multi-sig for governance commands

Author: jankun4

changelog.md

@@ -6,6 +6,8 @@ This changelog is based on [Keep A Changelog](https://keepachangelog.com/en/1.1.
 
 ## Changed
 
+* Governance update command now accepts multiple old_governance_authority key hashes, multiple key hashes in the new_governance_authority list, and new_governance_threshold - the minimal number of keys required to sign a transaction.
+
 ## Removed
 
 ## Fixed

docs/user-guides/governance/governance.md

@@ -64,13 +64,17 @@ In version v1.5 command to initialize governance is available in the Partner Cha
 	--genesis-utxo <GENESIS_UTXO> \
 	--ogmios-url <OGMIOS_URL> \
 	--payment-key-file <PAYMENT_KEY_FILE> \
-	--new-governance-authority <NEW_GOVERNANCE_AUTHORITY>
+	--old-governance-authority <OLD_GOVERNANCE_AUTHORITY> \
+	--new-governance-authority <NEW_GOVERNANCE_AUTHORITY> \
+	--new-governance-threshold <NEW_GOVERNANCE_THRESHOLD>
 ```
 
 * `<GENESIS_UTXO>`: The genesis UTXO of the Partner Chain. Same as the one used for `governance init`.
 * `<OGMIOS_URL>`: The URL of the Ogmios service connected to the Cardano node, it is optional and defaults to `ws://localhost:1337`.
 * `<PAYMENT_KEY_FILE>`: Cardano Shelley Payment Signing Key file (normal or extended) of the current governance authority (ie. hash of its public key should equal current governance authority hey hash).
-* `<NEW_GOVERNANCE_AUTHORITY>`: Hex encoded blake2b-224 hash of public key related to private key that will be required to sign governance operations following this operation.
+* `<NEW_GOVERNANCE_AUTHORITY>`: List of hex encoded blake2b-224 hashes of public keys related to private keys that will be required to sign governance operations following this operation. Multiple keys can be provided, separated by spaces.
+* `<NEW_GOVERNANCE_THRESHOLD>`: Number of keys required to sign a transaction.
+* `<OLD_GOVERNANCE_AUTHORITY>`: List of hex encoded blake2b-224 hashes of public keys related to private keys that will be required to sign governance operations before and includingthis operation. Multiple keys can be provided, separated by spaces.
 
 In version v1.4 this functionality is available in the smart contracts CLI application `pc-contracts-cli update-governance`.
 

toolkit/cli/smart-contracts-commands/src/governance.rs

@@ -28,7 +28,7 @@ pub struct InitGovernanceCmd {
 	#[clap(flatten)]
 	common_arguments: crate::CommonArguments,
 	/// Governance authority hash to be set.
-	#[arg(long, short = 'g')]
+	#[arg(short, long, num_args = 1.., value_delimiter = ' ')]
 	governance_authority: MainchainKeyHash,
 	#[clap(flatten)]
 	payment_key_file: PaymentFilePath,
@@ -58,9 +58,15 @@ impl InitGovernanceCmd {
 pub struct UpdateGovernanceCmd {
 	#[clap(flatten)]
 	common_arguments: crate::CommonArguments,
-	/// Governance authority hash to be set.
-	#[arg(long, short = 'g')]
-	new_governance_authority: MainchainKeyHash,
+	/// Old governance authority hash
+	#[arg(short = 'o', long, num_args = 1.., value_delimiter = ' ')]
+	old_governance_authority: Vec<MainchainKeyHash>,
+	/// Governance authority hash to be set
+	#[arg(short = 'g', long, num_args = 1.., value_delimiter = ' ')]
+	new_governance_authority: Vec<MainchainKeyHash>,
+	/// Governance threshold to be set
+	#[arg(long)]
+	new_governance_threshold: u8,
 	#[clap(flatten)]
 	payment_key_file: PaymentFilePath,
 	/// Genesis UTXO of the chain
@@ -74,7 +80,9 @@ impl UpdateGovernanceCmd {
 		let client = self.common_arguments.get_ogmios_client().await?;
 
 		run_update_governance(
-			self.new_governance_authority,
+			&self.old_governance_authority,
+			&self.new_governance_authority,
+			self.new_governance_threshold,
 			&payment_key,
 			self.genesis_utxo,
 			&client,

toolkit/offchain/src/init_governance/transaction.rs

@@ -16,7 +16,10 @@ pub(crate) fn init_governance_transaction(
 ) -> anyhow::Result<Transaction> {
 	let multi_sig_policy =
 		PlutusScript::from_wrapped_cbor(raw_scripts::MULTI_SIG_POLICY, Language::new_plutus_v2())?
-			.apply_uplc_data(multisig_governance_policy_configuration(governance_authority))?;
+			.apply_uplc_data(multisig_governance_policy_configuration(
+				&vec![governance_authority],
+				1,
+			))?;
 	let version_oracle = version_oracle(genesis_utxo.to_domain(), ctx.network)?;
 	let config = crate::csl::get_builder_config(ctx)?;
 	let mut tx_builder = TransactionBuilder::new(&config);

toolkit/offchain/src/scripts_data.rs

@@ -242,13 +242,17 @@ pub(crate) fn reserve_scripts(
 // Returns the simplest MultiSig policy configuration plutus data:
 // there is one required authority and it is the governance authority from sidechain params.
 pub(crate) fn multisig_governance_policy_configuration(
-	governance_authority: MainchainKeyHash,
+	governance_authority: &Vec<MainchainKeyHash>,
+	governance_threshold: u8,
 ) -> PlutusData {
 	PlutusData::Array(vec![
-		PlutusData::Array(vec![uplc::PlutusData::BoundedBytes(
-			governance_authority.0.to_vec().into(),
-		)]),
-		PlutusData::BigInt(uplc::BigInt::Int(1.into())),
+		PlutusData::Array(
+			governance_authority
+				.iter()
+				.map(|hash| PlutusData::BoundedBytes(hash.0.to_vec().into()))
+				.collect(),
+		),
+		PlutusData::BigInt(uplc::BigInt::Int(<u8 as Into<i64>>::into(governance_threshold).into())),
 	])
 }
 

toolkit/offchain/src/update_governance/mod.rs

@@ -16,16 +16,21 @@ use crate::{
 	plutus_script::PlutusScript,
 	scripts_data::multisig_governance_policy_configuration,
 };
+use anyhow::anyhow;
 use cardano_serialization_lib::{
 	Language, PlutusData, Transaction, TransactionBuilder, TxInputsBuilder,
 };
 use ogmios_client::{
 	query_ledger_state::{QueryLedgerState, QueryUtxoByUtxoId},
 	query_network::QueryNetwork,
 	transactions::Transactions,
-	types::OgmiosTx,
 };
-use sidechain_domain::{MainchainKeyHash, McTxHash, UtxoId, UtxoIndex};
+use serde_json::json;
+use sidechain_domain::{
+	MainchainKeyHash, McSmartContractResult,
+	McSmartContractResult::{TxCBOR, TxHash},
+	McTxHash, UtxoId, UtxoIndex,
+};
 
 #[cfg(test)]
 mod test;
@@ -36,12 +41,14 @@ pub async fn run_update_governance<
 	T: QueryLedgerState + Transactions + QueryNetwork + QueryUtxoByUtxoId,
 	A: AwaitTx,
 >(
-	new_governance_authority: MainchainKeyHash,
+	old_governance_authority: &Vec<MainchainKeyHash>,
+	new_governance_authority: &Vec<MainchainKeyHash>,
+	new_governance_threshold: u8,
 	payment_key: &CardanoPaymentSigningKey,
 	genesis_utxo_id: UtxoId,
 	client: &T,
 	await_tx: A,
-) -> anyhow::Result<OgmiosTx> {
+) -> anyhow::Result<McSmartContractResult> {
 	let ctx = TransactionContext::for_payment_key(payment_key, client).await?;
 	let governance_data = GovernanceData::get(genesis_utxo_id, client).await?;
 
@@ -52,7 +59,9 @@ pub async fn run_update_governance<
 				raw_scripts::VERSION_ORACLE_VALIDATOR,
 				raw_scripts::VERSION_ORACLE_POLICY,
 				genesis_utxo_id,
+				old_governance_authority,
 				new_governance_authority,
+				new_governance_threshold,
 				&governance_data,
 				costs,
 				&ctx,
@@ -62,34 +71,57 @@ pub async fn run_update_governance<
 	)
 	.await?;
 
-	let signed_tx = ctx.sign(&tx);
-
-	let response = client.submit_transaction(&signed_tx.to_bytes()).await?;
-	log::info!("Submitted transaction: {}", hex::encode(response.transaction.id));
+	let context_pub_key_hash =
+		MainchainKeyHash(ctx.payment_key_hash().to_bytes().try_into().unwrap());
 
-	await_tx
-		.await_tx_output(
-			client,
-			UtxoId { tx_hash: McTxHash(response.transaction.id), index: UtxoIndex(0) },
-		)
-		.await?;
-
-	Ok(response.transaction)
+	if old_governance_authority.clone() == vec![context_pub_key_hash] {
+		let signed_tx = ctx.sign(&tx).to_bytes();
+		let res = client.submit_transaction(&signed_tx).await.map_err(|e| {
+			anyhow!(
+				"Submit governance update transaction request failed: {}, bytes: {}",
+				e,
+				hex::encode(signed_tx)
+			)
+		})?;
+		let tx_id = McTxHash(res.transaction.id);
+		log::info!("Update D-parameter transaction submitted: {}", hex::encode(tx_id.0));
+		await_tx
+			.await_tx_output(
+				client,
+				UtxoId { tx_hash: McTxHash(res.transaction.id), index: UtxoIndex(0) },
+			)
+			.await?;
+		Ok(TxHash(tx_id))
+	} else {
+		let tx_envelope = json!(
+			{ "type": "Unwitnessed Tx ConwayEra",
+			  "description": "",
+			  "cborHex": hex::encode(tx.to_bytes())
+			}
+		);
+		log::info!("Transaction envelope: {}", tx_envelope);
+		Ok(TxCBOR(tx.to_bytes()))
+	}
 }
 
 fn update_governance_tx(
 	multi_sig_policy: &[u8],
 	version_oracle_validator: &[u8],
 	version_oracle_policy: &[u8],
 	genesis_utxo: UtxoId,
-	new_governance_authority: MainchainKeyHash,
+	old_governance_authority: &Vec<MainchainKeyHash>,
+	new_governance_authority: &Vec<MainchainKeyHash>,
+	new_governance_threshold: u8,
 	governance_data: &GovernanceData,
 	costs: Costs,
 	ctx: &TransactionContext,
 ) -> anyhow::Result<Transaction> {
 	let multi_sig_policy =
 		PlutusScript::from_wrapped_cbor(multi_sig_policy, Language::new_plutus_v2())?
-			.apply_uplc_data(multisig_governance_policy_configuration(new_governance_authority))?;
+			.apply_uplc_data(multisig_governance_policy_configuration(
+				new_governance_authority,
+				new_governance_threshold,
+			))?;
 	let version_oracle_validator =
 		PlutusScript::from_wrapped_cbor(version_oracle_validator, Language::new_plutus_v2())?
 			.apply_data(genesis_utxo)?;
@@ -127,5 +159,9 @@ fn update_governance_tx(
 		inputs
 	});
 
+	for key in old_governance_authority.into_iter() {
+		tx_builder.add_required_signer(&key.0.into());
+	}
+
 	Ok(tx_builder.balance_update_and_build(ctx)?)
 }

toolkit/offchain/src/update_governance/test.rs

@@ -15,6 +15,11 @@ fn payment_key() -> PrivateKey {
 	.unwrap()
 }
 
+fn public_key_hash() -> MainchainKeyHash {
+	let payment_key = payment_key();
+	MainchainKeyHash::from_vkey(&payment_key.to_public().as_bytes().try_into().unwrap())
+}
+
 fn test_address_bech32() -> String {
 	"addr_test1vpmd59ajuvm34d723r8q2qzyz9ylq0x9pygqn7vun8qgpkgs7y5hw".into()
 }
@@ -130,7 +135,9 @@ fn test_update_governance_tx() -> Transaction {
 		test_values::VERSION_ORACLE_VALIDATOR,
 		test_values::VERSION_ORACLE_POLICY,
 		genesis_utxo().to_domain(),
-		new_governance_authority(),
+		&vec![public_key_hash()],
+		&vec![new_governance_authority()],
+		1,
 		&governance_data(),
 		test_costs(),
 		&tx_context(),

toolkit/offchain/tests/integration_tests.rs

@@ -277,7 +277,9 @@ async fn run_update_goveranance<
 	genesis_utxo: UtxoId,
 ) {
 	let _ = update_governance::run_update_governance(
-		EVE_PUBLIC_KEY_HASH,
+		&vec![GOVERNANCE_AUTHORITY],
+		&vec![EVE_PUBLIC_KEY_HASH],
+		1,
 		&governance_authority_payment_key(),
 		genesis_utxo,
 		client,

toolkit/primitives/domain/src/lib.rs

@@ -452,6 +452,14 @@ impl From<ecdsa::Public> for SidechainPublicKey {
 	}
 }
 
+#[derive(Clone, Encode, Decode, TypeInfo, PartialEq, Eq, Hash)]
+#[byte_string(debug, hex_serialize, hex_deserialize, decode_hex)]
+pub struct TransactionCbor(pub Vec<u8>);
+
+#[derive(Clone, Encode, Decode, TypeInfo, PartialEq, Eq, Hash)]
+#[byte_string(debug, hex_serialize, hex_deserialize, decode_hex)]
+pub struct VKeyWitnessCbor(pub Vec<u8>);
+
 #[derive(Clone, Encode, Decode, TypeInfo, PartialEq, Eq, Hash)]
 #[byte_string(debug, hex_serialize, hex_deserialize, decode_hex)]
 pub struct SidechainSignature(pub Vec<u8>);
@@ -591,6 +599,12 @@ impl TryFrom<Vec<u8>> for McTxHash {
 	}
 }
 
+#[derive(Clone, Debug)]
+pub enum McSmartContractResult {
+	TxHash(McTxHash),
+	TxCBOR(Vec<u8>),
+}
+
 #[derive(Default, Clone, Decode, Encode, PartialEq, Eq, TypeInfo, ToDatum, MaxEncodedLen, Hash)]
 #[byte_string(debug, decode_hex, hex_serialize, hex_deserialize)]
 pub struct McBlockHash(pub [u8; 32]);