New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Floonet] Switch commitments #2157

Merged
merged 1 commit into from Dec 18, 2018

Conversation

Projects
None yet
2 participants
@jaspervdm
Copy link
Contributor

jaspervdm commented Dec 14, 2018

Re-opening this because I messed #2007 up.

This PR adds switch commitments following the scheme defined in #998. Blinding factors are modified to x' = x + H(xG+vH | xJ)

If in the future doubts arise about the existence of mechanisms that would break the discrete logarithm between G and H, we could require revealing the ElGamal commitment (xG+vH, xJ) (and a corresponding rangeproof) in order to spend an output.

Wallets that want to use switch commitments should add a configuration option use_switch_commits=true. The default value for now is false, we could consider changing it to true before mainnet, if we feel comfortable enough with this PR.

I have constructed this PR in a way that wallets can either use switch commitments, or not use them. I do not think it is a good idea to let wallets have both types (or possibly even more than 2) at the same time. This is because if we want to use switch commitments, everyone should use them. In that case we don't want outputs that don't have the switch commitment lingering around. The same holds if we ever want to change to a different type of switch commitment. In those cases the users should create a new wallet and transfer their funds to it.

TODO:

  • do more testing
  • check built-in tests
  • change util/Cargo.toml to the latest version of libsecp with switch commitments

PRs in underlying libraries: mimblewimble/secp256k1-zkp#34, mimblewimble/rust-secp256k1-zkp#38

Comments welcome!

@yeastplume

This comment has been minimized.

Copy link
Member

yeastplume commented Dec 17, 2018

I think if we're going to be merging this into Floonet directly, we shouldn't need a flag to switch them on or off. We can just assume switch commits are the way forward and merge them into the forthcoming branch.

So I'd suggest:

  1. Focus on getting the functions/tests into the underlying secp and rust secp libs
  2. Once we're happy with those, merge and tag them,
  3. Included newly tagged secp libs into this PR
  4. Remove flag and just assume switch commits
  5. Ensure all automated tests are working
  6. Merge into Floonet branch

@yeastplume yeastplume changed the base branch from master to floonet Dec 18, 2018

@yeastplume yeastplume changed the title [DNM] Switch commitments [Floonet] Switch commitments Dec 18, 2018

@yeastplume

This comment has been minimized.

Copy link
Member

yeastplume commented Dec 18, 2018

Going to merge into floonet now so I can include tagged libsecp and exercise it a bit

@yeastplume yeastplume closed this Dec 18, 2018

@yeastplume yeastplume reopened this Dec 18, 2018

@yeastplume yeastplume merged commit 75d2c1c into mimblewimble:floonet Dec 18, 2018

1 check was pending

continuous-integration/travis-ci/pr The Travis CI build is in progress
Details

ignopeverell added a commit that referenced this pull request Dec 21, 2018

Merge pull request #2196 from mimblewimble/floonet
* Get last bitcon block hash, setup genesis header without PoW (for now)
* More a few properties to mainnet genesis. Don't get too excited, several are placeholders.
* Mine a valid Cuckaroo solution for genesis block
* Use miner as library to get a solution for genesis. Replace final values in genesis.rs before committing it.
* Complete genesis replacement
* Fixed various replacements to obtain a compilable, well-formed genesis
* Check plugin errors, uncomment PoW validation
* Fixes to nonce handling in genesis mining
* Also produce full block hashes
* Fix genesis hash test
* Switch commitments (#2157)
* [Floonet] Use switch commits for all blinding factors (#2178)
* move wallet mods back into dirs
* use switched keys for blinding factor in all cases
* re-implement flag to turn off switch commit derivation
* rename tx log entry field tx_hex -> stored_tx (#2181)
* [Floonet] add feature for height locked kernels (#2168)
* add feature for height locked kernels
* add function to compute kernel features appropriate for lock height, and use it
* only sign kernel-features relevant fields; refactor Features
* simplify invalid kernel logic
* remove unused height arg to reward::output and run some rustfmt
* replace nested if/else by match
* Floonet chain type and genesis, testnets cleanup (#2182)
* [Floonet] Encrypt private slate data upon storage in DB (#2189)
* xor encrypt stored nonce and blind sum in transaction data
* stop doc tests splatting wallet files throughout
* Remove bzip2 dependency
* Changed magic number and seeds for Floonet (#2188)
* Genesis generator now loads a local wallet seed to build coinbase.
* Floonet genesis block
* Add floonet to generated grin-server.toml comments
* Test with final Floonet genesis hashes
* Fix get_header_for_output for genesis (#2192)
* start search with min height 0 (#2195)

@jaspervdm jaspervdm deleted the jaspervdm:switch_commitment_fix branch Jan 2, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment