Some suggestions and questions for ZIP-231 (memo bundles) #990
Conversation
| "Memo" - A message or piece of data that a sender wishes to communicate to one | ||
| or multiple recipients. | ||
|
|
||
| "Memo bundle" - A collection of encrypted memo chunks that is stored independently | ||
| from the transaction outputs. | ||
|
|
||
| "Memo chunk" - A fixed-size segment of the memo. During transaction construction, | ||
| a memo is split into chunks and each chunk is individually encrypted. | ||
|
|
||
| "Memo key" - A cryptographic key generated randomly for each output containing | ||
| memo data. The memo key is stored in the output and is used by the recipient to | ||
| derive the encryption key needed to decrypt the corresponding memo chunks in the | ||
| memo bundle. | ||
|
|
||
| "Salt" - A random value generated for each memo bundle. This salt is used to | ||
| derive the symmetric encryption key that encrypts each memo chunk. | ||
|
|
There was a problem hiding this comment.
I think some glossary here around the different "memo" terminology will be useful.
| @@ -159,7 +176,7 @@ as follows: | |||
|
|
|||
| $\hspace{2em}\mathsf{IETF\_AEAD\_CHACHA20\_POLY1305}(\mathsf{encryption\_key}, \mathsf{nonce}, \mathsf{memo\_chunk})$ | |||
|
|
|||
| where $\mathsf{nonce} = \mathsf{I2BEOSP}_{88}(\mathsf{counter}) \,||\, [\mathsf{final\_chunk}]$. | |||
| where $\mathsf{nonce} = \mathsf{I2BESP}_{88}(\mathsf{counter}) \,||\, [\mathsf{final\_chunk}]$. | |||
There was a problem hiding this comment.
I was not able to find I2BEOSP so i assumed it is I2BESP but not sure.
| @@ -213,7 +230,7 @@ wrong counter value), ensuring that a malformed memo is not returned. | |||
| | Bytes | Name | Data Type | Description | | |||
| |----------|---------------|--------------------------------|--------------------------------------------------------------| | |||
| | 1 | `fAllPruned` | `uint8` | 1 if all chunks have been pruned, otherwise 0. | | |||
| | 32 | `nonceOrHash` | `byte[32]` | The nonce for deriving encryption keys, or the overall hash. | | |||
| | 32 | `saltOrHash` | `byte[32]` | The salt for deriving encryption keys, or the overall hash. | | |||
There was a problem hiding this comment.
I think nonce here gets confused with the nonce we create for each chunk encryption.
|
In addition to the previous suggestions, I have some questions regarding the pruning mechanism, which I still don't fully understand. Specifically, what is the main rationale behind memo pruning? It seems pruning allows nodes to reduce storage overhead. However, I'm unclear on how a node is provided with the key to safely prune a particular memo. More details in that subject will be nice. I haven't looked closely at the fee sections, as they appear to be still a work in progress. One part that confuses me is the statement: "A memo bundle may contain two free chunks if there are any shielded outputs in the transaction." Can we clarify ? |
Hi, i mentioned in an Arborist call that i had some problems understanding this ZIP. I was able to work around most of my doubts but i have some concrete suggestions and questions. Feel free to discard some or all of them.