Simplification of origin key management

[ghost]

Problem to solve

To secure transaction we are using origin signature which is some kind of security to ensure a transaction have been forged by an authorized device or origin (app)

But to enlist an origin into the system the complex was difficult and the setup no scalable being interactive (according to the patents)

Solution

I propose a new solution which is kind of proposal to support easy enlisting of origin devices but removing the concept of origin shared secrets.

Then, we can list all the origin keys for a given family (by certificate) with its own chain.

Each device would have to send a request to the network by passing its public key and its certificate, to be validated according to the CA available (TPM/Yubikey, Ledger, ...)

Once validated the public key will be listed in the origin public keys

Then the device will use its direct private key to sign the transaction and then the nodes will certify with the list of public keys available in the network.

This scheme makes the system more scalable, easier to implement and to understand

This issue would require:

Knowledge

• Understanding the api/origin_controller
• Finding the modules that gets affected on making changes
• Understanding the OriginSignature part in transaction

Coding Changes

• Adapt API to add origin public key
• Remove the API to get origin encrypted shared key
• Add certificate inside the origin tx
• Changing the Existing function to fetch origin keys
• Updated the explorer view with new origin tx content
• Adapt Existing Test Cases with Changes
• Dependency on libjs to adapt the behaviour

---

Epic: #149

[internet-zero]

Hey team! Please add your planning poker estimate with ZenHub @blackode @imnik11 @roychowdhuryrohit-dev @samuel-uniris

[AmodD]

Please add your planning poker estimate with ZenHub @Neylix