add block hashes to the randomness used by hashmaps and friends in validation context#9127
add block hashes to the randomness used by hashmaps and friends in validation context#9127
Conversation
Signed-off-by: Alexandru Gheorghe <alexandru.gheorghe@parity.io>
Cargo.toml
Outdated
| gum-proc-macro = { path = "polkadot/node/gum/proc-macro", default-features = false, package = "tracing-gum-proc-macro" } | ||
| handlebars = { version = "5.1.0" } | ||
| hash-db = { version = "0.16.0", default-features = false } | ||
| hash-db = { git = "https://github.com/paritytech/trie.git", branch = "alexggh/allow_usage_of_custom_hasher", default-features = false } |
There was a problem hiding this comment.
Will be removed once: paritytech/trie#224, gets merged and a crate release is done.
alexggh
changed the title
Signed-off-by: Alexandru Gheorghe <alexandru.gheorghe@parity.io>
Signed-off-by: Alexandru Gheorghe <alexandru.gheorghe@parity.io>
Signed-off-by: Alexandru Gheorghe <alexandru.gheorghe@parity.io>
Signed-off-by: Alexandru Gheorghe <alexandru.gheorghe@parity.io>
Signed-off-by: Alexandru Gheorghe <alexandru.gheorghe@parity.io>
Signed-off-by: Alexandru Gheorghe <alexandru.gheorghe@parity.io>
Signed-off-by: Alexandru Gheorghe <alexandru.gheorghe@parity.io>
Signed-off-by: Alexandru Gheorghe <alexandru.gheorghe@parity.io>
cumulus/pallets/parachain-system/src/validate_block/implementation.rs
Outdated
Show resolved
Hide resolved
|
I first suggested this in #8606 (comment) but I honestly still have no idea how secure this is. Also how badly this breaks depends upon what computation happens, aka this seems not contract safe. The simple attack is: 1st, do a bunch in a hashmap operations in a block. 2nd, search block hashes until you find one having considerable probing. At some point, I started looking up how the hash map handles landing early in the probe sequence, ala if probes ever trigger reallocation, but never pinned that down enough to figure out the attack difficultly. Anyways if you have a tight hash map and can land early in the probe sequence, then you can produce many probes on each read, which gives an attack. I've no idea if there are worse attacks that exploit the weakness of hash brown vs say sip hasher, but that where not beiong. contract safe really emerges. Afaik nobody has ever proven really nice properties of sip hasher beyond hiding the key, so not sure what'd be better. As for optimizing this, you could do hash(blockhash * hash-to-curve(blockhash)) for this randomness, so that every attack attempt required 25 us. It'd do nothing against parallellism though, so not worth the effort without the ECC host calls. Anyways.. If we must BTreeMap then we could first take this appraoch because its easy, and not that bad, but also make an RFP for my other
|
…tion.rs Co-authored-by: Bastian Köcher <git@kchr.de>
Not sure, I understand this, the extra seed is derived from the relay chain parent blockhash and the hash of the current parachain block(which is also impacted by the transactions in it), so this is not something the user can control apriori or manipulate and it changes every block. |
Signed-off-by: Alexandru Gheorghe <alexandru.gheorghe@parity.io>
alexggh
added
the
A4-backport-unstable2507
…lidation context (#9127) #8606 paritytech/trie#221 replaced the usage of BTreeMap with HashMaps in validation context. The keys are already derived with a cryptographic hash function from user data, so users should not be able to manipulate it. To be on safe side this PR also modifies the TrieCache, TrieRecorder and MemoryDB to use a hasher that on top of the default generated randomness also adds randomness generated from the hash of the relaychain and that of the parachain blocks, which is not something users can control or guess ahead of time. --------- Signed-off-by: Alexandru Gheorghe <alexandru.gheorghe@parity.io> Co-authored-by: Bastian Köcher <git@kchr.de> Co-authored-by: cmd[bot] <41898282+github-actions[bot]@users.noreply.github.com> (cherry picked from commit 7058819)
|
Successfully created backport PR for |
Backport #9127 into `stable2506` from alexggh. See the [documentation](https://github.com/paritytech/polkadot-sdk/blob/master/docs/BACKPORT.md) on how to use this bot. <!-- # To be used by other automation, do not modify: original-pr-number: #${pull_number} --> Signed-off-by: Alexandru Gheorghe <alexandru.gheorghe@parity.io> Co-authored-by: Alexandru Gheorghe <49718502+alexggh@users.noreply.github.com> Co-authored-by: Bastian Köcher <git@kchr.de> Co-authored-by: cmd[bot] <41898282+github-actions[bot]@users.noreply.github.com>
alexggh
added
A4-backport-unstable2507
|
Created backport PR for
Please cherry-pick the changes locally and resolve any conflicts. git fetch origin backport-9127-to-stable
git worktree add --checkout .worktree/backport-9127-to-stable backport-9127-to-stable
cd .worktree/backport-9127-to-stable
git reset --hard HEAD^
git cherry-pick -x 7058819a45ed5b74cedd6d21698f1c2ac2445d6b
git push --force-with-lease |
|
Backport failed for |
|
Backport failed for Please cherry-pick the changes locally and resolve any conflicts. git fetch origin stable2506
git worktree add -d .worktree/backport-9127-to-stable2506 origin/stable2506
cd .worktree/backport-9127-to-stable2506
git switch --create backport-9127-to-stable2506
git cherry-pick -x 7058819a45ed5b74cedd6d21698f1c2ac2445d6b |
…lidation context (#9127) #8606 paritytech/trie#221 replaced the usage of BTreeMap with HashMaps in validation context. The keys are already derived with a cryptographic hash function from user data, so users should not be able to manipulate it. To be on safe side this PR also modifies the TrieCache, TrieRecorder and MemoryDB to use a hasher that on top of the default generated randomness also adds randomness generated from the hash of the relaychain and that of the parachain blocks, which is not something users can control or guess ahead of time. --------- Signed-off-by: Alexandru Gheorghe <alexandru.gheorghe@parity.io> Co-authored-by: Bastian Köcher <git@kchr.de> Co-authored-by: cmd[bot] <41898282+github-actions[bot]@users.noreply.github.com> (cherry picked from commit 7058819)
|
Successfully created backport PR for |
Backport #9127 into `unstable2507` from alexggh. See the [documentation](https://github.com/paritytech/polkadot-sdk/blob/master/docs/BACKPORT.md) on how to use this bot. <!-- # To be used by other automation, do not modify: original-pr-number: #${pull_number} --> Signed-off-by: Alexandru Gheorghe <alexandru.gheorghe@parity.io> Co-authored-by: Alexandru Gheorghe <49718502+alexggh@users.noreply.github.com> Co-authored-by: Bastian Köcher <git@kchr.de> Co-authored-by: cmd[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Adrian Catangiu <adrian@parity.io>
…lidation context (#9127) #8606 paritytech/trie#221 replaced the usage of BTreeMap with HashMaps in validation context. The keys are already derived with a cryptographic hash function from user data, so users should not be able to manipulate it. To be on safe side this PR also modifies the TrieCache, TrieRecorder and MemoryDB to use a hasher that on top of the default generated randomness also adds randomness generated from the hash of the relaychain and that of the parachain blocks, which is not something users can control or guess ahead of time. --------- Signed-off-by: Alexandru Gheorghe <alexandru.gheorghe@parity.io> Co-authored-by: Bastian Köcher <git@kchr.de> Co-authored-by: cmd[bot] <41898282+github-actions[bot]@users.noreply.github.com>
github-project-automation
bot
moved this from Todo
to Done
in [preview] release tracker
5 participants
#8606 paritytech/trie#221 replaced the usage of BTreeMap with HashMaps in validation context. The keys are already derived with a cryptographic hash function from user data, so users should not be able to manipulate it.
To be on safe side this PR also modifies the TrieCache, TrieRecorder and MemoryDB to use a hasher that on top of the default generated randomness also adds randomness generated from the hash of the relaychain and that of the parachain blocks, which is not something users can control or guess ahead of time.