feat(wallet)!: use ECDH shard secret for burn mask with claim pubkey #5238
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
stringhandler
approved these changes
Mar 10, 2023
sdbondi
changed the title
3 tasks
sdbondi
added a commit
to tari-project/tari-dan
that referenced
this pull request
Mar 13, 2023
…t substate (#427) Description --- - renames LayerOneCommitment substate to UnclaimedConfidentialOutput - adds the L1 wallet reciprocal burn public key to the claim burn instruction and includes that in the claimed resource - improves wallet cli claim-burn instruction output - fixes wallet cli claim-burn instruction by adding correct inputs and outputs Motivation and Context --- Depends on tari-project/tari#5238 Ref #425 - this PR will need to be updated to use the correct hasher (can be merged in any order though) How Has This Been Tested? --- Claim burn cucumber What process can a PR reviewer use to test or verify this change? --- Use POSTMan to burn funds (using wallet with tari-project/tari#5238) Run vn and wallet daemon ```shell $ cargo run --bin tari_dan_wallet_cli -- accounts create --name primary $ cargo run --bin tari_dan_wallet_cli -- accounts claim-burn --name primary <paste output from POSTman> cargo run --bin tari_dan_wallet_cli -- accounts get-balances --name primary Checking balances for account 'primary'... Account component_d74cd546e92985fd0ba5355233d53e963230e2470062155e13ab842a6d3bb991 balances: Resource | Balance ------------------------------------------------------------------------- | ------- resource_0101010101010101010101010101010101010101010101010101010101010101 | 0 resource_69e77a7104fcc9b8daf5a1125699edee08fe435565692c488134e53d594be57f | 6000 2 row(s) ``` Breaking Changes --- - [ ] None - [x] Requires data directory to be deleted - [ ] Other - Please specify
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Derives and uses domain-separated ECDH shared secret for burnt output commitment mask and encrypted value.
Motivation and Context
Previously, the DAN layer can claim the burnt output and deposit it into an account. However, the mask and value were known only to the L1 wallet, meaning that the claimed funds could not be spent. The PR uses an ECDH shared secret and allows the DAN wallet to derive the shared secret in the same way that it does for any other confidential transfer.
The console wallet will generate$H(k.A)$ where $A$ is the claim key provided by the user and $k$ is a blinding factor generated using the console wallet's seed key. Usually, this will be the key that owns the account component (ref: tari-project/tari-dan#425). The public blinding factor (
reciprocal_claim_public_key) is returned to theburn_taricaller and is passed to theClaimBurninstruction, which in turn, 'mints' the <commitment, reciprocal_claim_public_key, encrypted_value> ConfidentailResource tuple.NOTE: Burns UTXOs are not recoverable because the wallet cannot determine the mask/decrypt the value without the original claim_public_key which is not stored on-chain.
How Has This Been Tested?
Existing cucumber test for burn execute part of the code modified in this PR, however test coverage needs to be improved
BREAKING CHANGE:
burn_tariGRPC response changed (re-add proto to POSTman if you use that).