EIP ERC App Keys: application specific wallet accounts

Bunjin · March 18, 2019, 4:01pm

Thanks for your detailed answer @gravityblast. Now I think understand better what you are aiming at and how our efforts relate.

A] First of all a few comments about your EIP1581 and what you mentionned about your choice of an HD Path:

HD path BIP44:

HD Path BIP32 compliant
BIP 43 only suggests that the first field should be a purpose field,

m / purpose' / *

Then there is BIP 44 that specifies the whole path as

m / purpose' / coin_type' / account' / change / address_index

and SLIP44

This uses a purpose field of 44
and not 43 as mentioned in your link by arachnid and a PR (not merged by LukeJr).

See my references and also the Ethereum EIPs that specifies that we should use

m/44'/60'/a'/0/n'

and slip44 list : https://github.com/satoshilabs/slips/blob/master/slip-0044.md

So in any case if you are willing to use BIP44, I think you should use purpose field 44’ and not 43’, no matter the coin type.

HD path BIP43 deviating from BIP44:

When deviating from BIP44, one should use a different purpose field than 44’ but it has not been standardized to use 43’ and cointype’.

In fact several other indexes have been already used and standardized see:

and what I mention in the EIP, where I reference all these:

github.com

ethereum/EIPs/blob/1ae40193625ddaf9f1ac1c28d661fbce5ed5feac/EIPS/eip-1775.md#hd-derivation-path-purpose-field

---
eip: 1775
title: App Keys, application specific wallet accounts
author: Vincent Eli (@Bunjin), Dan Finlay (@DanFinlay)
discussions-to: https://ethereum-magicians.org/t/eip-erc-app-keys-application-specific-wallet-accounts/2742
status: Draft
type: Standards Track
category: ERC
created: 2019-02-20
requires: 137
replaces: 1581
---

<!--You can leave these HTML comments in your merged EIP and delete the visible duplicate text guides, they will not appear and may be helpful to refer to if you edit it again. This is the suggested template for new EIPs. Note that an EIP number will be assigned by an editor. When opening a pull request to submit your EIP, please use an abbreviated title in the filename, `eip-draft_title_abbrev.md`. The title should be 44 characters or less.-->
## Simple Summary
<!--"If you can't explain it simply, you don't understand it well enough." Provide a simplified and layman-accessible explanation of the EIP.-->

Among others cryptographic applications, scalability and privacy solutions for ethereum blockchain require that an user performs a significant amount of signing operations. It may also require her to watch some state and be ready to sign data automatically (e.g. sign a state or contest a withdraw). The way wallets currently implement accounts poses several obstacles to the development of a complete web3.0 experience both in terms of UX, security and privacy.

This proposal describes a standard and api for a new type of wallet accounts that are derived specifically for a each given application. We propose to call them `app keys`. They allow to isolate the accounts used for each application, thus potentially increasing privacy. They also allow to give more control to the applications developpers over account management and signing delegation. For these app keys, wallets can have a more permissive level of security (e.g. not requesting user's confirmation) while keeping main accounts secure. Finally wallets can also implement a different behavior such as allowing to sign transactions without broadcasting them.

This file has been truncated. show original

Importantly, I don’t see why these standards should be related to a coin type and I would refuse to restrict to what luke JR suggested (that wasn’t merged) as :

m / 43' / coin_type' / subpurpose' /

Imho that’s too restrictive to subject these to a coin_type.

B] Now about your use case and how EIP1775 could allow for it:

I understand and agree that it’s an important use case to be able to implement non transacting, cross apps/domains keys (for instance for chat or others).

For that I see two alternatives:

develop an EIP alongside 1775, such as yours
but then I’d recommend to use a different purpose field than 43 and 44, and not used already also I think we should remove the coin type since apps such as chat are not necessarly related to a coin.
[I favor this approach for the sake of simplicity] Use EIP 1775 to encompass all in the following way:
For cross applications non transacting keys (not main accounts), we need a different naming scheme than DNS or ENS and we assume that the wallet or the clients will not have to authenticate these but will include them in their core logic.

This naming scheme would be something like cak:[name]
where cak (cross app key is just a header that allows to fully distinguish these from DNS/ENS) and name is the standardized name of the use case.

e.g.: cak:whisper, cak:ssh, cak:swarm …

we also need to specify the hashing scheme for these in a way that ensures no collision with the current hashing in EIP1775 of ENS/DNS names. It should be fairly easy.

With this 2nd approach, this would mean 3 types of keys:

main accounts (along BIP44 eth standard, and potentially for other cryptocurencies too)
EIP1775 app specific keys authenticated through ENS and/or DNS
EIP1775 cross apps/domains keys not authenticated but included in the wallet/client.