feat: add input encryption for validators#2342
Draft
juan518munoz wants to merge 1 commit into
Draft
Conversation
| // Built entirely from state fixed at construction, so the endpoint stays available while a | ||
| // backup subscription holds the serve lock. | ||
| Ok(grpc::transaction::TransactionEncryptionKey { | ||
| scheme: u32::from(u8::from(ValidatorEncryptor::SCHEME)), |
Collaborator
There was a problem hiding this comment.
can we avoid this double casting?
| /// Unlike the per-validator signing key, this value must be identical across every | ||
| /// validator in the set. | ||
| /// | ||
| /// If not provided, a predefined insecure key is used. |
Collaborator
There was a problem hiding this comment.
Should we default to random?
Comment on lines
+48
to
+52
| self.sign_commitment(header.commitment()).await | ||
| } | ||
|
|
||
| /// Signs a commitment using the configured signer. | ||
| pub async fn sign_commitment(&self, commitment: Word) -> anyhow::Result<Signature> { |
Collaborator
There was a problem hiding this comment.
this looks a bit redundant
Comment on lines
+722
to
+741
| fn attestation_commitment_of( | ||
| scheme: u32, | ||
| key_id: u32, | ||
| genesis_commitment: Word, | ||
| public_key: &[u8], | ||
| ) -> Word { | ||
| let genesis_commitment = genesis_commitment.to_bytes(); | ||
| let mut payload = Vec::with_capacity( | ||
| ValidatorEncryptor::ATTESTATION_DOMAIN.len() | ||
| + 2 * size_of::<u32>() | ||
| + genesis_commitment.len() | ||
| + public_key.len(), | ||
| ); | ||
| payload.extend_from_slice(ValidatorEncryptor::ATTESTATION_DOMAIN); | ||
| payload.extend_from_slice(&scheme.to_le_bytes()); | ||
| payload.extend_from_slice(&key_id.to_le_bytes()); | ||
| payload.extend_from_slice(&genesis_commitment); | ||
| payload.extend_from_slice(public_key); | ||
| Hasher::hash(&payload) | ||
| } |
Collaborator
There was a problem hiding this comment.
can we re-use the ValidatorEncryptor definition of this? otherwise we will need to update this on every update of that impl
| ## Unreleased | ||
|
|
||
| - [BREAKING] Updated `miden-protocol` dependencies to use the `next` branch (v0.16). Block and transaction account updates now use the absolute `AccountPatch` representation instead of the relative `AccountDelta`, and the `miden-tx-batch-prover` crate was renamed to `miden-tx-batch` ([#2282](https://github.com/0xMiden/node/pull/2282)). | ||
| - Added the `GetTransactionEncryptionKey` endpoint to the validator and RPC APIs, returning the shared transaction encryption key attested by the serving validator's signing key. The shared secret is configured on the validator via `--encryption-key.hex`. `MIDEN_VALIDATOR_ENCRYPTION_KEY` and must be identical across the validator set ([#2319](https://github.com/0xMiden/node/issues/2319)). |
Collaborator
There was a problem hiding this comment.
lets remove this and use the PR description for the changelog entry
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #2319
Summary
Changelog