qtumproject / qips

Qtum Improvement Proposals
9 stars 2 forks source link

QIP-17: Storage rent within Qtum-x86 #17

Open Earlz opened 5 years ago

Earlz commented 5 years ago

Abstract

This would implement a rent mechanism for all storage consumed in Qtum-x86. The existing EVM infrastructure would be untouched (for now). The rent mechanism would be a somewhat "passive" implementation, requiring no special contract logic in order to be aware of rent, nor to make rent payments on consumed storage. The design would effectively put a cap on the total amount of data a node would need to store, while also putting a cap on the total search space lightweight SPV nodes need to effectively evaluate and interact with smart contracts.

Motivation

Disk space consumption has long been a concerning topic in the blockchain space. There is a fear that any blockchain, especially those with smart contracts and additional state, will inflate beyond the storage capabilities of most computers and servers in as little 10 years. This disk space inflation would then cause centralization of full nodes to only those capable of affording very expensive computers with very large storage arrays.

Specification

The changes to the Qtum-x86 design incurred by this can be broken into 3 parts:

First, the terms used for different states of.. state

DeltaDB Repropagation and Rent Behavior

Every piece of state owned by a contract, including it's own bytecode, has a rent timer denoted by block height. Once this timer elapses to 0, the active state is moved to the sleeping state, and nodes are safe to prune most of the data concerning that state from their internal databases. When a piece of state is accessed or modified an implicit rent payment is made, which is factored into the gas price of the operation. When the rent payment is paid by accessing the data, the piece of state will have it's timer reset to RENT_TERM. There is no method of pre-paying in order for a piece of state to have it's timer set to something larger than RENT_TERM.

With DeltaDB's current consensus model, reading a piece of state (usually) does not involve adding a new delta (state change/notification) to the DeltaDB proof tree. With this storage rent proposal, each state access would cause a "repropagation" of state by submitting a delta to the DeltaDB proof. Although this would have no effect to contracts and even most developers working on the blockchain, this causes a number of side-effects:

The following data would need to be kept by a node for each piece of sleeping state:

Smart contract Behavior

Most proposals for storage rent designs requires explicit and error-prone management of rent and awareness by smart contracts. In this design, everything is implicit and operations for checking rent are not required outside of specialized contract designs. With this proposal comes some changes to how unstoppable exceptions behave, including the one that occurs when a contract attempts to access sleeping state.

This implicit rent payment and exception design means that most contracts never need to worry about rent mechanisms for proper operation. However, for contracts that require some self-awareness about it, some additional system interfaces will be added:

Gas model

The gas model for storage is not completely designed for Qtum-x86 as of yet, but this proposal would completely change it if it were. So, this is as good place to lay down the design as any.

Definitions:

Operations:

Note, in cases of reading that

Although this list of operations is quite large, it is actually very formulaic in nature and shouldn't be too difficult to actually implement in code. It is very regular and should require very little handling of edge cases. Each of the defined constants or functions above should be self-explanatory and are expected to factor in all costs of a node and the greater network.

Some dangers of this approach is that refunds must be conservative to avoid a case where it could be beneficial, for example, to write data to state, and then modify the state to a smaller size, rather than simply writing the smaller state in the beginning. Refund behavior is different from Ethereum, in that any surplus after execution will be sent back to the gas payee, up to the total gas sent to the contract. If more gas were allowed than sent with the contract then this could be exploited to print Qtum by using artificially high gas prices so that refunds could take place at a higher gas price than the initial gas payment.

Account Abstraction Layer Modification

In order for contract transactions to be properly pruned of extraneous data, all contract execution and creation transactions will be spent by the AAL and condensed. This would greatly simplify other future QIPs as well, such as a proposal for UTXO-based "one-time owned" state. Currently, contract executions are only spent by the AAL when the funds from the execution are actually spent by the smart contract. Further, the contract creation transaction will only be spent when the contract self-destructs. This allows for some additional features in SPV nodes to track contracts, but comes at the cost of keeping duplicated and somewhat irrelevant data in the UTXO set. This functionality would be effectively superseded by DeltaDB's SPV targeted methods of access and tracking.

New Node Classification

Currently there are three primary types of nodes in the Qtum ecosystem:

With the new functionality and provable behavior provided from this proposal, a new node classification is proposed:

Fast Dev Node. This uses the general security paradigms of SPV nodes, and requires download of the following data initially:

Data downloaded on demand includes:

This would not be considered safe for staking and security critical purposes, as it's core security is still only as secure as SPV. However, this would be fully capable of being used for smart contract development and as a more featured version of an SPV node. Historical contract execution can be ignored, but ongoing new contract executions can be completely executed and tracked. The initial syncing process for this would only be somewhat slower than SPV, primarily due to the need to download full EVM and pruned DeltaDB data. The bandwidth costs would also only be slightly higher than an SPV node, with the primary cost being that all transactions with a smart contract execution must be downloaded in full.

Rationale

This specific implementation of rent is different from most others which have been proposed. One of the big fears is that smart contracts are already quite complex and adding more complexity with rent would greatly increase the amount of bugs and exploits in smart contract code. This proposal takes a different route by leveraging DeltaDB's unique characteristics in order to make the rent system beneficial to the ecosystem, without requiring any additional smart contract logic in most cases.

Furthermore, a big focus of this proposal is to separate what nodes need for consensus and everything else. It is perfectly acceptable to have data on the blockchain which is seldom accessed and never updated, but this data should be provably irrelevant for nodes. Of course, it will still be provable that the data is contained within the blockchain at a certain block height, however, it is not expected to be directly stored and accessible by most nodes on the network. Furthermore, this proof can be done without consuming any blockchain resources that would incur gas costs. This type of historical data would be relegated to Archival Nodes. For applications that only need access to, say, a certain smart contract's sleeping data, the application could use a partial-archival node. This is basically a standard pruning node, but which stores the full historical data for the relevant smart contract.

Strategy

This will be implemented in the initial release of Qtum-x86. It becomes very hard to change this storage model after release, so it is greatly advantagous to launch Qtum-x86 with this already implemented.

TODO

(This QIP is unfinished and will be updated as details are established)