New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[refactor]: remove signatures from blocks #4384
base: main
Are you sure you want to change the base?
Conversation
Signed-off-by: Marin Veršić <marin.versic101@gmail.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think we can get rid of storing block's signatures.
Because this way we forcing a new peer who is joining the network to trust that blocks are valid without ability to verify that.
Since blocks in a blockchain are tied together via block hashes
Without signatures malicious peer can provide any blockchain sequence it want.
yes, but that's only a matter of block sync as I mentioned in the description. This can be taken care of like this:
or some more optimized version of this |
@Erigara the point is that node needs to contact the network, not just one peer when doing block sync because it cannot trust one node. So it asks the network what the hash of the next block is before requesting next block via block sync |
This makes block synchronization much more complex. And also vulnerable to cases where suppose that only one peer left of the whole topology for some reason. With signatures (and initial set of peers) we still have an ability to check that blocks are valid, without them there is no way. |
somewhat more complex. This is why block sync should be avoided if possible. This change shouldn't increase network traffic by a noticeable amount (just circling some extra hashes)
even in the current implementation this lone peer could put anything in the signature set and compromise the blockchain. Note that
this is not true again, or true only superficially. As in the previous example, new peer has to trust the peer it's connecting to because that peer can manipulate signatures of the genesis block. With the current approach, new peer trusts the one peer from |
Good point. After that malicious peer can't mess up with topology because every inclusion or deletion of peer is recorded within transactions (
Agree about noticeable amount. I'm more concerned about implementing quorum algorithm for that.
Yeah, this example is kinda handcrafted but i want to be extra-careful when talking about compromising the whole chain. All in all i'm suggesting to investigate this question more deeply. |
this seems like it would do the trick, except that we should make sure genesis consists of exactly 1 transaction so that the peer submitting genesis cannot remove or reorder any
ofc. I'd like this to be thoroughly considered. I'm not that convinced myself |
Description
Signatures are transient and only applicable during consensus. Since blocks in a blockchain are tied together via block hashes, keeping block signatures after consensus is not only superfluous but also creates issues when replaying blocks when topology has changed (related to How to update peer's blockstore when the whole topology changed #4145)
consensus_estimation
from block header - it was unusedevent_recommendations
from block - it was unusedFuture work
Checklist
CONTRIBUTING.md