|
| 1 | +--- |
| 2 | +simd: 'XXXX' |
| 3 | +title: Add Parent Bank Hash to Block Header |
| 4 | +authors: |
| 5 | + - Max Resnick |
| 6 | +category: Standard |
| 7 | +type: Core |
| 8 | +status: Idea |
| 9 | +created: 2024-03-26 |
| 10 | +--- |
| 11 | + |
| 12 | +## Summary |
| 13 | + |
| 14 | +This proposal adds the parent bank hash to the block header and introduces validity constraints to ensure the parent bank hash matches the expected value. This change enhances the security and integrity of the blockchain by providing an additional verification layer for block validity. |
| 15 | + |
| 16 | +## Motivation |
| 17 | + |
| 18 | +This proposal is neccesary for the initial rollout of asynchronous execution. Currently validators wait until they have finished executing the block before voting, causing delays on the critical path and getting in the way of longer term roadmap items like multiple concurrent proposers and shorter block times. Async execution requires voting before execution has finished which means that validators cannot include the `BankHash` in their votes and must therefore vote only on the blockID. If we remove `BankHash` from votes without any other changes then execution would not be a part of consensus at all, meaning if there is a bug in the runtime which causes a `BankHash` mismatch it could be difficult to identify quickly and resolve. This proposal moves consensus on the `BankHash` back one slot by adding the `BankHash` of the parent block to the first FEC set of each block so that we still have consensus on execution state eventually. |
| 19 | + |
| 20 | +## New Terminology |
| 21 | + |
| 22 | +Block Header: This is an umbrella term for information contained in the first FEC set of each block including blockID, parent blockID, parent Bank Hash etc... |
| 23 | + |
| 24 | +## Detailed Design |
| 25 | + |
| 26 | +### Block Header Changes |
| 27 | + |
| 28 | +The block header structure will be extended to include a new field: |
| 29 | + |
| 30 | +```rust |
| 31 | +pub struct BlockHeader { |
| 32 | + // ... existing fields ... |
| 33 | + pub parent_bank_hash: Hash, // Hash of the parent block's bank state |
| 34 | +} |
| 35 | +``` |
| 36 | + |
| 37 | +### Validity Constraints |
| 38 | + |
| 39 | +In addition to the current validity constraints a block will be considered invalid if: |
| 40 | + |
| 41 | +1. The parent_bank_hash does not match the hash of the parent block's bank state |
| 42 | +2. The parent_bank_hash is missing (for blocks after the feature is activated) |
| 43 | + |
| 44 | +### Implementation Details |
| 45 | + |
| 46 | +1. The bank hash will be computed at the end of processing each block |
| 47 | +2. The hash will be stored in the block metadata |
| 48 | +3. Validators will verify the parent_bank_hash matches their computed hash of the parent block's state |
| 49 | +4. The feature will be gated behind a feature flag |
| 50 | + |
| 51 | +### Feature Activation |
| 52 | + |
| 53 | +The feature can be activated at any time before or after the Alpenglow rollout. |
| 54 | + |
| 55 | +This change will be implemented behind a feature flag and activated through the feature activation program. The activation will require: |
| 56 | + |
| 57 | +1. Implementation of the new block header structure |
| 58 | +2. Updates to block validation logic |
| 59 | +3. Updates to block production logic |
| 60 | +4. Updates to block replay logic |
| 61 | + |
| 62 | +## Alternatives Considered |
| 63 | + |
| 64 | +1. **Remove Execution from Consensus Entirely**: We could simply remove the BankHash from votes and not include it anywhere in the block structure. This would mean that execution bugs could go undetected for longer periods, making it harder to identify and resolve runtime issues. Eventually we want to remove this completely but for now it seems useful to keep training wheels on particularly as we rollout Firedancer's VM implementation. |
| 65 | + |
| 66 | +2. **XOR BankHash with BlockID**: Instead of adding a separate parent_bank_hash field, we could XOR the parent's BankHash with the BlockID to create a combined hash. This would save space but make verification more complex and less transparent. This approach was rejected because it adds unnecessary complexity to the validation process and makes debugging more difficult. |
| 67 | + |
| 68 | +## Impact |
| 69 | + |
| 70 | +Blocks now contains slightly more metadata bytes which cannot be used for transactions. |
| 71 | + |
| 72 | +## Security Considerations |
| 73 | + |
| 74 | +This change makes block validity more restrictive. No blocks would be valid under this proposal that would otherwise be invalid today. |
| 75 | + |
| 76 | +## Backwards Compatibility |
| 77 | + |
| 78 | +This change is not backwards compatible and requires a feature flag for activation. All validators must upgrade to support the new block header format and validation rules before the feature is activated. |
| 79 | + |
| 80 | +## Implementation Plan |
| 81 | + |
| 82 | +1. Create feature flag for parent bank hash |
| 83 | +2. Implement block header changes |
| 84 | +3. Update block validation logic |
| 85 | +4. Update block production logic |
| 86 | +5. Add tests for new validation rules |
| 87 | +6. Deploy to testnet |
| 88 | +7. Activate feature on mainnet-beta |
0 commit comments