Account address generation and authentication key rotation

Background

In the Aptos blockchain, when creating a new account, a 32-byte authentication key will be created first, this authentication key will be the account’s address. The authentication key will change when generating a new pair of the private and public keys to rotate the authentication key, but the account address will not change.

Motivation

Currently, there is no standard regarding the address generation and authentication key rotation implementations, wallets are using different approaches, leading to several problems:

  1. If wallets are using different address generation solutions, Accounts generated in one wallet might not be able to import to another wallet, which is not a best practice for the web3 world.
  2. It’s hard for the wallet software to manage multiple accounts with one mnemonic word.
  3. Wallets are using their own authentication key rotation solutions, making accounts hard to recover. Or wallets might not even implement the key rotation functionality, increasing the asset loss risks if the authentication key is compromised.

Proposal

Account generation

For the account generation, we propose the SLIP-10

Authentication key rotation

For the authentication key rotation, we propose to follow the OriginatingAddress implementation, new mnemonic words rotation should be used for security.

We’ve opened an issue in AIP Repo, more details can be found there.