[AIP-55][Discussion] Generalize Transaction Authentication and Support Arbitrary K-of-N MultiKey Accounts

[junkil-park]

AIP Discussion

Transactions submitted to Aptos contain a RawTransaction and a TransactionAuthenticator. The TransactionAuthenticator authorizes the execution of the transaction by the set of senders or approvers of the accounts within the transaction. The TransactionAuthenticator contains a mixture of general purpose authenticators called AccountAuthenticators for us in fee payer and multiagent as well as also some very specific types for single sender transactions such as Ed25519, MultiEd25519, and Secp256k1. Thus adding a new cryptographic proof for authorizing a transaction requires a new TransactionAuthenticator, AccountAuthenticator, and specialized cryptographic authenticators.

Beyond this concern, Aptos only supports a single multi-key scheme, ed25519. Multi-key schemes provide value when users can leverage different proof types for different purposes, such as leveraging Ed25519 for their wallet and a Secp256k1 from HSMs for account recovery. New technologies like Passkeys and OAuth login systems may require additional cryptographic algorithms. Combining these disparate technologies together improves user experience around managing a single account from a plethora of devices, platforms, and environments.

This AIP introduces a new TransactionAuthenticator called SingleSender that supports two AccountAuthenticators, SingleKeyAuthenticator and MultiKeyAuthenticator, which supports a single key and a k-of-n multi-key, respectively. These authenticators decouple the proof type from both the TransactionAuthenticator and AccountAuthenticator simplifying the addition of new cryptographic proofs for account authentication.

Read more about it here: https://github.com/aptos-foundation/AIPs/blob/main/aips/aip-55.md

This AIP is related to AIP-49 Secp256k1 Ecdsa for Transaction Authentication