Standard Message Authentication Method for Actors (FIP-0044) #413
Replies: 4 comments 8 replies
-
Thanks @arajasek. I support pursing this proposal in preference to FIP-0035. The latter would become redundant. This proposal leads to less complexity in the built-in actors, is quicker to implement, and also establishes a pattern for future applications to follow. In comparison with the approach described in FIP-0035, this proposal is universal from the point of view of actors that need to verify messages. That is, the FIP-0035 approach requires every actor that wants to authenticate messages from either EOAs or other actors to implement their own additional methods and intermediate state; this approach means they can all just delegate it back to the signing actor. The flip side is that it means actors that wish to send authenticated messages must implement something instead. I think it's likely a very good tradeoff in terms of total work and complexity in the ecosystem to put that work on the sender side. I expect there to be many more receivers and a fairly small class of sender implementations (wallet actors, multisigs, DAO roots etc). |
Beta Was this translation helpful? Give feedback.
-
Edited the OP to include an informal specification, as well as a link to a draft PR that prototypes this. |
Beta Was this translation helpful? Give feedback.
-
Agree on the proposal too. But do note that in reality, DAOs actually piggyback the signature parameters to squeeze and encode data. For example OpenDAO's airdrop contract actually piggybacks the parameter |
Beta Was this translation helpful? Give feedback.
-
@arajasek @anorth Have you had the opportunity to reason through how this proposal would integrate with #388? Both proposals are related in the sense that they place message validation logic on chain. One enables an actor to act as a sender (account abstraction); the other enables composability. |
Beta Was this translation helpful? Give feedback.
-
Update: FIP PR #424
Note: Heavily based on EIP-1271
One-line Summary
Standardize an
AuthenticateMessage
(name TBD) method across actors, that gets invoked in place ofValidateSignature
calls to the runtime. This allows entities besides externally-owned accounts (secp & BLS keys) to authenticate messages.Background
Currently, only externally-owned accounts can sign messages with their associated private keys. Today, this restricts some functionality (for example, a multisig actor being a storage client), but isn't a major issue. Withe the planned introduction of user-programmable actors to the Filecoin network, however, the scope of innovation blocked by this restriction will grow.
There are already proposals to work around this problem -- FIP-0035 is a concrete example of this. It introduces three new messages (along with their associated types) in order to allow actors to function as built-in storage market clients.
Proposal
We can instead have a standard
AuthenticateMessage
method across actors, that takes raw data and some "signature" data as input. Actors can implement this method as they see fit, though a "good" implementation should meet certain criteria (see below). In the case of the Filecoin builtin actors, for instance, theAccount
actor simply implements this by validating the signature itself. Anm/n
multisig actor could implement this by receivingm
signatures of the message in question, and validating them individually.Specification
Concretely, we propose adding the following method to the built-in
Account
Actor. This method can then be the blueprint for other builtin actors (eg. the multisig actor), as well as a template for user-defined actors.The params to this method is a wrapper over the message and signature to validate:
A draft PR may be found here.
Matters of considerations
While the proposal is relatively straightforward, there are some details that require special consideration:
AuthenticateMessage
methods should satisfy. I'd like to defer a consideration of these properties, scoping this discussion to the portions relevant to implementing this idea in the built-in actors today (with an eye towards replacing FIP-0035 with this idea).Acknowledgements
Thanks to @anorth for the idea, and the authors of EIP-1271 for the previous work.
Beta Was this translation helpful? Give feedback.
All reactions