Location of participants in Lotus stack, multiple identities in one instance #103

Kubuxu · 2024-02-29T16:38:01Z

For now, I've assumed that the f3 active participant would live in Lotus.
This might not have been as good of an assumption.

An active participant is tied to SP code and identity; that flow lives in lotus-miner/lotus-provider.
At the same time, the lotus miner is not connected with the global pubsub (AFAIK).

A single Lotus node can also host multiple providers, which, if f3 continues to live there, would necessitate either multiple concurrent instances in one Louts node or f3 being able to handle multiple identities.

As far as I know, the protocol flow is independent of our own identity, which should make running multiple identities at the same much easier. We could abstract out signing and VRF generation as part of the broadcast operation. Essentially, the instance itself stops caring about our own identity.

Kubuxu · 2024-05-20T14:24:57Z

The design I settled on:

gpbft.Participant is unaware of the ID it is running as the protocol is independent of our own decisions
- this requires a slight refactor and cleanup in gpbft to remove ParticipantID
gpbft requests a given message to be broadcasted, that message is universal (not connected with any ID), this is passed to the Host which knows as which IDs it wants to broadcast, and uses powertable from gpbft to resolve IDs to public keys
The host then builds a payload to be signed with that key. Signing can happen over RPC boundary (necessary for offloading keys to lotus-miner). This results in serialized payloads that are to be signed with the given key and returned back to the host for broadcasting
When these payloads are returned to be broadcasted, they are also immediately processed as incoming messages

See #188 for PR on it. The suggestion there was to separate the PR into:

async delivery of local messages
removal of ID from gpbft.Participant
addition of the message builder pattern

anorth · 2024-06-10T23:07:03Z

This has proven slightly trickier than we thought. The protocol code has assumptions that it can update state as a result of its own decisions more or less synchronously. This used to be achieved by internally receiving messages sent by self synchronously. This changed to async as part of #259 but means there's now a race between receiving those messages sent to self and receiving alarms #316.

I explored an internal send-to-self of unvalidated messages, but immediately ran into not knowing the node's own power, so the state updates are impossible.

Some potential paths forward that I see:

Attempt to remove any algorithmic assumption of being able to update state as a result of the participant's own decisions. I don't know how easy this will be. We haven't tried. Possibly related to Running gpbft without active participation (passive observation) #319.
When requesting broadcast of a message, synchronously receive back from the host the information needed to update state. This is a list of participant IDs and power amounts that the host will subsequently sign and broadcast on behalf of. This would still leave unknown: tickets for CONVERGE message/s.

The gpbft implementation implicitly assumes that broadcast of `CONVERGE` messages to self are delivered immediately. In practice this assumption does not hold because of the complexity in deferred signing and async message delivery. The changes here relax this assumption by explicitly notifying the local converge state that the self participant has begun the `CONVERGE` step, providing self proposal and justification for the proposal. The code then considers the given data whenever search in converge state does not bear any results, caused by asynchronous message delivery. Further, the code ignores the self converge value once at least one broadcast message is received. Fixes #316 Reverts #318 Relates to #103 (comment)

The gpbft implementation implicitly assumes that broadcast of `CONVERGE` messages to self are delivered immediately. In practice this assumption does not hold because of the complexity in deferred signing and async message delivery. The changes here relax this assumption by explicitly notifying the local converge state that the self participant has begun the `CONVERGE` step, providing self proposal and justification for the proposal. The code then considers the given data whenever search in converge state does not bear any results, caused by asynchronous message delivery. Further, the code ignores the self converge value once at least one broadcast message is received. Additionally, the changes remove zero-latency for messages to self in simulations to make a stronger assertion that synchronous message delivery to self is no longer required (neither for `GMessage` nor alarms). Fixes #316 Reverts #318 Relates to #103 (comment)

…ly (#334) * Relax the assumption of receiving own `CONVERGE` messages synchronously The gpbft implementation implicitly assumes that broadcast of `CONVERGE` messages to self are delivered immediately. In practice this assumption does not hold because of the complexity in deferred signing and async message delivery. The changes here relax this assumption by explicitly notifying the local converge state that the self participant has begun the `CONVERGE` step, providing self proposal and justification for the proposal. The code then considers the given data whenever search in converge state does not bear any results, caused by asynchronous message delivery. Further, the code ignores the self converge value once at least one broadcast message is received. Additionally, the changes remove zero-latency for messages to self in simulations to make a stronger assertion that synchronous message delivery to self is no longer required (neither for `GMessage` nor alarms). Fixes #316 Reverts #318 Relates to #103 (comment) * Adjust naming and comments. --------- Co-authored-by: Alex North <445306+anorth@users.noreply.github.com>

masih · 2024-06-13T16:52:23Z

@anorth @Kubuxu In light of #334 Is there still remaining work here? If not can we close this issue?

Kubuxu added this to the F3 Alpha milestone Apr 22, 2024

jennijuju assigned Kubuxu May 16, 2024

jennijuju linked a pull request May 16, 2024 that will close this issue

Message templating, allowing multiple identities in one instance #188

Closed

Kubuxu removed their assignment May 20, 2024

Kubuxu mentioned this issue May 20, 2024

Epic: Lotus integration #253

Open

This was referenced May 21, 2024

FFF-103: Async delivery of local messages #259

Merged

FFF-103: remove ID from gpbft.Participant #267

Closed

FFF-103: Message builder pattern #274

Merged

anorth mentioned this issue Jun 10, 2024

Receiving alarms must take precedence over receiving broadcasted messages #316

Closed

This was referenced Jun 10, 2024

Shorten timeout at COMMIT phase when justified #315

Merged

Attempt to remove assumption of receiving own messages #331

Closed

masih mentioned this issue Jun 11, 2024

Relax the assumption of receiving own CONVERGE messages synchronously #334

Merged

Kubuxu closed this as completed Jun 13, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Location of participants in Lotus stack, multiple identities in one instance #103

Location of participants in Lotus stack, multiple identities in one instance #103

Kubuxu commented Feb 29, 2024 •

edited

Loading

Kubuxu commented May 20, 2024

anorth commented Jun 10, 2024 •

edited

Loading

masih commented Jun 13, 2024

Location of participants in Lotus stack, multiple identities in one instance #103

Location of participants in Lotus stack, multiple identities in one instance #103

Comments

Kubuxu commented Feb 29, 2024 • edited Loading

Kubuxu commented May 20, 2024

anorth commented Jun 10, 2024 • edited Loading

masih commented Jun 13, 2024

Kubuxu commented Feb 29, 2024 •

edited

Loading

anorth commented Jun 10, 2024 •

edited

Loading