Expand description
Recover threshold signatures over an externally synchronized sequencer of items.
This module allows a dynamic set of participants to collectively produce threshold signatures for any ordered sequence of items.
The primary use case for this primitive is to allow blockchain validators to agree on a series of state roots emitted from an opaque consensus process. Because some chains may finalize transaction data but not the output of said transactions during consensus, agreement must be achieved asynchronously over the output of consensus to support state sync and client balance proofs.
_For applications that want to collect threshold signatures over concurrent, sequencer-driven broadcast, check out crate::ordered_broadcast.
§Architecture
The core of the module is the Engine. It manages the agreement process by:
- Requesting externally synchronized commonware_cryptography::Digests
- Signing said digests with BLS commonware_cryptography::bls12381::primitives::poly::PartialSignature
- Multicasting partial signatures to other validators
- Recovering commonware_cryptography::bls12381::primitives::poly::Signatures from a quorum of partial signatures
- Monitoring recovery progress and notifying the application layer of recoveries
The engine interacts with four main components:
- crate::Automaton: Provides external digests
- crate::Reporter: Receives agreement confirmations
- crate::Monitor: Tracks epoch transitions
- crate::ThresholdSupervisor: Manages validator sets and network identities
§Design Decisions
§Missing Signature Resolution
The engine does not try to “fill gaps” when missing threshold signatures. When validators fall behind or miss signatures for certain indices, the tip may skip ahead and those signatures may never be emitted by the local engine. Before skipping ahead, we ensure that at-least-one honest validator has the threshold signature for any skipped index. This design is intentional to prioritize the creation of threshold signatures as fast as possible. By advancing the tip, honest validators can continue producing threshold signatures for new indices rather than getting stuck trying to backfill missing signatures. Validators who are online and honest can maintain consensus even when others fall behind or go offline. Backfilling missing signatures is left to other parts of the application that can implement appropriate recovery strategies.
Modules§
- types
- Types used in aggregation.
Structs§
- Config
- Configuration for the super::Engine.
- Engine
- Instance of the engine.