-
Notifications
You must be signed in to change notification settings - Fork 190
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Manage the lifecycle of new nodes #43
Comments
In |
From https://forum.enigma.co/t/network-key-management-agreement/1324:
This should always happen for each node in |
We need to check whether this can happen offline. |
I'm not sure this is still needed, as we decided the at first all nodes will share the master key, so after the initial node registration becoming a validator is the same as in a vanilla tendermint chain. |
Also isn't needed anymore ☝️ |
This might be done in the global |
…json-1.0.89 Bump serde_json from 1.0.82 to 1.0.89 in /cosmwasm
New nodes should not be able to start syncing blocks UNTIL they are confirmed as a registered node. We should look into
InitChainer
andEndBlocker
.New node
Get quote - SafeTrace ref
enigmad
generate key pair inside of the enclaveenigmacli
send tx with public key as a param + reportInitialization logic for the enclave. See the logic described here in Phase 1 (register_node()): https://forum.enigma.co/t/network-key-management-agreement/1324
Check whether this can happen automatically inside the global
InitChainer
(also whether this can listen to new blocks and block execution until the new node is confirmed).Existing nodes
register_node()
tx(new_node_public_key, report)
to the enclaveDiscovery ref #1
Discovery ref #2
sk_io
withnew_node_public_key
and derive a new symmetric key (usingderive_key
https://forum.enigma.co/t/input-output-state-encryption-decryption-protocol/1325)seed
with the new symmetric key from the previous stepInitialization logic for the enclave. See the logic described here in Phases 2+3: https://forum.enigma.co/t/network-key-management-agreement/1324
New node again
register_node()
pk_io
and my private key (usingderive_key
https://forum.enigma.co/t/input-output-state-encryption-decryption-protocol/1325). With the single shared 256-bit seed generated above, we can run the CSPRNG several times to get other 256-bit pseudo-random keys:sk_io
,pk_io
) --> a key pair whose pubkey can be used by users to derive new symmetric encryption keys for encrypting input/outputs. The protocol above needs to be changed so that the first validator also broadcastspk_io
to the network.master_state_key
--> a symmetric key used to encrypt contract state. In practice, this is a seed we can use to derive further keys.master_iv
--> this is a seed that can be used to generate fresh IVs for encrypting outputs. That’s how the network can avoid non-determinism and still maintain the security of symmetric ciphers.master_rand_seed
--> this is a seed that can be used to generate randomness.InitChainer
to be able to sync blocksThe text was updated successfully, but these errors were encountered: