Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

All shares must contain a share version that belongs to a list of supported versions #830

Closed
rootulp opened this issue Oct 3, 2022 · 5 comments · Fixed by #837
Closed

All shares must contain a share version that belongs to a list of supported versions #830

rootulp opened this issue Oct 3, 2022 · 5 comments · Fixed by #837
Assignees
@rootulp

Comments

@rootulp
Copy link
Collaborator

rootulp commented Oct 3, 2022
edited
Loading

Problem

#659 introduced an info byte which contains a share version. Currently a block proposer could construct a share with a version that hasn't yet been defined (ex. share version 5). The block that includes this share would be considered valid even though it should be considered invalid.

Proposal

Introduce a new validity rule that ensures all shares contain a share version that belongs to a list of supported versions. Initially the list of supported versions should contain share version: 0 because

celestia-app/pkg/appconsts/appconsts.go

Line 26 in e69283f

ShareVersion = uint8(0)

@rootulp rootulp self-assigned this Oct 3, 2022
@rootulp rootulp moved this to TODO in Celestia Node Oct 3, 2022
@rootulp rootulp mentioned this issue Oct 3, 2022
Closed
@rootulp
Copy link
Collaborator Author

rootulp commented Oct 4, 2022
edited
Loading

Upon further investigation, this validity rule doesn't seem practical in ProcessProposal because the share version is not included in block data so a validator has no way of knowing what share version to use for the shares that are split from the block data. The current implementation splits block data into shares and parses shares back into block data using the only valid share format (0). If we want to enforce a block validity rule for share versions, then we need a mechanism of persisting share versions into the block data.

Alternatively, if we don't want this to be a ProcessProposal validity rule, we can enforce this type of check when we parse the data square back into block data (e.g. here).

@rootulp rootulp mentioned this issue Oct 4, 2022
Merged
rootulp added a commit that referenced this issue Oct 5, 2022
@rootulp @rach-id
feat: throw error when parsing unsupported share version (#837)
d8a9272 
Closes #830
specifically:

> Alternatively, if we don't want this to be a ProcessProposal validity
rule, we can enforce this type of check when we parse the data square
back into block data (e.g.
[here](https://github.com/celestiaorg/celestia-app/blob/6b86e91eea1063c27c1ae461eddbe505f778df08/pkg/shares/parse_compact_shares.go#L14))

Co-authored-by: CHAMI Rachid <[email protected]>
Repository owner moved this from TODO to Done in Celestia Node Oct 5, 2022
@rootulp rootulp mentioned this issue Oct 11, 2022
Closed
@rootulp rootulp reopened this Oct 27, 2022
Repository owner moved this from Done to In Progress in Celestia Node Oct 27, 2022
@rootulp
Copy link
Collaborator Author

rootulp commented Oct 27, 2022

then we need a mechanism of persisting share versions into the block data.

I think we should consider doing this. If all blocks write shares with one share version, then we can add this as a field to Data and verify it in ProcessProposal. It also seems necessary for when we increase share versions in the future. This needs further investigation if we want to support the scenario where one block can include shares with different share versions but I don't see a use case for that currently. I'd appreciate your input @evan-forbes

@evan-forbes
Copy link
Member

evan-forbes commented Oct 30, 2022
edited
Loading

what you've discussed here makes sense

as mentioned above already, before other validators vote, they check the data hash by regenerating it from the block data. If a block producer includes an unexpected version, then data hash will be different and the honest validators will reject that block. The only way to include this is with a colluding 2/3s.

This will not yet have an effect on light clients atm, even with a colluding 2/3s, but as you have mentioned it might in the future when supporting multiple versions.

then we need a mechanism of persisting share versions into the block data.

yes exactly, we have to add the ability to specify the version when creating a pfd, and keep track of that version in the celestia-core Message.

I think its worth mentioning that we don't actually need to add an extra check in ProcessProposal, as this should get covered in message inclusion checks. When creating a pfd share commitment, it will include the version that they wish to use. If a validator using an incorrect version, then the commitment will not be the same and we can rely on message inclusion fraud proofs.

@rootulp
Copy link
Collaborator Author

rootulp commented Oct 30, 2022

When creating a pfd share commitment, it will include the version that they wish to use. If a validator using an incorrect version, then the commitment will not be the same and we can rely on message inclusion fraud proofs.

This is an interesting benefit of allowing users to specify in their wire PFD which share version they intend to use. It also seems necessary if we'd like to support multiple share formats being included in the same block and would remove the need to store a block-wide share version in the block header.

@rootulp rootulp mentioned this issue Oct 30, 2022
Closed
rach-id added a commit to rach-id/celestia-app that referenced this issue Nov 16, 2022
@rootulp @rach-id
feat: throw error when parsing unsupported share version (celestiaorg…
763e12c 
…#837)

Closes celestiaorg#830
specifically:

> Alternatively, if we don't want this to be a ProcessProposal validity
rule, we can enforce this type of check when we parse the data square
back into block data (e.g.
[here](https://github.com/celestiaorg/celestia-app/blob/6b86e91eea1063c27c1ae461eddbe505f778df08/pkg/shares/parse_compact_shares.go#L14))

Co-authored-by: CHAMI Rachid <[email protected]>
@rootulp rootulp removed this from Celestia Node Nov 24, 2022
@rootulp
Copy link
Collaborator Author

rootulp commented Nov 30, 2022

#936 adds the share version to MsgWirePayForBlob and as a required parameter when generating a share commitment. This means a user will generate the share commitment prior to publishing their transaction that contains a wire PFB. As @evan-forbes stated above, if a dishonest validator attempts to modify the share version for a blob, the share commitments won't match and a blob inclusion fraud proof may be created.

As a result, it no longer seems necessary to add a block validity rule that all shares must contain a share version that belongs to a list of supported share versions.

@rootulp rootulp closed this as not planned Won't fix, can't repro, duplicate, stale Nov 30, 2022
cmwaters pushed a commit to celestiaorg/go-square that referenced this issue Dec 14, 2023
@rootulp @rach-id
feat: throw error when parsing unsupported share version (#837)
44aeef7 
Closes celestiaorg/celestia-app#830
specifically:

> Alternatively, if we don't want this to be a ProcessProposal validity
rule, we can enforce this type of check when we parse the data square
back into block data (e.g.
[here](https://github.com/celestiaorg/celestia-app/blob/696ea9b14d691f4c9538d82f25542731ef40ab35/pkg/shares/parse_compact_shares.go#L14))

Co-authored-by: CHAMI Rachid <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rootulp rootulp

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: throw error when parsing unsupported share version rootulp/celestia-app
2 participants
@rootulp @evan-forbes