NNS Updates: Nov 1, 2024

The NNS Team submitted the following proposals. DFINITY plans to vote on these proposals the following Monday.

Registry: https://dashboard.internetcomputer.org/proposal/133905
SNS-W: https://dashboard.internetcomputer.org/proposal/133906
SNS Ledger Index: https://dashboard.internetcomputer.org/proposal/133907
SNS Ledger: https://dashboard.internetcomputer.org/proposal/133908
SNS Ledger Archive: https://dashboard.internetcomputer.org/proposal/133909

Proposals to be Submitted

NNS Registry

# Upgrade the Registry Canister to Commit d265b13

__Proposer__: maximilian.summe at dfinity.org

__Source code__: [d265b130647f04aa25909ec1fbb8294ce0139d1c][new-commit]

[new-commit]: https://github.com/dfinity/ic/tree/d265b130647f04aa25909ec1fbb8294ce0139d1c

## New Commits

```
$ git log --format="%C(auto) %h %s" 4bed17bfc82cddc5691743db6228992cdc2740f4..d265b130647f04aa25909ec1fbb8294ce0139d1c --  ./rs/registry/canister
 b579d94bef feat: Remove caller restrictions get_changes_since endpoint (#2257)
 39f67a6282 feat(crypto): CRP-2609 Introduce master key ID variant for vetKD (#2108)
```


## Current Version

__Current git hash__: 4bed17bfc82cddc5691743db6228992cdc2740f4

__Current wasm hash__: d5c963c7ec0bbe701d50cc72116bb22988846641f4e912ef58a36eea7d787397


## Verification

See the general instructions on [how to verify] proposals like this. A "quick
start" guide is provided here.

[how to verify]: https://github.com/dfinity/ic/tree/d265b130647f04aa25909ec1fbb8294ce0139d1c/rs/nervous_system/docs/proposal_verification.md


### WASM Verification

See ["Building the code"][prereqs] for prerequisites.

[prereqs]: https://github.com/dfinity/ic/tree/d265b130647f04aa25909ec1fbb8294ce0139d1c/README.adoc#building-the-code

```
# 1. Get a copy of the code.
git clone git@github.com:dfinity/ic.git
cd ic
# Or, if you already have a copy of the ic repo,
git fetch
git checkout d265b130647f04aa25909ec1fbb8294ce0139d1c

# 2. Build canisters.
./ci/container/build-ic.sh -c

# 3. Fingerprint the result.
sha256sum ./artifacts/canisters/registry-canister.wasm.gz
```

This should match `wasm_module_hash` field of this proposal.

SNS-W

# Upgrade the Sns-wasm Canister to Commit d265b13

__Proposer__: maximilian.summe at dfinity.org

__Source code__: [d265b130647f04aa25909ec1fbb8294ce0139d1c][new-commit]

[new-commit]: https://github.com/dfinity/ic/tree/d265b130647f04aa25909ec1fbb8294ce0139d1c

## New Commits

```
$ git log --format="%C(auto) %h %s" c494c2af8bfc70a6501448dc73bf806477388738..d265b130647f04aa25909ec1fbb8294ce0139d1c --  ./rs/nns/sns-wasm ./rs/sns/init
 d265b13064 chore(sns): Set `INITIAL_CANISTER_CREATION_CYCLES` to 3T (#2328)
 5c85e7d457 feat(sns): Make SNS-W create new Swaps with SNS Root as a controller (in addition to NNS Root) (#2286)
 c0b2ec6580 chore(sns): Rename sale → swap in various places. (#2267)
 aa91ecacdf feat(sns): Add `SnsRoot.reset_timers` (#2216)
 18fdb88272 refactor(nns): Remove dfn_candid from test_utils, simplify method (#2196)
```


## Current Version

__Current git hash__: c494c2af8bfc70a6501448dc73bf806477388738

__Current wasm hash__: 18fa2612dd51837d8f54769761b421627826fa1e19bb3a788ea6ffa8bd59f7b8


## Verification

See the general instructions on [how to verify] proposals like this. A "quick
start" guide is provided here.

[how to verify]: https://github.com/dfinity/ic/tree/d265b130647f04aa25909ec1fbb8294ce0139d1c/rs/nervous_system/docs/proposal_verification.md


### WASM Verification

See ["Building the code"][prereqs] for prerequisites.

[prereqs]: https://github.com/dfinity/ic/tree/d265b130647f04aa25909ec1fbb8294ce0139d1c/README.adoc#building-the-code

```
# 1. Get a copy of the code.
git clone git@github.com:dfinity/ic.git
cd ic
# Or, if you already have a copy of the ic repo,
git fetch
git checkout d265b130647f04aa25909ec1fbb8294ce0139d1c

# 2. Build canisters.
./ci/container/build-ic.sh -c

# 3. Fingerprint the result.
sha256sum ./artifacts/canisters/sns-wasm-canister.wasm.gz
```

This should match `wasm_module_hash` field of this proposal.

Publish SNS Ledger Archive

# Publish SNS Archive WASM Built at Commit e54d3fa

__Proposer__: maximilian.summe at dfinity.org

__Source code__: [e54d3fa34ded227c885d04e64505fa4b5d564743][new-commit]

[new-commit]: https://github.com/dfinity/ic/tree/e54d3fa34ded227c885d04e64505fa4b5d564743


## New Commits

```
$ git log --format="%C(auto) %h %s" d4ee25b0865e89d3eaac13a60f0016d5e3296b31..e54d3fa34ded227c885d04e64505fa4b5d564743 --  ./rs/ledger_suite/icrc1
 44287b5f6b chore: Update mainnet-canisters.json (#2053)
 b98f0feed2 feat(ICRC-ledger): FI-1532: Check for incompatible downgrade in ICRC ledger (#2019)
 8241eb95e0 test(ICRC_ledger): FI-1522: Fix and tune golden state tests (#1952)
 194ae6e570 test(ICP_ledger): FI-1387: Add transaction generation to ICP ledger suite golden state test (#1901)
 0a6d829cdd feat(tests): add test target generation to rust_canbench rule (#1347)
 fcbc91f0a5 chore: update `ic-cdk` to 0.16.0 (#1868)
 29ce5edf1e test(ICRC_ledger): FI-1455: Upgrade index canisters in ICRC golden state tests (#1842)
 d79f252c9a test(ICRC_ledger): FI-1455: Fix ICRC SNS golden state test (#1840)
 d1db89ed78 feat(ICRC-ledger): FI-1435: Implement V2 for ICRC ledger - use memory manager during upgrade (#1414)
 6dcfafb491 feat(ICP-Ledger): FI-1433: Implement V1 for ICP ledger - add ability to read from memory manager in post_upgrade (#1020)
 b886416ae6 fix(Ledger-Suite): changed IC version (#1839)
 4eca90d6ec chore(Rosetta): FI-1512 move rosetta dependencies (#1801)
 072c341970 refactor(ICRC_ledger): FI-1455: Refactor ICRC ledger golden state test (#1809)
 1d41511cdf test(ICRC_ledger): FI-1397: Add ledger state comparisons between upgrades (#1694)
 6dae2daa18 test(ICP_ledger): FI-1491: Add tests for existing ledger behavior regarding the anonymous principal (#1550)
 3bbabefb70 chore(Ledger-Suite): FI-1502 move icp and icrc ledger suites (#1682)
```


## Wasm Verification

See the general instructions on [how to verify] proposals like this. A "quick
start" guide is provided here.

[how to verify]: https://github.com/dfinity/ic/tree/e54d3fa34ded227c885d04e64505fa4b5d564743/rs/nervous_system/docs/proposal_verification.md

See ["Building the code"][prereqs] for prerequisites.

[prereqs]: https://github.com/dfinity/ic/tree/e54d3fa34ded227c885d04e64505fa4b5d564743/README.adoc#building-the-code

```
# 1. Get a copy of the code.
git clone git@github.com:dfinity/ic.git
cd ic
# Or, if you already have a copy of the ic repo,
git fetch
git checkout e54d3fa34ded227c885d04e64505fa4b5d564743

# 2. Build canisters.
./ci/container/build-ic.sh -c

# 3. Fingerprint the result.
sha256sum ./artifacts/canisters/ic-icrc1-archive.wasm.gz
```

This should match `wasm` field of this proposal.

Publish SNS Ledger Index

# Publish SNS Index WASM Built at Commit e54d3fa

__Proposer__: maximilian.summe at dfinity.org

__Source code__: [e54d3fa34ded227c885d04e64505fa4b5d564743][new-commit]

[new-commit]: https://github.com/dfinity/ic/tree/e54d3fa34ded227c885d04e64505fa4b5d564743


## New Commits

```
$ git log --format="%C(auto) %h %s" d4ee25b0865e89d3eaac13a60f0016d5e3296b31..e54d3fa34ded227c885d04e64505fa4b5d564743 --  ./rs/ledger_suite/icrc1
 44287b5f6b chore: Update mainnet-canisters.json (#2053)
 b98f0feed2 feat(ICRC-ledger): FI-1532: Check for incompatible downgrade in ICRC ledger (#2019)
 8241eb95e0 test(ICRC_ledger): FI-1522: Fix and tune golden state tests (#1952)
 194ae6e570 test(ICP_ledger): FI-1387: Add transaction generation to ICP ledger suite golden state test (#1901)
 0a6d829cdd feat(tests): add test target generation to rust_canbench rule (#1347)
 fcbc91f0a5 chore: update `ic-cdk` to 0.16.0 (#1868)
 29ce5edf1e test(ICRC_ledger): FI-1455: Upgrade index canisters in ICRC golden state tests (#1842)
 d79f252c9a test(ICRC_ledger): FI-1455: Fix ICRC SNS golden state test (#1840)
 d1db89ed78 feat(ICRC-ledger): FI-1435: Implement V2 for ICRC ledger - use memory manager during upgrade (#1414)
 6dcfafb491 feat(ICP-Ledger): FI-1433: Implement V1 for ICP ledger - add ability to read from memory manager in post_upgrade (#1020)
 b886416ae6 fix(Ledger-Suite): changed IC version (#1839)
 4eca90d6ec chore(Rosetta): FI-1512 move rosetta dependencies (#1801)
 072c341970 refactor(ICRC_ledger): FI-1455: Refactor ICRC ledger golden state test (#1809)
 1d41511cdf test(ICRC_ledger): FI-1397: Add ledger state comparisons between upgrades (#1694)
 6dae2daa18 test(ICP_ledger): FI-1491: Add tests for existing ledger behavior regarding the anonymous principal (#1550)
 3bbabefb70 chore(Ledger-Suite): FI-1502 move icp and icrc ledger suites (#1682)
```


## Wasm Verification

See the general instructions on [how to verify] proposals like this. A "quick
start" guide is provided here.

[how to verify]: https://github.com/dfinity/ic/tree/e54d3fa34ded227c885d04e64505fa4b5d564743/rs/nervous_system/docs/proposal_verification.md

See ["Building the code"][prereqs] for prerequisites.

[prereqs]: https://github.com/dfinity/ic/tree/e54d3fa34ded227c885d04e64505fa4b5d564743/README.adoc#building-the-code

```
# 1. Get a copy of the code.
git clone git@github.com:dfinity/ic.git
cd ic
# Or, if you already have a copy of the ic repo,
git fetch
git checkout e54d3fa34ded227c885d04e64505fa4b5d564743

# 2. Build canisters.
./ci/container/build-ic.sh -c

# 3. Fingerprint the result.
sha256sum ./artifacts/canisters/ic-icrc1-index-ng.wasm.gz
```

This should match `wasm` field of this proposal.

Publish SNS Ledger

# Publish SNS Ledger WASM Built at Commit e54d3fa

__Proposer__: maximilian.summe at dfinity.org

__Source code__: [e54d3fa34ded227c885d04e64505fa4b5d564743][new-commit]

[new-commit]: https://github.com/dfinity/ic/tree/e54d3fa34ded227c885d04e64505fa4b5d564743


## New Commits

```
$ git log --format="%C(auto) %h %s" d4ee25b0865e89d3eaac13a60f0016d5e3296b31..e54d3fa34ded227c885d04e64505fa4b5d564743 --  ./rs/ledger_suite/icrc1 ./rs/ledger_suite/common/ledger_core ./rs/ledger_suite/common/ledger_canister_core
 44287b5f6b chore: Update mainnet-canisters.json (#2053)
 b98f0feed2 feat(ICRC-ledger): FI-1532: Check for incompatible downgrade in ICRC ledger (#2019)
 8241eb95e0 test(ICRC_ledger): FI-1522: Fix and tune golden state tests (#1952)
 194ae6e570 test(ICP_ledger): FI-1387: Add transaction generation to ICP ledger suite golden state test (#1901)
 0a6d829cdd feat(tests): add test target generation to rust_canbench rule (#1347)
 fcbc91f0a5 chore: update `ic-cdk` to 0.16.0 (#1868)
 29ce5edf1e test(ICRC_ledger): FI-1455: Upgrade index canisters in ICRC golden state tests (#1842)
 d79f252c9a test(ICRC_ledger): FI-1455: Fix ICRC SNS golden state test (#1840)
 d1db89ed78 feat(ICRC-ledger): FI-1435: Implement V2 for ICRC ledger - use memory manager during upgrade (#1414)
 6dcfafb491 feat(ICP-Ledger): FI-1433: Implement V1 for ICP ledger - add ability to read from memory manager in post_upgrade (#1020)
 b886416ae6 fix(Ledger-Suite): changed IC version (#1839)
 4eca90d6ec chore(Rosetta): FI-1512 move rosetta dependencies (#1801)
 072c341970 refactor(ICRC_ledger): FI-1455: Refactor ICRC ledger golden state test (#1809)
 1d41511cdf test(ICRC_ledger): FI-1397: Add ledger state comparisons between upgrades (#1694)
 6dae2daa18 test(ICP_ledger): FI-1491: Add tests for existing ledger behavior regarding the anonymous principal (#1550)
 3bbabefb70 chore(Ledger-Suite): FI-1502 move icp and icrc ledger suites (#1682)
```


## Wasm Verification

See the general instructions on [how to verify] proposals like this. A "quick
start" guide is provided here.

[how to verify]: https://github.com/dfinity/ic/tree/e54d3fa34ded227c885d04e64505fa4b5d564743/rs/nervous_system/docs/proposal_verification.md

See ["Building the code"][prereqs] for prerequisites.

[prereqs]: https://github.com/dfinity/ic/tree/e54d3fa34ded227c885d04e64505fa4b5d564743/README.adoc#building-the-code

```
# 1. Get a copy of the code.
git clone git@github.com:dfinity/ic.git
cd ic
# Or, if you already have a copy of the ic repo,
git fetch
git checkout e54d3fa34ded227c885d04e64505fa4b5d564743

# 2. Build canisters.
./ci/container/build-ic.sh -c

# 3. Fingerprint the result.
sha256sum ./artifacts/canisters/ic-icrc1-ledger.wasm.gz
```

This should match `wasm` field of this proposal.
1 Like

Proposal #133905

Vote: Adopted
Reason: Builds fine and the hash matches, as do the two listed commits.

Review:

b579d94bef feat: Remove caller restrictions get_changes_since endpoint (#2257)
The get_changes_since function is designed to verify if the caller is authorized to make the request based on their principal class. The function allows only self-authenticating and anonymous principals to proceed, and it returns an authorization error if any other principal type attempts to call it. This restriction is now removed and the simplified test_allow_opaque_caller test is now used.

39f67a6282 feat(crypto): CRP-2609 Introduce master key ID variant for vetKD (#2108)
The first step for the vetKeys feature. The description is very detailed and precise.
The vetkd_curve_round_trip test function performs a “round-trip” test on VetKdCurve to verify that converting a VetKdCurve instance to a String and then parsing it back results in the original value.
While the vetkd_key_id_round_trip function is a comprehensive test that verifies round-trip serialization and deserialization of VetKdKeyId instances. It covers a range of possible name values for each VetKdCurve variant, ensuring that the VetKdKeyId structure can handle different inputs consistently and correctly.

3 Likes

proposal - 133905

Vote: ADOPT

Reason:

Very few commits with very little impact on mainnet. First changes to VetKeys as seen here and proposal 133900. Don’t have any concerns from the code reviewed and the build matches hash.

Hash Match: MATCH

Feedback: NONE

Proposer Check: MATCH

Overall Summary:

We’re beginning to see the VetKeys changes implemented. Everything remains backward-compatible, with more updates likely on the way.

Commits

b579d94bef
The main changes include allowing opaque callers for the get_changes_since function in the registry canister, which removes previous authorization restrictions.

The get_changes_since function is a read-only operation, designed to retrieve registry changes from a specified version onward, without performing any mutations or modifications.

39f67a6282
Much the same as the previous commit in proposal 133900. I duplicated that review here, adding a brief check for any differences. All changes appear identical; see the review below.

These are the fun VetKey changes for end to end encryption on the IC. This is the start and more changes are to come. This code introduces a preliminary structure to integrate vetKD (vetKeys) by adding a new variant, VetKd, to the MasterPublicKeyId type used in registry configurations and management canister types. It updates KeyConfig, ChainKeyConfig, and relevant APIs, enabling future support.

3 Likes

Proposal 133905

Vote: ADOPT

Reason:
Build successful and hashes match. Commit messages specially in the first commit are very good and descriptive and match the actual changes in the code.

[b579d94bef]: Removes the caller restrictions to access the get_changes_since endpoint. Previously the only allowed callers were self-authenticating and anonymous principals. The test test_disallow_opaque_caller was adapted accordingly.

[39f67a6282]: Adds a variant for vetKD in the MasterPublicKeyId type as a first step for the vetKeys feature.

  1. The Protobuf registry definition now includes the variant VetKdKeyId vetkd on the MasterPublicKeyId, supporting VetKdCurve with an unspecified and Bls12_381_G2 curve.
  2. Registry Canister API (registry.did) the same variable is added to the type MasterPublicKeyId as VetKd : VetKdKeyId with the same curves except undefined making the variant bls12_381_g2 unique here.
  3. The registry changes keep backwards compatibility since MasterPublicKeyId remains optional within the field key_id inside the KeyConfig type which is inline with the Can I add a variant alternative? argumentation provided in the commit message.
  4. Updating the message MasterPublicKeyId’s oneof also keeps backwards compatibility as verified in the Updating a message type: best practices since the old fields kept their default values which means that messages generated by old code can still be parsed by the new code and vice-versa.
  5. Consensus tests related to pre-signatures are adapted to panic because vetKD doesn’t have pre-signatures, e.g MasterPublicKeyId::VetKd(_) => panic!("not applicable to vetKD").
2 Likes

Proposal #133905

Hash reproduced:


No args and install mode is correct.

Review

  1. Removed Authorization Check: Dropped caller restrictions in get_changes_since, allowing broader access.
  2. Added VetKd Key Support: Introduced VetKd variant in MasterPublicKeyId with supporting types and test placeholder.

Voted yes.

2 Likes

Proposal 133905

Vote: ADOPT
Reason: Build is successful and hashes match, I’ve checked all commits in this release and they match their descriptions, therefore I’ve voted to adopt.

Screenshot 2024-11-05 224152

Reviews

b579d94bef Removed caller check in get_changes_since method which only allowed anonymous or self authenticating principals to use the endpoint and modified a test accordingly.

39f67a6282 This commit’s changes have already been reviewed as part of proposal 133900. Added Vetkd variant to KeyId enum of MasterPublicKeyId and modified signer component to ignore vetkey pre signature requests as they aren’t required. There isn’t much in terms of new functionality as this commit is just initial scaffholding that is required to implement the feature.

1 Like