Rename "rand"/"hash" to "salt"/"commitment" in name_new and name_firstupdate
JeremyRand opened this issue · 4 comments
Is your feature request related to a problem? Please describe.
The use of the word "rand" to describe the parameter passed from the name_new result to name_firstupdate is unfortunate and misleading. Its security properties do not depend on it being random (indeed, we currently derive it deterministically since #422 was merged), and randomness does not meaningfully convey the parameter's purpose. The correct cryptographic term is a "salt" (the data contained in a name_new output is a "salted commitment"). Similarly, referring to the commitment as a "hash" is confusing, because it is not clear what data is being hashed or what the purpose of the hash is.
Describe the solution you'd like
In all places where the RPC API mentions "rand" or "hash" (e.g. in the name_new and name_firstupdate RPC methods, and the name operation verbose display used in various RPC methods), they should be replaced with "salt" and "commitment".
Describe alternatives you've considered
N/A.
Additional context
This will break software that expects the old parameter names, but I'm pretty sure the number of such downstream software packages is near zero, and they should be able to cope easily.
I agree with replacing rand for salt, because rand is strictly incorrect.
I disagree with replacing hash for commitment because:
- "commitment" is longer than "hash", and this is ugly.
- It is a hash, so it's not really incorrect.
- "salt" and "hash" go together nicely, like "salted hash" is a phrase we've all heard many times before.
- "commitment" doesn't either really describe what's being committed to or what the purpose of the commitment is.
I agree with @yanmaani. Replacing rand with salt is definitely an improvement. Not sure about hash, although I'd be fine with it as well if others prefer to change it, too.
FWIW I asked Ryan whether "hash" or "commitment" is a better term cryptographically, and they said "commitment" is preferred. They also said that "commitment hash" might be even better, but I think that's too long.
Maybe so, but "hash" is not inaccurate, and "commitment" is less than 2.5x better.