input-output-hk · jpraynaud · Jun 26, 2024 · Dec 11, 2025 · Dec 16, 2025 · Dec 17, 2025
diff --git a/.github/workflows/test-deploy-network.yml b/.github/workflows/test-deploy-network.yml
@@ -89,7 +89,7 @@ jobs:
               {
                 "1" = {
                   type    = "unverified-cardano-passive-norelay",
-                  pool_id = "pool1y0uxkqyplyx6ld25e976t0s35va3ysqcscatwvy2sd2cwcareq7",
+                  pool_id = "pool13zafxlpfgymf474uv52qt557z5k5frn9p83yr55zp267wj5mpu4",
                 },
               }
             mithril_leader_aggregator_endpoint: https://aggregator.dev-preview.api.mithril.network/aggregator

diff --git a/internal/mithril-dmq/src/model/network.rs b/internal/mithril-dmq/src/model/network.rs
@@ -27,9 +27,9 @@ impl DmqNetwork {
     /// Preprod magic ID
     pub const PREPROD_MAGIC_ID: MagicId = 1; // TODO: Update magic ids for networks
     /// Preview magic ID
-    pub const PREVIEW_MAGIC_ID: MagicId = 2; // TODO: Update magic ids for networks
+    pub const PREVIEW_MAGIC_ID: MagicId = 3141592; // TODO: Update magic ids for networks
     /// Devnet magic ID
-    pub(crate) const DEVNET_MAGIC_ID: MagicId = 3141592; // TODO: Update magic ids for networks
+    pub(crate) const DEVNET_MAGIC_ID: MagicId = 0; // TODO: Update magic ids for networks
 
     /// Instantiates a DmqNetwork from its code and magic id
     pub fn from_code(

diff --git a/mithril-aggregator/src/services/signature_processor.rs b/mithril-aggregator/src/services/signature_processor.rs
@@ -1,4 +1,4 @@
-use std::sync::Arc;
+use std::{sync::Arc, time::Duration};
 
 use slog::{Logger, error, trace, warn};
 
@@ -34,6 +34,8 @@ pub struct SequentialSignatureProcessor {
 }
 
 impl SequentialSignatureProcessor {
+    const ERROR_DELAY_IN_SECONDS: Duration = Duration::from_secs(1);
+
     /// Creates a new `SignatureProcessor` instance.
     pub fn new(
         consumer: Arc<dyn SignatureConsumer>,
@@ -111,7 +113,13 @@ impl SignatureProcessor for SequentialSignatureProcessor {
 
                     return Ok(());
                 }
-                _ = self.process_signatures() => {}
+                res = self.process_signatures() => {
+                    if let Err(e) = res {
+                        error!(self.logger, "Error processing signatures"; "error" => ?e);
+                        error!(self.logger, "Sleep for {} seconds", Self::ERROR_DELAY_IN_SECONDS.as_secs());
+                        tokio::time::sleep(Self::ERROR_DELAY_IN_SECONDS).await;
+                    }
+                }
             }
         }
     }

diff --git a/mithril-common/Cargo.toml b/mithril-common/Cargo.toml
@@ -19,7 +19,7 @@ rustdoc-args = ["--cfg", "docsrs"]
 ignored = ["serde_bytes"]
 
 [features]
-default = ["rug-backend"]
+default = ["rug-backend", "allow_skip_signer_certification"]
 
 # Enables `rug-backend` features for `mithril-stm` dependency
 rug-backend = ["mithril-stm/rug-backend"]

diff --git a/mithril-common/src/crypto_helper/cardano/kes/error.rs b/mithril-common/src/crypto_helper/cardano/kes/error.rs
@@ -18,7 +18,7 @@ pub enum KesVerifyError {
 #[derive(Error, Debug)]
 pub enum KesSignError {
     /// Error raised when a KES update error occurs
-    #[error("KES key cannot be updated for period {0}")]
+    #[error("KES key cannot be updated for evolution {0}")]
     UpdateKey(KesPeriod),
 
     /// Period of key file does not match with period provided by user

diff --git a/mithril-common/src/crypto_helper/cardano/kes/interface.rs b/mithril-common/src/crypto_helper/cardano/kes/interface.rs
@@ -11,7 +11,13 @@ use crate::{
 #[cfg_attr(test, mockall::automock)]
 pub trait KesSigner: Send + Sync {
     /// Return signed bytes with the KES secret key and the associated Operational Certificate
-    fn sign(&self, message: &[u8], kes_period: KesPeriod) -> StdResult<(Sum6KesSig, OpCert)>;
+    ///
+    /// current_kes_period: The KES period used to sign the message (absolute period computed from the chain at the moment of signature)
+    fn sign(
+        &self,
+        message: &[u8],
+        current_kes_period: KesPeriod,
+    ) -> StdResult<(Sum6KesSig, OpCert)>;
 }
 
 /// Trait for KES (Key Evolving Signature) verification operation.

diff --git a/mithril-common/src/crypto_helper/cardano/kes/signer_with_key.rs b/mithril-common/src/crypto_helper/cardano/kes/signer_with_key.rs
@@ -31,27 +31,32 @@ impl KesSignerStandard {
 }
 
 impl KesSigner for KesSignerStandard {
-    fn sign(&self, message: &[u8], kes_period: KesPeriod) -> StdResult<(Sum6KesSig, OpCert)> {
+    fn sign(
+        &self,
+        message: &[u8],
+        current_kes_period: KesPeriod,
+    ) -> StdResult<(Sum6KesSig, OpCert)> {
         let mut kes_sk_bytes = Sum6KesBytes::from_file(&self.kes_sk_path)
             .with_context(|| "StandardKesSigner can not read KES secret key from file")?;
         let mut kes_sk = Sum6Kes::try_from(&mut kes_sk_bytes)
             .with_context(|| "StandardKesSigner can not use KES secret key")?;
+        let operational_certificate = OpCert::from_file(&self.operational_certificate_path)
+            .with_context(|| "StandardKesSigner can not read operational certificate from file")?;
+        let kes_period_start = operational_certificate.get_start_kes_period() as u32;
         let kes_sk_period = kes_sk.get_period();
-        if kes_sk_period > kes_period {
+        let kes_evolutions = current_kes_period.saturating_sub(kes_period_start);
+        if kes_sk_period > kes_evolutions {
             return Err(anyhow!(KesSignError::PeriodMismatch(
                 kes_sk_period,
-                kes_period
+                kes_evolutions
             )));
         }
 
         // We need to perform the evolutions
-        for period in kes_sk_period..kes_period {
-            kes_sk.update().map_err(|_| KesSignError::UpdateKey(period))?;
+        for evolution in kes_sk_period..kes_evolutions {
+            kes_sk.update().map_err(|_| KesSignError::UpdateKey(evolution))?;
         }
 
-        let operational_certificate = OpCert::from_file(&self.operational_certificate_path)
-            .with_context(|| "StandardKesSigner can not read operational certificate from file")?;
-
         Ok((kes_sk.sign(message), operational_certificate))
     }
 }
@@ -119,7 +124,8 @@ mod tests {
     }
 
     #[test]
-    fn create_invalid_signature_for_invalid_kes_period() {
+    fn create_invalid_signature_for_invalid_kes_evolution() {
+        const MAX_KES_EVOLUTIONS: KesPeriod = 63;
         let kes_period_start = 5 as KesPeriod;
         let KesCryptographicMaterialForTest {
             party_id: _,
@@ -132,11 +138,7 @@ mod tests {
         );
         let message = b"Test message for KES signing";
         let kes_signer = KesSignerStandard::new(kes_secret_key_file, operational_certificate_file);
-        let kes_signing_period = 2;
-        assert!(
-            kes_signing_period < kes_period_start,
-            "KES signing period should be less than the KES period of the key"
-        );
+        let kes_signing_period = kes_period_start + MAX_KES_EVOLUTIONS + 1;
 
         kes_signer
             .sign(message, kes_signing_period)

diff --git a/mithril-common/src/crypto_helper/cardano/key_certification.rs b/mithril-common/src/crypto_helper/cardano/key_certification.rs
@@ -88,7 +88,7 @@ pub enum ProtocolInitializerErrorWrapper {
     ProtocolInitializer(#[source] StdError),
 
     /// Error raised when a KES update error occurs
-    #[error("KES key cannot be updated for period {0}")]
+    #[error("KES key cannot be updated for evolution {0}")]
     KesUpdate(KesPeriod),
 
     /// Period of key file does not match with period provided by user

diff --git a/mithril-common/src/test/crypto_helper/cardano/kes/setup.rs b/mithril-common/src/test/crypto_helper/cardano/kes/setup.rs
@@ -21,7 +21,7 @@ pub(crate) struct KesCryptographicMaterialForTest {
 /// Create KES cryptographic material for testing purposes.
 pub fn create_kes_cryptographic_material(
     party_idx: KesPartyIndexForTest,
-    kes_period: KesPeriod,
+    start_kes_period: KesPeriod,
     test_directory: &str,
 ) -> KesCryptographicMaterialForTest {
     let temp_dir = std::env::temp_dir()
@@ -31,16 +31,12 @@ pub fn create_kes_cryptographic_material(
     let keypair = ColdKeyGenerator::create_deterministic_keypair([party_idx as u8; 32]);
     let mut dummy_buffer = [0u8; Sum6Kes::SIZE + 4];
     let mut dummy_seed = [party_idx as u8; 32];
-    let (mut kes_secret_key, kes_verification_key) =
+    let (kes_secret_key, kes_verification_key) =
         Sum6Kes::keygen(&mut dummy_buffer, &mut dummy_seed);
-    for _ in 0..kes_period {
-        kes_secret_key
-            .update()
-            .expect("KES secret key update should not fail");
-    }
     let mut kes_bytes = Sum6KesBytes([0u8; Sum6Kes::SIZE + 4]);
     kes_bytes.0.copy_from_slice(&kes_secret_key.clone_sk());
-    let operational_certificate = OpCert::new(kes_verification_key, 0, 0, keypair);
+    let operational_certificate =
+        OpCert::new(kes_verification_key, 0, start_kes_period as u64, keypair);
     let kes_secret_key_file = temp_dir.join(format!("kes{party_idx}.skey"));
     kes_bytes
         .to_file(&kes_secret_key_file)

diff --git a/mithril-common/src/test/crypto_helper/cardano/kes/signer_fake.rs b/mithril-common/src/test/crypto_helper/cardano/kes/signer_fake.rs
@@ -63,7 +63,7 @@ impl KesSignerFake {
 }
 
 impl KesSigner for KesSignerFake {
-    fn sign(&self, message: &[u8], _kes_period: KesPeriod) -> KesSignatureResult {
+    fn sign(&self, message: &[u8], _current_kes_period: KesPeriod) -> KesSignatureResult {
         let mut messages = self.signed_messages.lock().unwrap();
         messages.push_back(message.to_vec());
 

diff --git a/mithril-signer/src/runtime/runner.rs b/mithril-signer/src/runtime/runner.rs
@@ -5,7 +5,7 @@ use thiserror::Error;
 use tokio::sync::RwLockReadGuard;
 
 use mithril_common::StdResult;
-use mithril_common::crypto_helper::{KesPeriod, OpCert, ProtocolOpCert, SerDeShelleyFileFormat};
+use mithril_common::crypto_helper::{OpCert, ProtocolOpCert, SerDeShelleyFileFormat};
 use mithril_common::entities::{
     Epoch, PartyId, ProtocolMessage, SignedEntityType, Signer, TimePoint,
 };
@@ -184,7 +184,7 @@ impl Runner for SignerRunner {
         let stake = stake_distribution
             .get(&self.services.single_signer.get_party_id())
             .ok_or_else(RunnerError::NoStakeForSelf)?;
-        let (operational_certificate, protocol_operational_certificate) = match &self
+        let (_operational_certificate, protocol_operational_certificate) = match &self
             .config
             .operational_certificate_path
         {
@@ -198,18 +198,7 @@ impl Runner for SignerRunner {
             }
             _ => (None, None),
         };
-
-        let kes_period = match operational_certificate {
-            Some(operational_certificate) => Some(
-                self.services
-                    .chain_observer
-                    .get_current_kes_period()
-                    .await?
-                    .unwrap_or_default()
-                    - operational_certificate.get_start_kes_period() as KesPeriod,
-            ),
-            None => None,
-        };
+        let kes_period = self.services.chain_observer.get_current_kes_period().await?;
 
         let protocol_initializer = self
             .services