Transaction signers described at different levels

[carlhammann]

At the moment, there are two ways to specify the signers of a transaction, the SignedBy constraint and the mechanisms of MonadMockChain, namely signingWith. At first, the two seem redundant, but as far as I understand, they are there for different reasons:

• The SignedBy constraint translates to a plutus-apps MustBeSignedBy constraint, which makes sure that certain public keys are part of the requiredSignatories of the transaction as it is submitted to the chain.
• The function signingWith adds signatures (wallets, really) that are involved already at the stage of transaction generation. In particular, they are used to decide who pays collaterals and whose money is used to balance the transaction.

Another distinction is when the signatures are needed. As far as I understand it:

• Transactions will only be valid if all public keys that spend something on the transaction also sign it. In particular, this comes before any scripts that might be involved in the validation of the transaction. In my opinion, these signatures should always be present on the transactions cooked-validators generates, as we're interested in testing the behaviour of scripts.
• Scripts might require a certain signature to be present through the function txSignedBy, even if the assoicated public key spends no money in the transaction. In that case, we'd like to be able to generate both the transaction that should validate and the one that misses the signature required by the script. I think that something like signingWith is an useful idiom to do so. (Even if PR #179 proposes an alternative).

Are my comments above accurate?

[mmontin]

I think you explained the distinction between the two very well. The way I see it is that singingWith brings in scope wallets which can then be used in SignedBy, in addition to be used for collaterals and reimbursements. This is very confusing though and can be the subject to many errors and misinterpretations. I am wondering if we could make it clearer. A way would be to automatically propagate the list of signatories at the MockChain level to actual signatories in the sent transaction, but I don't know if that is 100% sound.

[0xd34df00d]

I think it's related to your second bullet, but it's worth pointing out explicitly: if a transaction doesn't have a SignedBy constraint with a given key, then the outside world (including scripts etc) won't be able to see that it has been actually signed by this key. That is, according to my understanding, which very well might be incomplete.