Skip to content
This repository has been archived by the owner on Nov 15, 2023. It is now read-only.

Update to schnorrkel 0.8.0 #3267

Merged
merged 11 commits into from
Aug 7, 2019
Merged

Update to schnorrkel 0.8.0 #3267

merged 11 commits into from
Aug 7, 2019

Conversation

bkchr
Copy link
Member

@bkchr bkchr commented Jul 31, 2019

@bkchr bkchr added the A0-please_review Pull request needs code review. label Jul 31, 2019
@bkchr bkchr requested a review from gavofyork July 31, 2019 09:00
@burdges
Copy link

burdges commented Jul 31, 2019

It looks good! Just one new signature test vector, but that's fine for a new network like kusama.

We'll need to add more test vectors into schnorkel itself of course. w3f/schnorrkel#36

Just fyi, w3f/schnorrkel#9 contains my internal debate about using ed25519 style secret key derivation, never a clear decision.

@bkchr bkchr requested a review from jacogr July 31, 2019 09:08
@jacogr jacogr mentioned this pull request Jul 31, 2019
Merged
@jacogr
Copy link
Contributor

jacogr commented Jul 31, 2019
edited
Loading

Derives are different, i.e 0.8

$ cargo run --release -- inspect "//Alice"
    Finished release [optimized] target(s) in 3.14s
     Running `.../target/release/subkey inspect //Alice`
Secret Key URI `//Alice` is account:
  Public key (hex): 0xe2d5259549e73bffe82a6132d0bb4b6ca9fa8d78ef063c4b58d28da7ec319767
  Address (SS58): 5HC7zmvyyESMevkCTJi7YQnPwujJc1d5K5Bya5kJAtxgSQn7

vs 0.1.1

$ cargo run --release -- inspect "//Alice"
    Finished release [optimized] target(s) in 1.52s
     Running .../target/release/subkey inspect //Alice`
Secret Key URI `//Alice` is account:
  Public key (hex): 0xd43593c715fdd31c61141abd04a99fd6822c8558854ccde39a5684e7a56da27d
  Address (SS58): 5GrwvaEF5zXb26Fz9rcQpDWS57CtERHpNehXCPcNoHGKutQY

Update: Solved with 0.8.3, also has tests for both pair hard & soft derivations now

jacogr and others added 2 commits August 1, 2019 14:22
@jacogr @bkchr
Bump schnorrkel to 0.8.3 (#3283)
e59e24d 
* Schnorrkel 0.8.1 (builds on bkchr upgrade branch)

* Add tests for known hard/soft derivation values

* Bump all schnorrkel versions

* Flatten for easier inspection

* 0.8.2

* 0.8.3

* Update subkey/Cargo.toml

Co-Authored-By: Bastian Köcher <[email protected]>
@bkchr
Update Cargo.lock
fa753ab
jacogr
jacogr reviewed Aug 1, 2019
View reviewed changes
Copy link
Contributor

@jacogr jacogr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So not 100% sure I should "approve" since I did some, however can "comment"...

lgtm, with the extended tests it does cater for checking the derives (against known) and well as older sigs as well, which are the 2 major compatibility pain-points in the 0.8 bump. (And has ripple-effects into the ecosystem, e.g. wallets and already generated addresses)

jacogr
jacogr reviewed Aug 1, 2019
View reviewed changes
core/primitives/src/sr25519.rs Outdated
}

#[test]
fn derive_hard_known_pair_should_work() {
Copy link
Contributor

@jacogr jacogr Aug 1, 2019
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One thing to be aware of (which is biting me on the JS-side). When storing a keypair from 0.1.1 (i.e. the secretKey/publicKey or just the combined 96-bytes) and trying to import that via the new schnorrkel, well, it is not that happy.

For any minisecret it would seem the pair derivation yields the same publicKey, but the secretKey part of the generated bundle is not the same. As an example for the same values...

0.1.1 -

sk: 28b0ae221c6bb06856b287f60d7ea0d98552ea5a16db16956849aa371db3eb51fd190cce74df356432b410bd64682309d6dedb27c76845daf388557cbac3ca34
pk: 46ebddef8cd9bb167dc30878d7113b7e168e6f0646beffd77d69d39bad76b47a

0.8.3 -

sk: 05d65584630d16cd4af6d0bec10f34bb504a5dcb62dba2122d49f5a663763d0afd190cce74df356432b410bd64682309d6dedb27c76845daf388557cbac3ca34
pk: 46ebddef8cd9bb167dc30878d7113b7e168e6f0646beffd77d69d39bad76b47a

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is a way around this which is employed in the polkadot-js/wasm to remain compatible with pairs created/stored on exiting wallets. (Basically using the Keypair from_half_ed25519 and to_half_ed25519_bytes)

If required here, it should be available in 0.8.4 when that is published.

kianenigma
kianenigma approved these changes Aug 5, 2019
View reviewed changes
Copy link
Contributor

@kianenigma kianenigma left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks to be good as far as I have talked around: The only case where something might go wrong is if: similar to wallet restore some keys are generated, dumped, and need to be later restored. Looks like we don't have this.

Hence, this PR should be good to be merged and any API should put some effort into supporting networks prior to this (i.e. Alex).

@gavofyork
Copy link
Member

gavofyork commented Aug 7, 2019
edited
Loading

@burdges @jacogr do we have test vectors for both hard and soft derivation? i don't want people with derived kusama keys (like me :-) ) to end up with different addresses.

Code looks like it, but just want to be sure :)

@jacogr
Copy link
Contributor

jacogr commented Aug 7, 2019

@gavofyork I added those since @bkchr suggested them (they were massaged into shape by @kianenigma). The only difference between them and the existing derivation tests are that they actually check the resulting public keys against known, which previously was missing.

If the pair serialization format is important, we should certainly add tests for checking against known for those as well, those are different here to the current 0.1.1 formats. (It is important for wallets, hence the WASM has extended tests for those in addition to the public key parts catered for here)

For the w3f/schnorrkel repo itself, similar tests are now the code as comments, however the test vectors there are WIP.

@folsen folsen merged commit e2d9619 into master Aug 7, 2019
@folsen folsen deleted the bkchr-schnorrkel-new-version branch August 7, 2019 10:59
@burdges
Copy link

burdges commented Aug 7, 2019

If you use ExpandionMode::Ed25519 then all derivations should now agree with 0.1.1, and I think @jacogr old test vectors confirm this. I'd suggest running more tests with a version of subkey using 0.8.4 of course. ;)

We've a very minor change in the serialization format for expanded secret keys, but the from_*_ed25519_bytes methods do the old method. A deserializer can test if the public key still agrees to figure out if you're deserializating the old or new format, but any code compiled with 0.1.1 cannot deserialize the new keys.

I've one change w3f/schnorrkel@38f726e in derive.rs since 0.8.4 but it only impacts the nonce of the derived key, and thus cannot impact key or signature validity. In fact, it makes it possible to write a full test vector including the nonce seed using attach_rng. :)

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@jacogr jacogr jacogr left review comments

@Demi-Marie Demi-Marie Demi-Marie approved these changes

@kianenigma kianenigma kianenigma approved these changes

@gavofyork gavofyork gavofyork approved these changes

Assignees
No one assigned
Labels
A0-please_review Pull request needs code review.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@bkchr @burdges @jacogr @gavofyork @kianenigma @Demi-Marie @folsen