Skip to content

Enable parachain AD on AH, PC and YAP#12489

Open
sandreim wants to merge 80 commits into
masterfrom
sandrem/enable-AD-on-system-chains
Open

Enable parachain AD on AH, PC and YAP#12489
sandreim wants to merge 80 commits into
masterfrom
sandrem/enable-AD-on-system-chains

Conversation

@sandreim

@sandreim sandreim commented Jun 26, 2026

Copy link
Copy Markdown
Contributor

Adds Authority Discovery support for test Parachains.

TODO:

  • Operator notes in PRDoc

sandreim and others added 30 commits April 24, 2026 19:00
Signed-off-by: Andrei Sandu <andrei-mihail@parity.io>
Signed-off-by: Andrei Sandu <andrei-mihail@parity.io>
Signed-off-by: Andrei Sandu <andrei-mihail@parity.io>
Signed-off-by: Andrei Sandu <andrei-mihail@parity.io>
# Conflicts:
#	.github/zombienet-tests/zombienet_cumulus_tests.yml
Signed-off-by: Andrei Sandu <andrei-mihail@parity.io>
Signed-off-by: Andrei Sandu <andrei-mihail@parity.io>
Signed-off-by: Andrei Sandu <andrei-mihail@parity.io>
Signed-off-by: Andrei Sandu <andrei-mihail@parity.io>
Signed-off-by: Andrei Sandu <andrei-mihail@parity.io>
# Conflicts:
#	.github/zombienet-tests/zombienet_cumulus_tests.yml
#	Cargo.lock
#	cumulus/zombienet/zombienet-sdk/Cargo.toml
Signed-off-by: Andrei Sandu <andrei-mihail@parity.io>
Signed-off-by: Andrei Sandu <andrei-mihail@parity.io>
Signed-off-by: Andrei Sandu <andrei-mihail@parity.io>
Signed-off-by: Andrei Sandu <andrei-mihail@parity.io>
Signed-off-by: Andrei Sandu <andrei-mihail@parity.io>
Signed-off-by: Andrei Sandu <andrei-mihail@parity.io>
Signed-off-by: Andrei Sandu <andrei-mihail@parity.io>
Signed-off-by: Andrei Sandu <andrei-mihail@parity.io>
Signed-off-by: Andrei Sandu <andrei-mihail@parity.io>
.
Signed-off-by: Andrei Sandu <andrei-mihail@parity.io>
Signed-off-by: Andrei Sandu <andrei-mihail@parity.io>
@sandreim sandreim added T4-runtime_API This PR/Issue is related to runtime APIs. T10-tests This PR/Issue is related to tests. labels Jun 26, 2026
sandreim added 2 commits June 26, 2026 18:49
Signed-off-by: Andrei Sandu <andrei-mihail@parity.io>
Signed-off-by: Andrei Sandu <andrei-mihail@parity.io>
@paritytech-review-bot paritytech-review-bot Bot requested a review from a team June 26, 2026 15:52
@sandreim

Copy link
Copy Markdown
Contributor Author

/cmd fmt

github-actions Bot and others added 5 commits June 26, 2026 18:21
Signed-off-by: Andrei Sandu <andrei-mihail@parity.io>
…ytech/polkadot-sdk into sandrem/enable-AD-on-system-chains
Signed-off-by: Andrei Sandu <andrei-mihail@parity.io>
Signed-off-by: Andrei Sandu <andrei-mihail@parity.io>
@sandreim

Copy link
Copy Markdown
Contributor Author

/cmd fmt

@paritytech-workflow-stopper

Copy link
Copy Markdown

All GitHub workflows were cancelled due to failure one of the required jobs.
Failed workflow url: https://github.com/paritytech/polkadot-sdk/actions/runs/28382278849
Failed job name: check-runtime-compatibility

@sandreim sandreim removed the request for review from a team June 29, 2026 15:45
Signed-off-by: Andrei Sandu <andrei-mihail@parity.io>
Comment on lines +74 to +79
/// Derive an [`sp_authority_discovery::AuthorityId`] from an [`AuraId`] by reusing the
/// underlying sr25519 public key bytes. Used in genesis config presets so collators can
/// reuse their Aura keystore secret for authority-discovery until they rotate.
pub fn authority_discovery_id_from_aura(aura: AuraId) -> sp_authority_discovery::AuthorityId {
sp_core::sr25519::Public::from(aura).into()
}

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't get why we need this function at all? Because you change the genesis code to also generate a key for authority discovery?

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, this is only done for genesis.

Comment thread cumulus/parachains/common/src/ad_migration.rs Outdated
Comment thread cumulus/parachains/common/src/ad_migration.rs Outdated
Comment on lines +96 to +98
let aura_raw: [u8; 32] = sp_core::sr25519::Public::from(aura.clone()).0;
let hash = sp_io::hashing::blake2_256(&aura_raw);
sp_core::sr25519::Public::from_raw(hash).into()

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
let aura_raw: [u8; 32] = sp_core::sr25519::Public::from(aura.clone()).0;
let hash = sp_io::hashing::blake2_256(&aura_raw);
sp_core::sr25519::Public::from_raw(hash).into()
sp_core::sr25519::Public::from_raw([0; 32]).into()

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is what I initially wanted to do, but then decided not to because the all-zero 32 bytes is the canonical encoding of the Ristretto identity, and I also checked and schnorrkel accepts it as a valid pubkey. As far as I can tell tehre is nothing on the node side that filters it out, so attackers can forge and basically publish bogus addresses that other collators resolve.

If we change to zero here, we need to change the AD worker to ignore it.

@skunert skunert self-requested a review June 30, 2026 11:48
sandreim added 4 commits June 30, 2026 16:01
Signed-off-by: Andrei Sandu <andrei-mihail@parity.io>
Signed-off-by: Andrei Sandu <andrei-mihail@parity.io>
Signed-off-by: Andrei Sandu <andrei-mihail@parity.io>
Signed-off-by: Andrei Sandu <andrei-mihail@parity.io>
@lexnv lexnv self-requested a review June 30, 2026 14:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

T4-runtime_API This PR/Issue is related to runtime APIs. T10-tests This PR/Issue is related to tests.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants