@aztec/validator-client 1.2.1 → 2.0.0-nightly.20250813

package/src/key_store/web3signer_key_store.ts

@@ -0,0 +1,195 @@
+import type { Buffer32 } from '@aztec/foundation/buffer';
+import { EthAddress } from '@aztec/foundation/eth-address';
+import { Signature } from '@aztec/foundation/eth-signature';
+
+import type { TypedDataDefinition } from 'viem';
+
+import type { ValidatorKeyStore } from './interface.js';
+
+/**
+ * Web3Signer Key Store
+ *
+ * An implementation of the Key store using Web3Signer remote signing service.
+ * This implementation uses the Web3Signer JSON-RPC API for secp256k1 signatures.
+ */
+export class Web3SignerKeyStore implements ValidatorKeyStore {
+  constructor(
+    private addresses: EthAddress[],
+    private baseUrl: string,
+  ) {}
+
+  /**
+   * Get the address of a signer by index
+   *
+   * @param index - The index of the signer
+   * @returns the address
+   */
+  public getAddress(index: number): EthAddress {
+    if (index >= this.addresses.length) {
+      throw new Error(`Index ${index} is out of bounds.`);
+    }
+    return this.addresses[index];
+  }
+
+  /**
+   * Get all addresses
+   *
+   * @returns all addresses
+   */
+  public getAddresses(): EthAddress[] {
+    return this.addresses;
+  }
+
+  /**
+   * Sign EIP-712 typed data with all keystore addresses
+   * @param typedData - The complete EIP-712 typed data structure (domain, types, primaryType, message)
+   * @return signatures
+   */
+  public async signTypedData(typedData: TypedDataDefinition): Promise<Signature[]> {
+    const signatures = await Promise.all(
+      this.addresses.map(address => this.makeJsonRpcSignTypedDataRequest(address, typedData)),
+    );
+    return signatures;
+  }
+
+  /**
+   * Sign EIP-712 typed data with a specific address
+   * @param address - The address of the signer to use
+   * @param typedData - The complete EIP-712 typed data structure (domain, types, primaryType, message)
+   * @returns signature for the specified address
+   * @throws Error if the address is not found in the keystore or signing fails
+   */
+  public async signTypedDataWithAddress(address: EthAddress, typedData: TypedDataDefinition): Promise<Signature> {
+    if (!this.addresses.some(addr => addr.equals(address))) {
+      throw new Error(`Address ${address.toString()} not found in keystore`);
+    }
+
+    return await this.makeJsonRpcSignTypedDataRequest(address, typedData);
+  }
+
+  /**
+   * Sign a message with all keystore addresses using EIP-191 prefix
+   *
+   * @param message - The message to sign
+   * @return signatures
+   */
+  public async signMessage(message: Buffer32): Promise<Signature[]> {
+    const signatures = await Promise.all(this.addresses.map(address => this.makeJsonRpcSignRequest(address, message)));
+    return signatures;
+  }
+
+  /**
+   * Sign a message with a specific address using EIP-191 prefix
+   * @param address - The address of the signer to use
+   * @param message - The message to sign
+   * @returns signature for the specified address
+   * @throws Error if the address is not found in the keystore or signing fails
+   */
+  public async signMessageWithAddress(address: EthAddress, message: Buffer32): Promise<Signature> {
+    if (!this.addresses.some(addr => addr.equals(address))) {
+      throw new Error(`Address ${address.toString()} not found in keystore`);
+    }
+    return await this.makeJsonRpcSignRequest(address, message);
+  }
+
+  /**
+   * Make a JSON-RPC sign request to Web3Signer using eth_sign
+   * @param address - The Ethereum address to sign with
+   * @param data - The data to sign
+   * @returns The signature
+   */
+  private async makeJsonRpcSignRequest(address: EthAddress, data: Buffer32): Promise<Signature> {
+    const url = this.baseUrl;
+
+    // Use JSON-RPC eth_sign method which automatically applies Ethereum message prefixing
+    const body = {
+      jsonrpc: '2.0',
+      method: 'eth_sign',
+      params: [
+        address.toString(), // Ethereum address as identifier
+        data.toString(), // Raw data to sign (eth_sign will apply Ethereum message prefix)
+      ],
+      id: 1,
+    };
+
+    const response = await fetch(url, {
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json',
+      },
+      body: JSON.stringify(body),
+    });
+
+    if (!response.ok) {
+      const errorText = await response.text();
+      throw new Error(`Web3Signer request failed: ${response.status} ${response.statusText} - ${errorText}`);
+    }
+
+    const result = await response.json();
+
+    // Handle JSON-RPC response format
+    if (result.error) {
+      throw new Error(`Web3Signer JSON-RPC error: ${result.error.code} - ${result.error.message}`);
+    }
+
+    if (!result.result) {
+      throw new Error('Invalid response from Web3Signer: no result found');
+    }
+
+    let signatureHex = result.result;
+
+    // Ensure the signature has the 0x prefix
+    if (!signatureHex.startsWith('0x')) {
+      signatureHex = '0x' + signatureHex;
+    }
+
+    // Parse the signature from the hex string
+    return Signature.fromString(signatureHex as `0x${string}`);
+  }
+
+  private async makeJsonRpcSignTypedDataRequest(
+    address: EthAddress,
+    typedData: TypedDataDefinition,
+  ): Promise<Signature> {
+    const url = this.baseUrl;
+
+    const body = {
+      jsonrpc: '2.0',
+      method: 'eth_signTypedData',
+      params: [address.toString(), JSON.stringify(typedData)],
+      id: 1,
+    };
+
+    const response = await fetch(url, {
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json',
+      },
+      body: JSON.stringify(body),
+    });
+
+    if (!response.ok) {
+      const errorText = await response.text();
+      throw new Error(`Web3Signer request failed: ${response.status} ${response.statusText} - ${errorText}`);
+    }
+
+    const result = await response.json();
+
+    if (result.error) {
+      throw new Error(`Web3Signer JSON-RPC error: ${result.error.code} - ${result.error.message}`);
+    }
+
+    if (!result.result) {
+      throw new Error('Invalid response from Web3Signer: no result found');
+    }
+
+    let signatureHex = result.result;
+
+    // Ensure the signature has the 0x prefix
+    if (!signatureHex.startsWith('0x')) {
+      signatureHex = '0x' + signatureHex;
+    }
+
+    return Signature.fromString(signatureHex as `0x${string}`);
+  }
+}

package/src/validator.ts

@@ -9,11 +9,12 @@ import { RunningPromise } from '@aztec/foundation/running-promise';
 import { sleep } from '@aztec/foundation/sleep';
 import { DateProvider, Timer } from '@aztec/foundation/timer';
 import type { P2P, PeerId } from '@aztec/p2p';
-import { TxCollector } from '@aztec/p2p';
+import { AuthRequest, AuthResponse, ReqRespSubProtocol, TxProvider } from '@aztec/p2p';
 import { BlockProposalValidator } from '@aztec/p2p/msg_validators';
 import { computeInHashFromL1ToL2Messages } from '@aztec/prover-client/helpers';
+import { Offense } from '@aztec/slasher';
 import {
-  Offense,
+  type SlasherConfig,
   WANT_TO_SLASH_EVENT,
   type WantToSlashArgs,
   type Watcher,
@@ -21,12 +22,7 @@ import {
 } from '@aztec/slasher/config';
 import type { L2BlockSource } from '@aztec/stdlib/block';
 import { getTimestampForSlot } from '@aztec/stdlib/epoch-helpers';
-import type {
-  IFullNodeBlockBuilder,
-  ITxCollector,
-  SequencerConfig,
-  SlasherConfig,
-} from '@aztec/stdlib/interfaces/server';
+import type { IFullNodeBlockBuilder, SequencerConfig } from '@aztec/stdlib/interfaces/server';
 import type { L1ToL2MessageSource } from '@aztec/stdlib/messaging';
 import type { BlockAttestation, BlockProposal, BlockProposalOptions } from '@aztec/stdlib/p2p';
 import { GlobalVariables, type ProposedBlockHeader, type StateReference, type Tx } from '@aztec/stdlib/tx';
@@ -41,11 +37,13 @@ import {
 import { type TelemetryClient, type Tracer, getTelemetryClient } from '@aztec/telemetry-client';
 
 import { EventEmitter } from 'events';
+import type { TypedDataDefinition } from 'viem';
 
 import type { ValidatorClientConfig } from './config.js';
 import { ValidationService } from './duties/validation_service.js';
 import type { ValidatorKeyStore } from './key_store/interface.js';
 import { LocalKeyStore } from './key_store/local_key_store.js';
+import { Web3SignerKeyStore } from './key_store/web3signer_key_store.js';
 import { ValidatorMetrics } from './metrics.js';
 
 // We maintain a set of proposers who have proposed invalid blocks.
@@ -84,20 +82,21 @@ export class ValidatorClient extends (EventEmitter as new () => WatcherEmitter)
   private previousProposal?: BlockProposal;
 
   private myAddresses: EthAddress[];
-  private lastEpoch: bigint | undefined;
+  private lastEpochForCommitteeUpdateLoop: bigint | undefined;
   private epochCacheUpdateLoop: RunningPromise;
 
   private blockProposalValidator: BlockProposalValidator;
-  private txCollector: ITxCollector;
-  private proposersOfInvalidBlocks: Set<EthAddress> = new Set();
 
-  constructor(
+  private proposersOfInvalidBlocks: Set<string> = new Set();
+
+  protected constructor(
     private blockBuilder: IFullNodeBlockBuilder,
     private keyStore: ValidatorKeyStore,
     private epochCache: EpochCache,
     private p2pClient: P2P,
     private blockSource: L2BlockSource,
     private l1ToL2MessageSource: L1ToL2MessageSource,
+    private txProvider: TxProvider,
     private config: ValidatorClientConfig &
       Pick<SequencerConfig, 'txPublicSetupAllowList'> &
       Pick<SlasherConfig, 'slashInvalidBlockEnabled' | 'slashInvalidBlockPenalty' | 'slashInvalidBlockMaxPenalty'>,
@@ -113,8 +112,6 @@ export class ValidatorClient extends (EventEmitter as new () => WatcherEmitter)
 
     this.blockProposalValidator = new BlockProposalValidator(epochCache);
 
-    this.txCollector = new TxCollector(p2pClient, this.log);
-
     // Refresh epoch cache every second to trigger alert if participation in committee changes
     this.myAddresses = this.keyStore.getAddresses();
     this.epochCacheUpdateLoop = new RunningPromise(this.handleEpochCommitteeUpdate.bind(this), log, 1000);
@@ -124,12 +121,12 @@ export class ValidatorClient extends (EventEmitter as new () => WatcherEmitter)
 
   private async handleEpochCommitteeUpdate() {
     try {
-      const { committee, epoch } = await this.epochCache.getCommittee('now');
+      const { committee, epoch } = await this.epochCache.getCommittee('next');
       if (!committee) {
         this.log.trace(`No committee found for slot`);
         return;
       }
-      if (epoch !== this.lastEpoch) {
+      if (epoch !== this.lastEpochForCommitteeUpdateLoop) {
         const me = this.myAddresses;
         const committeeSet = new Set(committee.map(v => v.toString()));
         const inCommittee = me.filter(a => committeeSet.has(a.toString()));
@@ -142,7 +139,7 @@ export class ValidatorClient extends (EventEmitter as new () => WatcherEmitter)
             `Validators ${me.map(a => a.toString()).join(', ')} are not on the validator committee for epoch ${epoch}`,
           );
         }
-        this.lastEpoch = epoch;
+        this.lastEpochForCommitteeUpdateLoop = epoch;
       }
     } catch (err) {
       this.log.error(`Error updating epoch committee`, err);
@@ -157,27 +154,40 @@ export class ValidatorClient extends (EventEmitter as new () => WatcherEmitter)
     p2pClient: P2P,
     blockSource: L2BlockSource,
     l1ToL2MessageSource: L1ToL2MessageSource,
+    txProvider: TxProvider,
     dateProvider: DateProvider = new DateProvider(),
     telemetry: TelemetryClient = getTelemetryClient(),
   ) {
-    if (!config.validatorPrivateKeys.getValue().length) {
-      throw new InvalidValidatorPrivateKeyError();
-    }
+    let keyStore: ValidatorKeyStore;
 
-    const privateKeys = config.validatorPrivateKeys.getValue().map(validatePrivateKey);
-    const localKeyStore = new LocalKeyStore(privateKeys);
+    if (config.web3SignerUrl) {
+      const addresses = config.web3SignerAddresses;
+      if (!addresses?.length) {
+        throw new Error('web3SignerAddresses is required when web3SignerUrl is provided');
+      }
+      keyStore = new Web3SignerKeyStore(addresses, config.web3SignerUrl);
+    } else {
+      const privateKeys = config.validatorPrivateKeys?.getValue().map(validatePrivateKey);
+      if (!privateKeys?.length) {
+        throw new InvalidValidatorPrivateKeyError();
+      }
+      keyStore = new LocalKeyStore(privateKeys);
+    }
 
     const validator = new ValidatorClient(
       blockBuilder,
-      localKeyStore,
+      keyStore,
       epochCache,
       p2pClient,
       blockSource,
       l1ToL2MessageSource,
+      txProvider,
       config,
       dateProvider,
       telemetry,
     );
+
+    // TODO(PhilWindle): This seems like it could/should be done inside start()
     validator.registerBlockProposalHandler();
     return validator;
   }
@@ -186,8 +196,8 @@ export class ValidatorClient extends (EventEmitter as new () => WatcherEmitter)
     return this.keyStore.getAddresses();
   }
 
-  public signWithAddress(addr: EthAddress, msg: Buffer32) {
-    return this.keyStore.signWithAddress(addr, msg);
+  public signWithAddress(addr: EthAddress, msg: TypedDataDefinition) {
+    return this.keyStore.signTypedDataWithAddress(addr, msg);
   }
 
   public configureSlashing(
@@ -207,15 +217,21 @@ export class ValidatorClient extends (EventEmitter as new () => WatcherEmitter)
 
     const myAddresses = this.keyStore.getAddresses();
 
-    const inCommittee = await this.epochCache.filterInCommittee(myAddresses);
+    const inCommittee = await this.epochCache.filterInCommittee('now', myAddresses);
     if (inCommittee.length > 0) {
       this.log.info(
-        `Started validator with addresses in current validator committee: ${inCommittee.map(a => a.toString()).join(', ')}`,
+        `Started validator with addresses in current validator committee: ${inCommittee
+          .map(a => a.toString())
+          .join(', ')}`,
       );
     } else {
       this.log.info(`Started validator with addresses: ${myAddresses.map(a => a.toString()).join(', ')}`);
     }
     this.epochCacheUpdateLoop.start();
+
+    this.p2pClient.registerThisValidatorAddresses(myAddresses);
+    await this.p2pClient.addReqRespSubProtocol(ReqRespSubProtocol.AUTH, this.handleAuthRequest.bind(this));
+
     return Promise.resolve();
   }
 
@@ -224,36 +240,48 @@ export class ValidatorClient extends (EventEmitter as new () => WatcherEmitter)
   }
 
   public registerBlockProposalHandler() {
-    const handler = (block: BlockProposal, proposalSender: PeerId): Promise<BlockAttestation[] | undefined> => {
-      return this.attestToProposal(block, proposalSender);
-    };
+    const handler = (block: BlockProposal, proposalSender: PeerId): Promise<BlockAttestation[] | undefined> =>
+      this.attestToProposal(block, proposalSender);
     this.p2pClient.registerBlockProposalHandler(handler);
   }
 
   async attestToProposal(proposal: BlockProposal, proposalSender: PeerId): Promise<BlockAttestation[] | undefined> {
-    const slotNumber = proposal.slotNumber.toNumber();
+    const slotNumber = proposal.slotNumber.toBigInt();
     const blockNumber = proposal.blockNumber;
     const proposer = proposal.getSender();
 
     // Check that I have any address in current committee before attesting
-    const inCommittee = await this.epochCache.filterInCommittee(this.keyStore.getAddresses());
+    const inCommittee = await this.epochCache.filterInCommittee(slotNumber, this.keyStore.getAddresses());
     const partOfCommittee = inCommittee.length > 0;
 
     const proposalInfo = {
-      slotNumber,
-      blockNumber,
+      ...proposal.toBlockInfo(),
       proposer: proposer.toString(),
-      archive: proposal.payload.archive.toString(),
-      txCount: proposal.payload.txHashes.length,
-      txHashes: proposal.payload.txHashes.map(txHash => txHash.toString()),
     };
-    this.log.info(`Received request to attest for slot ${slotNumber}`, proposalInfo);
+
+    this.log.info(`Received proposal for slot ${slotNumber}`, {
+      ...proposalInfo,
+      txHashes: proposal.txHashes.map(txHash => txHash.toString()),
+    });
+
+    // Collect txs from the proposal. Note that we do this before checking if we have an address in the
+    // current committee, since we want to collect txs anyway to facilitate propagation.
+    const { txs, missingTxs } = await this.txProvider.getTxsForBlockProposal(proposal, {
+      pinnedPeer: proposalSender,
+      deadline: this.getReexecutionDeadline(proposal, this.blockBuilder.getConfig()),
+    });
+
+    // Check that I have any address in current committee before attesting
+    if (!partOfCommittee) {
+      this.log.verbose(`No validator in the current committee, skipping attestation`, proposalInfo);
+      return undefined;
+    }
 
     // Check that the proposal is from the current proposer, or the next proposer.
     // Q: Should this be moved to the block proposal validator, so we disregard proposals from anyone?
     const invalidProposal = await this.blockProposalValidator.validate(proposal);
     if (invalidProposal) {
-      this.log.warn(`Proposal is not valid, skipping attestation`);
+      this.log.warn(`Proposal is not valid, skipping attestation`, proposalInfo);
       if (partOfCommittee) {
         this.metrics.incFailedAttestations(1, 'invalid_proposal');
       }
@@ -288,14 +316,13 @@ export class ValidatorClient extends (EventEmitter as new () => WatcherEmitter)
             );
 
       if (parentBlock === undefined) {
-        this.log.warn(`Parent block for ${blockNumber} not found, skipping attestation`);
-
+        this.log.warn(`Parent block for ${blockNumber} not found, skipping attestation`, proposalInfo);
         if (partOfCommittee) {
           this.metrics.incFailedAttestations(1, 'parent_block_not_found');
         }
-
         return undefined;
       }
+
       if (!proposal.payload.header.lastArchiveRoot.equals(parentBlock.archive.root)) {
         this.log.warn(`Parent block archive root for proposal does not match, skipping attestation`, {
           proposalLastArchiveRoot: proposal.payload.header.lastArchiveRoot.toString(),
@@ -309,22 +336,8 @@ export class ValidatorClient extends (EventEmitter as new () => WatcherEmitter)
       }
     }
 
-    // Collect txs from the proposal
-    const { missing, txs } = await this.txCollector.collectForBlockProposal(proposal, proposalSender);
-
-    // Check that all of the transactions in the proposal are available in the tx pool before attesting
-    if (missing && missing.length > 0) {
-      this.log.warn(`Missing ${missing.length}/${proposal.payload.txHashes.length} txs to attest to proposal`, {
-        ...proposalInfo,
-        missing,
-      });
-      if (partOfCommittee) {
-        this.metrics.incFailedAttestations(1, 'tx_not_available');
-      }
-      return undefined;
-    }
-
     // Check that I have the same set of l1ToL2Messages as the proposal
+    // Q: Same as above, should this be part of p2p validation?
     const l1ToL2Messages = await this.l1ToL2MessageSource.getL1ToL2Messages(blockNumber);
     const computedInHash = await computeInHashFromL1ToL2Messages(l1ToL2Messages);
     const proposalInHash = proposal.payload.header.contentCommitment.inHash;
@@ -340,8 +353,12 @@ export class ValidatorClient extends (EventEmitter as new () => WatcherEmitter)
       return undefined;
     }
 
-    if (!partOfCommittee) {
-      this.log.verbose(`No validator in the committee, skipping attestation`);
+    // Check that all of the transactions in the proposal are available in the tx pool before attesting
+    if (missingTxs.length > 0) {
+      this.log.warn(`Missing ${missingTxs.length} txs to attest to proposal`, { ...proposalInfo, missingTxs });
+      if (partOfCommittee) {
+        this.metrics.incFailedAttestations(1, 'TransactionsNotAvailableError');
+      }
       return undefined;
     }
 
@@ -384,11 +401,12 @@ export class ValidatorClient extends (EventEmitter as new () => WatcherEmitter)
    * @param proposal - The proposal to re-execute
    */
   async reExecuteTransactions(proposal: BlockProposal, txs: Tx[], l1ToL2Messages: Fr[]): Promise<void> {
-    const { header, txHashes } = proposal.payload;
+    const { header } = proposal.payload;
+    const { txHashes } = proposal;
 
     // If we do not have all of the transactions, then we should fail
     if (txs.length !== txHashes.length) {
-      const foundTxHashes = await Promise.all(txs.map(async tx => await tx.getTxHash()));
+      const foundTxHashes = txs.map(tx => tx.getTxHash());
       const missingTxHashes = txHashes.filter(txHash => !foundTxHashes.includes(txHash));
       throw new TransactionsNotAvailableError(missingTxHashes);
     }
@@ -444,13 +462,13 @@ export class ValidatorClient extends (EventEmitter as new () => WatcherEmitter)
       this.proposersOfInvalidBlocks.delete(this.proposersOfInvalidBlocks.values().next().value!);
     }
 
-    this.proposersOfInvalidBlocks.add(proposer);
+    this.proposersOfInvalidBlocks.add(proposer.toString());
 
     this.emit(WANT_TO_SLASH_EVENT, [
       {
         validator: proposer,
         amount: this.config.slashInvalidBlockPenalty,
-        offense: Offense.INVALID_BLOCK,
+        offense: Offense.BROADCASTED_INVALID_BLOCK_PROPOSAL,
       },
     ]);
   }
@@ -470,7 +488,8 @@ export class ValidatorClient extends (EventEmitter as new () => WatcherEmitter)
   public shouldSlash(args: WantToSlashArgs): Promise<boolean> {
     // note we don't check the offence here: we know this person is bad and we're willing to slash up to the max penalty.
     return Promise.resolve(
-      args.amount <= this.config.slashInvalidBlockMaxPenalty && this.proposersOfInvalidBlocks.has(args.validator),
+      args.amount <= this.config.slashInvalidBlockMaxPenalty &&
+        this.proposersOfInvalidBlocks.has(args.validator.toString()),
     );
   }
 
@@ -505,6 +524,13 @@ export class ValidatorClient extends (EventEmitter as new () => WatcherEmitter)
     await this.p2pClient.broadcastProposal(proposal);
   }
 
+  async collectOwnAttestations(proposal: BlockProposal): Promise<BlockAttestation[]> {
+    const slot = proposal.payload.header.slotNumber.toBigInt();
+    const inCommittee = await this.epochCache.filterInCommittee(slot, this.keyStore.getAddresses());
+    this.log.debug(`Collecting ${inCommittee.length} self-attestations for slot ${slot}`, { inCommittee });
+    return this.doAttestToProposal(proposal, inCommittee);
+  }
+
   async collectAttestations(proposal: BlockProposal, required: number, deadline: Date): Promise<BlockAttestation[]> {
     // Wait and poll the p2pClient's attestation pool for this block until we have enough attestations
     const slot = proposal.payload.header.slotNumber.toBigInt();
@@ -517,11 +543,9 @@ export class ValidatorClient extends (EventEmitter as new () => WatcherEmitter)
       throw new AttestationTimeoutError(0, required, slot);
     }
 
-    const proposalId = proposal.archive.toString();
-    // adds attestations for all of my addresses locally
-    const inCommittee = await this.epochCache.filterInCommittee(this.keyStore.getAddresses());
-    await this.doAttestToProposal(proposal, inCommittee);
+    await this.collectOwnAttestations(proposal);
 
+    const proposalId = proposal.archive.toString();
     const myAddresses = this.keyStore.getAddresses();
 
     let attestations: BlockAttestation[] = [];
@@ -559,6 +583,29 @@ export class ValidatorClient extends (EventEmitter as new () => WatcherEmitter)
     await this.p2pClient.addAttestations(attestations);
     return attestations;
   }
+
+  private async handleAuthRequest(peer: PeerId, msg: Buffer): Promise<Buffer> {
+    const authRequest = AuthRequest.fromBuffer(msg);
+    const statusMessage = await this.p2pClient.handleAuthRequestFromPeer(authRequest, peer).catch(_ => undefined);
+    if (statusMessage === undefined) {
+      return Buffer.alloc(0);
+    }
+
+    // Find a validator address that is in the set
+    const allRegisteredValidators = await this.epochCache.getRegisteredValidators();
+    const addressToUse = this.getValidatorAddresses().find(
+      address => allRegisteredValidators.find(v => v.equals(address)) !== undefined,
+    );
+    if (addressToUse === undefined) {
+      // We don't have a registered address
+      return Buffer.alloc(0);
+    }
+
+    const payloadToSign = authRequest.getPayloadToSign();
+    const signature = await this.keyStore.signMessageWithAddress(addressToUse, payloadToSign);
+    const authResponse = new AuthResponse(statusMessage, signature);
+    return authResponse.toBuffer();
+  }
 }
 
 function validatePrivateKey(privateKey: string): Buffer32 {