-
Notifications
You must be signed in to change notification settings - Fork 398
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
24-host: Reduce provable surface area to only packet flow keys #1144
Conversation
…ovable keys to private keys
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me!
@@ -311,16 +186,6 @@ This permissioning can be implemented with unique references (object capabilitie | |||
|
|||
Modules that wish to make use of particular IBC features MAY implement certain handler functions, e.g. to add additional logic to a channel handshake with an associated module on another state machine. | |||
|
|||
### Datagram submission |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just curious: why was this section deleted?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's a great simplification!!! If you merge latest change from feat/v2-spec you should be able to get rid of the CI failures.
Leaving open for now because we may want to remove specification of private keys entirely. it is up to individual implementations to decide how best to execute the logic required to write the provable keys in store. Also, we should be standardizing the values stored under the provable keys in this specification as well. Also blocked on discussion around spec format. i.e. ABI for universal data format and moving to IETF standards for specs |
|
||
#### Packet Acknowledgement | ||
|
||
The acknowledgement will be provided with the packet to the sending chain. Thus we only need to provably associate the acknowledgement with the original packet. This association is already accomplished by the acknowledgment path which contains the destination identifier and the sequence. Thus on the sending chain, we can prove the acknowledgement was indeed sent for the packet we sent. We prove the packet was sent by us by checking that we stored the packet commitment under the packet commitment path. We can retrieve the client from the source identifier and then prove the counterparty stored under the destination identifier and sequence. Thus, we can associate the acknowledgement stored under this path with the unique packet provided. The acknowledgement commitment can therefore simply consist of a hash of the acknowledgment data sent to the state machine. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would be nice to have a visual representation of this
actually used in the private store implementation. | ||
| Store | Path format | Value type | Defined in | | ||
| -------------- | -------------------------------------------------------------------------- | ----------------- | ---------------------- | | ||
| provableStore | "commitments/channels/{identifier}/sequences/{bigEndianUint64Sequence}" | bytes | [ICS 4](../ics-004-packet-semantics) | |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm wondering if there is some space for commitment collision which could led to double usage, but I cannot really think of a scenario that would allow that. At a first glance the provableStore paths look good to me.
| Store | Path format | Value type | Defined in | | ||
| -------------- | -------------------------------------------------------------------------- | ----------------- | ---------------------- | | ||
| provableStore | "commitments/channels/{identifier}/sequences/{bigEndianUint64Sequence}" | bytes | [ICS 4](../ics-004-packet-semantics) | | ||
| provableStore | "receipts/channels/{identifier}/sequences/{bigEndianUint64Sequence}" | bytes | [ICS 4](../ics-004-packet-semantics) | | ||
| provableStore | "acks/channels/{identifier}/sequences/{bigEndianUint64Sequence}" | bytes | [ICS 4](../ics-004-packet-semantics) | |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks like we're missing "nextSequenceSend/ports/{identifier}/channels/{identifier}"
?
I guess it doesn't need to be provable, but it should also still be defined?? I think we still want the logical separation of sequence/nonce under its own key in v2. And the current impl still relies on port identifier being included
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since it won't be provable, but the ICS4 still uses it, I have defined the
function nextSequenceSendPath(sourceChannelID: bytes): Path {
return "nextSequenceSend/{sourceChannelID}"
}
``` in the privateStore. However, being local and private it could be any path that the chains want to set, thus I guess the implementation should be able to avoid relying on the port, correct?
| Store | Path format | Value type | Defined in | | ||
| -------------- | -------------------------------------------------------------------------- | ----------------- | ---------------------- | | ||
| provableStore | "commitments/channels/{identifier}/sequences/{bigEndianUint64Sequence}" | bytes | [ICS 4](../ics-004-packet-semantics) | | ||
| provableStore | "receipts/channels/{identifier}/sequences/{bigEndianUint64Sequence}" | bytes | [ICS 4](../ics-004-packet-semantics) | |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
seems that sequences will be the main discriminator here, thus would be possible to use a path like "receipts/{identifier}/sequences/{bigEndianUint64Sequence}"
so deleting the channels reference?
Merging this though the key paths may still be subject to change. Avoiding having PRs stand up for too long |
Context for Reviewers:
This PR introduces a new high level packet and acknowledgement commitment.
The packet commitment must now include the destination identifier
The packet commitment hashes the destination identifier, timeout, and app data all as bytes to create a fixed preimage size and then hashes the result
The acknowledgement is just a hash of the acknowledgement
Closes: #1138