Skip to content

Commit f97167f

Browse files
rphairrphair
authored
CIP-0022 | Adjust preamble and structure w.r.t CIP-0001 (cardano-foundation#668)
* first draft remediation of CIP-0022 * fixed non canonical CIP ID * fixed language artefact from editing implementors list
1 parent 959cffa commit f97167f

File tree

1 file changed

+41
-24
lines changed

1 file changed

+41
-24
lines changed

CIP-0022/README.md

+41-24
Original file line numberDiff line numberDiff line change
@@ -1,40 +1,42 @@
11
---
22
CIP: 22
33
Title: Pool operator verification
4-
Authors: Andrew Westberg <[email protected]>, Martin Lang <[email protected]>, Ola Ahlman <[email protected]>
5-
Comments-URI: no comments yet
64
Status: Active
7-
Type: Informational
5+
Category: Tools
6+
Authors:
7+
- Andrew Westberg <[email protected]>
8+
- Martin Lang <[email protected]>
9+
- Ola Ahlman <[email protected]>
10+
Implementors:
11+
- CNCLI
12+
- JorManager
13+
- StakePoolOperator Scripts
14+
- CNTools
15+
Discussions:
16+
- https://github.com/cardano-foundation/CIPs/pull/102
817
Created: 2021-06-21
918
License: CC-BY-4.0
1019
---
1120

12-
# Abstract
21+
## Abstract
1322

1423
This proposal describes a method allowing a stakepool operator to provide credentials to verify that they are the rightful manager for their stakepool.
1524

16-
# Motivation
25+
## Motivation: why is this CIP necessary?
1726

1827
Many websites such pooltool.io, adapools.org, and others need to allow pool operators special access to modify the way their pool appears on the website. SPOCRA and other organizations also have a need to allow voting on proposals and ensure that each vote cast is from a valid pool operator. Today, these sites and organizations all use different techniques for validating pool operators.
1928

2029
pooltool.io - Validates operators by receiving 1 ada spent from the pool's registered rewards account
2130

2231
adapools.org - Validates operators by requesting that the operator include a special generated value in their extended pool metadata json file.
2332

24-
This proposal desires to simplify and streamline a single approach that all can reference in order to verify that a pool operator is who they say they are.
33+
This proposal is to simplify and streamline a single approach that all can reference in order to verify that a pool operator is who they say they are.
2534

26-
Current Tools that have implemented it already or have plans to implement it:
27-
* [CNCLI](https://github.com/AndrewWestberg/cncli)
28-
* [JorManager](https://bitbucket.org/muamw10/jormanager/)
29-
* [StakePoolOperator Scripts](https://github.com/gitmachtl/scripts)
30-
* [CNTools](https://cardano-community.github.io/guild-operators/#/Scripts/cntools)
31-
32-
33-
# Specification
35+
## Specification
3436

3537
In order to achieve the goals of this CIP, the pool operator needs to provide some credential or credentials to the validating party which cannot be spoofed. The VRF pool keys and VRF signature algorithm implemented in libsodium are chosen to build and provide this credential/signature. This signature can then be validated and the operator verified without ever exposing any of the pool's private key information. This technique is very similar to verifying that a block produced by another pool is valid. The only difference is that instead of validating the slot seed for a given pool, we're validating a pre-determined message hash.
3638

37-
## Verification Steps:
39+
### Verification Steps:
3840

3941
1. Stakepool Operator (SPO) sends their pool_id and public pool.vrf.vkey to the Validating Server (VS)
4042
2. VS validates that the vrf hash in the pool's registration certificate on the blockchain matches the blake2b hash of the sent vkey. Note: The VS should use the latest registration certificate on the chain for matching as the VRF is a "hot" key and can be changed at any time by the pool operator. A single point-in-time verification is sufficient to properly identify the pool operator.
@@ -43,8 +45,7 @@ In order to achieve the goals of this CIP, the pool operator needs to provide so
4345
5. The SPO sends this to VS as the challenge response within a 5-minute window to the VS
4446
6. The VS validates the signed challenge response
4547

46-
47-
## Code Example (Validating server):
48+
### Code Example (Validating server):
4849

4950
```kotlin
5051
// Server side, create inputs for a challenge. Store this and only allow responses
@@ -56,7 +57,7 @@ random.nextBytes(nonce)
5657
println("domain: $domain, nonce: ${nonce.toHexString()}")
5758
```
5859

59-
## Code Example (Pool Operator side):
60+
### Code Example (Pool Operator side):
6061

6162
```kotlin
6263
// Node operational VRF-Verification-Key: pool.vrf.vkey
@@ -88,7 +89,7 @@ val signature = SodiumLibrary.cryptoVrfProve(vrfSkey, challenge)
8889
println("signature: ${signature.toHexString()}")
8990
```
9091

91-
## Code Example (Validating server):
92+
### Code Example (Validating server):
9293

9394
```kotlin
9495
// Server side, verify the message based on only knowing the pool_id, public vkey, signature, and constructing
@@ -112,7 +113,7 @@ println("verification: ${verification.toHexString()}")
112113
println("Verification SUCCESS!")
113114
```
114115

115-
## Code Example output:
116+
### Code Example output:
116117

117118
```
118119
vrfSkey: adb9c97bec60189aa90d01d113e3ef405f03477d82a94f81da926c90cd46a374e0ff2371508ac339431b50af7d69cde0f120d952bb876806d3136f9a7fda4381
@@ -125,10 +126,26 @@ verification: 9ca4c7e63ba976dfbe06c7a0e6ec4aec5a5ef04b721ffc505222606dfc3d01572d
125126
Verification SUCCESS!
126127
```
127128

128-
# Rationale
129+
## Rationale: how does this CIP achieve its goals?
130+
131+
Implementing this simplifies and commonizes the process for verifying that a pool operator is who they say they are in 3rd party systems. Having a common way of verify pool operators also allows simple integration into pool management tools.
132+
133+
There is also some overlap with [CIP-0006](https://github.com/cardano-foundation/CIPs/blob/master/CIP-0006/README.md#extended-metadata---flexible-but-validable) and the `rawdata-sign` command although it specifies generating a new key instead of utilizing the pool's existing `vrf.skey` to sign like this proposal.
134+
135+
## Path to Active
136+
137+
### Acceptance Criteria
138+
139+
- [x] Tools that have implemented, or are implementing, this proposal:
140+
- [x] [CNCLI](https://github.com/AndrewWestberg/cncli)
141+
- [x] [JorManager](https://bitbucket.org/muamw10/jormanager/)
142+
- [x] [StakePoolOperator Scripts](https://github.com/gitmachtl/scripts)
143+
- [x] [CNTools](https://cardano-community.github.io/guild-operators/#/Scripts/cntools)
144+
145+
### Implementation Plan
129146

130-
Implementing this simplifies and commonizes the process for verifying that a pool operator is who they say they are in 3rd party systems. Having a common way of verify pool operators also allows simple integration into pool management tools. There is also some overlap with [CIP-006](https://github.com/cardano-foundation/CIPs/blob/master/CIP-0006/CIP-0006.md#extended-metadata---flexible-but-validable) and the `rawdata-sign` command although it chooses to generate a new key instead of utilizing the pool's existing vrf.skey to sign like this proposal.
147+
- [x] Consensus between providers of the most popular tools and CLIs for stake pool operators that this approch is viable and desirable.
131148

132-
# Copyright
149+
## Copyright
133150

134-
This CIP is licensed under [CC-BY-4.0](https://creativecommons.org/licenses/by/4.0/legalcode)
151+
This CIP is licensed under [CC-BY-4.0](https://creativecommons.org/licenses/by/4.0/legalcode).

0 commit comments

Comments
 (0)