[sui-node] Add epochs to key signed structures #1534
Conversation
| pub voting_rights: BTreeMap<AuthorityName, usize>, | ||
| pub total_votes: usize, | ||
| // Note: this is a derived structure, no need to store. |
There was a problem hiding this comment.
We could you use #[serde(skip)] for transient fields (in a future PR).
There was a problem hiding this comment.
Yes, we should -- but right now this stuct is not Serde Serizalize / Deserialize hence why we just have a comment.
| @@ -64,6 +65,8 @@ pub enum SuiError { | |||
| #[error("Value was not signed by a known authority")] | |||
| UnknownSigner, | |||
| // Certificate verification | |||
| #[error("Signature or certificate from wrong epoch, expected {expected_epoch}")] | |||
| WrongEpoch { expected_epoch: EpochId }, | |||
There was a problem hiding this comment.
Ideally we want to log both used and expected epochs (not a PR blocker).
|
Why do we need epoch in unsigned transaction effects? |
Yes, I think we do, but I would love to get your feedback on how to do this @lxfind :
So I went for the simple option of adding the epoch into the effects structure to make sure we have it. However, one could also (a) just include it in the effects signature and (b) implicitly get it through the checkpoint in which the transaction is included (adding to checkpoint = executed in this epoch). I am open minded about this -- down the line we might reconsider. But ultimately the tl;dr to the question is: when you execute based on effects you need to know the epoch to get gas price etc. |
|
Not sure what it means by "execute based on the effects". Transaction effects never show up alone, right? i.e. on authorities we always only store signed transaction effects. Only gateway stores the unsigned ones, but we would have a cert at that point before applying the effects. |
iiuc, although protocol wise it might not show up alone, there might be external light clients that cannot run a full Sui VM, but will be convinced by the results of a tx if they see a signed TxEffects. And these services might need to know at which epoch it was submitted (got the cert) as a timestamp reference, even before you see the tx included in a checkpoint. In that sense, external services that use the fastX finality property as a light client evidence might be benefited from that. That's the main difference between options a and b that George proposes (I guess, correct me if I'm wrong). |
A signed tx effect will have the epoch in its authority signature info. What I was asking is whether we need the epoch in an unsigned tx effect, which by itself is never authenticatable and hence would never show up alone |
|
|
Thanks for the feedback -- I will ensure we have epoch in the AuthoritySignature signed struct rather than the effects structure then. |
|
Update: now removed the epoch from the effects structure. And landing once all is good with the tests here. |
This PR moves Sui towards being aware of epochs. This is necessary to support reconfiguration.
Epochs: committees are only valid within an epoch, denoted using an EpochId. Authority Signatures are only valid with respect to a specific epoch and are tied to the epoch. Furthermore, certificates can only aggregate signatures from the same epoch. Execution happens within a specific epoch for all nodes, and uses this epochId, gas price etc from the epoch.
This PR:
Future: