zolfa
/
tendermint
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 221 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2671 Commits
183 Branches
291 MiB
Tree: 8f0237610e
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '8f0237610e'
${ noResults }
tendermint/lite/doc.go

133 lines
5.2 KiB
Raw Normal View History

Copy certifiers from light-client
7 years ago
Rename light to lite
7 years ago
Copy certifiers from light-client
7 years ago
Rename light to lite
7 years ago
 
  1. /*
  2. Package lite allows you to securely validate headers
  3. without a full node.
  4. 

  5. This library pulls together all the crypto and algorithms,
  6. so given a relatively recent (< unbonding period) known
  7. validator set, one can get indisputable proof that data is in
  8. the chain (current state) or detect if the node is lying to
  9. the client.
  10. 

  11. Tendermint RPC exposes a lot of info, but a malicious node
  12. could return any data it wants to queries, or even to block
  13. headers, even making up fake signatures from non-existent
  14. validators to justify it. This is a lot of logic to get
  15. right, to be contained in a small, easy to use library,
  16. that does this for you, so you can just build nice UI.
  17. 

  18. We design for clients who have no strong trust relationship
  19. with any tendermint node, just the validator set as a whole.
  20. Beyond building nice mobile or desktop applications, the
  21. cosmos hub is another important example of a client,
  22. that needs undeniable proof without syncing the full chain,
  23. in order to efficiently implement IBC.
  24. 

  25. Commits
  26. 

  27. There are two main data structures that we pass around - Commit
  28. and FullCommit. Both of them mirror what information is
  29. exposed in tendermint rpc.
  30. 

  31. Commit is a block header along with enough validator signatures
  32. to prove its validity (> 2/3 of the voting power). A FullCommit
  33. is a Commit along with the full validator set. When the
  34. validator set doesn't change, the Commit is enough, but since
  35. the block header only has a hash, we need the FullCommit to
  36. follow any changes to the validator set.
  37. 

  38. Certifiers
  39. 

  40. A Certifier validates a new Commit given the currently known
  41. state. There are three different types of Certifiers exposed,
  42. each one building on the last one, with additional complexity.
  43. 

  44. Static - given the validator set upon initialization. Verifies
  45. all signatures against that set and if the validator set
  46. changes, it will reject all headers.
  47. 

  48. Dynamic - This wraps Static and has the same Certify
  49. method. However, it adds an Update method, which can be called
  50. with a FullCommit when the validator set changes. If it can
  51. prove this is a valid transition, it will update the validator
  52. set.
  53. 

  54. Inquiring - this wraps Dynamic and implements an auto-update
  55. strategy on top of the Dynamic update. If a call to
  56. Certify fails as the validator set has changed, then it
  57. attempts to find a FullCommit and Update to that header.
  58. To get these FullCommits, it makes use of a Provider.
  59. 

  60. Providers
  61. 

  62. A Provider allows us to store and retrieve the FullCommits,
  63. to provide memory to the Inquiring Certifier.
  64. 

  65. NewMemStoreProvider - in-memory cache.
  66. 

  67. files.NewProvider - disk backed storage.
  68. 

  69. client.NewHTTPProvider - query tendermint rpc.
  70. 

  71. NewCacheProvider - combine multiple providers.
  72. 

  73. The suggested use for local light clients is
  74. client.NewHTTPProvider for getting new data (Source),
  75. and NewCacheProvider(NewMemStoreProvider(),
  76. files.NewProvider()) to store confirmed headers (Trusted)
  77. 

  78. How We Track Validators
  79. 

  80. Unless you want to blindly trust the node you talk with, you
  81. need to trace every response back to a hash in a block header
  82. and validate the commit signatures of that block header match
  83. the proper validator set.  If there is a contant validator
  84. set, you store it locally upon initialization of the client,
  85. and check against that every time.
  86. 

  87. Once there is a dynamic validator set, the issue of
  88. verifying a block becomes a bit more tricky. There is
  89. background information in a
  90. github issue (https://github.com/tendermint/tendermint/issues/377).

  91. 

  92. In short, if there is a block at height H with a known
  93. (trusted) validator set V, and another block at height H'
  94. (H' > H) with validator set V' != V, then we want a way to
  95. safely update it.
  96. 

  97. First, get the new (unconfirmed) validator set V' and
  98. verify H' is internally consistent and properly signed by
  99. this V'. Assuming it is a valid block, we check that at
  100. least 2/3 of the validators in V also signed it, meaning
  101. it would also be valid under our old assumptions.
  102. That should be enough, but we can also check that the
  103. V counts for at least 2/3 of the total votes in H'
  104. for extra safety (we can have a discussion if this is
  105. strictly required). If we can verify all this,
  106. then we can accept H' and V' as valid and use that to
  107. validate all blocks X > H'.
  108. 

  109. If we cannot update directly from H -> H' because there was
  110. too much change to the validator set, then we can look for
  111. some Hm (H < Hm < H') with a validator set Vm.  Then we try
  112. to update H -> Hm and Hm -> H' in two separate steps.
  113. If one of these steps doesn't work, then we continue
  114. bisecting, until we eventually have to externally
  115. validate the valdiator set changes at every block.
  116. 

  117. Since we never trust any server in this protocol, only the
  118. signatures themselves, it doesn't matter if the seed comes
  119. from a (possibly malicious) node or a (possibly malicious) user.
  120. We can accept it or reject it based only on our trusted
  121. validator set and cryptographic proofs. This makes it
  122. extremely important to verify that you have the proper
  123. validator set when initializing the client, as that is the
  124. root of all trust.
  125. 

  126. Or course, this assumes that the known block is within the
  127. unbonding period to avoid the "nothing at stake" problem.
  128. If you haven't seen the state in a few months, you will need
  129. to manually verify the new validator set hash using off-chain
  130. means (the same as getting the initial hash).
  131. 

  132. */
  133. package lite