You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

88 lines
3.7 KiB

  1. ---
  2. order: 13
  3. ---
  4. # Light Client
  5. Light clients are an important part of the complete blockchain system for most
  6. applications. Tendermint provides unique speed and security properties for
  7. light client applications.
  8. See our [light
  9. package](https://pkg.go.dev/github.com/tendermint/tendermint/light?tab=doc).
  10. ## Overview
  11. The light client protocol verifies headers by retrieving a chain of headers,
  12. commits and validator sets from a trusted height to the target height, verifying
  13. the signatures of each of these intermediary signed headers till it reaches the
  14. target height. From there, all the application state is verifiable with
  15. [merkle proofs](https://github.com/tendermint/spec/blob/953523c3cb99fdb8c8f7a2d21e3a99094279e9de/spec/blockchain/encoding.md#iavl-tree).
  16. ## Properties
  17. - You get the full collateralized security benefits of Tendermint; no
  18. need to wait for confirmations.
  19. - You get the full speed benefits of Tendermint; transactions
  20. commit instantly.
  21. - You can get the most recent version of the application state
  22. non-interactively (without committing anything to the blockchain). For
  23. example, this means that you can get the most recent value of a name from the
  24. name-registry without worrying about fork censorship attacks, without posting
  25. a commit and waiting for confirmations. It's fast, secure, and free!
  26. ## Security
  27. A light client is initialized from a point of trust using [Trust Options](https://pkg.go.dev/github.com/tendermint/tendermint/light?tab=doc#TrustOptions),
  28. a provider and a set of witnesses. This sets the trust period: the period that
  29. full nodes should be accountable for faulty behavior and a trust level: the
  30. fraction of validators in a validator set with which we trust that at least one
  31. is correct. As Tendermint consensus can withstand 1/3 byzantine faults, this is
  32. the default trust level, however, for greater security you can increase it (max:
  33. 1).
  34. Similar to a full node, light clients can also be subject to byzantine attacks.
  35. A light client also runs a detector process which cross verifies headers from a
  36. primary with witnesses. Therefore light clients should be set with enough witnesses.
  37. If the light client observes a faulty provider it will report it to another provider
  38. and return an error.
  39. In summary, the light client is not safe when a) more than the trust level of
  40. validators are malicious and b) all witnesses are malicious.
  41. ## Where to obtain trusted height & hash
  42. One way to obtain a semi-trusted hash & height is to query multiple full nodes
  43. and compare their hashes:
  44. ```bash
  45. $ curl -s https://233.123.0.140:26657:26657/commit | jq "{height: .result.signed_header.header.height, hash: .result.signed_header.commit.block_id.hash}"
  46. {
  47. "height": "273",
  48. "hash": "188F4F36CBCD2C91B57509BBF231C777E79B52EE3E0D90D06B1A25EB16E6E23D"
  49. }
  50. ```
  51. ## Running a light client as an HTTP proxy server
  52. Tendermint comes with a built-in `tendermint light` command, which can be used
  53. to run a light client proxy server, verifying Tendermint RPC. All calls that
  54. can be tracked back to a block header by a proof will be verified before
  55. passing them back to the caller. Other than that, it will present the same
  56. interface as a full Tendermint node.
  57. You can start the light client proxy server by running `tendermint light <chainID>`,
  58. with a variety of flags to specify the primary node, the witness nodes (which cross-check
  59. the information provided by the primary), the hash and height of the trusted header,
  60. and more.
  61. For example:
  62. ```bash
  63. $ tendermint light supernova -p tcp://233.123.0.140:26657 \
  64. -w tcp://179.63.29.15:26657,tcp://144.165.223.135:26657 \
  65. --height=10 --hash=37E9A6DD3FA25E83B22C18835401E8E56088D0D7ABC6FD99FCDC920DD76C1C57
  66. ```
  67. For additional options, run `tendermint light --help`.