certusone
/
cosmos-sdk
mirror of https://github.com/certusone/cosmos-sdk.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
cosmos-sdk/docs/light
History
Alessio Treglia e2da4caae4 Merge PR #2364: Implement HTTPS for the LCD REST server 
In order to guarantee a secure connection between apps and the LCD the
communication must be encrypted - even if clients and server run on the
same local machine, credentials must never be transmitted in clear text.

Upon start up, the server generates a self-signed certificate and a key.
Both are stored as temporary files; removal is guaranteed on exit.

This new behaviour is now enabled by default, though users are provided
with a --insecure flag to switch it off.
 		2018-09-22 00:33:58 +08:00
..
pics Address comments 2018-07-11 13:50:09 +02:00
api.md Merge PR #2306: Change --gas=0 semantic and introduce --gas=simulate 2018-09-11 20:31:30 -04:00
getting_started.md Merge PR #2364: Implement HTTPS for the LCD REST server 2018-09-22 00:33:58 +08:00
load_balancer.md Address comments 2018-07-11 13:50:09 +02:00
readme.md Merge PR #1880: Staking Gaia-lite (ex LCD) refactor 2018-08-08 12:38:39 +02:00
specification.md Merge pull request #2000: tests for staking lcd 2018-08-13 18:06:48 -04:00
todo.md Address comments 2018-07-11 13:50:09 +02:00

readme.md

Cosmos-Sdk Light Client

Introduction

A light client allows clients, such as mobile phones, to receive proofs of the state of the blockchain from any full node. Light clients do not have to trust any full node, since they are able to verify any proof they receive and hence full nodes cannot lie about the state of the network.

A light client can provide the same security as a full node with the minimal requirements on bandwidth, computing and storage resource. Besides, it can also provide modular functionality according to users' configuration. These fantastic features allow developers to build fully secure, efficient and usable mobile apps, websites or any other applications without deploying or maintaining any full blockchain nodes.

LCD will be used in the Cosmos Hub, the first Hub in the Cosmos network.

Contents

  1. Overview
  2. Get Started
  3. API
  4. Specifications

Overview

What is a Light Client

The LCD is split into two separate components. The first component is generic for any Tendermint based application. It handles the security and connectivity aspects of following the header chain and verify proofs from full nodes against locally trusted validator set. Furthermore it exposes exactly the same API as any Tendermint Core node. The second component is specific for the Cosmos Hub (Gaiad). It works as a query endpoint and exposes the application specific functionality, which can be arbitrary. All queries against the application state have to go through the query endpoint. The advantage of the query endpoint is that it can verify the proofs that the application returns.

High-Level Architecture

An application developer that would like to build a third party integration can ship his application with the LCD for the Cosmos Hub (or any other zone) and only needs to initialise it. Afterwards his application can interact with the zone as if it was running against a full node.

high-level

An application developer that wants to build an third party application for the Cosmos Hub (or any other zone) should build it against it's canonical API. That API is a combination of multiple parts. All zones have to expose ICS0 (TendermintAPI). Beyond that any zone is free to choose any combination of module APIs, depending on which modules the state machine uses. The Cosmos Hub will initially support ICS0 (TendermintAPI), ICS1 (KeyAPI), ICS20 (TokenAPI), ICS21 (StakingAPI) and ICS22 (GovernanceAPI).

All applications are expected to only run against the LCD. The LCD is the only piece of software that offers stability guarantees around the zone API.

Comparision

A full node of ABCI is different from its light client in the following ways:

Full Node LCD Description
Execute and verify transactions Yes No Full node will execute and verify all transactions while LCD won't
Verify and save blocks Yes No Full node will verify and save all blocks while LCD won't
Participate consensus Yes No Only when the full node is a validtor, it will participate consensus. LCD nodes never participate consensus
Bandwidth cost Huge Little Full node will receive all blocks. if the bandwidth is limited, it will fall behind the main network. What's more, if it happens to be a validator,it will slow down the consensus process. LCD requires little bandwidth. Only when serving local request, it will cost bandwidth
Computing resource Huge Little Full node will execute all transactions and verify all blocks which require much computing resource
Storage resource Huge Little Full node will save all blocks and ABCI states. LCD just saves validator sets and some checkpoints
Power consume Huge Little Full nodes have to be deployed on machines which have high performance and will be running all the time. So power consume will be huge. LCD can be deployed on the same machines as users' applications, or on independent machines but with poor performance. Besides, LCD can be shutdown anytime when necessary. So LCD only consume very little power, even mobile devices can meet the power requirement
Provide APIs All cosmos APIs Modular APIs Full node supports all cosmos APIs. LCD provides modular APIs according to users' configuration
Secuity level High High Full node will verify all transactions and blocks by itself. LCD can't do this, but it can query any data from other full nodes and verify the data independently. So both full node and LCD don't need to trust any third nodes, they all can achieve high security

According to the above table, LCD can meet all users' functionality and security requirements, but only requires little resource on bandwidth, computing, storage and power.

How does LCD achieve high security?

Trusted validator set

The base design philosophy of lcd follows the two rules:

  1. Doesn't trust any blockchain nodes, including validator nodes and other full nodes
  2. Only trusts the whole validator set

The original trusted validator set should be prepositioned into its trust store, usually this validator set comes from genesis file. During running time, if LCD detects different validator set, it will verify it and save new validated validator set to trust store.

validator-set-change

Trust propagation

From the above section, we come to know how to get trusted validator set and how lcd keeps track of validator set evolution. Validator set is the foundation of trust, and the trust can propagate to other blockchain data, such as block and transaction. The propagate architecture is shown as follows:

change-process

In general, by trusted validator set, LCD can verify each block commit which contains all pre-commit data and block header data. Then the block hash, data hash and appHash are trusted. Based on this and merkle proof, all transactions data and ABCI states can be verified too. Detailed implementation will be posted on technical specification.