umbra-protocol icon indicating copy to clipboard operation
umbra-protocol copied to clipboard
verified publisher icon ScopeLift

add view tags for speeding up scanning

Open noot opened this issue 3 years ago • 2 comments

hey I'm looking at your protocol, from your docs "The final consideration has to do with scanning. Because every single Announcement needs to be scanned, it can take a long time to find your finds."

have you considered something like view tags (implemented in monero) for speeding up this process? it should work w your protocol as far as I can tell. you'd only need to calculate the ECDH key for each Announcement instead of having to decrypt the secret, calculate the shared private key, and derive a_stealth each time. you'd have to add 1 byte to the Announcement event that is the first byte of the ECDH key, so for each announcement, you'd only need to derive the ECDH key and 255/256 times skip the rest of the steps.

here's the original idea: https://github.com/monero-project/research-lab/issues/73

noot avatar Aug 11 '22 18:08 noot

Ah this is really clever, thanks! Haven't seen that before.

Adding the 1 byte of the ECDH key to the Announcement would reduce security by 1 byte though, right? In the linked issue they suggest hashing the ECDH key and including the first n bytes (where n was up for discussion), which is interesting:

  • I think hashing is a lot faster than elliptic curve multiplication, so that seems like a worthwhile tradeoff to keep that extra 1 byte of security.
  • Then if you're hashing it, you could safely emit between more than just 1 byte of info and improve the speedup from only computing 1/256 addresses to something even smaller. We have to emit a full 32 byte param in the event anyway, so we get the extra bytes here roughly for free (I don't think LOG costs differentiate zero vs. non-zero bytes).

The main downside is that we need to deploy a new contract which would be a bit of a pain since indexing/scanning now needs to track two contracts, but definitely like the idea.

mds1 avatar Aug 12 '22 00:08 mds1

@mds1 yep, hashing it and emitting more than 1 byte seems like a good idea, like you said it'll get packed to 32 bytes anyways. would reduce potentially a lot of scanning :)

I guess for the downside, could you slowly migrate to the newer version and deprecate the old one if you decide to implement this feature? not sure if this is feasible as I haven't looked fully into your architecture.

noot avatar Aug 15 '22 18:08 noot

Going to close this since view tags will not be implemented in this version of Umbra, but will be implemented once the stealth address EIP is finalized and we upgrade to support it:

  • EIP itself can be found here
  • Most recent version, not yet upstreamed, can be found in the open PR in this repo

Thanks again for the suggestion @noot!

mds1 avatar Feb 06 '23 17:02 mds1