Smart Contract Trust Key
The Smart Contract Trust Key (Trust-key for short) is the key explicitly trusted by the smart contract to sign TokenScript.
If a TokenScript generates a transaction to be sent to a smart contract, the smart contract needs to express trust towards the TokenScript's signing key, here to referred as "Trust Key".
This mechanism is important for providing trust from a highly trusted token to a less trusted website. Furthermore, the trust key is also used as a package identifier, so two TokenScript files that are of different package should not share the trust key.
Express Trust from Smart Contract to a Trust Key
There are two ways to express trust from the Smart Contract to the TokenScript Key:
- Configure the smart contract to return the fingerprint of the key - A smart contract with key management features can return the currently trusted TokenScript key through a 256-bit fingerprint.
- Send an Express-of-Trust transaction
Use Trust Key for package management
When a TokenScript is cached in a user's wallet (as apposed to being distributed and used in a web page), the Trust Key that signs it is used as the package ID for the life-cycle management purpose. That is, if a user installs a new Tokenscript file or file-bundled, all previously cached TokenScript signed by the same key are replaced by it, discarded.
Using a trust Key as a canary
Normally, a trust key should not be an asset key. Presently we restrict it to use secp256k1 curve to make implementation simple, therefore, it is also a valid Ethereum key. This key does not need to be used on the blockchain at all, and better not, since the life cycle of a TokenScript key is different then the life cycle of an Ethereum key. One might discard a TokenScript key and unawaringly lost the Ethers, or spent all the Ether and discard the key only to find later that it has other uses.
However, with the use of the trust key for signing TokenScript file, you might intentionally keep some ether on the Ethereum address controlled by this key. Sometimes, in a team environment, the key might be kept in a USB stick with mutiple people having access to it. Should the key be leaked, an adversary would then proceed on robbing the money on its Ethereum address, therefore making the management aware that the key is leaked.