Fixing node_id mutability issue by incomplete concealements #8
Conversation
|
Concept ACK. Also mentioning the following changes here for documenting TODOs.
|
|
@rajarshimaitra you are right, will cherry-pick commits from @claudiosdc PR #6 |
dr-orlovsky
force-pushed
the
fix/nodeid-mut
branch
from
c4fa60f to
7886afc
Compare
|
The finalization of this PR is pending LNP-BP/rust-lnpbp#179 |
|
Finalized & ready for the review. Will merge #18 to make sure that the node_id is now immutable. Many tests fail since the commitment algorithm has changed. Would like @rajarshimaitra to check the tests which he authored to make sure that the logic is correct – and then update test constants with new commitments. |
Add test function to validate Transition node ID immutability
|
Hooray! |
|
BTW, we have a new |
|
Concept ACK. Will update the test cases. I feel the encoding and commitment API is too numerous at this point, and I am pretty sure I myself will lose track of which is for what within few weeks. So it would be better if we can make some documentation somewhere explaining the purpose of each for future reference and to help out future developers. |
src/contract/assignments.rs
Outdated
| impl CommitEncodeWithStrategy for Assignments { | ||
| type Strategy = commit_strategy::UsingStrict; | ||
| type Strategy = commit_strategy::UsingConceal; | ||
| } | ||
|
|
There was a problem hiding this comment.
| impl CommitEncodeWithStrategy for Assignments { | |
| type Strategy = commit_strategy::UsingStrict; | |
| type Strategy = commit_strategy::UsingConceal; | |
| } |
These lines should be deleted since they are not in effect. The implementation of the CommitEncode trait for the Assignments type is not needed. The new Assignments::consensus_commits() associated function is being used to do the required processing instead.
There was a problem hiding this comment.
There is an important difference between commitment encoding and consensus commitment. The first produces a vector of serialized data: the actual message we are comitting to. The second is produced from the first and is always a well-defined structure (like hash) that can be verified against the original message. You should not have consensus commit without commitment encoding.
There was a problem hiding this comment.
So:
- We conceal the data (of they must or should be concealed according to the spec)
- We commit-encode (serialize) the resulting concealed data as a byte string
- We produce a commitment to those data (MerkleNode or other tagged hash form)
- We merklize the tree of such MerkleNode commitments
- We serialize the root of the Merkle tree
- We take that serialized root as a consensus commit (since its already a hash and a commitment)
Thus we use concealment, encoding, commitment , merklization, encoding and shallow commitment for all our collections.
There was a problem hiding this comment.
Ok, you are right, I double-checked the code and we cant produce any single commitment from the assignments; it is created only on the level above when we have assignments of all types. I think Assignments name here is very confusing, since this structure covers only assignments of certain type.
That sounds good. Where can we get it from? |
|
@rajarshimaitra you are welcome to do any docs; I will also wirk on them. Some initial comments: #8 (comment) |
|
@claudiosdc its right in here: |
|
Several test functions are failing. test bech32::test::test_bech32_contract_id ... FAILED
test contract::assignments::test::test_ancestor_encoding_simple ... FAILED
test contract::assignments::test::test_ancestor_encoding_complex ... FAILED
test contract::metadata::test::test_commitencoding_field ... FAILED
test contract::assignments::test::test_commitencode_assignments ... FAILED
test contract::nodes::test::test_autoconceal_node ... FAILED
test contract::nodes::test::test_genesis_commit_ne_strict ... FAILED
test contract::nodes::test::test_genesis_impl ... FAILED
test contract::nodes::test::test_id_serde ... FAILED
test contract::nodes::test::test_node_attributes ... FAILEDThey should be reviewed and adjusted as appropriately. |
|
@claudiosdc yes, that what we discussed with @rajarshimaitra above:
|
|
@claudiosdc removed |
Everything looks good for me now (except for the test functions). So, yes, I am good with the merge. |
I believe this should be the least intrusive change fixing #7 according to guidelines from https://github.com/LNP-BP/LNPBPs/discussions/88.
Concealtrait is a part of client-side-validation and MUST not be used for anything other than commitments. For confidentiality purposes we already useAutoConcealtrait, which I believe should be renamed intoIntoConfidentialin order to avoid further confusion – and probably we should renameConcealtoCommitConcealofr the same sake (however this will be a separate commits outside of the scope of this minimalistic PR).