feat: verify the range of the namespace IDs of the children in the HashNode

[staheri14]

Overview

This PR closes #95.
Inline with celestiaorg/celestia-app#1296.

The implementation of this pull request does not exactly follow the original suggestion in the LazyLedge paper. Specifically, it does not treat leftMaxNs = rightMinNs as a violation of leaf ordering. The reason for this is that a namespace may span across multiple subtrees.
cc: @liamsi

Quoting from the article:

An adversarial consensus node may attempt to produce a block that contains a Merkle tree with children that are not ordered correctly. To prevent this, we can set a condition in nsHash such that there is no valid hash when leftMaxNs ≥ rightMinNs, and thus there would be no valid Merkle root for incorrectly ordered children

Checklist

• New and updated code has appropriate documentation
• New and updated code has new and/or updated testing
• Required CI checks are passing
• Visual proof for any user facing features like CLI or documentation updates
• Linked issues closed with keywords

[codecov]

Codecov Report

Merging #102 (e81c6ca) into master (1bc0bb0) will increase coverage by 0.05%.
The diff coverage is 100.00%.

@@            Coverage Diff             @@
##           master     #102      +/-   ##
==========================================
+ Coverage   96.21%   96.27%   +0.05%     
==========================================
  Files           6        6              
  Lines         423      429       +6     
==========================================
+ Hits          407      413       +6     
  Misses         10       10              
  Partials        6        6              

Impacted Files	Coverage Δ
hasher.go	96.05% <100.00%> (+0.33%)	⬆️

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

[staheri14]

This test case is deleted as this represents an invalid state given the newly added logic i.e., the max namespace of the right child cannot be greater than the min namespace of the right child.

[evan-forbes]

one question, otherwise LGTM!

[evan-forbes]

would panicking here mean that someone could send a light node an invalid proof or sample and their node would crash?

[staheri14]

As you mentioned, the HashNode method may only fail in the event of an attack on the system. However, it is important to note that the method was previously susceptible to panic, even prior to this pull request. For example, panic can occur while extracting the namespace identifier of the left or right children if they are not namespaced (i.e., if their length is less than NamespaceLen). It is not possible to return an error from this method without violating the interfaces it is intended to fulfill, namely NodeHasher and hash.
At this time, it may be better to allow the light client to crash rather than enter an invalid state.

I will investigate the implementation of proper error handling in the HashNode method, including handling other potential errors beyond just the namespace ID range, in a follow-up pull request. As this has a broad scope, it requires careful attention and consideration during implementation.
Tracking issue #109

[liamsi]

Hmm, I think when this was implemented, we might have panic'ed bc it was supposed to be impossible to construct an invalid tree. But it is good thinking that someone might do so to crash light nodes and I do think we should error instead.

edit: I see. The Hash interface was another reason. Either we make it impossible client side that this panics (e.g. by doing some verification before calling this; then this should be very explicitly documented) or we have to break with the iface.

[liamsi]

For the sake of getting this PR merged: can we add this property/panic to the godoc? So the caller has a hint that verification has to happen before to not cause unexpected panics?

[staheri14]

For the sake of getting this PR merged: can we add this property/panic to the godoc? So the caller has a hint that verification has to happen before to not cause unexpected panics?

Sure! please check the following commit e7415b7

[liamsi]

Specifically, it does not treat leftMaxNs = rightMinNs as a violation of leaf ordering. The reason for this is that a namespace may span across multiple subtrees.

I see. That makes sense. Maybe @musalbas wants to update that case in the paper too.

[evan-forbes]

👍 👍

we might also want to handle #109 before we cut a new release to avoid any unintentional panics

[staheri14]

👍 👍

we might also want to handle #109 before we cut a new release to avoid any unintentional panics

Sure @evan-forbes, I am on it!

[staheri14]

@liamsi I'd appreciate if you could please take another look and let me know if further updates are required on the PR before merging. Thanks!

[liamsi]

🙏🏼