Dear Flow Community,
We would like to inform you about an upcoming change to the node registration process, scheduled to be implemented in the coming months. While the exact date is still to be determined, we want to provide advance notice to all custodians, node operators, and stakeholders who utilize the node registration transaction to stake new nodes.
What is Changing:
Introduction of Proof of Possession of the Staking Key: A new field called the proof of possession (PoP) of the staking key will be required when staking a node and calling the node registration contract. This measure enhances security and prevents malicious actions by ensuring that only entities possessing the private key corresponding to their staked public key can register a node.
- Flow Port Update: Flow Port will be updated to request this new PoP field during node registration.
- Bootstrap utility Update: The bootstrap utility will be updated to generate this PoP field when generating node details.
Action Required:
- If you do not use Flow Port and have developed your own node registration workflow, you will need to update your transaction process to include the PoP field.
- Similarly, if you bootstrap ulitilty and have created custom tooling for node key generation, you must update your tools to generate the PoP of the staking key. The way to generate a valid proof is specified in the Cadence doc (given that the proof is verifiable on Cadence). A compliant Go implementation is provided by the Flow cryptography repo.
See this pull request for all transaction and contract changes.
More about Proof of Possession
Flow internal node communication is authenticated using BLS signatures. Flow protocol takes advantage of multiple BLS multi-signature features, in particular signature aggregation and threshold signatures. BLS aggregations require a defence against rogue key attacks and there are a few schemes Flow can implement to secure the protocol as described by the BLS IEFT draft (BLS Signatures). Flow protocol has chosen the Proof of Possession scheme (simply referred to as PoP) to optimize for the case of aggregating signatures on the same message. The PoP scheme is also required to secure the BLS-based SPoCK scheme from rogue key attacks. Nodes registering to participate in the Flow protocol are currently required to provide staking information including their BLS public key (also called staking public key).
As Flow moves towards permissionless node participation, The PoP scheme is being implemented into the protocol and is currently being tested.
The PoP scheme requires that a proof of possession of the staking private key is provided along with the staking public key. The protocol only accepts registration requests from new nodes that provides a proof of possession of the private key that matches their public key. The defence guarantees that rogue public keys are not submitted to the network by malicious nodes.
Implementation Timeline:
Before this change becomes effective, the following steps need to occur:
-
Ledger Wallet App Approval: Since Ledger wallets can be used as a staking wallet, the Flow Ledger wallet app which includes the newer version of the node registration transaction that includes PoP needs to be approved and published by Ledger (the change has already been submitted to Ledger).
-
Contract Upgrade: Node registrations into the Flow protocol are managed by the Flow core-contracts (FlowIDTableStaking, FlowStakingCollection, LockedTokens). As part of implementing the PoP scheme, these node registration core contracts will be updated to read the staking PoP data from registration requests and make sure they match the staking public key provided.
The change will not be effective immediately. We will provide another notice as we approach the implementation date. However, we wanted to give you an early heads-up to ensure you are aware of this upcoming change.
Please let us know if you have any questions or need further clarification.
Best regards,
The Flow Team