Skip to content

Upgrade VSS encryption and obfuscation scheme #627

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 8 commits into
base: main
Choose a base branch
from
Draft

Upgrade VSS encryption and obfuscation scheme #627

wants to merge 8 commits into from

Conversation

@tnull
Copy link
Collaborator

@tnull tnull commented Aug 22, 2025

Based on lightningdevkit/vss-client#40

In this PR we'll fix minor issues with the data encryption and key obfuscation scheme currently employed by VssStore.

As these are breaking changes, we'll also include a migration procedure as part of this PR. Will be in draft until we have all parts ready.

@ldk-reviews-bot
Copy link

ldk-reviews-bot commented Aug 22, 2025
edited
Loading

👋 Thanks for assigning @tankyleo as a reviewer!
I'll wait for their review and will help manage the review process.
Once they submit their review, I'll check if a second reviewer would be helpful.

@tnull tnull marked this pull request as draft August 22, 2025 09:14
@tnull tnull force-pushed the 2025-08-upgrade-vss-encryption-obfuscation-scheme branch from ac8ae88 to 3490f2a Compare August 22, 2025 09:53
@tnull tnull force-pushed the 2025-08-upgrade-vss-encryption-obfuscation-scheme branch 2 times, most recently from bec8829 to e977a6d Compare November 6, 2025 11:41
@tnull tnull mentioned this pull request Nov 6, 2025
Closed
@tnull tnull force-pushed the 2025-08-upgrade-vss-encryption-obfuscation-scheme branch 3 times, most recently from c7fc423 to dd9a9e0 Compare November 6, 2025 11:57
@tnull tnull moved this to Goal: Merge in Weekly Goals Nov 6, 2025
@tnull tnull self-assigned this Nov 6, 2025
@tnull tnull force-pushed the 2025-08-upgrade-vss-encryption-obfuscation-scheme branch 5 times, most recently from e1615e1 to 96db24d Compare November 7, 2025 17:32
tnull added 8 commits November 10, 2025 13:48
@tnull
Make EventQueue persistence async
3e8464e 
Previously, we'd still use `KVStoreSync` for persistence of our event
queue, which also meant calling the sync persistence through our
otherwise-async background processor/event handling flow.

Here we switch our `EventQueue` persistence to be async, which gets us
one step further towards async-everything.
@tnull
Supply data_decryption_key and aad for StorableBuilder
88a33ae 
We bump our `vss-client` dependency to include the changes to the
`StorableBuilder` interface.

Previously, we the `vss-client` didn't allow to set `ChaCha20Poly1305RFC`'s `aad` field,
which had the `tag` not commit to any particular key. This would allow a
malicious VSS provider to substitute blobs stored under a different key
without the client noticing.

Here, we now set the `aad` field to the key under which the `Storable`
will be stored, ensuring that the retrieved data was originally stored
under the key we expected.

We also account for `StorableBuilder` now taking `data_decryption_key`
by reference on `build`/`deconstruct`.
@tnull
Account for vss-client being renamed to vss-client-ng
081c300
@tnull
Only use internal runtime in VssStore
0c657ef 
We previously attempted to drop the internal runtime from `VssStore`,
resulting into blocking behavior. While we recently made changes that
improved our situation (having VSS CI pass again pretty reliably), we
just ran into yet another case where the VSS CI hung (cf.
https://github.com/lightningdevkit/vss-server/actions/runs/19023212819/job/54322173817?pr=59).

Here we attempt to restore even more of the original pre-
ab3d78d / lightningdevkit#623 behavior to get rid of
the reappearing blocking behavior, i.e., only use the internal runtime
in `VssStore`.
@tnull
Drop redundant tokio::timeouts for VSS IO
b63977a 
Now that we rely on `reqwest` v0.12.* retry logic as well as client-side
timeouts, we can address the remaining TODOs here and simply drop the
redundant `tokio::timeout`s we previously added as a safeguard to
blocking tasks (even though in the worst cases we saw they never
actually fired).
@tnull
Bump retries and timeouts considerably
7b51a75
@tnull
Introduce two separate VssClients for async/blocking contexts
6d25ba1 
To avoid any blocking cross-runtime behavior that could arise from
reusing a single client's TCP connections in different runtime contexts,
we here split out the `VssStore` behavior to use one dedicated
`VssClient` per context. I.e., we're now using two
connections/connection pools and make sure only the `blocking_client` is
used in `KVStoreSync` contexts, and `async_client` in `KVStore`
contexts.
@tnull
DROPME: Run test 100 times
e248dc5
@tnull tnull force-pushed the 2025-08-upgrade-vss-encryption-obfuscation-scheme branch from 96db24d to e248dc5 Compare November 10, 2025 15:48
@tnull tnull mentioned this pull request Nov 10, 2025
Open
9 tasks
@tnull tnull added this to the 0.7 milestone Nov 10, 2025
@tnull tnull linked an issue Nov 10, 2025 that may be closed by this pull request
Have VSS persistence retry forever #380
Open
@tnull tnull mentioned this pull request Nov 10, 2025
Open
@tankyleo tankyleo self-requested a review November 10, 2025 21:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tankyleo tankyleo Awaiting requested review from tankyleo

At least 1 approving review is required to merge this pull request.

Assignees

@tnull tnull

Labels

None yet

Projects

Weekly Goals
Status: Goal: Merge

Milestone

0.7

Development

Successfully merging this pull request may close these issues.

Have VSS persistence retry forever

2 participants

@tnull @ldk-reviews-bot