Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ensure that vpub_in and vpub_out are not both nonzero #466

Closed
ebfull opened this issue Nov 24, 2015 · 7 comments
Closed

Ensure that vpub_in and vpub_out are not both nonzero #466

ebfull opened this issue Nov 24, 2015 · 7 comments
Assignees
@str4d
Labels
A-consensus Area: Consensus rules I-privacy Problems and improvements related to privacy. in 1.0 note selection and shielded tx construction
Milestone
Protocol 2016.0-a...

Comments

@ebfull
Copy link
Contributor

ebfull commented Nov 24, 2015

Pour A values:

vpub_in = 5
oldcoin_0 = 0
oldcoin_1 = 0
newcoin_0 = 1
newcoin_1 = 0
vpub_out = 4

Pour B values:

vpub_in = 1
oldcoin_0 = 0
oldcoin_1 = 0
newcoin_0 = 1
newcoin_1 = 0
vpub_out = 0

Do these pours have the same semantics? They both validate and both affect the "value pool" in the exact same way. One of them just requires the value pool has more value in it than is really necessary.

Perhaps this should be a well-formedness check on pours if it has anonymity implications? If not, we can add this constraint later in a softfork.
@nathan-at-least nathan-at-least mentioned this issue Nov 30, 2015
Closed
@nathan-at-least
Copy link
Contributor

As with many other possible restrictions to transaction semantics, we have these choices: consensus rule, soft-fork later to a consensus rule, define a default policy, don't do anything.

In discussion, we agree to postpone this to post-1.0 (although I'm not certain it's a problem yet).

@nathan-at-least nathan-at-least added the I-privacy Problems and improvements related to privacy. label Nov 30, 2015
@daira daira added the A-consensus Area: Consensus rules label Nov 30, 2015
@nathan-at-least nathan-at-least added not in 1.0 A-consensus Area: Consensus rules and removed A-consensus Area: Consensus rules labels Nov 30, 2015
@daira
Copy link
Contributor

daira commented Mar 16, 2016

It's a potential distinguisher between clients, so a client should only generate Pours with either voldpub = 0 or vnewpub = 0 or both, to maximise indistinguishability. If there is such an implicit rule, then Pours that don't follow it will stick out, so I think we should reconsider enforcing it as a consensus rule for 1.0. I can't see any harm in doing so, and it is very simple.

@daira
Copy link
Contributor

daira commented Mar 16, 2016

Note that the Mint/Pour unification could alternatively have been expressed in terms of allowing negative vnewpub. I think the only reasons we didn't do that were avoiding signed arithmetic in the circuit (this was when we weren't as confident about circuit changes; it would actually have been quite simple), and some aesthetic symmetry between Pour inputs and outputs.

@ebfull
Copy link
Contributor Author

ebfull commented Mar 16, 2016

You're right @daira. I wish we could go back and fix that. I do think analysis of the code surrounding pours was simpler when all the values were positive, though.

@daira daira changed the title Pours with both nonzero vpub_in and vpub_out may not be well formed Ensure that vpub_in and vpub_out are not both nonzero Mar 22, 2016
@daira daira mentioned this issue Mar 23, 2016
Closed
@daira
Copy link
Contributor

daira commented Mar 29, 2016

This is in the current spec.

@daira daira closed this as completed Mar 29, 2016
@daira
Copy link
Contributor

daira commented Mar 29, 2016

Oh wait, is this ticket supposed to be for implementing the restriction, not just specifying it?

Note that it doesn't need to be enforced in the circuit, because voldpub and vnewpub are public.

@daira daira reopened this Mar 29, 2016
@daira daira added this to the Consensus Feature Implementation Deadline milestone Mar 29, 2016
@daira daira modified the milestones: Protocol 2.0 Implementation, Non-Spec Consensus Features Apr 10, 2016
This was referenced Apr 13, 2016
Closed
Closed
@nathan-at-least
Copy link
Contributor

Closed by #897

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@str4d str4d

Labels
A-consensus Area: Consensus rules I-privacy Problems and improvements related to privacy. in 1.0 note selection and shielded tx construction
Projects
None yet
Milestone
Protocol 2016.0-alpha-3 Implementation
Development

No branches or pull requests
4 participants
@daira @ebfull @nathan-at-least @str4d