-
Notifications
You must be signed in to change notification settings - Fork 165
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
All V1 sealed proof sector expansion to 540 days #75
Conversation
Thank you for submitting the FIP! In the motivation section, you mentioned some security concern and stated that those aren’t harmful to the network, please elaborate more and include some data to support that statement in the |
I do not recommend merge this proposal. This will bring insecurity to the network. And many v1 sectors are free sectors of SP1. |
After 2020-10-15 sectors are not free. |
FIPS/fip-0014.md
Outdated
Allow the V1 proof sectors life cycle extention. | ||
|
||
## Abstract | ||
All the V1 proof sectors are sealed with collaterals and gas fees, but they have not received the same treatment as other sectors. The security issue of V1 proof sectors are not enough to threaten the chain security. So this proposal allows the V1 proof sectors lifecycle to be extended. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There are actually significant security considerations for v1 vs v1.1 sectors (which is why the network upgraded to v1.1 sectors in the first place). Can you clarify how this proposal will upgrade v1 sectors to ensure they are as secure as v1.1 sectors to make them eligible for extension?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think what @deltazxm was trying to say is to extend v1 proof sector lifecycle instead of upgrading v1 to v1.1. I will quote @deltazxm below "Only sectors sealed prior to November 24th, 2020 have the issue, it's not financially beneficial for anyone to develop specific chips to hack these sectors. Sectors sealed prior to November 24th, 2020 have different lengths of the lifecycle (180/360/540 days), if lifecycle extension is not approved, at least we expect some fairness on this. In another word, change all the lifecycle to 540 days, then let them die after that. "
@deltazxm I agree with @neogeweb3 to achieve some fairness on lifetime limitation and also consider the security concern. This will make code cleaner and fairer to all miners. For current supported two proof types, V1 and V1.1; We can define the following parameters in file https://github.com/filecoin-project/specs-actors/blob/master/actors/builtin/sector.go, please notice that we set 540 days for V1 and 5 years for V1.1
And remove the following condition in
which is not needed any more. |
thanks @steven004.I will modify the FIP according to your suggestion |
Hello, @deltazxm, I compiled Simple SummaryAllow V1 proof sectors to be extended up to a maximum of 540 days. AbstractAllow sectors sealed using V1 proof before network upgrade of v1.2.0 on Nov 27th, 2020 to be extended up to a maximum of 540 days including the days that they have already been Change MotivationWhile every encryption/proof created ever by human beings has security issues, V1 proof is now being challenged with unrealistically high standard of security concerns. This fip advocates that V1 proof sectors should be treated equally just like any other sectors. SpecificationKey changes proposed by @steven004 could be found here. Design RationaleThe design is quite straight forward. Suggestions are welcome. Backwards CompatibilityTODO: Test cases for an implementation are mandatory for FIPs that are affecting consensus changes. Other FIPs can choose to include links to test cases if applicable. Security ConsiderationsSecurity concerns from the community boils down to @nicola's following comment.
Cost of designing custom hardware (ASICs)From data aggregated by semiengineering, the design cost alone of developing a cutting edge chip could amount to ~$540M which is equivalent to the revenue of running a 120Pib node for 3 years given the current network parameters. Time for development of custom hardware (ASICs)It is estimated that manufacturing a chip from scratch could take 1 to 2 years. Securing production of custom hardware (ASICs)There are mainly two options someone could get their chip design produced, namely from TSMC or Samsung. Attackers will be competing with all smart devices manufacturers for "production cap". Months of waiting time is the norm given how the market is craving smart devices nowadays. Incentives of attackersUnder the circumstances mentioned above, there wouldn't be any incentives for attackers to invest huge amount of time and money just to fake a discontinued proof. Additionally, the concern is addressed by @neogeweb3 at here and by @steven004 at here. In short, the general consensus is that it is not economically viable that attacker could develop custom hardware using tech that is a year+ from now. Incentive ConsiderationsMajority of the people who sealed sectors using V1 proof for 180 days will now most likely to extend them to 540 days. Product ConsiderationsThis fip protects interests of miners who have contributed to filecoin's growth since mainnet launch. ImplementationCopyrightCopyright and related rights waived via CC0. |
V1 seal proof sectors extension