38 lines
1.0 KiB
Markdown
38 lines
1.0 KiB
Markdown
# Guardian Key Usage
|
|
|
|
## Objective
|
|
|
|
- Describe how guardian keys are used and how message confusion is avoided.
|
|
|
|
## Background
|
|
|
|
Message confusion could occur when a Guardian signs a message and an attacker replays that message elsewhere where it is interpreted as a different message type, which could lead to unintended behavior.
|
|
|
|
## Overview
|
|
|
|
The Guardian Key is used to:
|
|
|
|
1. Sign gossip messages
|
|
1. heartbeat
|
|
2. governor config and governor status
|
|
3. observation request
|
|
2. Sign Observations
|
|
1. Version 1 VAAs
|
|
|
|
## Detailed Design
|
|
|
|
Signing of gossip messages:
|
|
|
|
1. Prepend the message type prefix to the payload
|
|
2. Compute Keccak256Hash of the payload.
|
|
3. Compute ethcrypto.Sign()
|
|
|
|
Signing of Observations:
|
|
|
|
- v1 VAA: `double-Keccak256(observation)`.
|
|
|
|
Rationale
|
|
|
|
- Gossip messages cannot be confused with other gossip messages because the message type prefix is prepended.
|
|
- Gossip messages cannot be confused with observations because observations utilize a double-Keccak256 and the payload is enforced to be `>=34` bytes.
|