Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add section on identity #35

Open
lrettig opened this issue Mar 30, 2020 · 1 comment
Open

Add section on identity #35

lrettig opened this issue Mar 30, 2020 · 1 comment

Comments

@lrettig
Copy link
Member

lrettig commented Mar 30, 2020

Nodes in Spacemesh have multiple personality disorder :) They each use multiple, distinct identities. Per @noamnelke (#22 (comment)):

We use 3 distinct keypairs:

For P2P auth - ephemeral, changes every time the node restarts, only used to encrypt communication with peers.
For mining - used for signing blocks, ATXs and hare messages, as well as generate eligibility proofs. We actually have two keypairs for mining using different signing schemes (ED vs. BLS) used for different purposes, but that's the topic for another discussion.
For wallets - used for signing transactions.
Keeping the p2p keypair separate from the others is a privacy enabling feature, since p2p IDs are considered not private - anyone on the network can tell the IP address of any p2p ID. While traffic analysis can help associate the two IDs, there are steps one can take to regain some privacy and we want to add more privacy enabling features in the future (e.g. dandelion).

As an aside, we keep the wallet and node keypairs distinct by default because the security model of these two uses is very different. Stealing one's mining private key without their PoST data can enable disqualifying them in the worst case. With the PoST data, which is much harder to steal since it's huge, it can allow one to steal future revenue, but not covertly.

Stealing one's wallet private key, as you surely understand, allows taking away all of their savings. So while a miner's private key must be kept "hot", the wallet private key can and should be kept in cold storage.

I added the relevant P2P info here to the P2P doc. Consider creating a new doc to talk more about identity and the decision to use distinct keypairs for different purposes.

@noamnelke
Copy link
Member

Worth also noting that the node has no knowledge of the wallet's private key. It only knows the public key of the coinbase account, where mining rewards are sent. Only the wallet, which is separate from the node, has the mechanism to sign transactions. The node will receive a signed transaction and then just broadcast it to the network and include it in blocks and eventually apply it to global state.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants