-
Notifications
You must be signed in to change notification settings - Fork 84
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Validate coordinated head protocol against formal model #194
Comments
I think this issue's priority should be raised and researchers pulled in ASAP to provide us static feedback, while Quviq works on contracts' certification |
We plan to go through an example of our "HeadLogic" (after some refactoring maybe) with the original paper authors to find a common denominator to review the protocol logic. |
After a quick tour of the code (mostly
Next steps:
|
Changing to 🟡 as it's scope is actually unclear and we only get started on this one now. |
@abailly-iohk This has become quite related/overlapping with #197 now. Shall we just ditch that one and capture our current tasks in this one? We ought to define the scope of this one also a bit better! |
We discussed also that a kind of conformance test suite is actually an outcome of this! i.e. the model test can be used to |
Some notes from today's discussion about this tests. The current situation with this test system:
The current property that we check:
What we would like to do: Implement all the proofs from spec v1 as properties with this system
For that, we will need to:
|
Why
Although the Hydra Head protocol has been peer-reviewed as a research paper and the security it provides proven, this does not guarantee our implementation indeed provides the same level of security. This is all the more true given we have been simplifying the "Simplified Head protocol" of the paper even further in collaboration with the original protocol researchers.
Therefore, we should validate the implementation of this "Coordinated Hydra Head" protocol, as we coined it, both from a theoretical standpoint (eg. does it provide the same security as the paper's protocol) and a practical standpoint (verifies the implementation is secure).
What
Within this feature we want to work toward enabling auditors to convince themselves that our implementation Hydra Head protocol is solid. To do so, we first need to convince ourselves by closing some known gaps in our testing strategy, namely the fact we don't have much coverage of the possibles sequences of actions in the head protocol.
How
Create such evidences by:
Providing a (basic) executable model of the Hydra Head Protocol within an existing framework (eg. quickcheck-dynamic),
Stating security properties from the paper,
Quickchecking those properties hold for our current implementation,
Validating the model and properties code against what's written in the research paper.
One property is enough for a start.
Tasks
Extend QD Model to cover the whole head lifecycle-> have follow-ups insteadThe text was updated successfully, but these errors were encountered: