https://github.com/PhABC/EIPs/blob/is-valid-signature/EIPS/eip-1271.md

Standard Signature Validation Method for Contracts

eip title author discussions-to status type category created
1271
Standard Signature Validation Method for Contracts
Francisco Giordano (@frangio), Matt Condon (@shrugs), Philippe Castonguay (@PhABC)
Draft
Standards Track
ERC
2018-07-25

原因:

Many blockchain based applications allow users to sign off-chain messages instead of directly requesting users to do an on-chain transaction. This is the case for decentralized exchanges with off-chain orderbooks like 0x and etherdelta. These applications usually assume that the message will be signed by the same address that owns the assets. However, one can hold assets directly in their regular account (controlled by a private key) or in a smart contract that acts as a wallet (e.g. a multisig contract). The current design of many smart contracts prevent contract based accounts from interacting with them, since contracts do not possess private keys and therefore can not directly sign messages. The proposal here outlines a standard way for contracts to verify if a provided signature is valid when the account is a contract.

现在很多基于区块链的应用都允许用户在链下签署信息,而不是直接在线上交易的时候进行签署。这个使用链下订单簿进行去中心化交易的例子就像0x (去中心化交易协议)and etherdelta(EtherDelta(以德交易平台)是基于以太坊区块链的以太坊与ERC20代币互换的开源去中心交易平台(智能合约github地址))。这些应用一般都假设这些信息都会被拥有这个资产的相同账户签署。但是,现在的问题是我们即能够直接用自己日常的账户去拥有资产(用私钥来管控),但是我们也可以设计智能合约作为一个钱包来管控资产。目前的关于很多智能合约的设计都防止这些基于账户的合约与账户进行交互,所以这些合约是没有私钥的,那么他们就不能直接签署信息。这个EIP建议就是阐述了一个标准的方法来让合约去核查当一个账户是合约的时候,它提供的签名是否有效。

Abstract

Externally Owned Accounts (EOA) can sign messages with their associated private keys, but currently contracts cannot. This is a problem for many applications that implement signature based off-chain methods, since contracts can't easily interact with them as they do not possess a private key. Here, we propose a standard way for any contracts to verify whether a signature on a behalf of a given contract is valid.

EOA就是外部账号(链上的账号分为合约账号和外部账号)能够用他们的私钥来签署信息,但是目前合约是不能做到的,这对于很多实现了基于签名的链下方法的应用是一个问题,因为它没法轻松与账户交互来得到私钥。所以这里我们建议了一种标准的方法去让任何的合约核查代表了一个合约的签名是否是有效的。

Motivation

In the future, it is likely that many users will hold their assets in a smart contract instead of holding them in their externally owned account directly since contracts can improve user experience significantly while providing extra security. This means that contracts using signature based functions should not assume that a given address can provide ECDSA signatures. Otherwise, identity based contracts and contracts holding assets may not be able to interact with functions requiring ECDSA signatures directly.

在未来,用户可能更多地将使用智能合约来管控他们的资产而不是使用EOA外部账户,因为智能合约可能能够通过提供额外的安全性,以此提高了用户的使用体验。这就意味着使用基于签名的函数的合约不应该假设一个给定的账户能够提供ECDSA签名。否则基于身份的合约与拥有资产的合约将不能够与需要ECDSA签名的函数直接交互。

Here, we use the term smart account to refer to any contract that act as an account, which can include identity based methods (e.g. ERC-725 & ERC-1078), asset ownership (e.g. Multisigs, proxy contracts) and/or executable signed messages methods (e.g. ERC-1077). This terminology is important for the reader to better distinguish a contract that acts as an account (e.g. a multisig, wallet or Gnosis Safe contract) and a contract that does not act as an account but requires signatures.

在这里我们使用智能账户指的是用做账户的合约,他们包括了基于身份的方法(e.g. ERC-725 & ERC-1078),资产拥有和可执行的签署信息 (e.g. ERC-1077)的方法。这个术语能够很好地帮助用户去区分需要用做账户的合约(e.g. a multisig, wallet or Gnosis Safe contract) 以及那些不需要用做账户但是需要签名的合约。

One example of an application that requires addresses to provide signatures would be decentralized exchanges with off-chain orderbook, where buy/sell orders are signed messages (see 0x and etherdelta for examples). In these applications, EOAs sign orders, signaling their desire to buy/sell a given asset and giving explicit permissions to the exchange smart contracts to conclude a trade via an ECDSA signature. When it comes to contracts however, ECDSA signature is not possible since contracts do not possess a private key. In the first version of the 0x protocol, smart contracts could not generate buy/sell orders for this very reason, as the maker needed to both own the assets and sign the order via ECDSA method. This was revised in their protocol version 2 (see below).

一个应用的例子就是需要账户地址去提供应该随着链下订单簿进行去中心化交换的签名,订单簿上的买卖订单就是签名信息。在这些应用中,EOAs的签名订单表明了他们买卖给出的资产的意愿并且通过ECDSA签名给出了明显的允诺去交换智能合约来订立该交易。但是当从EOA账户变成了合约后,因为合约不拥有私钥,所以ECDSA签名是不可能实现的。在0x协议(去中心化交易协议https://baike.baidu.com/item/Ox协议/22453818?fr=aladdin)的初版中,智能合约能够生成买卖订单并同时需要创建订单的人拥有资产并能够使用ECDSA方法对订单进行签名。但是这个在版本2中已经进行了修订,具体如下:

Specification

/**
* @dev Should return whether the signature provided is valid for the provided data
* @param _data Arbitrary length data signed on the behalf of address(this)
* @param _signature Signature byte array associated with _data
*
* MUST return a bool upon valid or invalid signature with corresponding _data
* MUST take (bytes, bytes) as arguments
*/
//就是如果这个签名是有效的,那么我就确定你是该账户的拥有者
function isValidSignature(
bytes _data, //任意长度代表了账户地址的签名后的数据,比如一个hash数据
bytes _signature)//签名
public
view
returns (bool isValid);

isValidSignature can call arbitrary methods to validate a given signature, which could be context dependent (e.g. time based or state based), EOA dependant (e.g. signers authorization level within smart account), signature scheme Dependant (e.g. ECDSA, multisig, BLS), etc.

isValidSignature可以使用任何方法来核查给出的签名是否有效,可以自己写

contracts/access/SignatureBouncer.sol

这里面实现了一个类似的功能,但是这个是EOA账户的,而不是智能账户的:

  /**
* @dev is the signature of `this + sender` from a bouncer?
* @return bool
*/
function _isValidSignature(address _address, bytes _signature)
internal
view
returns (bool)
{
return _isValidDataHash(
keccak256(abi.encodePacked(address(this), _address)),//将所给的参数打包再一起进行ABI编码,然后进行hash
_signature //该_signature是对`this + sender`内容的签名,所以上面的hash是那样的
);
} /**
* @dev internal function to convert a hash to an eth signed message
* and then recover the signature and check it against the bouncer role
* @return bool
*/
function _isValidDataHash(bytes32 _hash, bytes _signature)
internal
view
returns (bool)
{
address signer = _hash //这两个都是ECDSA.sol里的函数
.toEthSignedMessageHash()//convert a hash to an eth signed message
.recover(_signature);//调用库的recover函数,得到签名的公钥,即地址signer
return isBouncer(signer);
}
}

但是这个不同的是,上面是证明这个签名是不是有给出的address签的

但是这里是证明提供的签名对于给出的数据data是不是有效的,

Rationale

Such a function is important because it allows other contracts to validate signed messages on the behalf of the smart account. This is necessary because not all signed messages will first pass by the smart account as in ERC-1077, since signatures can be requested by independent contracts. Action based signed messages do not require this method for external contracts since the action is Smart Account A -> Contract C (e.g. owner of smart account A wants to transfer tokens T to contract C), but when the action is in the opposite direction (Contract A -> SmartAccount) this external function is necessary (e.g. contract A requires smart account A to transfer tokens T when event E is triggered).

这个函数是很重要的,因为它允许了其他合约去核查代表了智能账户的签名信息是不是有效的。它是很必须的,因为在ERC-1077中,当签名可能被其他独立的合约要求查看时,不是所有的签名信息都会被智能账户传递。当基于签名信息的操作是从智能账户A -> 合约C时(即智能账户的拥有者想要传递token T给合约C时),那么外部合约是不需要这个方法来查看签名的有效性的。但是如果操作是反过来的(即合约C -> 智能账户A),那么这个外部函数肯定是必须的,我必须要确认智能账户的身份的有效性才会给他传token

We believe the name of the proposed function to be appropriate considering that an authorized signers providing proper signatures for a given data would see their signature as "valid" by the smart account. Hence, an signed action message is only valid when the signer is authorized to perform a given action on the behalf of a smart account.

我们相信该函数的名称是适当考虑到当一个授权签署者提供了适当的签名给一个给定的数据后将会看到他们的签名对于一个智能账户是“有效”的。因此,一个行动签署消息只有在签名者有权代表一个智能账户去做一个操作时才是有效的。

Two arguments are provided for simplicity of separating the data from the signature, but both could be concatenated in a single byte array if community prefers this.

提供两个参数是为了分离签名数据的简单性,但是如果社区喜欢,能够将他们串联成一个字节数组

Implementation

Existing implementations :

什么是smart account,它实现了什么功能

One example would be to have a "smart account" be an owner. A smart account is a contract that would hold all the assets of a user to facilitate a bunch of stuff and where different private key can perform different action. Some PV key could transfer assets and set permissions while others could simply play games or interact on social media on the behalf of this smart account. Smart accounts increase security and can add a bunch of critical functionalities to regular accounts in order to improve UX.

一个例子就是拥有一个“智能账户”作为所有者。智能帐户是一种合约,它持有用户的所有资产,以方便处理一堆东西,并且不同的私钥可以执行不同的操作。一些private key可以转移资产和设置权限,而另一些密钥则可以代表这个智能帐户玩游戏或在社交媒体上进行交互。智能帐户可以提高安全性,并可以向常规帐户添加一些关键功能,以改善用户体验。

Now, if this smart account, which would actually be my main account, is owner of a contract, or has a given role is some bouncer protected contract, it will need to have this kind of method.

现在,如果这个智能帐户,也就是我的主帐户,是一个合约的所有者,或者有一个给定的角色是某个受bouncer保护的合约,它就需要这种方法。

I have a strong feeling that most users will not use their regular account in the future, which offers very low security and poor UX and will most likely use a smart contract (that is, until account abstraction).

我有一种强烈的感觉,大多数用户在未来将不会使用他们的常规帐户,这提供了非常低的安全性和糟糕的UX,并且很可能会使用一个智能合约

For more info about the future of accounts and the concept of smart accounts, check out Alex van de Sande's 15 mins presentation and then mine at the EDCON Ux unconference.

想要了解更多关于账户未来和智能账户概念的信息,请查看Alex van de Sande的15分钟演讲,然后在EDCON Ux unconference上进行我的演讲。

https://www.youtube.com/watch?v=qF2lhJzngto

就是说智能账户其实是一个管控用户所有资产去做一堆事情的合约,在这里有着不同的私钥,每个私钥可以去做不同的操作

https://github.com/OpenZeppelin/openzeppelin-solidity/issues/1005

Whereas classical accounts are driven by ECDSA signed transactions, smart accounts are driven by the arbitrary logic of a smart contract. This is where it relates to the generalization of SignatureBouncerSignatureBouncer validates ECDSA signatures, but smart accounts are not backed by a key and can never produce such signatures. Thus, a smart account can never be a bouncer, unless we generalize to other authentication schemes.

传统的帐户是由ECDSA签名交易驱动的,而智能帐户是由智能合约的任意逻辑驱动的。这与签名约束的泛化有关。

SignatureBouncer验证ECDSA签名,但智能帐户没有密钥支持,永远无法生成此类签名。因此,除非我们推广到其他身份验证方案,否则智能帐户永远不可能是一个保镖。

智能账户:通过智能合约加强以太坊传统账户以改善用户使用体验

ethereum/EIPs-1271 smart contract的更多相关文章

  1. Using APIs in Your Ethereum Smart Contract with Oraclize

    Homepage Coinmonks HOMEFILTER ▼BLOCKCHAIN TUTORIALSCRYPTO ECONOMYTOP READSCONTRIBUTEFORUM & JOBS ...

  2. Truffle Smart Contract Error: Invalid number of parameter

      I followed the tutorial of quorum with truffle: https://truffleframework.com/tutorials/building-da ...

  3. Smart Contract - Hello World

    [编写Smart Contract] 1.包含头文件. #include <eosiolib/eosio.hpp> #include <eosiolib/print.hpp> ...

  4. 区块链学习5:智能合约Smart contract原理及发展历程科普知识

    ☞ ░ 前往老猿Python博文目录 ░ 一.智能合约的定义 通俗来说,智能合约就是一种在计算机系统上,当一定条件满足的情况下可被自动执行的合约,智能合约体现为一段代码及其运行环境.例如银行信用卡的自 ...

  5. 【翻译】A Next-Generation Smart Contract and Decentralized Application Platform

    原文链接:https://github.com/ethereum/wiki/wiki/White-Paper 当中本聪在2009年1月启动比特币区块链时,他同时向世界引入了两种未经测试的革命性的新概念 ...

  6. smart contract 知识点

    知识点 memory vs storage vs stack storage , where all the contract state variables reside. Every contra ...

  7. 【阿菜Writeup】Security Innovation Smart Contract CTF

    赛题地址:https://blockchain-ctf.securityinnovation.com/#/dashboard Donation 源码解析 我们只需要用外部账户调用 withdrawDo ...

  8. 【Ethereum】以太坊ERC20 Token标准完整说明

    什么是ERC20 token 市面上出现了大量的用ETH做的代币,他们都遵守REC20协议,那么我们需要知道什么是REC20协议. 概述 token代表数字资产,具有价值,但是并不是都符合特定的规范. ...

  9. 零门槛,包教会。让你在5分钟内使用以太坊ERC20智能合约发行属于自己的空气币

    前言 目前区块链是互联网中最最火的风口,没有之一.我周围的很多朋友也加入了“炒币”行列,但很不幸,几乎都被“割韭菜”了.而经过我的几天研究,发现,如果自己要发行一种空气币,简直太简单了.只需要下面几个 ...

随机推荐

  1. C#常用单元测试框架比较:XUnit、NUnit和Visual Studio(MSTest)

    做过单元测试的同学大概都知道以上几种测试框架,但我一直很好奇它们到底有什么不同,然后搜到了一篇不错的文章清楚地解释了这几种框架的最大不同之处. 地址在这里:http://www.tuicool.com ...

  2. NPOI 通过excel模板写入数据并导出

    private void ToExcel(string id) { //模板文件 string TempletFileName = Server.MapPath("template.xls& ...

  3. Yarn的运行原理(执行流程)

    服务功能 ResouceManager:     1.处理客户端的请求     2.启动和监控ApplicationMaster     3.监控nodemanager     4.资源的分配和调度 ...

  4. Hadoop小知识点总结1

    1.数据仓库warehouse一般不做更改,只做查询 2.OLTP:联机事务处理,比如:转账 OLAP:联机分析处理,比如:只做查询 3.hadoop的思想来源: GFS (Google的文件系统)即 ...

  5. 【读书笔记】iOS-属性

    assign:简单的赋值. retain:赋值之后,会调用新的retain方法和旧值的release方法. copy:表示先将值拷贝一份,然后,将这个拷贝赋值给实例变量,这个修饰词只适用于实现了NSC ...

  6. docker 安装 gitlab

    基于Docker部署GitLab环境搭建 建议虚拟机内存2G以上 1.下载镜像文件 docker pull beginor/gitlab-ce:11.0.1-ce.0 注意:一定要配置阿里云的加速镜像 ...

  7. SSM 开发 Tars

    目录结构 tars生成的文件当成 controller 来调用 service ,service 调用 mapper POM 注意如果 mybatis是3.4.1 spring 是4.1.14的话, ...

  8. tab 页形式展现多张报表

    业务系统中,很多报表都是沿用之前 EXCEL 的报表样式,原来以 sheet 格式显示的表,客户在 web 端展现的时候也希望也有同样的格式,润乾在实现这种效果和 EXCEL 一样简单灵活,轻松将数据 ...

  9. (其他)最常用的15大Eclipse开发快捷键技巧

    转自CSDNJava我人生(陈磊兴)   原文出处 引言 做java开发的,经常会用Eclipse或者MyEclise集成开发环境,一些实用的Eclipse快捷键和使用技巧,可以在平常开发中节约出很多 ...

  10. 在Java中调用C/C++本地库

    JNI是Java Native Interface的英文缩写, 中文翻译为本地调用, 自从Java 1.1开始就成为了Java标准的一部分. C/C++是系统级的编程语言, 可以用来开发任何和系统相关 ...