Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

renegade_contracts: darkpool: verify VALID WALLET UPDATE statement signature #79

Merged
merged 2 commits into from
Aug 30, 2023

Conversation

akirillo
Copy link
Contributor

This PR introduces a pre-verification check of a signature over the VALID WALLET UPDATE statement generated from sk_root.

Testing
A new test was added asserting that an invalid signature fails. This, and all previous update_wallet tests (which now sign the statement) pass.

@akirillo akirillo added the enhancement New feature or request label Aug 30, 2023
@akirillo akirillo requested a review from joeykraut August 30, 2023 21:31
@akirillo akirillo self-assigned this Aug 30, 2023
Copy link
Member

@joeykraut joeykraut left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

couple questions

///
/// We manually mirror the implementation of keccak::keccak_u256s_le_inputs so that we can
/// avoid an extra loop over the input to map it into u256s.
fn hash_statement<T, impl TScalarSerializable: ScalarSerializable<T>>(statement: @T) -> Scalar {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

in this method, why do we sign the scalar serialization and not the byte serialization? it'd be ideal from the FE's perspective if this were byte-centric so that the FE does not have to implement scalar serialization (this also fits closer to how keccak is defined). Is this a Starknet limitation?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Mostly because it'll be more expensive & cumbersome contract-side to serialize the statement into bytes. Since I've last looked at the corelib, it seems some utilities for converting between felt252 and a new bytes31 type have been added, but the type seems a bit inconvenient (e.g. it is not a byte array, not sure how to add padding to it, etc.). Either way, this would add another layer of serialization logic and thus cost to the contract execution, and I am generally in favor of pushing serialization complexity onto the client / relayer instead of in the contract, where we pay for it. Even if the costs are marginal wrt other contract functions, might as well handle these things in a lower-cost (and more expressive) programming environment than Cairo.

src/darkpool.cairo Outdated Show resolved Hide resolved
@akirillo akirillo force-pushed the andrew/verify-update-wallet-signature branch from 22e55af to b44d7b9 Compare August 30, 2023 22:08
@akirillo akirillo merged commit 896afb2 into main Aug 30, 2023
1 check passed
@akirillo akirillo deleted the andrew/verify-update-wallet-signature branch August 30, 2023 22:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants