DKG Removals (#467)

* Update ValidatorSets with a remove_participant call * Add DkgRemoval, a sign machine for producing the relevant MuSig signatures * Don't use position-dependent u8s yet Public when removing validators from the DKG * Add DkgRemovalPreprocess, DkgRemovalShares Implementation is via a new publish_tributary_tx lambda. This is code is a copy-pasted mess which will need to be cleaned up. * Only allow non-removed validators to vote for removals Otherwise, it's risked that the remaining validators fall below 67% of the original set. * Correct publish_serai_tx, which was prior publish_set_keys in practice
2025-12-09 20:59:23 +00:00 · 2023-12-04 07:04:44 -05:00
parent 99c6375605
commit 797ed49e7b
11 changed files with 1022 additions and 170 deletions
--- a/coordinator/src/tests/tributary/dkg.rs
+++ b/coordinator/src/tests/tributary/dkg.rs
@@ -24,7 +24,10 @@ use processor_messages::{
 use tributary::{TransactionTrait, Tributary};

 use crate::{
-  tributary::{Transaction, TributarySpec, scanner::handle_new_blocks},
+  tributary::{
+    Transaction, TributarySpec,
+    scanner::{PstTxType, handle_new_blocks},
+  },
  tests::{
    MemProcessors, LocalP2p,
    tributary::{new_keys, new_spec, new_tributaries, run_tributaries, wait_for_tx_inclusion},
@@ -85,14 +88,19 @@ async fn dkg_test() {
  ) -> (MemDb, MemProcessors) {
    let mut scanner_db = MemDb::new();
    let processors = MemProcessors::new();
-    handle_new_blocks::<_, _, _, _, _, _, LocalP2p>(
+    handle_new_blocks::<_, _, _, _, _, _, _, _, LocalP2p>(
      &mut scanner_db,
      key,
      |_, _, _, _| async {
        panic!("provided TX caused recognized_id to be called in new_processors")
      },
      &processors,
-      |_, _| async { panic!("test tried to publish a new Serai TX in new_processors") },
+      |_, _, _| async { panic!("test tried to publish a new Serai TX in new_processors") },
+      &|_| async {
+        panic!(
+          "test tried to publish a new Tributary TX from handle_application_tx in new_processors"
+        )
+      },
      spec,
      &tributary.reader(),
    )
@@ -111,14 +119,19 @@ async fn dkg_test() {
  sleep(Duration::from_secs(Tributary::<MemDb, Transaction, LocalP2p>::block_time().into())).await;

  // Verify the scanner emits a KeyGen::Commitments message
-  handle_new_blocks::<_, _, _, _, _, _, LocalP2p>(
+  handle_new_blocks::<_, _, _, _, _, _, _, _, LocalP2p>(
    &mut scanner_db,
    &keys[0],
    |_, _, _, _| async {
      panic!("provided TX caused recognized_id to be called after Commitments")
    },
    &processors,
-    |_, _| async { panic!("test tried to publish a new Serai TX after Commitments") },
+    |_, _, _| async { panic!("test tried to publish a new Serai TX after Commitments") },
+    &|_| async {
+      panic!(
+        "test tried to publish a new Tributary TX from handle_application_tx after Commitments"
+      )
+    },
    &spec,
    &tributaries[0].1.reader(),
  )
@@ -190,14 +203,19 @@ async fn dkg_test() {
  }

  // With just 4 sets of shares, nothing should happen yet
-  handle_new_blocks::<_, _, _, _, _, _, LocalP2p>(
+  handle_new_blocks::<_, _, _, _, _, _, _, _, LocalP2p>(
    &mut scanner_db,
    &keys[0],
    |_, _, _, _| async {
      panic!("provided TX caused recognized_id to be called after some shares")
    },
    &processors,
-    |_, _| async { panic!("test tried to publish a new Serai TX after some shares") },
+    |_, _, _| async { panic!("test tried to publish a new Serai TX after some shares") },
+    &|_| async {
+      panic!(
+        "test tried to publish a new Tributary TX from handle_application_tx after some shares"
+      )
+    },
    &spec,
    &tributaries[0].1.reader(),
  )
@@ -238,12 +256,13 @@ async fn dkg_test() {
  };

  // Any scanner which has handled the prior blocks should only emit the new event
-  handle_new_blocks::<_, _, _, _, _, _, LocalP2p>(
+  handle_new_blocks::<_, _, _, _, _, _, _, _, LocalP2p>(
    &mut scanner_db,
    &keys[0],
    |_, _, _, _| async { panic!("provided TX caused recognized_id to be called after shares") },
    &processors,
-    |_, _| async { panic!("test tried to publish a new Serai TX") },
+    |_, _, _| async { panic!("test tried to publish a new Serai TX") },
+    &|_| async { panic!("test tried to publish a new Tributary TX from handle_application_tx") },
    &spec,
    &tributaries[0].1.reader(),
  )
@@ -308,14 +327,16 @@ async fn dkg_test() {
  }

  // The scanner should successfully try to publish a transaction with a validly signed signature
-  handle_new_blocks::<_, _, _, _, _, _, LocalP2p>(
+  handle_new_blocks::<_, _, _, _, _, _, _, _, LocalP2p>(
    &mut scanner_db,
    &keys[0],
    |_, _, _, _| async {
      panic!("provided TX caused recognized_id to be called after DKG confirmation")
    },
    &processors,
-    |set, tx| {
+    |set, tx_type, tx| {
+      assert_eq!(tx_type, PstTxType::SetKeys);
+
      let spec = spec.clone();
      let key_pair = key_pair.clone();
      async move {
@@ -368,6 +389,7 @@ async fn dkg_test() {
        }
      }
    },
+    &|_| async { panic!("test tried to publish a new Tributary TX from handle_application_tx") },
    &spec,
    &tributaries[0].1.reader(),
  )
--- a/coordinator/src/tests/tributary/mod.rs
+++ b/coordinator/src/tests/tributary/mod.rs
@@ -202,6 +202,17 @@ fn serialize_transaction() {
    random_signed_with_nonce(&mut OsRng, 2),
  ));

+  {
+    let mut key = [0; 32];
+    OsRng.fill_bytes(&mut key);
+    test_read_write(Transaction::DkgRemovalPreprocess(random_sign_data(&mut OsRng, key, 0)));
+  }
+  {
+    let mut key = [0; 32];
+    OsRng.fill_bytes(&mut key);
+    test_read_write(Transaction::DkgRemovalShare(random_sign_data(&mut OsRng, key, 1)));
+  }
+
  {
    let mut block = [0; 32];
    OsRng.fill_bytes(&mut block);