Skip to content
This repository was archived by the owner on Feb 29, 2024. It is now read-only.

Add failing unit test for multiple "attr:<attr_name>::value" restrictions #1893

Closed
wants to merge 12 commits into from
Closed

Add failing unit test for multiple "attr:<attr_name>::value" restrictions #1893

wants to merge 12 commits into from

Conversation

nrempel
Copy link
Contributor

@nrempel nrempel commented Sep 20, 2019

Illustrates the issue define here: https://jira.hyperledger.org/browse/IS-1381

nrempel and others added 3 commits September 20, 2019 14:19
@nrempel
Add failing unit test for multiple "attr:<attr_name>::value" restrict…
0f86ef7 
…ions

Signed-off-by: Nicholas Rempel <nbrempel@gmail.com>
@nrempel
Remove extra space
bbe7f85 
Signed-off-by: Nicholas Rempel <nbrempel@gmail.com>
@Artemkaaas
Improved verification of attr::<attr_name>::value/marker restrictions
b9ab0a5 
Signed-off-by: artem.ivanov <artem.ivanov@dsr-company.com>
Artemkaaas
Artemkaaas reviewed Sep 24, 2019
View reviewed changes
Copy link
Contributor

@Artemkaaas Artemkaaas left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I did changes to fit this test and sent PR to your repo.
nrempel#2

BUT
The generated proof doesn't contain any evidence that Prover really used a credential that matches to this restriction "attr::sex::value": "male". We can't check it somehow.

Nick Rempel and others added 5 commits September 24, 2019 09:24
Merge pull request #2 from Artemkaaas/bug/is-1381-multiple-attr-restr…
208494d 
…ictions

Improved verification of attr::<attr_name>::value/marker restrictions
@nrempel
Merge changes from hyperleger/master
7bf2118 
Signed-off-by: Nicholas Rempel <nbrempel@gmail.com>
@nrempel
Update _precess_filter to expect required parameter
e9b8244 
Signed-off-by: Nicholas Rempel <nbrempel@gmail.com>
@nrempel
Fix test requiring extra parameter
a48a7b6 
Signed-off-by: Nicholas Rempel <nbrempel@gmail.com>
@Artemkaaas
Merge remote-tracking branch 'indy-sdk/master' into is-1381
cc8262d
@Artemkaaas Artemkaaas force-pushed the bug/is-1381-multiple-attr-restrictions branch from a48a7b6 to b9ab0a5 Compare September 27, 2019 13:17
@Artemkaaas Artemkaaas force-pushed the bug/is-1381-multiple-attr-restrictions branch from 4d91641 to b9ab0a5 Compare September 27, 2019 13:28
@nrempel
Copy link
Contributor Author

nrempel commented Sep 27, 2019

I did changes to fit this test and sent PR to your repo.
nrempel#2

BUT
The generated proof doesn't contain any evidence that Prover really used a credential that matches to this restriction "attr::sex::value": "male". We can't check it somehow.

Thanks!

If I understand correctly, this means that the query will correctly return values for get_credentials_for_proof_request but the verification may fail when it reaches the verifier?

@Artemkaaas
Copy link
Contributor

For your case:

...
"requested_attributes":{
    "attr1_referent":{
        "name":"name",
        "restrictions": json!([{
            "attr::name::value": "Alex",
            "attr::sex::value": "male"
        }])
    }
},

get_credentials_for_proof_request will correctly return credentials.
A proof will be generated successfully.
Verification will pass.
But neither math proof or requested_proof will no contain evidence that credential was used by Prover really met to this restrictions "attr::sex::value": "male". There is no way to check it from Verifier side.

@nrempel
Copy link
Contributor Author

nrempel commented Oct 4, 2019

@Artemkaaas Ok thank you.

It's good that the results from the wallet are correct. I do think that the verification should fail if the verifier cannot prove all of the attribute restrictions are met – but this is another discussion.

Is anything left to merge this fix? We rely on the functionality.

@nrempel nrempel mentioned this pull request Oct 4, 2019
Merged
@esune esune mentioned this pull request Oct 11, 2019
Closed
@jovfer
Copy link
Contributor

jovfer commented Oct 23, 2019

@Artemkaaas @nrempel

Is anything left to merge this fix?

I'm not sure if the "fix" better rather then original behavior.

As I understand from the ticket description, if multiply restriction are specified, the verification always fails. This PR allow to pass verification by ignoring non-related attributes restriction.

From the libindy consumer point of view returning the success is not so fair action by libindy: application put the restrictions in proof request, but libindy ignore part of them

@jovfer
Copy link
Contributor

jovfer commented Oct 28, 2019
edited
Loading

my and @nrempel DM:

Potential format suggested by Nicolas:

proof req {
    requestedAttrs: {
        attrXref: { name: X, restrictions: { attr::X::value == valX, attr::Y::value == valY }
        attrYref: { name: Y, restrictions: { attr::X::value == valX, attr::Y::value == valY }
    }
}

vs

possible flow now

proof req {
    requestedAttrs: {
        attrXref: { name: X, restrictions: { attr::X::value == valX }
        attrYref: { name: Y, restrictions: { attr::Y::value == valY }
    }
}

I don't have enough understanding why the first format is useful. My guess for the reason is "in the 2nd case we can't be sure what both attributes are from the same credential.

If it's a correct reason then we should solve the actual problem (no restriction to force the same credential to be used) instead of trying to make a not-always-possible-to-verify restrictions like attr::X::value == valX, attr::Y::value == valY (it's impossible to check if only X is disclosed)

@nrempel what do you think about the ability to force usage of attributes from the same credential and set restrictions similar to current flow (2nd)? like:

proof req {
    requestedAttrs: {
        attrXref: { name: X, restrictions: { attr::X::value == valX, groupedWith == groupRef1 }
        attrYref: { name: Y, restrictions: { attr::Y::value == valY, groupedWith == groupRef1 }
    }
}

@jovfer
Copy link
Contributor

jovfer commented Nov 6, 2019

Another option suggested by Nicolas:

proof req {
  requestedAttrs: {
    referent_abc: { names: [X, Y, Z], restrictions: { ... }}
   } 
}

it has kind of breaking changes but they are manageable by an app

@nrempel
Copy link
Contributor Author

nrempel commented Nov 6, 2019

Another option suggested by Nicolas:

proof req {
  requestedAttrs: {
    referent_abc: { names: [X, Y, Z], restrictions: { ... }}
   } 
}

it has kind of breaking changes but they are manageable by an app

If this approach is possible, It's also beneficial for us since it reduces the number of wallet queries we need to make in a large volume scenario.

fyi: @andrewwhitehead @swcurran

@nrempel nrempel mentioned this pull request Nov 6, 2019
Closed
@jovfer
Copy link
Contributor

jovfer commented Nov 27, 2019

This PR is superseded by #1958

@jovfer
Copy link
Contributor

jovfer commented Nov 27, 2019

@nrempel we've merged the PR which allows to have names in proof request, please see updated API comments about new options in JSONs. I'm closing this PR as we have similar tests implemented. Fill free to raise a new PR with more tests, if they will be useful from your point of view

@jovfer jovfer closed this Nov 27, 2019
@nrempel
Copy link
Contributor Author

nrempel commented Dec 10, 2019

@nrempel we've merged the PR which allows to have names in proof request, please see updated API comments about new options in JSONs. I'm closing this PR as we have similar tests implemented. Fill free to raise a new PR with more tests, if they will be useful from your point of view

Thanks @jovfer, I'll take a look.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@Artemkaaas Artemkaaas Artemkaaas left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@nrempel @Artemkaaas @jovfer