feat: Validator block signatures

CHANGELOG.md

@@ -25,6 +25,7 @@
 - Add `S` generic to `NullifierTree` to allow usage with `LargeSmt`s ([#1353](https://github.com/0xMiden/miden-node/issues/1353)).
 - Removed internal errors from the `miden-network-monitor` ([#1424](https://github.com/0xMiden/miden-node/pull/1424)).
 - [BREAKING] Re-organized RPC protobuf schema to be independent of internal schema ([#1401](https://github.com/0xMiden/miden-node/pull/1401)).
+- [BREAKING] Added block signing capabilities to Validator component and updated gensis bootstrap to sign blocks with configured signer ([#1426](https://github.com/0xMiden/miden-node/pull/1426)).
 - Reduced default block interval from `5s` to `2s` ([#1438](https://github.com/0xMiden/miden-node/pull/1438)).
 - Increased retained account tree history from 33 to 100 blocks to account for the reduced block interval ([#1438](https://github.com/0xMiden/miden-node/pull/1438)).
 

bin/node/.env

@@ -10,6 +10,7 @@ MIDEN_NODE_STORE_RPC_URL=
 MIDEN_NODE_STORE_NTX_BUILDER_URL=
 MIDEN_NODE_STORE_BLOCK_PRODUCER_URL=
 MIDEN_NODE_VALIDATOR_BLOCK_PRODUCER_URL=
+MIDEN_NODE_VALIDATOR_INSECURE_SECRET_KEY=
 MIDEN_NODE_RPC_URL=http://0.0.0.0:57291
 MIDEN_NODE_DATA_DIRECTORY=./
 MIDEN_NODE_ENABLE_OTEL=true

bin/node/Cargo.toml

@@ -21,6 +21,7 @@ tracing-forest = ["miden-node-block-producer/tracing-forest"]
 anyhow                    = { workspace = true }
 clap                      = { features = ["env", "string"], workspace = true }
 fs-err                    = { workspace = true }
+hex                       = { workspace = true }
 humantime                 = { workspace = true }
 miden-node-block-producer = { workspace = true }
 miden-node-ntx-builder    = { workspace = true }

bin/node/Dockerfile

@@ -13,8 +13,6 @@ COPY ./crates ./crates
 COPY ./proto ./proto
 
 RUN cargo install --path bin/node --locked
-RUN rm -rf data accounts && mkdir data accounts
-RUN miden-node bundled bootstrap --data-directory ./data --accounts-directory ./accounts
 
 FROM debian:bullseye-slim
 
@@ -26,8 +24,6 @@ RUN apt-get update && \
     sqlite3 \
     && rm -rf /var/lib/apt/lists/*
 
-COPY --from=builder /app/accounts accounts
-COPY --from=builder /app/data data
 COPY --from=builder /usr/local/cargo/bin/miden-node /usr/local/bin/miden-node
 
 LABEL org.opencontainers.image.authors=devops@miden.team \
@@ -47,6 +43,5 @@ LABEL org.opencontainers.image.created=$CREATED \
 # Expose RPC port
 EXPOSE 57291
 
-# Start the Miden node
 # Miden node does not spawn sub-processes, so it can be used as the PID1
-CMD miden-node bundled start --rpc.url http://0.0.0.0:57291 --data-directory ./data
+CMD miden-node

bin/node/src/commands/bundled.rs

@@ -10,6 +10,9 @@ use miden_node_rpc::Rpc;
 use miden_node_store::Store;
 use miden_node_utils::grpc::UrlExt;
 use miden_node_validator::Validator;
+use miden_objects::block::BlockSigner;
+use miden_objects::crypto::dsa::ecdsa_k256_keccak::SecretKey;
+use miden_objects::utils::Deserializable;
 use tokio::net::TcpListener;
 use tokio::sync::Barrier;
 use tokio::task::JoinSet;
@@ -21,6 +24,8 @@ use crate::commands::{
     DEFAULT_TIMEOUT,
     ENV_ENABLE_OTEL,
     ENV_GENESIS_CONFIG_FILE,
+    ENV_VALIDATOR_INSECURE_SECRET_KEY,
+    INSECURE_VALIDATOR_KEY_HEX,
     NtxBuilderConfig,
     duration_to_human_readable_string,
 };
@@ -43,7 +48,17 @@ pub enum BundledCommand {
         accounts_directory: PathBuf,
         /// Constructs the genesis block from the given toml file.
         #[arg(long, env = ENV_GENESIS_CONFIG_FILE, value_name = "FILE")]
-        genesis_config_file: Option<PathBuf>,
+        genesis_config_file: PathBuf,
+        /// Insecure, hex-encoded validator secret key for development and testing purposes.
+        ///
+        /// If not provided, a predefined key is used.
+        #[arg(
+            long = "validator.insecure.secret-key",
+            env = ENV_VALIDATOR_INSECURE_SECRET_KEY,
+            value_name = "VALIDATOR_INSECURE_SECRET_KEY",
+            default_value = INSECURE_VALIDATOR_KEY_HEX
+        )]
+        validator_insecure_secret_key: String,
     },
 
     /// Runs all three node components in the same process.
@@ -82,6 +97,14 @@ pub enum BundledCommand {
             value_name = "DURATION"
         )]
         grpc_timeout: Duration,
+
+        /// Insecure, hex-encoded validator secret key for development and testing purposes.
+        #[arg(
+            long = "validator.insecure.secret-key",
+            env = ENV_VALIDATOR_INSECURE_SECRET_KEY,
+            value_name = "VALIDATOR_INSECURE_SECRET_KEY"
+        )]
+        validator_insecure_secret_key: Option<String>,
     },
 }
 
@@ -92,12 +115,14 @@ impl BundledCommand {
                 data_directory,
                 accounts_directory,
                 genesis_config_file,
+                validator_insecure_secret_key,
             } => {
                 // Currently the bundled bootstrap is identical to the store's bootstrap.
                 crate::commands::store::StoreCommand::Bootstrap {
                     data_directory,
                     accounts_directory,
                     genesis_config_file,
+                    validator_insecure_secret_key,
                 }
                 .handle()
                 .await
@@ -110,9 +135,20 @@ impl BundledCommand {
                 ntx_builder,
                 enable_otel: _,
                 grpc_timeout,
+                validator_insecure_secret_key,
             } => {
-                Self::start(rpc_url, data_directory, ntx_builder, block_producer, grpc_timeout)
-                    .await
+                let secret_key_hex =
+                    validator_insecure_secret_key.unwrap_or(INSECURE_VALIDATOR_KEY_HEX.into());
+                let signer = SecretKey::read_from_bytes(hex::decode(secret_key_hex)?.as_ref())?;
+                Self::start(
+                    rpc_url,
+                    data_directory,
+                    ntx_builder,
+                    block_producer,
+                    grpc_timeout,
+                    signer,
+                )
+                .await
             },
         }
     }
@@ -124,6 +160,7 @@ impl BundledCommand {
         ntx_builder: NtxBuilderConfig,
         block_producer: BlockProducerConfig,
         grpc_timeout: Duration,
+        signer: impl BlockSigner + Send + Sync + 'static,
     ) -> anyhow::Result<()> {
         // Start listening on all gRPC urls so that inter-component connections can be created
         // before each component is fully started up.
@@ -227,10 +264,14 @@ impl BundledCommand {
         let validator_id = join_set
             .spawn({
                 async move {
-                    Validator { address: validator_address, grpc_timeout }
-                        .serve()
-                        .await
-                        .context("failed while serving validator component")
+                    Validator {
+                        address: validator_address,
+                        grpc_timeout,
+                        signer,
+                    }
+                    .serve()
+                    .await
+                    .context("failed while serving validator component")
                 }
             })
             .id();

bin/node/src/commands/mod.rs

@@ -15,6 +15,10 @@ pub mod rpc;
 pub mod store;
 pub mod validator;
 
+/// A predefined, insecure validator key for development purposes.
+const INSECURE_VALIDATOR_KEY_HEX: &str =
+    "0101010101010101010101010101010101010101010101010101010101010101";
+
 const ENV_BLOCK_PRODUCER_URL: &str = "MIDEN_NODE_BLOCK_PRODUCER_URL";
 const ENV_VALIDATOR_URL: &str = "MIDEN_NODE_VALIDATOR_URL";
 const ENV_BATCH_PROVER_URL: &str = "MIDEN_NODE_BATCH_PROVER_URL";
@@ -31,6 +35,7 @@ const ENV_GENESIS_CONFIG_FILE: &str = "MIDEN_GENESIS_CONFIG_FILE";
 const ENV_MAX_TXS_PER_BATCH: &str = "MIDEN_MAX_TXS_PER_BATCH";
 const ENV_MAX_BATCHES_PER_BLOCK: &str = "MIDEN_MAX_BATCHES_PER_BLOCK";
 const ENV_MEMPOOL_TX_CAPACITY: &str = "MIDEN_NODE_MEMPOOL_TX_CAPACITY";
+const ENV_VALIDATOR_INSECURE_SECRET_KEY: &str = "MIDEN_NODE_VALIDATOR_INSECURE_SECRET_KEY";
 
 const DEFAULT_NTX_TICKER_INTERVAL: Duration = Duration::from_millis(200);
 const DEFAULT_TIMEOUT: Duration = Duration::from_secs(10);