1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288
// LNP/BP client-side-validation foundation libraries implementing LNPBP
// specifications & standards (LNPBP-4, 7, 8, 9, 42, 81)
//
// Written in 2019-2022 by
// Dr. Maxim Orlovsky <orlovsky@pandoracore.com>
//
// To the extent possible under law, the author(s) have dedicated all
// copyright and related and neighboring rights to this software to
// the public domain worldwide. This software is distributed without
// any warranty.
//
// You should have received a copy of the Apache 2.0 License along with this
// software. If not, see <https://opensource.org/licenses/Apache-2.0>.
//! Encoding and data preparation for commitment procedures in
//! client-side-validation as defined by [LNPBP-9] standard.
//!
//! Client-side-validation commitment process requires special encoding of
//! the data. While [`strict_encoding`] is the main standard for atomic data
//! types in client-side-validation world and should be used during internal
//! protocol-specific data validation, commitments may require processes of
//! merklization arrays of data items, or hiding confidential parts of the
//! data via hashing, pedersen commitments and so on. Thus, additinally to
//! strict encoding, a set of different encodings and data convolution and
//! hiding procedures are defined in this `commit_encode` module of the
//! `commit_verify` library. This includes:
//! - **merklization** procedures operating special types of tagged hashes and
//! committing to the depth of each node
//! - **commit conceal** procedures, making data confidential (transforming
//! types into confidential versions)
//! - **commit encoding**, which should *conceal* all the data and merklize
//! arrays, and only them performing their *strict encoding*
//! - **consensus commitment**, which wraps all of the above as a final API,
//! producing of a single commitment to the client-validated data.
//!
//! [LNPBP-9]: https://github.com/LNP-BP/LNPBPs/blob/master/lnpbp-0009.md
use std::io;
use bitcoin_hashes::HashEngine;
use crate::{CommitVerify, PrehashedProtocol};
/// Prepares the data to the *consensus commit* procedure by first running
/// necessary conceal and merklization procedures, and them performing strict
/// encoding for the resulted data.
pub trait CommitEncode {
/// Encodes the data for the commitment by writing them directly into a
/// [`io::Write`] writer instance
fn commit_encode<E: io::Write>(&self, e: E) -> usize;
/// Serializes data for the commitment in-memory into a newly allocated
/// array
fn commit_serialize(&self) -> Vec<u8> {
let mut vec = Vec::new();
self.commit_encode(&mut vec);
vec
}
}
/// Convenience macro for commit-encoding list of the data
#[macro_export]
macro_rules! commit_encode_list {
( $encoder:ident; $($item:expr),+ ) => {
{
let mut len = 0usize;
$(
len += $item.commit_encode(&mut $encoder);
)+
len
}
}
}
/// Marker trait defining specific encoding strategy which should be used for
/// automatic implementation of [`CommitEncode`].
pub trait Strategy {
/// Specific strategy. List of supported strategies:
/// - [`strategies::UsingStrict`]
/// - [`strategies::UsingConceal`]
/// - [`strategies::UsingHash`]
type Strategy;
}
/// Strategies simplifying implementation of [`CommitEncode`] trait.
///
/// Implemented after concept by Martin Habovštiak <martin.habovstiak@gmail.com>
pub mod strategies {
use bitcoin_hashes::Hash;
use super::*;
/// Encodes by running strict *encoding procedure* on the raw data without
/// any pre-processing.
///
/// Should not be used for array types (require manual [`CommitEncode`]
/// implementation involving merklization) or data which may contain
/// confidential or sensitive information (use [`UsingConceal`] in this
/// case).
pub struct UsingStrict;
/// Encodes data by first converting them into confidential version
/// (*concealing*) by running [`CommitConceal::commit_conceal`] first and
/// returning its result serialized with strict encoding rules.
pub struct UsingConceal;
/// Encodes data by first hashing them with the provided hash function `H`
/// and then returning its result serialized with strict encoding rules.
pub struct UsingHash<H>(std::marker::PhantomData<H>)
where
H: Hash + strict_encoding::StrictEncode;
impl<T> CommitEncode for amplify::Holder<T, UsingStrict>
where
T: strict_encoding::StrictEncode,
{
fn commit_encode<E: io::Write>(&self, e: E) -> usize {
self.as_inner().strict_encode(e).expect(
"Strict encoding must not fail for types using \
`strategy::UsingStrict`",
)
}
}
impl<T> CommitEncode for amplify::Holder<T, UsingConceal>
where
T: CommitConceal,
<T as CommitConceal>::ConcealedCommitment: CommitEncode,
{
fn commit_encode<E: io::Write>(&self, e: E) -> usize {
self.as_inner().commit_conceal().commit_encode(e)
}
}
impl<T, H> CommitEncode for amplify::Holder<T, UsingHash<H>>
where
H: Hash + strict_encoding::StrictEncode,
T: strict_encoding::StrictEncode,
{
fn commit_encode<E: io::Write>(&self, e: E) -> usize {
let mut engine = H::engine();
engine.input(
&strict_encoding::strict_serialize(self.as_inner()).expect(
"Strict encoding of hash strategy-based commitment data \
must not fail",
),
);
let hash = H::from_engine(engine);
hash.strict_encode(e).expect(
"Strict encoding must not fail for types using \
`strategy::UsingHash`",
)
}
}
impl<K, V> CommitEncode for (K, V)
where
K: CommitEncode,
V: CommitEncode,
{
fn commit_encode<E: io::Write>(&self, mut e: E) -> usize {
self.0.commit_encode(&mut e) + self.1.commit_encode(&mut e)
}
}
impl<A, B, C> CommitEncode for (A, B, C)
where
A: CommitEncode,
B: CommitEncode,
C: CommitEncode,
{
fn commit_encode<E: io::Write>(&self, mut e: E) -> usize {
self.0.commit_encode(&mut e)
+ self.1.commit_encode(&mut e)
+ self.2.commit_encode(&mut e)
}
}
impl<T> CommitEncode for T
where
T: Strategy + Clone,
amplify::Holder<T, <T as Strategy>::Strategy>: CommitEncode,
{
fn commit_encode<E: io::Write>(&self, e: E) -> usize {
amplify::Holder::new(self.clone()).commit_encode(e)
}
}
impl Strategy for usize {
type Strategy = UsingStrict;
}
impl Strategy for u8 {
type Strategy = UsingStrict;
}
impl Strategy for u16 {
type Strategy = UsingStrict;
}
impl Strategy for u32 {
type Strategy = UsingStrict;
}
impl Strategy for u64 {
type Strategy = UsingStrict;
}
impl Strategy for i8 {
type Strategy = UsingStrict;
}
impl Strategy for i16 {
type Strategy = UsingStrict;
}
impl Strategy for i32 {
type Strategy = UsingStrict;
}
impl Strategy for i64 {
type Strategy = UsingStrict;
}
impl Strategy for String {
type Strategy = UsingStrict;
}
impl Strategy for &str {
type Strategy = UsingStrict;
}
impl Strategy for &[u8] {
type Strategy = UsingStrict;
}
impl Strategy for Vec<u8> {
type Strategy = UsingStrict;
}
#[cfg(feature = "grin_secp256k1zkp")]
impl Strategy for secp256k1zkp::pedersen::Commitment {
type Strategy = strategies::UsingStrict;
}
#[cfg(feature = "grin_secp256k1zkp")]
impl Strategy for secp256k1zkp::pedersen::RangeProof {
type Strategy = strategies::UsingHash<bitcoin_hashes::sha256::Hash>;
}
impl<T> Strategy for &T
where
T: Strategy,
{
type Strategy = T::Strategy;
}
}
/// Trait that should perform conversion of a given client-side-validated data
/// type into its confidential version concealing all of its data.
///
/// Since the resulting concealed version must be unequally derived from the
/// original data with negligible risk of collisions, it is a form of
/// *commitment* – thus the procedure called *commit-conceal* and not just a
/// *conceal*.
pub trait CommitConceal {
/// The resulting confidential type concealing and committing to the
/// original data
type ConcealedCommitment;
/// Performs commit-conceal procedure returning confidential data
/// concealing and committing to the original data
fn commit_conceal(&self) -> Self::ConcealedCommitment;
}
/// High-level API used in client-side validation for producing a single
/// commitment to the data, which includes running all necessary procedures like
/// concealment with [`CommitConceal`], merklization, strict encoding,
/// wrapped into [`CommitEncode`], followed by the actual commitment to its
/// output.
pub trait ConsensusCommit: Sized + CommitEncode {
/// Type of the resulting commitment
type Commitment: CommitVerify<Vec<u8>, PrehashedProtocol>;
/// Performs commitment to client-side-validated data
#[inline]
fn consensus_commit(&self) -> Self::Commitment {
let mut encoder = io::Cursor::new(vec![]);
self.commit_encode(&mut encoder);
Self::Commitment::commit(&encoder.into_inner())
}
/// Verifies commitment to client-side-validated data
#[inline]
fn consensus_verify(&self, commitment: &Self::Commitment) -> bool {
let mut encoder = io::Cursor::new(vec![]);
self.commit_encode(&mut encoder);
commitment.verify(&encoder.into_inner())
}
}