[avalanche] exclude stakes from the hash used in stake signature
AbandonedPublic
Actions

Authored by PiRK on Jul 28 2021, 14:52.

Details

Reviewers

deadalnix

Group Reviewers

Restricted Project

Maniphest Tasks

Restricted Maniphest Task

Summary

This excludes the other stakes from the proof hash that is signed by a
stake's private key.

Previously the stake's key was signing the full ProofId, which was computed by hashing the other stakes.
This made it impossible to add additional stakes to a proof without knowing all the private keys for all the stakes, as adding stakes to a proof would change the data to be signed.

With this change, collaboratively building a proof is now made easier, as each stake can be signed without knowing all of the other stakes.

This change invalidates previously generated proofs, as the stake signatures will need to be updated.

Test Plan

ninja all check-all

Diff Detail

Repository

rABC Bitcoin ABC

Branch

proof_fmt

Lint

Lint Passed

Unit

No Test Coverage

Build Status

Buildable 16265
Build 32397: Build Diff	build-without-wallet · build-diff · build-debug · lint-circular-dependencies · build-clang · build-clang-tidy
Build 32396: arc lint + arc unit

Event Timeline

PiRK created this revision.Jul 28 2021, 14:52

Herald added a reviewer: Restricted Project. · View Herald TranscriptJul 28 2021, 14:52

PiRK requested review of this revision.Jul 28 2021, 14:52

PiRK added a task: Restricted Maniphest Task.Jul 28 2021, 14:54

Harbormaster completed remote builds in B16265: Diff 29325.Jul 28 2021, 15:07

Note that I do not intend to land this. It is meant as an example of a possible solution, but the tradeoffs of the various solutions need to be discussed.
In particular, there is a solution that involves making the ProofId no longer depend on the stakes that would have a bunch of upsides (no need to regenerate a Delegation after updating a proof) but also challenges (if the ProofId does not change, it does not trigger proof relaying).