What are the differences between “Generator” vs. “KeyState” approaches for contract key management in a single vs. multiple participant setting?
The Generator approach works in the setting “single maintainer, single participant node” whereas the KeyState approach works in the “single maintainer, multiple participant nodes” setting. As such, the usage restrictions are different.
Often, contracts have a single maintainer (e.g., an “operator” that wants to have unique user names for its users). In the simplest case, the maintainer party will be hosted on just one participant node. In this setting the Generator is the perfect fit to maintain keys.
In a case with Single Maintainer, Multiple Participants, ensuring uniqueness with multiple participants is more complicated, and adds more restrictions on how you operate on the contract. That’s where the KeyState approach is more relevant.
Note that the KeyState approach also works in the single maintainer, single participant setting,
As for the Generator approach, it would also work for a single maintainer hosted on multiple participants connected to a single sync domain as long as explicit disclosure is not used. Thus the KeyState approach is more recommended for this situation.
For more information about those two patterns and key management, please refer to the official documentation