-
Notifications
You must be signed in to change notification settings - Fork 10
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fog omits compressed commitment from TxOutRecord #71
Conversation
/// Public key. | ||
external.CompressedRistretto public_key = 3; | ||
} | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this is omitted because it's not actually used in any public facing APIs, kyle and alex thought it's better to remove it if that isn't the case since it might confuse someone
round_trip_message::<fog_types::view::FogTxOut, fog_api::view::FogTxOut>(&test_val); | ||
}); | ||
} | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this test is removed because FogTxOut type is removed from protobuf per discussion
/// the full tx_out_amount_commitment_data is omitted. | ||
/// The client can recompute the tx_out_amount_commitment from the other data that we include. | ||
/// They can confirm correct recomputation by checking this crc value. | ||
fixed32 tx_out_amount_commitment_data_crc32 = 8; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this change to the proto is the main point of the PR -- the fog ingest enclave will only set this crc32 field and leave the earlier commtiment_data field empty.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the crc32 is also possibly not necessary, but kyle suggested that we should retain the same level of "checkability" as before, and this only adds a few bytes
} | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this shows how reconstructing the commitment and checking the crc32 value works
/// The timestamp of the block in which this TxOut appeared, in seconds | ||
/// since the Unix epoch. | ||
pub timestamp: u64, | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this is added in order to have a nice constructor function for TxOutRecord, otherwise you take three different u64's as arguments and if they are in the wrong order, you have a bug
@@ -82,7 +82,7 @@ fn test_ingest_enclave(logger: Logger) { | |||
assert_eq!(tx_rows.len(), 10); | |||
|
|||
// Check that the tx row ciphertexts have the right size | |||
const EXPECTED_PAYLOAD_SIZE: usize = 188; // The observed tx_row.payload size | |||
const EXPECTED_PAYLOAD_SIZE: usize = 159; // The observed tx_row.payload size |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this shows the change in size of TxOutRecord when it is serialized, so we saved 29 bytes
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
@@ -231,6 +217,8 @@ message FogTxOut { | |||
/// and that's the version of the TxOut that you should use when building a transaction. | |||
message TxOutRecord { | |||
/// The (compressed ristretto) bytes of commitment associated to amount field in the TxOut that was recovered | |||
/// | |||
/// Note: This field is omitted in recent versions, because it can be reconstructed by the recipient instead. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You can annotate it as deprecated: see deprecated
on https://developers.google.com/protocol-buffers/docs/proto3
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
for running deployments of fog, though, we can't update these serialized TxOutRecords. so whether the field can be deprecated depends on if those fogs will be wiped and started again after beta or something like this. otherwise, sometimes people will have to keep reading this field
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
after further discussion, we cannot deprecate this field, we believe it will continue to exist in the wild
|
||
/// Extract a FogTxOut object from the (flattened) TxOutRecord object | ||
/// Note that this discards some metadata (timestamp, block_index, | ||
/// global_index). | ||
pub fn get_fog_tx_out(&self) -> Result<FogTxOut, KeyError> { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I believe this should be TryInto
This passed deploy |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Proto interface LGTM.
This updates TxOutRecord in a few ways: * amount_compressed_commitment_data is now optional, and omitted except for backwards compat. (If backwards compat is not needed, then that field could be deleted entirely.) * amount_compressed_commitment_data_crc32 is now present when that field is omitted. This is an IEEE crc32 of the omitted data. * The sample paykit is updated so that it attempts to reconstruct the compressed commitment using the view private key. (This was koe's idea.) Then it checks the crc32 to confirm correct recomputation. This saves ~30 bytes in fog view, which we can use for the memo. * A method is added to construct TxOutRecord more nicely, and then a bunch of test code and the enclave code is simplified.
b32d0f0
to
4a87b8c
Compare
rebased on master |
This reverts commit 1e1fc1c. This is a breaking change, but we need to test the fee changes first, so we will revert this for now and re-apply it later Changes to be committed: modified: Cargo.lock modified: fog/api/proto/view.proto modified: fog/api/tests/fog_types.rs modified: fog/fog_types/Cargo.toml modified: fog/fog_types/src/view.rs modified: fog/ingest/enclave/impl/src/lib.rs modified: fog/ingest/enclave/impl/tests/tx_processing.rs modified: fog/ingest/enclave/trusted/Cargo.lock modified: fog/ledger/enclave/trusted/Cargo.lock modified: fog/sample-paykit/src/cached_tx_data/mod.rs modified: fog/sample-paykit/src/client.rs modified: fog/sample-paykit/src/error.rs modified: fog/test_infra/src/mock_users.rs modified: fog/view/enclave/trusted/Cargo.lock modified: fog/view/protocol/src/user_private.rs
This reverts commit 1e1fc1c. This is a breaking change, but we need to test the fee changes first, so we will revert this for now and re-apply it later Changes to be committed: modified: Cargo.lock modified: fog/api/proto/view.proto modified: fog/api/tests/fog_types.rs modified: fog/fog_types/Cargo.toml modified: fog/fog_types/src/view.rs modified: fog/ingest/enclave/impl/src/lib.rs modified: fog/ingest/enclave/impl/tests/tx_processing.rs modified: fog/ingest/enclave/trusted/Cargo.lock modified: fog/ledger/enclave/trusted/Cargo.lock modified: fog/sample-paykit/src/cached_tx_data/mod.rs modified: fog/sample-paykit/src/client.rs modified: fog/sample-paykit/src/error.rs modified: fog/test_infra/src/mock_users.rs modified: fog/view/enclave/trusted/Cargo.lock modified: fog/view/protocol/src/user_private.rs
let fog_tx_out = rec.get_fog_tx_out()?; | ||
|
||
// Reconstute TxOut from FogTxOut and our view private key | ||
let tx_out = fog_tx_out.try_recover_tx_out(&account_key.view_private_key())?; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this shows where the sample paykit is using the new code
This updates TxOutRecord in a few ways:
except for backwards compat. (If backwards compat is not needed,
then that field could be deleted entirely.)
that field is omitted. This is an IEEE crc32 of the omitted data.
the compressed commitment using the view private key. (This was
koe's idea.) Then it checks the crc32 to confirm correct recomputation.
This saves ~30 bytes in fog view, which we can use for the memo.
a bunch of test code and the enclave code is simplified.