Orderer v3: BFT: Block Replication for peer and orderer

[tock-ibm]

Current Status

Currently the peer is using the orderer's delivery service to pull blocks in a way that is resilient to crash failures of the orderer is is pulling from. It is not resistant to some BFT attacks, in particular, the target orderer may deliberately slow down block transmission or withhold blocks (censorship).

The same is true for the orderer "sync" functionality - when an orderer is trying to catch-up with the cluster it may pull blocks from a malicious orderer that will slow it down or withold blocks.

Goal

Implement a BFT block puller that would be used in the peer and in the orderer, as described in this RFC

Solution

As described in this RFC, we will implement a block puller / delivery service client that can detect withholding attacks by inspecting block headers from multiple members in the cluster. When such an attack is detected or suspected, we'll switch the target orderer from which we pull blocks.

• We will start by implementing a solution to the peer, then
• Refactor this solution to isolate subcomponents that are reusable at the orderer,
• Implement a BFT solution to allow the orderers to sync, a solution that will work both for a consenter and a follower.

Tasks

• BFT Block Puller: Allow the orderer to supply a stream of header + signatures (attestations) #4241

• BFT Block Puller: allow the peer to verify the signature of an attestation (header + signatures) #4243

• BFT Block Puller: Allow a delivery client to get all the orderer endpoints #4259

• BFT Block Puller: Remove redundant internal map in deliveryServiceImpl.blockproviders #4261

• In the folower, check that the join block matches the block pulled from the cluster #4273

• BFT Block Puller: Select between a CFT or a BFT BlockDeliverer #4277

• BFT Block Puller: Identify and refactor common components from CFT and BFT block deliverer in the peer #4293

• BFT Block Puller: seek content type "header+sig" to send full config blocks #4354

• BFT: orderer deliver handler: avoid mutating blocks #4456

• BFT Block Puller: A block censorship detector - greedy #4306

• BFT Block Puller: A BFTDeliverer in the peer #4348

• Peer CFT Block Puller: total time duration of sleep does not reset #4394

• BFT Block Puller: expose BlockCensorshipTimeout in config #4401

• BFT Block Puller: A block validator that is updated immediately after a config block is sent to gossip / orderer-pull-buffer #4346

• BFT Block Puller: a private block verifier to each header receiver #4353

• BFT Block Puller: header receiver to verify full config blocks #4403

• BFT Block Puller: A connection source that is updated immediately after a config block is sent to gossip  #4347

• BFT Block Puller: make sure invalid headers don't go beyond config-index #4351

• BFT Block Puller: move reusable components under common/deliverclient #4350

• BFT Block Puller: in orderer #4566

• BFT synchronizer: Increase default capacity of SyncBuffer #4715

• BFT Synchronizer: expose hard coded timeout values to config #4719

• BFT: simple synchronizer block puller factory #4696

• BFT: simple synchronizer dynamic cluster size #4697

• BFT synchronizer: integration test against an orderer that does block censorship #4731

• BFT Block Puller: test byzantine behavior of the orderer during delivery against the peer #4446

• BFT smartbft integration test with synch with "simple" replication policy #4732

• Allow the peer delivery client to select between the Deliverer or BFTDeliverer #4847

• BFT Block Puller: optimistic target height selection #4698

• BFT Block Puller: unit test the DeliveryRequester #4567

• A block withholding detector - frugal

Related Issues

Part of #3771