Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

security: order replay #159

Open
lispc opened this issue May 14, 2021 · 2 comments
Open

security: order replay #159

lispc opened this issue May 14, 2021 · 2 comments

Comments

@lispc
Copy link
Member

lispc commented May 14, 2021
edited
Loading

seems not easy to prevent operator from replaying users' orders.

Be careful here.

ref: https://ethresear.ch/t/account-based-anonymous-rollup/6657

Like zCash, there is a Merkle tree to store the created money orders, and another Merkle tree to store the nullified money orders.

The current circuirts code may not be correct. A evil operator can put order into the tree more than once.
@lispc
Copy link
Member Author

lispc commented May 14, 2021
edited
Loading

orderPos = orderId % 2**orderLevel seems very adhoc and limited. Client side have to 'fetch an available order id', then sign it....

Considering nullifier.

I think 'prove something happened/exists' in zkrollup is easy, while 'prove something did not happen / does not exist' seems a bit hard, nullifier is a general solution. But nullifier has some performance problems...

anyway ... it is not a blocking issue

@lispc
Copy link
Member Author

lispc commented May 14, 2021

https://medium.com/aztec-protocol/aztecs-zk-zk-rollup-looking-behind-the-cryptocurtain-2b8af1fca619

our Pedersen hashes are 5x more efficient than systems that use R1CS and 18x more efficient than regular Plonk

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@lispc