certusone
/
wormhole
mirror of https://github.com/certusone/wormhole.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
wormhole/whitepapers/0009_guardian_key.md

1.0 KiB
Raw Blame History

Guardian Key Usage

Objective

  • Describe how guardian keys are used and how message confusion is avoided.

Background

Message confusion could occur when a Guardian signs a message and an attacker replays that message elsewhere where it is interpreted as a different message type, which could lead to unintended behavior.

Overview

The Guardian Key is used to:

  1. Sign gossip messages
    1. heartbeat
    2. governor config and governor status
    3. observation request
  2. Sign Observations
    1. Version 1 VAAs

Detailed Design

Signing of gossip messages:

  1. Prepend the message type prefix to the payload
  2. Compute Keccak256Hash of the payload.
  3. Compute ethcrypto.Sign()

Signing of Observations:

  • v1 VAA: double-Keccak256(observation).

Rationale

  • Gossip messages cannot be confused with other gossip messages because the message type prefix is prepended.
  • Gossip messages cannot be confused with observations because observations utilize a double-Keccak256 and the payload is enforced to be >=34 bytes.