Added notes from discussion on discord
This commit is contained in:
parent
7ce9c0a2e9
commit
3357cebcdb
|
@ -77,3 +77,35 @@ Nodes retain prior versions of values (those updated by a pull or push) and
|
||||||
expired values (those older than `GOSSIP_PULL_CRDS_TIMEOUT_MS`) in
|
expired values (those older than `GOSSIP_PULL_CRDS_TIMEOUT_MS`) in
|
||||||
`purged_values` (things I recently had). Nodes purge `purged_values` that are
|
`purged_values` (things I recently had). Nodes purge `purged_values` that are
|
||||||
older than `5 * GOSSIP_PULL_CRDS_TIMEOUT_MS`.
|
older than `5 * GOSSIP_PULL_CRDS_TIMEOUT_MS`.
|
||||||
|
|
||||||
|
## Eclipse Attacks
|
||||||
|
|
||||||
|
An eclipse attack is an attempt to take over the set of node connections with
|
||||||
|
adversarial endpoints.
|
||||||
|
|
||||||
|
### Pull Message
|
||||||
|
|
||||||
|
A node is selected as a pull target based on local time since last selection and
|
||||||
|
the stake weight. There is no way for an adversary to influence those
|
||||||
|
parameters.
|
||||||
|
|
||||||
|
### Push Message
|
||||||
|
|
||||||
|
A prune message can only remove an adversary from a potential connection.
|
||||||
|
|
||||||
|
Just like *pull message*, nodes are selected into the active set based on local
|
||||||
|
time since last selection and the stake weight. There is no way for an
|
||||||
|
adversary to influence those parameters.
|
||||||
|
|
||||||
|
## Notable differences from PlumTree
|
||||||
|
|
||||||
|
The active push protocol described here is based on (Plum
|
||||||
|
Tree)[https://haslab.uminho.pt/jop/files/lpr07a.pdf]. The main differences are:
|
||||||
|
|
||||||
|
* Push messages have a wallclock that is signed by the originator. Once the
|
||||||
|
wallclock expires the message is dropped. A hop limit is difficult to implement
|
||||||
|
in an adversarial setting.
|
||||||
|
|
||||||
|
* Lazy Push is not implemented because its not obvious how to prevent an
|
||||||
|
adversary from forging the message fingerprint. A naive approach would allow an
|
||||||
|
adversary to be prioritized for pull based on their input.
|
||||||
|
|
Loading…
Reference in New Issue