ariard
commented
1 year ago Okay, so we have 3 steps (verify the sequence of commitments in the hash chain, verify the proof path and verify the merkle root in the specified bitcoin transaction).
I think it’s interesting to have this implemented client-side in civkit-sample:
- query
civkitdto retrieve the listed of saved events and verify the slot commitment - verify that the client commitment is included in the
merkle_root - query
civkitdwhich is queryingbitcoindto verify confirmation of the anchor transaction and verify the inclusion of themerkle_root.
Functions required to verify event commitment proofs.
For a given sequence (https://commerceblock.readthedocs.io/en/latest/mainstay-con/index.html#proof-of-immutable-sequence) of proofs, Verification comes in 3 stages:
Verify the sequence of commitments in the hash chain. This involves taking the latest retrieved proof and the list of saved Events (e.g. retrieved from the DB) and repeating the computation of the hash chain of event_ids and then confirming the slot commitment of hash chain in the latest proof (this then gives the latest event that is fully attested).
Verify the proof path. For the latest slot proof, verify that the the commitment is included in the
merkle_rootthis is done by successively concatenating the commitment along the path proof ("ops") as is done here: https://github.com/commerceblock/pymainstay/blob/a84c5f295143c4ac2eed8a3726c3bf1c88399338/mst/verify.py#L158Finally, we need to verify that the
merkle_rootis included in the specified bitcoin transaction. This requires a connection to a bitcoin-cli. For the specifiedtxid, firstgetrawtransactionand then get the pay to address. Confirm the address is tweaked with themerkle_root(like https://github.com/commerceblock/pymainstay/blob/a84c5f295143c4ac2eed8a3726c3bf1c88399338/mst/verify.py#L126) and then go back along the tx staychain to check the initial anchor state.