[TierTwo] Long Living Masternode Quorums - Part 1 #2607
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
random-zebra
force-pushed
the
202110_LLMQs
branch
from
99e7278 to
f4659b2
Compare
furszy
reviewed
Nov 1, 2021
furszy
left a comment
furszy
left a comment
There was a problem hiding this comment.
Small initial thing, haven't seen any object using the std::tuple serialization introduced in 698a9691. Guess that its usage comes later.
Author
It's already used by |
furszy
reviewed
Nov 2, 2021
furszy
reviewed
Nov 2, 2021
furszy
reviewed
Nov 3, 2021
furszy
left a comment
furszy
left a comment
There was a problem hiding this comment.
initial review till 99e72787 finished, only small things found.
Nice work 👌 , and really great that you managed to decouple this from the rest of the work. The coming part will be heavy with the sessions manager introduction.
furszy
reviewed
Nov 4, 2021
furszy
left a comment
furszy
left a comment
There was a problem hiding this comment.
One of the bugs presented in #2611 is presented here as well for the new 'qfc' inv response.
Need to remove the inv from the ask for set and map when the item is received or it will be there forever. Small commit --> furszy@442c0fb
Will need to rebase this branch on master to squash or cherry-pick it.
random-zebra
force-pushed
the
202110_LLMQs
branch
from
f4659b2 to
f94c43e
Compare
Author
|
Rebased, commit cherry-picked, and feedback addressed. |
furszy
reviewed
Nov 10, 2021
There was a problem hiding this comment.
Let's add a v6.0 network upgrade guard to the qfc inv workflow and the full item processing as well. So the node does not accept nor relay 'qfc' messages during the compatibility window.
Small commit: furszy@559b88f
Same flow can be applied to the remaining LLMQ/v6 related message that are coming in the follow-up PR.
random-zebra
force-pushed
the
202110_LLMQs
branch
from
f94c43e to
d1c6a04
Compare
furszy
previously approved these changes
Nov 26, 2021
furszy
left a comment
furszy
left a comment
There was a problem hiding this comment.
ACK d1c6a04c301ca7da6618bd5a46e36dbf3f843370
|
rebased #2647 on top of master and realized that this now fails GA for the circular dependencies script. |
Author
Most of these (e.g. the first one) are caused by the dependencies removed in #2649. |
|
ok, will check it 👍 |
random-zebra
force-pushed
the
202110_LLMQs
branch
from
d1c6a04 to
3126446
Compare
Author
|
Rebased on top of:
Better to address the remaining LLMQ circular dependencies in a follow up PR. |
|
sounds good, thanks for the rebase. Now is my turn on the part 2.. |
|
In babe21d, need to add the new inv type |
random-zebra
force-pushed
the
202110_LLMQs
branch
from
3126446 to
d198e51
Compare
Author
|
Rebased. Ready to go again. |
random-zebra
force-pushed
the
202110_LLMQs
branch
from
d198e51 to
f0aab70
Compare
Which handles and validate LLMQ commitments. >>> based on dash@7a1c3717ce9d81328eb73e892a31ba27504c25cd with more recent updates
jt->second is our local mineable commitment for the same quorum hash of the commitment being processed (qc). We should bail out of ProcessMessage if qc has LESS signatures than the local one, not EQUAL OR MORE.
CQuorumBlockProcessor::ProcessCommitment is called from CQuorumBlockProcessor::ProcessBlock. By that time we have already called CheckSpecialTx --> CheckLLMQCommitment. Better to directly check the signature there.
As this function is never called for final commitments with same hash and less signatures than the one already stored
…every peer AskFor set and map.
-> llmq/quorums_blockprocessor".
random-zebra
force-pushed
the
202110_LLMQs
branch
from
4c4b183 to
ba80f2b
Compare
Author
|
Rebased again. |
furszy
approved these changes
Dec 17, 2021
furszy
reviewed
Dec 24, 2021
furszy
left a comment
furszy
left a comment
There was a problem hiding this comment.
Was checking this once more before merging it and found that the quorum commitment transactions are not being rejected from the mempool.
So.. patch for it:
Index: src/validation.cpp
IDEA additional info:
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
<+>UTF-8
===================================================================
diff --git a/src/validation.cpp b/src/validation.cpp
--- a/src/validation.cpp (revision ba80f2bb12c1431888b695632ccc52155c40a953)
+++ b/src/validation.cpp (revision b4c7e40ccb993c1676b22251aaed95df1f06e4c5)
@@ -380,6 +380,11 @@
return state.DoS(10, error("%s : Shielded transactions are temporarily disabled for maintenance",
__func__), REJECT_INVALID, "bad-tx-sapling-maintenance");
+ // Quorum commitment only allowed inside blocks
+ if (tx.IsQuorumCommitmentTx()) {
+ return state.DoS(100, false, REJECT_INVALID, "qc-not-allowed");
+ }
+
const CChainParams& params = Params();
const Consensus::Params& consensus = params.GetConsensus();
int chainHeight = chainActive.Height();
We should continue adding tests for this stuff.
Author
|
Yeah had a commit for that in another branch (random-zebra@f1032a8)... can pick it here. |
|
Great. No problem, we can move forward with this one and push that small thing in a follow-up PR. I have been working on extending the quorum final commitment test coverage further here furszy@c322f4c. Covering the following invalid paths:
And a valid path:
.. |
furszy
added a commit
that referenced
this pull request
Dec 30, 2021
11a1b24 QA: qfc_invalid_paths: add missing lock and check mempool reject reason (random-zebra) dadae56 test: add test coverage for qfc invalid paths (furszy) 81bd881 Refactor: move rejection of in-block-only txes to the top of ATMPworker (random-zebra) f360370 [Consensus] Don't accept LLMQCOMM txes in the mempool (random-zebra) Pull request description: As per title (and discussion here: #2607 (comment)) do not accept quorum commitment txes in the mempool. Add test coverage. ACKs for top commit: furszy: obviously tested ACK 11a1b24 Fuzzbawls: ACK 11a1b24 Tree-SHA512: 41ddc6130f6e31a7c0710e4a52876137f776f84bf8819450ce4abf494c3d48faf2e46262a9a438ab81fbbf899bff2401ff7b511e175ff0c161bab06474dc87ca
furszy
added a commit
that referenced
this pull request
Jan 5, 2022
…ization state 3e05c82 [TierTwo] Request missing mnw signer during initial sync (random-zebra) 0ad6cd8 TierTwoSyncState: make every getter function const. (furszy) c63d51c TierTwo: Do not lock g_best_block_mutex too often, only update chain sync status every 30 seconds. (furszy) e90e27d Fix several compiler warning. (furszy) 1eb58ea Clean corrected masternode-sync circular dependencies. (furszy) 7e2f332 masternodesync: move seen maps to tiertwo_sync_state class and remove most of the masternode-sync dependencies. (furszy) f29f9af [Refactoring] Unify AddedMasternode* functions (random-zebra) c1091ab masternodesync: move sync asset phase to tiertwo_sync_state class. (furszy) ca03c76 mnsync: decouple IsBlockchainSync into a publicly available g_tiertwo_sync_state class which only stores the final value. (furszy) 8ac4d91 mnsync: move sync reset due an hibernation client to CMasternodeSync::Process function. (furszy) Pull request description: Work decoupled from #2647 which has grew a lot lately. So it can get reviewed and merged in parallel of #2607. Essentially have encapsulated the tier two synchronization status in a separate object which is only in charge of storing and retrieving the sync status members values in a synchronic manner. Under this new architecture, every manager/object that needs access to it can add a small dependency to the new `g_tiertwo_sync_state` object only (which has no other dependencies), without depending on the whole `masternodesSync` object (which is a bad name for the tier two sync manager, but.. renaming will come in another PR), which depends on every other tier two manager and lot other files. Plus, to not generate confusions, the `g_tiertwo_sync_state` members update are only, and exclusively, done by the tier two sync manager. Fixing in this way, at least (because there are surely more), the following problems: 1) Circular dependencies: * "activemasternode -> masternode-sync -> activemasternode". * "budget/budgetmanager -> masternode-sync -> budget/budgetmanager" * "masternode -> masternode-sync -> masternode" * "masternode-payments -> masternode-sync -> masternode-payments" * "masternode-sync -> validation -> masternode-sync" * "evo/deterministicmns -> masternode -> masternode-sync -> evo/deterministicmns" 2) Allow and guard concurrent access. (Prior to this work, the word "concurrency" was inexistent for this code). ACKs for top commit: random-zebra: ACK 3e05c82 again. Let's get this merged. Fuzzbawls: ACK 3e05c82 Tree-SHA512: 77bbf9542265139a726c3bedda9274a24e8ee64a2e69c53984cafa7cb226fb6b4d86d1b0d6923e79d126a98a1cddd0aac3ab0db2657acaea82781a2a2c3918e7
furszy
added a commit
that referenced
this pull request
Jan 19, 2022
…rk layer ac014fb RPC: document getpeerinfo quorum members values (furszy) b39f275 test: add coverage for regular peers disconnecting after receiving an authenticated connection. (furszy) 758e19f p2p: do not send MN connection flag and challenge in the version msg if the connection is not meant to be a DMN-to-DMN. (furszy) cb34b51 Define constants for MN metadata manager filename and magic string. (furszy) b1a9637 Speed up functional tests decreasing the regtest tierTwo chain sync check up to the minimum. (furszy) 693bff6 mn_net: store local DMN protxhash instead of access the activeMnManager object. (furszy) 6015d90 mnsync: decouple IsBlockchainSync into a publicly available g_tiertwo_sync_state class which only stores the final value. (furszy) 038191c net_mn: extract cs_main/Misbehaving from mnauth::ProcessMessage to net_processing. (furszy) a38fdf3 add -pushversion help message (furszy) de436d3 net_processing: add missing return to the process verack msg flow. (furszy) 747f838 net_processing: try to update iqr member field if "qsendrecsigs" is received. (furszy) a2b478f net_mn: don't try to connect to ourselves. (furszy) 6b4d616 Node stats: add m_masternode_iqr_connection and m_masternode_probe_connection. (furszy) 13440cc net_mn: use string connection instead of addr to bypass the single IP conn requirement. (furszy) 72ef11d Test: add MN-to-MN, MN-to-quorum, MN-to-relay_members and probe MN connection test coverage (furszy) 80d7d6b bump protocol version to 70925 (furszy) acefaa8 RPC: add verified DMN connection info to 'getpeerinfo' (furszy) 3897ae5 net_mn: cache MN quorum relay members + let them know that we are interested in plain LLMQ recovered signatures. (furszy) 1c16a2f protocol: introduce QSENDRECSIGS net message. (furszy) 01ba363 net_mn: decouple g_args from the MN networking sources. (furszy) 934dd8c net_mn: add single MN connection process. (furszy) 15d70e7 net_mn: connect MN probing connections functionality. (furszy) b5074b4 net_mn: add MN probe connection workflow. (furszy) a0ef04e rpc: use snake_case for 'protx_list' verbose response json keys. (furszy) 4aa7bfd rpc: add MN meta info to the 'protx_list' verbose response. (furszy) 12bd6a3 net_mn: add mn-only connections cleanup process (furszy) 026ec74 net: if we are a MN, don't accept incoming connections until the node is fully synced. (furszy) e7e44f1 net_mn: protect verified MN connections from eviction + don't try to connect to already connected MNs. (furszy) cfa0238 net: introduce and connect MN authentication workflow. (furszy) e7c8892 net_mn: implement and connect new tier two connections manager. (furszy) 26a3cf5 net: introduce masternode-only connections. (furszy) 711b874 Introduce masternode net metadata manager (furszy) c724137 Introduce generic flatdb implementation (furszy) Pull request description: Built on top of #2607, #2632 and #2639. Focused on implementing the Masternode quorums network communication layer. This layer is in charge of: 1) Open MN-to-MN, MN-to-Quorum, MN-to-MN_iqr (intra-quorum relay) and MN-to-MN-probe connections. 2) Implement a challenge-based connection authentication for MNs (new network message `mnauth` introduced). 3) Cache and store MN connections metadata such as the last successful connection time and the last connection attempt time. 4) Protect verified MN connections from eviction while they are part of the active quorum. 5) Send interest in plain LLMQ recovered sigs (`QSENDRECSIGS` net message). Plus, added a new functional test `p2p_quorum_connect.py` which basically verifies the proper functioning of most of this points (except the eviction process). And finally, bumped the protocol version to 70925 so peers can know to whom they can, or not, send the new p2p messages. ACKs for top commit: random-zebra: utACK ac014fb Fuzzbawls: ACK ac014fb Tree-SHA512: 16af1e43ee8f225968accbfa9c628eead9e61f7c9ff656b205f3c936ccc6e4df205940ff756c807ad507942605bb9ff0c5d97b458af798b12311b6bfd9f49c1a
random-zebra
added a commit
that referenced
this pull request
Feb 16, 2022
f8a7dd8 [Trivial] Log quorum public keys using bech encoding (random-zebra) cb8fc38 DKG: avoid extra member lookup. (furszy) bf11238 QA: Implement tiertwo_dkg_errors functional test (random-zebra) 2e1d0c9 QA: fine grained control over expected messages in wait_for_dkg_phase (random-zebra) f5d1940 Don't lie to yourself :) (Alexander Block) b0b8f23 RPC: Implement quorumdkgsimerror command (random-zebra) 375b0dc RPC/Utils: add utility to parse UniValue arg as floating-point double (random-zebra) 57eb2a4 [Cleanup] Drop unused hash argument in CDKGSession::PreVerifyMessage (random-zebra) 25fe8d7 [Validation] Verify qfc in CDKGSession::FinalizeCommitments (random-zebra) 76497b7 Refactor: fix compiler warnings (random-zebra) 3ff7366 [Refactoring] Fix thread handling in CDKGSessionManager/Handler (xdustinface) 3588ead QA: Unify dmn setup code into test_framework (random-zebra) 79af97b Trivial: fix signed-unsigned comparisons in quorums_dkgsession (random-zebra) 2dbfa19 QA: add missing average durations and re-sort test_runner lists (random-zebra) 6280cc0 QA: Add tiertwo_dkg_pose functional test (random-zebra) e993a7a Params: speed-up llmq_test (random-zebra) 839f14d P2P: Ensure intra-quorum connections and only relay to members (random-zebra) 87e962a RPC: Implement getquorummembers command (random-zebra) 29a9554 RPC: Implement getminedcommitment command (random-zebra) ad874ba Refactor: remove net_processing dependency in quorums_dkgsessionmgr (random-zebra) aae961c RPC: Implement quorumdkgstatus command (random-zebra) 8341489 QA: fix cs_main-lock for chainActive in deterministicmns_tests (random-zebra) 310c515 [TierTwo] Implement Quorums debug class (random-zebra) e593cf5 [Trivial] Prefix all bls/quorum threads with pivx (random-zebra) bd83342 Implement LLMQ DKG (Alexander Block) 50df807 [Net] Introduce NetMsgType for inter-quorum communication messages (random-zebra) 5c923cf [Refactoring] ActiveMasternode: get proTxHash and pointer to op key (random-zebra) a99bdd8 [Utils] Add tiny header-only timer class (random-zebra) 90dd6ed [Utils] Introduce CBatchedLogger (random-zebra) 13b5c1b [Rand] Implement GetRandBool with rate (random-zebra) 9c0be19 Cleanup: Remove unused log categories (random-zebra) 918467b QA: Fix random timeout failures in p2p_quorum_connect functional test (random-zebra) 7dc448f net_mn: test regular connection refresh after selecting peer as quorum member (furszy) 70642d8 Net: refresh DMN connections when they are selected as quorum members (random-zebra) Pull request description: This PR continues the work started with #2607 and #2647, implementing the distributed key generation protocol. As outlined in [DIP 6](https://github.com/dashpay/dips/blob/master/dip-0006.md), this is a decentralized BLS M-of-N threshold scheme, based on Shamir's Secrete Sharing, and it consists in 7 phases: 1. **Initialization**: the members of the new quorum are determined. 2. **Contribution**: each member generates his own contribution (verification vector and secret key-contribution) and receives/validates the contributions of all other members. 3. **Complaining**: each member sends a complaint message with information about missing/invalid contributions in the previous phase, and receives/validates the complaint messages of all other members. 4. **Justification**: each member that was previously complained about can justify for a valid contribution. 5. **Commitment**: the members create their own threshold secret key share from the secret key-contributions received and build the quorum verification vector. Then each member relays a premature commitment message containing the quorum public key, the hash of the verification vector, and a bitset of the valid members. 6. **Finalization**: each member collects the premature commitments received by all other (valid) members, aggregate them into a "final commitment", and relay it to all the nodes of the network (including non-masternodes). 7. **Mining**: miners receive the final commitment message, build a `LLMQComm` special transaction, and mine a block with it. The 7-th phase has been already introduced in #2607. The communication between the participants of the DKG (phases 1 to 6) is supported by the following new P2P message types (which are exchanged only between the quorum members): - `qcontrib` - `qcomplaint` - `qjustify` - `qpcommit` Sessions of the DKG are implemented in the `CDKGSession` class and the flow of message calls is identical for all phases: - create/send own message - pre-verify incoming messages - collect preverified messages and perform batched BLS signature verification - call `ReceiveMessage`, which does additional validation Sessions are owned and called by `CDKGSessionHandler`, which manages multiple sequential sessions of one specific LLMQ type (there is one instance of this class per LLMQ type). It is responsible for starting the phase handler thread which constantly loops, processing the received messages, calling the required function for the current phase (`CDKGSession::Contribute`, `CDKGSession::VerifyAndComplain`, `CDKGSession::VerifyAndJustify`, `CDKGSession::VerifyAndCommit`), and waiting for the next one if needed. A global `CDKGSessionManager` object keeps track of of all session handlers. New functional tests are introduced to check the status (messages sent and received) of the nodes during the phases of the DKG (`CDKGDebugSessionStatus` accessed via `quorumdkgstatus` RPC) and to verify the DKG effectiveness as proof-of-service (non participating nodes get eventually "PoSe banned"). ACKs for top commit: furszy: rebase utACK f8a7dd8 Tree-SHA512: a10223718caacbf67de67d70f9aeeea6ab91a584dd3b7c65f283f5e5c72a2ca15b1a1d380691128584805bc50237870f60ecc81acaa8698a273c20fba61b1e48
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR lays the groundwork for the implementation of DIP6.
Here we introduce the concept of "quorum final commitment", which is the result of a DKG round.
This object is serialized and relayed to the network via a new message,
qfcommit. Then, it is mined on chain as payload of a new type of special transaction,LLMQCommtx (which is the last phase of the DKG protocol).With this, it is possible to implement (and test) the masternode proof-of-service, based on the DKG participation.
Intra-quorum communication and signing sessions will be part of future pull requests.