Address derivation for shared wallets

[paweljakubas]

Issue Number

ADP-866

Overview

• Adding Shared style
• Accommodate new cardano-addresses, align code, change MutableAccount -> Stake
• Deal with prefixes of shared wallet vs shelley wallet by adding SharedWalletKeys
• Align all unit tests
• Align all integration tests plus add test checking newly added validation in cardano-addresses
• Add integration testing
• Enable receiving hashed verification keys, now only verification keys are present which needs to be hashed to be used in script
• Sneak SharedKey in shared wallet rather than ShelleyKey
• Removed MultisigScript from Role and refactored ParentContext

Comments

Rendered API docs

[KtorZ]

This will cause a breaking change in the API which generically derive path parameters from these constructors. I agree with the change here, but the JSON instance of the API should be modified to also still accept mutable_account if provided to not break existing integrations.

[paweljakubas]

after some thinking I reverted this change

[KtorZ]

This is a red-herring to me 🤔 ...

Why would you need to differentiate them in the database? Surely, the context when deserializing from the database is enough to assign the right role to the key hash. If it's not, then it should likely go in a separate column, instead of being serialized all at once.

Regardless, this will require a database migration and I fail to see how existing databases can be migrated 🤔 ? (or said differently, why is this distinction only occurs now?)

[paweljakubas]

I checked that KeyHash is not stored. These instances are not needed in the end. so removed them. They are some remnants of past version of shared wallet I forgot to erase.

[paweljakubas]

I have doubts what should be here to be honest

[KtorZ]

This is the name then used to prefix database's names. In other wallet scheme, we typically use a 3-letter identifier:

• she
• ica
• rnd

I'd say that for consistency, we probably want to also have a 3-letter name here but I am perhaps being too maniac 😬

[paweljakubas]

went for sha

[KtorZ]

This code looks very similar to derivePublicKeyShelley. Both function could be unified rather easily by providing the account key lookup as a function:

derivePublicKey
    :: forall ctx s k n.
        ( HasDBLayer IO s k ctx
        , SoftDerivation k
        )
    => ctx
    -> WalletId
    -> (s -> k 'AccountK XPub)
    -> Role
    -> DerivationIndex
    -> ExceptT ErrDerivePublicKey IO (k 'AddressK XPub)
derivePublicKey ctx wid getAccountKey role_ ix = ...

[paweljakubas]

done

[KtorZ]

This is the name then used to prefix database's names. In other wallet scheme, we typically use a 3-letter identifier:

• she
• ica
• rnd

I'd say that for consistency, we probably want to also have a 3-letter name here but I am perhaps being too maniac 😬

[paweljakubas]

@KtorZ @rvl I added PaymentAddress instances to make it pass - at this level (we are not discovering, sending txs) it is not needed. But this is to be changed.. This bits should be used https://github.com/input-output-hk/cardano-wallet/blob/master/lib/core/src/Cardano/Wallet/Primitive/AddressDiscovery/Script.hs#L189 I need to think how to approach it. Would prefer to do it in the next PR addressing discovery ..

[paweljakubas]

I am not sure if query params should be exposed like this.Nevertheless,

openapi-spec-validator --schema 3.0.0 specifications/api/swagger.yaml

passes

[rvl]

I fixed it for you.

[KtorZ]

Minor note: this implicitly suggests to me that both implementations are different, whereas they aren't. I would favour a prismatic accessor to extract the wallet from the ApiSharedWallet instead, or simply pattern match on that field only inside the function body, e.g.

let w = case apiSharedWalletOf ...
let link = ...
request @...

[paweljakubas]

done

[KtorZ]

Same here ☝️

[paweljakubas]

done, also for other Shared-related helpers

[KtorZ]

👍

[KtorZ]

This should not be hard-coded here but rather defined in the Framework/TestData module for lack of a better mechanism.

[paweljakubas]

done, also for other errors connected with scripts

[KtorZ]

Note that, I think this doesn't generally reflect a real use-case. Users don't generally know how to get their account public key from their recovery phrase. A typical scenario when creating from a mnemonic would be to:

1. Create a shared wallet with an empty mapping of cosigners
2. Query the API to get the account key associated with the wallet
3. Complete the script template by providing the mapping for my own key

Likely, the step 2 & 3 would automatically be done by Daedalus on the behalf of the end-user; still I'd love to see our scenarios reflecting this and not resort on custom accPubKeyFromMnemonics ;) ... In the end, the goal of the API scenarios is to described capabilities doable only via the API.

---

I imagine that this may be conflicting with the invariant we are trying to enforce, right? So it may be necessary to either:

• Provide a way to easily derive keys from a given mnemonic phrase via the API (less preferred approach)
• Allow maybe for assigning a special string "self" to cosigners, such that one could submit:

  { "cosigner#0": "self" },

  And let the server replace it with the correct account key internally.

[paweljakubas]

yes, it is conflicting with invariant we introduced in the previous shared wallet PR. I will try with self though

[paweljakubas]

done, added illustrative integration tests, aligned swagger and core unit tests

[KtorZ]

And role=1; The type signature is not restricted to purpose=1854 so role=1 should be possible here, or the type signature should be further restricted.

[paweljakubas]

corrected

[KtorZ]

I don't think this instance make sense for SharedKey. An address (payment or delegation) can in principle only be constructed from the state using the script template!

[paweljakubas]

there was unnecessary Payment n SharedKeyconstraint in Sqlite's PersistentState. Now it is removed

[KtorZ]

Only seeing this now, and I think we can do better than Bool here.

[paweljakubas]

introduced data KeyFormat = Extended | NonExtended as a replacement

[KtorZ]

Cf earlier comment, I don't think this indirection is necessary.

[paweljakubas]

done

[KtorZ]

This instance looks very suspicious to me. This should not be needed for Shared wallets since they are signed independently and using a different process. Plus, TxWitnessTagFor is used for calculating the size of the resulting transaction; in the case of shared scripts this also needs to acknowledge for the script in the witness which require more changes to the code down the line.

[paweljakubas]

removed newTransactionLayer from apiLayer for the time being. Will return to it when txs are to be supported for shared wallets

[piotr-iohk]

fixed in c68a6bc.

[piotr-iohk]

Question:
For shared wallet created from acc pub key one cannot get acc pub key:

curl -X POST http://localhost:8090/v2/shared-wallets/f70d591d06a83517e7e46a69a3da58cb52baf60e/keys/0H \
-d '{"passphrase":"Secure Passphrase","extended":true}' \
-H "Content-Type: application/json"

{"code":"no_root_key","message":"I couldn't find a root private key for the given wallet: f70d591d06a83517e7e46a69a3da58cb52baf60e. However, this operation requires that I do have such a key. Either there's no such wallet, or I don't fully own it."}

The same behavior is actually for shelley wallet from acc pub key and it's corresponding endpoint, however I'm wondering if it is in fact desired behavior? 🤔

[rvl]

For shared/shelley wallet created from acc pub key one cannot get acc pub key.

That seems like a bug to me @piotr-iohk, although the impact is low given that the user would presumably already know their acc pub key.

[KtorZ]

Not a small PR 🙃 , it would be good to try to limit the number of changes which goes in a single PR in the future to make iterations less painful. For examples:

• Tackle only one endpoint at a time
• Work on core changes first in isolation (e.g. the SharedKey module) before wiring it up into all layers of the code
• Do database changes separately

Modulo some final minor remarks, I think the PR is okay now. Though quite large also and therefore, it is possible that I have missed something. Before we completely close the shared story and call it done I'd like to have some time to play with the API from a user perspective as a form of acceptance test and I invite @piotr-iohk to do the same. It may be a good opportunity to also write an extensive user guide about that!

[KtorZ]

Interesting. I thought GHC would figure it out 🤷

[KtorZ]

Why the functional dependency here 🤔 ?

[paweljakubas]

we have s ~ SomethingKey n key, and return key ~Account XPub, and I wanted to enforce that key is from s...

[KtorZ]

Whoops? I understand you want to do this in a second PR and there's currently nothing wired into the transaction layer but may we use a more descriptive error than undefined here 😬 ?

[paweljakubas]

done

[KtorZ]

Small note: I'd put the Shelley (Shared Wallets) section before Byron (Random). Byron is legacy so it makes more sense to have it presented last 👍

[paweljakubas]

done

[rvl]

It's looking good - almost there!

[rvl]

Just wondering aloud, could the constraints in these functions be made shorter because the types are basically fixed?

[paweljakubas]

we can think of introducing constriant groups probably but I am not sure and do not know if they will be more clear. Personally, I am accustomed to explicit constrains. But I was one day looking at ledger repo and they introduced those composite constraints and I think they serve well, but they have situation that one the same composite constraints is in many places...

[rvl]

I am a bit confused by this.

[paweljakubas]

so we use this here https://hackage.haskell.org/package/base-4.15.0.0/docs/src/Data-Type-Equality.html#%3D%3D and we needed as we introduced different ParentContext for SharedKey and the rest (ShelleyKey/IcarusKey..). So we want here to say that k must not be SharedKey. for SharedKey we just specify k ~ SharedKey

[rvl]

This function looks almost idential to postAccountPublicKeyShelley. Likewise for the JSON instances of ApiAccountKeyShared.

[paweljakubas]

indeed, good point. adopted postAccountPublicKey in both Shelley and Shared cases

[rvl]

I suggest combining them and adding a hrp prefix string as a type parameter or something like that.

[paweljakubas]

done

[rvl]

I'm guessing there is some tricky type error?

[paweljakubas]

no no...there is required TxWintnessTag instance and I want to leave it for ADP-686. And for the current endpoints tx later is not engaged

[rvl]

The other server functions get their ctx from the function scope.
These ones could also, right?

[paweljakubas]

the problem is that it takes ctx type from the above context and we have ApiLayer (SharedStaten ShelleyKey) ShelleyKey ... so I needed to do this trick to make it tick...Nevertheless, I will relook if I can do something in coming PR....

[rvl]

Would it be possible to describe what happens when the shared wallet is created? Is it restored immediately, or must further API requests be made, etc, etc.

[paweljakubas]

done

[rvl]

I put these TODO messages in for you ;-)

[paweljakubas]

done

[paweljakubas]

bors r+

[iohk-bors]

Build failed:

• ci/hydra-build:required

[paweljakubas]

bors r+

[iohk-bors]

Build failed:

• ci/hydra-build:required

[paweljakubas]

bors r+

[iohk-bors]

Timed out.

[paweljakubas]

bors retry

[iohk-bors]

Build failed:

• ci/hydra-build:required

[paweljakubas]

bors retry

[iohk-bors]

Build succeeded:

• buildkite/cardano-wallet
• ci/hydra-build:required