Add section on identity #35
Description
Nodes in Spacemesh have multiple personality disorder :) They each use multiple, distinct identities. Per @noamnelke (#22 (comment)):
We use 3 distinct keypairs:
For P2P auth - ephemeral, changes every time the node restarts, only used to encrypt communication with peers.
For mining - used for signing blocks, ATXs and hare messages, as well as generate eligibility proofs. We actually have two keypairs for mining using different signing schemes (ED vs. BLS) used for different purposes, but that's the topic for another discussion.
For wallets - used for signing transactions.
Keeping the p2p keypair separate from the others is a privacy enabling feature, since p2p IDs are considered not private - anyone on the network can tell the IP address of any p2p ID. While traffic analysis can help associate the two IDs, there are steps one can take to regain some privacy and we want to add more privacy enabling features in the future (e.g. dandelion).As an aside, we keep the wallet and node keypairs distinct by default because the security model of these two uses is very different. Stealing one's mining private key without their PoST data can enable disqualifying them in the worst case. With the PoST data, which is much harder to steal since it's huge, it can allow one to steal future revenue, but not covertly.
Stealing one's wallet private key, as you surely understand, allows taking away all of their savings. So while a miner's private key must be kept "hot", the wallet private key can and should be kept in cold storage.
I added the relevant P2P info here to the P2P doc. Consider creating a new doc to talk more about identity and the decision to use distinct keypairs for different purposes.