Skip to main content

Constitutional committee

Committee member cold credentials

Individuals or entities nominated as committee members must generate a cold credential, which can be either a public key (Ed25519) or a script. This cold credential serves as the primary identifier and is used to authorize a hot credential, which is used for voting.

The term 'cold' emphasizes that this credential is stored in a secure, offline environment, such as safeguarded USB drives, isolated computing machines, or other devices deliberately formatted and disconnected from the internet for enhanced security. Conversely, the term 'hot' indicates that this credential is slightly more exposed, as it is more frequently used for signing votes. New hot credentials can be authorized at any point, where a new authorization certificate overrides the previous one.

The most basic setup for a Constitutional Committee member is using Ed25519 keys. An Ed25519 key pair includes a private key and its corresponding public key. The private key is utilized to create digital signatures, while the public key is employed to verify those signatures. On this setup. the constitutional committee member would generate two sets of keys: cold and hot and issue an authorization certificate to link them.

Generate cold key pair:

cardano-cli conway governance committee key-gen-cold \
  --cold-verification-key-file cc-cold.vkey \
  --cold-signing-key-file cc-cold.skey

As usual, the ed25519 keys are wrapped on a text envelope:

{
    "type": "ConstitutionalCommitteeColdVerificationKey_ed25519",
    "description": "Constitutional Committee Cold Verification Key",
    "cborHex": "58201e2c2038e3466fdc7b8e1b302b15db28427adb5467b9df09e736e713d7371d04"
}
{
    "type": "ConstitutionalCommitteeColdSigningKey_ed25519",
    "description": "Constitutional Committee Cold Signing Key",
    "cborHex": "5820ffafa2978add44508e2d9d704faf54bccd41fad5f5c312b268c48d32a99c1099"
}

Generate the cold verification key hash:

cardano-cli conway governance committee key-hash \
  --verification-key-file cc-cold.vkey > cc-key.hash
cat cc-key.hash
89181f26b47c3d3b6b127df163b15b74b45bba7c3b7a1d185c05c2de

The key hash (or script hash) is what identifies the CC member on-chain and would be typically used in the update committee governance action that attempts to add or remove CC members.

Members of the Interim Constitutional Committee are required to share their Cold key hash or Cold script hash to be added to the Conway genesis file.

Generate Hot key pair:

After the Chang hardfork, members of the Interim Constitutional Committee are required to generate a hot key pair (or hot script) and submit an Authorization Certificate. This also applies to new Committee members appointed after the interim phase.

To generate a hot key-pair run the following command:

cardano-cli conway governance committee key-gen-hot \
  --verification-key-file cc-hot.vkey \
  --signing-key-file cc-hot.skey

Hot keys are also ed25519 keys wrapped on a text envelope:

{
    "type": "ConstitutionalCommitteeHotVerificationKey_ed25519",
    "description": "Constitutional Committee Hot Verification Key",
    "cborHex": "5820d206b8619a933a099e3190afe0a81cb485af66c3d9297f4b109da507ad5259c0"
}
{
    "type": "ConstitutionalCommitteeHotSigningKey_ed25519",
    "description": "Constitutional Committee Hot Signing Key",
    "cborHex": "5820727625958a2b484d6797cb00079cdf71199555ce1db67bd1a868665bac1099c8"
}

Generate the Authorization Certificate:

The Authorization Certificate allows the hot credential to act on behalf of the cold credential by signing transactions where votes are cast. If the hot credential is compromised at any point, the committee member must generate a new one and issue a new Authorization Certificate. A new Authorization Certificate registered on-chain overrides the previous one, effectively invalidating any votes signed by the old hot credential. This applies only to actions that have not yet been ratified. Actions that have been already ratified or enacted by the old hot credential are not affected.

cardano-cli conway governance committee create-hot-key-authorization-certificate \
  --cold-verification-key-file cc-cold.vkey \
  --hot-verification-key-file cc-hot.vkey \
  --out-file cc-authorization.cert
cat cc-authorization.cert 

{
    "type": "CertificateConway",
    "description": "Constitutional Committee Hot Key Registration Certificate",
    "cborHex": "830e8200581cb3745a0b5231017ab5c02ad45b55f4d50940fb127120455bcaedd53a8200581cdeaf2ae047657b1ad4094bb99664d160a7cd8c539b1ed3d44ffb8de9"
}

Submit the authorization certificate in a transaction:

cardano-cli conway transaction build \
  --tx-in "$(cardano-cli query utxo --address "$(< payment.addr)" --output-json | jq -r 'keys[0]')" \
  --change-address payment.addr \
  --certificate-file cc-authorization.cert \
  --witness-override 2 \
  --out-file tx.raw
cardano-cli conway transaction sign \
  --tx-body-file tx.raw \
  --signing-key-file payment.skey \
  --signing-key-file cc-cold.skey \
  --out-file tx.signed
cardano-cli conway transaction submit \
  --tx-file tx.signed