Merge pull request #4570 from stacks-network/4388-nakamoto-stacks-signer-should-store-its-party-shares-on-the-side-to-enable-restart

feat: Nakamoto signer persisting its party shares to enable restart

Author: netrome

.github/workflows/bitcoin-tests.yml

@@ -86,6 +86,7 @@ jobs:
           - tests::signer::stackerdb_block_proposal
           - tests::signer::stackerdb_filter_bad_transactions
           - tests::signer::stackerdb_mine_2_nakamoto_reward_cycles
+          - tests::signer::stackerdb_sign_after_signer_reboot
           - tests::nakamoto_integrations::stack_stx_burn_op_integration_test
           # Do not run this one until we figure out why it fails in CI
           # - tests::neon_integrations::bitcoin_reorg_flap

Cargo.lock

@@ -20,8 +20,7 @@ rand_core = "0.6"
 rand = "0.8"
 rand_chacha = "0.3.1"
 tikv-jemallocator = "0.5.4"
-# wsts = { version = "8.1", default-features = false }
-wsts = { git = "https://github.com/stacks-network/wsts.git", branch = "feat/public-sign-ids", default-features = false }
+wsts = { version = "9.0.0", default-features = false }
 
 # Use a bit more than default optimization for
 #  dev builds to speed up test execution

Cargo.toml

@@ -46,6 +46,8 @@ url = "2.1.0"
 
 [dev-dependencies]
 clarity = { path = "../clarity", features = ["testing"] }
+polynomial = "0.2.6"
+num-traits = "0.2.18"
 
 [dependencies.rusqlite]
 version = "=0.24.2"

stacks-signer/Cargo.toml

@@ -338,19 +338,22 @@ pub fn build_signer_config_tomls(
     timeout: Option<Duration>,
     network: &Network,
     password: &str,
+    run_stamp: u16,
+    mut port_start: usize,
 ) -> Vec<String> {
     let mut signer_config_tomls = vec![];
 
-    let mut port = 30000;
-    let run_stamp = rand::random::<u16>();
-    let db_dir = format!(
-        "/tmp/stacks-node-tests/integrations-signers/{:#X}",
-        run_stamp,
-    );
-    fs::create_dir_all(&db_dir).unwrap();
-    for (ix, stacks_private_key) in stacks_private_keys.iter().enumerate() {
-        let endpoint = format!("localhost:{}", port);
-        port += 1;
+    for stacks_private_key in stacks_private_keys {
+        let endpoint = format!("localhost:{}", port_start);
+        port_start += 1;
+
+        let stacks_public_key = StacksPublicKey::from_private(stacks_private_key).to_hex();
+        let db_dir = format!(
+            "/tmp/stacks-node-tests/integrations-signers/{run_stamp}/signer_{stacks_public_key}"
+        );
+        let db_path = format!("{db_dir}/signerdb.sqlite");
+        fs::create_dir_all(&db_dir).unwrap();
+
         let stacks_private_key = stacks_private_key.to_hex();
         let mut signer_config_toml = format!(
             r#"
@@ -359,7 +362,7 @@ node_host = "{node_host}"
 endpoint = "{endpoint}"
 network = "{network}"
 auth_password = "{password}"
-db_path = "{db_dir}/{ix}.sqlite"
+db_path = "{db_path}"
 "#
         );
 
@@ -394,7 +397,15 @@ mod tests {
         let network = Network::Testnet;
         let password = "melon";
 
-        let config_tomls = build_signer_config_tomls(&[pk], node_host, None, &network, password);
+        let config_tomls = build_signer_config_tomls(
+            &[pk],
+            node_host,
+            None,
+            &network,
+            password,
+            rand::random(),
+            3000,
+        );
 
         let config =
             RawConfigFile::load_from_str(&config_tomls[0]).expect("Failed to parse config file");

stacks-signer/src/config.rs

@@ -292,6 +292,8 @@ fn handle_generate_files(args: GenerateFilesArgs) {
         args.timeout.map(Duration::from_millis),
         &args.network,
         &args.password,
+        rand::random(),
+        3000,
     );
     debug!("Built {:?} signer config tomls.", signer_config_tomls.len());
     for (i, file_contents) in signer_config_tomls.iter().enumerate() {

stacks-signer/src/main.rs

@@ -417,7 +417,7 @@ impl SignerRunLoop<Vec<OperationResult>, RunLoopCommand> for RunLoop {
                     info!(
                         "{signer}: Queuing an external runloop command ({:?}): {command:?}",
                         signer
-                            .signing_round
+                            .state_machine
                             .public_keys
                             .signers
                             .get(&signer.signer_id)

stacks-signer/src/runloop.rs

@@ -44,8 +44,9 @@ use wsts::state_machine::coordinator::fire::Coordinator as FireCoordinator;
 use wsts::state_machine::coordinator::{
     Config as CoordinatorConfig, Coordinator, State as CoordinatorState,
 };
-use wsts::state_machine::signer::Signer as WSTSSigner;
+use wsts::state_machine::signer::Signer as SignerStateMachine;
 use wsts::state_machine::{OperationResult, SignError};
+use wsts::traits::Signer as _;
 use wsts::v2;
 
 use crate::client::{retry_with_exponential_backoff, ClientError, StackerDB, StacksClient};
@@ -137,7 +138,7 @@ pub struct Signer {
     /// The coordinator for inbound messages for a specific reward cycle
     pub coordinator: FireCoordinator<v2::Aggregator>,
     /// The signing round used to sign messages for a specific reward cycle
-    pub signing_round: WSTSSigner<v2::Signer>,
+    pub state_machine: SignerStateMachine<v2::Signer>,
     /// the state of the signer
     pub state: State,
     /// Received Commands that need to be processed
@@ -243,17 +244,8 @@ impl From<SignerConfig> for Signer {
         };
 
         let coordinator = FireCoordinator::new(coordinator_config);
-        let signing_round = WSTSSigner::new(
-            threshold,
-            num_signers,
-            num_keys,
-            signer_config.signer_id,
-            signer_config.key_ids,
-            signer_config.ecdsa_private_key,
-            signer_config.signer_entries.public_keys.clone(),
-        );
         let coordinator_selector =
-            CoordinatorSelector::from(signer_config.signer_entries.public_keys);
+            CoordinatorSelector::from(signer_config.signer_entries.public_keys.clone());
 
         debug!(
             "Reward cycle #{} Signer #{}: initial coordinator is signer {}",
@@ -263,9 +255,31 @@ impl From<SignerConfig> for Signer {
         );
         let signer_db =
             SignerDb::new(&signer_config.db_path).expect("Failed to connect to signer Db");
+
+        let mut state_machine = SignerStateMachine::new(
+            threshold,
+            num_signers,
+            num_keys,
+            signer_config.signer_id,
+            signer_config.key_ids,
+            signer_config.ecdsa_private_key,
+            signer_config.signer_entries.public_keys,
+        );
+
+        if let Some(state) = signer_db
+            .get_signer_state(signer_config.reward_cycle)
+            .expect("Failed to load signer state")
+        {
+            debug!(
+                "Reward cycle #{} Signer #{}: Loading signer",
+                signer_config.reward_cycle, signer_config.signer_id
+            );
+            state_machine.signer = v2::Signer::load(&state);
+        }
+
         Self {
             coordinator,
-            signing_round,
+            state_machine,
             state: State::Idle,
             commands: VecDeque::new(),
             stackerdb,
@@ -639,7 +653,7 @@ impl Signer {
         current_reward_cycle: u64,
     ) {
         let signer_outbound_messages = self
-            .signing_round
+            .state_machine
             .process_inbound_messages(packets)
             .unwrap_or_else(|e| {
                 error!("{self}: Failed to process inbound messages as a signer: {e:?}",);
@@ -670,6 +684,9 @@ impl Signer {
             // We have received a message and are in the middle of an operation. Update our state accordingly
             self.update_operation();
         }
+
+        debug!("{self}: Saving signer state");
+        self.save_signer_state();
         self.send_outbound_messages(signer_outbound_messages);
         self.send_outbound_messages(coordinator_outbound_messages);
     }
@@ -907,7 +924,7 @@ impl Signer {
         coordinator_public_key: &PublicKey,
     ) -> Option<Packet> {
         // We only care about verified wsts packets. Ignore anything else.
-        if packet.verify(&self.signing_round.public_keys, coordinator_public_key) {
+        if packet.verify(&self.state_machine.public_keys, coordinator_public_key) {
             match &mut packet.msg {
                 Message::SignatureShareRequest(request) => {
                     if !self.validate_signature_share_request(request) {
@@ -1173,6 +1190,18 @@ impl Signer {
         }
     }
 
+    /// Persist state needed to ensure the signer can continue to perform
+    /// DKG and participate in signing rounds accross crashes
+    ///
+    /// # Panics
+    /// Panics if the insertion fails
+    fn save_signer_state(&self) {
+        let state = self.state_machine.signer.save();
+        self.signer_db
+            .insert_signer_state(self.reward_cycle, &state)
+            .expect("Failed to persist signer state");
+    }
+
     /// Send any operation results across the provided channel
     fn send_operation_results(
         &mut self,