Reduce skew in local sealing #7470
cjen1-msft
started this conversation in
Design
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
One issue with the current implementation of local sealing is that the sealed secrets are written in the commit hook for updated ledger secrets.
This ensured uniformity between the replicas and the primary, however if there is a delay between writing the ledger entry with a new secret, also subsequent chunks, and writing the sealed secret, then that is a period of vulnerability for the node where if it fails it will be unable to recover the ledger.
The optimal option would be to tie the sealed secrets directly to the ledger, with the obvious action being to store the sealing key alongside the node data, and the primary uses that to seal the secret into the ledger for that node.
However this would require an asymmetric key, and the key derivation on SNP gives us a symmetric key.
One possible option here is to store the sealed secret in the transaction header of the ledger secret rekey transaction, for just that node's on-disk copy.
This would then keep the sealed ledger secret directly in sync with the ledger, preventing skew from occurring.
Additionally this would make rollback work fully with the sealed secrets.
Beta Was this translation helpful? Give feedback.
All reactions