Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow Setting of EVM Address by EOA #1082

Draft
wants to merge 8 commits into
base: main
Choose a base branch
from

Conversation

Nana-EC
Copy link
Contributor

@Nana-EC Nana-EC commented Nov 18, 2024

Description:
HIP 583 opened the doors for greater account compatibility with EVM flows by utilizing the account alias to encompass
the EVM address. However, given the static nature of the alias and concerns of complexity, existing accounts were not
allowed to update their alias and set one if it was null. This HIP aims to rectify this by allowing EOAs who have no
alias set to set it to an ECDSA key derived evm address value they own.

This HIP also replaces the need for HIP 631: Account Virtual Addresses as it
aimed to resolve this issue as well as provide even greater functionality. A form of HIP 631 could be revisited in the
future but not with the goal of providing address equivalence with the EVM.

Related issue(s):

Fixes #1070

Notes for reviewer:
1st draft, need to add a clarifying image and touch up

Checklist

  • Documented (Code comments, README, etc.)
  • Tested (unit, integration, etc.)

Signed-off-by: Nana Essilfie-Conduah <[email protected]>
@Nana-EC Nana-EC self-assigned this Nov 18, 2024
Copy link

netlify bot commented Nov 18, 2024

Deploy Preview for hedera-hips ready!

Name Link
🔨 Latest commit 0074a38
🔍 Latest deploy log https://app.netlify.com/sites/hedera-hips/deploys/679188255625d400080f23be
😎 Deploy Preview https://deploy-preview-1082--hedera-hips.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

Signed-off-by: Nana Essilfie-Conduah <[email protected]>
HIP/hip-1082.md Outdated Show resolved Hide resolved
Copy link
Contributor

@ty-swirldslabs ty-swirldslabs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great work! I added some clarifying questions to user stories section


## User stories

1. As an existing account with an ED key but no EVM address alias, I would like to set an ECDSA derived EVM address
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In this user story, wouldn't the user have to update the ED key to the new ECDSA key that corresponds with the EVM address for 'ecrecover' to function? Maybe I'm misunderstanding the phrase 'correct ecrecover functionality', or is the implication that the key is being updated as well

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No, the user would just use their ECDSA key in a wallet to sign. So far as the EVM address can be extracted from the signature the ecercover flow would work

HIP/hip-1082.md Outdated Show resolved Hide resolved
HIP/hip-1082.md Outdated
4. As an account with an EVM address alias set after creation, I would like to set an evm address override to my
previous long zero address for a `ContractCreate` transaction.
5. As an account with an EVM address alias set after creation, I would like to set an evm address override to my
previous long zero address for a `ContractCall` transaction.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this out of scope / too complex for this HIPs user story?
As an existing account with an ED key but no EVM address alias, I would like to update my key to an ECDSA key and set my EVM address to be derived from the new ECDSA key.

Copy link
Contributor Author

@Nana-EC Nana-EC Dec 7, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Out of scope, not too complex but would be enabled by this HIP and current network functionality.
Such a user could rotate their keys before or after setting the EVM address.
They could actually do it in one single CryptoUpdate also.
Key rotation is not tied to alias value

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I didn't think it was out of scope, but explicitly in scope. Key rotation is already supported as you said, and setting the alias if it was null is also in scope. So what @ty-swirldslabs is asking for should be a natural consequence of this HIP?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I read this as a User story to 1) rotate keys 2) set new ECDSA derived evm address.

  1. is existing network logic hence my out of scope comment as it's already covered
  2. is covered by the first user story.

Valid point though so I've added a new user story to highlight the chaining of actions as this is valuable for users.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this resolved @ty-swirldslabs @Nana-EC ?

Signed-off-by: Nana Essilfie-Conduah <[email protected]>
HIP/hip-1082.md Outdated Show resolved Hide resolved
HIP/hip-1082.md Outdated Show resolved Hide resolved
HIP/hip-1082.md Outdated Show resolved Hide resolved
HIP/hip-1082.md Outdated Show resolved Hide resolved
…ers and IvanKavaldzhiev

Signed-off-by: Nana Essilfie-Conduah <[email protected]>
Copy link
Member

@rbair23 rbair23 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have made various suggestions for clarity and grammar. One material change: I have removed the ContractCreateTransaction from the list. I did not see any reason why we should support evm_address_override when creating transaction, only when calling them.

HIP/hip-1082.md Outdated
Comment on lines 21 to 29
[HIP 583](https://hips.hedera.com/hip/hip-583) opened the doors for greater account compatibility with EVM flows by
utilizing the account alias to encompass
the EVM address. However, given the static nature of the alias and concerns of complexity, existing accounts were not
allowed to update their alias and set one if it was `null`. This HIP aims to rectify this by allowing EOAs who have no
alias set to set it to an ECDSA key derived evm address value they own.

This HIP also replaces the need for [HIP 631: Account Virtual Addresses](https://hips.hedera.com/hip/hip-631) as it
aimed to resolve this issue as well as provide even greater functionality. A form of HIP 631 could be revisited in the
future but not with the goal of providing address equivalence with the EVM.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
[HIP 583](https://hips.hedera.com/hip/hip-583) opened the doors for greater account compatibility with EVM flows by
utilizing the account alias to encompass
the EVM address. However, given the static nature of the alias and concerns of complexity, existing accounts were not
allowed to update their alias and set one if it was `null`. This HIP aims to rectify this by allowing EOAs who have no
alias set to set it to an ECDSA key derived evm address value they own.
This HIP also replaces the need for [HIP 631: Account Virtual Addresses](https://hips.hedera.com/hip/hip-631) as it
aimed to resolve this issue as well as provide even greater functionality. A form of HIP 631 could be revisited in the
future but not with the goal of providing address equivalence with the EVM.
Permits accounts without an alias to set one.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the context is still valuable. A reader of a HIP should be able to read the Abstract and get a general idea of the sections of the spec, for discussion.
I adopted the 1 liner to give the answer to"What" but preserved the 2 short paragraphs to allow the idea to be presented.

HIP/hip-1082.md Outdated
Comment on lines 33 to 42
The EVM address alias introduced in HIP 583 allowed for ECDSA based accounts to interact with the EVM in the same way
other EVM chains do. Particularly, functionality like the `ecrecover` that relies on the relationship between key and
address (pivotal to many DEXs) was unblocked and allowed greater EVM equivalence on the Hedera network.
However, HIP 583 intentionally provided no solution for accounts with no alias regardless of key type (ED, EC or
complex keys). Though these accounts were afforded the hedera num account alias (long zero), this format would not
allow accounts to utilize the `ecrecover` precompile in the expected manner.
This continued incompatibility has remained and inhibited web3 EVM tooling support.

Providing a solution to this gap is a necessity to make it easy for EVM dApps in the web3 community to come to
Hedera without needing to change their smart contracts.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
The EVM address alias introduced in HIP 583 allowed for ECDSA based accounts to interact with the EVM in the same way
other EVM chains do. Particularly, functionality like the `ecrecover` that relies on the relationship between key and
address (pivotal to many DEXs) was unblocked and allowed greater EVM equivalence on the Hedera network.
However, HIP 583 intentionally provided no solution for accounts with no alias regardless of key type (ED, EC or
complex keys). Though these accounts were afforded the hedera num account alias (long zero), this format would not
allow accounts to utilize the `ecrecover` precompile in the expected manner.
This continued incompatibility has remained and inhibited web3 EVM tooling support.
Providing a solution to this gap is a necessity to make it easy for EVM dApps in the web3 community to come to
Hedera without needing to change their smart contracts.
On Ethereum, every account is addressed by an address which is derived from an ECDSA public key. The
EVM also has a specific instruction, `ecrecover`, that given an ECDSA signature can extract the public key
and convert that public key into an address. This allows an EVM program to figure out the address of
transaction signers.
Hiero accounts are not limited to ECDSA keys, and Hiero accounts can rotate their keys. Both of these
features are not found in Ethereum Externally Owned Accounts (EOA), and present some conflict with the
`ecrecover` operation. The EVM address alias introduced in [HIP-583](https://hips.hedera.com/hip/hip-583)
was added so that accounts could be created that augmented their account administration key (typically
referred to simply as the "account key" or "key"), with an EVM compatible "alias". This alias could match
exactly what an address would be on Ethereum. The user could call a smart contract, signed with the
private key associated with their alias, and the smart contract could use `ecrecover` to recover the public
key, derive the alias, and lookup the account.
However, not all accounts on Hedera use ECDSA keys or were created after HIP-583 was defined. This HIP
adds support for specifying an alias on an account, even if it already exists, so long as that account does
not already have an alias. [HIP-631]((https://hips.hedera.com/hip/hip-631) defines a more complex set of
rules that would allow multiple aliases to be defined for any given account. This HIP differs from HIP-631 in
that it supports only a single alias. HIP-631 could be implemented compatibly at a later date if desired.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Adopted change

HIP/hip-1082.md Outdated
Comment on lines 46 to 58
[HIP 631: Account Virtual Addresses](https://hips.hedera.com/hip/hip-631) lays out the challenges faced by accounts
without an ECDSA derived EVM address that want to interact with the EVM in a way that complies with the Hedera native
model and the EVM model. However, HIP 631 offered feature rich complexity that may be difficult for DApps, wallets and
users to follow completely.

Instead of the full HIP 631, an intermediate approach i.e. a HIP 631 Lite (this HIP) could unblock users without an
EVM address. It would enable accounts to interact with the EVM in a compliant manner regardless of the public key on
its account.

In a sense the current network already supports the ability to set the evm address, it just requires the logic to be
done on account creation. Thus by lifting the limit of not being able to set the alias after account creation, whiles
still requiring that the current alias be unset this HIP ushers in the ability for those previously blocked accounts to
interact with the EVM as expected.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
[HIP 631: Account Virtual Addresses](https://hips.hedera.com/hip/hip-631) lays out the challenges faced by accounts
without an ECDSA derived EVM address that want to interact with the EVM in a way that complies with the Hedera native
model and the EVM model. However, HIP 631 offered feature rich complexity that may be difficult for DApps, wallets and
users to follow completely.
Instead of the full HIP 631, an intermediate approach i.e. a HIP 631 Lite (this HIP) could unblock users without an
EVM address. It would enable accounts to interact with the EVM in a compliant manner regardless of the public key on
its account.
In a sense the current network already supports the ability to set the evm address, it just requires the logic to be
done on account creation. Thus by lifting the limit of not being able to set the alias after account creation, whiles
still requiring that the current alias be unset this HIP ushers in the ability for those previously blocked accounts to
interact with the EVM as expected.
[HIP-631: Account Virtual Addresses](https://hips.hedera.com/hip/hip-631) lays out the challenges faced by
accounts without an ECDSA derived EVM address that want to interact with the EVM in a compatible way while still
supporting key rotation and complex keys. While HIP-631 may be a comprehensive solution to the problem, it
requires complex user flows in wallets that may cause more pain than it resolves.
Instead, an intermediate approach i.e. a HIP 631 Lite (this HIP) could help users without an EVM address. It would
enable accounts to interact with the EVM, even contracts using `ecrecover`, regardless of the public key on its account.
In a sense, the current network already supports the ability to set the EVM address, it just only works during account creation. Thus, this HIP allows those previously created accounts to be updated and interact with the
EVM as one would expect.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Adopted change

HIP/hip-1082.md Outdated
Comment on lines 62 to 74
The following are some clarifying concepts to increase clarity around aliases
- Every account on the network has 1 or 2 evm addresses. Either only the Hedera num alias (long zero) or the Hedera num
alias (long zero) and an EVM address alias (standard ECDSA derived EVM address).
- When a user interacts with the EVM the network will utilize the ECDSA derived EVM address alias on an account if
present. If not it will utilize the long zero.
- Accounts with an ECDSA derived EVM address are fully compatible with expectations of contracts that utilize the
ecrecover precompile.
- Accounts without an ECDSA derived EVM address alias will not match the expectation of the ecrecover precompile
calculations. This has effects on certain DApp behaviour.
- Smart contracts can and do cache the evm address of an account and often use it to assign attributes such as access
and ownership. As a result it was important to maintain a static alias to avoid unintended differences in
expectation
- Account key rotation has no impact on the evm address utilized when an account interacts with the EVM
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
The following are some clarifying concepts to increase clarity around aliases
- Every account on the network has 1 or 2 evm addresses. Either only the Hedera num alias (long zero) or the Hedera num
alias (long zero) and an EVM address alias (standard ECDSA derived EVM address).
- When a user interacts with the EVM the network will utilize the ECDSA derived EVM address alias on an account if
present. If not it will utilize the long zero.
- Accounts with an ECDSA derived EVM address are fully compatible with expectations of contracts that utilize the
ecrecover precompile.
- Accounts without an ECDSA derived EVM address alias will not match the expectation of the ecrecover precompile
calculations. This has effects on certain DApp behaviour.
- Smart contracts can and do cache the evm address of an account and often use it to assign attributes such as access
and ownership. As a result it was important to maintain a static alias to avoid unintended differences in
expectation
- Account key rotation has no impact on the evm address utilized when an account interacts with the EVM
Every account in Hiero has a 20-byte EVM alias by default. It is created **not** by using the key on the account,
which may change, but by computing a "long-zero" alias by taking the account ID (such as 0.0.1234) and
converting it into a 20-byte representation.
Given any account, you can send HBAR, or Tokens, to any other account by using either its Account ID, or by using
its built-in long-zero alias.
A user may specify an alias **in addition to** the long-zero alias. This additional alias is typically based on an
ECDSA key, exactly the same way as it is done in Ethereum. This key may, or may not, be the admin key on the
account. But to use this alias, the user must assert they own the key by signing the transaction that sets the alias
with the corresponding private key of that alias, to prevent "alias squatting" by malicious actors.
When a user interacts with a smart contract, if a user-defined alias based on ECDSA is present, it will be used as
the address by which the smart contract interacts with the account. The smart contract will not be able to use
the long-zero address. If the account does not have a user-defined alias based on ECDSA, then the long-zero
alias will be used to represent the account in the smart contract system.
Accounts with user-defined aliases based on ECDSA work with smart contracts that make use of `ecrecover`.
Accounts that work with smart contracts using their long-zero address will not work with smart contracts that
use `ecrecover`.
Smart contracts can, and frequently do, store in state the EVM address of accounts that use the smart contract.
For this reason, smart contracts **will not work** with accounts whose EVM address changes. This is why
the user-defined alias cannot be changed after it has been set, since this has become the address by which
contracts will refer to the account.
Due to this fact, the user must always sign contract calls with the key associated with the user-defined ECDSA
alias, and must never lose that key. If for any reason the key must be rotated, all value in the account must be
transferred to a new account, possibly incurring custom fees for HTS tokens. This is the same as how it works
on Ethereum.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Adopted change

HIP/hip-1082.md Outdated
4. As an account with an EVM address alias set after creation, I would like to set an evm address override to my
previous long zero address for a `ContractCreate` transaction.
5. As an account with an EVM address alias set after creation, I would like to set an evm address override to my
previous long zero address for a `ContractCall` transaction.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I didn't think it was out of scope, but explicitly in scope. Key rotation is already supported as you said, and setting the alias if it was null is also in scope. So what @ty-swirldslabs is asking for should be a natural consequence of this HIP?

HIP/hip-1082.md Outdated
Comment on lines 187 to 194
Smart contracts have their logic self contained in byte code. Therefore, the implications of address changes are
dictated by each smart contract and not the network. A smart contract may cache an EOA address on first interaction and
utilize that to identify them in future. The cached address could dictate balance access or other privileged access.

As such, an EOA that has interacted with a smart contract using their long zero address and then sets an ECDSA derived
EVM address after will be responsible for any unexpected interactions with the smart contract.
It is advised that an EOA in this case first transfer all in contract storage assets to the EVM address prior to
setting their alias.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
Smart contracts have their logic self contained in byte code. Therefore, the implications of address changes are
dictated by each smart contract and not the network. A smart contract may cache an EOA address on first interaction and
utilize that to identify them in future. The cached address could dictate balance access or other privileged access.
As such, an EOA that has interacted with a smart contract using their long zero address and then sets an ECDSA derived
EVM address after will be responsible for any unexpected interactions with the smart contract.
It is advised that an EOA in this case first transfer all in contract storage assets to the EVM address prior to
setting their alias.
None.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Adopted change

HIP/hip-1082.md Outdated Show resolved Hide resolved
HIP/hip-1082.md Outdated
Comment on lines 206 to 210
[HIP 631: Account Virtual Addresses](https://hips.hedera.com/hip/hip-631) would have added the ability add evm address
and specify any one of them as the desired address for use. However, this didn't unblock existing account and offered
likely complex UX that would overcomplicated the issue at this time. Focusing on setting aliases that were already null
and supporting evm address only for accounts that migrated themselves provides a solution that is focused and less
complex.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this true? I thought 631 allowed having multiple aliases, and thus would support going from null to an alias as well. The only problem with 631 was that it was complicated by having multiple aliases, and we decided to try a simpler approach with just 1 alias (in addition to the long-zero).

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

HIP 631 specifically reserved a different space in state for the multiple virtual addresses but maintained a single account.alias field as immutable

With Virtual Addresses, keys remain the signing permission authority and can be changed but Virtual Addresses (not tied to the alias) provide the value for a transactions EVM address.

Pulled from HIP 631, also the account diagram notes virtual addresses as a different field altogether. We never stated the ability to set a the null alias, so even with multiple virtual addresses an account could still have a null alias

HIP/hip-1082.md Outdated Show resolved Hide resolved
HIP/hip-1082.md Outdated Show resolved Hide resolved
@stoqnkpL
Copy link
Contributor

stoqnkpL commented Dec 17, 2024

Its important to consider two things:

  1. From an ecosystem perspective, having a single real-world user appear as multiple distinct participants can break the expected user flows. DApps, wallets, and explorers might show contradictory data about the user’s “identity,” transaction history, or holdings. For example, if I own some amount of token X as my long-zero address, and some amounts of token Y (or even the same token X) as my newly-set alias, my wallet should be able to detect those and display both, then know how to generate transactions that operate with those balances. Explorers should index events from both addresses and associate them to the same account.
  2. The EVM should handle edge-case scenarios that will now be possible where for example I attempt to transfer HBAR from my long-zero address to my new alias address, both pointing to the same hedera account.

@Nana-EC
Copy link
Contributor Author

Nana-EC commented Dec 18, 2024

Its important to consider two things:

  1. From an ecosystem perspective, having a single real-world user appear as multiple distinct participants can break the expected user flows. DApps, wallets, and explorers might show contradictory data about the user’s “identity,” transaction history, or holdings. For example, if I own some amount of token X as my long-zero address, and some amounts of token Y (or even the same token X) as my newly-set alias, my wallet should be able to detect those and display both, then know how to generate transactions that operate with those balances. Explorers should index events from both addresses and associate them to the same account.
  2. The EVM should handle edge-case scenarios that will now be possible where for example I attempt to transfer HBAR from my long-zero address to my new alias address, both pointing to the same hedera account.

Fair points. I think these are all handles by existing logic

For example, if I own some amount of token X as my long-zero address, and some amounts of token Y (or even the same token X) as my newly-set alias, my wallet should be able to detect those and display both, then know how to generate transactions that operate with those balances. Explorers should index events from both addresses and associate them to the same account.

Agreed, a wallet would have knowledge that an account has a long zero and evm address and it would also be avle to query the contract state for both addresses e.g. balanceOf fro ERC20's in both cases

  1. The EVM should handle edge-case scenarios that will now be possible where for example I attempt to transfer HBAR from my long-zero address to my new alias address, both pointing to the same hedera account.

Good point, the node should handle self transfer in the same way it does today

@Perseverance
Copy link

I agree with this HIP's proposed solution and believe it is the right way to address many possible issues.

However, I would like to highlight that the rationale and, therefore, the impact of this change are likely less severe than they appear.

Firstly, I strongly believe that the ecrecover precompile should not be modified and its behaviour should be kept the same as Ethereum. ecrecover is meant to be a pure cryptographic function - a stateless black-box one. The rationale mentions that this HIP will enable ecrecover to "work". I believe that ecrecover works exactly as intended right now.

The real reasoning behind this HIP, for me, comes from the use-cases of ecrecover rather than the inner workings of ecrecover. Many Ethereum applications use "signed-message"-based authorization - Based on a signed message by the user, the dapps enable certain actions to be authorized on the behalf of the signing user. The most famous example is the ERC20 add-on - ERC-2612 - commonly known as "permits". In this use-case the owner of certain amount of tokens, signs a message authorizing another user to use them.

This HIP solution will help enable this use case, but it is not because ecrecover is somehow broken, but because it will enable our users with non-ecdsa keys to set their ecdsa representing addresses, therefore be eligible to use this authorization scheme.

In respect of fairness, it is important to highlight the negative side-effects of this change. As @rbair23 pointed, this change, and our aim to support the "signed-message"-based authorization is in fact leading to hard-coupling between user and their ECDSA keys. This disables the much desired key rotation.

@Ferparishuertas
Copy link

From an evm perspective, this is the most compatible version, and allows the signed message schemes at smart contract level. That said as @rbair23 and @Perseverance mention, this intermediate HIP is a step forward, but we need to keep an eye on HIP -631, to enable alias rotation, or multiple evm adressess alias to identity/account mappings.

Apologizes in forehand for next comments, if there is anything out of context.

As a newbie, I want to suggest some extra adds to the context to make the HIP more comprehensive, added to a question

  • Make it clear, that the alias (derived evm address) is unique and cannot be used within more than 1 account
  • Separate the concepts of key rotating and alias. Documentation indicates the following:

"If an alias is set during account creation, it becomes immutable, meaning it cannot be changed. If you plan to update or rotate keys in the future, do not set the alias at the time of initial account creation. The alias can be set after finalizing all key updates."

HIP/hip-1082.md Outdated Show resolved Hide resolved
HIP/hip-1082.md Outdated Show resolved Hide resolved
HIP/hip-1082.md Outdated
/**
* The 20-byte EVM address to use for the given transaction. This address must be the Hedera num alias of the account.
*/
bytes evm_address_override = 21;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This name seems ambiguous to me. It could be the address of the contract or the sender. What about from like in eth_call? Or other alternatives like from_address or sender?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fair point.
sender might be cleaner as in implementation this is setting the EOA msg.sender observed by the EVM

HIP/hip-1082.md Outdated
### Mirror Node

Mirror Nodes should be sure to support the setting of the evm address value on an account when processing a
`CryptoUpdate` transaction. As in the case of a `CryptoCreate` the new value can be retrieved from the `evm_address`
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This doesn't mention changes around processing contract call and create.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The CN should ensure that the override address is adopted fully by the EVM, so there should be no changes to Mirror Node processing on those calls.
The sender value in ContractFunctionResult should be that of the override utilized in the transaction body.
Do you see any processing changes as a result of this or in other areas?
I'm happy to call them out or address them if they were missed

HIP/hip-1082.md Outdated
Comment on lines 113 to 115
Additionally, `ContractCreate` and `ContractCall` EVM transactions will need to support the ability to specify the
Hedera Num Alias address to use on the transaction. This is because on the HAPI side all aliases are applicable and
thus the flexibility of the API is important to maintain.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I still don't understand why the HIP allows them to set an ECDSA derived EVM address on their existing account but then it doesn't allow them to use this new value on contract calls and instead requires the long zero form.

And even if Hedera Num Alias is required, why would they specify it as long zero bytes instead of just using AccountID in shard.realm.num?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If a valid alias is set where one did not exist the new value is indeed used during Contract calls.
The override option is provided to set the older long-zero address in the case that a user would like to be perceived by the EVM as such this to unblock themselves.
This is why the address format is used and not the AccountID format.

For example, say an account with no alias has interacted with a contract that cached its long zero address. If they set the alias with this HIP and again interacted with the contract they would likely see the new address cached.
If for some reason that account wanted to migrate in contract details from the original long zero address to the new ECDSA derived address they could do so by utilizing this override in addition to the contract logic.

HIP/hip-1082.md Outdated
Comment on lines 164 to 165
Mirror Nodes should be sure to support the setting of the evm address value on an account when processing a
`CryptoUpdate` transaction. As in the case of a `CryptoCreate` the new value can be retrieved from the `evm_address`
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we detail any API changes? My assumption that there's no new fields but that existing fields in /api/v1/accounts/{id} will show the updated evm_address and the existing from in contract result APIs will show the override?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Correct, the evm_address for an account will show the new value.
New contract results would also show the override.
Older accounts values and contract results should show the long zero if that's what was in the record file for correctness.
As such there shouldn't be any API field changes.
DO you see otherwise?

Added some details for this

@Nana-EC
Copy link
Contributor Author

Nana-EC commented Jan 21, 2025

I agree with this HIP's proposed solution and believe it is the right way to address many possible issues.

However, I would like to highlight that the rationale and, therefore, the impact of this change are likely less severe than they appear.

Firstly, I strongly believe that the ecrecover precompile should not be modified and its behaviour should be kept the same as Ethereum. ecrecover is meant to be a pure cryptographic function - a stateless black-box one. The rationale mentions that this HIP will enable ecrecover to "work". I believe that ecrecover works exactly as intended right now.

The real reasoning behind this HIP, for me, comes from the use-cases of ecrecover rather than the inner workings of ecrecover. Many Ethereum applications use "signed-message"-based authorization - Based on a signed message by the user, the dapps enable certain actions to be authorized on the behalf of the signing user. The most famous example is the ERC20 add-on - ERC-2612 - commonly known as "permits". In this use-case the owner of certain amount of tokens, signs a message authorizing another user to use them.

This HIP solution will help enable this use case, but it is not because ecrecover is somehow broken, but because it will enable our users with non-ecdsa keys to set their ecdsa representing addresses, therefore be eligible to use this authorization scheme.

In respect of fairness, it is important to highlight the negative side-effects of this change. As @rbair23 pointed, this change, and our aim to support the "signed-message"-based authorization is in fact leading to hard-coupling between user and their ECDSA keys. This disables the much desired key rotation.

Thanks for the perspective and context @Perseverance, good points

Firstly, I strongly believe that the ecrecover precompile should not be modified and its behaviour should be kept the same as Ethereum. ecrecover is meant to be a pure cryptographic function - a stateless black-box one. The rationale mentions that this HIP will enable ecrecover to "work". I believe that ecrecover works exactly as intended right now.

Agreed. ecrecover is not being altered in anyway by this HIP. The only change is an accounts ability to provide a conforming evm address to the EVM that when lining up with its ECDSA signed signature key will allow for ecrecover operation to produce similar results as expected on other EVM chains.

The real reasoning behind this HIP, for me, comes from the use-cases of ecrecover rather than the inner workings of ecrecover. Many Ethereum applications use "signed-message"-based authorization - Based on a signed message by the user, the dapps enable certain actions to be authorized on the behalf of the signing user. The most famous example is the ERC20 add-on - ERC-2612 - commonly known as "permits". In this use-case the owner of certain amount of tokens, signs a message authorizing another user to use them.

This HIP solution will help enable this use case, but it is not because ecrecover is somehow broken, but because it will enable our users with non-ecdsa keys to set their ecdsa representing addresses, therefore be eligible to use this authorization scheme.

The reasoning originates from the lack of EVM address equivalence for accounts on Hedera when they do not have an ECDSA derived evm address. ecrecover is one of the loudest use cases that highlights the address incompatibility. The other comes in the user bases confusion when they see a non ECDSA derived addresses utilized on the EVM.
Agreed that ecrecover itself is not broken but just an accounts ability to have their details used as regular inputs with the expected operation behaviour.
Also agree that that this will enable an accounts ability to utilize this heavily utilized authorization scheme.

Thanks

@Nana-EC
Copy link
Contributor Author

Nana-EC commented Jan 21, 2025

From an evm perspective, this is the most compatible version, and allows the signed message schemes at smart contract level. That said as @rbair23 and @Perseverance mention, this intermediate HIP is a step forward, but we need to keep an eye on HIP -631, to enable alias rotation, or multiple evm adressess alias to identity/account mappings.

Apologizes in forehand for next comments, if there is anything out of context.

As a newbie, I want to suggest some extra adds to the context to make the HIP more comprehensive, added to a question

  • Make it clear, that the alias (derived evm address) is unique and cannot be used within more than 1 account
  • Separate the concepts of key rotating and alias. Documentation indicates the following:

"If an alias is set during account creation, it becomes immutable, meaning it cannot be changed. If you plan to update or rotate keys in the future, do not set the alias at the time of initial account creation. The alias can be set after finalizing all key updates."

Great points @Ferparishuertas. I added some clarifications notes in earlier sections of the HIP to address this.
Thanks

…on and alias set

Signed-off-by: Nana Essilfie-Conduah <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
Status: In Review
Development

Successfully merging this pull request may close these issues.