keygen-docker

Guard Operation: Key Generation

Being a guard, you need a set of secret keys that will be used in multisig operations. One of these keys will be used by the TSS library for EcDSA and EdDSA multisig wallets.

The following document will help you through generating this key by activating the keygen mode in the guard application in a key generation ceremony.

Note: The guard application does not have a UI interface for key generation process.

Docker Deployment

Clone Operation repository and go to operation/guard directory

git clone https://github.com/rosen-bridge/operation.git
cd operation/guard/

Create your environment file .env based on env.template file in the guard directory

cp env.template .env

Set your parameters in .env file

Note: do not use space after = sign

# Required Environments

POSTGRES_PASSWORD= # a random alphanumeric password without special characters (like $%!-#)

POSTGRES_USER= # a random name

POSTGRES_DB= # a random name

POSTGRES_PORT=5432 # 5432 is set as default, you can change it.


# Optional Environments

GUARD_PORT= # (default is 8081 if no value is set)

GUARD_IMAGE_VERSION= # Don't change it!

UI_IMAGE_VERSION= # Don't change it!

Set required permissions and create thresholds.json and local.yaml files in the config directory

touch config/thresholds.json
touch config/local.yaml
sudo chown -R 8080:8080 logs config

Only on MacOS: set 707 permission for the logs directory

# only on MacOS
sudo chmod -R 707 logs

Pull the Docker image

docker compose pull # use `docker-compose pull` for older versions of Docker

In order to instruct the service to generate a new key, copy and paste the following lines in local.yaml file, fill in the required parameters, and save the file.

Ask the keygen ceremony moderator to provide the required info for the FILL_ACCORDING_TO_YOUR_GUARD_SET parameters

# Paste these lines in local.yaml file, fill in the parameters.

keygen: 
  active: true # set true to start keygen process on startup
  guards: FILL_ACCORDING_TO_YOUR_GUARD_SET(number) # total number of guards
  threshold: FILL_ACCORDING_TO_YOUR_GUARD_SET(number) # signing threshold (at least threshold + 1 guards are required)
p2p:
  addresses:
    - peerId: FILL_ACCORDING_TO_YOUR_GUARD_SET
      address: FILL_ACCORDING_TO_YOUR_GUARD_SET

In the guard directory, run the containers

docker compose up # use `docker-compose up` for older versions of Docker

Note: Each guard has a unique peerId that you should provide to the moderator of the keygen ceremony. Your peerId will be whitelisted in the network's relay. Upon starting your guard, you can find the value of this parameter in your guard's logs. For example, you should see a line like this in your log file located at ./logs/guard-logs/ or in your console:

Copy

info: Dialer node started with peerId: 12D3KooWNGaHx3EAdNeKUFxAKrg3EyKFN8gHHw9H5ZiBmRVjxHpG.

In this example, 12D3KooWNGaHx3EAdNeKUFxAKrg3EyKFN8gHHw9H5ZiBmRVjxHpG represents the peerId.

Successful Keygen

After discovering all peers, the colaborative key genaration process will be started. In case of a successful key genaration you can see the following message in the console as well as in the log file located at ./logs/guard-logs/.

info: [keygen] request start keygen with response {"shareID":"17919185987749025101810558434858548363703702891441976713238832618792983045264897561171919","pubKey":"9a685c62d667fd99c22dbd1d8e97b27a268003e146ac8af74b03c5a1f25f4f5f","status":"success"} called

Please provide this data to the moderator of the keygen ceremony to acknowledge your successful operation.

Backup

After a successful keygen ceremony, back up the keygen data as well as the p2p data by executing the following commands in the guard directory:

mkdir guard_data_backup
docker compose cp service:/app/peer-dialer/peer-dialer.json ./guard_data_backup/
docker compose cp service:/app/tss-api/home/eddsa/keygen_data.json ./guard_data_backup/

Note: Keep the directory guard_data_backup in a secure location. Your key share can be found in keygen_data.json.