shutter-network · blockchainluffy · Aug 7, 2025 · Aug 7, 2025
diff --git a/rolling-shutter/keyperimpl/shutterservice/handlers.go b/rolling-shutter/keyperimpl/shutterservice/handlers.go
@@ -182,6 +182,11 @@ func ValidateDecryptionKeysSignatures(
 	extra *p2pmsg.ShutterServiceDecryptionKeysExtra,
 	keyperSet *obskeyperdatabase.KeyperSet,
 ) (pubsub.ValidationResult, error) {
+	// Allow for empty signatures and signer indices
+	if len(extra.SignerIndices) == 0 || len(extra.Signature) == 0 {
+		return pubsub.ValidationAccept, nil
+	}
+
 	if int32(len(extra.SignerIndices)) != keyperSet.Threshold {
 		return pubsub.ValidationReject, errors.Errorf("expected %d signers, got %d", keyperSet.Threshold, len(extra.SignerIndices))
 	}
@@ -248,12 +253,7 @@ func (h *DecryptionKeysHandler) HandleMessage(ctx context.Context, msg p2pmsg.Me
 	extra := keys.Extra.(*p2pmsg.DecryptionKeys_Service).Service
 	serviceDB := database.New(h.dbpool)
 
-	identityPreimages := []identitypreimage.IdentityPreimage{}
-	for _, key := range keys.Keys {
-		identityPreimage := identitypreimage.IdentityPreimage(key.IdentityPreimage)
-		identityPreimages = append(identityPreimages, identityPreimage)
-	}
-	identitiesHash := computeIdentitiesHash(identityPreimages)
+	identitiesHash := computeIdentitiesHashFromKeys(keys.GetKeys())
 	for i, keyperIndex := range extra.SignerIndices {
 		err := serviceDB.InsertDecryptionSignature(ctx, database.InsertDecryptionSignatureParams{
 			Eon:            int64(keys.Eon),

diff --git a/rolling-shutter/keyperimpl/shutterservice/identitieshash.go b/rolling-shutter/keyperimpl/shutterservice/identitieshash.go
@@ -22,3 +22,11 @@ func computeIdentitiesHashFromShares(shares []*p2pmsg.KeyShare) []byte {
 	}
 	return computeIdentitiesHash(identityPreimges)
 }
+
+func computeIdentitiesHashFromKeys(keys []*p2pmsg.Key) []byte {
+	identityPreimges := []identitypreimage.IdentityPreimage{}
+	for _, key := range keys {
+		identityPreimges = append(identityPreimges, identitypreimage.IdentityPreimage(key.IdentityPreimage))
+	}
+	return computeIdentitiesHash(identityPreimges)
+}
diff --git a/rolling-shutter/keyperimpl/shutterservice/messagingmiddleware.go b/rolling-shutter/keyperimpl/shutterservice/messagingmiddleware.go
@@ -1,10 +1,8 @@
 package shutterservice
 
 import (
-	"bytes"
 	"context"
 
-	"github.com/jackc/pgx/v4"
 	"github.com/jackc/pgx/v4/pgxpool"
 	pubsub "github.com/libp2p/go-libp2p-pubsub"
 	"github.com/pkg/errors"
@@ -105,32 +103,7 @@ func (i *MessagingMiddleware) interceptDecryptionKeyShares(
 ) (p2pmsg.Message, error) {
 	queries := database.New(i.dbpool)
 
-	currentDecryptionTrigger, err := queries.GetCurrentDecryptionTrigger(ctx, int64(originalMsg.Eon))
-	if err == pgx.ErrNoRows {
-		log.Warn().
-			Uint64("eon", originalMsg.Eon).
-			Msg("intercepted decryption key shares message with unknown corresponding decryption trigger")
-		return nil, nil
-	} else if err != nil {
-		return nil, errors.Wrapf(err, "failed to get current decryption trigger for eon %d", originalMsg.Eon)
-	}
-	if originalMsg.Eon != uint64(currentDecryptionTrigger.Eon) {
-		log.Warn().
-			Uint64("eon-got", originalMsg.Eon).
-			Int64("eon-expected", currentDecryptionTrigger.Eon).
-			Msg("intercepted decryption key shares message with unexpected eon")
-		return nil, nil
-	}
-
 	identitiesHash := computeIdentitiesHashFromShares(originalMsg.Shares)
-	if !bytes.Equal(identitiesHash, currentDecryptionTrigger.IdentitiesHash) {
-		log.Warn().
-			Uint64("eon", originalMsg.Eon).
-			Hex("expectedIdentitiesHash", currentDecryptionTrigger.IdentitiesHash).
-			Hex("actualIdentitiesHash", identitiesHash).
-			Msg("intercepted decryption key shares message with unexpected identities hash")
-		return nil, nil
-	}
 
 	identityPreimages := []identitypreimage.IdentityPreimage{}
 	for _, share := range originalMsg.Shares {
@@ -176,32 +149,23 @@ func (i *MessagingMiddleware) interceptDecryptionKeys(
 	ctx context.Context,
 	originalMsg *p2pmsg.DecryptionKeys,
 ) (p2pmsg.Message, error) {
-	// TODO: update flag in event table to notify the decryption is already done
 	if originalMsg.Extra != nil {
 		return originalMsg, nil
 	}
 
 	serviceDB := database.New(i.dbpool)
 	obsKeyperDB := obskeyperdatabase.New(i.dbpool)
-	trigger, err := serviceDB.GetCurrentDecryptionTrigger(ctx, int64(originalMsg.Eon))
-	if err == pgx.ErrNoRows {
-		log.Warn().
-			Uint64("eon", originalMsg.Eon).
-			Msg("unknown decryption trigger for intercepted keys message")
-		return nil, nil
-	}
-	if err != nil {
-		return nil, errors.Wrapf(err, "failed to get current decryption trigger for eon %d", originalMsg.Eon)
-	}
 
 	keyperSet, err := obsKeyperDB.GetKeyperSetByKeyperConfigIndex(ctx, int64(originalMsg.Eon))
 	if err != nil {
 		return nil, errors.Wrapf(err, "failed to get keyper set from database for eon %d", originalMsg.Eon)
 	}
 
+	identitiesHash := computeIdentitiesHashFromKeys(originalMsg.GetKeys())
+
 	signatures, err := serviceDB.GetDecryptionSignatures(ctx, database.GetDecryptionSignaturesParams{
 		Eon:            int64(originalMsg.Eon),
-		IdentitiesHash: trigger.IdentitiesHash,
+		IdentitiesHash: identitiesHash,
 		Limit:          keyperSet.Threshold,
 	})
 	if err != nil {
@@ -212,7 +176,7 @@ func (i *MessagingMiddleware) interceptDecryptionKeys(
 	if len(signatures) < int(keyperSet.Threshold) {
 		log.Debug().
 			Uint64("eon", originalMsg.Eon).
-			Hex("identities-hash", trigger.IdentitiesHash).
+			Hex("identities-hash", identitiesHash).
 			Int32("threshold", keyperSet.Threshold).
 			Int("num-signatures", len(signatures)).
 			Msg("dropping intercepted keys message as signature count is not high enough yet")
@@ -241,7 +205,7 @@ func (i *MessagingMiddleware) interceptDecryptionKeys(
 
 	log.Info().
 		Uint64("eon", originalMsg.Eon).
-		Hex("identities-hash", trigger.IdentitiesHash).
+		Hex("identities-hash", identitiesHash).
 		Int("num-signatures", len(signatures)).
 		Int("num-keys", len(msg.Keys)).
 		Msg("sending keys")

diff --git a/rolling-shutter/keyperimpl/shutterservice/newblock.go b/rolling-shutter/keyperimpl/shutterservice/newblock.go
@@ -109,7 +109,6 @@ func (kpr *Keyper) triggerDecryption(ctx context.Context,
 	triggeredBlock *syncevent.LatestBlock,
 ) error {
 	coreKeyperDB := corekeyperdatabase.New(kpr.dbpool)
-	serviceDB := servicedatabase.New(kpr.dbpool)
 
 	identityPreimages := make(map[int64][]identitypreimage.IdentityPreimage)
 	lastEonBlock := make(map[int64]int64)
@@ -143,15 +142,6 @@ func (kpr *Keyper) triggerDecryption(ctx context.Context,
 	for eon, preImages := range identityPreimages {
 		sortedIdentityPreimages := sortIdentityPreimages(preImages)
 
-		err := serviceDB.SetCurrentDecryptionTrigger(ctx, servicedatabase.SetCurrentDecryptionTriggerParams{
-			Eon:                  eon,
-			TriggeredBlockNumber: triggeredBlock.Number.Int64(),
-			IdentitiesHash:       computeIdentitiesHash(sortedIdentityPreimages),
-		})
-		if err != nil {
-			return errors.Wrap(err, "failed to insert published decryption trigger into db")
-		}
-
 		trigger := epochkghandler.DecryptionTrigger{
 			// sending last block available for that eon as the key shares will be generated based on the eon associated with this block number
 			BlockNumber:       uint64(lastEonBlock[eon]),