Skip to content

Specification of ForceMove to exhibit safety.#2

Open
andrewgordstewart wants to merge 66 commits intomasterfrom
simpler-force-move
Open

Specification of ForceMove to exhibit safety.#2
andrewgordstewart wants to merge 66 commits intomasterfrom
simpler-force-move

Conversation

@andrewgordstewart
Copy link
Contributor

@andrewgordstewart andrewgordstewart commented Sep 11, 2019

No description provided.

@andrewgordstewart
Update .gitignore
27af4a2
@andrewgordstewart
wip
2d5b1c3
@andrewgordstewart
wip
2271340
@andrewgordstewart
wip
64879ff
@andrewgordstewart
wip
634542a
@andrewgordstewart
wip
ef59a33
@andrewgordstewart
wip
bf63d04
@andrewgordstewart
wip
3bf6583
@andrewgordstewart
Use channel mode language from documentation
2fffcc2
@andrewgordstewart
Write out checks and effects that contract functions have
c8f9ab7
@andrewgordstewart
Start sketching out processes
4828143
@andrewgordstewart
Refactor macros to use commitments
c7dcd41
@andrewgordstewart
Archie -> Alice
18bc1fc
@andrewgordstewart
Remove histories
5efcba1
@andrewgordstewart
Update comment
d76fde9
@andrewgordstewart
Processes loop
7da9175
@andrewgordstewart
Fix a few things
270f6fd
@andrewgordstewart
Define the checks
579ad1d
@andrewgordstewart
Eve can force-move. Start to write alice's responses
8fd151f
@andrewgordstewart
Add signer to challenges (and channel, when in CHALLENGE Mode)
fdbf652
@andrewgordstewart
Alice refutes properly. She finalizes the channel when she cannot cle…
2ac20ac 
…ar a challenge
@andrewgordstewart
Fix ProgressesChannel
5e47ded
@andrewgordstewart
Store challenge on channel rather than update turn number
1dc630b
@andrewgordstewart
Correct turn number checks
fb57dfa
@andrewgordstewart
Minimal spec exhibiting force-move protocol issue
854d5e5 
At this point, by front-running, Eve can force an infinite loop of
forceMoves, where Alice has no choice but to call refute. Since refute
does not increment the channel's turnNumber on chain, this creates an
infinite loop.
@andrewgordstewart
Always store a challenge
36a0567
@andrewgordstewart
Add EveCanTakeAction
cf05bcc
@andrewgordstewart
Channel has one turn number per participant
89143eb
@andrewgordstewart
Update some definitions
6469cf4 
At this point, if Alice has commitments {5,6} and Eve calls
ForceMove(5), then Alice can't refute, and instead needs to respond with
a move.
@andrewgordstewart
Alice can defend against arbitrary forceMoves
79bab9c
@andrewgordstewart
Add effect that can exhibit infinite griefing
93038f6
@andrewgordstewart
Alice submits refutes
2bdb120
@andrewgordstewart
Simplify alice's process
2839037
@andrewgordstewart
Alice submits respond transactions
bbb2c76
@andrewgordstewart
Eve responds
f0de039
@andrewgordstewart
Eve only responds when challenge is ongoing
2583999
@andrewgordstewart
Add invariant to verify that Eve can grieve
a3690b5
@andrewgordstewart
Eve can refute
c53bbe9
@andrewgordstewart
Update comments
133d179
@andrewgordstewart
Add property that verifies that Alice cannot directly submit transact…
1141296 
…ions
@andrewgordstewart
Add EveCannotFrontRun property and clarify numForces variable
7f75b1b
@andrewgordstewart
Clean up spec
1543e1d
@andrewgordstewart
Refute checks that the challenge signer signed the state submitted
4139c89
@andrewgordstewart
Clarify Eve's refute ability
bc3c169
@andrewgordstewart
Eve can sleep
eb8f0b0
@andrewgordstewart
Alice does not directly modify channel state
66b3877
@andrewgordstewart
Remove timeout "transactions"
f5bc0a9
@andrewgordstewart
Remove FINALIZE mode
216dd0c 
Once the channel is in the CHALLENGE mode with the latest turn number,
Eve would be forced to either
- respond with a move (which Alice is ok with)
- respond with an alternative move, providing a full round (which Alice
  has to be ok with, since she signed one of the commitments in that
  round, and has no control over the later commitments)
- refute with a later state signed by Alice (which she can't)
@andrewgordstewart
Remove unused model values
f6e314c
@andrewgordstewart
Add success configuration
b9933fe
@andrewgordstewart
Add configuration to exhibit how Eve can front run Alice
b1fcaed
@andrewgordstewart
Add some models
4a8d45e
@andrewgordstewart
Add explanation of the specification
8c42a50
@andrewgordstewart
Tidy up spec a bit
a2f8b06
@andrewgordstewart
Remove extraneous skip
8d3a689
@andrewgordstewart
Add TurnNumberIncrements
64800a2
@andrewgordstewart
Tidy up model definitions
4eda118
@andrewgordstewart
Add FiveParticipants model
9d6f283
@andrewgordstewart
Add compiled spec.
b36a9db 
(Some of the algorithm overflows currently.)
@andrewgordstewart
AlicesIDX is an algorithm variable
b2936d4 
There's no need to define it as a constant and then check that it's
a participant's IDX. Plus, this way, models exhaustively check all positions
of Alice in the participants array.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@andrewgordstewart