search

iou-experiments / service

MIT License
1 stars 1 forks source link

readme

Specification:

https://hackmd.io/@THkehD-JRa6LxfeK0QB2pw/rkLVvK5DA

IOU Service with Double-Spending Prevention

This Rust server provides a backend service for managing IOUs (I Owe You), with a focus on preventing double-spending. It utilizes MongoDB for data persistence and EDDSA (Edwards-curve Digital Signature Algorithm) for authentication and security.

Why Double-Spending Prevention?

Double-spending is a significant problem in digital currency systems, where a user attempts to spend the same digital asset multiple times. In an IOU system, this could mean someone tries to "redeem" the same IOU more than once.

This server implements a mechanism to detect and prevent double-spending using:

Core Features

1. Double-Spending Detection:

graph LR
A[Client] --> B{Server}
B --> C{Check nullifier state}
C -- Duplicate State --> D{Mark user as double-spender}
C -- Unique State --> E{Process transaction}
D --> A
E --> A

2. Challenge-Response Authentication (currently not in use):

graph LR
A[Client] --> B{Server}
B --> C{Generate challenge}
C --> D{Send challenge to client}
D --> A
A --> E{Sign challenge with private key}
E --> F{Send signature to server}
F --> B
B --> G{Verify signature}
G -- Valid Signature --> H{Grant access}
G -- Invalid Signature --> I{Deny access}
H --> A
I --> A

3. Transfer Note History between users:

graph TD
    A[Start] --> B[Store Note]
    B --> C{Note Stored?}
    C -->|Yes| D[Create Message]
    C -->|No| E[Error Handling]
    D --> F[Send Message]
    F --> G{Message Sent?}
    G -->|Yes| H[Return MessageSingleResponse]
    G -->|No| I[Panic: 'msg sent']
    E --> J[Return Error]
    H --> K[End]
    I --> K
    J --> K

4. Read messages:

graph TD
    A[Start] --> B[Create filter and sort options]
    B --> C{Find messages}
    C -->|Success| D[Get cursor]
    C -->|Error| E[Return FetchError]
    D --> F[Process cursor]
    F --> G{For each document}
    G -->|Process| H[Convert to message]
    H --> I{Update message as read}
    I -->|Success| J[Add to result list]
    I -->|Error| K[Log error, skip message]
    J --> G
    K --> G
    G -->|All processed| L{Collect results}
    L -->|Success| M[Return messages]
    L -->|Error| N[Return UpdateError]
    E --> O[End]
    M --> O
    N --> O

HTTP Post requests:

Create users:

username must be unique

curl -X POST -H "Content-Type: application/json" -d '{"username": "onur", "pubkey": "1234", "address": "string", "nonce": "0", "messages": [], "notes": [], "has_double_spent": false}' http://localhost:3000/create_user

Send messages:

curl -X POST -H "Content-Type: application/json" -d '{"recipient": "sero", "sender": "test", "message": "almost done, world", "attachment_id": "1"}' http://localhost:3000/send_message

Read messages:

curl -X POST -H "Content-Type: application/json" -d '{"username": "something"}' http://localhost:3000/read_messages

Store Nullifier & State:

Nullifier and state must be unique.

curl -X POST -H "Content-Type: application/json" -d '{"nullifier": "nul-1", "note": "1", "step": 2, "owner": "onur", "state": "1"}' http://localhost:3000/store_nullifier

Store Notes:

curl -X POST -H "Content-Type: application/json" -d '{"owner": "123", "asset_hash": "1", "value": 1, "step": 1, "parent_note": "hashed note", "out_index": "1", "blind": "random"}' http://localhost:3000/store_note