Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add ability to sign and check arbitrary messages using the failing_noop operation to local forger #952

Closed
jevonearth opened this issue Jun 24, 2021 · 5 comments
Closed

Add ability to sign and check arbitrary messages using the failing_noop operation to local forger #952

jevonearth opened this issue Jun 24, 2021 · 5 comments
Assignees
@ac10n
Labels
5 enhancement New feature or request
Milestone
v17.2

Comments

@jevonearth
Copy link
Collaborator

jevonearth commented Jun 24, 2021
edited by Innkst
Loading

Is your feature request related to a problem and use case? Please describe.

Signing arbitrary data is a common activity in blockchain, but it presents risks in that a wallet, if permissive, can sign a malicious operation that is purporting to be arbitrary data.

Describe the solution you'd like

The florencenet protocol amendment introduced a new operation type called failing_noop which is an operation type that is guaranteed to never be included in the chain.

Acceptance criteria

  • Implement abstractions in Taquito to easily sign arbitrary data wrapped in a failing_noop operation.
  • Implement abstractions in Taquito to easily check the signature validity of a signed failing_noop operation.
  • Make sure it works for both contract and wallet API
  • An integration tests that attempts to inject a valid failing_noop operation that are expected to fail
  • Abstractions should be similar to already implemented RPC forger

Describe alternatives you've considered

Prior to this operation type, wallet developers implemented a data structure to help mitigate this risk. See: https://docs.google.com/document/d/1ZgA7mZNrWl1YZ0snzjiFw1ahyXjvWFS1GvU5-caUDCE/edit

Additional context

If Taquito implements the ability to sign and check data using this operation type, wallet developers are more likely to restrict the signing of arbitrary data that comes in the form of a failing_noop operation.

See Tezos MR https://gitlab.com/tezos/tezos/-/merge_requests/2361 for more information.
@Innkst
Copy link
Contributor

Innkst commented Jul 2, 2021

We have support for this in RPC forger, but could add it to local forger and create an integration test.

@Innkst Innkst added this to the v10.1 milestone Jul 2, 2021
@Innkst Innkst modified the milestones: v10.1, v10.2 Jul 29, 2021
@Innkst Innkst modified the milestones: v11.2, v11.3 Nov 29, 2021
@michaelkernaghan michaelkernaghan changed the title Add ability to sign and check arbitrary messages using the Florencenet failing_noop operation Add ability to sign and check arbitrary messages using the Florencenet failing_noop operation to to local forger and create an integration test. Jan 24, 2022
@fredcy
Copy link

fredcy commented May 2, 2022

Near as I can tell, the local forger does not yet support the failing_noop operation kind. If so, could it be please be added?

@Innkst
Copy link
Contributor

Innkst commented May 3, 2022
edited
Loading

@fredcy would you be able to share some details on how you are using it? It will help us to know more about your use case.

@fredcy
Copy link

fredcy commented May 4, 2022

I am trying to create a proof of concept dApp that signs arbitrary text messages over Beacon. I have it working using the ad hoc "0501"-prefixed Micheline string value method and I want to try using a failing_noop approach that was once recommended as a better alternative.

Several of us plan to write a new tzip to document the current 0501 string value method already implemented by some dApps and wallets, and to write another new tzip to document an alternative safe-signing approach based on failing_noop.

@Innkst Innkst modified the milestones: NEXT, v17.1 May 11, 2023
@Innkst
Copy link
Contributor

Innkst commented Jun 1, 2023

See related request with the use case description here #2507

@Innkst Innkst added the enhancement New feature or request label Jun 1, 2023
@Innkst Innkst changed the title Add ability to sign and check arbitrary messages using the Florencenet failing_noop operation to to local forger and create an integration test. Add ability to sign and check arbitrary messages using the failing_noop operation to local forger Jun 2, 2023
@dsawali dsawali added the 3 label Jun 7, 2023
@dsawali dsawali self-assigned this Jun 29, 2023
@dsawali dsawali added 5 and removed 3 labels Jul 3, 2023
@ac10n ac10n self-assigned this Jul 6, 2023
@Innkst Innkst modified the milestones: v17.1, v17.2 Jul 13, 2023
@Innkst Innkst closed this as completed Aug 15, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ac10n ac10n

Labels
5 enhancement New feature or request
Projects
Taquito Dev
Status: Done
Milestone
v17.2
Development

No branches or pull requests
5 participants
@fredcy @jevonearth @ac10n @dsawali @Innkst