Dkg nodes

Background

This project continues Implementation of a distributed key generation algorithm (Pedersen 91) in C#. Pedersen 91 algorithm is synchronous by its nature. In dkg-nodes project we provide a wrapper for Pedersen 91 that help to run it in truly asynchronous distributed environment. Implementation includes two types of entities

• dkg node that is a participant of distributed key generation algorithm. dkg node is REST API client and thus does not require any of its resources to be published

• dkg service node which orchestrates dkg nodes. dkg service node is REST API server

Starting dkg node in docker container

Parameters

• <Name> -- dkg node name, optional, defaults to <GUID>
• <KeyStore> -- KeyStore, that contains Solana Private Key and Address. Optional. If KeyStore is not provided, Solana key pare automatically generated upon node start and saved to appsettings.json Note, that with autogenerated Solana address the node is considered "different" for each run, while explicitly provided KeyStore ensures that the node is considered "the same"
• <KeyStore password> -- KeyStore password, optional.
• <Service node URL> -- fully qualified service node URL
• <Polling interval> -- delay between attempts to get updated algorithm information or command from service node, milliseconds. Optional, defaults to 3000 (3 seconds)

Command

docker run --env=DKG_SERVICE_NODE_URL=<Service node URL> --env=DKG_NODE_NAME=<Name> DKG_NODE_POLLING_INTERVAL=<Polling interval> \
           --env=DKG_SOLANA_KEYSTORE=<KeyStore> --env=DKG_SOLANA_KEYSTORE_PWD=<KeyStore password> \
           --env=PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin \
           --env=DOTNET_RUNNING_IN_CONTAINER=true --env=DOTNET_VERSION=8.0.4 --env=ASPNET_VERSION=8.0.4 \
           -d ghcr.io/project-dkg/dkg-node:0.5.2

Example

docker run --env=DKG_SERVICE_NODE_URL=http://dkg.samsonov.net:8080 --env=DKG_NODE_NAME=TheNodeAtKreel0 \
           --env=PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin \
           --env=DOTNET_RUNNING_IN_CONTAINER=true --env=DOTNET_VERSION=8.0.4 --env=ASPNET_VERSION=8.0.4 \
           -d ghcr.io/project-dkg/dkg-node:0.5.2

Using appsettings.json to provide dkg node configuration

Dkg node configuration can be specified in appsettings.json file that has priority over environment variables Node parameters shall be specified in Node section, for example:

  "Node": {
     "Name": "Dkg node",
     "KeyStore": "eyJjcnlwdG8iOnsiY2lwaGVyIjoiYWVzLTEyOC1jdHIiLCJjaXBoZXJ0ZXh0IjoiNDg3NWUwYzFhNmQ5YjY4MDdiYTY2NmY1YTFjYWE2NzgzMDEzZTFmYjUzODRhY2YwZDgzNTI1MWM3MjRlNGEwZGY3MGRjYzcwMTk4ZjA2NjI4MTI3ZDY5OGIzZTdlOTk2MWJmYTg2ZDg2OTg1OGEwMGVhODgzOTM5MjFlNDlkZmFiZjFkN2U1NGNhMjViNWEyMWRmNjVhYjQ2NWQ1YTg5NDc5NjA0Y2ExMjNmZjc0NTgiLCJjaXBoZXJwYXJhbXMiOnsiaXYiOiI5OWY4ZWE2NjU2OWNmNTI1YjE2NGE0MWM4YmIzZGMwYyJ9LCJrZGYiOiJzY3J5cHQiLCJtYWMiOiJmNDdiNjExMDZlMmNiMGNiM2IwZDNiYzQ3OThkMGY2YmIxOTExYmNmYWU1YTNkYTQwM2EwZDc5Yjg2ZTQxYTc4Iiwia2RmcGFyYW1zIjp7Im4iOjI2MjE0NCwiciI6MSwicCI6OCwiZGtsZW4iOjMyLCJzYWx0IjoiMTBmMTc5MGIyZjIwOGM3NTIyZGY1NTMxYTU0MTViYjdhMjNmYmIzMjE0MmY1NzQ3Y2FlM2Y4MDA0NGM0NzQ4OCJ9fSwiaWQiOiIwZjE2M2E2MC1jNjdmLTQxNGYtYjY1OC0xMDAyMjk1MTA0NTkiLCJhZGRyZXNzIjoiNWkzdkJwcDZuMkdSZHdGcnhVNmJ4U3lTWG41S2dyNDIyMkE0eGM1SzcyYUwiLCJ2ZXJzaW9uIjozfQ==",
     "KeyStorePwd": "password",
     "ServiceNodeUrl": "https://localhost:8081",
     "PollingInterval": 5000
  }

Service node front end

We provide a simple GUI to control dkg service node in a separate project.

Starting service node with front-end in a docker container

version: '3.4'

services:
  dkgservicenode:
    container_name: dkg_service_node
    image: ghcr.io/project-dkg/dkg-service-node:latest
    environment:
      - ASPNETCORE_ENVIRONMENT=Production
      - ASPNETCORE_HTTP_PORTS=8080
      - ASPNETCORE_HTTPS_PORTS=8081
      - ASPNETCORE_Kestrel__Certificates__Default__Path=/etc/dkg/s.pfx
      - ASPNETCORE_Kestrel__Certificates__Default__Password=password
    ports:
      - "8080:8080"
      - "8081:8081"
    volumes:
      - /etc/dkg:/etc/dkg
    depends_on:
      - dkgservice_db

  dkgservice_db:
    container_name: dkgservice_db
    image: postgres:16.1
    restart: unless-stopped
    environment:
      - POSTGRES_USER=postgres
      - POSTGRES_PASSWORD=postgres
      - POSTGRES_DB=dkgservice
    volumes:
      - pgdata:/var/lib/postgresql

  dkgfrontend:
    container_name: dkg_frontend
    image: ghcr.io/project-dkg/dkg-frontend:latest
    environment:
      - NGINX_SSL_CERTIFICATE_PATH=/etc/nginx/certificate/s.crt
      - NGINX_SSL_CERTIFICATE_KEY_PATH=/etc/nginx/certificate/s.key
    ports:
      - "80:80"
      - "443:443"
    volumes:
# Certificate and key for Nginx are expected at
# /etc/nginx/certificate/s.crt
# /etc/nginx/certificate/s.key
      - /etc/nginx/certificate:/etc/nginx/certificate

volumes:
  pgdata: {}

Note that service node setup requires two SSL certificates

For Nginx (front end application) Certificate public and private keys are expected in fixed locations in front-end container - /etc/nginx/certificate/s.crt and /etc/nginx/certificate/s.key

For Kestrel (service node application) PKCS#12 (.pfx) file at configurable location defined by ASPNETCORE_Kestrel__Certificates__Default__Path environment variable Password for PKCS#12 file set at ASPNETCORE_Kestrel__Certificates__Default__Password environment variable

Project financing

Initial development of this project was financed by NarayanaSupramati