Browse Source

update spec with the removal of phantom validator evidence (#126)

pull/7804/head
Callum Waters 4 years ago
committed by GitHub
parent
commit
31b182b7aa
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 7 additions and 13 deletions
  1. +6
    -0
      spec/consensus/light-client/accountability.md
  2. +1
    -13
      spec/core/data_structures.md

+ 6
- 0
spec/consensus/light-client/accountability.md View File

@ -310,6 +310,12 @@ Consequences:
**Remark.** We can have phantom-validator-based attacks as a follow up of equivocation or amnesia based attack where forked state contains validators that are not part of the validator set at the main chain. In this case, they keep signing messages contributed to a forked chain (the wrong branch) although they are not part of the validator set on the main chain. This attack can also be used to attack full node during a period of time it is eclipsed. **Remark.** We can have phantom-validator-based attacks as a follow up of equivocation or amnesia based attack where forked state contains validators that are not part of the validator set at the main chain. In this case, they keep signing messages contributed to a forked chain (the wrong branch) although they are not part of the validator set on the main chain. This attack can also be used to attack full node during a period of time it is eclipsed.
**Remark.** Phantom validator evidence has been removed from implementation as it was deemed, although possibly a plausible form of evidence, not relevant. Any attack on
the light client involving a phantom validator will have needed to be initiated by 1/3+ lunatic
validators that can forge a new validator set that includes the phantom validator. Only in
that case will the light client accept the phantom validators vote. We need only worry about
punishing the 1/3+ lunatic cabal, that is the root cause of the attack.
### Lunatic validator ### Lunatic validator
Lunatic validator agrees to sign commit messages for arbitrary application state. It is used to attack light clients. Lunatic validator agrees to sign commit messages for arbitrary application state. It is used to attack light clients.


+ 1
- 13
spec/core/data_structures.md View File

@ -236,7 +236,7 @@ type DuplicateVoteEvidence struct {
`AmnesiaEvidence` represents a validator that has incorrectly voted for another block in a `AmnesiaEvidence` represents a validator that has incorrectly voted for another block in a
different round to the the block that the validator was previously locked on. This form different round to the the block that the validator was previously locked on. This form
of evidence is generated differently from the rest. See this of evidence is generated differently from the rest. See this
[ADR](https://github.com/tendermint/tendermint/blob/master/docs/architecture/adr-056-proving-amnesia-attacks.md).
[ADR](https://github.com/tendermint/tendermint/blob/master/docs/architecture/adr-056-proving-amnesia-attacks.md) for more information.
```go ```go
type AmnesiaEvidence struct { type AmnesiaEvidence struct {
@ -256,18 +256,6 @@ type LunaticValidatorEvidence struct {
} }
``` ```
`PhantomValidatorEvidence` represents a validator that has signed for a block where it was not part of the validator set.
This attack also only applies to Light clients. Phantom validators must still be staked. `LastHeightValidatorWasInSet`
indicated the height that they last voted.
```go
type PhantomValidatorEvidence struct {
Vote *Vote
LastHeightValidatorWasInSet int64
}
```
## Validation ## Validation
Here we describe the validation rules for every element in a block. Here we describe the validation rules for every element in a block.


Loading…
Cancel
Save