Contract Key management in Canton

Lucas_Allirol · April 24, 2025, 8:14am

What are the differences between “Generator” vs. “KeyState” approaches for contract key management in a single vs. multiple participant setting?

The Generator approach works in the setting “single maintainer, single participant node” whereas the KeyState approach works in the “single maintainer, multiple participant nodes” setting. As such, the usage restrictions are different.

Often, contracts have a single maintainer (e.g., an “operator” that wants to have unique user names for its users). In the simplest case, the maintainer party will be hosted on just one participant node. In this setting the Generator is the perfect fit to maintain keys.

In a case with Single Maintainer, Multiple Participants, ensuring uniqueness with multiple participants is more complicated, and adds more restrictions on how you operate on the contract. That’s where the KeyState approach is more relevant.

Note that the KeyState approach also works in the single maintainer, single participant setting,
As for the Generator approach, it would also work for a single maintainer hosted on multiple participants connected to a single sync domain as long as explicit disclosure is not used. Thus the KeyState approach is more recommended for this situation.

For more information about those two patterns and key management, please refer to the official documentation

Matteo_Limberto · April 29, 2025, 6:45pm

Hi @Lucas_Allirol,

You outline some of the differences in the paragraphs following the question you ask .

From a technical point of view, the Generator approach relies on a lookupByKey construct to perform conditional logic.

On the other hand, the KeyState approach uses just a fetchByKey and relies on the value of the boolean flag to execute conditional logic.

Because of this, the KeyState approach works a bit better for some of the scenarios you have outlined. On the other hand, it forces you to perform contract archives by calling KeyState_Deallocate instead of archiving the contract directly (unless the archival is followed by the immediate recreation of a contract with the same key k).

Hope this helps,
Matteo

Topic		Replies	Views
Generator contract workaround for unique keys & multiple domains Questions	2	155	July 4, 2022
Role of maintainers for Canton Contract Keys Questions canton , contract-keys	1	194	March 9, 2022
How are keys generated and managed in Canton? Questions canton , security	1	183	April 7, 2022
Submitting commands with contract key operations Questions	2	405	May 27, 2020
Uniqueness of a contract Key Questions	2	754	February 19, 2021

Contract Key management in Canton

Related topics