sui icon indicating copy to clipboard operation
sui copied to clipboard

Published 20 hours ago verified publisher icon MystenLabs

[crypto] Intent Signing v0 - *non-breaking change*

Open kchalkias opened this issue 3 years ago • 2 comments

Per Sui's handbook of serialization, we should always sign intents, to guarantee a collision-free and domain-separated environment. This PR is a non-breaking change, as it provides the Intent functionality without applying it to production signing yet.

An intent is a secure wrapper type with an extra three bytes (u8):

  • one that defines the backwards compatible version (bump this whenever making signable-struct breaking changes)
  • one that defines the chain_id
  • one that defines scope.

Note that in theory the same object might be signed for different scopes/purposes; thus, if we ever want that (i.e. sign a TransactionData for another scope (not to submit it as a chain tx), we should create another intent wrapper for this type etc.

kchalkias avatar May 22 '22 04:05 kchalkias

@bmwill I like your approach, let's discuss about intent <-> object type decoupling, we might want to ensure devs cannot mix an intent with unrelated objects (and that was the main reason for pinning Intents in this PR).

kchalkias avatar May 22 '22 23:05 kchalkias

@huitseeker The only official written design doc is on the last part of handbook of serialization, which discusses intents, many of the design decisions in this PR are based on communication channels feedback. That document specifically states:

We propose defining a template for intent objects i.e. Intent <Version, Scope, Data> (maybe ChainID and appID as well) and always enforce signing intent objects only, nothing else.

This PR doesn't focus on signature schemes or their agility, everyone should do intent signing, even validators (similarly to previously (before this PR) - everyone was signing Signable objects).

Agree with you re different types of signatures (it's also hashing where oftentimes we need domain separation), this PR works as a starter proposal (call it a design doc if this works better for you).

Unified crypto lib between NW + Sui, intent-object full decoupling (per @bmwill's proposal), types of uses (different sigs "user vs validator", hashes), domain separation at the app level and others will be discussed in the meeting.

kchalkias avatar May 22 '22 23:05 kchalkias

Closing as stale.

damirka avatar Mar 29 '23 08:03 damirka