Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding verifiability of running applications #31

Open
1 of 8 tasks
Dormage opened this issue Jan 8, 2023 · 0 comments
Open
1 of 8 tasks

Adding verifiability of running applications #31

Dormage opened this issue Jan 8, 2023 · 0 comments
Assignees
@MihaelBercic

Comments

@Dormage
Copy link
Member

Dormage commented Jan 8, 2023
edited
Loading

Progress:

  • Quorum selection
  • Periodic snapshot generation
  • Snapshot submission to blocks
  • Subset of validator selection for verification
  • Backtracing and finding nearest snapshot
  • Querying the subset to retrieve states
  • Attempt to restore
  • Submit votes to the block producer via aggregation through clusters

Currently, there is no verification being done on nodes running containers. To account for byzantine behavior in public networks, verifying the state of containers to make sure they are running is crucial. Otherwise, malicious nodes may simply extract keys from containers and submit signed proofs without actually running the container.

The suggested protocol is as follows:

  • Nodes running containers must periodically extract the state using CRIU, and submit the hash of the state to be saved in the block.
  • Each k slots, a new subset of validators $V$ self-elects into the a new roles "quorum member". These nodes form a quorum $Q$.
  • Each slot, the quorum uses the same RNG to select one or more nodes ${k_0, ... k_n } € K$ for verification such that $K \subset V$, $n \lt |Q|$ and $k \notin Q$
  • For each $k_n$, Quorum members trace-back the chain to find the last state verification proof $k_p = hash( proof(k_n, block))$
  • Quorum members query $k_n$ using the obtained proof $k_p$ to receive the actual CRIU state, which is verified again with $k_p$,
  • Quorum members attempt to restore the container given the state.
  • Quorum members submit their votes based on the success of restoration, the aggregated vote is included in the next block.
  • Validators verify the votes.

To produce periodic proofs, nodes must continuously submit valid state proofs. The only reasonable way to produce valid CRIU states is for nodes to actually run the container, and store the submitted proofs locally pending verification.

There are a few parameters that need to be defined pending some simulations and testing such as:

  • Determine the best quorum size, and frequency of election (likely not per slot).
  • How many nodes should be verified per each Quorum.
  • What is the retention rate enforced on nodes to store the CRIU state considering storage. This must reflect the Quorum proof selection algorithm.
@MihaelBercic MihaelBercic self-assigned this Mar 29, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@MihaelBercic MihaelBercic

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Dormage @MihaelBercic