chain: disable goosig after 1 year + 1 month

[tynes]

Edited 1/24/20

Adds a new hard coded deployment that disables GooSig after 1 year and 1 month of blocktime. This is to prevent the cryptography being broken in an unforseen way or a social attack where somebody claims it is broken when it actually isn't.

Two One new field is added to lib/protocol/networks

• [network].airdrop.disableGoosig
• [network].airdrop.disableGoosigHeight
• [network].goosigStop

I used 2 variables to be very explicit, disableGoosig is a boolean and disableGoosigHeight is an integer. We could combine them into a single variable using -1 as disableGoosig: false if that is preferred.

The DeploymentState is updated with a new property goobye and a getter hasGooBye. I wasn't sure what the best name for this deployment is, so I just went with that. Open to suggestions.

The functionality is as of follows:

If the network allows for GooSig to be disabled and the height of the previous block is greater than or equal to the hardcoded network height, then disable GooSig.

TODO:

• Figure out correct testnet values

[codecov-io]

Codecov Report

Merging #305 into master will increase coverage by 0.44%.
The diff coverage is 66.66%.

@@            Coverage Diff             @@
##           master     #305      +/-   ##
==========================================
+ Coverage   58.71%   59.15%   +0.44%     
==========================================
  Files         129      130       +1     
  Lines       35802    35970     +168     
  Branches     6028     6046      +18     
==========================================
+ Hits        21022    21279     +257     
+ Misses      14780    14691      -89

Impacted Files	Coverage Δ
lib/protocol/network.js	77.41% <100%> (+0.14%)	⬆️
lib/protocol/networks.js	100% <100%> (ø)	⬆️
lib/mempool/mempool.js	46.82% <42.85%> (+3.99%)	⬆️
lib/node/spvnode.js	48.95% <75%> (ø)
lib/blockchain/chain.js	61.4% <83.33%> (+0.95%)	⬆️
lib/covenants/rules.js	73.04% <0%> (-0.15%)	⬇️
lib/script/script.js	59.32% <0%> (-0.09%)	⬇️
lib/blockchain/chaindb.js	64.02% <0%> (+0.18%)	⬆️
lib/mempool/fees.js	66.42% <0%> (+0.24%)	⬆️
... and 11 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 733e111...2d10707. Read the comment docs.

[kilpatty]

If I'm understanding this correctly, does this essentially put a time limit on the airdrops claims of 1 year and 1 month? I instinctively feel that this is a bit too short, but definitely open to setting *some time limit on Goosig.

[tynes]

If I'm understanding this correctly, does this essentially put a time limit on the airdrops claims of 1 year and 1 month? I instinctively feel that this is a bit too short, but definitely open to setting *some time limit on Goosig.

Not airdrop claims, just GooSig based claims. People will still be able to claim without using GooSig by using a normal RSA signature after the time period has expired.

[kilpatty]

Not airdrop claims, just GooSig based claims. People will still be able to claim without using GooSig by using a normal RSA signature after the time period has expired.

If Goosig is broken, doesn't this result in the same outcome privacy wise?

EDIT: (This only applies to RSA/Goosig based claims)
Goosig not broken && lasts forever -> Goosig claims are fine.
Goosig broken && lasts forever -> Goosig claims are de-anonymized.
Goosig not broken && removed after 1 year -> Early Airdrop claimers are fine, new ones are de-anonymized.
Goosig broken && removed after 1 year -> Everyone is de-anonymized.

Does removing Goosig stop the crypto being broken retroactively?

EDIT: I'm understanding now that de-anonymization may not be the only worry of the cryptography being broken. I think this makes a lot more sense in that context so feel free to ignore the above scenarios.

[tynes]

If Goosig is broken, doesn't this result in the same outcome privacy wise?

You also need to consider unforgeability, the event by which somebody without the private key can create a signature that is valid.

[tynes]

Updated the mempool code as well to not allow goosig based airdrops into the mempool after the network defined number of blocks has passed. A peer will be banned if they gossip a goosig based airdrop.

[kilpatty]

@tynes since regtest essentially allows for an arbitrary number of blocks to be mined at any point, should we consider enabling this on it as well with similar values to testnet?

[tynes]

@kilpatty I thought purposefully not disabling GooSig on regtest would be a feature, as people may want to be able to test over time without needing to roll over their chaindb (same with simnet). If there is consensus on also disabling on regtest, I will push up a change for that.

[kilpatty]

Good point, and I suppose if someone really wants to test the reverse behavior, they can just adjust the values for their own local regtest network.

Quick question: What happens in the case of a node that sends Goosig airdrop proofs 1 block away from the cutoff. Those proofs are then not mined in the cutoff block, and so they become invalid. Does that peer get banned?

[tynes]

Quick question: What happens in the case of a node that sends Goosig airdrop proofs 1 block away from the cutoff. Those proofs are then not mined in the cutoff block, and so they become invalid. Does that peer get banned?

Good thinking. The peer would not get banned, but that transaction would be stuck in the mempool. It seems like it would be ideal to evict any goosig based airdrops from the mempool after goosig has been disabled. That way there is no accidental banning of peers.

[tynes]

Thinking about how to drop GooSig based airdrops out of the mempool correctly, it feels wasteful to check for the GooSig disabled deployment and then attempt to remove all GooSig airdrops every block that is added to the mempool, since no more GooSig based airdrops will be added after a certain height. Another approach would be to only drop GooSig based airdrops out of the mempool if the block being added is at the height of deployment being activated. This seems like its subject to weird race conditions with reorgs.

My main concern is that somebody will end up with a GooSig based airdrop in the mempool during the activation and will not be able to broadcast their normal RSA based airdrop.

[tynes]

I opted for removing all GooSig based airdrops from the mempool at the height that GooSig is disabled instead of checking for the deployment. This saves some extra checks for all future blocks that come after GooSig is disabled.

[pinheadmz]

Just thinking about the UX of a user sending a goosig airdrop after the expiration time. With a Full Node, it won't go out (err.score === 100 here)

hsd/lib/node/fullnode.js

Lines 416 to 420 in c554a6f

	async sendAirdrop(proof) {
	try {
	await this.mempool.addAirdrop(proof);
	} catch (err) {
	if (err.type === 'VerifyError' && err.score === 0) {

But SPV has no such protection:

hsd/lib/node/spvnode.js

Lines 343 to 345 in c554a6f

	sendAirdrop(proof) {
	return this.broadcast(proof);
	}

In this case, an SPV node could be aware of the rules it is breaking since its just a chain height. I wonder if we should protect such users from being banned this way.

Probably we should update the README in hs-airdrop as well...

[pinheadmz]

I think since this is consensus-critical, it'd be nice to see tests. Could be similar to #330 for the flag-height activation, and similar to #319 for clearing out the mempool.

JJ's personal Airdrop is Goosig and can be tested: https://github.com/handshake-org/hsd/blob/master/test/data/airdrop-proof.base64

[tynes]

This now has test coverage and is ready for another round of review. Will squash when it looks good.

[tynes]

But SPV has no such protection:

This is a great catch.

[boymanjor]

@tynes I added some comments and nits re: the test.

[tynes]

Squashed 1 commit

[boymanjor]

@tynes I left a couple of more comments. This is almost ready to go.

[tynes]

@boymanjor Any more comments on this one? I think its good to be merged.

[boymanjor]

I left one last nit. LGTM.

[codecov-commenter]

⚠️ Please install the to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

Attention: Patch coverage is 66.66667% with 11 lines in your changes missing coverage. Please review.

Project coverage is 59.15%. Comparing base (733e111) to head (2d10707).
Report is 1110 commits behind head on master.

Files with missing lines	Patch %	Lines
lib/mempool/mempool.js	42.85%	8 Missing ⚠️
lib/node/spvnode.js	75.00%	2 Missing ⚠️
lib/blockchain/chain.js	83.33%	1 Missing ⚠️

❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files

@@            Coverage Diff             @@
##           master     #305      +/-   ##
==========================================
+ Coverage   58.71%   59.15%   +0.44%     
==========================================
  Files         129      130       +1     
  Lines       35802    35970     +168     
  Branches     6028     6046      +18     
==========================================
+ Hits        21022    21279     +257     
+ Misses      14780    14691      -89     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.