You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

334 lines
16 KiB

7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
  1. # What is Tendermint?
  2. DEPRECATED! See [What is Tendermint?](what-is-tendermint.md).
  3. Tendermint is software for securely and consistently replicating an
  4. application on many machines. By securely, we mean that Tendermint works
  5. even if up to 1/3 of machines fail in arbitrary ways. By consistently,
  6. we mean that every non-faulty machine sees the same transaction log and
  7. computes the same state. Secure and consistent replication is a
  8. fundamental problem in distributed systems; it plays a critical role in
  9. the fault tolerance of a broad range of applications, from currencies,
  10. to elections, to infrastructure orchestration, and beyond.
  11. The ability to tolerate machines failing in arbitrary ways, including
  12. becoming malicious, is known as Byzantine fault tolerance (BFT). The
  13. theory of BFT is decades old, but software implementations have only
  14. became popular recently, due largely to the success of "blockchain
  15. technology" like Bitcoin and Ethereum. Blockchain technology is just a
  16. reformalization of BFT in a more modern setting, with emphasis on
  17. peer-to-peer networking and cryptographic authentication. The name
  18. derives from the way transactions are batched in blocks, where each
  19. block contains a cryptographic hash of the previous one, forming a
  20. chain. In practice, the blockchain data structure actually optimizes BFT
  21. design.
  22. Tendermint consists of two chief technical components: a blockchain
  23. consensus engine and a generic application interface. The consensus
  24. engine, called Tendermint Core, ensures that the same transactions are
  25. recorded on every machine in the same order. The application interface,
  26. called the Application BlockChain Interface (ABCI), enables the
  27. transactions to be processed in any programming language. Unlike other
  28. blockchain and consensus solutions, which come pre-packaged with built
  29. in state machines (like a fancy key-value store, or a quirky scripting
  30. language), developers can use Tendermint for BFT state machine
  31. replication of applications written in whatever programming language and
  32. development environment is right for them.
  33. Tendermint is designed to be easy-to-use, simple-to-understand, highly
  34. performant, and useful for a wide variety of distributed applications.
  35. ## Tendermint vs. X
  36. Tendermint is broadly similar to two classes of software. The first
  37. class consists of distributed key-value stores, like Zookeeper, etcd,
  38. and consul, which use non-BFT consensus. The second class is known as
  39. "blockchain technology", and consists of both cryptocurrencies like
  40. Bitcoin and Ethereum, and alternative distributed ledger designs like
  41. Hyperledger's Burrow.
  42. ### Zookeeper, etcd, consul
  43. Zookeeper, etcd, and consul are all implementations of a key-value store
  44. atop a classical, non-BFT consensus algorithm. Zookeeper uses a version
  45. of Paxos called Zookeeper Atomic Broadcast, while etcd and consul use
  46. the Raft consensus algorithm, which is much younger and simpler. A
  47. typical cluster contains 3-5 machines, and can tolerate crash failures
  48. in up to 1/2 of the machines, but even a single Byzantine fault can
  49. destroy the system.
  50. Each offering provides a slightly different implementation of a
  51. featureful key-value store, but all are generally focused around
  52. providing basic services to distributed systems, such as dynamic
  53. configuration, service discovery, locking, leader-election, and so on.
  54. Tendermint is in essence similar software, but with two key differences:
  55. - It is Byzantine Fault Tolerant, meaning it can only tolerate up to a
  56. 1/3 of failures, but those failures can include arbitrary behaviour -
  57. including hacking and malicious attacks. - It does not specify a
  58. particular application, like a fancy key-value store. Instead, it
  59. focuses on arbitrary state machine replication, so developers can build
  60. the application logic that's right for them, from key-value store to
  61. cryptocurrency to e-voting platform and beyond.
  62. The layout of this Tendermint website content is also ripped directly
  63. and without shame from [consul.io](https://www.consul.io/) and the other
  64. [Hashicorp sites](https://www.hashicorp.com/#tools).
  65. ### Bitcoin, Ethereum, etc.
  66. Tendermint emerged in the tradition of cryptocurrencies like Bitcoin,
  67. Ethereum, etc. with the goal of providing a more efficient and secure
  68. consensus algorithm than Bitcoin's Proof of Work. In the early days,
  69. Tendermint had a simple currency built in, and to participate in
  70. consensus, users had to "bond" units of the currency into a security
  71. deposit which could be revoked if they misbehaved -this is what made
  72. Tendermint a Proof-of-Stake algorithm.
  73. Since then, Tendermint has evolved to be a general purpose blockchain
  74. consensus engine that can host arbitrary application states. That means
  75. it can be used as a plug-and-play replacement for the consensus engines
  76. of other blockchain software. So one can take the current Ethereum code
  77. base, whether in Rust, or Go, or Haskell, and run it as a ABCI
  78. application using Tendermint consensus. Indeed, [we did that with
  79. Ethereum](https://github.com/cosmos/ethermint). And we plan to do
  80. the same for Bitcoin, ZCash, and various other deterministic
  81. applications as well.
  82. Another example of a cryptocurrency application built on Tendermint is
  83. [the Cosmos network](http://cosmos.network).
  84. ### Other Blockchain Projects
  85. [Fabric](https://github.com/hyperledger/fabric) takes a similar approach
  86. to Tendermint, but is more opinionated about how the state is managed,
  87. and requires that all application behaviour runs in potentially many
  88. docker containers, modules it calls "chaincode". It uses an
  89. implementation of [PBFT](http://pmg.csail.mit.edu/papers/osdi99.pdf).
  90. from a team at IBM that is [augmented to handle potentially
  91. non-deterministic
  92. chaincode](https://www.zurich.ibm.com/~cca/papers/sieve.pdf) It is
  93. possible to implement this docker-based behaviour as a ABCI app in
  94. Tendermint, though extending Tendermint to handle non-determinism
  95. remains for future work.
  96. [Burrow](https://github.com/hyperledger/burrow) is an implementation of
  97. the Ethereum Virtual Machine and Ethereum transaction mechanics, with
  98. additional features for a name-registry, permissions, and native
  99. contracts, and an alternative blockchain API. It uses Tendermint as its
  100. consensus engine, and provides a particular application state.
  101. ## ABCI Overview
  102. The [Application BlockChain Interface
  103. (ABCI)](https://github.com/tendermint/tendermint/tree/master/abci)
  104. allows for Byzantine Fault Tolerant replication of applications
  105. written in any programming language.
  106. ### Motivation
  107. Thus far, all blockchains "stacks" (such as
  108. [Bitcoin](https://github.com/bitcoin/bitcoin)) have had a monolithic
  109. design. That is, each blockchain stack is a single program that handles
  110. all the concerns of a decentralized ledger; this includes P2P
  111. connectivity, the "mempool" broadcasting of transactions, consensus on
  112. the most recent block, account balances, Turing-complete contracts,
  113. user-level permissions, etc.
  114. Using a monolithic architecture is typically bad practice in computer
  115. science. It makes it difficult to reuse components of the code, and
  116. attempts to do so result in complex maintenance procedures for forks of
  117. the codebase. This is especially true when the codebase is not modular
  118. in design and suffers from "spaghetti code".
  119. Another problem with monolithic design is that it limits you to the
  120. language of the blockchain stack (or vice versa). In the case of
  121. Ethereum which supports a Turing-complete bytecode virtual-machine, it
  122. limits you to languages that compile down to that bytecode; today, those
  123. are Serpent and Solidity.
  124. In contrast, our approach is to decouple the consensus engine and P2P
  125. layers from the details of the application state of the particular
  126. blockchain application. We do this by abstracting away the details of
  127. the application to an interface, which is implemented as a socket
  128. protocol.
  129. Thus we have an interface, the Application BlockChain Interface (ABCI),
  130. and its primary implementation, the Tendermint Socket Protocol (TSP, or
  131. Teaspoon).
  132. ### Intro to ABCI
  133. [Tendermint Core](https://github.com/tendermint/tendermint) (the
  134. "consensus engine") communicates with the application via a socket
  135. protocol that satisfies the ABCI.
  136. To draw an analogy, lets talk about a well-known cryptocurrency,
  137. Bitcoin. Bitcoin is a cryptocurrency blockchain where each node
  138. maintains a fully audited Unspent Transaction Output (UTXO) database. If
  139. one wanted to create a Bitcoin-like system on top of ABCI, Tendermint
  140. Core would be responsible for
  141. - Sharing blocks and transactions between nodes
  142. - Establishing a canonical/immutable order of transactions
  143. (the blockchain)
  144. The application will be responsible for
  145. - Maintaining the UTXO database
  146. - Validating cryptographic signatures of transactions
  147. - Preventing transactions from spending non-existent transactions
  148. - Allowing clients to query the UTXO database.
  149. Tendermint is able to decompose the blockchain design by offering a very
  150. simple API (ie. the ABCI) between the application process and consensus
  151. process.
  152. The ABCI consists of 3 primary message types that get delivered from the
  153. core to the application. The application replies with corresponding
  154. response messages.
  155. The messages are specified here: [ABCI Message
  156. Types](https://github.com/tendermint/tendermint/blob/master/abci/README.md#message-types).
  157. The **DeliverTx** message is the work horse of the application. Each
  158. transaction in the blockchain is delivered with this message. The
  159. application needs to validate each transaction received with the
  160. **DeliverTx** message against the current state, application protocol,
  161. and the cryptographic credentials of the transaction. A validated
  162. transaction then needs to update the application state — by binding a
  163. value into a key values store, or by updating the UTXO database, for
  164. instance.
  165. The **CheckTx** message is similar to **DeliverTx**, but it's only for
  166. validating transactions. Tendermint Core's mempool first checks the
  167. validity of a transaction with **CheckTx**, and only relays valid
  168. transactions to its peers. For instance, an application may check an
  169. incrementing sequence number in the transaction and return an error upon
  170. **CheckTx** if the sequence number is old. Alternatively, they might use
  171. a capabilities based system that requires capabilities to be renewed
  172. with every transaction.
  173. The **Commit** message is used to compute a cryptographic commitment to
  174. the current application state, to be placed into the next block header.
  175. This has some handy properties. Inconsistencies in updating that state
  176. will now appear as blockchain forks which catches a whole class of
  177. programming errors. This also simplifies the development of secure
  178. lightweight clients, as Merkle-hash proofs can be verified by checking
  179. against the block hash, and that the block hash is signed by a quorum.
  180. There can be multiple ABCI socket connections to an application.
  181. Tendermint Core creates three ABCI connections to the application; one
  182. for the validation of transactions when broadcasting in the mempool, one
  183. for the consensus engine to run block proposals, and one more for
  184. querying the application state.
  185. It's probably evident that applications designers need to very carefully
  186. design their message handlers to create a blockchain that does anything
  187. useful but this architecture provides a place to start. The diagram
  188. below illustrates the flow of messages via ABCI.
  189. ![](../imgs/abci.png)
  190. ## A Note on Determinism
  191. The logic for blockchain transaction processing must be deterministic.
  192. If the application logic weren't deterministic, consensus would not be
  193. reached among the Tendermint Core replica nodes.
  194. Solidity on Ethereum is a great language of choice for blockchain
  195. applications because, among other reasons, it is a completely
  196. deterministic programming language. However, it's also possible to
  197. create deterministic applications using existing popular languages like
  198. Java, C++, Python, or Go. Game programmers and blockchain developers are
  199. already familiar with creating deterministic programs by avoiding
  200. sources of non-determinism such as:
  201. - random number generators (without deterministic seeding)
  202. - race conditions on threads (or avoiding threads altogether)
  203. - the system clock
  204. - uninitialized memory (in unsafe programming languages like C
  205. or C++)
  206. - [floating point
  207. arithmetic](http://gafferongames.com/networking-for-game-programmers/floating-point-determinism/)
  208. - language features that are random (e.g. map iteration in Go)
  209. While programmers can avoid non-determinism by being careful, it is also
  210. possible to create a special linter or static analyzer for each language
  211. to check for determinism. In the future we may work with partners to
  212. create such tools.
  213. ## Consensus Overview
  214. Tendermint is an easy-to-understand, mostly asynchronous, BFT consensus
  215. protocol. The protocol follows a simple state machine that looks like
  216. this:
  217. ![](../imgs/consensus_logic.png)
  218. Participants in the protocol are called **validators**; they take turns
  219. proposing blocks of transactions and voting on them. Blocks are
  220. committed in a chain, with one block at each **height**. A block may
  221. fail to be committed, in which case the protocol moves to the next
  222. **round**, and a new validator gets to propose a block for that height.
  223. Two stages of voting are required to successfully commit a block; we
  224. call them **pre-vote** and **pre-commit**. A block is committed when
  225. more than 2/3 of validators pre-commit for the same block in the same
  226. round.
  227. There is a picture of a couple doing the polka because validators are
  228. doing something like a polka dance. When more than two-thirds of the
  229. validators pre-vote for the same block, we call that a **polka**. Every
  230. pre-commit must be justified by a polka in the same round.
  231. Validators may fail to commit a block for a number of reasons; the
  232. current proposer may be offline, or the network may be slow. Tendermint
  233. allows them to establish that a validator should be skipped. Validators
  234. wait a small amount of time to receive a complete proposal block from
  235. the proposer before voting to move to the next round. This reliance on a
  236. timeout is what makes Tendermint a weakly synchronous protocol, rather
  237. than an asynchronous one. However, the rest of the protocol is
  238. asynchronous, and validators only make progress after hearing from more
  239. than two-thirds of the validator set. A simplifying element of
  240. Tendermint is that it uses the same mechanism to commit a block as it
  241. does to skip to the next round.
  242. Assuming less than one-third of the validators are Byzantine, Tendermint
  243. guarantees that safety will never be violated - that is, validators will
  244. never commit conflicting blocks at the same height. To do this it
  245. introduces a few **locking** rules which modulate which paths can be
  246. followed in the flow diagram. Once a validator precommits a block, it is
  247. locked on that block. Then,
  248. 1. it must prevote for the block it is locked on
  249. 2. it can only unlock, and precommit for a new block, if there is a
  250. polka for that block in a later round
  251. ## Stake
  252. In many systems, not all validators will have the same "weight" in the
  253. consensus protocol. Thus, we are not so much interested in one-third or
  254. two-thirds of the validators, but in those proportions of the total
  255. voting power, which may not be uniformly distributed across individual
  256. validators.
  257. Since Tendermint can replicate arbitrary applications, it is possible to
  258. define a currency, and denominate the voting power in that currency.
  259. When voting power is denominated in a native currency, the system is
  260. often referred to as Proof-of-Stake. Validators can be forced, by logic
  261. in the application, to "bond" their currency holdings in a security
  262. deposit that can be destroyed if they're found to misbehave in the
  263. consensus protocol. This adds an economic element to the security of the
  264. protocol, allowing one to quantify the cost of violating the assumption
  265. that less than one-third of voting power is Byzantine.
  266. The [Cosmos Network](https://cosmos.network) is designed to use this
  267. Proof-of-Stake mechanism across an array of cryptocurrencies implemented
  268. as ABCI applications.
  269. The following diagram is Tendermint in a (technical) nutshell. [See here
  270. for high resolution
  271. version](https://github.com/mobfoundry/hackatom/blob/master/tminfo.pdf).
  272. ![](../imgs/tm-transaction-flow.png)