diff --git a/content/docs/rfcs/11/README.md b/content/docs/rfcs/11/README.md index cb097cab..7a959a28 100644 --- a/content/docs/rfcs/11/README.md +++ b/content/docs/rfcs/11/README.md @@ -150,7 +150,7 @@ Spam protection is partly provided by GossipSub v1.1 through [scoring mechanism] At a high level, peers utilize a scoring function to locally score the behavior of their connections and remove peers with a low score. `11/WAKU2-RELAY` aims at enabling an advanced spam protection mechanism with economic disincentives by utilizing Rate Limiting Nullifiers. In a nutshell, peers must conform to a certain message publishing rate per a system-defined epoch, otherwise, they get financially penalized for exceeding the rate. -More details on this new technique can be found in [`17/WAKU-RLN`](/spec/17). +More details on this new technique can be found in [`17/WAKU-RLN-RELAY`](/spec/17). - Providing **Unlinkability**, **Integrity** and **Authenticity** simultaneously: diff --git a/content/docs/rfcs/17/README.md b/content/docs/rfcs/17/README.md index f4ed3949..ae3130e3 100644 --- a/content/docs/rfcs/17/README.md +++ b/content/docs/rfcs/17/README.md @@ -1,6 +1,6 @@ --- slug: 17 -title: 17/WAKU-RLN +title: 17/WAKU-RLN-RELAY name: Waku v2 RLN Relay status: raw tags: waku-core @@ -128,17 +128,62 @@ Nodes MAY extend the [14/WAKU2-MESSAGE](/spec/14) with a `proof` field to indic syntax = "proto3"; +message RateLimitProof { + bytes proof = 1; + bytes merkle_root = 2; + bytes epoch = 3; + bytes share_x = 4; + bytes share_y = 5; + bytes nullifier = 6; +} + message WakuMessage { bytes payload = 1; string contentTopic = 2; uint32 version = 3; double timestamp = 4; -+ bytes proof = 21; ++ RateLimitProof rate_limit_proof = 21; } ``` +## WakuMessage + +`rate_limit_proof` holds the information required to prove that the message owner has not exceeded the message rate limit. + +## RateLimitProof + +The `proof` field is an array of 256 bytes and carries the zkSNARK proof as explained in the [Publishing process](##Publishing). +The proof asserts that: +1. The message publisher is the current member of the group i.e., her/his identity commitment key is part of the membership group Merkle tree with the root `merkleRoot`. +2. `share_x` and `share_y` are correctly computed. +3. The `nullifier` is constructed correctly. + +Other fields of the `RateLimitProof` message are the public inputs to the rln circuit and used for the generation of the `proof`. + +The `merkleRoot` is an array of 32 bytes which holds the root of membership group Merkle tree at the time of publishing the message. + +The `epoch` is an array of 32 bytes that represents the epoch in which the message is published. + + +`share_x` and `share_y` are shares of the user's identity key. +These shares are created using [Shamir secret sharing scheme](##Publishing). +`share_x` is an array of 32 bytes and contains the hash of the `WakuMessage`'s `payload` concatenated with its `contentTopic`. + +`share_y` is also an array of 32 bytes which is calculated using [Shamir secret sharing scheme](##Publishing). + +The `nullifier` is an internal nullifier which allows specifying whether two messages are published by the same publisher during the same `epoch`. +It is an array of 32 bytes. + +# References + +1. [RLN documentation](https://hackmd.io/tMTLMYmTR5eynw2lwK9n1w?view) +2. [Public inputs to the rln circuit](https://hackmd.io/tMTLMYmTR5eynw2lwK9n1w?view#Public-Inputs) +3. [Shamir secret sharing scheme used in RLN](https://hackmd.io/tMTLMYmTR5eynw2lwK9n1w?view#Linear-Equation-amp-SSS) +4. [RLN internal nullifier](https://hackmd.io/tMTLMYmTR5eynw2lwK9n1w?view#Nullifiers) + # Copyright Copyright and related rights waived via [CC0](https://creativecommons.org/publicdomain/zero/1.0/). +