Merge branch 'store-block-not-tip'

Allows the storing of blocks that are not tips which, along with a bigger sync state, increases reorganization tolerance to practically infinity. Blocks in block-batch responses are now supported by MMR membership proofs against an anchor MMR such that all received blocks are proven to belong to the canonical chain for a specified block. This specific block has been authenticated through a successful sync challenge response, making DOS attacks difficult. In other words: This construction makes it difficult to fill up peers' disks with "garbage" blocks that will not end up belonging to a canonical chain.
Neptune-Crypto · Jan 22, 2025 · 315ec44 · 315ec44
2 parents 5501468 + 0a083d8
commit 315ec44
Show file tree

Hide file tree

Showing 15 changed files with 1,253 additions and 430 deletions.
diff --git a/src/lib.rs b/src/lib.rs
@@ -158,8 +158,7 @@ pub async fn initialize(cli_args: cli_args::Args) -> Result<i32> {
 
     // Create handshake data which is used when connecting to outgoing peers specified in the
     // CLI arguments
-    let syncing = false;
-    let networking_state = NetworkingState::new(peer_map, peer_databases, syncing);
+    let networking_state = NetworkingState::new(peer_map, peer_databases);
 
     let light_state: LightState = LightState::from(latest_block.clone());
     let blockchain_archival_state = BlockchainArchivalState {

diff --git a/src/main_loop.rs b/src/main_loop.rs
diff --git a/src/mine_loop.rs b/src/mine_loop.rs
@@ -620,7 +620,9 @@ pub(crate) async fn mine(
 
         let (guesser_tx, guesser_rx) = oneshot::channel::<NewBlockFound>();
         let (composer_tx, composer_rx) = oneshot::channel::<(Block, Vec<ExpectedUtxo>)>();
-        let is_syncing = global_state_lock.lock(|s| s.net.syncing).await;
+        let is_syncing = global_state_lock
+            .lock(|s| s.net.sync_anchor.is_some())
+            .await;
 
         let maybe_proposal = global_state_lock.lock_guard().await.block_proposal.clone();
         let guess = cli_args.guess;
@@ -1577,7 +1579,7 @@ pub(crate) mod mine_loop_tests {
 
             guess_worker(
                 block,
-                prev_block.header().clone(),
+                *prev_block.header(),
                 worker_task_tx,
                 composer_utxos,
                 sleepy_guessing,
@@ -1774,7 +1776,7 @@ pub(crate) mod mine_loop_tests {
         let mut rng = thread_rng();
         let mut counter = 0;
         let mut successor_block = Block::new(
-            successor_header.clone(),
+            successor_header,
             successor_body.clone(),
             appendix,
             BlockProof::Invalid,

diff --git a/src/models/blockchain/block/block_header.rs b/src/models/blockchain/block/block_header.rs
@@ -60,7 +60,7 @@ pub(crate) const ADVANCE_DIFFICULTY_CORRECTION_FACTOR: usize = 4;
 
 pub(crate) const BLOCK_HEADER_VERSION: BFieldElement = BFieldElement::new(0);
 
-#[derive(Clone, Debug, Serialize, Deserialize, PartialEq, Eq, BFieldCodec, GetSize)]
+#[derive(Copy, Clone, Debug, Serialize, Deserialize, PartialEq, Eq, BFieldCodec, GetSize)]
 #[cfg_attr(any(test, feature = "arbitrary-impls"), derive(Arbitrary))]
 pub struct BlockHeader {
     pub version: BFieldElement,

diff --git a/src/models/blockchain/block/validity/block_primitive_witness.rs b/src/models/blockchain/block/validity/block_primitive_witness.rs
@@ -297,7 +297,7 @@ pub(crate) mod test {
                                 (parent_header, parent_body, parent_appendix).prop_flat_map(
                                     move |(header, body, appendix)| {
                                         let parent_kernel = BlockKernel {
-                                            header: header.clone(),
+                                            header,
                                             body: body.clone(),
                                             appendix: appendix.clone(),
                                         };

diff --git a/src/models/channel.rs b/src/models/channel.rs
@@ -3,6 +3,7 @@ use std::net::SocketAddr;
 use serde::Deserialize;
 use serde::Serialize;
 use tasm_lib::triton_vm::prelude::Digest;
+use tasm_lib::twenty_first::util_types::mmr::mmr_accumulator::MmrAccumulator;
 
 use super::blockchain::block::block_height::BlockHeight;
 use super::blockchain::block::difficulty_control::ProofOfWork;
@@ -82,6 +83,10 @@ pub struct MainToPeerTaskBatchBlockRequest {
     /// that the we would prefer to build on top off, if it belongs to the
     /// canonical chain.
     pub(crate) known_blocks: Vec<Digest>,
+
+    /// The block MMR accumulator relative to which incoming blocks are
+    /// authenticated.
+    pub(crate) anchor_mmr: MmrAccumulator,
 }
 
 #[derive(Clone, Debug, Serialize, Deserialize, PartialEq, Eq)]
@@ -136,7 +141,15 @@ impl MainToPeerTask {
 #[derive(Clone, Debug, PartialEq, Eq)]
 pub(crate) enum PeerTaskToMain {
     NewBlocks(Vec<Block>),
-    AddPeerMaxBlockHeight((SocketAddr, BlockHeight, ProofOfWork)),
+    AddPeerMaxBlockHeight {
+        peer_address: SocketAddr,
+        claimed_height: BlockHeight,
+        claimed_cumulative_pow: ProofOfWork,
+
+        /// The MMR *after* adding the tip hash, so not the one contained in the
+        /// tip, but in its child.
+        claimed_block_mmra: MmrAccumulator,
+    },
     RemovePeerMaxBlockHeight(SocketAddr),
     PeerDiscoveryAnswer((Vec<(SocketAddr, u128)>, SocketAddr, u8)), // ([(peer_listen_address)], reported_by, distance)
     Transaction(Box<PeerTaskToMainTransaction>),
@@ -154,7 +167,7 @@ impl PeerTaskToMain {
     pub fn get_type(&self) -> String {
         match self {
             PeerTaskToMain::NewBlocks(_) => "new blocks",
-            PeerTaskToMain::AddPeerMaxBlockHeight(_) => "add peer max block height",
+            PeerTaskToMain::AddPeerMaxBlockHeight { .. } => "add peer max block height",
             PeerTaskToMain::RemovePeerMaxBlockHeight(_) => "remove peer max block height",
             PeerTaskToMain::PeerDiscoveryAnswer(_) => "peer discovery answer",
             PeerTaskToMain::Transaction(_) => "transaction",

diff --git a/src/models/peer.rs b/src/models/peer.rs
@@ -16,6 +16,7 @@ use serde::Deserialize;
 use serde::Serialize;
 use tasm_lib::twenty_first::prelude::Mmr;
 use tasm_lib::twenty_first::prelude::MmrMembershipProof;
+use tasm_lib::twenty_first::util_types::mmr::mmr_accumulator::MmrAccumulator;
 use tracing::trace;
 use transaction_notification::TransactionNotification;
 use transfer_transaction::TransferTransaction;
@@ -155,8 +156,10 @@ pub enum NegativePeerSanction {
     BatchBlocksInvalidStartHeight,
     BatchBlocksUnknownRequest,
     BatchBlocksRequestEmpty,
+    BatchBlocksRequestTooManyDigests,
     InvalidTransaction,
     UnconfirmableTransaction,
+    InvalidBlockMmrAuthentication,
 
     InvalidTransferBlock,
 
@@ -221,6 +224,12 @@ impl Display for NegativePeerSanction {
             NegativePeerSanction::TimedOutSyncChallengeResponse => {
                 "timed-out sync challenge response"
             }
+            NegativePeerSanction::InvalidBlockMmrAuthentication => {
+                "invalid block mmr authentication"
+            }
+            NegativePeerSanction::BatchBlocksRequestTooManyDigests => {
+                "too many digests in batch block request"
+            }
         };
         write!(f, "{string}")
     }
@@ -264,7 +273,7 @@ impl Sanction for NegativePeerSanction {
             NegativePeerSanction::InvalidBlock(_) => -10,
             NegativePeerSanction::DifferentGenesis => i32::MIN,
             NegativePeerSanction::ForkResolutionError((_height, count, _digest)) => {
-                i32::from(count).saturating_mul(-3)
+                i32::from(count).saturating_mul(-1)
             }
             NegativePeerSanction::SynchronizationTimeout => -5,
             NegativePeerSanction::FloodPeerListResponse => -2,
@@ -288,6 +297,8 @@ impl Sanction for NegativePeerSanction {
             NegativePeerSanction::UnexpectedSyncChallengeResponse => -1,
             NegativePeerSanction::InvalidTransferBlock => -50,
             NegativePeerSanction::TimedOutSyncChallengeResponse => -50,
+            NegativePeerSanction::InvalidBlockMmrAuthentication => -4,
+            NegativePeerSanction::BatchBlocksRequestTooManyDigests => -50,
         }
     }
 }
@@ -483,6 +494,16 @@ pub struct BlockRequestBatch {
 
     /// Indicates the maximum allowed number of blocks in the response.
     pub(crate) max_response_len: usize,
+
+    /// The block MMR accumulator of the tip of the chain which the node is
+    /// syncing towards. Its number of leafs is the block height the node is
+    /// syncing towards.
+    ///
+    /// The receiver needs this value to know which MMR authentication paths to
+    /// attach to the blocks in the response. These paths allow the receiver of
+    /// a batch of blocks to verify that the received blocks are indeed
+    /// ancestors to a given tip.
+    pub(crate) anchor: MmrAccumulator,
 }
 
 #[derive(Clone, Debug, Serialize, Deserialize, PartialEq, Eq)]
@@ -506,7 +527,7 @@ pub(crate) enum PeerMessage {
     BlockRequestByHash(Digest),
 
     BlockRequestBatch(BlockRequestBatch), // TODO: Consider restricting this in size
-    BlockResponseBatch(Vec<TransferBlock>), // TODO: Consider restricting this in size
+    BlockResponseBatch(Vec<(TransferBlock, MmrMembershipProof)>), // TODO: Consider restricting this in size
     UnableToSatisfyBatchRequest,
 
     SyncChallenge(SyncChallenge),
@@ -741,7 +762,7 @@ impl SyncChallengeResponse {
     /// Determine whether the `SyncChallengeResponse` answers the given
     /// `IssuedSyncChallenge`, and not some other one.
     pub(crate) fn matches(&self, issued_challenge: IssuedSyncChallenge) -> bool {
-        let Ok(tip_predecessor) = Block::try_from(self.tip_parent.clone()) else {
+        let Ok(tip_parent) = Block::try_from(self.tip_parent.clone()) else {
             return false;
         };
         let Ok(tip) = Block::try_from(self.tip.clone()) else {
@@ -754,7 +775,7 @@ impl SyncChallengeResponse {
             .all(|((_, child), challenge_height)| child.header.height == *challenge_height)
             && issued_challenge.challenge.tip_digest == tip.hash()
             && issued_challenge.accumulated_pow == tip.header().cumulative_proof_of_work
-            && tip.has_proof_of_work(tip_predecessor.header())
+            && tip.has_proof_of_work(tip_parent.header())
     }
 
     /// Determine whether the proofs in `SyncChallengeResponse` are valid. Also
@@ -772,6 +793,8 @@ impl SyncChallengeResponse {
             return false;
         }
 
+        let mut mmra_anchor = tip.body().block_mmr_accumulator.to_owned();
+        mmra_anchor.append(tip.hash());
         for ((parent, child), membership_proof) in
             self.blocks.iter().zip(self.membership_proofs.iter())
         {
@@ -781,8 +804,8 @@ impl SyncChallengeResponse {
             if !membership_proof.verify(
                 child.header().height.into(),
                 child.hash(),
-                &tip.body().block_mmr_accumulator.peaks(),
-                tip.header().height.into(),
+                &mmra_anchor.peaks(),
+                mmra_anchor.num_leafs(),
             ) {
                 return false;
             }

diff --git a/src/models/peer/transfer_block.rs b/src/models/peer/transfer_block.rs
@@ -61,7 +61,7 @@ impl TryFrom<&Block> for TransferBlock {
             }
         };
         Ok(Self {
-            header: block.kernel.header.clone(),
+            header: block.kernel.header,
             body: block.kernel.body.clone(),
             proof,
             appendix: block.kernel.appendix.clone(),