ACP/ThresholdMessageKit Work

[derekpierre]

Type of PR:

• Bugfix
• Feature
• Documentation
• Other

Required reviews:

• 1
• 2
• 3

What this does:

High-level idea of the changes introduced in this PR.
List relevant API changes (if any), as well as related PRs and issues.

Issues fixed/closed:
Depends on nucypher/ferveo#156
Related to nucypher/nucypher#3194

Why it's needed:

Explain how this PR fits in the greater context of the NuCypher Network.
E.g., if this PR address a nucypher/productdev issue, let reviewers know!

Notes for reviewers:

What should reviewers focus on?
Is there a particular commit/function/section of your PR that requires more attention from reviewers?

[codecov-commenter]

Codecov Report

Merging #74 (ef2568d) into main (d1a9cad) will increase coverage by 2.16%.
The diff coverage is 39.75%.

@@            Coverage Diff             @@
##             main      #74      +/-   ##
==========================================
+ Coverage   21.22%   23.38%   +2.16%     
==========================================
  Files          16       18       +2     
  Lines        3176     3540     +364     
==========================================
+ Hits          674      828     +154     
- Misses       2502     2712     +210     

Files Changed	Coverage Δ
nucypher-core-python/src/lib.rs	0.00% <0.00%> (ø)
nucypher-core-wasm/src/lib.rs	0.00% <0.00%> (ø)
nucypher-core/src/conditions.rs	53.84% <ø> (ø)
nucypher-core/src/threshold_message_kit.rs	80.70% <80.70%> (ø)
nucypher-core/src/access_control.rs	87.06% <87.06%> (ø)
nucypher-core/src/dkg.rs	89.80% <100.00%> (+0.14%)	⬆️

[fjarri]

I understand that is the solution for smooth switching from development to the production version?

Not sure how I feel about it. Seems kind of brittle. Maybe just a different type would be the way to go. You'd have to do some additional work when switching to production, but that would solidify the commitment, so to speak. The new type may still save/check the last development major version in the serialized form, to allow the usage of objects created during development, but I'm not sure how much the convenience here outweighs the safety. Perhaps it is better to force the devs to start the production objects from a clean slate.

[derekpierre]

Let's muse more about this in #75.

[fjarri]

I think it might be better to extract the permanent-support objects into a separate PR, because it's pretty important and shouldn't be mixed up with the rest of the stuff that's going on here.

[derekpierre]

I think it might be better to extract the permanent-support objects into a separate PR, because it's pretty important and shouldn't be mixed up with the rest of the stuff that's going on here.

Removed the functionality from this PR and moved to #75.

[piotr-roslaniec]

@derekpierre I just recalled your comment on Optional<&Condition> in DKG structures. Are conditions supposed to be optional here? Or is it just downstream of that optionality in the DKG structures?

[derekpierre]

It is downstream.

This is something that came to me last night, but it pervades many types in nucypher-core (ThresholdDecryptionRequest, ... etc.) and I didn't have time to fix it across all of them. I think we should fix it in a separate PR. Basically for DKG types Conditions should not be Optional but should be specified. Hence I filed #76 .

[piotr-roslaniec]

I've noticed that in some places in nucypher-core, we're using { backend: InnerType } and (InnerType) in others. Perhaps we could settle on one way to define structs. It's not relevant to this PR, just a general comment on style

[piotr-roslaniec]

Using unchecked_into is type-unsafe, but it's fine here because it's a test

[piotr-roslaniec]

I'm tempted to suggest this functional approach

Suggested change

	pub fn aad(&self) -> Box<[u8]> {
	let public_key_bytes = self.public_key.to_bytes().unwrap();
	let condition_bytes = self.conditions.as_ref().unwrap().as_ref().as_bytes();
	let mut result = Vec::with_capacity(public_key_bytes.len() + condition_bytes.len());
	result.extend(public_key_bytes);
	result.extend(condition_bytes);
	result.into_boxed_slice()
	}
	pub fn aad(&self) -> Result<Box<[u8]>, Error> {
	Ok([
	self.public_key.to_bytes()?,
	self.conditions.as_ref().map(|c| c.to_bytes()).unwrap_or_else(|| Ok(vec![]))?,
	]
	.concat()
	.into_boxed_slice())
	}

Is there a good reason to unwrap() (and hence, panic) here? I take that we should always expect conditions to be present here (per discussion on optionality in DKG).

[derekpierre]

@piotr-roslaniec Can you take care of this change for me - either as part of this PR or a follow-up 🙏 ?

[piotr-roslaniec]

Sure, we can address any non-critical changes in a follow-up PR. I can take care of that once I test this PR with nucypher-ts.

[piotr-roslaniec]

Can we #[derive(Eq)] on AuthenticatedData instead? I assume there is a reason for deriving Eq in this particular way.

[derekpierre]

I may have mistakenly thought that you have to do this if you implemented PartialEq. Was that mistaken? In any case, it's not a blocker right...?

[piotr-roslaniec]

#[derive(Eq)] is an automatic way to impl Eq ..., so these are equivalent. I was just curious if there was a reason to specifically implement an empty impl Eq {} instead of deriving.

It's not a blocker, we can address it later.

[piotr-roslaniec]

While working on #77 I realized that automatic derivation of Eq is not possible since DkgPublicKey from ferveo doesn't implement it either.

So it makes sense to provide an implementation stub impl Eq {} as a workaround. We need Eq do implement ProtocolObjectInner for AccessControlPolicy. Tracking this here: nucypher/ferveo#157

[piotr-roslaniec]

Looks like a solid piece of work.

I have some comments, mostly nitpicks. AFAIK this is functionally correct.

I'm not approving yet because I want to test these changes in nucypher-ts.

[jMyles]

Just did a first read. Looks good on first read. :-)

[piotr-roslaniec]

Successfully tested in nucypher/taco-web#273