Page MenuHomePhabricator

[avalanche] exclude stakes from the hash used in stake signature

Authored by PiRK on Jul 28 2021, 14:52.


Group Reviewers
Restricted Project
Maniphest Tasks
Restricted Maniphest Task

This excludes the other stakes from the proof hash that is signed by a
stake's private key.

Previously the stake's key was signing the full ProofId, which was computed by hashing the other stakes.
This made it impossible to add additional stakes to a proof without knowing all the private keys for all the stakes, as adding stakes to a proof would change the data to be signed.

With this change, collaboratively building a proof is now made easier, as each stake can be signed without knowing all of the other stakes.

This change invalidates previously generated proofs, as the stake signatures will need to be updated.

Test Plan

ninja all check-all

Event Timeline

PiRK requested review of this revision.Jul 28 2021, 14:52
PiRK added a task: Restricted Maniphest Task.Jul 28 2021, 14:54

Note that I do not intend to land this. It is meant as an example of a possible solution, but the tradeoffs of the various solutions need to be discussed.
In particular, there is a solution that involves making the ProofId no longer depend on the stakes that would have a bunch of upsides (no need to regenerate a Delegation after updating a proof) but also challenges (if the ProofId does not change, it does not trigger proof relaying).

deadalnix requested changes to this revision.Jul 29 2021, 12:24
deadalnix added a subscriber: deadalnix.

This is lacking the bigger picture. We can't just break the proof format with every version. What's the format of a proof you are moving toward?

This revision now requires changes to proceed.Jul 29 2021, 12:24