Closed kerzhner closed 3 years ago
Another approach is for leaf values to be hashes of {stateHash: Bytes32, stateStep: number}
. Then a merkle proof is:
The nice properties of this approach are:
That being said, implicit step calculations have the benefit that callers are forced to evenly split the consensus-to-dispute range. We probably want to keep this property.
That being said, implicit step calculations have the benefit that callers are forced to evenly split the consensus-to-dispute range. We probably want to keep this property.
This is a good benefit of the implicit step calculations.
Another benefit is the reduced calldata requirements. It doesn't make sense to pay 80 gas per uint40
stateStep provided (for instance), plus additional gas to validate that the steps are evenly splitting the computation. This adds up quickly when doing a k-section for large k.
The choice here is between:
Another approach is for leaf values to be hashes of
{stateHash: Bytes32, stateStep: number}
.
They can also be hashes of {stateHash: Bytes32, isLeaf: true}
.
For someone to claim that a non-leaf whose value x
is a leaf, they would need to find a y
such that hash((y, true)) == x
, and we are assuming hash
is cryptographically secure.
For someone to claim that a non-leaf whose value
x
is a leaf, they would need to find ay
such thathash((y, true)) == x
, and we are assuminghash
is cryptographically secure.
That's a neat idea. Just want to follow up with the thought (that you point out above) that any time "cleartext" leaves are revealed, an extra hash operation is introduced per leaf.
Another approach is for leaf values to be hashes of
{stateHash: Bytes32, stateStep: number}
.They can also be hashes of
{stateHash: Bytes32, isLeaf: true}
.For someone to claim that a non-leaf whose value
x
is a leaf, they would need to find ay
such thathash((y, true)) == x
, and we are assuminghash
is cryptographically secure.
I believe that's roughly the approach found in this RFC
The Challenger Manager must validate that a witness points to a leaf node. There are two approaches to do so:
In this PR, we are choosing the first approach.