Insert Genesis Keyshares should also generate the keyshares #1658
Comments
kylezs
added
CFE
effort-3
FWIW I think the problem was that we didn't notice that they needed to be regenerated, not that they were simply not updated. But yes agree that we should make this more foolproof, it cost me a couple of skin cells. |
|
As I mentioned to Kyle in DM, I think the genesis code doesn't need to depend on the unit test the way it does now. The actual protocol is complicated because we need to use commitments/challanges and things like that (not to mention building and collecting the messages) since we don't trust the parties. Conceptually generating keyshares should be a quite straightforward process that we can do with 50 lines of code or so (taking advantage of the existing building blocks/functions in keygen of course to ensure compatibility). We can bypass the cermeony code just like we do with solo keygen/signing and the end result will be indistinguishable from running a keygen ceremony. |
nakul-cf
changed the title
|
As discussed in DMs, Max will write the key generation code path for genesis, that will allow us to generate keys on a trusted part. Then I can ensure @tomjohnburton is happy with the interface / binary outputs so it's easy for the CI to use. |
|
#1667 completes the first part. |
morelazers
changed the title
Description
Currently we generate keyshares, manually copy them to the CI and then run the insert-genesis-keyshares binary on each node that creates the database and inserts that node's keyshare.
Instead we can have a binary that:
Then the CI can just copy the database onto the nodes required.
Alternatives Considered
Use something similar to the flow we have currently, but with the CI using a binary to generate the keyshares. And using a separate binary to insert the keyshares.
Additional context
We encountered a case of the keyshares not being updated on CI again :(
Relevant people
@tomjohnburton @j4m1ef0rd @AlastairHolmes @msgmaxim
The text was updated successfully, but these errors were encountered: