The DKG required network participants to rotate their shared private signing keys in an effort to keep the network secure. On a new session, the new authorities (from validators or collators) are selected and the next authorities are selected.
- These next authorities run keygen protocol discussed above and output a new group keypair on-chain,
- The current authorities (having already run this process in the step before) see this event and if it is time
to refresh, they begin to sign the
next_dkg_public_keywith their key, the
- The signature from the active keypair of the next keypair is posted on-chain.
- Once this signature is posted, anyone can propagate it.
- Any relayer.
- Any user who wants to update the governor of their contract.
Key rotation flow
The on-chain keys are rotate every session, this is done so that the DKG validators and network validators are aligned. At the end of the session, the
dkg-gadget triggers the process to generate a new key. The new key is generated by the new on-chain authorities, these authorities then work together to generate a new key and signature.