zolfa
/
tendermint
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 221 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
122 Commits
183 Branches
291 MiB
Tree: 97928e190a
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '97928e190a'
${ noResults }
tendermint/rust-spec/lightclient/README.md

93 lines
4.4 KiB
Raw Normal View History

Current versions of light client specs from tendermint-rs (#158) * current versions of light client specs from tendermint-rs * markdown lint * linting * links * links * links Co-authored-by: Marko Baricevic <marbar3778@yahoo.com>
4 years ago
spec: update light client verification to match supervisor (#171) * VDD renaming of verification spec + links fixed * latest() * backwards * added TODOs * link in old file to new name * better text * revision done. needs one more round of reading * renamed constants in 001 according to TLA+ and impl * ready for PR * forgot linting * Update rust-spec/lightclient/verification/verification_002_draft.md * Update rust-spec/lightclient/verification/verification_002_draft.md * added lightstore function needed for supervisor * added lightstore functions for supervisor * ident * Update rust-spec/lightclient/verification/verification_002_draft.md
4 years ago
Current versions of light client specs from tendermint-rs (#158) * current versions of light client specs from tendermint-rs * markdown lint * linting * links * links * links Co-authored-by: Marko Baricevic <marbar3778@yahoo.com>
4 years ago
spec: update light client verification to match supervisor (#171) * VDD renaming of verification spec + links fixed * latest() * backwards * added TODOs * link in old file to new name * better text * revision done. needs one more round of reading * renamed constants in 001 according to TLA+ and impl * ready for PR * forgot linting * Update rust-spec/lightclient/verification/verification_002_draft.md * Update rust-spec/lightclient/verification/verification_002_draft.md * added lightstore function needed for supervisor * added lightstore functions for supervisor * ident * Update rust-spec/lightclient/verification/verification_002_draft.md
4 years ago
Current versions of light client specs from tendermint-rs (#158) * current versions of light client specs from tendermint-rs * markdown lint * linting * links * links * links Co-authored-by: Marko Baricevic <marbar3778@yahoo.com>
4 years ago
spec: Light client attack detector (#164) * start with new detection and evidence spec * more definitions at top * sketch of functions * pre post draft * evidence proof * typo * evidence theory polished * some TODOs resolved * more TODOs * links * second to last revision before PR * links * I will read once more and then make a PR * removed peer handling definitions * secondary * ready to review * detector ready for review * Update rust-spec/lightclient/detection/detection.md Co-authored-by: Zarko Milosevic <zarko@informal.systems> * Update rust-spec/lightclient/detection/detection.md Co-authored-by: Zarko Milosevic <zarko@informal.systems> * Update rust-spec/lightclient/detection/detection.md Co-authored-by: Zarko Milosevic <zarko@informal.systems> * Update rust-spec/lightclient/detection/detection.md Co-authored-by: Zarko Milosevic <zarko@informal.systems> * Update rust-spec/lightclient/detection/detection.md Co-authored-by: Zarko Milosevic <zarko@informal.systems> * Update rust-spec/lightclient/detection/detection.md Co-authored-by: Zarko Milosevic <zarko@informal.systems> * Update rust-spec/lightclient/detection/detection.md * skip-trace * PossibleCommit explained * Update rust-spec/lightclient/detection/detection.md Co-authored-by: Zarko Milosevic <zarko@informal.systems> * comments by Zarko * renamed and changed link in README Co-authored-by: Zarko Milosevic <zarko@informal.systems>
4 years ago
Current versions of light client specs from tendermint-rs (#158) * current versions of light client specs from tendermint-rs * markdown lint * linting * links * links * links Co-authored-by: Marko Baricevic <marbar3778@yahoo.com>
4 years ago
spec: Light client attack detector (#164) * start with new detection and evidence spec * more definitions at top * sketch of functions * pre post draft * evidence proof * typo * evidence theory polished * some TODOs resolved * more TODOs * links * second to last revision before PR * links * I will read once more and then make a PR * removed peer handling definitions * secondary * ready to review * detector ready for review * Update rust-spec/lightclient/detection/detection.md Co-authored-by: Zarko Milosevic <zarko@informal.systems> * Update rust-spec/lightclient/detection/detection.md Co-authored-by: Zarko Milosevic <zarko@informal.systems> * Update rust-spec/lightclient/detection/detection.md Co-authored-by: Zarko Milosevic <zarko@informal.systems> * Update rust-spec/lightclient/detection/detection.md Co-authored-by: Zarko Milosevic <zarko@informal.systems> * Update rust-spec/lightclient/detection/detection.md Co-authored-by: Zarko Milosevic <zarko@informal.systems> * Update rust-spec/lightclient/detection/detection.md Co-authored-by: Zarko Milosevic <zarko@informal.systems> * Update rust-spec/lightclient/detection/detection.md * skip-trace * PossibleCommit explained * Update rust-spec/lightclient/detection/detection.md Co-authored-by: Zarko Milosevic <zarko@informal.systems> * comments by Zarko * renamed and changed link in README Co-authored-by: Zarko Milosevic <zarko@informal.systems>
4 years ago
Current versions of light client specs from tendermint-rs (#158) * current versions of light client specs from tendermint-rs * markdown lint * linting * links * links * links Co-authored-by: Marko Baricevic <marbar3778@yahoo.com>
4 years ago
 
  1. # Light Client Specification

  2. 

  3. This directory contains work-in-progress English and TLA+ specifications for the Light Client
  4. protocol. Implementations of the light client can be found in
  5. [Rust](https://github.com/informalsystems/tendermint-rs/tree/master/light-client) and
  6. [Go](https://github.com/tendermint/tendermint/tree/master/light).
  7. 

  8. Light clients are assumed to be initialized once from a trusted source
  9. with a trusted header and validator set. The light client
  10. protocol allows a client to then securely update its trusted state by requesting and
  11. verifying a minimal set of data from a network of full nodes (at least one of which is correct).
  12. 

  13. The light client is decomposed into three components:
  14. 

  15. - Commit Verification - verify signed headers and associated validator set changes from a single full node
  16. - Fork Detection -  verify commits across multiple full nodes and detect conflicts (ie. the existence of forks)
  17. - Fork Accountability - given a fork, which validators are responsible for it.
  18. 

  19. ## Commit Verification

  20. 

  21. The [English specification](verification/verification_001_published.md) describes the light client
  22. commit verification problem in terms of the temporal properties
  23. [LCV-DIST-SAFE.1](https://github.com/informalsystems/tendermint-rs/blob/master/docs/spec/lightclient/verification/verification_001_published.md#lcv-dist-safe1) and
  24. [LCV-DIST-LIVE.1](https://github.com/informalsystems/tendermint-rs/blob/master/docs/spec/lightclient/verification/verification_001_published.md#lcv-dist-live1).
  25. Commit verification is assumed to operate within the Tendermint Failure Model, where +2/3 of validators are correct for some time period and
  26. validator sets can change arbitrarily at each height.
  27. 

  28. A light client protocol is also provided, including all checks that
  29. need to be performed on headers, commits, and validator sets
  30. to satisfy the temporal properties - so a light client can continuously
  31. synchronize with a blockchain. Clients can skip possibly
  32. many intermediate headers by exploiting overlap in trusted and untrusted validator sets.
  33. When there is not enough overlap, a bisection routine can be used to find a
  34. minimal set of headers that do provide the required overlap.
  35. 

  36. The [TLA+ specification](verification/Lightclient_A_1.tla) is a formal description of the
  37. commit verification protocol executed by a client, including the safety and
  38. liveness properties, which can be model checked with Apalache.
  39. 

  40. The `MC*.tla` files contain concrete parameters for the
  41. [TLA+ specification](verification/Lightclient_A_1.tla), in order to do model checking.
  42. For instance, [MC4_3_faulty.tla](verification/MC4_3_faulty.tla) contains the following parameters
  43. for the nodes, heights, the trusting period, and correctness of the primary node:
  44. 

  45. ```tla
  46. AllNodes == {"n1", "n2", "n3", "n4"}
  47. TRUSTED_HEIGHT == 1
  48. TARGET_HEIGHT == 3
  49. TRUSTING_PERIOD == 1400 \* two weeks, one day is 100 time units :-)
  50. IS_PRIMARY_CORRECT == FALSE
  51. ```
  52. 

  53. To run a complete set of experiments, clone [apalache](https://github.com/informalsystems/apalache) and [apalache-tests](https://github.com/informalsystems/apalache-tests) into a directory `$DIR` and run the following commands:
  54. 

  55. ```sh
  56. $DIR/apalache-tests/scripts/mk-run.py --memlimit 28 001bmc-apalache.csv $DIR/apalache . out
  57. ./out/run-all.sh
  58. ```
  59. 

  60. After the experiments have finished, you can collect the logs by executing the following command:
  61. 

  62. ```sh
  63. cd ./out
  64. $DIR/apalache-tests/scripts/parse-logs.py --human .
  65. ```
  66. 

  67. The following table summarizes the experimental results. The TLA+ properties can be found in the
  68. [TLA+ specification](verification/Lightclient_A_1.tla).
  69.  The experiments were run in an AWS instance equipped with 32GB
  70. RAM and a 4-core Intel® Xeon® CPU E5-2686 v4 @ 2.30GHz CPU.
  71. We write “✗=k” when a bug is reported at depth k, and “✓<=k” when
  72. no bug is reported up to depth k.
  73. 

  74. ![Experimental results](experiments.png)
  75. 

  76. ## Attack Detection

  77. 

  78. This is a work-in-progress draft.
  79. 

  80. The [English specification](detection/detection_001_reviewed.md)
  81. defines blockchain forks and light client attacks, and describes
  82. the problem of a light client detecting them from communication with a network
  83. of full nodes, where at least one is correct.
  84. 

  85. There is no TLA+ yet.
  86. 

  87. ## Fork Accountability

  88. 

  89. There is no English specification yet. TODO: Jovan's work?
  90. 

  91. TODO: there is a WIP [TLA+
  92. specification](https://github.com/informalsystems/verification/pull/13) in the
  93. verification repo that should be moved over here.