Add assignment keys to session keys, no separate approvals key #2092
Conversation
rphmeier
added
A3-in_progress
rphmeier
changed the title
github-actions
bot
added
A0-please_review
|
I tested this on a local westend with no issues. I made sure it continued authoring & finalizing beyond the next session change. |
| @@ -38,7 +38,7 @@ We need two separate keys for the approval subsystem: | |||
|
|
|||
| - **Approval assignment keys** are sr25519/schnorrkel keys used only for the assignment criteria VRFs. We implicitly sign assignment notices with approval assignment keys by including their relay chain context and additional data in the VRF's extra message, but exclude these from its VRF input. | |||
|
|
|||
| - **Approval vote keys** would only sign off on candidate parablock validity and has no natural key type restrictions. We could reuse the ed25519 grandpa keys for this purpose since these signatures control access to grandpa, although distant future node configurations might favor separate roles. | |||
| - **Approval vote keys** would only sign off on candidate parablock validity and has no natural key type restrictions. There's no need for this to actualy embody a new session key type. We just want to make a distinction between assignments and approvals, although distant future node configurations might favor separate roles. We re-use the same keys as are used for parachain backing in practice. | |||
There was a problem hiding this comment.
Assignments and approvals need separate keys so that assignments keys can stay on the machine while approvals keys might live on a remote signer.
We employ the same keys for all candidate validity and invalidity statements (approvals, backing, and disputes) because logically these incur similar risks.
There was a problem hiding this comment.
Is there a change in the text you want me to make? I agree with everything you just said
There was a problem hiding this comment.
It's fine I guess. It just confused me on a first reading. What should we actually call them? (candidate) validation keys?
There was a problem hiding this comment.
Yeah, I called them para_validation keys in the runtime description.
| @@ -8,12 +8,13 @@ Helper structs: | |||
|
|
|||
| ```rust | |||
| struct SessionInfo { | |||
| // validators in canonical ordering. | |||
| // validators in canonical ordering. These are the public keys used for backing, | |||
| // dispute participation, and approvals. | |||
| validators: Vec<ValidatorId>, | |||
|
I've tested a local rococo testnet with adder-collator; parachain consensus functions as expected. |
| @@ -90,7 +90,7 @@ pub const VERSION: RuntimeVersion = RuntimeVersion { | |||
| spec_name: create_runtime_str!("kusama"), | |||
| impl_name: create_runtime_str!("parity-kusama"), | |||
| authoring_version: 2, | |||
| spec_version: 2027, | |||
| spec_version: 2028, | |||
There was a problem hiding this comment.
the latest released version is on 2026, right?
https://github.com/paritytech/polkadot/blob/v0.8.26-1/runtime/kusama/src/lib.rs#L91
is the assumption that this will be merged after 0.8.27 branches off?
There was a problem hiding this comment.
cc @s3krit - I believe there's a release queued up currently and we want this to go into the next one. Let me know what I should be doing with the version numbers here.
There was a problem hiding this comment.
Correct. We have already branched off for v0.8.27, so if your intent is for this change to go into v0.8.28 (i.e., the release after v0.8.27, barring any security releases), this looks right
runtime/kusama/src/lib.rs
Outdated
| let mut id = AssignmentId::default(); | ||
| let id_raw: &mut [u8] = id.as_mut(); | ||
| id_raw.copy_from_slice(v.as_ref()); | ||
| id_raw[0..5].copy_from_slice(b"assgn"); |
There was a problem hiding this comment.
where does assgn come from? KeyTypeId is defined as asgn:
pub const ASSIGNMENT_KEY_TYPE_ID: KeyTypeId = KeyTypeId(*b"asgn");
There was a problem hiding this comment.
The only goal of this section is uniqueness per validator and independence from other session keys, which we achieve by combining the (unique) ValidatorId with the text 'assgn'`. I've now changed this to 'asgn' for consistency, although it will not affect observed behavior in any meaningful way.
| @@ -158,6 +158,35 @@ impl<T: pallet_session::Config> | |||
| fn on_disabled(_: usize) { } | |||
| } | |||
|
|
|||
| /// A placeholder since there is currently no provided session key handler for parachain validator | |||
There was a problem hiding this comment.
can be replaced by SessionInfo I guess?
There was a problem hiding this comment.
Not yet everywhere, but in the long term. This struct is used in the polkadot, kusama, westend runtimes where we don't yet enable parachain runtime modules.
| im_online: old.im_online, | ||
| para_validator: old.para_validator, | ||
| para_assignment: { | ||
| // We need to produce a dummy value that's unique for the validator. |
There was a problem hiding this comment.
DQ: Why does that needs to be unique?
There was a problem hiding this comment.
The underlying reason is that frame-session has a KeyOwner: map (KeyTypeId, [u8]) -> ValidatorId. This map requires validators to have unique session keys. From the perspective of this PR, the reason is that upgrade_keys has documented that validators' keys must be unique after the upgrade.
| @@ -1208,7 +1247,7 @@ pub type Executive = frame_executive::Executive< | |||
| frame_system::ChainContext<Runtime>, | |||
| Runtime, | |||
| AllModules, | |||
| FixCouncilHistoricalVotes, | |||
There was a problem hiding this comment.
This PR has mistakenly removed this migration from the next release, while it has not be applied yet. Should have used a tuple of both.
There was a problem hiding this comment.
oh or we already have branched v27? then it is okay.
There was a problem hiding this comment.
Okay -- sorry, it is in the 27 release. Then there are two questions:
-
is there a way to make it possible for this to also be noted in the release note? I first checked there and didn't find it, and then I checked the branch and it was there. cc @s3krit
-
Why is the struct definition not removed? :p
There was a problem hiding this comment.
Yeah, let's add it to the v28 release notes.
"Includes a runtime migration to update session key types to be used for parachain validation and approval. All validators are encouraged to rotate their session keys following the upgrade."
For Polkadot, Kusama, and Westend, sets up a runtime upgrade to migrate the keys that uses paritytech/substrate#7688.
For Rococo and Test-runtime, we still need to wire it up to the
SessionInfomodule somehow. That's beyond the scope of this issue in particular.Unlike we previously thought, we don't need a separate key just for approvals. We can reuse the parachain validation key for this purpose. We'll also use the same key for disputes.
I'll test the migration on a local Westend before marking this ready for review.