search

sedaprotocol / seda-chain

SEDA chain network
GNU General Public License v3.0
17 stars 9 forks source link

feat(pubkey): Pubkey module #342

Closed hacheigriega closed 3 days ago

hacheigriega commented 1 month ago

Explanation of Changes

This PR adds a new module x/pubkey, which will serve as the public key registry for various signing keys used in the SEDA Protocol. The module store follows the following scheme:

validator_address | index -> public_key

There is no application logic that prevents a validator operator from adding any public keys at any index. However, they should use the official, up-to-date CLI to generate the correct set of SEDA keys and send a transaction that would register their public keys at correct indices. In the initial implementation, the CLI generates a single secp256k1 key, whose public key is to be registered at index 0. The SEDA key file is saved in the same directory as the validator key file. By default, the location is $CHAIN_DIR/config/seda_keys.json.

To generate and register the SEDA keys:

sedad tx pubkey add-seda-keys --from <validator_operator_key> --gas-prices 1000000000aseda --gas auto --gas-adjustment 2.0

To use an existing SEDA key file:

sedad tx pubkey add-seda-keys --key-file ~/.sedad/config/seda_keys.json --from <validator_operator_key> --gas-prices 1000000000aseda --gas auto --gas-adjustment 2.0

To query a given validator's SEDA public keys:

sedad query pubkey validator-keys <validator_operator_addr>
Thomasvdam commented 3 weeks ago

I guess it's not entirely clear for me how this module interfaces with modules that need access to the private keys, or how the dependencies are managed.

Maybe it helps to illustrate the following scenarios:

  1. We create a new module that needs to make use of the PKR, how does this new key get added?
  2. A module needs to have something signed, how does this happen?

It would be nice if we could leave all the details of how the keys are managed/stored/etc in the PKR module. I don't think it's possible to express this purely in terms of method/function calls and we'll have to keep a manual file somewhere that links a consumer module identifier to the kind of key it needs.

Pretty sure I'm simplifying things too much, but I feel like this should be possible.

hacheigriega commented 3 weeks ago
  1. My thinking was that when we release a new binary that expects some new key to be registered, we would also update the CLI and have the validators use the updated CLI to generate a new set of keys and register their pubkeys.
  2. My thinking at the moment is that signing and verifying should be separated. Signing should be done using utility or context, whereas verifying should be supported by the pubkey module, which would expose the method through expected keepers. I think this separation makes sense because signing deals with the key file and is relevant only to validators. Would love to discuss more if you have doubts, but this is my current thinking.
hacheigriega commented 3 weeks ago

I will remove unused code like VRF key or CLI endpoint for creating validator with VRF in a separate PR tomorrow

Thomasvdam commented 3 weeks ago
  1. My thinking was that when we release a new binary that expects some new key to be registered, we would also update the CLI and have the validators use the updated CLI to generate a new set of keys and register their pubkeys.
  2. My thinking at the moment is that signing and verifying should be separated. Signing should be done using utility or context, whereas verifying should be supported by the pubkey module, which would expose the method through expected keepers. I think this separation makes sense because signing deals with the key file and is relevant only to validators. Would love to discuss more if you have doubts, but this is my current thinking.

Lets discuss this tomorrow, maybe we can do some pseudocode to see pros and cons to both approaches.

hacheigriega commented 1 week ago

The key interface and the linting error are addressed in PR #365.