Add support for PubKey into PubKeyHash conversion on-chain
#5369
Comments
uhbif19
changed the title
PubKey into PubKeyHash conversion on-chainPubKey into PubKeyHash conversion on-chain
|
@michaelpj could you please take a look at this one? |
|
Unfortunately, Michael is going to be on leave for a while. I've been jumping around asking people if there's a way to convert a I need to triage the issue somehow, so I'm going to triage it with "Low priority" (given that there's a sensible workaround) as I'm not sure what else I can do about it right now... |
effectfully
added
Low priority
|
Looking on previous such issues (byte operations or something like that), I think this is up for CIP, cuz changes user primops list. Is that right?
There is no "sensible" workaround, AFAIK. Leaving it to off-chain as we do have different security guaranties, same as any other oracle implementation. |
|
The Plutus Tools team pointed me to how a Does this make sense to you? Adding new builtins is generally low-priority, hence I'm going to keep this issue as is for now, but we'll need to discuss with the team if adding |
Yeah, that's what I think too, and if you or somebody else created a CIP we'd highly appreciate that.
I see, thank you, I agree with your assessment. |
|
This inconsistency between
The upshot of this is that whenever we're building applications where we care about which both the transactions and data that our users sign, we need to keep track of both their @effectfully |
It is not only that, but overall need to check that correspondence off-chain. In some cases it is possible to do this not making on-chain security worse (like in hydra-auction project), while it still complicates security reasoning. In some cases I believe it is not possible at all (as I believe in case of voting on Hydra in POCRE project), at least without changing interaction design from signing datum into signing transactions (which is worse, cuz does not support re-submiting tx on side of delegate server). |
I already did:
but let me elaborate. Firstly, "low-priority" doesn't mean that we don't care or are not going to do it, it only means that we don't need to track it closely in the nearest future possible (unlike bugs or serious but easily fixable inefficiencies for example). Secondly, any extension to the language needs to go through an approval of multiple people, often from different teams, and is generally a non-trivial process, particularly for crypto primitives that members of the Plutus team aren't familiar with (and we don't have any crypto experts among us). What this means is that in order to add any crypto primitive we need to reach out to a crypto expert and ask them to scrutinize it carefully, as well as review the implementation by a member of the Plutus team, plus a change to the specification. It's a lot of work, so before we commit to that, it is ideal for us to make sure that this is indeed something that we want, so that we don't end up spending a lot of time on something that isn't very helpful. And the way we ensure that is by having a CIP that we can read and ask other people to read, including various stakeholders who make the final decision. Basically, it's a complicated and time consuming process, which is why having a CIP is a prerequisite for starting it. Sometimes we feel confident and not overloaded already, so we create a CIP ourselves. Other times we wait for the community to demonstrate us the need for a builtin by submitting a CIP. And even in this case it can take a while, e.g. the bitwise operations CIP that was approved long ago is still not done despite there being a PR. We're a fairly small team responsible for lots of different things working in a setting with an extremely high cost of failure, so some things just don't move as fast as everyone would like to. Hope this explains why I labeled the ticket as "low-priority". @GeorgeFlerovsky and @uhbif19 thanks a lot for the examples, those are going to be very helpful once we start discussing the possibility of adding the builtin. |
|
@effectfully Thank you so much for the detailed reply. Indeed, a thorough discussion via CIP seems warranted here — adding a new crypto primitive is important to get right. 🙂 We'll go ahead and start that process. Incidentally, we may have some crypto experts available on our end who may be able to advise on this. |
@GeorgeFlerovsky thank you a ton for considering this, it would be invaluable for us. Any kind of help from the community is always highly appreciated and I personally insist that in the Plutus team we need to prioritize things that folks helped us with, because at that point it's very clear that the community does care about the specific functionality. |
|
@effectfully Am I understanding correctly, that with this PR, this issue can be done with new primops? |
I don't know, sorry. @kwxm do you happen to know? If not, any idea who might? |
I believe so, but only with Plutus V3, which won't be on mainnet until Conway. |
|
@effectfully @GeorgeFlerovsky Are there any reference for Plutus/blockchain versions compability? |
The Conway era is here, hence I'm going to claim that this issue is resolved. If that claim is wrong, please do let us know and feel free to reopen the issue. |
|
@effectfully Correct. This issue is resolved because Plutus V3 added the Blake2b_224 hashing builtin: |
Describe the feature you'd like
Tx signatures only can be checked using
PubKeyHash.But datum signatures only can be checked using
PubKey.So naturally we would use
PubKeyto check both of them, but we cannot find a way to convert it toPubKeyHashon-chain.Describe alternatives you've considered
For now we including the pair of
PubKeyand its hash, and rely on off-chain code to check that they do match.This hack is described in our spec:
https://github.com/mlabs-haskell/hydra-auction/blob/staging/doc/on_chain_spec.md#parameters-and-state
The text was updated successfully, but these errors were encountered: