An offchain computing layer for DePIN verifiable data computation, supporting a variety of validity proofs including Zero Knowledge (ZK), Trusted Execution Environments (TEE), and Multi-party Computation (MPC)
Currently, it appears that the demo API node has a minimal implementation for message signature verification. While a message signature is required, the system is actually accepting any valid elliptic curve signature—even if it belongs to a different message.
We need to decide whether to include this feature in the next release. If we choose to include it, I suggest that we implement it fully. This means:
Verifying that the signature is valid for the specific message.
Ensuring that the signer’s address is a DID of a device registered in ioID for the targeted project.
Dropping the message if these conditions are not met.
Alternatively, we could remove the requirement for a signature in the demo API node to reduce unneeded friction for users.
Liuhaai
commented
2 days ago
Currently, it appears that the demo API node has a minimal implementation for message signature verification. While a message signature is required, the system is actually accepting any valid elliptic curve signature—even if it belongs to a different message.
We need to decide whether to include this feature in the next release. If we choose to include it, I suggest that we implement it fully. This means:
Alternatively, we could remove the requirement for a signature in the demo API node to reduce unneeded friction for users.
cc @guo