search

gottstech / gotts

A blockchain for non-collateralized stable-coins, follow MimbleWimble protocol but with explicit amount.
https://gotts.tech
Apache License 2.0
48 stars 4 forks source link

refact: use last path instead of key id to shorten the PathMessage #37

Closed garyyu closed 4 years ago

garyyu commented 4 years ago

The current PathMessage contains 28 bytes as follows:

struct PathMessage {
    /// Reserved at this moment.
    reserved: [u8; 3],
    /// The random 'w' of Pedersen commitment `r*G + w*H`.
    w: u64,
    /// The key identifier. 1-byte path depth and 16-bytes BIP-32 key derivation path.
    key_id: Identifier,
}

The complete Identifier here is a little bit wasting on the precious chain space, this PR shorten the key_id here, replace it with the last_path which is only 4 bytes instead of 17 bytes.

pub struct PathMessage {
    /// The random 'w' of Pedersen commitment `r*G + w*H`
    pub w: i64,
    /// The last path index of the key identifier
    pub key_id_last_path: u32,
}

This is a balance we have to make, between a compact chain space and a simpler wallet implementation. The new PathMessage only need 12 bytes.

For wallet restoring or checking, to get a complete key id, the wallet must know the parent key path, which should be bound to the wallet account (i.e. m/p1/p2).

For example the default wallet account:

$ gotts-wallet --floonet account

____ Wallet Accounts ____

 Name    | Parent BIP-32 Derivation Path 
---------+-------------------------------
 default | m/0/0

After this PR, the wallet will never be able to restore all coins by one call, since a wallet could have multiple wallet accounts. It will have to leave to the wallet user to manage the wallet accounts manually, but I think it's acceptable, considering the original intention of the "accounts".

Additional note: At maximum, a Gotts key id (i.e Identifier) can have 4-level BIP-32 derivation path: m/p1/p2/p3/p4. The 1st two path consist of the so-called wallet account here. The last path can be saved into the chain into the PathMessage here. Then, how about the 3rd path?

At this moment, let's leave a TODO here about this 3rd path. In my current design (including some refactoring on this part soon), I just leave this 3rd path always as 0. This 3rd path could be used in the future if there's a good use case, but since we already have 2^31 keys here for each m/p1/p2/0, it's already fair enough for most of the use cases.

(Because this PR is a consensus breaking change, I also import a new Genesis block for Floonet test.)

garyyu commented 4 years ago

[Updated for above additional note, to correct a mistake]:

At maximum, a Gotts key id (i.e Identifier) can have 3-level BIP-32 derivation path: m/p1/p2/p3. The 1st two path consist of the so-called wallet account here. The last path can be saved into the chain into the PathMessage here.

(the 4th part of Identifier is reserved and not used at this moment)

Since we already have 2^31 keys here for each m/p1/p2/p3, it's already fair enough for most of the use cases.