Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Block number used in TDX quote cannot be known when quote is not immediately submitted #1174

Closed
ameba23 opened this issue Nov 19, 2024 · 1 comment · Fixed by #1179
Closed
Milestone

Comments

@ameba23
Copy link
Contributor

ameba23 commented Nov 19, 2024

Related to #982

#1173 adds a HTTP route which creates a quote and returns it to the caller in the response body. This is intended for use by node operators to retrieve a TDX quote for use in the validate, change_endpoint and change_tss_accounts extrinsics.

The problem is, the current block number is included in the quote input data which is checked when validating the quote.

Since there is a human in the loop (the node operator), we cannot know at the point of creating the quote exactly when it will be submitted for verification.

Possible solutions:

  1. Instead of block number, include some other contextual information such as an enum expressing which of the 3 extrinsics this quote is intended to be used for.
  2. Have a sliding window of allowed block numbers (eg: it must be submitted in the next hour). The tricky part is that the block number is hashed with other data to create the quote input, so when validating a quote, we would have to create and check all possible input hashes for the different allowed block numbers.
  3. Have the TSS server submit the extrinsic itself immediately. This means all other data which should be included in the extrinsic must be given in the HTTP request, and that the extrinsic will be coming from the TSS account, rather than the validator stash account.
  4. Redesign our system so that the quote can be submitted as a separate extrinsic beforehand.
  5. Assume that in production this will be used in an automated script or program where the extrinsic will be immediately submitted on getting the quote. In which case we can close this issue and do nothing.

I would go for either 1 or 5 for now as they are the simplest.

@HCastano
Copy link
Collaborator

I'd like to avoid dealing with block numbers here if possible. They introduce an element of uncertainty, especially in testing.

I think (1) is the most reasonable approach. One thing I'd like to ensure though is that there are a limited number of pending quotes issued per validator (and maybe the limit here is just one). We could either enforce this per track (e.g one per enum variant) or just one limit overall.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
Status: Done
Development

Successfully merging a pull request may close this issue.

2 participants