setzeus
commented
5 months ago Closed AshtonStephens closed 5 months ago
setzeus
commented
5 months ago 
jferrant
commented
5 months ago Not entirely sure how the rotate keys is happening. Do we store one aggregate key at any given time? Two signer sets at most? Once all keys are rotated. and a new set-aggregate-key called, does the second signer set come into affect? How do we know that the set-aggregate-key value actually corresponds to the previously rotated set? Just not entirely sure the order of operations/what is stored in the contract at each stage of the rotate key process.
djordon
commented
5 months ago After rereading the doc, I have a decent understanding of the key rotation process, but I want to ensure we thoroughly document the different failure modes and their resolutions. Here are some specific concerns that I had in mind:
Temporary Lockout Risks: Is it possible to temporarily lock ourselves out? The risk exists if signers do not retain their old private keys. Even if a clarity contract call is accepted, signers should not delete their old keys until the contract call is committed and several stacks blocks deep. Considering that reorganizations can occur up to 150[^1] stacks blocks post-Nakamoto, it might be wise for signers to retain their old keys for at least that duration. Perhaps the contract should accept both the new key and the previous key for 150 stacks blocks to mitigate risks associated with reorgs. If a reorg occurs, it's unclear to me whether lost transactions are automatically replayed or not[^2].
Permanent Lockout Risks: Can we permanently lock ourselves out of any contracts? Yes, if enough signers' keys are lost then we will be permanently lockout. This risk seems unavoidable.
I suspect that this is comment should probably be moved to a different ticket. Maybe there isn't much to do on the clarity side? Maybe it's up to the signers to make contract calls with the right keys? But I think we need to have a plan for forking and key rotation somewhere (if we don't already).
[^1]: I think reorgs can happen "easily" up to and including 6 blocks but never after 150 blocks. [^2]: The Stacks Nakamoto paper goes into detail the new forking rules but I don't think it mentions what happens to the "lost" transactions. Replaying transactions is mentioned in the Bitcoin Reorgs section of the stacks online docs here, and my parsing is that we do not replay transactions, which seems odd.
AshtonStephens
commented
5 months ago ~@8marz8 this is in review / done right?~
Sorry, I mixed this up with a different one, we haven't started this one yet.
netrome
commented
5 months ago ~@8marz8 this is in review / done right?~
Sorry, I mixed this up with a different one, we haven't started this one yet.
I thought this one was covered by the LLD posted by @setzeus in the first comment.
AshtonStephens
commented
5 months ago Same as:
@setzeus / @hstove can you two do a quick check of this and the two above to make sure we've mostly checked the boxes and then clear mark this as resolved?
Design - Signer Key Rotation LLD
Ownership breakdown: https://github.com/Trust-Machines/sbtc-v1/discussions/47
This ticket tracks creating the low level design document for the signer key rotation. For a low level design to be "complete" it must have the approval of the majority of the sBTC team and meet the criteria of the checklist below.
Acceptance Criteria Checklist