Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PoS - verify validator keys ownership with signatures #106

Closed
Tracked by #2006
tzemanovic opened this issue Apr 29, 2022 · 5 comments · Fixed by #2088 or #2163
Closed
Tracked by #2006

PoS - verify validator keys ownership with signatures #106

tzemanovic opened this issue Apr 29, 2022 · 5 comments · Fixed by #2088 or #2163
Assignees
@brentstone
Labels
client PoS validity-predicate
Milestone
0.15

Comments

@tzemanovic
Copy link
Member

For the on-chain validator account creation and for transactions to change consensus key (pending on #36), we must also require that a signature with the consensus key is attached to the transactions to verify the key's ownership. Depends on #85 to be able to attach multiple signatures to a tx.

For this, we should update the client commands and the PoS VP to enforce this rule.
@tzemanovic tzemanovic transferred this issue from anoma/anoma Jul 7, 2022
@tzemanovic
Copy link
Member Author

another way would be to have some "challenge" in the ledger's state that init-validator txs would have to sign over to verify ownership of the relevant PKs that they're trying to use for their validator account - sketched out here https://excalidraw.com/#json=GzskiES12LxvLl-7Y_wGk,qPn9jmoqX2VUnMbJSm86hQ

Other PKs we might want to verify are the protocol key and eth bridge cold and hot key.

For genesis validators, we might need to do something else as those are created before there's any ledger or chain ID. We can e.g. have some pseudo random hash that we ask validators to sign over with those keys.

@cwgoes
Copy link
Contributor

cwgoes commented Jan 13, 2023

@brentstone can you take this on as part of the PoS work?

@tzemanovic
Copy link
Member Author

tzemanovic commented Jan 13, 2023
edited
Loading

The genesis part will be solved by #685, now #1840, but we'll still need something for init-validator tx. I think we could use multisig signatures for this (#81/#85)

@cwgoes cwgoes added this to the 0.15 milestone Jan 16, 2023
@tzemanovic tzemanovic mentioned this issue Feb 28, 2023
Closed
@tzemanovic
Copy link
Member Author

in #1840 we're authorizing pre-genesis init-validator tx with all these validator keys:

namada/genesis/localnet/src/pre-genesis/validator-0/transactions.toml

Lines 9 to 31 in 3968fef

[validator_account.account_key]
pk = "pktest1qpqznlesv6fcgsz9x4rsn7l4dsnp7h5sswvs9atw0zgq3uwp0jll2r42szz"
authorization = "sigtest1qrcy6a095uj6n8ryc9fkfw3hn2jn285g82hdratzrvmg22xp5qdmyr7e9q97t77v4zr8a73x4c3k53pcec3mp4ugt5jqd2w0fvd7nhcp0ajsk4"
[validator_account.consensus_key]
pk = "pktest1qpk2a5m26cgnrp32l2c2hss03draxwnctu92llhlr6kjesn2kt892k2kklp"
authorization = "sigtest1qzajuey408zf66wgw8x3awd5jx9x249csx63n80clehj238qqpsf9cdr630edqjr8fw95vywlngy368r087sge2xy89qpcsrxvwtm3gr0h6g79"
[validator_account.protocol_key]
pk = "pktest1qpfv9pj4zmelcg98rtw8wezztzdgpuczuxjmx946klkxajmvvcxjz3vsv63"
authorization = "sigtest1qz0aerskgtzwmgxwgml72zyz4974njfz6s9dl7r399d0v64pzsmctkwe8f28dwyef52hklj6r2fqmeypncvv3qg2x4hg4u3g23kw23qt73uzmy"
[validator_account.tendermint_node_key]
pk = "pktest1qp7shxxfdkp8ft8xfkgf2vqy7u6effdp82w0cq6aq8575txul33t63dyd68"
authorization = "sigtest1qq87l6zjuswmrfeysxp8j0tu5zlklnswzaqgcuyaq23p49hhvupa57r3rwrh3txfuvq8lh5e7wu7d90js8cn7a7dygs7v5yx2a9ljtqxwl0chr"
[validator_account.eth_hot_key]
pk = "pktest1qypdzza7uqtklzzs50hhy07h5ru9p0v8y5666wwulqnd3mdpuj0tcxsgck694"
authorization = "sigtest1q9qtzvwlqhnft5jgeyms2w757dlly8rjg4g89593ayhan0fx7uvjzvm7r7ltgsly9tp6783pqpl6ezxty240udrrknxmunymz6lm523qqqwx72ra"
[validator_account.eth_cold_key]
pk = "pktest1qypzca0n6l890jc83nk5lljuzps04xmfccz3f87xc6ez40t2wvql48s52cx8r"
authorization = "sigtest1q8qmjstc2jtt3dwueepv0njk9te5qpj6z9yj6w0duhagswz80vyws3ywdsy9n49qnjecvnpxwlna3578vn423tgd4rrtss06ejgkj7c5qyv22nm6"

We should use multisig to do the same for the regular init-validator tx

@tzemanovic tzemanovic changed the title PoS - verify validator consensus key ownership with a signature PoS - verify validator keys ownership with a signature Oct 4, 2023
@tzemanovic tzemanovic changed the title PoS - verify validator keys ownership with a signature PoS - verify validator keys ownership with signatures Oct 4, 2023
This was referenced Oct 20, 2023
Closed
Closed
@batconjurer batconjurer mentioned this issue Nov 3, 2023
Merged
2 tasks
@tzemanovic tzemanovic reopened this Nov 9, 2023
@tzemanovic
Copy link
Member Author

we still need on-chain init-validator sigs check

@tzemanovic tzemanovic mentioned this issue Nov 12, 2023
Merged
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@brentstone brentstone

Labels
client PoS validity-predicate
Projects
No open projects
Namada-Old
Status: Tested in Devnet
Milestone
0.15
Development

Successfully merging a pull request may close this issue.

New genesis flow anoma/namada
init validator tx - verify ownership of used keys anoma/namada
3 participants
@tzemanovic @cwgoes @brentstone