feat!: update hasher design #229
Conversation
|
This PR is incomplete, but I'm opening it as a draft to get feedback. |
AaronFeickert
force-pushed
the
hasher-domain
branch
from
90d5118
to
23b985b
Compare
AaronFeickert
force-pushed
the
hasher-domain
branch
from
23b985b
to
fc0302c
Compare
AaronFeickert
force-pushed
the
hasher-domain
branch
from
7816b28
to
81672a3
Compare
|
Blocked on a decision about whether to use a Borsh/CBOR design instead, as is used elsewhere. |
AaronFeickert
force-pushed
the
hasher-domain
branch
from
a4e2df8
to
dc04a41
Compare
|
In favour of the bugfix and simplifications in this PR, and the tagging makes sense to me. I don't think we need to choose between DS borsh hashing and DS raw bytes hashing. They both have their place. I would simply copy and paste the Borsh hasher to Tari crypto under the I don't think we should introduce CBOR into Tari crypto, as this is firmly a use case/concern of the L2. I would perhaps clarify that the update (and therefore chain) methods are not simply adding the given preimage bytes to the hasher, and these methods should be called in a consistent/canonical way for every given hash construction e.g. make it clear that |
Good call. I'll update the documentation accordingly. |
AaronFeickert
force-pushed
the
hasher-domain
branch
from
131f46f
to
ba0a627
Compare
This PR updates the domain-separated hasher design.
Currently, the handling of domain separators is done via an initial length-prefixed human-readable concatenation of a domain separator, version number, and label that requires special handling due to encoding.
The design proposed here simplifies things. All input entering an underlying hash function (domain separator, version number, label, and any subsequent data) is prefixed by a tag byte that indicates its purpose. If the input is of variable length, it is prefixed by its length as well.
This removes the need for more complex encoding, is very robust against collisions, and is flexible in that it allows for other input types to be added in the future if desired.
Closes #227. Supersedes #226.
BREAKING CHANGE: This changes the way that domain-separated hashing is performed, so it is extremely breaking. Existing domain-separated hashes will not match.