Generate ownership proof for SessionKeys
#48
Conversation
| ``` | ||
|
|
||
| The `proof` being a SCALE encoded tuple over all signatures of each private session | ||
| key signing the `owner`. The actual type of each signature depends on the |
There was a problem hiding this comment.
So the message being signed is the SCALE-encoded account_id?
| pub proof: Vec<u8>, | ||
| } | ||
|
|
||
| fn SessionKeys_generate_session_keys(owner: Vec<u8>, seed: Option<Vec<u8>>) -> OpaqueGeneratedSessionKeys; |
There was a problem hiding this comment.
An AccountId is a u64 I believe. How does that translate to a Vec<u8>?
I suppose through SCALE encoding, but since the function signature here is the "high level one", shouldn't it be u64 here? Otherwise, the AccountId gets SCALE-encoded twice, no?
There was a problem hiding this comment.
You'd presumably sign the actual controller key here, not some reference.
There was a problem hiding this comment.
An
AccountIdis a u64 I believe. How does that translate to aVec<u8>?
AccountId for Polkadot is an enum with public keys of sr/ed25519 or ecdsa. Other chain can also have different account ids. Thus, this should be a Vec<u8> that represents the SCALE encoded account id.
| When a user sets new `SessionKeys` on chain the chain can currently not ensure that the user | ||
| actually has control over the private keys of the `SessionKeys`. With the RFC applied the chain is able | ||
| to ensure that the user actually is in possession of the private keys. |
There was a problem hiding this comment.
Worded differently, you want to give the possibility to the implementation of SessionKeys_generate_session_keys to know which AccountId the host controls?
There was a problem hiding this comment.
Yes. I mean generate_session_keys doesn't care as it just signs whatever you pass it.
There was a problem hiding this comment.
At least for me, the motivation does not go deep enough. Why should the chain care?
There was a problem hiding this comment.
Why should the chain care?
Care that you are in possession of the keys? The chain doesn't really need to care. However, someone could may include a transaction faster than you with your public keys registered. So, someone could theoretically prevent that a validator is rotating its keys.
|
In this RFC, all session keys first acknowledge their controller key by signing it, after which their controller key certifies them. Yes, we do obtain the desired back certificates this way, but I'd envisioned doing this in part the other way round, plus adding a master session key. It'd look like this:
In emergencies, a command line option could overrides 7, and maybe this could happen automatically, but usually 7 prevents nodes being slashed for operator error. In this, 1-2 have same orientation as proposed here, but 3-4 have the reversed orientation. We must check a two step certificate chain, including two back certificates, before believing a session key, but this should be a rare enough it does not matter. Our nonce in 4 could be some ephemeral key like maybe the transport layer key. Anyways.. If there is a pressing need to do something simpler first then fine, and validator operators rarely get slashed for equivocations these days, maybe they get 0% slashed or we refund them, but it's maybe worth defending against the equivocations footgun like this. A master session key permits changing session keys without impacting user experience for validator operators, and consolidates the nonce lock under one session key, but this could be done without the master session key. |
bkchr
changed the title
SessionKeysSessionKeys
| The RPC that exists around this runtime api needs to be updated to support passing the account id | ||
| and for returning the ownership proof alongside the public session keys. | ||
|
|
||
| UIs would need to be updated to support the new RPC and the changed on chain logic. |
There was a problem hiding this comment.
Will they break with this update? Or is there a deprecation/upgrade path?
There was a problem hiding this comment.
There is a new RPC for this. So, they will not break. However when the runtime is upgraded it will require the proofs which only the new UI generates. There is also only polkadot-js which supports this AFAIK.
|
|
||
| ## Summary | ||
|
|
||
| This RFC proposes to changes the `SessionKeys::generate_session_keys` runtime api interface. This runtime api is used by validator operators to |
There was a problem hiding this comment.
Actually, why do we need a runtime API to generate keys?
There was a problem hiding this comment.
Because the node doesn't know what session keys the runtime is using.
There was a problem hiding this comment.
Instead of generating the keys in the runtime, which in fact ends up generating the keys via some host call, would be nice to have instead the runtime returning a list of (CryptoTypeId, KeyTypeId).
Then generate the keys directly using the keystore.
The advantage of this approach would be to deprecate the host calls to generate the keys from the runtime which (IMO) is a bit awkward.
There was a problem hiding this comment.
These host calls are also required for benchmarking to generate private keys. CryptoTypeId didn't exist at the time this runtime api was introduced. This is also really the topic of this RFC.
In the end you also still need to call into the runtime to do this. In hindsight I would also design some of the host calls differently to make nodes for example "more generic". This can be done, but yeah isn't part of this RFC and this RFC will also not make any of that more complicated.
|
/rfc propose |
|
Hey @bkchr, here is a link you can use to create the referendum aiming to approve this RFC number 0048. Instructions
It is based on commit hash adb59579ee424853a3174740b65e991a2a8d31aa. The proposed remark text is: |
|
We'd reduce slashing risks considerably if we handle this like I propsed above: #48 (comment) |
|
Voting for this referenda is ongoing. Vote for it here |
|
PR can be merged. Write the following command to trigger the bot
|
|
/rfc process 0x34f2bcbf3ef8b5ef7d7ab74cef6d391c1f6aee227daa5a67108f9e9c8ffd00aa |
|
The on-chain referendum has approved the RFC. |
This RFC changes the
SessionKeysruntime api to support generating a proof of ownership of the generated session keys.