v3.3.1

Highlights

• Allow larger sign payloads with larger default socket read size of 1MB and maxReadSize config parameter
• Fix debug server when using grpc connection, e.g. with horcrux-proxy

Updating

If coming from v3.3.0-rc1 or v3.3.0, this can be applied as a rolling upgrade, which prevents missed blocks:

• Shut down a non-leader cosigner, upgrade version, and restart
• Repeat for remaining non-leader cosigners
• elect one of the upgraded cosigners as the leader with horcrux elect N
• Shut down the initial leader cosigner, upgrade version, and restart
• elect initial leader as leader again if desired

If coming from ≤v3.2.3:

• Shut down all cosigners and delete ~/.horcrux/raft directory
• Update binary or docker image
• Start cosigner nodes back up

What's Changed

• Make max read size configurable by @agouin in #273
• fix(runtime): debug server not starting due to blocking grpc serve by @agouin in #275

Full Changelog: v3.3.0...v3.3.1

v3.3.0

Highlights

• Support for CometBFT Vote Extensions which allows for signing an additional payload (vote extension) for precommits. Consumes an extra nonce when signing in threshold mode. This is factored into the nonce production rate.

Updating

If coming from v3.3.0-rc1, this can be applied as a rolling upgrade, which prevents missed blocks:

• Shut down a non-leader cosigner, upgrade version, and restart
• Repeat for remaining non-leader cosigners
• elect one of the upgraded cosigners as the leader with horcrux elect N
• Shut down the initial leader cosigner, upgrade version, and restart
• elect initial leader as leader again if desired

If coming from ≤v3.2.3:

• Shut down all cosigners and delete ~/.horcrux/raft directory
• Update binary or docker image
• Start cosigner nodes back up

What's Changed

• Update Horcrux go.mod module path by @jakubbujny in #240
• vote extensions by @agouin in #242
• Bump github.com/opencontainers/runc from 1.1.10 to 1.1.12 in /test by @dependabot in #246
• Fix typos by @shapeshed in #251

New Contributors

• @jakubbujny made their first contribution in #240
• @shapeshed made their first contribution in #251

Full Changelog: v3.2.3...v3.3.0

v3.3.0-rc1

Highlights

• Support CometBFT Vote Extensions

What's Changed

• Update Horcrux go.mod module path by @jakubbujny in #240
• vote extensions by @agouin in #242

Updating

• Shut down all cosigners and delete ~/.horcrux/raft directory
• Update binary or docker image
• Start cosigner nodes back up

New Contributors

• @jakubbujny made their first contribution in #240

Full Changelog: v3.2.3...v3.3.0-rc1

v3.2.3

This patches an edge case bug introduced in v3.2.0 which could be encountered when a cosigner has downtime. The leader could get stuck, causing signing to stop even with threshold cosigners online.

Updating

If coming from v3.2.0-v3.2.2, this can be applied as a rolling upgrade, which prevents missed blocks:

• Shut down a non-leader cosigner, upgrade version, and restart
• Repeat for remaining non-leader cosigners
• elect one of the upgraded cosigners as the leader with horcrux elect N
• Shut down the initial leader cosigner, upgrade version, and restart
• elect initial leader as leader again if desired

If coming from ≤v3.1.0:

• Shut down all cosigners and delete ~/.horcrux/raft directory
• Update binary or docker image
• Start cosigner nodes back up

What's Changed

• Fix stuck leader when cosigner goes down by @agouin in #232
• Reverse where we start checking for a non-expired nonce, oldest -> newest by @misko9 in #234
• add unit tests for prune by @agouin in #235
• mitigate unexpected state by @agouin in #233

New Contributors

• @misko9 made their first contribution in #234

Full Changelog: v3.2.2...v3.2.3

v3.2.2

This patches an bug introduced in v3.2.0 which could be encountered when using horcrux with only one chain where the block times are 5+ seconds

Updating

If coming from v3.2.0 or v3.2.1, this can be applied as a rolling upgrade, which prevents missed blocks:

• Shut down a non-leader cosigner, upgrade version, and restart
• Repeat for remaining non-leader cosigners
• elect one of the upgraded cosigners as the leader with horcrux elect N
• Shut down the initial leader cosigner, upgrade version, and restart
• elect initial leader as leader again if desired

If coming from ≤v3.1.0:

• Shut down all cosigners and delete ~/.horcrux/raft directory
• Update binary or docker image
• Start cosigner nodes back up

What's Changed

• Low nonce consumption by @agouin in #229

Full Changelog: v3.2.1...v3.2.2

v3.2.1

This patches an edge case bug introduced in v3.2.0 which could be encountered with an unreachable cosigner #226

Updating

If coming from v3.2.0, this can be applied as a rolling upgrade, which prevents missed blocks:

• Shut down a non-leader cosigner, upgrade version, and restart
• Repeat for remaining non-leader cosigners
• elect one of the upgraded cosigners as the leader with horcrux elect N
• Shut down the initial leader cosigner, upgrade version, and restart
• elect initial leader as leader again if desired

If coming from ≤v3.1.0:

• Shut down all cosigners and delete ~/.horcrux/raft directory
• Update binary or docker image
• Start cosigner nodes back up

What's Changed

• Fix ClearNonces index out of range by @agouin in #227

Full Changelog: v3.2.0...v3.2.1

v3.2.0

Highlights

• Much faster signing with nonce pre-sharing and GRPC multiplexing. Before: ~5ms + network latency of 4 round trips, After: ~2ms + network latency of single round trip #218
• Per-chain-id prometheus metrics #198
• Cosigner GRPC Server for integration with horcrux-proxy to multiplex block sign requests, also in preparation for Gordian.

Updating

• Shut down all cosigners and delete ~/.horcrux/raft directory
• Update binary or docker image
• Start cosigner nodes back up

What's Changed

• Bump github.com/libp2p/go-libp2p from 0.22.0 to 0.27.8 in /test by @dependabot in #189
• Fix race in leader election test by @agouin in #216
• chore: contributing + code of conduct by @Reecepbcups in #208
• remote signer grpc server by @agouin in #215
• Update migrating.md by @akc2267 in #213
• Pre-share nonces by @agouin in #218
• Prom vecs by @agouin in #219
• Bump golang.org/x/net from 0.9.0 to 0.17.0 by @dependabot in #207
• Bump google.golang.org/grpc from 1.55.0 to 1.56.3 by @dependabot in #209
• Bump golang.org/x/net from 0.11.0 to 0.17.0 in /test by @dependabot in #206
• Bump github.com/ethereum/go-ethereum from 1.12.0 to 1.13.5 by @dependabot in #220
• Fix lint by @agouin in #222
• fix error checking over rpc by @agouin in #223
• Fix - running out of nonces under load by @agouin in #224

New Contributors

• @Gustavobelfort made their first contribution in #198 #219
• @Reecepbcups made their first contribution in #208
• @akc2267 made their first contribution in #213

Full Changelog: v3.1.0...v3.2.0

v3.2.0-rc2

Highlights

• Much faster signing (~2ms + network latency of single round trip) with nonce pre-sharing and GRPC multiplexing #218
• Per-chain-id prometheus metrics #198
• Cosigner GRPC Server for integration with horcrux-proxy to multiplex block sign requests, also in preparation for Gordian.

Updating

• Shut down all cosigners and delete ~/.horcrux/raft directory
• Update binary or docker image
• Start cosigner nodes back up

What's Changed

• Bump github.com/libp2p/go-libp2p from 0.22.0 to 0.27.8 in /test by @dependabot in #189
• Fix race in leader election test by @agouin in #216
• chore: contributing + code of conduct by @Reecepbcups in #208
• remote signer grpc server by @agouin in #215
• Update migrating.md by @akc2267 in #213
• Pre-share nonces by @agouin in #218
• Prom vecs by @agouin in #219
• Bump golang.org/x/net from 0.9.0 to 0.17.0 by @dependabot in #207
• Bump google.golang.org/grpc from 1.55.0 to 1.56.3 by @dependabot in #209
• Bump golang.org/x/net from 0.11.0 to 0.17.0 in /test by @dependabot in #206
• Bump github.com/ethereum/go-ethereum from 1.12.0 to 1.13.5 by @dependabot in #220
• Fix lint by @agouin in #222
• fix error checking over rpc by @agouin in #223

New Contributors

• @Reecepbcups made their first contribution in #208
• @akc2267 made their first contribution in #213

Full Changelog: v3.1.0...v3.2.0-rc2

v3.2.0-rc1

Highlights

• Much faster signing (~2ms + network latency of single round trip) with nonce pre-sharing and GRPC multiplexing #218
• Per-chain-id prometheus metrics #198
• Cosigner GRPC Server for integration with horcrux-proxy to multiplex block sign requests, also in preparation for Gordian.

Updating

• Shut down all cosigners and delete ~/.horcrux/raft directory
• Update binary or docker image
• Start cosigner nodes back up

What's Changed

• Bump github.com/libp2p/go-libp2p from 0.22.0 to 0.27.8 in /test by @dependabot in #189
• Fix race in leader election test by @agouin in #216
• chore: contributing + code of conduct by @Reecepbcups in #208
• remote signer grpc server by @agouin in #215
• Update migrating.md by @akc2267 in #213
• Pre-share nonces by @agouin in #218
• Prom vecs by @agouin in #219
• Bump golang.org/x/net from 0.9.0 to 0.17.0 by @dependabot in #207
• Bump google.golang.org/grpc from 1.55.0 to 1.56.3 by @dependabot in #209
• Bump golang.org/x/net from 0.11.0 to 0.17.0 in /test by @dependabot in #206
• Bump github.com/ethereum/go-ethereum from 1.12.0 to 1.13.5 by @dependabot in #220
• Fix lint by @agouin in #222

New Contributors

• @Reecepbcups made their first contribution in #208
• @akc2267 made their first contribution in #213

Full Changelog: v3.1.0...v3.2.0-rc1

v3.1.0

Highlights

• Introduce ECIES+ECDSA for encryption and digital signature of cosigner-to-cosigner network traffic for faster cosigner secure communication. RSA+P5S encryption + signature authentication is now deprecated
• Fix latency regression in v3.0.0 due to golang 1.20 rsa regression
• Release binary is now static for portability across linux distributions
• Leader election fixed when cosigners are referenced by IP address
• Connection and concurrency optimizations

Updating

• Shut down all cosigners and delete ~/.horcrux/raft directory
• Update binary or docker image to v3.1.0
• If coming from v2.x.x, run horcrux config migrate command to migrate key files and config from v2 format to v3 format
• Recommended: replace RSA with ECIES for cosigner secure communication. On a trusted machine, generate ECIES keys with horcrux create-ecies-shards --shards <total number of cosigners>. Distribute the cosigner_$N/ecies_keys.json files to the respective cosigners. After this, rsa_keys.json is no longer required on the cosigners.
• Start cosigner nodes back up

What's Changed

• Bump github.com/opencontainers/runc from 1.1.3 to 1.1.5 by @dependabot in #155
• Make Horcrux a static executable by @vimystic in #157
• Remove depguard by @vimystic in #158
• set and get nonces concurrently by @agouin in #164
• nonce rename by @agouin in #165
• Bump github.com/cosmos/cosmos-sdk from 0.47.1 to 0.47.3 by @dependabot in #163
• Bump github.com/cometbft/cometbft from 0.37.0 to 0.37.2 by @dependabot in #167
• Fix multiresolver for IPs by @agouin in #168
• sign state signaling by @agouin in #169
• threshold signer integration into local cosigner by @agouin in #170
• Cosigner Security by @agouin in #171
• CosignerSecurityECIES by @agouin in #173
• Interchaintest for e2e tests by @agouin in #174
• Bump github.com/containerd/containerd from 1.6.8 to 1.6.18 in /test by @dependabot in #177
• use go-ethereum ecies due to instability with ecies/go/v2 by @agouin in #178
• Bump github.com/gin-gonic/gin from 1.8.1 to 1.9.1 in /test by @dependabot in #179
• waiting for same block signature - timeout and max attempts by @agouin in #184
• Vivek/156 : Downgrade golang version from 1.20 to 1.19 by @vimystic in #183
• fix raft store npe by @agouin in #185
• no concurrent dial to same node by @agouin in #186
• Remove goreleaser by @agouin in #187

New Contributors

• @dependabot made their first contribution in #155

Full Changelog: v3.0.0...v3.1.0