Merge branch 'master' into addressmetadata

ethereum · Mar 28, 2018 · 3dabea3 · 3dabea3
2 parents d7a2d5b + 99ac170
commit 3dabea3
Show file tree

Hide file tree

Showing 4 changed files with 197 additions and 17 deletions.
diff --git a/EIPS/EIP-X-authorisations-nickjohnson.md b/EIPS/EIP-X-authorisations-nickjohnson.md
@@ -0,0 +1,57 @@
+## Preamble
+
+    EIP: <to be assigned>
+    Title: Generalised authorisations
+    Author: Nick Johnson <[email protected]>
+    Type: Standard track
+    Category: ERC
+    Status: Draft
+    Created: 2018-03-12
+
+## Abstract
+This EIP specifies a generic authorisation mechanism, which can be used to implement a variety of authorisation patterns, replacing approvals in ERC20, operators in ERC777, and bespoke authorisation patterns in a variety of other types of contract.
+
+## Motivation
+Smart contracts commonly need to provide an interface that allows a third-party caller to perform actions on behalf of a user. The most common example of this is token authorisations/operators, but other similar situations exist throughout the ecosystem, including for instance authorising operations on ENS domains. Typically each standard reinvents this system for themselves, leading to a large number of incompatible implementations of the same basic pattern. Here, we propose a generic method usable by all such contracts.
+
+The pattern implemented here is inspired by [ds-auth](https://github.com/dapphub/ds-auth) and by OAuth.
+
+## Specification
+The generalised authorisation interface is implemented as a metadata provider, as specified in EIP-X-metadata-nickjohnson. The following mandatory function is implemented:
+
+```
+function canCall(address owner, address caller, address callee, bytes4 func) view returns(bool);
+```
+
+Where:
+ - `owner` is the owner of the resource. If approved the function call is treated as being made by this address.
+ - `caller` is the address making the present call.
+ - `callee` is the address of the contract being called.
+ - `func` is the 4-byte signature of the function being called.
+
+For example, suppose Alice authorises Bob to transfer tokens on her behalf. When Bob does so, Alice is the `owner`, Bob is the `caller`, the token contract is the `callee`, and the function signature for the transfer function is `func`.
+
+As this standard uses EIP-X-metadata-nickjohnson, the authorisation flow is as follows:
+
+ 1. The callee contract fetches the provider for the `owner` address from the metadata registry contract, which resides at a well-known address.
+ 2. The callee contract calls `canCall()` with the parameters described above. If the function returns false, the callee reverts execution.
+
+Commonly, providers will wish to supply a standardised interface for users to set and unset their own authorisations. They SHOULD implement the following interface:
+
+```
+function authoriseCaller(address owner, address caller, address callee, bytes4 func);
+function revokeCaller(address owner, address caller, address callee, bytes4 func);
+```
+
+Arguments have the same meaning as in `canCall`. Implementing contracts MUST ensure that `msg.sender` is authorised to call `authoriseCaller` or `revokeCaller` on behalf of `owner`; this MUST always be true if `owner == msg.sender`. Implementing contracts SHOULD use the standard specified here to determine if other callers may provide authorisations as well.
+
+Implementing contracts SHOULD treat a `func` of 0 as authorising calls to all functions on `callee`. If `authorised` is `false` and `func` is 0, contracts need only clear any blanket authorisation; individual authorisations may remain in effect.
+
+## Backwards Compatibility
+There are no backwards compatibility concerns.
+
+## Implementation
+Example implementation TBD.
+
+## Copyright
+Copyright and related rights waived via [CC0](https://creativecommons.org/publicdomain/zero/1.0/).
diff --git a/EIPS/eip-665.md b/EIPS/eip-665.md
@@ -0,0 +1,91 @@
+---
+eip: 665
+title: Add precompiled contract for Ed25519 signature verification
+author: Tobias Oberstein <[email protected]>
+status: Draft
+type: Standards Track
+category: Core
+created: 2018-03-25
+---
+
+## Simple Summary
+
+Support performant and cheap verification of Ed25519 cryptographic signatures in smart contracts in general by adding a precompiled contract for Ed25519 signature verification to the EVM.
+
+## Abstract
+
+Verification of Ed25519 cryptographic signatures is obviously possible in EVM bytecode. However, the gas cost will be very high, and computationally expensive, as such tight, wide word operations intensive code as required for Ed25519 is not a good fit for the EVM bytecode model.
+
+The addition of a native compiled function, in a precompiled contract, to the EVM solves both cost and performance problems.
+
+## Motivation
+
+One motivation for Ed25519 signature verification in smart contracts is to associate existing off-chain systems, records or accounts that use Ed25519 with blockchain transactions.
+
+Another motivation is the processing of external, Ed25519 proof-of-stake based blockchains within Ethereum smart contracts.
+
+When a transactions contains data that comes with an Ed25519 signature, that proves that the sender of the Ethereum transaction was also in control of the private key (and the data), and this allows the contract to establish an association between the blockchain and the external system or account, and the external system establish the reverse relation.
+
+For example, a contract might check a Ed25519 signed piece of data submitted to the Ethereum transaction like the current block number. That proves to the contract, that the sender is in possession of both the Ethereum private key and the Ed25518 private key, and hence the contract will accept an association between both. This again can be the root anchor for various powerful applications, as now a potentially crypto holding key owner has proven to be in control of some external off-chain system or account, like e.g. a DNS server, a DNS domain, a cluster node and so on.
+
+## Specification
+
+If `block.number >= CONSTANTINOPLE_FORK_BLKNUM`, add a precompiled contract for Ed25519 signature verification (`ED25519VFY`).
+
+The proposal adds a new precompiled function `ED25519VFY` with the following input and output.
+
+`ED25519VFY` takes as input 128 bytes:
+
+1. **message**: The 32-byte message that was signed
+2. **public key**: The 32-byte Ed25519 public key of the signer
+3. **signature**: The 64-byte Ed25519 signature
+
+`ED25519VFY` returns as output 1 byte:
+
+1. **result**: `0x00` if signature is valid, else invalid signature
+
+### Address
+
+The address of `ED25519VFY` is **`0x8`.**
+
+### Gas costs
+
+Gas cost for `ED25519VFY` is **2000**.
+
+## Rationale
+
+The proposed `ED25519VFY` function takes the signer public key as a call parameter, as with Ed25519, I don't believe it is possible to derive the signers public key from the signature and message alone.
+
+The proposed `ED25519VFY` function uses a zero return value to indicate success, since this allows for different errors to be distinguished by return value, as all non-zero return values signal a verification failure.
+
+`ECRECOVER` has a gas cost of 3000. Since Ed25519 is computationally cheaper, the gas price should be less.
+
+## Backwards Compatibility
+
+As the proposed precompiled contract is deployed at a reserved (<255) and previously unused address, an implementation of the proposal should not introduce any backward compatibility issues.
+
+## Test Cases
+
+Test vectors for Ed25519 can be found in this IETF ID https://tools.ietf.org/html/draft-josefsson-eddsa-ed25519-03#section-6.
+
+More test vectors can be found in the regression tests of NaCl (see references).
+
+## Implementation
+
+NaCl is a high-quality implementation of Ed25519, available from the same team that created the algorithms and cryptography behind Ed25519.
+
+The library should allow implementations of the proposed `ed25519verify` function with few lines of code in the hosting Ethereum implementation.
+
+## References
+
+* Definition of Ed25519: https://ed25519.cr.yp.to/ed25519-20110926.pdf
+* Ed25519 - high-speed high-security signatures: https://ed25519.cr.yp.to/
+* NaCl - Networking and Cryptography library: https://nacl.cr.yp.to/sign.html
+* NaCl Crypto Libraries (which contains Ed25519): https://ianix.com/pub/ed25519-deployment.html
+* Test vectors for Ed25519: https://tools.ietf.org/html/draft-josefsson-eddsa-ed25519-03#section-6
+* NaCl regression tests: https://ed25519.cr.yp.to/python/sign.py and https://ed25519.cr.yp.to/python/sign.input
+* On the recoverability of public keys from signature+message (alone): https://crypto.stackexchange.com/questions/9936/what-signature-schemes-allow-recovering-the-public-key-from-a-signature
+
+## Copyright
+
+Copyright and related rights waived via [CC0](https://creativecommons.org/publicdomain/zero/1.0/).
diff --git a/EIPS/eip-721.md b/EIPS/eip-721.md
@@ -121,9 +121,10 @@ interface ERC721 /* is ERC165 */ {
 
     /// @notice Enable or disable approval for a third party ("operator") to manage
     ///  all of `msg.sender`'s assets.
-    /// @dev Emits the ApprovalForAll event
+    /// @dev Emits the ApprovalForAll event. The contract MUST allow
+    ///  multiple operators per owner.
     /// @param _operator Address to add to the set of authorized operators.
-    /// @param _approved True if the operators is approved, false to revoke approval
+    /// @param _approved True if the operator is approved, false to revoke approval
     function setApprovalForAll(address _operator, bool _approved) external;
 
     /// @notice Get the approved address for a single NFT

diff --git a/EIPS/eip-868.md b/EIPS/eip-868.md
@@ -18,35 +18,66 @@ resolution of Ethereum Node Records (ENR).
 
 To bridge current and future discovery networks and to aid the implementation of other
 relay mechanisms for ENR such as DNS, we need a way to request the most up-to-date version
-of a node record.
+of a node record. This EIP provides a way to request it using the existing discovery
+protocol.
 
 # Specification
 
-Implementations of Node Discovery Protocol v4 should support two new packet types, a request
-and reply of the node record. The new packets are:
+Implementations of Node Discovery Protocol v4 should support two new packet types, a
+request and reply of the node record. The existing ping and pong packets are extended with
+a new field containing the sequence number of the ENR.
 
-### enrRequest (0x05)
+### Ping Packet (0x01)
 
-RLP: `[ expiration ]`
+```text
+packet-data = [version, from, to, expiration, enr-seq]
+```
 
-When a packet of this type is received, the node should reply with an enrResponse packet
+`enr-seq` is the current sequence number of the sending node's record. All other fields
+retain their existing meaning.
+
+### Pong Packet (0x02)
+
+```text
+packet-data = [to, ping-hash, expiration, enr-seq]
+```
+
+`enr-seq` is the current sequence number of the sending node's record. All other fields
+retain their existing meaning.
+
+### ENRRequest Packet (0x05)
+
+```text
+packet-data = [ expiration ]
+```
+
+When a packet of this type is received, the node should reply with an ENRResponse packet
 containing the current version of its record.
 
-To guard against amplification attacks, the sender of enrRequest should have replied to a
-ping packet recently. The expiration field, a UNIX timestamp, should be handled as for all
-other existing packets, i.e. no reply should be sent if it refers to a time in the past.
+To guard against amplification attacks, the sender of ENRRequest should have replied to a
+ping packet recently (just like for FindNode). The `expiration` field, a UNIX timestamp,
+should be handled as for all other existing packets i.e. no reply should be sent if it
+refers to a time in the past.
 
-### enrResponse (0x06)
+### ENRResponse Packet (0x06)
 
-RLP: `[ requestHash, ENR ]`
+```text
+packet-data = [ request-hash, ENR ]
+```
 
-This packet is the response to enrRequest.
+This packet is the response to ENRRequest.
 
-- `requestHash` is the hash of the entire enrRequest packet being replied to.
+- `request-hash` is the hash of the entire ENRRequest packet being replied to.
 - `ENR` is the node record.
 
-The recipient of the packet should verify that the node record is signed by node who
-sent enrResponse.
+The recipient of the packet should verify that the node record is signed by node who sent
+ENRResponse.
+
+## Resolving Records
+
+To resolve the current record of a node public key, perform a recursive Kademlia lookup
+using the FindNode, Neighbors packets. When the node is found, send ENRRequest to it and
+return the record from the response.
 
 # Copyright