Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

As an API client, I want to verify that the response from a server is verifiable proof #60

Closed
hansl opened this issue Jan 4, 2023 · 3 comments
Closed

As an API client, I want to verify that the response from a server is verifiable proof #60

hansl opened this issue Jan 4, 2023 · 3 comments
Assignees
@MavenRain
Labels
proof system tracking

Comments

@hansl
Copy link
Contributor

hansl commented Jan 4, 2023
edited by tysloan
Loading

Description

We need a verifiable proof specification (and implementation). It needs to be at least compatible with our current storage using in many-framework (ie. merk), but also extensible in the future with other storage or proofs.

Concerns

The spec should also account for different hashing algorithms and tree structures, allowing design space later on in the future. These algorithms may be implementation-specific or design choices.

For example, the current storage implementation in the framework is merk, which uses in its current version blake3. The latest nomic-io/merk repo uses SHA256 instead. If we were to upgrade our own fork with the latest changes,

Also, hashing is broken every decade or two after being released. It's not improbable that SHA256 will be easy enough to break in the next decade, and networks might want to switch to SHA512. This is just foresight for this and allowing the current spec to move along with technological advances.

Technical Design

The current design uses one network attribute and one request and one response attribute. The network attribute indicates support for asking and generating proofs and also (with an argument) which algorithm can be used to validate said proof. The request and response attributes contain a request for proof and the proof itself in the response.

Requesting proof on a network that does not support it MUST result in an error.

Acceptance Criterion

One should be able to call an endpoint via the CLI in a way that the proper request message attribute (3) is supplied, and receive a response message contains the corresponding response message attribute (3), along with the proof requested. The proof, after deserialization, should take the form indicated in the spec.

Planning Notes:

  • Includes everything up to the migration.
@hansl hansl added the tracking label Jan 4, 2023
@tysloan
Copy link

tysloan commented Jan 25, 2023

Stories should be created to resolve implementations that are not compliant with the spec.

@MavenRain
Copy link

liftedinit/many-rs#245

@MavenRain
Copy link

The following are follow-up items to be completed after the core implementation is merged and this item is closed:

@tysloan tysloan closed this as completed Mar 1, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@MavenRain MavenRain

Labels
proof system tracking
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@hansl @MavenRain @tysloan