New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add information form epoch header chain in epoch SNARK messages #1158
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Concept looks great! Had some small comments and questions.
Just to clarify - the changes in the consumed libs aren't there yet, right?
@kobigurk Question related to this PR. It seems that care is taken to make the epoch index |
Here are the changes to |
…tor/epoch-snark-data-change
…tor/epoch-snark-data-change
Superseded by #1231 |
Description
In the current implementation of the epoch SNARK messages, which are the data used to create proofs for the SNARKs within the Plumo system, it is possible to predict far in advance what these messages will be. As a result, there exists a scenario in which, if an attacker is able to compromise a number of validators, and those validators form a quorum at any future block, the attacker may create a valid proof branching the chain to a validator set of their choice. Key to this scenario is that the attacker need not have control of the validators (or more specifically their signing oracles) at the point they branch from, and instead can use the predictability of the messages to sign constructed epoch messages for blocks far in the future. As a result, the attack is feasible for an attacker who had access to the each validator in the quorum at any point in the past.
In order to address this scenario, this PR adds the epoch block hash, and previous epoch block hash to the epoch SNARK data. Because the block hash summarizes the state root, and therefore all on-chain state including the on-chain randomness values, the block hash is considered unpredictable*. This unpredictability makes the the generation of a epoch SNARK messages to fork from a future block infeasible.
Tested
WIP
Backwards compatibility
Enacting this change will require a hard-fork in the validator consensus algorithm. (WIP)