Module hdk::countersigning

source ·
Expand description

Signing a single chain entry between multiple participants.

The basic goal is to enable a kind of atomicity across multiple source chains in an environment where countersigners trust each other in some ways but not entirely. Countersigning provides several trust models, including nominating a single party to gather signatures, M of N signers, majority signing buckets, etc.

The integrity layer enforces very little other than the structure of a countersigned entry, to define the session parameters and uniqueness and final signature set. Implementations are expected to drive countersigning sessions through coordinator zomes based on understanding both the expected network topologies and trust between peers on the network.

As various models for driving and finalising systems on the network are defined and implemented they all end up in the countersigning crate.

This is a network level implementation of countersigning which has pros and cons. There are also cryptographic methods of countersigning such as threshold signatures that produce a single proof between multiple participants, which are NOT included in this crate.


  • Locks the local chain to commence a countersigning session.
  • Wrapper function around sys_time to build CounterSigningSessionTimes. These session times are included in the PreflightRequest and bound the countersigning session temporally. This function starts the session “now” in the opinion of the session initiator and ends it after ms milliseconds relative to “now”. The countersigning parties will check these times as part of accepting the preflight request so all system clocks need to be roughly aligned and the ambient network latency must fit comfortably within the session duration.