-
Notifications
You must be signed in to change notification settings - Fork 170
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add FVM Randomness FIP #817
Conversation
FIPS/fip-randomness.md
Outdated
--- | ||
fip: "<to be assigned>" <!--keep the qoutes around the fip number, i.e: `fip: "0001"`--> | ||
title: Improvements to the FVM randomness syscalls | ||
author: Aayush Rajasekaran (@arajasek), Steven Allen (@stebalien) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit: please quote the author line to avoid YAML warnings
FIPS/fip-randomness.md
Outdated
discussions-to: https://github.com/filecoin-project/FIPs/discussions/790, https://github.com/filecoin-project/FIPs/discussions/791 | ||
status: Draft | ||
type: Technical (Core) | ||
category (*only required for Standard Track): <Core> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
category (*only required for Standard Track): <Core> | |
category: Core |
FIPS/fip-randomness.md
Outdated
<!--"If you can't explain it simply, you don't understand it well enough." Provide a simplified and layman-accessible explanation of the FIP.--> | ||
|
||
- Actors/Contracts: Don't expect clients to "hash" randomness for you, do it yourself | ||
- FVM: Don't impose any lookback limit on randomness and tipset CID fetching, but charge proportional to the lookback amount |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could you please phrase this as a declarative statement of what's changing, rather than imperative? It's hard to avoid some duplication with the abstract, but I usually to orient this summary toward the solution, while the abstract expands a bit more on the problem/goal (in this case, simplicity?).
"Changes VM-provided randomness to .... Removes limits on chain lookback but charges gas ...."
FIPS/fip-randomness.md
Outdated
|
||
Clients no longer receive the `dst` and `entropy` parameters for the randomness Extern methods, and should skip the final step of "drawing" randomness in which this DST and entropy is mixed into the hash. | ||
|
||
We also seek consensus amongst Core Devs that Filecoin clients are expected to be able to support chain walkbacks all the way to genesis, with a performance no _worse_ than that based on a skiplist of length 20. Clients are free to be more performant (eg. constant-time). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
My understanding of a true skiplist would be logarithmic lookup time. It's not clear that's what you mean here though – I get the impression of a linear scan moving in steps of 20 (and then <20 steps of 1 to finish. Could you clarify this?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We have a "single layer" skiplist. But yes, a "real" skiplist would be faster.
But as I said above, in the FIP, I'd describe the requirements (linear lookback according to the fee structure), then describe how we do it in lotus in the design rational.
FIPS/fip-randomness.md
Outdated
## Security Considerations | ||
<!--All FIPs must contain a section that discusses the security implications/considerations relevant to the proposed change. Include information that might be important for security discussions, surfaces risks and can be used throughout the life cycle of the proposal. E.g. include security-relevant design decisions, concerns, important discussions, implementation-specific guidance and pitfalls, an outline of threats and risks and how they are being addressed. FIP submissions missing the "Security Considerations" section will be rejected. A FIP cannot proceed to status "Final" without a Security Considerations discussion deemed sufficient by the reviewers.--> | ||
|
||
This FIP is an overall improvement to security, as it is hardens some aspects of the system. This is especially important if we plan to eventually support native WASM actors. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I know it's a bit duplicative, but could you describe what aspects are hardened?
README.md
Outdated
@@ -110,3 +110,4 @@ This improvement protocol helps achieve that objective for all members of the Fi | |||
|[0070](https://github.com/filecoin-project/FIPs/blob/master/FIPS/fip-0070.md) | Allow SPs to move partitions between deadlines | FIP |Steven Li (@steven004), Alan Xu (@zhiqiangxu), Mike Li (@hunjixin), Alex North (@anorth), Nicola (@nicola)| Draft | | |||
|[0071](https://github.com/filecoin-project/FIPs/blob/master/FIPS/fip-0071.md ) | Deterministic State Access (IPLD Reachability) | FIP |@stebalien| Draft | | |||
|[0072](https://github.com/filecoin-project/FIPs/blob/master/FIPS/fip-0072.md) | Improved event syscall API | FIP | @fridrik01, @Stebalien | Draft | | |||
|[XXXX](https://github.com/filecoin-project/FIPs/blob/master/FIPS/fip-randomness.md) | Improvements to the FVM randomness syscalls | FIP | @arajasek, @Stebalien | Draft | |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nits. Basically, I like keeping the spec as clean as possible
FIPS/fip-randomness.md
Outdated
The client looks up the randomness from the chain (with no lookback limit), hashes it to "draw" the requested value, and returns it. | ||
This FIP proposes: | ||
1. moving the hashing operation out of the FVM/client, and into the calling actor | ||
1. formalizing that no lookback limit is enforced on randomness and tipset CID fetching, and modifying the gas pricing to be based on a skiplist of length 20 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I... wouldn't include the whole skiplist thing, because that will still depend on the client. Any algorithm works as long as it has at most linear runtime with respect to the lookback length and it fits within the specified gas parameters.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We can describe our algorithm in the discussion, but it's not really a part of the spec.
FIPS/fip-randomness.md
Outdated
|
||
Clients no longer receive the `dst` and `entropy` parameters for the randomness Extern methods, and should skip the final step of "drawing" randomness in which this DST and entropy is mixed into the hash. | ||
|
||
We also seek consensus amongst Core Devs that Filecoin clients are expected to be able to support chain walkbacks all the way to genesis, with a performance no _worse_ than that based on a skiplist of length 20. Clients are free to be more performant (eg. constant-time). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We have a "single layer" skiplist. But yes, a "real" skiplist would be faster.
But as I said above, in the FIP, I'd describe the requirements (linear lookback according to the fee structure), then describe how we do it in lotus in the design rational.
FIPS/fip-randomness.md
Outdated
|
||
### Gas Pricing | ||
|
||
We change the gas pricing for both `get_randomness` operations, as well as the `get_tipset_cid` operation, to be proportional to the lookback distance. Specifically, we: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd just specify the values here and move the how down to the design rational. I.e.,
- The spec cares about the actual gas fees and what they imply for the client.
- The reviewers care about how we arrived at those gas fees. But that's basically: we picked them based on lotus and all existing clients use the same logic.
FIPS/fip-randomness.md
Outdated
|
||
The implementation of the `Runtime` interface for the FVM has to change to: | ||
- no longer supply the `dst` and `entropy` params when calling into the FVM SDK | ||
- hash the randomness returned by the FVM with the `dst` and `entropy` params |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's reproduce the function here.
FIPS/fip-randomness.md
Outdated
### Gas Pricing | ||
|
||
We change the gas pricing for both `get_randomness` operations, as well as the `get_tipset_cid` operation, to be proportional to the lookback distance. Specifically, we set it to: | ||
`75 * lookback + 110200 + 15000 + 21000`, where `lookback` is equal to the difference between the current epoch, and the requested epoch. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would still simplify this to two parameters:
- The per-tipset cost.
- The offset.
5fb25c4
to
68cc231
Compare
@Stebalien Thanks for review, all feedback addressed! |
@arajasek - do we still plan to merge this security improvement and get the FIP number + move it to the next call during this week? |
Yup, that's the plan. Gonna give folks a little break before poking for more review. |
68cc231
to
9889db4
Compare
FIPS/fip-randomness.md
Outdated
``` | ||
pub fn draw_randomness( | ||
rbase: &[u8; RANDOMNESS_LENGTH], | ||
pers: DomainSeparationTag, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
i64
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I.e., make this code stand by itself.
FIPS/fip-randomness.md
Outdated
pub fn draw_randomness( | ||
rbase: &[u8; RANDOMNESS_LENGTH], | ||
pers: DomainSeparationTag, | ||
round: ChainEpoch, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
i64
FIPS/fip-randomness.md
Outdated
|
||
``` | ||
pub fn draw_randomness( | ||
rbase: &[u8; RANDOMNESS_LENGTH], |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
hard code or define the length.
FIPS/fip-randomness.md
Outdated
We charge `75 * lookback + 5800 * 19` for the lookback cost, where `lookback` is equal to the difference between the current epoch, and the requested epoch. | ||
We additionally charge `15000` for the offset (the cost of producing the randomness/tipset CID itself), and `21000` for the extern cost. | ||
|
||
The total gas formula is thus: `75 * lookback + 110200 + 15000 + 21000`. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please include the final number. I'd prefer to just drop all math from the spec and move it to the rational, but we can keep it if you feel strongly about it. However, we should include the final number regardless.
@Stebalien Review addressed, thank you! |
37c598e
to
576d2ef
Compare
As discussed in #790 and #791