Add onchain committee handoff certs for reconfig#631
Conversation
dlukegordon
force-pushed
the
lukegordon/iop-421-add-onchain-guardian-handoff-certs-for-reconfig
branch
3 times, most recently
from
19b604f to
877fd9a
Compare
dlukegordon
force-pushed
the
lukegordon/iop-421-add-onchain-guardian-handoff-certs-for-reconfig
branch
from
877fd9a to
2c08766
Compare
dlukegordon
changed the title
dlukegordon
force-pushed
the
lukegordon/iop-421-add-onchain-guardian-handoff-certs-for-reconfig
branch
3 times, most recently
from
19db66d to
8367685
Compare
dlukegordon
force-pushed
the
lukegordon/iop-421-add-onchain-guardian-handoff-certs-for-reconfig
branch
2 times, most recently
from
2877ad1 to
f8eda6d
Compare
| entry fun end_reconfig( | ||
| self: &mut Hashi, | ||
| mpc_public_key: vector<u8>, | ||
| cert: CommitteeSignature, | ||
| mpc_cert: CommitteeSignature, | ||
| guardian_handoff_cert: CommitteeSignature, | ||
| ctx: &TxContext, |
There was a problem hiding this comment.
I think we may want to actually break this up into a pre-step that can run in parallel with the mpc key resharing.
We can have the old committee submit their handoff cert (i would probably just drop the "guardian" from the name) and then store that in pending_epoch_change (we can expand that from being just an Option) and then on end_reconfig we require that to be present (when not doing genesis/dkg) at which point we can store the sig
| members: sui::bag::new(ctx), | ||
| epoch: 0, | ||
| committees: sui::bag::new(ctx), | ||
| guardian_handoffs: sui::bag::new(ctx), |
There was a problem hiding this comment.
idk if we need to have a whole new bag, we could always just store it the committees bag using a Handoff { epoch } key.
|
@Bridgerz can you also take a look at this PR. |
|
Is this PR ready for review or still a draft? |
@zhouwfang It is a draft since I don't think it's ready to merge yet, but I'd like people's opinion on the general approach here. |
dlukegordon
force-pushed
the
lukegordon/iop-421-add-onchain-guardian-handoff-certs-for-reconfig
branch
from
f8eda6d to
114c189
Compare
I see. My previous understanding of a draft was "work in progress" and not "ready for review" according to github definition: Happy to take a look. |
Thank you, yes that is the normal definition and I guess I am being confusing. |
| self.verify_with_committee(next_committee, message, cert); | ||
| self.verify_with_committee(next_committee, message, mpc_cert); | ||
|
|
||
| self.verify_with_committee(self.current_committee(), new_committee, guardian_handoff_cert); |
There was a problem hiding this comment.
Genesis aborts here — current_committee() is committees[epoch()], which is empty at epoch 0 during DKG. This verify need to be skipped when there's no prior committee. The parallel pre-step handles this; flagging it as a concrete blocker regardless of the restructure.
| if let Some(new_committee) = pending_committee { | ||
| let handoff = super::convert_move_guardian_handoff( | ||
| hashi_types::move_types::GuardianCommitteeHandoff { | ||
| new_committee: (&new_committee).into(), |
There was a problem hiding this comment.
This now rebuilds new_committee from the bag and re-serializes. If the round-trip isn't byte-exact with the signed bytes, the cached cert won't verify. What about adding new_committee to the event, or relying on scrape?
3 participants
No description provided.