Highlights
- Introduce ECIES+ECDSA for encryption and digital signature of cosigner-to-cosigner network traffic for faster cosigner secure communication. RSA+P5S encryption + signature authentication is now deprecated
- Fix latency regression in v3.0.0 due to golang 1.20 rsa regression
- Release binary is now static for portability across linux distributions
- Leader election fixed when cosigners are referenced by IP address
- Connection and concurrency optimizations
Updating
- Shut down all cosigners and delete
~/.horcrux/raftdirectory - Update binary or docker image to
v3.1.0 - If coming from v2.x.x, run
horcrux config migratecommand to migrate key files and config from v2 format to v3 format - Recommended: replace RSA with ECIES for cosigner secure communication. On a trusted machine, generate ECIES keys with
horcrux create-ecies-shards --shards <total number of cosigners>. Distribute thecosigner_$N/ecies_keys.jsonfiles to the respective cosigners. After this,rsa_keys.jsonis no longer required on the cosigners. - Start cosigner nodes back up
What's Changed
- Bump github.com/opencontainers/runc from 1.1.3 to 1.1.5 by @dependabot in #155
- Make Horcrux a static executable by @vimystic in #157
- Remove depguard by @vimystic in #158
- set and get nonces concurrently by @agouin in #164
- nonce rename by @agouin in #165
- Bump github.com/cosmos/cosmos-sdk from 0.47.1 to 0.47.3 by @dependabot in #163
- Bump github.com/cometbft/cometbft from 0.37.0 to 0.37.2 by @dependabot in #167
- Fix multiresolver for IPs by @agouin in #168
- sign state signaling by @agouin in #169
- threshold signer integration into local cosigner by @agouin in #170
- Cosigner Security by @agouin in #171
- CosignerSecurityECIES by @agouin in #173
- Interchaintest for e2e tests by @agouin in #174
- Bump github.com/containerd/containerd from 1.6.8 to 1.6.18 in /test by @dependabot in #177
- use go-ethereum ecies due to instability with ecies/go/v2 by @agouin in #178
- Bump github.com/gin-gonic/gin from 1.8.1 to 1.9.1 in /test by @dependabot in #179
- waiting for same block signature - timeout and max attempts by @agouin in #184
- Vivek/156 : Downgrade golang version from 1.20 to 1.19 by @vimystic in #183
- fix raft store npe by @agouin in #185
- no concurrent dial to same node by @agouin in #186
- Remove goreleaser by @agouin in #187
New Contributors
- @dependabot made their first contribution in #155
Full Changelog: v3.0.0...v3.1.0