Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Public Key encoding in protobuf compatible serialization world #4208

Closed
zmanian opened this issue Nov 30, 2019 · 5 comments
Closed

Public Key encoding in protobuf compatible serialization world #4208

zmanian opened this issue Nov 30, 2019 · 5 comments
Assignees

Comments

@zmanian
Copy link
Contributor

zmanian commented Nov 30, 2019

We want to adopt tendermint/go-amino#276.

If we adopt full protobuf compatibility, this changes the byte encodings of validator consensus keys. These manifest in human and developer-facing interfaces such as the Cosmos SDK cosmosvalpub encoded interfaces and in the Tendermint RPC.

It is desirable to have a prefix that identifies the cryptographic system that a given public key belongs to prevent key confusion attack.

The legacy system is described in here. These encodings are created by the amino format but are trivial to implement as a customer serializer.

My recommendation is that we special case the serialization of public keys in Tendermint.

<PrefixBytes> <Length> <ByteArray> seems like generally reasonable format. For compatibility reasons, ed25519 and secp256k1 keys can keep their amino prefix bytes. New key types can select any prefix bytes they desire that don't collide with a key type in github.com/tendermint/spec repo.

A strawman alternative is drop legacy compatibility and just do <PrefixBytes> <ByteArray> and reset the prefix for ed25519 to 0x001 and sepc256k1 to 0x0021.

@jackzampolin
Copy link
Contributor

This seems like something we could easily do in a switch statement when decoding the key. With strong documentation/reproducibility on the legacy for others who need it. I would imagine we would also need a rust impl here for signatory

@zmanian
Copy link
Contributor Author

zmanian commented Dec 3, 2019

By switch statement you mean basically a look up table?

I need to check but signatory might just be doing this manually. We were doing that at one point.

The length value is most basically superfluous. It does potentially allow you to send both an x,y coordinate instead of just x or y. This usually called "compressed" form.

@jackzampolin
Copy link
Contributor

By switch statement you mean basically a look up table?

exactly

@tac0turtle
Copy link
Contributor

@zmanian is this still applicable since we now adopted amino flavored JSON?

privval json encoding stays the same. remote signer encoding will change to oneof, but this change will be handled on the hsm (kms) side correct?

@zmanian
Copy link
Contributor Author

zmanian commented Jun 11, 2020

My overall impression is that we don't need to do this and can close this.

@zmanian zmanian closed this as completed Jun 11, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

4 participants