VIP: Signed Structs (EIP 712 Support) #1020
Comments
jacqueswww
added
VIP: Discussion
|
Approved, dependency on #1019 . |
|
Note: dependency is only recommended to make it easier to work with. This proposal stands alone. |
|
Linking to https://github.com/ethereum/EIPs/blob/c6a476b64d9dff50cd18f12d03bd552751956537/EIPS/eip-712.md for reference |
|
We will evaluate this one at implementation time, to probably use EIP712 :) |
|
After absorbing EIP712 a little more, it seems that this VIP and EIP712 are fairly closely aligned and we can follow the spec in EIP712 for hashing/signing structs. I that The only thing in EIP712 which hasn't been considered yet for the scope of this VIP is the domain separator struct. I propose a new keyword to help define this struct, As in the EIP712 spec, the EIP712Domain definition must have one or more of those fields, but may omit unused fields. The EIP712Domain may have a name, which permits defining multiple domains in a single |
|
Mostly agree with that assessment, with a few caveats.
How would this work in practice? My idea with having the signature defined as part of the struct would be to allow signed transactions to be submitted as struct data inputs to functions that may use that transaction to verify or make an assertion about some larger action, like the Plasma exit use case (reference my code). I also wanted to make it easier to do core operations on these data structures, like recover the signing account, without having to directly handle the signature or anything. Something like |
|
Linking to ethereum/EIPs#712 for posterity |
|
A couple conclusions from gitter: Also, the contract should expose the domain separator values as public variables |
|
Should we allow |
|
Yes, rather safe than sorry. |
|
One idea I have been toying with is to just let the user set any domains in
the constructor. However, then we need a way to determine which fields are
set (since according to the spec fields can be nullable). Not just for
calculating the hash in contract, but also if we expose those fields to a
user agent. We could perhaps use 0 or the null string as sentinel values
but I am sure some user will want to use those values. Actually I think
this issue needs to be solved whether the domain fields are set in storage
or the runtime code.
…On Thu, Apr 4, 2019, 2:49 PM Jacques Wagener ***@***.***> wrote:
Yes, rather safe than sorry.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#1020 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ADsDbV29LIxbM67nJsiOF-wAxI1URAuuks5vdnNKgaJpZM4Woht2>
.
|
|
Note: Cannot implement this manually without #1406 |
Really? I figure you only need |
|
Yeah, that was my point haha. Without This VIP would add an additional syntax to shortcut the manual process. It could also get away with not leveraging |
|
What do we think of the following as a specification for this type of message signing and signature recovery, using EIP712: from vyper.messages import EIP712Domain, recover_message
from vyper.signatures import VRS_SECP256K1 # (v, r, s) tuple type, 65 bytes
# Can be any valid struct
# (gets signed offline using EIP712 API with above domain)
struct Transaction:
a: address
b: uint256
@public
def foo(txn: Transaction, sig: VRS_SECP256K1)
# Assert that the transaction's signer is the caller here.
myDomain: EIP712Domain = EIP712Domain({
name: [string literal] # optional unless no others
version: [string literal] # optional unless no others
chainId: [uint256 literal or variable] # optional unless no others
verifyingContract: [address literal OR self] # optional unless no others
salt: [bytes32 literal] # optional unless no others
})
assert recover_message(txn, sig, type=myDomain) == msg.sender
... # Stuff, now that we authenticated the signer |
fubuloubu
removed
the
VIP: Discussion
|
With the upcoming Istanbul hardfork, we should include support for EIP-1344 in this feature. |
|
Had another idea for syntax using decorators which I think would look much cleaner: from vyper.message import EIP712Domain, EIP712Message, eip712_recover
EIP712Domain TransactionDomain:
name: "My Protocol" # must be a string
version: "1.0" # must be a string
chainId: tx.chain_id # this or uint256 literal
verifyingContract: self # this or address literal
# By decorating with this datatype, this informs
# the compiler to use the EIP712 Hashing strategy
@EIP712Message(TransactionDomain)
struct Transaction:
a: address
b: uint256
@public
def do_something(
# Hash via EIP712 hashing strategy because of EIP712Message decorator
_msg: Transaction,
# bytes[65] under the hood, note: web3py uses RSV convention... but precompile uses VRS
_sig: RSV_SECP256K1,
) -> address:
# 1. Hash TransactionDomain and _msg together (3 hashes)
# 2. Extract _sig to r, s, v components
# 3. Run ecrecover precompile
return eip712_recover(_msg, _sig) |
charles-cooper
added
help wanted
Easy Pickings
Simple Summary
Allow defining a struct that contains a signature field such that there is a standard algorithm for performing ecrecover on it.
Would be most useful with #1019
Abstract
In constructions like Plasma, it is often useful to define a transaction data structure to manage the complexity of a transaction type and how it is used to validate logic in the contract. Having a struct type that can define an extra signature field which can be processed in a standard algorithm to recover the signer of the transaction would be very helpful to streamline the design of these algorithms without too much complexity in the contract.
Motivation
We want to make working with different constructions like Plasma as simple and expressive as possible. Primatives like working with signed transactions are very commonplace in this constructions, and we should support primitives like this as first class citizens to make it easier and safer to write these kinds of contracts.
Specification
We might define a structure as follows that contains a VRS signature with which recovery of the signing address can be performed via exclusion of the signature, hashing of the rest of the struct as an RLP encoded object, and performing
ecrecover(hash, r, s, v)of the result.The field that would contain this signature in this special struct would be denoted by
__sig__.get_signer(struct)would be the function that performed this function to return the signer's address.There might potentially be defined a custom type to represent a VRS signature, but should be extensible with other types for other signature methods that may be included later.
Backwards Compatibility
This would be fully backwards compatible as it is a new featureset that would be added.
Copyright
Copyright and related rights waived via CC0
The text was updated successfully, but these errors were encountered: