-
Notifications
You must be signed in to change notification settings - Fork 115
Open
Milestone
Description
Currently, we have the following standard authentication components:
no_authecdsa_k256_keccakecdsa_k256_keccak_aclrpo_falcon_512rpo_falcon_512_aclmultisig_ecdsa_k256_keccakmultisig_rpo_falcon_512
This is already quite a few and there is a lot of code duplication between them. In the next release of the VM we also have added support for EdDSA signature scheme, and in subsequent releases we'll have ECDSA over P256 curve and canonical Falcon signature support added. This will make matters quite a bit worse.
I think we should try to consolidate these authentication components to be "signature agnostic". The list of components could be:
-
no_auth(same as now). -
auth_singlesig(maybe a different name is needed) - authentication component where only single signature controls the account. -
auth_singlesig_acl. -
auth_multisig- an$m$ of$n$ multisig. -
auth_multisig_acl.
The idea is that these components would be extensible with respect to signature schemes and the potential approaches of how to support this are described in #2083 (comment).
A couple other open questions:
- Should we also include the PSM-enabled multisig into the set? In this case, we could have something like
auth_basic_multisigandauth_psm_multisig. - Should we somehow consolidate the ACL and non-ACL variants? Maybe this could be done via component templates (e.g., the simple component is just a special case of the ACL component). Though, there is an argument for keeping some components as simple as possible.
- How much flexility do we want to support in regards to mixing signature schemes? For example, do we want to have a multisig that can mix ECDSA and Falcon signatures?
- How do we handle key rotations? Would these be a part of these standard components?
Related issues:
Reactions are currently unavailable
Metadata
Metadata
Assignees
Labels
No labels