From b5e6dbe2bd9022cc60b3170b0b265352a9312341 Mon Sep 17 00:00:00 2001 From: Ye Park Date: Wed, 11 Sep 2024 09:10:13 +0000 Subject: [PATCH 1/4] Add AIP for private entry function for multisig creation --- aips/aip-x.md | 100 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 100 insertions(+) create mode 100644 aips/aip-x.md diff --git a/aips/aip-x.md b/aips/aip-x.md new file mode 100644 index 00000000..8c1beace --- /dev/null +++ b/aips/aip-x.md @@ -0,0 +1,100 @@ +--- +aip: +title: Private Entry Function for Multisig Account Creation +author: yeptos (https://github.com/yeptos), gregnazario, lightmark? +discussions-to (*optional): +Status: Draft +last-call-end-date (*optional): +type: Standard (Framework) +created: 9/10/2024 +updated (*optional): +requires (*optional): +--- + +# AIP-X - Private Entry Function for Multisig Account Creation + +## Summary + +This AIP proposes adding new private entry functions to allow an existing Aptos account to create a multisig account using a signer, without requiring complex steps to generate a signature of a struct as proof. Currently, only accounts with Ed25519 and MultiEd25519 authentication schemes can migrate to multisig accounts. This enhancement will enable any account with any authentication key scheme to create a multisig account on top of it, providing a straightforward migration path from any accounts to multisig v2 accounts. + +### Out of Scope + +This AIP does not cover changes to other aspects of multisig account functionality beyond the creation process from an existing account. + +## High-level Overview + +The proposal introduces two new private entry functions in the `multisig_account` module: + +- `create_with_existing_account_call`: Creates a new multisig account on top of an existing account without revoking the original auth key. + +- `create_with_existing_account_and_revoke_auth_key_call`: Creates a new multisig account on top of an existing account and immediately rotates the original auth key to 0x0. + +These functions simplify the process of creating a multisig account from an existing account, regardless of its authentication key scheme. This is particularly useful for migrating from multi-key accounts to multisig accounts, which is currently not possible. + +## Impact + +This change will impact developers and users who want to create multisig accounts from existing accounts, especially those with authentication schemes other than Ed25519 and legacy MultiEd25519. It provides a more inclusive and flexible method for account migration and multisig setup. + +- Developers can now easily implement multisig account creation for any existing account type, not just those with Ed25519 and MultiEd25519 schemes. +- Users with existing accounts using any authentication scheme can now transition to multisig accounts, which was previously limited. +- This change enhances the usability and adoption of multisig accounts in the Aptos ecosystem, opening up new possibilities for account management and security across all account types. + +## Alternative solutions + +The currently existing multisig account creation functions, `create_with_existing_account` and `create_with_existing_account_and_revoke_auth_key`, require a signature of a struct as proof. However, the verification of this signature only works for Ed25519 and MultiEd25519 authentication schemes, excluding accounts with newer schemes like Multi-key or Keyless. + +One alternative solution could be to upgrade the on-chain signature verification logic to support all signature types. However, this approach doesn't solve the usability issue of requiring users to sign a struct, which remains cumbersome regardless of the authentication scheme. + +This proposal offers a more user-friendly approach by introducing new private entry functions that work with a signer, providing a simpler migration path for all account types, regardless of their authentication scheme. + + +## Specification and Implementation Details + +This proposal introduces two new entry functions in the `multisig_account` module: + +1. `create_with_existing_account_call`: Creates a multisig account without revoking the original auth key. +2. `create_with_existing_account_and_revoke_auth_key_call`: Creates a multisig account and rotates the original auth key to 0x0. + +These functions are named following the convention of the `account::rotate_authentication_key_call` function, which similarly takes a signer instead of a signature as proof. + +## Reference Implementation + +// To be replaced with a pull request on aptos-core + +## Testing + +The implementation includes new unit tests in the `multisig_account.move` file: + +- `test_create_multisig_account_on_top_of_existing_with_signer`: Tests creating a multisig account on top of an existing account using a signer +- `test_create_multisig_account_on_top_of_existing_and_revoke_auth_key_with_signer`: Tests creating a multisig account and revoking the auth key + +These tests cover the basic functionality of the new functions. + +## Risks and Drawbacks + +The `create_with_existing_account_and_revoke_auth_key_call` function rotates the auth key to 0x0 and revokes capability offers, which irreversibly changes account control. Developers and users should be well-informed about this consequence. + +## Security Considerations + +The `create_with_existing_account_and_revoke_auth_key_call` function rotates the auth key to 0x0 and revokes capability offers, which irreversibly changes account control. Developers and users should be well-informed about this consequence. + + +## Future Potential + +1. This change could lead to increased adoption of multisig accounts in the Aptos ecosystem. +2. It may inspire further improvements in account migration and management tools. +3. The simplified creation process could encourage the development of more complex governance structures built on multisig accounts. + +## Timeline + +### Suggested implementation timeline + +// TODO + +### Suggested developer platform support timeline + +// TODO + +### Suggested deployment timeline + +// TODO From 92a64fcf1002103e81386cbf4a3ea4b3a6676bdc Mon Sep 17 00:00:00 2001 From: Ye Park Date: Sun, 15 Sep 2024 10:02:00 +0000 Subject: [PATCH 2/4] apply review --- aips/aip-x.md | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/aips/aip-x.md b/aips/aip-x.md index 8c1beace..23a37640 100644 --- a/aips/aip-x.md +++ b/aips/aip-x.md @@ -1,7 +1,7 @@ --- aip: title: Private Entry Function for Multisig Account Creation -author: yeptos (https://github.com/yeptos), gregnazario, lightmark? +author: yeptos (https://github.com/yeptos), gregnazario (https://github.com/gregnazario) discussions-to (*optional): Status: Draft last-call-end-date (*optional): @@ -31,6 +31,8 @@ The proposal introduces two new private entry functions in the `multisig_account These functions simplify the process of creating a multisig account from an existing account, regardless of its authentication key scheme. This is particularly useful for migrating from multi-key accounts to multisig accounts, which is currently not possible. +This proposal mirrors changes implemented in commit https://github.com/aptos-labs/aptos-core/commit/fdc041f37e4cb17d2c7f4bb2e0ad784a3f007614, where a private entry function was introduced for account key rotation with a similar purpose. + ## Impact This change will impact developers and users who want to create multisig accounts from existing accounts, especially those with authentication schemes other than Ed25519 and legacy MultiEd25519. It provides a more inclusive and flexible method for account migration and multisig setup. @@ -47,7 +49,6 @@ One alternative solution could be to upgrade the on-chain signature verification This proposal offers a more user-friendly approach by introducing new private entry functions that work with a signer, providing a simpler migration path for all account types, regardless of their authentication scheme. - ## Specification and Implementation Details This proposal introduces two new entry functions in the `multisig_account` module: @@ -59,7 +60,7 @@ These functions are named following the convention of the `account::rotate_authe ## Reference Implementation -// To be replaced with a pull request on aptos-core +https://github.com/aptos-labs/aptos-core/pull/14645 ## Testing @@ -74,11 +75,14 @@ These tests cover the basic functionality of the new functions. The `create_with_existing_account_and_revoke_auth_key_call` function rotates the auth key to 0x0 and revokes capability offers, which irreversibly changes account control. Developers and users should be well-informed about this consequence. +For resource accounts or object accounts, alternative methods to obtain the signer may exist beyond the authentication key. + +Note that these considerations also apply to the existing `create_with_existing_account_and_revoke_auth_key` function and are not newly introduced by this proposal. + ## Security Considerations The `create_with_existing_account_and_revoke_auth_key_call` function rotates the auth key to 0x0 and revokes capability offers, which irreversibly changes account control. Developers and users should be well-informed about this consequence. - ## Future Potential 1. This change could lead to increased adoption of multisig accounts in the Aptos ecosystem. @@ -89,12 +93,12 @@ The `create_with_existing_account_and_revoke_auth_key_call` function rotates the ### Suggested implementation timeline -// TODO +Reference implementation with a pull request available: https://github.com/aptos-labs/aptos-core/pull/14645 ### Suggested developer platform support timeline -// TODO +No additional SDK support is required. ### Suggested deployment timeline -// TODO +In the next release, upon further testing on devnet and testnet. From 6d9b94cd47268cf09c33561dd7eb43f9b6dcb44e Mon Sep 17 00:00:00 2001 From: yeptos <131737686+yeptos@users.noreply.github.com> Date: Wed, 18 Sep 2024 18:14:05 -0700 Subject: [PATCH 3/4] Update aip-x.md Add discussion link --- aips/aip-x.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/aips/aip-x.md b/aips/aip-x.md index 23a37640..bee34797 100644 --- a/aips/aip-x.md +++ b/aips/aip-x.md @@ -2,13 +2,13 @@ aip: title: Private Entry Function for Multisig Account Creation author: yeptos (https://github.com/yeptos), gregnazario (https://github.com/gregnazario) -discussions-to (*optional): +discussions-to: https://github.com/aptos-foundation/AIPs/issues/498 Status: Draft -last-call-end-date (*optional): +last-call-end-date: type: Standard (Framework) created: 9/10/2024 -updated (*optional): -requires (*optional): +updated: +requires: --- # AIP-X - Private Entry Function for Multisig Account Creation @@ -31,7 +31,7 @@ The proposal introduces two new private entry functions in the `multisig_account These functions simplify the process of creating a multisig account from an existing account, regardless of its authentication key scheme. This is particularly useful for migrating from multi-key accounts to multisig accounts, which is currently not possible. -This proposal mirrors changes implemented in commit https://github.com/aptos-labs/aptos-core/commit/fdc041f37e4cb17d2c7f4bb2e0ad784a3f007614, where a private entry function was introduced for account key rotation with a similar purpose. +This proposal mirrors changes implemented in commit [aptos-core@fdc041](https://github.com/aptos-labs/aptos-core/commit/fdc041f37e4cb17d2c7f4bb2e0ad784a3f007614), where a private entry function was introduced for account key rotation with a similar purpose. ## Impact From 27bbc5dee6a0849b597315ac05eb483e2e732e67 Mon Sep 17 00:00:00 2001 From: Sherry Xiao Date: Fri, 20 Sep 2024 10:37:50 -0700 Subject: [PATCH 4/4] Update and rename aip-x.md to aip-100.md --- aips/{aip-x.md => aip-100.md} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename aips/{aip-x.md => aip-100.md} (99%) diff --git a/aips/aip-x.md b/aips/aip-100.md similarity index 99% rename from aips/aip-x.md rename to aips/aip-100.md index bee34797..64a1f832 100644 --- a/aips/aip-x.md +++ b/aips/aip-100.md @@ -1,5 +1,5 @@ --- -aip: +aip: 100 title: Private Entry Function for Multisig Account Creation author: yeptos (https://github.com/yeptos), gregnazario (https://github.com/gregnazario) discussions-to: https://github.com/aptos-foundation/AIPs/issues/498