Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ancestry / prefix proofs for MMRs #1441

Closed
3 of 5 tasks
Lederstrumpf opened this issue Sep 7, 2023 · 1 comment · Fixed by paritytech/merkle-mountain-range#1
Closed
3 of 5 tasks

Ancestry / prefix proofs for MMRs #1441

Lederstrumpf opened this issue Sep 7, 2023 · 1 comment · Fixed by paritytech/merkle-mountain-range#1
Assignees
Labels
I5-enhancement An additional feature request. T15-bridges This PR/Issue is related to bridges.

Comments

@Lederstrumpf
Copy link
Contributor

Lederstrumpf commented Sep 7, 2023

For proving a BEEFY voter/signatory equivocation against a finalized signed commitment, the equivocation proofs of #1329 currently include headers that the verifier calculates hashes of and compares with on-chain <frame_system::Pallet<T>>::block_hash(block_number). Since this mapping has a horizon of 4096 blocks, equivocations predating this horizon cannot be slashed. While this thwarts attacks assuming a 2/3rds of validators honestly participate in BEEFY finalization and at least one honest relayer can update the beefy light client at least once every 4096 blocks, this is clearly only a temporary solution. This verification is to be complemented by mmr ancestry/pre-fix proofs for equivocations older than 4096 blocks.

Concretely given a current mmr root r, prove that another mmr root r' is its ancestor.

The nervos library used atm has recently implemented a flavor of ancestry proofs (nervosnetwork/merkle-mountain-range#35), but this requires that all the leaves l added to the mmr since r' are included in the verification call (the current implementation creates a membership proof for leaves l, and the proof items happen to be the peaks of r'). This ends up being an expensive call (O(n_leaves_since_r')): we might then just as well provide a headerchain back to the block including r'.

Efficient MMR ancestry/prefix proofs require proving membership of nodes, whereas the nervos library can currently prove leaves only (both a hardcoded assumption, as well as changes required to the proof structure).
A PoC of membership proofs for nodes can be found here.

Tasks

Preview Give feedback
@acatangiu
Copy link
Contributor

Let's develop them here https://github.com/paritytech/merkle-mountain-range - we can then upstream to nervos from here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
I5-enhancement An additional feature request. T15-bridges This PR/Issue is related to bridges.
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants