You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

501 lines
13 KiB

7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
6 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
  1. # Blockchain
  2. Here we describe the data structures in the Tendermint blockchain and the rules for validating them.
  3. ## Data Structures
  4. The Tendermint blockchains consists of a short list of basic data types:
  5. - `Block`
  6. - `Header`
  7. - `Version`
  8. - `BlockID`
  9. - `Time`
  10. - `Data` (for transactions)
  11. - `Commit` and `Vote`
  12. - `EvidenceData` and `Evidence`
  13. ## Block
  14. A block consists of a header, transactions, votes (the commit),
  15. and a list of evidence of malfeasance (ie. signing conflicting votes).
  16. ```go
  17. type Block struct {
  18. Header Header
  19. Txs Data
  20. Evidence EvidenceData
  21. LastCommit Commit
  22. }
  23. ```
  24. Note the `LastCommit` is the set of votes that committed the last block.
  25. ## Header
  26. A block header contains metadata about the block and about the consensus, as well as commitments to
  27. the data in the current block, the previous block, and the results returned by the application:
  28. ```go
  29. type Header struct {
  30. // basic block info
  31. Version Version
  32. ChainID string
  33. Height int64
  34. Time Time
  35. NumTxs int64
  36. TotalTxs int64
  37. // prev block info
  38. LastBlockID BlockID
  39. // hashes of block data
  40. LastCommitHash []byte // commit from validators from the last block
  41. DataHash []byte // Merkle root of transactions
  42. // hashes from the app output from the prev block
  43. ValidatorsHash []byte // validators for the current block
  44. NextValidatorsHash []byte // validators for the next block
  45. ConsensusHash []byte // consensus params for current block
  46. AppHash []byte // state after txs from the previous block
  47. LastResultsHash []byte // root hash of all results from the txs from the previous block
  48. // consensus info
  49. EvidenceHash []byte // evidence included in the block
  50. ProposerAddress []byte // original proposer of the block
  51. ```
  52. Further details on each of these fields is described below.
  53. ## Version
  54. The `Version` contains the protocol version for the blockchain and the
  55. application as two `uint64` values:
  56. ```go
  57. type Version struct {
  58. Block uint64
  59. App uint64
  60. }
  61. ```
  62. ## BlockID
  63. The `BlockID` contains two distinct Merkle roots of the block.
  64. The first, used as the block's main hash, is the Merkle root
  65. of all the fields in the header. The second, used for secure gossipping of
  66. the block during consensus, is the Merkle root of the complete serialized block
  67. cut into parts. The `BlockID` includes these two hashes, as well as the number of
  68. parts.
  69. ```go
  70. type BlockID struct {
  71. Hash []byte
  72. Parts PartsHeader
  73. }
  74. type PartsHeader struct {
  75. Hash []byte
  76. Total int32
  77. }
  78. ```
  79. TODO: link to details of merkle sums.
  80. ## Time
  81. Tendermint uses the
  82. [Google.Protobuf.WellKnownTypes.Timestamp](https://developers.google.com/protocol-buffers/docs/reference/csharp/class/google/protobuf/well-known-types/timestamp)
  83. format, which uses two integers, one for Seconds and for Nanoseconds.
  84. NOTE: there is currently a small divergence between Tendermint and the
  85. Google.Protobuf.WellKnownTypes.Timestamp that should be resolved. See [this
  86. issue](https://github.com/tendermint/go-amino/issues/223) for details.
  87. ## Data
  88. Data is just a wrapper for a list of transactions, where transactions are
  89. arbitrary byte arrays:
  90. ```
  91. type Data struct {
  92. Txs [][]byte
  93. }
  94. ```
  95. ## Commit
  96. Commit is a simple wrapper for a list of votes, with one vote for each
  97. validator. It also contains the relevant BlockID:
  98. ```
  99. type Commit struct {
  100. BlockID BlockID
  101. Precommits []Vote
  102. }
  103. ```
  104. NOTE: this will likely change to reduce the commit size by eliminating redundant
  105. information - see [issue #1648](https://github.com/tendermint/tendermint/issues/1648).
  106. ## Vote
  107. A vote is a signed message from a validator for a particular block.
  108. The vote includes information about the validator signing it.
  109. ```go
  110. type Vote struct {
  111. Type SignedMsgType // byte
  112. Height int64
  113. Round int
  114. Timestamp time.Time
  115. BlockID BlockID
  116. ValidatorAddress Address
  117. ValidatorIndex int
  118. Signature []byte
  119. }
  120. ```
  121. There are two types of votes:
  122. a _prevote_ has `vote.Type == 1` and
  123. a _precommit_ has `vote.Type == 2`.
  124. ## Signature
  125. Signatures in Tendermint are raw bytes representing the underlying signature.
  126. The only signature scheme currently supported for Tendermint validators is
  127. ED25519. The signature is the raw 64-byte ED25519 signature.
  128. ## EvidenceData
  129. EvidenceData is a simple wrapper for a list of evidence:
  130. ```
  131. type EvidenceData struct {
  132. Evidence []Evidence
  133. }
  134. ```
  135. ## Evidence
  136. Evidence in Tendermint is implemented as an interface.
  137. This means any evidence is encoded using its Amino prefix.
  138. There is currently only a single type, the `DuplicateVoteEvidence`.
  139. ```
  140. // amino name: "tendermint/DuplicateVoteEvidence"
  141. type DuplicateVoteEvidence struct {
  142. PubKey PubKey
  143. VoteA Vote
  144. VoteB Vote
  145. }
  146. ```
  147. ## Validation
  148. Here we describe the validation rules for every element in a block.
  149. Blocks which do not satisfy these rules are considered invalid.
  150. We abuse notation by using something that looks like Go, supplemented with English.
  151. A statement such as `x == y` is an assertion - if it fails, the item is invalid.
  152. We refer to certain globally available objects:
  153. `block` is the block under consideration,
  154. `prevBlock` is the `block` at the previous height,
  155. and `state` keeps track of the validator set, the consensus parameters
  156. and other results from the application. At the point when `block` is the block under consideration,
  157. the current version of the `state` corresponds to the state
  158. after executing transactions from the `prevBlock`.
  159. Elements of an object are accessed as expected,
  160. ie. `block.Header`.
  161. See [here](https://github.com/tendermint/tendermint/blob/master/docs/spec/blockchain/state.md) for the definition of `state`.
  162. ### Header
  163. A Header is valid if its corresponding fields are valid.
  164. ### Version
  165. ```
  166. block.Version.Block == state.Version.Block
  167. block.Version.App == state.Version.App
  168. ```
  169. The block version must match the state version.
  170. ### ChainID
  171. ```
  172. len(block.ChainID) < 50
  173. ```
  174. ChainID must be maximum 50 UTF-8 symbols.
  175. ### Height
  176. ```go
  177. block.Header.Height > 0
  178. block.Header.Height == prevBlock.Header.Height + 1
  179. ```
  180. The height is an incrementing integer. The first block has `block.Header.Height == 1`.
  181. ### Time
  182. ```
  183. block.Header.Timestamp >= prevBlock.Header.Timestamp + 1 ms
  184. block.Header.Timestamp == MedianTime(block.LastCommit, state.LastValidators)
  185. ```
  186. The block timestamp must be monotonic.
  187. It must equal the weighted median of the timestamps of the valid votes in the block.LastCommit.
  188. Note: the timestamp of a vote must be greater by at least one millisecond than that of the
  189. block being voted on.
  190. The timestamp of the first block must be equal to the genesis time (since
  191. there's no votes to compute the median).
  192. ```
  193. if block.Header.Height == 1 {
  194. block.Header.Timestamp == genesisTime
  195. }
  196. ```
  197. See the section on [BFT time](../consensus/bft-time.md) for more details.
  198. ### NumTxs
  199. ```go
  200. block.Header.NumTxs == len(block.Txs.Txs)
  201. ```
  202. Number of transactions included in the block.
  203. ### TotalTxs
  204. ```go
  205. block.Header.TotalTxs == prevBlock.Header.TotalTxs + block.Header.NumTxs
  206. ```
  207. The cumulative sum of all transactions included in this blockchain.
  208. The first block has `block.Header.TotalTxs = block.Header.NumberTxs`.
  209. ### LastBlockID
  210. LastBlockID is the previous block's BlockID:
  211. ```go
  212. prevBlockParts := MakeParts(prevBlock, state.LastConsensusParams.BlockGossip.BlockPartSize)
  213. block.Header.LastBlockID == BlockID {
  214. Hash: SimpleMerkleRoot(prevBlock.Header),
  215. PartsHeader{
  216. Hash: SimpleMerkleRoot(prevBlockParts),
  217. Total: len(prevBlockParts),
  218. },
  219. }
  220. ```
  221. Note: it depends on the ConsensusParams,
  222. which are held in the `state` and may be updated by the application.
  223. The first block has `block.Header.LastBlockID == BlockID{}`.
  224. ### LastCommitHash
  225. ```go
  226. block.Header.LastCommitHash == SimpleMerkleRoot(block.LastCommit)
  227. ```
  228. Simple Merkle root of the votes included in the block.
  229. These are the votes that committed the previous block.
  230. The first block has `block.Header.LastCommitHash == []byte{}`
  231. ### DataHash
  232. ```go
  233. block.Header.DataHash == SimpleMerkleRoot(block.Txs.Txs)
  234. ```
  235. Simple Merkle root of the transactions included in the block.
  236. ### ValidatorsHash
  237. ```go
  238. block.ValidatorsHash == SimpleMerkleRoot(state.Validators)
  239. ```
  240. Simple Merkle root of the current validator set that is committing the block.
  241. This can be used to validate the `LastCommit` included in the next block.
  242. ### NextValidatorsHash
  243. ```go
  244. block.NextValidatorsHash == SimpleMerkleRoot(state.NextValidators)
  245. ```
  246. Simple Merkle root of the next validator set that will be the validator set that commits the next block.
  247. This is included so that the current validator set gets a chance to sign the
  248. next validator sets Merkle root.
  249. ### ConsensusParamsHash
  250. ```go
  251. block.ConsensusParamsHash == TMHASH(amino(state.ConsensusParams))
  252. ```
  253. Hash of the amino-encoded consensus parameters.
  254. ### AppHash
  255. ```go
  256. block.AppHash == state.AppHash
  257. ```
  258. Arbitrary byte array returned by the application after executing and commiting the previous block. It serves as the basis for validating any merkle proofs that comes from the ABCI application and represents the state of the actual application rather than the state of the blockchain itself.
  259. The first block has `block.Header.AppHash == []byte{}`.
  260. ### LastResultsHash
  261. ```go
  262. block.ResultsHash == SimpleMerkleRoot(state.LastResults)
  263. ```
  264. Simple Merkle root of the results of the transactions in the previous block.
  265. The first block has `block.Header.ResultsHash == []byte{}`.
  266. ## EvidenceHash
  267. ```go
  268. block.EvidenceHash == SimpleMerkleRoot(block.Evidence)
  269. ```
  270. Simple Merkle root of the evidence of Byzantine behaviour included in this block.
  271. ### ProposerAddress
  272. ```go
  273. block.Header.ProposerAddress in state.Validators
  274. ```
  275. Address of the original proposer of the block. Must be a current validator.
  276. ## Txs
  277. Arbitrary length array of arbitrary length byte-arrays.
  278. ## LastCommit
  279. The first height is an exception - it requires the LastCommit to be empty:
  280. ```go
  281. if block.Header.Height == 1 {
  282. len(b.LastCommit) == 0
  283. }
  284. ```
  285. Otherwise, we require:
  286. ```go
  287. len(block.LastCommit) == len(state.LastValidators)
  288. talliedVotingPower := 0
  289. for i, vote := range block.LastCommit{
  290. if vote == nil{
  291. continue
  292. }
  293. vote.Type == 2
  294. vote.Height == block.LastCommit.Height()
  295. vote.Round == block.LastCommit.Round()
  296. vote.BlockID == block.LastBlockID
  297. val := state.LastValidators[i]
  298. vote.Verify(block.ChainID, val.PubKey) == true
  299. talliedVotingPower += val.VotingPower
  300. }
  301. talliedVotingPower > (2/3) * TotalVotingPower(state.LastValidators)
  302. ```
  303. Includes one (possibly nil) vote for every current validator.
  304. Non-nil votes must be Precommits.
  305. All votes must be for the same height and round.
  306. All votes must be for the previous block.
  307. All votes must have a valid signature from the corresponding validator.
  308. The sum total of the voting power of the validators that voted
  309. must be greater than 2/3 of the total voting power of the complete validator set.
  310. ### Vote
  311. A vote is a signed message broadcast in the consensus for a particular block at a particular height and round.
  312. When stored in the blockchain or propagated over the network, votes are encoded in Amino.
  313. For signing, votes are represented via `CanonicalVote` and also encoded using amino (protobuf compatible) via
  314. `Vote.SignBytes` which includes the `ChainID`, and uses a different ordering of
  315. the fields.
  316. We define a method `Verify` that returns `true` if the signature verifies against the pubkey for the `SignBytes`
  317. using the given ChainID:
  318. ```go
  319. func (vote *Vote) Verify(chainID string, pubKey crypto.PubKey) error {
  320. if !bytes.Equal(pubKey.Address(), vote.ValidatorAddress) {
  321. return ErrVoteInvalidValidatorAddress
  322. }
  323. if !pubKey.VerifyBytes(vote.SignBytes(chainID), vote.Signature) {
  324. return ErrVoteInvalidSignature
  325. }
  326. return nil
  327. }
  328. ```
  329. where `pubKey.Verify` performs the appropriate digital signature verification of the `pubKey`
  330. against the given signature and message bytes.
  331. ## Evidence
  332. There is currently only one kind of evidence, `DuplicateVoteEvidence`.
  333. DuplicateVoteEvidence `ev` is valid if
  334. - `ev.VoteA` and `ev.VoteB` can be verified with `ev.PubKey`
  335. - `ev.VoteA` and `ev.VoteB` have the same `Height, Round, Address, Index, Type`
  336. - `ev.VoteA.BlockID != ev.VoteB.BlockID`
  337. - `(block.Height - ev.VoteA.Height) < MAX_EVIDENCE_AGE`
  338. # Execution
  339. Once a block is validated, it can be executed against the state.
  340. The state follows this recursive equation:
  341. ```go
  342. state(1) = InitialState
  343. state(h+1) <- Execute(state(h), ABCIApp, block(h))
  344. ```
  345. where `InitialState` includes the initial consensus parameters and validator set,
  346. and `ABCIApp` is an ABCI application that can return results and changes to the validator
  347. set (TODO). Execute is defined as:
  348. ```go
  349. Execute(s State, app ABCIApp, block Block) State {
  350. // Fuction ApplyBlock executes block of transactions against the app and returns the new root hash of the app state,
  351. // modifications to the validator set and the changes of the consensus parameters.
  352. AppHash, ValidatorChanges, ConsensusParamChanges := app.ApplyBlock(block)
  353. return State{
  354. LastResults: abciResponses.DeliverTxResults,
  355. AppHash: AppHash,
  356. LastValidators: state.Validators,
  357. Validators: state.NextValidators,
  358. NextValidators: UpdateValidators(state.NextValidators, ValidatorChanges),
  359. ConsensusParams: UpdateConsensusParams(state.ConsensusParams, ConsensusParamChanges),
  360. }
  361. }
  362. ```