docs: add inclusion proofs documentation #160
Conversation
Co-authored-by: John Adler <[email protected]>
Co-authored-by: John Adler <[email protected]>
Co-authored-by: John Adler <[email protected]>
Co-authored-by: John Adler <[email protected]>
Co-authored-by: John Adler <[email protected]>
Co-authored-by: John Adler <[email protected]>
Co-authored-by: John Adler <[email protected]>
Co-authored-by: John Adler <[email protected]>
Co-authored-by: John Adler <[email protected]>
There was a problem hiding this comment.
This is a good start, and there's a lot of good info here, but I think it would be helpful to devs to make a clearer distinction between what the qgb contracts are doing, inclusion proofs, and then talk more about an example fraud proof system that uses those inclusion proofs to prove fraud (and not necessarily a bunch of different new fraud proof types).
If we want to discuss the details of what inclusion proofs actually look like under the hood, then we should specify that (which would also be useful)
docs/fraud-proofs.md
Outdated
| Fraud proofs is the mechanism used to inform light clients in the case of an invalid rollup state transition or unavailable rollup block data. They rely on rollup full nodes getting the data that was published to Celestia, and executing all the state transitions to verify the rollup state. If they discover an invalid state transition or unavailable rollup data, they emit a fraud proof with the necessary information to convince light clients that fraud happened. This allows for trust-minimized light clients, as the network only needs one honest full node to create the fraud proof and propagate it. | ||
|
|
||
| If the Celestium is settlement smart contract based, then the contract would only need to receive a fraud proof to decide whether data was published correctly or not. |
There was a problem hiding this comment.
are there types of celestiums that aren't smart contract based?
There was a problem hiding this comment.
I guess they all are smart contract based, but light clients also can verify the proofs before the settlement smart contract executes them.
docs/fraud-proofs.md
Outdated
| ## Unavailable data fraud proof | ||
|
|
||
| By construction, the rollup block data is the sequence of spans defined in the header. Thus, proving that the data is unavailable goes back to proving that the sequence of spans doesn't belong to the Celestia block, i.e. the span is out of bounds. | ||
|
|
||
| We could prove that via creating a binary [Merkle proof](https://github.com/celestiaorg/celestia-core/blob/c3ab251659f6fe0f36d10e0dbd14c29a78a85352/crypto/merkle/proof.go#L19-L31) of any row/column to the Celestia data root. This proof will provide the `Total` which is the number of rows/columns in the extended data square. And, we can use that to calculate the square size. | ||
|
|
||
| Then, we will use that information to check if the provided transaction index, in the header, is out of the square size bounds. | ||
|
|
||
| For the data root, we will use a binary Merkle proof to prove its inclusion in a data root tuple root that was committed to by the QGB smart contract. More on this in [here](#1-data-root-inclusion-proof). |
There was a problem hiding this comment.
this is important info! but I'm not sure making it its own type of fraud proof is our best option. Or imo we pick a different name for the proof.
The main reasoning I'm seeing not to is because we want fraud proofs to be as normal as possible. The only thing that changes here is if an error is thrown when checking for inclusion, then we know that the data was not posted to celestia. This is essentially all we need to communicate, that there is an edge case where the location in the header doesn't exist, in which case no further action is required to verify the normal fraud proof.
There was a problem hiding this comment.
This is just providing a distinction of the type of frauds that can happen from the QGB/Celestia perspective so that rollups can incorporate them in their proofs.
What do you think about switching the titles:
## Unavailable data fraud proof => ## Proving unavailable data?
docs/fraud-proofs.md
Outdated
| > [!NOTE] | ||
| > The sequence of spans can be defined using the following: `Height`, `start index`, and `length` in the Celestia block, in the case of a single Celestia block. However, it could be generalized to span over multiple blocks. | ||
|
|
||
| For the rest of the document, we will suppose that the sequence of spans only references one Celestia block. |
There was a problem hiding this comment.
sequence of spans
sequence of data?
There was a problem hiding this comment.
docs/fraud-proofs.md
Outdated
| Rollups can adopt many approaches to prove that fraud happened. One of which could be having the following fields in the rollup header: | ||
|
|
||
| - Rollup block state root | ||
| - A sequence of spans in Celestia: which references where the rollup data was published in the Celestia chain. |
There was a problem hiding this comment.
A sequence of spans
what is a span?
There was a problem hiding this comment.
docs/fraud-proofs.md
Outdated
| ### 1. Data root inclusion proof | ||
|
|
||
| To prove the data root is committed to by the QGB smart contract, we will need to provide a Merkle proof of the data root tuple to a data root tuple root. This can be created using the [`data_root_inclusion_proof`](https://github.com/celestiaorg/celestia-core/blob/c3ab251659f6fe0f36d10e0dbd14c29a78a85352/rpc/client/http/http.go#L492-L511) query. | ||
|
|
||
| ### 2. Transaction inclusion proof | ||
|
|
||
| To prove that a rollup transaction is part of the data root, we will need to provide two proofs: a namespace Merkle proof of the transaction to a row root. This could be done via proving the shares that contain the transaction to the row root using a namespace Merkle proof. And, a binary Merkle proof of the row root to the data root. | ||
|
|
||
| These proofs can be generated using the [`ProveShares`](https://github.com/celestiaorg/celestia-core/blob/c3ab251659f6fe0f36d10e0dbd14c29a78a85352/rpc/client/http/http.go#L526-L543) query. | ||
|
|
||
| ### 3. Transaction part of the rollup sequence | ||
|
|
||
| The Celestia block is a 2d matrix of rows and columns, where the row roots and column roots are committed to in the data root. We can use this property to point which rows and columns does the transaction shares belong to. Then, we will use those coordinates to calculate the row major index of the transaction, and verify if it is part of the sequence span. | ||
|
|
||
| The coordinates can be gotten using a namespace Merkle proof of the shares to the row root, and also to the column root. Then, we will create Merkle proofs of that row root and column root to the data root. These [proofs](https://github.com/celestiaorg/celestia-core/blob/c3ab251659f6fe0f36d10e0dbd14c29a78a85352/crypto/merkle/proof.go#L19-L31) will contain the [`Index`](https://github.com/celestiaorg/celestia-core/blob/c3ab251659f6fe0f36d10e0dbd14c29a78a85352/crypto/merkle/proof.go#L28) of the row/column, and the [`Total`](https://github.com/celestiaorg/celestia-core/blob/c3ab251659f6fe0f36d10e0dbd14c29a78a85352/crypto/merkle/proof.go#L27) number of rows/columns in the proofs which would allow us to calculate the row major index of the transaction. |
There was a problem hiding this comment.
I'm not sure this is the best spot for this or if the user needs to know these things when thinking about fraud proofs.
mostly, we just need to communicate what can possibly occur when using the fraud proofs. Either the inclusion proof is valid or invalid, and if its invalid what are the reasons for it being invalid (the portion about the data not being posted to the square).
I think this document is generally not making a clear enough distinction between what the qgb contracts are doing, which is just inclusion proofs, not really fraud proofs.
Fraud proofs are important, but I think keeping those more separate is good.
There was a problem hiding this comment.
this part was removed and a different explanation is provided
docs/fraud-proofs.md
Outdated
| > [!NOTE] | ||
| > The sequence of spans can be defined using the following: `Height`, `start index`, and `length` in the Celestia block, in the case of a single Celestia block. However, it could be generalized to span over multiple blocks. | ||
|
|
||
| For the rest of the document, we will suppose that the sequence of spans only references one Celestia block. |
There was a problem hiding this comment.
what occurs when the celestium needs to prove inclusion to multiple chunks of data?
There was a problem hiding this comment.
That depends on how they want to separate their data. Generally, they would have multiple references to data in Celestia blocks and they would prove inclusion to one of them
|
@evan-forbes This is just the first part of the documentation that gives a general overview of how the fraud proofs for QGB work. I am working on an example rollup, in a test, where I will use real Celestia blocks, and create each type of fraud proofs + write comments explaining each step. This will be in a subsequent PR |
Co-authored-by: Evan Forbes <[email protected]>
Co-authored-by: Evan Forbes <[email protected]>
Co-authored-by: Evan Forbes <[email protected]>
Co-authored-by: Evan Forbes <[email protected]>
rach-id
changed the title
Co-authored-by: John Adler <[email protected]>
Co-authored-by: John Adler <[email protected]>
Co-authored-by: John Adler <[email protected]>
Co-authored-by: John Adler <[email protected]>
Co-authored-by: John Adler <[email protected]>
Co-authored-by: John Adler <[email protected]>
Co-authored-by: John Adler <[email protected]>
Co-authored-by: John Adler <[email protected]>
Co-authored-by: John Adler <[email protected]>
Co-authored-by: John Adler <[email protected]>
Co-authored-by: John Adler <[email protected]>
Co-authored-by: John Adler <[email protected]>
Co-authored-by: John Adler <[email protected]>
|
CI will be fixed in here: #197 |
<!-- Please read and fill out this form before submitting your PR. Please make sure you have reviewed our contributors guide before submitting your first PR. --> ## Overview <!-- Please provide an explanation of the PR, including the appropriate context, background, goal, and rationale. If there is an issue with this information, please provide a tl;dr and link the issue. --> closes #193 The test that fails if this fix is absent is in here: #160 ## Checklist <!-- Please complete the checklist to ensure that the PR is ready to be reviewed. IMPORTANT: PRs should be left in Draft until the below checklist is completed. --> - [ ] New and updated code has appropriate documentation - [ ] New and updated code has new and/or updated testing - [ ] Required CI checks are passing - [ ] Visual proof for any user facing features like CLI or documentation updates - [ ] Linked issues closed with keywords
|
Merging, if there are any hanging questions or fixes, we can create separate issues for them. Thanks a lot guys for the reviews 👍 👍 |
Overview
Closes #143 and #193
Checklist