Open zhaomengru2015 opened 1 year ago
I think the user case for key rotation is more like a best security practice, like today organizations rotate their credentials periodically. For the case "the mnemonic words exported", I think rotate mnemonic words might not solve the problem. If user's mnemonic words was exported, it much likely that the assets has already lost. So in this case, the first thing user should do is transfer the assets to another safer place, not rotate another authentication key with a new mnemonic word.
I think mnemonic phrase rotation would be more powerful compared to key rotation but I understand the complexity it brings to hardware wallets. Key rotation can be used as a best practice too but providing both these features to users is a big UX problem.
Based on the discussion from this thread, Martian wallet will be using a different key rotation technique and the mnemonic phrase rotation will leverage this algorithm. Aptos Wallet is also using this technique for key rotation.
I agree with your proposal to incorporate SLIP-10 to use ed25519 curve instead of secp256k1 curve but why are we not using SLIP-10 for master key generation. Can you please elaborate on this part?
generate the master seed from mnemonic words following the bip39 standard. derive private and public key pair for ed25519 curve for hdPath "m/44'/637'/0'/0'/0'" following the slip10 standard. the sha3-256(pubkey_A | signing_schema) will be the account's initial authentication key according to the Aptos Authentication Key Definition, so as the account's address. more private and public key pairs can be derived by increasing the account level hdPath described in step 2; respect the address gap limit described below.
@MartianSiddharth about the mnemonic phrase rotation, can you please give more details about the algorithm?
@MartianSiddharth as for the SLIP-10 master key generation, my fault, what I mean was definitely using SLIP10 to master key generation, and derive child private and public key pairs for account and rotation keys, let me update the issue description.
@zhaomengru2015 I had another doubt about SLIP-10.
For the ed25519 curve the private keys are no longer multipliers for the group generator; instead the hash of the private key is the multiplier. For this reason, our scheme for ed25519 does not support public key derivation and uses the produced hashes directly as private keys.
Does this mean that we will not be able to derive public keys?
@MartianSiddharth No,We don't. We can only get privatekey from slip10. Aptos will generate an ed25519 signing key pair with nacl
@MartianSiddharth , can we support key rotation for hardware wallet? like when users connect Keystone in Martian, then using key rotation, users select a derivationPath
and Keystone generate the key. Using mnemonic rotation if users connect without hardware wallet?
I think mnemonic phrase rotation would be more powerful compared to key rotation but I understand the complexity it brings to hardware wallets. Key rotation can be used as a best practice too but providing both these features to users is a big UX problem.
@MartianSiddharth do you have any feedback about the Key rotation suggestions ⬆️ ? Or you still want to go with only mnemonic rotation at this stage, I think that could be fine.
move this to the official AIP repo https://github.com/aptos-labs/aip/issues/2
Background
In the Aptos blockchain, when creating a new account, a 32-byte authentication key will be created first, this authentication key will be the account's address. The authentication key will change when generating a new pair of the private and public keys to rotate the authentication key, but the account address will not change.
Motivation
Currently, there is no standard regarding the address generation and authentication key rotation implementations, wallets are using different approaches, leading to several problems:
Current status
Address generation
Currently different wallets are using different ways for address generation:
Authentication key rotation
After a great discussion about authentication key rotation, the OriginatingAddress technology has been implement.
Proposal
Account generation
For the account generation, we propose the SLIP-10 for several benefits:
SLIP-10
.Authentication key rotation
For the authentication key rotation, we propose to follow the OriginatingAddress implementation, a brief description of this implementation can be found here, new mnemonic words rotation should be used for security.
Here is the detailed way of Account generation and Key rotation.
Account generation
sha3-256(pubkey_A | signing_schema)
will be the account's initial authentication key according to the Aptos Authentication Key Definition, so as the account's address.account level
hdPath described in step 1; respect theaddress gap limit
described below.Address gap limit
Address gap limit should be set. if the wallet hit this limit, it expects there are no used addresses beyond this point and stop searching the address chain.
Code snippet
Address generation
Authentication key rotation
accountIndex
from step 1, account_b is created on-chain, with the auth_key=sha_256(pub_b | schema_id).