Replies: 7 comments
-
Hello @gitmachtl , Thank you for reaching out and expressing interest in our repository! I'd like to better understand your use case for generating a VRF proof signature (and verifying a VRF proof). Could you please provide more context about what you are building or trying to achieve? Some example scenarios would go a long way in helping us understand your use case as well as help us better tailor the functions/features/APIs to meet your needs. Teddy |
Beta Was this translation helpful? Give feedback.
-
Hey @teddyjfpender, thx for your reply. We (Ambassadors and ToolDevs) are currently working on some additional CIPs in addition to CIP22 to use the VRF keys as a prove of pool ownership. The problem is, that the special IOG/Algorand libsodium fork/flavour is not ported to many programming languages. Currently there is only one tool (Andrews cncli) that can do that job. I have made another tool cardano-signer (https://github.com/gitmachtl/cardano-signer) based on NodeJS, which can do various signing/verification stuff. The one thing that is missing, is the possiblity to also use VRF keys. So, the VRF keys are normal ed25519 keys. Could be used in that way, but i had a talk with Inigo and he did some testing. The outcome was, that there is a high security risk on using the VRF key with other signing methods. The secret key could be exposed. So only the internally used method with the 80byte prove should be used. I was searching around if there is any solution yet for NodeJS to use the VRF keys with the internally used method from libsodium, but there is none. What i have found is a python solution as a proof of concept (terrible performance), i have uploaded it here (https://github.com/gitmachtl/cardano-related-stuff/tree/master/vrf-demo). But the community needs a good JS implementation of such a core function. As there are already some VRF implementations present in the cardano-js-sdk, it would maybe not be that hard to also add a signing(prove)/hash/verify function? Best regards, |
Beta Was this translation helpful? Give feedback.
-
Understood @gitmachtl ! If you were to use VRF keys as a proof of pool ownership, in what scenarios do you think you'd find that useful? I can imagine one scenario would be where an SPO is looking to communicate/coordinate with delegators, of course convincing the delegators would require constructing a verifiable-proof as well as the delegators' abilities to verify the proof. Perhaps there are others you have in mind? 😄 Teddy |
Beta Was this translation helpful? Give feedback.
-
The current target usecase is to provide voting tools for SPOs. The idea is to do it similar to the upcoming CIP36 method for Catalyst Voting. Assigning a freely generated voting key to a vrf key, so that the vrf key does not have to be used every time. But for that Assignment the "registration" must be signed with the vrf secret key. And of course verified later on. So thats one scenario. The VRF key is the only key that every SPO is having as a cli based key that can be used to proof pool ownership. If you would think about using the pool cold key, that would be possible, but it would 1) exclude all SPOs using hw-wallet based pool cold keys and 2) it would add security risks to expose a pool cold key, which is the worst case scenario. The VRF key is already on the BP nodes. And even it would get exposed, a new one can be generated with a pool-re-registration. So, the VRF key is an excellent choice for such tasks. |
Beta Was this translation helpful? Give feedback.
-
Got it, thanks for this information Martin it is much appreciated! |
Beta Was this translation helpful? Give feedback.
-
this functionality - as already described by @gitmachtl - would help us at CF too to finalize the design of the upcoming SPO poll. The more we know about supported libs and tools, the better it is for us choosing this as our way to go. |
Beta Was this translation helpful? Give feedback.
-
In general, it's useful to have more than a single C implementation of the VRF algorithm in cardano (libsodium fork). The VRF key is a good choice to use for pool operators as it proves pool ownership, but the downside risk of exposing the VRF key is much lower than using the pool cold keys. The VRF key can always be re-generated if it is ever compromised. |
Beta Was this translation helpful? Give feedback.
-
Describe the feature you'd like
Hi,
are there any functions available that would allow:
Thank you very much!
Best regards,
Martin
Describe alternatives you've considered
I have searched for any other libaries out there including algorand vrf stuff, that i could use with node js. But no luck.
Would you be willing to implement it?
Beta Was this translation helpful? Give feedback.
All reactions