From 3605662f471e0198c22416d729485ddc96c5e8a1 Mon Sep 17 00:00:00 2001 From: Tasos Bitsios Date: Mon, 16 Dec 2024 13:49:31 +0100 Subject: [PATCH] ARC-81 rationale/test case/security --- ARCs/arc-0081.md | 31 ++++++++++++++++++++++--------- 1 file changed, 22 insertions(+), 9 deletions(-) diff --git a/ARCs/arc-0081.md b/ARCs/arc-0081.md index 86243e9a8..81e8c7e56 100644 --- a/ARCs/arc-0081.md +++ b/ARCs/arc-0081.md @@ -16,7 +16,7 @@ This ARC proposes a hashing identifier for checking the integrity of a set of co ## Motivation -Participation key material can be inadvertently mutated between their generation on a participating node and the wallet where the key registration transaction is signed. Currently, the only way for a node runner to be diligent about signing key registration transactions is to individually verify 176 base64 characters across 3 key fields, as well as the 3 numeric fields for validity and key dillution. +Participation key material can be inadvertently mutated between their generation on a participating node and the wallet where the key registration transaction is signed. Currently, the only way for a node runner to be diligent about signing key registration transactions is to individually verify 176 base64 characters across 3 key fields, as well as the 3 numeric fields for validity and key dilution. An online keyreg transaction with incorrect partkey material can succeed, which would render the participating account silently delinquent: their registered participation keys would not correspond to the actual keypairs on the node. @@ -39,27 +39,40 @@ The integrity hash is a shortened version of a SHA512_256 hash of the concatenat - Note: this MUST NOT be omitted. When the first valid voting round is zero, an explicit uint64 zero value is expected. - Implementation warning: this field can be missing in msgpack encoded keyreg transactions due to the `omitempty` behavior. - last valid voting round (encoded as uint64, length: 8 bytes) - - key dillution (encoded as uint64, length: 8 bytes) + - key dilution (encoded as uint64, length: 8 bytes) - its length MUST be exactly 184 bytes - `sha512_256` refers to the SHA512_256 hashing function -- `subsstr(x, 0, 8)` refers to the "substring" function, i.e. returning the first 8 bytes of value `x` -- `base32_nopad` refers to the RFC 4648 base32 encoding function, but omitting the padding suffix characters (`=`) +- `substr(x, 0, 8)` refers to the "substring" function, i.e. returning the first 8 bytes of value `x` +- `base32_nopad` refers to the RFC 4648 base32 encoding function, without padding characters ## Rationale -TODO +- The key material to be hashed was chosen to uniquely identify the participation key +- SHA512_256 was chosen for its widespread availability alongside Algorand SDKs +- A truncated hash was chosen over using the full 32 bytes in order to improve the experience of comparing a hash exhaustively. In base32, 8 bytes encode to a 13-character string, vs. 32 bytes encoding to 52 characters. + - This choice was made while acknowledging that truncating the hash weakens its cryptographic strength significantly. This identifier is meant to be used as an error-detection checksum, not a cryptographically strong guarantee. -## Test Cases +## Test Case -TODO +Participation key: + +Account: OHQTAISSIGRGIGVN6TVJ6WYLBHFTUC437T4E2LRRXGWVNJ4GSZOXKPH7N4 +Selection Key: e4kBLu7zXOorjLVzJHOiAn+IhOBsYBCqqHKaJCiCdJs= +Vote Key: WWHePYtNZ2T3sHkqdd/38EvoFWrnIKPrTo6xN/4T1l4= +State Proof Key: 1GdNPOck+t6yXvuXxrDEPKqgi4I2sTaNugV1kd5ksUW2G1U6x1FT0WR3aT3ZSSmbYoDt3cVrB3vIPJA8GkqSYg== +Vote First Valid: 3118965 +Vote Last Valid: 4104516 +Key Dilution: 993 + +Resulting integrity hash: JUKBSNRYTU4PU ## Reference Implementation -TODO +A reference implementation in Typescript is provided [here](../assets/arc-0081/src/index.ts). ## Security Considerations -TODO +The hash truncation involved in generating the integrity hash sacrifices cryptographic strength for ease of verification. It should not be considered a cryptographically strong identifier, but an error-detection checksum method. ## Copyright