Skip to content

Add support for the simple "sigs-based auth" VSS scheme #755

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
TheBlueMatt wants to merge 5 commits into
base: main
Choose a base branch
from
Open

Add support for the simple "sigs-based auth" VSS scheme #755

TheBlueMatt wants to merge 5 commits into from
+80 −45

Conversation

@TheBlueMatt
Copy link
Contributor

@TheBlueMatt TheBlueMatt commented Jan 15, 2026 

At https://github.com/lightningdevkit/vss-server/pull/79 we added
a new, trivial, VSS authentication scheme that ensures client
isolation without much else. This is great for testing, and we
expect some to do new-account-rate-limiting via other means, so
might well become a common default.

Here we add support to it in ldk-node.

@TheBlueMatt
Add support for the simple "sigs-based auth" VSS scheme
38ae0f9 
At lightningdevkit/vss-server#79 we added
a new, trivial, VSS authentication scheme that ensures client
isolation without much else. This is great for testing, and we
expect some to do new-account-rate-limiting via other means, so
might well become a common default.

Here we add support to it in ldk-node.
@TheBlueMatt
Switch to new sigs-based auth in VSS integration tests
fb2b6b7 
When we added the trivial sigs-based authentication scheme in VSS,
we made it the default if no other authentication scheme was
configured and default features are enabled.

This broke our integration tests as we were expecting no
authentication to be required in such a case.

Here we fix this by switching to the new sigs-based auth scheme,
removing `store_id`s to demonstrate client isolation while we're at
it.
@ldk-reviews-bot
Copy link

ldk-reviews-bot commented Jan 15, 2026
edited
Loading

I've assigned @tnull as a reviewer!
I'll wait for their review and will help manage the review process.
Once they submit their review, I'll check if a second reviewer would be helpful.

@TheBlueMatt
Copy link
Contributor Author

TheBlueMatt commented Jan 15, 2026

Depends on lightningdevkit/vss-client#54

@ldk-reviews-bot ldk-reviews-bot requested a review from tnull January 15, 2026 02:14
tnull
tnull reviewed Jan 15, 2026
View reviewed changes
Copy link
Collaborator

@tnull tnull left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Generally looks good, some comments. Mind adding an intermittent commit that bumps the dependency to your branch of vss-client so we can see if CI passes?

tests/integration_tests_vss.rs
.build_with_vss_store(
config_a.node_entropy,
vss_base_url.clone(),
"node_1_store".to_string(),
Copy link
Collaborator

@tnull tnull Jan 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why are we changing the store_id here and below?

Copy link
Contributor Author

@TheBlueMatt TheBlueMatt Jan 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To demonstrate/test client isolation in VSS by default.

tests/integration_tests_vss.rs

let rand_suffix: String =
(0..7).map(|_| rng().sample(rand::distr::Alphanumeric) as char).collect();
let store_id = format!("v0_compat_test_{}", rand_suffix);
Copy link
Collaborator

@tnull tnull Jan 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No, please leave this in place, otherwise running this test repeatedly against the same backend won't start from scratch every time.

Copy link
Contributor Author

@TheBlueMatt TheBlueMatt Jan 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oops, sorry, missed that they're using a static seed. I randomized the seed.

@TheBlueMatt
f randomize seed
42c9914
@TheBlueMatt
f correct fn call
88c6151
@TheBlueMatt
Use a default store_id in default build_with_vss_store
1c51a36 
There's not really any reason to force devs to select a `store_id`
in the default `build_with_vss_store` anymore - we use a key
derived from the node entropy to key the storage on the service
side which should prevent anything else from accessing the same
data unless its very deliberate.

Thus, we simply drop the `store_id` parameter to
`build_with_vss_store`.
@TheBlueMatt
Copy link
Contributor Author

TheBlueMatt commented Jan 15, 2026

Oops, fixed an issue but also pushed a new commit to drop the store_id parameter from build_with_vss_store entirely I don't see any reason to care about it now that data is keyed on the node's entropy for builds via this method (of course its still retained for other vss builders).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tnull tnull tnull left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@TheBlueMatt @ldk-reviews-bot @tnull