How to identify network accounts

[Mirko-von-Leipzig]

Design is starting in 0xPolygonMiden/miden-node#606 and 0xPolygonMiden/miden-node#692 and we now need to figure out how to verify that an account is a network account.

It of course needs to be public, but beyond that we probably need some code analysis to determine with the account qualifies.

[bobbinth]

It of course needs to be public, but beyond that we probably need some code analysis to determine with the account qualifies.

In terms of simple code analysis that come to mind, we could do something like this: ensure that one of the paths of publicly exposed procedures results in incrementing the nonce, and ideally, does not rely on some data being present in the advice provider (e.g., there is no need to have a signature in the advice provider). This may work in some cases, but feels very brittle and also doesn't really restrict the users in terms of what they can put into a network account.

An alternative could be to just let the users designate something as a network account. For example, we could say that if something needs to be designated as a network account, the 30th most significant bit must be set to 1 (this would also enable validating note tags to make sure the account ID prefix is also for a network account). We can then separately enforce (in the transaction kernel) that if an account is designated as a network account it must be public and maybe also immutable (i.e., its code cannot be changed).

This does allow people to designate account with any code as a network account and so, may open up a door for some kind of griefing attacks, but I would argue that if someone wants to create a bunch of network accounts with invalid code, they'd be able to do this anyway - or at least that's a separate problem to solve.

Speaking about separate problems, I think there are a coupe of other things we need to think through in regards to network accounts/notes:

• If a note account be immediately applied to a given account and we can't also conclusively say that the note can never be applied to this account - what should be the strategy for handling it? For example, we could try a few more times and then discard the note. Or we can try periodically. Or maybe we need to get some additional input from the user to figure out when we can apply such a note?
• If a result of applying a note is another public note, we need to have enough of the data in the advice provider to build the full public note. So, the network note may need to carry additional info with it containing the data that needs to go into the advice provider when the node builds the transaction. How should this data be included?