Proto commits in keep-network/keep-core

These commits are when the Protocol Buffers files have changed: (only the last 100 relevant commits are shown)

2024-05-02

Updated package structure

The documentation is generated from this commit.

2024-04-24

Added claim signature message

2024-02-20

Added MovedFundsSweepProposal type

2024-01-04

Removed wallet public key hash from moving funds proposal

Added moving funds message unmarshaling

2023-11-28

Coordination message and marshaling machinery Here we implement the coordination message type along with all marshaling machinery necessary to transfer it over the wire.

2022-12-12

Remove DKG stop pill mechanism

2022-11-17

Rename the concept of "signing sync" to "signing done check"

2022-11-16

Improve marshaling of `signingSyncMessage` The `message` field is easier to manage if it is marshaled as bytes not string.

Marshaling code for `tecdsa.Signature`

2022-11-15

Synchronize signing group members upon successful signing Here we implement a component that is meant to synchronize all signing group members once a signature is produced by the given attempt's participants. All signing group members (either participating or omitting the given attempt) must end up with the same signature and a common end block. This is crucial for serial signing.

2022-10-31

Abstract the tECDSA signing announcer logic Here we abstract the tECDSA signing announcer and move it to the `pkg/protocol/announcer` package. This logic is generic and can be used by multiple interactive protocols.

2022-10-28

Identify stop pill by DKG seed or signed message The stop pill was sent in a broadcast channel and stopped all signing and key generation using that broadcast channel. This worked fine for key generation, because broadcast channel name for key generation is computed from the last block's hash. This did not work well for signing sometimes because there is one broadcast channel used for all attempts of signing. If there were two attempts running at the same time (e.g. multiple attempts of the previous signing and a new signing starting), the stop pill was stopping the slower signing protocol. With this change, each signing and DKG is uniquely identified. It was not a must for DKG but I thought it is good to stay consistent. The identification is based on DKG seed and message being signed. My first attempt was to use a session ID but the session ID is computed separately for each attempt and we want to stop the main loop, not just the given attempt.

2022-10-14

Introduce the signing attempt announcement message

2022-10-05

Add confirmation state at the end of ECDSA DKG So far, members' failures in the last state (finalization) of the ECDSA DKG could remain undetected by other participants as no explicit confirmation step was done after the result was produced. The result signature process that occurs after the DKG finalization is able to detect such a failures to some extent, only when the signatures count is lower than the group quorum parameter. Undetected DKG finalization failures lead to a spurious view regarding the wallet's state because some members considered as properly operating are actually inactive. Such inactive members are normally selected for the signing work despite being unable to participate in the protocol. That leads to multiple signing failures that must be compensated by the random retry algorithm. This extends the signature time abnormally. To mitigate that problem, we are extending the DKG finalization state to produce and exchange messages informing about successful finalization. We are also introducing a new confirmation state that occurs after the finalization and makes sure that all DKG participants selected for current DKG attempt sent a finalization message thus were able to produce the result.

2022-09-29

Add session ID to the beacon DKG messages So far, the messages carrying information specific to a DKG instance were identified only by the sender ID. That can be problematic if multiple DKG instances occur in a short period of time. Due to network retransmissions, old DKG messages referring to a previous DKG instance may be handled by members listening for DKG messages specific for the currently executed DKG instance. If that scenario happens, group members can turn into an inconsistent state and break the protocol execution. As remediation, we are extending the DKG messages definitions by adding a session ID field that allows attributing the messages to a specific DKG instance. Then, the session ID can be used by group members to filter out all messages that does not belong to the currently processed DKG instance.

2022-09-28

Add session ID to the beacon relay entry messages So far, the messages carrying signature shares specific to a relay entry request were identified only by the sender ID. That turned to be problematic if multiple relay entry requests target the same group in a short period of time. Due to network retransmissions, old shares messages referring to a previous entry request may be handled by members listening for share messages specific for the currently processed entry request. If that scenario happens, group members reject the wrong shares related to previous entry and produce log warnings. Although that case does not harm the protocol execution at the moment, it is generally error-prone and may lead to unpredictable consequences in the future. As remediation, we are extending the relay entry share message definition by adding a session ID field that allows attributing the message to a specific relay entry request. Then, the session ID can be used by group members to filter out all messages that does not belong to the currently processed relay entry request.

2022-09-20

Stop pill as a workaround for no consensus integration `StopPill` is a temporary workaround for a missing chain integration. When a group member is not selected for the current attempt of key generation or signing and there is no other member from the same client selected for the protocol execution, the member does not know what was the result of the protocol execution and if it completed or not. In other words, `defer cancelLoopCtx()` does not get executed and the member will stay hung on the block waiter, waiting for their turn. The `StopPill` is sent via broadcast channel on a successful protocol execution and tells all members waiting for their turn in the retry loop to stop because the result was produced.

Marshal PaillierSK for PreParams The LocalPreParams struct from tss-lib defined a PaillierSK property. This property is generated for PreParams and is required for DKG execution. We need to marshal and unmarshal it to not loose the data.

2022-09-15

Merge remote-tracking branch 'origin/main' into storage

2022-09-13

Align field names in tECDSA protocol messages

2022-09-12

Implement pre params persistence We want to store the generated pre params on disk to use them after a client restarts. Here we implement the persistent storage for pre params. Once the preparams are generated they are stored on disk in the storage dir `work/preparams/` in a file named according to a template: `pp_<CREATION TIMESTAMP MS>_<HASH 7 characters>`. When the praparams are used by DKG they are deleted from the storage.

2022-09-08

Add `./` to go_package in .proto files The prefix is required by the protoc-gen-go ``` protoc-gen-go: invalid Go import path "pb" for "pkg/net/gen/pb/message.proto" The import path must contain at least one period ('.') or forward slash ('/') character. ```

2022-09-06

TSS round nine for tECDSA signing Here we implement the TSS round nine for the tECDSA signing protocol. This round expects simple broadcast messages produced in round eight as input and produces a simple broadcast message as output.

TSS round eight for tECDSA signing Here we implement the TSS round eight for the tECDSA signing protocol. This round expects simple broadcast messages produced in round seven as input and produces a simple broadcast message as output.

TSS round seven for tECDSA signing Here we implement the TSS round seven for the tECDSA signing protocol. This round expects simple broadcast messages produced in round six as input and produces a simple broadcast message as output.

TSS round six for tECDSA signing Here we implement the TSS round six for the tECDSA signing protocol. This round expects simple broadcast messages produced in round five as input and produces a simple broadcast message as output.

2022-09-05

TSS round five for tECDSA signing Here we implement the TSS round five for the tECDSA signing protocol. This round expects simple broadcast messages produced in round four as input and produces a simple broadcast message as output.

TSS round four for tECDSA signing Here we implement the TSS round four for the tECDSA signing protocol. This round expects simple broadcast messages produced in round three as input and produces a simple broadcast message as output.

TSS round three for tECDSA signing Here we implement the TSS round three for the tECDSA signing protocol. This round expects aggregate messages produced in TSS round two as input. Each input message consists of encrypted parts intended for specific participants. The TSS round three produces a simple message as output. The output message has only the public broadcast part.

TSS round two for tECDSA signing Here we implement the TSS round two for the tECDSA signing protocol. This round expects aggregate messages produced in TSS round one as input. Each input message consists of a public broadcast part and encrypted parts intended for specific participants. The TSS round two produces an aggregate message as output. The output message has only the encrypted point-to-point parts and, unlike the previous round output, does not contain the public broadcast part.

2022-09-02

Remove unused field from beacon's EphemeralPublicKey protobuf

2022-08-31

Components and setup of TSS round one for tECDSA signing Here we define all the required components (state, message, member, etc) for the TSS round one for tECDSA signing, and we implement the setup logic that is done upon switch from the symmetric key generation phase.

Ephemeral key exchange and symmetric key generation phases for tECDSA signing Here we introduce the two first phases of the tECDSA signing protocol that are about exchanging ephemeral keys and generating symmetric keys. Symmetric keys are meant to secure P2P communication in later phases of the protocol. Basically, the code was ported from the sibling `pkg/tecdsa/dkg` package that also uses those two phases at the beginning.

2022-08-25

Merge branch 'main' into dkg-result-submission-tbtc

2022-08-22

Merge branch 'main' into tbtc-dkg-retry # Conflicts: # pkg/tbtc/node.go # pkg/tecdsa/dkg/dkg.go

2022-08-19

Merge branch 'main' into dkg-result-submission-tbtc

2022-08-17

Added sessionID to resultSignatureMessage

Merge branch 'main' into dkg-result-submission-tbtc

2022-08-16

Renamed message

Move TSS pre-params marshalling code to dkg package TSS pre-params are important only for DKG. Also, the dkg package is where the pre-params pool lives.

2022-08-15

Merge branch 'main' into tbtc-dkg-retry

Use separate preparams pb type for LocalPreParams and LocalPartySaveData In 9c62fdd I promoted LocalPreParams to be defined outside of LocalPartySaveData. With this change, in 78dc79f, I could move LocalPreParams message to a separate file. This message is used by LocalPartySaveData and by PreParams that will be saved on disk. I was struggling with PrivateKey part: it is empty for PreParams (before DKG) and is filled for LocalPartySaveData. After consulting with @lukasz-zimnoch we decided to keep LocalPreParams as internal for LocalPartySaveData and introduce separate LocalPreParams without PrivateKey and use it as an internal message of PreParams. A little duplication seems to be a much smaller problem than introducing the additional complexity related to a field that can be in different states depending on the usage context. Protobuf definitions are meant to describe the shape of data and we think we should not have any details regarding how those data are processed (i.e. this field should be empty before DKG but filled after). Additionally, the structure with re-used pre-params can be error-prone, especially regarding the marshaling code.

Add `sessionID` to the `ephemeralPublicKeyMessage` Just like all other messages exchanged during ECDSA DKG, this message should have the `sessionID` as well. This way we guarantee that messages are not mixed between DKG retries.

Introduced PreParams message definition in preparams.proto PreParams message will be serialized on disk. This way generated and not yet used pre-parameters will survive client restarts.

Extracted LocalPreParams pb definition to a separate file We want to store LocalPreParams on disk and we need to generate LocalPreParams PB type. Doing it ouside of the context of key.pb.go feels cleaner.

Promote LocalPreParams pb type one level higher LocalPreParams has been promoted one level higher in protobuf definition - it is no longer embedded inside LocalPartySaveData. This will allow us to use LocalPreParams outside of the context of LocalPartySaveData.

2022-08-11

Merge branch 'main' into dkg-result-submission-tbtc

2022-08-10

Simplify `tbtc.signer` marshaling

2022-08-05

Marshaling of `tbtc.wallet` and `tbtc.signer`

Marshaling of `tecdsa.PrivateKeyShare` Here we add the code necessary for marshaling and unmarshaling of the `tecdsa.PrivateKeyShare` type. Most of it was directly ported from https://github.com/keep-network/keep-ecdsa/blob/main/pkg/ecdsa/tss/marshaling.go

Rename `pkg/ecdsa` to `pkg/tecdsa` This package is actually about threshold-ECDSA. Renaming it seems to be a good move since we avoid confusion with native `crypto/ecdsa` package, and we will achieve a better naming of package types.

2022-08-04

Used ECDSA DKG result publishing functionalities

2022-08-03

Added new state machine states for ECDSA DKG signing and submission

2022-07-27

Implement TSS round three Adds the TSS round three phase to the ECDSA DKG state machine.

Implement TSS round two Adds the TSS round two phase to the ECDSA DKG state machine.

Adjust param id in the `EphemeralPublicKeyMessage` proto

2022-07-25

Implement TSS round one Adds the TSS round one phase to the ECDSA DKG state machine.

2022-07-14

Store proper group operators on disk Since `RandomBeacon` contract stores the group members as a hash, each client should store the plain text group operators on disk in order to use them for future operations.

2022-07-07

Remove the intermediary `relay` package This package is redundant and makes the structure more complicated. We get an opportunity and remove it.

2022-07-04

Removed unicast channel functionality Since unicast channels will not be used in client v2, all the unicast channel-related code was removed. Maintaing connections bewteen nodes using unicast channels would require opening too many channels. Broadcast channels will most likely be used instead.

2020-05-16

Pass protocol identifier during the handshake There are two protocols run by Keep network: `keep-beacon` and `keep-ecdsa` both initiator and responder are expected to pass the protocol identifier during the handshake. This change lets to eliminate honest, misconfigured nodes from network they do not support.

2020-04-14

Remove unused Join protobuf message

2020-03-10

Merge branch 'master' into signature-shares-validation

2020-02-20

Refactoring of NetworkMessage

2020-02-14

Unicast channel message signing

2020-01-31

Sequence-number-based retransmissions Instead of computing a fingerpting for each received message (bottleneck) and using this fingerprint along with a retransmission counter to filter out duplicates (possibility of accepting the same message twice if order is flipped), we use per-channel sequence ID. This is faster and easier.

2020-01-20

Store computed group public key shares on disk

2019-11-20

Protobuf network message retransmission header changes 1. Renamed `retransmissionSequence` to `retransmission` and changed the type from int32 to uint32. It is not possible retransmission number can be negative so uint32 is better. 2. Removed checksum field. We do not want to trust the sender whether the checksum is correct and it reflects the message type and payload. We'd have to validate the checksum on the receiver side anyway. If the receiver needs to validate the checksum, there is no need to transfer it in the message from sender.

Extend message proto with checksum and sequence Added new fields in message proto in order to handle retransmission in a correct way.

2019-10-09

Rename DisqualifiedEphemeralKeysMessage Renamed DisqualifiedEphemeralKeysMessage to MisbehavedEphemeralKeysMessage. Also, some docs improved.

2019-07-26

Eliminated relay entry SigningID from Go client In the previous commit we removed signing ID from the operator contract. We can have just one ongoing relay entry so we do not need additional identifier. Two changes require more detailed explanation: 1. In local.go, I removed the map of relay entries altogether. The validation we had was not up to date - only one group member submits the entry, it does not make sense to validate if all signatures on entries are the same because multiple entry submissions from the same group are not going to happen - this is validated in other tests. 2. In cmd/relay.go I removed the part capturing request ID. When we run relay command we are bound to one service contract and one operator contract. Since there can be only one relay entry processed, the fact that the relay request was accepted is enough to assume that the relay entry that is going to be produced is "ours".

2019-07-03

Rename requestID to signingId

2019-05-29

Package thresholdsignature renamed to entry We are no longer doing only thresholdsignature there. We are preparing the new entry, signing it and publishing to the chain. Things that were changed additionally: - function CombineEntryToSign renamed to CombineToSign - File thresholdsignature.go renamed to entry.go - Function Execute renamed to SignAndSubmit

2019-05-22

Include request ID in SignatureShareMessage It is possible the same group may work on two or more relay entries at the same time. If that happens we need to be able to distinguish between SignatureShareMessages.

2019-05-15

Merge branch 'master' into state-managment-disk-storage

2019-05-14

Adding `ThresholdSigner` to message.proto as a separate type - Split MembershipMessage to `Membership` and `ThresholdSigner` in message.proto - Added and modified tests to cover the above changes

2019-05-13

Reorganizing group registry and adding marshalling functions - Restructured group registry packaged. Moved it to it's own package. - Added protobuff for Membership struct - Added marshalling functions around Membership in order to save it on disk

2019-05-03

Remove net.NetworkEnvelope Since we'll no longer be signing network messages (we rely on libp2p's pubsub layer to do this), we no longer need an envelope. We can directly use the net.NetworkMessage directly.

Remove unused fields in net.NetworkMessage

2019-04-22

nbstrip process

git ipynb notebook cleanup using nbstripout

2019-04-05

dkg2 package directory renamed to dkg dkg2 was a temporary name when we've been developing a new version of our DKG protocol having the old dkg still in place. Now, after we fully switched to the new version we can do the rename.

2019-03-22

Keep PeerShares message senderID as uint32 proto type

Keep proto share map keys as uint32 We were previously marshalling gjkr.MemberID and member.Index to bytes or string. String type was used for map keys because array of bytes cannot be a map key. We no longer use bytes for serialization and in this commit we port string map keys to uint32 as well. This way, we have all sender/receiver proto representations consistent.

Use uint32 proto type for threshold signature sender ID member.Index is a type aliast for uint32. We can use dedicated proto type for uint32 instead of serializing it to bytes.

Use uint32 as proto type for sender/receiver ID marshalling gjkr.MemberID is member.Index which is a type aliast for uint32. We can use dedicated proto type for uint32 instead of serializing it to bytes.

Revert "Update message sender index marshalling" This reverts commit 92d61a7ec449b37de443144d5d2ad5b3723e1a17. Appoach from GJKR might be wrong and we should change there protobuf to carry uint32 sender ID.

Update message sender index marshalling Marshall sender index to bytes and unmarshall it from bytes.

2019-03-13

Add public key to the message Public Key need to be broadcasted so receivers can verify the signature.

2019-03-12

Rename package to result

2019-03-08

Updated docs for the message

2019-03-07

Extract code to separate package

2019-03-06

Marshaling/Unmarshaling of hash signature message

2019-02-06

Fix for threshold signature process We were comparing transport-level identifier against protocol-level identifier and that was wrong. Actually, we were even failing to cast transport-level identifier to protocol-level identifier before the actual comparison could take place.

2019-02-05

Removed interface for semi-unicast messages in channels After we removed possibility to register association between network and protocol identifier we can no longer send semi-unicast messages from protocol since there is no way to map protocol-level ID to network-level ID. What's more, the implementation of semi-unicast messaging wasn't perfect. Currently, we support only broadcast channels, so all messages, including those with recipient, were sent to all members who joined the channel. It was the responsibility of individual members to filter out messages once received (in protocol code) and those not properly filtered out could yield an error later. This is quite unexpected behaviour if we look only at the SendTo signature allowing to pass recipient's transport ID. For this reason, I removed SendTo method (currently unused by the way) and left only Send which does not accept recipient.

Removed Joint-Feldman implementation of DKG protocol We now use a new implementation based on GJKR protocol for DKG. Previous JF version is no longer used. We do not want to maintain unused code, especially that we can restore it from version control at any point in future, if needed.

2019-01-07

Merge branch 'master' into state-machine

Added new line to the end of the proto file

Marshalling mechanism for DisqualifiedEphemeralKeysMessage