In this post, we briefly describe how Loopring Exchange generates and manages our layer-2 account keys in the browser and the rationale behind it.
Each account on Loopring Exchange needs an EdDSA private key (the account key) to sign off-chain (aka layer-2) requests. Our frontend used to generate these account keys based on users’ passwords, but as pointed out by StarkWare and other friends on Twitter, such brain-password based solutions are bad.
We have implemented a new approach to generating and managing account keys on the client-side to achieve the following objectives:
- The web app shall allow users to change the account keys for the same Ethereum addresses, so they can export and share their account keys to third parties (such as market makers) and later revoke the account keys. This means the mapping between Ethereum addresses and account keys has to be one-to-many, not one-to-one.
- The seed for generating an account key shall contain the entropy of a valid ECDSA signature from the corresponding Ethereum address.
- When a browser tab is open for the exchange web app, we shall allow users to refresh/reload the web page without re-login or re-signing any messages using the corresponding Ethereum addresses.
- If the user closes the tab opened for the app, the session should end immediately, and the user will have to log in again.
- If the user explicitly logs out, all account-key related session/local data shall be cleaned.
- No sensitive data shall be sent to the relayer.
Our new approach
Based on their valuable inputs, we implemented the new client-side account key scheme as follows:
- For each Ethereum address, our relayer counts how many times the account key had been updated already since registration, we call this value the key nonce
n. It starts from 0 and increment by 1 after each successful account key update.
- The app appends
nto the end of a constant string:
"Sign this message to access Loopring Exchange: 0x944644Ea989Ec64c2Ab9eF341D383cEf586A5777 with key nonce: ". The string includes our exchange’s root contract address. We denote the new string as
- The app then requests the user to sign
Mwith his/her Ethereum ECDSA private key, then verifies the signature
Sagainst the corresponding Ethereum address
- The app uses
sha256(S)as the seed to generate the EdDSA account key
- The app saves
Kas plain text in the browser’s session storage. The account key will be deleted once the session expires or the user logs out.
- When the user logins for a new session, the web app will query the key nonce from the relayer to construct the message for the user to sign.
Some properties of this approach
- No passwords. The key nonce concept is also transparent to users.
- No account keys will ever be the same, even for the same account.
- Fully compatible with Loopring’s smart wallet mobile app— EIP-1271 will be used to verify signatures from smart wallet addresses.
- Decoupled from the Loopring protocol. Professional users can still use their own algorithms to derive/manage account keys by interacting with the exchange contract directly.
Please reset your account key again
Some users have reset their account keys since the issue was initially identified, now all users need to do it again to adopt this new approach. Note that even if you don’t do it now or ever, your deposits on Loopring Exchange are safe, but trading will remain disabled.
We apologize for this inconvenience, and will compensate $2.50 worth of LRC for each necessary account key reset that took place before the end of May. (So if you reset since last week and do so again now, we will send $5 in LRC to your account. If you reset now for first time, we will send you $2.50 in LRC). We will send out LRC in the first week of June.
To reset your trading password, visit the Loopring Exchange (https://loopring.io), and connect your Ethereum address from which your account was already created. Then hover over the account button in the top right corner, and click ‘Reset Account Key’ from the slide-out menu.
We welcome feedback
We believe our new approach is a balance between security and usability. As far as usability, of course most of the points delineated above are abstracted from our users.
We’d love to hear constructive feedback from you to improve our frontend key management solution further. We hope other teams can learn from this, just as we have learned from others. Converging on a best practice solution would be a big boon for the Ethereum ZK space.
Loopring is a protocol for building high-performance, non-custodial, orderbook exchanges on Ethereum using zkRollup. You can sign up for our Monthly Update, learn more at Loopring.org, or check out a live exchange at Loopring.io.