Skip to content

feat: adding reconstruction threshold in node#3640

Open
SimonRastikian wants to merge 94 commits into
mainfrom
3164-adding-ReconstructionThreshold-in-node
Open

feat: adding reconstruction threshold in node#3640
SimonRastikian wants to merge 94 commits into
mainfrom
3164-adding-ReconstructionThreshold-in-node

Conversation

@SimonRastikian

@SimonRastikian SimonRastikian commented Jun 22, 2026

Copy link
Copy Markdown
Contributor

Closes #3164
Closes #1680 in 0b8b201

SimonRastikian and others added 30 commits June 15, 2026 23:12
…inator)

Colleagues did not agree on an 80% upper bound for the GovernanceThreshold, so
set MAX_THRESHOLD_NUMERATOR = MAX_THRESHOLD_DENOMINATOR (5/5 = 100%). The relative
upper cap structure is kept but never binds below the absolute `k <= n` check, so
the GovernanceThreshold may again go up to the participant count. The cross-domain
rule (GovernanceThreshold >= max(ReconstructionThreshold)) is unchanged.

Revert the test changes that were only needed to satisfy the 80% cap (dropping
thresholds / raising participant counts) and remove the now-meaningless dedicated
upper-cap tests:
- thresholds.rs: restore 5/5-participant thresholds; drop reject-above-cap test
- dto_mapping.rs / lib.rs: drop the upper-cap rejection tests
- lib.rs verify_tee: rework the kickout-refusal fixture to break the relation via
  the participant-count ceiling instead of the cap
- running.rs: make the reconstruction>governance test regenerate until gov < n
- sandbox + e2e + node resharing tests: restore original participant/threshold values
- docs/design/domain-separation.md: describe the cap as disabled (100%)

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…hreshold' of github.com:near/mpc into 3499-correlate-governancethreshold-with-reconstructionthreshold
…hreshold' of github.com:near/mpc into 3499-correlate-governancethreshold-with-reconstructionthreshold

# Conflicts:
#	crates/contract/src/dto_mapping.rs
Co-authored-by: Mårten Blankfors <marten@blankfors.se>
@SimonRastikian

SimonRastikian commented Jun 30, 2026

Copy link
Copy Markdown
Contributor Author

I agree with you inconsistencies. I saw those in the past but thought anyway they are going to be deleted in one of the draft PRs I have. However you are right, I fixed them in a0c3637.
Extra: I tried unifying some underlying structures for the ECDSA schemes providers 5792061

@SimonRastikian

Copy link
Copy Markdown
Contributor Author

Closed also todo #1680 in 0b8b201

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This file reduces drastically code redundancy between ecdsa.rs and robust_ecdsa.rs. It also unifies parts of the interface

Comment thread crates/node/src/providers/ecdsa/triple.rs Outdated
Comment thread crates/node/src/providers/robust_ecdsa.rs Outdated
Comment thread crates/node/src/providers/robust_ecdsa.rs Outdated
Comment thread crates/node/src/coordinator.rs Outdated
Comment thread crates/node/src/providers/ckd.rs Outdated
Comment thread crates/node/src/providers/ecdsa.rs Outdated
Comment thread crates/node/src/providers/eddsa.rs Outdated
Comment thread crates/node/src/metrics.rs
Comment thread crates/node/src/key_events.rs
Changing a domain's reconstruction threshold via a resharing proposal had no
cryptographic effect. The resharing key event was built from the old domain
registry, so the node reshared at the old threshold, and per_domain_thresholds
was only folded into the registry on completion. Lowering t left an unusable
(higher-degree) key; raising t left the advertised threshold unenforced.

Build the resharing key events from the effective (threshold-updated) domains
via a new DomainRegistry::effective_domain_by_index, so the reshare targets the
new degree. The old-side threshold still comes from the previous registry, so
reshare(old_t, .., new_t) receives the correct pair.
Adds an integration test that lowers a domain's reconstruction threshold from 4
to 2 via resharing and then signs with only 2 of 5 nodes online, proving the key
was reshared to the new degree. Adds FakeIndexerManager::start_resharing_with_
threshold_updates to drive the change, and a PortSeed for the new test.
@SimonRastikian SimonRastikian changed the base branch from main to fix-resharing-reconstruction-threshold July 1, 2026 13:28
@SimonRastikian

Copy link
Copy Markdown
Contributor Author

@gilcu3 I added tests in 18e1ed1, a2cc899 and aac0973.
Does this look good?
I rebased this branch onto the #3726 branch fix-resharing-reconstruction-threshold

@SimonRastikian SimonRastikian changed the base branch from fix-resharing-reconstruction-threshold to main July 3, 2026 14:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Node consumes per-domain ReconstructionThreshold from DomainConfig Simplify PresignatureStorage::new parameters

2 participants