Should we use have a EIP191 like arbitrary bytes signatures #12761
Replies: 7 comments 8 replies
-
Also consider EIP-712 which prevents replay attacks and is widely supported in the Eth community. |
Beta Was this translation helpful? Give feedback.
-
Can we talk about who the user and consumer is of this data? What's it intended to be used for in a Filecoin context? Who/what are we catering for if we aim for EIP-191 compatibility? Would that smooth anyone's tooling||developer journey when transitioning between Ethereum and Filecoin, or is it just alignment for the sake of alignment? I'm unclear on all of these questions. |
Beta Was this translation helpful? Give feedback.
-
Standardisation is good, but this is not consensus-critical (as far as I understand! please correct me if I'm wrong), it's just something we want to say that tooling through the ecosystem should adopt. But the way to do that is an FRC and I can help push that along; what we want from it is eyes from all of the tool authors that are implicated so at least we don't have disagreement and then moving forward to change what exists currently has some rough consensus. I don't have an opinion on EIP-712, it seems like it might be a helpful additional-extra but not as important? It'd be particularly hard for CLI signing I imagine but maybe nice for a signing library like iso-filecoin? I don't really know how it would get used but it might be nice to get smart contract authors to weigh in on that part of it. So, an FRC is a lower-bar than a FIP, it's just an announcement that there is a standard and it would be good if you conform to it if you have anything to do with it. It should be a good way to discover disagreement.
So an FRC might just give a basic outline of the EIPs being referenced, why we in the Filecoin ecosystem should care, how our tooling should adapt to it, and considerations about backward compatibility or potential for breakage of what exists now (I'd like to know this myself!). Who are the users, how are they going to use this, why should we care about standardisation? |
Beta Was this translation helpful? Give feedback.
-
Thank you for facilitating this discussion, @hugomrdias! I’ve gained valuable insights from this thread. My Current Understanding and Questions:
Proposal for a Filecoin Request for Comments (FRC)I believe an FRC on best practices for message signing in the Filecoin ecosystem would be highly beneficial. Documenting the current practices used by different applications and coordinating these into a standardized approach would provide clarity and improve security, even if no immediate changes are made. |
Beta Was this translation helpful? Give feedback.
-
I can't speak to many of the open questions here about breakage risk and alignment, but I would chip in to make a few comments:
Yes, I think the whole point of an EVM-compatible chain complete with long-lived,
I don't know enough about Filecoin to say whether there is an analogue here, but I believe that in the EVM context, this prefix was not a security measure (the rest of the prefix ALREADY makes any EIP-191 digest invalid as an input to an on-chain transaction) so much as a multiformats-like sigil to make the signature object self-describing and sniffable/sortable from the first few bytes. Perhaps different prefixes/magic bytes/CBOR enveloping makes more sense if the idea is to create a safe envelope for arbitrary digests? If, conversely, there is no particular benefit to reinventing this wheel, simply swapping "Filecoin" for "Ethereum" has the [theoretical, minor] added benefit of "rhyming with" the EIP-191 envelope and being human-readable [to humans expecting eth dapp data exhaust, anyways].
If I'm understanding Hugo's original proposal, yes, a "blank-check" signing method seems worth deprecating and removing from some future version of Lotus/CLI, once all the consumers of today's blank-check signatures have upgraded to safer, enveloped signatures. How long that takes is... up to all of y'all, I think!
If it takes a lot of effort/time/money to get Ledger to replace unsafe arbitrary sigs with something safer and enveloped, a second option would be to just use the 712 option in Ledger, which I believe is already supported? Getting consumers to accept 712 signatures seems a much bigger ask, tho.
Should I start a draft PR with an outline of such an "Informational FRC"? Would it help gather input and align before making any more normative requests of Ledger and/or Filecoin core devs? Footnotes
|
Beta Was this translation helpful? Give feedback.
-
Yes please! |
Beta Was this translation helpful? Give feedback.
-
In terms of selecting a magic number, 0x19 isn't perfect but it is guaranteed to work with our messages because all of our messages start with a CBOR major-type of 4. That is:
In CBOR, the first thee bits are the major type so 0x19 would be interpreted as "unsigned integer". Our messages are arrays, not unsigned integers, so this will work. It's not perfect because it's still a valid prefix for a CBOR object: 0x19 indicates that the following two bytes are a non-negative 2 byte integer. But it'll never be a message that lands on-chain. So I'd say we should go for complete compatibility and use |
Beta Was this translation helpful? Give feedback.
-
This is a follow up to this issue on the filecoin ledger repo.
The embedded Filecoin Ledger app has this
signRawBytes
method but its not really just raw signature likelotus wallet sign
it's more like EIP191:sign(blake2b256(CID(blake2b256("Filecoin Sign Bytes:\n" + len(message) + message)))))
Please ignore the extra CID in there for the purpose of this discussion 😄🙏🏼
This situation started the conversation about eips.ethereum.org/EIPS/eip-191 and if we should expose the raw signature method or just a safer EIP191 like signature.
EIP191 looks like:
\x19Ethereum Signed Message:\n
"0x19 <0x45 (E)> <thereum Signed Message:\n" + len(message)> "For Filecoin it may look like:
\x19Filecoin Signed Message:\n
"0x19 <0x46 (F)> <ilecoin Signed Message:\n" + len(message)> "Although theses prefix are Ethereum focused and specific to RLP and may not have the same effect to CBOR messages.
The last point is about FEVM which should probably follow strict EIP191 and not a "Filecoin EIP-191"
So to be discussed:
Changing the filecoin ledger app is a complex process and we need at least some buy in from people on this to move on with changes.
/cc @eshon @ribasushi @Stebalien @raulk @rvagg @magik6k
Beta Was this translation helpful? Give feedback.
All reactions