Extending limited history to properly check for the existence of past values #422
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
In general, this change improves the security properties that are supposed to be attained from a limited history proof. A (full) key history proof provides a list of all past versions for a query key. A limited history proof allows for some past version to be left out of the proof. Previously, the way this was implemented was to literally truncate the older versions.
Now, we are instead properly adding the existence proofs for past marker versions and non-existence proofs for future marker versions.
Specifically in this change, it:
HistoryParams::SinceEpoch
, since this is not really supportable by the existing construction. The only way for specifying a non-default parameter now is withHistoryParams::MostRecent
.HistoryProof
struct were repurposed and renamed to support past and future marker versionsget_marker_versions()
utility function which determines the past and future version numbers to check as part of the history proof generation and verificationHistoryParams
out fromakd
and intoakd_core
since it is also used by verificationInvalidVersion
error typeI am also bumping the version to 0.12.0-pre.1, since the introduced changes are incompatible with the previous version.