go-spacemesh icon indicating copy to clipboard operation
go-spacemesh copied to clipboard

Published 20 hours ago verified publisher icon spacemeshos

validate ballot using weight from the local activeset

Open dshulyak opened this issue 1 year ago • 2 comments

use locally generated activeset for validation

we are using activeset to prove how many atxs were seen at the time of deciding how many ballots will be created by an identity in the epoch, this is also called eligibility counter. on the validation/remote side, we get referenced activeset, download any missing atxs and test that eligibility counter was computed correctly.

any node is free to use smaller activeset, in order to get more eligibilities, this opens DoS but can be maintained by setting upper_boundary for activeset (which we do with minimal active set weight in configuration). what we actually want to enforce with activeset is that node can't concentrate all its weight in single layer, this is enforced by setting lower_boundary, and we can compute such lower_boundary using locally available atxs.

the proposal is to change validation to the following algorithm:

  • compute lower_boundary using all locally available atxs, counting only highest equivocated atx
  • compute upper_boundary with configured minimal weight for the given epoch
  • ballot passes validation is eligibility counter is between lower_boundary and upper_boundary
  • if it doesn't pass validation, then either our local node is not synced or the other node is dishonest. eventually we will either download all weight and process that ballot, or rightfully discard it

it removes the need for referencing activeset in ballot, however we can leave that part as is, in order to avoid versioning.

activesets for ballots referenced in the first block

activesets that are used for ballots in the first block will be used to contruct hare activeset. we don't reference them directly, but we get them by looking up first ballot from atx referenced in block.

in current version we are relying on so called trusted activeset to setup hare participants, and thus we can ignore this part.

graded active set removes this dependency, therefore we should implement it before disabling trusted activeset. https://github.com/spacemeshos/go-spacemesh/labels/feat%2Fgraded%20oracle

dshulyak avatar Feb 23 '24 14:02 dshulyak

there seems to be a problem with this solution. for example if there are 3 nodes, A, B ,C. A connected to B, B to C. A created ballot, it passed validation on B without downloading A's activeset, but failed on C and now C can't request it from B.

the other version was proposed by Tal, can be summarized as:

  • remove activeset reference completely
  • validate eligibility using local activeset
  • but if it fails, sync missing atxs from peer

this last step is problematic due to missing protocol to do it efficiently.

dshulyak avatar Feb 23 '24 19:02 dshulyak

i updated description, the implementation is still simple, however it became more dependant on correctly functioning atx sync. should be safe after https://github.com/spacemeshos/go-spacemesh/pull/5599 is merged

dshulyak avatar Feb 27 '24 06:02 dshulyak