wormhole/whitepapers/0009_guardian_key.md

# Guardian Key Usage

## Objective

- Describe how guardian keys are used and how message confusion is avoided.

## Background

Message confusion could occur when a Guardian signs a message and an attacker replays that message elsewhere where it is interpreted as a different message type, which could lead to unintended behavior.

## Overview

The Guardian Key is used to:

1. Sign gossip messages
   1. heartbeat
   2. governor config and governor status
   3. observation request
2. Sign Observations
   1. Version 1 VAAs

## Detailed Design

Signing of gossip messages:

1. Prepend the message type prefix to the payload
2. Compute Keccak256Hash of the payload.
3. Compute ethcrypto.Sign()

Signing of Observations:

- v1 VAA: `double-Keccak256(observation)`.

Rationale

- Gossip messages cannot be confused with other gossip messages because the message type prefix is prepended.
- Gossip messages cannot be confused with observations because observations utilize a double-Keccak256 and the payload is enforced to be `>=34` bytes.
add whitepaper explaining guardian key usage (#1960) Co-authored-by: tbjump <unknown> 2022-11-23 11:51:58 -08:00			`# Guardian Key Usage`

			`## Objective`

whitepapers: remove batch whitepaper 2024-01-30 12:10:35 -08:00			`- Describe how guardian keys are used and how message confusion is avoided.`
add whitepaper explaining guardian key usage (#1960) Co-authored-by: tbjump <unknown> 2022-11-23 11:51:58 -08:00
			`## Background`

whitepapers: remove batch whitepaper 2024-01-30 12:10:35 -08:00			`Message confusion could occur when a Guardian signs a message and an attacker replays that message elsewhere where it is interpreted as a different message type, which could lead to unintended behavior.`
add whitepaper explaining guardian key usage (#1960) Co-authored-by: tbjump <unknown> 2022-11-23 11:51:58 -08:00
			`## Overview`
whitepapers: remove batch whitepaper 2024-01-30 12:10:35 -08:00
add whitepaper explaining guardian key usage (#1960) Co-authored-by: tbjump <unknown> 2022-11-23 11:51:58 -08:00			`The Guardian Key is used to:`
whitepapers: remove batch whitepaper 2024-01-30 12:10:35 -08:00
add whitepaper explaining guardian key usage (#1960) Co-authored-by: tbjump <unknown> 2022-11-23 11:51:58 -08:00			`1. Sign gossip messages`
whitepapers: remove batch whitepaper 2024-01-30 12:10:35 -08:00			`1. heartbeat`
			`2. governor config and governor status`
			`3. observation request`
add whitepaper explaining guardian key usage (#1960) Co-authored-by: tbjump <unknown> 2022-11-23 11:51:58 -08:00			`2. Sign Observations`
whitepapers: remove batch whitepaper 2024-01-30 12:10:35 -08:00			`1. Version 1 VAAs`
add whitepaper explaining guardian key usage (#1960) Co-authored-by: tbjump <unknown> 2022-11-23 11:51:58 -08:00
			`## Detailed Design`

			`Signing of gossip messages:`
whitepapers: remove batch whitepaper 2024-01-30 12:10:35 -08:00
add whitepaper explaining guardian key usage (#1960) Co-authored-by: tbjump <unknown> 2022-11-23 11:51:58 -08:00			`1. Prepend the message type prefix to the payload`
			`2. Compute Keccak256Hash of the payload.`
			`3. Compute ethcrypto.Sign()`

			`Signing of Observations:`
whitepapers: remove batch whitepaper 2024-01-30 12:10:35 -08:00
			- v1 VAA: `double-Keccak256(observation)`.
add whitepaper explaining guardian key usage (#1960) Co-authored-by: tbjump <unknown> 2022-11-23 11:51:58 -08:00
			`Rationale`

whitepapers: remove batch whitepaper 2024-01-30 12:10:35 -08:00			`- Gossip messages cannot be confused with other gossip messages because the message type prefix is prepended.`
			- Gossip messages cannot be confused with observations because observations utilize a double-Keccak256 and the payload is enforced to be `>=34` bytes.