From 397665a712a735b8ba9fe62ee6ab030b6598d3ab Mon Sep 17 00:00:00 2001 From: nikkolasg Date: Tue, 1 Sep 2020 18:03:57 +0100 Subject: [PATCH 1/2] adding info on outage behavior --- content/vm/_index.md | 46 ++++++++++++++++++++++++++++++++++++-------- 1 file changed, 38 insertions(+), 8 deletions(-) diff --git a/content/vm/_index.md b/content/vm/_index.md index eb832ecab..7d867259e 100644 --- a/content/vm/_index.md +++ b/content/vm/_index.md @@ -139,9 +139,14 @@ There are two source of randomness in Filecoin: Random Beacon, Tickets. #### Sources ##### Beacon Randomness -The *Beacon Randomness* is generated by an external *Random Beacon* called drand and emits randomness at each Filecoin epoch, and miners use this randomness in order to mine blocks and must include it in their mined blocks. -The *Beacon Randomness* is used to seed randomness generation for values that need to be unbiasable or unpredictable (e.g. to generate challenges for Proof-of-SpaceTime). +The *Beacon Randomness* is generated by an external *Random Beacon* called drand +and emits randomness at each Filecoin epoch, and miners use this randomness in +order to mine blocks and must include it in their mined blocks. + +The *Beacon Randomness* is used to seed randomness generation for values that +need to be unbiasable or unpredictable (e.g. to generate challenges for +Proof-of-SpaceTime). Properties: @@ -149,17 +154,43 @@ Properties: - Randomness cannot be biased. - Randomness of an epoch is the same across forks. +**Mapping between filecoin epoch and drand epoch**: the beacon outputs +randomness periodically at predetermined timestamps, as Filecoin. Hence there is +a mapping between Filecoin timestamps/rounds and the beacon timestamps/rounds. +To be able to create a block, a miner takes the beacon randomness that +corresponds to the timestamp _before_ the timestamp of block since the miner +must broadcast the block at the timestamp indicated in its header. + ###### Randomn Beacon Outages -A Random Beacon outage is a period in which the Random Beacon is not available to nodes in the network; it could be caused by software bugs, network partitions and other attacks. +A Random Beacon outage is a period in which the Random Beacon is not available +to nodes in the network; it could be caused by software bugs, network partitions +and other attacks. + +During an outage Filecoin cannot generate new blocks, since the Random Beacon +provides the randomness that for generating election proofs. After an outage, +the Random Beacon used by Filecoin will go in a catch-up mode. -During an outage Filecoin cannot generate new blocks, since the Random Beacon provides the randomness that for generating election proofs. After an outage, the Random Beacon used by Filecoin will go in a catch-up mode. +During catchu-up, the Random Beacon will restart to emit the randomness from the +last emitted round and it will emit it the randomness at a faster pace until it +has finally caught up; Filecoin miners will be generating blocks as soon as new +randomness is released. -During catchu-up, the Random Beacon will restart to emit the randomness from the last emitted round and it will emit it the randomness at a faster pace until it has finally caught up; Filecoin miners will be generating blocks as soon as new randomness is released. +The catch-up round time is chosen such that blocks can be propagated to a large +portion of the network and proofs can be generated and successfully submitted to +the blockchain. -The catch-up round time is chosen such that blocks can be propagated to a large portion of the network and proofs can be generated and successfully submitted to the blockchain. +The default behavior for miners during catch-up time is to create blocks with a +timestamp in the past and the corresponding drand value. However the rate is +faster than usual. During catchup, as soon as a drand value is outputted by the +network (every 15s instead of 30s under normal conditions), miners try to mine +and include the drand value in their block if they are eligible. Note a miner +can decide to skip a block and inject two drand values in one block for example, +however, that is a fork and it is highly likely that its chain has a lower +weight than the main chain. ##### Ticket Randomness + The *Ticket Randomness* is generated by miners when winning blocks by computing a VRF on the previous ticket and the current drand randomness. The ticket of a tipset is the smallest ticket across blocks in that tipset. The *Ticket Randomness* is used to tie values to a specific fork (e.g. to tie sealed sector to a chain). @@ -189,8 +220,7 @@ Filecoin uses the randomness sources to generate randomness that is used across ##### ElectionProofProduction Input to the VRF computation that generates an election proof. -Seeded with Beacon randomness at the election epoch. - +Seeded with Beacon randomness at the election epoch minus one. ##### InteractiveSealChallengeSeed Seed for challenge generation for proving and verifying `miner.ProveCommitSector` messages. From aab4ae21d87b65ed1f238e74c908bb20c86a51ec Mon Sep 17 00:00:00 2001 From: nikkolasg Date: Tue, 1 Sep 2020 18:16:13 +0100 Subject: [PATCH 2/2] explaining possibility of miner during catchup --- content/vm/_index.md | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/content/vm/_index.md b/content/vm/_index.md index 7d867259e..c2add8c1e 100644 --- a/content/vm/_index.md +++ b/content/vm/_index.md @@ -154,12 +154,18 @@ Properties: - Randomness cannot be biased. - Randomness of an epoch is the same across forks. -**Mapping between filecoin epoch and drand epoch**: the beacon outputs -randomness periodically at predetermined timestamps, as Filecoin. Hence there is -a mapping between Filecoin timestamps/rounds and the beacon timestamps/rounds. -To be able to create a block, a miner takes the beacon randomness that -corresponds to the timestamp _before_ the timestamp of block since the miner -must broadcast the block at the timestamp indicated in its header. +###### Mapping between filecoin epoch and drand epoch + +The beacon outputs randomness periodically at predetermined timestamps, as +Filecoin. Hence there is a mapping between Filecoin timestamps/rounds and the +beacon timestamps/rounds. To be able to create a block, a miner takes the +beacon randomness that corresponds to the timestamp _before_ the timestamp of +block since the miner must broadcast the block at the timestamp indicated in its +header. + +That means in practice, a miner mine as soon as they have the drand value even +before the previous round finished, but blocks with timestamp in the future are +rejected so the malicious miner can not broadcast this block. ###### Randomn Beacon Outages @@ -189,6 +195,12 @@ can decide to skip a block and inject two drand values in one block for example, however, that is a fork and it is highly likely that its chain has a lower weight than the main chain. +During catchup, a malicious miner can mine one block in advance with respect to +the honest miners. Since the timestamp is already in the past, he could +broadcast it already. Therefore, the attacker can have a 1 block advantage but +given the rate of the catchup allows for transactions and block propagation to +happen, the attacker risks to have a lower chain as well. + ##### Ticket Randomness The *Ticket Randomness* is generated by miners when winning blocks by computing a VRF on the previous ticket and the current drand randomness. The ticket of a tipset is the smallest ticket across blocks in that tipset.