Add proof generation to sequencer (#52)

* Add inclusion and consistency proof functionality to sequencer

* Remove check that checkpoint extensions are empty

* Move generic_log_worker/src/ctlog.rs to log_ops.rs

---------

Co-authored-by: Michael Rosenberg <mrosenberg@cloudflare.com>

Author: rozbb

crates/ct_worker/src/frontend_worker.rs

@@ -9,9 +9,9 @@ use crate::{load_signing_key, load_witness_key, LookupKey, SequenceMetadata, CON
 use config::TemporalInterval;
 use futures_util::future::try_join_all;
 use generic_log_worker::{
-    ctlog::UploadOptions, get_cached_metadata, get_durable_object_stub, init_logging,
-    load_cache_kv, load_public_bucket, put_cache_entry_metadata, ObjectBackend, ObjectBucket,
-    ENTRY_ENDPOINT, METRICS_ENDPOINT,
+    get_cached_metadata, get_durable_object_stub, init_logging, load_cache_kv, load_public_bucket,
+    log_ops::UploadOptions, put_cache_entry_metadata, ObjectBackend, ObjectBucket, ENTRY_ENDPOINT,
+    METRICS_ENDPOINT,
 };
 use log::{debug, info, warn};
 use p256::pkcs8::EncodePublicKey;

crates/generic_log_worker/src/lib.rs

@@ -5,7 +5,7 @@ use base64::prelude::BASE64_STANDARD;
 use base64::Engine;
 
 pub mod batcher_do;
-pub mod ctlog;
+pub mod log_ops;
 mod metrics;
 pub mod sequencer_do;
 pub mod util;
@@ -14,8 +14,8 @@ pub use batcher_do::*;
 pub use sequencer_do::*;
 
 use byteorder::{BigEndian, WriteBytesExt};
-use ctlog::UploadOptions;
 use log::Level;
+use log_ops::UploadOptions;
 use metrics::{millis_diff_as_secs, AsF64, ObjectMetrics};
 use serde_bytes::ByteBuf;
 use sha2::{Digest, Sha256};

crates/generic_log_worker/src/ctlog.rs crates/generic_log_worker/src/log_ops.rscrates/generic_log_worker/src/ctlog.rs renamed to crates/generic_log_worker/src/log_ops.rs

@@ -24,7 +24,7 @@ use crate::{
     CacheRead, CacheWrite, LockBackend, LookupKey, ObjectBackend, SequenceMetadata,
     SequencerConfig,
 };
-use anyhow::{anyhow, bail, ensure};
+use anyhow::{anyhow, bail};
 use futures_util::future::try_join_all;
 use log::{debug, error, info, trace, warn};
 use serde::{Deserialize, Serialize};
@@ -36,8 +36,8 @@ use std::{
 };
 use thiserror::Error;
 use tlog_tiles::{
-    Hash, HashReader, LogEntry, PendingLogEntry, Tile, TileIterator, TlogError, TlogTile,
-    TreeWithTimestamp, UnixTimestamp, HASH_SIZE,
+    tlog, Hash, HashReader, LogEntry, PendingLogEntry, RecordProof, Tile, TileIterator, TlogError,
+    TlogTile, TreeProof, TreeWithTimestamp, UnixTimestamp, HASH_SIZE,
 };
 use tokio::sync::watch::{channel, Receiver, Sender};
 
@@ -319,11 +319,6 @@ impl SequenceState {
             now_millis(),
             &stored_checkpoint,
         )?;
-        // We don't use extension lines for any of our checkpoints
-        ensure!(
-            c.extension().is_empty(),
-            "unexpected extension in DO checkpoint"
-        );
 
         let timestamp = match timestamp {
             Some(timestamp) => timestamp,
@@ -344,11 +339,6 @@ impl SequenceState {
             std::str::from_utf8(&stored_checkpoint)?
         );
         let (c1, _) = tlog_tiles::open_checkpoint(&config.origin, &verifiers, now_millis(), &sth)?;
-        // We don't use extension lines for any of our checkpoints
-        ensure!(
-            c1.extension().is_empty(),
-            "unexpected extension in R2 checkpoint"
-        );
 
         match (Ord::cmp(&c1.size(), &c.size()), c1.hash() == c.hash()) {
             (Ordering::Equal, false) => {
@@ -453,6 +443,33 @@ impl SequenceState {
             checkpoint: stored_checkpoint,
         })
     }
+
+    /// Proves inclusion of the last leaf in the current tree
+    pub(crate) fn prove_inclusion_of_last_elem(&self) -> RecordProof {
+        let tree_size = self.tree.size();
+        let reader = HashReaderWithOverlay {
+            edge_tiles: &self.edge_tiles,
+            overlay: &HashMap::default(),
+        };
+        // We can unwrap because edge_tiles is guaranteed to contain the tiles
+        // necessary to prove this
+        tlog::prove_record(tree_size, tree_size - 1, &reader).unwrap()
+    }
+
+    /// Proves that this tree of size n is compatible with the subtree of size
+    /// n-1. In other words, prove that we appended 1 element to the tree.
+    ///
+    /// # Errors
+    /// Errors when the last tree was size 0. We cannot prove consistency with
+    /// respect to an empty tree
+    pub(crate) fn prove_consistency_of_single_append(&self) -> Result<TreeProof, TlogError> {
+        let tree_size = self.tree.size();
+        let reader = HashReaderWithOverlay {
+            edge_tiles: &self.edge_tiles,
+            overlay: &HashMap::default(),
+        };
+        tlog::prove_tree(tree_size, tree_size - 1, &reader)
+    }
 }
 
 /// Result of an [`add_leaf_to_pool`] request containing either a cached log
@@ -1225,6 +1242,20 @@ mod tests {
             let (leaf_index, _) = block_on(res.resolve()).unwrap();
             assert_eq!(leaf_index, i);
             log.check(i + 1).unwrap();
+
+            // Check we can make proofs
+            log.sequence_state
+                .as_ref()
+                .unwrap()
+                .prove_inclusion_of_last_elem();
+            // Can't prove consistency with a size-0 subtree
+            if i > 0 {
+                log.sequence_state
+                    .as_ref()
+                    .unwrap()
+                    .prove_consistency_of_single_append()
+                    .unwrap();
+            }
         }
         log.check(n).unwrap();
     }
@@ -1251,6 +1282,18 @@ mod tests {
                 add_leaf_to_pool(&mut log.pool_state, &log.cache, &log.config, leaf);
             }
             log.sequence().unwrap();
+
+            // Check we can make proofs
+            log.sequence_state
+                .as_ref()
+                .unwrap()
+                .prove_inclusion_of_last_elem();
+            // We're batch-adding, so there's no chance tree_size - 1 is 0
+            log.sequence_state
+                .as_ref()
+                .unwrap()
+                .prove_consistency_of_single_append()
+                .unwrap();
         }
         log.check(5 + 500 * 3000).unwrap();
     }

crates/generic_log_worker/src/sequencer_do.rs

@@ -6,7 +6,7 @@
 use std::time::Duration;
 
 use crate::{
-    ctlog::{self, CreateError, PoolState, SequenceState},
+    log_ops::{self, CreateError, PoolState, SequenceState},
     metrics::{millis_diff_as_secs, ObjectMetrics, SequencerMetrics},
     util::now_millis,
     DedupCache, LookupKey, MemoryCache, ObjectBucket, SequenceMetadata, BATCH_ENDPOINT,
@@ -15,7 +15,7 @@ use crate::{
 use futures_util::future::join_all;
 use log::{info, warn};
 use prometheus::{Registry, TextEncoder};
-use tlog_tiles::{CheckpointSigner, LogEntry, PendingLogEntry};
+use tlog_tiles::{CheckpointSigner, LogEntry, PendingLogEntry, RecordProof};
 use tokio::sync::Mutex;
 use worker::{Bucket, Error as WorkerError, Request, Response, State};
 
@@ -141,7 +141,7 @@ impl<E: PendingLogEntry> GenericSequencer<E> {
             .set_alarm(self.config.sequence_interval)
             .await?;
 
-        if let Err(e) = ctlog::sequence::<L>(
+        if let Err(e) = log_ops::sequence::<L>(
             &mut self.pool_state,
             &mut self.sequence_state,
             &self.config,
@@ -174,7 +174,7 @@ impl<E: PendingLogEntry> GenericSequencer<E> {
             warn!("Failed to load short-term dedup cache from DO storage: {e}");
         };
 
-        match ctlog::create_log(&self.config, &self.public_bucket, &self.do_state).await {
+        match log_ops::create_log(&self.config, &self.public_bucket, &self.do_state).await {
             Err(CreateError::LogExists) => info!("{name}: Log exists, not creating"),
             Err(CreateError::Other(msg)) => {
                 return Err(format!("{name}: failed to create: {msg}").into())
@@ -203,7 +203,7 @@ impl<E: PendingLogEntry> GenericSequencer<E> {
         for pending_entry in pending_entries {
             lookup_keys.push(pending_entry.lookup_key());
 
-            let add_leaf_result = ctlog::add_leaf_to_pool(
+            let add_leaf_result = log_ops::add_leaf_to_pool(
                 &mut self.pool_state,
                 &self.cache,
                 &self.config,
@@ -228,6 +228,38 @@ impl<E: PendingLogEntry> GenericSequencer<E> {
             .collect::<Vec<_>>()
     }
 
+    /// Proves inclusion of the last leaf in the current tree. This may only be
+    /// called after the sequencer state has been loaded, i.e., after the first
+    /// `alarm()` has triggered.
+    ///
+    /// # Errors
+    /// Errors when sequencer state has not been loaded
+    pub fn prove_inclusion_of_last_elem(&self) -> Result<RecordProof, WorkerError> {
+        if let Some(s) = self.sequence_state.as_ref() {
+            Ok(s.prove_inclusion_of_last_elem())
+        } else {
+            Err(WorkerError::RustError(
+                "cannot prove inclusion in a sequencer with no sequence state".to_string(),
+            ))
+        }
+    }
+
+    /// Proves that this tree of size n is compatible with the subtree of size
+    /// n-1. In other words, prove that we appended 1 element to the tree.
+    ///
+    /// # Errors
+    /// Errors when this sequencer has not been used to sequence anything yet.
+    pub fn prove_consistency_of_single_append(&self) -> Result<RecordProof, WorkerError> {
+        if let Some(s) = self.sequence_state.as_ref() {
+            s.prove_consistency_of_single_append()
+                .map_err(|e| WorkerError::RustError(e.to_string()))
+        } else {
+            Err(WorkerError::RustError(
+                "cannot prove inclusion in a sequencer with no sequence state".to_string(),
+            ))
+        }
+    }
+
     fn fetch_metrics(&self) -> Result<Response, WorkerError> {
         let mut buffer = String::new();
         let encoder = TextEncoder::new();

crates/mtc_worker/src/frontend_worker.rs

@@ -8,8 +8,8 @@ use std::{str::FromStr, sync::LazyLock, time::Duration};
 use crate::{load_signing_key, load_witness_key, LookupKey, SequenceMetadata, CONFIG, ROOTS};
 use futures_util::future::try_join_all;
 use generic_log_worker::{
-    ctlog::UploadOptions, get_cached_metadata, get_durable_object_stub, init_logging,
-    load_cache_kv, load_public_bucket, put_cache_entry_metadata, util::now_millis, ObjectBackend,
+    get_cached_metadata, get_durable_object_stub, init_logging, load_cache_kv, load_public_bucket,
+    log_ops::UploadOptions, put_cache_entry_metadata, util::now_millis, ObjectBackend,
     ObjectBucket, ENTRY_ENDPOINT, METRICS_ENDPOINT,
 };
 use log::{debug, info, warn};