Oddbean new post about | logout
Egge | 5 months ago (raw) | root | parent | reply | flag 
 GM 🔥

What is the performance impact of verification vs. JSON parsing ?
mleku | 5 months ago (raw) | root | parent | reply | flag 
 if the question is "schnorr signature verification" and your code assumes the ID is correct, then it's just a simple schnorr signature verification against the signature bytes

if your code validates the ID is maybe not correct, you have to convert to the canonical form and derive the hash of this, so, it depends on how deep you want to do the validation

the fact is that right now on the network, the only events i've seen that are now frequently failing to generate correct IDs are zaps that seem to be associated with either mutiny or alby lightning wallets, and they are unusual events because they contain embedded JSON inside the tags

the signatures are then on these in correct ID hashes and thus they are actually invalid events

nobody is checking for this afaik but i've reported it to alby and mutiny but no idea if they have fixed it, it looks like they have, because i don't see this ID check fail anymore
Vitor Pamplona | 5 months ago (raw) | root | parent | reply | flag +2 
 Amethyst's checks IDs and schnorr in every event, even duplicates to make sure the seenOn relay is accurate (the event must be valid in that relay).
mleku | 5 months ago (raw) | root | parent | reply | flag 
 this needs to be standard, good to hear
Vitor Pamplona | 5 months ago (raw) | root | parent | reply | flag +2 
 It has been like that since our first version. There has never been unverified events on any Amethyst, ever. 

This is not hard. Especially if the client only works with a few NIPs and has reduced exposure to different event kinds.
mleku | 5 months ago (raw) | root | parent | reply | flag +1 
 i know! idk how even someone gets to being a programmer of a cryptographically secured protocol without having this basic knowledge!