diff --git a/docs/architecture/adr-034-change-pubkey.md b/docs/architecture/adr-034-change-pubkey.md index 880fe8543..15979759b 100644 --- a/docs/architecture/adr-034-change-pubkey.md +++ b/docs/architecture/adr-034-change-pubkey.md @@ -10,7 +10,7 @@ Proposed ## Context -Currently, in the Cosmos SDK, the address of an auth account is always based on the hash of the public key. Once an account is created, the public key for the account is set in stone, and cannot be changed. This can be a problem for users, as key rotation is a useful security practice, but is not possible currently. Furthermore, as multisigs are a type of pubkey, once a multisig for an account is set, it can not be updated. This is problematic, as multisigs are often used by organizations or companies, who may need to change their set of multisig signers for internal reasons. +Currently, in the Cosmos SDK, the address of an auth `BaseAccount` is based on the hash of the public key. Once an account is created, the public key for the account is set in stone, and cannot be changed. This can be a problem for users, as key rotation is a useful security practice, but is not possible currently. Furthermore, as multisigs are a type of pubkey, once a multisig for an account is set, it can not be updated. This is problematic, as multisigs are often used by organizations or companies, who may need to change their set of multisig signers for internal reasons. Transferring all the assets of an account to a new account with the updated pubkey is not sufficient, because some "engagements" of an account are not easily transferable. For example, in staking, to transfer bonded Atoms, an account would have to unbond all delegations and wait the three week unbonding period. Even more significantly, for validator operators, ownership over a validator is not transferrable at all, meaning that the operator key for a validator can never be updated, leading to poor operational security for validators. @@ -61,3 +61,5 @@ Breaks the current assumed relationship between address and pubkeys as H(pubkey) * Will require that PubKeys for an account are included in the genesis exports. ## References + ++ https://www.algorand.com/resources/blog/announcing-rekeying