Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Experiment Using PRF Extension For Signer Key Material #249

Open
nlordell opened this issue Feb 2, 2024 · 2 comments
Open

Experiment Using PRF Extension For Signer Key Material #249

nlordell opened this issue Feb 2, 2024 · 2 comments

Comments

@nlordell
Copy link
Collaborator

nlordell commented Feb 2, 2024

Context / issue

One of the big downsides of Webauthn is that most devices only support curves that are non-EVM native (P-256, RSA, Ed25519 to name the common ones). This means that, at least until EIP-7212 lands, ECDSA signature verification needs to be implemented in Solidity which adds ~300k gas overhead when verifying signatures.

There is a pseudo-random function extension (PRF) that allows credentials to provide additional 32-byte key material for use in the client. The use case for the extension, for example, request a credential when logging in with some additional key material, and then use this key material to decode some local storage data. However, this can also be used as key material to generate secp256k1 private keys for signing transactions.

Proposed solution

On account creation:

  1. Create the credential and request prf with a fixed first salt parameter
  2. Use the generate 32-byte key material as an HD wallet seed
  3. Compute the address of an account at a fixed HD wallet path (the default one for example, or a special index, etc.)
  4. Use the account as regular EOA owner to the Safe
  5. Discard the key material (ensuring it is only ever used ephemerally)

On transaction signing:

  1. Request the credential created ☝️ with prf and the same fixed first salt parameter
  2. Use the generate 32-byte key material as an HD wallet seed
  3. Sign the Safe transaction with the account with the same HD wallet path used during account creation
  4. Discard the key material (ensuring it is only ever used ephemerally)

Alternatives

Note that in the proposed solution, we always discard the key material right awayt after using it. If we want to provide a more "login once, sign many times" experience, we can even store the key material per session, and then not require an authenticator (i.e. device like iPhone) interaction per signature.
@nlordell nlordell mentioned this issue Feb 2, 2024
Closed
@ennioVisco
Copy link

which adds ~300k gas overhead when verifying signatures.

This doesn't sound right, as in current prices it would mean ~746 ETH

@mmv08
Copy link
Member

mmv08 commented Feb 2, 2024

which adds ~300k gas overhead when verifying signatures.

This doesn't sound right, as in current prices it would mean ~746 ETH

300000 gas units * 32 gwei (current gas price) = 0,0096 ether, which is 22 USD with the current prices for just verifying a signature.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ennioVisco @nlordell @mmv08