Add EIP-6493: SSZ Transaction Signature Scheme #6493
Conversation
github-actions
bot
added
c-update
|
All reviewers have approved. Auto merging... |
This PR builds on top of prior work from: - @lightclient at ethereum#6385 The signature malleability issue in the original PR is addressed by reusing the consensus `compute_signing_root` mechanism to link each hash with the transaction's underlying `chain_id` and `tx_type`. Note that this makes the transaction hashes different from the plain `hash_tree_root` values. This means that if the `transactions_root` MPT is replaced with SSZ (EIP-6404), that the `transaction_hash` would need to be tracked separately, same as for legacy RLP-based transactions. This is mainly a cosmetic issue, not a practical one. In an SSZ tx tree, we could simply include both the HTR as well as the perpetual tx hash. Cryptographic analysis may be necessary to determine the amount by which the hash collision probability is increased, if we use different hashing algorithms for transactions. On the other hand, using different algo for SSZ transactions reduces the impact of a custom network defining 0x05 as a RLP transaction that might serialize same as the blob SSZ transaction.
|
Overall, these items need to be mixed into any SHA256 based signature:
Currently, this PR uses an approach as close as possible to the consensus specs:
It doesn't necessarily have to be these constants, and it doesn't necessarily have to be the same schema from consensus. While both these tx signatures and the consensus signatures are SSZ based, they are not signed using the same key. For example, we could also just run For the perpetual TX hash, it could be relaxed, but the same information needs to be mixed into the hash if the goal is to create globally unique TX hashes (across chains). |
|
There is also https://eips.ethereum.org/EIPS/eip-2124, maybe the "genesis hash" would work to link the signature to the underlying spec document defining the tx type, as the consensus genesis_validators_root equivalent. |
EIPS/eip-4844.md
Outdated
| def signed_tx_hash(tx: SignedBlobTransaction) -> Root: | ||
| domain = compute_transaction_domain(BLOB_TX_TYPE, node.cfg.chain_id) | ||
| return compute_signing_root(tx, domain) |
There was a problem hiding this comment.
For the signed_tx_hash, as it already includes the signature (which already signs over compute_transaction_domain), I think it may be possible to just use plain hash_tree_root. TBD.
github-actions
bot
added
c-new
eth-bot
added
a-review
|
The commit 1e9e198 (as a parent of 0f13409) contains errors. |
github-actions
bot
removed
c-update
etan-status
changed the title
hash_tree_root based transaction hashes
eth-bot
added
e-review
|
I moved the scheme for SSZ transaction signatures to a separate EIP (6493). Note that this representation is for the way how signatures are signed, identified, and represented before inclusion in a block. For post-block-inclusion, there is EIP-6404. The new signature scheme proposed here is close to what the "SSZ Union" approach in EIP-6404's test section is referring to, so it doesn't conflict with the approach based on "SSZ Union". For "SSZ Normalized" approach, the transaction's mempool encoding is not linked to the post-block-inclusion encoding, so there is no concern either. |
|
Also, @vbuterin , this is as close as I could get it to your post here: https://notes.ethereum.org/@vbuterin/transaction_ssz_refactoring Means, 1 more SHA256 needed to get from |
|
Let's move discussion to here: |
| tx_to=ExecutionAddress(bytes.fromhex('d8da6bf26964af9d7eed9e03e53415d37aa96045')), | ||
| tx_value=3_141_592_653, | ||
| ) | ||
| sig_hash = compute_example_sig_hash(message) |
There was a problem hiding this comment.
| sig_hash = compute_example_sig_hash(message) | |
| sig_root = compute_example_sig_root(message) |
would this be clearer to convey that this goes into signature calc
Co-authored-by: g11tech <develop@g11tech.io>
* Update EIP-4844: `hash_tree_root` based transaction hashes This PR builds on top of prior work from: - @lightclient at ethereum#6385 The signature malleability issue in the original PR is addressed by reusing the consensus `compute_signing_root` mechanism to link each hash with the transaction's underlying `chain_id` and `tx_type`. Note that this makes the transaction hashes different from the plain `hash_tree_root` values. This means that if the `transactions_root` MPT is replaced with SSZ (EIP-6404), that the `transaction_hash` would need to be tracked separately, same as for legacy RLP-based transactions. This is mainly a cosmetic issue, not a practical one. In an SSZ tx tree, we could simply include both the HTR as well as the perpetual tx hash. Cryptographic analysis may be necessary to determine the amount by which the hash collision probability is increased, if we use different hashing algorithms for transactions. On the other hand, using different algo for SSZ transactions reduces the impact of a custom network defining 0x05 as a RLP transaction that might serialize same as the blob SSZ transaction. * Fix `signed_tx_hash` * Use static chain ID for purpose of domain computation * Extract SSZ signature scheme to EIP for reuse * Add URL * Split 4844 changes to separate PR * Fix * rm redundant test * Apply most of @g11tech's review Co-authored-by: g11tech <develop@g11tech.io> --------- Co-authored-by: Gavin John <gavinnjohn@gmail.com> Co-authored-by: g11tech <develop@g11tech.io>
* Update EIP-4844: `hash_tree_root` based transaction hashes This PR builds on top of prior work from: - @lightclient at ethereum#6385 The signature malleability issue in the original PR is addressed by reusing the consensus `compute_signing_root` mechanism to link each hash with the transaction's underlying `chain_id` and `tx_type`. Note that this makes the transaction hashes different from the plain `hash_tree_root` values. This means that if the `transactions_root` MPT is replaced with SSZ (EIP-6404), that the `transaction_hash` would need to be tracked separately, same as for legacy RLP-based transactions. This is mainly a cosmetic issue, not a practical one. In an SSZ tx tree, we could simply include both the HTR as well as the perpetual tx hash. Cryptographic analysis may be necessary to determine the amount by which the hash collision probability is increased, if we use different hashing algorithms for transactions. On the other hand, using different algo for SSZ transactions reduces the impact of a custom network defining 0x05 as a RLP transaction that might serialize same as the blob SSZ transaction. * Fix `signed_tx_hash` * Use static chain ID for purpose of domain computation * Extract SSZ signature scheme to EIP for reuse * Add URL * Split 4844 changes to separate PR * Fix * rm redundant test * Apply most of @g11tech's review Co-authored-by: g11tech <develop@g11tech.io> --------- Co-authored-by: Gavin John <gavinnjohn@gmail.com> Co-authored-by: g11tech <develop@g11tech.io>
This PR builds on top of prior work from:
hash_tree_rootfor tx hash #6385The signature malleability issue in the original PR is addressed by reusing the consensus
compute_signing_rootmechanism to link each hash with the transaction's underlyingchain_idandtx_type.Note that this makes the transaction hashes different from the plain
hash_tree_rootvalues. This means that if thetransactions_rootMPT is replaced with SSZ (EIP-6404), that thetransaction_hashwould need to be tracked separately, same as for legacy RLP-based transactions. This is mainly a cosmetic issue, not a practical one. In an SSZ tx tree, we could simply include both the HTR as well as the perpetual tx hash.Cryptographic analysis may be necessary to determine the amount by which the hash collision probability is increased, if we use different hashing algorithms for transactions. On the other hand, using different algo for SSZ transactions reduces the impact of a custom network defining 0x05 as a RLP transaction that might serialize same as the blob SSZ transaction.