Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Compact committee roots #1219

Merged
merged 11 commits into from
Jun 29, 2019
Merged

Compact committee roots #1219

merged 11 commits into from
Jun 29, 2019

Conversation

JustinDrake
Copy link
Contributor

Replacement of active_index_roots with compact_committee_roots to allow for significantly more efficient light clients (see item 17 in #1054). Key changes:

  • Validator information (including indices) is pre-shuffled and grouped by crosslink committee.
  • Validator information relevant to light clients (validator.effective_balance and validator.slashed) is kept "close" to the validator index to avoid accessing state.validators.
  • Validator information (index, effective_balance, slashed) is compactified into a uint64 which is friendly to SSZ packing.
  • Shuffled pubkeys are available but kept separate from compact validator information. Light clients that have pubkeys cached do not need to re-download and re-authenticate them.

The plan is to also have persistent committee roots in phase 1.

@JustinDrake JustinDrake added the milestone:June 30 freeze 🥶 Phase 0 spec freeze for long-lived cross-client testnet label Jun 26, 2019
Copy link
Contributor

@djrtwo djrtwo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

cool!

specs/core/0_beacon-chain.md Outdated Show resolved Hide resolved
specs/core/0_beacon-chain.md Outdated Show resolved Hide resolved
specs/core/0_beacon-chain.md Outdated Show resolved Hide resolved
@JustinDrake
Copy link
Contributor Author

@protolambda Testing goes a little crazy on this branch. Not sure what to do.

Screenshot 2019-06-27 at 11 06 43

@protolambda
Copy link
Contributor

I'm seeing the same on this branch, here's my test output:
https://gist.github.com/protolambda/f60b5eecba89a4f29367ae9afc76c725

@djrtwo
Copy link
Contributor

djrtwo commented Jun 27, 2019

Python crashes are often recursion bugs

@djrtwo
Copy link
Contributor

djrtwo commented Jun 27, 2019

taking a look at this

@djrtwo
Copy link
Contributor

djrtwo commented Jun 27, 2019

You have a circular dependency

get_compact_committees_root -> get_crosslink_committee -> generate_seed -> get_compact_committees_root

Suggestion:

Use active_index_root in generate_seed instead of the committee root

def generate_seed(state: BeaconState,
                  epoch: Epoch) -> Hash:
    """
    Generate a seed for the given ``epoch``.
    """
    return hash(
        get_randao_mix(state, Epoch(epoch + EPOCHS_PER_HISTORICAL_VECTOR - MIN_SEED_LOOKAHEAD)) +
        hash_tree_root(get_active_validator_indices(state, epoch)) +
        int_to_bytes(epoch, length=32)
    )

@djrtwo
Copy link
Contributor

djrtwo commented Jun 27, 2019

I fixed the SSZ typing error, but there is a more substantive error now. We are trying to set compact_committees for an epoch ACTIVATION_EXIT_EPOCHs in the future. We can;t actually reliably do this because we have MIN_SEED_LOOKAHEAD.

It seems more appropriate to just set for MIN_SEED_LOOKAHEAD epochs in the future because that is the most immediate epoch available that we know both the v-set and the seed (requirements for computing the committees).

Setting it to this value actually triggers an issue in get_epoch_start_shard which needs to be adjusted to work for epochs more than just the next. Need to think this over a bit.

motes.md Outdated
@@ -0,0 +1,42 @@
* `BLS_WITHDRAWAL_PREFIX`
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Loving your motes :) Will comment on the various points later today 😂

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh no! I accidentally pushed. Haaa

motes.md Outdated
@@ -0,0 +1,42 @@
* `BLS_WITHDRAWAL_PREFIX`
* Why int rather than bytes?
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should probably be bytes :)

motes.md Outdated
* `BLS_WITHDRAWAL_PREFIX`
* Why int rather than bytes?
* `MIN_SEED_LOOKAHEAD`
* Is this actually tunable?
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't any reason why it's not tunable

motes.md Outdated
* Why int rather than bytes?
* `MIN_SEED_LOOKAHEAD`
* Is this actually tunable?
* If so, what are the reprecussions?
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I can think of two repercussions:

  1. It changes the lookahead (duh)
  2. For security we need to correspondingly adjust ACTIVATION_EXIT_DELAY to be at least MIN_SEED_LOOKAHEAD + 3.

motes.md Outdated
* `ACTIVATION_EXIT_DELAY`
* Reaquaint with purpose
* AttesterSlashings
* `MAX_ATTESTER_SLASHINGS` is 1.
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Right, the reasons being:

  1. 1 is sufficiently large
  2. Attester slashings are huge objects, and could be used as a DoS vector

motes.md Outdated
* Are there scenarios in which validators can create more effective slashable
messages than can be included on chain? For example, Validators split up to
create double attestations for checkpoints but different (junk) crosslink
data to prevent them from being aggregatable to the fullest
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I remember thinking about this. One way to create more effective slashable messages is as follows. Let's say you control n validators, and you want to make bad attestations a_1, ..., a_n for each of these validators. The attacker can broadcast aggregated attestations (a_1, a_i) for i > 1 and never reveal the individual a_i. This is an argument for generalising the bitfield to a multibitfield.

motes.md Outdated
* checking next hinges upon the fact that the validator set for the next
epoch is 100% known at the current epoch. Ensure this is the case
* `get_block_root_at_slot` .. `generate_seed` can be bade into one line
function signatures
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yay for one-line function signatures. This is part of the cleanup planned in #918.

motes.md Outdated
* is the `2**40` special for security of alg? probably.


pubkey/privkey g1 vs g2
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

pubkey should be in g1 since we're adding a bunch of them when aggregating.

motes.md Outdated
* `get_block_root_at_slot` .. `generate_seed` can be bade into one line
function signatures
* `get_shuffled_index`
* I think it should be maybe `assert index_count <= VALIDATOR_REGISTRY_LIMIT`
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Right

motes.md Outdated
function signatures
* `get_shuffled_index`
* I think it should be maybe `assert index_count <= VALIDATOR_REGISTRY_LIMIT`
* is the `2**40` special for security of alg? probably.
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hum, not sure.

motes.md Outdated
* Is this actually tunable?
* If so, what are the reprecussions?
* `ACTIVATION_EXIT_DELAY`
* Reaquaint with purpose
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The problem is that attackers can know the randomness beyond MIN_SEED_LOOKAHEAD, and hence bias the shuffling by strategically registering/deregistering validators in the window between MIN_SEED_LOOKAHEAD and MIN_SEED_LOOKAHEAD + 3 to "grind" the shuffling. (The number 3 is large enough to guarantee that, with high probability, an attacker's lookahead cannot go beyond MIN_SEED_LOOKAHEAD + 3.)

@djrtwo djrtwo marked this pull request as ready for review June 28, 2019 17:31
Copy link
Contributor

@CarlBeek CarlBeek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. 👍

notes.txt and motes.md should be removed before merge though.

notes.txt Outdated Show resolved Hide resolved
motes.md Outdated Show resolved Hide resolved
specs/core/0_beacon-chain.md Show resolved Hide resolved
Copy link
Member

@ralexstokes ralexstokes left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i'm excited to see how this broadens the light client design space :)

found a typo

specs/light_client/sync_protocol.md Outdated Show resolved Hide resolved
@djrtwo djrtwo merged commit e1826aa into dev Jun 29, 2019
@djrtwo djrtwo deleted the committee-roots branch June 29, 2019 17:26
JustinDrake added a commit that referenced this pull request Jun 30, 2019
@JustinDrake JustinDrake mentioned this pull request Jun 30, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
milestone:June 30 freeze 🥶 Phase 0 spec freeze for long-lived cross-client testnet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants