Abstract
This document introduces a protocol designed to ensure safe and verifiable signing of non-transaction data using wallet keys within the TON (The Open Network) ecosystem. The protocol, identified as Data Signatures, proposes a method for wallets to sign arbitrary data, distinguishing these signatures from transactional signatures to mitigate misuse and replay attacks.
Introduction
In the TON ecosystem, wallets serve dual functions: managing assets and acting as universal identifiers across applications. While the primary use case involves signing transactions for coin transfers or smart contract interactions, there exists a need for wallets to authenticate non-transactional data for off-chain and on-chain applications without compromising security.
Proposal Summary
- TEP: 0
- Status: Draft
- Type: Core
- Authors: Oleg Andreev, Sergey Andreev, Denis Subbotin
- Creation Date: 13.12.2022
- Replaces: TEP-0
Objective
To enable the TON wallets to sign arbitrary non-transaction data securely, ensuring the signatures are distinctly separable from transaction signatures to prevent misuse.
Methodology
The proposal details a signature scheme for arbitrary data, incorporating a unique composition of schema identifier, timestamp, and payload hash to create domain-separated signatures.
Implementation Details
Component | Specification |
---|---|
Signing Data | 352-bit message combining schema CRC, timestamp, and payload hash |
Verification | Enforcing domain separation through schema CRC, payload content, and timestamp |
Payload | Arbitrary data structured per TL-B definition |
Security | Domain separation ensured by unique schema versions and timestamp binding |
Schema Versions
- Short plain text message: For signing UTF-8 text, utilizing the
plaintext
schema. - Application binding: Allows signing data specifically for target applications, identified by TON.DNS names or contract addresses.
Security Considerations
The proposal outlines measures for binding signatures to specific applications and timeframes to mitigate replay attacks and ensure domain separation.
Comparison with Existing Solutions
Feature | Data Signatures Proposal | Ethereum EIP-1271 |
---|---|---|
Domain Separation | Schema CRC and timestamp | Signature validation method |
Payload Flexibility | Arbitrary data via TL-B | Pre-defined formats |
Signature Replay Safety | Timestamp binding | Not specified |
Application Binding | TON.DNS and contract addresses | Not applicable |
Conclusion
The Data Signatures protocol presents a comprehensive framework for securely signing non-transaction data within the TON ecosystem. By establishing a clear separation between transactional and non-transactional signatures, it offers enhanced security for both off-chain and on-chain applications, paving the way for a more versatile and secure digital identity and authentication system within the TON network.