Open KevinTuncer opened 2 years ago
aaroncox
commented
2 years ago This is a more global problem within EOSIO - a lack of standards on how to identify a user.
We don't offer arbitrary string signing since the login process itself (an identity request) already provides a verifiable proof that the user is who they say they are. We have yet to see a use case this wouldn't be able to cover.
KevinTuncer
commented
2 years ago Once a signature is verified in the contract, that would be useful. This should be avoided, but in rare cases it could be beneficial.
Example 1: A token sale smart contract where investors can participate directly from exchanges. But for many people who are new to EOS, account creation is a complicated process and they wonder why they have to pay for it. These are reasons that prevent some newcomers to participate in the sale. To avoid the account creation at the time of investment, it is useful to bind the deposit to a public key. The withdrawal to a specific account is then verified with a signature.
When the price of the new token increases, investors automatically become interested in an EOS account and create one by themself. And if not, as soon as the new token is listed on an exchange, they could pay out directly to it without ever owning an account.
Example 2: It will be easier to recruit influencers as affiliate partners for a DAPP or Tokensale on EOS if they don't need an EOS account in the first place. Public keys can be used instead of account names for decentralized affiliate links. So, an influencer could provide a public key and as soon as a new customer enters this public key, a bonus will be added to the public key in RAM. If the amount of the bonuses is high enough, the influencer can create an account with it and pay out the rest. But this needs a signature verification in the contract, too.
aaroncox
commented
2 years ago Both things you've described are better solved by a pay-to-key token contract, in which private/public keys, without an account, can be used to send and receive tokens. There's talks of a system like this being created, but it doesn't exist just yet. Hopefully soon!
As for what exists today, one of our developers took a few minutes to jot down his ideas on how arbitrary messages could be signed with an existing account today: https://forums.eoscommunity.org/t/how-to-sign-arbitrary-data-using-esr-and-anchor-link/5126
It doesn't cover the use cases you're describing of non-account based transactions, but it's how individual developers today could implement arbitrary signatures.
Signing an arbitrary string message is still not available with Anchor. I don't want to recomment my users another wallet instead, so I would be glad if this feature will be integrated.