BlobSideCar mutable in gossip #3103
Comments
|
Reposting here: goos: darwin Legend: BenchmarkAggVerifyX-K : X denotes the amount of blobs and K denotes the number of cores on my machine Blobs size is 4096, so each blob holds 4096*32 bytes |
|
I've been digging into this in lighthouse a bit more - median gossip verification times are around 8-10ms. I found These are rough numbers:
CPU: Ryzen 7 2700X 8 Core 16 thread w/ sha extensions Signing blobs ends up being quite impactful in a few areas (VC, beacon API, and web3signer API) that we otherwise wouldn't need to touch, so I think it's generally preferable not to if we can afford it. I'd be interested in seeing to what degree we can we can parallelize |
|
Another argument against signature: In the happy case if you run |
Although this is true, the general concern isn't about added total work, imo. It's about added work on hops -- meaning you could argue for more total work in some cases if it allowed data to be disseminated faster. Thanks @realbigsean for the analysis! Agreed to avoid signing complexity if possible, especially because it ripples all the way into the VC.
This is Block gossip today? (not attestations, right?). So in a 16 blobs-per-block world, if we don't parallelize, this more than doubles hop computation time given @kevaundray's numbers. That said, I don't see any reason this can't be parallelized against the other verifications (e.g. the proposer signature) which ideally puts us only at a marginal increase in computation. @kevaundray -- I see you have 16 cores in your benchmarks. Is the computation actually leveraging all the cores? This might get in the way of our parallelization analysis if so. The flat hash is a nice alternative if we hit a roadblock, especially given the "native" commitment is kzg so losing the info htr preserves doesn't really matter |
Yes this is block gossip on mainnet |
Maybe a bit off-topic here, but I'm really curious about what the 256/512KB benchmarks looks like |
|
Should be closed, p2p spec is already updated |
beacon_block_and_blobs_sidecargossip validations are not sufficient to protect against any node mutating the sidecar after the proposer begins the gossip. As there is both no (1) proposer signature on the sidecar payload or (2) a cryptographic check that the commitments in the block map to the blobs in the sidecar.EDIT: some background on gossip validations, we generally want to do minimum sufficient crypto-economic and validity checks to ensure the payload is at least "worth" gossiping. Usually this is a signature check to know it is from the expected actor and then whatever relatively cheap validity checks you can do to make sure it's generally well-formed. Here we have no crypto-economic commitment taht the adjoining payload was even made by the expected actor
So we can either sign the payload and do another sig check or we can run the full
validate_blobs_sidecar.@Inphi estimates
validate_blobs_sidecaras ~12ms @ 2MB (4ms at 256kb) whereas the signature check @terencechain estimates at 1 to 4ms. If we runvalidate_blobs_sidecarwill it be dominant wrt time? If so, we need to be careful here. If not, lets just do that.The text was updated successfully, but these errors were encountered: