Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: remove statement from sparse Merkle tree proofs #5768

Merged
merged 3 commits into from
Sep 14, 2023

Conversation

SWvheerden
Copy link
Collaborator

Description

Removes the key and value hashes from sparse Merkle tree proofs. Adds a path check to inclusion proof verification. Closes #5527.

Motivation and Context

Currently, sparse Merkle tree proofs include the key and value hashes for the proof. As these are effectively the proof statement, it doesn't really make sense to include them in the proof structure.

Including them means additional work for the verifier for both inclusion and exclusion proofs that isn't needed. This design also seems like a footgun that could lead an implementer to unintentionally trust the statement from a malicious prover.

This PR removes the key and value hashes from the proof structure altogether, and updates relevant functions accordingly. It also adds a path check to the inclusion proof verifier for consistency with the exclusion proof verifier, which may also help with faster detection of invalid proofs.

How Has This Been Tested?

Existing tests pass.

What process can a PR reviewer use to test or verify this change?

Check that the new verification logic is correct.

Breaking Changes

None. While this changes the structure of sparse Merkle tree proofs, they are not currently used and do not have serialization defined.

AaronFeickert and others added 3 commits September 14, 2023 07:43
refactor: rework proof data structures

The SMT proof data structures have been reworked. There is now a type
for In- and ExclusionProofs. The proofs are created with the respective
`::from_tree(...)` methods.

Both types have a `validate` method that lets a verifier validate the
proof. For inclusion proofs, the verifier provides the expected key,
value and root hash. For exclusion proofs, they provide the expcted key
and root hash.

This implementation also returns a `NonviableProof` error when trying to
create an inclusion proof on a key that does not exist, or vice-versa
for exclusion proofs. This is probably more in line with expected
behaviour.

Implementation notes:

There is a fair degree of overlaps between the two types, so we
introduce a trait, `MerkleProofDigest` that captures the common
behaviour.

Some unused functions in bit_utils have been removed.

We introduce `PathIterator`, that converts a key into a iterator of
traversal directions. This is DoubleEndedIterator, so it can be reversed
etc. Side note, implementing DEI has some nasty gotchas (like you must
override the default nth_back, len and size_hint methods, or else
connector iters like take and rev just don't work). This was surprising
and took a few hours to debug.

docs: add docstrings to proof structures
@github-actions
Copy link

Test Results (CI)

1 214 tests   1 214 ✔️  9m 13s ⏱️
     39 suites         0 💤
       1 files           0

Results for commit 70dcfd1.

@ghpbot-tari-project ghpbot-tari-project added P-acks_required Process - Requires more ACKs or utACKs P-reviews_required Process - Requires a review from a lead maintainer to be merged labels Sep 14, 2023
@github-actions
Copy link

Test Results (Integration tests)

28 tests  +28   28 ✔️ +28   12m 47s ⏱️ + 12m 47s
11 suites +11     0 💤 ±  0 
  2 files   +  2     0 ±  0 

Results for commit 70dcfd1. ± Comparison against base commit 19b3f21.

}

fn nth_back(&mut self, n: usize) -> Option<Self::Item> {
self.cursor_back -= n;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could underflow. Should check for this case and return None.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch

@ghpbot-tari-project ghpbot-tari-project removed the P-reviews_required Process - Requires a review from a lead maintainer to be merged label Sep 14, 2023
@CjS77 CjS77 merged commit d630d11 into tari-project:development Sep 14, 2023
@SWvheerden SWvheerden deleted the smt-statement branch September 26, 2023 15:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
P-acks_required Process - Requires more ACKs or utACKs
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Sparse Merkle tree proofs include statement
5 participants