Investigate some design tweaks over Crypto Implementation #1252
Conversation
It has been deprecated for some time.
The API needs to be abstract, so make p256k1 signature an associated type of CryptoProvider.
Guarded by the rust-crypto feature, this is an implementation of CryptoProvider with pure Rust crates.
Move CryptoProvider definition out of the crypto module into the provider sub-module. Rename default_provider to default.
Add generic methods Header::hash_with and ValidatorSet::hash_with enabling a custom CryptoProvider to be plugged in for calculating hashes. The .hash() methods, implemented with the DefaultCryptoProvider, are feature-gated behind "rust-crypto".
2usize.next_power_of_two() / 1 == 1, and we have eliminated the other two explicitly matched cases at the call site, so the non-catchall match branches and the panics are dead code.
The Hasher trait is obviated by CryptoProvider. Also, we could do with less dynamic dispatching.
Instead of a super-trait whose sole purpose is to bind down some associated types that provide the actual functionality, provide: - Sha256, a purpose-specific trait for SHA256 hashing that has a more human-friendly interface than rust-crypto. - Nothing else for signing and verifying! These are covered by the signature framework, and it's easy to plug into that as the alt_crypto test demonstrates. The crypto::default module, gated by the "rust-crypto" feature, provides aliases for pure Rust implementations.
An alt implementation would not be able to reuse the signature type from k256.
Remove the only purpose for using a hasher in the implementation by returning the set of validators in VerificationErrorDetail::FaultySigner. CommitValidator can now revert to being a (weird) default-implemented trait, with a ProdCommitValidator to anchor the implementation.
A critical code block was hastily commented out in this "unstable" part of code.
Use the Sha2 alias from crypto::default instead of the direct references to sha2 crate. All code that used Sha2 non-generically is feature-gated behind "rust-crypto".
The host API for obtaining SHA256 digests on Substrate is a simple function, it cannot work incrementally. Change the Sha256 trait to match this, but provide a MerkleHash trait to retain incremental Merkle hashing with Rust-Crypto conformant digest implementations. The merkle::NonIncremental adapter type is provided to fit the lowest common denominator Sha256 API to a Merkle hash implementation, at the cost of some allocations and extra copying.
Also rename crypto::default::ecdsa_secp256 to ecdsa_secp256k1, to harmonize the naming with the feature that gates this module.
Needed for NodeKey.
|
This is a much better implementation for substrate chains |
| @@ -50,16 +50,15 @@ tendermint-proto = { version = "0.28.0", default-features = false, path = "../pr | |||
| time = { version = "0.3", default-features = false, features = ["macros", "parsing"] } | |||
| zeroize = { version = "1.1", default-features = false, features = ["zeroize_derive", "alloc"] } | |||
| flex-error = { version = "0.4.4", default-features = false } | |||
| sha2 = { version = "0.10", optional = true, default-features = false } | |||
| sha2 = { version = "0.10", default-features = false } | |||
There was a problem hiding this comment.
This effectively reverts part of the changes in #1238.
One of the objectives of the whole exercise, as I understood them, is to make the pure Rust crypto implementations replaceable and be able to exclude them from the end artefact (e.g. the wasm package).
There was a problem hiding this comment.
Yeah, comparatively, it doesn't buy much. I looked it as a side objective
tendermint/src/merkle.rs
Outdated
| /// Implementation of Merkle tree hashing for Tendermint. | ||
| pub trait MerkleHash { | ||
| pub trait MerkleHash: DigestSha256 { |
There was a problem hiding this comment.
Why make Merkle hashing dependent on the particular digest algorithm?
It can be independent, and you will be able to say "I want a Merkle hasher that uses the SHA2 256 digest algorithm" with the MerkleHash + DigestSha256 bounds.
There was a problem hiding this comment.
It already do so. With the DigestSha256 trait (included types from higher-level HashType trait), basically you can introduce any type of hashing functions. but I caught the issue. It should be renamed to make more sense (e.g.as DigestHash)
tendermint/src/merkle.rs
Outdated
| let mut buf = Vec::with_capacity(1 + bytes.len()); | ||
| buf.push(0x00); | ||
| buf.extend_from_slice(bytes); |
There was a problem hiding this comment.
This default implementation allocates memory to compute interim hashes.
The blanket implementation in the #1238 base does not. This is by design: we don't need to cut to the dumbest common denominator hashing API if we can get a better performing implementation from anything that can work incrementally.
There was a problem hiding this comment.
Did so, looking for a minimal set of changes compared to the orig files and hoping this be covered in a separate PR for this purpose. but Right, if there is a demand and a performance matter, would be better to get it back and also have it here.
tendermint/src/merkle.rs
Outdated
|
|
||
| // tmhash(0x01 || left || right) | ||
| // Pre and post-conditions: the hasher is in the reset state | ||
| // before and after calling this function. | ||
| fn inner_hash(&mut self, left: Hash, right: Hash) -> Hash; | ||
| fn inner_hash(&mut self, left: Hash, right: Hash) -> Hash { | ||
| // This is why non-incremental digest APIs are daft. |
There was a problem hiding this comment.
This is also why there should not be a default implementation doing this.
tendermint/src/merkle.rs
Outdated
| /// Compute a simple Merkle root from vectors of arbitrary byte vectors. | ||
| /// The leaves of the tree are the bytes of the given byte vectors in | ||
| /// the given order. | ||
| fn simple_hash_from_byte_vectors(&mut self, byte_vecs: &[Vec<u8>]) -> Hash { |
There was a problem hiding this comment.
Why does this need to be converted to a method?
With the freestanding function, we can't misuse the API by e.g. calling it on a digest object with non-reset digest state.
simple_hash_from_byte_vectors is a one-stop-shop function that creates the digest state internally, hashes the input and returns the result.
There was a problem hiding this comment.
Likewise, I had looked at it from the opposite angle, but with the same concern. Having a bare function, so Merkle hasher could be triggered by a fake similar one. I encapsulated it to operate only on that data. Btw, I dropped it, since I found out MerkleHash can also be invoked through hash_byte_vectors() method w/o needing simple_hash_from_byte_vectors
tendermint/src/merkle.rs
Outdated
| pub struct NonIncremental<H>(PhantomData<H>); | ||
|
|
||
| impl<H> Default for NonIncremental<H> { | ||
| pub struct DefaultMerkleHash; |
There was a problem hiding this comment.
I think this is wrong, we specifically don't want a stateless function to be the basis for default hashing implementation, when in most programming environments we can use the sha2 crate.
There was a problem hiding this comment.
I don’t know if I catch you correctly, but as it stands here, it is bounded by sha2::Sha256
tendermint/src/merkle.rs
Outdated
| fn empty_hash(&mut self) -> Hash { | ||
| // Get the output of an empty digest state. | ||
| Self::digest_sha256(&Vec::with_capacity(0)) | ||
| } |
There was a problem hiding this comment.
Why bake the implementation into the trait?
This pattern is used elsewhere, for example, in VerificationPredicates, but I don't think it's needed here.
tendermint/src/merkle.rs
Outdated
| @@ -154,7 +97,7 @@ mod tests { | |||
| let empty_tree_root = &hex::decode(empty_tree_root_hex).unwrap(); | |||
| let empty_tree: Vec<Vec<u8>> = vec![vec![]; 0]; | |||
|
|
|||
| let root = simple_hash_from_byte_vectors::<Sha256>(&empty_tree); | |||
| let root = DefaultMerkleHash.simple_hash_from_byte_vectors(&empty_tree); | |||
There was a problem hiding this comment.
This looks non-idiomatic, the object instance has no purpose here, as explained above.
tendermint/src/merkle.rs
Outdated
| // Feed the data to the hasher, prepended with 0x00. | ||
| Digest::update(self, [0x00]); | ||
| Digest::update(self, bytes); |
There was a problem hiding this comment.
Note how this does not allocate any memory temporarily or copy data around. This is what we want most of our users to actually use, while the few platforms where the NonIncremental wrapper is needed could be kept as integration freak cases.
Farhad-Shabani
force-pushed
the
farhad/generic-hasher
branch
from
148ec73
to
652c89f
Compare
Farhad-Shabani
force-pushed
the
farhad/generic-hasher
branch
from
652c89f
to
b85bb88
Compare
|
In light of the need Mikhail aptly raised for incremental hashing and the comments mostly arose because of losing it, I've reverted that part. |
|
@Farhad-Shabani I don't understand what advantage that signature verification interface is supposed to provide over It seems needlessly convoluted, and also has the disadvantage that it isn't natively supported by commonly used Rust ecosystem cryptography crates. |
|
@tony-iqlusion agree with you on this. Actually, I've tried it first, but having |
As a reference for suggestion made in #1238
.changelog/