feat: key rotation #5777

jstuczyn · 2025-05-16T10:12:41Z

that one was definitely another ecach-size adventure. you can find detailed description on our confluence page

This change is

vercel · 2025-05-16T10:16:52Z

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
nym-explorer-v2	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	May 29, 2025 9:33am

2 Skipped Deployments

Name	Status	Preview	Comments	Updated (UTC)
docs-nextra	⬜️ Ignored (Inspect)	Visit Preview		May 29, 2025 9:33am
nym-next-explorer	⬜️ Ignored (Inspect)	Visit Preview		May 29, 2025 9:33am

durch

This is all very well thought out and executed. I've got to conceptual comments, or weak points, but nothing that we can address, more something to be vigilant about:

The config upgrade process, particularly upgrade_sphinx_key, involves network calls and multiple file operations. A failure mid-process could leave the node in a partially upgraded or broken state.
The KeyRotationController's error handling for failed key/filter operations (that don't poison a mutex) primarily relies on logging. Depending on the failure, this might lead to the node operating with inconsistent keys/filters until the next successful cycle.

…side the set interval

…mation

jstuczyn added this to the Cheddar milestone May 16, 2025

vercel bot had a problem deploying to Preview – nym-explorer-v2 May 16, 2025 10:16 Failure

vercel bot had a problem deploying to Preview – nym-explorer-v2 May 19, 2025 10:14 Failure

jstuczyn force-pushed the feature/key-rotation branch from ba86a00 to f5b295c Compare May 19, 2025 10:39

vercel bot had a problem deploying to Preview – nym-explorer-v2 May 19, 2025 10:43 Failure

vercel bot had a problem deploying to Preview – nym-explorer-v2 May 19, 2025 11:03 Failure

jstuczyn force-pushed the feature/key-rotation branch from c107c2c to d9abe17 Compare May 19, 2025 11:08

vercel bot had a problem deploying to Preview – nym-explorer-v2 May 19, 2025 11:24 Failure

vercel bot had a problem deploying to Preview – nym-explorer-v2 May 20, 2025 13:09 Failure

vercel bot had a problem deploying to Preview – nym-explorer-v2 May 20, 2025 14:33 Failure

jstuczyn marked this pull request as ready for review May 20, 2025 14:51

jstuczyn requested a review from durch as a code owner May 20, 2025 14:51

vercel bot had a problem deploying to Preview – nym-explorer-v2 May 20, 2025 15:35 Failure

durch approved these changes May 22, 2025

View reviewed changes

jstuczyn force-pushed the feature/key-rotation branch 4 times, most recently from 4381eed to 441b55d Compare May 27, 2025 11:07

vercel bot deployed to Preview – nym-explorer-v2 May 27, 2025 11:14 View deployment

vercel bot deployed to Preview – nym-explorer-v2 May 27, 2025 11:28 View deployment

jstuczyn modified the milestones: Cheddar, Dolcelatte May 27, 2025

jstuczyn added 7 commits May 29, 2025 10:22

wip

7d34849

wip: wrap node's sphinx key with a manager

a66dadb

wip: choosing correct key for packet processing

9bd9873

further propagation of key rotation information

63929cc

attaching key rotation information to reply surbs

804781a

added basic key rotation information to mixnet contract

4f55d9e

wip: introducing cached queries for key rotation info from nym api

c4c655a

jstuczyn added 28 commits May 29, 2025 10:22

post rebase fixes

cb1122e

fixes due to backwards compatible hostkeys

7a8478d

split http state.rs file

20354cb

dont use deprecated fields

af83acb

fixed backwards compatible deserialisation of host information

22c421d

split up node describe cache

fe0f7a0

added a dedicated CacheRefresher listener to perform full refresh out…

7bce63b

…side the set interval

controlling announced sphinx keys within nym-api

b2856e4

retrieving rotation id when pulling topology

b971e3a

split nym-nodes http handlers

63d89bc

v2 nym-api endpoints to retrieve nodes with additional metadata infor…

b40c30c

…mation

bug fixes...

7fb1d54

additional bugfixes and guards against stuck epoch

91f06ec

testnet manager: set first nym-api as the rewarder

1b90f5f

fixed host information deserialisation

5b6e00a

fixed panic during first key rotation

cbf58e5

post rebase fixes

c24c86a

clippy

5011caf

more guards against stuck epochs

0e6fc90

added helper method to reset node's sphinx key

14b0e6f

instantiate mixnet contract with custom key rotation validity

98df948

additional bugfixes and debugging nym-api deadlock

e05b317

passing shutdown to nym apis client

a2c62cd

remove dead test

5182a3c

post rebasing fixes

6a009c2

missing MixnetQueryClient variants

0b834c7

remove usage of deprecated methods in sdk example

c285602

fix: incorrect method signature

14f58c3

jstuczyn force-pushed the feature/key-rotation branch from 5bb998e to 14f58c3 Compare May 29, 2025 09:30

vercel bot deployed to Preview – nym-explorer-v2 May 29, 2025 09:33 View deployment

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

feat: key rotation #5777

feat: key rotation #5777

Uh oh!

jstuczyn commented May 16, 2025 •

edited

Loading

Uh oh!

vercel bot commented May 16, 2025 •

edited

Loading

Uh oh!

durch left a comment

Uh oh!

Uh oh!

feat: key rotation #5777

Are you sure you want to change the base?

feat: key rotation #5777

Uh oh!

Conversation

jstuczyn commented May 16, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

vercel bot commented May 16, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

durch left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

jstuczyn commented May 16, 2025 •

edited

Loading

vercel bot commented May 16, 2025 •

edited

Loading