Comments (17)
We can prefix the public key so that it is easy to choose a curve or algorithm when executing VERIFY
.
from neo-vm.
Does onchain decryption not reveal the private key?
from neo-vm.
Onchain decryption sounds broken to me; couldn’t the message be intercepted and an alternative one relayed to consensus nodes first?
from neo-vm.
I found that the MODPOW
of the built-in BigInteger
has only 3 parameters.
from neo-vm.
Does it have other scenarios besides on-chain decryption?
from neo-vm.
What about RSA? We may need to support onchain decryption too. This could also be done by modpow.
from neo-vm.
It reveals, but the key is only used in a single step and dropped if this command is activated, so it does not matter being exposed anymore (at this point the users loses his bond if smart contract manages to decrypt hidden info). I agree this looks like an unusual application, but other blockchains are migrating to this model too, allowing users to implement manually their own crypto. In this sense its better to have an opcode like this than one for decryption, por example. I think that curve parameters may be put on storage, and user account could be basically : load curve data, perform point verification.
from neo-vm.
I will try to devise an alternative without RSA (perhaps ECDH, although this will require point multiplication...), because we need to get this going asap, but community should strongly consider this modpow, perhaps as interop if more acceptable ("Neo.Crypto.ModPow" and "Neo.Crypto.ModInverse")
from neo-vm.
I think that the idea is that we really want to decrypt it, @jsolman, no matter who sends the invoke.
The decryptation is just activated after some initial conditions in the SC.
from neo-vm.
One example for application is the AnonyTree on SciChain. For now, it's beggining as a part of DRandLib, but soon will be moved to SciChain repo: https://github.com/igormcoelho/DRandLib
By having decryption, we could enforce that smart contract would validate information if necessary... since we won't have that, community will need to validate that through a majoritary voting... for us that's possible (not perfect though), but there will be scenarios where only onchain decryption will do the job.
from neo-vm.
@erikzhang just to exemplify a simple application that uses this (considering ECDSA).
Person A has pubkey pub_A and private key priv_A.
Person B has priv_B and pub_B.
Both will need to secretly define who will pass to next step, without cheating. So both calculate S = priv_A * pub_B = priv_B * pub_A, and use it together with some entropy to decide who will be next. Suppose A wins (and B loses). Using S, a new private key priv_S is derived, and pub_S is used for the next step together with some information from A. However.... B could try to cheat and pretend he won! But in this case, Person A could publish private key priv_A, and the Smart Contract could calculate S and it will know that B is a liar.
In this situation, B would lose its bond, or receive any other punishment, automatically from the smart contract.
However, since we don't have this opcode now, we will need to rely on a community voting to punish people based on public evidence... I think this works for us, because of the nature of the application, but it would be much better to be able to calculate that onchain.
from neo-vm.
As a syscall it couldn't damage to anyone, so is fine for me.
from neo-vm.
ahueahuehaea, I did not remember about that Milestone.
@shargon, let's do it, I remember that this would proportionate very good applications!
from neo-vm.
This should be an EXTENSION to neovm...not in blockchain itself.. lets see ;)
from neo-vm.
@igormcoelho what are next steps? Is this going to be added to this repository?
from neo-vm.
I found that the MODPOW of the built-in BigInteger has only 3 parameters.
Indeed the first multiplication can be done separately.. no need to require 4 params.
from neo-vm.
Does it have other scenarios besides on-chain decryption?
Not just decryption, which is strange (but useful for commit-reveal schemes), as the most amazing use-case is the ability of a user provide its own cryptography. To fulfill that in a practical manner (not being costly), and to avoid stateless situation during verifications (not depend on storage), I would suggest on Neo project to have some ability to store global constants. Maybe put a very high GAS cost on that (on Put, and very cheap on Get), but we could deploy constants for elliptic curve parameters, and just load them on verification, without breaking stateless invariants (as they will not change).
The interesting thing is that, with constants, we cannot break stateless invariants, because if we try to read them before deploying, verification would fail (so it couldn't be put on blocks or mempool). And after it's on block, any constant it requires must be kept forever (so it will never break any state invariant).
So I propose to have this MODPOW here, together with "Neo.Const.Put" (expensive on GAS) and "Neo.Const.Get" (cheap on GAS), on the Neo core project (see neo-project/neo#2040)
from neo-vm.
Related Issues (20)
- Shallow-copy problem for OrderedDictionary.CopyTo in case of Array & Map type HOT 6
- Add 'utf8Size' opcode HOT 4
- Script checks are incomplete
- Can I integrate this vm in to my custom projects? HOT 1
- Efficient way to pass Map type to contract method? OpCode.PACKMAP? HOT 1
- Adapt code documentation of UNPACK opcode
- ReferenceCounter can become negative HOT 18
- Is this `MEMCPY` expected to push nothing to the stack?
- ScriptBuilder should have an emitPush overload that takes a ReadOnlySpan<byte>
- How to customize an interface in interoperation service layer HOT 3
- Presssure test on v3.3.0 cause execution failed HOT 1
- v3.3.0 need more than 30 hours for syncing mainnet even it's just about 1.7million blocks HOT 2
- What is the purpose of the second assert of this test? HOT 1
- Instruction pointer reading PUSHDATA4 operand size as *signed* int32 HOT 1
- Missing push in APPEND?
- EmitPush(bool) should convert stackitem to right type
- Buffer to Integer conversion inconsistency HOT 1
- Override GetString for Buffer/ByteString ? HOT 4
- Set Operation in a Get Function HOT 2
- Add Equatable for StackItem
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from neo-vm.