Continuing the conversation in: Recommended usage of CertifiedData - #14 by skilesare
I’ve taken the liberty to set up: Motoko Playground - DFINITY so that we can reason about this.
Super simple. addItem associates a Nat with another Nat. It also adds the key and value to a Merkle tree as provided by @nomeata . The return is a tuple (data put into CertifiedData.set(the hashTree of the MerkleTree), the witness to the object in the tree).
When you getItem(item) I return a tuple (key, the certificate as returned by CertifedData.getCertificate, the current witness to the item, the root of the MerkleTree).
I’ve messed with MerkleTrees a good bit, but am not really an expert. I’m missing a number of things here that would be nice to solve for:
Why isn’t the root part of the witness? I’m guessing there is a theoretical function in MerkleTree called proveWitness(root, witness) that will roll up the witness from the bottom by hashing the items at each leaf and confirm that they roll up to the top where you should find the MerkleRoot. Seems like this root should be part of the witness. Maybe a #root(Hash, Witness, Witness)?
Why isn’t there a function to do this in MerkleTree? It doesn’t seem like that bad of a function to write if I can get a couple of assumptions cleared.
a). how is
//this let keyPrefix = hp(k); let keyHash = prefixToHash(keyPrefix); //different from this let valueHash = h(v); //hp takes the sha256 and prefix converts it to a blob // h does both in the same function; can this be refactored?
b)Looks like the leafs and forks get a prefix all the time? or just sometimes? see mkLeaf, mkFork
The certificate looks like a long blob. I’m guessing there exists a function verifyCertificate(cert, data) that will confirm the certificate for the data. In this case the data is the Merkle root.
a). What is the function and what is the output?
b). Is one of the outputs the current Signing Key for MainNet?
c). If so how do I get that?
I also think that I probably shouldn’t be returning the certificate in my getItem and instead provide just the witness and data. I should get the certificate somewhere else. Where do I get it? I’m guessing it is a system canister call, but I can’t seem to find it on ICRocks anywhere.
I don’t want to mess around with writing a witness prover if a new paradigm is “coming soon” © Dom.