Contract Ops Questions

[ef4]

I see that the secure terminal needs to go through a software setup phase that is going to require network. But can we do all of that once before any private keys are generated, then disconnect from the network (and ideally never reconnect!), then generate private keys and do offline signing operations from then on?

Alternatively, is there a practical way to separate contract generation from signing? If so, could we just have multiple people run the generation steps independently and bring the resulting unsigned contracts into the clean room, use the secure terminal to verify that they are all identical (so nobody manipulated the contract or had malware), then use the secure terminal's private keys to sign the contract. The benefit of this is that much of the developer toolchain can stay off the secure terminal, reducing the attack surface significantly.

Basically I'm looking for ways to simplify the in-the-cleanroom operations to just "bring in a thing to be signed, get people to agree the thing is valid, sign the thing, and sneaker-net it out to be posted to the network".

[habdelra]

these are great points. So the act of contract creation is something that we use truffle for because it is quite a complex process. I'm not aware that truffle has an offline signing mechanism that you normally see for various wallet management tools. I can dig into this more deeply.

In terms of the software setup, yeah, we can do all that first before we create the private key. I ordered it they way I did as downloading the blockchain takes the most amount of time, and you create your private keys at the point you setup the wallet to download the blockchain. But I have no problem re-ordering that so that we setup the software first and then download the blockchain/create the private key.

[ef4]

Cool.

I wonder if you can copy the blockchain cache out of an existing wallet to preload a new machine to avoid the downloading. It would still be able to verify the blocks as authentic, but that is probably much faster than downloading them.

[habdelra]

yeah, both ethereum and bitcoin leverage ways of doing this. it's a seed file. but also you need to obtain it from a very trusted source. if we use the geth client (which we do plan to), there is an import function that allows you to import the blockchain. I can work thru this so we can include that in our client setup.

[ef4]

I think you would only need a full copy of the blockchain when it's time to submit the new contract though, not necessarily when it's being constructed and signed? Perhaps if we did offline signing we wouldn't need all the blocks on the secure terminal.

[habdelra]

so creating the contract on chain is a multi-transaction process where the subsequent transactions depends on the previous transactions (it's about 20 separate transactions for our stuff).

But you are right, you don't need the blockchain to sign the transaction. But the more I dig, the less it looks like truffle handles offline signing.

[habdelra]

if you are curious, this is what is looks like to deploy our stuff:

Running migration: 1_initial_migration.js
  Deploying Migrations...
  ... 0x4461bb33eb561f4738c71af733747812c3f9194a6ee992fcabb90ec2b3be4661
  Migrations: 0x956b385e2aead9afb0c89f69eeea45ae1b81e518
Saving successful migration to network...
  ... 0x46306a09ee3bb424c4851d4423a75ed4caf1261fa27bd8eaebf4da633d85cc6f
Saving artifacts...
Running migration: 2_deploy_registry.js
  Deploying Registry...
  ... 0x65df555f20346b2532ae7cd769b2776b2577729e2bcc7b99f3424e8aa57637df
  Registry: 0x9f0055eb73e36973594634cd65fab48a6aa11535
Saving successful migration to network...
  ... 0x2d27c61c7278846e4bf71b263cb2ff4fcdb129ed59893a8b6ec59390c6d25aa6
Saving artifacts...
Running migration: 3_deploy_storage.js
  Deploying ExternalStorage...
  ... 0x0f6d66e2b1063730912dad62ec1ef681e92943649441f9aa2d74bc0a2dce34d1
  ExternalStorage: 0x301618ced6c48af5c5b949680a24f0912297b851
Saving successful migration to network...
  Deploying CstLedger...
  ... 0x0c76968747b966ec234140f2bce1ac7bb6aaf375f12bb4f9d8514a3c4c5b1bac
  ... 0x5abb6591f49bfe44098efab89b72f34bb51d363bbdfc6f3ddd74f85678f533d5
Saving artifacts...
Running migration: 4_deploy_cst_contract.js
Saving successful migration to network...
  Deploying CstLibrary...
  ... 0xc1f4f1efd8b027ccd122cfde43f4c69792e8799ded0c6003298a5c94ce1f0942
  ... 0xe27d7b8ba8b88b69b33a44e05357b8e94429359239fd81567a872ad2ad550c29
  CstLedger: 0xc56af65b69c3ff0cd17980e0388a092fc30e9460
  ... 0x32745d50b8155dd61a7701dfc7f7b9b91e7e6502a2932032d92393dd32ff4242
Saving artifacts...
  CstLibrary: 0x657c614e524eaaa37d84d2ba2b04f43859da94df
  Linking CstLibrary to CardStackToken
  Deploying CardStackToken...
  ... 0x967ef8217aae830bc5b404e3ddf402abc6ec8c9c4a06ee2900a08c8a3b95bb98
  ... 0x70583c493e42cf1366db6d145c08c9c59758227a1fcc84b8e8fb7abce041510b
  CardStackToken: 0xf96f2ca367e194ce82b1cb86d4bb495241cac93e
  ... 0x53b6f03ccd54a2683c84a7d6be8f8f8c500a21ac9dfb51475082b4b70b96cba0
  ... 0xc02c8dbb40ca8e700a55e35620c25b9c193ba504200f1c7306cbafd56a31e96

you'll notice that a bunch of contracts are split into separate transactions (so they don't exceed the gaslimit for the block), as well as there is bookkeeping that truffle is doing, and that we do as well with our registry contract.