Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

serve session keys as proxies with roles #1654

Open
brenzi opened this issue Nov 27, 2024 · 0 comments · May be fixed by #1655
Open

serve session keys as proxies with roles #1654

brenzi opened this issue Nov 27, 2024 · 0 comments · May be fixed by #1655
Assignees
@brenzi

Comments

@brenzi
Copy link
Collaborator

brenzi commented Nov 27, 2024
edited
Loading

Goal:

  • Only one single signature in browser signer extension needed at the beginning of a session. All further actions (if desired) can by signed with in-mem secrets
  • At first use, a second signature is acceptable (to set up proxies with a deposit)
  • Optionally, allow specific operations when returning to the app later with the same machine without new signature.

UX flow diagram: integritee-network/try-incognitee-app#94

Motivation:

UX of Incognitee is currently throttled by the many times the user needs to sign using the browser extension. Session keys which are either in-mem only or even persisted in the browser's local storage could significantly improve UX. Balances and message history could be read without extra signature and all other actions could be taken with just one initial signature per session

more thoughts on wallet UX: https://integritee.atlassian.net/wiki/spaces/INTEGRITEE/pages/938409985/Incognitee+Wallet+UX

Roles:

  • ReadBalance: see balance only, no messages. useful for proof-of-reserves
  • ReadAny: query recent transaction history and notes/messages
  • NonTransfer: Read + send messages + guess the number (pay fees, but not send funds)
  • Any: full proxy authorization, incl. transfer

Security tradeoff:

  • Read and NonTransfer keys could possibly be persisted
  • Any should only stay in-mem and vanish if the tab is closed

Custody:

  • secrets are stored in confidential sidechain state and can be fetched by the owner only (the proxied account)
  • nevertheless, the user is custodian in the sense that only the user can retrieve the session keys. The user still needs to safely store the proxied account (at least until we have usernames+pwd: client-side encrypted server side storage for private key try-incognitee-app#48) which could be a logical next step

STF Design

new TrustedGetters

  • getAccountDataAndProxies
    • in order to allow a single signature at start, we need to know balance and proxies with a single getter

new TrustedCall

  • addProxy(proxiedaccount, proxyaccount, Role, Option<Expiry>, Seed)
    • costs a deposit of 0.1 TEER

extend TrustedGetterSigned and TrustedCallSigned with a field delegate defining who signed the call

runtime

a new pallet session-proxy which manly stores:

StorageDoubleMap(proxied, proxy, SessionProxy)

SessionProxy {
  (proxy: AccountId)
  role: ProxyRole
  expiry: Option<Moment>
  seed: [u8; 32]
}

ProxyRole {
   ReadBalance
   ReadAny
   NonTransfer
   Any
}

nonce & fees

Special care needs to be taken concerning the nonce. As session proxies are not proper accounts on the runtime, they have no nonce. therefore they use the nonce of the delegator

Also fees must be paid by the delegator
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@brenzi brenzi

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

session-proxy for delegate signing and key storage integritee-network/worker
1 participant
@brenzi