[ANN] Tendermint KMS v0.5: cosmos-sdk v0.33.0 support, double signing detection, peer ID verification, chain registry

Tendermint KMS v0.5.0 has been released!


More release info here:

This release includes support for cosmos-sdk v0.33.0, the version to be used to launch Cosmos Hub!

Note that Tendermint KMS is still alpha quality and has NOT been audited, however an audit is scheduled in the next few weeks. All of that said, this release is intended for use on the Cosmos Hub and has been tested on the gaia-13001 testnet.

It includes the following new features since the previous release:

Chain registry in tmkms.toml

The tmkms.toml now has a new mandatory [[chain]] section describing known blockchain networks and key serialization preferences to those networks.

Add the following to your tmkms.toml for cosmoshub-1:

id = "cosmoshub-1"
key_format = { type = "bech32", account_key_prefix = "cosmospub", consensus_key_prefix = "cosmosvalconspub" }
state_file = "/path/to/cosmoshub-1_priv_validator_state.json"

Initial double signing detection

Tendermint network consensus state at the time of the last signature is now tracked in [chainid]_priv_validator_state.json files (e.g. state_file above). Please see the double signing detection notes in README.md for more information.

Chain state hooks

To bootstrap the double signing detector, tmkms can execute an (optional!) user-specified subcommand to obtain information about the current chain state (e.g. query a sentry).

The following line can be added to any [[chain]] entry in tmkms.toml:

state_hook = { cmd = ["/path/to/block/height_script", "--example-arg", "cosmoshub"] }

This specifies a command to run, and any arguments required. This command is expected to return a JSON document like:

{"latest_block_height": "347290"}

If present, and larger than the latest known block height, this value will be used instead (up to a pre-configured sanity limit, presently 9000 blocks).

Peer ID verification for gaiad/validator connections

When configuring a TCP connection under the [[validator]] section of tmkms.toml, you can specify a peer ID at the beginning of tcp://, e.g.

addr = "tcp://f88883b673fc69d7869cab098de3bafc2ff76eb8@example1.example.com:26658"

This is presently optional but will become required in the future. If the peer ID is present, it will be verified against the validator’s public key to ensure it is accurate.

Configuring this is necessary to prevent MitM attacks against the KMS!


NOTE: If you’re presently on 0.5.0-alpha1, there is no urgency in upgrading, aside from peer ID verification support. If things are stable and you don’t want to make the switch now, it can wait.