-
Notifications
You must be signed in to change notification settings - Fork 211
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
WiP: Double Publish and double Marry Malfeasance Proofs for ATX v2 #6043
Conversation
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## develop #6043 +/- ##
=========================================
- Coverage 81.5% 81.4% -0.2%
=========================================
Files 301 302 +1
Lines 32257 32396 +139
=========================================
+ Hits 26319 26387 +68
- Misses 4219 4289 +70
- Partials 1719 1720 +1 ☔ View full report in Codecov by Sentry. |
// the one proven to be malfeasant. Up to 1024 can be put into a single proof, since by repeatedly marrying other | ||
// identities there can be much more than 256 in a malfeasant marriage set. Beyond that a second proof could be | ||
// provided to show that additional identities are part of the same malfeasant marriage set. | ||
Certificates []ProofCertificate `scale:"max=1024"` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe name it
Certificates []ProofCertificate `scale:"max=1024"` | |
Certificates []MarriageCertificate `scale:"max=1024"` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
MarriageCertificate
already exists as a type in the wire
package (for v2 ATXs) but this is a different type it not only contains the signature and the payload but also the signer (which isn't needed for ATXs).
type ProofCertificate struct { | ||
// Target of the certificate, i.e. the identity that signed the ATX containing the original certificate. | ||
Target types.NodeID | ||
// ID is the identity that signed the certificate. | ||
ID types.NodeID | ||
// Signature is the signature of the certificate, i.e. ID signed with the key of SmesherID. | ||
Signature types.EdSignature | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Having Target
in each certificate is quite redundant as in most cases, all certs will share it. How about structure like this:
type MarriageCertificates {
Target types.NodeID
Certificates []MarriageCertificate `scale:"max=256"`
}
type ATXProof struct {
ProofType ProofType
Certificates []MarriageCertificates `scale:"max=2"`
Proof []byte `scale:"max=1048576"`
}
0cbe462
to
4076706
Compare
superseded by #6043 |
Motivation
This adds the first two malfeasance proofs for ATXv2: double publish and double marry.
Description
Double Publish
If an identity publishes two ATXs with the same publish epoch they become malfeasant. This proof verifies that a given ATX was created by the same identity and targets the same epoch. It works basically the same as the previous double publish proof, except that merkle trees are used instead of a signature where the payloads first 4 bytes are the publish epoch.
Double Marry
If an identity is part of more than one marriage it is considered malfeasant. This Proof shows that two ATXs containing marriage certificates contain certificates signed by the same identity.
To simplify this proof the main identity (the one that signs the ATX) has to include a marriage certificate marrying themselves, otherwise we would need additional proofs: i.e. 2 ATXs signed by the same identity containing marriage certificates and one for the case where one ATX containing marriage certificates is signed by identity A and another ATX signed by B contains a marriage certificate of A.
Creating and verifying proofs
Both types of proofs have a
New...Proof
function that creates them. This function does some basic checks to prevent creating an invalid malfeasance proof if two ATXs that do not show malfeasant behavior are passed as arguments.The wire types for the malfeasance proofs have a
Valid
method that can be called to check if the malfeasance proof is valid. It returns anerror
that is notnil
when the proof is invalid and explains why it is invalid.Test Plan
For both malfeasance proofs multiple tests have been added to verify they are working correctly.
TODO