You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

515 lines
14 KiB

  1. # Blockchain
  2. Here we describe the data structures in the Tendermint blockchain and the rules for validating them.
  3. ## Data Structures
  4. The Tendermint blockchains consists of a short list of basic data types:
  5. - `Block`
  6. - `Header`
  7. - `Version`
  8. - `BlockID`
  9. - `Time`
  10. - `Data` (for transactions)
  11. - `Commit` and `Vote`
  12. - `EvidenceData` and `Evidence`
  13. ## Block
  14. A block consists of a header, transactions, votes (the commit),
  15. and a list of evidence of malfeasance (ie. signing conflicting votes).
  16. ```go
  17. type Block struct {
  18. Header Header
  19. Txs Data
  20. Evidence EvidenceData
  21. LastCommit Commit
  22. }
  23. ```
  24. Note the `LastCommit` is the set of signatures of validators that committed the last block.
  25. ## Header
  26. A block header contains metadata about the block and about the consensus, as well as commitments to
  27. the data in the current block, the previous block, and the results returned by the application:
  28. ```go
  29. type Header struct {
  30. // basic block info
  31. Version Version
  32. ChainID string
  33. Height int64
  34. Time Time
  35. // prev block info
  36. LastBlockID BlockID
  37. // hashes of block data
  38. LastCommitHash []byte // commit from validators from the last block
  39. DataHash []byte // MerkleRoot of transaction hashes
  40. // hashes from the app output from the prev block
  41. ValidatorsHash []byte // validators for the current block
  42. NextValidatorsHash []byte // validators for the next block
  43. ConsensusHash []byte // consensus params for current block
  44. AppHash []byte // state after txs from the previous block
  45. LastResultsHash []byte // root hash of all results from the txs from the previous block
  46. // consensus info
  47. EvidenceHash []byte // evidence included in the block
  48. ProposerAddress []byte // original proposer of the block
  49. ```
  50. Further details on each of these fields is described below.
  51. ## Version
  52. The `Version` contains the protocol version for the blockchain and the
  53. application as two `uint64` values:
  54. ```go
  55. type Version struct {
  56. Block uint64
  57. App uint64
  58. }
  59. ```
  60. ## BlockID
  61. The `BlockID` contains two distinct Merkle roots of the block.
  62. The first, used as the block's main hash, is the MerkleRoot
  63. of all the fields in the header (ie. `MerkleRoot(header)`.
  64. The second, used for secure gossipping of the block during consensus,
  65. is the MerkleRoot of the complete serialized block
  66. cut into parts (ie. `MerkleRoot(MakeParts(block))`).
  67. The `BlockID` includes these two hashes, as well as the number of
  68. parts (ie. `len(MakeParts(block))`)
  69. ```go
  70. type BlockID struct {
  71. Hash []byte
  72. PartsHeader PartSetHeader
  73. }
  74. type PartSetHeader struct {
  75. Total int32
  76. Hash []byte
  77. }
  78. ```
  79. See [MerkleRoot](./encoding.md#MerkleRoot) for details.
  80. ## Time
  81. Tendermint uses the
  82. [Google.Protobuf.WellKnownTypes.Timestamp](https://developers.google.com/protocol-buffers/docs/reference/csharp/class/google/protobuf/well-known-types/timestamp)
  83. format, which uses two integers, one for Seconds and for Nanoseconds.
  84. ## Data
  85. Data is just a wrapper for a list of transactions, where transactions are
  86. arbitrary byte arrays:
  87. ```
  88. type Data struct {
  89. Txs [][]byte
  90. }
  91. ```
  92. ## Commit
  93. Commit is a simple wrapper for a list of signatures, with one for each
  94. validator. It also contains the relevant BlockID, height and round:
  95. ```go
  96. type Commit struct {
  97. Height int64
  98. Round int
  99. BlockID BlockID
  100. Signatures []CommitSig
  101. }
  102. ```
  103. ## CommitSig
  104. `CommitSig` represents a signature of a validator, who has voted either for nil,
  105. a particular `BlockID` or was absent. It's a part of the `Commit` and can be used
  106. to reconstruct the vote set given the validator set.
  107. ```go
  108. type BlockIDFlag byte
  109. const (
  110. // BlockIDFlagAbsent - no vote was received from a validator.
  111. BlockIDFlagAbsent BlockIDFlag = 0x01
  112. // BlockIDFlagCommit - voted for the Commit.BlockID.
  113. BlockIDFlagCommit = 0x02
  114. // BlockIDFlagNil - voted for nil.
  115. BlockIDFlagNil = 0x03
  116. )
  117. type CommitSig struct {
  118. BlockIDFlag BlockIDFlag
  119. ValidatorAddress Address
  120. Timestamp time.Time
  121. Signature []byte
  122. }
  123. ```
  124. NOTE: `ValidatorAddress` and `Timestamp` fields may be removed in the future
  125. (see
  126. [ADR-25](https://github.com/tendermint/tendermint/blob/master/docs/architecture/adr-025-commit.md)).
  127. ## Vote
  128. A vote is a signed message from a validator for a particular block.
  129. The vote includes information about the validator signing it.
  130. ```go
  131. type Vote struct {
  132. Type byte
  133. Height int64
  134. Round int
  135. BlockID BlockID
  136. Timestamp Time
  137. ValidatorAddress []byte
  138. ValidatorIndex int
  139. Signature []byte
  140. }
  141. ```
  142. There are two types of votes:
  143. a _prevote_ has `vote.Type == 1` and
  144. a _precommit_ has `vote.Type == 2`.
  145. ## Signature
  146. Signatures in Tendermint are raw bytes representing the underlying signature.
  147. See the [signature spec](./encoding.md#key-types) for more.
  148. ## EvidenceData
  149. EvidenceData is a simple wrapper for a list of evidence:
  150. ```
  151. type EvidenceData struct {
  152. Evidence []Evidence
  153. }
  154. ```
  155. ## Evidence
  156. Evidence in Tendermint is implemented as an interface.
  157. This means any evidence is encoded using its Amino prefix.
  158. There is currently only a single type, the `DuplicateVoteEvidence`.
  159. ```
  160. // amino name: "tendermint/DuplicateVoteEvidence"
  161. type DuplicateVoteEvidence struct {
  162. PubKey PubKey
  163. VoteA Vote
  164. VoteB Vote
  165. }
  166. ```
  167. Votes are lexicographically sorted on `BlockID`.
  168. See the [pubkey spec](./encoding.md#key-types) for more.
  169. ## Validation
  170. Here we describe the validation rules for every element in a block.
  171. Blocks which do not satisfy these rules are considered invalid.
  172. We abuse notation by using something that looks like Go, supplemented with English.
  173. A statement such as `x == y` is an assertion - if it fails, the item is invalid.
  174. We refer to certain globally available objects:
  175. `block` is the block under consideration,
  176. `prevBlock` is the `block` at the previous height,
  177. and `state` keeps track of the validator set, the consensus parameters
  178. and other results from the application. At the point when `block` is the block under consideration,
  179. the current version of the `state` corresponds to the state
  180. after executing transactions from the `prevBlock`.
  181. Elements of an object are accessed as expected,
  182. ie. `block.Header`.
  183. See the [definition of `State`](./state.md).
  184. ### Header
  185. A Header is valid if its corresponding fields are valid.
  186. ### Version
  187. ```
  188. block.Version.Block == state.Version.Block
  189. block.Version.App == state.Version.App
  190. ```
  191. The block version must match the state version.
  192. ### ChainID
  193. ```
  194. len(block.ChainID) < 50
  195. ```
  196. ChainID must be less than 50 bytes.
  197. ### Height
  198. ```go
  199. block.Header.Height > 0
  200. block.Header.Height == prevBlock.Header.Height + 1
  201. ```
  202. The height is an incrementing integer. The first block has `block.Header.Height == 1`.
  203. ### Time
  204. ```
  205. block.Header.Timestamp >= prevBlock.Header.Timestamp + state.consensusParams.Block.TimeIotaMs
  206. block.Header.Timestamp == MedianTime(block.LastCommit, state.LastValidators)
  207. ```
  208. The block timestamp must be monotonic.
  209. It must equal the weighted median of the timestamps of the valid signatures in the block.LastCommit.
  210. Note: the timestamp of a vote must be greater by at least one millisecond than that of the
  211. block being voted on.
  212. The timestamp of the first block must be equal to the genesis time (since
  213. there's no votes to compute the median).
  214. ```
  215. if block.Header.Height == 1 {
  216. block.Header.Timestamp == genesisTime
  217. }
  218. ```
  219. See the section on [BFT time](../consensus/bft-time.md) for more details.
  220. ### LastBlockID
  221. LastBlockID is the previous block's BlockID:
  222. ```go
  223. prevBlockParts := MakeParts(prevBlock)
  224. block.Header.LastBlockID == BlockID {
  225. Hash: MerkleRoot(prevBlock.Header),
  226. PartsHeader{
  227. Hash: MerkleRoot(prevBlockParts),
  228. Total: len(prevBlockParts),
  229. },
  230. }
  231. ```
  232. The first block has `block.Header.LastBlockID == BlockID{}`.
  233. ### LastCommitHash
  234. ```go
  235. block.Header.LastCommitHash == MerkleRoot(block.LastCommit.Signatures)
  236. ```
  237. MerkleRoot of the signatures included in the block.
  238. These are the commit signatures of the validators that committed the previous
  239. block.
  240. The first block has `block.Header.LastCommitHash == []byte{}`
  241. ### DataHash
  242. ```go
  243. block.Header.DataHash == MerkleRoot(Hashes(block.Txs.Txs))
  244. ```
  245. MerkleRoot of the hashes of transactions included in the block.
  246. Note the transactions are hashed before being included in the Merkle tree,
  247. so the leaves of the Merkle tree are the hashes, not the transactions
  248. themselves. This is because transaction hashes are regularly used as identifiers for
  249. transactions.
  250. ### ValidatorsHash
  251. ```go
  252. block.ValidatorsHash == MerkleRoot(state.Validators)
  253. ```
  254. MerkleRoot of the current validator set that is committing the block.
  255. This can be used to validate the `LastCommit` included in the next block.
  256. Note the validators are sorted by their address before computing the MerkleRoot.
  257. ### NextValidatorsHash
  258. ```go
  259. block.NextValidatorsHash == MerkleRoot(state.NextValidators)
  260. ```
  261. MerkleRoot of the next validator set that will be the validator set that commits the next block.
  262. This is included so that the current validator set gets a chance to sign the
  263. next validator sets Merkle root.
  264. Note the validators are sorted by their address before computing the MerkleRoot.
  265. ### ConsensusHash
  266. ```go
  267. block.ConsensusHash == state.ConsensusParams.Hash()
  268. ```
  269. Hash of the amino-encoding of a subset of the consensus parameters.
  270. ### AppHash
  271. ```go
  272. block.AppHash == state.AppHash
  273. ```
  274. Arbitrary byte array returned by the application after executing and commiting the previous block. It serves as the basis for validating any merkle proofs that comes from the ABCI application and represents the state of the actual application rather than the state of the blockchain itself.
  275. The first block has `block.Header.AppHash == []byte{}`.
  276. ### LastResultsHash
  277. ```go
  278. block.ResultsHash == MerkleRoot(state.LastResults)
  279. ```
  280. MerkleRoot of the results of the transactions in the previous block.
  281. The first block has `block.Header.ResultsHash == []byte{}`.
  282. ## EvidenceHash
  283. ```go
  284. block.EvidenceHash == MerkleRoot(block.Evidence)
  285. ```
  286. MerkleRoot of the evidence of Byzantine behaviour included in this block.
  287. ### ProposerAddress
  288. ```go
  289. block.Header.ProposerAddress in state.Validators
  290. ```
  291. Address of the original proposer of the block. Must be a current validator.
  292. ## Txs
  293. Arbitrary length array of arbitrary length byte-arrays.
  294. ## LastCommit
  295. The first height is an exception - it requires the `LastCommit` to be empty:
  296. ```go
  297. if block.Header.Height == 1 {
  298. len(b.LastCommit) == 0
  299. }
  300. ```
  301. Otherwise, we require:
  302. ```go
  303. len(block.LastCommit) == len(state.LastValidators)
  304. talliedVotingPower := 0
  305. for i, commitSig := range block.LastCommit.Signatures {
  306. if commitSig.Absent() {
  307. continue
  308. }
  309. vote.BlockID == block.LastBlockID
  310. val := state.LastValidators[i]
  311. vote.Verify(block.ChainID, val.PubKey) == true
  312. talliedVotingPower += val.VotingPower
  313. }
  314. talliedVotingPower > (2/3)*TotalVotingPower(state.LastValidators)
  315. ```
  316. Includes one vote for every current validator.
  317. All votes must either be for the previous block, nil or absent.
  318. All votes must have a valid signature from the corresponding validator.
  319. The sum total of the voting power of the validators that voted
  320. must be greater than 2/3 of the total voting power of the complete validator set.
  321. The number of votes in a commit is limited to 10000 (see `types.MaxVotesCount`).
  322. ### Vote
  323. A vote is a signed message broadcast in the consensus for a particular block at a particular height and round.
  324. When stored in the blockchain or propagated over the network, votes are encoded in Amino.
  325. For signing, votes are represented via `CanonicalVote` and also encoded using amino (protobuf compatible) via
  326. `Vote.SignBytes` which includes the `ChainID`, and uses a different ordering of
  327. the fields.
  328. We define a method `Verify` that returns `true` if the signature verifies against the pubkey for the `SignBytes`
  329. using the given ChainID:
  330. ```go
  331. func (vote *Vote) Verify(chainID string, pubKey crypto.PubKey) error {
  332. if !bytes.Equal(pubKey.Address(), vote.ValidatorAddress) {
  333. return ErrVoteInvalidValidatorAddress
  334. }
  335. if !pubKey.VerifyBytes(vote.SignBytes(chainID), vote.Signature) {
  336. return ErrVoteInvalidSignature
  337. }
  338. return nil
  339. }
  340. ```
  341. where `pubKey.Verify` performs the appropriate digital signature verification of the `pubKey`
  342. against the given signature and message bytes.
  343. ## Evidence
  344. There is currently only one kind of evidence, `DuplicateVoteEvidence`.
  345. DuplicateVoteEvidence `ev` is valid if
  346. - `ev.VoteA` and `ev.VoteB` can be verified with `ev.PubKey`
  347. - `ev.VoteA` and `ev.VoteB` have the same `Height, Round, Address, Index, Type`
  348. - `ev.VoteA.BlockID != ev.VoteB.BlockID`
  349. - `(block.Height - ev.VoteA.Height) < MAX_EVIDENCE_AGE`
  350. # Execution
  351. Once a block is validated, it can be executed against the state.
  352. The state follows this recursive equation:
  353. ```go
  354. state(1) = InitialState
  355. state(h+1) <- Execute(state(h), ABCIApp, block(h))
  356. ```
  357. where `InitialState` includes the initial consensus parameters and validator set,
  358. and `ABCIApp` is an ABCI application that can return results and changes to the validator
  359. set (TODO). Execute is defined as:
  360. ```go
  361. Execute(s State, app ABCIApp, block Block) State {
  362. // Fuction ApplyBlock executes block of transactions against the app and returns the new root hash of the app state,
  363. // modifications to the validator set and the changes of the consensus parameters.
  364. AppHash, ValidatorChanges, ConsensusParamChanges := app.ApplyBlock(block)
  365. return State{
  366. LastResults: abciResponses.DeliverTxResults,
  367. AppHash: AppHash,
  368. LastValidators: state.Validators,
  369. Validators: state.NextValidators,
  370. NextValidators: UpdateValidators(state.NextValidators, ValidatorChanges),
  371. ConsensusParams: UpdateConsensusParams(state.ConsensusParams, ConsensusParamChanges),
  372. }
  373. }
  374. ```