Adding SECP keys for the validators

[SkidanovAlex]

For the "pessimistic" bridge we need validators to sign certain messages with SECP256K1 keys. Validators do not have such keys today, and here I propose one way to transition to a state in which validators do have the keys, and the keys are committed to on chain.

Step1: Adding the keys

1. Add a new field to the EpochInfo: validator_extra_keys: HashMap<AccountId, ValidatorExtraKeys>, where ValidatorExtraKeys is struct { secp_key: Option<SECP256K1PublicKey>, bls_key: Option<BLS12381PublicKey> }

2. Add a new action StakeAction2 { stake: Balance, public_key: ED25519PublicKey, secp_key: SECP256K1PublicKey, bls_key: BLS12381PublicKey }

   After this action, there’s all the information necessary to populate validator_extra_keys
   If the old StakeAction is used, the secp and bls keys are set to None.

3. To support the existing staking pools, that are built with the StakeAction, add a new action SetValidatorExtraKeys { account_id: AccountId, validator_key: ED25519PublicKey, secp_key: SECP256K1PublicKey, bls_key: BLS12381PublicKey, signature: ED25519Signature }

   When this action is executed, it locates an existing validators and validator proposals matching the account_id and validator_key, validates that the signature is a valid signature on all the fields excluding signature concatenated using the validator public key, and stores the secp key and the bls key in the epoch manager.

4. Update the tooling in nearcore to generate secp and bls keys when generating validator_info.json.

5. Add support for StakeAction2 into explorer and other tools. Note that this can be done before the upgrade, since before the upgrade the new enum variant will never be present.

Once the changes are made, the upgrade can initially just proceed by rolling out the new binary. We then work with the validators to issue SetValidatorKeys command. Post-upgrade we update the documentation to reflect the necessity of this step.

Step2: Adding the logic for the bridge

Once all the validators have provided the extra keys, we can roll out the change needed for the bridge. The change itself is outside of the scope of this discussion.

[ilblackdragon]

The missing piece is the need to update staking pool contract to use new staking action and all validators switching to the new version

[bowenwang1996]

Existing staking pools don't need to be updated (see step 3) above

[abacabadabacaba]

I think that it is too early to have BLS keys. We should wait until they become supported by Ethereum first.

[bowenwang1996]

Consolidated discussions in https://gov.near.org/t/add-secp-validator-key-to-enable-pessimistic-bridge/401