-
Notifications
You must be signed in to change notification settings - Fork 9
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Re-sign and re-share using proofs and EIP1271 signature #100
Changes from 8 commits
2fe1d0f
f329be8
6a8f698
c71c54b
49ee5e9
192e714
798333c
db83ed4
323a9de
b07da73
2b994c0
94c75d9
49a58fb
7cf7e54
01449eb
d160313
cf71c67
2ab1d07
e3599e9
a805153
66aa776
69a6564
2588104
67f0d5d
9de0d2e
48e52ed
a6600b4
30421ef
b596736
b7507a8
7b5def5
07857e5
94936c0
cd66782
f28b9cd
928a72f
0f675a5
9af8315
2c789e9
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,130 @@ | ||
package initiator | ||
|
||
import ( | ||
"context" | ||
"encoding/hex" | ||
"fmt" | ||
"log" | ||
|
||
e2m_core "github.com/bloxapp/eth2-key-manager/core" | ||
cli_utils "github.com/bloxapp/ssv-dkg/cli/utils" | ||
"github.com/bloxapp/ssv-dkg/pkgs/crypto" | ||
"github.com/bloxapp/ssv-dkg/pkgs/initiator" | ||
"github.com/bloxapp/ssv-dkg/pkgs/wire" | ||
"github.com/sourcegraph/conc/pool" | ||
"github.com/spf13/cobra" | ||
"go.uber.org/zap" | ||
) | ||
|
||
func init() { | ||
cli_utils.SetResigningFlags(StartResigning) | ||
} | ||
|
||
var StartResigning = &cobra.Command{ | ||
Use: "resign", | ||
Short: "Resigning DKG results", | ||
RunE: func(cmd *cobra.Command, args []string) error { | ||
fmt.Println(` | ||
██████╗ ██╗ ██╗ ██████╗ ██████╗ ███████╗███████╗██╗ ██████╗ ███╗ ██╗ | ||
██╔══██╗██║ ██╔╝██╔════╝ ██╔══██╗██╔════╝██╔════╝██║██╔════╝ ████╗ ██║ | ||
██║ ██║█████╔╝ ██║ ███╗ ██████╔╝█████╗ ███████╗██║██║ ███╗██╔██╗ ██║ | ||
██║ ██║██╔═██╗ ██║ ██║ ██╔══██╗██╔══╝ ╚════██║██║██║ ██║██║╚██╗██║ | ||
██████╔╝██║ ██╗╚██████╔╝ ██║ ██║███████╗███████║██║╚██████╔╝██║ ╚████║ | ||
╚═════╝ ╚═╝ ╚═╝ ╚═════╝ ╚═╝ ╚═╝╚══════╝╚══════╝╚═╝ ╚═════╝ ╚═╝ ╚═══╝ | ||
`) | ||
|
||
if err := cli_utils.SetViperConfig(cmd); err != nil { | ||
return err | ||
} | ||
if err := cli_utils.BindResigningFlags(cmd); err != nil { | ||
return err | ||
} | ||
logger, err := cli_utils.SetGlobalLogger(cmd, "dkg-initiator") | ||
if err != nil { | ||
return err | ||
} | ||
defer func() { | ||
if err := cli_utils.Sync(logger); err != nil { | ||
log.Printf("Failed to sync logger: %v", err) | ||
} | ||
}() | ||
logger.Info("🪛 Initiator`s", zap.String("Version", cmd.Version)) | ||
// Load operators | ||
opMap, err := cli_utils.LoadOperators(logger) | ||
if err != nil { | ||
logger.Fatal("😥 Failed to load operators: ", zap.Error(err)) | ||
} | ||
operatorIDs, err := cli_utils.StingSliceToUintArray(cli_utils.OperatorIDs) | ||
if err != nil { | ||
logger.Fatal("😥 Failed to load participants: ", zap.Error(err)) | ||
} | ||
ethNetwork := e2m_core.NetworkFromString(cli_utils.Network) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. same here as in initiator.go |
||
arrayOfSignedProofs, err := wire.LoadProofs(cli_utils.ProofsFilePath) | ||
if err != nil { | ||
logger.Fatal("😥 Failed to read proofs json file:", zap.Error(err)) | ||
} | ||
// start the ceremony | ||
ctx := context.Background() | ||
pool := pool.NewWithResults[*Result]().WithContext(ctx).WithFirstError().WithMaxGoroutines(maxConcurrency) | ||
for i := 0; i < len(arrayOfSignedProofs); i++ { | ||
i := i | ||
pool.Go(func(ctx context.Context) (*Result, error) { | ||
// Create new DKG initiator | ||
dkgInitiator, err := initiator.New(opMap.Clone(), logger, cmd.Version, cli_utils.ClientCACertPath) | ||
if err != nil { | ||
return nil, err | ||
} | ||
// Create a new ID | ||
id := crypto.NewID() | ||
nonce := cli_utils.Nonce + uint64(i) | ||
// Perform the resigning ceremony | ||
depositData, keyShares, proofs, err := dkgInitiator.StartResigning(id, operatorIDs, arrayOfSignedProofs[i], ethNetwork, cli_utils.WithdrawAddress.Bytes(), cli_utils.OwnerAddress, nonce) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. remind me if i'm wrong: wasn't the point of proofs to be able to verify the RSA signatures of operators as a confirmation that they approved that file to be used for resiging/resharing? @MatusKysel @pavelkrolevets the spec has a There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. we have this check when we write result files to disk: https://github.com/ssvlabs/ssv-dkg/blob/re-sharing/pkgs/validator/validator.go#L135 There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. yes, but this is a different check on the new proofs right? i think we should also validate the proofs before resigning and resharing, so that we wont start a process that we know is gonna be invalid because the proofs are, and we can let the user know of this issue early There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Ok, agree, added initial proofs validation at initiator before sending messages |
||
if err != nil { | ||
return nil, err | ||
} | ||
logger.Debug("Resigning ceremony completed", | ||
zap.String("id", hex.EncodeToString(id[:])), | ||
zap.Uint64("nonce", nonce), | ||
zap.String("pubkey", keyShares.Shares[0].ShareData.PublicKey), | ||
) | ||
return &Result{ | ||
id: id, | ||
depositData: depositData, | ||
keyShares: keyShares, | ||
nonce: nonce, | ||
proof: proofs, | ||
}, nil | ||
}) | ||
} | ||
results, err := pool.Wait() | ||
if err != nil { | ||
logger.Fatal("😥 Failed to initiate Resigning ceremony: ", zap.Error(err)) | ||
} | ||
var depositDataArr []*wire.DepositDataCLI | ||
var keySharesArr []*wire.KeySharesCLI | ||
var proofs [][]*wire.SignedProof | ||
for _, res := range results { | ||
depositDataArr = append(depositDataArr, res.depositData) | ||
keySharesArr = append(keySharesArr, res.keyShares) | ||
proofs = append(proofs, res.proof) | ||
} | ||
// Save results | ||
logger.Info("🎯 All data is validated.") | ||
if err := cli_utils.WriteResults( | ||
logger, | ||
depositDataArr, | ||
keySharesArr, | ||
proofs, | ||
false, | ||
len(arrayOfSignedProofs), | ||
cli_utils.OwnerAddress, | ||
cli_utils.Nonce, | ||
cli_utils.WithdrawAddress, | ||
cli_utils.OutputPath, | ||
); err != nil { | ||
logger.Fatal("Could not save results", zap.Error(err)) | ||
} | ||
logger.Info("🚀 Resigning ceremony completed") | ||
return nil | ||
}, | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
operatorIDs: [1, 22, 44, 55] | ||
withdrawAddress: "0x81592c3de184a3e2c0dcb5a261bc107bfa91f494" | ||
owner: "0x81592c3de184a3e2c0dcb5a261bc107bfa91f494" | ||
nonce: 10 | ||
network: "holesky" | ||
# operatorsInfo: '[{ | ||
# "id": 1, | ||
# "public_key": "LS0tLS1CRUdJTiBSU0EgUFVCTElDIEtFWS0tLS0tCk1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBdkFXRFppc1d4TUV5MGNwdjhoanAKQThDMWNYZ3VseHkyK0tDNldpWGo3NThuMjl4b1NsNHV1SjgwQ2NqQXJqbGQrWkNEWmxvSlhtMk51L0FFOFRaMgpQRW1UZFcxcGp5TmV1N2RDUWtGTHF3b3JGZ1AzVWdxczdQSEpqSE1mOUtTb1Y0eUxlbkxwYlR0L2tEczJ1Y1c3CnUrY3hvZFJ4d01RZHZiN29mT0FhbVhxR1haZ0NhNHNvdHZmSW9RS1dDaW9MczcvUkM3dHJrUGJONW4rbHQyZWEKd1J1SFRTTlNZcEdmbi9ud0FROHVDaW55SnNQV0Q0NUhldG9GekNKSlBnNjYzVzE1K1VsWU9tQVJCcWtaSVBISAp5V25ORjZTS2tRalI2MDJwQ3RXTkZRMi9wUVFqblJXbUkrU2FjMHhXRVQ3UUlsVmYxSGZ2NWRnWE9OT05hTTlFClN3SURBUUFCCi0tLS0tRU5EIFJTQSBQVUJMSUMgS0VZLS0tLS0K", | ||
# "ip": "http://operator1:3030" | ||
# }, | ||
# { | ||
# "id": 2, | ||
# "public_key": "LS0tLS1CRUdJTiBSU0EgUFVCTElDIEtFWS0tLS0tCk1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBdnRVRWFlallqY3pBUWhnSTQ0S3cKcGZYZjhCNk1ZUjhOMzFmRVFLRGRDVmo5dUNPcHVybzYzSDdxWXNzMzVGaVdxNmRwMjR3M0dCRTAzR1llU1BSZgowTEVBVEJkYlhCVkY3WGR6ei9sV2UrblJNRG1Xdm1DTUZjRlRPRU5FYmhuTXVjOEQ1K3ZFTmo5cTQzbE4vejhqCmE2T2M4S2tEL2E4SW02Nm54ZkRhMjFyMzNaSW9GL1g5d0g2K25EN3Jockx5bzJub1lxaVJpT1NTTkp2R25UY08KazBmckk4b2xFNjR1clhxWXFLN2ZicXNaN082NnphN2ROTmc3MW1EWHlpdDlSTUlyR3lSME5xN0FUSkxwbytoTApEcldoY0h4M0NWb1dQZzNuR2phN0duVFhXU2FWb1JPSnBRVU9oYXgxNVJnZ2FBOHpodGgyOUorNnNNY2R6ZitQCkZ3SURBUUFCCi0tLS0tRU5EIFJTQSBQVUJMSUMgS0VZLS0tLS0K", | ||
# "ip": "http://operator2:3030" | ||
# }, | ||
# { | ||
# "id": 3, | ||
# "public_key": "LS0tLS1CRUdJTiBSU0EgUFVCTElDIEtFWS0tLS0tCk1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBdlFhZlo0ODJQYXRsYnRrOVdIb2MKZDBWdWNWWDk4QUlzenAvazlFTlYyQU82SVhQUXVqU1BtdUZrQTlibThsSllnWTJPb0lQU0RmK1JHWGNMc2R0VApzdEJhQ2JPL0pMOFlSejk4NURKejhBRlhDU0J3bW5mbzROSFptUjJGMVdMTE5CS2wzdVQ5Q1VLbC9RUnpKRFF1CjNNYVJ6eE5FVmdONWtvU1Nid0NxVDNDSCtjam5QU0pIeGhiaTNTaldOSnJFb3ZRUmN3ZUlpYXRrZEdVNWJOUkoKUW1LVldhYzhzVklYN2NDNE54V2RDNG1VM1RPK2Vlei90N2xVcnhSNjdnb21TbGdwaU5weFJ1M2dFajRkSWpINwpsZDlTYW1ObEJPeHV5N0lFMEJpdm5nSUdIKzVwcXZVTXhoM0N5WkVtMjFHd3JTRFhqcVpwWG92OEUwQkQ5eGY4ClN3SURBUUFCCi0tLS0tRU5EIFJTQSBQVUJMSUMgS0VZLS0tLS0K", | ||
# "ip": "http://operator3:3030" | ||
# }, | ||
# { | ||
# "id": 4, | ||
# "public_key": "LS0tLS1CRUdJTiBSU0EgUFVCTElDIEtFWS0tLS0tCk1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBeFRWM2I5OHU4NmtzcEhQcWgrS2QKKzRHd0lSeEhwRHpEZjVlc3hjZytxaTlvbDRERmplUXMrbGloeUp5cGdOMXJwdTlQVnR5cXp2K3k5cEVNa0VXTgovYjBUQmdRMEp5TzdmNGliY1d5UUcrNGhVUS9XY3h1ZW5aUDA3S0VwTjh4Tk8xN3BzbmhRMXRqQVhybDNGN1lYCmlZdXl5Z0Rta2w0YjYrUDR6MjNhR01VSEtnTnJ5aFlZTFV4dWdycDVRTnJTV3lXNXFtb2EvYnJDenQ2RFJYb1UKU25JSkpSUVpPS2NnckdKMHVBYjJDRmtsL0xuaElxT2RZZ21aUG9oRmprVEorRnZNdkZsMjAwZ1BHbVpxUS9MMgpsM2ZBdmhZYlZRMlRVeUtmU2orYXZ1WUFZZnhKeG5OcWlmdkNkVGNmQzc3c0N0eFFERWVjY0pTVnVDbGZWeTFZCll3SURBUUFCCi0tLS0tRU5EIFJTQSBQVUJMSUMgS0VZLS0tLS0K", | ||
# "ip": "http://operator4:3030" | ||
# }]' | ||
operatorsInfoPath: /data/initiator/operators_info.json | ||
outputPath: /data/initiator/output | ||
logLevel: info | ||
logFormat: json | ||
logLevelFormat: capitalColor | ||
logFilePath: /data/initiator/output/initiator_debug.log | ||
# clientCACertPath: /data/initiator/rootCA.crt | ||
proofsFilePath: /data/initiator/output/ceremony-2024-04-22--16-36-19.354/proofs.json |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we should make this fail on invalid input (now it fails silently with unknown outcomes)