ADR-028 Address algorithm

Problem discussion: https://github.com/cosmos/cosmos-sdk/issues/8041

Aaron gives a context and describes current approach of current address construction algorithm
- we only have two key schemas (secp256k1 and ed25519)

Alan general thoughts

we don't need 2-preimage resistance
we need 32bytes address space for collision resistance
- there is an issue with smart-contracts for hashing
- this things can overlap
- birthday attack

Diving in

Problems

when an attacker can control an input for object with an address then we have a problem with birthday attack

Note:

sha2 mining can be use to breaking address pre-image

Hashing algorithm

Any attack breaking blake3 will break blake2
Alan is pretty confident about the current security analysis of the blake hash algorithm. It was a finalist, and the author is well known in security analysis.

Algorithm:

Alan suggest to hash the prefix: hash(hash(prefix) | pub_key)[:32]
discussion about personalization
- -> about adding prefix post hash

Aaron is asking about post hash prefixes and differencies

key_type | hash(pub_key) - this has longer address space, so it's harder.

Alan: By separating out address spaces we are separating

Alan reccomendation is to do pre-hash prefixing because it solves:

we are free to user arbitrary long prefix names
we still don't risk collisions
switch tables

Complex addresses

multisig example
- - mention about bitcoin schnorr scheme (bip340), PS: we have also an issue for that: #7315.
merging tree like addresses with same algorithm are fine

should we separate / have different algorithm for module accounts?

Requirement:

can't colide with any other address in the system

Should module addresses have different size to differentiate it?

we will need to set a pre-image prefix for module addresse to keept them in 32-byte space: hash(hash('module') | module_key)

Aaron: we already need to deal with variable length (to not break secp256k1 keys).

Ideas for complex object addreses

hash the hash of object bytes
- cache the object byte hash whenever we will use it for the first time.

Discssion about arithmetic hash function

Posseidon / Rescue
Problem: much bigger risk because we don't know much techniques and history of crypto-analysis of arithmetic constructions. It's still a new ground and area of active research.

Post quantum signature size

Falcon: speed / size ration - very good.

Aaron - should we think about it?
based on early extrapolation this thing will get able to break EC cryptography in 2050 . But that's a lot of uncertinity.
but there is magic happening with recurions / linking / simulation and that can speedup the progress.

Other ideas

Let's say we use same key and two different address algorithms for 2 different use cases. Is it still safe to use it?
- if we want to hide the public key (which is not our use case), then it's less secure but there are fixes.

Syntax	Example	Reference
# Header	Header	基本排版
- Unordered List	Unordered List
1. Ordered List	Ordered List
- [ ] Todo List	Todo List
> Blockquote	Blockquote
Bold font	Bold font
Italics font	Italics font
~~Strikethrough~~	~~Strikethrough~~
19^th^	19^th
H~2~O	H₂O
++Inserted text++	Inserted text
==Marked text==	Marked text
[link text](https:// "title")	Link
![image alt](https:// "title")	Image
`Code`	`Code`	在筆記中貼入程式碼
```javascript var i = 0; ```	`var i = 0;`	在筆記中貼入程式碼
:smile:		Emoji list
{%youtube youtube_id %}	Externals
$L^aT_eX$	L^aT_eX
:::info This is a alert area. :::	This is a alert area.