Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Specification of ForceMove to exhibit safety. #2

Open
wants to merge 66 commits into
base: master
Choose a base branch
from
Open

Specification of ForceMove to exhibit safety. #2

wants to merge 66 commits into from

Conversation

andrewgordstewart
Copy link
Contributor

No description provided.

@andrewgordstewart
Update .gitignore
27af4a2
@andrewgordstewart
wip
2d5b1c3
@andrewgordstewart
wip
2271340
@andrewgordstewart
wip
64879ff
@andrewgordstewart
wip
634542a
@andrewgordstewart
wip
ef59a33
@andrewgordstewart
wip
bf63d04
@andrewgordstewart
wip
3bf6583
@andrewgordstewart
Use channel mode language from documentation
2fffcc2
@andrewgordstewart
Write out checks and effects that contract functions have
c8f9ab7
@andrewgordstewart
Start sketching out processes
4828143
@andrewgordstewart
Refactor macros to use commitments
c7dcd41
@andrewgordstewart
Archie -> Alice
18bc1fc
@andrewgordstewart
Remove histories
5efcba1
@andrewgordstewart
Update comment
d76fde9
@andrewgordstewart
Processes loop
7da9175
@andrewgordstewart
Fix a few things
270f6fd
@andrewgordstewart
Define the checks
579ad1d
@andrewgordstewart
Eve can force-move. Start to write alice's responses
8fd151f
@andrewgordstewart
Add signer to challenges (and channel, when in CHALLENGE Mode)
fdbf652
@andrewgordstewart
Alice refutes properly. She finalizes the channel when she cannot cle…
2ac20ac 
…ar a challenge
@andrewgordstewart
Fix ProgressesChannel
5e47ded
@andrewgordstewart
Store challenge on channel rather than update turn number
1dc630b
@andrewgordstewart
Correct turn number checks
fb57dfa
@andrewgordstewart
Minimal spec exhibiting force-move protocol issue
854d5e5 
At this point, by front-running, Eve can force an infinite loop of
forceMoves, where Alice has no choice but to call refute. Since refute
does not increment the channel's turnNumber on chain, this creates an
infinite loop.
@andrewgordstewart
Always store a challenge
36a0567
@andrewgordstewart
Add EveCanTakeAction
cf05bcc
@andrewgordstewart
Channel has one turn number per participant
89143eb
@andrewgordstewart
Update some definitions
6469cf4 
At this point, if Alice has commitments {5,6} and Eve calls
ForceMove(5), then Alice can't refute, and instead needs to respond with
a move.
@andrewgordstewart
Alice can defend against arbitrary forceMoves
79bab9c
@andrewgordstewart
Add effect that can exhibit infinite griefing
93038f6
@andrewgordstewart
Alice submits refutes
2bdb120
@andrewgordstewart
Simplify alice's process
2839037
@andrewgordstewart
Alice submits respond transactions
bbb2c76
@andrewgordstewart
Eve responds
f0de039
@andrewgordstewart
Eve only responds when challenge is ongoing
2583999
@andrewgordstewart
Add invariant to verify that Eve can grieve
a3690b5
@andrewgordstewart
Eve can refute
c53bbe9
@andrewgordstewart
Update comments
133d179
@andrewgordstewart
Add property that verifies that Alice cannot directly submit transact…
1141296 
…ions
@andrewgordstewart
Add EveCannotFrontRun property and clarify numForces variable
7f75b1b
@andrewgordstewart
Clean up spec
1543e1d
@andrewgordstewart
Refute checks that the challenge signer signed the state submitted
4139c89
@andrewgordstewart
Clarify Eve's refute ability
bc3c169
@andrewgordstewart
Eve can sleep
eb8f0b0
@andrewgordstewart
Alice does not directly modify channel state
66b3877
@andrewgordstewart
Remove timeout "transactions"
f5bc0a9
@andrewgordstewart
Remove FINALIZE mode
216dd0c 
Once the channel is in the CHALLENGE mode with the latest turn number,
Eve would be forced to either
- respond with a move (which Alice is ok with)
- respond with an alternative move, providing a full round (which Alice
  has to be ok with, since she signed one of the commitments in that
  round, and has no control over the later commitments)
- refute with a later state signed by Alice (which she can't)
@andrewgordstewart
Remove unused model values
f6e314c
@andrewgordstewart
Add success configuration
b9933fe
@andrewgordstewart
Add configuration to exhibit how Eve can front run Alice
b1fcaed
@andrewgordstewart
Add some models
4a8d45e
@andrewgordstewart
Add explanation of the specification
8c42a50
@andrewgordstewart
Tidy up spec a bit
a2f8b06
@andrewgordstewart
Remove extraneous skip
8d3a689
@andrewgordstewart
Add TurnNumberIncrements
64800a2
@andrewgordstewart
Tidy up model definitions
4eda118
@andrewgordstewart
Add FiveParticipants model
9d6f283
@andrewgordstewart
Add compiled spec.
b36a9db 
(Some of the algorithm overflows currently.)
@andrewgordstewart
AlicesIDX is an algorithm variable
b2936d4 
There's no need to define it as a constant and then check that it's
a participant's IDX. Plus, this way, models exhaustively check all positions
of Alice in the participants array.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@andrewgordstewart