Retain the block owner's proposal signature alongside certificates (#456)#6589
Draft
ma2bd wants to merge 5 commits into
Draft
Retain the block owner's proposal signature alongside certificates (#456)#6589ma2bd wants to merge 5 commits into
ma2bd wants to merge 5 commits into
Conversation
…d require it for blocks with an authenticated owner (#456)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Motivation
Fixes #456. When a block proposal is turned into a certificate, the chain owner's signature is discarded — a confirmed block retains
authenticated_ownerbut nothing backs it. As a result, the authorization of a block (and of theauthenticated_ownerclaims on its outgoing messages) is attested only by the validator quorum: an auditor replaying the chain, or any party distrusting a (possibly revoked) committee, cannot verify that a chain owner ever authorized the block.Proposal
Retain the owner's signature alongside certificates, and make it a validity condition for blocks that declare an
authenticated_owner:OwnerAuthorization { round, signature }: the owner's signature over the initial, outcome-lessProposalContentthat introduced the block. Every block's first proposal hasoutcome: None(fresh proposals and fast-round retries alike, and retry-regular chains bottom out in one), and that signature is exactly the one validators checked againstauthenticated_ownerat proposal time. Given the block, anyone can reconstruct the signed content (Block::to_proposed()+ the recorded round) and verify it — no extra data needed.GenericCertificateand onLiteCertificate, per the issue's "bonus point": it must not be covered by the block hash, since the same block can be authorized by proposals in different rounds. Carrying it onLiteCertificateis load-bearing: storage persists certificates as (lite certificate + block) and validators rebuild full certificates from lite certificates and cached values, so the evidence survives those paths.authenticated_owner: Some(owner)is rejected (ChainError::MissingOwnerAuthorization) unless the certificate retains a valid signature byowner. Enforced inprocess_validated_block,process_confirmed_block(covering the preprocess and checkpoint-restore dispatches), and onOriginalProposal::Regularretry proposals — the latter prevents invalid or missing evidence from entering locking blocks and only surfacing at finalization. Blocks without an authenticated owner may omit the signature (pre-existing certificates, provenance-optional blocks), but if present it must verify.submit_block_proposalattaches the authorization derived from the proposal (fresh → its own signature, fast-retry → the original fast-round signature);finalize_blockand retry-regular proposals carry it over from the validated certificate.optional bytes owner_authorizationon the gRPCCertificate(field 5) andLiteCertificate(field 7); BCS certificate formats gain the optional field (formats.yamlregenerated).Note: this changes the stored and transmitted certificate formats, so it requires a new deployment; previously stored certificates do not deserialize.
Test Plan
owner_authorization_verifies_against_block: signature round-trip, wrong round, wrong signer vs.authenticated_owner, missing authorization rejected for authenticated blocks and accepted otherwise.test_finalize_locked_block_with_blobsthe certificate finalized by client 2B still verifies against owner 2A's signature (carried across the validated certificate and the retry).PartialEqon certificates now includes the field, socheck_that_validators_have_certificateproves validators store byte-identical evidence (this caught the lite-certificate propagation gap during development).TestEnvironmentso self-certified test blocks carry valid authorizations; the mandatory rule is exercised by all certificate-handling tests.cargo test -p linera-chain -p linera-core -p linera-rpc -p linera-storageall pass; clippy clean.Release Plan
devnetand release a new SDK soon.Links