Giters

olalonde / proof-of-liabilities

Proof of Liabilities (PoL) is a scheme designed to let companies that accept monetary deposits from consumers (e.g. Bitcoin exchanges, gambling websites, online Bitcoin wallets, etc.) prove their total amount of deposits (their liabilities) without compromising the privacy of individual users.

Home Page:http://olalonde.github.io/proof-of-liabilities

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Partial proof trees should be more minimal

zw opened this issue · comments

commented

PPTs don't need to include any internal nodes on the root path --- those are redundant since the customer can compute them from siblings. I'm of the opinion that the more computation/verification a client is required to do (/the less they trust exchange-provided data) the better. I think it's very unlikely anyone would write code that did no hashing and only compared the provided PPT root hash with the published one, but I still think it's a good idea to have a standard that forces them to fully verify.

This is a comment on the format/standard rather than your implementation, since (while I haven't checked) I'm sure your implementation verifies trees fully.

commented

Thanks for the comment @zw. I believe my implementation gives minimal partial trees but perhaps I should be more clear about that in the README?

Here's an example partial tree my code generates for user mark:

37618, O0qtwy08oPMHEfjpoFOBgTnUcgo17IQ4DZ1CkrlzJts=
 |_ 24614, g309qCJGWjD84lKC5H4cccwAs5Ir4ZfTqWU0+qC4L3s=
 |_ 13004, lopXy09Vz58ccSzJoTZhpOirDmTzHi/yQmRSBQv9Nog=
   |_ 9901, MqUodwm3N3TBX+7B0vA86ZSALr4XTQ0PXwws8ZjoOFE=
   | |_ 12, srapJ4u2VDM17wW0Ur3YS3zAJmrxUW/e18ccO6a9P3w=
   | |_ 9889, kpmqyLw62rNlIgjfSooU1VhrQVaCki7IFPK8gwU3rKM=
   |   |_ 9427, AkZ0c4EJySn/4skTjNrlFRPGKU9cmOJTowfQ9yEW7HY=
   |   |_ 462, mark, 0.6053108072374016, WyYL612nWZjm9qElz6EQ9bJD9LIfhUOZnugunfgDViU=
   |_ 3103, 3gMfnONog/c/t8+VZ8qbumq4JqivKmoArswe2HZPcao=

Edit: Oh I see what you mean...
9889, kpmqyLw62rNlIgjfSooU1VhrQVaCki7IFPK8gwU3rKM=,
9901, MqUodwm3N3TBX+7B0vA86ZSALr4XTQ0PXwws8ZjoOFE=
13004, lopXy09Vz58ccSzJoTZhpOirDmTzHi/yQmRSBQv9Nog= and
37618, O0qtwy08oPMHEfjpoFOBgTnUcgo17IQ4DZ1CkrlzJts= could be computed by the client?

I do double check that in my verification code but it's true that these nodes could be omitted from the published partial tree.

commented

Good catch @zw. I have removed any information that can and should be computed at verification time. A partial tree now looks like:


 |_ 24614, XjUIfej5Vxd3iu9BXCoJJI7hVAQRrg0gTukaypRzxDU=
 |_
   |_
   | |_ 12, NncluiYssLFglDr21RrRlmOHkn7XpVflFDycoQJdWOM=
   | |_
   |   |_ 9427, Tijifd355WjyUdYDg/WUixo07wzNEGmXtx63VJNxff0=
   |   |_ 462, mark, 0.4003799057099968
   |_ 3103, Kz0j/ebNpCvHcwRk31STdWjqngIeMKNdBxG39GY2gtU=

Thanks.