-
Notifications
You must be signed in to change notification settings - Fork 9
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Chores grooming #11
Merged
Merged
Chores grooming #11
Changes from 13 commits
Commits
Show all changes
53 commits
Select commit
Hold shift + click to select a range
46a4190
change sever to operator and clint to initiator
pavelkrolevets 8f83e7a
update readme about operator`s priv key
pavelkrolevets 64ee75f
change plaintext password to file
pavelkrolevets a5b52c5
add logs about message signature verification
pavelkrolevets 44e019f
change fork hex to name
pavelkrolevets a6d122f
add identity to initiator
pavelkrolevets 9ddfa77
add security notes to readme
pavelkrolevets aa1c0a7
update flags + docker
pavelkrolevets ba097fb
rename project
pavelkrolevets 8935dad
readme update
pavelkrolevets ecf4e91
fix tests + work on comments
pavelkrolevets 4ad85a0
add test of initiator identity
pavelkrolevets ac06e54
update test operator
pavelkrolevets a71153e
add linter + fixes
pavelkrolevets 18c0b58
comment fixes
pavelkrolevets 79805c5
update configs and paths to store
pavelkrolevets 1174c1f
readme update
pavelkrolevets aecffb6
add .dockerignore
pavelkrolevets 211e779
add logging to file same as ssv
pavelkrolevets 954e17f
update board logger
pavelkrolevets 5d7d73b
readme update
pavelkrolevets 859819e
- Break dkg function into smaller functions
y0sher e02bc02
update tests
pavelkrolevets 1aec967
update tests
pavelkrolevets 70432af
add unhappy flow
pavelkrolevets bf6ce6c
add threshold tests
pavelkrolevets 114b3d8
clean up
pavelkrolevets c3748e6
Merge remote-tracking branch 'origin/chores_grooming' into refactor/l…
pavelkrolevets ff259b4
fix makefile
pavelkrolevets 260398a
Merge pull request #13 from bloxapp/refactor/logging_and_codestyle
pavelkrolevets 8808ccd
Merge branch 'main' into chores_grooming
pavelkrolevets c00be40
add more threshold checks for 4 ops
pavelkrolevets 2495c75
groom log reports
pavelkrolevets 9675a4d
minor fix
pavelkrolevets 4ab3607
add test shares order ar ssv payload
pavelkrolevets d7a439c
move NewID to crypto
pavelkrolevets 7949342
remove VerifyFunc
pavelkrolevets 8765162
move VerifyInitiatorMessage to state
pavelkrolevets c3c1dcd
removed rsa priv from local owner
pavelkrolevets e1caae3
logs path
y0sher e6fd291
change payload strcuture
y0sher 8c9050c
fix payload to v4
y0sher 8704e08
correct help for flag
y0sher 2fad7d7
set default nonce to 0
y0sher 8a21497
fixed integration tests to new format
y0sher 28c4c0a
added single operator/initiator to Makefile
y0sher e79c08b
change withdrawl address to be ETH1
y0sher b0a1ae6
fix test to look for the ETH1 addr
y0sher f09a35a
add hexToAddress function with error handling
pavelkrolevets 62077ed
add error wrapper at state
pavelkrolevets b623cbc
fix operator test
pavelkrolevets a2b65cf
- change ssvpayload name to keyshares
y0sher 695177e
change error to show bad sigs
y0sher File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -2,45 +2,49 @@ | |
# with Go source code. If you know what GOPATH is then you probably | ||
# don't need to bother with make. | ||
|
||
.PHONY: dkgcli test clean build docker-build | ||
.PHONY: install clean build test docker-build docker-operators docker-initiator mockgen-install | ||
|
||
GOBIN = ./build/bin | ||
GO ?= latest | ||
GORUN = env GO111MODULE=on go run | ||
GOINSTALL = env GO111MODULE=on go install -v | ||
GOTEST = env GO111MODULE=on go test -v | ||
# Name of the Go binary output | ||
BINARY_NAME=./bin/dkgcli | ||
BINARY_NAME=./bin/ssv-dkg | ||
# Docker image name | ||
DOCKER_IMAGE=ssv-dkg-tool | ||
DOCKER_IMAGE=ssv-dkg | ||
|
||
install: | ||
$(GOINSTALL) cmd/dkgcli/dkgcli.go | ||
$(GOINSTALL) cmd/ssv-dkg/ssv-dkg.go | ||
@echo "Done building." | ||
@echo "Run dkgcli to launch the tool." | ||
@echo "Run ssv-dkg to launch the tool." | ||
|
||
clean: | ||
env GO111MODULE=on go clean -cache | ||
|
||
# Recipe to compile the Go program | ||
build: | ||
@echo "Building Go binary..." | ||
go build -o $(BINARY_NAME) ./cmd/dkgcli/dkgcli.go | ||
go build -o $(BINARY_NAME) ./cmd/ssv-dkg/ssv-dkg.go | ||
|
||
# Recipe to run tests | ||
test: | ||
@echo "running tests" | ||
go test -p 1 ./... | ||
go test -v -p 1 ./... | ||
|
||
# Recipe to build the Docker image | ||
docker-build: | ||
@echo "Building Docker image..." | ||
docker build -t $(DOCKER_IMAGE) . | ||
|
||
docker-servers: | ||
docker-operators: | ||
@echo "Running servers in docker demo" | ||
docker-compose up --build server1 server2 server3 server4 | ||
docker-compose up --build operator1 operator2 operator3 operator4 | ||
|
||
docker-client: | ||
@echo "Running client in docker demo" | ||
docker-compose up --build client | ||
docker-initiator: | ||
@echo "Running initiator in docker demo" | ||
docker-compose up --build initiator | ||
|
||
mockgen-install: | ||
go install github.com/golang/mock/[email protected] | ||
@which mockgen || echo "Error: ensure `go env GOPATH` is added to PATH" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change | ||||
---|---|---|---|---|---|---|
@@ -1,77 +1,112 @@ | ||||||
# ssv-dkg-tool | ||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. remove tool There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
Suggested change
|
||||||
|
||||||
## Architecture | ||||||
### Build | ||||||
|
||||||
```sh | ||||||
make install | ||||||
``` | ||||||
|
||||||
### Operators data | ||||||
|
||||||
The data of the operators (ID, IP, Pubkey) can be collected in any way, for example a central server that you can pull the data from, or a preset file where all operators data exist. | ||||||
|
||||||
### Build | ||||||
|
||||||
```sh | ||||||
make install | ||||||
Information about operators can be collected at `json` file and supplied to initiator to use for a key generation. | ||||||
|
||||||
Operators info file example (`./examples/operators_integration.json`): | ||||||
|
||||||
```json | ||||||
[ | ||||||
{ | ||||||
"id": 1, | ||||||
"public_key": "LS0tLS1CRUdJTiBSU0....", | ||||||
"ip": "http://localhost:3030" | ||||||
}, | ||||||
{ | ||||||
"id": 2, | ||||||
"public_key": "LS0tLS1CRUdJTiB....", | ||||||
"ip": "http://localhost:3031" | ||||||
} | ||||||
] | ||||||
``` | ||||||
|
||||||
### Server | ||||||
### Operator | ||||||
|
||||||
The dkg server is ran by a SSV operator, an Operator RSA private key is a requirement. | ||||||
The server is able to participate in multiple instances in parallel. | ||||||
Whenever the server receives a message it directs it to the right instance by the identifier, and respond with an answer. | ||||||
The dkg-operator is ran by a SSV operator, an Operator RSA private key is a requirement. | ||||||
The operator is able to participate in multiple DKG ceremonies in parallel. | ||||||
|
||||||
Start a DKG server | ||||||
NOTE: ssv-dkg tool is using an ssv operator private key file. Encrypted and plintext versiaons are supported. If `password` parameter is provided then the dkgcli tool assumes that the operator`s RSA key is encrypted, if not then it assumes that the key is provided as plaintext. | ||||||
|
||||||
#### Start a DKG-operator | ||||||
|
||||||
```sh | ||||||
dkgcli start-dkg-server --privKey ./examples/server1/encrypted_private_key.json --port 3030 --password 12345678 --storeShare true | ||||||
ssv-dkg start-operator --privKey ./examples/operator1/encrypted_private_key.json --port 3030 --password ./password --storeShare true | ||||||
|
||||||
### where | ||||||
--privKey ./encrypted_private_key.json # path to base 64 encoded RSA private key in PKCS #1, ASN.1 DER form. | ||||||
--privKey ./encrypted_private_key.json # path to ssv operator`s private key | ||||||
--port 3030 # port for listening messages | ||||||
--password: 12345678 # password for encrypted keys | ||||||
--storeShare # store created bls key share to a file for later reuse | ||||||
--password: ./password # path to password file to decrypt the key | ||||||
--storeShare # store created bls key share to a file for later reuse if needed | ||||||
``` | ||||||
|
||||||
Its also possible to use yaml configuration file `./config/operator.yaml` for parameters. `dkgcli` will be looking for this file at `./config/` folder. | ||||||
Its also possible to use yaml configuration file `./config/operator.yaml` for parameters. `dkgcli` will be looking for the config file at `./config/` folder. | ||||||
|
||||||
Example: | ||||||
|
||||||
```yaml | ||||||
privKey: ./encrypted_private_key.json | ||||||
password: 12345678 | ||||||
password: ./password | ||||||
port: 3030 | ||||||
storeShare: true | ||||||
``` | ||||||
|
||||||
When using configuration file, run: | ||||||
|
||||||
```sh | ||||||
dkgcli start-dkg-server | ||||||
ssv-dkg start-operator | ||||||
``` | ||||||
|
||||||
### Initiator of DKG key generation | ||||||
### Initiator | ||||||
|
||||||
The initiator uses `init` to create the initial details needed to run DKG between all operators. | ||||||
|
||||||
The initiator uses `init-dkg` to create the initial details needed to run DKG between all operators. | ||||||
Generate initiator identity RSA key pair: | ||||||
|
||||||
```sh | ||||||
dkgcli init-dkg \ | ||||||
ssv-dkg generate-initiator-keys --password 12345678 | ||||||
``` | ||||||
|
||||||
This will create `encrypted_private_key.json` with encrypted by password RSA key pair | ||||||
Write down `password` in any text file, for example to `./password` | ||||||
|
||||||
Run: | ||||||
|
||||||
```sh | ||||||
ssv-dkg init \ | ||||||
--operatorIDs 1,2,3,4 \ | ||||||
--operatorsInfoPath ./examples/operators_integration.json \ | ||||||
--operatorsInfoPath ./operators_integration.json \ | ||||||
--owner 0x81592c3de184a3e2c0dcb5a261bc107bfa91f494 \ | ||||||
--nonce 4 \ | ||||||
--withdrawAddress 0000000000000000000000000000000000000009 \ | ||||||
--fork 00000000 | ||||||
--fork "mainnet" | ||||||
--depositResultsPath deposit.json | ||||||
--ssvPayloadResultsPath payload.json | ||||||
--initiatorPrivKey ./encrypted_private_key.json | ||||||
--initiatorPrivKeyPassword ./password | ||||||
|
||||||
#### where | ||||||
--operatorIDs 1,2,3,4 # operator IDs which will be used for a DKG ceremony | ||||||
--operatorsInfoPath ./examples/operators_integration.json # path to info about operators - ID,base64(RSA pub key), | ||||||
--operatorsInfoPath ./operators_integration.json # path to operators info ID,base64(RSA pub key), | ||||||
--owner 0x81592c3de184a3e2c0dcb5a261bc107bfa91f494 # owner address for the SSV contract | ||||||
--nonce 4 # owner nonce for the SSV contract | ||||||
--fork "00000000" # fork id bytes in HEX | ||||||
--depositResultsPath # path to store the result file | ||||||
--ssvPayloadResultsPath # path to store ssv contract payload file | ||||||
--withdrawAddress # Reward payments of excess balance over 32 ETH will automatically and regularly be sent to a withdrawal address linked to each validator, once provided by the user. Users can also exit staking entirely, unlocking their full validator balance. | ||||||
--fork "mainnet" # fork name: mainnet, prater, or now_test_network | ||||||
--depositResultsPath # path and filename to store the staking deposit file | ||||||
--ssvPayloadResultsPath # path and filename to store ssv contract payload file | ||||||
--initiatorPrivKey ./encrypted_private_key.json # path to ssv initiators`s private key | ||||||
--initiatorPrivKeyPassword: ./password # path to password file to decrypt the key | ||||||
``` | ||||||
|
||||||
Its also possible to use yaml configuration file `./config/initiator.yaml` for parameters. `dkgcli` will be looking for this file at `./config/` folder. | ||||||
Its also possible to use yaml configuration file `./config/initiator.yaml` for parameters. `ssv-dkg` will be looking for this file at `./config/` folder at the same root as the binary. | ||||||
|
||||||
Example: | ||||||
|
||||||
|
@@ -84,25 +119,31 @@ fork: "00000000" | |||||
operatorsInfoPath: ./examples/operators_integration.json | ||||||
depositResultsPath: ./deposit.json | ||||||
ssvPayloadResultsPath: ./payload.json | ||||||
privKey: ./encrypted_private_key.json | ||||||
password: ./password | ||||||
``` | ||||||
|
||||||
When using configuration file, run: | ||||||
|
||||||
```sh | ||||||
dkgcli init-dkg | ||||||
ssv-dkg init | ||||||
``` | ||||||
|
||||||
**_NOTE: Threshold is computed automatically using 3f+1 tolerance._** | ||||||
|
||||||
### Generate RSA operator key | ||||||
--- | ||||||
|
||||||
```sh | ||||||
./dkgcli generate-operator-keys --password 12345678 | ||||||
``` | ||||||
### Security notes | ||||||
|
||||||
--- | ||||||
Here we explain how we secure the communication between DKG ceremony initiator and operators | ||||||
|
||||||
1. Initiator is using RSA key (2048 bits) to sign init message sent to operators. Upon receiving operators verify the sig using pub key at init message. If the sig is valid, operators store this pub key for further verification of messages coming from the initiator(s). | ||||||
2. Operators are using RSA key (ssv operator key - 2048 bits) to sign every message sent back to initiator. | ||||||
3. Initiator verifies every message incoming from any operator using ID and Public Key provided by operators info file, then initiator creates a combined message and signs it. | ||||||
4. Operators verify each of the messages of other operators participating in the ceremony and verifies initiator`s signature of the combined message. | ||||||
5. During the DKG protocol execution, the BLS auth scheme is used - G2 for its signature space and G1 for its public keys | ||||||
|
||||||
### Schema | ||||||
## Architecture | ||||||
|
||||||
![flow](./imgs/DKGinit.drawio.png) | ||||||
|
||||||
|
@@ -210,7 +251,7 @@ Initial message fields: | |||||
|
||||||
### `Switch` instance management | ||||||
|
||||||
The DKG server can handle multiple DKG instances, it saves up to MaxInstances(1024) up to `MaxInstanceTime` (5 minutes). If a new Init arrives we try to clean our list from instances older than `MaxInstanceTime` if we find any, we remove them and add the incoming, otherwise we respond with error that the maximum number of instances is already running. | ||||||
The DKG-operator can handle multiple DKG instances, it saves up to MaxInstances(1024) up to `MaxInstanceTime` (5 minutes). If a new Init arrives we try to clean our list from instances older than `MaxInstanceTime` if we find any, we remove them and add the incoming, otherwise we respond with error that the maximum number of instances is already running. | ||||||
|
||||||
### TODO: | ||||||
|
||||||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
remove tool
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.