Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

check Merkleproofs in one place #921

Closed
tromp opened this issue Apr 2, 2018 · 7 comments
Closed

check Merkleproofs in one place #921

tromp opened this issue Apr 2, 2018 · 7 comments

Comments

@tromp
Copy link
Contributor

tromp commented Apr 2, 2018
edited
Loading

the verify_inputs method in transaction.rs checks whether merkle proofs of coinbase inputs verify in isolation, that is, without relating their node and root to anything outside the proof.

this is clearly necessary to make the proof relevant and AFAICT is done in method
verify_maturity

                        // Is our Merkle Proof valid? Does node hash up consistently to the root?
                        if !merkle_proof.verify() {
                                return Err(Error::MerkleProof);
                        }

                        // Is the root the correct root for the given block header?
                        if merkle_proof.root != header.output_root {
                                return Err(Error::MerkleProof);
                        }

                        // Does the hash from the MMR actually match the one in the Merkle Proof?
                        if merkle_proof.node != hash {
                                return Err(Error::MerkleProof);
                        }

But that one also verifies the proof. Which makes verify_inputs rather redundant.
(Unless there can be a long time between the two verifies in which resources can be unjustly tied up
I would find the verify method a lot more sensible if it takes node and root as arguments,
allowing for all the above code to be replaced by

                        if !merkle_proof.verify(hash, header.output_root) {
                                return Err(Error::MerkleProof);
                        }

which also avoid the possibility of doing possibly bogus checks in isolation.

Not only that, but it also makes Merkle proofs significantly shorter, since they no longer need to store the node and root themselves.
@antiochp antiochp changed the title check Merleproofs in one place check Merlekproofs in one place Apr 3, 2018
@antiochp antiochp changed the title check Merlekproofs in one place check Merkleproofs in one place Apr 3, 2018
@antiochp
Copy link
Member

antiochp commented Apr 3, 2018

👍 Makes sense to me to simplify this and require the node and root to be passed in as args to verify().
Discussed with @tromp on gitter - trivial today to create an invalid Merkle proof that is self-verifying in isolation (against a fake root etc.)

@yeastplume
Copy link
Member

housekeeping.. what's the status on this?

@tromp
Copy link
Contributor Author

tromp commented Jun 28, 2018

Looking at verify_maturity in the current code, it has not been fixed yet...

@ignopeverell
Copy link
Contributor

Believe #1203 is going to get rid of Merkle proofs altogether...

@antiochp
Copy link
Member

@tromp - you need to check testnet3 branch.
But as @ignopeverell mentioned - looks like we can verify coinbase maturity without needing to use Merkle proofs.
We think we can leverage them for relative output locktimes.
But we don't need them for coinbase maturity.

@tromp
Copy link
Contributor Author

tromp commented Jun 28, 2018 via email

@antiochp
Copy link
Member

Closing.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@tromp @yeastplume @ignopeverell @antiochp