KES
In Cardano, nodes use Key Evolving Signatures (KES). This is another asymmetric key cryptographic scheme, also relying on the use of public and private key pairs. These signature schemes provide forward cryptographic security, meaning that a compromised key does not make it easier for an adversary to forge a signature that allegedly had been signed in the past.
In KES, the public verification key stays constant, but the corresponding private key evolves incrementally. For this reason, KES signing keys are indexed by integers representing the step in the key's evolution. Since the private key evolves incrementally in a KES scheme, the ledger rules require the pool operators to evolve their keys every time a certain number of slots have passed. The details of when these keys are evolved are out of the scope of this document, and the reader is directed to the ledger spec.
Implementation and bindings
The Cardano compatible KES implementations are
- Haskell: Available in cardano-base
- Rust: Available in crates.io
The particular instantiation used in Cardano is of depth 6. An improvement on the representation of signatures is being worked on, and planned to be included in the next HF. This compact representation is available in both the Haskell library and the rust counterpart.
Note: The secret key representations of both libraries are not compatible. A padding strategy can be made to use Haskell generated data in Rust, but not vice-versa. To see this padding trick, you can look in the interoperability tests of the rust library.
Common mistakes
The main building block of KES is its underlying signature scheme, Ed25519. We refer the reader to the common mistakes section of Ed25519.