This repository was archived by the owner on Jan 22, 2025. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 5.7k
Add verifying snapshots book entry #5885
Merged
sakridge
merged 1 commit into
solana-labs:master
from
sakridge:add-snapshot-verify-book
Sep 19, 2019
Merged
Changes from all commits
Commits
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,50 @@ | ||
| # Verifying Snapshots and Account state proof | ||
|
|
||
| ## Problem | ||
|
|
||
| When a validator boots up from a snapshot, it needs a way to verify the account set matches what the rest of the network sees quickly. A potential attacker | ||
| could give the validator an incorrect state, and then try to convince it to accept a transaction that would otherwise be rejected. | ||
|
|
||
| ## Solution | ||
|
|
||
| Currently the bank hash is derived from hashing the delta state of the accounts in a slot which is then combined with the previous bank hash value. The problem with this is that the list of hashes | ||
| will grow on the order of the number of slots processed by the chain and become a burden to both transmit and verify successfully. | ||
|
|
||
| Another naive method could be to create a merkle tree of the account state. This has the downside that with each account update which removes an account state from the tree, the merkle | ||
| tree would have to be recomputed from the entire account state of all live accounts in the system. | ||
|
|
||
| To verify the snapshot, we propose the following: | ||
|
|
||
| On account store hash the following data: | ||
|
sakridge marked this conversation as resolved.
|
||
| * Account owner | ||
| * Account data | ||
| * Account pubkey | ||
| * Account lamports balance | ||
| * Fork the account is stored on | ||
|
sakridge marked this conversation as resolved.
|
||
|
|
||
| Use this resulting hash value as input to an expansion function which expands the hash value into an image value. | ||
| The function will create a 440 byte block of data where the first 32 bytes are the hash value, and the next 440 - 32 bytes | ||
| are generated from a Chacha RNG with the hash as the seed. | ||
|
|
||
| The account images are then combined with xor. The previous account value will be xored into the state and the new | ||
| account value also xored into the state. | ||
|
|
||
| Voting and sysvar hash values occur with the hash of the resulting full image value. | ||
|
sakridge marked this conversation as resolved.
|
||
|
|
||
| On validator boot, when it loads from a snapshot, it would verify the hash value with the accounts set. It would | ||
| then use SPV to display the percentage of the network that voted for the hash value given. | ||
|
|
||
| The resulting value can be verified by a validator to be the result of xoring all current account states together. | ||
|
|
||
| An attack on the xor state could be made to influence its value: | ||
|
|
||
| Thus the 440 byte image size comes from this paper, avoiding xor collision with 0 (or thus any other given bit pattern): | ||
| [https://link.springer.com/content/pdf/10.1007%2F3-540-45708-9_19.pdf] | ||
|
|
||
| The math provides 128 bit security in this case: | ||
| ```ignore | ||
| O(k * 2^(n/(1+lg(k))) | ||
| k=2^40 accounts | ||
| n=440 | ||
| 2^(40) * 2^(448 * 8 / 41) ~= O(2^(128)) | ||
| ``` | ||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.