Introduce Ed25519 public key IPFS identities #241
Comments
|
@JustinDrake Very interesting idea, Though if your concern is just not wanting to publish public keys to the dht, You can just disable that. Public keys are exchanged when peers connect to eachother normally (via secio and/or the identify handshake) |
Oh that's awesome to know, thanks! I'll look into it for secio we use. I don't know what the identify handshake is. Could you point to some documentation or code? |
|
@whyrusleeping In the context of OpenBazaar, there are two paths. The online path uses secio, whereas the offline path uses pointers posted to the DHT. We could disable publishing public key for online messages, but offline messages wouldn't work out of the box. |
|
@JustinDrake the identify handshake happens any time two peers connect with libp2p. The code is here: https://github.com/libp2p/go-libp2p/tree/master/p2p/protocol/identify And it is initiated by the basichost. For offline, that all wouldnt work, youre right. We've talked for a while about having an 'identity' multihash function (identity function referring to The first step will be adding the identity function code to the multihash table. After that, there will need to be a lot of code changes to be able to properly handle peerIDs not being the sha256 hash of the serialized public key protobuf. I guess the first place to start there would be to make a big list of all the places that assumptions are made about public keys. Then once thats done, you should be able to plug code in that checks if a peer ID is a full public key when searching for a peers public key. |
@whyrusleeping Yes it's the identity multihash function. Having said that I think there needs to be an explicit marker in the prefix to indicate that it's specifically an ed25519 public key (as opposed to some other piece of data with a different interpretation). This table uses
I would be happy to participate in itemising the changes required 👍 |
|
I think the best way to do this would be to use the |
|
To allocate a code for ed25519, just PR to that table |
|
You would also have to check if go-multihash supports identity function. |
See ipfs/notes#241 (comment) I suggest using the code `0xed` so that's it's visually obvious and easy to remember it's associated with ed25519.
|
@whyrusleeping Your suggestion to use Below is a partial list of changes that need to be made. Have I missed anything obvious?
|
|
ipfs/libp2p could also integrate secret-handshake when this is done. |
|
I have talked to the OB1 team (@cpacia @hoffmabc) and we see great value for OpenBazaar 2.0 to launch with this new identity scheme (disallowing the other two identity schemes). The biggest constraint is time. The OB1 team want to launch a beta in 3 months and would prefer having the new identity scheme put in place by then. @whyrusleeping What are the next steps? Is 3 months a doable timeline for the IPFS team? |
i do think it is complex to try to change all of this on short time frame:
|
|
also, btw:
agreed.
dont think they take up much resources. would like to see graph or calculations comparing to other content.
yeah that sucks
yeah agreed there. it will still be necessary for some key types.
|
|
Thanks for all of this feedback. My biggest concern when we chatted about it was the time frame because it would be very quick to get this into IPFS, test it and then get it into a release before we were ready to drop our first version of OB 2.0. At least that's my assumption. I think the ephemeral peerID is probably a better approach to privacy than just obfuscation of peerIDs. We could probably set up a call for sometime next week if you like to talk through this. |
|
@hoffmabc @JustinDrake -- yeah happy to talk next week. we can move to email to schedule @JustinDrake can you email me and then i can organize? (feel free to keep going regardless, most changes here will be useful) |
|
👍 |
|
@JustinDrake some thoughts on the list:
|
|
You also have to add the ed-code to |
The problems are much more qualitative than quantitative. DHT resource usage is the least of problems (sorry for bringing it up!). For https://openbazaar.chat the biggest pain point is interacting with the DHT. (Direct communications from js-libp2p to go-libp2p work well; it's awesome!) One particularly flaky point for us is the publishing and querying of public keys. We've spent a lot of engineering resources to make it workable in the context of a web browser and it's still far from perfect. (For context, the public keys are required for a custom offline messaging scheme used in OpenBazaar.) Regarding privacy, I totally agree we want to make peer ids as irrelevant as possible. (I have been rooting for this in openbazaar-go since Nov 2016.) At the transport layer ephemeral peer IDs work especially well. At the application layer openbazaar-go assumes that peer IDs are long lived. For buyers specifically (which is Duo's focus) the peer ID is required during the whole purchase flow which can last months. Peer IDs are also used for chat which is a fundamentally open-ended and long-lived thing. OpenBazaar 2.0 also has a Bitcoin wallet with the ability to send funds to a peer ID, and this is also an open-ended and long-lived thing. The good news is that for privacy-conscious buyers (which is the target market for www.openbazaar.chat and Duo) the OpenBazaar application peer ID does not need to be publicly shared, ever. Buyers make no content distribution (so no provider records, general swarm observations, etc.). OpenBazaar does have its own home-rolled DHT "pointer records" used for offline messaging but those do not leak peer IDs thanks to a prefix scheme similar to stealth addresses developed by @cpacia. OpenBazaar also makes uses of IPNS records pointing to IPFS assets such as a profile and listings, but this is optional. The only wrinkle in all of the above is that we currently need DHT records for the public keys (required for offline messaging at the OpenBazaar application layer) and those do leak application peer IDs. |
|
getting the changes in place
the remainder is:
Did i miss anything? |
|
Funny story, I initially started implementing js-ipfs back in 2015 with ed25519 keys and later replaced for RSA to match go-ipfs and because we didn't have multikey yet. @whyrusleeping should we take this chance to make PeerIDs full CIDs instead of base58 multihashes only? Also, double checking, @whyrusleeping are you migrating keys to become multikeys? |
|
@diasdavid I think having PeerIDs be full CIDs makes sense. I just hope we can finish off ipfs/kubo#3896 within a couple weeks for OpenBazaar 2.0. @whyrusleeping did you receive my email? Any help would really appreciated. |
|
I don't know if this is the appropriate place to mention it or not but I'd like to point out that |
|
Hi @whyrusleeping, since there was some discussion on this, just wanted to mention that I'm working on a Haskell implementation of the libp2p-crypto here: MatrixAI/haskell-libp2p-crypto It would be nice to have multikeys so that parsing keys such as Ed25519 is unambiguous. This isn't a problem for RSA because it has headers/ASN1 format, but is a problem for keys such as Ed25519 which are just random bytes. Would multikeys have a similar format to multihash (i.e. a keytype prefix with a varint for length)? Also, as I understand, the byte representation for Ed25519 private keys in go-libp2p-crypto currently appends the public key bytes twice to the secret key bytes? https://git.io/v54Se |
|
@JustinDrake I dont think I got your email, did you send it to why at ipfs.io ? |
|
In 2022, ed25519 keys are the default in both go-ipfs and js-ipfs ✨ |
At the moment IPFS identities are either SHA256 hashes of RSA public keys, or SHA256 hashes of Ed25519 public keys. I propose introducing a new type of IPFS identity (by adding a new multihash codec) that are simply Ed25519 public keys (not hashed). This is for several reasons:
Thoughts?
cc @jackkleeman
The text was updated successfully, but these errors were encountered: