-
Notifications
You must be signed in to change notification settings - Fork 160
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
FIP-0086: Merklize The Tipset List #1004
Conversation
We use byte, not uint64.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Editorial review. I don't love going from pseudocode in the rest of the FIP to full go implementation here, but I suppose it's short and clear enough. This all seems to make sense otherwise, but I understand we're waiting on a review from @Kubuxu.
Co-authored-by: Jorge M. Soares <547492+jsoares@users.noreply.github.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would also somewhat prefer the FIP document itself stuck to pseudocode. But since merkle trees are a fairly widely understood concept, how about pulling this code out into a supporting file under resources
and pointing to it there?
Regarding decision about ECTipset, I think the conclusions stated in filecoin-project/go-f3#166 are strong and we should probably go with that.
Can do. Although it's surprisingly easy to mess up the implementation (or design...).
This change so-far handles point's 1 & 2 (small finality certificate, no need to parse CBOR in a snark) but it doesn't handle point 3. IMO, that was the weakest point... but it's also not particularly hard to address it (it just adds a small bit of complexity). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The changes so far SGWM
Unfortunately, this means that F3 will need to start _caring_ about the contents of these tipsets again. But that's unavoidable if we want to sign a different format than the one we send over the wire.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
editor review ✅ . @Kubuxu can you confirm this #1004 (comment) and see if the flag is resolved? will block merging the PR until then |
This patch implements the changes described in filecoin-project/FIPs#1004. Unfortunately, go-f3 now needs to be aware of the internal structure of `TipSet` objects as it sends them over the wire in one format, but signs another. This effectively reverts #149. Specific changes: 1. On the wire (and in finality certificates), `TipSet` objects are now directly cbor-marshaled within the payload instead of first being marshaled to byte strings. 2. Instead of directly covering the entire tipset list with the payload signature: 1. `TipSet` objects are "marshaled for signing" per the FIP change proposed above. 2. These marshaled tipset objects are stuffed into a merkle tree. 3. The merkle tree root is signed (along with the payload's other fields), again according the proposed changes. fixes #166
This patch implements the changes described in filecoin-project/FIPs#1004. Unfortunately, go-f3 now needs to be aware of the internal structure of `TipSet` objects as it sends them over the wire in one format, but signs another. This effectively reverts #149. Specific changes: 1. On the wire (and in finality certificates), `TipSet` objects are now directly cbor-marshaled within the payload instead of first being marshaled to byte strings. 2. Instead of directly covering the entire tipset list with the payload signature: 1. `TipSet` objects are "marshaled for signing" per the FIP change proposed above. 2. These marshaled tipset objects are stuffed into a merkle tree. 3. The merkle tree root is signed (along with the payload's other fields), again according the proposed changes. fixes #166
This patch implements the changes described in filecoin-project/FIPs#1004. Unfortunately, go-f3 now needs to be aware of the internal structure of `TipSet` objects as it sends them over the wire in one format, but signs another. This effectively reverts #149. Specific changes: 1. On the wire (and in finality certificates), `TipSet` objects are now directly cbor-marshaled within the payload instead of first being marshaled to byte strings. 2. Instead of directly covering the entire tipset list with the payload signature: 1. `TipSet` objects are "marshaled for signing" per the FIP change proposed above. 2. These marshaled tipset objects are stuffed into a merkle tree. 3. The merkle tree root is signed (along with the payload's other fields), again according the proposed changes. fixes #166
This patch implements the changes described in filecoin-project/FIPs#1004. Unfortunately, go-f3 now needs to be aware of the internal structure of `TipSet` objects as it sends them over the wire in one format, but signs another. This effectively reverts #149. Specific changes: 1. On the wire (and in finality certificates), `TipSet` objects are now directly cbor-marshaled within the payload instead of first being marshaled to byte strings. 2. Instead of directly covering the entire tipset list with the payload signature: 1. `TipSet` objects are "marshaled for signing" per the FIP change proposed above. 2. These marshaled tipset objects are stuffed into a merkle tree. 3. The merkle tree root is signed (along with the payload's other fields), again according the proposed changes. fixes #166
This patch implements the changes described in filecoin-project/FIPs#1004. Unfortunately, go-f3 now needs to be aware of the internal structure of `TipSet` objects as it sends them over the wire in one format, but signs another. This effectively reverts #149. Specific changes: 1. On the wire (and in finality certificates), `TipSet` objects are now directly cbor-marshaled within the payload instead of first being marshaled to byte strings. 2. Instead of directly covering the entire tipset list with the payload signature: 1. `TipSet` objects are "marshaled for signing" per the FIP change proposed above. 2. These marshaled tipset objects are stuffed into a merkle tree. 3. The merkle tree root is signed (along with the payload's other fields), again according the proposed changes. fixes #166
It should not block, as it is only a note in the FIP. |
@jennijuju we will discuss it but it should not block merge of this PR |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Changes to the FIP look good to me.
However the appears to be some odd files committed in FIPS/texfrag
which I am guessing is by mistake. Please don't merge until these are removed.
1. The `Epoch`, encoded as a big-endian 64bit value (8 bytes). | ||
2. The `Commitements` hash as-is (32 bytes). | ||
3. The tipset _CID_, a blake2b CID of the `TipsetKey` encoded as a CBOR byte array (38 bytes). The resulting CID is the "tipset CID". Importantly, it's hash digest is the digest returned by the `BLOCKHASH` instruction in Filecoin's EVM implementation. | ||
4. The `PowerTable` CID . |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Also 38 bytes?
The phase is 0x5 (decide) not 0.
b98ae5f
to
05d2469
Compare
* EVM-friendly TipSet and ECChain formats This patch implements the changes described in filecoin-project/FIPs#1004. Unfortunately, go-f3 now needs to be aware of the internal structure of `TipSet` objects as it sends them over the wire in one format, but signs another. This effectively reverts #149. Specific changes: 1. On the wire (and in finality certificates), `TipSet` objects are now directly cbor-marshaled within the payload instead of first being marshaled to byte strings. 2. Instead of directly covering the entire tipset list with the payload signature: 1. `TipSet` objects are "marshaled for signing" per the FIP change proposed above. 2. These marshaled tipset objects are stuffed into a merkle tree. 3. The merkle tree root is signed (along with the payload's other fields), again according the proposed changes. fixes #166 * test marshal payload for signing * slightly optimize hashing * add a worst-case benchmark for marshalling payloads * address feedback * Fake marshaling for testing * pre-allocate when marshaling tipsets * combine signer/verifier and MarshalPayloadForSignature Into a single Signatures interface. * tipset marshal for signing test * Test bad merkle-tree paths
This PR turns the tipset list into a merkle-tree to shrink the size of the root "decision" message to something more friendly to zkSNARKs and bandwidth-limited blockchains. I've also re-arranged the signature format a bit to align the fields on 32-byte word boundaries to make it a little more EVM friendly.
Second, this PR reformats the
ECTipset
structs themselves to be more EVM friendly. Specifically:ECTIpset
by concatenating the four fields (epoch, commitments, tipset cid, powertable cid) instead of CBOR-encoding.ECTipset
for signing, so we can avoid parsing. We likely don't care about the tipset CID and/or the power table CID in bridge smart contracts anyways.See the rational for details.