ECDSA signing capability

Question

ECDSA signing capability

goastler opened this issue 2 years ago · 6 comments

goastler commented 2 years ago

@forgetso

Answer 1 · 2023-03-22T15:19:08.000Z

It can be added -

for the account creation, the overhead/advanced selection of crypto type is not something we are going to be doing (it is really kept bare-bones and simple, trying to not bombard with options)
via JSON import, you can import any type of account (e.g something created via the apps UI, or any wallet with account export functionality), either sr15519, ed25519 or ecdsa

Answer 2 · 2023-03-22T16:27:49.000Z

So account creation is fixed to sr25519, which is fair enough and does keep things simple. I'm not familiar with the overhead associated, but could the accounts be loaded in all formats (ecdsa, ed25519, sr25519) to provide a signing mechanism for any crypto type?

Importing the account is not an option for us as our users would have already loaded their account into the extension, defaulting to sr25519 format. I have managed to import a test account via JSON and set the account type to ecdsa, and this works. However not having control over the user's account, I cannot do the same with theirs

Thanks for your help :)

Answer 3 · 2023-03-23T06:46:28.000Z

Yes, it is a bit of an issue for this usecase.

We really don't want to triple-up on accounts created, for instance in my specific case that would mean going from 70 accounts managed to 210. (Even on light use, say 5 accounts, it would me 15 - which goes from "easy" to "unwieldly") Each account has an own address (publicKey) and own secret, so it is not really an option "hiding it somewhere", it needs to be exposed as an account to enable functionality on it.

TL;DR There is no solution for this specific requirement as it stands.

Answer 4 · 2023-03-23T09:21:46.000Z

I completely appreciate that, it's definitely a tricky problem.

Given the overhead of loading accounts in all formats as you've described, could we do that on-demand per account? E.g. say I have account A, B and C all in sr25519 format. Could we add a function to reload an account in a different format? Perhaps accountB.reload('edcsa')? This would replace the current sr25519 version with an ecdsa version. This way there is only ever 3 accounts, minimising overhead

Answer 5 · 2023-04-18T09:43:54.000Z

I agree with @goastler 's request of ECDSA signing capability in Polkadot.js extension. Your question and comments on Stackexchange (https://substrate.stackexchange.com/questions/7625/how-to-sign-a-payload-using-ecdsa-in-polkadotjs/7801#7801) was very helpful.

I have researched "signing a transaction payload offline with aws KMS (ECDSA secp256k1 curve)" on Polkadot blockchain as we were motivated from AWS blockchain research (https://aws.amazon.com/blogs/database/part1-use-aws-kms-to-securely-manage-ethereum-accounts/) where an Ethereum transaction payload is signed offline in HSM (Hardware Security Module) managed by aws KMS.

I am exploring an alternative way for ECDSA signing in Polkadot. I have raised a question on Stackexchange (https://substrate.stackexchange.com/questions/8135/what-informations-consist-of-a-signature-which-is-generated-when-siging-a-transa)

I would be grateful if @jacogr and @goastler could visit it and leave some advice. Thanks