-
Notifications
You must be signed in to change notification settings - Fork 32
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implement ProvenTransaction
object
#38
Comments
Whats the reason for requiring the |
We need It could leak information in some cases (e.g., if script root is a for a well-known script) - though, there might be some ways to mitigate this (one way could be to push/pop some random values somewhere in the script). |
Couldn't we delegate the construction of the |
On the verifier side, we need to make sure that
The challenging part is ensuring that nothing else was executed (otherwise, for example, a malicious prover could execute some code in between note scripts which modifies the state of kernel memory and breaks some invariants). So, if I as the verifier get a MAST root which I wrap it in |
This is actually outdated: I first described it as hash of nullifiers provided as inputs and hash of note scripts provided returned as outputs, but changed this to tuples once we introduced note metadata. |
Right I see that makes sense. I'm not sure if this would work but one idea would be that we have a standardised I'm not sure if this will work and not suggesting we should implement this now, just trying to explore the possibilities. |
I'm not sure this will work because the call targets need to be statically defined - so, Basically, the verifier needs to see One potential solution could be to have another type of a node in the MAST - e.g.,
By executing We can also modify the semantics of the For this PR, I'd implement it as is and probably would create an issue (or a discussion) in the Miden VM repo. |
Thank you for the explanation. I think this feature would be quite useful. I've gone ahead and implemented this PR as is. Issue has been created here. |
I've updated the PR it's not entirely clear to me how the consumed notes and created notes will be hashed so I've gone for a naive implementation of hashing sequentially in order. |
A
ProvenTransaction
object is the result of executing and proving a transaction. It should contain the minimal amount of data needed to verify that a transaction was executed correctly. The object should consist of the following:(nullifier, script_root)
for all notes consumed by the transaction.(note_hash, note_meta)
for all notes created during the transaction.A verifier would use the above information as follows:
script_roots
,tx_script_root
, and components of transaction kernel (i.e., prologue, epilogue, note setup script etc.).In the above,
input_notes_hash
is a sequential hash of all(nullifier, script_root)
tuples of consumed notes, andcreated_notes_hash
is a sequential hash of all(note_hash, note_meta)
tuples of created notes.The text was updated successfully, but these errors were encountered: