Update cryptography and add master key

commonspace/object/accountdata/accountdata.go

@@ -6,16 +6,18 @@ import (
 )
 
 type AccountKeys struct {
-	PeerKey crypto.PrivKey
+	PeerKey   crypto.PrivKey
-	SignKey crypto.PrivKey
+	SignKey   crypto.PrivKey
-	PeerId  string
+	MasterKey crypto.PrivKey
+	PeerId    string
 }
 
-func New(peerKey crypto.PrivKey, signKey crypto.PrivKey) *AccountKeys {
+func New(peerKey, signKey, masterKey crypto.PrivKey) *AccountKeys {
 	return &AccountKeys{
-		PeerKey: peerKey,
+		PeerKey:   peerKey,
-		SignKey: signKey,
+		SignKey:   signKey,
-		PeerId:  peerKey.GetPublic().PeerId(),
+		MasterKey: masterKey,
+		PeerId:    peerKey.GetPublic().PeerId(),
 	}
 }
 
@@ -28,9 +30,14 @@ func NewRandom() (*AccountKeys, error) {
 	if err != nil {
 		return nil, err
 	}
+	masterKey, _, err := crypto.GenerateEd25519Key(rand.Reader)
+	if err != nil {
+		return nil, err
+	}
 	return &AccountKeys{
-		PeerKey: peerKey,
+		PeerKey:   peerKey,
-		SignKey: signKey,
+		SignKey:   signKey,
-		PeerId:  peerKey.GetPublic().PeerId(),
+		MasterKey: masterKey,
+		PeerId:    peerKey.GetPublic().PeerId(),
 	}, nil
 }

commonspace/object/acl/aclrecordproto/aclrecord.pb.go

@@ -247,11 +247,12 @@ func (m *AclRecord) GetTimestamp() int64 {
 }
 
 type AclRoot struct {
-	Identity         []byte `protobuf:"bytes,1,opt,name=identity,proto3" json:"identity,omitempty"`
+	Identity          []byte `protobuf:"bytes,1,opt,name=identity,proto3" json:"identity,omitempty"`
-	SpaceId          string `protobuf:"bytes,2,opt,name=spaceId,proto3" json:"spaceId,omitempty"`
+	MasterKey         []byte `protobuf:"bytes,2,opt,name=masterKey,proto3" json:"masterKey,omitempty"`
-	EncryptedReadKey []byte `protobuf:"bytes,3,opt,name=encryptedReadKey,proto3" json:"encryptedReadKey,omitempty"`
+	SpaceId           string `protobuf:"bytes,3,opt,name=spaceId,proto3" json:"spaceId,omitempty"`
-	DerivationParams []byte `protobuf:"bytes,4,opt,name=derivationParams,proto3" json:"derivationParams,omitempty"`
+	EncryptedReadKey  []byte `protobuf:"bytes,4,opt,name=encryptedReadKey,proto3" json:"encryptedReadKey,omitempty"`
-	Timestamp        int64  `protobuf:"varint,5,opt,name=timestamp,proto3" json:"timestamp,omitempty"`
+	Timestamp         int64  `protobuf:"varint,5,opt,name=timestamp,proto3" json:"timestamp,omitempty"`
+	IdentitySignature []byte `protobuf:"bytes,6,opt,name=identitySignature,proto3" json:"identitySignature,omitempty"`
 }
 
 func (m *AclRoot) Reset()         { *m = AclRoot{} }
@@ -294,6 +295,13 @@ func (m *AclRoot) GetIdentity() []byte {
 	return nil
 }
 
+func (m *AclRoot) GetMasterKey() []byte {
+	if m != nil {
+		return m.MasterKey
+	}
+	return nil
+}
+
 func (m *AclRoot) GetSpaceId() string {
 	if m != nil {
 		return m.SpaceId
@@ -308,13 +316,6 @@ func (m *AclRoot) GetEncryptedReadKey() []byte {
 	return nil
 }
 
-func (m *AclRoot) GetDerivationParams() []byte {
-	if m != nil {
-		return m.DerivationParams
-	}
-	return nil
-}
-
 func (m *AclRoot) GetTimestamp() int64 {
 	if m != nil {
 		return m.Timestamp
@@ -322,6 +323,13 @@ func (m *AclRoot) GetTimestamp() int64 {
 	return 0
 }
 
+func (m *AclRoot) GetIdentitySignature() []byte {
+	if m != nil {
+		return m.IdentitySignature
+	}
+	return nil
+}
+
 type AclContentValue struct {
 	// Types that are valid to be assigned to Value:
 	//
@@ -1136,64 +1144,65 @@ func init() {
 }
 
 var fileDescriptor_c8e9f754f34e929b = []byte{
-	// 907 bytes of a gzipped FileDescriptorProto
+	// 914 bytes of a gzipped FileDescriptorProto
 	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x56, 0x4f, 0x6f, 0x1b, 0x45,
-	0x14, 0xf7, 0xd8, 0x49, 0x1c, 0x3f, 0x9b, 0xc4, 0x19, 0xa0, 0x5d, 0x45, 0xc5, 0x8a, 0x56, 0x42,
+	0x14, 0xf7, 0xd8, 0x49, 0x9c, 0x7d, 0x36, 0x89, 0x33, 0x40, 0xbb, 0x8a, 0x82, 0x15, 0xad, 0x84,
-	0x8a, 0xaa, 0x2a, 0x11, 0x06, 0x29, 0x55, 0x84, 0xa8, 0xdc, 0x52, 0x64, 0xb7, 0x42, 0x8a, 0x26,
+	0x14, 0x55, 0x55, 0x22, 0x0c, 0x52, 0xaa, 0x08, 0x51, 0xb9, 0xa5, 0xc8, 0x6e, 0x84, 0x54, 0x4d,
-	0x40, 0x51, 0x39, 0x4d, 0x66, 0x47, 0xe9, 0xd0, 0xf5, 0xee, 0x6a, 0x66, 0x6c, 0xe4, 0x4f, 0x01,
+	0x80, 0xa2, 0x72, 0x9a, 0xcc, 0x8e, 0xd2, 0xa5, 0xeb, 0xdd, 0xd5, 0xcc, 0xd8, 0xc8, 0x9f, 0x02,
-	0x37, 0xae, 0x5c, 0x90, 0xf8, 0x02, 0x7c, 0x07, 0x8e, 0xb9, 0x20, 0x71, 0x44, 0xc9, 0x67, 0xe0,
+	0x6e, 0x5c, 0xb9, 0x20, 0xf1, 0x51, 0x38, 0xf6, 0x12, 0x89, 0x23, 0x4a, 0x3e, 0x03, 0x77, 0x34,
-	0x8e, 0x66, 0xc6, 0xfb, 0xdf, 0x31, 0x70, 0xa0, 0x87, 0xc4, 0x3b, 0xef, 0xfd, 0xe6, 0xcd, 0xef,
+	0x33, 0xde, 0xff, 0xce, 0x0a, 0x0e, 0x70, 0x48, 0xbc, 0xf3, 0xde, 0x6f, 0x66, 0x7e, 0xef, 0xf7,
-	0xfd, 0xe6, 0xbd, 0xb7, 0x0b, 0x1f, 0xb3, 0x78, 0x3a, 0x8d, 0x23, 0x95, 0x50, 0xc6, 0x8f, 0xe3,
+	0xfe, 0xec, 0xc2, 0xa7, 0x2c, 0x9e, 0xcd, 0xe2, 0x48, 0x26, 0x94, 0xf1, 0x93, 0xf8, 0xf2, 0x7b,
-	0x8b, 0x6f, 0x39, 0xd3, 0xc7, 0x94, 0x85, 0xe6, 0x4f, 0x72, 0x16, 0xcb, 0x20, 0x91, 0xb1, 0x8e,
+	0xce, 0xd4, 0x09, 0x65, 0xa1, 0xfe, 0x13, 0x9c, 0xc5, 0xc2, 0x4f, 0x44, 0xac, 0xe2, 0x13, 0xf3,
-	0x8f, 0xed, 0x7f, 0x95, 0x5b, 0x8f, 0xac, 0x01, 0x77, 0x32, 0x83, 0xff, 0x13, 0x82, 0x1e, 0xa1,
+	0x5f, 0xe6, 0xd6, 0x63, 0x63, 0xc0, 0x4e, 0x66, 0xf0, 0x7e, 0x41, 0xd0, 0x27, 0xf4, 0x87, 0x31,
-	0xdf, 0x8d, 0x58, 0x48, 0xac, 0x01, 0x7b, 0xd0, 0x4e, 0xe8, 0x22, 0x8c, 0x69, 0xe0, 0xa1, 0x03,
+	0x0b, 0x89, 0x31, 0x60, 0x17, 0xba, 0x09, 0x5d, 0x86, 0x31, 0xf5, 0x5d, 0x74, 0x88, 0x8e, 0xfa,
-	0x74, 0xd8, 0x23, 0xe9, 0x12, 0xdf, 0x83, 0x8e, 0x12, 0x97, 0x11, 0xd5, 0x33, 0xc9, 0xbd, 0xa6,
+	0x24, 0x5d, 0xe2, 0x03, 0x70, 0x64, 0x70, 0x15, 0x51, 0x35, 0x17, 0xdc, 0x6d, 0x1b, 0x5f, 0x6e,
-	0xf5, 0xe5, 0x06, 0x7c, 0x1f, 0xfa, 0x94, 0x31, 0x9e, 0xe8, 0x58, 0x4e, 0x02, 0x1e, 0x69, 0xa1,
+	0xc0, 0x0f, 0x60, 0x40, 0x19, 0xe3, 0x89, 0x8a, 0xc5, 0xd4, 0xe7, 0x91, 0x0a, 0xd4, 0xd2, 0xed,
-	0x17, 0x5e, 0xcb, 0x82, 0x6a, 0x76, 0xfc, 0x00, 0xf6, 0x52, 0xdb, 0x79, 0x16, 0x71, 0xc3, 0x82,
+	0x18, 0x50, 0xcd, 0x8e, 0x1f, 0xc2, 0x5e, 0x6a, 0xbb, 0xc8, 0x4e, 0xdc, 0x30, 0xe0, 0xba, 0xc3,
-	0xeb, 0x0e, 0xff, 0x13, 0xc0, 0x45, 0x86, 0x2f, 0x84, 0x7e, 0x35, 0x59, 0xc7, 0x73, 0x07, 0x9a,
+	0xfb, 0x0c, 0x70, 0x91, 0xe1, 0xcb, 0x40, 0xbd, 0x9e, 0x36, 0xf1, 0xdc, 0x81, 0x76, 0xe0, 0x1b,
-	0x22, 0xb0, 0x04, 0x3b, 0xa4, 0x29, 0x02, 0xff, 0x7b, 0x04, 0x9d, 0x3c, 0xbf, 0x3b, 0xb0, 0x95,
+	0x82, 0x0e, 0x69, 0x07, 0xbe, 0xf7, 0x23, 0x02, 0x27, 0x8f, 0xef, 0x1e, 0x6c, 0x25, 0x82, 0x2f,
-	0x48, 0x3e, 0x9f, 0xb8, 0x6d, 0x1d, 0xb2, 0x5c, 0xe1, 0x7d, 0xd8, 0x16, 0x29, 0x6f, 0x97, 0x5c,
+	0xa6, 0x76, 0x9b, 0x43, 0x56, 0x2b, 0xbc, 0x0f, 0xdb, 0x41, 0xca, 0xdb, 0x06, 0x97, 0xad, 0x31,
-	0xb6, 0xc6, 0x18, 0x36, 0x02, 0xaa, 0xe9, 0x32, 0x1f, 0xfb, 0x6c, 0xd4, 0x90, 0x9c, 0x06, 0xcf,
+	0x86, 0x0d, 0x9f, 0x2a, 0xba, 0x8a, 0xc7, 0x3c, 0x6b, 0x35, 0x04, 0xa7, 0xfe, 0x39, 0x5f, 0x4e,
-	0xf9, 0x62, 0x12, 0x58, 0xee, 0x1d, 0x92, 0x1b, 0x8c, 0x57, 0x8b, 0x29, 0x57, 0x9a, 0x4e, 0x13,
+	0x7d, 0xc3, 0xdd, 0x21, 0xb9, 0x41, 0x7b, 0x55, 0x30, 0xe3, 0x52, 0xd1, 0x59, 0xe2, 0x6e, 0x1e,
-	0x6f, 0xf3, 0x00, 0x1d, 0xb6, 0x48, 0x6e, 0xf0, 0x7f, 0x45, 0xd0, 0x36, 0x8c, 0xe2, 0x58, 0x97,
+	0xa2, 0xa3, 0x0e, 0xc9, 0x0d, 0xde, 0x35, 0x82, 0xae, 0x66, 0x14, 0xc7, 0xaa, 0x74, 0x2f, 0xaa,
-	0xce, 0x45, 0x95, 0x73, 0x3d, 0x68, 0xdb, 0x1b, 0x9e, 0xa4, 0xe9, 0xa4, 0x4b, 0xa3, 0x36, 0x8f,
+	0xdc, 0x7b, 0x00, 0xce, 0x8c, 0x4a, 0xc5, 0xc5, 0x39, 0x4f, 0x49, 0xe5, 0x06, 0xad, 0x80, 0xc9,
-	0x98, 0x5c, 0x24, 0x9a, 0x07, 0xc4, 0x9d, 0x9a, 0xaa, 0x5d, 0xb5, 0x1b, 0x6c, 0xc0, 0xa5, 0x98,
+	0xff, 0xd4, 0x37, 0xc4, 0x1c, 0x92, 0x2e, 0x75, 0x2e, 0x78, 0xc4, 0xc4, 0x32, 0x51, 0xdc, 0x27,
-	0x53, 0x2d, 0xe2, 0xe8, 0x8c, 0x4a, 0x3a, 0x55, 0x4b, 0xb1, 0x6b, 0xf6, 0x7f, 0xe0, 0xfd, 0x7b,
+	0x96, 0xd3, 0x4a, 0xde, 0x9a, 0xbd, 0x99, 0xa9, 0xce, 0x54, 0xca, 0x26, 0xcf, 0xd4, 0x96, 0xcd,
-	0x13, 0x76, 0x47, 0x2c, 0x7c, 0x12, 0x47, 0x9a, 0x47, 0xfa, 0x2b, 0x1a, 0xce, 0x38, 0xfe, 0x00,
+	0x54, 0xcd, 0xe1, 0x5d, 0xb7, 0x61, 0x77, 0xcc, 0xc2, 0xa7, 0x71, 0xa4, 0x78, 0xa4, 0xbe, 0xa1,
-	0xda, 0x33, 0xc5, 0xe5, 0x28, 0x70, 0x82, 0x76, 0x87, 0xef, 0x1e, 0xe5, 0xe5, 0x36, 0x62, 0xe1,
+	0xe1, 0x9c, 0xe3, 0x8f, 0xa0, 0x3b, 0x97, 0x5c, 0x8c, 0x7d, 0x2b, 0x78, 0x6f, 0xf4, 0xfe, 0x71,
-	0x97, 0xce, 0x39, 0x6e, 0x90, 0x14, 0x87, 0x4f, 0x01, 0xcc, 0x23, 0xe1, 0xd3, 0x78, 0xee, 0x2a,
+	0x5e, 0x8e, 0x63, 0x16, 0x7e, 0x6d, 0x9d, 0x93, 0x16, 0x49, 0x71, 0xf8, 0x0c, 0x40, 0x3f, 0x12,
-	0xa9, 0x3b, 0xf4, 0xea, 0xbb, 0x9c, 0x7f, 0xdc, 0x20, 0x05, 0x34, 0xfe, 0x1a, 0xde, 0x31, 0xab,
+	0x3e, 0x8b, 0x17, 0xb6, 0xd2, 0x7a, 0x23, 0xb7, 0xbe, 0xcb, 0xfa, 0x27, 0x2d, 0x52, 0x40, 0xe3,
-	0x33, 0x2e, 0xa7, 0x42, 0x29, 0x11, 0x47, 0x4f, 0x5e, 0xd1, 0xe8, 0x92, 0xdb, 0xe4, 0xbb, 0x43,
+	0x6f, 0xe1, 0x3d, 0xbd, 0x7a, 0xc1, 0xc5, 0x2c, 0x90, 0x32, 0x88, 0xa3, 0xa7, 0xaf, 0x69, 0x74,
-	0xbf, 0x1e, 0xa5, 0x8a, 0x1c, 0x37, 0xc8, 0xca, 0x08, 0x29, 0xab, 0x49, 0x34, 0x17, 0xda, 0x55,
+	0xc5, 0x8d, 0x42, 0xbd, 0x91, 0x57, 0x3f, 0xa5, 0x8a, 0x9c, 0xb4, 0xc8, 0xda, 0x13, 0x52, 0x56,
-	0xe3, 0x4a, 0x56, 0xce, 0x9f, 0xb2, 0x72, 0x2b, 0xfc, 0x11, 0x6c, 0x9b, 0xd5, 0xb3, 0x58, 0x44,
+	0xd3, 0x68, 0x11, 0x28, 0x5b, 0xad, 0x6b, 0x59, 0x59, 0x7f, 0xca, 0xca, 0xae, 0xf0, 0x27, 0xb0,
-	0x56, 0xb5, 0xee, 0xf0, 0x4e, 0x7d, 0xa7, 0xf1, 0x8e, 0x1b, 0x24, 0x43, 0x3e, 0x6e, 0xc3, 0xe6,
+	0xad, 0x57, 0xcf, 0xe3, 0x20, 0x32, 0x1a, 0xf7, 0x46, 0xf7, 0xea, 0x3b, 0xb5, 0x77, 0xd2, 0x22,
-	0xdc, 0x68, 0xe8, 0x3f, 0xb5, 0xe5, 0xf0, 0xa9, 0x29, 0xab, 0x53, 0x00, 0x9a, 0x29, 0xec, 0xa1,
+	0x19, 0xf2, 0x49, 0x17, 0x36, 0x17, 0x5a, 0x43, 0xef, 0x99, 0x29, 0x97, 0xcf, 0x75, 0xd9, 0x9d,
-	0x83, 0xd6, 0x61, 0x77, 0xb8, 0x5f, 0x8e, 0x55, 0x94, 0x9f, 0x14, 0xd0, 0xfe, 0x5f, 0x08, 0xb6,
+	0x01, 0xd0, 0x4c, 0x61, 0x17, 0x1d, 0x76, 0x8e, 0x7a, 0xa3, 0xfd, 0xf2, 0x59, 0x45, 0xf9, 0x49,
-	0x47, 0x2c, 0x3c, 0xd7, 0x54, 0x73, 0x3c, 0x00, 0xc8, 0xca, 0x51, 0xd9, 0x40, 0x1d, 0x52, 0xb0,
+	0x01, 0xed, 0xfd, 0x85, 0x60, 0x7b, 0xcc, 0xc2, 0x0b, 0x45, 0x15, 0xc7, 0x43, 0x80, 0xac, 0x5c,
-	0xe0, 0x13, 0x97, 0xae, 0x05, 0x2b, 0xaf, 0x69, 0x0f, 0xba, 0x5b, 0x27, 0x6d, 0xfd, 0xa4, 0x00,
+	0xa5, 0x39, 0xc8, 0x21, 0x05, 0x0b, 0x3e, 0xb5, 0xe1, 0x1a, 0xb0, 0x74, 0xdb, 0xe6, 0xa2, 0xfb,
-	0xc5, 0xa7, 0xd0, 0x16, 0x36, 0x6b, 0xe5, 0xb5, 0xec, 0xae, 0x83, 0xf2, 0x2e, 0x0b, 0x3b, 0x72,
+	0x75, 0xd2, 0xc6, 0x4f, 0x0a, 0x50, 0x7c, 0x06, 0xdd, 0xc0, 0x44, 0x2d, 0xdd, 0x8e, 0xd9, 0x75,
-	0xc2, 0xa8, 0xa7, 0x91, 0x96, 0x0b, 0x92, 0x6e, 0xd8, 0xff, 0x02, 0x7a, 0x45, 0x07, 0xee, 0x43,
+	0x58, 0xde, 0x65, 0x60, 0xc7, 0x56, 0x18, 0xf9, 0x2c, 0x52, 0x62, 0x49, 0xd2, 0x0d, 0xfb, 0x5f,
-	0xeb, 0x35, 0x5f, 0x2c, 0x3b, 0xd1, 0x3c, 0xe2, 0xa3, 0xa5, 0x26, 0xb7, 0x97, 0x85, 0x0b, 0x40,
+	0x41, 0xbf, 0xe8, 0xc0, 0x03, 0xe8, 0xbc, 0xe1, 0xcb, 0x55, 0xa7, 0xea, 0x47, 0x7c, 0xbc, 0xd2,
-	0x1c, 0xec, 0xb4, 0xf9, 0x10, 0xf9, 0xaf, 0xa1, 0x57, 0x64, 0xbb, 0xb6, 0xa5, 0x1e, 0x41, 0x37,
+	0xe4, 0xee, 0xb2, 0xb0, 0x07, 0x10, 0x0b, 0x3b, 0x6b, 0x3f, 0x42, 0xde, 0x1b, 0xe8, 0x17, 0xd9,
-	0xc9, 0x6e, 0x5e, 0xd9, 0x53, 0x76, 0x86, 0xef, 0xad, 0x2b, 0x1b, 0x45, 0x8a, 0x3b, 0xfc, 0x1f,
+	0x36, 0xb6, 0xdc, 0x63, 0xe8, 0x25, 0x59, 0xe6, 0xa5, 0xb9, 0x65, 0x67, 0xf4, 0x41, 0x53, 0xd9,
-	0x11, 0x40, 0x5e, 0xd6, 0x6b, 0xcf, 0x7a, 0x00, 0x7b, 0xd5, 0x66, 0x74, 0x4a, 0xf7, 0x48, 0xdd,
+	0x48, 0x52, 0xdc, 0xe1, 0xfd, 0x8c, 0x00, 0xf2, 0xb2, 0x6e, 0xbc, 0xeb, 0x21, 0xec, 0x55, 0xdb,
-	0x51, 0x65, 0xd6, 0xfa, 0xcf, 0xcc, 0x7e, 0x41, 0xf0, 0x56, 0x49, 0x23, 0x7c, 0x08, 0xbb, 0x6e,
+	0xd1, 0x2a, 0xdd, 0x27, 0x75, 0x47, 0x95, 0x59, 0xe7, 0x5f, 0x33, 0xfb, 0x0d, 0xc1, 0x3b, 0x25,
-	0x9c, 0x9e, 0xcd, 0x2e, 0x42, 0xc1, 0x9e, 0xf3, 0x94, 0x63, 0xd5, 0xfc, 0xa6, 0xa9, 0xfe, 0x8c,
+	0x8d, 0xf0, 0x11, 0xec, 0xda, 0x71, 0xfb, 0x62, 0x7e, 0x19, 0x06, 0xec, 0x9c, 0xa7, 0x1c, 0xab,
-	0xa0, 0x5b, 0xe8, 0x8a, 0xb5, 0x2a, 0x66, 0x49, 0x9c, 0x57, 0x5e, 0x3e, 0x55, 0x33, 0xf6, 0xa1,
+	0xe6, 0xff, 0x9b, 0xea, 0xaf, 0x08, 0x7a, 0x85, 0xae, 0x68, 0x54, 0x31, 0x0b, 0xe2, 0xa2, 0xf2,
-	0x97, 0xe5, 0x95, 0x0f, 0xc4, 0x92, 0x6d, 0x75, 0xa2, 0x1b, 0xb7, 0x24, 0xea, 0xab, 0x4c, 0xd1,
+	0x72, 0xaa, 0x9a, 0xb1, 0x07, 0xfd, 0x2c, 0x2e, 0x1d, 0xab, 0x1d, 0xe7, 0x25, 0xdb, 0xfa, 0x40,
-	0xe5, 0xf8, 0x59, 0x47, 0xf4, 0x33, 0xd8, 0x5d, 0xf6, 0x17, 0xe1, 0x49, 0x48, 0x59, 0xd6, 0x56,
+	0x37, 0xee, 0x08, 0xd4, 0x93, 0x99, 0xa2, 0xab, 0xf1, 0xd3, 0x44, 0xf4, 0x0b, 0xd8, 0x5d, 0xf5,
-	0xf7, 0xca, 0xca, 0x90, 0x12, 0x88, 0x54, 0x37, 0xf9, 0xdf, 0xc0, 0x5e, 0x0d, 0xb5, 0xf6, 0xe0,
+	0x17, 0xe1, 0x49, 0x48, 0x59, 0xd6, 0x56, 0x07, 0x65, 0x65, 0x48, 0x09, 0x44, 0xaa, 0x9b, 0xbc,
-	0x55, 0x2f, 0x83, 0xe6, 0xea, 0x97, 0x81, 0x3f, 0x87, 0xbb, 0xb7, 0x0c, 0xc6, 0xff, 0xb7, 0x6d,
+	0xef, 0x60, 0xaf, 0x86, 0x6a, 0xbc, 0x78, 0xdd, 0xeb, 0xa0, 0xbd, 0xfe, 0x75, 0xe0, 0x2d, 0xe0,
-	0x9e, 0xc1, 0x8e, 0x99, 0x0d, 0x8b, 0x88, 0x7d, 0xce, 0x95, 0xa2, 0x97, 0x1c, 0x3f, 0x84, 0x36,
+	0xfe, 0x1d, 0x83, 0xf1, 0xbf, 0x6d, 0x9b, 0xe7, 0xb0, 0xa3, 0x67, 0xc3, 0x32, 0x62, 0x5f, 0x72,
-	0xcb, 0xc6, 0x9c, 0xe9, 0xf5, 0x41, 0x65, 0x8e, 0x2c, 0x22, 0x56, 0x1a, 0x75, 0x29, 0xdc, 0x7f,
+	0x29, 0xe9, 0x15, 0xc7, 0x8f, 0xa0, 0xcb, 0xb2, 0x31, 0xa7, 0x7b, 0x7d, 0x58, 0x99, 0x23, 0xcb,
-	0x09, 0x6f, 0xaf, 0xf0, 0xdb, 0xd1, 0x19, 0x04, 0xee, 0x35, 0xaf, 0x96, 0x31, 0x2b, 0xf3, 0x63,
+	0x88, 0x95, 0x46, 0x5d, 0x0a, 0xf7, 0x5e, 0xc1, 0xbb, 0x6b, 0xfc, 0x66, 0x74, 0xfa, 0xbe, 0xfd,
-	0x94, 0xf9, 0xcd, 0x00, 0xcf, 0xd1, 0xf9, 0x28, 0x1e, 0xdb, 0x1b, 0xcf, 0x71, 0xf8, 0x04, 0xda,
+	0x0c, 0x90, 0xab, 0x33, 0x2b, 0xf3, 0x63, 0x9c, 0xf9, 0xf5, 0x00, 0xcf, 0xd1, 0xf9, 0x28, 0x9e,
-	0x32, 0x0b, 0x69, 0x6e, 0xb3, 0x98, 0x75, 0xfd, 0xbb, 0x84, 0xa4, 0xe8, 0xfb, 0x27, 0x80, 0xeb,
+	0x98, 0x8c, 0xe7, 0x38, 0x7c, 0x0a, 0x5d, 0x91, 0x1d, 0xa9, 0xb3, 0x59, 0x8c, 0xba, 0xfe, 0xdd,
-	0xa2, 0xe0, 0x0e, 0x6c, 0x8e, 0x82, 0xa9, 0x88, 0xfa, 0x0d, 0x0c, 0xb0, 0xf5, 0x42, 0x0a, 0xcd,
+	0x42, 0x52, 0xf4, 0x83, 0x53, 0xc0, 0x75, 0x51, 0xb0, 0x03, 0x9b, 0x63, 0x7f, 0x16, 0x44, 0x83,
-	0x65, 0x1f, 0x99, 0x67, 0x73, 0x43, 0x5c, 0xf6, 0x9b, 0x8f, 0x1f, 0xfd, 0x76, 0x3d, 0x40, 0x57,
+	0x16, 0x06, 0xd8, 0x7a, 0x29, 0x02, 0xc5, 0xc5, 0x00, 0xe9, 0x67, 0x9d, 0x21, 0x2e, 0x06, 0xed,
-	0xd7, 0x03, 0xf4, 0xe7, 0xf5, 0x00, 0xfd, 0x70, 0x33, 0x68, 0x5c, 0xdd, 0x0c, 0x1a, 0x7f, 0xdc,
+	0x27, 0x8f, 0x7f, 0xbf, 0x19, 0xa2, 0xb7, 0x37, 0x43, 0xf4, 0xe7, 0xcd, 0x10, 0xfd, 0x74, 0x3b,
-	0x0c, 0x1a, 0x2f, 0xdf, 0xff, 0x57, 0x5f, 0x7d, 0x17, 0x5b, 0xf6, 0xe7, 0xc3, 0xbf, 0x03, 0x00,
+	0x6c, 0xbd, 0xbd, 0x1d, 0xb6, 0xfe, 0xb8, 0x1d, 0xb6, 0x5e, 0x7d, 0xf8, 0x8f, 0xbe, 0x0a, 0x2f,
-	0x00, 0xff, 0xff, 0xd0, 0x3a, 0xc4, 0x88, 0x25, 0x0a, 0x00, 0x00,
+	0xb7, 0xcc, 0xcf, 0xc7, 0x7f, 0x07, 0x00, 0x00, 0xff, 0xff, 0x2e, 0x3b, 0x3f, 0x0a, 0x45, 0x0a,
+	0x00, 0x00,
 }
 
 func (m *RawAclRecord) Marshal() (dAtA []byte, err error) {
@@ -1360,30 +1369,37 @@ func (m *AclRoot) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 	_ = i
 	var l int
 	_ = l
+	if len(m.IdentitySignature) > 0 {
+		i -= len(m.IdentitySignature)
+		copy(dAtA[i:], m.IdentitySignature)
+		i = encodeVarintAclrecord(dAtA, i, uint64(len(m.IdentitySignature)))
+		i--
+		dAtA[i] = 0x32
+	}
 	if m.Timestamp != 0 {
 		i = encodeVarintAclrecord(dAtA, i, uint64(m.Timestamp))
 		i--
 		dAtA[i] = 0x28
 	}
-	if len(m.DerivationParams) > 0 {
-		i -= len(m.DerivationParams)
-		copy(dAtA[i:], m.DerivationParams)
-		i = encodeVarintAclrecord(dAtA, i, uint64(len(m.DerivationParams)))
-		i--
-		dAtA[i] = 0x22
-	}
 	if len(m.EncryptedReadKey) > 0 {
 		i -= len(m.EncryptedReadKey)
 		copy(dAtA[i:], m.EncryptedReadKey)
 		i = encodeVarintAclrecord(dAtA, i, uint64(len(m.EncryptedReadKey)))
 		i--
-		dAtA[i] = 0x1a
+		dAtA[i] = 0x22
 	}
 	if len(m.SpaceId) > 0 {
 		i -= len(m.SpaceId)
 		copy(dAtA[i:], m.SpaceId)
 		i = encodeVarintAclrecord(dAtA, i, uint64(len(m.SpaceId)))
 		i--
+		dAtA[i] = 0x1a
+	}
+	if len(m.MasterKey) > 0 {
+		i -= len(m.MasterKey)
+		copy(dAtA[i:], m.MasterKey)
+		i = encodeVarintAclrecord(dAtA, i, uint64(len(m.MasterKey)))
+		i--
 		dAtA[i] = 0x12
 	}
 	if len(m.Identity) > 0 {
@@ -2150,6 +2166,10 @@ func (m *AclRoot) Size() (n int) {
 	if l > 0 {
 		n += 1 + l + sovAclrecord(uint64(l))
 	}
+	l = len(m.MasterKey)
+	if l > 0 {
+		n += 1 + l + sovAclrecord(uint64(l))
+	}
 	l = len(m.SpaceId)
 	if l > 0 {
 		n += 1 + l + sovAclrecord(uint64(l))
@@ -2158,13 +2178,13 @@ func (m *AclRoot) Size() (n int) {
 	if l > 0 {
 		n += 1 + l + sovAclrecord(uint64(l))
 	}
-	l = len(m.DerivationParams)
-	if l > 0 {
-		n += 1 + l + sovAclrecord(uint64(l))
-	}
 	if m.Timestamp != 0 {
 		n += 1 + sovAclrecord(uint64(m.Timestamp))
 	}
+	l = len(m.IdentitySignature)
+	if l > 0 {
+		n += 1 + l + sovAclrecord(uint64(l))
+	}
 	return n
 }
 
@@ -3053,6 +3073,40 @@ func (m *AclRoot) Unmarshal(dAtA []byte) error {
 			}
 			iNdEx = postIndex
 		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field MasterKey", wireType)
+			}
+			var byteLen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowAclrecord
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				byteLen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if byteLen < 0 {
+				return ErrInvalidLengthAclrecord
+			}
+			postIndex := iNdEx + byteLen
+			if postIndex < 0 {
+				return ErrInvalidLengthAclrecord
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.MasterKey = append(m.MasterKey[:0], dAtA[iNdEx:postIndex]...)
+			if m.MasterKey == nil {
+				m.MasterKey = []byte{}
+			}
+			iNdEx = postIndex
+		case 3:
 			if wireType != 2 {
 				return fmt.Errorf("proto: wrong wireType = %d for field SpaceId", wireType)
 			}
@@ -3084,7 +3138,7 @@ func (m *AclRoot) Unmarshal(dAtA []byte) error {
 			}
 			m.SpaceId = string(dAtA[iNdEx:postIndex])
 			iNdEx = postIndex
-		case 3:
+		case 4:
 			if wireType != 2 {
 				return fmt.Errorf("proto: wrong wireType = %d for field EncryptedReadKey", wireType)
 			}
@@ -3118,9 +3172,28 @@ func (m *AclRoot) Unmarshal(dAtA []byte) error {
 				m.EncryptedReadKey = []byte{}
 			}
 			iNdEx = postIndex
-		case 4:
+		case 5:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Timestamp", wireType)
+			}
+			m.Timestamp = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowAclrecord
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.Timestamp |= int64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 6:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field DerivationParams", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field IdentitySignature", wireType)
 			}
 			var byteLen int
 			for shift := uint(0); ; shift += 7 {
@@ -3147,30 +3220,11 @@ func (m *AclRoot) Unmarshal(dAtA []byte) error {
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.DerivationParams = append(m.DerivationParams[:0], dAtA[iNdEx:postIndex]...)
+			m.IdentitySignature = append(m.IdentitySignature[:0], dAtA[iNdEx:postIndex]...)
-			if m.DerivationParams == nil {
+			if m.IdentitySignature == nil {
-				m.DerivationParams = []byte{}
+				m.IdentitySignature = []byte{}
 			}
 			iNdEx = postIndex
-		case 5:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Timestamp", wireType)
-			}
-			m.Timestamp = 0
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowAclrecord
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				m.Timestamp |= int64(b&0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
 		default:
 			iNdEx = preIndex
 			skippy, err := skipAclrecord(dAtA[iNdEx:])

commonspace/object/acl/aclrecordproto/protos/aclrecord.proto

@@ -24,10 +24,11 @@ message AclRecord {
 
 message AclRoot {
     bytes identity = 1;
-    string spaceId = 2;
+    bytes masterKey = 2;
-    bytes encryptedReadKey = 3;
+    string spaceId = 3;
-    bytes derivationParams = 4;
+    bytes encryptedReadKey = 4;
     int64 timestamp = 5;
+    bytes identitySignature = 6;
 }
 
 message AclContentValue {

commonspace/object/acl/list/aclrecordbuilder.go

@@ -4,14 +4,14 @@ import (
 	"github.com/anytypeio/any-sync/commonspace/object/acl/aclrecordproto"
 	"github.com/anytypeio/any-sync/util/cidutil"
 	"github.com/anytypeio/any-sync/util/crypto"
-	"github.com/anytypeio/any-sync/util/crypto/cryptoproto"
 	"github.com/gogo/protobuf/proto"
+	"time"
 )
 
 type RootContent struct {
 	PrivKey          crypto.PrivKey
+	MasterKey        crypto.PrivKey
 	SpaceId          string
-	DerivationPath   string
 	EncryptedReadKey []byte
 }
 
@@ -89,22 +89,25 @@ func (a *aclRecordBuilder) BuildRoot(content RootContent) (rec *aclrecordproto.R
 	if err != nil {
 		return
 	}
-	var derivationParams []byte
+	masterKey, err := content.MasterKey.GetPublic().Marshall()
-	if content.DerivationPath != "" {
+	if err != nil {
-		keyDerivation := &cryptoproto.KeyDerivation{
+		return
-			Method:         cryptoproto.DerivationMethod_Slip21,
+	}
-			DerivationPath: content.DerivationPath,
+	identitySignature, err := content.MasterKey.Sign(identity)
-		}
+	if err != nil {
-		derivationParams, err = keyDerivation.Marshal()
+		return
-		if err != nil {
+	}
-			return
+	var timestamp int64
-		}
+	if content.EncryptedReadKey != nil {
+		timestamp = time.Now().Unix()
 	}
 	aclRoot := &aclrecordproto.AclRoot{
-		Identity:         identity,
+		Identity:          identity,
-		SpaceId:          content.SpaceId,
+		SpaceId:           content.SpaceId,
-		EncryptedReadKey: content.EncryptedReadKey,
+		EncryptedReadKey:  content.EncryptedReadKey,
-		DerivationParams: derivationParams,
+		MasterKey:         masterKey,
+		IdentitySignature: identitySignature,
+		Timestamp:         timestamp,
 	}
 	return marshalAclRoot(aclRoot, content.PrivKey)
 }

commonspace/object/acl/list/aclstate.go

@@ -3,8 +3,6 @@ package list
 import (
 	"errors"
 	"fmt"
-	"github.com/anytypeio/any-sync/util/crypto/cryptoproto"
-
 	"github.com/anytypeio/any-sync/app/logger"
 	"github.com/anytypeio/any-sync/commonspace/object/acl/aclrecordproto"
 	"github.com/anytypeio/any-sync/util/crypto"
@@ -172,8 +170,8 @@ func (st *AclState) saveReadKeyFromRoot(record *AclRecord) (err error) {
 	if !ok {
 		return ErrIncorrectRoot
 	}
-	if root.DerivationParams != nil {
+	if root.EncryptedReadKey == nil {
-		readKey, err = st.deriveKey(root.DerivationParams)
+		readKey, err = st.deriveKey()
 		if err != nil {
 			return
 		}
@@ -315,17 +313,12 @@ func (st *AclState) LastRecordId() string {
 	return st.lastRecordId
 }
 
-func (st *AclState) deriveKey(params []byte) (crypto.SymKey, error) {
+func (st *AclState) deriveKey() (crypto.SymKey, error) {
-	keyDerivation := &cryptoproto.KeyDerivation{}
-	err := proto.Unmarshal(params, keyDerivation)
-	if err != nil {
-		return nil, err
-	}
 	keyBytes, err := st.key.Raw()
 	if err != nil {
 		return nil, err
 	}
-	return crypto.DeriveSymmetricKey(keyBytes, keyDerivation.DerivationPath)
+	return crypto.DeriveSymmetricKey(keyBytes, crypto.AnysyncSpacePath)
 }
 
 func mapKeyFromPubKey(pubKey crypto.PubKey) string {

commonspace/object/acl/list/listutils.go

@@ -10,9 +10,9 @@ import (
 func NewTestDerivedAcl(spaceId string, keys *accountdata.AccountKeys) (AclList, error) {
 	builder := NewAclRecordBuilder("", crypto.NewKeyStorage())
 	root, err := builder.BuildRoot(RootContent{
-		PrivKey:        keys.SignKey,
+		PrivKey:   keys.SignKey,
-		SpaceId:        spaceId,
+		SpaceId:   spaceId,
-		DerivationPath: crypto.AnytypeAccountPath,
+		MasterKey: keys.MasterKey,
 	})
 	if err != nil {
 		return nil, err

commonspace/payloads.go

@@ -66,6 +66,7 @@ func storagePayloadForSpaceCreate(payload SpaceCreatePayload) (storagePayload sp
 	aclBuilder := list.NewAclRecordBuilder("", keyStorage)
 	aclRoot, err := aclBuilder.BuildRoot(list.RootContent{
 		PrivKey:          payload.SigningKey,
+		MasterKey:        payload.MasterKey,
 		SpaceId:          spaceId,
 		EncryptedReadKey: readKey,
 	})
@@ -151,9 +152,9 @@ func storagePayloadForSpaceDerive(payload SpaceDerivePayload) (storagePayload sp
 	keyStorage := crypto.NewKeyStorage()
 	aclBuilder := list.NewAclRecordBuilder("", keyStorage)
 	aclRoot, err := aclBuilder.BuildRoot(list.RootContent{
-		PrivKey:        payload.SigningKey,
+		PrivKey:   payload.SigningKey,
-		SpaceId:        spaceId,
+		MasterKey: payload.MasterKey,
-		DerivationPath: crypto.AnytypeAccountPath,
+		SpaceId:   spaceId,
 	})
 	if err != nil {
 		return

commonspace/space.go

@@ -50,6 +50,8 @@ type SpaceCreatePayload struct {
 	ReplicationKey uint64
 	// SpacePayload is an arbitrary payload related to space type
 	SpacePayload []byte
+	// MasterKey is the master key of the owner
+	MasterKey crypto.PrivKey
 }
 
 type HandleMessage struct {
@@ -61,6 +63,7 @@ type HandleMessage struct {
 
 type SpaceDerivePayload struct {
 	SigningKey   crypto.PrivKey
+	MasterKey    crypto.PrivKey
 	SpaceType    string
 	SpacePayload []byte
 }

util/crypto/cryptoproto/crypto.pb.go

@@ -50,28 +50,6 @@ func (KeyType) EnumDescriptor() ([]byte, []int) {
 	return fileDescriptor_ddfeb19e486561de, []int{0}
 }
 
-type DerivationMethod int32
-
-const (
-	DerivationMethod_Slip21 DerivationMethod = 0
-)
-
-var DerivationMethod_name = map[int32]string{
-	0: "Slip21",
-}
-
-var DerivationMethod_value = map[string]int32{
-	"Slip21": 0,
-}
-
-func (x DerivationMethod) String() string {
-	return proto.EnumName(DerivationMethod_name, int32(x))
-}
-
-func (DerivationMethod) EnumDescriptor() ([]byte, []int) {
-	return fileDescriptor_ddfeb19e486561de, []int{1}
-}
-
 type Key struct {
 	Type KeyType `protobuf:"varint,1,opt,name=Type,proto3,enum=crypto.KeyType" json:"Type,omitempty"`
 	Data []byte  `protobuf:"bytes,2,opt,name=Data,proto3" json:"Data,omitempty"`
@@ -124,63 +102,9 @@ func (m *Key) GetData() []byte {
 	return nil
 }
 
-type KeyDerivation struct {
-	Method         DerivationMethod `protobuf:"varint,1,opt,name=method,proto3,enum=crypto.DerivationMethod" json:"method,omitempty"`
-	DerivationPath string           `protobuf:"bytes,2,opt,name=derivationPath,proto3" json:"derivationPath,omitempty"`
-}
-
-func (m *KeyDerivation) Reset()         { *m = KeyDerivation{} }
-func (m *KeyDerivation) String() string { return proto.CompactTextString(m) }
-func (*KeyDerivation) ProtoMessage()    {}
-func (*KeyDerivation) Descriptor() ([]byte, []int) {
-	return fileDescriptor_ddfeb19e486561de, []int{1}
-}
-func (m *KeyDerivation) XXX_Unmarshal(b []byte) error {
-	return m.Unmarshal(b)
-}
-func (m *KeyDerivation) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	if deterministic {
-		return xxx_messageInfo_KeyDerivation.Marshal(b, m, deterministic)
-	} else {
-		b = b[:cap(b)]
-		n, err := m.MarshalToSizedBuffer(b)
-		if err != nil {
-			return nil, err
-		}
-		return b[:n], nil
-	}
-}
-func (m *KeyDerivation) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_KeyDerivation.Merge(m, src)
-}
-func (m *KeyDerivation) XXX_Size() int {
-	return m.Size()
-}
-func (m *KeyDerivation) XXX_DiscardUnknown() {
-	xxx_messageInfo_KeyDerivation.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_KeyDerivation proto.InternalMessageInfo
-
-func (m *KeyDerivation) GetMethod() DerivationMethod {
-	if m != nil {
-		return m.Method
-	}
-	return DerivationMethod_Slip21
-}
-
-func (m *KeyDerivation) GetDerivationPath() string {
-	if m != nil {
-		return m.DerivationPath
-	}
-	return ""
-}
-
 func init() {
 	proto.RegisterEnum("crypto.KeyType", KeyType_name, KeyType_value)
-	proto.RegisterEnum("crypto.DerivationMethod", DerivationMethod_name, DerivationMethod_value)
 	proto.RegisterType((*Key)(nil), "crypto.Key")
-	proto.RegisterType((*KeyDerivation)(nil), "crypto.KeyDerivation")
 }
 
 func init() {
@@ -188,24 +112,19 @@ func init() {
 }
 
 var fileDescriptor_ddfeb19e486561de = []byte{
-	// 263 bytes of a gzipped FileDescriptorProto
+	// 191 bytes of a gzipped FileDescriptorProto
 	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0xd2, 0x2e, 0x2d, 0xc9, 0xcc,
 	0xd1, 0x4f, 0x2e, 0xaa, 0x2c, 0x28, 0xc9, 0x87, 0x52, 0x05, 0x45, 0xf9, 0x25, 0xf9, 0xfa, 0x60,
 	0xb2, 0x18, 0x2a, 0xa4, 0x07, 0xe6, 0x09, 0xb1, 0x41, 0x78, 0x4a, 0x76, 0x5c, 0xcc, 0xde, 0xa9,
 	0x95, 0x42, 0xca, 0x5c, 0x2c, 0x21, 0x95, 0x05, 0xa9, 0x12, 0x8c, 0x0a, 0x8c, 0x1a, 0x7c, 0x46,
 	0xfc, 0x7a, 0x50, 0xb5, 0xde, 0xa9, 0x95, 0x20, 0xe1, 0x20, 0xb0, 0xa4, 0x90, 0x10, 0x17, 0x8b,
-	0x4b, 0x62, 0x49, 0xa2, 0x04, 0x93, 0x02, 0xa3, 0x06, 0x4f, 0x10, 0x98, 0xad, 0x94, 0xc9, 0xc5,
+	0x4b, 0x62, 0x49, 0xa2, 0x04, 0x93, 0x02, 0xa3, 0x06, 0x4f, 0x10, 0x98, 0xad, 0x65, 0xc9, 0xc5,
-	0xeb, 0x9d, 0x5a, 0xe9, 0x92, 0x5a, 0x94, 0x59, 0x96, 0x58, 0x92, 0x99, 0x9f, 0x27, 0x64, 0xc0,
+	0x0e, 0x55, 0x24, 0x24, 0xc8, 0xc5, 0xeb, 0x9a, 0x62, 0x64, 0x6a, 0x6a, 0x68, 0x19, 0x50, 0x9a,
-	0xc5, 0x96, 0x9b, 0x5a, 0x92, 0x91, 0x9f, 0x02, 0x35, 0x4b, 0x02, 0x66, 0x16, 0x42, 0x8d, 0x2f,
+	0x94, 0x93, 0x99, 0x2c, 0xc0, 0x20, 0x24, 0xc4, 0xc5, 0x07, 0x13, 0x2a, 0xca, 0x2c, 0x4b, 0x2c,
-	0x58, 0x3e, 0x08, 0xaa, 0x4e, 0x48, 0x8d, 0x8b, 0x2f, 0x05, 0x2e, 0x17, 0x90, 0x58, 0x92, 0x01,
+	0x49, 0x15, 0x60, 0x14, 0x62, 0xe7, 0x62, 0x76, 0x74, 0x0d, 0x16, 0x60, 0x72, 0x32, 0x3c, 0xf1,
-	0xb6, 0x80, 0x33, 0x08, 0x4d, 0x54, 0xcb, 0x92, 0x8b, 0x1d, 0xea, 0x1e, 0x21, 0x41, 0x2e, 0x5e,
+	0x48, 0x8e, 0xf1, 0xc2, 0x23, 0x39, 0xc6, 0x07, 0x8f, 0xe4, 0x18, 0x27, 0x3c, 0x96, 0x63, 0xb8,
-	0xd7, 0x14, 0x23, 0x53, 0x53, 0x43, 0xcb, 0x80, 0xd2, 0xa4, 0x9c, 0xcc, 0x64, 0x01, 0x06, 0x21,
+	0xf0, 0x58, 0x8e, 0xe1, 0xc6, 0x63, 0x39, 0x86, 0x28, 0x71, 0x1c, 0x3e, 0x49, 0x62, 0x03, 0x53,
-	0x21, 0x2e, 0x3e, 0x98, 0x10, 0x58, 0x57, 0xaa, 0x00, 0xa3, 0x10, 0x3b, 0x17, 0xb3, 0xa3, 0x6b,
+	0xc6, 0x80, 0x00, 0x00, 0x00, 0xff, 0xff, 0x27, 0xb9, 0xba, 0xd8, 0xeb, 0x00, 0x00, 0x00,
-	0xb0, 0x00, 0x93, 0x96, 0x1c, 0x97, 0x00, 0xba, 0xf5, 0x42, 0x5c, 0x5c, 0x6c, 0xc1, 0x39, 0x99,
-	0x05, 0x46, 0x86, 0x02, 0x0c, 0x4e, 0x86, 0x27, 0x1e, 0xc9, 0x31, 0x5e, 0x78, 0x24, 0xc7, 0xf8,
-	0xe0, 0x91, 0x1c, 0xe3, 0x84, 0xc7, 0x72, 0x0c, 0x17, 0x1e, 0xcb, 0x31, 0xdc, 0x78, 0x2c, 0xc7,
-	0x10, 0x25, 0x8e, 0x23, 0x50, 0x93, 0xd8, 0xc0, 0x94, 0x31, 0x20, 0x00, 0x00, 0xff, 0xff, 0x65,
-	0xdf, 0xa5, 0x11, 0x76, 0x01, 0x00, 0x00,
 }
 
 func (m *Key) Marshal() (dAtA []byte, err error) {
@@ -243,41 +162,6 @@ func (m *Key) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 	return len(dAtA) - i, nil
 }
 
-func (m *KeyDerivation) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalToSizedBuffer(dAtA[:size])
-	if err != nil {
-		return nil, err
-	}
-	return dAtA[:n], nil
-}
-
-func (m *KeyDerivation) MarshalTo(dAtA []byte) (int, error) {
-	size := m.Size()
-	return m.MarshalToSizedBuffer(dAtA[:size])
-}
-
-func (m *KeyDerivation) MarshalToSizedBuffer(dAtA []byte) (int, error) {
-	i := len(dAtA)
-	_ = i
-	var l int
-	_ = l
-	if len(m.DerivationPath) > 0 {
-		i -= len(m.DerivationPath)
-		copy(dAtA[i:], m.DerivationPath)
-		i = encodeVarintCrypto(dAtA, i, uint64(len(m.DerivationPath)))
-		i--
-		dAtA[i] = 0x12
-	}
-	if m.Method != 0 {
-		i = encodeVarintCrypto(dAtA, i, uint64(m.Method))
-		i--
-		dAtA[i] = 0x8
-	}
-	return len(dAtA) - i, nil
-}
-
 func encodeVarintCrypto(dAtA []byte, offset int, v uint64) int {
 	offset -= sovCrypto(v)
 	base := offset
@@ -305,22 +189,6 @@ func (m *Key) Size() (n int) {
 	return n
 }
 
-func (m *KeyDerivation) Size() (n int) {
-	if m == nil {
-		return 0
-	}
-	var l int
-	_ = l
-	if m.Method != 0 {
-		n += 1 + sovCrypto(uint64(m.Method))
-	}
-	l = len(m.DerivationPath)
-	if l > 0 {
-		n += 1 + l + sovCrypto(uint64(l))
-	}
-	return n
-}
-
 func sovCrypto(x uint64) (n int) {
 	return (math_bits.Len64(x|1) + 6) / 7
 }
@@ -430,107 +298,6 @@ func (m *Key) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *KeyDerivation) Unmarshal(dAtA []byte) error {
-	l := len(dAtA)
-	iNdEx := 0
-	for iNdEx < l {
-		preIndex := iNdEx
-		var wire uint64
-		for shift := uint(0); ; shift += 7 {
-			if shift >= 64 {
-				return ErrIntOverflowCrypto
-			}
-			if iNdEx >= l {
-				return io.ErrUnexpectedEOF
-			}
-			b := dAtA[iNdEx]
-			iNdEx++
-			wire |= uint64(b&0x7F) << shift
-			if b < 0x80 {
-				break
-			}
-		}
-		fieldNum := int32(wire >> 3)
-		wireType := int(wire & 0x7)
-		if wireType == 4 {
-			return fmt.Errorf("proto: KeyDerivation: wiretype end group for non-group")
-		}
-		if fieldNum <= 0 {
-			return fmt.Errorf("proto: KeyDerivation: illegal tag %d (wire type %d)", fieldNum, wire)
-		}
-		switch fieldNum {
-		case 1:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Method", wireType)
-			}
-			m.Method = 0
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowCrypto
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				m.Method |= DerivationMethod(b&0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-		case 2:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field DerivationPath", wireType)
-			}
-			var stringLen uint64
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowCrypto
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				stringLen |= uint64(b&0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
-				return ErrInvalidLengthCrypto
-			}
-			postIndex := iNdEx + intStringLen
-			if postIndex < 0 {
-				return ErrInvalidLengthCrypto
-			}
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			m.DerivationPath = string(dAtA[iNdEx:postIndex])
-			iNdEx = postIndex
-		default:
-			iNdEx = preIndex
-			skippy, err := skipCrypto(dAtA[iNdEx:])
-			if err != nil {
-				return err
-			}
-			if (skippy < 0) || (iNdEx+skippy) < 0 {
-				return ErrInvalidLengthCrypto
-			}
-			if (iNdEx + skippy) > l {
-				return io.ErrUnexpectedEOF
-			}
-			iNdEx += skippy
-		}
-	}
-
-	if iNdEx > l {
-		return io.ErrUnexpectedEOF
-	}
-	return nil
-}
 func skipCrypto(dAtA []byte) (n int, err error) {
 	l := len(dAtA)
 	iNdEx := 0

util/crypto/cryptoproto/protos/crypto.proto

@@ -8,16 +8,7 @@ enum KeyType {
     AES = 2;
 }
 
-enum DerivationMethod {
-    Slip21 = 0;
-}
-
 message Key {
     KeyType Type = 1;
     bytes Data = 2;
 }
-
-message KeyDerivation {
-    DerivationMethod method = 1;
-    string derivationPath = 2;
-}

util/crypto/derived.go

@@ -5,9 +5,8 @@ import (
 )
 
 const (
-	AnytypeAccountPath   = "m/SLIP-0021/anytype/account"
+	AnysyncSpacePath = "m/SLIP-0021/anysync/space"
-	AnysyncTreePath      = "m/SLIP-0021/anysync/tree/%s"
+	AnysyncTreePath  = "m/SLIP-0021/anysync/tree/%s"
-	AnytypeAccountPrefix = "m/44'/607'"
 )
 
 // DeriveSymmetricKey derives a symmetric key from seed and path using slip-21

util/crypto/derived_test.go

@@ -10,7 +10,7 @@ func TestDerivedKey(t *testing.T) {
 	seed := make([]byte, 32)
 	_, err := rand.Read(seed)
 	require.NoError(t, err)
-	key, err := DeriveSymmetricKey(seed, AnytypeAccountPath)
+	key, err := DeriveSymmetricKey(seed, AnysyncSpacePath)
 	require.NoError(t, err)
 	_, err = rand.Read(seed)
 	require.NoError(t, err)

util/crypto/mnemonic.go

@@ -12,6 +12,19 @@ var (
 	ErrInvalidMnemonic  = errors.New("error invalid mnemonic")
 )
 
+const (
+	anytypeAccountOldPrefix = "m/44'/607'"
+	// TODO: actually approve this
+	anytypeAccountNewPrefix = "m/44'/123456'"
+)
+
+type DerivationResult struct {
+	MasterKey     PrivKey
+	Identity      PrivKey
+	OldAccountKey PrivKey
+	MasterNode    slip10.Node
+}
+
 type MnemonicGenerator struct {
 	mnemonic string
 }
@@ -61,7 +74,47 @@ func (g MnemonicGenerator) WithEntropy(b []byte) (Mnemonic, error) {
 	return Mnemonic(mnemonic), nil
 }
 
-func (m Mnemonic) DeriveEd25519Key(index int) (PrivKey, error) {
+func (m Mnemonic) deriveForPath(onlyMaster bool, index uint32, path string) (res DerivationResult, err error) {
+	seed, err := m.Seed()
+	if err != nil {
+		return
+	}
+	prefixNode, err := slip10.DeriveForPath(path, seed)
+	if err != nil {
+		return
+	}
+	// m/44'/code'/index'
+	res.MasterNode, err = prefixNode.Derive(slip10.FirstHardenedIndex + index)
+	if err != nil {
+		return
+	}
+	res.MasterKey, err = genKey(res.MasterNode)
+	if err != nil || onlyMaster {
+		return
+	}
+	// m/44'/code'/index'/0'
+	identityNode, err := res.MasterNode.Derive(slip10.FirstHardenedIndex)
+	if err != nil {
+		return
+	}
+	res.Identity, err = genKey(identityNode)
+	return
+}
+
+func (m Mnemonic) DeriveKeys(index uint32) (res DerivationResult, err error) {
+	oldRes, err := m.deriveForPath(true, index, anytypeAccountOldPrefix)
+	if err != nil {
+		return
+	}
+	res, err = m.deriveForPath(false, index, anytypeAccountNewPrefix)
+	if err != nil {
+		return
+	}
+	res.OldAccountKey = oldRes.MasterKey
+	return
+}
+
+func (m Mnemonic) Seed() ([]byte, error) {
 	seed, err := bip39.NewSeedWithErrorChecking(string(m), "")
 	if err != nil {
 		if err == bip39.ErrInvalidMnemonic {
@@ -69,22 +122,15 @@ func (m Mnemonic) DeriveEd25519Key(index int) (PrivKey, error) {
 		}
 		return nil, err
 	}
-	masterKey, err := slip10.DeriveForPath(AnytypeAccountPrefix, seed)
+	return seed, nil
-	if err != nil {
-		return nil, err
-	}
-
-	key, err := masterKey.Derive(slip10.FirstHardenedIndex + uint32(index))
-	if err != nil {
-		return nil, err
-	}
-
-	reader := bytes.NewReader(key.RawSeed())
-	privKey, _, err := GenerateEd25519Key(reader)
-
-	return privKey, err
 }
 
 func (m Mnemonic) Bytes() ([]byte, error) {
 	return bip39.MnemonicToByteArray(string(m), true)
 }
+
+func genKey(node slip10.Node) (key PrivKey, err error) {
+	reader := bytes.NewReader(node.RawSeed())
+	key, _, err = GenerateEd25519Key(reader)
+	return
+}

util/crypto/mnemonic_test.go

@@ -2,6 +2,7 @@ package crypto
 
 import (
 	"crypto/rand"
+	"github.com/anytypeio/go-slip10"
 	"github.com/stretchr/testify/require"
 	"strings"
 	"testing"
@@ -12,14 +13,31 @@ func TestMnemonic(t *testing.T) {
 	require.NoError(t, err)
 	parts := strings.Split(string(phrase), " ")
 	require.Equal(t, 12, len(parts))
-	key, err := phrase.DeriveEd25519Key(0)
+	res, err := phrase.DeriveKeys(0)
 	require.NoError(t, err)
 	bytes := make([]byte, 64)
 	_, err = rand.Read(bytes)
 	require.NoError(t, err)
-	sign, err := key.Sign(bytes)
+
+	// testing signing with keys
+	for _, k := range []PrivKey{res.MasterKey, res.Identity, res.OldAccountKey} {
+		sign, err := k.Sign(bytes)
+		require.NoError(t, err)
+		res, err := k.GetPublic().Verify(bytes, sign)
+		require.NoError(t, err)
+		require.True(t, res)
+	}
+
+	// testing derivation
+	masterKey, err := genKey(res.MasterNode)
 	require.NoError(t, err)
-	res, err := key.GetPublic().Verify(bytes, sign)
+	require.True(t, res.MasterKey.Equals(masterKey))
+	identityNode, err := res.MasterNode.Derive(slip10.FirstHardenedIndex)
 	require.NoError(t, err)
-	require.True(t, res)
+	identityKey, err := genKey(identityNode)
+	require.NoError(t, err)
+	require.True(t, res.Identity.Equals(identityKey))
+	oldAccountRes, err := phrase.deriveForPath(true, 0, anytypeAccountOldPrefix)
+	require.NoError(t, err)
+	require.True(t, res.OldAccountKey.Equals(oldAccountRes.MasterKey))
 }