A draft API for validation of replicated shares

[martinthomson]

This is a simple stream adapter that performs inline validation of anything that is replicated. It will error at the end of the stream if it finds a mismatch. (Future work might include periodic checkpoints.)

The reason I'm putting this up is that it is a great example of how our borrowed contexts are a giant pain in the posterior. I'm starting to think that we need to think about moving to something with Arc so we can avoid this lifetime business. It's a real drag.

[akoshelev]

do you want to borrow here or it is acceptable to clone the context and move it inside the box?

If we want to borrow from C, we would need to create a self-referential struct, so maybe we need an inner struct that is pinned and holds f that borrows from ctx and ctx

however, I was able to compile it just by let ctx = ctx.clone() but that's probably not what you want here

[martinthomson]

Yeah, I managed to get this to compile with a similar trick. Though the tests are now failing because the TestWorld doesn't have a 'static lifetime. I put the 'static condition on to avoid problems creating the future, ...

[akoshelev]

it may be nicer from API's perspective to let ReplicatedValidatorActive to turn itself into a pair of hashes

[martinthomson]

As this is just internal, I didn't do that. Though I did implement From for HashValue, which made this function a little less ugly.

[andyleiserson]

For debugging, it might be useful if the update API takes both a Step and data, and creates a trace of the validator inputs. Then we can diagnose where things went wrong if there is a mismatch. (Obviously, we would want a flag so we only pay the cost of the detailed tracing when needed.)

[martinthomson]

The context carries a step, so we could smuggle that in somewhere.

I'm more concerned that I've been unable to instantiate this code :)

[codecov]

Codecov Report

Attention: 9 lines in your changes are missing coverage. Please review.

Comparison is base (8f87d65) 89.42% compared to head (963add1) 89.49%.

Files	Patch %	Lines
ipa-core/src/protocol/basics/validate.rs	95.69%	8 Missing ⚠️
ipa-macros/src/derive_step/mod.rs	80.00%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #936      +/-   ##
==========================================
+ Coverage   89.42%   89.49%   +0.06%     
==========================================
  Files         181      182       +1     
  Lines       24387    24578     +191     
==========================================
+ Hits        21808    21995     +187     
- Misses       2579     2583       +4     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[danielmasny]

Do you plan to run this validator just after decrypting the shares (to abort when user devices generate bad shares) or do you want to run it during the whole protocol e.g. for debugging purposes?

[danielmasny]

I have also defined a hash struct that implements message in my draft. Should we move it to a more general crate since we seem to need it in several places?

[danielmasny]

I don't think we need to send it to both, left and right. It seems sufficient to me if each party verifies one hash. It doesn't add significant costs if a party checks both hashes, however it also doesn't seem to add anything either.

[danielmasny]

does a stream ensure that the state of Sha2 is updated in the same order? A different order will result in a different hash.