Conversation
robwoodgate
left a comment
robwoodgate
left a comment
There was a problem hiding this comment.
The signature scheme is a bit worrying, but otherwise just some nit/questions for clarity.
| - `pubkeys` is an array of hex-encoded compressed secp256k1 NUT-20 public keys (33 bytes each) | ||
| - `pubkey_signatures` is an array of hex-encoded Schnorr signatures on `pubkeys` in the same order (64 bytes each) | ||
|
|
||
| The wallet **MUST** provide a valid signature in `pubkey_signatures` for each public key in `pubkeys` with the corresponding private key in the same order as the `pubkeys` array. The message to sign is the byte representation of the public key. |
There was a problem hiding this comment.
I think signature on the plain public key is pretty risky, as it allows signature replay in any "proof of key ownership" context, or even for future uses on other endpoints and other mints.
It would be better defined as a signature on a domain separated message like we do in P2BK / keyset v2
eg: SHA-256( b"Cashu_NUTXX_QUOTE_v1" || MINT_URL || method || pubkey )
or
eg: SHA-256( b"Cashu_NUTXX_QUOTE_v1" || NONCE || pubkey )
where NONCE is a random shared nonce, supplied in a nonce param:
{
"pubkeys": <Array[str]>,
"pubkey_signatures": <Array[str]>,
"nonce": str
}
)
| "quotes": <Array[MintQuoteResponse]> | ||
| } | ||
| ``` | ||
|
|
There was a problem hiding this comment.
We should probably specify what happens if any signature is invalid. Does entire op fail, or does mint return only the valid ones? What happens if more/fewer sigs are provided than pubkeys?
There was a problem hiding this comment.
I think we should match the plan for batched minting where if any are invalid the whole op fails.
There was a problem hiding this comment.
Agree. It lowers the abuse surface too, because a mint can reject at first invalid signature (or on mismatch key/sig count), rather than continue processing.
There was a problem hiding this comment.
I added a suggestion to the request section above, but it could be moved to response section if preferred.
| - `pubkeys` is an array of hex-encoded compressed secp256k1 NUT-20 public keys (33 bytes each) | ||
| - `pubkey_signatures` is an array of hex-encoded Schnorr signatures on `pubkeys` in the same order (64 bytes each) | ||
|
|
||
| The wallet **MUST** provide a valid signature in `pubkey_signatures` for each public key in `pubkeys` with the corresponding private key in the same order as the `pubkeys` array. The message to sign is the byte representation of the public key. |
There was a problem hiding this comment.
| The wallet **MUST** provide a valid signature in `pubkey_signatures` for each public key in `pubkeys` with the corresponding private key in the same order as the `pubkeys` array. The message to sign is the byte representation of the public key. | |
| The wallet **MUST** provide a valid signature in `pubkey_signatures` for each public key in `pubkeys` with the corresponding private key in the same order as the `pubkeys` array. The message to sign is the byte representation of the public key. | |
| ### Signature Validation Failure | |
| If there is a mismatch between signature and pubkey counts, or **any signature is invalid**, the mint MUST reject the request and return an error. |
Co-authored-by: Rob Woodgate <robwoodgate@users.noreply.github.com>
Co-authored-by: Rob Woodgate <robwoodgate@users.noreply.github.com>
4 participants
supersedes #329
Get NUT-20 quotes by
pubkeys. Requires signatures to prove possession of the corresponding private keys.