-
Notifications
You must be signed in to change notification settings - Fork 14
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore: genesis keygen doesn't rely on tests #1667
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Cheers for this, just some unused imports to remove it seems.
( | ||
validator_map.get_id(idx).unwrap().clone(), | ||
KeygenResultInfo { | ||
key: compute_keygen_result( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You call derive_aggregate_pubkey inside this loop. I think it would be nicer to use the already generated one outside of the loop.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Will the result of derive_local_pubkeys_for_parties for each loop be the same? Could move that out as well, if so.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
compute_keygen_result
procudes different keys for different parties (note that we give different shares to each party), so we can't take it outside of the loop.
Will the result of derive_local_pubkeys_for_parties for each loop be the same?
Yes, this particular value will be the same, but I prefer each party calling compute_keygen_result
as this more closely resembles what parties do in a proper cermeony (rather than breaking it apart and creating more opportunities to diverge from ceremony code).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd like to show you what the code could look like if #1671 and the above "move out of loop" where done. As I believe the code will be significantly cleaner, and allow more commonality to be factored out (Thereby actually decreasing the opportunities to diverge).
Thats why I suggested the change, so the checks that pubkey is "good", and be put/factored out into derive_aggregate_pubkey.
Should we use generate_key_data in the single_party_keygen? |
I noticed we derive the pubkey in VerifyCommitmentsBroadcast2, but then we throw it away, and regenerate it at the final stage. Why do we do that? Wouldn't it be nicer to generate it once? My problem with generating it twice is that we only check it is valid (contract compat etc) the first time, but not when we re-generate the key, which is confusing and dangerous IMO. |
Perhaps, but outside of scope. Note that |
I'm assuming you talking about the ceremony code, and not the code contributed here. I don't particularly like having to send it all way through the stages, but you make a valid point, I will open an issue (#1671). |
It seems to work for me. I'm not sure I understand your concern. I do disagree its out of scope though. If you introduce a new method (in this case it is more general than the existing that only allows single partys) of doing something, I believe you should transition all existing code to use that method. |
Genesis keygen now works by calling the low level keygen functions to generate key shares instead of running a full ceremony (and thus relying on unit tests).
Notes for the reviewers:
compute_keygen_result
is extracted out ofcompute_keygen_result_info
without changes (it used to construct KeygenResultInfo by setting params and account id mapping, which I don't think belonged in that function);generate_key_data
should be of the most interest in this PR; it is the new function to be used to generate genesis keys;finalize_keygen
moved outside ofdetail
namespace mostly unchanged (now it also assemblesKeygenResultInfo
from parts)genesis_keys_can_sign
to verify that keyshares are generated correctly