Skip to content

add api key bls remote signer #1128

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Jan 18, 2025
Merged

add api key bls remote signer #1128

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
242f553
add api key bls remote signer
shrimalmadhur Jan 17, 2025
802e5db
add flag to flags
shrimalmadhur Jan 17, 2025
386892e
updated eigensdk to dev commit
shrimalmadhur Jan 18, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 4 additions & 4 deletions go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,8 @@ module github.com/Layr-Labs/eigenda
go 1.21.13

require (
github.com/Layr-Labs/eigensdk-go v0.2.0-beta.1.0.20250115171849-5af43b43bf20
github.com/Layr-Labs/eigensdk-go/signer v0.0.0-20250115171849-5af43b43bf20
github.com/Layr-Labs/eigensdk-go v0.2.0-beta.1.0.20250117215126-98d8ff64a9b4
github.com/Layr-Labs/eigensdk-go/signer v0.0.0-20250117220137-5b7cf552998b
github.com/aws/aws-sdk-go-v2 v1.26.1
github.com/aws/aws-sdk-go-v2/credentials v1.17.11
github.com/aws/aws-sdk-go-v2/feature/dynamodb/attributevalue v1.13.12
Expand Down Expand Up @@ -47,7 +47,7 @@ require (
github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect
github.com/DataDog/zstd v1.5.2 // indirect
github.com/KyleBanks/depth v1.2.1 // indirect
github.com/Layr-Labs/cerberus-api v0.0.2-0.20250108174619-d5e1eb03fbd5 // indirect
github.com/Layr-Labs/cerberus-api v0.0.2-0.20250117193600-e69c5e8b08fd // indirect
github.com/Microsoft/go-winio v0.6.2 // indirect
github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5 // indirect
github.com/PuerkitoBio/purell v1.1.1 // indirect
Expand All @@ -70,7 +70,7 @@ require (
github.com/aws/smithy-go v1.20.2 // indirect
github.com/bits-and-blooms/bitset v1.13.0 // indirect
github.com/bytedance/sonic v1.9.2 // indirect
github.com/cenkalti/backoff/v4 v4.2.1 // indirect
github.com/cenkalti/backoff/v4 v4.3.0 // indirect
github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311 // indirect
github.com/cockroachdb/errors v1.11.3 // indirect
github.com/cockroachdb/fifo v0.0.0-20240606204812-0bbfbd93a7ce // indirect
Expand Down
16 changes: 8 additions & 8 deletions go.sum
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,12 +8,12 @@ github.com/DataDog/zstd v1.5.2 h1:vUG4lAyuPCXO0TLbXvPv7EB7cNK1QV/luu55UHLrrn8=
github.com/DataDog/zstd v1.5.2/go.mod h1:g4AWEaM3yOg3HYfnJ3YIawPnVdXJh9QME85blwSAmyw=
github.com/KyleBanks/depth v1.2.1 h1:5h8fQADFrWtarTdtDudMmGsC7GPbOAu6RVB3ffsVFHc=
github.com/KyleBanks/depth v1.2.1/go.mod h1:jzSb9d0L43HxTQfT+oSA1EEp2q+ne2uh6XgeJcm8brE=
github.com/Layr-Labs/cerberus-api v0.0.2-0.20250108174619-d5e1eb03fbd5 h1:s24M6HYObEuV9OSY36jUM09kp5fOhuz/g1ev2qWDPzU=
github.com/Layr-Labs/cerberus-api v0.0.2-0.20250108174619-d5e1eb03fbd5/go.mod h1:Lm4fhzy0S3P7GjerzuseGaBFVczsIKmEhIjcT52Hluo=
github.com/Layr-Labs/eigensdk-go v0.2.0-beta.1.0.20250115171849-5af43b43bf20 h1:VvMSIsQ9FUqq9GWrT79kLQPcZmIig8UhGIIyqeKN8Ew=
github.com/Layr-Labs/eigensdk-go v0.2.0-beta.1.0.20250115171849-5af43b43bf20/go.mod h1:G4yqiK+5NfUuEMVGGncOEm7QskuGRPmKA7bKxpPzPT4=
github.com/Layr-Labs/eigensdk-go/signer v0.0.0-20250115171849-5af43b43bf20 h1:eSzVi6VgNXtWWXRxPO0hIv5GNIiF96XRySn2w8fNj+I=
github.com/Layr-Labs/eigensdk-go/signer v0.0.0-20250115171849-5af43b43bf20/go.mod h1:A8KqCQnvx8BERH35etN9VlubNSpR92zrogV6LkV9hHo=
github.com/Layr-Labs/cerberus-api v0.0.2-0.20250117193600-e69c5e8b08fd h1:prMzW4BY6KZtWEanf5EIsyHzIZKCNV2mVIXrE6glRRM=
github.com/Layr-Labs/cerberus-api v0.0.2-0.20250117193600-e69c5e8b08fd/go.mod h1:Lm4fhzy0S3P7GjerzuseGaBFVczsIKmEhIjcT52Hluo=
github.com/Layr-Labs/eigensdk-go v0.2.0-beta.1.0.20250117215126-98d8ff64a9b4 h1:J87Iugb89qx+2CyotZUHLOg6za0VedP7yv8HB6ZNk20=
github.com/Layr-Labs/eigensdk-go v0.2.0-beta.1.0.20250117215126-98d8ff64a9b4/go.mod h1:YNzORpoebdDNv0sJLm/H9LTx72M85zA54eBSXI5DULw=
github.com/Layr-Labs/eigensdk-go/signer v0.0.0-20250117220137-5b7cf552998b h1:zkDr/ng4KI9WVwwkVF6Jjh8is3IBM/yuvKRDHzjg3w0=
github.com/Layr-Labs/eigensdk-go/signer v0.0.0-20250117220137-5b7cf552998b/go.mod h1:auVQv3GD/25A2C/DD0/URyQaUwniQlS2ebEVBsvlDIM=
github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY=
github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU=
github.com/Microsoft/hcsshim v0.11.4 h1:68vKo2VN8DE9AdN4tnkWnmdhqdbpUFM8OF3Airm7fz8=
Expand Down Expand Up @@ -93,8 +93,8 @@ github.com/btcsuite/btcd/chaincfg/chainhash v1.0.1/go.mod h1:7SFka0XMvUgj3hfZtyd
github.com/bytedance/sonic v1.5.0/go.mod h1:ED5hyg4y6t3/9Ku1R6dU/4KyJ48DZ4jPhfY1O2AihPM=
github.com/bytedance/sonic v1.9.2 h1:GDaNjuWSGu09guE9Oql0MSTNhNCLlWwO8y/xM5BzcbM=
github.com/bytedance/sonic v1.9.2/go.mod h1:i736AoUSYt75HyZLoJW9ERYxcy6eaN6h4BZXU064P/U=
github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqylYbM=
github.com/cenkalti/backoff/v4 v4.2.1/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8=
github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
github.com/cespare/cp v0.1.0 h1:SE+dxFebS7Iik5LK0tsi1k9ZCxEaFX4AjQmoyA+1dJk=
github.com/cespare/cp v0.1.0/go.mod h1:SOGHArjBr4JWaSDEVpWpo/hNg6RoKrls6Oh40hiwW+s=
github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
Expand Down
6 changes: 6 additions & 0 deletions node/config.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -178,6 +178,7 @@ func NewConfig(ctx *cli.Context) (*Config, error) {
blsPublicKeyHex := ctx.GlobalString(flags.BLSPublicKeyHexFlag.Name)
blsKeyFilePath := ctx.GlobalString(flags.BlsKeyFileFlag.Name)
blsKeyPassword := ctx.GlobalString(flags.BlsKeyPasswordFlag.Name)
blsSignerAPIKey := ctx.GlobalString(flags.BLSSignerAPIKeyFlag.Name)

if blsRemoteSignerEnabled && (blsRemoteSignerUrl == "" || blsPublicKeyHex == "") {
return nil, fmt.Errorf("BLS remote signer URL and Public Key Hex is required if BLS remote signer is enabled")
Expand All @@ -186,6 +187,10 @@ func NewConfig(ctx *cli.Context) (*Config, error) {
return nil, fmt.Errorf("BLS key file and password is required if BLS remote signer is disabled")
}

if blsRemoteSignerEnabled && blsSignerAPIKey == "" {
return nil, fmt.Errorf("BLS signer API key is required if BLS remote signer is enabled")
}
Comment on lines +190 to +192
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this requirement predicated on a new version of Cerberus that also requires API key? I've got remote BLS running on my testnet now with Cerberus. When I upgrade my node, do I need to simultaneously upgrade Cerberus? If I upgrade Cerberus first, will my node fail to remote sign until upgraded with this change?

Copy link
Contributor Author

@shrimalmadhur shrimalmadhur Jan 18, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes basically you will have to clean import on the new version of cerberus - since it sets up a DB and then persists some metadata for the keys - if you are already running cerberus. You will have to upgrade both together
not ideal but given only few folks (2-3 folks outside us) are testing right now on testnet it's an okay process. wdyt?

Basically steps

  • Upgrade Cerberus (with postgres)
  • Reimport key which will give you API key
  • Add that in .env on eigenda with latest eigenda release
  • restart eigenda

there could be missed batches in between which won't be able to sign due to this inconsistency

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yea, as long as current testnet users are in the loop, seems ok.

If possible might make sense to disable remote singing on node as first step - reverting to local BLS, to allow for Cerberus upgrade validation outside production path. Or maybe recommend users spin up new Cerberus alongside old Cerberus on new port so that they can import and validate new Cerberus is ready before pulling the switch. Then update .env and bump node release.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

that's a good point. I will write an upgrade guide in release notes with these options and share. good call on that.


if blsRemoteSignerEnabled {
signerType = blssignerTypes.Cerberus
}
Expand All @@ -199,6 +204,7 @@ func NewConfig(ctx *cli.Context) (*Config, error) {
CerberusPassword: blsKeyPassword,
EnableTLS: enableTLS,
TLSCertFilePath: ctx.GlobalString(flags.BLSSignerCertFileFlag.Name),
CerberusAPIKey: blsSignerAPIKey,
}
} else {
privateBls := ctx.GlobalString(flags.TestPrivateBlsFlag.Name)
Expand Down
9 changes: 9 additions & 0 deletions node/flags/flags.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -347,6 +347,14 @@ var (
Required: false,
EnvVar: common.PrefixEnvVar(EnvVarPrefix, "BLS_SIGNER_CERT_FILE"),
}

BLSSignerAPIKeyFlag = cli.StringFlag{
Name: common.PrefixFlag(FlagPrefix, "bls-signer-api-key"),
Usage: "The API key for the BLS signer. Only required if BLSRemoteSignerEnabled is true",
Required: false,
EnvVar: common.PrefixEnvVar(EnvVarPrefix, "BLS_SIGNER_API_KEY"),
}

PprofHttpPort = cli.StringFlag{
Name: common.PrefixFlag(FlagPrefix, "pprof-http-port"),
Usage: "the http port which the pprof server is listening",
Expand Down Expand Up @@ -406,6 +414,7 @@ var optionalFlags = []cli.Flag{
BLSRemoteSignerUrlFlag,
BLSPublicKeyHexFlag,
BLSSignerCertFileFlag,
BLSSignerAPIKeyFlag,
EnableV2Flag,
OnchainStateRefreshIntervalFlag,
ChunkDownloadTimeoutFlag,
Expand Down
2 changes: 2 additions & 0 deletions node/plugin/cmd/main.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,7 @@ func main() {
plugin.BLSRemoteSignerUrlFlag,
plugin.BLSPublicKeyHexFlag,
plugin.BLSSignerCertFileFlag,
plugin.BLSSignerAPIKeyFlag,
}
app.Name = "eigenda-node-plugin"
app.Usage = "EigenDA Node Plugin"
Expand All @@ -66,6 +67,7 @@ func pluginOps(ctx *cli.Context) {
TLSCertFilePath: config.BLSSignerCertFile,
Path: config.BlsKeyFile,
Password: config.BlsKeyPassword,
CerberusAPIKey: config.BLSSignerAPIKey,
}
if config.BLSRemoteSignerUrl != "" {
signerCfg.SignerType = blssignerTypes.Cerberus
Expand Down
9 changes: 9 additions & 0 deletions node/plugin/config.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -84,6 +84,13 @@ var (
EnvVar: common.PrefixEnvVar(flags.EnvVarPrefix, "BLS_SIGNER_CERT_FILE"),
}

BLSSignerAPIKeyFlag = cli.StringFlag{
Name: "bls-signer-api-key",
Usage: "The API key for the BLS signer. Only required if BLSRemoteSignerEnabled is true",
Required: false,
EnvVar: common.PrefixEnvVar(flags.EnvVarPrefix, "BLS_SIGNER_API_KEY"),
}

// The socket and the quorums to register.
SocketFlag = cli.StringFlag{
Name: "socket",
Expand Down Expand Up @@ -149,6 +156,7 @@ type Config struct {
EigenDAServiceManagerAddr string
ChurnerUrl string
NumConfirmations int
BLSSignerAPIKey string
}

func NewConfig(ctx *cli.Context) (*Config, error) {
Expand Down Expand Up @@ -190,5 +198,6 @@ func NewConfig(ctx *cli.Context) (*Config, error) {
EigenDAServiceManagerAddr: ctx.GlobalString(EigenDAServiceManagerFlag.Name),
ChurnerUrl: ctx.GlobalString(ChurnerUrlFlag.Name),
NumConfirmations: ctx.GlobalInt(NumConfirmationsFlag.Name),
BLSSignerAPIKey: ctx.GlobalString(BLSSignerAPIKeyFlag.Name),
}, nil
}
Loading