Add custom threshold support for Nebula

[DJAndries]

No description provided.

[rillian]

lgtm. So the idea here is to group submissions by their threshold value (stated or implicit) and decode and aggregate them separately, so the db will have separate entries for each threshold class and we can join them in the analysis dashboard queries?

[rillian]

I don't know anything about kafka, but it looks like this field really is just 'bytes' and it's custom serialization up to the application even for a base type like this. Is that right?

[DJAndries]

correct, rust-rdkafka requires a &[u8] for header values, so we're responsible for serialization.

[rillian]

Ok, the server only accepts threshold values within whatever range we set (between 20 and 50 by default) so there's a bound to how many queues it will build. Excellent.

[DJAndries]

So the idea here is to group submissions by their threshold value (stated or implicit) and decode and aggregate them separately, so the db will have separate entries for each threshold class and we can join them in the analysis dashboard queries?

yes. pending messages (messages stored in PG from previous aggregation attempts) and new messages (messages that were just received via Kafka during the current iteration) will be grouped by tag, and then by threshold. New pending messages will be stored by tag and threshold.

However, recovered messages (which include the key, metric name and metric value) will continue to be grouped by tag. If there are multiple threshold values for a given tag (i.e. if we switched the Nebula k-threshold at some point), we're covered. It turns out that the key for a given tag remains the same, regardless of the multiple threshold values in the wild.

[github-actions]

_{reported by reviewdog 🐶}
[semgrep] expect or unwrap called in function returning a Result

Source: https://semgrep.dev/r/trailofbits.rs.panic-in-function-returning-result.panic-in-function-returning-result


Cc @thypon @bcaller

[github-actions]

_{reported by reviewdog 🐶}
[semgrep] expect or unwrap called in function returning a Result

Source: https://semgrep.dev/r/trailofbits.rs.panic-in-function-returning-result.panic-in-function-returning-result


Cc @thypon @bcaller

[github-actions]

_{reported by reviewdog 🐶}
[semgrep] expect or unwrap called in function returning a Result

Source: https://semgrep.dev/r/trailofbits.rs.panic-in-function-returning-result.panic-in-function-returning-result


Cc @thypon @bcaller

[github-actions]

_{reported by reviewdog 🐶}
[semgrep] expect or unwrap called in function returning a Result

Source: https://semgrep.dev/r/trailofbits.rs.panic-in-function-returning-result.panic-in-function-returning-result


Cc @thypon @bcaller

[github-actions]

_{reported by reviewdog 🐶}
[semgrep] expect or unwrap called in function returning a Result

Source: https://semgrep.dev/r/trailofbits.rs.panic-in-function-returning-result.panic-in-function-returning-result


Cc @thypon @bcaller

[diracdeltas]

i see this adds new dependencies; is there something in the pre-merge pipeline which runs cargo audit? if not it should be added.

[thypon]

Is the modified code part of a command or a server? @DJAndries

[DJAndries]

Is the modified code part of a command or a server? @DJAndries

modifications are mostly for the server + server-side aggregator. some changes were made to the test client as well

[rillian]

i see this adds new dependencies; is there something in the pre-merge pipeline which runs cargo audit? if not it should be added.

I filed #133 to address this. An unmaintained warning about the rusoto crates is the only thing reported after running cargo update.

[github-actions]

[puLL-Merge] - brave/constellation-processors@115

Description

This PR makes changes to support custom k-threshold values in requests to the encrypted message submission endpoint. The k-threshold value is passed in a request header, and if present, overrides the default threshold. Pending messages are now stored in the database with the threshold value. Message grouping and key recovery is done separately for each threshold group.

Changes

Changes

• migrations/: Adds a new migration to add a threshold column to the pending_msgs table
• misc/test-client/:
  • Adds support for submitting requests to a randomness server instead of using a local fetcher
  • Adds a threshold header to requests based on a CLI argument
  • Updates dependencies
• src/aggregator/:
  • consume.rs: Passes the default k-threshold value to message grouping
  • group.rs:
    • Updates MessageChunk to store pending/new messages in a map keyed by threshold
    • Updates GroupedMessages.add() to use MessageWithThreshold
    • Updates pending message storage to include threshold
  • mod.rs: Renames k-threshold constants
  • processing.rs:
    • Updates layer processing to handle each threshold group separately
    • Removes k-threshold argument since it's no longer a single value
• src/models/:
  • Adds MessageWithThreshold struct
  • Adds threshold field to PendingMessage
• src/record_stream.rs:
  • Adds support for threshold header in Kafka records
  • Introduces ConsumedRecord to include the threshold value
• src/server.rs:
  • Adds support for brave-p3a-constellation-threshold header
  • Validates the threshold header value is within configured range
  • Passes threshold value when producing Kafka record

Security Hotspots

• The brave-p3a-constellation-threshold header value is user controlled. The value is validated to be within a configured range to mitigate abuse.
• The randomness server URL is user controlled in the test client. Ensure the randomness server is trusted.