Add Batch Sig Algorithm #175
Conversation
This patch adds a batch signature algorithm, by allowing a signer to pass in a pre-pad and post-pad. When those exist, we verify `keccak(prepad • eip712_keccak • postpad)`. We posit that this allows us to sign two EIP-712 signatures with a single digital signature. Specifically, the user will sign `keccak(eip712_keccak_0, eip712_keccak_1)`. Then when we want to verify the first one, we pass in the quark operation with a prepad="" postpad=eip712_keccak_1. To verify the second signature, we pass in the second quark operation with prepad=eip712_keccak_0 and postpad="". We posit that this is safe and effective. As a note: we do not run the double keccak if prepad="" postpad="" to allow standard EIP-712 signatures to be normal.
There was a problem hiding this comment.
some solidity lint seems failing. But lgtm.
I'm still wrapping my head around the scenarios. 😄
So user can sign one signatures, and be executed multiple times based on how many "real" signature is embedded in the signaure and iterating based on pre-pad post-pad 🤔
|
Cool idea and your postulates seem correct. Nice to see that this would work even for two transactions on different chains. In terms of improvements, I think we can extend this to batch more than 2 transactions by taking a list of |
There was a problem hiding this comment.
I promote ⛑️ 's suggestions, it would be good to see a healthy discussion about the ux of this approach and whether it can be better. (while keeping it to a reasonable added cost)
However, I will consider that non-blocking. Overall LGTM on CI fixes, which look like they should be easy.
A different flavor of Batch sigs (#175). `MultiQuarkOperation`s allows a signer to sign a single digest to execute multiple Quark Operations on any number of wallets owned by the signer on any number of chains. The most practical application of this is cross-chain operations, such as "Bridge USDC from mainnet to Base -> Supply USDC to a lending protocol on Base". `MultiQuarkOperation` signatures conform to EIP-712. This means that it has its own typehash and domain separator. The domain separator is special in that it does not include `chainId` and `verifyingContract`. This is to enable a single `MultiQuarkOperation` to support operations spanning different wallets and chains. This is safe because each `opsDigest` in the `MultiQuarkOperation` is already scoped to a specific `chainId` and `verifyingContract`, since each of these are a EIP-712 digest for a `QuarkOperation`.
|
Closing in favor of #186 |
This patch adds a batch signature algorithm, by allowing a signer to pass in a pre-pad and post-pad. When those exist, we verify
keccak(prepad • eip712_keccak • postpad). We posit that this allows us to sign two EIP-712 signatures with a single digital signature. Specifically, the user will signkeccak(eip712_keccak_0, eip712_keccak_1). Then when we want to verify the first one, we pass in the quark operation with a prepad="" postpad=eip712_keccak_1. To verify the second signature, we pass in the second quark operation with prepad=eip712_keccak_0 and postpad="". We posit that this is safe and effective.As a note: we do not run the double keccak if prepad="" postpad="" to allow standard EIP-712 signatures to be normal.