2022-11-23 11:51:58 -08:00
# Guardian Key Usage
## Objective
2024-01-30 12:10:35 -08:00
- Describe how guardian keys are used and how message confusion is avoided.
2022-11-23 11:51:58 -08:00
## Background
2024-01-30 12:10:35 -08:00
Message confusion could occur when a Guardian signs a message and an attacker replays that message elsewhere where it is interpreted as a different message type, which could lead to unintended behavior.
2022-11-23 11:51:58 -08:00
## Overview
2024-01-30 12:10:35 -08:00
2022-11-23 11:51:58 -08:00
The Guardian Key is used to:
2024-01-30 12:10:35 -08:00
2022-11-23 11:51:58 -08:00
1. Sign gossip messages
2024-01-30 12:10:35 -08:00
1. heartbeat
2. governor config and governor status
3. observation request
2022-11-23 11:51:58 -08:00
2. Sign Observations
2024-01-30 12:10:35 -08:00
1. Version 1 VAAs
2022-11-23 11:51:58 -08:00
## Detailed Design
Signing of gossip messages:
2024-01-30 12:10:35 -08:00
2022-11-23 11:51:58 -08:00
1. Prepend the message type prefix to the payload
2. Compute Keccak256Hash of the payload.
3. Compute ethcrypto.Sign()
Signing of Observations:
2024-01-30 12:10:35 -08:00
- v1 VAA: `double-Keccak256(observation)` .
2022-11-23 11:51:58 -08:00
Rationale
2024-01-30 12:10:35 -08:00
- Gossip messages cannot be confused with other gossip messages because the message type prefix is prepended.
- Gossip messages cannot be confused with observations because observations utilize a double-Keccak256 and the payload is enforced to be `>=34` bytes.