Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

todo fusion #1

Open
16 of 28 tasks
markblundeberg opened this issue Nov 14, 2019 · 0 comments
Open
16 of 28 tasks

todo fusion #1

markblundeberg opened this issue Nov 14, 2019 · 0 comments

Comments

@markblundeberg
Copy link
Owner

markblundeberg commented Nov 14, 2019
edited
Loading

Critical::

  • Blockchain checking during blame is still TODO.
  • Client needs sensible limits on feerate and excess_fee, so a malicious server can't cause them to blast everything into miner fees.
  • Test server prevents multiple players from same IP going in same round. (But they may wait together)
  • Fix bugs. (see other Issues)
  • Coin chooser tweaking. -- Better coin fraction selection. Whale wallets may want to fuse at lower tiers. Some users may want to consolidate down to fewer utxo.

Important:

  • Fusions watch their source coins and stop themselves if coins are spent. (this is especially important when still in waiting pool since it's not too late to avoid blame)
  • Waiting autofusions stop when user stops autofusion. Not sure what to do about in-progress.
  • Client and server detection on 'sensibly private' fusions and aborting (based on examining components).
  • When stopping wallets, need a way for user to stop it cold so they don't have to wait forever.
  • Sanity protections against infinite rounds, both client and server. (what happens when nobody is blamed?)
  • Error indicator when fusion just isn't working right, and a clear diagnostic. Some kind of (!) icon in statusbar.
    • Network errors
    • Can't-find-a-tier errors
    • Fusion procedural failures
  • Make it less net-spammy when doing auto fusions which constantly fail. Need to remember the server's last greeting params message, and do a connection AFTER selecting outputs. See server params caching and pre-connection client side work (less net spammy!) #13
  • Greeting should indicate something like: height, tip hash and prevhash. Clients can use this to identify if they're on different chain.
  • Complete fusions need a wait time after done, before unfreezing coins. If the transaction hasn't shown up in wallet yet then another fusion might mistakenly grab one of those coins. (it will likely harmlessly fail due to the periodic input spend sanity check, but it could happen it starts rounds too soon)
  • Lighten the Tor connection load: see protocol change: make fewer Tor connections and be more reliable and faster! #8 .
  • Better UX for wallet parameter selection ('consolidation mode' etc.)
  • Rate limiting on fusions, for people who want to leave it running constantly
  • Add metadata tracking, add limit on fusion depth for people who just want to increase privacy sligthly and don't want to be burning fees all day long.
  • (BIG work) make electron cash / cash fusion actually provide privacy (marking coins, spending them appropriately).

Wishlist:

  • Fusion protocol upgrade items #20 - Variable number of commitments/components per player.
    • Note: max_excess_fee should now be max_excess_fee_per_component.
    • Players need to announce their component count during pool registry, to avoid absurd fee condition and so the server knows how many blind nonces to send during round start.
    • Question: what random distribution should client use to choose number of excess (blank) components?
  • Easier Tor for users (at first just find tor installation, later do bundling?)
  • Clean up race condition between coin selection and coin-freezing. (esp in user selection)
  • Test server SSL. Note the server needs to know its host so it can issue covert host correctly.
  • For manually-started fusions make a window that shows progress / allows restarting / etc..
  • Sometimes we want to cancel stale autofusions and try new ones, since wallet may have new coins, or we might want to try different tiers.
  • Better user-friendly diagnostic panel.
  • Whale splitter and whale consolidator (having a single giant input or output that gets peeled off, or built up).
  • Auto per-address consolidation (brainstorm) #21- Automatic address consolidation for addresses with many utxo. (Currently, Fusion ignores addrs with >3 coins)
markblundeberg pushed a commit that referenced this issue Nov 20, 2019
@cculianu
Satochip Plugin Support (Electron-Cash#1668)
668b0a5 
* Satochip merge from Toporin/electrum branch electron-cash-satochip-pr4.0.11-0.8

This resolves some of the conflicts that arose since Toporin forked his
branch in early September and EC has changed since then.  It's basically
rebased off latest EC master, adding Toporin's commits, with minor
whitespace and/or comment nits.

Still a work in progress.

Original commits:

----

Squashed commit of the following:

commit b9ba208e21cc28d25fac24a701d4eb6307e71fb2
Author: Calin Culianu <[email protected]>
Date:   Wed Nov 6 13:05:24 2019 +0200

    Whitespace and other nits

commit 0a05d94829b7de0711eb930091cdc6ba8f84fc88
Author: Toporin <[email protected]>
Date:   Wed Oct 2 12:04:44 2019 +0200

    Buil appImage and install swig+pcsd package in docker file
    Add pyscard in requirements

commit b91714b637f4a228d0c1afbb15ef4bc199dd8720
Author: Toporin <[email protected]>
Date:   Wed Oct 2 12:01:30 2019 +0200

    Build Swig (needed to build pyscard)

commit e2ff56d461f3b27a8fc10f4f2f39cc288762dd7f
Author: Toporin <[email protected]>
Date:   Wed Oct 2 10:03:40 2019 +0200

    Add pyscard 1.9.9 in deterministic hardware requirements

commit b34815a9dfde8117865ef26c0e2d5b514c020f4f
Author: Toporin <[email protected]>
Date:   Sat Sep 28 16:26:55 2019 +0200

    minor changes: clean up code

commit 83cbdca805ed5d7d46a98f5fc5cdf722e5bdf45f
Author: Toporin <[email protected]>
Date:   Fri Sep 27 16:17:01 2019 +0200

    Patch windows build: in deterministic.spec

    binaries += [(C:/python*/Lib/site-packages/smartcard/scard/_scard.cp36-win32.pyd, '.')]

commit ed0439418b6647ebe3415ce9018d32516b0c2d70
Author: Toporin <[email protected]>
Date:   Fri Sep 27 15:14:30 2019 +0200

    removed constant PYHOME = 'c:/python3.6.8' in deterministic.spec

    use constant defined in _build.sh

commit 63da13e4a7e80a6a32d7f2cfd9652c6d93429cd6
Author: Toporin <[email protected]>
Date:   Mon Sep 23 21:15:34 2019 +0200

    minor changes in packaging scripts

commit 1dfed0331187275131e4fe251a06f4be93f44b7f
Author: Toporin <[email protected]>
Date:   Mon Sep 23 21:08:48 2019 +0200

    minor change: removed old readme file

commit a0235aaa8868a782d6e1393ff793f20f7be7ad26
Author: Alcofribas4 <[email protected]>
Date:   Mon Sep 23 14:03:51 2019 +0200

    Merge branch 'master' of https://github.com/Electron-Cash/Electron-Cash into HEAD

    # Conflicts:
    #	README.rst
    #	contrib/build-wine/_build.sh
    #	gui/qt/icons.py

commit d69fd5ce5008c2022c290210804eaf6edc935e41
Author: Toporin <[email protected]>
Date:   Fri Sep 20 12:34:49 2019 +0200

    Electron Cash 4.0.8-0.8: support for Satochip v0.8-0.1

    Merge branch 'pin-seed-mgmt'
    * Add support for PIN change and seed reset
    * 2FA required to sign tx/msg and reset seed/eckey/2FA.
    * 2FA can only be disabled when all privkeys are cleared.

    A new setting menu is available when clicking on the satochip logo in the low right corner of the window.
    If 2FA is enabled, resetting the seed requires approval on the second device!

    Changes:
     - card_sign_message(): support 2FA
     - card_sign_short_message(): support 2FA
     - add card_set_2FA_key()
     - add card_reset_2FA_key()
     - reset_seed(): request 2FA is required
     - setup_device(): separate setup from 2FA initialisation

    Patch: in sign-message: hmac should be of type bytes, not list

commit 1c55add58ca86bf3677eb916c649f458a6f7205c
Author: Toporin <[email protected]>
Date:   Thu Sep 19 11:42:44 2019 +0200

    Support for Satochip v0.8-0.1: reset the seed/eckey/2FA.
    2FA required to sign tx/msg and reset seed/eckey/2FA.
    2FA can only be disabled when all privkeys are cleared.

    Changes:
    - card_sign_message(): support 2FA
    - card_sign_short_message(): support 2FA
    - add card_set_2FA_key()
    - add def card_reset_2FA_key()
    - removed card_get_counter_2FA(): reset seed is based on authentikey instead of counter
    - reset_seed(): request 2FA is required
    - setup_device(): separate setup from 2FA initialisation

commit 575d29262f43c9aa4bd44d366e9b6955742525cb
Author: Toporin <[email protected]>
Date:   Thu Sep 12 13:39:37 2019 +0200

    Add support for PIN change and seed reset

    A new setting menu is available when clicking on the satochip logo in the low right corner of the window.
    If 2FA is enabled, resetting the seed requires approval on the second device!

commit 3ae32bd607a4bde717f6cd48d289e48535d8391a
Author: Toporin <[email protected]>
Date:   Wed Aug 28 14:00:35 2019 +0200

    Toporin patch 1 (#1)

    Minor patch for packaging application to Windows executable.

    * Update deterministic.spec set PYHOME value
    * Update _build.sh Pyscard module: use full filename instead of pyscard.whl

commit 617c04ced1e803076e69a5dfdc3ead1d1b22ab49
Author: Toporin <[email protected]>
Date:   Mon Sep 9 11:22:34 2019 +0200

    patch error on card removal as described in https://pastebin.com/WGSWCqap

    When the card is removed and then inserted again, Electrum fails to transmit commands to the card (PIN missing).
    Patch: after card removal and reinsertion, the client retransmits commands and asks user for PIN if necessary.

commit 7bd3e0ef2b77a0df3dc827a9c8b0ee38cc7536ce
Author: Toporin <[email protected]>
Date:   Mon Aug 26 13:21:16 2019 +0200

    Electron-Cash-Satochip - Lightweight Bitcoin Cash client for the Satochip Hardware Wallet

    Initial(beta) version

* Satochip: Minor nits and fixups

Tried to clean the code a little to use the PrintError mixin class for
debug prints (which is less boilerplatey).

Also tried to clean up the code slightly.

Can't get it to talk to the SatoChip card on my mac.. will try Windows
next.

Plugins seems a bit fragile, and also it hangs the hw wizard for a while
trying to talk to the card reader. FIXME

* Updated pyscard wheel to v1.9.9

* Satochip: Added macOS packaging (pyscard module, etc) for Satochip

This relies on a pre-built wheel pyscard-1.9.9-cp36-cp36m-macosx_10_11_x86_64.whl
which we host at https://github.com/cculianu/Electron-Cash-Build-Tools/releases/tag/v1.0

I built this myself on an El Capitan system and it appears to work with
newer systems too.

We did it this way because building the pyscard module off of PyPI
requires some annoying prerequisites (such as swig3) which I would
rather not add to the build scripts.

This is not unlike a lot of our other packaging stuff where we don't
feel like re-building the world and are ok with downloading some
binaries.

* Satochip: We moved the location of the hosted pyscard wheel to our repo

This should make the WINE build more reliable.  It was failing as
appveyor would sometimes be down.

* Satochip: Bumped pyscard module we download to 1.9.9 for WINE build

* Satochip follow-up: Forgot to set the PYSCARD_FILENAME in the ...

... WINE _build.sh script.

* Minor changes: reduced smartcard timout and updated satochip version support

* Rebuilt icons.py for paranoia's sake after SatoChip additions
markblundeberg pushed a commit that referenced this issue Aug 11, 2020
@Toporin @Alcofribas4 @cculianu
Update plugin for Satochip hardware wallet to support latest firmware…
aaa3f34 
… v0.11 (Electron-Cash#1915)

* Electron-Cash-Satochip - Lightweight Bitcoin Cash client for the Satochip Hardware Wallet

Initial(beta) version

* Toporin patch 1 (#1)

Minor patch for packaging application to Windows executable.

* Update deterministic.spec set PYHOME value
* Update _build.sh Pyscard module: use full filename instead of pyscard.whl

* patch error on card removal as described in https://pastebin.com/WGSWCqap

When the card is removed and then inserted again, Electrum fails to transmit commands to the card (PIN missing).
Patch: after card removal and reinsertion, the client retransmits commands and asks user for PIN if necessary.

* Add support for PIN change and seed reset

A new setting menu is available when clicking on the satochip logo in the low right corner of the window.
If 2FA is enabled, resetting the seed requires approval on the second device!

* Support for Satochip v0.8-0.1: reset the seed/eckey/2FA.
2FA required to sign tx/msg and reset seed/eckey/2FA.
2FA can only be disabled when all privkeys are cleared.

Changes:
- card_sign_message(): support 2FA
- card_sign_short_message(): support 2FA
- add card_set_2FA_key()
- add def card_reset_2FA_key()
- removed card_get_counter_2FA(): reset seed is based on authentikey instead of counter
- reset_seed(): request 2FA is required
- setup_device(): separate setup from 2FA initialisation

* Electron Cash 4.0.8-0.8: support for Satochip v0.8-0.1

Merge branch 'pin-seed-mgmt'
* Add support for PIN change and seed reset
* 2FA required to sign tx/msg and reset seed/eckey/2FA.
* 2FA can only be disabled when all privkeys are cleared.

A new setting menu is available when clicking on the satochip logo in the low right corner of the window.
If 2FA is enabled, resetting the seed requires approval on the second device!

Changes:
 - card_sign_message(): support 2FA
 - card_sign_short_message(): support 2FA
 - add card_set_2FA_key()
 - add card_reset_2FA_key()
 - reset_seed(): request 2FA is required
 - setup_device(): separate setup from 2FA initialisation

Patch: in sign-message: hmac should be of type bytes, not list

* Merge branch 'master' of https://github.com/Electron-Cash/Electron-Cash into HEAD

# Conflicts:
#	README.rst
#	contrib/build-wine/_build.sh
#	gui/qt/icons.py

* Satochip merge from Toporin/electrum branch electron-cash-satochip-pr4.0.11-0.8

This resolves some of the conflicts that arose since Toporin forked his
branch in early September and EC has changed since then.  It's basically
rebased off latest EC master, adding Toporin's commits, with minor
whitespace and/or comment nits.

Still a work in progress.

Original commits:

----

Squashed commit of the following:

commit b9ba208e21cc28d25fac24a701d4eb6307e71fb2
Author: Calin Culianu <[email protected]>
Date:   Wed Nov 6 13:05:24 2019 +0200

    Whitespace and other nits

commit 0a05d94829b7de0711eb930091cdc6ba8f84fc88
Author: Toporin <[email protected]>
Date:   Wed Oct 2 12:04:44 2019 +0200

    Buil appImage and install swig+pcsd package in docker file
    Add pyscard in requirements

commit b91714b637f4a228d0c1afbb15ef4bc199dd8720
Author: Toporin <[email protected]>
Date:   Wed Oct 2 12:01:30 2019 +0200

    Build Swig (needed to build pyscard)

commit e2ff56d461f3b27a8fc10f4f2f39cc288762dd7f
Author: Toporin <[email protected]>
Date:   Wed Oct 2 10:03:40 2019 +0200

    Add pyscard 1.9.9 in deterministic hardware requirements

commit b34815a9dfde8117865ef26c0e2d5b514c020f4f
Author: Toporin <[email protected]>
Date:   Sat Sep 28 16:26:55 2019 +0200

    minor changes: clean up code

commit 83cbdca805ed5d7d46a98f5fc5cdf722e5bdf45f
Author: Toporin <[email protected]>
Date:   Fri Sep 27 16:17:01 2019 +0200

    Patch windows build: in deterministic.spec

    binaries += [(C:/python*/Lib/site-packages/smartcard/scard/_scard.cp36-win32.pyd, '.')]

commit ed0439418b6647ebe3415ce9018d32516b0c2d70
Author: Toporin <[email protected]>
Date:   Fri Sep 27 15:14:30 2019 +0200

    removed constant PYHOME = 'c:/python3.6.8' in deterministic.spec

    use constant defined in _build.sh

commit 63da13e4a7e80a6a32d7f2cfd9652c6d93429cd6
Author: Toporin <[email protected]>
Date:   Mon Sep 23 21:15:34 2019 +0200

    minor changes in packaging scripts

commit 1dfed0331187275131e4fe251a06f4be93f44b7f
Author: Toporin <[email protected]>
Date:   Mon Sep 23 21:08:48 2019 +0200

    minor change: removed old readme file

commit a0235aaa8868a782d6e1393ff793f20f7be7ad26
Author: Alcofribas4 <[email protected]>
Date:   Mon Sep 23 14:03:51 2019 +0200

    Merge branch 'master' of https://github.com/Electron-Cash/Electron-Cash into HEAD

    # Conflicts:
    #	README.rst
    #	contrib/build-wine/_build.sh
    #	gui/qt/icons.py

commit d69fd5ce5008c2022c290210804eaf6edc935e41
Author: Toporin <[email protected]>
Date:   Fri Sep 20 12:34:49 2019 +0200

    Electron Cash 4.0.8-0.8: support for Satochip v0.8-0.1

    Merge branch 'pin-seed-mgmt'
    * Add support for PIN change and seed reset
    * 2FA required to sign tx/msg and reset seed/eckey/2FA.
    * 2FA can only be disabled when all privkeys are cleared.

    A new setting menu is available when clicking on the satochip logo in the low right corner of the window.
    If 2FA is enabled, resetting the seed requires approval on the second device!

    Changes:
     - card_sign_message(): support 2FA
     - card_sign_short_message(): support 2FA
     - add card_set_2FA_key()
     - add card_reset_2FA_key()
     - reset_seed(): request 2FA is required
     - setup_device(): separate setup from 2FA initialisation

    Patch: in sign-message: hmac should be of type bytes, not list

commit 1c55add58ca86bf3677eb916c649f458a6f7205c
Author: Toporin <[email protected]>
Date:   Thu Sep 19 11:42:44 2019 +0200

    Support for Satochip v0.8-0.1: reset the seed/eckey/2FA.
    2FA required to sign tx/msg and reset seed/eckey/2FA.
    2FA can only be disabled when all privkeys are cleared.

    Changes:
    - card_sign_message(): support 2FA
    - card_sign_short_message(): support 2FA
    - add card_set_2FA_key()
    - add def card_reset_2FA_key()
    - removed card_get_counter_2FA(): reset seed is based on authentikey instead of counter
    - reset_seed(): request 2FA is required
    - setup_device(): separate setup from 2FA initialisation

commit 575d29262f43c9aa4bd44d366e9b6955742525cb
Author: Toporin <[email protected]>
Date:   Thu Sep 12 13:39:37 2019 +0200

    Add support for PIN change and seed reset

    A new setting menu is available when clicking on the satochip logo in the low right corner of the window.
    If 2FA is enabled, resetting the seed requires approval on the second device!

commit 3ae32bd607a4bde717f6cd48d289e48535d8391a
Author: Toporin <[email protected]>
Date:   Wed Aug 28 14:00:35 2019 +0200

    Toporin patch 1 (#1)

    Minor patch for packaging application to Windows executable.

    * Update deterministic.spec set PYHOME value
    * Update _build.sh Pyscard module: use full filename instead of pyscard.whl

commit 617c04ced1e803076e69a5dfdc3ead1d1b22ab49
Author: Toporin <[email protected]>
Date:   Mon Sep 9 11:22:34 2019 +0200

    patch error on card removal as described in https://pastebin.com/WGSWCqap

    When the card is removed and then inserted again, Electrum fails to transmit commands to the card (PIN missing).
    Patch: after card removal and reinsertion, the client retransmits commands and asks user for PIN if necessary.

commit 7bd3e0ef2b77a0df3dc827a9c8b0ee38cc7536ce
Author: Toporin <[email protected]>
Date:   Mon Aug 26 13:21:16 2019 +0200

    Electron-Cash-Satochip - Lightweight Bitcoin Cash client for the Satochip Hardware Wallet

    Initial(beta) version

* Satochip: Minor nits and fixups

Tried to clean the code a little to use the PrintError mixin class for
debug prints (which is less boilerplatey).

Also tried to clean up the code slightly.

Can't get it to talk to the SatoChip card on my mac.. will try Windows
next.

Plugins seems a bit fragile, and also it hangs the hw wizard for a while
trying to talk to the card reader. FIXME

* Updated pyscard wheel to v1.9.9

* Satochip: Added macOS packaging (pyscard module, etc) for Satochip

This relies on a pre-built wheel pyscard-1.9.9-cp36-cp36m-macosx_10_11_x86_64.whl
which we host at https://github.com/cculianu/Electron-Cash-Build-Tools/releases/tag/v1.0

I built this myself on an El Capitan system and it appears to work with
newer systems too.

We did it this way because building the pyscard module off of PyPI
requires some annoying prerequisites (such as swig3) which I would
rather not add to the build scripts.

This is not unlike a lot of our other packaging stuff where we don't
feel like re-building the world and are ok with downloading some
binaries.

* Satochip: We moved the location of the hosted pyscard wheel to our repo

This should make the WINE build more reliable.  It was failing as
appveyor would sometimes be down.

* Satochip: Bumped pyscard module we download to 1.9.9 for WINE build

* Satochip follow-up: Forgot to set the PYSCARD_FILENAME in the ...

... WINE _build.sh script.

* Minor changes: reduced smartcard timout and updated satochip version support

* remove is_restoring parameter (from Electrum)

credit goes to https://github.com/jcramer
simpleledger@dc356af

* Patch "Recovered authentikey does not correspond to registered authentikey" error

When using passphrase with seed, I am sometimes getting an error: Recovered authentikey does not correspond to registered authentikey!
See simpleledger#101 (comment)

* Update requirements-hw.txt

Nit: Remove a space, add newline at the end

* Update satochip.pr

`self` is not defined in this context. Fixed.

Co-authored-by: Alcofribas4 <[email protected]>
Co-authored-by: Calin Culianu <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@markblundeberg