v3.0.0
Highlights
- Sign multiple chains from a single horcrux cluster. #122 #130 #144
- The same
config.yaml
file can now be used on all cosigners #147 horcrux config migrate
command to migrateconfig.yaml
andshare.json
files from v2 to v3 format.- Each chain to sign blocks for must have a respective key
{chain-id}_shard.json
file. This serves as a dual purpose of authorizing chain IDs for validation and which key shard to sign blocks with for that chain.
Breaking Changes
- Naming and grouping of
config.yaml
properties updated for clarity. (migrate to new format withhorcrux config migrate
) chain-id
in theconfig.yaml
is no-longer-needed/ignored. Thechain-id
that will be used for the signature is now sourced from the vote/proposal sign requests from the sentries.- Cosigner
share.json
key shards, or single signerpriv_validator_key.json
, must now have relevantchain-id
prepended to file name (now{chain-id}_shard.json
or{chain-id}_priv_validator_key.json
respectively).horcrux config migrate
command is provided to automate this migration to the new v3 format. - Ed25519
priv_validator_key.json
key sharding must be done per chain withhorcrux create-ed25519-shards <chain-id> <priv-validator-key-file> <threshold> <number of cosigners (total shards)>
. - Cosigner communication encryption keys are now a separate
rsa_keys.json
file per cosigner. They used to be generated inpriv_validator_key.json
sharding process, but now must be generated separately withhorcrux create-rsa-shards <number of cosigners>
. These keys were split out into a separate file per cosigner because they are one set of keys per cluster, not one set of keys per chain like the ed25519 keys. horcrux config init
no longer takes a[chain-id]
argument.horcrux cosigner start
andhorcrux signer start
are now consolidated intohorcrux start
. ThesignMode
in theconfig.yaml
determines which mode will be used for signing.horcrux cosigner address [bech32]
command is nowhorcrux address <chain-id> [bech32]
horcrux state
commands now require an additionalchain-id
argument.- Removed the following
horcrux config
CLI commands:chain-id set
,peers add
,peers remove
,peers set-shares
,nodes add
,nodes remove
.
Updating:
Due to Cosigner GRPC interface changes, a rolling update from a prior version is not supported.
- shut down all cluster nodes and delete
~/.horcrux/raft
directory - update binary or docker image to
v3.0.0
- run
horcrux config migrate
command to migrate key files and config to new format - start cosigner nodes back up
Changelog
- Update metrics.md by @agouin in #117
- Add signature and timestamp to log for adjusted timestamp visibility by @chillyvee in #118
- Threshold small pr by @nitronit in #98
- Version bump for Project Management workflow by @boojamya in #123
- CLI tidy by @agouin in #132
- Fix single signer state load bug by @agouin in #131
- Update migrating.md by @Neschadin in #127
- Fix leader election flaky test by @agouin in #133
- Phase 1 of ICS by @agouin in #130
- Wait for sign state flush on stop by @agouin in #137
- Lint import aliases by @agouin in #138
- single signer multi chain by @agouin in #139
- Make threshold validator chain ID agnostic by @agouin in #140
- Interchain Security - one remote signer to rule them all by @agouin in #122
- go 1.20 by @agouin in #141
- swap tendermint with cometbft v0.37.0 by @agouin in #142
- key assignment feature by @agouin in #144
- One config file to rule them all and in cryptography bind them by @agouin in #147
- updated usage by @danbryan in #148
- tidy up usage and flags by @agouin in #149
- v3 docs updates by @agouin in #150
- grpc-multi-resolver by @agouin in #151
- v3 polish by @agouin in #153
New Contributors
Full Changelog: v2.1.1...v3.0.0