Secure KES Forgetting

[vfrsilva]

What

Implement secure KES forgetting in the node. This task is the first part of the full Secure KES forgetting effort (followed by the KES agent task which will come in the next PI). This task will make the changes such that the node handles the keys properly. However, in this first iteration, the keys will still be saved to disk. These changes do not affect user interaction nor block validation.

Why

We use KES to provide security against long range attacks. This is a requirement by the formal analysis and proofs we have for the consensus algorithm. The current node does not safely delete KES keys, and therefore is exposed to this long range attack where an adversary is capable of stealing a bunch of KES keys from the block producers and producing a different adversarial chain. This first part of the task enable a complete solution that uses KES agents (to be defined in the next PI).

Functional requirements

• Implement secure forgetting in the node such that keys are not stored to disk while handling the key (serialisation/deserialisation, key evolution, signature)

External dependencies

• Node (to update the usage of the new KES handling)
• Benchmarking, to guarantee that there is no regression in block propagation

Risks

Regression in block production (unlikely this will affect block propagation in any meaningful way)

Acceptance Criteria

We have a positive audit accepted by Charles Morgan. The current testing framework works positively. No regression

Definition of Done

The new node version uses KES with secure forgetting

Working Assumptions

• Hard fork not required

[iquerejeta]

Closing in favour of #122