New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Try verifying signatures against the last consensus branch ID on failure #4260
Comments
Example of a user encountering the cryptic error: |
Another example: #4345 |
#4371 implements this for transparent and JoinSplit signatures. Sapling signatures are checked inside the Rust codebase along with the proofs, and so we need a larger refactor before we can efficiently implement the same test. |
One more: #4392 |
Check failing transparent and JoinSplit signatures against the previous network upgrade This change improves usability across network upgrades, by informing users when their new transactions are being created with the consensus branch ID from the previous epoch. We only check failing signatures against the previous epoch to minimise the extra computational load on nodes. A future refactor is needed to similarly check Sapling signatures. Part of #4260.
v5 transactions commit directly to the consensus branch ID, so this is not an issue for them. The only remaining area is Sapling signatures on v4 transactions as described above. |
Currently, if a transaction is received that is signed with a different consensus branch ID, the error returned is either a plain signature failure (if fully-shielded), or more commonly a rather inscrutable failure in the scripting system (for transparent signatures). If we encounter this error, we could try re-verifying with the previous epoch's consensus branch ID. If that succeeds, then we can return a more helpful error to the sending node / user. The downside to this is that it would double signature verification load for failure cases (both normal and adversarial), but if we localise it to just the signature verification itself (i.e. for transparent signatures, trying both inside the script stack) then we aren't fully-doubling the load (as we don't need to re-evaluate the script).
The text was updated successfully, but these errors were encountered: