Skip to content

TxSummary digest#52

Merged
cbeck88 merged 33 commits intomobilecoinfoundation:mainfrom
cbeck88:tx_summary_digest
Nov 7, 2022
Merged

TxSummary digest#52
cbeck88 merged 33 commits intomobilecoinfoundation:mainfrom
cbeck88:tx_summary_digest

Conversation

@cbeck88
Copy link
Contributor

@cbeck88 cbeck88 commented Oct 10, 2022
edited
Loading

A proposal to introduce a TxSummary object and incorporate it into the digest which MLSAG's sign, to help hardware wallets.

Rendered Proposal

@cbeck88 cbeck88 changed the title add tx_summary_digest proposal TxSummary digest Oct 10, 2022
This was referenced Oct 10, 2022
Closed
Merged
eranrund
eranrund reviewed Oct 10, 2022
View reviewed changes
Copy link
Contributor

@eranrund eranrund left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks reasonable to me, thank you for the detailed write up.
Do you think it would make sense to add a "worst possible case" calculation of how much memory the hardware wallet will need to support, based on a transaction that has the max inputs/outputs?

@cbeck88
Copy link
Contributor Author

cbeck88 commented Oct 11, 2022

Do you think it would make sense to add a "worst possible case" calculation of how much memory the hardware wallet will need to support, based on a transaction that has the max inputs/outputs?

Koe made a different estimate of the sizes of Tx's due to membership proofs which is larger than mine, in MCIP #21

Currently (protocol v0), Merkle membership proofs constitute the bulk of transaction size. A 1-input/1-output transaction is ~21 kB, with membership proofs taking up ~17 kB (assuming membership proofs with 32 elements, representing a Merkle tree 31 layers deep). In a 16-input/16-output transaction (the maximum size of a transaction), membership proofs occupy ~275 kB out of ~325 kB.

I have not actually done this calculation myself.

We could also write a unit test or something that measures this maximum size.

You're right, we should probably document what the actual worst possible case is at the current version (v2)

@eranrund
Copy link
Contributor

eranrund commented Oct 11, 2022

Do you think it would make sense to add a "worst possible case" calculation of how much memory the hardware wallet will need to support, based on a transaction that has the max inputs/outputs?

Koe made a different estimate of the sizes of Tx's due to membership proofs which is larger than mine, in MCIP #21

Currently (protocol v0), Merkle membership proofs constitute the bulk of transaction size. A 1-input/1-output transaction is ~21 kB, with membership proofs taking up ~17 kB (assuming membership proofs with 32 elements, representing a Merkle tree 31 layers deep). In a 16-input/16-output transaction (the maximum size of a transaction), membership proofs occupy ~275 kB out of ~325 kB.

I have not actually done this calculation myself.

We could also write a unit test or something that measures this maximum size.

You're right, we should probably document what the actual worst possible case is at the current version (v2)

I think it's also valuable (if not more valuable) to document how much it would be following this change. This will make it easier for potential hardware integrations to have a quick go/no-go based on memory requirements.

remoun
remoun approved these changes Oct 14, 2022
View reviewed changes
Copy link
Contributor

@remoun remoun left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

nick-mobilecoin
nick-mobilecoin approved these changes Oct 14, 2022
View reviewed changes
@isis-mc @remoun @nick-mobilecoin
Apply suggestions from code review
f1f67e5 
Incorporate several of @remoun's and @nick-mobilecoin's suggestions.

Co-authored-by: Remoun Metyas <remoun.metyas@gmail.com>
Co-authored-by: Nick Santana <nick@mobilecoin.com>
isis-mc
isis-mc approved these changes Oct 17, 2022
View reviewed changes
Copy link
Contributor

@isis-mc isis-mc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

text/0052-tx-summary-digest.md Outdated
Comment on lines +66 to +70
The verifier similarly computes this
`extended-message-and-tx-summary digest` and verifies that the MLSAGs sign this.

When a hardware wallet is asked to sign an MLSAG, we can give it now the `extended_message_digest`
and the `TxSummary`, and it can compute the appropriate digest from this for the MLSAG to sign.
Copy link
Contributor

@isis-mc isis-mc Oct 17, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This means we'll need a merlin implementation that runs on embedded devices, correct?

As a side note, I don't think we'll ever need to worry about running into a big-endian embedded device, but there's currently an endianness bug in our limited STROBE implementation used in merlin, which we'd want to fix before porting to C.

Copy link
Contributor Author

@cbeck88 cbeck88 Oct 18, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

does the rust merlin implementation not work? can we just fix that one?

Chris Beck and others added 2 commits October 18, 2022 11:04
@isis-mc
Update text/0052-tx-summary-digest.md
1817daf 
Co-authored-by: isis lovecruft <79881025+isis-mc@users.noreply.github.com>
@cbeck88
rewrite guide-level explanation
2060f3f
Chris Beck and others added 13 commits October 18, 2022 12:11
@isis-mc
Update text/0052-tx-summary-digest.md
3c862bd 
Co-authored-by: isis lovecruft <79881025+isis-mc@users.noreply.github.com>
@isis-mc
Update text/0052-tx-summary-digest.md
6f870fc 
Co-authored-by: isis lovecruft <79881025+isis-mc@users.noreply.github.com>
@nick-mobilecoin
Update text/0052-tx-summary-digest.md
d8ba50b 
Co-authored-by: Nick Santana <nick@mobilecoin.com>
@isis-mc
Update text/0052-tx-summary-digest.md
abce097 
Co-authored-by: isis lovecruft <79881025+isis-mc@users.noreply.github.com>
@isis-mc
Update text/0052-tx-summary-digest.md
a603a99 
Co-authored-by: isis lovecruft <79881025+isis-mc@users.noreply.github.com>
@cbeck88
fixups, add discussion about chain of trust
3d26611
@cbeck88
fixup formatting
9b6f6d5
@cbeck88
fix typos
379f114
@cbeck88
fixup language
4753259
@cbeck88
address isis comment
9316d54
@cbeck88
add a disclaimer
22dd341
@cbeck88
add clarifying text
7928a22
@cbeck88
update with discussion about inputs with rules, rearrange slightly
f56ca8e
@cbeck88 cbeck88 added the final-comment-period This RFC is in the final-comment period for the next 24h label Oct 21, 2022
cbeck88
cbeck88 commented Oct 31, 2022
View reviewed changes
eranrund
eranrund approved these changes Nov 3, 2022
View reviewed changes
Copy link
Contributor

@eranrund eranrund left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is really well written. Thank you!

cbeck88 and others added 6 commits November 3, 2022 10:18
@cbeck88
add a note about the input rules digest
08ea9f6
@eranrund
Update text/0052-tx-summary-digest.md
708b897 
Co-authored-by: Eran Rundstein <eran@rundste.in>
@eranrund
Update text/0052-tx-summary-digest.md
6767ba3 
Co-authored-by: Eran Rundstein <eran@rundste.in>
@eranrund
Update text/0052-tx-summary-digest.md
400ebf2 
Co-authored-by: Eran Rundstein <eran@rundste.in>
@eranrund
Update text/0052-tx-summary-digest.md
5462771 
Co-authored-by: Eran Rundstein <eran@rundste.in>
@cbeck88
add note about signing oracle
5c82be6
@cbeck88
Copy link
Contributor Author

cbeck88 commented Nov 3, 2022

Going to hold this one an extra day due to comments

@cbeck88 cbeck88 merged commit 788c995 into mobilecoinfoundation:main Nov 7, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@eranrund eranrund eranrund approved these changes

@nick-mobilecoin nick-mobilecoin nick-mobilecoin approved these changes

@jcape jcape Awaiting requested review from jcape

@briancorbin briancorbin Awaiting requested review from briancorbin

@sugargoat sugargoat Awaiting requested review from sugargoat

+2 more reviewers

@remoun remoun remoun approved these changes

@isis-mc isis-mc isis-mc approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

final-comment-period This RFC is in the final-comment period for the next 24h

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@cbeck88 @eranrund @remoun @isis-mc @nick-mobilecoin