Skip to content

Commit

Permalink
3074: add nonce to auth msg to provide revocation
Browse files Browse the repository at this point in the history
  • Loading branch information
@lightclient
lightclient committed Dec 20, 2023
1 parent 94237c2 commit e2a5001
Showing 1 changed file with 5 additions and 3 deletions.
8 changes: 5 additions & 3 deletions EIPS/eip-3074.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -92,10 +92,11 @@ If `length` is greater than 97, the extra bytes are ignored for signature verifi

`authority` is the address of the account which generated the signature.

The arguments (`yParity`, `r`, `s`) are interpreted as an ECDSA signature on the secp256k1 curve over the message `keccak256(MAGIC || chainId || paddedInvokerAddress || commit)`, where:
The arguments (`yParity`, `r`, `s`) are interpreted as an ECDSA signature on the secp256k1 curve over the message `keccak256(MAGIC || chainId || nonce || invokerAddress || commit)`, where:

- `chainId` is the current chain's [EIP-155](./eip-155.md) unique identifier padded to 32 bytes.
- `paddedInvokerAddress` is the address of the contract executing `AUTH` (or the active state address in the context of `CALLCODE` or `DELEGATECALL`), left-padded with zeroes to a total of 32 bytes (ex. `0x000000000000000000000000AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA`).
- `nonce` is the signer's nonce after which the message will be considered invalid, left-padded to 32 bytes.
- `invokerAddress` is the address of the contract executing `AUTH` (or the active state address in the context of `CALLCODE` or `DELEGATECALL`), left-padded with zeroes to a total of 32 bytes (ex. `0x000000000000000000000000AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA`).
- `commit`, one of the arguments passed into `AUTH`, is a 32-byte value that can be used to commit to specific additional validity conditions in the invoker's pre-processing logic (e.g. a nonce for replay protection).

Signature validity and signer recovery is handled analogously to transaction signatures, including the stricter `s` range for preventing ECDSA malleability. Note that `yParity` is expected to be `0` or `1`.
Expand All @@ -109,7 +110,8 @@ If the signature is valid and the signer address is equal to `authority`, the co
The gas cost for `AUTH` is equal to the sum of:

- fixed fee `3100`.
- memory expansion gas cost (`auth_memory_expansion_fee`)
- memory expansion gas cost (`auth_memory_expansion_fee`).
- `100` if `authority` is warm, `2600` if it is cold (per [EIP-2929](./eip-2929.md)).

The fixed fee is equal to the cost for the `ecrecover` precompile, plus a bit extra to cover a keccak256 hash and some additional logic.

Expand Down

0 comments on commit e2a5001

Please sign in to comment.