Clarify public keys vs public key's hashes in comments and docs

bridge/pkg/common/guardianset.go

@@ -12,7 +12,7 @@ import (
 const MaxGuardianCount = 19
 
 type GuardianSet struct {
-	// Guardian's public keys truncated by the ETH standard hashing mechanism (20 bytes).
+	// Guardian's public key hashes truncated by the ETH standard hashing mechanism (20 bytes).
 	Keys []common.Address
 	// On-chain set index
 	Index uint32

bridge/pkg/vaa/structs.go

@@ -219,7 +219,7 @@ func (v *VAA) SigningMsg() (common.Hash, error) {
 	return hash, nil
 }
 
-// VerifySignature verifies the signature of the VAA given a public key
+// VerifySignature verifies the signature of the VAA given the signer addresses.
 func (v *VAA) VerifySignatures(addresses []common.Address) bool {
 	if len(addresses) < len(v.Signatures) {
 		return false

docs/operations.md

@@ -111,7 +111,7 @@ Generate a new key using the `keygen` subcommand:
 
     guardiand keygen --desc "Testnet key foo" /path/to/your.key
 
-The key file includes a human-readable part that includes the public key and the description.
+The key file includes a human-readable part which includes the public key hashes and the description.
 
 ## Deploying
 
@@ -208,7 +208,7 @@ deployment on a dedicated instance - it's easier to understand and troubleshoot.
 You'll have to manage the following keys:
 
  - The **guardian key**, which is the bridge consensus key. This key is very critical - your node uses it to certify
-   VAA messages. The public key is stored in the guardian set on all connected chains. It does not accrue rewards.
+   VAA messages. The public key's hash is stored in the guardian set on all connected chains. It does not accrue rewards.
    It's your share of the multisig mechanism that protect the Wormhole network. The guardian set can be replaced
    if a majority of the guardians agree to sign and publish a new guardian set.
   

docs/protocol.md

@@ -125,9 +125,8 @@ uint8               action
 ```
 
 The `guardian set index` does not need to be in the signed body since it is verifiable using the signature itself which
-is created using the guardian set's key.
+is created using the guardian set's key. It is a number that's monotonically increasing every time a validator set
-It is a monotonically number that's increased every time a validator set update happens and tracks the public key of the
+update happens and tracks the public key hashes of the set.
-set.
 
 #### Actions
 

docs/solana_program.md

@@ -223,7 +223,7 @@ until the `VAA_EXPIRATION_TIME` has passed and can then be evicted using `IEvict
 >
 > **index**: Index of the guardian set
 
-This account is created when a new guardian set is set. It tracks the public key, creation time and expiration time of
+This account is created when a new guardian set is set. It tracks the public key hash, creation time and expiration time of
 this set.
 The expiration time is set when this guardian set is abandoned. When a switchover happens, the guardian-issued VAAs will
 still be valid until the expiration time.

solana/bridge/src/state.rs

@@ -32,7 +32,7 @@ pub struct GuardianSet {
     pub index: u32,
     /// number of keys stored
     pub len_keys: u8,
-    /// public key of the threshold schnorr set
+    /// public key hashes of the guardian set
     pub keys: [[u8; 20]; MAX_LEN_GUARDIAN_KEYS],
     /// creation time
     pub creation_time: u32,

solana/cli/src/main.rs

@@ -935,7 +935,7 @@ fn main() {
                     .index(1)
                     .required(true)
                     .help(
-                        "Specify the bridge program public key"
+                        "Specify the bridge program address"
                     ),
             )
             .arg(
@@ -959,7 +959,7 @@ fn main() {
                         .index(1)
                         .required(true)
                         .help(
-                            "Specify the bridge program public key"
+                            "Specify the bridge program address"
                         ),
                 )
                 .arg(
@@ -1029,7 +1029,7 @@ fn main() {
                         .index(1)
                         .required(true)
                         .help(
-                            "Specify the bridge program public key"
+                            "Specify the bridge program address"
                         ),
                 )
                 .arg(
@@ -1054,7 +1054,7 @@ fn main() {
                         .index(1)
                         .required(true)
                         .help(
-                            "Specify the bridge program public key"
+                            "Specify the bridge program address"
                         ),
                 )
                 .arg(
@@ -1082,7 +1082,7 @@ fn main() {
                         .index(1)
                         .required(true)
                         .help(
-                            "Specify the bridge program public key"
+                            "Specify the bridge program address"
                         ),
                 )
                 .arg(
@@ -1125,7 +1125,7 @@ fn main() {
                         .index(1)
                         .required(true)
                         .help(
-                            "Specify the bridge program public key"
+                            "Specify the bridge program address"
                         ),
                 )
                 .arg(

terra/contracts/README.md

@@ -23,7 +23,8 @@ This contract mostly wraps functionality of the `cw20-base` contract with the fo
 
 ### `wormhole`
 
-This contract controls token transfers, minting and burning as well as maintaining the list of guardians: off-chain entities identified by their public keys, majority of whom can issue commands to the contract.
+This contract controls token transfers, minting and burning as well as maintaining the list of guardians: off-chain
+entities identified by their public key hashes, majority of whom can issue commands to the contract.
 
 `wormhole` bridge processes the following instructions.