Commit Graph

296 Commits

Author SHA1 Message Date
Etan Kissling 56363cd94a
Define libp2p protocol for light client sync
While the current Altair specs define structures to aid light client
development, one missing key aspect is the network protocol definition.

Certain implementations have started defining their own REST based APIs,
e.g., Lodestar at https://github.com/ChainSafe/lodestar/blob/master/packages/api/src/routes/lightclient.ts
While such APIs are useful, REST does not seem to be the ideomatic
choice as the sole API available at such a low level for Ethereum.

This patch introduces a libp2p based protocol to allow light clients to
sync to the latest `BeaconBlockHeader` in a trustless and decentralized
manner, building on top of prior work from:
- @hwwhww at https://github.com/ethereum/consensus-specs/pull/2267
- @jinfwhuang at https://github.com/ethereum/consensus-specs/pull/2786
- Lodestar's REST API (also has an endpoint to fetch merkle proofs!)
2022-07-22 17:56:41 +02:00
Etan Kissling 8ced2c3ae1
Remove newlines between items for visual consistency 2022-07-22 17:46:07 +02:00
Etan Kissling 78d336e28d
Describe light client sync process
Provides documentation about the process that a light client may use to
sync a local `LightClientStore`.
2022-07-22 17:12:57 +02:00
Etan Kissling 8643e28f12
`try_...` --> `process_...` 2022-07-22 11:49:07 +02:00
Etan Kissling f9d866eb28
Manually trigger `LightClientStore` force updates
Replaces `process_slot_for_light_client_store` which force updates the
`LightClientStore` automatically based on `finalized_header` age with
`try_light_client_store_force_update` which may be manually called based
on use case dependent heuristics if light client sync appears stuck.
Not all use cases share the same risk profile.
2022-07-21 16:06:46 +02:00
Etan Kissling 95019bb9a9
Improve readability of intro text
Co-authored-by: Hsiao-Wei Wang <hsiaowei.eth@gmail.com>
2022-07-20 17:50:18 +02:00
Etan Kissling 06d9fd8cd3
Add `LightClient(Finality|Optimistic)Update`
Introduces reduced `LightClientUpdate` structures to allow keeping track
of the latest `finalized_header` and `optimistic_header`. This may also
help in scheduling the next query for a full `LightClientUpdate` once
sync committee finality has been reached.
2022-07-20 13:14:58 +02:00
Etan Kissling 0941114acf
Merge branch 'dev' into lc-testsuite 2022-07-18 18:19:07 +02:00
Hsiao-Wei Wang 647e9d0ec0
PR feedback from @ralexstokes 2022-07-18 14:45:00 +08:00
Etan Kissling a126f22cd9
Sync tocs 2022-07-15 13:49:19 +02:00
Etan Kissling de15971ae8
Cleanups 2022-07-15 13:45:34 +02:00
Etan Kissling 88206117c6
Extract full node specifics to separate doc 2022-07-15 13:37:27 +02:00
Etan Kissling d06f44ef55
Move `sync-protocol.md` into `light-client` subdir 2022-07-15 13:22:14 +02:00
Etan Kissling 6146f01400
Flip order of `assert` and assignment
Co-authored-by: Hsiao-Wei Wang <hsiaowei.eth@gmail.com>
2022-07-15 12:03:44 +02:00
Etan Kissling dbefbcf326
Explicitly mention optional `finalized_block` 2022-07-15 12:01:49 +02:00
Etan Kissling 95c07575b1
Hide `build_proof` and `get_backing` from spec 2022-07-15 11:54:47 +02:00
Etan Kissling 86fe93ca96
Add functions for deriving light client data
Adds `create_light_client_bootstrap` and `create_light_client_update`
functions as a reference implementation for serving light client data.
This also enables a new test harness to verify that light client data
gets applied to a `LightClientStore` as expected.
2022-07-14 09:36:09 +02:00
Etan Kissling 66325d0e9b
Use helper variables to make ifs more readable
Co-authored-by: Hsiao-Wei Wang <hsiaowei.eth@gmail.com>
2022-07-13 14:08:51 +02:00
Etan Kissling 6048f1abf6
More concise finality ranking 2022-07-12 07:37:12 +02:00
Etan Kissling 654970c605
Add `LightClientBootstrap`
Introduces a new `LightClientBootstrap` structure to allow setting up a
`LightClientStore` with the initial sync committee and block header from
a user-configured trusted block root.

This leads to new cases where the `LightClientStore` is only aware of
the current but not the next sync committee. As a side effect of these
new cases, the store's `finalized_header` may now  advance into the next
sync committee period before a corresponding `LightClientUpdate` with
the new sync committee is obtained, improving responsiveness.

Note that so far, `LightClientUpdate.attested_header.slot` needed to be
newer than `LightClientStore.finalized_header.slot`. However, it is now
necessary to also consider certain older updates to try and backfill the
`next_sync_committee`. The `is_better_update` helper is also updated to
improve `best_valid_update` tracking.
2022-07-12 07:27:00 +02:00
Etan Kissling b7a0e532e4
Prefix update `period` variables 2022-07-10 22:05:18 -07:00
Etan Kissling 2ddb3833ff
Extend documentation for forced updates 2022-07-08 22:25:33 -07:00
Etan Kissling 33f572c98d
More concise sync committee finality ranking
Co-authored-by: Hsiao-Wei Wang <hsiaowei.eth@gmail.com>
2022-07-08 22:05:48 -07:00
Etan Kissling fa85648385
`==` on new line
Co-authored-by: Hsiao-Wei Wang <hsiaowei.eth@gmail.com>
2022-07-08 22:04:05 -07:00
Etan Kissling 35f5010de7
More concise finality ranking
Co-authored-by: Hsiao-Wei Wang <hsiaowei.eth@gmail.com>
2022-07-08 22:01:56 -07:00
Etan Kissling aa8caee2e3
Add `compute_sync_committee_period_at_slot` 2022-07-08 21:59:09 -07:00
Etan Kissling c67ad597f0
Reorder helpers to group ones operating on updates 2022-07-08 21:46:34 -07:00
Etan Kissling c4dbd241ac
Root `next_sync_committee` in `attested_header`
`LightClientUpdate` structures currently use different merkle proof root
depending on the presence of `finalized_header`. By always rooting it in
the same state (the `attested_header.state_root`), logic gets simpler.

Caveats:
- In periods of extended non-finality, `update.finalized_header` may now
  be outdated by several sync committee periods. The old implementation
  rejected such updates as the `next_sync_committee` in them was stale,
  but the new implementation can properly handle this case.
- The `next_sync_committee` can no longer be considered finalized based
  on `is_finality_update`. Instead, waiting until `finalized_header` is
  in the `attested_header`'s sync committee period is now necessary.
- Because `update.finalized_header > store.finalized_header` no longer
  holds (for updates with finality), an `is_better_update` helper is
  added to improve `best_valid_update` tracking (in the past, finalized
  updates with supermajority participation would always directly apply)

This PR builds on prior work from:
- @hwwhww at https://github.com/ethereum/consensus-specs/pull/2829
2022-07-01 14:49:24 -07:00
Etan Kissling f5f3031c5e
Allow passing redundant `next_sync_committee`
The producer of `LightClientUpdate` structures usually does not know how
far the `LightClientStore` on the client side has advanced. Updates are
currently rejected when including a redundant `next_sync_committee` not
advancing the `LightClientStore`. Behaviour is changed to allow this.
2022-06-29 13:16:03 +02:00
Etan Kissling 65cfedef22
Update finality update documentation 2022-06-27 22:36:55 +02:00
Etan Kissling 99e30328a8
Switch condition order for readability
Co-authored-by: Hsiao-Wei Wang <hsiaowei.eth@gmail.com>
2022-06-27 22:26:35 +02:00
Etan Kissling c10daf1709
Allow `LightClientUpdate` with genesis finality
When `state.finalized_checkpoint` references the genesis slot, it points
to an empty `root`, instead of the actual genesis block hash. This patch
updates the `LightClientUpdate` logic to allow including finality proofs
for genesis `finalized_checkpoint.root`, better supporting non-mainnet.
When including such a finality proof, the proof is for the empty `root`,
but `finalized_header` is kept zeroed out to signify this edge case.
2022-06-27 12:10:40 +02:00
Etan Kissling 840733ffd2
Move `compute_fork_version` to `fork.md` 2022-06-23 21:03:24 +02:00
Etan Kissling 0b8ab23bd4
Remove `fork_version` from `LightClientUpdate`
The `fork_version` field in `LightClientUpdate` can be derived from the
`update.signature_slot` value by consulting the locally configured fork
schedule. The light client already needs access to the fork schedule to
determine the `GeneralizedIndex` values used for merkle proofs, and the
memory layouts of the structures (including `LightClientUpdate`). The
`fork_version` itself is network dependent and doesn't reveal that info.
2022-06-16 17:17:24 +02:00
Hsiao-Wei Wang 8cc008d11c
Merge pull request #2805 from etan-status/lc-period
Allow light client to verify signatures at period boundary
2022-06-16 16:53:12 +02:00
Jacek Sieka bab5e402df
Ignore subset aggregates (#2847)
* Ignore subset aggregates

When aggregates are propagated through the network, it is often the case
that a better aggregate has already been seen - in particular, this
happens when an aggregator has not been able to include itself in the
mesh and therefore publishes an aggregate with only its own
attestations.

This new ignore rule allows dropping all aggregates that are
(non-strict) subsets of aggregates that have already been seen on the
network. In particular, it does not mandate dropping aggregates where a
union of previous aggregates would cause it to become a subset).

The logic for allowing this is based on the premise that any aggregate
that has already been seen by a peer will also have been seen by its
neighbours - a subset aggregate (strict or not) brings no new value to
the aggregation algorithm, except in the extreme edge case where you
could combine several such sparse aggregates into a single, more dense
"combined" aggregate and thus use less block space.

Further, as a small benefit, computing the `hash_tree_root` of the full
aggregate is generally not done -however, `hash_tree_root(data)` is
already done for other purposes as this is used as index in the beacon
API.

* add subset ignore rule to sync contributions as well

* typo
2022-05-17 07:05:22 -06:00
Etan Kissling 5653649ca8
Allow light client to verify signatures at period boundary
As the sync committee signs the previous block, the situation arises at
every sync committee period boundary, that the new sync committee signs
a block in the previous sync committee period. The light client cannot
reliably detect this condition (e.g., assume that this is the case when
it is currently on the last slot of a sync committee period), because
the last couple slots of a sync committee period may not have a block.

For example, when receiving a `LightClientUpdate` that is constructed
as in the following illustration, it is unknown whether `sync_aggregate`
was signed by the current or next sync committee at `attested_header`.

```

        slot N           N + 1   |            N + 2   (slot not sent!)
                                 |
  +-----------------+     \ /    |     +----------------+
  | attested_header | <--- X ----|---- | sync_aggregate |
  +-----------------+     / \    |     +----------------+
                        missed   |
                                 |
                          sync committee
                          period boundary
```

This patch addresses this edge case by including the slot at which the
`sync_aggregate` was created into the `LightClientUpdate` object.

Note that the `signature_slot` cannot be trusted beyond the purpose of
signature verification, as it could be manipulated to any other slot
within the same sync committee period and fork version, without making
the `sync_aggregate` invalid.
2022-05-02 13:08:20 +02:00
Aditya Asgaonkar 1e10e7dc1c Fix UPDATE_TIMEOUT unit typo 2022-03-03 20:16:32 -08:00
Hsiao-Wei Wang 6d11d627f8 Refactoring: add `is_finality_update` helper 2022-02-09 18:13:51 -07:00
Danny Ryan 5a09b5f8a8
Merge pull request #2814 from etan-status/lc-opt-fin
Ensure light client `optimistic_header` to be at head
2022-02-09 10:06:57 -07:00
Hsiao-Wei Wang f2fd673a66
Merge pull request #2807 from etan-status/compute-sync-period
Consistently use `compute_sync_committee_period`
2022-02-01 16:05:58 -08:00
Etan Kissling 0e9460b8dd
Ensure light client `optimistic_header` to be at head
When a light client updates its `finalized_header` using a forced update
because of the timeout, and the new header was not signed by enough sync
committee participants to pass `get_safety_threshold(store)`, it may
occur that `store.finalized_header.slot > store.optimistic_header.slot`.
This patch ensures that the `optimistic_header` is updated to the latest
`finalized_header` if that happens, so that it always indicates the
latest known and accepted head.
2022-01-25 10:09:10 +01:00
Dustin Brody 182e4496c3
use INTERVALS_PER_SLOT in sync committee specs 2022-01-21 19:01:56 +00:00
Etan Kissling 8319d07084
Consistently use `compute_sync_committee_period`
There were a couple instances where a division was used on an epoch
to derive the corresponding sync committee period instead of calling the
`compute_sync_committee_period` function.
These instances were changed to also use the function.
2022-01-17 17:38:24 +01:00
Alex Stokes 2b45496fe4
clean up unused argument from `phase0` 2022-01-13 11:39:36 -08:00
Hsiao-Wei Wang 16c350ebcd
Merge pull request #2796 from etan-status/lc-aggregate
Rename `sync_committee_aggregate` > `sync_aggregate`
2022-01-13 21:07:50 +08:00
Danny Ryan 7b435bd470
Merge pull request #2797 from etan-status/lc-update-doc
Fix light client docs to match function signature
2022-01-11 06:57:19 -07:00
Etan Kissling 79c456b9f4
Fix light client docs to match function signature
In the light client docs a mentioning of a function trigger is lacking
the `genesis_validators_root` argument. This patch adds that argument
to the documentation to match the real function signature. It also
slightly improves the grammar.
2022-01-11 12:10:30 +01:00
Etan Kissling 212eb00fc1
Document light client constants
This adds documentation about the unit and actual value of light client
specific constants, consistently with the rest of the spec.
2022-01-11 12:10:09 +01:00
Etan Kissling 48e19b15ae
Rename `sync_committee_aggregate` > `sync_aggregate`
This renames the `sync_committee_aggregate` field of `LightClientUpdate`
to `sync_aggregate` for consistency with the terminology in the rest of
the spec.
2022-01-11 11:22:39 +01:00