'%3e%3crect%20x='109.185'%20y='253.397'%20width='350.859'%20height='857.656'%20fill='white'/%3e%3cpath%20d='M274.77%20708.572H233.194V888.205H286.632C302.651%20888.205%20314.635%20883.711%20322.461%20875.088C330.287%20866.465%20334.322%20851.404%20334.322%20830.149V779.138C334.322%20752.539%20329.797%20734.2%20320.382%20723.997C310.966%20713.795%20295.681%20708.451%20274.77%20708.451V708.572Z'%20fill='%23FF5C00'/%3e%3cpath%20d='M310.966%20610.558C320.015%20601.206%20324.539%20585.295%20324.539%20563.19V530.518C324.539%20490.559%20308.887%20470.519%20277.705%20470.033H232.949V624.768H269.512C287.977%20624.768%20302.039%20619.91%20311.088%20610.436L310.966%20610.558Z'%20fill='%23FF5C00'/%3e%3cpath%20d='M277.582%200C124.362%200%200%20123.399%200%20275.704V1069.3C0%201221.48%20124.239%201345%20277.582%201345C430.803%201345%20555.165%201221.6%20555.165%201069.3V275.704C555.165%20123.52%20430.926%200%20277.582%200ZM426.523%20833.064C426.523%20878.367%20414.539%20912.739%20390.817%20936.423C375.898%20951.241%20356.7%20961.322%20333.221%20966.909V987.677C333.221%201002.5%20320.993%201014.64%20306.075%201014.64C291.156%201014.64%20278.805%201002.5%20278.805%20987.677V971.888H232.949V987.677C232.949%201002.5%20220.721%201014.64%20205.803%201014.64C190.884%201014.64%20178.655%201002.5%20178.655%20987.677V971.888H170.218C150.53%20971.888%20140.625%20962.05%20140.625%20942.496V415.743C140.625%20396.188%20150.53%20386.35%20170.218%20386.35H178.655V357.201C178.655%20342.383%20190.884%20330.238%20205.803%20330.238C220.721%20330.238%20232.949%20342.383%20232.949%20357.201V386.35H278.805V357.201C278.805%20342.383%20291.034%20330.238%20306.075%20330.238C321.115%20330.238%20333.221%20342.383%20333.221%20357.201V388.78C333.221%20389.994%20332.977%20391.087%20332.855%20392.18C354.499%20397.524%20371.863%20406.512%20384.703%20419.386C406.469%20441.491%20417.597%20475.377%20417.597%20521.045V544.364C417.597%20604.363%20397.42%20642.743%20357.556%20659.14V660.719C403.656%20676.265%20426.646%20717.074%20426.646%20782.782V833.064H426.523Z'%20fill='%23FF5C00'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_1_174'%3e%3crect%20width='555'%20height='1345'%20fill='white'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
- Block Signing
Elements supports a federated signing model, which allows you to specify the number of Strong Federation members that must sign a proposed block in order to produce a valid block.
Previously, and for ease of example, we have been creating blocks using the
generate command, which hasn't had to satisfy a multisignature requirement in order for the blocks created to be accepted by the network as valid.We'll be setting up our nodes to require 2-of-2 multisig block creation. This will be set up using the signblockscript parameter, which can be added to the config file or passed into the node on startup. To initialize a chain with this parameter, we first need to create a script that comprises the chain.
We'll do this by using some existing nodes, saving the data they output, and then wiping the chain so we can restart it using our signblockscript parameter. This is necessary because the script forms part of the network's consensus rules and must be set on-chain during the initialization process. It cannot be added to an existing chain at a later date.
We'll need access to two Elements nodes, which we will refer to as e1 and e2. The nodes have had their blockchains reset, and the default asset has been split between them.
Ensure that the con_max_block_sig_size parameter is set to a high value in your elements.conf file; otherwise, block signing will fail later on in this section. We have set con_max_block_sig_size to 2000 for this tutorial.
As we will be resetting our blockchain and wiping the wallets associated with e1 and e2, we will need to take a copy of the addresses, public keys, and private keys used to generate the block signing script, so we can use them later.
First, we need each of the block signing nodes to generate a new address, which you need to take a copy of.
e1-cli getnewaddress e2-cli getnewaddress
We then need to extract the public keys from the addresses and record them for later use.
e1-cli getaddressinfo <e1-address> e2-cli getaddressinfo <e2-address>
Then, extract the private keys, which we'll re-import later, so the nodes can sign the blocks after we re-initialize our blockchain and wallet data.
e1-cli dumpprivkey <e1-address> e2-cli dumpprivkey <e2-address>
Now we need to generate a redeem script with a 2-of-2 multi-signature requirement. We accomplish this by using the create-multisig command, passing the first parameter as 2, and then providing two public keys. It is these keys that ownership of needs proves later when the block is created.
Either node, e1 or e2, could generate the multisig.
e1-cli createmultisig 2 '["<e1-pubkey>", "<e2-pubkey>"]'
That gives us our redeem script, which you can copy for use later.
Now we need to wipe the existing blockchain and wallet data so we can start again with the new signblockscript as part of the chain's consensus rules. This is why we needed to take a copy of some of the data earlier, such as the private keys that will be used in the new chain to sign blocks. You must complete this step before proceeding.
With our existing wallet and chain data deleted, we can now start our nodes and have them initialize a new chain using the signblockscript parameter. Let's pass in -evbparams=dynafed:0::: to disable dynafed activation, because we don't need that advanced feature for this example.
e1-dae -signblockscript=<redeem-script> -evbparams=dynafed:0::: e2-dae -signblockscript=<redeem-script> -evbparams=dynafed:0:::
Now we need to import the private keys that we saved earlier so that our nodes can sign and help complete any proposed blocks.
e1-cli importprivkey <e1-priv-key> e2-cli importprivkey <e2-priv-key>
The use of the generate command should now error as it fails to meet the required block signing rules now enforced by our nodes.
e1-cli -generate 1
To propose a new block, either node can call the getnewblockhex command. This returns the hexadecimal representation of a new block that must be signed before it is accepted by any nodes on our network.
e1-cli getnewblockhex
Remember that the command just creates a proposed block; it doesn't generate one.
To confirm this, we can see that there are currently no blocks in our blockchain.
e1-cli getblockcount
If we try submitting the block hex without signing it first.
e1-cli submitblock <block-hex>
We receive a message indicating that the block proof is invalid. This is because it has not yet been signed by 2 of the required 2 parties.
So let's get e1 to sign the proposed block.
e1-cli signblock <block-hex>
Have e2 sign the hex.
e2-cli signblock <block-hex>
Notice that e2 does not sign the output created from e1 signing the proposed block. They both sign the proposed block hex independently of each other's results.
Now we need to combine the block signatures of e1 and e2. Either node can perform this action; all they need is the signed block hex from the other node.
e1-cli combineblocksigs <block-hex> '["<signed-hex-from-e1>", "<signed-hex-from-e2>"]'
You can see that the combineblocksigs command outputs the hex of the signed block, as well as a status of 'complete', indicating that the block hex is ready to be submitted.
Now, either node can submit the completed block hex. We'll have e1 do it.
e1-cli submitblock <combined-signed-hex>
Checking that the submission was a valid one.
e1-cli getblockcount e2-cli getblockcount
You can see that both e1 and e2 have accepted the block as valid and added it to the tip of their local copies of the blockchain.
To summarize the process. In this section, we have:
- Proposed a block.
- Had each node sign it.
- Combined the signatures.
- Checked that the signatures are valid and meet the chain's redeemscript threshold.
- Submitted the block.
Each node on the network validated the block and added it to its local copy of the blockchain.
Block Signing
Although the process initially appears complex, the sequence of block signing in Elements is always the same, and the initial setup needs to be performed only once:
- Initial setup (performed once)
- A multisignature address is created called
signblockscriptusing the public keys of Federated Block Signers. - The redeem script from this is used to start a new blockchain.
- Block production (ongoing)
- Proposed blocks are generated and exchanged for signing.
Once a threshold number of signatories have signed the proposed block, it is combined and submitted to the network. If it meets the criteria of the chain's
signblockscript, nodes accept it as a valid block.