Closed sergeynog closed 3 months ago
We don't want to impose off-chain statefulness on the caller (vald), nor do we want tofnd to maintain any state other than mnemonics. A concrete plan as per discussion with @milapsheth:
key presence
check and sign
now also includes a pubkey k
in addition to a key id id
. key presence iterates through all mnemonics m
, generates the key k'
from (m,id)
, compares with k
. return true if we find a mnemonic that generates k
else return false. sign does similar, but also signs a given message if k
is found.If you don't like the inefficiency of iterating keygen over all mnemonics then we introduce statefulness. Either caller (vald) or tofnd must maintain state about which mnemonics were used to generate which keys.
activate
flag imports the mnemonic (if it doesn't already exist) and sets it to active (if it isn't already).delete
flag: if the "imported" mnemonic exists and is inactive then delete it, otherwise throw an errorBased on discussion with @ggutoski and @cgorenflo, the proposed design involving axelard/vald/tofnd:
tofnd
will have a list of mnemonics it can import/store.tofnd
now receives (key_id, pubkey)
when signing. From the pubkey
, it can determine the mnemonic that should be used for signing.vald
startup, it queries the node to retrieve a mapping of key ids to pub keys for a given validator. Any key_id
not in this mapping will send over empty pubkey bytes which defaults to the latest mnemonic of the validator. This way if any key rotations in core are performed, new key ids will always correspond to the latest mnemonic.axelard
exposes the above query.Note, this design works for multisig. In the threshold case, during signing only the secret key share is needed. The mnemonic is not used at all anyways. During on chain recovery of key shares for threshold schemes, recovery can be performed in a similar way by indexing against a provided pubkey/hash.