-
Notifications
You must be signed in to change notification settings - Fork 5.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for ed25519 signature verification #665
Conversation
👍 Someone please check this out. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
awesome!!!!!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I made small comments. I think a tentative address and a tentative gas cost would be necessary for implementation and test cases.
Because of the similarity between edrecover and ecrecover all design choices could be copied. | ||
|
||
## Backwards Compatibility | ||
The introduction of this function will break backwards compatibility for all contracts that use this function. A fork would be required. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Something like "The introduction of this precompiled contract will break ... that calls the address of the precompiled contract" would fit better with the usual nomenclature.
@@ -0,0 +1,43 @@ | |||
## Preamble | |||
|
|||
EIP: <to be assigned> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please use 665, and move this file to EIPS/665.md
dPoS block-chains require the processing of signatures for block validation. dPoS block-chains focused on speed, such as [ESC](https://github.com/adshares/esc), benefit greatly from the batch-verification option available for ed25519. Right now processing of ed25519 signatures requires too much gas if implemented with ETH opcodes. A precompiled ed25519 function would enable the interoperability between ETH and fast dPoS block-chains and would offer the option to process large number of simple transactions with limited use of ETH recourses. | ||
|
||
## Specification | ||
The new function could be called edrecover with parameters as for the ecrecover function. The specifications are similar to those of the ecrecover function. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please specify the address of the precompiled contract, even if tentatively.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please also specify a gas cost, even if tentatively.
|
||
Creation of transactions between ETH and a second block-chain requires that the later has access to balances and states available in ETH. As a consequence the second block-chain would have to process all ETH messages or rely on trusted ETH nodes to obtained required information. It is unfeasible to expect from all nodes of the second block-chain to process also ETH, but the delegated Proof of Stake (dPoS) mechanism offers the possibility to delegate this work to a small subset of nodes. | ||
|
||
dPoS block-chains require the processing of signatures for block validation. dPoS block-chains focused on speed, such as [ESC](https://github.com/adshares/esc), benefit greatly from the batch-verification option available for ed25519. Right now processing of ed25519 signatures requires too much gas if implemented with ETH opcodes. A precompiled ed25519 function would enable the interoperability between ETH and fast dPoS block-chains and would offer the option to process large number of simple transactions with limited use of ETH recourses. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"large number" should be "a large number" says Grammarly, and I suspect so.
This is not mandatory, but if you list available libraries in commonly used languages, that would be more inviting. |
Please make it happen .. Ed25519 has a lot of advantages (from the pure crypto/algo side, and also from real-world implementations, as there is a high-quality, side-channel resistant implementation: NaCl) and has gained wide usage in OSS very quickly: https://ianix.com/pub/ed25519-deployment.html |
FWIW, here is a 50 pts bounty on SO related to this;) three days left .. https://ethereum.stackexchange.com/questions/42771/ed25519-in-smart-contracts/ |
As to the motivation for this: me, I am more looking to integrate Ed25519 based, existing, off-chain systems with Ethereum. Here, a contract might want to check a Ed25519 signed piece of data submitted to the Ethereum transaction. Eg the current block number signed with Ed25519. That proves to the contract, that the sender is in possession of both the Ethereum private key and the Ed25518 private key, and hence the contract will accept an association between both. This again can be the root anchor for various powerful applications, as now a potentially crypto holding key owner has proven to be in control of some external off-chain system. Eg a DNS server, a DNS domain, a cluster node, ... |
This is a courtesy notice to let you know that the format for EIPs has been modified slightly. If you want your draft merged, you will need to make some small changes to how your EIP is formatted:
If your PR is editing an existing EIP rather than creating a new one, this has already been done for you, and you need only rebase your PR. In addition, a continuous build has been setup, which will check your PR against the rules for EIP formatting automatically once you update your PR. This build ensures all required headers are present, as well as performing a number of other checks. Please rebase your PR against the latest master, and edit your PR to use the above format for frontmatter. For convenience, here's a sample header you can copy and adapt:
|
I think this can be closed as EIP 665 is in master https://github.com/ethereum/EIPs/blob/master/EIPS/eip-665.md a geth PR is here btw ethereum/go-ethereum#16453 |
request for precompiled contract for ed25519 signature verification.