Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use the fire coordinator to handle missing or malicious signers #860

Merged
merged 3 commits into from
Nov 19, 2024
Merged

Use the fire coordinator to handle missing or malicious signers #860

merged 3 commits into from
Nov 19, 2024

Conversation

xoloki
Copy link
Collaborator

@xoloki xoloki commented Nov 15, 2024
edited
Loading

Description

This PR changes signer to use the WSTS fire::Coordinator rather than the frost::Coordinator. Whereas the frost::Coordinator will wait for all signers to send nonces when starting a signing round, the fire::Coordinator will take the first threshold of responders and attempt to sign with them.

If a signer sends a nonce but does not send a signature share before the configured timeout, or sends a signature share that fails to verify, it is excluded from further signing, and another iteration of the current round is attempted. So at every iteration, we either get a good signature, or we reduce the number of available signers. Thus, we are guaranteed to converge to a good signature or a failure.

The fire::Coordinator can also run DKG with less than full participation, but we do not anticipate doing so in sBTC v1. The timeouts are also configurable, but this PR does not attempt to configure them; rather they are set to None as per the existing wsts_state_machine::CoordinatorStateMachine::new fn.

Closes: #623

Changes

Testing Information

Existing unit and integration tests should demonstrate sufficiently that this code is working. It was necessary to set the signing threshold to 3/7 for some unit test to work around test harness incompatibility with the fire::Coordinator; this was because the test harness assumed that all signers would send signature shares in every round, which is no longer the case.

Checklist:

  • I have performed a self-review of my code
  • My changes generate no new warnings
  • New and existing unit tests pass locally with my changes
  • Any dependent changes have been merged and published in downstream modules

@xoloki
switch to fire coordinator; fix off-by-ones; enable tracing to help d…
40b1c50 
…ebugging

use fire coordinator convenience function to set aggregate key and party poly

import fire module; update wsts to latest main which handles BIP-34X

map_err can just take a fn doesnt need a closure

drop the threshold to 3 to work around test harness bugs when not all signers sign
@xoloki xoloki requested a review from djordon November 19, 2024 05:21
@xoloki xoloki marked this pull request as ready for review November 19, 2024 05:29
djordon
djordon reviewed Nov 19, 2024
View reviewed changes
Copy link
Collaborator

@djordon djordon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks great! Super simple 🙏🏽.

We should remove the tracing init in the tests and add a todo for "proper" fixes to some of our tests.

signer/src/testing/transaction_coordinator.rs Outdated Show resolved Hide resolved
signer/src/wsts_state_machine.rs Show resolved Hide resolved
signer/src/testing/wsts.rs Show resolved Hide resolved
signer/src/transaction_signer.rs Show resolved Hide resolved
@xoloki xoloki mentioned this pull request Nov 19, 2024
Open
djordon
djordon approved these changes Nov 19, 2024
View reviewed changes
Copy link
Collaborator

@djordon djordon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good! ✅ 🚢

@xoloki xoloki merged commit 55fea35 into main Nov 19, 2024
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@djordon djordon djordon approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Chore]: switch to using FIRE coordinator
2 participants
@xoloki @djordon