Add long range fork rule

Author: xqft

operator/mina/lib/src/consensus_state.rs

@@ -1,47 +1,143 @@
 use blake2::{Blake2b512, Digest};
 use kimchi::o1_utils::FieldHelpers;
-use mina_p2p_messages::{hash::MinaHash, v2::MinaStateProtocolStateValueStableV2};
+use mina_p2p_messages::{
+    hash::MinaHash,
+    v2::{
+        ConsensusProofOfStakeDataConsensusStateValueStableV2 as MinaConsensusState,
+        MinaStateProtocolStateValueStableV2 as MinaProtocolState,
+    },
+};
+///! Consensus chain selection algorithms. The [`official specification`] was taken as a reference.
+///
+///! [`official specification`]: https://github.com/MinaProtocol/mina/blob/develop/docs/specs/consensus/README.md
+use std::cmp::{max, min, Ordering};
+
+const GRACE_PERIOD_END: u32 = 1440;
+const SUB_WINDOWS_PER_WINDOW: u32 = 11;
+const SLOTS_PER_SUB_WINDOW: u32 = 7;
 
 #[derive(PartialEq)]
-pub enum LongerChainResult {
+pub enum ChainResult {
     Bridge,
     Candidate,
 }
 
-pub fn select_longer_chain(
-    candidate: &MinaStateProtocolStateValueStableV2,
-    tip: &MinaStateProtocolStateValueStableV2,
-) -> LongerChainResult {
+pub fn select_secure_chain(
+    candidate: &MinaProtocolState,
+    tip: &MinaProtocolState,
+) -> Result<ChainResult, String> {
+    if is_short_range(candidate, tip)? {
+        Ok(select_longer_chain(candidate, tip))
+    } else {
+        let tip_density = relative_min_window_density(candidate, tip);
+        let candidate_density = relative_min_window_density(candidate, tip);
+        Ok(match candidate_density.cmp(&tip_density) {
+            Ordering::Less => ChainResult::Bridge,
+            Ordering::Equal => select_longer_chain(candidate, tip),
+            Ordering::Greater => ChainResult::Candidate,
+        })
+    }
+}
+
+fn select_longer_chain(candidate: &MinaProtocolState, tip: &MinaProtocolState) -> ChainResult {
     let candidate_block_height = &candidate.body.consensus_state.blockchain_length.as_u32();
     let tip_block_height = &tip.body.consensus_state.blockchain_length.as_u32();
 
     if candidate_block_height > tip_block_height {
-        return LongerChainResult::Candidate;
+        return ChainResult::Candidate;
     }
     // tiebreak logic
     else if candidate_block_height == tip_block_height {
         // compare last VRF digests lexicographically
         if hash_last_vrf(candidate) > hash_last_vrf(tip) {
-            return LongerChainResult::Candidate;
+            return ChainResult::Candidate;
         } else if hash_last_vrf(candidate) == hash_last_vrf(tip) {
             // compare consensus state hashes lexicographically
             if hash_state(candidate) > hash_state(tip) {
-                return LongerChainResult::Candidate;
+                return ChainResult::Candidate;
             }
         }
     }
 
-    LongerChainResult::Bridge
+    ChainResult::Bridge
+}
+
+/// Returns true if the fork is short-range, else the fork is long-range.
+fn is_short_range(candidate: &MinaProtocolState, tip: &MinaProtocolState) -> Result<bool, String> {
+    // TODO(xqft): verify constants are correct
+    if tip.body.constants != candidate.body.constants {
+        return Err("Protocol constants on candidate and tip state are not equal".to_string());
+    }
+    let slots_per_epoch = tip.body.constants.slots_per_epoch.as_u32();
+
+    let candidate = &candidate.body.consensus_state;
+    let tip = &tip.body.consensus_state;
+
+    let check = |s1: &MinaConsensusState, s2: &MinaConsensusState| {
+        let s2_epoch_slot = s2.global_slot() % slots_per_epoch;
+        if s1.epoch_count.as_u32() == s2.epoch_count.as_u32() + 1
+            && s2_epoch_slot >= slots_per_epoch * 2 / 3
+        {
+            s1.staking_epoch_data.lock_checkpoint == s2.next_epoch_data.lock_checkpoint
+        } else {
+            false
+        }
+    };
+
+    Ok(if candidate.epoch_count == tip.epoch_count {
+        candidate.staking_epoch_data.lock_checkpoint == tip.staking_epoch_data.lock_checkpoint
+    } else {
+        check(candidate, tip) || check(tip, candidate)
+    })
+}
+
+fn relative_min_window_density(candidate: &MinaProtocolState, tip: &MinaProtocolState) -> u32 {
+    let candidate = &candidate.body.consensus_state;
+    let tip = &tip.body.consensus_state;
+
+    let max_slot = max(candidate.global_slot(), tip.global_slot());
+
+    if max_slot < GRACE_PERIOD_END {
+        return candidate.min_window_density.as_u32();
+    }
+
+    let projected_window = {
+        let shift_count = (max_slot - candidate.global_slot() - 1).clamp(0, SUB_WINDOWS_PER_WINDOW);
+        let mut projected_window: Vec<_> = candidate
+            .sub_window_densities
+            .iter()
+            .map(|d| d.as_u32())
+            .collect();
+
+        let mut i = relative_sub_window(candidate);
+        for _ in 0..shift_count {
+            i = (i + 1) % SUB_WINDOWS_PER_WINDOW;
+            projected_window[i as usize] = 0
+        }
+
+        projected_window
+    };
+
+    let projected_window_density = projected_window.iter().sum();
+
+    min(
+        candidate.min_window_density.as_u32(),
+        projected_window_density,
+    )
+}
+
+fn relative_sub_window(state: &MinaConsensusState) -> u32 {
+    (state.global_slot() / SLOTS_PER_SUB_WINDOW) % SUB_WINDOWS_PER_WINDOW
 }
 
-fn hash_last_vrf(chain: &MinaStateProtocolStateValueStableV2) -> String {
+fn hash_last_vrf(chain: &MinaProtocolState) -> String {
     let mut hasher = Blake2b512::new();
     hasher.update(chain.body.consensus_state.last_vrf_output.as_slice());
     let digest = hasher.finalize().to_vec();
 
     hex::encode(&digest)
 }
 
-fn hash_state(chain: &MinaStateProtocolStateValueStableV2) -> String {
+fn hash_state(chain: &MinaProtocolState) -> String {
     MinaHash::hash(chain).to_hex()
 }

operator/mina/lib/src/lib.rs

@@ -3,7 +3,7 @@ mod consensus_state;
 use mina_bridge_core::proof::state_proof::{MinaStateProof, MinaStatePubInputs};
 
 use ark_ec::short_weierstrass_jacobian::GroupAffine;
-use consensus_state::{select_longer_chain, LongerChainResult};
+use consensus_state::{select_secure_chain, ChainResult};
 use kimchi::mina_curves::pasta::{Fp, PallasParameters};
 use kimchi::verifier_index::VerifierIndex;
 use lazy_static::lazy_static;
@@ -62,10 +62,16 @@ pub extern "C" fn verify_mina_state_ffi(
     let srs = get_srs::<Fp>();
     let srs = srs.lock().unwrap();
 
-    // Consensus check: Short fork rule
-    let longer_chain = select_longer_chain(&candidate_tip_state, &bridge_tip_state);
-    if longer_chain == LongerChainResult::Bridge {
-        eprintln!("Failed consensus checks for candidate tip state against bridge's tip");
+    // Consensus checks
+    let secure_chain = match select_secure_chain(&candidate_tip_state, &bridge_tip_state) {
+        Ok(res) => res,
+        Err(err) => {
+            eprintln!("Failed consensus checks: {err}");
+            return false;
+        }
+    };
+    if secure_chain == ChainResult::Bridge {
+        eprintln!("Failed consensus checks for candidate tip state (bridge's tip is more secure)");
         return false;
     }
 
@@ -242,12 +248,8 @@ mod test {
         assert!(pub_input_size <= pub_input_buffer.len());
         pub_input_buffer[..pub_input_size].clone_from_slice(PROTOCOL_STATE_BAD_CONSENSUS_PUB_BYTES);
 
-        let result = verify_protocol_state_proof_ffi(
-            &proof_buffer,
-            proof_size,
-            &pub_input_buffer,
-            pub_input_size,
-        );
+        let result =
+            verify_mina_state_ffi(&proof_buffer, proof_size, &pub_input_buffer, pub_input_size);
         assert!(!result);
     }
 }