Skip to content

Commit

Permalink
Restore indybesu contract and cl contract storage approach
Browse files Browse the repository at this point in the history
Signed-off-by: artem.ivanov <[email protected]>
  • Loading branch information
Artemkaaas committed Feb 14, 2024
1 parent 2051546 commit 1539088
Show file tree
Hide file tree
Showing 114 changed files with 6,299 additions and 2,718 deletions.
9 changes: 5 additions & 4 deletions docs/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -10,15 +10,16 @@

- Network Permission modules:
- [Auth](design/auth.md) - control user permissions
- role control - manage roles assigned to accounts
- role control - manage roles assigned to accounts
- access control - first level validation: whether to accept write transactions (execute target contract method) from a given account
- [Upgrading contracts](design/upgradability.md) - control versions of deployed contracts (proposing and approving new versions).
- [Validators node management](design/network.md) - control the list of network validator nodes
- Identity:
- [DID Method](design/did-method.md) - Supported DID method
- Identity:
- [DID Methods](design/did-methods.md) - Supported DID method
- [IndyBesu DID Registry](design/indybesu-did-registry.md) - `indybesu` DID Registry
- [CL Registry](design/cl-registry.md)
- [Client](design/vdr.md) - design of VDR library

### Migration documents

- [Indy Migration](migration/migration.md)
Expand Down
254 changes: 114 additions & 140 deletions docs/design/cl-registry.md
Original file line number Diff line number Diff line change
@@ -1,16 +1,5 @@
# CL Registry

## Design

Smart contracts for schema and credential definition registries are designed to follow an approach used for DID:ethr
method:

* Contract Events are used for storing data
* Contracts hold mapping for more efficient events look up
* Gas efficient data types are used in contract method
* Provided methods for delegating signing
* Nonce is not needed because only `create` methods provided (no `update` method)

## Schema

### ID Syntax
Expand All @@ -20,117 +9,111 @@ method:
| parameter | value |
|-------------|-----------------------------------------------------------------|
| id | “did:” method-name “:” namespace “:” method-specific-id |
| method-name |ethr” |
| method-name |indybesu”, “ethr” |
| namespace | “testnet”/"mainnet" |
| indy-id | <issuer_did>/anoncreds/v0/SCHEMA/<schema_name>/<schema_version> |

```
Example: did:ethr:mainnet:Y6LRXGU3ZCpm7yzjVRSaGu/anoncreds/v0/SCHEMA/BasicIdentity/1.0.0
Example: did:indybesu:mainnet:0xf39fd6e51aad88f6f4ce6ab8827279cfffb92266/anoncreds/v0/SCHEMA/BasicIdentity/1.0.0
```

### Storage format

* Created schemas mapping:
* Description: Mapping to track created schemas by their id to the block number when it was created.
* Schemas collection:
* Description: Mapping holding the list of Schema ID's to their data and metadata.
* Format:
```
mapping(bytes32 id => uint block);
mapping(bytes32 id => SchemaRecord schemaRecord);
struct SchemaRecord {
bytes data;
SchemaMetadata metadata;
}
struct SchemaMetadata {
uint256 created;
}
```
* Example:
```
{
"0x8ae64c08cf45da3364623a7235a9e7d132fdc8e9f6e63858b53a90d9db32c3af": 110,
"0x8ae64c08cf45da3364623a7235a9e7d132fdc8e9f6e63858b53a90d9db32c3af": {
schema: [1,2,3,4,5,6,7,8,9,....],
metadata: {
created: 1234
},
},
...
}
```

#### Types definition

##### Schema

Schema must match to
the [specification](https://hyperledger.github.io/anoncreds-spec/#schema-publisher-publish-schema-object).

##### Schema Metadata

* `created` - timestamp of schema creation.

### Transactions (Smart Contract's methods)

Contract name: **SchemaRegistry**

#### Create a new schema

* Method: `createSchema`
* Description: Transaction to create a new AnonCreds Schema matching to the [specification](https://hyperledger.github.io/anoncreds-spec/#schema-publisher-publish-schema-object)
* Description: Transaction to create a new AnonCreds Schema
* Parameters:
* `identity` - Account address of schema issuer
* `id` - KECCAK256 hash of schema id to be created
* `schema` - AnonCreds Schema object as bytes
* `id` - Keccak hash of Schema id to be created
* `issuerId` - DID of Schema issuer
* `schema` - AnonCreds schema JSON as bytes.
* Restrictions:
* Schema id must be unique.
* Corresponding issuer account must exist and owned by sender.
* Corresponding issuer DID must exist, be active, and owned by sender.
* Format:
```
SchemaRegistry.createSchema(
address identity,
bytes32 id,
bytes schema
string calldata issuerId,
bytes calldata schema
)
```
* Raised Event:
```
SchemaCreated(bytes32 indexed id, address identity, bytes schema)`
```
* Example:
```
SchemaRegistry.createSchema(
"0x173CC02518a355040F5Faee93D3AAAb1259F010c",
"0xf39fd6e51aad88f6f4ce6ab8827279cfffb92266",
"0x8ae64c08cf45da3364623a7235a9e7d132fdc8e9f6e63858b53a90d9db32c3af",
[34, 123, 92, 34, 105, 100, 92, 34, 58, 92, 34, 100, ...]
"did:ethr:0xf39fd6e51aad88f6f4ce6ab8827279cfffb92266",
[1,2,3,4,5,6,7,8,9,....]
)
* Raised Event:
* `SchemaCreated(id, identity)`
#### Resolve schema
* Method: `createSchemaSigned`
* Description: Transaction to endorse a new AnonCreds Schema (off-chain author signature)
* Method: `resolveSchema`
* Description: Transaction to resolve Schema for giving id
* Parameters:
* `identity` - Account address of schema issuer
* `sigV` - Part of EcDSA signature.
* `sigR` - Part of EcDSA signature.
* `sigS` - Part of EcDSA signature.
* `id` - KECCAK256 hash of schema id to be created
* `schema` - AnonCreds schema object as bytes
* `id` - Keccak hash of Schema id to be resolved
* Restrictions:
* Schema id must be unique.
* Corresponding issuer account must exist and owned by sender.
* Schema must exist.
* Format:
```
SchemaRegistry.createSchemaSigned(
address identity,
uint8 sigV,
bytes32 sigR,
bytes32 sigS,
bytes32 id,
bytes schema
)
SchemaRegistry.resolveSchema(
bytes32 id
) returns (SchemaRecord sschemaRecord)
```
* Raised Event:
```
SchemaCreated(bytes32 indexed id, address identity, bytes schema)`
```
* Example:
```
SchemaRegistry.createSchemaSigned(
"0x173CC02518a355040F5Faee93D3AAAb1259F010c",
27,
[1, 2, 3, 4, 5, 6, 7, 8, ...],
[11, 21, 33, 44, 55, 73, ...],
"0x8ae64c08cf45da3364623a7235a9e7d132fdc8e9f6e63858b53a90d9db32c3af",
[34, 123, 92, 34, 105, 100, 92, 34, 58, 92, 34, 100, ...]
SchemaRegistry.resolveSchema(
"0x8ae64c08cf45da3364623a7235a9e7d132fdc8e9f6e63858b53a90d9db32c3af"
)

#### Resolve schema

In order to resolve a Schema the following steps must be done:

* Call `SchemaRegistry.created(bytes32 id)` contract method passing KECCAK256 hash of target Schema id to get the block number when the Schema was created.
* Schemas are stored in the transaction logs.
* Query log events from the whole transaction history is very inefficient lookup mechanism.
* Query ledger for `SchemaCreated` events specifying following data:
* `address`: Address of `SchemaRegistry
* `topics`: KECCAK256 hash of target Schema id as the second topic
* `from_block`: block number when the Schema was created
* `to_block`: block number when the Schema was created
* If result is empty, schema does not exist.
* If result contains more than one event, its unexpected case and ledger history is broken
* Raised Event: `None`

## Credential Definition

Expand All @@ -141,124 +124,115 @@ In order to resolve a Schema the following steps must be done:
| parameter | value |
|-------------|---------------------------------------------------------|
| id | “did:” method-name “:” namespace “:” method-specific-id |
| method-name |indy2”, “indy”, “sov”, “ethr” |
| method-name |indybesu”, “ethr” |
| namespace | “testnet”/"mainnet" |
| indy-id | <issuer_did>/anoncreds/v0/CLAIM_DEF/<schema_id>/<name> |

```
Example: did:indy2:sovrin:Gs6cQcvrtWoZKsbBhD3dQJ/anoncreds/v0/CLAIM_DEF/56495/mctc
Example: did:indybesu:sovrin:0xf39fd6e51aad88f6f4ce6ab8827279cfffb92266/anoncreds/v0/CLAIM_DEF/56495/mctc
```

### Storage format

* Created credential definitions mapping:
* Description: Mapping to track created credential definitions by their id to the block number when it was created.
* Credential Definitions collection:
* Description: Mapping holding the list of Credential Definition ID's to their data and metadata.
* Format:
```
mapping(bytes32 id => uint block);
mapping(bytes32 id => CredentialDefinitionRecord credentialDefinitionRecord);
struct CredentialDefinitionRecord {
bytes credDef;
CredentialDefinitionMetadata metadata;
}
struct CredentialDefinitionMetadata {
uint256 created;
}
```
* Example:
```
{
"0x8ae64c08cf45da3364623a7235a9e7d132fdc8e9f6e63858b53a90d9db32c3af": 110,
"0x8ae64c08cf45da3364623a7235a9e7d132fdc8e9f6e63858b53a90d9db32c3af": {
credDef: [1,2,3,4,5,6,7,8,9,....],
metadata: {
created: 1234
},
},
...
}
```

#### Types definition

##### CredentialDefinitionData

Schema must match to
the [specification](https://hyperledger.github.io/anoncreds-spec/#generating-a-credential-definition-without-revocation-support)
.

##### CredentialDefinitionMetadata

* `created` - timestamp of credential definition creation.

### Transactions (Smart Contract's methods)

Contract name: **CredentialDefinitionRegistry**

#### Create a new credential definition

* Method: `createCredentialDefinition`
* Description: Transaction to create a new AnonCreds Credential Definition matching to the [specification](https://hyperledger.github.io/anoncreds-spec/#generating-a-credential-definition-without-revocation-support)
* Description: Transaction to create a new AnonCreds Credential Definition
* Parameters:
* `identity` - Account address of credential definition issuer
* `id` - KECCAK256 hash of credential definition id to be created
* `schemaId` - KECCAK256 hash of schema id to be created
* `credDef` - AnonCreds Credential Definition object as bytes
* `id` - Keccak hash of Credential Definition id to be created
* `issuerId` - DID of Credential Definition issuer
* `schemaId` - Keccak hash of Schema id
* `credDef` - AnonCreds Credential Definition JSON as bytes
* Restrictions:
* Credential Definition must be unique.
* Corresponding issuer DID must exist and owned by sender.
* Corresponding issuer DID must exist, be active, and owned by sender.
* Corresponding schema must exist.
* Format:
```
CredentialDefinitionRegistry.createCredentialDefinition(
address identity,
bytes32 id,
string calldata issuerId,
bytes32 schemaId,
bytes credDef
bytes calldata credDef
)
```
* Raised Event:
```
CredentialDefinitionCreated(bytes32 indexed id, address identity, bytes credDef)`
```
* Example:
```
CredentialDefinitionCreated.createCredentialDefinition(
"0x173CC02518a355040F5Faee93D3AAAb1259F010c",
"0x76943530d3587e81f029e8ce20edb64f9254350d81c59ecf6b7e3ed553e9a8f6",
CredentialDefinitionRegistry.createCredentialDefinition(
"0xf39fd6e51aad88f6f4ce6ab8827279cfffb92266",
"0x8ae64c08cf45da3364623a7235a9e7d132fdc8e9f6e63858b53a90d9db32c3af",
[34, 123, 92, 34, 105, 100, 92, 34, 58, 92, 34, 100, ...]
did:ethr:0xf39fd6e51aad88f6f4ce6ab8827279cfffb92266",
0x32ds23fd23445da3364623a7235a9e7d132fdc8e9f6e63858b53adshg234je2f2",
[1,2,3,4,5,6,7,8,9,....]
)
* Raised Event:
* `CredentialDefinitionCreated(id, identity)`
#### Resolve credential definition
* Method: `createCredentialDefinitionSigned`
* Description: Transaction to endorse a new AnonCreds Credential Definition (off-chain author signature)
* Method: `resolveCredentialDefinition`
* Description: Transaction to resolve Credential Definition for giving id
* Parameters:
* `identity` - Account address of credential definition issuer
* `sigV` - Part of EcDSA signature.
* `sigR` - Part of EcDSA signature.
* `sigS` - Part of EcDSA signature.
* `id` - KECCAK256 hash of credential definition id to be created
* `schemaId` - KECCAK256 hash of schema id
* `credDef` - AnonCreds credential definition object as bytes
* `id` - Keccak hash of the Credential Definition to be resolved
* Restrictions:
* Credential Definition must be unique.
* Corresponding issuer DID must exist and owned by sender.
* Corresponding schema must exist.
* Credential Definition must exist.
* Format:
```
CredentialDefinitionRegistry.createCredentialDefinitionSigned(
address identity,
uint8 sigV,
bytes32 sigR,
bytes32 sigS,
bytes32 id,
bytes32 schemaId,
bytes credDef
)
CredentialDefinitionRegistry.resolveCredentialDefinition(
bytes32 id
) returns (CredentialDefinitionRecord credentialDefinitionRecord)
```
* Raised Event:
```
CredentialDefinitionCreated(bytes32 indexed id, address identity, bytes credDef)`
```
* Example:
```
CredentialDefinitionRegistry.createCredentialDefinitionSigned(
"0x173CC02518a355040F5Faee93D3AAAb1259F010c",
27,
[1, 2, 3, 4, 5, 6, 7, 8, ...],
[11, 21, 33, 44, 55, 73, ...],
"0x76943530d3587e81f029e8ce20edb64f9254350d81c59ecf6b7e3ed553e9a8f6",
"0x8ae64c08cf45da3364623a7235a9e7d132fdc8e9f6e63858b53a90d9db32c3af",
[34, 123, 92, 34, 105, 100, 92, 34, 58, 92, 34, 100, ...]
CredentialDefinitionRegistry.resolveCredentialDefinition(
"0x8ae64c08cf45da3364623a7235a9e7d132fdc8e9f6e63858b53a90d9db32c3af"
)

#### Resolve credential definition

In order to resolve a Credential Definition the following steps must be done:

* Call `CredentialDefinitionRegistry.created(bytes32 id)` contract method passing KECCAK256 hash of target Credential Definition id to get the block number when the Credential Definition was created.
* Credential Definitions are stored in the transaction logs.
* Query log events from the whole transaction history is very inefficient lookup mechanism.
* Query ledger for `CredentialDefinitionCreated` events specifying following data:
* `address`: Address of `CredentialDefinitionRegistry`
* `topics`: KECCAK256 hash of target Credential Definition id as the second topic
* `from_block`: block number when the Credential Definition was created
* `to_block`: block number when the Credential Definition was created
* If result is empty, Credential Definition does not exist.
* If result contains more than one event, its unexpected case and ledger history is broken
* Raised Event: `None`


Binary file modified docs/design/conmponents.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading

0 comments on commit 1539088

Please sign in to comment.