3.1.0

MPC 3.1.0

The main feature of this release is an upgrade of our launcher to support fallback logic if a bad MPC node image gets added to the contract. This this release also makes gas parameters configurable in the contract, restores the old contract migration flow and fixes a bug where votes from kicked out nodes would remain post resharings.

What's Changed

🚀 Features

• #1552(@gilcu3): Scale all remaining sandbox tests (#1552)

• #1554(@gilcu3): Add cargo-make support (#1554)

• #1563(@gilcu3): Embed abi in contract (#1563)

• #1527(@barakeinav1): (launcher) Add support for multiple MPC hashes with fallback logic (#1527)

• #1566(@DSharifi): (contract) Make contract configuration values configurable (#1566)

• #1559(@pbeza): Clear update votes from non-participants after resharing (#1559)

🐛 Bug Fixes

• #1556(@DSharifi): Only allow contract itself to call migrate function (#1556)

• #1576(@gilcu3): Check python code quality in CI enabled (#1576)

• #1594(@gilcu3): Wrong tag name in gcp image creation (#1594)

🧪 Testing

• #1581(@DSharifi): Fix broken example pytest command (#1581)

⚙️ Miscellaneous Tasks

• #1501(@DSharifi): Remove pub migrate function and make gas deposit for upgrades configurable (#1501)

• #1558(@gilcu3): Provide cargo-binstall with a token (#1558)

• #1561(@gilcu3): Bump attestation submission frequency (#1561)

• #1569(@DSharifi): Don't take self needlessly on contract methods (#1569)

• #1580(@DSharifi): (dead-code) Remove allowed_code_hashes and mig_migration_info methods from the contract (#1580)

• #1579(@DSharifi): Bump near-sdk to 5.18.1 (#1579)

• #1577(@gilcu3): Create mpc attestation wrapper crate (#1577)

• #1593(@netrome): Bump nearcore to 2.10.0 (#1593)

• #1586(@DSharifi): Bump project version to 3.1.0 (#1586)

• #1588(@gilcu3): Make attestation crate independent of the mpc (#1588)

• #1551(@netrome): Document how to make a release (#1551)

• #1584(@barakeinav1): Update dockerhub configuration parameter and add integration test for validate_image_hash using Docker Hub image (#1584)

• #1602(@DSharifi): Use jemalloc as memory allocator (#1602)

• #1607(@DSharifi): Remove dead legacy code in contract (#1607)

• #1603(@gilcu3): Remove legacy support in devnet (#1603)

• #1609(@netrome): Bump nearcore to 2.10.1 (#1609)

Docker images

• nearone/mpc-node:3.1.0
  • Manifest digest: sha256:42ad42e532bb09b0324233707d9147fb8c6eb146562c403b23494c5f2aac7efa
  • Image ID: sha256:b0c054ff4fa066c0f439c0830756a885b066e94dacddca6db26ecec94deb3a67
• nearone/mpc-node-gcp:3.1.0
  • Manifest digest: sha256:aa55ec57a421fc6f4aea0b95a0081548e01a29385ce3fccc48e9207666c1676c
  • Image ID: sha256:c1b698d42b8e495fe13ae875f6d6c4e8c4471c80ef382fe017bfff4129a18a50
• nearone/mpc-launcher:3.1.0
  • Manifest digest: sha256:4065f2fce41415962be92471a4e793ff5147b00b2784617c7e8098be2761a875
  • Image ID: sha256:bad670e1ec573c3d242f83abcf95f5b6beb8811a16ed2822b0d492252a67ec39

3.0.6

MPC 3.0.6

A small patch release containing an upstream memory leak fix for the nearcore 2.10.0 release.

What's Changed

🚀 Features

• #1533(@gilcu3): Fix rust-cache in CI (#1533)

• #1537(@kevindeforth): Allow participants to withdraw their update vote (#1537)

• #1542(@gilcu3): Initial ckd example app (#1542)

🐛 Bug Fixes

• #1521(@gilcu3): Both test could be fixed by bumping gas appropiately (#1521)

• #1530(@gilcu3): Enable pytest optimizations removed in #1511 (#1530)

• #1531(@gilcu3): Use reproducible build in existing test (#1531)

• #1539(@gilcu3): Use correct nearcore commit in submodule (#1539)

• #1547(@gilcu3): Patch nearcore version 210 (#1547)

📚 Documentation

• #1467(@pbeza): Design TEE-enabled backup service (#1467)

Docker images

• nearone/mpc-node:3.0.6
  • Manifest digest: sha256:a465051f89ee8ddd9e6e1c9caa7027d64b5b305fe07192cae1caa04f8f5a5687
  • Image ID: sha256:ff80dbbfea7be9095f5507941ab9692557991102f8b829af29993d3761b726df
• nearone/mpc-launcher:3.0.6
  • Manifest digest: sha256:4b7ab5fac94b7ecd6ba180cf655c5700595c61a3945c321ddbe104b3993aaf83
  • Image ID: sha256:90de0813776b83e40c8483ce85a0dfe8e8f6c6deba24ce835f28baf0d3d2628b

3.0.5

MPC 3.0.5

The main purpose of this patch release is to upgrade nearcore to 2.10.0-rc.3 so that operators can upgrade their nodes before the testnet vote the 25th to avoid their nodes falling behind.

What's Changed

🚀 Features

• #1505(@andrei-near): Periodic mpc build workflow (#1505)

• #1506(@kevindeforth): Contract allows querying update proposals (#1506)

• #1510(@gilcu3): Sandbox tests support for any number of participants (#1510)

🐛 Bug Fixes

• #1488(@kevindeforth): (contract) Fix ProposeUpdate vote method and add unit test (#1488)

• #1490(@gilcu3): Remove balance checks (#1490)

• #1492(@barakeinav1): (test) Enable and update test_from_str_valid (#1492)

• #1509(@andrei-near): Nightly build MPC workflow (#1509)

🧪 Testing

• #1498(@pbeza): Add unit tests for do_update function in contract.rs (#1498)

• #1504(@barakeinav1): Update attestation test and refresh asset extraction files (#1504)

⚙️ Miscellaneous Tasks

• #1503(@DSharifi): Update mainnet to use 3_0_2 release for backwards compatibilit… (#1503)

• #1511(@DSharifi): Bump nearcore dependency to 2.10.0-rc.3 (#1511)

Docker images

• nearone/mpc-node:3.0.5
  • Manifest digest: sha256:cc4bcbdff56ff708ddcc24a48196dbae7ea74e9f64914c4a7ce15d1457b4b199
  • Image ID: sha256:7e88d23b56b501d39b77181e422d89260babc61a475db74a12b755763cedd781
• nearone/mpc-launcher:3.0.5
  • Manifest digest: sha256:4b7ab5fac94b7ecd6ba180cf655c5700595c61a3945c321ddbe104b3993aaf83
  • Image ID: sha256:90de0813776b83e40c8483ce85a0dfe8e8f6c6deba24ce835f28baf0d3d2628b

3.0.4

MPC 3.0.4

Small patch following the testnet node upgrade. Main feature is we've updated the node docker image to support fetching a missing environment variable in GCP deployments, which caused 3.0.3 upgrades that missed that environment variable to fail.

What's Changed

🚀 Features

• #1428(@barakeinav1): (verification) Allow RTMR2 to match production or dev measurements (#1428)

• #1438(@gilcu3): Add support for abi snapshots (#1438)

• #1459(@gilcu3): Add pytest with CKD private verification (#1459)

• #1468(@gilcu3): Group compatible pytests to use shared cluster (#1468)

🐛 Bug Fixes

• #1448(@barakeinav1): (localnet) Ensure MPC node can sync after delay by updating neard retention policy (#1448)

• #1446(@gilcu3): Align waiting time with number of added domains (#1446)

• #1463(@gilcu3): Update snapshot after recent contract ABI changes (#1463)

• #1469(@netrome): Separate build workflows for launcher and node (#1469)

• #1471(@gilcu3): Make sure cargo-near is installed from binary release (#1471)

• #1480(@gilcu3): Fetch mpc secret store key and add gcp image (#1480)

⚙️ Miscellaneous Tasks

• #1451(@gilcu3): Update testnet contract (#1451)

• #1454(@gilcu3): Update contract readme wrt CKD (#1454)

• #1460(@netrome): Improved docker workflows for node and launcher image (#1460)

• #1464(@gilcu3): Extend localnet guide to include eddsa and ckd examples as well (#1464)

Docker images

• nearone/mpc-node:3.0.4
  • Manifest digest: sha256:a0bd08c4563a008e264c680e2c7b187ee304abd91aa3cdb94d48a4d9b1acbc98
  • Image ID: sha256:7c0ee6d08f253f7f890883ce4d64c387aab0d1a192a8a827f7db8cdf55a6a3b8
• nearone/mpc-launcher:3.0.4
  • Manifest digest: sha256:4b7ab5fac94b7ecd6ba180cf655c5700595c61a3945c321ddbe104b3993aaf83
  • Image ID: sha256:90de0813776b83e40c8483ce85a0dfe8e8f6c6deba24ce835f28baf0d3d2628b

3.0.3

MPC 3.0.3

Tiny patch, primarily for bumping nearcore to 2.9.1 to include a recent fix.

What's Changed

🐛 Bug Fixes

• #1441(@pbeza): Reduce log noise in migration monitor task (#1441)

⚙️ Miscellaneous Tasks

• #1434(@barakeinav1): Fix key names in localnet guide (#1434)

• #1444(@netrome): Bump nearcore to include 2.9.1 (#1444)

Full Changelog: 3.0.2...3.0.3

Docker images

• nearone/mpc-node:3.0.3
  • Manifest digest: sha256:a2735be2d3b770dcca811846302841f19ba467aa625bae69f1d2b4a06fcbc4c4
  • Image ID: sha256:3d9f0c0fbdc2dfce7fa59b3df7dd7cba05429b1bc430f784ef7dc5491f720a47
• nearone/mpc-launcher:3.0.3
  • Manifest digest: sha256:4b7ab5fac94b7ecd6ba180cf655c5700595c61a3945c321ddbe104b3993aaf83
  • Image ID: sha256:90de0813776b83e40c8483ce85a0dfe8e8f6c6deba24ce835f28baf0d3d2628b

3.0.2

MPC 3.0.2

Here we go again! This patch features a new migration flow that should allow us to migrate from the 2.2.0 contract without running out of gas.

Migrating to the 3.0.2 contract

To migrate to the 3.0.2 contract, you first need to propose and vote for the upgrade as normal. However once the vote has passed and the new contract has been upgraded, the pub_migrate function needs to be called by anyone to conclude the migration.

What's Changed

🚀 Features

• #1412(@gilcu3): Validate attestation before submission (#1412)

🐛 Bug Fixes

• #1405(@gilcu3): Test_latest_allowed_image_hash_is_written assuming wrong order (#1405)

• #1413(@gilcu3): Remove wrong near_sdk::PublicKey conversions (#1413)

• #1414(@pbeza): Disable state sync in start.sh for localnet (#1414)

• #1418(@gilcu3): Path to store latest mpc node image hashes in devnet (#1418)

• #1426(@barakeinav1): (tee) Add prefix to written image digest for launcher compatibility (#1426)

• #1432(@gilcu3): Enable user_views tests in the contract (#1432)

• #1436(@gilcu3): Add pub_migrate function to get current contract migration unstuck (#1436)

🧪 Testing

• #1406(@kevindeforth): Improve unit tests (#1406)

⚙️ Miscellaneous Tasks

• #1409(@Copilot): Downgrade account balance fetch log to debug level (#1409)

• #1427(@barakeinav1): Remove "exit 1" that could close ssh session (#1427)

• #1430(@netrome): Bump protocol version (#1430)

Full Changelog: 3.0.1...3.0.2

Docker images

• nearone/mpc-node:3.0.2
  • Manifest digest: sha256:7fab5f002274a2968823a18974c3b632dfe61e4c39f5b285a02f35d2bb9d7d99
  • Image ID: sha256:96f1b663c56a91138ee17caa94107780273ac48069082f8741e5cf0bb54a8900
• nearone/mpc-launcher:3.0.2
  • Manifest digest: sha256:4b7ab5fac94b7ecd6ba180cf655c5700595c61a3945c321ddbe104b3993aaf83
  • Image ID: sha256:90de0813776b83e40c8483ce85a0dfe8e8f6c6deba24ce835f28baf0d3d2628b

3.0.1

MPC 3.0.1

It was so fun releasing yesterday, so we decided to do it again today 🎉

This is a minor patch on top of 3.0.0 containing changes allowing to upgrade from 2.2.0 without adding any new environment variables as that may be a complex operation for some deployments.

What's Changed

🚀 Features

• #1401(@pbeza): Add default behavior if MPC_LATEST_ALLOWED_HASH_FILE is not set (#1401)

🐛 Bug Fixes

• #1396(@gilcu3): Compute fresh attestations before submitting (#1396)

• #1403(@kevindeforth): Node uses correct latest docker image hash (#1403)

⚙️ Miscellaneous Tasks

• #1385(@barakeinav1): Small operator guide fixes (#1385)

• #1398(@kevindeforth): Generate backup encryption key if env var is not provided (#1398)

• #1397(@netrome): Update nearcore to a modified 2.9 with testnet voting date set (#1397)

Full Changelog: 3.0.0...3.0.1

Docker images

• nearone/mpc-node:3.0.1
  • Manifest digest: sha256:97c14511efea74a759bbef97a6a16aa817a78ed63f0a3a9b903781ef455f9097
  • Image ID: sha256:a3875680caee60b2ecff93fea934acd66c33c8066678e5931152324e9648476c
• nearone/mpc-launcher:3.0.1
  • Manifest digest: sha256:4b7ab5fac94b7ecd6ba180cf655c5700595c61a3945c321ddbe104b3993aaf83
  • Image ID: sha256:90de0813776b83e40c8483ce85a0dfe8e8f6c6deba24ce835f28baf0d3d2628b

3.0.0

MPC 3.0.0 release

Finally we're releasing the 3.0.0 bundle, featuring support for running MPC nodes on TDX servers with dstack.

Upgrading from 2.2.0

The MPC 3.0.0 contract can run with 2.2.0 nodes, but MPC 3.0.0 nodes can not run with a 2.2.0 contract.

Therefore, to upgrade a 2.2.0 network to 3.0.0 the following steps are needed:

1. Migrate node secrets. This happens automatically by running the latest 2.2.0 mainnet-release and testnet-release images. Ensure you have a secrets.json file in your MPC_HOME directory.
2. Vote for the 3.0.0 contract.
3. Upgrade all nodes to run 3.0.0.

Main features

While this release feautres a lot of changes, some main features are:

• Confidential Key Derivation.
  • The MPC contract now contains a method to query deterministic confidential keys.
• TEE attestations.
  • MPC nodes now can produce TEE attestations when running on TDX servers with Dstack. The code features a guide on how to set this up as well.
  • The MPC contract can validate and kick-out any nodes with invalid attestations.
• Upgraded key management.
  • MPC nodes now generate their own keys for communicating with each other and the contract. This is a security requirement for the TEE migration.
• Migration service.
  • The contract now allows backup services to be registered, enabling MPC nodes to securely back up their sensitive key shares.

What's Changed

🚀 Features

• #489(@kevindeforth): (devnet) Loadtest tracks success statistics (#489)

• #410(@pbeza): (contract) Add support for TEE (#410)

• #511(@DSharifi): (contract) Add method to contract to get allowed image hashes (#511)

• #468(@kevindeforth): (Tee) Automatic kickout mechanism for invalid TEE status (#468)

• #509(@pbeza): (contract) Verification of TEE RTMRs 0-2 and MRTD (#509)

• #513(@DSharifi): (indexer) Periodically fetch allowed image hashes from mpc contract (#513)

• #525(@DSharifi): (tee) Node monitors latest allowed image hashes from contract (#525)

• #524(@barakeinav1): Initial launcher script (#524)

• #445(@kuksag): (tee) Generate p2p key/near signer key inside MPC node (#445)

• #516(@pbeza): (contract) Verification of RTMR3 (#516)

• #537(@pbeza): (contract) Verify report_data field of the TEE quote (#537)

• #541(@barakeinav1): (remote attestation ) RTMRs and app_compose field checks (#541)

• #543(@DSharifi): Submit remote attestation on startup (#543)

• #553(@kevindeforth): (Tee) Join logic for new participant and readme (#553)

• #558(@kevindeforth): (devnet) Enable ssd support (#558)

• #576(@kevindeforth): (pytest) Interactive pytest (#576)

• #560(@kevindeforth): Enable network hardship simulation (#560)

• #639(@barakeinav1): (tee) Add p2p public key to StaticWebData and http endpoint (#639)

• #632(@pbeza): (tee) Custom attestation module (#632)

• #653(@pbeza): (tee) Implement attestation quote generation in attestation module (#653)

• #665(@DSharifi): (contract) Key resharing can be cancelled on the contract (#665)

• #684(@kevindeforth): (metrics) Expose peers block height metric (#684)

• #683(@pbeza): (tee) Implement TEE quote verification in attestation module (#683)

• #722(@gilcu3): Added TEE enabled dockerfile + github workflow (#722)

• #734(@gilcu3): Add support for cargo-near reproducible build (#734)

• #711(@pbeza): (tee) Add Docker image verification logic to attestation (#711)

• #776(@kevindeforth): Export account balances as metric (#776)

• #747(@barakeinav1): Add CLI script to deploy the Launcher in dstack CVM (#747)

• #769(@andrei-near): Build info metrics (#769)

• #885(@gilcu3): Add CKD support to the MPC contract (#885)

• #934(@gilcu3): Add DomainId to CKDRequest (#934)

• #956(@gilcu3): CKD support in indexer - node/src/indexer/ changes (#956)

• #957(@gilcu3): CKD support in indexer - store + web changes (#957)

• #942(@pbeza): (tee) Clean TEE state when concluding a resharing (#942)

• #964(@andrei-near): Overwrite mpc/near configs from ENV vars (#964)

• #968(@gilcu3): CKD indexer - queue refactor (#968)

• #974(@gilcu3): CKD provider support (#974)

• #967(@netrome): Cli option to configure attestation authority (#967)

• #985(@gilcu3): Added pytests for CKD (#985)

• #1008(@gilcu3): DomainId separation enforcement in the contract (#1008)

• #1032(@kevindeforth): Improve asset cleanup behavior when entering running or resharing (#1032)

• #1038(@gilcu3): Make leader explicit in completed requests (#1038)

• #1023(@gilcu3): CKD support in devnet (#1023)

• #1061(@kevindeforth): Change of participant set leads to exit of running state. (#1061)

• #1064(@gilcu3): Achieve reproducible builds for the mpc node and launcher (#1064)

• #1070(@barakeinav1): (pytest) Restrict signer keys to MPC contract method (clean) (#1070)

• #1153(@andrei-near): Failed cluster signatures metrics main (#1153)

• #1162(@kevindeforth): Contract supports migration service (#1162)

• #1155(@barakeinav1): Devnet add missing image_hash and latest_allowed_hash_file (#1155)

• #1197(@DSharifi): Enforce all participants to have valid attestations (#1197)

• #1219(@gilcu3): Update to use new ts rerandomization+coordinator API (#1219)

• #1233(@kevindeforth): Metrics tracking participant ids in failed signature computations (#1233)

• #1215(@kevindeforth): Import keyshares into empty keyshare storage (#1215)

• #1225(@gilcu3): New dtos_contract::PublicKey type (#1225)

• #1223(@pbeza): Re-submit attestation if node detects it has no attestation on chain (#1223)

• #1241(@gilcu3): Add near_sdk compatible serde serialization for dto types + Bls types (#1241)

• #1250(@kevindeforth): Indexer fetches migration state from contract and displays it on a web-endpoint (#1250)

• #1239(@gilcu3): Ckd bls pivot (#1239)

• #1267(@kevindeforth): Onboarding logic for MPC node (#1267)

• #1272(@gilcu3): Support CKD with BLS in pytests (#1272)

• #1289(@pbeza): Scaffold initial backup service (#1289)

• #1216(@kevindeforth): Import keyshares into non empty keyshare storage (#1216)

• #1283(@kevindeforth): Migration service web server and client logic (#1283)

• #1270(@barakeinav1): Add public key enforcement feature (#1270)

• #1300(@gilcu3): Add read-only getter for keyshares (#1300)

• #1301(@gilcu3): Backup_cli store secrets in json file (#1301)

• #1313(@barakeinav1): Add enforcement that contract call are by attested participants (#1313)

• #1317(@gilcu3): Backup-cli http over mtls support (#1317)

• #1319(@kevindeforth): Mpc node spawns recovery web endpoint (1295) (#1319)

• #1316(@barakeinav1): Use pre predecessor_account_id (#1316)

• #1329(@Copilot): Add secrets.json migration support for 2.2.0 → 3.0.0 upgrade path (#1329)

• #1339(@gilcu3): Update to current ts version, more changes than I expected, some tricky deps changes as well (#1339)

• #1353(@gilcu3): Ensure docker compose ...

2.2.0

• MPC network and smart contract can now process signature requests in parallel to performing key resharing.

• Signature requests can now be re-submitted to the smart contract in case of signature failure.

• Addressed the issue of running out of gas on failing signature in the smart contract by increasing gas attachment.

• The smart contract now requires:

  • all current participants to vote for the new domain in order to enter keygen;
  • all prospective participants of the prospective epoch to vote in order to enter reshare.

• Now, the smart contract must be in the Running state in order to receive update votes.

2.0.0-rc.1

• Add support of EdDSA signing. Now the smart contract supports multiple domains. Each domain is a key of type either ECDSA or EDDSA
• Robust key resharing through coordination in the smart contract. Key resharing is now coordinated through smart contract to ensure every party agrees on whether a key resharing is initiated or completed. Also adds the ability to abort a key resharing that is in progress through voting.