Rekeying
Rekeying is the process of changing hot or cold keys, as well as signature thresholds. It is expected to be used when one of the validators loses access to their key(s) or suspects that they were compromised.
For EVM chains, Safe{Wallet} makes any possible re-key operation simple through their interface. Validator 0 will generate a normal multisig transaction, which the other validators will verify and sign.
For Chia, the portal singleton comes with a built-in update mechanism. After validators have been notified that a rekey is needed, they will each run the following command:
A list of the options and their respective descriptions can be viewed via:
The process to generate the signature is identical to the one used during attestations (generate QR code, scan with Ozone wallet, get signature). The {validator-index}-{signature}
string should be sent to validator 0.
Once enough signatures have been gathered, validator 0 will assemble a spend bundle that upgrades the portal via:
After the transaction is confirmed, validators should update the affected config.json
files. The frontend code configuration will also need to be updated.
Verifying
Use the verify-tx-sig
command of the rekey
module to verify anyone's rekey signature.
Last updated