Splitting error processing between rounds

Author: fjarri

examples/dining_cryptographers.rs

@@ -56,8 +56,8 @@ use manul::{
     dev::{run_sync, BinaryFormat, TestHasher, TestSignature, TestSigner, TestVerifier},
     protocol::{
         BoxedRound, BoxedRoundInfo, CommunicationInfo, EchoRoundParticipation, EntryPoint, FinalizeOutcome, LocalError,
-        NoMessage, NoProtocolErrors, Protocol, ReceiveError, RoundId, StaticProtocolMessage, StaticRound,
-        TransitionInfo,
+        NoMessage, NoProtocolErrors, NoProvableErrors, Protocol, ReceiveError, RoundId, StaticProtocolMessage,
+        StaticRound, TransitionInfo,
     },
     session::SessionParameters,
 };
@@ -77,6 +77,7 @@ impl Protocol<DinerId> for DiningCryptographersProtocol {
     // XOR/¬XOR of the two bits of each of the three diners (one is their own cointoss, the other shared with their
     // neighbour).
     type Result = (bool, bool, bool);
+    type SharedData = ();
 
     type ProtocolError = NoProtocolErrors;
 
@@ -109,6 +110,7 @@ pub struct Round2 {
 
 impl StaticRound<DinerId> for Round1 {
     type Protocol = DiningCryptographersProtocol;
+    type ProvableError = NoProvableErrors<Self>;
 
     type DirectMessage = Round1Message;
     type EchoBroadcast = NoMessage;
@@ -201,6 +203,7 @@ impl StaticRound<DinerId> for Round1 {
 
 impl StaticRound<DinerId> for Round2 {
     type Protocol = DiningCryptographersProtocol;
+    type ProvableError = NoProvableErrors<Self>;
 
     type DirectMessage = NoMessage;
     type EchoBroadcast = NoMessage;

examples/src/lib.rs

@@ -1,7 +1,7 @@
 extern crate alloc;
 
 pub mod simple;
-pub mod simple_chain;
+//pub mod simple_chain;
 
 #[cfg(test)]
 mod simple_test;

examples/src/simple.rs

@@ -2,9 +2,10 @@ use alloc::collections::{BTreeMap, BTreeSet};
 use core::fmt::Debug;
 
 use manul::protocol::{
-    BoxedFormat, BoxedRound, BoxedRoundInfo, CommunicationInfo, EchoBroadcast, EntryPoint, FinalizeOutcome, LocalError,
-    NoMessage, PartyId, Protocol, ProtocolError, ProtocolMessage, ProtocolMessagePart, ProtocolValidationError,
-    ReceiveError, RequiredMessageParts, RequiredMessages, RoundId, StaticProtocolMessage, StaticRound, TransitionInfo,
+    BoxedFormat, BoxedRound, BoxedRoundInfo, CommunicationInfo, EchoBroadcast, EntryPoint, EvidenceMessages,
+    FinalizeOutcome, LocalError, NoMessage, PartyId, Protocol, ProtocolError, ProtocolMessage, ProtocolMessagePart,
+    ProtocolValidationError, ProvableError, ReceiveError, RequiredMessageParts, RequiredMessages, RoundId,
+    StaticProtocolMessage, StaticRound, TransitionInfo,
 };
 use rand_core::CryptoRngCore;
 use serde::{Deserialize, Serialize};
@@ -22,6 +23,53 @@ pub enum SimpleProtocolError {
     Round2InvalidPosition,
 }
 
+#[derive(displaydoc::Display, Debug, Clone, Copy, Serialize, Deserialize)]
+pub(crate) struct Round1ProvableError;
+
+impl<Id: PartyId> ProvableError<Id> for Round1ProvableError {
+    type Round = Round1<Id>;
+    fn required_previous_messages(&self) -> RequiredMessages {
+        RequiredMessages::new(RequiredMessageParts::direct_message(), None, None)
+    }
+    fn verify_evidence(
+        &self,
+        _from: &Id,
+        _shared_randomness: &[u8],
+        _shared_data: &<<Self::Round as StaticRound<Id>>::Protocol as Protocol<Id>>::SharedData,
+        messages: EvidenceMessages<Id, Self::Round>,
+    ) -> std::result::Result<(), ProtocolValidationError> {
+        let _message: Round1Message = messages.direct_message()?;
+        // Message contents would be checked here
+        Ok(())
+    }
+}
+
+#[derive(displaydoc::Display, Debug, Clone, Copy, Serialize, Deserialize)]
+pub(crate) struct Round2ProvableError;
+
+impl<Id: PartyId> ProvableError<Id> for Round2ProvableError {
+    type Round = Round2<Id>;
+    fn required_previous_messages(&self) -> RequiredMessages {
+        RequiredMessages::new(
+            RequiredMessageParts::direct_message(),
+            Some([(1.into(), RequiredMessageParts::direct_message())].into()),
+            Some([1.into()].into()),
+        )
+    }
+    fn verify_evidence(
+        &self,
+        _from: &Id,
+        _shared_randomness: &[u8],
+        _shared_data: &<<Self::Round as StaticRound<Id>>::Protocol as Protocol<Id>>::SharedData,
+        messages: EvidenceMessages<Id, Self::Round>,
+    ) -> std::result::Result<(), ProtocolValidationError> {
+        let _r2_message: Round2Message = messages.direct_message()?;
+        let _r1_echos: BTreeMap<Id, Round1Echo> = messages.combined_echos::<Round1<Id>>(1)?;
+        // Message contents would be checked here
+        Ok(())
+    }
+}
+
 impl<Id> ProtocolError<Id> for SimpleProtocolError {
     type AssociatedData = ();
 
@@ -73,6 +121,7 @@ impl<Id> ProtocolError<Id> for SimpleProtocolError {
 
 impl<Id: PartyId> Protocol<Id> for SimpleProtocol {
     type Result = u8;
+    type SharedData = ();
     type ProtocolError = SimpleProtocolError;
     fn round_info(round_id: &RoundId) -> Option<BoxedRoundInfo<Id, Self>> {
         match round_id {
@@ -164,6 +213,7 @@ impl<Id: PartyId> EntryPoint<Id> for SimpleProtocolEntryPoint<Id> {
 
 impl<Id: PartyId> StaticRound<Id> for Round1<Id> {
     type Protocol = SimpleProtocol;
+    type ProvableError = Round1ProvableError;
 
     fn transition_info(&self) -> TransitionInfo {
         TransitionInfo::new_linear(1)
@@ -259,6 +309,7 @@ pub(crate) struct Round2Message {
 
 impl<Id: PartyId> StaticRound<Id> for Round2<Id> {
     type Protocol = SimpleProtocol;
+    type ProvableError = Round2ProvableError;
 
     fn transition_info(&self) -> TransitionInfo {
         TransitionInfo::new_linear_terminating(2)

manul/src/combinators.rs

@@ -1,4 +1,4 @@
 //! Combinators operating on protocols.
 
-pub mod chain;
+//pub mod chain;
 pub mod extend;

manul/src/combinators/extend.rs

@@ -7,9 +7,10 @@ use dyn_clone::DynClone;
 use rand_core::CryptoRngCore;
 
 use crate::protocol::{
-    Artifact, BoxedFormat, BoxedRound, CommunicationInfo, DirectMessage, EchoBroadcast, EntryPoint, FinalizeOutcome,
-    LocalError, NormalBroadcast, PartyId, Payload, Protocol, ProtocolMessage, ReceiveError, Round, RoundId,
-    StaticProtocolMessage, StaticRound, StaticRoundAdapter, TransitionInfo,
+    Artifact, BoxedFormat, BoxedRound, CommunicationInfo, DirectMessage, EchoBroadcast, EntryPoint, EvidenceMessages,
+    FinalizeOutcome, LocalError, NormalBroadcast, PartyId, Payload, Protocol, ProtocolMessage, ProtocolValidationError,
+    ProvableError, ReceiveError, RequiredMessages, Round, RoundId, StaticProtocolMessage, StaticRound,
+    StaticRoundAdapter, TransitionInfo,
 };
 
 pub trait Extension<Id>: 'static + Debug + Send + Sync + Clone {
@@ -57,6 +58,26 @@ pub trait Extension<Id>: 'static + Debug + Send + Sync + Clone {
     }
 }
 
+#[derive_where::derive_where(Debug, Clone, Serialize, Deserialize)]
+struct ExtendedProvableError<Id, Ext: Extension<Id>>(<Ext::Round as StaticRound<Id>>::ProvableError);
+
+impl<Id: PartyId, Ext: Extension<Id>> ProvableError<Id> for ExtendedProvableError<Id, Ext> {
+    type Round = ExtendedRound<Id, Ext>;
+    fn required_previous_messages(&self) -> RequiredMessages {
+        self.0.required_previous_messages()
+    }
+    fn verify_evidence(
+        &self,
+        from: &Id,
+        shared_randomness: &[u8],
+        shared_data: &<<Self::Round as StaticRound<Id>>::Protocol as Protocol<Id>>::SharedData,
+        messages: EvidenceMessages<Id, Self::Round>,
+    ) -> Result<(), ProtocolValidationError> {
+        let messages = messages.into_round::<Ext::Round>();
+        self.0.verify_evidence(from, shared_randomness, shared_data, messages)
+    }
+}
+
 #[allow(clippy::type_complexity)]
 #[derive_where::derive_where(Debug)]
 struct ExtendedRound<Id, Ext: Extension<Id>> {
@@ -71,6 +92,7 @@ where
     Ext: Extension<Id>,
 {
     type Protocol = <Ext::Round as StaticRound<Id>>::Protocol;
+    type ProvableError = ExtendedProvableError<Id, Ext>;
 
     type DirectMessage = <Ext::Round as StaticRound<Id>>::DirectMessage;
     type NormalBroadcast = <Ext::Round as StaticRound<Id>>::NormalBroadcast;

manul/src/protocol.rs

@@ -33,7 +33,9 @@ pub use round::{
 };
 pub use round_id::{RoundId, TransitionInfo};
 pub use round_info::BoxedRoundInfo;
-pub use static_round::{NoMessage, StaticProtocolMessage, StaticRound};
+pub use static_round::{
+    EvidenceMessages, NoMessage, NoProvableErrors, ProvableError, StaticProtocolMessage, StaticRound,
+};
 
 pub(crate) use errors::ReceiveErrorType;
 pub(crate) use message::ProtocolMessagePartHashable;

manul/src/protocol/round.rs

@@ -71,6 +71,8 @@ pub trait Protocol<Id>: 'static + Sized {
     /// The successful result of an execution of this protocol.
     type Result: Debug;
 
+    type SharedData: Debug;
+
     /// An object of this type will be returned when a provable error happens during [`Round::receive_message`].
     type ProtocolError: ProtocolError<Id>;
 

manul/src/protocol/static_round.rs

@@ -8,10 +8,11 @@ use serde::{Deserialize, Serialize};
 
 use super::{
     boxed_format::BoxedFormat,
-    errors::{LocalError, ReceiveError},
+    errors::{LocalError, ProtocolValidationError, ReceiveError},
     message::{DirectMessage, EchoBroadcast, NormalBroadcast, ProtocolMessage, ProtocolMessagePart},
     round::{
-        Artifact, CommunicationInfo, DynTypeId, FinalizeOutcome, PartyId, Payload, Protocol, ProtocolError, Round,
+        Artifact, CommunicationInfo, DynTypeId, FinalizeOutcome, PartyId, Payload, Protocol, ProtocolError,
+        RequiredMessages, Round,
     },
     round_id::{RoundId, TransitionInfo},
 };
@@ -48,6 +49,8 @@ pub trait StaticRound<Id>: 'static + Debug + Send + Sync + DynTypeId {
     /// The protocol this round is a part of.
     type Protocol: Protocol<Id>;
 
+    type ProvableError: ProvableError<Id, Round = Self>;
+
     /// Returns the information about the position of this round in the state transition graph.
     ///
     /// See [`TransitionInfo`] documentation for more details.
@@ -295,3 +298,112 @@ where
         self.round.finalize(rng, payloads, artifacts)
     }
 }
+
+/// Describes provable errors originating during protocol execution.
+///
+/// Provable here means that we can create an evidence object entirely of messages signed by some party,
+/// which, in combination, prove the party's malicious actions.
+pub trait ProvableError<Id>: Debug + Clone + Serialize + for<'de> Deserialize<'de> {
+    type Round: StaticRound<Id>;
+
+    /// Specifies the messages of the guilty party that need to be stored as the evidence
+    /// to prove its malicious behavior.
+    fn required_previous_messages(&self) -> RequiredMessages;
+
+    /// Returns `Ok(())` if the attached messages indeed prove that a malicious action happened.
+    ///
+    /// The signatures and metadata of the messages will be checked by the calling code,
+    /// the responsibility of this method is just to check the message contents.
+    ///
+    /// `message` contain the message parts that triggered the error
+    /// during [`Round::receive_message`].
+    ///
+    /// `previous_messages` are message parts from the previous rounds, as requested by
+    /// [`required_messages`](Self::required_messages).
+    ///
+    /// Note that if some message part was not requested by above methods, it will be set to an empty one
+    /// in the [`ProtocolMessage`], even if it was present originally.
+    ///
+    /// `combined_echos` are bundled echos from other parties from the previous rounds,
+    /// as requested by [`required_messages`](Self::required_messages).
+    fn verify_evidence(
+        &self,
+        from: &Id,
+        shared_randomness: &[u8],
+        shared_data: &<<Self::Round as StaticRound<Id>>::Protocol as Protocol<Id>>::SharedData,
+        messages: EvidenceMessages<Id, Self::Round>,
+    ) -> Result<(), ProtocolValidationError>;
+}
+
+#[derive(Debug)]
+pub struct EvidenceMessages<Id, R: StaticRound<Id>> {
+    message: ProtocolMessage,
+    previous_messages: BTreeMap<RoundId, ProtocolMessage>,
+    combined_echos: BTreeMap<RoundId, BTreeMap<Id, EchoBroadcast>>,
+    format: BoxedFormat,
+    phantom: PhantomData<R>,
+}
+
+impl<Id, R: StaticRound<Id>> EvidenceMessages<Id, R> {
+    pub fn previous_echo_broadcast<PR: StaticRound<Id>>(
+        &self,
+        round_num: u8,
+    ) -> Result<PR::EchoBroadcast, ProtocolValidationError> {
+        Ok(self
+            .previous_messages
+            .get(&RoundId::new(round_num))
+            .unwrap()
+            .echo_broadcast
+            .deserialize::<PR::EchoBroadcast>(&self.format)
+            .unwrap())
+    }
+
+    pub fn combined_echos<PR: StaticRound<Id>>(
+        &self,
+        round_num: u8,
+    ) -> Result<BTreeMap<Id, PR::EchoBroadcast>, ProtocolValidationError> {
+        todo!()
+    }
+
+    pub fn direct_message(&self) -> Result<R::DirectMessage, ProtocolValidationError> {
+        todo!()
+    }
+
+    pub(crate) fn into_round<NR>(self) -> EvidenceMessages<Id, NR>
+    where
+        NR: StaticRound<
+            Id,
+            EchoBroadcast = R::EchoBroadcast,
+            NormalBroadcast = R::NormalBroadcast,
+            DirectMessage = R::DirectMessage,
+        >,
+    {
+        EvidenceMessages::<Id, NR> {
+            message: self.message,
+            previous_messages: self.previous_messages,
+            combined_echos: self.combined_echos,
+            format: self.format,
+            phantom: PhantomData,
+        }
+    }
+}
+
+#[derive_where::derive_where(Clone)]
+#[derive(Debug, Copy, Serialize, Deserialize)]
+pub struct NoProvableErrors<R>(PhantomData<R>);
+
+impl<Id: PartyId, R: StaticRound<Id>> ProvableError<Id> for NoProvableErrors<R> {
+    type Round = R;
+    fn required_previous_messages(&self) -> RequiredMessages {
+        unimplemented!()
+    }
+    fn verify_evidence(
+        &self,
+        from: &Id,
+        shared_randomness: &[u8],
+        shared_data: &<<Self::Round as StaticRound<Id>>::Protocol as Protocol<Id>>::SharedData,
+        messages: EvidenceMessages<Id, Self::Round>,
+    ) -> Result<(), ProtocolValidationError> {
+        unimplemented!()
+    }
+}

manul/src/session/session.rs

@@ -835,6 +835,7 @@ mod tests {
 
         impl Protocol<TestVerifier> for DummyProtocol {
             type Result = ();
+            type SharedData = ();
             type ProtocolError = NoProtocolErrors;
             fn round_info(_round_id: &RoundId) -> Option<BoxedRoundInfo<TestVerifier, Self>> {
                 unimplemented!()

manul/src/tests/partial_echo.rs

@@ -12,8 +12,8 @@ use crate::{
     dev::{run_sync, BinaryFormat, TestSessionParams, TestSigner, TestVerifier},
     protocol::{
         BoxedRound, BoxedRoundInfo, CommunicationInfo, EchoRoundParticipation, EntryPoint, FinalizeOutcome, LocalError,
-        NoMessage, NoProtocolErrors, PartyId, Protocol, ReceiveError, RoundId, StaticProtocolMessage, StaticRound,
-        TransitionInfo,
+        NoMessage, NoProtocolErrors, NoProvableErrors, PartyId, Protocol, ReceiveError, RoundId, StaticProtocolMessage,
+        StaticRound, TransitionInfo,
     },
     signature::Keypair,
 };
@@ -23,6 +23,7 @@ struct PartialEchoProtocol<Id>(PhantomData<Id>);
 
 impl<Id: PartyId> Protocol<Id> for PartialEchoProtocol<Id> {
     type Result = ();
+    type SharedData = ();
     type ProtocolError = NoProtocolErrors;
 
     fn round_info(round_id: &RoundId) -> Option<BoxedRoundInfo<Id, Self>> {
@@ -70,6 +71,7 @@ impl<Id: PartyId + Serialize + for<'de> Deserialize<'de>> EntryPoint<Id> for Inp
 
 impl<Id: PartyId + Serialize + for<'de> Deserialize<'de>> StaticRound<Id> for Round1<Id> {
     type Protocol = PartialEchoProtocol<Id>;
+    type ProvableError = NoProvableErrors<Self>;
 
     type DirectMessage = NoMessage;
     type NormalBroadcast = NoMessage;