From 6d75b69a5c937814b700a830045bdb710a5c8f67 Mon Sep 17 00:00:00 2001 From: Aleksandr Bezobchuk Date: Mon, 30 Jul 2018 11:16:33 -0400 Subject: [PATCH 01/17] Initial ADR directory, templates, and ADR 001 --- docs/architecture/README.md | 27 ++++++++++++ docs/architecture/adr-001-signed-messages.md | 43 ++++++++++++++++++++ docs/architecture/adr.template.md | 43 ++++++++++++++++++++ 3 files changed, 113 insertions(+) create mode 100644 docs/architecture/README.md create mode 100644 docs/architecture/adr-001-signed-messages.md create mode 100644 docs/architecture/adr.template.md diff --git a/docs/architecture/README.md b/docs/architecture/README.md new file mode 100644 index 000000000..e2c46f647 --- /dev/null +++ b/docs/architecture/README.md @@ -0,0 +1,27 @@ +# Architecture Decision Records (ADR) + +This is a location to record all high-level architecture decisions in the Cosmos +SDK project. + +You can read more about the ADR concept in this [blog post](https://product.reverb.com/documenting-architecture-decisions-the-reverb-way-a3563bb24bd0#.78xhdix6t) +with a more detailed explanation [here](http://thinkrelevance.com/blog/2011/11/15/documenting-architecture-decisions). + +An ADR should provide: + +- Context on the relevant goals and the current state +- Proposed changes to achieve the goals +- Summary of pros and cons +- References +- Changelog + +You can see the template [here](./adr.template.md). + +Note the distinction between an ADR and a spec. The ADR provides the context, +intuition, reasoning, and justification for a change in architecture, or for the +architecture of something new. The spec is much more compressed and streamlined +summary of everything as it stands today. + +If recorded decisions turned out to be lacking, convene a discussion, record the +new decisions here, and then modify the code to match. + +Note the context/background should be written in the present tense. diff --git a/docs/architecture/adr-001-signed-messages.md b/docs/architecture/adr-001-signed-messages.md new file mode 100644 index 000000000..35b22e990 --- /dev/null +++ b/docs/architecture/adr-001-signed-messages.md @@ -0,0 +1,43 @@ +# ADR 001: Cosmos SDK Signed Messages + +## Changelog + +* {date}: {changelog} + +## Context + +> This section describes the forces at play, including technological, political, social, and project local. These forces are probably in tension, and should be called out as such. The language in this section is value-neutral. It is simply describing facts. + +{context body} + +## Decision + +> This section describes our response to these forces. It is stated in full sentences, with active voice. "We will ..." + +{decision body} + +## Status + +> A decision may be "proposed" if the project stakeholders haven't agreed with it yet, or "accepted" once it is agreed. If a later ADR changes or reverses a decision, it may be marked as "deprecated" or "superseded" with a reference to its replacement. + +{Deprecated|Proposed|Accepted} + +## Consequences + +> This section describes the resulting context, after applying the decision. All consequences should be listed here, not just the "positive" ones. A particular decision may have positive, negative, and neutral consequences, but all of them affect the team and project in the future. + +### Positive + +{positive consequences} + +### Negative + +{negative consequences} + +### Neutral + +{neutral consequences} + +## References + +* {reference link} diff --git a/docs/architecture/adr.template.md b/docs/architecture/adr.template.md new file mode 100644 index 000000000..321c9a4bd --- /dev/null +++ b/docs/architecture/adr.template.md @@ -0,0 +1,43 @@ +# ADR {ADR-NUMBER}: {TITLE} + +## Changelog + +* {date}: {changelog} + +## Context + +> This section describes the forces at play, including technological, political, social, and project local. These forces are probably in tension, and should be called out as such. The language in this section is value-neutral. It is simply describing facts. + +{context body} + +## Decision + +> This section describes our response to these forces. It is stated in full sentences, with active voice. "We will ..." + +{decision body} + +## Status + +> A decision may be "proposed" if the project stakeholders haven't agreed with it yet, or "accepted" once it is agreed. If a later ADR changes or reverses a decision, it may be marked as "deprecated" or "superseded" with a reference to its replacement. + +{Deprecated|Proposed|Accepted} + +## Consequences + +> This section describes the resulting context, after applying the decision. All consequences should be listed here, not just the "positive" ones. A particular decision may have positive, negative, and neutral consequences, but all of them affect the team and project in the future. + +### Positive + +{positive consequences} + +### Negative + +{negative consequences} + +### Neutral + +{neutral consequences} + +## References + +* {reference link} From 3fe0b73b03c8ad47ca868e450a2965758defdd1d Mon Sep 17 00:00:00 2001 From: Aleksandr Bezobchuk Date: Mon, 30 Jul 2018 12:19:39 -0400 Subject: [PATCH 02/17] Update ADR 001 context --- docs/architecture/adr-001-signed-messages.md | 24 ++++++++++++++------ 1 file changed, 17 insertions(+), 7 deletions(-) diff --git a/docs/architecture/adr-001-signed-messages.md b/docs/architecture/adr-001-signed-messages.md index 35b22e990..a1343dfff 100644 --- a/docs/architecture/adr-001-signed-messages.md +++ b/docs/architecture/adr-001-signed-messages.md @@ -2,13 +2,25 @@ ## Changelog -* {date}: {changelog} - ## Context -> This section describes the forces at play, including technological, political, social, and project local. These forces are probably in tension, and should be called out as such. The language in this section is value-neutral. It is simply describing facts. +Having the ability to sign messages off-chain has proven to be a fundamental aspect +of nearly any blockchain. The notion of signing messages off-chain has many +added benefits such as saving on computational costs and reducing transaction +throughput and overhead. Within the context of the Cosmos SDK, some of the major +applications of signing such data includes, but is not limited to, providing a +cryptographic secure and verifiable means of proving validator identity and +possibly associating it with some other framework or organization. In addition, +having the ability to sign Cosmos SDK messages with a Ledger device. -{context body} +A standardized protocol for hashing and signing messages that can be implemented +by the Cosmos SDK and any third-party organization is needed the subscribes to +the following: + +* A specification of structured data +* A framework for encoding structured data +* A cryptographic secure hashing and signing algorithm +* A framework for supporting extensions and domain separation ## Decision @@ -18,9 +30,7 @@ ## Status -> A decision may be "proposed" if the project stakeholders haven't agreed with it yet, or "accepted" once it is agreed. If a later ADR changes or reverses a decision, it may be marked as "deprecated" or "superseded" with a reference to its replacement. - -{Deprecated|Proposed|Accepted} +Proposed. ## Consequences From f875b446e1e26fd0b0a008f7905aae3c8803be9e Mon Sep 17 00:00:00 2001 From: Aleksandr Bezobchuk Date: Mon, 30 Jul 2018 12:47:26 -0400 Subject: [PATCH 03/17] Add notes on replay protection and algos --- docs/architecture/adr-001-signed-messages.md | 27 ++++++++++++++++++-- 1 file changed, 25 insertions(+), 2 deletions(-) diff --git a/docs/architecture/adr-001-signed-messages.md b/docs/architecture/adr-001-signed-messages.md index a1343dfff..a00bf65c2 100644 --- a/docs/architecture/adr-001-signed-messages.md +++ b/docs/architecture/adr-001-signed-messages.md @@ -22,9 +22,31 @@ the following: * A cryptographic secure hashing and signing algorithm * A framework for supporting extensions and domain separation +This record is only concerned with the rationale and the standardized implementation +of Cosmos SDK signed messages. It does **not** concern itself with the concept of +replay attacks as that will be left up to the higher-level application implementation. +If you view signed messages in the means of authorizing some action or data, then +such an application would have to either treat this as idempotent or have mechanisms +in place to reject known signed messages. + +TODO: Should we bake in replay protection into the protocol? + ## Decision -> This section describes our response to these forces. It is stated in full sentences, with active voice. "We will ..." +> The proposed implementation is motivated by EIP-7121 and in general +Ethereum's `eth_sign` method2. + +### Preliminary + +We will a have Cosmos SDK message signing protocol that consists of `TMHASH`, which is +`SHA-256` with all but the first 20 bytes truncated, as the hashing algorithm and +`secp256k1` as the signing algorithm. + +Note, our goal here is not to provide context and reasoning about why necessarily +these algorithms were chosen apart from the fact they are the defacto algorithms +used in Tendermint and the Cosmos SDK and that they satisfy our needs for such +algorithms such as having resistance to second pre-image attacks and collision, +as well as being deterministic and uniform. {decision body} @@ -50,4 +72,5 @@ Proposed. ## References -* {reference link} +1. https://github.com/ethereum/EIPs/blob/master/EIPS/eip-712.md +2. https://github.com/ethereum/wiki/wiki/JSON-RPC#eth_sign \ No newline at end of file From 02a7552f1840efb26a9c39dab9879604c74c28f3 Mon Sep 17 00:00:00 2001 From: Aleksandr Bezobchuk Date: Mon, 30 Jul 2018 16:59:58 -0400 Subject: [PATCH 04/17] Remove ADR 001 and related directories/files --- docs/architecture/README.md | 27 ------- docs/architecture/adr-001-signed-messages.md | 76 -------------------- docs/architecture/adr.template.md | 43 ----------- 3 files changed, 146 deletions(-) delete mode 100644 docs/architecture/README.md delete mode 100644 docs/architecture/adr-001-signed-messages.md delete mode 100644 docs/architecture/adr.template.md diff --git a/docs/architecture/README.md b/docs/architecture/README.md deleted file mode 100644 index e2c46f647..000000000 --- a/docs/architecture/README.md +++ /dev/null @@ -1,27 +0,0 @@ -# Architecture Decision Records (ADR) - -This is a location to record all high-level architecture decisions in the Cosmos -SDK project. - -You can read more about the ADR concept in this [blog post](https://product.reverb.com/documenting-architecture-decisions-the-reverb-way-a3563bb24bd0#.78xhdix6t) -with a more detailed explanation [here](http://thinkrelevance.com/blog/2011/11/15/documenting-architecture-decisions). - -An ADR should provide: - -- Context on the relevant goals and the current state -- Proposed changes to achieve the goals -- Summary of pros and cons -- References -- Changelog - -You can see the template [here](./adr.template.md). - -Note the distinction between an ADR and a spec. The ADR provides the context, -intuition, reasoning, and justification for a change in architecture, or for the -architecture of something new. The spec is much more compressed and streamlined -summary of everything as it stands today. - -If recorded decisions turned out to be lacking, convene a discussion, record the -new decisions here, and then modify the code to match. - -Note the context/background should be written in the present tense. diff --git a/docs/architecture/adr-001-signed-messages.md b/docs/architecture/adr-001-signed-messages.md deleted file mode 100644 index a00bf65c2..000000000 --- a/docs/architecture/adr-001-signed-messages.md +++ /dev/null @@ -1,76 +0,0 @@ -# ADR 001: Cosmos SDK Signed Messages - -## Changelog - -## Context - -Having the ability to sign messages off-chain has proven to be a fundamental aspect -of nearly any blockchain. The notion of signing messages off-chain has many -added benefits such as saving on computational costs and reducing transaction -throughput and overhead. Within the context of the Cosmos SDK, some of the major -applications of signing such data includes, but is not limited to, providing a -cryptographic secure and verifiable means of proving validator identity and -possibly associating it with some other framework or organization. In addition, -having the ability to sign Cosmos SDK messages with a Ledger device. - -A standardized protocol for hashing and signing messages that can be implemented -by the Cosmos SDK and any third-party organization is needed the subscribes to -the following: - -* A specification of structured data -* A framework for encoding structured data -* A cryptographic secure hashing and signing algorithm -* A framework for supporting extensions and domain separation - -This record is only concerned with the rationale and the standardized implementation -of Cosmos SDK signed messages. It does **not** concern itself with the concept of -replay attacks as that will be left up to the higher-level application implementation. -If you view signed messages in the means of authorizing some action or data, then -such an application would have to either treat this as idempotent or have mechanisms -in place to reject known signed messages. - -TODO: Should we bake in replay protection into the protocol? - -## Decision - -> The proposed implementation is motivated by EIP-7121 and in general -Ethereum's `eth_sign` method2. - -### Preliminary - -We will a have Cosmos SDK message signing protocol that consists of `TMHASH`, which is -`SHA-256` with all but the first 20 bytes truncated, as the hashing algorithm and -`secp256k1` as the signing algorithm. - -Note, our goal here is not to provide context and reasoning about why necessarily -these algorithms were chosen apart from the fact they are the defacto algorithms -used in Tendermint and the Cosmos SDK and that they satisfy our needs for such -algorithms such as having resistance to second pre-image attacks and collision, -as well as being deterministic and uniform. - -{decision body} - -## Status - -Proposed. - -## Consequences - -> This section describes the resulting context, after applying the decision. All consequences should be listed here, not just the "positive" ones. A particular decision may have positive, negative, and neutral consequences, but all of them affect the team and project in the future. - -### Positive - -{positive consequences} - -### Negative - -{negative consequences} - -### Neutral - -{neutral consequences} - -## References - -1. https://github.com/ethereum/EIPs/blob/master/EIPS/eip-712.md -2. https://github.com/ethereum/wiki/wiki/JSON-RPC#eth_sign \ No newline at end of file diff --git a/docs/architecture/adr.template.md b/docs/architecture/adr.template.md deleted file mode 100644 index 321c9a4bd..000000000 --- a/docs/architecture/adr.template.md +++ /dev/null @@ -1,43 +0,0 @@ -# ADR {ADR-NUMBER}: {TITLE} - -## Changelog - -* {date}: {changelog} - -## Context - -> This section describes the forces at play, including technological, political, social, and project local. These forces are probably in tension, and should be called out as such. The language in this section is value-neutral. It is simply describing facts. - -{context body} - -## Decision - -> This section describes our response to these forces. It is stated in full sentences, with active voice. "We will ..." - -{decision body} - -## Status - -> A decision may be "proposed" if the project stakeholders haven't agreed with it yet, or "accepted" once it is agreed. If a later ADR changes or reverses a decision, it may be marked as "deprecated" or "superseded" with a reference to its replacement. - -{Deprecated|Proposed|Accepted} - -## Consequences - -> This section describes the resulting context, after applying the decision. All consequences should be listed here, not just the "positive" ones. A particular decision may have positive, negative, and neutral consequences, but all of them affect the team and project in the future. - -### Positive - -{positive consequences} - -### Negative - -{negative consequences} - -### Neutral - -{neutral consequences} - -## References - -* {reference link} From da0d907d12fa27d0aa459d376ad4d6cf44590c2c Mon Sep 17 00:00:00 2001 From: Aleksandr Bezobchuk Date: Tue, 31 Jul 2018 09:38:29 -0400 Subject: [PATCH 05/17] Update ICS cosmos signed messages --- docs/ics/ics-xxx-signed-messages.md | 144 ++++++++++++++++++++++++++++ 1 file changed, 144 insertions(+) create mode 100644 docs/ics/ics-xxx-signed-messages.md diff --git a/docs/ics/ics-xxx-signed-messages.md b/docs/ics/ics-xxx-signed-messages.md new file mode 100644 index 000000000..e7d4e1a58 --- /dev/null +++ b/docs/ics/ics-xxx-signed-messages.md @@ -0,0 +1,144 @@ +# ICS XXX: Cosmos Signed Messages + +>TODO: Replace with valid ICS number and possibly move to new location. + +## Changelog + +## Abstract + +Having the ability to sign messages off-chain has proven to be a fundamental aspect +of nearly any blockchain. The notion of signing messages off-chain has many +added benefits such as saving on computational costs and reducing transaction +throughput and overhead. Within the context of the Cosmos, some of the major +applications of signing such data includes, but is not limited to, providing a +cryptographic secure and verifiable means of proving validator identity and +possibly associating it with some other framework or organization. In addition, +having the ability to sign Cosmos messages with a Ledger or similar HSM device. + +A standardized protocol for hashing, signing, and verifying messages that can be +implemented by the Cosmos SDK and other third-party organizations is needed. Such a +standardized protocol subscribes to the following: + +* Contains a specification of machine-verifiable and human-readable typed structured data +* Contains a framework for deterministic and injective encoding of structured data +* Utilizes cryptographic secure hashing and signing algorithms +* A framework for supporting extensions and domain separation +* Is invulnerable to chosen ciphertext attacks +* Has protection against potentially signing transactions a user did not intend to + +This specification is only concerned with the rationale and the standardized +implementation of Cosmos signed messages. It does **not** concern itself with the +concept of replay attacks as that will be left up to the higher-level application +implementation. If you view signed messages in the means of authorizing some +action or data, then such an application would have to either treat this as +idempotent or have mechanisms in place to reject known signed messages. + +## Specification + +> The proposed implementation is motivated and borrows heavily from EIP-7121 +and in general Ethereum's `eth_sign` and `eth_signTypedData` methods2. + +### Preliminary + +We will a have Cosmos SDK message signing protocol that consists of using `SHA-256`, +as the hashing algorithm and `secp256k1` as the signing algorithm. + +Note, our goal here is not to provide context and reasoning about why necessarily +these algorithms were chosen apart from the fact they are the defacto algorithms +used in Tendermint and the Cosmos SDK and that they satisfy our needs for such +cryptographic algorithms such as having resistance to collision and second +pre-image attacks, as well as being deterministic and uniform. + +### Encoding + +Our goal is to create a deterministic, injective, machine-verifiable means of +encoding human-readable typed and structured data. + +Let us consider the set of signed messages to be: `B ∪ S`, where `B` is the set +of byte strings and `S` is the set of human-readable typed structures. Thus, the +set can can be encoded in a deterministic and injective way via the following +rules, where `||` denotes concatenation: + +* `encode(b : B)` = `p1 || bytes("Signed Cosmos SDK Message: \n") || l || b`, where + * `l`: little endian uint64 encoding of the length of `b` + * `p1`: prefix to distinguish from normal transactions and other encoding cases +* `encode(s : S, domainSeparator : B)` = `p2 || domainSeparator || amino(s)`, where + * `domainSeparator`: 32 byte encoding of the domain separator [see below](###DomainSeparator) + * `p2`: prefix to distinguish from normal transactions and other encoding cases + +> TODO: Figure out byte(s) prefix in the encoding to not have collisions with +typical transaction signatures (JSON-encoded) and to distinguish the individual +cases. This may require introducing prefixes to transactions. + +#### Assumptions + +`amino` is deterministic and seems to be injective -- at least when when +concrete types are registered. Can we rely on this mechanism or do we need a +custom true injective encoding? + +> TODO: Do we need to implement a custom encoding scheme instead of or atop +amino similar or equal to EIP-712 `hashStruct`? As far as I know, this is mostly +due to providing Soldity efficiencies and addressing limitations. + +### DomainSeparator + +Encoding structures can still lead to potential collisions and while this may be +ok or even desired, it introduces a concern in that it could lead to two compatible +signatures. The domain separator prevents collisions of otherwise identical +structures. It is designed to unique per application use and is directly used in +the signature encoding itself. The domain separator is also extensible where the +protocol and application designer may introduce or omit fields to their liking, +but we will provide a typical structure that can be used for proper separation +of concerns: + +```golang +type DomainSeparator struct { + name string // A user readable name of the signing origin or application. + chainID string // The corresponding Cosmos chain identifier. + version uint16 // Version of the domain separator. A single major version should suffice. + salt []byte // Random data to further provide disambiguation. +} +``` + +Application designers may choose to omit or introduce additional fields to a +domain separator. However, users should provided with the exact information for +which they will be signing (i.e. a user should always know the chain ID they are +signing for). + +Given the set of all domain separators, the encoding of the domain separator +is as follows: + +* `encode(domainSeparator : B)` = `sha256(amino(domainSeparator))` + +## API + +We now formalize a standard set of APIs that providers must implement: + +``` +cosmosSignBytes(b : B, addr : B) { + return secp256k1Sign(sha256(encode(b)), addressPrivKey(addr)) +} +``` + +``` +cosmosSignBytesPass(b : B, pass : B) { + return secp256k1Sign(sha256(encode(b)), passPrivKey(addr)) +} +``` + +``` +cosmosSignTyped(s : S, domainSeparator : B, addr : B) { + return secp256k1Sign(sha256(encode(s, domainSeparator)), addressPrivKey(addr)) +} +``` + +``` +cosmosSignTypedPass(s : S, domainSeparator : B, pass : B) { + return secp256k1Sign(sha256(encode(s, domainSeparator)), passPrivKey(addr)) +} +``` + +## References + +1. https://github.com/ethereum/EIPs/blob/master/EIPS/eip-712.md +2. https://github.com/ethereum/wiki/wiki/JSON-RPC#eth_sign From fd64da85878310f7bc3a46dd6c9a0e89a12258aa Mon Sep 17 00:00:00 2001 From: Aleksandr Bezobchuk Date: Tue, 31 Jul 2018 10:04:21 -0400 Subject: [PATCH 06/17] Update assumptions --- docs/ics/ics-xxx-signed-messages.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docs/ics/ics-xxx-signed-messages.md b/docs/ics/ics-xxx-signed-messages.md index e7d4e1a58..751605056 100644 --- a/docs/ics/ics-xxx-signed-messages.md +++ b/docs/ics/ics-xxx-signed-messages.md @@ -76,6 +76,12 @@ cases. This may require introducing prefixes to transactions. concrete types are registered. Can we rely on this mechanism or do we need a custom true injective encoding? +User-agents such Voyager, Metamask, and Ledger may provide human-readable and +structured data, but this data must be consistent in terms of the field types +and structure itself encoded via `amino`. This would require said applications +to have an `amino` implementation. This may yet further warrant a simple custom +encoding. + > TODO: Do we need to implement a custom encoding scheme instead of or atop amino similar or equal to EIP-712 `hashStruct`? As far as I know, this is mostly due to providing Soldity efficiencies and addressing limitations. From 00e116c0c72bb2f7a847e94e7f3a587aa2500df7 Mon Sep 17 00:00:00 2001 From: Aleksandr Bezobchuk Date: Wed, 1 Aug 2018 14:53:34 -0400 Subject: [PATCH 07/17] Update preliminary --- docs/ics/ics-xxx-signed-messages.md | 22 ++++------------------ 1 file changed, 4 insertions(+), 18 deletions(-) diff --git a/docs/ics/ics-xxx-signed-messages.md b/docs/ics/ics-xxx-signed-messages.md index 751605056..89efeb74f 100644 --- a/docs/ics/ics-xxx-signed-messages.md +++ b/docs/ics/ics-xxx-signed-messages.md @@ -40,8 +40,10 @@ and in general Ethereum's `eth_sign` and `eth_signTypedData` methods2 ### Preliminary -We will a have Cosmos SDK message signing protocol that consists of using `SHA-256`, -as the hashing algorithm and `secp256k1` as the signing algorithm. +The Cosmos message signing protocol will be parameterized with a cryptographic +secure hashing algorithm `SHA-256` and a signing algorithm `S` that contains +the operations `sign` and `verify` which provide a digital signature over a set +of bytes and verification of a signature respectively. Note, our goal here is not to provide context and reasoning about why necessarily these algorithms were chosen apart from the fact they are the defacto algorithms @@ -70,22 +72,6 @@ rules, where `||` denotes concatenation: typical transaction signatures (JSON-encoded) and to distinguish the individual cases. This may require introducing prefixes to transactions. -#### Assumptions - -`amino` is deterministic and seems to be injective -- at least when when -concrete types are registered. Can we rely on this mechanism or do we need a -custom true injective encoding? - -User-agents such Voyager, Metamask, and Ledger may provide human-readable and -structured data, but this data must be consistent in terms of the field types -and structure itself encoded via `amino`. This would require said applications -to have an `amino` implementation. This may yet further warrant a simple custom -encoding. - -> TODO: Do we need to implement a custom encoding scheme instead of or atop -amino similar or equal to EIP-712 `hashStruct`? As far as I know, this is mostly -due to providing Soldity efficiencies and addressing limitations. - ### DomainSeparator Encoding structures can still lead to potential collisions and while this may be From 508c54d3cd0d0ca45256177cdfea70f68ee28bda Mon Sep 17 00:00:00 2001 From: Aleksandr Bezobchuk Date: Wed, 1 Aug 2018 15:38:54 -0400 Subject: [PATCH 08/17] Update API section to be more spec-defined --- docs/ics/ics-xxx-signed-messages.md | 67 ++++++++++++++++++++--------- 1 file changed, 46 insertions(+), 21 deletions(-) diff --git a/docs/ics/ics-xxx-signed-messages.md b/docs/ics/ics-xxx-signed-messages.md index 89efeb74f..7844cb615 100644 --- a/docs/ics/ics-xxx-signed-messages.md +++ b/docs/ics/ics-xxx-signed-messages.md @@ -104,31 +104,56 @@ is as follows: ## API -We now formalize a standard set of APIs that providers must implement: +Application developers and designers should formalize a standard set of APIs that +adhere to the following specification: -``` -cosmosSignBytes(b : B, addr : B) { - return secp256k1Sign(sha256(encode(b)), addressPrivKey(addr)) -} -``` +
-``` -cosmosSignBytesPass(b : B, pass : B) { - return secp256k1Sign(sha256(encode(b)), passPrivKey(addr)) -} -``` +**cosmosSignBytes** -``` -cosmosSignTyped(s : S, domainSeparator : B, addr : B) { - return secp256k1Sign(sha256(encode(s, domainSeparator)), addressPrivKey(addr)) -} -``` +Params: +* `data`: arbitrary byte length data to sign +* `address`: 20 byte account address to sign data with -``` -cosmosSignTypedPass(s : S, domainSeparator : B, pass : B) { - return secp256k1Sign(sha256(encode(s, domainSeparator)), passPrivKey(addr)) -} -``` +Returns: +* `signature`: the Cosmos signature derived using `S` + +
+ +**cosmosSignBytesPass** + +Params: +* `data`: arbitrary byte length data to sign +* `address`: 20 byte account address to sign data with +* `password`: password of the account to sign data with + +Returns: +* `signature`: the Cosmos signature derived using `S` + +
+ +**cosmosSignTyped** + +Params: +* `domainSeparator`: the application domain separator to encode and sign +* `typedData`: type data structure to encode and sign +* `address`: 20 byte account address to sign data with + +Returns: +* `signature`: the Cosmos signature derived using `S` + +
+ +**cosmosSignTypedPass** + +Params: +* `domainSeparator`: the application domain separator to encode and sign +* `typedData`: type data structure to encode and sign +* `address`: 20 byte account address to sign data with +* `password`: password of the account to sign data with + +Returns: +* `signature`: the Cosmos signature derived using `S` ## References From 11abc3f4f4fb0e40bd1e4d538917c04b1623c149 Mon Sep 17 00:00:00 2001 From: Aleksandr Bezobchuk Date: Thu, 2 Aug 2018 14:28:23 -0400 Subject: [PATCH 09/17] Update encoding and schema spec --- docs/ics/ics-xxx-signed-messages.md | 217 +++++++++++++++++++++++----- 1 file changed, 179 insertions(+), 38 deletions(-) diff --git a/docs/ics/ics-xxx-signed-messages.md b/docs/ics/ics-xxx-signed-messages.md index 7844cb615..77aab79b8 100644 --- a/docs/ics/ics-xxx-signed-messages.md +++ b/docs/ics/ics-xxx-signed-messages.md @@ -2,6 +2,19 @@ >TODO: Replace with valid ICS number and possibly move to new location. + * [Changelog](#changelog) + * [Abstract](#abstract) + * [Specification](#specification) + + [Preliminary](#preliminary) + + [Encoding](#encoding) + - [Schema](#schema) + - [encodeStruct](#encodestruct) + - [encodeSchema](#encodeschema) + - [encodeData](#encodedata) + + [DomainSeparator](#domainseparator) + * [API](#api) + * [References](#references) + ## Changelog ## Abstract @@ -56,51 +69,181 @@ pre-image attacks, as well as being deterministic and uniform. Our goal is to create a deterministic, injective, machine-verifiable means of encoding human-readable typed and structured data. -Let us consider the set of signed messages to be: `B ∪ S`, where `B` is the set -of byte strings and `S` is the set of human-readable typed structures. Thus, the +Let us consider the set of signed messages to be: `B ∪ TS`, where `B` is the set +of byte arrays and `TS` is the set of human-readable typed structures. Thus, the set can can be encoded in a deterministic and injective way via the following rules, where `||` denotes concatenation: -* `encode(b : B)` = `p1 || bytes("Signed Cosmos SDK Message: \n") || l || b`, where +* `encode(b : B)` = `0x0000 || bytes("Signed Cosmos SDK Message: \n") || l || b`, where + * `b`: the bytes to be signed * `l`: little endian uint64 encoding of the length of `b` - * `p1`: prefix to distinguish from normal transactions and other encoding cases -* `encode(s : S, domainSeparator : B)` = `p2 || domainSeparator || amino(s)`, where - * `domainSeparator`: 32 byte encoding of the domain separator [see below](###DomainSeparator) - * `p2`: prefix to distinguish from normal transactions and other encoding cases +* `encode(ds : TS, ts : TS)` = `0x000001 || encodeStruct(ds) || encodeStruct(ts)`, where + * `ds`: the application domain separator which is also a human-readable typed structure ([see below](###DomainSeparator)) + * `ts`: the human-readable typed structure to be signed -> TODO: Figure out byte(s) prefix in the encoding to not have collisions with -typical transaction signatures (JSON-encoded) and to distinguish the individual -cases. This may require introducing prefixes to transactions. +The prefix bytes disambiguate the encoding cases from one another as well as +separating them from collision of transactions to be signed. The `amino` +serialization protocol escapes the set of disambiguation and prefix bytes with a +single `0x00` byte so there should be no collision with those structures. + +#### Schema + +To achieve deterministic and injective encoding, Cosmos signed messages over +type structures will use an existing known standard -- [JSON schema](http://json-schema.org/). +The domain separator and typed structures to be encoded must be specified with +a schema adhering to the JSON schema [specification](http://json-schema.org/specification.html). + +```json +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "cosmos/signing/typeData/schema", + "title": "The Cosmos signed message typed data schema.", + "type": "object", + "definitions": { + "typeDef": { + "type": "array", + "items": { + "description": "The list of properties a schema definition contains.", + "type": "object", + "properties": { + "name": { + "description": "The name of the schema rule.", + "type": "string", + "minLength": 1 + }, + "description": { + "description": "The description of the schema rule.", + "type": "string" + }, + "type": { + "description": "The type of the schema rule.", + "type": "string", + "minLength": 1 + } + }, + "required": [ + "name", + "type" + ] + } + } + }, + "properties": { + "types": { + "type": "object", + "properties": { + "CosmosDomain": { + "description": "The application domain separator schema.", + "$ref": "#/definitions/typeDef" + } + }, + "additionalProperties": { + "description": "The application type schemas.", + "$ref": "#/definitions/typeDef" + }, + "required": [ + "CosmosDomain" + ] + }, + "primaryType": { + "description": "The name of primary message type to sign.", + "type": "string", + "minLength": 1 + }, + "domain": { + "description": "The domain separator to sign.", + "type": "object" + }, + "message": { + "description": "The message data to sign.", + "type": "object" + } + }, + "required": [ + "types", + "primaryType", + "domain", + "message" + ] +} +``` + +#### encodeStruct + +The specification of encoding a human-readable typed structures, which includes +the domain separator, is as follows, where `||` denotes concatenation: + +`encodeStruct(ts : TS)` = `sha256(sha256(encodeSchema(ts)) || sha256(encodeData(ts)))` + +**Note**: The typed structure `ts` should include the JSON instance and schema. + +#### encodeSchema + +The **schema** of a typed structure is encoded as the name of the type and the +concatenation of it's schema fields. If the schema internally references other +schemas, then those are appended to the encoding. In order to make the encoding +deterministic, the encoding should sort types by their type name in lexicographic +ascending order. The specification is as follows, where `||` denotes concatenation: + +`encodeSchema(ts : TS)` = `"typeName(" || name || " " || type || ", " || ... || ")"` + +e.g. +```json +"Address(address string)Coin(amount integer, denom string)Transaction(coin Coin, from Address, to Address)" +``` + +##### Alternatives + +1. Instead of concatenating schema signatures, we could also take each type +definition and insert them into a sorted JSON object and hash the byte +representation of that object. This would avoid having to perform weird +concatenations. + +#### encodeData + +The **data** of a typed structure is encoded as the concatenation of values in +the typed data sorted by the field names in lexicographic ascending order. The +specification is as follows, where `||` denotes concatenation: + +`encodeData(ts : TS)` = sha256(value1) || sha256(value2) || ... || sha256(valuen)` ### DomainSeparator Encoding structures can still lead to potential collisions and while this may be -ok or even desired, it introduces a concern in that it could lead to two compatible +okay or even desired, it introduces a concern in that it could lead to two compatible signatures. The domain separator prevents collisions of otherwise identical -structures. It is designed to unique per application use and is directly used in -the signature encoding itself. The domain separator is also extensible where the -protocol and application designer may introduce or omit fields to their liking, -but we will provide a typical structure that can be used for proper separation +structures. It is designed to be unique per application use and is directly used +in the signature encoding itself. The domain separator is also extensible where +the protocol and application designer may introduce or omit fields to their needs, +but we will provide a "standard" structure that can be used for proper separation of concerns: -```golang -type DomainSeparator struct { - name string // A user readable name of the signing origin or application. - chainID string // The corresponding Cosmos chain identifier. - version uint16 // Version of the domain separator. A single major version should suffice. - salt []byte // Random data to further provide disambiguation. +```json +{ + "types": { + "CosmosDomain": [ + { + "name": "name", + "description": "The name of the signing origin or application.", + "type": "string" + }, + { + "name": "chainID", + "description": "The corresponding Cosmos chain identifier.", + "type": "string", + }, + { + "name": "version", + "description": "The major version of the domain separator.", + "type": "integer", + }, + ], + }, } ``` -Application designers may choose to omit or introduce additional fields to a -domain separator. However, users should provided with the exact information for -which they will be signing (i.e. a user should always know the chain ID they are -signing for). - -Given the set of all domain separators, the encoding of the domain separator -is as follows: - -* `encode(domainSeparator : B)` = `sha256(amino(domainSeparator))` +**Note**: The user-agent should refuse signing if the `chainID` does not match +the currently active chain! ## API @@ -116,7 +259,7 @@ Params: * `address`: 20 byte account address to sign data with Returns: -* `signature`: the Cosmos signature derived using `S` +* `signature`: the Cosmos signature derived using signing algorithm `S`
@@ -128,32 +271,30 @@ Params: * `password`: password of the account to sign data with Returns: -* `signature`: the Cosmos signature derived using `S` +* `signature`: the Cosmos signature derived using signing algorithm `S`
**cosmosSignTyped** Params: -* `domainSeparator`: the application domain separator to encode and sign -* `typedData`: type data structure to encode and sign +* `typedData`: type typed data structure, including the domain separator, to encode and sign * `address`: 20 byte account address to sign data with Returns: -* `signature`: the Cosmos signature derived using `S` +* `signature`: the Cosmos signature derived using signing algorithm `S`
**cosmosSignTypedPass** Params: -* `domainSeparator`: the application domain separator to encode and sign -* `typedData`: type data structure to encode and sign +* `typedData`: type typed data structure, including the domain separator, to encode and sign * `address`: 20 byte account address to sign data with * `password`: password of the account to sign data with Returns: -* `signature`: the Cosmos signature derived using `S` +* `signature`: the Cosmos signature derived using signing algorithm `S` ## References From 43420936e574ec0d3200566b9162cb4ff56e15cc Mon Sep 17 00:00:00 2001 From: Aleksandr Bezobchuk Date: Thu, 2 Aug 2018 14:31:09 -0400 Subject: [PATCH 10/17] Fix link --- docs/ics/ics-xxx-signed-messages.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/ics/ics-xxx-signed-messages.md b/docs/ics/ics-xxx-signed-messages.md index 77aab79b8..59fe8c1ad 100644 --- a/docs/ics/ics-xxx-signed-messages.md +++ b/docs/ics/ics-xxx-signed-messages.md @@ -78,7 +78,7 @@ rules, where `||` denotes concatenation: * `b`: the bytes to be signed * `l`: little endian uint64 encoding of the length of `b` * `encode(ds : TS, ts : TS)` = `0x000001 || encodeStruct(ds) || encodeStruct(ts)`, where - * `ds`: the application domain separator which is also a human-readable typed structure ([see below](###DomainSeparator)) + * `ds`: the application domain separator which is also a human-readable typed structure ([see below](#domainseparator)) * `ts`: the human-readable typed structure to be signed The prefix bytes disambiguate the encoding cases from one another as well as @@ -205,7 +205,7 @@ The **data** of a typed structure is encoded as the concatenation of values in the typed data sorted by the field names in lexicographic ascending order. The specification is as follows, where `||` denotes concatenation: -`encodeData(ts : TS)` = sha256(value1) || sha256(value2) || ... || sha256(valuen)` +`encodeData(ts : TS)` = sha256(value1) || sha256(value2) || ... || sha256(valuen)`, where value1 < value2 ### DomainSeparator From 9cfe2c59f1a1025fa3e5800c58d642113181e0eb Mon Sep 17 00:00:00 2001 From: Aleksandr Bezobchuk Date: Thu, 2 Aug 2018 14:35:54 -0400 Subject: [PATCH 11/17] Update schema --- docs/ics/ics-xxx-signed-messages.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/ics/ics-xxx-signed-messages.md b/docs/ics/ics-xxx-signed-messages.md index 59fe8c1ad..58776c31d 100644 --- a/docs/ics/ics-xxx-signed-messages.md +++ b/docs/ics/ics-xxx-signed-messages.md @@ -146,7 +146,7 @@ a schema adhering to the JSON schema [specification](http://json-schema.org/spec ] }, "primaryType": { - "description": "The name of primary message type to sign.", + "description": "The name of primary message type to sign. This is needed for when there is more than one type defined besides `CosmosDomain`.", "type": "string", "minLength": 1 }, From aa01e9954c4d4936c2b02cbb45dcd81ed00408ff Mon Sep 17 00:00:00 2001 From: Aleksandr Bezobchuk Date: Thu, 9 Aug 2018 11:35:22 -0400 Subject: [PATCH 12/17] Simply Cosmos signed message spec (using TM canonical JSON) --- docs/ics/ics-xxx-signed-messages.md | 266 ++++++++-------------------- 1 file changed, 72 insertions(+), 194 deletions(-) diff --git a/docs/ics/ics-xxx-signed-messages.md b/docs/ics/ics-xxx-signed-messages.md index 58776c31d..50dd67c75 100644 --- a/docs/ics/ics-xxx-signed-messages.md +++ b/docs/ics/ics-xxx-signed-messages.md @@ -2,16 +2,11 @@ >TODO: Replace with valid ICS number and possibly move to new location. - * [Changelog](#changelog) + * [Changelog](#changelog) * [Abstract](#abstract) + * [Preliminary](#preliminary) * [Specification](#specification) - + [Preliminary](#preliminary) - + [Encoding](#encoding) - - [Schema](#schema) - - [encodeStruct](#encodestruct) - - [encodeSchema](#encodeschema) - - [encodeData](#encodedata) - + [DomainSeparator](#domainseparator) + * [Future Adaptations](#future-adaptations) * [API](#api) * [References](#references) @@ -32,7 +27,7 @@ A standardized protocol for hashing, signing, and verifying messages that can be implemented by the Cosmos SDK and other third-party organizations is needed. Such a standardized protocol subscribes to the following: -* Contains a specification of machine-verifiable and human-readable typed structured data +* Contains a specification of human-readable and machine-verifiable typed structured data * Contains a framework for deterministic and injective encoding of structured data * Utilizes cryptographic secure hashing and signing algorithms * A framework for supporting extensions and domain separation @@ -46,13 +41,7 @@ implementation. If you view signed messages in the means of authorizing some action or data, then such an application would have to either treat this as idempotent or have mechanisms in place to reject known signed messages. -## Specification - -> The proposed implementation is motivated and borrows heavily from EIP-7121 -and in general Ethereum's `eth_sign` and `eth_signTypedData` methods2. - -### Preliminary - +## Preliminary The Cosmos message signing protocol will be parameterized with a cryptographic secure hashing algorithm `SHA-256` and a signing algorithm `S` that contains the operations `sign` and `verify` which provide a digital signature over a set @@ -64,186 +53,101 @@ used in Tendermint and the Cosmos SDK and that they satisfy our needs for such cryptographic algorithms such as having resistance to collision and second pre-image attacks, as well as being deterministic and uniform. -### Encoding +## Specification -Our goal is to create a deterministic, injective, machine-verifiable means of -encoding human-readable typed and structured data. +Tendermint has a well established protocol for signing messages using a canonical +JSON representation as defined [here](https://github.com/tendermint/tendermint/blob/master/types/canonical_json.go). -Let us consider the set of signed messages to be: `B ∪ TS`, where `B` is the set -of byte arrays and `TS` is the set of human-readable typed structures. Thus, the -set can can be encoded in a deterministic and injective way via the following -rules, where `||` denotes concatenation: +An example of such a canonical JSON structure is Tendermint's vote structure: -* `encode(b : B)` = `0x0000 || bytes("Signed Cosmos SDK Message: \n") || l || b`, where - * `b`: the bytes to be signed - * `l`: little endian uint64 encoding of the length of `b` -* `encode(ds : TS, ts : TS)` = `0x000001 || encodeStruct(ds) || encodeStruct(ts)`, where - * `ds`: the application domain separator which is also a human-readable typed structure ([see below](#domainseparator)) - * `ts`: the human-readable typed structure to be signed +```golang +type CanonicalJSONVote struct { + ChainID string `json:"@chain_id"` + Type string `json:"@type"` + BlockID CanonicalJSONBlockID `json:"block_id"` + Height int64 `json:"height"` + Round int `json:"round"` + Timestamp string `json:"timestamp"` + VoteType byte `json:"type"` +} +``` -The prefix bytes disambiguate the encoding cases from one another as well as -separating them from collision of transactions to be signed. The `amino` -serialization protocol escapes the set of disambiguation and prefix bytes with a -single `0x00` byte so there should be no collision with those structures. +With such canonical JSON structures, the specification requires that they include +meta fields: `@chain_id` and `@type`. These meta fields are reserved and must be +included. They are both of type `string`. In addition, fields must be ordered +in lexicographically ascending order. -#### Schema +For the purposes of signing Cosmos messages, the `@chain_id` field must correspond +to the Cosmos chain identifier. The user-agent should **refuse** signing if the +`@chain_id` field does not match the currently active chain! The `@type` field +must equal the constant `"message"`. The `@type` field corresponds to the type of +structure the user will be signing in an application. For now, a user is only +allowed to sign bytes of valid ASCII text ([see here](https://github.com/tendermint/tendermint/blob/master/libs/common/string.go#L61-L74)). +However, this will change and evolve to support additional application-specific +structures that are human-readable and machine-verifiable ([see Future Adaptations](#futureadaptations)). -To achieve deterministic and injective encoding, Cosmos signed messages over -type structures will use an existing known standard -- [JSON schema](http://json-schema.org/). -The domain separator and typed structures to be encoded must be specified with -a schema adhering to the JSON schema [specification](http://json-schema.org/specification.html). +Thus, we can have a canonical JSON structure for signing Cosmos messages using +the [JSON schema](http://json-schema.org/) specification as such: ```json { - "$schema": "http://json-schema.org/draft-07/schema#", + "$schema": "http://json-schema.org/draft-04/schema#", "$id": "cosmos/signing/typeData/schema", "title": "The Cosmos signed message typed data schema.", "type": "object", - "definitions": { - "typeDef": { - "type": "array", - "items": { - "description": "The list of properties a schema definition contains.", - "type": "object", - "properties": { - "name": { - "description": "The name of the schema rule.", - "type": "string", - "minLength": 1 - }, - "description": { - "description": "The description of the schema rule.", - "type": "string" - }, - "type": { - "description": "The type of the schema rule.", - "type": "string", - "minLength": 1 - } - }, - "required": [ - "name", - "type" - ] - } - } - }, "properties": { - "types": { - "type": "object", - "properties": { - "CosmosDomain": { - "description": "The application domain separator schema.", - "$ref": "#/definitions/typeDef" - } - }, - "additionalProperties": { - "description": "The application type schemas.", - "$ref": "#/definitions/typeDef" - }, - "required": [ - "CosmosDomain" - ] - }, - "primaryType": { - "description": "The name of primary message type to sign. This is needed for when there is more than one type defined besides `CosmosDomain`.", + "@chain_id": { "type": "string", + "description": "The corresponding Cosmos chain identifier.", "minLength": 1 }, - "domain": { - "description": "The domain separator to sign.", - "type": "object" + "@type": { + "type": "string", + "description": "The message type. It must be 'message'.", + "enum": [ + "message" + ] }, - "message": { - "description": "The message data to sign.", - "type": "object" + "text": { + "type": "string", + "description": "The valid ASCII text to sign.", + "pattern": "^[\\x20-\\x7E]+$", + "minLength": 1 } }, "required": [ - "types", - "primaryType", - "domain", - "message" + "@chain_id", + "@type", + "text" ] } ``` -#### encodeStruct - -The specification of encoding a human-readable typed structures, which includes -the domain separator, is as follows, where `||` denotes concatenation: - -`encodeStruct(ts : TS)` = `sha256(sha256(encodeSchema(ts)) || sha256(encodeData(ts)))` - -**Note**: The typed structure `ts` should include the JSON instance and schema. - -#### encodeSchema - -The **schema** of a typed structure is encoded as the name of the type and the -concatenation of it's schema fields. If the schema internally references other -schemas, then those are appended to the encoding. In order to make the encoding -deterministic, the encoding should sort types by their type name in lexicographic -ascending order. The specification is as follows, where `||` denotes concatenation: - -`encodeSchema(ts : TS)` = `"typeName(" || name || " " || type || ", " || ... || ")"` - e.g. -```json -"Address(address string)Coin(amount integer, denom string)Transaction(coin Coin, from Address, to Address)" -``` - -##### Alternatives - -1. Instead of concatenating schema signatures, we could also take each type -definition and insert them into a sorted JSON object and hash the byte -representation of that object. This would avoid having to perform weird -concatenations. - -#### encodeData - -The **data** of a typed structure is encoded as the concatenation of values in -the typed data sorted by the field names in lexicographic ascending order. The -specification is as follows, where `||` denotes concatenation: - -`encodeData(ts : TS)` = sha256(value1) || sha256(value2) || ... || sha256(valuen)`, where value1 < value2 - -### DomainSeparator - -Encoding structures can still lead to potential collisions and while this may be -okay or even desired, it introduces a concern in that it could lead to two compatible -signatures. The domain separator prevents collisions of otherwise identical -structures. It is designed to be unique per application use and is directly used -in the signature encoding itself. The domain separator is also extensible where -the protocol and application designer may introduce or omit fields to their needs, -but we will provide a "standard" structure that can be used for proper separation -of concerns: - ```json { - "types": { - "CosmosDomain": [ - { - "name": "name", - "description": "The name of the signing origin or application.", - "type": "string" - }, - { - "name": "chainID", - "description": "The corresponding Cosmos chain identifier.", - "type": "string", - }, - { - "name": "version", - "description": "The major version of the domain separator.", - "type": "integer", - }, - ], - }, + "@chain_id": "1", + "@type": "message", + "text": "Hello, you can identify me as XYZ on keybase." } ``` -**Note**: The user-agent should refuse signing if the `chainID` does not match -the currently active chain! +## Future Adaptations + +As applications can vary greatly in domain, it will be vital to support both +domain separation and human-readable and machine-verifiable structures. + +Domain separation will allow for application developers to prevent collisions of +otherwise identical structures. It should be designed to be unique per application +use and should directly be used in the signature encoding itself. + +Human-readable and machine-verifiable structures will allow end users to sign +more complex structures, apart from just string messages, and still be able to +know exactly what they are signing (opposed to signing a bunch of arbitrary bytes). + +Thus, in the future, the Cosmos signing message specification will be expected +to expand upon it's canonical JSON structure to include such functionality. + ## API @@ -255,7 +159,7 @@ adhere to the following specification: **cosmosSignBytes** Params: -* `data`: arbitrary byte length data to sign +* `data`: the Cosmos signed message canonical JSON structure * `address`: 20 byte account address to sign data with Returns: @@ -266,30 +170,7 @@ Returns: **cosmosSignBytesPass** Params: -* `data`: arbitrary byte length data to sign -* `address`: 20 byte account address to sign data with -* `password`: password of the account to sign data with - -Returns: -* `signature`: the Cosmos signature derived using signing algorithm `S` - -
- -**cosmosSignTyped** - -Params: -* `typedData`: type typed data structure, including the domain separator, to encode and sign -* `address`: 20 byte account address to sign data with - -Returns: -* `signature`: the Cosmos signature derived using signing algorithm `S` - -
- -**cosmosSignTypedPass** - -Params: -* `typedData`: type typed data structure, including the domain separator, to encode and sign +* `data`: the Cosmos signed message canonical JSON structure * `address`: 20 byte account address to sign data with * `password`: password of the account to sign data with @@ -297,6 +178,3 @@ Returns: * `signature`: the Cosmos signature derived using signing algorithm `S` ## References - -1. https://github.com/ethereum/EIPs/blob/master/EIPS/eip-712.md -2. https://github.com/ethereum/wiki/wiki/JSON-RPC#eth_sign From 6675be23d234442ebaab767a352da03cce0bf166 Mon Sep 17 00:00:00 2001 From: Aleksandr Bezobchuk Date: Thu, 9 Aug 2018 15:02:50 -0400 Subject: [PATCH 13/17] Add proposed status --- docs/ics/ics-xxx-signed-messages.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/ics/ics-xxx-signed-messages.md b/docs/ics/ics-xxx-signed-messages.md index 50dd67c75..163763b62 100644 --- a/docs/ics/ics-xxx-signed-messages.md +++ b/docs/ics/ics-xxx-signed-messages.md @@ -10,6 +10,10 @@ * [API](#api) * [References](#references) +## Status + +Proposed. + ## Changelog ## Abstract From f252f3e36ce07846a3edb429076cc9d734c7efcd Mon Sep 17 00:00:00 2001 From: Aleksandr Bezobchuk Date: Tue, 14 Aug 2018 13:36:51 -0400 Subject: [PATCH 14/17] Update Cosmos signed messages ICS doc - Address PR comments - Fix markdown lint errors --- docs/ics/ics-xxx-signed-messages.md | 51 +++++++++++++++++++++-------- 1 file changed, 37 insertions(+), 14 deletions(-) diff --git a/docs/ics/ics-xxx-signed-messages.md b/docs/ics/ics-xxx-signed-messages.md index 163763b62..6eeee1671 100644 --- a/docs/ics/ics-xxx-signed-messages.md +++ b/docs/ics/ics-xxx-signed-messages.md @@ -2,13 +2,13 @@ >TODO: Replace with valid ICS number and possibly move to new location. - * [Changelog](#changelog) - * [Abstract](#abstract) - * [Preliminary](#preliminary) - * [Specification](#specification) - * [Future Adaptations](#future-adaptations) - * [API](#api) - * [References](#references) +* [Changelog](#changelog) +* [Abstract](#abstract) +* [Preliminary](#preliminary) +* [Specification](#specification) +* [Future Adaptations](#future-adaptations) +* [API](#api) +* [References](#references) ## Status @@ -46,6 +46,7 @@ action or data, then such an application would have to either treat this as idempotent or have mechanisms in place to reject known signed messages. ## Preliminary + The Cosmos message signing protocol will be parameterized with a cryptographic secure hashing algorithm `SHA-256` and a signing algorithm `S` that contains the operations `sign` and `verify` which provide a digital signature over a set @@ -55,7 +56,7 @@ Note, our goal here is not to provide context and reasoning about why necessaril these algorithms were chosen apart from the fact they are the defacto algorithms used in Tendermint and the Cosmos SDK and that they satisfy our needs for such cryptographic algorithms such as having resistance to collision and second -pre-image attacks, as well as being deterministic and uniform. +pre-image attacks, as well as being [deterministic](https://en.wikipedia.org/wiki/Hash_function#Determinism) and [uniform](https://en.wikipedia.org/wiki/Hash_function#Uniformity). ## Specification @@ -128,6 +129,7 @@ the [JSON schema](http://json-schema.org/) specification as such: ``` e.g. + ```json { "@chain_id": "1", @@ -158,27 +160,48 @@ to expand upon it's canonical JSON structure to include such functionality. Application developers and designers should formalize a standard set of APIs that adhere to the following specification: -
+----- -**cosmosSignBytes** +### **cosmosSignBytes** Params: + * `data`: the Cosmos signed message canonical JSON structure -* `address`: 20 byte account address to sign data with +* `address`: the Bech32 Cosmos account address to sign data with Returns: + * `signature`: the Cosmos signature derived using signing algorithm `S` -
+----- -**cosmosSignBytesPass** +### **cosmosSignBytesPassword** Params: + * `data`: the Cosmos signed message canonical JSON structure -* `address`: 20 byte account address to sign data with +* `address`: the Bech32 Cosmos account address to sign data with * `password`: password of the account to sign data with Returns: + * `signature`: the Cosmos signature derived using signing algorithm `S` +----- + +### Examples + +Using the `secp256k1` as the DSA, `S`: + +```javascript +data = { + "@chain_id": "1", + "@type": "message", + "text": "I hereby claim I am ABC on Keybase!" +} + +cosmosSignBytes(data, "cosmosaccaddr1pvsch6cddahhrn5e8ekw0us50dpnugwnlfngt3") +> "0x7fc4a495473045022100dec81a9820df0102381cdbf7e8b0f1e2cb64c58e0ecda1324543742e0388e41a02200df37905a6505c1b56a404e23b7473d2c0bc5bcda96771d2dda59df6ed2b98f8" +``` + ## References From 629c18541da53de2408d065fa21e19af03559e24 Mon Sep 17 00:00:00 2001 From: Alexander Bezobchuk Date: Wed, 15 Aug 2018 15:12:04 -0400 Subject: [PATCH 15/17] Update ICS number to 030 --- docs/ics/ics-xxx-signed-messages.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/ics/ics-xxx-signed-messages.md b/docs/ics/ics-xxx-signed-messages.md index 6eeee1671..1e5b7c41a 100644 --- a/docs/ics/ics-xxx-signed-messages.md +++ b/docs/ics/ics-xxx-signed-messages.md @@ -1,4 +1,4 @@ -# ICS XXX: Cosmos Signed Messages +# ICS 030: Cosmos Signed Messages >TODO: Replace with valid ICS number and possibly move to new location. From a9f240035c339ae2352c3e9e74e2e7a31e0efa3b Mon Sep 17 00:00:00 2001 From: Alexander Bezobchuk Date: Wed, 15 Aug 2018 15:13:51 -0400 Subject: [PATCH 16/17] Rename ics-xxx-signed-messages.md to ics-030-signed-messages.md --- .../{ics-xxx-signed-messages.md => ics-030-signed-messages.md} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename docs/ics/{ics-xxx-signed-messages.md => ics-030-signed-messages.md} (100%) diff --git a/docs/ics/ics-xxx-signed-messages.md b/docs/ics/ics-030-signed-messages.md similarity index 100% rename from docs/ics/ics-xxx-signed-messages.md rename to docs/ics/ics-030-signed-messages.md From 9dd8e2810475c1fc802d903a262165ac92c80e98 Mon Sep 17 00:00:00 2001 From: Alexander Bezobchuk Date: Mon, 20 Aug 2018 15:15:25 -0400 Subject: [PATCH 17/17] Remove cosmosSignBytesPassword --- docs/ics/ics-030-signed-messages.md | 14 -------------- 1 file changed, 14 deletions(-) diff --git a/docs/ics/ics-030-signed-messages.md b/docs/ics/ics-030-signed-messages.md index 1e5b7c41a..e73d9f580 100644 --- a/docs/ics/ics-030-signed-messages.md +++ b/docs/ics/ics-030-signed-messages.md @@ -175,20 +175,6 @@ Returns: ----- -### **cosmosSignBytesPassword** - -Params: - -* `data`: the Cosmos signed message canonical JSON structure -* `address`: the Bech32 Cosmos account address to sign data with -* `password`: password of the account to sign data with - -Returns: - -* `signature`: the Cosmos signature derived using signing algorithm `S` - ------ - ### Examples Using the `secp256k1` as the DSA, `S`: