UPDATE: Now that we started working on Milestone 3 (actually implementing this protocol!) and given how our understanding of Cosmos/Tendermint has improved, we think we could somewhat improve this protocol. Specifically, instead of having 3 txs that need to be initiated by two different parties (the new validator - 2 txs; any validator - 1 tx), we can reduce the protocol to a single tx initiated by the new validator + an implicit transaction that is created from the handler of the first transaction.
Specifically, the revised protocol is summarized in Issue #43. Description is also copied below:
Phase 1:
Description: New node requests the seed
Process:
- register node
- generate report for enclave
Get quote - SafeTrace ref - using enigmacli generate key pair inside of the enclave
- seal + backup private key
- using IAS (proxy node) get report for public key (signed quote)
- enigmacli send tx with public key as a param + report
- bootstrap node handling (only happens for the first node)
Initialization logic for the enclave. See the logic described here in Phase 1 (register_node()): Network key management/agreement
Check whether this can happen automatically inside the globalInitChainer
(also whether this can listen to new blocks and block execution until the new node is confirmed).
- generate report for enclave
Phase 2:
Description: Existing nodes handle the registration and encrypt the key (creates a new transaction that is appended to the same block as part of the consensus)
Process:
- confirm node
- get
register_node()
tx - pass
(new_node_public_key, report)
to the enclave - verify report locally (using hard coded intel’s pub key)
Discovery ref #1
Discovery ref #2 - take
sk_io
withnew_node_public_key
and derive a new symmetric key (usingderive_key
Input/Output/State Encryption/Decryption protocol) - encrypt
seed
with the new symmetric key from the previous step - return from the enclave with the encrypted seed
- write the encrypted seed to chain
Initialization logic for the enclave. See the logic described here in Phases 2+3: Network key management/agreement
- get
Phase 3:
Description: New node passes the seed into its enclave and with that, get start syncing blocks
Process:
-
register_node()
- decrypt seed with
pk_io
and my private key (usingderive_key
Input/Output/State Encryption/Decryption protocol). With the single shared 256-bit seed generated above, we can run the CSPRNG several times to get other 256-bit pseudo-random keys:
- decrypt seed with