https://github.com/cardinal-cryptography/peer-verifier
A tool for verifying prospective Testnet validators
https://github.com/cardinal-cryptography/peer-verifier
Last synced: 9 months ago
JSON representation
A tool for verifying prospective Testnet validators
- Host: GitHub
- URL: https://github.com/cardinal-cryptography/peer-verifier
- Owner: Cardinal-Cryptography
- License: apache-2.0
- Created: 2022-06-13T22:07:48.000Z (about 4 years ago)
- Default Branch: main
- Last Pushed: 2023-01-20T11:29:23.000Z (over 3 years ago)
- Last Synced: 2023-08-07T04:38:02.647Z (almost 3 years ago)
- Language: Rust
- Size: 22.5 KB
- Stars: 1
- Watchers: 4
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Peer Verification
This tool is intended to verify a potential candidate for testnet validator.
Package is split into two parts: `signer` and `verifier`.
Signer part will be used by the candidate.
With this program candidate is going to sign a secret message provided by us to prove they own the p2p secret they claim to own.
Verifier part will be used by Aleph Zero team.
With this program we are going to check whether supplied public key derives to supplied peer id, signature of secret message is correct and this peer is connected and up to date with our network.
## Step one: signature generation by Validator candidate
To generate signature, candidate needs a generated p2p secret.
For whole process to work they also need to have a node set up with up to date block creation and public p2p port, so it can be discovered by other nodes as a peer.
To generate signature:
```console
$ signer --message "secret message" --p2p-secret-path "some_path_to_p2p_secret/p2p_secret"
Peer id: 12D3KooWSKmHjpGhJuuR4tasDErtDVq4PQTzecbpDNeQQqyRfHEt
Public key: 08011220f542fa114217121d8d264e52da8c3b2a9363d963e8a37fff058046ddff004655
Signed message: 2160edeec7c777f4e7fea1ddfa6040c7fa937db5d1d691878c0083c4e2e28e5d720c06006afec6a1eeb150c25f7ca7fca7567a3c07823f781065bb8b5a8eeb0f
```
Or, alternatively, using cargo, if for some reason the pre-built binary is unavailable:
```console
$ cargo run --bin signer -- --message "secret message" --p2p-secret-path "some_path_to_p2p_secret/p2p_secret"
Peer id: 12D3KooWSKmHjpGhJuuR4tasDErtDVq4PQTzecbpDNeQQqyRfHEt
Public key: 08011220f542fa114217121d8d264e52da8c3b2a9363d963e8a37fff058046ddff004655
Signed message: 2160edeec7c777f4e7fea1ddfa6040c7fa937db5d1d691878c0083c4e2e28e5d720c06006afec6a1eeb150c25f7ca7fca7567a3c07823f781065bb8b5a8eeb0f
```
Available arguments:
* `--p2p-secret-path` path to p2p secret that is used for signing.
* `--message` secret message that candidate should sign. This argument is optional. If not provided signer will sign peer_id generated from p2p_secret.
After generating signature candidate needs to send peer id, the generated public key and signature to Aleph Zero team.
So in this case one would send the following:
```
12D3KooWSKmHjpGhJuuR4tasDErtDVq4PQTzecbpDNeQQqyRfHEt
08011220f542fa114217121d8d264e52da8c3b2a9363d963e8a37fff058046ddff004655
2160edeec7c777f4e7fea1ddfa6040c7fa937db5d1d691878c0083c4e2e28e5d720c06006afec6a1eeb150c25f7ca7fca7567a3c07823f781065bb8b5a8eeb0f
```
## Step two: verification by Aleph Zero Team
To verify you need a node setup, that you can send unsafe rpc calls to.
Let's say we have a running node with rpc socket on `http://127.0.0.1:9933`.
This node needs to be up to date with block creation.
Also for this process to work we need to have candidate in our peers, so to make sure we connected, we can add it to bootnodes of our node.
Now we call `verifier` to verify peer and the signature:
```console
$ verifier --node "http://127.0.0.1:9933" --block-difference=10 --peer-id "12D3KooWSKmHjpGhJuuR4tasDErtDVq4PQTzecbpDNeQQqyRfHEt" --message "secret message" --public-key 08011220f542fa114217121d8d264e52da8c3b2a9363d963e8a37fff058046ddff004655 --signature 2160edeec7c777f4e7fea1ddfa6040c7fa937db5d1d691878c0083c4e2e28e5d720c06006afec6a1eeb150c25f7ca7fca7567a3c07823f781065bb8b5a8eeb0f
Signature for peer 12D3KooWSKmHjpGhJuuR4tasDErtDVq4PQTzecbpDNeQQqyRfHEt is correct and peer is up to date with block creation at 1386065
```
Or, alternatively, using cargo, if for some reason the pre-built binary is unavailable:
```console
$ cargo run --bin verifier -- --node "http://127.0.0.1:9933" --block-difference=10 --peer-id "12D3KooWSKmHjpGhJuuR4tasDErtDVq4PQTzecbpDNeQQqyRfHEt" --message "secret message" --public-key 08011220f542fa114217121d8d264e52da8c3b2a9363d963e8a37fff058046ddff004655 --signature 2160edeec7c777f4e7fea1ddfa6040c7fa937db5d1d691878c0083c4e2e28e5d720c06006afec6a1eeb150c25f7ca7fca7567a3c07823f781065bb8b5a8eeb0f
Signature for peer 12D3KooWSKmHjpGhJuuR4tasDErtDVq4PQTzecbpDNeQQqyRfHEt is correct and peer is up to date with block creation at 1386065
```
Available arguments:
* `--node` address of a node that we will send unsafe rpc calls to. By default set to `http://127.0.0.1:9933`
* `--block-difference` max block difference with head of our node and head of candidate node. By default set to `10`
* `--peer-id` peer id of node of candidate we want to verify
* `--message` secret message that candidate should sign (provided by us)
* `--public-key` public p2p key of node of candidate, that should derive to peer id
* `--signature` signature of secret message that is generated by signer