Skip to content

Latest commit

 

History

History

CIP-0016

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 
 
 
CIP Title Status Category Authors Implementors Discussions Type Created License
16
Cryptographic Key Serialisation Formats
Active
Tools
Luke Nadur <[email protected]>
Standards
2020-12-21
Apache-2.0

Abstract

This CIP defines serialisation formats for the following types of cryptographic keys across the Cardano eco-system:

  • Regular Ed25519 keys

  • BIP32-Ed25519 extended keys (Ed25519 extended keys with BIP32-style derivation)

Motivation

Throughout the Cardano eco-system, different projects have used different serialisation formats for cryptographic keys.

For example, for BIP32-Ed25519 extended signing keys, the cardano-crypto implementation supports a 128-byte binary serialization format, while jcli and cardano-addresses supports a 96-byte binary serialization format.

Another example would be cardano-cli which supports a custom JSON format, referred to as "text envelope", (which can be used for serialising keys) that isn't supported by other projects in the eco-system.

This has introduced compatibility problems for both users and developers:

  • Users cannot easily utilize their keys across different tools and software in the Cardano eco-system as they may be serialized in different ways.

  • Developers wanting to support the different serialisation formats may need to write potentially error-prone (de)serialisation and conversion operations.

Therefore, this CIP aims to define standard cryptographic key serialisation formats to be used by projects throughout the Cardano eco-system.

Specification

Verification Keys

For the verification (public) key binary format, we simply use the raw 32-byte Ed25519 public key data.

This structure should be Bech32 encoded, using one of the appropriate *_vk prefixes defined in CIP-0005.

Extended Verification Keys

For extended verification (public) keys, we define the following 64-byte binary format:

+-----------------------+-----------------------+
| Public Key (32 bytes) | Chain Code (32 bytes) |
+-----------------------+-----------------------+

That is, a 32-byte Ed25519 public key followed by a 32-byte chain code.

This structure should be Bech32 encoded, using one of the appropriate *_xvk prefixes defined in CIP-0005.

Signing Keys

For the signing (private) key binary format, we simply use the raw 32-byte Ed25519 private key data.

This structure should be Bech32 encoded, using one of the appropriate *_sk prefixes defined in CIP-0005.

Extended Signing Keys

For extended signing (private) keys, we define the following 96-byte binary format:

+---------------------------------+-----------------------+
| Extended Private Key (64 bytes) | Chain Code (32 bytes) |
+---------------------------------+-----------------------+

That is, a 64-byte Ed25519 extended private key followed by a 32-byte chain code.

This structure should be Bech32 encoded, using one of the appropriate *_xsk prefixes defined in CIP-0005.

Rationale

Extended Signing Key Format

As mentioned in the Abstract, the original cardano-crypto implementation defined a 128-byte binary serialization format for BIP32-Ed25519 extended signing keys:

+---------------------------------+-----------------------+-----------------------+
| Extended Private Key (64 bytes) | Public Key (32 bytes) | Chain Code (32 bytes) |
+---------------------------------+-----------------------+-----------------------+

However, as it turns out, keeping around the 32-byte Ed25519 public key is redundant as it can easily be derived from the Ed25519 private key (the first 32 bytes of the 64-byte extended private key).

Therefore, because other projects such as jcli and cardano-addresses already utilize the more compact 96-byte format, we opt to define that as the standard.

Path to Active

Acceptance Criteria

Implementation Plan

N/A

Copyright

This CIP is licensed under Apache-2.0.