search

HorizenOfficial / zend_oo

This repository is archived, Zendoo is out of beta and has been included in https://github.com/HorizenOfficial/zen.
https://github.com/HorizenOfficial/zen
Other
34 stars 22 forks source link

Ban strategy for non valid certificates #91

Closed albertog78 closed 3 years ago

albertog78 commented 3 years ago

We have to keep in the certificate all the variable data that are part of the proof public inputs (including endCumScTxCommTree) because otherwise we will not be able to distinguish between a "honest" cert proof not verifying (eg. a valid proof generated for a mainchain fork) and a malicious one (eg. a wrong proof obliging the node to verify it against the current epoch data). To penalize such a behavior, we should add the endCumScTxCommTreeRoot to the certificate data (verify if also mandatory to be part of the message to sign). In such a way, when a node receives a cert with a endCumScTxCommTreeRoot not on the current active chain, it will reject it without verifying the proof and it will not assign any penalty to the sender. On the contrary, if the endCumScTxCommTreeRoot is on the current active chain but the proof does not verify we can ban the sender. The same approach should be adopted with MCBTRs for activeCertDataHash.

alsala commented 3 years ago

Actually MCBTR will not need this handling, but CSW will instead.

ptagl commented 3 years ago

Fixed with PR #106.