Skip to content

feat(one-time-keys): first pass at adapting DBCs to one-time-keys #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
davidrusu wants to merge 4 commits into
base: confidential_amounts_pr
Choose a base branch
from
Open

feat(one-time-keys): first pass at adapting DBCs to one-time-keys #1

davidrusu wants to merge 4 commits into from

Conversation

@davidrusu
Copy link

@davidrusu davidrusu commented Aug 9, 2021
edited
Loading

This PR adapts DBC's to enforce one-time-keys by using the DBC owner as the spend book key.

Status:

  • library building
  • tests passing
  • update mint REPL

@dan-da
Copy link
Owner

dan-da commented Aug 10, 2021
edited
Loading

this was a lot of work / big change. nice job. couple high level q's/comments:

  1. Since owner's pubkey is now the spendbook key, it would seem to me that this is truly one-time usage. eg if Bob invoices Alice and she pays to Bob's key twice and then Bob tries a single reissue with both DBC's as inputs, what would happen? I would expect that the entire reissue fails because the 2nd input would be considered a dup. If that is the case I can see it working technically, but as far as real-world usage, I have concerns/misgivings as there is a potential to accidentally create unspendable DBCs. It would almost seem better to also have an "unspent book" for tracking unspent DBCs, and the mint could thus prevent Alice from issuing two DBCs to Bob's single pubkey in the first place. Of course a global unspent book requires more space and coordination between mint sections, so may not be feasible.

An alternative model, that I believe @dirvine was suggesting is that multiple DBCs could be created with the same pubkey and they could all be spent, but only if they are all inputs to the same reissue operation. So that seems a sort of half-way to this design, but it precludes using the pubkey as the spentbook key.

  1. Since owner pubkey has replaced the DbcContent hash as the DBC identifier does that mean there is no longer a proof of the spent DBC's contents in the spendbook? iow, previously was it important that the DBC's content's hashed to a stored identifier, because it seems we now lose that property.

@dirvine
Copy link

dirvine commented Aug 12, 2021

I have concerns/misgivings as there is a potential to accidentally create unspendable DBCs.

@dan-da I think we are fine here as the user will check the outputs are not to spent keys. The mint can also do that check to refuse re-issue if we wished, but likely not required.

Key derivation play a big part here though.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@davidrusu @dan-da @dirvine