Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TxSummary digest #52

Merged
merged 33 commits into from
Nov 7, 2022
Merged

TxSummary digest #52

merged 33 commits into from
Nov 7, 2022

Conversation

cbeck88
Copy link
Contributor

@cbeck88 cbeck88 commented Oct 10, 2022
edited
Loading

A proposal to introduce a TxSummary object and incorporate it into the digest which MLSAG's sign, to help hardware wallets.

Rendered Proposal

@cbeck88 cbeck88 changed the title add tx_summary_digest proposal TxSummary digest Oct 10, 2022
This was referenced Oct 10, 2022
Closed
Merged
eranrund
eranrund reviewed Oct 10, 2022
View reviewed changes
Copy link
Contributor

@eranrund eranrund left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks reasonable to me, thank you for the detailed write up.
Do you think it would make sense to add a "worst possible case" calculation of how much memory the hardware wallet will need to support, based on a transaction that has the max inputs/outputs?

text/0052-tx-summary-digest.md Outdated Show resolved Hide resolved
@cbeck88
Copy link
Contributor Author

cbeck88 commented Oct 11, 2022

Do you think it would make sense to add a "worst possible case" calculation of how much memory the hardware wallet will need to support, based on a transaction that has the max inputs/outputs?

Koe made a different estimate of the sizes of Tx's due to membership proofs which is larger than mine, in MCIP #21

Currently (protocol v0), Merkle membership proofs constitute the bulk of transaction size. A 1-input/1-output transaction is ~21 kB, with membership proofs taking up ~17 kB (assuming membership proofs with 32 elements, representing a Merkle tree 31 layers deep). In a 16-input/16-output transaction (the maximum size of a transaction), membership proofs occupy ~275 kB out of ~325 kB.

I have not actually done this calculation myself.

We could also write a unit test or something that measures this maximum size.

You're right, we should probably document what the actual worst possible case is at the current version (v2)

@eranrund
Copy link
Contributor

Do you think it would make sense to add a "worst possible case" calculation of how much memory the hardware wallet will need to support, based on a transaction that has the max inputs/outputs?

Koe made a different estimate of the sizes of Tx's due to membership proofs which is larger than mine, in MCIP #21

Currently (protocol v0), Merkle membership proofs constitute the bulk of transaction size. A 1-input/1-output transaction is ~21 kB, with membership proofs taking up ~17 kB (assuming membership proofs with 32 elements, representing a Merkle tree 31 layers deep). In a 16-input/16-output transaction (the maximum size of a transaction), membership proofs occupy ~275 kB out of ~325 kB.

I have not actually done this calculation myself.

We could also write a unit test or something that measures this maximum size.

You're right, we should probably document what the actual worst possible case is at the current version (v2)

I think it's also valuable (if not more valuable) to document how much it would be following this change. This will make it easier for potential hardware integrations to have a quick go/no-go based on memory requirements.

remoun
remoun approved these changes Oct 14, 2022
View reviewed changes
Copy link
Contributor

@remoun remoun left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

text/0052-tx-summary-digest.md Outdated Show resolved Hide resolved
text/0052-tx-summary-digest.md Outdated Show resolved Hide resolved
text/0052-tx-summary-digest.md Outdated Show resolved Hide resolved
text/0052-tx-summary-digest.md Outdated Show resolved Hide resolved
text/0052-tx-summary-digest.md Outdated Show resolved Hide resolved
nick-mobilecoin
nick-mobilecoin approved these changes Oct 14, 2022
View reviewed changes
text/0052-tx-summary-digest.md Outdated Show resolved Hide resolved
text/0052-tx-summary-digest.md Outdated Show resolved Hide resolved
text/0052-tx-summary-digest.md Outdated Show resolved Hide resolved
text/0052-tx-summary-digest.md Outdated Show resolved Hide resolved
text/0052-tx-summary-digest.md Outdated Show resolved Hide resolved
text/0052-tx-summary-digest.md Outdated Show resolved Hide resolved
text/0052-tx-summary-digest.md Outdated Show resolved Hide resolved
@isis-mc @remoun @nick-mobilecoin
Apply suggestions from code review
f1f67e5 
Incorporate several of @remoun's and @nick-mobilecoin's suggestions.

Co-authored-by: Remoun Metyas <[email protected]>
Co-authored-by: Nick Santana <[email protected]>
isis-mc
isis-mc approved these changes Oct 17, 2022
View reviewed changes
Copy link
Contributor

@isis-mc isis-mc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

text/0052-tx-summary-digest.md Outdated Show resolved Hide resolved
text/0052-tx-summary-digest.md Outdated Show resolved Hide resolved
text/0052-tx-summary-digest.md Outdated
Comment on lines 66 to 70
The verifier similarly computes this
`extended-message-and-tx-summary digest` and verifies that the MLSAGs sign this.

When a hardware wallet is asked to sign an MLSAG, we can give it now the `extended_message_digest`
and the `TxSummary`, and it can compute the appropriate digest from this for the MLSAG to sign.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This means we'll need a merlin implementation that runs on embedded devices, correct?

As a side note, I don't think we'll ever need to worry about running into a big-endian embedded device, but there's currently an endianness bug in our limited STROBE implementation used in merlin, which we'd want to fix before porting to C.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

does the rust merlin implementation not work? can we just fix that one?

text/0052-tx-summary-digest.md Outdated Show resolved Hide resolved
text/0052-tx-summary-digest.md Show resolved Hide resolved
text/0052-tx-summary-digest.md Outdated Show resolved Hide resolved
text/0052-tx-summary-digest.md Outdated Show resolved Hide resolved
text/0052-tx-summary-digest.md Outdated Show resolved Hide resolved
text/0052-tx-summary-digest.md Outdated Show resolved Hide resolved
text/0052-tx-summary-digest.md Outdated Show resolved Hide resolved
Chris Beck and others added 13 commits October 18, 2022 12:11
@cbeck88 cbeck88 added the final-comment-period This RFC is in the final-comment period for the next 24h label Oct 21, 2022
eranrund
eranrund approved these changes Nov 3, 2022
View reviewed changes
Copy link
Contributor

@eranrund eranrund left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is really well written. Thank you!

text/0052-tx-summary-digest.md Outdated Show resolved Hide resolved
text/0052-tx-summary-digest.md Outdated Show resolved Hide resolved
text/0052-tx-summary-digest.md Outdated Show resolved Hide resolved
text/0052-tx-summary-digest.md Outdated Show resolved Hide resolved
text/0052-tx-summary-digest.md Outdated Show resolved Hide resolved
@cbeck88
Copy link
Contributor Author

cbeck88 commented Nov 3, 2022

Going to hold this one an extra day due to comments

@cbeck88 cbeck88 merged commit 788c995 into mobilecoinfoundation:main Nov 7, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nick-mobilecoin nick-mobilecoin nick-mobilecoin approved these changes

@isis-mc isis-mc isis-mc approved these changes

@eranrund eranrund eranrund approved these changes

@remoun remoun remoun approved these changes

@jcape jcape Awaiting requested review from jcape

@briancorbin briancorbin Awaiting requested review from briancorbin

@sugargoat sugargoat Awaiting requested review from sugargoat

Assignees
No one assigned
Labels
final-comment-period This RFC is in the final-comment period for the next 24h
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@cbeck88 @eranrund @remoun @isis-mc @nick-mobilecoin