diff --git a/docs/website/versioned_docs/version-maintained/manual/develop/nodes/mithril-aggregator.md b/docs/website/versioned_docs/version-maintained/manual/develop/nodes/mithril-aggregator.md index bd7270716d6..01dfbb45c3d 100644 --- a/docs/website/versioned_docs/version-maintained/manual/develop/nodes/mithril-aggregator.md +++ b/docs/website/versioned_docs/version-maintained/manual/develop/nodes/mithril-aggregator.md @@ -259,6 +259,7 @@ Usage: mithril-aggregator era Commands: list Era list command generate-tx-datum Era tx datum generate command + generate-keypair Era keypair generation command help Print this message or the help of the given subcommand(s) Options: @@ -401,6 +402,7 @@ Here are the available subcommands: | **genesis generate-keypair** | Generates a genesis keypair | | **era list** | Lists the supported eras | | **era generate-tx-datum** | Generates the era markers transaction datum to be stored on-chain | +| **era generate-keypair** | Generates an era keypair | | **tools recompute-certificates-hash** | Loads all certificates in the database, recomputing their hash, and updating all related entities | ## Configuration parameters @@ -434,6 +436,7 @@ Here is a list of the available parameters: | ---------------------------------------------------------------- | ------------------------------------------------------------------ | :------------------: | --------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------- | ----------------------------------------------------------------------------- | :---------------------------------------------: | | `server_ip` | `--server-ip` | - | `SERVER_IP` | Listening server IP | `0.0.0.0` | - | :heavy_check_mark: | | `server_port` | `--server-port` | - | `SERVER_PORT` | Listening server port | `8080` | - | :heavy_check_mark: | +| `public_server_url` | - | - | `PUBLIC_SERVER_URL` | Public URL of the aggregator | - | `https://aggregator.release-mainnet.api.mithril.network/aggregator` | - | | `snapshot_directory` | `--snapshot-directory` | - | `SNAPSHOT_DIRECTORY` | Directory to store local snapshots of the **Cardano node** | `.` | - | :heavy_check_mark: | | `snapshot_store_type` | - | - | `SNAPSHOT_STORE_TYPE` | Type of snapshot store to use | - | `gcp` or `local` | :heavy_check_mark: | | `snapshot_uploader_type` | - | - | `SNAPSHOT_UPLOADER_TYPE` | Type of snapshot uploader to use | - | `gcp` or `local` | :heavy_check_mark: | @@ -505,4 +508,10 @@ Here is a list of the available parameters: | `era_markers_secret_key` | `--era-markers-secret-key` | - | `ERA_MARKERS_SECRET_KEY` | Era markers secret key that is used to verify the authenticity of the era markers on the chain. | - | - | :heavy_check_mark: | | `target_path` | `--target-path` | - | - | Path of the file to export the payload to. | - | - | - | +`era generate-keypair` command: + +| Parameter | Command line (long) | Command line (short) | Environment variable | Description | Default value | Example | Mandatory | +| ------------- | ------------------- | :------------------: | -------------------- | ------------------------------------- | ------------- | ------- | :----------------: | +| `target_path` | `--target-path` | - | - | Target path for the generated keypair | - | - | :heavy_check_mark: | + The `tools recompute-certificates-hash` command has no dedicated parameters. diff --git a/docs/website/versioned_docs/version-maintained/manual/develop/run-mithril-devnet.md b/docs/website/versioned_docs/version-maintained/manual/develop/run-mithril-devnet.md index 784bd964c11..61ae3934882 100644 --- a/docs/website/versioned_docs/version-maintained/manual/develop/run-mithril-devnet.md +++ b/docs/website/versioned_docs/version-maintained/manual/develop/run-mithril-devnet.md @@ -107,7 +107,7 @@ You should see the following information displayed: >> Artifacts Directory[env::ARTIFACTS_DIR]: artifacts >> Cardano Full nodes [env::NUM_FULL_NODES]: 1 >> Cardano SPO nodes [env::NUM_POOL_NODES]: 2 ->> Cardano Node Version [env::CARDANO_NODE_VERSION]: 10.1.3 +>> Cardano Node Version [env::CARDANO_NODE_VERSION]: 10.1.4 >> Cardano Network Magic [env::NETWORK_MAGIC]: 42 >> Cardano Hard Fork Babbage At Epoch [env::HARD_FORK_BABBAGE_AT_EPOCH]: 0 >> Cardano Hard Fork Conway At Epoch [env::HARD_FORK_CONWAY_AT_EPOCH]: 0 @@ -126,7 +126,7 @@ generated genesis with: 3 genesis keys, 2 non-delegating UTxO keys, 2 stake pool >> Start Cardano network cardano-cli 10.1.1.0 - linux-x86_64 - ghc-8.10 git rev 01bda2e2cb0a70cd95067d696dbb44665f1d680a -cardano-node 10.1.3 - linux-x86_64 - ghc-8.10 +cardano-node 10.1.4 - linux-x86_64 - ghc-8.10 git rev 01bda2e2cb0a70cd95067d696dbb44665f1d680a >> Starting Cardano node 'node-full1' >> Starting Cardano node 'node-pool1' @@ -191,7 +191,7 @@ Signer 2 pool1y3pxhtqytcwy3mmnawqf2ej0x9sz5frkkwkz6scfqmzyyw8u38v Certified Po >> Bootstrap the Genesis certificate {"msg":"Started","v":0,"name":"mithril-aggregator","level":20,"time":"2024-11-14T10:29:07.953666896Z","hostname":"c993b6b764f2","pid":1,"node_version":"0.5.110+e2fa1e0","run_mode":"dev"} {Genesis bootstrap for test only! -"msg":"BOOTSTRAP GENESIS command","v":0,"name":"mithril-aggregator","level":20,"time":"2024-11-14T10:29:07.95394937Z","hostname":"c993b6b764f2","pid":1,"config":"Configuration { environment: Production, cardano_cli_path: \"/app/bin/cardano-cli\", cardano_node_socket_path: \"/data/ipc/node.sock\", cardano_node_version: \"10.1.3\", network_magic: Some(42), network: \"devnet\", chain_observer_type: Pallas, protocol_parameters: ProtocolParameters { k: 5, m: 100, phi_f: 0.65 }, snapshot_uploader_type: Local, snapshot_bucket_name: None, snapshot_use_cdn_domain: false, server_ip: \"0.0.0.0\", server_port: 8080, run_interval: 1000, db_directory: \"/data/db\", snapshot_directory: \".\", data_stores_directory: \"/data/mithril/aggregator/stores\", genesis_verification_key: \"5b33322c3235332c3138362c3230312c3137372c31312c3131372c3133352c3138372c3136372c3138312c3138382c32322c35392c3230362c3130352c3233312c3135302c3231352c33302c37382c3231322c37362c31362c3235322c3138302c37322c3133342c3133372c3234372c3136312c36385d\", reset_digests_cache: false, disable_digests_cache: false, store_retention_limit: None, era_reader_adapter_type: Bootstrap, era_reader_adapter_params: None, signed_entity_types: None, snapshot_compression_algorithm: Zstandard, zstandard_parameters: None, cexplorer_pools_url: None, signer_importer_run_interval: 720, allow_unparsable_block: false, cardano_transactions_prover_cache_pool_size: 10, cardano_transactions_database_connection_pool_size: 10, cardano_transactions_signing_config: CardanoTransactionsSigningConfig { security_parameter: BlockNumber(3000), step: BlockNumber(120) }, cardano_transactions_prover_max_hashes_allowed_by_request: 100, cardano_transactions_block_streamer_max_roll_forwards_per_poll: 10000, enable_metrics_server: false, metrics_server_ip: \"0.0.0.0\", metrics_server_port: 9090, persist_usage_report_interval_in_seconds: 10 }"} +"msg":"BOOTSTRAP GENESIS command","v":0,"name":"mithril-aggregator","level":20,"time":"2024-11-14T10:29:07.95394937Z","hostname":"c993b6b764f2","pid":1,"config":"Configuration { environment: Production, cardano_cli_path: \"/app/bin/cardano-cli\", cardano_node_socket_path: \"/data/ipc/node.sock\", cardano_node_version: \"10.1.4\", network_magic: Some(42), network: \"devnet\", chain_observer_type: Pallas, protocol_parameters: ProtocolParameters { k: 5, m: 100, phi_f: 0.65 }, snapshot_uploader_type: Local, snapshot_bucket_name: None, snapshot_use_cdn_domain: false, server_ip: \"0.0.0.0\", server_port: 8080, run_interval: 1000, db_directory: \"/data/db\", snapshot_directory: \".\", data_stores_directory: \"/data/mithril/aggregator/stores\", genesis_verification_key: \"5b33322c3235332c3138362c3230312c3137372c31312c3131372c3133352c3138372c3136372c3138312c3138382c32322c35392c3230362c3130352c3233312c3135302c3231352c33302c37382c3231322c37362c31362c3235322c3138302c37322c3133342c3133372c3234372c3136312c36385d\", reset_digests_cache: false, disable_digests_cache: false, store_retention_limit: None, era_reader_adapter_type: Bootstrap, era_reader_adapter_params: None, signed_entity_types: None, snapshot_compression_algorithm: Zstandard, zstandard_parameters: None, cexplorer_pools_url: None, signer_importer_run_interval: 720, allow_unparsable_block: false, cardano_transactions_prover_cache_pool_size: 10, cardano_transactions_database_connection_pool_size: 10, cardano_transactions_signing_config: CardanoTransactionsSigningConfig { security_parameter: BlockNumber(3000), step: BlockNumber(120) }, cardano_transactions_prover_max_hashes_allowed_by_request: 100, cardano_transactions_block_streamer_max_roll_forwards_per_poll: 10000, enable_metrics_server: false, metrics_server_ip: \"0.0.0.0\", metrics_server_port: 9090, persist_usage_report_interval_in_seconds: 10 }"} {"msg":"Opening SQLite connection","v":0,"name":"mithril-aggregator","level":20,"time":"2024-11-14T10:29:07.954098066Z","hostname":"c993b6b764f2","pid":1,"src":"ConnectionBuilder","path":"/data/mithril/aggregator/stores/aggregator.sqlite3"} {"msg":"Enabling SQLite Write Ahead Log journal mode","v":0,"name":"mithril-aggregator","level":20,"time":"2024-11-14T10:29:07.954185725Z","hostname":"c993b6b764f2","pid":1,"src":"ConnectionBuilder"} {"msg":"Enabling SQLite foreign key support","v":0,"name":"mithril-aggregator","level":20,"time":"2024-11-14T10:29:07.954483371Z","hostname":"c993b6b764f2","pid":1,"src":"ConnectionBuilder"} @@ -334,7 +334,7 @@ The networks will be queried every second and will display: "http://0.0.0.0:8080/aggregator/artifact/snapshot/4c7b06dd2bef1416391b92a46dae7d2f606ced2954b628f844b021ba5b52b15f/download" ], "compression_algorithm": "zstandard", - "cardano_node_version": "10.1.3" + "cardano_node_version": "10.1.4" }, { "digest": "b98b25f505401e967df1012a4c13385290db15d157d0292e9f8290bd9933a66e", @@ -351,7 +351,7 @@ The networks will be queried every second and will display: "http://0.0.0.0:8080/aggregator/artifact/snapshot/b98b25f505401e967df1012a4c13385290db15d157d0292e9f8290bd9933a66e/download" ], "compression_algorithm": "zstandard", - "cardano_node_version": "10.1.3" + "cardano_node_version": "10.1.4" } ] @@ -566,7 +566,7 @@ You will see more information about the snapshot: +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Size | 2323485648 | +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| Cardano node version | 10.1.3 | +| Cardano node version | 10.1.4 | +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Location | https://storage.googleapis.com/cdn.aggregator.testing-preview.api.mithril.network/preview-e539-i10787.db5f50a060d4b813125c4263b700ecc96e5d8c8710f0430e5c80d2f0fa79b667.tar.zst | +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ @@ -594,9 +594,9 @@ You will see that the certificate chain is validated to ensure the issued certif 5/5 - Verifying the cardano db signature… Cardano db 'db5f50a060d4b813125c4263b700ecc96e5d8c8710f0430e5c80d2f0fa79b667' has been unpacked and successfully checked against Mithril multi-signature contained in the certificate. - Files in the directory '/home/mithril/data/testnet/db5f50a060d4b813125c4263b700ecc96e5d8c8710f0430e5c80d2f0fa79b667/db' can be used to run a Cardano node with version >= 10.1.3. + Files in the directory '/home/mithril/data/testnet/db5f50a060d4b813125c4263b700ecc96e5d8c8710f0430e5c80d2f0fa79b667/db' can be used to run a Cardano node with version >= 10.1.4. If you are using Cardano Docker image, you can restore a Cardano Node with: - docker run -v cardano-node-ipc:/ipc -v cardano-node-data:/data --mount type=bind,source="/home/mithril/data/testnet/db5f50a060d4b813125c4263b700ecc96e5d8c8710f0430e5c80d2f0fa79b667/db",target=/data/db/ -e NETWORK=preview ghcr.io/intersectmbo/cardano-node:10.1.3 + docker run -v cardano-node-ipc:/ipc -v cardano-node-data:/data --mount type=bind,source="/home/mithril/data/testnet/db5f50a060d4b813125c4263b700ecc96e5d8c8710f0430e5c80d2f0fa79b667/db",target=/data/db/ -e NETWORK=preview ghcr.io/intersectmbo/cardano-node:10.1.4 ``` diff --git a/docs/website/versioned_docs/version-maintained/manual/getting-started/bootstrap-cardano-node.md b/docs/website/versioned_docs/version-maintained/manual/getting-started/bootstrap-cardano-node.md index 190b7cd2a4d..1cc7832ba93 100644 --- a/docs/website/versioned_docs/version-maintained/manual/getting-started/bootstrap-cardano-node.md +++ b/docs/website/versioned_docs/version-maintained/manual/getting-started/bootstrap-cardano-node.md @@ -429,7 +429,7 @@ You will see more information about the snapshot: +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Size | 2323485648 | +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| Cardano node version | 10.1.3 | +| Cardano node version | 10.1.4 | +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Location | https://storage.googleapis.com/cdn.aggregator.testing-preview.api.mithril.network/preview-e539-i10787.db5f50a060d4b813125c4263b700ecc96e5d8c8710f0430e5c80d2f0fa79b667.tar.zst | +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ @@ -457,11 +457,11 @@ You will see that the selected snapshot archive has been downloaded locally unpa 5/5 - Verifying the cardano db signature… Cardano db 'db5f50a060d4b813125c4263b700ecc96e5d8c8710f0430e5c80d2f0fa79b667' has been unpacked and successfully checked against Mithril multi-signature contained in the certificate. - Files in the directory '/home/mithril/data/testnet/db5f50a060d4b813125c4263b700ecc96e5d8c8710f0430e5c80d2f0fa79b667/db' can be used to run a Cardano node with version >= 10.1.3. + Files in the directory '/home/mithril/data/testnet/db5f50a060d4b813125c4263b700ecc96e5d8c8710f0430e5c80d2f0fa79b667/db' can be used to run a Cardano node with version >= 10.1.4. If you are using a Cardano Docker image, you can restore a Cardano node with: - docker run -v cardano-node-ipc:/ipc -v cardano-node-data:/data --mount type=bind,source="/home/mithril/data/testnet/db5f50a060d4b813125c4263b700ecc96e5d8c8710f0430e5c80d2f0fa79b667/db",target=/data/db/ -e NETWORK=preview ghcr.io/intersectmbo/cardano-node:10.1.3 + docker run -v cardano-node-ipc:/ipc -v cardano-node-data:/data --mount type=bind,source="/home/mithril/data/testnet/db5f50a060d4b813125c4263b700ecc96e5d8c8710f0430e5c80d2f0fa79b667/db",target=/data/db/ -e NETWORK=preview ghcr.io/intersectmbo/cardano-node:10.1.4 ``` ### Step 5: Launch a Cardano node from the restored Cardano DB snapshot @@ -469,7 +469,7 @@ Cardano db 'db5f50a060d4b813125c4263b700ecc96e5d8c8710f0430e5c80d2f0fa79b667' ha Launch an empty Cardano node and make it live in minutes! ```bash -docker run -v cardano-node-ipc:/ipc -v cardano-node-data:/data --mount type=bind,source="$(pwd)/data/testnet/$SNAPSHOT_DIGEST/db",target=/data/db/ -e NETWORK=$CARDANO_NETWORK ghcr.io/intersectmbo/cardano-node:10.1.3 +docker run -v cardano-node-ipc:/ipc -v cardano-node-data:/data --mount type=bind,source="$(pwd)/data/testnet/$SNAPSHOT_DIGEST/db",target=/data/db/ -e NETWORK=$CARDANO_NETWORK ghcr.io/intersectmbo/cardano-node:10.1.4 ``` You will see the Cardano node start by validating the files ingested from the snapshot archive. Then, it will synchronize with the other network nodes and start adding blocks: diff --git a/docs/website/versioned_docs/version-maintained/mithril/advanced/mithril-protocol/certificates.md b/docs/website/versioned_docs/version-maintained/mithril/advanced/mithril-protocol/certificates.md index b7216406bd6..92bfe35d2ec 100644 --- a/docs/website/versioned_docs/version-maintained/mithril/advanced/mithril-protocol/certificates.md +++ b/docs/website/versioned_docs/version-maintained/mithril/advanced/mithril-protocol/certificates.md @@ -37,7 +37,9 @@ Where the following notations have been used: - `VK(n)`: Verification key at epoch `n` - `AVK(n)`: Aggregrate verification key at epoch `n` such as `AVK(n) = MKT_ROOT(SD(n) || VK(n))` - `MKT_ROOT()`: Merkle-tree root -- `BEACON(p,n)`: Beacon at trigger `p` and epoch `n` +- `PPARAMS(n)`: Protocol parameters at epoch `n` +- `EPOCH(n)`: Epoch `n` +- `BEACON(p,n)`: Beacon at trigger `p` and epoch `n` (includes `EPOCH(n)`) - `METADATA(p,n)`: Metadata of the certificate at trigger `p` and epoch `n` - `MSG(p,n)`: Message of the certificate at trigger `p` and epoch `n` - `MULTI_SIG(p,n)`: Multi-signature created to the message `H(MSG(p,n) || AVK(n-1))` @@ -92,18 +94,23 @@ An implementation of the algorithm would work as follows for a certificate: - **Step 2**: Verify (or fail) that the `current_hash` of the `current_certificate` is valid by computing it and comparing it with the `hash` field of the certificate - **Step 3**: Get the `previous_hash` of the `previous_certificate` by reading its value in the `current_certificate` - **Step 4**: Verify (or fail) that the `multi_signature` of the `current_certificate` is valid -- **Step 5**: Retrieve the `previous_certificate` that has the hash `previous_hash`: - - **Step 5.1**: If it is not a `genesis_certificate`: - - **Step 5.1.1**: Verify (or fail) that the `previous_hash` of the `previous_certificate` is valid by computing it and comparing it with the `hash` field of the certificate: - - **Step 5.1.2**: Verify the `current_avk`: - - **Step 5.1.2.1**: If the `current_certificate` is the `first_certificate` of the epoch, verify (or fail) that the `current_avk` of the `current_certificate` is part of the message signed by the multi-signature of the `previous_certificate` - - **Step 5.1.2.2**: Else verify (or fail) that the `current_avk` of the `current_certificate` is the same as the `current_avk` of the `previous_certificate` - - **Step 5.1.3**: Verify (or fail) that the `multi_signature` of the `previous_certificate` is valid - - **Step 5.1.4**: Use the `previous_certificate` as `current_certificate` and start again at **Step 2** - - **Step 5.2**: If it is a `genesis_certificate`: - - **Step 5.2.1**: Verify (or fail) that the `previous_hash` of the `previous_certificate` is valid by computing it and comparing it with the `hash` field of the certificate - - **Step 5.2.2**: Verify (or fail) that the `current_avk` of the `current_certificate` is part of the message signed by the genesis signature of the `previous_certificate` - - **Step 5.2.3**: The certificate is valid (success). +- **Step 5**: Verify (or fail) that the `current_epoch` of the `current_certificate` is part of the message signed by the multi-signature of the `current_certificate` +- **Step 6**: Retrieve the `previous_certificate` that has the hash `previous_hash`: + - **Step 6.1**: If it is not a `genesis_certificate`: + - **Step 6.1.1**: Verify (or fail) that the `previous_hash` of the `previous_certificate` is valid by computing it and comparing it with the `hash` field of the certificate: + - **Step 6.1.2**: Verify the `current_avk`: + - **Step 6.1.2.1**: If the `current_certificate` is the `first_certificate` of the epoch + - **Step 6.1.2.1.1**: Verify (or fail) that the `current_avk` of the `current_certificate` is part of the message signed by the multi-signature of the `previous_certificate` + - **Step 6.1.2.1.2**: Verify (or fail) that the `current_protocol_parameters` of the `current_certificate` is part of the message signed by the multi-signature of the `previous_certificate` + - **Step 6.1.2.2**: Else verify (or fail) that the `current_avk` of the `current_certificate` is the same as the `current_avk` of the `previous_certificate` + - **Step 6.1.3**: Verify (or fail) that the `multi_signature` of the `previous_certificate` is valid + - **Step 6.1.4**: Use the `previous_certificate` as `current_certificate` and start again at **Step 2** + - **Step 6.2**: If it is a `genesis_certificate`: + - **Step 6.2.1**: Verify (or fail) that the `previous_hash` of the `previous_certificate` is valid by computing it and comparing it with the `hash` field of the certificate + - **Step 6.2.2**: Verify (or fail) that the `current_epoch` of the `previous_certificate` is part of the message signed by the genesis_certificate of the `previous_certificate` + - **Step 6.2.3**: Verify (or fail) that the `current_avk` of the `current_certificate` is part of the message signed by the genesis signature of the `previous_certificate` + - **Step 6.2.4**: Verify (or fail) that the `current_protocol_parameters` of the `current_certificate` is part of the message signed by the genesis signature of the `previous_certificate` + - **Step 6.2.5**: The certificate is valid (success). ## The coexistence of multiple certificate chains diff --git a/docs/website/versioned_docs/version-maintained/mithril/advanced/mithril-protocol/images/certificate-chain.jpg b/docs/website/versioned_docs/version-maintained/mithril/advanced/mithril-protocol/images/certificate-chain.jpg index 56ada5833c0..350619e7225 100644 Binary files a/docs/website/versioned_docs/version-maintained/mithril/advanced/mithril-protocol/images/certificate-chain.jpg and b/docs/website/versioned_docs/version-maintained/mithril/advanced/mithril-protocol/images/certificate-chain.jpg differ