-
Notifications
You must be signed in to change notification settings - Fork 206
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: vat-safe denomHash using noble sha256 #9576
Conversation
Deploying agoric-sdk with Cloudflare Pages
|
66a8aa2
to
28ee394
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should work. Shame about the bundle bloat but I’m sure we’re not waiting for XS native support.
@@ -0,0 +1,30 @@ | |||
// @ts-check | |||
import { sha256 } from '@noble/hashes/sha256'; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Watch out for bundler support for "exports"
since this pattern will only work when the tools account for package exports.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
is there an alternative?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not with this package. It’s pretty narrowly prescribed:
https://github.com/paulmillr/noble-hashes/blob/main/package.json#L141-L145
That is, this package cannot be used with bundlers that have not caught up with package exports. There are very few such tools, but node -r esm
(loadgen) is among them. Hopefully, there is no risk that this package will get caught up in that, but if you see integration errors to the tune of “I can’t import this”, this is why.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
felgercarb!
loadgen ci failed. :-/
now what do I do? sigh.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We could fork or PR upstream to package export package relative paths to files with .js
extensions. I’m not against forking this into Endo. We do that for Base64. We could harden the library. We would have recourse to fall through to native on XS if that becomes available.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I’m not against forking this into Endo. We do that for Base64.
I like that idea enough to reify it as an issue:
I'll pursue other options in parallel, so it's not necessarily critical path.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
loadgen fixed with 58ff687
Downstream imports won't get the patch but they don't need it.
return [...new Uint8Array(buffer)] | ||
.map(x => x.toString(16).padStart(2, '0')) | ||
.join(''); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reasonably concise. An intermediate allocation might be avoidable with Array.prototype.map.call(new Uint8Array(buffer), x => x.toString(16).padStart(2, '0')
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
turns out @noble/hashes/utils
has a bytesToHex
, so I'm going with that.
path = `${portId}/${channelId}`, | ||
denom, | ||
}) => { | ||
const h = sha256.create().update(`${path}/${denom}`).digest(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could avoid an allocation with digestInto
, using the same Uint8Array
view for both this and toHex
.
f6d787b
to
ec76c10
Compare
@kriskowal @0xpatrickdev PTAAL. It turns out that after I got it working in a Compartment, I changed the Also, I flipped the build-vs-buy switch on |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The denomHash
logic LGTM
ec76c10
to
7e2e90d
Compare
@@ -0,0 +1,30 @@ | |||
// @ts-check | |||
import { sha256 } from '@noble/hashes/sha256'; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We could fork or PR upstream to package export package relative paths to files with .js
extensions. I’m not against forking this into Endo. We do that for Base64. We could harden the library. We would have recourse to fall through to native on XS if that becomes available.
7e2e90d
to
e33b31c
Compare
0a9b736
to
92a0751
Compare
- @noble/hashes dependency - unit test using bundle Co-Authored-By: Turadg Aleahmad <turadg@agoric.com>
92a0751
to
58ff687
Compare
@dckc Out of curiosity, how did you measure the bundle size? I'm wondering if it would be reduced by a roll-your-own const hexForByte = Array.from({ length: 256 }, (_, i) => i.toString(16).padStart(2, '0'));
const bytesToHex = bytes => {
let hex = '';
for (let i = 0; i < bytes.length; i += 1) {
hex += hexForByte[bytes[i]];
}
return hex;
}; (but I suspect not, since sha256.ts also imports from utils.js so the savings would only manifest with fine-grained tree-shaking) |
silly me knows better than to not show his work IIRC, I bundled orchestration/test/utils/denomHashEx.js (or a slight variation) and used a recent improvement to |
refs: #9211
Description
Prototyping for #9211 suggests we'll want to be derive IBC denoms using a hash of a path such as
transfer/channel-0/uatom
->ibc/27394FB092D2ECCD56123C74F36E4C1F926001CEADA9CA97EA622B25F41E5EB2
.I tried to use the sha256 function from
@cosmjs/crypto
, but I got error's about node'scrypto
module.@cosmjs/crypto
imports an old version of@noble/hashes
. The current version seems to be vat-safe.Scaling Considerations
Compute performance: Doing a sha256 computation on XS in pure JS seems a little whacky. We could consider dropping down to C like we do for base64. But since this is a constant time operation, it doesn't seem worthwhile.
Bundle size: A base64 encoded bundle with just this module seems to be around 500k.
Security Considerations
supply chain: this adds a dependency on the current @noble/hashes, which is reasonably popular (3m weekly downloads) and seems to be well audited.
Documentation Considerations
I'm not sure where this shows up in the orchestration API yet.
Testing Considerations
A test that it works in a compartment is included.
Upgrade Considerations
Unrelated to any deployed code.