Compact committee roots #1219
Compact committee roots #1219
Conversation
JustinDrake
added
the
milestone:June 30 freeze 🥶
|
@protolambda Testing goes a little crazy on this branch. Not sure what to do.
|
|
I'm seeing the same on this branch, here's my test output: |
|
Python crashes are often recursion bugs |
|
taking a look at this |
|
You have a circular dependency
Suggestion: Use def generate_seed(state: BeaconState,
epoch: Epoch) -> Hash:
"""
Generate a seed for the given ``epoch``.
"""
return hash(
get_randao_mix(state, Epoch(epoch + EPOCHS_PER_HISTORICAL_VECTOR - MIN_SEED_LOOKAHEAD)) +
hash_tree_root(get_active_validator_indices(state, epoch)) +
int_to_bytes(epoch, length=32)
) |
|
I fixed the SSZ typing error, but there is a more substantive error now. We are trying to set It seems more appropriate to just set for Setting it to this value actually triggers an issue in |
motes.md
Outdated
| @@ -0,0 +1,42 @@ | |||
| * `BLS_WITHDRAWAL_PREFIX` | |||
There was a problem hiding this comment.
Loving your motes :) Will comment on the various points later today 😂
There was a problem hiding this comment.
Oh no! I accidentally pushed. Haaa
motes.md
Outdated
| @@ -0,0 +1,42 @@ | |||
| * `BLS_WITHDRAWAL_PREFIX` | |||
| * Why int rather than bytes? | |||
There was a problem hiding this comment.
Should probably be bytes :)
motes.md
Outdated
| * `BLS_WITHDRAWAL_PREFIX` | ||
| * Why int rather than bytes? | ||
| * `MIN_SEED_LOOKAHEAD` | ||
| * Is this actually tunable? |
There was a problem hiding this comment.
I don't any reason why it's not tunable
motes.md
Outdated
| * Why int rather than bytes? | ||
| * `MIN_SEED_LOOKAHEAD` | ||
| * Is this actually tunable? | ||
| * If so, what are the reprecussions? |
There was a problem hiding this comment.
I can think of two repercussions:
- It changes the lookahead (duh)
- For security we need to correspondingly adjust
ACTIVATION_EXIT_DELAYto be at leastMIN_SEED_LOOKAHEAD + 3.
motes.md
Outdated
| * `ACTIVATION_EXIT_DELAY` | ||
| * Reaquaint with purpose | ||
| * AttesterSlashings | ||
| * `MAX_ATTESTER_SLASHINGS` is 1. |
There was a problem hiding this comment.
Right, the reasons being:
- 1 is sufficiently large
- Attester slashings are huge objects, and could be used as a DoS vector
motes.md
Outdated
| * Are there scenarios in which validators can create more effective slashable | ||
| messages than can be included on chain? For example, Validators split up to | ||
| create double attestations for checkpoints but different (junk) crosslink | ||
| data to prevent them from being aggregatable to the fullest |
There was a problem hiding this comment.
I remember thinking about this. One way to create more effective slashable messages is as follows. Let's say you control n validators, and you want to make bad attestations a_1, ..., a_n for each of these validators. The attacker can broadcast aggregated attestations (a_1, a_i) for i > 1 and never reveal the individual a_i. This is an argument for generalising the bitfield to a multibitfield.
motes.md
Outdated
| * checking next hinges upon the fact that the validator set for the next | ||
| epoch is 100% known at the current epoch. Ensure this is the case | ||
| * `get_block_root_at_slot` .. `generate_seed` can be bade into one line | ||
| function signatures |
There was a problem hiding this comment.
Yay for one-line function signatures. This is part of the cleanup planned in #918.
motes.md
Outdated
| * is the `2**40` special for security of alg? probably. | ||
|
|
||
|
|
||
| pubkey/privkey g1 vs g2 |
There was a problem hiding this comment.
pubkey should be in g1 since we're adding a bunch of them when aggregating.
motes.md
Outdated
| * `get_block_root_at_slot` .. `generate_seed` can be bade into one line | ||
| function signatures | ||
| * `get_shuffled_index` | ||
| * I think it should be maybe `assert index_count <= VALIDATOR_REGISTRY_LIMIT` |
motes.md
Outdated
| function signatures | ||
| * `get_shuffled_index` | ||
| * I think it should be maybe `assert index_count <= VALIDATOR_REGISTRY_LIMIT` | ||
| * is the `2**40` special for security of alg? probably. |
motes.md
Outdated
| * Is this actually tunable? | ||
| * If so, what are the reprecussions? | ||
| * `ACTIVATION_EXIT_DELAY` | ||
| * Reaquaint with purpose |
There was a problem hiding this comment.
The problem is that attackers can know the randomness beyond MIN_SEED_LOOKAHEAD, and hence bias the shuffling by strategically registering/deregistering validators in the window between MIN_SEED_LOOKAHEAD and MIN_SEED_LOOKAHEAD + 3 to "grind" the shuffling. (The number 3 is large enough to guarantee that, with high probability, an attacker's lookahead cannot go beyond MIN_SEED_LOOKAHEAD + 3.)
Co-Authored-By: Alex Stokes <r.alex.stokes@gmail.com>
Thanks @NIC619 #1219 (comment)
Replacement of
active_index_rootswithcompact_committee_rootsto allow for significantly more efficient light clients (see item 17 in #1054). Key changes:validator.effective_balanceandvalidator.slashed) is kept "close" to the validator index to avoid accessingstate.validators.index,effective_balance,slashed) is compactified into auint64which is friendly to SSZ packing.The plan is to also have persistent committee roots in phase 1.