Use WabiSabi package

[lontivero]

Remove all the code for WabiSabi and use the nuget package.

[molnard]

This is the next step before the daemon.

• Finish WabiSabi library distribution to NuGet https://github.com/zkSNACKs/NWabiSabi
• Fix this PR

[molnard]

I thought it will be just adding usings everywhere and code removal. Something is going on here. Why new files were required?

[molnard]

What is this?

[molnard]

CF issues...

[lontivero]

The new files are JsonSerializers. We need to serialize/deserialize the messages which have inaccessible constructors and that were using JsonConstructor for deserialization. But now those types are not accessible anymore because they are in a different project so, we have to create the serializers.

[yahiheb]

CF issues...

0aa36f7 Fixed the CodeFactor issues.
c67e6e7 Renamed a variable.
1d64be2 Fixed deepsource issues, but there is only one left.

[molnard]

we have to create the serializers

Will the consumer of the library, need to do the same?

inaccessible constructors

What if we make those accessible?

[lontivero]

Will the consumer of the library, need to do the same?

Yes ofc. How could we know how they want to serialize these things?

What if we make those accessible?

In that case we could avoid the usage of reflection (good) at the cost of ruining the library API (bad). I would prefer to keep the API well design as it is.

[MaxHillebrand]

tested 1d64be2

after input registration started, but coinjoin is successful, but txid not available

2023-03-27 13:55:55.793 [24] WARNING	CoinJoinClient.CreateRegisterAndConfirmCoinsAsync (452)	Newtonsoft.Json.JsonException: Property 'T' was expected.
   at WalletWasabi.WabiSabi.Crypto.Serialization.JsonReaderExtensions.ReadProperty[T](JsonReader reader, JsonSerializer serializer, String name) in WalletWasabi/WabiSabi/Crypto/Serialization/JsonReaderExtensions.cs:line 19
   at WalletWasabi.WabiSabi.Crypto.Serialization.MacJsonConverter.ReadJson(JsonReader reader, Type objectType, MAC existingValue, Boolean hasExistingValue, JsonSerializer serializer) in WalletWasabi/WabiSabi/Crypto/Serialization/MacConverter.cs:line 16
   at Newtonsoft.Json.JsonConverter`1.ReadJson(JsonReader reader, Type objectType, Object existingValue, JsonSerializer serializer)
   at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.DeserializeConvertable(JsonConverter converter, JsonReader reader, Type objectType, Object existingValue)
   at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.PopulateList(IList list, JsonReader reader, JsonArrayContract contract, JsonProperty containerProperty, String id)
   at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.CreateList(JsonReader reader, Type objectType, JsonContract contract, JsonProperty member, Object existingValue, String id)
   at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.CreateValueInternal(JsonReader reader, Type objectType, JsonContract contract, JsonProperty member, JsonContainerContract containerContract, JsonProperty containerMember, Object existingValue)
   at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.ResolvePropertyAndCreatorValues(JsonObjectContract contract, JsonProperty containerProperty, JsonReader reader, Type objectType)
   at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.CreateObjectUsingCreatorWithParameters(JsonReader reader, JsonObjectContract contract, JsonProperty containerProperty, ObjectConstructor`1 creator, String id)
   at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.CreateObject(JsonReader reader, Type objectType, JsonContract contract, JsonProperty member, JsonContainerContract containerContract, JsonProperty containerMember, Object existingValue)
   at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.CreateValueInternal(JsonReader reader, Type objectType, JsonContract contract, JsonProperty member, JsonContainerContract containerContract, JsonProperty containerMember, Object existingValue)
   at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.ResolvePropertyAndCreatorValues(JsonObjectContract contract, JsonProperty containerProperty, JsonReader reader, Type objectType)
   at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.CreateObjectUsingCreatorWithParameters(JsonReader reader, JsonObjectContract contract, JsonProperty containerProperty, ObjectConstructor`1 creator, String id)
   at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.CreateObject(JsonReader reader, Type objectType, JsonContract contract, JsonProperty member, JsonContainerContract containerContract, JsonProperty containerMember, Object existingValue)
   at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.CreateValueInternal(JsonReader reader, Type objectType, JsonContract contract, JsonProperty member, JsonContainerContract containerContract, JsonProperty containerMember, Object existingValue)
   at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.Deserialize(JsonReader reader, Type objectType, Boolean checkAdditionalContent)
   at Newtonsoft.Json.JsonSerializer.DeserializeInternal(JsonReader reader, Type objectType)
   at Newtonsoft.Json.JsonConvert.DeserializeObject(String value, Type type, JsonSerializerSettings settings)
   at Newtonsoft.Json.JsonConvert.DeserializeObject[T](String value, JsonSerializerSettings settings)
   at WalletWasabi.WabiSabi.Client.WabiSabiHttpApiClient.Deserialize[TResponse](String jsonString) in WalletWasabi/WabiSabi/Client/WabiSabiHttpApiClient.cs:line 151
   at WalletWasabi.WabiSabi.Client.WabiSabiHttpApiClient.SendAndReceiveAsync[TRequest,TResponse](RemoteAction action, TRequest request, CancellationToken cancellationToken, Nullable`1 retryTimeout) in WalletWasabi/WabiSabi/Client/WabiSabiHttpApiClient.cs:line 141
   at WalletWasabi.WabiSabi.Client.ArenaClient.RegisterInputAsync(uint256 roundId, OutPoint outPoint, OwnershipProof ownershipProof, CancellationToken cancellationToken) in WalletWasabi/WabiSabi/Client/ArenaClient.cs:line 45
   at WalletWasabi.WabiSabi.Client.AliceClient.RegisterInputAsync(RoundState roundState, ArenaClient arenaClient, SmartCoin coin, IKeyChain keyChain, CancellationToken cancellationToken) in WalletWasabi/WabiSabi/Client/AliceClient.cs:line 101
   at WalletWasabi.WabiSabi.Client.AliceClient.CreateRegisterAndConfirmInputAsync(RoundState roundState, ArenaClient arenaClient, SmartCoin coin, IKeyChain keyChain, RoundStateUpdater roundStatusUpdater, CancellationToken unregisterCancellationToken, CancellationToken registrationCancellationToken, CancellationToken confirmationCancellationToken) in WalletWasabi/WabiSabi/Client/AliceClient.cs:line 73
   at WalletWasabi.WabiSabi.Client.CoinJoinClient.<>c__DisplayClass55_0.<<CreateRegisterAndConfirmCoinsAsync>g__RegisterInputAsync|0>d.MoveNext() in WalletWasabi/WabiSabi/Client/CoinJoinClient.cs:line 381

2023-03-27 13:59:39.038 [45] INFO	CoinJoinClient.StartRoundAsync (268)	Round (02856becc95a6be8e3d6edb7146a6f9e5b9c4e627d4915028051f17a90618812): Broadcasted. Coinjoin TxId: (Not available)

[lontivero]

@MaxHillebrand you can try again if you want. This time it will work.

[MaxHillebrand]

tACK 55dc44e

coinjoin works without smells in the logs.

[molnard]

Reflection is slow and we tried to avoid it. Using it every time when we are deserializing an object is not OK.

• Can you find any other option?
• How others are doing these kinds of things?

[molnard]

cACK. Before I can merge this I need these kinds of tests for every related converter. It is OK if you check them in combination as I did here.

#10393

[kiminuo]

I wonder if it would make sense to you to have it like this:

Suggested change

	using WabiSabi.CredentialRequesting;
	using ZkSnacks.WabiSabi.CredentialRequesting;

Putting the organization in the namespace is quite common. I'm not totally sure if I like it or not but it would make it clear who is behind that package and if we ever have more packages we would just have ZkSnacks.SomethingElse.

I don't have a strong opinion on this but maybe somebody has.

[kiminuo]

Also there is https://github.com/zkSNACKs/NWabiSabi but the namespace is WabiSabi. Should it be NWabisabi?

[lontivero]

No. I called the repo NWabiSabi because there is another repo called WabiSabi that contains the specs, the wabisabi white paper and the research from Yuval.

[kiminuo]

ok

I think that https://github.com/zkSNACKs/NWabiSabi should be a pinned repo here on Github given its importance.

[lontivero]

The new converters here are for those types that were moved to the WabiSabi package which represent cryptographic elements like zkproofs, pedersen commitments, key material and similar. This means that it would be enough to have one single bit different to make coinjoins impossible. In other words, if you can participate successfully in a coinjoin that means that the serialization/deserialization works okay.

Testing is the most important verification for this kind of PRs while UTs for compatibility are a bad idea. For example, your test in #10393 verifies that the serializer still does it as before but for this version that is not only insufficient but also wrong because the serializer is now more strict and doesn't accept whatever the server sends.

In the current version, the server uses snake camel casing while in your test the encoded json uses pascal casing so, that means that the expected json is one that the server would have never sent. That can create a false sense of confidence, what I think is not good.

[kiminuo]

I'm confused about this. Where is UnsecureRandom defined?

I think that unsecure is not an English word. Insecure or Unsecured (with the d at the end) are imho English words.

[lontivero]

it was the easiest thing to do because InsecureRandom is now in WabiSabi package and it didn't sound good to tight Tor code to WabiSabi. Anyway, we can use it anyway, the only thing that we have to do is to replace the IRandom by a WasabiRandom and that should be pretty much all.

[molnard]

In the current version, the server uses snake camel casing while in your test the encoded json uses pascal casing so, that means that the expected json is one that the server would have never sent.

And after we deploy this PR to the backend?

Testing is the most important verification for this kind of PRs while UTs for compatibility are a bad idea.

Trust the compatibility check to manual testing? The stakes are very high here. In SerializationTests.cs I see hex-converted data used for testing. Why that was added before?

[molnard]

I did a CJ with this PR - it was working.

[lontivero]

Ok. I will deploy it in testing now and test it with old and new client.

[lontivero]

Ok. It didn't work. Let me review everything again.

[kiminuo]

(I was thinking about this and it feels like it would be easier to review this PR if we just created a new project in this repo to see all changes immediately (mainly to see ALL changes) as a git diff and then as a second step, we would create the nuget package. I would feel much more confident in the process and less afraid of bugs.)

[lontivero]

It's done. Ive created the compatibility test and verified this works on all combinations of client versions and coordinator versions. I've undone the stricter rule that i introduced and went back to "case insensitive" deserializers as NewtonSoft does.

[lontivero]

The CI is compiling a commit that is not part of this PR. wtf.

[molnard]

tACK