The use of smart contracts (multisig, smart contract wallet) does not provide valid signatures from signature schemes. This is a limitation as EOA (externally owned accounts)
- has a clear signature-client interface to sign arbitrary (or standard login) messages
- can provide signature verifiable in contracts, such as for gas provision in smart contract wallets
This is similar to the isValidSiganture standard in Ethereum.
// Example function interface
// This creates the hash of the message and checks the state to see if the hash has been added to the state
// `signature` can be empty for contract signatures and only used to be compatible with EOA signatures
pub fn is_valid_signature(msg: Binary, signature: Binary) -> StdResult<bool> {}
// Example state in the implementing contract
// Map of hash(msg) to validate state
// - valid signed
// - signed but revoked
pub const SIGNATURES: Map<&[u8], bool>
Sorry I misunderstood what you meant before.
There is no need to capture actual cryptographic signatures because the message hash to be signed is stored in a state in the contract.
We can invalidate the stored "signed" message in the case of rotation, but that is the decision of the contract.
Let's use an example of a multisig cw3 type contract.
There will be a state
SIGNATURES
in the contract.They signers can propose to "store the hash of a message in the
SIGNATURE
state", which when passed and executed, theis_valid_signature
method will return true for a certain message.