Revocation registry

[guilherme-funchal]

As part of our POC using the indy-besu VDR and credo-ts (with the credo-rest extension), we needed and therefore are trying to develop a revocation solution, as it seems it is missing in the current version of this repository.

We have only started testing it, and probably there will be modifications and improvements, but if you could take the time to give us your feedback and suggestions, it would surely be appreciated!

We tried to model our implementation having the credo-ts implementation of anoncreds in mind, and the credo-vdr interaction was based on on the indy-vdr package. We have also attempted to keep within the standards used in this repository.
Our initial design idea consists of a smart contract (RevocationRegistry.sol) that stores, for a given RevocationRegistryDefinitionId, an object following this specification. It also stores onchain a reference to the issuerId and the current accumulator for comparison when trying to update the registry.
The Revocation Status List would be built by blockchain events (RevocationRegistryEntry) emitted for a given RevocationRegistryId. The RevocationRegistryEntry contains the indexes of newly issued/revoked credentials, the new accumulator, the previous accumulator for comparison, and a timestamp.

For building the complete RevocationStatusList, one would fetch and accumulate all events up to a given timestamp, this is done offchain.

We updated the genesis generation scripts, the 'flow-with-did-ethr' demo and created some basic tests for now.

We are also working on the Rust VDR implementation, including the wasm integration with credo, with some superficial tests for now.

[Toktar]

Hello @guilherme-funchal !
That's a huge great job, thank you! Could you please fix DCO and merge conflict issues to let us start a technical review?

[guilherme-funchal]

Hello Renata, I think I solved the problem. Could you please check if everything is correct?

[Toktar]

Thank you, we started reviewing the code.
Could you also add signature for commit ec14579 Update key ?
https://github.com/hyperledger/indy-besu/pull/108/checks?check_run_id=34597775054

[guilherme-funchal]

I put a developer from my team to look at the problem.

[Artemkaaas]

Typo in the comment. Must be credential definition instead schema

[Artemkaaas]

From the gas point of view, I think it will be more efficient just to compare each element in the array rather doing hashing.

        if (a.length != b.length) {
            return false;
        }
        for (uint256 i = 0; i < a.length; i++) {
            if (a[i] != b[i]) {
                return false;
            }
        }
        return true;
        ``` 

[Artemkaaas]

this modifier looks like a duplicate of _credentialDefinitionExists

[Artemkaaas]

I believe createRevocationRegistryEntrymethod also require adding endorsing (Signed) version.

[Artemkaaas]

You can just use StringUtils.equals method to compare issuerId

[Artemkaaas]

Please add registry resolving step

[Artemkaaas]

typo: schema -> credentialDefinition

[Artemkaaas]

I think this loop does nothing because let mut revocation_list: Vec<u32> = vec![0; rev_reg_def.value.max_cred_num.try_into().unwrap()]; already create an array where all elements are 0

[Artemkaaas]

Agree with using hashset

[Artemkaaas]

It seems, can be replaced with: revocation_registry_status_list.iter().enumerate()

[Artemkaaas]

Thank @guilherme-funchal for the great contribution.
In general, I agree with your design and implementation of supporting revocation data on the ledger. Looks good. We are not really far from getting this merged.
I started doing the code review and posting comments, what can be changed and improved (too many file to complete at once)

[guilherme-funchal]

@Artemkaaas

Will you make the corrections or do you want me to try to do them?

[Artemkaaas]

@guilherme-funchal It would be better if you or your team process them.

[guilherme-funchal]

We have already started reviewing your observations and will submit them as soon as possible.

[guilherme-funchal]

@Artemkaaas

I just saw some more of your comments that we haven't addressed yet, if you can wait for the new commit.

[Toktar]

Hello @flaviocgarcia78 ,
thank you for updating this PR! Could you please fix signature in your commits?

Commit sha: 52a6898, Author: Rafael Bays Weiler, Committer: Rafael Bays Weiler; The sign-off is missing.
Commit sha: 95acb37, Author: Rafael Bays Weiler, Committer: Rafael Bays Weiler; The sign-off is missing.
Commit sha: 771f913, Author: Rafael Bays Weiler, Committer: Rafael Bays Weiler; The sign-off is missing.
Commit sha: 800bbfa, Author: Rafael Bays Weiler, Committer: Rafael Bays Weiler; The sign-off is missing.

[Toktar]

Hello @flaviocgarcia78 ,
I see that it is very close to the merge and there are only a couple of unprocessed review comments. You can also answer for review comments if there are any questions.
Feel free to ping me if review or help are needed

[guilherme-funchal]

I see that it is very close to the merge and there are only a couple of unprocessed review comments. You can also answer for review comments if there are any questions.
Feel free to ping me if review or help are needed

Hello Renata, we are reviewing the commits to address your comments. I will let you know when they are OK.

[thiagoromanos]

Hello @Toktar @Artemkaaas , I commited a new refactor of the previous code, checking every test to run smoothly, as well as the python demo using uniffi. One thing that I couldn't get working was the wasm demo, but I saw that there are some other errors on wasm demo, so I would suggest that we could fix that in another PR. I believe that I could cover all the comments, but a review should make sure of it.

[guilherme-funchal]

Hi @Toktar, is there any adjustment needed? We have implemented the integration with ACA-PY for this feature and would like to include it in the community package Pull Request refence.

[flaviocgarcia78]

Hi everyone,
I’ve implemented the suggested adjustments on the VDR library level, as discussed with @Artemkaaas. In addition, I’ve updated the project to use UniFFI version 0.29.4.
One of the main reasons for this update is that this version allows disabling the disable_java_cleaner flag, which previously limited the generated Kotlin code to run only on more recent Android versions. With this change, the library is now compatible with the Android SDK 0.26.0.
I also added some new test scenarios and adjusted the Python wrapper to reflect the UniFFI updates.
Please take a look at the latest changes and let me know your thoughts — particularly if we are close to having this code integrated into an official release.
Thanks again for your valuable feedback and collaboration!

Best regards,
Flavio

[Toktar]

Hello @flaviocgarcia78,
thank you for new commits. Looks great!
Could you please use only English language for comments, don't use images in the code(sorry, saw something like this, but can't find right now, maybe it was updated) and cherry-pick this commit for fixing pipelines #138

New changes are in the technical review. Thanks for your patience and feel free to ping me if there are any questions

[flaviocgarcia78]

Hello Renata,

Thank you for your review and helpful suggestions.
We’ve already performed the cherry-pick of the pipeline fix commit (2605af6) as requested, and we’ll make sure to follow your recommendations regarding English-only comments and code formatting going forward.

Additionally, we’ve been considering extending the besu-vdr module to support a multi-ledger approach. We believe this could enhance interoperability between different ledger networks within the same infrastructure.
We’d love to hear your thoughts on this idea and whether you think it would be a valuable direction for the project.

Best regards,
Flavio

[Artemkaaas]

#108 (comment)

@flaviocgarcia78 I would say that write operations must be validated on the contract level as much, but without growing the storage too much. For example, I think we should store the identity address of revocation registry definition owner and verify sender of revocation registry against it (it looks like we still do not perform this check in the latest version). But we cannot store all entries as they quite big in size.

[flaviocgarcia78]

#108 (comment)

@flaviocgarcia78 I would say that write operations must be validated on the contract level as much, but without growing the storage too much. For example, I think we should store the identity address of revocation registry definition owner and verify sender of revocation registry against it (it looks like we still do not perform this check in the latest version). But we cannot store all entries as they quite big in size.

#108 (comment)

@flaviocgarcia78 I would say that write operations must be validated on the contract level as much, but without growing the storage too much. For example, I think we should store the identity address of revocation registry definition owner and verify sender of revocation registry against it (it looks like we still do not perform this check in the latest version). But we cannot store all entries as they quite big in size.

@Artemkaaas,
I think the _validIssuer function that is called already guarantees this.
Best Regards

[Artemkaaas]

@flaviocgarcia78 AFAIR it checks existence and ownership of DID but do not check that actor is ownership of revocation registry. For the creating rest anoncreds entities it is sufficient check, but for posting revocation registry we also need an addition one to ensure entry sender is owner of registry definition.

[flaviocgarcia78]

@flaviocgarcia78 AFAIR it checks existence and ownership of DID but do not check that actor is ownership of revocation registry. For the creating rest anoncreds entities it is sufficient check, but for posting revocation registry we also need an addition one to ensure entry sender is owner of registry definition.

Thanks @Artemkaaas, you’re right — that’s the correct behavior. I’ll make the necessary adjustment and resubmit the update.
Please let me know if you noticed any other points in the latest changes so I can address them as soon as possible.
We’re looking forward to your approval of the PR.

[flaviocgarcia78]

@Artemkaaas / @Toktar, kindly review the adjustments made in this PR.
Thank you and best regards,
Flavio

[Toktar]

Hello @flaviocgarcia78 ,
thanks for new changes! Could you please take a look at this comment? 8cccb52#r1891558171
I think it could become actual in last your commits
all other comments/changes are approved

Best regards,
Renata

[flaviocgarcia78]

Hello @flaviocgarcia78 , thanks for new changes! Could you please take a look at this comment? 8cccb52#r1891558171 I think it could become actual in last your commits all other comments/changes are approved

Best regards, Renata

Hello @Toktar,
Thanks for your message! I’ve already replied directly to the comment in 8cccb52 and addressed the point in the last commit.
Please let me know if you need any additional adjustment or clarification.

Best regards,
Flavio