Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

EPIC: Cryptographic verification of equivocation #732

Closed
26 tasks done
jtremback opened this issue Feb 13, 2023 · 5 comments · Fixed by #1287 or #1340
Closed
26 tasks done

EPIC: Cryptographic verification of equivocation #732

jtremback opened this issue Feb 13, 2023 · 5 comments · Fixed by #1287 or #1340
Assignees
Labels
admin: key-result A key result (in the context of OKRs) S: NewThings Work towards your business objectives with new products, features, or integrations type: feature-request New feature or request improvement

Comments

@jtremback
Copy link
Contributor

jtremback commented Feb 13, 2023

Problem

We would like the provider chain to be able to verify equivocation evidence on its own, instead of trusting consumers, or needing evidence to go through governance. For this, we can look at the code in Tendermint which does this, but it will need heavy changes.

Problem details

To keep things simple at first, we should design this code to be used by an accuser who would like to cause an equivocating validator to be slashed by submitting a message to the chain containing all necessary evidence. Later, we can adapt this to be used automatically for packets coming from a consumer chain.

Fortunately, almost all the code used by Tendermint to verify equivocation evidence is in one file: https://github.com/cometbft/cometbft/blob/main/evidence/verify.go. A lot of this code should be possible to reuse, however, it depends on state stored by Tendermint nodes, most of which will not be available on the provider chain.

There are two basic types of equivocation: Double signing and light client attacks.

Double signing

This is trivial, you can see the function that does it here. The only complicated thing is that it requires the validator set and powers at the height of the evidence. But we should be able to store these on the provider. Also, the evidence will have the height of the consumer which will need to be mapped to the height of the provider to get the validator powers at that height. But I think we already have code to do that.

Light client attacks

This is much more complicated, and it requires more state. The additional state that is required is the true header of the block in question, known as the "trustedHeader" or the "commonHeader". In Tendermint, this is loaded from the node's state. On the provider chain, we will not be able to access this. Instead, it should be possible to have the accuser supply the trusted header along with the rest of the evidence. The provider chain can then use the record of validator powers from that block to check that the trusted header is real.

Task list

Must have

Preview Give feedback
  1. scope: docs
    sainoe
  2. ccv-core type: feature-request
    sainoe
  3. ccv-core type: feature-request
    sainoe
  4. sainoe
  5. scope: testing
    sainoe
  6. scope: testing
    sainoe
  7. sainoe
  8. S: NewThings
    sainoe
  9. S: NewThings scope: testing
    sainoe
  10. S: NewThings scope: docs
    sainoe
  11. sainoe
  12. insumity
  13. S: NewThings
    insumity
  14. 2 of 2
    S: KTLO type: feature-request
    sainoe
  15. sainoe
  16. ccv-core type: feature-request
    sainoe
  17. S: KTLO
    sainoe
  18. sainoe

Nice to have

Preview Give feedback
  1. S: NewThings
    sainoe
  2. S: NewThings scope: testing
    sainoe
@jtremback jtremback added the type: feature-request New feature or request improvement label Feb 13, 2023
@jtremback jtremback added this to the ICS v1.1.0 milestone Feb 13, 2023
@mpoke mpoke modified the milestones: ICS v1.1.0, Untrusted consumers Feb 23, 2023
@mpoke mpoke added this to Cosmos Hub Feb 23, 2023
@github-project-automation github-project-automation bot moved this to 🩹 Triage in Cosmos Hub Feb 23, 2023
@mpoke mpoke moved this from 🩹 Triage to 🏗 In progress in Cosmos Hub Feb 23, 2023
@sainoe
Copy link
Contributor

sainoe commented Feb 24, 2023

Summarizing our last discussion with @mpoke, we can separate the work into two main concerns:

  1. Define the requirements to migrate the equivocation evidence verification from Tendermint to the ICS module.

  2. Figure out what it implies to get an equivocation evidence from a malicous consumer and how we can leverage the information stored by IBC.

@tbruyelle
Copy link
Contributor

About 2.

Also, the evidence will have the height of the consumer which will need to be mapped to the height of the provider to get the validator powers at that height. But I think we already have code to do that.

What we have currently is a mapping that uses the valset update id. On the provider chain, this id maps a block height. If we decide to use it, that means the equivocation evidence message must contain the valset id, so the provider can determine the height, and then determine the voting power at this height.

My concern is how do we verify that valset id passed in the message is correct ? I don't think we can use IBC client for that.

Maybe instead the message should contain the entire valset, instead of just the ID. At least the entire valset can be verified if I'm not wrong. But then the message is harder to create for the user.

@ancazamfir
Copy link
Contributor

ancazamfir commented Feb 28, 2023

Had a discussion with @sainoe regarding the light client evidence handling. I think it is fairly complex, the code as is in tendermint cannot really be used.

You will also need some implementation that monitors chains and submits three light blocks (the conflicting block si not enough, you need common and trusted) as part of the new type of evidence. This doesn't exist.
We discussed that maybe a better approach would be laveraging the IBC Misbehavior message (maybe duplicate most behavior in a new message). In either case this seems to be a lot of work.

Later, we can adapt this to be used automatically for packets coming from a consumer chain.

Wondering if we should consider this now as it looks like it's harder to do all the earlier phase work instead of this.

For duplicate vote I think we still need a trigger from the consumer chain evidence module,
since it is detected by consensus on consumer chain, added to the tendermint evidence pool, then included in the next block and handled on the BeginBlock of that block, hitting the evidence module.

Then not sure why we cannot use that for both light client attacks and conflicting votes.
SDK evidence module stores the evidence, so in theory we can get a light client proof for it and include it in a new ICS message together with the evidence (triggered from some ICS Begin blocker?). Or have a different evidence module on consumer chain to handle it the way it is required for the consumer.

Not sure though this is along the lines of "used automatically for packets coming from a consumer chain." And I may be missing something fundamental.

@ancazamfir
Copy link
Contributor

ancazamfir commented Feb 28, 2023

Or we do not trust that consumer chain validators run the proper tendemint protocols, for example they may drop the evidence or duplicate votes?

@cason
Copy link

cason commented Mar 1, 2023

I would suggest to update the links to the CometBFT repository. The code should be the same, but the Tendermint Core (old) repository is now obsolete.

@mpoke mpoke removed this from the Untrusted consumers milestone Mar 5, 2023
@mpoke mpoke added admin: key-result A key result (in the context of OKRs) admin: epic An EPIC -- meta issue used to track a body of work labels Mar 9, 2023
@mpoke mpoke assigned jtremback and ancazamfir and unassigned shaspitz and jtremback Mar 9, 2023
@mpoke mpoke added this to the Gaia v10.0.0 milestone Mar 13, 2023
@mpoke mpoke removed this from the Gaia v10.0.0 milestone Apr 14, 2023
@mpoke mpoke removed admin: key-result A key result (in the context of OKRs) admin: epic An EPIC -- meta issue used to track a body of work labels Apr 19, 2023
@mpoke mpoke changed the title Untrusted Consumer pt. 1: Equivocation Untrusted Consumer pt. 1: Equivocation - design discussion Apr 19, 2023
@mpoke mpoke changed the title Untrusted Consumer pt. 1: Equivocation - design discussion Cryptographic verification of equivocation Apr 19, 2023
@mpoke mpoke added the admin: key-result A key result (in the context of OKRs) label Apr 19, 2023
@mpoke mpoke pinned this issue May 9, 2023
@mpoke mpoke changed the title Cryptographic verification of equivocation EPIC: Cryptographic verification of equivocation Jun 27, 2023
@mpoke mpoke added the S: NewThings Work towards your business objectives with new products, features, or integrations label Sep 13, 2023
@sainoe sainoe linked a pull request Sep 14, 2023 that will close this issue
21 tasks
@sainoe sainoe moved this from 🏗 F3: InProgress to 🛑 F3: OnHold in Cosmos Hub Sep 21, 2023
@sainoe sainoe moved this from 🛑 F3: OnHold to 🏗 F3: InProgress in Cosmos Hub Sep 21, 2023
@sainoe sainoe moved this from 🏗 F3: InProgress to 🛑 F3: OnHold in Cosmos Hub Oct 16, 2023
@mpoke mpoke moved this from 🛑 F3: OnHold to 🏗 F3: InProgress in Cosmos Hub Nov 15, 2023
@github-project-automation github-project-automation bot moved this from 🏗 F3: InProgress to 👍 F4: Assessment in Cosmos Hub Nov 21, 2023
@mpoke mpoke moved this from 👍 F4: Assessment to ✅ Done in Cosmos Hub Nov 23, 2023
@mpoke mpoke unpinned this issue Apr 8, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
admin: key-result A key result (in the context of OKRs) S: NewThings Work towards your business objectives with new products, features, or integrations type: feature-request New feature or request improvement
Projects
Status: ✅ Done
7 participants