New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add transaction authenticator to support OIDC signature signing #11681
Conversation
Codecov ReportAttention:
Additional details and impacted files@@ Coverage Diff @@
## main #11681 +/- ##
===========================================
- Coverage 69.8% 68.6% -1.2%
===========================================
Files 2117 778 -1339
Lines 402321 178777 -223544
===========================================
- Hits 280836 122756 -158080
+ Misses 121485 56021 -65464 ☔ View full report in Codecov by Sentry. |
@heliuchuan @alinush @zjma can we please make sure we propagate any errors in the VM from storage and do not remap them please? Particularly important when getting resources from resolvers fails. In Block-STM, we catch errors and based on how bad the error is can fallback to sequential execution, etc. so propagating errors is crucial |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I finished my pass: really nice work @heliuchuan! Let's go through the comments one-by-one, especially the error codes and the fetching of JWKs via the Move function call.
Once everything is addressed I can stamp!
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
✅ Forge suite
|
✅ Forge suite
|
❌ Forge suite
|
return Ok(()); | ||
} | ||
|
||
if zkid_authenticators.len() > MAX_ZK_ID_AUTHENTICATORS_ALLOWED { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why do we set a limit on the max number of authenticators?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
They are much more expensive to verify compared to a normal authenticator (Groth16 ZKP vs Ed25519; 2ms versus 40 microseconds)
zkID is the integration of the OpenID Connect specification to do transaction signing and authentication.
This PR implements the
OpenIdSig
authenticator described in the "leaky mode" subsection from AIP-61, which does not use zero-knowledge proofs and is thus not privacy preserving.This
OpenIdSig
path is meant to be a "dead man's switch" in the case that the ZKP path is compromised and must be turned off. It will allow users to continue to access their accounts although usage will sacrifice privacy.ZkIdPublicKey
ZkIdSignature
ZkpOrOpenIdSig
OpenIdSig
Signature size
The signature size will be variable as many fields to not technically have a limit.
Total Size Estimate
OpenIdSig.jwt_sig
-> ~350 bytesOpenIdSig.jwt_payload
-> ~600 bytesOpenIdSig.uid_key
-> ~5 bytesOpenIdSig.epk_blinder
-> 31 bytesOpenIdSig.pepper
-> 31 bytesOpenIdSig = ~1017 bytes
ZkIdSignature.sig
-> 1 bytes (enum) + ~1017 bytesZkIdSignature.jwt_header
-> ~100 byteZkIdSignature.exp_timestamp_secs
-> 8 bytes (u64)ZkIdSignature.ephemeral_pubkey
-> 34 bytes (when Ed25519 is used but up to 93 bytes)ZkIdSignature.ephemeral_signature
-> 66 bytes (when Ed25519 is used, schemes in the future could differ)ZkIdSignature=~1226 bytes
ZkIdPublicKey.iss
-> ~27 bytes (google)ZkIdPublicKey.idc
-> ~32 byteZkIdPublicKey=~59 bytes
Signature verification
To verify an OpenIdSig with a ZkIdSignature, the following checks must pass
ZkIdPublicKey.iss
must match theiss
claim inOpenIdSig.jwt_payload
ZkIdPublicKey.idc
must match the the addresss IDC computed fromOpenIdSig.jwt_payload
ZkIdSignature.exp_timestamp_secs
< MAX_EPK_LIFESPAN_SECS +iat
(the value of theiat
claimOpenIdSig.jwt_payload
)nonce
reconstructed fromZkIdSignature.exp_timestamp_secs
,ZkIdSignature.ephemeral_pubkey
, andOpenIdSig.epk_blinder
matches thenonce
claim inOpenIdSig.jwt_payload
ZkIdSignature.exp_timestamp_secs
<now
(the current time on-chain at validation time)ZkIdSignature.jwt_header
.OpenIdSig.jwt_payload
.OpenIdSig.jwt_sig
is a valid JWT token using the corresponding JWK stored on chain (still TODO)Again, more implementation details can be found in AIP-61.
Be sure to
./scripts/authenticator_regenerate.sh
to regenerate all API files and protobuf files (and other dependencies when modifying the Rust authenticator code). Otherwise, you'll get CI/CD failures. If you want to learn more:testsuite/generate-format/README.md
.api/doc/spec.{json,yaml}
must be updated (see README.md)testsuite/generate-format/tests/staged/consensus.yaml
must be updated; seecargo run -p generate-format -- --help
(as suggested by @davidiw)ecosystem/indexer-grpc/indexer-grpc-fullnode/src/convert.rs
must be manually updatedNotes