Closed
Description
Hey everyone,
we've vendored this library here and made some bigger changes across the board, most notably:
- Model
TxOut
s distinctly as explicit or confidential instead of each individual field: https://github.com/comit-network/droplet/blob/8cb45d3029c4edcf499ae8cc21c98e43829a6d59/elements-fun/src/transaction.rs#L79-L90
This model makes expressing nonsensical states like a confidential value with an explicit asset impossible. We've found that quite helpful in trying to wrap our heads around elements. It is quite possible that some edge-cases are not covered but for now all the tests pass. - Direct integration with our fork of
rust-secp256k1
that binds againstlibsecp256k1-zkp
to provide all the cryptographic primitives for blinding / unblinding assets etc. This allows us to not have a dependency onlibwally
(which doesn't compile to WASM and has kind of quirky APIs). This is not fully complete (see this PR) because we needSigHashCache
to land on master here :D
For now, all of this happens within a single cargo workspace so we don't have to bother with releases. However, we are keen to upstream some of these changes. In particular:
- Could our fork of
rust-secp256k1
potentially replace https://github.com/ElementsProject/rust-secp256k1-zkp? I'd assume we would have to go through some bike-shedding of the APIs as we've currently optimized ours for easy of understanding (YMMV) and to prevent misuse as much as possible at the cost of doing extra allocations for example. - The already mentioned refactoring of how
Transaction
s are modeled might be of interest. Similarly, it would take some effort to untangle the changes made there to make them upstreamable because we for example didn't adhere to a MSRV of 1.29.
For example, something that would be possible if we can get (1) done is:
- release a new version of
secp256k1-zkp
to crates.io (it seems that the namesecp256k1-zkp
is pointing to https://github.com/ElementsProject/rust-secp256k1-zkp) - depend on it in
rust-elements
- upstream changes like
ConfidentialTxOut::unblind()
which provides a quite straight-forward API to invoke some decently heavy cryptography.
Directly depending on secp256k1-zkp
also removes a lot of duplicated knowledge like how to parse and serialize generators, pedersen commitments, proofs, etc. Additionally, it allows us to use all this cryptography from WASM which is why we are going through all of this :)
Thoughts?
Metadata
Metadata
Assignees
Labels
No labels