[docs] Add switch commitment documentation #2526
Conversation
|
Update: added another commit with some minor formatting changes and a little rewording (points vs curves) in |
doc/switch_commitment.md
Outdated
| validation rules which then require that also the computation of `r` must be validated | ||
| (i.e. the ElGamal commitment must also be revealed) at the additional costs that the | ||
| range proofs for ElGamal are more costly (in size and computation) and that the hidingness | ||
| property is no longer perfectly hiding, but only computational hiding. But for a crypto currency |
There was a problem hiding this comment.
This last point is mistaken I think. And it might be good to clarify in a section above as well. We could change our commitment scheme to be already perfectly binding and computationally hiding. But that would be bad. The argument is that a privacy-oriented chain needs to stay private forever. Because one could go back to the history of the chain and de-anonymize all transactions if the commitment scheme was broken.
On the other hand, the commitment scheme only needs to be perfectly binding at the time the scheme is broken. By using switch commitments, in case of disaster (the intent being still that nothing is ever broken), at least people get a choice: they can compromise the privacy on their last UTXOs, or just leave the money alone and lose it. There are many cases where a privacy leak is much more dangerous to one's life than some cryptocurrency.
There was a problem hiding this comment.
Hi Ignotus! Thanks for your feedback! 🙂
I see, I had a wrong understanding of some points here: In my naive thinking I didn't realise that activating the switch commitment validation wouldn't immediately affect all users, but instead give each single user the privilege of having a choice.
So not the coin (or its developers) dictates which of the two mutually exclusive properties (perfectly bindingness or perfectly hidingness) should be prioritised but each user itself decides (in the unfortunate case if the scheme really gets broken).
I will try to reword the text (especially the conclusion) and try to include these considerations.
There was a problem hiding this comment.
Hi, I reworked parts of the document and tried to give a better understanding of the reasoning behind in 1c88d73.
Please have a look, when you have some time and let me know if I shall change something. 🙂
|
I still was not happy with the wording of the conclusion and pushed another commit with a small update. I didn't want to force push, for easier readability here. If you decide to merge this PR I will squash the commits and force push here again before you merge them back. |
(as switch commitments were removed in ca8447f and moved into the blinding factor of the Pedersen Commitment)
johnzweng
force-pushed
the
docs_switch_commitment
branch
from
f8094ee to
3a74dc1
Compare
|
Hi @ignopeverell, I've squashed the several edits of the switch commitment document together into one commit. Please take a final look if you agree with the content. |
|
Thank you for merging. 🙂 Also thank you for valuable feedback which helped me a lot to understand better which contributions switch commitments add to the system. |
* remove references to no-longer existing switch commitment hash (as switch commitments were removed in ca8447f and moved into the blinding factor of the Pedersen Commitment) * some rewording (points vs curves) and fix of small formatting issues * Add switch commitment documentation
* cleanup legacy "3 dot" check (#2625) * Allow to peers behind NAT to get up to preferred_max connections (#2543) Allow to peers behind NAT to get up to preffered_max connections If peer has only outbound connections it's mot likely behind NAT and we should not stop it from getting more outbound connections * Reduce usage of unwrap in p2p crate (#2627) Also change store crate a bit * Simplify (and fix) output_pos cleanup during chain compaction (#2609) * expose leaf pos iterator use it for various things in txhashset when iterating over outputs * fix * cleanup * rebuild output_pos index (and clear it out first) when compacting the chain * fixup tests * refactor to match on (output, proof) tuple * add comments to compact() to explain what is going on. * get rid of some boxing around the leaf_set iterator * cleanup * [docs] Add switch commitment documentation (#2526) * remove references to no-longer existing switch commitment hash (as switch commitments were removed in ca8447f and moved into the blinding factor of the Pedersen Commitment) * some rewording (points vs curves) and fix of small formatting issues * Add switch commitment documentation * [docs] Documents in grin repo had translated in Korean. (#2604) * Start to M/W intro translate in Korean * translate in Korean * add korean translation on intro * table_of_content.md translate in Korean. * table_of_content_KR.md finish translate in Korean, start to translate State_KR.md * add state_KR.md & commit some translation in State_KR.md * WIP stat_KR.md translation * add build_KR.md && stratum_KR.md * finish translate stratum_KR.md & table_of_content_KR.md * rename intro.KR.md to intro_KR.md * add intro_KR.md file path each language's intro.md * add Korean translation file path to stratum.md & table_of_contents.md * fix difference with grin/master * Fix TxHashSet file filter for Windows. (#2641) * Fix TxHashSet file filter for Windows. * rustfmt * Updating regexp * Adding in test case * Display the current download rate rather than the average when syncing the chain (#2633) * When syncing the chain, calculate the displayed download speed using the current rate from the most recent iteration, rather than the average download speed from the entire syncing process. * Replace the explicitly ignored variables in the pattern with an implicit ignore * remove root = true from editorconfig (#2655) * Add Medium post to intro (#2654) Spoke to @yeastplume who agreed it makes sense to add the "Grin Transactions Explained, Step-by-Step" Medium post to intro.md Open for suggestions on a better location. * add a new configure item for log_max_files (#2601) * add a new configure item for log_max_files * rustfmt * use a constant instead of multiple 32 * rustfmt * Fix the build warning of deprecated trim_right_matches (#2662) * [DOC] state.md, build.md and chain directory documents translate in Korean. (#2649) * add md files for translation. * start to translation fast-sync, code_structure. add file build_KR.md, states_KR.md * add dandelion_KR.md && simulation_KR.md for Korean translation. * add md files for translation. * start to translation fast-sync, code_structure. add file build_KR.md, states_KR.md * add dandelion_KR.md && simulation_KR.md for Korean translation. * remove some useless md files for translation. this is rearrange set up translation order. * add dot end of sentence & translate build.md in korean * remove fast-sync_KR.md * finish build_KR.md translation * finish build_KR.md translation * finish translation state_KR.md & add phrase in state.md to move other language md file * translate blocks_and_headers.md && chain_sync.md in Korean * add . in chain_sync.md , translation finished in doc/chain dir. * fix some miss typos * Api documentation fixes (#2646) * Fix the API documentation for Chain Validate (v1/chain/validate). It was documented as a POST, but it is actually a GET request, which can be seen in its handler ChainValidationHandler * Update the API V1 route list response to include the headers and merkleproof routes. Also clarify that for the chain/outputs route you must specify either byids or byheight to select outputs. * refactor(ci): reorganize CI related code (#2658) Break-down the CI related code into smaller more maintainable pieces. * Specify grin or nanogrins in API docs where applicable (#2642) * Set Content-Type in API client (#2680) * Reduce number of unwraps in chain crate (#2679) * fix: the restart of state sync doesn't work sometimes (#2687) * let check_txhashset_needed return true on abnormal case (#2684) * Reduce number of unwwaps in api crate (#2681) * Reduce number of unwwaps in api crate * Format use section * Small QoL improvements for wallet developers (#2651) * Small changes for wallet devs * Move create_nonce into Keychain trait * Replace match by map_err * Add flag to Slate to skip fee check * Fix secp dependency * Remove check_fee flag in Slate * Add Japanese edition of build.md (#2697) * catch the panic to avoid peer thread quit early (#2686) * catch the panic to avoid peer thread quit before taking the chance to ban * move catch wrapper logic down into the util crate * log the panic info * keep txhashset.rs untouched * remove a warning * [DOC] dandelion.md, simulation.md ,fast-sync.md and pruning.md documents translate in Korean. (#2678) * Show response code in API client error message (#2683) It's hard to investigate what happens when an API client error is printed out * Add some better logging for get_outputs_by_id failure states (#2705) * Switch commitment doc fixes (#2645) Fix some typos and remove the use of parentheses in a couple of places to make the reading flow a bit better. * docs: update/add new README.md badges (#2708) Replace existing badges with SVG counterparts and add a bunch of new ones. * Update intro.md (#2702) Add mention of censoring attack prevented by range proofs * use sandbox folder for txhashset validation on state sync (#2685) * use sandbox folder for txhashset validation on state sync * rustfmt * use temp directory as the sandbox instead actual db_root txhashset dir * rustfmt * move txhashset overwrite to the end of full validation * fix travis-ci test * rustfmt * fix: hashset have 2 folders including txhashset and header * rustfmt * (1)switch to rebuild_header_mmr instead of copy the sandbox header mmr (2)lock txhashset when overwriting and opening and rebuild * minor improve on sandbox_dir * add Japanese edition of state.md (#2703) * Attempt to fix broken TUI locale (#2713) Can confirm that on the same machine 1.0.2 TUI looks great and is broken on the current master. Bump of `cursive` version fixed it for me. Fixes #2676 * clean the header folder in sandbox (#2716) * forgot to clean the header folder in sandbox in #2685 * Reduce number of unwraps in servers crate (#2707) It doesn't include stratum server which is sufficiently changed in 1.1 branch and adapters, which is big enough for a separate PR. * rustfmt * change version to beta
* remove references to no-longer existing switch commitment hash (as switch commitments were removed in ca8447f and moved into the blinding factor of the Pedersen Commitment) * some rewording (points vs curves) and fix of small formatting issues * Add switch commitment documentation
This PR adds documentation about switch commitments and how they are used in grin.
Please feel free to change, correct or reword the text. I am a programmer with some cryptographic knowledge currently working through grin to understand the details, but I am not a cryptographer. So please bare with me (and correct me) if I got something wrong.
It also changes a comment in
core/src/core/transaction.rsand two md-files where the switch commitment hash was still referenced (although it was already removed in #2157).