fog omits compressed commitment from TxOutRecord #71
Conversation
cbeck88
requested review from
jcape,
kylefleming,
voloshyn,
eranrund,
tubi70,
queenbdubs,
sugargoat and
a team
| /// Public key. | ||
| external.CompressedRistretto public_key = 3; | ||
| } | ||
|
|
There was a problem hiding this comment.
this is omitted because it's not actually used in any public facing APIs, kyle and alex thought it's better to remove it if that isn't the case since it might confuse someone
| round_trip_message::<fog_types::view::FogTxOut, fog_api::view::FogTxOut>(&test_val); | ||
| }); | ||
| } | ||
|
|
There was a problem hiding this comment.
this test is removed because FogTxOut type is removed from protobuf per discussion
| /// the full tx_out_amount_commitment_data is omitted. | ||
| /// The client can recompute the tx_out_amount_commitment from the other data that we include. | ||
| /// They can confirm correct recomputation by checking this crc value. | ||
| fixed32 tx_out_amount_commitment_data_crc32 = 8; |
There was a problem hiding this comment.
this change to the proto is the main point of the PR -- the fog ingest enclave will only set this crc32 field and leave the earlier commtiment_data field empty.
There was a problem hiding this comment.
the crc32 is also possibly not necessary, but kyle suggested that we should retain the same level of "checkability" as before, and this only adds a few bytes
| } | ||
|
|
There was a problem hiding this comment.
this shows how reconstructing the commitment and checking the crc32 value works
| /// The timestamp of the block in which this TxOut appeared, in seconds | ||
| /// since the Unix epoch. | ||
| pub timestamp: u64, | ||
| } |
There was a problem hiding this comment.
this is added in order to have a nice constructor function for TxOutRecord, otherwise you take three different u64's as arguments and if they are in the wrong order, you have a bug
| @@ -82,7 +82,7 @@ fn test_ingest_enclave(logger: Logger) { | |||
| assert_eq!(tx_rows.len(), 10); | |||
|
|
|||
| // Check that the tx row ciphertexts have the right size | |||
| const EXPECTED_PAYLOAD_SIZE: usize = 188; // The observed tx_row.payload size | |||
| const EXPECTED_PAYLOAD_SIZE: usize = 159; // The observed tx_row.payload size | |||
There was a problem hiding this comment.
this shows the change in size of TxOutRecord when it is serialized, so we saved 29 bytes
| @@ -231,6 +217,8 @@ message FogTxOut { | |||
| /// and that's the version of the TxOut that you should use when building a transaction. | |||
| message TxOutRecord { | |||
| /// The (compressed ristretto) bytes of commitment associated to amount field in the TxOut that was recovered | |||
| /// | |||
| /// Note: This field is omitted in recent versions, because it can be reconstructed by the recipient instead. | |||
There was a problem hiding this comment.
You can annotate it as deprecated: see deprecated on https://developers.google.com/protocol-buffers/docs/proto3
There was a problem hiding this comment.
for running deployments of fog, though, we can't update these serialized TxOutRecords. so whether the field can be deprecated depends on if those fogs will be wiped and started again after beta or something like this. otherwise, sometimes people will have to keep reading this field
There was a problem hiding this comment.
after further discussion, we cannot deprecate this field, we believe it will continue to exist in the wild
|
|
||
| /// Extract a FogTxOut object from the (flattened) TxOutRecord object | ||
| /// Note that this discards some metadata (timestamp, block_index, | ||
| /// global_index). | ||
| pub fn get_fog_tx_out(&self) -> Result<FogTxOut, KeyError> { |
There was a problem hiding this comment.
I believe this should be TryInto
|
This passed deploy |
This updates TxOutRecord in a few ways: * amount_compressed_commitment_data is now optional, and omitted except for backwards compat. (If backwards compat is not needed, then that field could be deleted entirely.) * amount_compressed_commitment_data_crc32 is now present when that field is omitted. This is an IEEE crc32 of the omitted data. * The sample paykit is updated so that it attempts to reconstruct the compressed commitment using the view private key. (This was koe's idea.) Then it checks the crc32 to confirm correct recomputation. This saves ~30 bytes in fog view, which we can use for the memo. * A method is added to construct TxOutRecord more nicely, and then a bunch of test code and the enclave code is simplified.
cbeck88
force-pushed
the
fog_omits_compressed_commitment
branch
from
b32d0f0
to
4a87b8c
Compare
|
rebased on master |
This reverts commit 1e1fc1c. This is a breaking change, but we need to test the fee changes first, so we will revert this for now and re-apply it later Changes to be committed: modified: Cargo.lock modified: fog/api/proto/view.proto modified: fog/api/tests/fog_types.rs modified: fog/fog_types/Cargo.toml modified: fog/fog_types/src/view.rs modified: fog/ingest/enclave/impl/src/lib.rs modified: fog/ingest/enclave/impl/tests/tx_processing.rs modified: fog/ingest/enclave/trusted/Cargo.lock modified: fog/ledger/enclave/trusted/Cargo.lock modified: fog/sample-paykit/src/cached_tx_data/mod.rs modified: fog/sample-paykit/src/client.rs modified: fog/sample-paykit/src/error.rs modified: fog/test_infra/src/mock_users.rs modified: fog/view/enclave/trusted/Cargo.lock modified: fog/view/protocol/src/user_private.rs
This reverts commit 1e1fc1c. This is a breaking change, but we need to test the fee changes first, so we will revert this for now and re-apply it later Changes to be committed: modified: Cargo.lock modified: fog/api/proto/view.proto modified: fog/api/tests/fog_types.rs modified: fog/fog_types/Cargo.toml modified: fog/fog_types/src/view.rs modified: fog/ingest/enclave/impl/src/lib.rs modified: fog/ingest/enclave/impl/tests/tx_processing.rs modified: fog/ingest/enclave/trusted/Cargo.lock modified: fog/ledger/enclave/trusted/Cargo.lock modified: fog/sample-paykit/src/cached_tx_data/mod.rs modified: fog/sample-paykit/src/client.rs modified: fog/sample-paykit/src/error.rs modified: fog/test_infra/src/mock_users.rs modified: fog/view/enclave/trusted/Cargo.lock modified: fog/view/protocol/src/user_private.rs
| let fog_tx_out = rec.get_fog_tx_out()?; | ||
|
|
||
| // Reconstute TxOut from FogTxOut and our view private key | ||
| let tx_out = fog_tx_out.try_recover_tx_out(&account_key.view_private_key())?; |
There was a problem hiding this comment.
this shows where the sample paykit is using the new code
This updates TxOutRecord in a few ways:
except for backwards compat. (If backwards compat is not needed,
then that field could be deleted entirely.)
that field is omitted. This is an IEEE crc32 of the omitted data.
the compressed commitment using the view private key. (This was
koe's idea.) Then it checks the crc32 to confirm correct recomputation.
This saves ~30 bytes in fog view, which we can use for the memo.
a bunch of test code and the enclave code is simplified.