Network key management/agreement

UPDATE: Now that we started working on Milestone 3 (actually implementing this protocol!) and given how our understanding of Cosmos/Tendermint has improved, we think we could somewhat improve this protocol. Specifically, instead of having 3 txs that need to be initiated by two different parties (the new validator - 2 txs; any validator - 1 tx), we can reduce the protocol to a single tx initiated by the new validator + an implicit transaction that is created from the handler of the first transaction.

Specifically, the revised protocol is summarized in Issue #43. Description is also copied below:

Phase 1:

Description: New node requests the seed

Process:

• register node
  • generate report for enclave
    Get quote - SafeTrace ref
  • using enigmacli generate key pair inside of the enclave
  • seal + backup private key
  • using IAS (proxy node) get report for public key (signed quote)
  • enigmacli send tx with public key as a param + report
  • bootstrap node handling (only happens for the first node)
    Initialization logic for the enclave. See the logic described here in Phase 1 (register_node()): Network key management/agreement
    Check whether this can happen automatically inside the global InitChainer (also whether this can listen to new blocks and block execution until the new node is confirmed).

Phase 2:

Description: Existing nodes handle the registration and encrypt the key (creates a new transaction that is appended to the same block as part of the consensus)

Process:

• confirm node
  • get register_node() tx
  • pass (new_node_public_key, report) to the enclave
  • verify report locally (using hard coded intel’s pub key)
    Discovery ref #1
    Discovery ref #2
  • take sk_io with new_node_public_key and derive a new symmetric key (using derive_key Input/Output/State Encryption/Decryption protocol)
  • encrypt seed with the new symmetric key from the previous step
  • return from the enclave with the encrypted seed
  • write the encrypted seed to chain
    Initialization logic for the enclave. See the logic described here in Phases 2+3: Network key management/agreement

Phase 3:

Description: New node passes the seed into its enclave and with that, get start syncing blocks

Process:

• register_node()
  • decrypt seed with pk_io and my private key (using derive_key Input/Output/State Encryption/Decryption protocol). With the single shared 256-bit seed generated above, we can run the CSPRNG several times to get other 256-bit pseudo-random keys: