Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Creating commits for values #123

Closed
3 tasks
Jasleen1 opened this issue Dec 27, 2021 · 5 comments · Fixed by #185
Closed
3 tasks

Creating commits for values #123

Jasleen1 opened this issue Dec 27, 2021 · 5 comments · Fixed by #185
Assignees
@Jasleen1

Comments

@Jasleen1
Copy link
Contributor

At the moment the values being committed in the tree for prototyping are all dummies. We would like to replace the value_to_bytes function in directory.rs to return actual commitments instead. This involves 3 main steps:

  • Changing the function value_to_bytes to return a byte array derived from a digest instead.
  • To make the commitment hiding, generating and storing a nonce for each committed value.
  • Including the nonce in the proofs sent to the client, and having the client verify these nonces.
@Jasleen1 Jasleen1 self-assigned this Dec 27, 2021
@slawlor
Copy link
Contributor

slawlor commented Mar 3, 2022

This might be a naive question, but couldn't we say re-use the VRF functionality for this? If the value_to_bytes were to VRF the ValueState data, with even a different key`, then hash the result as the leaf hash value.

It'll be easier to manage than unique nonces in the long run (just a second private key needs to be stored), and won't require additional data-layer I/O for each leaf node.

@kevinlewi kevinlewi mentioned this issue Mar 17, 2022
Closed
@kevinlewi
Copy link
Contributor

After some offline discussion with Jasleen, we will use a keyed hash (modeled as a random oracle) as a commitment here.

This means we need the server to hold a commitment_key server. The server needs to generate a proof for each label+value, and send this proof as a component of the lookup and update proofs. The client can then verify the proofs by supplying the raw value and checking that the commitment matches.

Construction:

proof = H(commitment_key, label, version, value)
commmitment = H(value, proof)

@kevinlewi kevinlewi mentioned this issue Mar 18, 2022
Merged
@eozturk1
Copy link
Contributor

eozturk1 commented Mar 18, 2022
edited

QQ: How do the clients verify the proof without the commitment key? In other words, how they verify that the proof is generated over the correct label, version and value?

@Jasleen1
Copy link
Contributor Author

Jasleen1 commented Mar 18, 2022
edited

Originally, the commitment was hash(nonce || public_key). Now we are just computing the nonce using the server's secret commitment key, instead of randomly computing it and storing it for each PK of each user. The only thing needed to verify that some string commits to PK is nonce, which the client doesn't need to know how it's computed, just its value.

@eozturk1
Copy link
Contributor

That clarifies it, thank you @Jasleen1!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Jasleen1 Jasleen1

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Using proper commitments for the AkdValue leaf node representation kevinlewi/akd
4 participants
@eozturk1 @kevinlewi @Jasleen1 @slawlor