Fourth of the Offslack Specs.
What
We define the notion of one-shot signatures, which are signatures where any secret key can be used to sign only a single message, and then self-destructs. While such signatures are of course impossible classically, we construct one-shot signatures using quantum no-cloning. In particular, we show that such signatures exist relative to a classical oracle, which we can then heuristically obfuscate using known indistinguishability obfuscation schemes. -
Source
The above source uses the no-cloning theorem, but perhaps we could use TEEs! This would look like the TEE managing a key and only allowing it to be used for a signature once.
How
This could be implemented as a package in the SUAVE standard library.
Desired functionality:
- Generate new one shot pubkey (w/ some source of randomness?)
- Get Generated pubkeys
- Transfer Owner and up keeping ownership map
- Sign message with pubkey
- Verify whether pubkey is used or not
Interfaces:
interface OneShot {
function generate() returns (bytes memory); //returns pubkey
function sign(bytes pubkey) returns (bytes memory) // returns signature
function getPubkeys() reutrns (address[] memmory)
function transferOwner(bytes pubkey, address newOwner) reutrns (address[] memmory)
}
h/t: @Ferran
Discussion
One open question is how can we let other domains know of the one shot signature keys as they look like regular ECDSA SECP2561k. Perhaps we could publish a merkle trie root of keys? Or maybe we could use a form of hierarchical key derivation to know a public key came from a specific parent key that can only generate TEE based one shot signature keys.
Can we also expand this pattern to one shot programs?