize)
     else {
@@ -370,7 +376,7 @@ fn make_new_pre_signatures_if_needed_helper(
     }
 
     for _ in 0..(pre_signatures_to_create - unassigned_pre_signatures) {
-        let pre_signature = match key_id {
+        match key_id {
             MasterPublicKeyId::Ecdsa(ecdsa_key_id) => {
                 let kappa_config = new_random_unmasked_config(
                     key_id,
@@ -380,11 +386,12 @@ fn make_new_pre_signatures_if_needed_helper(
                 );
                 let lambda_config =
                     new_random_config(key_id, subnet_nodes, registry_version, uid_generator);
-                PreSignatureInCreation::Ecdsa(QuadrupleInCreation::new(
+                let pre_signature = PreSignatureInCreation::Ecdsa(QuadrupleInCreation::new(
                     ecdsa_key_id.clone(),
                     kappa_config,
                     lambda_config,
-                ))
+                ));
+                new_pre_signatures.insert(uid_generator.next_pre_signature_id(), pre_signature);
             }
             MasterPublicKeyId::Schnorr(schnorr_key_id) => {
                 let blinder_config = new_random_unmasked_config(
@@ -393,13 +400,16 @@ fn make_new_pre_signatures_if_needed_helper(
                     registry_version,
                     uid_generator,
                 );
-                PreSignatureInCreation::Schnorr(TranscriptInCreation::new(
+                let pre_signature = PreSignatureInCreation::Schnorr(TranscriptInCreation::new(
                     schnorr_key_id.clone(),
                     blinder_config,
-                ))
+                ));
+                new_pre_signatures.insert(uid_generator.next_pre_signature_id(), pre_signature);
+            }
+            MasterPublicKeyId::VetKd(_vetkd_key_id) => {
+                // vetKD does not have pre-signatures
             }
         };
-        new_pre_signatures.insert(uid_generator.next_pre_signature_id(), pre_signature);
     }
 
     new_pre_signatures
@@ -495,6 +505,7 @@ pub(super) mod test_utils {
                     blinder_config_ref,
                 ))
             }
+            MasterPublicKeyId::VetKd(_) => panic!("not applicable to vetKD"),
         };
         let configs = pre_signature
             .iter_transcript_configs_in_creation()
@@ -709,6 +720,7 @@ pub(super) mod tests {
         let expected_transcript_ids = match key_id {
             MasterPublicKeyId::Ecdsa(_) => 2 * expected_pre_signatures_in_creation,
             MasterPublicKeyId::Schnorr(_) => expected_pre_signatures_in_creation,
+            MasterPublicKeyId::VetKd(_) => panic!("not applicable to vetKD"),
         };
         assert_eq!(transcript_ids.len(), expected_transcript_ids);
         assert_eq!(

rs/consensus/src/idkg/payload_builder/signatures.rs

@@ -311,6 +311,7 @@ mod tests {
                             signature: vec![i as u8; 32],
                         })
                     }
+                    MasterPublicKeyId::VetKd(_) => panic!("not applicable to vetKD"),
                 },
             );
         }

rs/consensus/src/idkg/payload_verifier.rs

@@ -1043,6 +1043,7 @@ mod test {
                     MasterPublicKeyId::Schnorr(_) => {
                         SignWithSchnorrReply { signature: vec![] }.encode()
                     }
+                    MasterPublicKeyId::VetKd(_) => panic!("not applicable to vetKD"),
                 }),
             ));
 
@@ -1076,6 +1077,7 @@ mod test {
                 fake_schnorr_master_public_key_id(SchnorrAlgorithm::Ed25519)
             }
             MasterPublicKeyId::Schnorr(_) => fake_ecdsa_master_public_key_id(),
+            MasterPublicKeyId::VetKd(_) => panic!("not applicable to vetKD"),
         };
         // Add a pre-signature for the "wrong_key_id"
         insert_test_sig_inputs(

rs/consensus/src/idkg/signer.rs

@@ -1101,6 +1101,7 @@ mod tests {
                 fake_schnorr_master_public_key_id(SchnorrAlgorithm::Ed25519)
             }
             MasterPublicKeyId::Schnorr(_) => fake_ecdsa_master_public_key_id(),
+            MasterPublicKeyId::VetKd(_) => panic!("not applicable to vetKD"),
         };
 
         // Set up the signature requests
@@ -1288,6 +1289,7 @@ mod tests {
                 let expected_complaints_count = match key_id {
                     MasterPublicKeyId::Ecdsa(_) => requested_signatures_count * 5,
                     MasterPublicKeyId::Schnorr(_) => requested_signatures_count * 2,
+                    MasterPublicKeyId::VetKd(_) => panic!("not applicable to vetKD"),
                 };
                 let complaints = transcript_loader.returned_complaints();
                 assert_eq!(change_set.len(), complaints.len());
@@ -1368,6 +1370,7 @@ mod tests {
                             ThresholdSigInputs::Schnorr(inputs),
                         )
                     }
+                    MasterPublicKeyId::VetKd(_) => panic!("not applicable to vetKD"),
                 };
                 let crypto = env
                     .nodes
@@ -1548,6 +1551,7 @@ mod tests {
                 fake_schnorr_master_public_key_id(SchnorrAlgorithm::Ed25519)
             }
             MasterPublicKeyId::Schnorr(_) => fake_ecdsa_master_public_key_id(),
+            MasterPublicKeyId::VetKd(_) => panic!("not applicable to vetKD"),
         };
         let message = create_signature_share(&key_id_wrong_scheme, NODE_2, id_2.clone());
         let msg_id_2 = message.message_id();

rs/consensus/src/idkg/test_utils.rs

@@ -97,6 +97,7 @@ fn fake_signature_request_args(key_id: MasterPublicKeyId) -> ThresholdArguments
             key_id,
             message: Arc::new(vec![1; 48]),
         }),
+        MasterPublicKeyId::VetKd(_) => panic!("not applicable to vetKD"),
     }
 }
 
@@ -1152,6 +1153,7 @@ pub(crate) fn create_sig_inputs_with_args(
         MasterPublicKeyId::Schnorr(key_id) => {
             create_schnorr_sig_inputs_with_args(caller, receivers, key_unmasked, height, key_id)
         }
+        MasterPublicKeyId::VetKd(_) => panic!("not applicable to vetKD"),
     }
 }
 
@@ -1356,6 +1358,7 @@ pub(crate) fn create_signature_share_with_nonce(
                 sig_share_raw: vec![nonce],
             },
         }),
+        MasterPublicKeyId::VetKd(_) => panic!("not applicable to vetKD"),
     }
 }
 
@@ -1617,6 +1620,7 @@ pub(crate) fn key_id_with_name(key_id: &MasterPublicKeyId, name: &str) -> Master
     match key_id {
         MasterPublicKeyId::Ecdsa(ref mut key_id) => key_id.name = name.into(),
         MasterPublicKeyId::Schnorr(ref mut key_id) => key_id.name = name.into(),
+        MasterPublicKeyId::VetKd(ref mut key_id) => key_id.name = name.into(),
     }
     key_id
 }

rs/consensus/src/idkg/utils.rs

@@ -8,7 +8,7 @@ use ic_interfaces::consensus_pool::ConsensusBlockChain;
 use ic_interfaces::idkg::{IDkgChangeAction, IDkgChangeSet, IDkgPool};
 use ic_interfaces_registry::RegistryClient;
 use ic_logger::{warn, ReplicaLogger};
-use ic_management_canister_types::{EcdsaCurve, MasterPublicKeyId, SchnorrAlgorithm};
+use ic_management_canister_types::{EcdsaCurve, MasterPublicKeyId, SchnorrAlgorithm, VetKdCurve};
 use ic_protobuf::registry::subnet::v1 as pb;
 use ic_registry_client_helpers::subnet::SubnetRegistry;
 use ic_registry_subnet_features::ChainKeyConfig;
@@ -443,6 +443,9 @@ pub(crate) fn algorithm_for_key_id(key_id: &MasterPublicKeyId) -> AlgorithmId {
             SchnorrAlgorithm::Bip340Secp256k1 => AlgorithmId::ThresholdSchnorrBip340,
             SchnorrAlgorithm::Ed25519 => AlgorithmId::ThresholdEd25519,
         },
+        MasterPublicKeyId::VetKd(vetkd_key_id) => match vetkd_key_id.curve {
+            VetKdCurve::Bls12_381_G2 => AlgorithmId::Placeholder,
+        },
     }
 }
 

rs/consensus/utils/src/lib.rs

@@ -860,6 +860,7 @@ mod tests {
             MasterPublicKeyId::Schnorr(key_id) => {
                 PreSignatureRef::Schnorr(fake_schnorr_transcript(id, key_id.clone()))
             }
+            MasterPublicKeyId::VetKd(_) => panic!("not applicable to vetKD"),
         }
     }
 
@@ -880,6 +881,7 @@ mod tests {
                         key_id: key_id.clone(),
                     })
                 }
+                MasterPublicKeyId::VetKd(_) => panic!("not applicable to vetKD"),
             },
             derivation_path: vec![],
             pseudo_random_id: [0; 32],

rs/execution_environment/src/scheduler/threshold_signatures.rs

@@ -140,6 +140,7 @@ mod tests {
                 key_id: key_id.clone(),
                 message: Arc::new(vec![1; 64]),
             }),
+            MasterPublicKeyId::VetKd(_) => panic!("vetKD does not have pre-signatures"),
         };
         let context = SignWithThresholdContext {
             request: RequestBuilder::new().build(),

rs/protobuf/def/registry/crypto/v1/crypto.proto

@@ -80,9 +80,20 @@ message SchnorrKeyId {
   string name = 2;
 }
 
+enum VetKdCurve {
+  VET_KD_CURVE_UNSPECIFIED = 0;
+  VET_KD_CURVE_BLS12_381_G2 = 1;
+}
+
+message VetKdKeyId {
+  VetKdCurve curve = 1;
+  string name = 2;
+}
+
 message MasterPublicKeyId {
   oneof key_id {
     EcdsaKeyId ecdsa = 1;
     SchnorrKeyId schnorr = 2;
+    VetKdKeyId vetkd = 3;
   }
 }