Skip to content

Implement ECDH for P2P message encryption#95

Merged
anhthii merged 13 commits intomasterfrom
dev
Aug 21, 2025
Merged

Implement ECDH for P2P message encryption#95
anhthii merged 13 commits intomasterfrom
dev

Conversation

@anhthii
Copy link
Contributor

@anhthii anhthii commented Aug 21, 2025
edited
Loading

This is to address the proposal #66

Related PR: #71

Summary

This PR introduces significant improvements to the MPC (Multi-Party Computation) cluster's resilience and error handling capabilities. The changes focus on making the system more robust when dealing with node disconnections, rejoin scenarios, and ensuring proper error handling during key generation and signing operations.

Key Changes

ECDH Service Refactoring

  • Refactored ECDH service to become resilient to node disconnect and rejoin scenarios
  • Improved key exchange session management with better cleanup and state handling
  • Enhanced registry functionality with more robust node management

Enhanced Error Handling

  • Added cluster readiness validation - now returns appropriate errors when cluster is not ready during key generation
  • Implemented majority node validation for signing operations with proper error handling when insufficient nodes are available
  • Added context cancellation checks to prevent operations on cancelled contexts

Improved Robustness

  • Fixed rejoining ECDH bugs with proper cache key cleaning
  • Enhanced node identity management with better state tracking
  • Streamlined main application logic by moving complexity to appropriate service layers

Files Modified

  • cmd/mpcium/main.go - Simplified main application logic
  • pkg/event/types.go - Added new error types for better error classification
  • pkg/eventconsumer/keygen_consumer.go - Enhanced key generation with cluster readiness checks
  • pkg/eventconsumer/sign_consumer.go - Improved signing with majority validation and error handling
  • pkg/identity/identity.go - Better identity state management
  • pkg/mpc/key_exchange_session.go - Refactored for improved session handling
  • pkg/mpc/node.go - Simplified node management logic
  • pkg/mpc/registry.go - Significantly enhanced registry with better node lifecycle management

Impact

  • Improved system stability during node disconnection/reconnection scenarios
  • Better error reporting for cluster state issues
  • Reduced likelihood of hanging operations through proper context handling
  • Enhanced debugging capabilities with more descriptive error messages

nann-cheng and others added 13 commits August 13, 2025 17:04
@nann-cheng @anhthii
New feature: P2P channel implemented to encrypt Tss message using ECDH (
be082d0 
#71)

* fix typo

* draft impl for diffie hellman exchange

* New Feature: add p2p channel among nodes, enabling authenticated encryption

* decrease delay

* suppress warning

* increase delay for starting client

* increase delay in test case, supporess github security warning

* fix p2p feature correctness

* fix p2p feature

* fix format error

* revert old testing config

* correct log & remove useless comment

* avoid p2p message via nats message layer

* change to modern x25519 curve for ecdh

* Minor cleanup

* Consistent naming convention Id -> ID

* Wait for ECDH session to complete before starting consumers

* Code refactoring, better naming convention

* Refactor aes encryption

* Error handling for ecdh session

* Refactor session

* Fix security warning on AES encryption

* Update ci/cd

---------

Co-authored-by: anhthii <nguyendanganhthi247@gmail.com>
@anhthii
Fix lint issue
b8dac5a
@anhthii
Merge pull request #87 from fystack/fix-lint-issue
fa7e84c 
Fix lint issue
@anhthii
Automatically disconnect and remove the peer from consul registry if …
75062c0 
…peer suddenly dies
@nann-cheng
fix rejoining ecdh bug and add ecdh cache key cleaning
ea1d761
@anhthii
Return if is canceld context
46d5c1c
@anhthii
Refactor ecdh service to become resilient to node disconnect and rejoin
f87446c
@anhthii
Error handling for not enough majority nodes to sign
3502b0d
@anhthii
Return error when cluster is not ready when sending generate key event
0d8531c
@anhthii
Ack message in consumers after handling error
26550fb
@anhthii
Update error message, remove unecessary dh key broadcast
d330687
@nann-cheng
Merge pull request #2 from nann-cheng/robust-ecdh-error-handling
ab26645 
Enhanced MPC Cluster Resilience and Error Handling
@anhthii
Merge pull request #91 from nann-cheng/dev
acec1fa 
Enhanced MPC Cluster Resilience and Error Handling
@anhthii anhthii merged commit 9cf994c into master Aug 21, 2025
29 of 31 checks passed
@anhthii anhthii mentioned this pull request Aug 22, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@anhthii @nann-cheng

Comments