IETF Logo Mail Archive

Re: [Sat] Burn-Assertion and Mint-Assertion messages

Denis Avrilionis <denis@compell.io> Tue, 21 March 2023 18:29 UTC

Return-Path: <denis@compell.io>
X-Original-To: sat@ietfa.amsl.com
Delivered-To: sat@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 86B8DC14CE4D for <sat@ietfa.amsl.com>; Tue, 21 Mar 2023 11:29:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.096
X-Spam-Level:
X-Spam-Status: No, score=-7.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=compell.io
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RK9YAVA8V14I for <sat@ietfa.amsl.com>; Tue, 21 Mar 2023 11:29:55 -0700 (PDT)
Received: from mail-ed1-x535.google.com (mail-ed1-x535.google.com [IPv6:2a00:1450:4864:20::535]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6F6FCC14CF17 for <sat@ietf.org>; Tue, 21 Mar 2023 11:29:50 -0700 (PDT)
Received: by mail-ed1-x535.google.com with SMTP id x3so63314282edb.10 for <sat@ietf.org>; Tue, 21 Mar 2023 11:29:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=compell.io; s=google; t=1679423388; h=to:in-reply-to:cc:references:message-id:date:subject:mime-version :from:content-transfer-encoding:from:to:cc:subject:date:message-id :reply-to; bh=mLrZkKfWFT7vlYfhTLCBQZZev15/y7joG0Lc/WNxzWs=; b=Cda5p9OLjTqNRju6Uc/kn0ttwCeopabSScwbZ8hiSyUIXZDVbfOO5oDhoDMgWqSYVw LZdDlk/fTDyA7+IF9VgYBbUgYtHkA/fNB5kDTOPcr4NDXF4jpBSO3UayNQYUIGydf8XF 56Phz+2VYzETG0zaHJ/zmQf0ASNIVhMUOxCrrLXQUTisex1YH6RKplIPsRJ1jAvp30nY Lz1aZQ+DRr4nlvN98KpX0TnWQdl812FrVNXSwiyUiWAkVXJLEczaj29Ez8TVJO1i1+ok pu9F8iULJVI7D37sLaV5yV26e+oqLqfK/i8tXvErN0JTrUFDpUZjZtjkR3WxAIptkf8f iMqw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1679423388; h=to:in-reply-to:cc:references:message-id:date:subject:mime-version :from:content-transfer-encoding:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=mLrZkKfWFT7vlYfhTLCBQZZev15/y7joG0Lc/WNxzWs=; b=fQkqUBFlI8sZd5dz4incxFyZB7j1cYqmriJOVm+WtPtfqPkPJTyFNdHj5NQO7eV2UL Uyf30vjNv2ipxVlyVdrpV4FkoPaVcSS5gxUfy+FaYYuTNdI+zRFermkXGgdHjdRBVNMU Fo/wwrxDRQMBECVbkvLYKc0+Fzx/WFMp8mBQpCOsEBbxyll0imToHmi5w9rPza8z3aUR 5w3VvIUHEBUtRCp9p+i0f52FicwGoad8MwZd7XHI3ixq8eWsbXPrF5eJI4Kkq6vfkviq bYc0oBgQ1SEKDYj0t/pnMjNLSm5aJ6tQHezIRJBrUZWUnqtXxSqDRDggEo2Af3Z5mAyq Fdiw==
X-Gm-Message-State: AO0yUKXdm2eBrWa+lElV4rfaGlwFSZ3ZcCdKhvI1IISQzBrzSzVReNA8 38EXOACTGbLVPMmWb44rJ/u+te+MRIOtWhR53vM=
X-Google-Smtp-Source: AK7set9gLe81GmfqfRZU85mIEg6VpiUr7p2ELPwxhL3CP20BqGT31z4SNak9eEPhGPEn/VXvdH7KZw==
X-Received: by 2002:a17:906:715a:b0:92c:88f9:385c with SMTP id z26-20020a170906715a00b0092c88f9385cmr3922725ejj.75.1679423388457; Tue, 21 Mar 2023 11:29:48 -0700 (PDT)
Received: from smtpclient.apple ([2a02:85f:e0b7:d900:1482:bc67:33fa:de33]) by smtp.gmail.com with ESMTPSA id o11-20020a17090608cb00b008d0dbf15b8bsm6180439eje.212.2023.03.21.11.29.48 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 21 Mar 2023 11:29:48 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
From: Denis Avrilionis <denis@compell.io>
Mime-Version: 1.0 (1.0)
Date: Tue, 21 Mar 2023 20:29:37 +0200
Message-Id: <3E973B01-7555-4722-B7E2-DB739B940872@compell.io>
References: <BYAPR15MB2277132E32C2ACAF7AEA34A0B8819@BYAPR15MB2277.namprd15.prod.outlook.com>
Cc: Thomas Hardjono <hardjono@mit.edu>, sat@ietf.org
In-Reply-To: <BYAPR15MB2277132E32C2ACAF7AEA34A0B8819@BYAPR15MB2277.namprd15.prod.outlook.com>
To: Venkatraman Ramakrishna <vramakr2@in.ibm.com>
X-Mailer: iPhone Mail (20D67)
Archived-At: <https://mailarchive.ietf.org/arch/msg/sat/2cwsC32HhJ66_pAWRIMqux1-iYk>
Subject: Re: [Sat] Burn-Assertion and Mint-Assertion messages
X-BeenThere: sat@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "The purpose of this mailing-list is to discuss the secure asset transfer \(SAT\) protocol and related aspects." <sat.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sat>, <mailto:sat-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sat/>
List-Post: <mailto:sat@ietf.org>
List-Help: <mailto:sat-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sat>, <mailto:sat-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Mar 2023 18:29:59 -0000

I suggest we add a sessionID (or more generally a transferContext ) in all assertions otherwise we will have problems associating the change of state with the specific transfer instance

--
Denis

> On 21 Mar 2023, at 19:59, Venkatraman Ramakrishna <vramakr2@in.ibm.com> wrote:
> 
> Thomas,
> 
> So a function will be evaluated in Stage 1 that looks something like this, right: f([<assetId>, <assetProfileId>]) = <Session-ID>
> 
> If this is a one-way function, one can't recover the inputs given just the output. Then I think we will need to keep those fields in the Burn-assertion JSON as the receiving network (behind G2) may very well need to do some bookkeeping in its ledger based on those asset attributes (the same logic holds for other assertions). But if those values can be unambiguously extracted from <Session-ID>, then they don't need to be explicitly added to the JSON, strictly speaking.
> 
> Rama
> 
> -----Original Message-----
> From: Thomas Hardjono <hardjono@mit.edu> 
> Sent: 21 March 2023 20:23
> To: Denis Avrilionis <denis@compell.io>; Venkatraman Ramakrishna <vramakr2@in.ibm.com>
> Cc: sat@ietf.org
> Subject: [EXTERNAL] RE: [Sat] Burn-Assertion and Mint-Assertion messages
> 
> 
> Folks,
> 
> Just revisiting this in preparation for IETF116 next week.
> 
> Burn-assertion (lock-assertion):
> 
> {
> "gatewayId": "did:gateway:tz:tz1aaYoabvj2DQtpHz74Z83fSNjY29asdBfZ",
> "networkId": "tezos:NetXdQprcVkpaWU",
> "assets": [{
> "assetId": "tezos:NetXdQprcVkpaWU/tzip16:tz1YWK1gDPQx9N1Jh4JnmVre7xN6xhGGM4uC/1",
> "assetData": {},
> "assetProfileId": "tezos:NetXdQprcVkpaWU/tzip16:tz1CAK1gDPQx9N1Jh4JnmVre7xN6xhGGM433/1",
> "assetState": "Burned",
> "assetStateTimestamp": "2023-02-22T20:20:39+00:00"
> }]
> 
> 
> Question:  should the Burn-Assertion message (msg 2.6) and the Commit-Ready (that carries the Mint-Assertion) indicate a Session-ID?
> 
> Sorry if its unclear, let me rephrase:  if G1 and G2 already agreed on the assetId and assetProfileId early in Stage-1 (before Transfer-Commence msg 2.1) and that this agreement results in a jointly-derived Session-ID value, should these assertions be less verbose and simply mention Session-ID?
> 
> Or do we need to actually carry assetId and assetProfileId values in these assertions? 
> 
> 
> SAT-Core (draft-hargreaves) currently has this payload for the Transfer-Commence (Section 81. in the text):
> 
>          {
>          "message_type": "urn:ietf:satp:msgtype:transfer-commence-msg",
>          "session_id":"9097hkstgkjvVbNH",
>          "originator_pubkey":"zGy89097hkbfgkjvVbNH",
>          "beneficiary_pubkey": "mBGHJjjuijh67yghb",
>          "sender_net_system": "originNETsystem",
>          "recipient_net_system":"recipientNETsystem",
>          "client_identity_pubkey":"fgH654tgeryuryuy",
>          "server_identity_pubkey":"dFgdfgdfgt43tetr535teyrfge4t54334",
>          "hash_asset_profile":"nbvcwertyhgfdsertyhgf2h3v4bd3v21",
>          "asset_unit": "ghytredcfvbhfr",
>          "hash_prev_message":"DRvfrb654vgreDerverv654nhRbvder4",
>          "client_transfer_number":"ji9876543ewdfgh",
>          "client_signature":"fdw34567uyhgfer45"
>          }
> 
> 
> 
> 
> Thoughts?
> 
> 
> best
> 
> 
> --thomas
> 
> 
> 
> 
> 
> 
> ________________________________________
> From: sat [sat-bounces@ietf.org] on behalf of Thomas Hardjono [hardjono@mit.edu]
> Sent: Tuesday, February 28, 2023 2:24 PM
> To: Denis Avrilionis; Venkatraman Ramakrishna
> Cc: sat@ietf.org
> Subject: Re: [Sat] Burn-Assertion and Mint-Assertion messages
> 
> Hi Denis,
> 
>>>> Maybe we shall keep the network assertions messages (related to the 
>>>> Gateway <-> Network communication) decoupled from the messages 
>>>> exchanged between gateways. However, messages between gateways may 
>>>> include references to network assertions. For example, the 
>>>> "Burn-Assertion" message below could be included as a reference in message 3.6 from G1 to G2. (That way, all network <-> gateway messages remain unchanged if for any reason we modify the sequence of messages between gateways).
> 
> Yes ideally all signed assertions (e.g. in JSON) must be standalone in the sense that the signed-assertion blob can be: (i) included in the message (e.g. part of HTTP body), or (ii) be storable elsewhere with a hash/reference of the blob included in the actual message.
> 
> 
> --thomas
> 
> 
> 
> 
> 
> ________________________________________
> From: Denis Avrilionis [denis@compell.io]
> Sent: Tuesday, February 28, 2023 2:02 PM
> To: Thomas Hardjono; Venkatraman Ramakrishna
> Cc: sat@ietf.org
> Subject: Re: [Sat] Burn-Assertion and Mint-Assertion messages
> 
> Dear Thomas, Rama, Alex,
> 
> Regarding including hashes of messages / nonces, I understand this is to create an order in the sequence of exchange between gateways.
> 
> Maybe we shall keep the network assertions messages (related to the Gateway <-> Network communication) decoupled from the messages exchanged between gateways. However, messages between gateways may include references to network assertions. For example, the "Burn-Assertion" message below could be included as a reference in message 3.6 from G1 to G2. (That way, all network <-> gateway messages remain unchanged if for any reason we modify the sequence of messages between gateways).
> 
> Regarding the sequence of messages, all messages between Gateways can be defined with explicit numbers (as shown in the message flow diagram). Given that we also have a SATP instance ID that defines a specific exchange between two gateways, the couple [<SATP Instance ID>, <message flow number>] is equivalent to a nonce. (note: we should make sure all possible messages between gateways are defined and numbered, including all rollback cases too).
> 
> Denis
> 
> 
> On 28 Feb 2023, at 17:09, Thomas Hardjono <hardjono@mit.edu<mailto:hardjono@mit.edu>> wrote:
> 
> 
> 
> Following Denis' model for the Lock-Assertion, for the Burn-Assertion do we need only to change the assetState to become "Burned" and include the timestamp:
> 
> {
> "gatewayId": "did:gateway:tz:tz1aaYoabvj2DQtpHz74Z83fSNjY29asdBfZ",
> "networkId": "tezos:NetXdQprcVkpaWU",
> "assets": [{
> "assetId": "tezos:NetXdQprcVkpaWU/tzip16:tz1YWK1gDPQx9N1Jh4JnmVre7xN6xhGGM4uC/1",
> "assetData": {},
> "assetProfileId": "tezos:NetXdQprcVkpaWU/tzip16:tz1CAK1gDPQx9N1Jh4JnmVre7xN6xhGGM433/1",
> "assetState": "Burned",
> "assetStateTimestamp": "2023-02-22T20:20:39+00:00"
> }]
> }
> 
> 
> 
> --thomas
> 
> 
> 
> ________________________________________
> From: sat [sat-bounces@ietf.org<mailto:sat-bounces@ietf.org>] on behalf of Thomas Hardjono [hardjono@mit.edu<mailto:hardjono@mit.edu>]
> Sent: Tuesday, February 28, 2023 9:45 AM
> To: Venkatraman Ramakrishna; sat@ietf.org<mailto:sat@ietf.org>
> Subject: Re: [Sat] Burn-Assertion and Mint-Assertion messages
> 
> Hi Rama,
> 
> Would the hashes be there in addition to signatures and session IDs (or nonces) or in place of them?
> 
> Yes, in addition to signatures and the session-ID carried in each message.
> 
> The bigger question is that there are pairs of messages (e.g. messages 2.5 and 2.6, and msgs 3.6 and 3.8) that are loaded with implications, as compared to other pairs (e.g. messages 2.1 and 2.2).
> 
> So, should we require an explicitly inclusion of a hash for those pairs of important messages?
> 
> (The goal is to reduce cheating opportunities by G1 and G2, since the channel is already TLS protected).
> 
> 
> 
> Are there examples of other protocol sequences where successive messages include hashes of the previous ones?
> 
> Right now I can't think of any (I think SAML2.0 permits this for the Request/Response pairs).
> 
> But also, we are dealing with value-transfer (economic value), not just communications of bits/bytes.
> 
> 
> 
> --thomas
> 
> 
> 
> ________________________________________
> From: Venkatraman Ramakrishna [vramakr2@in.ibm.com<mailto:vramakr2@in.ibm.com>]
> Sent: Tuesday, February 28, 2023 9:30 AM
> To: Thomas Hardjono; sat@ietf.org<mailto:sat@ietf.org>
> Subject: RE: Burn-Assertion and Mint-Assertion messages
> 
> Would the hashes be there in addition to signatures and session IDs (or nonces) or in place of them? Are there examples of other protocol sequences where successive messages include hashes of the previous ones?
> 
> Rama
> 
> -----Original Message-----
> From: Thomas Hardjono <hardjono@mit.edu<mailto:hardjono@mit.edu>>
> Sent: 28 February 2023 19:44
> To: Venkatraman Ramakrishna <vramakr2@in.ibm.com<mailto:vramakr2@in.ibm.com>>; sat@ietf.org<mailto:sat@ietf.org>
> Subject: [EXTERNAL] RE: Burn-Assertion and Mint-Assertion messages
> 
> 
> 
> Regarding the ACK-Final, as you say, it is critical for the conclusion of asset transfer.
> Does 3.10 serve as a sort of an ACK for the ACK-Final then?
> 
> That is, should it be incumbent upon G2 to attempt retransmission of an ACK-Final until it receives a conclusive "Transfer-Completed"?
> 
> Yes, I think G2 has to keep trying until it gets a Transfer-Completed message.
> 
> Also, the Transfer-Completed message 3.10 from G1 needs to carry a hash of the ACK-Final (msg 3.8) as a means to implicitly state that G1 has received & accepted the Mint-Assertion from G2.
> 
> 
> On a separate but related question, does it make sense for us require each message to include a hash of the previous message (for the same transfer session)?
> 
> 
> 
> --thomas
> 
> 
> 
> 
> ________________________________________
> From: Venkatraman Ramakrishna [vramakr2@in.ibm.com<mailto:vramakr2@in.ibm.com>]
> Sent: Tuesday, February 28, 2023 7:45 AM
> To: Thomas Hardjono; sat@ietf.org<mailto:sat@ietf.org>
> Subject: RE: Burn-Assertion and Mint-Assertion messages
> 
> "Burn-Assertion" and "Mint-Assertion" sound fine from a terminology perspective. Should we say "Assertion" or "Confirmation"? Does it matter? I think "Assertion" de-links the gateway from its network, which is OK.
> 
> Regarding the ACK-Final, as you say, it is critical for the conclusion of asset transfer. Does 3.10 serve as a sort of an ACK for the ACK-Final then? That is, should it be incumbent upon G2 to attempt retransmission of an ACK-Final until it receives a conclusive "Transfer-Completed"?
> 
> Rama
> 
> PS: Still recovering from illness and injury, so will try to participate in brainstorming to the best of my ability.
> 
> -----Original Message-----
> From: sat <sat-bounces@ietf.org<mailto:sat-bounces@ietf.org>> On Behalf Of Thomas Hardjono
> Sent: 28 February 2023 17:56
> To: sat@ietf.org<mailto:sat@ietf.org>
> Subject: [EXTERNAL] [Sat] Burn-Assertion and Mint-Assertion messages
> 
> 
> Hi folks,
> 
> Seeing that we are discussing the Lock-Assertion format, I think we also need two (2) more assertion message types related to the extinguishment (burning) of the asset in NW1 and the re-generation (minting) in NW2.
> 
> 
> Looking at our message flow diagram (version 16):
> 
> (a) In Step 3.5A the gateway G1 is "extinguishing" (i.e. "burning" or permanently disabling) the asset from NW1.
> 
> Then in Message 3.6 we said that the Commit-Final message would also carry a signed assertion stating that G1 has completed the burning of the asset in NW1.
> 
> Could we call this assertion something like:  "Burn-Assertion" ?  (using the terms "burn" and "mint" that is popular today).
> 
> 
> (b) In Step 3.7A the gateway G2 completes the minting process by way of assigning newly-created asset to the beneficiary (e.g. Bob's address on NW2).
> 
> This is then reported to G1 in a signed assertion from G2 carried within message 3.8 (the ACK-Final message).
> 
> Could we call this assertion something like:  "Mint-Assertion" ?
> 
> 
> Its probably worth highlighting that message 3.8 is an important one (far more relevant here than in the classic 2PC usage).
> 
> In the traditional usage of the 2PC/3PC commitment protocol (e.g. distributed databases), the ACK-Final message is simply an acknowledgement message that could be lost (i.e. loss can be tolerated).
> 
> In our case, the signed Mint-Assertion blob carried within message 3.8 legally binds G2 in the sense that G2-owner is now liable if it lies or makes an error.
> 
> That is, the ACK-Final message must not be lost.  If G2 never receives message 3.10, then G2 may need to retransmit message 3.8.
> 
> 
> 
> Thoughts?
> 
> 
> 
> --thomas
> 
> --
> sat mailing list
> sat@ietf.org<mailto:sat@ietf.org>
> https://www.ietf.org/mailman/listinfo/sat 
> 
> --
> sat mailing list
> sat@ietf.org
> https://www.ietf.org/mailman/listinfo/sat 
> 
> --
> sat mailing list
> sat@ietf.org
> https://www.ietf.org/mailman/listinfo/sat 
> 
> --
> sat mailing list
> sat@ietf.org
> https://www.ietf.org/mailman/listinfo/sat

v2.23.0 | Report a Bug | By Email