chore: wallet client recovery privacy improvements #5697
Conversation
|
ATM. This needs another round of self-review, but is probably in reviewable state. |
fedimint-bitcoind/src/lib.rs
Outdated
| @@ -64,24 +61,16 @@ static BITCOIN_RPC_REGISTRY: Lazy<Mutex<BTreeMap<String, DynBitcoindRpcFactory>> | |||
| pub fn create_bitcoind(config: &BitcoinRpcConfig, handle: TaskHandle) -> Result<DynBitcoindRpc> { | |||
| let registry = BITCOIN_RPC_REGISTRY.lock().expect("lock poisoned"); | |||
|
|
|||
| let kind = env::var(FM_FORCE_BITCOIN_RPC_KIND_ENV) | |||
There was a problem hiding this comment.
Ooops. I didn"t want to make this change.
dpc
force-pushed
the
24-07-15-wallet-module-recovery-privacy
branch
4 times, most recently
from
58c3d8d to
87ba9eb
Compare
| // To avoid updating `decoys` for the whole recovery, which might be a lot of extra updates | ||
| // most of which will be thrown away, ignore script pubkeys from before this `session_idx` | ||
| decoy_session_threshold: u64, |
There was a problem hiding this comment.
nit: is writing to a vector really that expensive? The complexity doesn"t feel worth it.
There was a problem hiding this comment.
The cost of a cloning is more of a problem, potentially. Also, we really only want some recently used addresses as a decoy, as we are going to check only few (potentially) last used addresses. An attacker might see through things if we query some much older addresses.
There was a problem hiding this comment.
Since I might need to query old addresses anyway, maybe I"ll just replace it with some probabilistic thing to potentially keep some older addresses around...
modules/fedimint-wallet-client/src/backup/recovery_history_tracker.rs
Outdated
Show resolved
Hide resolved
modules/fedimint-wallet-client/src/backup/recovery_history_tracker.rs
Outdated
Show resolved
Hide resolved
dpc
force-pushed
the
24-07-15-wallet-module-recovery-privacy
branch
2 times, most recently
from
6a7f406 to
bd66153
Compare
| if used_tweak_idxes.contains(&cur_tweak_idx) { | ||
| debug!(target: LOG_CLIENT_MODULE_WALLET, | ||
| tweak_idx=%cur_tweak_idx, | ||
| "Skipping checking history of an address, as it was previously used"); | ||
| last_used_idx = Some(cur_tweak_idx); | ||
| tweak_idxes_with_pegins.insert(cur_tweak_idx); | ||
| } else { | ||
| let history = check_addr_history(cur_tweak_idx).await?; | ||
|
|
||
| if !history.is_empty() { | ||
| last_used_idx = Some(cur_tweak_idx); | ||
| tweak_idxes_with_pegins.insert(cur_tweak_idx); | ||
| } |
There was a problem hiding this comment.
The amount of mutability here makes it quite hard to review, I was procrastinating on reviewing this PR for way too long due to it. Let"s discuss during review club, I think there is a beautiful, small algorithm hidden in here that wants to get implemented with some iterator chaining 😆
There was a problem hiding this comment.
call: could loop over a range
There was a problem hiding this comment.
@elsirion Hmm... now that I"m looking at it ... if I do while or for, I can"t use break value; which will introduce a different mutable value.
| = recover_scan_idxes_for_activity( | ||
| self.state.next_unused_idx_from_backup, | ||
| self.state.tracker.used_tweak_idxes(), |
There was a problem hiding this comment.
Eventually we should scan from index zero to not miss anything, but we need the already claimed list in the backup to do so privately.
|
@elsirion @bradleystachurski Just went ahead and implemented the better backup for wallet as we"ve discussed during the review. |
There was a problem hiding this comment.
I think the final version we settled on is good, I"m trying to simplify that one fn nonetheless, see my take here: https://github.com/fedimint/fedimint/pull/5903/files/30ccddc406fe318d941d39350a7cd77d21414c8e..3bd09478781a718bf051c74d9725bd585d8fd4d3
| last_used_idx = Some(cur_tweak_idx); | ||
| tweak_idxes_with_pegins.insert(cur_tweak_idx); | ||
| } else { | ||
| let history = check_addr_history(cur_tweak_idx).await?; |
There was a problem hiding this comment.
While rewriting this fn I noticed that we might be losing a lot of progress here depending on the retry behavior of check_addr_history. We are very dependent on it never failing here.
See comments in the code. Fix fedimint#5584
dpc
force-pushed
the
24-07-15-wallet-module-recovery-privacy
branch
from
30ccddc to
674409a
Compare
github-merge-queue
bot
removed this pull request from the merge queue due to failed status checks
|
Seems like a legitimate flake https://github.com/fedimint/fedimint/actions/runs/10528393578/job/29173781412 , will try to repro locally. |
github-merge-queue
bot
removed this pull request from the merge queue due to failed status checks
|
@elsirion CI flakiness exposed a place I"ve missed. See commit. |
| @@ -794,10 +793,7 @@ impl FedimintCli { | |||
| // TODO: until we implement recovery for other modules we can't really wait | |||
There was a problem hiding this comment.
[nit] Can also remove this TODO
See comments in the code.
Fix #5584