Skip to content

Commit

Permalink
add missing checks
Browse files Browse the repository at this point in the history 
Co-authored-by: teor <[email protected]>
  • Loading branch information
@oxarbitrage @teor2345 @dconnolly
2 people authored and dconnolly committed Jun 15, 2021
1 parent c0688b0 commit 00190de
Showing 1 changed file with 6 additions and 3 deletions.
9 changes: 6 additions & 3 deletions rfcs/0001-messages.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -261,12 +261,14 @@ The following rules must be implemented:
- Each jubjub type must be validated during deserialization.
- `share_commitments`:
- Length must be less than or equal to `MAX_SIGNER_PARTICIPANT_ID`.
- Lenght must be at least `MIN_SIGNERS` (`2` signers).
- Length must be at least `MIN_SIGNERS` (`2` signers).
- Duplicate `ParticipantId`s are invalid. This is implicit in the use of `BTreeMap` during serialization, but must be checked during deserialization.
- Commitments must be serialized in ascending numeric `ParticipantId` order. This is the order of `BTreeMap.iter` during serialization, but must be checked during deserialization.
- `signing_commitments`:
- Length must be less than or equal to `MAX_SIGNER_PARTICIPANT_ID`.
- Signing packages that contain duplicate `ParticipantId`s are invalid. This is implicit in the use of `BTreeMap`.
- Signing packages must serialize in ascending numeric `ParticipantId` order. This is the order of `BTreeMap.iter`.
- Length must be at least `MIN_THRESHOLD` (`2` required signers).
- Signing packages that contain duplicate `ParticipantId`s are invalid. This is implicit in the use of `BTreeMap` during serialization, but must be checked during deserialization.
- Signing packages must serialize in ascending numeric `ParticipantId` order. This is the order of `BTreeMap.iter` during serialization, but must be checked during deserialization..
- `message`: signed messages have a protocol-specific length limit. For Zcash, that limit is the maximum network protocol message length: `2^21` bytes (2 MB).

## Serialization/Deserialization
Expand Down Expand Up @@ -377,6 +379,7 @@ The following are a few things this RFC is not considering:
- This is particularly important for `SigningPackage`s, which only need a threshold of participants to continue.
- Messages larger than 4 GB are not supported on 32-bit platforms.
- Implementations should validate that message lengths are lower than a protocol-specific maximum length, then allocate message memory.
- Implementations should distinguish between FROST messages from different signature schemes using implementation-specific mechanisms.

### State-Based Validation

Expand Down

0 comments on commit 00190de

Please sign in to comment.