How to ensure a piece of state is only used by a CCR once #190
Description
I am confused on how to ensure that confidential compute requests (CCRs) only use a piece of state once.
Rationale
It would be useful for suave developers to know if a piece of state has been consumed by a CCR already.
Take the use case of trying to create and send transactions to an L1 using a singular private key. The suapp stores the private key in the confidential store so this operation must be ran in a CCR. Each transaction needs a unique and continuously increasing nonce to sign over. The question is: where can we store this nonce so CCRs can be triggered permissionlessly?
Option 1: Put the nonce on-chain and increment it during CCR callbacks.
Issue: What happens if multiple CCRs are sent per on-chain block? In this case, the on-chain nonce would be used multilpe times and CCRs would fail to have their logic execute as intended.
Option 2: Put the nonce in the confidential store.
Issue: What happens if two kettles get a CCR at the same time? How do the CCRs coordinate around the race condition of consuming and updating the confidential store?
Option 3: Have the user pass it in.
Issue: Similar race condition to (1)/(2) and additional greifing attack vector of users intentionally submitting wrong nonces.
Option 4: Put the nonce in the confidential store and restrict the Suapp to a single kettle to avoid the race conditions.
Issue: this is not decentralized enough for some applications.
Ask
Is there another solution that I'm not considering?
I'm working on an application and would like to have data stored somewhere that can be safely and permissonlessly acted on by multiple kettles inside of CCRs.