Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

hash (features|commitment) in output mmr #615

Merged
merged 57 commits into from
Jan 17, 2018
Merged

hash (features|commitment) in output mmr #615

merged 57 commits into from
Jan 17, 2018

Conversation

antiochp
Copy link
Member

@antiochp antiochp commented Jan 15, 2018
edited
Loading

This PR solves #559 by extending the output pmmr to include the output features in the hash.

The proposed solution is described here in more detail - #597

Replaces #215 (which attempted to encode lock_height in the switch commit)

tl;dr

  1. Getting rid of the indexes ensures we never see the "wrong" version of an output (due to a fork).
    Specifically we never see (and use) the wrong lock_height (which can and will break consensus).
  2. We now include output features in the output mmr. This ensures a miner cannot lie about coinbase vs non-coinbase (we can be sure we are checking lock_height as necessary)
  3. We derive lock_height by looking at the full block (we do not rely on the old index) so we know lock_height is being correctly handed

The combination of these changes should ensure we handle the spending of coinbase outputs correctly even under adverse conditions (chain forks and miners reusing wallet keys, creating duplicate commitments).

  • SumCommit takes OutputFeatures & Commitment
    • the hash is now (features|commit)
    • this ensures a given output in the MMR is known to be a coinbase or not (and miner cannot lie)
  • introduce OutputIdentifier so we don't need to pass a SumCommit around everywhere
    • we now need an OutputIdentifier to check is_unspent via the MMR (by comparing the hash)
  • to spend an output we also need to specify the block hash in the Input
    • we can determine lock_height based on height of block + 1,000
    • miner cannot lie about lock_height (also cannot lie about coinbase vs non-coinbase)
  • removed "header by commit" index
    • sender needs to provide block hash
    • wallet maintains block hash of outputs
    • this ensures we never mis-attribute an output in the presence of a chain fork
  • removed "output by commit" index
    • if we need the full output we need to go back to the full block (via block hash)
  • get utxo api endpoint now just returns a commitment (output mmr data only)
  • rework wallet refresh and restore to handle output mmr changes and need to maintain block hashes

TODO -

  • many tests failing (tests failing to build)
  • many build warnings, lack of docs, unused imports etc.
  • cleanup verbose debug logging
  • make block hash optional on an input (only necessary for spending coinbase outputs)

antiochp added 30 commits January 4, 2018 14:29
@antiochp
experiment with lock_heights on outputs
9a193fd
@antiochp
playing around with lock_height as part of the switch commitment hash
1e21029
@antiochp
cleanup
1bb9ed7
@antiochp
include features in the switch commit hash key
d13b39b
@antiochp
commit
ba22ed5
@antiochp
rebase off master
1267fd5
@antiochp
commit
13acb42
@antiochp
cleanup
8de1189
@antiochp
missing docs
27ca435
@antiochp
rework coinbase maturity test to build valid tx
70a99f4
@antiochp
pool and chain tests passing (inputs have switch commitments)
3bab309
@antiochp
commit
60f8c0b
@antiochp
cleanup
f8e5d35
@antiochp
check inputs spending coinbase outputs have valid lock_heights
1c46b86
@antiochp
wip - got it building (tests still failing)
ab41029
@antiochp
use zero key for non coinbase switch commit hash
6abdc25
@antiochp
fees and height wrong order...
6861862
@antiochp
send output lock_height over to wallet via api
2db64ff
@antiochp
no more header by height index
22a04d5 
workaround this for wallet refresh and wallet restore
@antiochp
refresh heights for unspent wallet outputs where missing
47e4719
@antiochp
TODO - might be slow?
4d3b48c
@antiochp
simplify - do not pass around lock_height for non coinbase outputs
ced54ec
@antiochp
commit
1d2cb4e
@antiochp
Merge branch 'master' into lockheight_outputs
ca22c40
@antiochp
fix tests after merge
94f70f5
@antiochp
build input vs coinbase_input
057d581 
switch commit hash key encodes lock_height
cleanup output by commit index (currently broken...)
@antiochp
is_unspent and get_unspent cleanup - we have no outputs, only switch_…
5c5fe39 
…commit_hashes
@antiochp
separate concept of utxo vs output in the api
6598d45 
utxos come from the sumtrees (and only the sumtrees, limited info)
outputs come from blocks (and we need to look them up via block height)
@antiochp
cleanup
7b3b5d6
@antiochp
better api support for block outputs with range proofs
90ad055
@antiochp antiochp mentioned this pull request Jan 15, 2018
Closed
13 tasks
@antiochp
pool verifies coinbase maturity via is_matured
bc4364a 
this uses sumtree in a consistent way
@antiochp
Copy link
Member Author

@ignopeverell this should be in a reasonable place for an early review.
Tests are still failing... and there are a lot of build warnings... but the approach outlined in #597 is implemented (and works locally).
If we are happy with this and think this is worth continuing with then I'll continue to clean it up and get the tests reworked/fixed up.

ignopeverell
ignopeverell reviewed Jan 16, 2018
View reviewed changes
chain/src/sumtree.rs Outdated
// edge case here - we may be spending an output with zero-confirmations
// and it just got included in a block.
// The wallet may not know about this new block yet (not yet refreshed).
// Is it safe to assume this the tx was included in the latest block?

This comment was marked as spam.

Sign in to view

This comment was marked as spam.

Sign in to view

chain/src/sumtree.rs Outdated
// If we are spending a coinbase output then go find the block
// and check the coinbase maturity rule is being met.
if input.features.contains(COINBASE_OUTPUT) {
// edge case here - we may be spending an output with zero-confirmations

This comment was marked as spam.

Sign in to view

chain/tests/test_coinbase_maturity.rs Outdated
@@ -176,6 +183,23 @@ fn test_coinbase_maturity() {

let prev = chain.head_header().unwrap();

<<<<<<< HEAD

This comment was marked as spam.

Sign in to view

This comment was marked as spam.

Sign in to view

@ignopeverell
Copy link
Contributor

Minor comments but looks good to me overall!

@antiochp antiochp changed the title [WIP] hash (features|commitment) in output mmr hash (features|commitment) in output mmr Jan 16, 2018
@antiochp
Copy link
Member Author

@ignopeverell this should be good to go now if you want to give it a final review?
(3rd time lucky - but this feels like the "right" solution now). 😀

@ignopeverell
Copy link
Contributor

Looking good, ship it!

@antiochp
Copy link
Member Author

antiochp commented Jan 16, 2018
edited
Loading

Soon as travis sorts out its infra... multiple builds stuck for a couple of hours. Just kicked off a new one.
Edit: still waiting. Looks like they have a huge backlog of linux builds queued up...

@antiochp
Copy link
Member Author

Merging - travis is still working through its backlog...

@antiochp antiochp merged commit cbd3b2f into mimblewimble:master Jan 17, 2018
@antiochp antiochp deleted the output_pmmr_hash branch January 17, 2018 03:07
This was referenced Jan 17, 2018
Closed
Closed
Closed
Merged
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ignopeverell ignopeverell ignopeverell left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@antiochp @ignopeverell