You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
nonce_manager.py (PR #11) tracks nonces per (chain_id, address) for ECDSA-signed txs with reorg protection. Once the PQ envelope (issues #33, #34, #36) lands, the same agent address may sign txs under either ECDSA (today) or ML-DSA-65 (PQ envelope), and a malicious chain can serve a reorg in which the agent's pending PQ-signed tx is dropped and an ECDSA-signed replacement is re-mined at the same nonce.
The nonce manager needs to handle the dual-sig-scheme case so an agent never accidentally signs two different txs at the same nonce under different signature algorithms.
0x03 = hybrid (ECDSA + ML-DSA-65, both must verify)
Per-nonce mapping holds the signature_alg of the tx originally signed at that nonce. Reorg recovery refuses to re-sign at the same nonce with a different scheme tag without explicit operator override (--force-rebroadcast-alg).
New API: NonceManager.next_nonce(chain_id, address, alg) — atomic check-and-increment that asserts the scheme tag matches any pending tx at that nonce.
Storage migration: existing records auto-tagged 0x01 (ECDSA) on first read post-upgrade.
Acceptance Criteria
signature_alg field present in every nonce record
next_nonce() API rejects scheme-tag mismatch
Reorg test: PQ-signed tx dropped, ECDSA replacement at same nonce blocked without override
Hybrid mode reserved but not implemented (placeholder behind feature flag)
Test corpus covers all 3 scheme tags + the 6 cross-product combinations
Problem
nonce_manager.py(PR #11) tracks nonces per (chain_id, address) for ECDSA-signed txs with reorg protection. Once the PQ envelope (issues #33, #34, #36) lands, the same agent address may sign txs under either ECDSA (today) or ML-DSA-65 (PQ envelope), and a malicious chain can serve a reorg in which the agent's pending PQ-signed tx is dropped and an ECDSA-signed replacement is re-mined at the same nonce.The nonce manager needs to handle the dual-sig-scheme case so an agent never accidentally signs two different txs at the same nonce under different signature algorithms.
Proposed Approach
signature_algtag matching the PQ envelope'ssignature_algfield (per [PQ-1] Spec §11: PQ signatures — transcript, algorithm registry, wire format #34 spec):0x01= ECDSA-secp256k1 (today's default)0x02= ML-DSA-65 (post-PQ envelope landing)0x03= hybrid (ECDSA + ML-DSA-65, both must verify)signature_algof the tx originally signed at that nonce. Reorg recovery refuses to re-sign at the same nonce with a different scheme tag without explicit operator override (--force-rebroadcast-alg).NonceManager.next_nonce(chain_id, address, alg)— atomic check-and-increment that asserts the scheme tag matches any pending tx at that nonce.0x01(ECDSA) on first read post-upgrade.Acceptance Criteria
signature_algfield present in every nonce recordnext_nonce()API rejects scheme-tag mismatchReferences