IETF Logo Mail Archive

Re: [Sat] Burn-Assertion and Mint-Assertion messages

Thomas Hardjono <hardjono@mit.edu> Tue, 21 March 2023 14:53 UTC

Return-Path: <hardjono@mit.edu>
X-Original-To: sat@ietfa.amsl.com
Delivered-To: sat@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 00065C1595FE for <sat@ietfa.amsl.com>; Tue, 21 Mar 2023 07:53:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.397
X-Spam-Level:
X-Spam-Status: No, score=-4.397 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mit.edu
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3mXawwebhDXr for <sat@ietfa.amsl.com>; Tue, 21 Mar 2023 07:53:12 -0700 (PDT)
Received: from outgoing-exchange-5.mit.edu (outgoing-exchange-5.mit.edu [18.9.28.59]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 09387C151532 for <sat@ietf.org>; Tue, 21 Mar 2023 07:53:11 -0700 (PDT)
Received: from oc11exedge1.exchange.mit.edu (OC11EXEDGE1.EXCHANGE.MIT.EDU [18.9.3.17]) by outgoing-exchange-5.mit.edu (8.14.7/8.12.4) with ESMTP id 32LEqfDO027268; Tue, 21 Mar 2023 10:53:09 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mit.edu; s=outgoing; t=1679410390; bh=22YU0RXu4bHQxUk7O4KdD2tYIJ3zpkH0SjX6bKnV5MM=; h=From:To:CC:Subject:Date:References:In-Reply-To; b=o5Rc/DlGNNkvj76UyCisTr6O9w6B5GMFNXl9qD5sAfXSOUyO3I2XUJCKURCk76Mao Ipj3RXnLzF7DpsWMtAkAXB/o8CABTtoyB5hLOVTz60HcntNZ4PDAAyEkVEqabmeHQX 8JZyV7Dn0+YaUhJwe10rijKJPdTpwJ8oqvK8XhGrOMcu512paqeEKLD5uGkTTukpdj 7M63mxstTkVWkgQjqpdVXMipnMkGE2hbo15C6EosiXGj32xUTeJbnN/MiSr1uxghLJ wR+Z9L06hY9XoMCinWid40ZS8CKUz+MSwdvBrY6K4DZYvA9WkfBK6oaSP9wNay/ISK ywvFSgqv2ecMw==
Received: from oc11expo23.exchange.mit.edu (18.9.4.88) by oc11exedge1.exchange.mit.edu (18.9.3.17) with Microsoft SMTP Server (TLS) id 15.0.1497.48; Tue, 21 Mar 2023 10:52:29 -0400
Received: from oc11expo23.exchange.mit.edu (18.9.4.88) by oc11expo23.exchange.mit.edu (18.9.4.88) with Microsoft SMTP Server (TLS) id 15.0.1497.42; Tue, 21 Mar 2023 10:52:39 -0400
Received: from oc11expo23.exchange.mit.edu ([18.9.4.88]) by oc11expo23.exchange.mit.edu ([18.9.4.88]) with mapi id 15.00.1497.042; Tue, 21 Mar 2023 10:52:39 -0400
From: Thomas Hardjono <hardjono@mit.edu>
To: Denis Avrilionis <denis@compell.io>, Venkatraman Ramakrishna <vramakr2@in.ibm.com>
CC: "sat@ietf.org" <sat@ietf.org>
Thread-Topic: [Sat] Burn-Assertion and Mint-Assertion messages
Thread-Index: AQHZS25avhfOPRw71U2v//tTIV1Ho67kSwjAgAAaMgeAAARg4IAAA37HgAAID9eAAJZQgP//sX4BgCCy/ok=
Date: Tue, 21 Mar 2023 14:52:39 +0000
Message-ID: <dd2e8a6ed10c417c8933f7a77997ca27@oc11expo23.exchange.mit.edu>
References: <fad85665012c41b898bdb99732a01157@oc11expo23.exchange.mit.edu> <BYAPR15MB227742E676FD905CC592D708B8AC9@BYAPR15MB2277.namprd15.prod.outlook.com> <47d44fc2e27048eeab53c806f60cfcc0@oc11expo23.exchange.mit.edu> <BYAPR15MB2277AA090909E318D8620544B8AC9@BYAPR15MB2277.namprd15.prod.outlook.com> <bd33c32626614a5a8daa8caa56a60e55@oc11expo23.exchange.mit.edu> <488929ce6bd24c418abb6a4027f3b4da@oc11expo23.exchange.mit.edu>, <6D3D3A5B-7FCB-4AC4-8575-3A8CA95655B5@compell.io>, <b0efe0a5c2534ad586e0de399c8be586@oc11expo23.exchange.mit.edu>
In-Reply-To: <b0efe0a5c2534ad586e0de399c8be586@oc11expo23.exchange.mit.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [73.100.88.16]
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/sat/1Ki_U4T9QW4ReZp_rYmbsHmf_Oc>
Subject: Re: [Sat] Burn-Assertion and Mint-Assertion messages
X-BeenThere: sat@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "The purpose of this mailing-list is to discuss the secure asset transfer \(SAT\) protocol and related aspects." <sat.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sat>, <mailto:sat-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sat/>
List-Post: <mailto:sat@ietf.org>
List-Help: <mailto:sat-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sat>, <mailto:sat-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Mar 2023 14:53:17 -0000

Folks,

Just revisiting this in preparation for IETF116 next week.

Burn-assertion (lock-assertion):

{
"gatewayId": "did:gateway:tz:tz1aaYoabvj2DQtpHz74Z83fSNjY29asdBfZ",
"networkId": "tezos:NetXdQprcVkpaWU",
"assets": [{
"assetId": "tezos:NetXdQprcVkpaWU/tzip16:tz1YWK1gDPQx9N1Jh4JnmVre7xN6xhGGM4uC/1",
"assetData": {},
"assetProfileId": "tezos:NetXdQprcVkpaWU/tzip16:tz1CAK1gDPQx9N1Jh4JnmVre7xN6xhGGM433/1",
"assetState": "Burned",
"assetStateTimestamp": "2023-02-22T20:20:39+00:00"
}]


Question:  should the Burn-Assertion message (msg 2.6) and the Commit-Ready (that carries the Mint-Assertion) indicate a Session-ID?

Sorry if its unclear, let me rephrase:  if G1 and G2 already agreed on the assetId and assetProfileId early in Stage-1 (before Transfer-Commence msg 2.1) and that this agreement results in a jointly-derived Session-ID value, should these assertions be less verbose and simply mention Session-ID?

Or do we need to actually carry assetId and assetProfileId values in these assertions? 


SAT-Core (draft-hargreaves) currently has this payload for the Transfer-Commence (Section 81. in the text):

          {
          "message_type": "urn:ietf:satp:msgtype:transfer-commence-msg",
          "session_id":"9097hkstgkjvVbNH",
          "originator_pubkey":"zGy89097hkbfgkjvVbNH",
          "beneficiary_pubkey": "mBGHJjjuijh67yghb",
          "sender_net_system": "originNETsystem",
          "recipient_net_system":"recipientNETsystem",
          "client_identity_pubkey":"fgH654tgeryuryuy",
          "server_identity_pubkey":"dFgdfgdfgt43tetr535teyrfge4t54334",
          "hash_asset_profile":"nbvcwertyhgfdsertyhgf2h3v4bd3v21",
          "asset_unit": "ghytredcfvbhfr",
          "hash_prev_message":"DRvfrb654vgreDerverv654nhRbvder4",
          "client_transfer_number":"ji9876543ewdfgh",
          "client_signature":"fdw34567uyhgfer45"
          }




Thoughts?


best


--thomas






________________________________________
From: sat [sat-bounces@ietf.org] on behalf of Thomas Hardjono [hardjono@mit.edu]
Sent: Tuesday, February 28, 2023 2:24 PM
To: Denis Avrilionis; Venkatraman Ramakrishna
Cc: sat@ietf.org
Subject: Re: [Sat] Burn-Assertion and Mint-Assertion messages

Hi Denis,

>>> Maybe we shall keep the network assertions messages (related to the Gateway <-> Network communication)
>>> decoupled from the messages exchanged between gateways. However, messages between gateways
>>> may include references to network assertions. For example, the “Burn-Assertion" message below
>>> could be included as a reference in message 3.6 from G1 to G2. (That way, all network <-> gateway
>>> messages remain unchanged if for any reason we modify the sequence of messages between gateways).

Yes ideally all signed assertions (e.g. in JSON) must be standalone in the sense that the signed-assertion blob can be: (i) included in the message (e.g. part of HTTP body), or (ii) be storable elsewhere with a hash/reference of the blob included in the actual message.


--thomas





________________________________________
From: Denis Avrilionis [denis@compell.io]
Sent: Tuesday, February 28, 2023 2:02 PM
To: Thomas Hardjono; Venkatraman Ramakrishna
Cc: sat@ietf.org
Subject: Re: [Sat] Burn-Assertion and Mint-Assertion messages

Dear Thomas, Rama, Alex,

Regarding including hashes of messages / nonces, I understand this is to create an order in the sequence of exchange between gateways.

Maybe we shall keep the network assertions messages (related to the Gateway <-> Network communication) decoupled from the messages exchanged between gateways. However, messages between gateways may include references to network assertions. For example, the “Burn-Assertion" message below could be included as a reference in message 3.6 from G1 to G2. (That way, all network <-> gateway messages remain unchanged if for any reason we modify the sequence of messages between gateways).

Regarding the sequence of messages, all messages between Gateways can be defined with explicit numbers (as shown in the message flow diagram). Given that we also have a SATP instance ID that defines a specific exchange between two gateways, the couple [<SATP Instance ID>, <message flow number>] is equivalent to a nonce. (note: we should make sure all possible messages between gateways are defined and numbered, including all rollback cases too).

Denis


On 28 Feb 2023, at 17:09, Thomas Hardjono <hardjono@mit.edu<mailto:hardjono@mit.edu>> wrote:



Following Denis' model for the Lock-Assertion, for the Burn-Assertion do we need only to change the assetState to become "Burned" and include the timestamp:

{
"gatewayId": "did:gateway:tz:tz1aaYoabvj2DQtpHz74Z83fSNjY29asdBfZ",
"networkId": "tezos:NetXdQprcVkpaWU",
"assets": [{
"assetId": "tezos:NetXdQprcVkpaWU/tzip16:tz1YWK1gDPQx9N1Jh4JnmVre7xN6xhGGM4uC/1",
"assetData": {},
"assetProfileId": "tezos:NetXdQprcVkpaWU/tzip16:tz1CAK1gDPQx9N1Jh4JnmVre7xN6xhGGM433/1",
"assetState": "Burned",
"assetStateTimestamp": "2023-02-22T20:20:39+00:00"
}]
}



--thomas



________________________________________
From: sat [sat-bounces@ietf.org<mailto:sat-bounces@ietf.org>] on behalf of Thomas Hardjono [hardjono@mit.edu<mailto:hardjono@mit.edu>]
Sent: Tuesday, February 28, 2023 9:45 AM
To: Venkatraman Ramakrishna; sat@ietf.org<mailto:sat@ietf.org>
Subject: Re: [Sat] Burn-Assertion and Mint-Assertion messages

Hi Rama,

Would the hashes be there in addition to signatures and session IDs (or nonces) or in place of them?

Yes, in addition to signatures and the session-ID carried in each message.

The bigger question is that there are pairs of messages (e.g. messages 2.5 and 2.6, and msgs 3.6 and 3.8) that are loaded with implications, as compared to other pairs (e.g. messages 2.1 and 2.2).

So, should we require an explicitly inclusion of a hash for those pairs of important messages?

(The goal is to reduce cheating opportunities by G1 and G2, since the channel is already TLS protected).



Are there examples of other protocol sequences where successive
messages include hashes of the previous ones?

Right now I can't think of any (I think SAML2.0 permits this for the Request/Response pairs).

But also, we are dealing with value-transfer (economic value), not just communications of bits/bytes.



--thomas



________________________________________
From: Venkatraman Ramakrishna [vramakr2@in.ibm.com<mailto:vramakr2@in.ibm.com>]
Sent: Tuesday, February 28, 2023 9:30 AM
To: Thomas Hardjono; sat@ietf.org<mailto:sat@ietf.org>
Subject: RE: Burn-Assertion and Mint-Assertion messages

Would the hashes be there in addition to signatures and session IDs (or nonces) or in place of them? Are there examples of other protocol sequences where successive messages include hashes of the previous ones?

Rama

-----Original Message-----
From: Thomas Hardjono <hardjono@mit.edu<mailto:hardjono@mit.edu>>
Sent: 28 February 2023 19:44
To: Venkatraman Ramakrishna <vramakr2@in.ibm.com<mailto:vramakr2@in.ibm.com>>; sat@ietf.org<mailto:sat@ietf.org>
Subject: [EXTERNAL] RE: Burn-Assertion and Mint-Assertion messages



Regarding the ACK-Final, as you say, it is critical for the conclusion of asset transfer.
Does 3.10 serve as a sort of an ACK for the ACK-Final then?

That is, should it be incumbent upon G2 to attempt retransmission of
an ACK-Final until it receives a conclusive "Transfer-Completed"?

Yes, I think G2 has to keep trying until it gets a Transfer-Completed message.

Also, the Transfer-Completed message 3.10 from G1 needs to carry a hash of the ACK-Final (msg 3.8) as a means to implicitly state that G1 has received & accepted the Mint-Assertion from G2.


On a separate but related question, does it make sense for us require each message to include a hash of the previous message (for the same transfer session)?



--thomas




________________________________________
From: Venkatraman Ramakrishna [vramakr2@in.ibm.com<mailto:vramakr2@in.ibm.com>]
Sent: Tuesday, February 28, 2023 7:45 AM
To: Thomas Hardjono; sat@ietf.org<mailto:sat@ietf.org>
Subject: RE: Burn-Assertion and Mint-Assertion messages

"Burn-Assertion" and "Mint-Assertion" sound fine from a terminology perspective. Should we say "Assertion" or "Confirmation"? Does it matter? I think "Assertion" de-links the gateway from its network, which is OK.

Regarding the ACK-Final, as you say, it is critical for the conclusion of asset transfer. Does 3.10 serve as a sort of an ACK for the ACK-Final then? That is, should it be incumbent upon G2 to attempt retransmission of an ACK-Final until it receives a conclusive "Transfer-Completed"?

Rama

PS: Still recovering from illness and injury, so will try to participate in brainstorming to the best of my ability.

-----Original Message-----
From: sat <sat-bounces@ietf.org<mailto:sat-bounces@ietf.org>> On Behalf Of Thomas Hardjono
Sent: 28 February 2023 17:56
To: sat@ietf.org<mailto:sat@ietf.org>
Subject: [EXTERNAL] [Sat] Burn-Assertion and Mint-Assertion messages


Hi folks,

Seeing that we are discussing the Lock-Assertion format, I think we also need two (2) more assertion message types related to the extinguishment (burning) of the asset in NW1 and the re-generation (minting) in NW2.


Looking at our message flow diagram (version 16):

(a) In Step 3.5A the gateway G1 is "extinguishing" (i.e. "burning" or permanently disabling) the asset from NW1.

Then in Message 3.6 we said that the Commit-Final message would also carry a signed assertion stating that G1 has completed the burning of the asset in NW1.

Could we call this assertion something like:  "Burn-Assertion" ?  (using the terms "burn" and "mint" that is popular today).


(b) In Step 3.7A the gateway G2 completes the minting process by way of assigning newly-created asset to the beneficiary (e.g. Bob's address on NW2).

This is then reported to G1 in a signed assertion from G2 carried within message 3.8 (the ACK-Final message).

Could we call this assertion something like:  "Mint-Assertion" ?


Its probably worth highlighting that message 3.8 is an important one (far more relevant here than in the classic 2PC usage).

In the traditional usage of the 2PC/3PC commitment protocol (e.g. distributed databases), the ACK-Final message is simply an acknowledgement message that could be lost (i.e. loss can be tolerated).

In our case, the signed Mint-Assertion blob carried within message 3.8 legally binds G2 in the sense that G2-owner is now liable if it lies or makes an error.

That is, the ACK-Final message must not be lost.  If G2 never receives message 3.10, then G2 may need to retransmit message 3.8.



Thoughts?



--thomas

--
sat mailing list
sat@ietf.org<mailto:sat@ietf.org>
https://www.ietf.org/mailman/listinfo/sat

--
sat mailing list
sat@ietf.org
https://www.ietf.org/mailman/listinfo/sat

--
sat mailing list
sat@ietf.org
https://www.ietf.org/mailman/listinfo/sat

--
sat mailing list
sat@ietf.org
https://www.ietf.org/mailman/listinfo/sat

v2.23.0 | Report a Bug | By Email