KES Agent

[vfrsilva]

What

Implement a KES agent that handles key persistence securely. This task is the first part of the full Secure KES forgetting effort (preceded by the KES secure forgetting). This task will an agent external to the node that will handle the KES key persistence securely without storing them in SPO's disks.

Why

We use KES to provide security against long range attacks. This is a requirement by the formal analysis and proofs we have for the consensus algorithm. The current node does not safely delete KES keys, and therefore is exposed to this long range attack where an adversary is capable of stealing a bunch of KES keys from the block producers and producing a different adversarial chain. This second part of the task ensure the KES keys are never stored in disk in SPOs machines.

Functional requirements

• Define final version of KES agent
• Implement KES agent

External dependencies

• Node (to create communication with agent)
• Network [?] (same as above)
• Product (define final version)
• CLI

Risks

New design and requirements are not accepted by the SPOs, or by product people

Acceptance Criteria

We have a design accepted by product, a final audit accepted by Charles Morgan and a new testing infrastructure to validate the workings of the agents. No regression

Definition of Done

The SPOs use the agents to handle their key persistence.

Working Assumptions

• Hard fork not required