Update and rename decentralized-messaging-ethereum.md to decentralized-messaging-ethereum.md

Fix the current markdown-linting errors.

nomos/deprecated/claro.md

@@ -1,17 +1,17 @@
 ---
-slug: 38
-title: 38/CONSENSUS-CLARO
+title: CONSENSUS-CLARO
 name: Claro Consensus Protocol
-status: raw
+status: deprecated
 category: Standards Track
-tags: logos/consensus
+tags:
+  - logos/consensus
 editor: Corey Petty <corey@status.im>
 created: 01-JUL-2022
 revised: <2022-08-26 Fri 13:11Z>
 uri: <https://rdf.logos.co/protocol/Claro/1/0/0#<2022-08-26%20Fri$2013:11Z>
 contributors:
-    - Álvaro Castro-Castilla 
-    - Mark Evenson
+  - Álvaro Castro-Castilla
+  - Mark Evenson
 ---
 
 ## Abstract

status/56/communities.md

@@ -307,13 +307,27 @@ message CommunityDescription {
 
 Note: The usage of the clock is described in the [Clock](#clock) section.
 
-### Pubsub topic or shard usage
+### Functional scope and shard assignment
 
-Status network uses static sharding as explained in [Relay Sharding](https://github.com/waku-org/specs/blob/master/standards/core/relay-sharding.md#static-sharding)
+We define two special [functional scopes](../raw/status-app-protocols.md#functional-scope) for messages related to Status Communities:
 
-All communities by default use the default shard `32` for most of their messages and use shard `64` for a few specific messages like community event messages.
+1. Global community control
+2. Global community content
 
-A community can be assigned a dedicated shard (in the range of 1-1024) after creation in which case all messages of the community are sent on that specific shard except for the community event messages.
+All messages that relate to controlling communities MUST be assigned the _global community control_ scope.
+All messages that carry user-generated content for communities MUST be assigned the _global community content_ scope.
+
+> **Note:** a previous iteration of Status Communities defined separate community-wide scopes for each community.
+However, this model was deprecated and all communities now operate on a global, shared scope.
+This implies that different communities will share shards on the routing layer.
+
+The following [Waku transport layer](../raw/status-app-protocols.md#waku-transport-layer) allocations are reserved for communities:
+As per [STATUS-SIMPLE-SCALING](https://rfc.vac.dev/status/raw/simple-scaling/#relay-shards), communities use the default cluster ID `16`
+set aside for all Status app protocols.
+Within this cluster, the following [shards](../raw/status-app-protocols.md#pubsub-topics-and-sharding) are reserved for the community functional scopes:
+
+1. All messages with a _global community control_ scope MUST be published to shard `128`
+2. All messages with a _global community content_ scope MUST be published to shard `256`
 
 ### Content topic level encryption
 

status/raw/status-app-protocols.md

@@ -74,10 +74,11 @@ However, since all users of the Status app MUST be able to participate in 1:1 ch
 the functional scope of messages enabling 1:1 chats MUST be a global scope.
 Similarly, since private group chats can be set up between any subset of Status app users,
 the functional scope for messages related to private group chats MUST be global.
-As a counter-example, messages that originate within a community (and are _addressed_ to members of that community)
-are only of interest to participants that are also members of that community.
-Such messages MUST have a community-wide functional scope.
-A third group of messages are addressed only to the participant that generated those messages itself.
+Along the same principle, messages that originate within communities are of global interest
+for all users who have an interest in the Status Communities feature.
+Such messages MUST have a global functional scope,
+that can be accessed by any app users interested in communities.
+A different group of messages are addressed only to the participant that generated those messages itself.
 These _self-addressed_ messages MUST have a local functional scope.
 
 If we further make a distinction between "control" and "content" messages,
@@ -85,15 +86,19 @@ we can distinguish five distinct functional scopes.
 
 All Status messages MUST have one of these functional scopes:
 
-#### Global scope
+#### Global general scope
 
-1. _Global control_: messages enabling the basic functioning of the app to control features that all app users should be able to participate in. Examples include Contact Requests, Community Invites, global Status Updates, Group Chat Invites, etc.
+1. _Global control_: messages enabling the basic functioning of the app to control general features that all app users should be able to participate in. Examples include Contact Requests, global Status Updates, Group Chat Invites, etc.
 2. _Global content_: messages carrying user-generated content for global functions. Examples include 1:1 chat messages, images shared over private group chats, etc.
 
-#### Community scope
+#### Global community scope
 
-1._Community control_: messages enabling the basic functioning of the app to control features _only relevant to members of a specific community_. Examples include Community Membership Updates, community Status Updates, etc.
-2. _Community content_: messages carrying user-generated content _only for members of a specific community_.
+1. _Global community control_: messages enabling the basic functioning of the app to control features related to communities. Examples include Community Invites, Community Membership Updates, community Status Updates, etc.
+2. _Global community content_: messages carrying user-generated content for members of any community.
+
+> **Note:** a previous iteration of the Status Communities feature defined separate community-wide scopes for each community.
+However, this model was deprecated and all communities now operate on a global, shared scope.
+This implies that different communities will share shards on the routing layer.
 
 #### Local scope
 
@@ -104,7 +109,7 @@ It SHOULD however inform the underlying [transport layer sharding](#pubsub-topic
 In general a Status client SHOULD subscribe to participate in:
 
 - all global functions
-- (only) the community functions for communities of which it is a member, and
+- global community functions if it is interested in this feature, and
 - its own local functions.
 
 ### Content topics
@@ -205,9 +210,9 @@ It is RECOMMENDED that separate pubsub topics be used for global control message
 
 #### Community messages
 
-The application SHOULD define at least one separate pubsub topic for each separate community's control and content messages.
-The application MAY define a set of more than one pubsub topic per community to allow traffic sharding for scalability.
-It is RECOMMENDED that separate pubsub topics be used for community control messages and community content messages.
+The application SHOULD define at least one distinct pubsub topic for global community control messages and global community content messages.
+The application MAY define a set of more than one pubsub topic for global community messages to allow traffic sharding for scalability.
+It is RECOMMENDED that separate pubsub topics be used for global community control messages and global community content messages.
 
 #### Large messages
 
@@ -270,8 +275,8 @@ Full clients SHOULD use relay protocol as preferred method to subscribe to pubsu
 
 1. Global control
 2. Global content
-3. Community control, for each community of which the app user is a member
-4. Community content, for each community of which the app user is a member
+3. Global community control, if the client has activated the Status Communities feature
+4. Global community content, if the client has activated the Status Communities feature
 
 Light clients SHOULD use filter protocol to subscribe only to the content topics relevant to the user.
 
@@ -297,8 +302,8 @@ Full clients SHOULD use relay protocol to publish to pubsub topics matching the
 
 1. Global control
 2. Global content
-3. Community control, for each community of which the app user is a member
-4. Community content, for each community of which the app user is a member
+3. Global community control, if the client has activated the Status Communities feature
+4. Global community content, if the client has activated the Status Communities feature
 
 Light clients SHOULD use lightpush protocol to publish control and content messages.
 

vac/raw/sds.md

@@ -69,12 +69,17 @@ Messages MUST adhere to the following meta structure:
 ```protobuf
 syntax = "proto3";
 
+message HistoryEntry {
+  string message_id = 1; // Unique identifier of the SDS message, as defined in `Message`
+  optional bytes retrieval_hint = 2; // Optional information to help remote parties retrieve this SDS message; For example, A Waku deterministic message hash or routing payload hash
+}
+
 message Message {
   // 1 Reserved for sender/participant id
   string message_id = 2;          // Unique identifier of the message
   string channel_id = 3;          // Identifier of the channel to which the message belongs
   optional int32 lamport_timestamp = 10;    // Logical timestamp for causal ordering in channel
-  optional repeated string causal_history = 11;  // List of preceding message IDs that this message causally depends on. Generally 2 or 3 message IDs are included.
+  repeated HistoryEntry causal_history = 11;  // List of preceding message IDs that this message causally depends on. Generally 2 or 3 message IDs are included.
   optional bytes bloom_filter = 12;         // Bloom filter representing received message IDs in channel
   optional bytes content = 20;             // Actual content of the message
 }
@@ -137,6 +142,10 @@ include this in the `lamport_timestamp` field.
 and include these in an ordered list in the `causal_history` field.
 The number of message IDs to include in the `causal_history` depends on the application.
 We recommend a causal history of two message IDs.
+* the participant MAY include a `retrieval_hint` in the `HistoryEntry`
+for each message ID in the `causal_history` field.
+This is an application-specific field to facilitate retrieval of messages,
+e.g. from high-availability caches.
 * the participant MUST include the current `bloom_filter`
 state in the broadcast message.
 
@@ -151,13 +160,14 @@ Upon receiving a message,
 * the participant MUST [review the ACK status](#review-ack-status) of messages
 in its unacknowledged outgoing buffer
 using the received message's causal history and bloom filter.
-* the participant MUST include the received message ID in its local bloom filter.
+* if the message has a populated `content` field,
+the participant MUST include the received message ID in its local bloom filter.
 * the participant MUST verify that all causal dependencies are met
 for the received message.
 Dependencies are met if the message IDs in the `causal_history` of the received message
 appear in the local history of the receiving participant.
 
-If all dependencies are met,
+If all dependencies are met and the message has a populated `content` field,
 the participant MUST [deliver the message](#deliver-message).
 If dependencies are unmet,
 the participant MUST add the message to the incoming buffer of messages
@@ -207,6 +217,7 @@ For each message in the incoming buffer:
 
 * the participant MAY attempt to retrieve missing dependencies from the Store node
 (high-availability cache) or other peers.
+It MAY use the application-specific `retrieval_hint` in the `HistoryEntry` to facilitate retrieval.
 * if all dependencies of a message are met,
 the participant MUST proceed to [deliver the message](#deliver-message).
 
@@ -225,14 +236,26 @@ prioritizing **unacknowledged** messages.
 #### Periodic Sync Message
 
 For each channel of communication,
-participants SHOULD periodically send an empty-content message to maintain sync state,
-without incrementing the Lamport timestamp.
+participants SHOULD periodically send sync messages to maintain state.
+These sync messages:
+
+* MUST be sent with empty content
+* MUST include an incremented Lamport timestamp
+* MUST include causal history and bloom filter according to regular message rules
+* MUST NOT be added to the unacknowledged outgoing buffer
+* MUST NOT be included in causal histories of subsequent messages
+* MUST NOT be included in bloom filters
+* MUST NOT be added to the local log
+
+Since sync messages are not persisted,
+they MAY have non-unique message IDs without impacting the protocol.
 To avoid network activity bursts in large groups,
 a participant MAY choose to only send periodic sync messages
 if no other messages have been broadcast in the channel after a random backoff period.
 
-Participants MUST process these sync messages
-following the same steps as regular messages.
+Participants MUST process the causal history and bloom filter of these sync messages
+following the same steps as regular messages,
+but MUST NOT persist the sync messages themselves.
 
 #### Ephemeral Messages
 

vac/stagnant/decentralized-messaging-ethereum.md

@@ -1,7 +1,7 @@
 ---
 title: VAC-DECENTRALIZED-MESSAGING-ETHEREUM
 name: Decentralized Key and Session Setup for Secure Messaging over Ethereum
-status: raw
+status: stagnant
 category: informational
 editor: Ramses Fernandez-Valencia <ramses@status.im>
 contributors:

waku/standards/core/13/previous-versions/00/store.md

@@ -0,0 +1,359 @@
+---
+slug: 13
+title: 13/WAKU2-STORE
+name: Waku v2 Store
+status: draft
+tags: waku-core
+version: 00
+editor: Simon-Pierre Vivier <simvivier@status.im>
+contributors:
+  - Dean Eigenmann <dean@status.im>
+  - Oskar Thorén <oskarth@titanproxy.com>
+  - Aaryamann Challani <p1ge0nh8er@proton.me>
+  - Sanaz Taheri <sanaz@status.im>
+  - Hanno Cornelius <hanno@status.im>
+---
+
+## Abstract
+
+This specification explains the `13/WAKU2-STORE` protocol
+which enables querying of messages received through the relay protocol and
+stored by other nodes.
+It also supports pagination for more efficient querying of historical messages.
+
+**Protocol identifier***: `/vac/waku/store/2.0.0-beta4`
+
+## Terminology
+
+The term PII, Personally Identifiable Information,
+refers to any piece of data that can be used to uniquely identify a user.
+For example, the signature verification key, and
+the hash of one's static IP address are unique for each user and hence count as PII.
+
+## Design Requirements
+
+The key words “MUST”, “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”,
+“SHOULD”, “SHOULD NOT”, “RECOMMENDED”, “MAY”, and
+“OPTIONAL” in this document are to be interpreted as described in [RFC2119](https://www.ietf.org/rfc/rfc2119.txt).
+
+Nodes willing to provide the storage service using `13/WAKU2-STORE` protocol,
+SHOULD provide a complete and full view of message history.
+As such, they are required to be *highly available* and
+specifically have a *high uptime* to consistently receive and store network messages.
+The high uptime requirement makes sure that no message is missed out
+hence a complete and intact view of the message history
+is delivered to the querying nodes.
+Nevertheless, in case storage provider nodes cannot afford high availability,
+the querying nodes may retrieve the historical messages from multiple sources
+to achieve a full and intact view of the past.
+
+The concept of `ephemeral` messages introduced in
+[`14/WAKU2-MESSAGE`](../14/message.md) affects `13/WAKU2-STORE` as well.
+Nodes running `13/WAKU2-STORE` SHOULD support `ephemeral` messages as specified in
+[14/WAKU2-MESSAGE](../14/message.md).
+Nodes running `13/WAKU2-STORE` SHOULD NOT store messages
+with the `ephemeral` flag set to `true`.
+
+## Adversarial Model
+
+Any peer running the `13/WAKU2-STORE` protocol, i.e.
+both the querying node and the queried node, are considered as an adversary.
+Furthermore,
+we currently consider the adversary as a passive entity
+that attempts to collect information from other peers to conduct an attack but
+it does so without violating protocol definitions and instructions.
+As we evolve the protocol,
+further adversarial models will be considered.
+For example, under the passive adversarial model,
+no malicious node hides or
+lies about the history of messages
+as it is against the description of the `13/WAKU2-STORE` protocol.
+
+The following are not considered as part of the adversarial model:
+
+- An adversary with a global view of all the peers and their connections.
+- An adversary that can eavesdrop on communication links
+between arbitrary pairs of peers (unless the adversary is one end of the communication).
+In specific, the communication channels are assumed to be secure.
+
+## Wire Specification
+
+Peers communicate with each other using a request / response API.
+The messages sent are Protobuf RPC messages which are implemented using
+[protocol buffers v3](https://developers.google.com/protocol-buffers/).
+The following are the specifications of the Protobuf messages.
+
+### Payloads
+
+```protobuf
+syntax = "proto3";
+
+message Index {
+  bytes digest = 1;
+  sint64 receiverTime = 2;
+  sint64 senderTime = 3;
+  string pubsubTopic = 4;
+}
+
+message PagingInfo {
+  uint64 pageSize = 1;
+  Index cursor = 2;
+  enum Direction {
+    BACKWARD = 0;
+    FORWARD = 1;
+  }
+  Direction direction = 3;
+}
+
+message ContentFilter {
+  string contentTopic = 1;
+}
+
+message HistoryQuery {
+  // the first field is reserved for future use
+  string pubsubtopic = 2;
+  repeated ContentFilter contentFilters = 3;
+  PagingInfo pagingInfo = 4;
+}
+
+message HistoryResponse {
+  // the first field is reserved for future use
+  repeated WakuMessage messages = 2;
+  PagingInfo pagingInfo = 3;
+  enum Error {
+    NONE = 0;
+    INVALID_CURSOR = 1;
+  }
+  Error error = 4;
+}
+
+message HistoryRPC {
+  string request_id = 1;
+  HistoryQuery query = 2;
+  HistoryResponse response = 3;
+}
+```
+
+#### Index
+
+To perform pagination,
+each `WakuMessage` stored at a node running the `13/WAKU2-STORE` protocol
+is associated with a unique `Index` that encapsulates the following parts.
+
+- `digest`:  a sequence of bytes representing the SHA256 hash of a `WakuMessage`.
+The hash is computed over the concatenation of `contentTopic`
+and `payload` fields of a `WakuMessage` (see [14/WAKU2-MESSAGE](../14/message.md)).
+- `receiverTime`: the UNIX time in nanoseconds
+at which the `WakuMessage` is received by the receiving node.
+- `senderTime`: the UNIX time in nanoseconds
+at which the `WakuMessage` is generated by its sender.
+- `pubsubTopic`: the pubsub topic on which the `WakuMessage` is received.
+
+#### PagingInfo
+
+`PagingInfo` holds the information required for pagination.
+It consists of the following components.
+
+- `pageSize`: A positive integer indicating the number of queried `WakuMessage`s
+in a `HistoryQuery`
+(or retrieved  `WakuMessage`s in a `HistoryResponse`).
+- `cursor`: holds the `Index` of a `WakuMessage`.
+- `direction`: indicates the direction of paging
+which can be either `FORWARD` or `BACKWARD`.
+
+#### ContentFilter
+
+`ContentFilter` carries the information required for filtering historical messages.
+
+- `contentTopic` represents the content topic of the queried historical `WakuMessage`.
+  This field maps to the `contentTopic` field of the [14/WAKU2-MESSAGE](../14/message.md).
+  
+#### HistoryQuery
+
+RPC call to query historical messages.
+
+- The `pubsubTopic` field MUST indicate the pubsub topic
+of the historical messages to be retrieved.
+This field denotes the pubsub topic on which `WakuMessage`s are published.
+This field maps to `topicIDs` field of `Message` in [`11/WAKU2-RELAY`](../11/relay.md).
+Leaving this field empty means no filter on the pubsub topic
+of message history is requested.
+This field SHOULD be left empty in order to retrieve the historical `WakuMessage`
+regardless of the pubsub topics on which they are published.
+- The `contentFilters` field MUST indicate the list of content filters
+based on which the historical messages are to be retrieved.
+Leaving this field empty means no filter on the content topic
+of message history is required.
+This field SHOULD be left empty in order
+to retrieve historical `WakuMessage` regardless of their content topics.
+- `PagingInfo` holds the information required for pagination.  
+Its `pageSize` field indicates the number of  `WakuMessage`s
+to be included in the corresponding `HistoryResponse`.
+It is RECOMMENDED that the queried node defines a maximum page size internally.
+If the querying node leaves the `pageSize` unspecified,
+or if the `pageSize` exceeds the maximum page size,
+the queried node SHOULD auto-paginate the `HistoryResponse`
+to no more than the configured maximum page size.
+This allows mitigation of long response time for `HistoryQuery`.
+In the forward pagination request,
+the `messages` field of the `HistoryResponse` SHALL contain, at maximum,
+the `pageSize` amount of `WakuMessage` whose `Index`
+values are larger than the given `cursor`
+(and vise versa for the backward pagination).
+Note that the `cursor` of a `HistoryQuery` MAY be empty
+(e.g., for the initial query), as such, and
+depending on whether the  `direction` is `BACKWARD` or
+`FORWARD`  the last or the first `pageSize` `WakuMessage` SHALL be returned,
+respectively.
+
+#### Sorting Messages
+
+The queried node MUST sort the `WakuMessage` based on their `Index`,
+where the `senderTime` constitutes the most significant part and
+the `digest` comes next, and
+then perform pagination on the sorted result.
+As such, the retrieved page contains an ordered list of `WakuMessage`
+from the oldest messages to the most recent one.
+Alternatively, the `receiverTime` (instead of `senderTime`)
+MAY be used to sort messages during the paging process.
+However, it is RECOMMENDED the use of the `senderTime`
+for sorting as it is invariant and
+consistent across all the nodes.
+This has the benefit of `cursor` reusability i.e.,
+a `cursor` obtained from one node can be consistently used
+to query from another node.
+However, this `cursor` reusability does not hold when the `receiverTime` is utilized
+as the receiver time is affected by the network delay and
+nodes' clock asynchrony.
+
+#### HistoryResponse
+
+RPC call to respond to a HistoryQuery call.
+
+- The `messages` field MUST contain the messages found,
+these are [14/WAKU2-MESSAGE](../14/message.md) types.
+- `PagingInfo`  holds the paging information based
+on which the querying node can resume its further history queries.
+The `pageSize` indicates the number of returned Waku messages
+(i.e., the number of messages included in the `messages` field of `HistoryResponse`).
+The `direction` is the same direction as in the corresponding `HistoryQuery`.
+In the forward pagination, the `cursor` holds the `Index` of the last message
+in the `HistoryResponse` `messages` (and the first message in the backward paging).
+Regardless of the paging direction,
+the retrieved `messages` are always sorted in ascending order
+based on their timestamp as explained in the [sorting messages](#sorting-messages)section,
+that is, from the oldest to the most recent.
+The requester SHALL embed the returned `cursor` inside its next `HistoryQuery`
+to retrieve the next page of the [14/WAKU2-MESSAGE](../14/message.md).  
+The `cursor` obtained from one node SHOULD NOT be used in a request to another node
+because the result may be different.
+- The `error` field contains information about any error that has occurred
+while processing the corresponding `HistoryQuery`.
+`NONE` stands for no error.
+This is also the default value.
+`INVALID_CURSOR` means that the `cursor` field of `HistoryQuery`
+does not match with the `Index` of any of the `WakuMessage`
+persisted by the queried node.
+
+## Security Consideration
+
+The main security consideration to take into account
+while using this protocol is that a querying node
+have to reveal their content filters of interest to the queried node,
+hence potentially compromising their privacy.
+
+## Future Work
+
+- **Anonymous query**: This feature guarantees that nodes
+can anonymously query historical messages from other nodes i.e.,
+without disclosing the exact topics of [14/WAKU2-MESSAGE](../14/message.md)
+they are interested in.  
+As such, no adversary in the `13/WAKU2-STORE` protocol
+would be able to learn which peer is interested in which content filters i.e.,
+content topics of [14/WAKU2-MESSAGE](../14/message.md).
+The current version of the `13/WAKU2-STORE` protocol does not provide anonymity
+for historical queries,
+as the querying node needs to directly connect to another node
+in the `13/WAKU2-STORE` protocol and
+explicitly disclose the content filters of its interest
+to retrieve the corresponding messages.
+However, one can consider preserving anonymity through one of the following ways:
+  - By hiding the source of the request i.e., anonymous communication.
+  That is the querying node shall hide all its PII in its history request
+  e.g., its IP address.
+  This can happen by the utilization of a proxy server or by using Tor.
+  Note that the current structure of historical requests
+  does not embody any piece of PII, otherwise,
+  such data fields must be treated carefully to achieve query anonymity.
+  <!-- TODO: if nodes have to disclose their PeerIDs
+  (e.g., for authentication purposes) when connecting to other nodes
+  in the store protocol,
+  then Tor does not preserve anonymity since it only helps in hiding the IP.
+  So, the PeerId usage in switches must be investigated further.
+  Depending on how PeerId is used, one may be able to link between a querying node
+  and its queried topics despite hiding the IP address-->
+  - By deploying secure 2-party computations in which the querying node
+  obtains the historical messages of a certain topic,
+  the queried node learns nothing about the query.
+  Examples of such 2PC protocols are secure one-way Private Set Intersections (PSI).
+  <!-- TODO: add a reference for PSIs? -->
+  <!-- TODO: more techniques to be included -->
+<!-- TODO: Censorship resistant:
+this is about a node that hides the historical messages from other nodes.
+This attack is not included in the specs
+since it does not fit the passive adversarial model
+(the attacker needs to deviate from the store protocol).-->
+
+- **Robust and verifiable timestamps**:
+Messages timestamp is a way to show that the message existed
+prior to some point in time.
+However, the lack of timestamp verifiability can create room for a range of attacks,
+including injecting messages with invalid timestamps pointing to the far future.
+To better understand the attack,
+consider a store node whose current clock shows `2021-01-01 00:00:30`
+(and assume all the other nodes have a synchronized clocks +-20seconds).
+The store node already has a list of messages,
+ `(m1,2021-01-01 00:00:00), (m2,2021-01-01 00:00:01), ..., (m10:2021-01-01 00:00:20)`,
+that are sorted based on their timestamp.  
+An attacker sends a message with an arbitrary large timestamp e.g.,
+10 hours ahead of the correct clock `(m',2021-01-01 10:00:30)`.
+The store node places `m'` at the end of the list,
+
+```text
+(m1,2021-01-01 00:00:00), (m2,2021-01-01 00:00:01), ..., (m10:2021-01-01 00:00:20),(m',2021-01-01 10:00:30).
+```
+
+Now another message arrives with a valid timestamp e.g.,
+`(m11, 2021-01-01 00:00:45)`.
+However, since its timestamp precedes the malicious message `m'`,
+it gets placed before `m'` in the list i.e.,
+
+```text
+(m1,2021-01-01 00:00:00), (m2,2021-01-01 00:00:01), ..., (m10:2021-01-01 00:00:20), (m11, 2021-01-01 00:00:45), (m',2021-01-01 10:00:30).
+```
+
+In fact, for the next 10 hours,
+`m'` will always be considered as the most recent message and
+served as the last message to the querying nodes irrespective
+of how many other messages arrive afterward.
+
+A robust and verifiable timestamp allows the receiver of a message
+to verify that a message has been generated prior to the claimed timestamp.
+One solution is the use of [open timestamps](https://opentimestamps.org/) e.g.,
+block height in Blockchain-based timestamps.
+That is, messages contain the most recent block height
+perceived by their senders at the time of message generation.
+This proves accuracy within a range of minutes (e.g., in Bitcoin blockchain) or
+seconds (e.g., in Ethereum 2.0) from the time of origination.
+
+## Copyright
+
+Copyright and related rights waived via
+[CC0](https://creativecommons.org/publicdomain/zero/1.0/).
+
+## References
+
+1. [14/WAKU2-MESSAGE](../14/message.md)
+2. [protocol buffers v3](https://developers.google.com/protocol-buffers/)
+3. [11/WAKU2-RELAY](../11/relay.md)
+4. [Open timestamps](https://opentimestamps.org/)

waku/standards/core/13/store.md

@@ -1,311 +1,402 @@
 ---
 slug: 13
 title: 13/WAKU2-STORE
-name: Waku v2 Store
-status: draft
+name: Waku Store Query
 tags: waku-core
-editor: Simon-Pierre Vivier <simvivier@status.im>
+version: 01
+editor: Hanno Cornelius <hanno@status.im>
 contributors:
   - Dean Eigenmann <dean@status.im>
   - Oskar Thorén <oskarth@titanproxy.com>
   - Aaryamann Challani <p1ge0nh8er@proton.me>
   - Sanaz Taheri <sanaz@status.im>
-  - Hanno Cornelius <hanno@status.im>
 ---
+Previous version: [00](waku/standards/core/13/previous-versions/00/store.md)
 
 ## Abstract
 
-This specification explains the `13/WAKU2-STORE` protocol
-which enables querying of messages received through the relay protocol and
-stored by other nodes.
-It also supports pagination for more efficient querying of historical messages.
+This specification explains the `WAKU2-STORE` protocol,
+which enables querying of [14/WAKU2-MESSAGE](/waku/standards/core/14/message.md)s.
 
-**Protocol identifier***: `/vac/waku/store/2.0.0-beta4`
+**Protocol identifier***: `/vac/waku/store-query/3.0.0`
 
-## Terminology
+### Terminology
 
 The term PII, Personally Identifiable Information,
 refers to any piece of data that can be used to uniquely identify a user.
 For example, the signature verification key, and
 the hash of one's static IP address are unique for each user and hence count as PII.
 
-## Design Requirements
+## Wire Specification
 
 The key words “MUST”, “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”,
 “SHOULD”, “SHOULD NOT”, “RECOMMENDED”, “MAY”, and
 “OPTIONAL” in this document are to be interpreted as described in [RFC2119](https://www.ietf.org/rfc/rfc2119.txt).
 
-Nodes willing to provide the storage service using `13/WAKU2-STORE` protocol,
-SHOULD provide a complete and full view of message history.
-As such, they are required to be *highly available* and
-specifically have a *high uptime* to consistently receive and store network messages.
-The high uptime requirement makes sure that no message is missed out
-hence a complete and intact view of the message history
-is delivered to the querying nodes.
-Nevertheless, in case storage provider nodes cannot afford high availability,
-the querying nodes may retrieve the historical messages from multiple sources
-to achieve a full and intact view of the past.
+### Design Requirements
 
-The concept of `ephemeral` messages introduced in
-[`14/WAKU2-MESSAGE`](../14/message.md) affects `13/WAKU2-STORE` as well.
-Nodes running `13/WAKU2-STORE` SHOULD support `ephemeral` messages as specified in
-[14/WAKU2-MESSAGE](../14/message.md).
-Nodes running `13/WAKU2-STORE` SHOULD NOT store messages
-with the `ephemeral` flag set to `true`.
-
-## Adversarial Model
-
-Any peer running the `13/WAKU2-STORE` protocol, i.e.
-both the querying node and the queried node, are considered as an adversary.
-Furthermore,
-we currently consider the adversary as a passive entity
-that attempts to collect information from other peers to conduct an attack but
-it does so without violating protocol definitions and instructions.
-As we evolve the protocol,
-further adversarial models will be considered.
-For example, under the passive adversarial model,
-no malicious node hides or
-lies about the history of messages
-as it is against the description of the `13/WAKU2-STORE` protocol.
-
-The following are not considered as part of the adversarial model:
-
-- An adversary with a global view of all the peers and their connections.
-- An adversary that can eavesdrop on communication links
-between arbitrary pairs of peers (unless the adversary is one end of the communication).
-In specific, the communication channels are assumed to be secure.
-
-## Wire Specification
-
-Peers communicate with each other using a request / response API.
-The messages sent are Protobuf RPC messages which are implemented using
-[protocol buffers v3](https://developers.google.com/protocol-buffers/).
-The following are the specifications of the Protobuf messages.
+The concept of `ephemeral` messages introduced in [14/WAKU2-MESSAGE](/waku/standards/core/14/message.md) affects `WAKU2-STORE` as well.
+Nodes running `WAKU2-STORE` SHOULD support `ephemeral` messages as specified in [14/WAKU2-MESSAGE](/waku/standards/core/14/message.md).
+Nodes running `WAKU2-STORE` SHOULD NOT store messages with the `ephemeral` flag set to `true`.
 
 ### Payloads
 
 ```protobuf
 syntax = "proto3";
 
-message Index {
-  bytes digest = 1;
-  sint64 receiverTime = 2;
-  sint64 senderTime = 3;
-  string pubsubTopic = 4;
+// Protocol identifier: /vac/waku/store-query/3.0.0
+package waku.store.v3;
+
+import "waku/message/v1/message.proto";
+
+message WakuMessageKeyValue {
+  optional bytes message_hash = 1; // Globally unique key for a Waku Message
+
+  // Full message content and associated pubsub_topic as value
+  optional waku.message.v1.WakuMessage message = 2;
+  optional string pubsub_topic = 3;
 }
 
-message PagingInfo {
-  uint64 pageSize = 1;
-  Index cursor = 2;
-  enum Direction {
-    BACKWARD = 0;
-    FORWARD = 1;
-  }
-  Direction direction = 3;
-}
-
-message ContentFilter {
-  string contentTopic = 1;
-}
-
-message HistoryQuery {
-  // the first field is reserved for future use
-  string pubsubtopic = 2;
-  repeated ContentFilter contentFilters = 3;
-  PagingInfo pagingInfo = 4;
-}
-
-message HistoryResponse {
-  // the first field is reserved for future use
-  repeated WakuMessage messages = 2;
-  PagingInfo pagingInfo = 3;
-  enum Error {
-    NONE = 0;
-    INVALID_CURSOR = 1;
-  }
-  Error error = 4;
-}
-
-message HistoryRPC {
+message StoreQueryRequest {
   string request_id = 1;
-  HistoryQuery query = 2;
-  HistoryResponse response = 3;
+  bool include_data = 2; // Response should include full message content
+  
+  // Filter criteria for content-filtered queries
+  optional string pubsub_topic = 10;
+  repeated string content_topics = 11;
+  optional sint64 time_start = 12;
+  optional sint64 time_end = 13;
+
+  // List of key criteria for lookup queries
+  repeated bytes message_hashes = 20; // Message hashes (keys) to lookup
+  
+  // Pagination info. 50 Reserved
+  optional bytes pagination_cursor = 51; // Message hash (key) from where to start query (exclusive)
+  bool pagination_forward = 52;
+  optional uint64 pagination_limit = 53;
+}
+
+message StoreQueryResponse {
+  string request_id = 1;
+
+  optional uint32 status_code = 10;
+  optional string status_desc = 11;
+
+  repeated WakuMessageKeyValue messages = 20;
+
+  optional bytes pagination_cursor = 51;
 }
 ```
 
-#### Index
+### General Store Query Concepts
 
-To perform pagination,
-each `WakuMessage` stored at a node running the `13/WAKU2-STORE` protocol
-is associated with a unique `Index` that encapsulates the following parts.
+#### Waku Message Key-Value Pairs
 
-- `digest`:  a sequence of bytes representing the SHA256 hash of a `WakuMessage`.
-The hash is computed over the concatenation of `contentTopic`
-and `payload` fields of a `WakuMessage` (see [14/WAKU2-MESSAGE](../14/message.md)).
-- `receiverTime`: the UNIX time in nanoseconds
-at which the `WakuMessage` is received by the receiving node.
-- `senderTime`: the UNIX time in nanoseconds
-at which the `WakuMessage` is generated by its sender.
-- `pubsubTopic`: the pubsub topic on which the `WakuMessage` is received.
+The store query protocol operates as a query protocol for a key-value store of historical messages,
+with each entry having a [14/WAKU2-MESSAGE](/waku/standards/core/14/message.md)
+and associated `pubsub_topic` as the value,
+and [deterministic message hash](/waku/standards/core/14/message.md#deterministic-message-hashing) as the key.
+The store can be queried to return either a set of keys or a set of key-value pairs.
 
-#### PagingInfo
+Within the store query protocol,
+the [14/WAKU2-MESSAGE](/waku/standards/core/14/message.md) keys and
+values MUST be represented in a `WakuMessageKeyValue` message.
+This message MUST contain the deterministic `message_hash` as the key.
+It MAY contain the full [14/WAKU2-MESSAGE](/waku/standards/core/14/message.md) and
+associated pubsub topic as the value in the `message` and
+`pubsub_topic` fields, depending on the use case as set out below.
 
-`PagingInfo` holds the information required for pagination.
-It consists of the following components.
+If the message contains a value entry in addition to the key,
+both the `message` and `pubsub_topic` fields MUST be populated.
+The message MUST NOT have either `message` or `pubsub_topic` populated with the other unset.
+Both fields MUST either be set or unset.
 
-- `pageSize`: A positive integer indicating the number of queried `WakuMessage`s
-in a `HistoryQuery`
-(or retrieved  `WakuMessage`s in a `HistoryResponse`).
-- `cursor`: holds the `Index` of a `WakuMessage`.
-- `direction`: indicates the direction of paging
-which can be either `FORWARD` or `BACKWARD`.
+#### Waku Message Store Eligibility
 
-#### ContentFilter
+In order for a message to be eligible for storage:
 
-`ContentFilter` carries the information required for filtering historical messages.
+- it MUST be a _valid_ [14/WAKU2-MESSAGE](/waku/standards/core/14/message.md).
+- the `timestamp` field MUST be populated with the Unix epoch time,
+at which the message was generated in nanoseconds.
+If at the time of storage the `timestamp` deviates by more than 20 seconds
+either into the past or the future when compared to the store node’s internal clock,
+the store node MAY reject the message.
+- the `ephemeral` field MUST be set to `false`.
 
-- `contentTopic` represents the content topic of the queried historical `WakuMessage`.
-  This field maps to the `contentTopic` field of the [14/WAKU2-MESSAGE](../14/message.md).
-  
-#### HistoryQuery
+#### Waku message sorting
 
-RPC call to query historical messages.
+The key-value entries in the store MUST be time-sorted by the [14/WAKU2-MESSAGE](/waku/standards/core/14/message.md) `timestamp` attribute.
+Where two or more key-value entries have identical `timestamp` values,
+the entries MUST be further sorted by the natural order of their message hash keys.
+Within the context of traversing over key-value entries in the store,
+_"forward"_ indicates traversing the entries in ascending order,
+whereas _"backward"_ indicates traversing the entries in descending order.
 
-- The `pubsubTopic` field MUST indicate the pubsub topic
-of the historical messages to be retrieved.
-This field denotes the pubsub topic on which `WakuMessage`s are published.
-This field maps to `topicIDs` field of `Message` in [`11/WAKU2-RELAY`](../11/relay.md).
-Leaving this field empty means no filter on the pubsub topic
-of message history is requested.
-This field SHOULD be left empty in order to retrieve the historical `WakuMessage`
-regardless of the pubsub topics on which they are published.
-- The `contentFilters` field MUST indicate the list of content filters
-based on which the historical messages are to be retrieved.
-Leaving this field empty means no filter on the content topic
-of message history is required.
-This field SHOULD be left empty in order
-to retrieve historical `WakuMessage` regardless of their content topics.
-- `PagingInfo` holds the information required for pagination.  
-Its `pageSize` field indicates the number of  `WakuMessage`s
-to be included in the corresponding `HistoryResponse`.
-It is RECOMMENDED that the queried node defines a maximum page size internally.
-If the querying node leaves the `pageSize` unspecified,
-or if the `pageSize` exceeds the maximum page size,
-the queried node SHOULD auto-paginate the `HistoryResponse`
-to no more than the configured maximum page size.
-This allows mitigation of long response time for `HistoryQuery`.
-In the forward pagination request,
-the `messages` field of the `HistoryResponse` SHALL contain, at maximum,
-the `pageSize` amount of `WakuMessage` whose `Index`
-values are larger than the given `cursor`
-(and vise versa for the backward pagination).
-Note that the `cursor` of a `HistoryQuery` MAY be empty
-(e.g., for the initial query), as such, and
-depending on whether the  `direction` is `BACKWARD` or
-`FORWARD`  the last or the first `pageSize` `WakuMessage` SHALL be returned,
-respectively.
+#### Pagination
 
-#### Sorting Messages
+If a large number of entries in the store service node match the query criteria provided in a `StoreQueryRequest`,
+the client MAY make use of pagination
+in a chain of store query request and response transactions
+to retrieve the full response in smaller batches termed _"pages"_.
+Pagination can be performed either in [a _forward_ or _backward_ direction](#waku-message-sorting).
 
-The queried node MUST sort the `WakuMessage` based on their `Index`,
-where the `senderTime` constitutes the most significant part and
-the `digest` comes next, and
-then perform pagination on the sorted result.
-As such, the retrieved page contains an ordered list of `WakuMessage`
-from the oldest messages to the most recent one.
-Alternatively, the `receiverTime` (instead of `senderTime`)
-MAY be used to sort messages during the paging process.
-However, it is RECOMMENDED the use of the `senderTime`
-for sorting as it is invariant and
-consistent across all the nodes.
-This has the benefit of `cursor` reusability i.e.,
-a `cursor` obtained from one node can be consistently used
-to query from another node.
-However, this `cursor` reusability does not hold when the `receiverTime` is utilized
-as the receiver time is affected by the network delay and
-nodes' clock asynchrony.
+A store query client MAY indicate the maximum number of matching entries it wants in the `StoreQueryResponse`,
+by setting the page size limit in the `pagination_limit` field.
+Note that a store service node MAY enforce its own limit
+if the `pagination_limit` is unset
+or larger than the service node's internal page size limit.
 
-#### HistoryResponse
+A `StoreQueryResponse` with a populated `pagination_cursor` indicates that more stored entries match the query than included in the response.
 
-RPC call to respond to a HistoryQuery call.
+A `StoreQueryResponse` without a populated `pagination_cursor` indicates that
+there are no more matching entries in the store.
 
-- The `messages` field MUST contain the messages found,
-these are [14/WAKU2-MESSAGE](../14/message.md) types.
-- `PagingInfo`  holds the paging information based
-on which the querying node can resume its further history queries.
-The `pageSize` indicates the number of returned Waku messages
-(i.e., the number of messages included in the `messages` field of `HistoryResponse`).
-The `direction` is the same direction as in the corresponding `HistoryQuery`.
-In the forward pagination, the `cursor` holds the `Index` of the last message
-in the `HistoryResponse` `messages` (and the first message in the backward paging).
-Regardless of the paging direction,
-the retrieved `messages` are always sorted in ascending order
-based on their timestamp as explained in the [sorting messages](#sorting-messages)section,
-that is, from the oldest to the most recent.
-The requester SHALL embed the returned `cursor` inside its next `HistoryQuery`
-to retrieve the next page of the [14/WAKU2-MESSAGE](../14/message.md).  
-The `cursor` obtained from one node SHOULD NOT be used in a request to another node
-because the result may be different.
-- The `error` field contains information about any error that has occurred
-while processing the corresponding `HistoryQuery`.
-`NONE` stands for no error.
-This is also the default value.
-`INVALID_CURSOR` means that the `cursor` field of `HistoryQuery`
-does not match with the `Index` of any of the `WakuMessage`
-persisted by the queried node.
+The client MAY request the next page of entries from the store service node
+by populating a subsequent `StoreQueryRequest` with the `pagination_cursor`
+received in the `StoreQueryResponse`.
+All other fields and query criteria MUST be the same as in the preceding `StoreQueryRequest`.
 
-## Security Consideration
+A `StoreQueryRequest` without a populated `pagination_cursor` indicates that
+the client wants to retrieve the "first page" of the stored entries matching the query.
 
-The main security consideration to take into account
-while using this protocol is that a querying node
-have to reveal their content filters of interest to the queried node,
+### Store Query Request
+
+A client node MUST send all historical message queries within a `StoreQueryRequest` message.
+This request MUST contain a `request_id`.
+The `request_id` MUST be a uniquely generated string.
+
+If the store query client requires the store service node to include [14/WAKU2-MESSAGE](/waku/standards/core/14/message.md) values in the query response,
+it MUST set `include_data` to `true`.
+If the store query client requires the store service node to return only message hash keys in the query response,
+it SHOULD set `include_data` to `false`.
+By default, therefore, the store service node assumes `include_data` to be `false`.
+
+A store query client MAY include query filter criteria in the `StoreQueryRequest`.
+There are two types of filter use cases:
+
+1. Content filtered queries and
+2. Message hash lookup queries
+
+#### Content filtered queries
+
+A store query client MAY request the store service node to filter historical entries by a content filter.
+Such a client MAY create a filter on content topic, on time range or on both.
+
+To filter on content topic,
+the client MUST populate _both_ the `pubsub_topic` _and_ `content_topics` field.
+The client MUST NOT populate either `pubsub_topic` or
+`content_topics` and leave the other unset.
+Both fields MUST either be set or unset.
+A mixed content topic filter with just one of either `pubsub_topic` or
+`content_topics` set, SHOULD be regarded as an invalid request.
+
+To filter on time range, the client MUST set `time_start`, `time_end` or both.
+Each `time_` field should contain a Unix epoch timestamp in nanoseconds.
+An unset `time_start` SHOULD be interpreted as "from the oldest stored entry".
+An unset `time_end` SHOULD be interpreted as "up to the youngest stored entry".
+
+If any of the content filter fields are set,
+namely `pubsub_topic`, `content_topic`, `time_start`, or `time_end`,
+the client MUST NOT set the `message_hashes` field.
+
+#### Message hash lookup queries
+
+A store query client MAY request the store service node to filter historical entries by one or
+more matching message hash keys.
+This type of query acts as a "lookup" against a message hash key or
+set of keys already known to the client.
+
+In order to perform a lookup query,
+the store query client MUST populate the `message_hashes` field with the list of message hash keys it wants to lookup in the store service node.
+
+If the `message_hashes` field is set,
+the client MUST NOT set any of the content filter fields,
+namely `pubsub_topic`, `content_topic`, `time_start`, or `time_end`.
+
+#### Presence queries
+
+A presence query is a special type of lookup query that allows a client to check for the presence of one or
+more messages in the store service node,
+without retrieving the full contents (values) of the messages.
+This can, for example, be used as part of a reliability mechanism,
+whereby store query clients verify that previously published messages have been successfully stored.
+
+In order to perform a presence query,
+the store query client MUST populate the `message_hashes` field in the `StoreQueryRequest` with the list of message hashes
+for which it wants to verify presence in the store service node.
+The `include_data` property MUST be set to `false`.
+The client SHOULD interpret every `message_hash` returned in the `messages` field of the `StoreQueryResponse` as present in the store.
+The client SHOULD assume that all other message hashes included in the original `StoreQueryRequest` but
+not in the `StoreQueryResponse` is not present in the store.
+
+#### Pagination info
+
+The store query client MAY include a message hash as `pagination_cursor`,
+to indicate at which key-value entry a store service node SHOULD start the query.
+The `pagination_cursor` is treated as exclusive
+and the corresponding entry will not be included in subsequent store query responses.
+
+For forward queries,
+only messages following (see [sorting](#waku-message-sorting)) the one indexed at `pagination_cursor`
+will be returned.
+For backward queries,
+only messages preceding (see [sorting](#waku-message-sorting)) the one indexed at `pagination_cursor`
+will be returned.
+
+If the store query client requires the store service node to perform a forward query,
+it MUST set `pagination_forward` to `true`.
+If the store query client requires the store service node to perform a backward query,
+it SHOULD set `pagination_forward` to `false`.
+By default, therefore, the store service node assumes pagination to be backward.
+
+A store query client MAY indicate the maximum number of matching entries it wants in the `StoreQueryResponse`,
+by setting the page size limit in the `pagination_limit` field.
+Note that a store service node MAY enforce its own limit
+if the `pagination_limit` is unset
+or larger than the service node's internal page size limit.
+
+See [pagination](#pagination) for more on how the pagination info is used in store transactions.
+
+### Store Query Response
+
+In response to any `StoreQueryRequest`,
+a store service node SHOULD respond with a `StoreQueryResponse` with a `requestId` matching that of the request.
+This response MUST contain a `status_code` indicating if the request was successful or not.
+Successful status codes are in the `2xx` range.
+A client node SHOULD consider all other status codes as error codes and
+assume that the requested operation had failed.
+In addition,
+the store service node MAY choose to provide a more detailed status description in the `status_desc` field.
+
+#### Filter matching
+
+For [content filtered queries](#content-filtered-queries),
+an entry in the store service node matches the filter criteria in a `StoreQueryRequest` if each of the following conditions are met:
+
+- its `content_topic` is in the request `content_topics` set
+and it was published on a matching `pubsub_topic` OR the request `content_topics` and
+`pubsub_topic` fields are unset
+- its `timestamp` is _larger or equal_ than the request `start_time` OR the request `start_time` is unset
+- its `timestamp` is _smaller_ than the request `end_time` OR the request `end_time` is unset
+
+Note that for content filtered queries, `start_time` is treated as _inclusive_ and
+`end_time` is treated as _exclusive_.
+
+For [message hash lookup queries](#message-hash-lookup-queries),
+an entry in the store service node matches the filter criteria if its `message_hash` is in the request `message_hashes` set.
+
+The store service node SHOULD respond with an error code and
+discard the request if the store query request contains both content filter criteria
+and message hashes.
+
+#### Populating response messages
+
+The store service node SHOULD populate the `messages` field in the response
+only with entries matching the filter criteria provided in the corresponding request.
+Regardless of whether the response is to a _forward_ or _backward_ query,
+the `messages` field in the response MUST be ordered in a forward direction
+according to the [message sorting rules](#waku-message-sorting).
+
+If the corresponding `StoreQueryRequest` has `include_data` set to true,
+the service node SHOULD populate both the `message_hash` and
+`message` for each entry in the response.
+In all other cases,
+the store service node SHOULD populate only the `message_hash` field for each entry in the response.
+
+#### Paginating the response
+
+The response SHOULD NOT contain more `messages` than the `pagination_limit` provided in the corresponding `StoreQueryRequest`.
+It is RECOMMENDED that the store node defines its own maximum page size internally.
+If the `pagination_limit` in the request is unset,
+or exceeds this internal maximum page size,
+the store service node SHOULD ignore the `pagination_limit` field and
+apply its own internal maximum page size.
+
+In response to a _forward_ `StoreQueryRequest`:
+
+- if the `pagination_cursor` is set,
+  the store service node SHOULD populate the `messages` field
+  with matching entries following the `pagination_cursor` (exclusive).
+- if the `pagination_cursor` is unset,
+  the store service node SHOULD populate the `messages` field
+  with matching entries from the first entry in the store.
+- if there are still more matching entries in the store
+  after the maximum page size is reached while populating the response,
+  the store service node SHOULD populate the `pagination_cursor` in the `StoreQueryResponse`
+  with the message hash key of the _last_ entry _included_ in the response.
+
+In response to a _backward_ `StoreQueryRequest`:
+
+- if the `pagination_cursor` is set,
+  the store service node SHOULD populate the `messages` field
+  with matching entries preceding the `pagination_cursor` (exclusive).
+- if the `pagination_cursor` is unset,
+  the store service node SHOULD populate the `messages` field
+  with matching entries from the last entry in the store.
+- if there are still more matching entries in the store
+  after the maximum page size is reached while populating the response,
+  the store service node SHOULD populate the `pagination_cursor` in the `StoreQueryResponse`
+  with the message hash key of the _first_ entry _included_ in the response.
+
+### Security Consideration
+
+The main security consideration while using this protocol is that a querying node has to reveal its content filters of interest to the queried node,
 hence potentially compromising their privacy.
 
-## Future Work
+#### Adversarial Model
 
-- **Anonymous query**: This feature guarantees that nodes
-can anonymously query historical messages from other nodes i.e.,
-without disclosing the exact topics of [14/WAKU2-MESSAGE](../14/message.md)
-they are interested in.  
-As such, no adversary in the `13/WAKU2-STORE` protocol
-would be able to learn which peer is interested in which content filters i.e.,
-content topics of [14/WAKU2-MESSAGE](../14/message.md).
-The current version of the `13/WAKU2-STORE` protocol does not provide anonymity
-for historical queries,
-as the querying node needs to directly connect to another node
-in the `13/WAKU2-STORE` protocol and
-explicitly disclose the content filters of its interest
-to retrieve the corresponding messages.
+Any peer running the `WAKU2-STORE` protocol, i.e.
+both the querying node and the queried node, are considered as an adversary.
+Furthermore,
+we currently consider the adversary as a passive entity that attempts to collect information from other peers to conduct an attack but
+it does so without violating protocol definitions and instructions.
+As we evolve the protocol,
+further adversarial models will be considered.
+For example, under the passive adversarial model,
+no malicious node hides or
+lies about the history of messages as it is against the description of the `WAKU2-STORE` protocol.
+
+The following are not considered as part of the adversarial model:
+
+- An adversary with a global view of all the peers and their connections.
+- An adversary that can eavesdrop on communication links between arbitrary pairs of peers (unless the adversary is one end of the communication).
+Specifically, the communication channels are assumed to be secure.
+
+### Future Work
+
+- **Anonymous query**: This feature guarantees that nodes can anonymously query historical messages from other nodes i.e.,
+without disclosing the exact topics of [14/WAKU2-MESSAGE](/waku/standards/core/14/message.md) they are interested in.  
+As such, no adversary in the `WAKU2-STORE` protocol would be able to learn which peer is interested in which content filters i.e.,
+content topics of [14/WAKU2-MESSAGE](/waku/standards/core/14/message.md).
+The current version of the `WAKU2-STORE` protocol does not provide anonymity for historical queries,
+as the querying node needs to directly connect to another node in the `WAKU2-STORE` protocol and
+explicitly disclose the content filters of its interest to retrieve the corresponding messages.
 However, one can consider preserving anonymity through one of the following ways:
-  - By hiding the source of the request i.e., anonymous communication.
-  That is the querying node shall hide all its PII in its history request
-  e.g., its IP address.
-  This can happen by the utilization of a proxy server or by using Tor.
-  Note that the current structure of historical requests
-  does not embody any piece of PII, otherwise,
-  such data fields must be treated carefully to achieve query anonymity.
-  <!-- TODO: if nodes have to disclose their PeerIDs
-  (e.g., for authentication purposes) when connecting to other nodes
-  in the store protocol,
-  then Tor does not preserve anonymity since it only helps in hiding the IP.
-  So, the PeerId usage in switches must be investigated further.
-  Depending on how PeerId is used, one may be able to link between a querying node
-  and its queried topics despite hiding the IP address-->
-  - By deploying secure 2-party computations in which the querying node
-  obtains the historical messages of a certain topic,
-  the queried node learns nothing about the query.
-  Examples of such 2PC protocols are secure one-way Private Set Intersections (PSI).
-  <!-- TODO: add a reference for PSIs? -->
-  <!-- TODO: more techniques to be included -->
+
+- By hiding the source of the request i.e., anonymous communication.
+That is the querying node shall hide all its PII in its history request e.g.,
+its IP address.
+This can happen by the utilization of a proxy server or by using Tor.
+Note that the current structure of historical requests does not embody any piece of PII, otherwise,
+such data fields must be treated carefully to achieve query anonymity.
+<!-- TODO: if nodes have to disclose their PeerIDs
+(e.g., for authentication purposes) when connecting to other nodes in the store protocol,
+then Tor does not preserve anonymity since it only helps in hiding the IP.
+So, the PeerId usage in switches must be investigated further.
+Depending on how PeerId is used, one may be able to link between a querying node 
+and its queried topics despite hiding the IP address-->
+- By deploying secure 2-party computations
+in which the querying node obtains the historical messages of a certain topic,
+the queried node learns nothing about the query.
+Examples of such 2PC protocols are secure one-way Private Set Intersections (PSI).
+<!-- TODO: add a reference for PSIs? --> <!-- TODO: more techniques to be included -->
 <!-- TODO: Censorship resistant:
 this is about a node that hides the historical messages from other nodes.
-This attack is not included in the specs
-since it does not fit the passive adversarial model
-(the attacker needs to deviate from the store protocol).-->
+This attack is not included in the specs since it does not fit the
+passive adversarial model (the attacker needs to deviate from the store protocol).-->
 
-- **Robust and verifiable timestamps**:
-Messages timestamp is a way to show that the message existed
-prior to some point in time.
+- **Robust and verifiable timestamps**: Messages timestamp is a way to show that
+the message existed prior to some point in time.
 However, the lack of timestamp verifiability can create room for a range of attacks,
 including injecting messages with invalid timestamps pointing to the far future.
 To better understand the attack,
@@ -317,31 +408,25 @@ that are sorted based on their timestamp.
 An attacker sends a message with an arbitrary large timestamp e.g.,
 10 hours ahead of the correct clock `(m',2021-01-01 10:00:30)`.
 The store node places `m'` at the end of the list,
-
-```text
-(m1,2021-01-01 00:00:00), (m2,2021-01-01 00:00:01), ..., (m10:2021-01-01 00:00:20),(m',2021-01-01 10:00:30).
-```
-
+`(m1,2021-01-01 00:00:00), (m2,2021-01-01 00:00:01), ..., (m10:2021-01-01 00:00:20),
+(m',2021-01-01 10:00:30)`.
 Now another message arrives with a valid timestamp e.g.,
 `(m11, 2021-01-01 00:00:45)`.
 However, since its timestamp precedes the malicious message `m'`,
 it gets placed before `m'` in the list i.e.,
-
-```text
-(m1,2021-01-01 00:00:00), (m2,2021-01-01 00:00:01), ..., (m10:2021-01-01 00:00:20), (m11, 2021-01-01 00:00:45), (m',2021-01-01 10:00:30).
-```
-
+`(m1,2021-01-01 00:00:00), (m2,2021-01-01 00:00:01), ..., (m10:2021-01-01 00:00:20),
+(m11, 2021-01-01 00:00:45), (m',2021-01-01 10:00:30)`.
 In fact, for the next 10 hours,
 `m'` will always be considered as the most recent message and
-served as the last message to the querying nodes irrespective
-of how many other messages arrive afterward.
+served as the last message to the querying nodes irrespective of how many other
+messages arrive afterward.
 
-A robust and verifiable timestamp allows the receiver of a message
-to verify that a message has been generated prior to the claimed timestamp.
+A robust and verifiable timestamp allows the receiver of a message to verify that
+a message has been generated prior to the claimed timestamp.
 One solution is the use of [open timestamps](https://opentimestamps.org/) e.g.,
 block height in Blockchain-based timestamps.
-That is, messages contain the most recent block height
-perceived by their senders at the time of message generation.
+That is, messages contain the most recent block height perceived by their senders
+at the time of message generation.
 This proves accuracy within a range of minutes (e.g., in Bitcoin blockchain) or
 seconds (e.g., in Ethereum 2.0) from the time of origination.
 
@@ -352,7 +437,6 @@ Copyright and related rights waived via
 
 ## References
 
-1. [14/WAKU2-MESSAGE](../14/message.md)
+1. [14/WAKU2-MESSAGE](/waku/standards/core/14/message.md)
 2. [protocol buffers v3](https://developers.google.com/protocol-buffers/)
-3. [11/WAKU2-RELAY](../11/relay.md)
-4. [Open timestamps](https://opentimestamps.org/)
+3. [Open timestamps](https://opentimestamps.org/)

waku/standards/core/15/bridge.md

@@ -7,24 +7,38 @@ tags: waku-core
 editor: Hanno Cornelius <hanno@status.im>
 ---
 
-A bridge between Waku v1 and Waku v2.
+## Abstract
 
-## Bridge
+This specification describes how [6/WAKU1](/waku/standards/legacy/6/waku1.md)
+traffic can be used with [10/WAKU2](/waku/standards/core/10/waku2.md) networks.
+
+## Wire Format
+
+The keywords “MUST”, “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”,
+“SHOULD”, “SHOULD NOT”, “RECOMMENDED”, “MAY”, and
+“OPTIONAL” in this document are to be interpreted as described in [2119](https://www.ietf.org/rfc/rfc2119.txt).
 
 A bridge requires supporting both Waku versions:
 
-* Waku v1 - using devp2p RLPx protocol
-* Waku v2 - using libp2p protocols
+* [6/WAKU1](/waku/standards/legacy/6/waku1.md) - using devp2p RLPx protocol
+* [10/WAKU2](/waku/standards/core/10/waku2.md) - using libp2p protocols
 
-Packets received on the Waku v1 network SHOULD be published just once on the
-Waku v2 network. More specifically, the bridge SHOULD publish
-this through the Waku Relay (PubSub domain).
+## Publishing Packets
 
-Publishing such packet will require the creation of a new `Message` with a
-new `WakuMessage` as data field. The `data` and `topic` field from the Waku v1
-`Envelope` MUST be copied to the `payload` and `contentTopic` fields of the
-`WakuMessage`. Other fields such as nonce, expiry and ttl will be dropped as
-they become obsolete in Waku v2.
+Packets received on [6/WAKU1](/waku/standards/legacy/6/waku1.md) networks
+SHOULD be published just once on [10/WAKU2](/waku/standards/core/10/waku2.md) networks.
+More specifically, the bridge SHOULD publish
+this through [11/WAKU2-RELAY](/waku/standards/core/11/relay.md) (PubSub domain).
+
+When publishing such packet,
+the creation of a new `Message` with a new `WakuMessage` as data field is REQUIRED.
+The `data` and
+`topic` field, from the [6/WAKU1](/waku/standards/legacy/6/waku1.md) `Envelope`,
+MUST be copied to the `payload` and `content_topic` fields of the `WakuMessage`.
+See [14/WAKU2-MESSAGE](/waku/standards/core/14/message.md#wire-format)
+for message format details.
+Other fields such as `nonce`, `expiry` and
+`ttl` will be dropped as they become obsolete in [10/WAKU2](/waku/standards/core/10/waku2.md).
 
 Before this is done, the usual envelope verification still applies:
 
@@ -32,37 +46,54 @@ Before this is done, the usual envelope verification still applies:
 * PoW verification
 * Size verification
 
-Bridging SHOULD occur through the `WakuRelay`, but it MAY also be done on other Waku
-v2 protocols (e.g. `WakuFilter`). The latter is however not advised as it will
-increase the complexity of the bridge and because of the
-[Security Considerations](#security-considerations) explained further below.
+Bridging SHOULD occur through the [11/WAKU2-RELAY](/waku/standards/core/11/relay.md),
+but it MAY also be done on other [10/WAKU2](/waku/standards/core/10/waku2.md) protocols
+(e.g. [12/WAKU2-FILTER](/waku/standards/core/12/filter.md)).
+The latter is however not advised as it will
+increase the complexity of the bridge and
+because of the [Security Considerations](#security-considerations) explained further below.
 
-Packets received on the Waku v2 network SHOULD be posted just once on the Waku
-v1 network. The Waku v2 `WakuMessage` contains only the `payload` and
-`contentTopic` fields. The bridge MUST create a new Waku v1 `Envelope` and
-copy over the `payload` and `contentFilter` fields to the `data` and `topic`
-fields. Next, before posting on the network, the bridge MUST set a new expiry
-and ttl and do the PoW nonce calculation.
+Packets received on [10/WAKU2](/waku/standards/core/10/waku2.md) networks,
+SHOULD be posted just once on [6/WAKU1](/waku/standards/legacy/6/waku1.md) networks.
+The [14/WAKU2-MESSAGE](/waku/standards/core/14/message.md) contains only the `payload` and
+`contentTopic` fields.
+The bridge MUST create a new [6/WAKU1](/waku/standards/legacy/6/waku1.md) `Envelope` and
+copy over the `payload` and `contentFilter`
+fields to the `data` and `topic` fields.
+Next, before posting on the network,
+the bridge MUST set a new `expiry`, `ttl` and do the PoW `nonce` calculation.
 
 ### Security Considerations
 
-As mentioned above, a bridge will be posting new Waku v1 envelopes, which
-requires doing the PoW nonce calculation.
+As mentioned above,
+a bridge will be posting new [6/WAKU1](/waku/standards/legacy/6/waku1.md) envelopes,
+which requires doing the PoW `nonce` calculation.
 
-This could be a DoS attack vector, as the PoW calculation will make it more
-expensive to post the message compared to the original publishing on the Waku v2
-network. Low PoW setting will lower this problem, but it is likely that it is
-still more expensive.
+This could be a DoS attack vector,
+as the PoW calculation will make it more expensive to post the message
+compared to the original publishing on [10/WAKU2](/waku/standards/core/10/waku2.md) networks.
+Low PoW setting will lower this problem,
+but it is likely that it is still more expensive.
 
-For this reason, bridges SHOULD probably be run independently of other nodes, so
-that a bridge that gets overwhelmed does not disrupt regular Waku v2 to v2
+For this reason, it is RECOMMENDED to run bridges independently of other nodes,
+so that a bridge that gets overwhelmed does not disrupt regular Waku v2 to v2
 traffic.
 
 Bridging functionality SHOULD also be carefully implemented so that messages do
-not bounce back and forth between the two networks. The bridge SHOULD properly
-track messages with a seen filter so that no amplification can be achieved here.
+not bounce back and forth between the [10/WAKU2](/waku/standards/core/10/waku2.md) and
+[6/WAKU1](/waku/standards/legacy/6/waku1.md) networks.
+The bridge SHOULD properly track messages with a seen filter,
+so that no amplification occurs.
 
 ## Copyright
 
 Copyright and related rights waived via
 [CC0](https://creativecommons.org/publicdomain/zero/1.0/).
+
+## References
+
+* [6/WAKU1](/waku/standards/legacy/6/waku1.md)
+* [10/WAKU2](/waku/standards/core/10/waku2.md)
+* [11/WAKU2-RELAY](/waku/standards/core/11/relay.md)
+* [14/WAKU2-MESSAGE](/waku/standards/core/14/message.md)
+* [12/WAKU2-FILTER](/waku/standards/core/12/filter.md)

waku/standards/core/64/network.md

@@ -50,16 +50,16 @@ routed on the combination of the eight pubsub topics:
 /waku/2/rs/1/7
 ```
 
-A node MUST use [WAKU-METADATA](https://github.com/waku-org/specs/blob/master/standards/core/metadata.md)
+A node MUST use [66/WAKU2-METADATA](../66/metadata.md)
 protocol to identify the `<cluster_id>` that every
 inbound/outbound peer that attempts to connect supports.
 In any of the following cases, the node MUST trigger a disconnection:
 
-* [WAKU-METADATA](https://github.com/waku-org/specs/blob/master/standards/core/metadata.md)
+* [66/WAKU2-METADATA](../66/metadata.md)
 dial fails.
-* [WAKU-METADATA](https://github.com/waku-org/specs/blob/master/standards/core/metadata.md)
+* [66/WAKU2-METADATA](../66/metadata.md)
 reports an empty `<cluster_id>`.
-* [WAKU-METADATA](https://github.com/waku-org/specs/blob/master/standards/core/metadata.md)
+* [66/WAKU2-METADATA](../66/metadata.md)
 reports a `<cluster_id>` different than `1`.
 
 ## Roles
@@ -370,7 +370,7 @@ Copyright and related rights waived via [CC0](https://creativecommons.org/public
 * [17/WAKU2-RLN-RELAY](../17/rln-relay.md)
 * [11/WAKU2-RELAY](../11/relay.md)
 * [WAKU2-RELAY-SHARDING](../../core/relay-sharding.md)
-* [WAKU-METADATA](https://github.com/waku-org/specs/blob/master/standards/core/metadata.md)
+* [66/WAKU2-METADATA](../66/metadata.md)
 * [EIP-1459 DNS-based discovery](https://eips.ethereum.org/EIPS/eip-1459)
 * [33/WAKU2-DISCV5](../33/discv5.md)
 * [12/WAKU2-FILTER](../12/filter.md)