XCM: Remote account converter #6662
Conversation
|
@xlc @joepetrowski @jak-pan @girazoki WDYT about the converter like this? Happy to adapt to what is the compromise everybody is happy with. |
|
Also @KiChjang do you already have some remarks? |
|
I think a fixed prefix that includes parachain id could be useful. This acts as metadata and namespaced addresses. By only looking at an address, we will know it is an account belong to a certain parachain and impossible for one parachain to access account belong to another parachain |
|
You mean as part of the resulting [u8; 32]? I am not sure this adds a lot, but I am also not against it.
Happy to add that if we want that to be part of it. |
|
@xlc I thought about adding a fixed prefix to the resulting
Basically, these are just thoughts of someone who barely knows stuff about cryptography and the probabilities of collisions. But I think if we want a prefix we need to inspect this more thoroughly while we can trust the |
| MultiLocation { | ||
| parents: 0, | ||
| interior: X2(Parachain(para_id), AccountId32 { id, .. }), | ||
| } => ForeignChainAliasAccount::<AccountId>::from_para_32(para_id, id), |
There was a problem hiding this comment.
| } => ForeignChainAliasAccount::<AccountId>::from_para_32(para_id, id), | |
| } => ForeignChainAliasAccount::<AccountId>::from_relay_32(para_id, id), |
There was a problem hiding this comment.
This matching arms matches against messages received on the relay chain coming from a para-chain. I would argue that this should use the conversion from the parachain, allowing to have the same alias on each consuming chain of this converter.
There was a problem hiding this comment.
Then I would add another item from_child_32, and with its own prefix.
| MultiLocation { | ||
| parents: 0, | ||
| interior: X2(Parachain(para_id), AccountKey20 { key, .. }), | ||
| } => ForeignChainAliasAccount::<AccountId>::from_para_20(para_id, key), |
There was a problem hiding this comment.
| } => ForeignChainAliasAccount::<AccountId>::from_para_20(para_id, key), | |
| } => ForeignChainAliasAccount::<AccountId>::from_relay_20(para_id, key), |
There was a problem hiding this comment.
This matching arms matches against messages received on the relay chain coming from a para-chain. I would argue that this should use the conversion from the parachain, allowing to have the same alias on each consuming chain of this converter.
There was a problem hiding this comment.
Then I would add another item from_child_20, and with its own prefix.
|
|
||
| impl<AccountId> ForeignChainAliasAccount<AccountId> { | ||
| fn from_para_32(para_id: &u32, id: &[u8; 32]) -> [u8; 32] { | ||
| (FOREIGN_CHAIN_PREFIX, para_id, id).using_encoded(blake2_256) |
There was a problem hiding this comment.
I would suggest different prefixes for each mode.
There was a problem hiding this comment.
Why so? Can add that of course, just am curious about the reasoning.
There was a problem hiding this comment.
To avoid the possibility of unintended collision.
There was a problem hiding this comment.
Okay. I assumed that having a 32 bits difference between from_relay_32 and from_para_32 and a 256 bits difference between the from_para_* methods in the input stream would be enough difference to have sufficient bitflips with blake.
Will adapt then!
|
This pull request has been mentioned on Polkadot Forum. There might be relevant details there: https://forum.polkadot.network/t/multilocation-based-account-derivation/436/10 |
RE: MethodsMy reasoning for having only
Is that the user will for a given Account @gavofyork if having this is a blocker, I will adapt the PR. |
|
@gavofyork or @KiChjang a last comment on the above and then we can probably finish this. |
|
There may be unintended security consequences from having the same account ID used as the alias across multiple chains. I would certainly feel more confident if the aliases were different over each chain. That said, as long as it's strictly only for chains within the same security apparatus (i.e. not bridged locations), then it's probably fine to reuse the account alias. |
This will break horribly with multi-level relay-chains: Account If you have multiple sets of parachains, then you'll naturally have index collisions. E.g. Here, This will never be a problem if you include the relationship within the hashed data. |
The indices are wrong, but you are right:
→ account TBH I have not thought about multi-relay-chain setup. Yes, we could include the |
|
I think we can just use a different conversion for sibling or child parachains (similar to how the sovereign conversion is different since you append the "child" alias for child chains and "sibl" for chains). I think you wouldnt have colisions in this case |
|
Yes; including the parents value is slightly more general, but either way would be fine. |
|
Hi @mustermeiszer, do you think you can do changes to adapt to the comments in the next days? We are waiting for this one to be merged before releasing a new runtime. If not, let me know and @girazoki can do the modifications |
|
@crystalin Its updated. Can be reviewed and merged if all are happy. |
|
@mustermeiszer it seems to fail passing the test: https://gitlab.parity.io/parity/mirrors/polkadot/-/jobs/2554023#L1732 |
mustermeiszer
force-pushed
the
remote-account-converter
branch
from
93cabed
to
97b3b88
Compare
|
Docs did not format the tree correctly... |
|
@crystalin the two jobs failing seem not connected to this pr. cc @bkchr @gavofyork are you otherwise fine with the current state of the pr? |
mustermeiszer
force-pushed
the
remote-account-converter
branch
from
0e38b64
to
2a5f5b7
Compare
|
@gavofyork how do you feel about the current state? Can we merge it? |
|
@KiChjang @gavofyork is there anything else missing for this PR to be merged? |
|
@KiChjang are you also happy with that? Can we merge that? |
KiChjang
added
A0-please_review
|
Cool. Let me know if you need anything for merging, but seems like it is up to you guys now. |
|
bot merge |
* master: malus: dont panic on missing validation data (#6952) Offences Migration v1: Removes `ReportsByKindIndex` (#7114) Fix stalling dispute coordinator. (#7125) Fix rolling session window (#7126) [ci] Update buildah command and version (#7128) Bump assigned_slots params (#6991) XCM: Remote account converter (#6662) Rework `dispute-coordinator` to use `RuntimeInfo` for obtaining session information instead of `RollingSessionWindow` (#6968) Revert default proof size back to 64 KB (#7115)
* master: (39 commits) malus: dont panic on missing validation data (#6952) Offences Migration v1: Removes `ReportsByKindIndex` (#7114) Fix stalling dispute coordinator. (#7125) Fix rolling session window (#7126) [ci] Update buildah command and version (#7128) Bump assigned_slots params (#6991) XCM: Remote account converter (#6662) Rework `dispute-coordinator` to use `RuntimeInfo` for obtaining session information instead of `RollingSessionWindow` (#6968) Revert default proof size back to 64 KB (#7115) update rocksdb to 0.20.1 (#7113) Reduce base proof size weight component to zero (#7081) PVF: Move PVF workers into separate crate (#7101) Companion for #13923 (#7111) update safe call filter (#7080) PVF: Don't dispute on missing artifact (#7011) XCM: Properly set the pricing for the DMP router (#6843) pvf: Update docs for PVF artifacts (#6551) Bump syn from 2.0.14 to 2.0.15 (#7093) Companion for substrate#13771 (#6983) Added Dwellir Nigeria bootnodes. (#7097) ...
* Draft remote account converter * Tests and doc comments * Adapt naming, tests fix * Try with prefix in account * Revert "Try with prefix in account" This reverts commit 4617597. * Adapt code and test to review suggestions * adapt to take into account parent in conversion * fix: docs * fix: try doc fix v2
|
This pull request has been mentioned on Polkadot Forum. There might be relevant details there: https://forum.polkadot.network/t/multichain-friendly-account-abstraction/1298/19 |
Based on the discussion in #6612 this PR adds a converter to the codebase that allows to have a stable conversion from a local account (xcm sending location) to a remote account (xcm receiving location).