From 1a11a36e493e6470a1e02b353da55f3957dda861 Mon Sep 17 00:00:00 2001 From: Simon Noetzlin Date: Fri, 3 Nov 2023 11:17:01 +0100 Subject: [PATCH 1/5] update ADR --- .../adrs/adr-005-cryptographic-equivocation-verification.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/docs/adrs/adr-005-cryptographic-equivocation-verification.md b/docs/docs/adrs/adr-005-cryptographic-equivocation-verification.md index da83356291..4813368590 100644 --- a/docs/docs/adrs/adr-005-cryptographic-equivocation-verification.md +++ b/docs/docs/adrs/adr-005-cryptographic-equivocation-verification.md @@ -8,6 +8,7 @@ title: Cryptographic verification of equivocation evidence * 5/1/2023: First draft * 7/23/2023: Add light client attacks handling * 9/6/2023: Add double signing attacks handling +* 11/3/2023: Add Amnesia attacks handling ## Status @@ -137,7 +138,7 @@ either using its infraction height or its unsigned timestamp. Note that changes The underlying reason is that a malicious validator could take advantage of getting tombstoned to avoid being slashed on the provider ([see comment](https://github.com/cosmos/interchain-security/pull/1232#issuecomment-1693127641)). -- Currently, the endpoint can only handle "equivocation" light client attacks. This is because the "lunatic" attacks require the endpoint to possess the ability to dissociate which header is conflicted or trusted upon receiving a misbehavior message. Without this information, it's not possible to define the Byzantine validators from the conflicting headers (see [comment](https://github.com/cosmos/interchain-security/pull/826#discussion_r1268668684)). +- Currently, the endpoint can only handle "equivocation" light client attacks. This is because the "lunatic" attacks require the endpoint to possess the ability to dissociate which header is conflicted or trusted upon receiving a misbehavior message. Without this information, it's not possible to define the Byzantine validators from the conflicting headers (see [comment](https://github.com/cosmos/interchain-security/pull/826#discussion_r1268668684)). In addition, "amnesia" attacks are ignored, similar to CometBFT (see https://github.com/cometbft/cometbft/blob/main/docs/architecture/tendermint-core/adr-056-light-client-amnesia-attacks.md#decision). ## Consequences From 4e939b08135739810a8bb08b5fe398e69b372718 Mon Sep 17 00:00:00 2001 From: Simon Noetzlin Date: Fri, 3 Nov 2023 16:51:04 +0100 Subject: [PATCH 2/5] update changelog --- .../adrs/adr-005-cryptographic-equivocation-verification.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/docs/adrs/adr-005-cryptographic-equivocation-verification.md b/docs/docs/adrs/adr-005-cryptographic-equivocation-verification.md index 4813368590..007f41aee6 100644 --- a/docs/docs/adrs/adr-005-cryptographic-equivocation-verification.md +++ b/docs/docs/adrs/adr-005-cryptographic-equivocation-verification.md @@ -8,7 +8,7 @@ title: Cryptographic verification of equivocation evidence * 5/1/2023: First draft * 7/23/2023: Add light client attacks handling * 9/6/2023: Add double signing attacks handling -* 11/3/2023: Add Amnesia attacks handling +* 11/3/2023: Update limitations to handle amnesia attacks ## Status From b45a248ca08c3bce2cc1a76aa62db88ee313dd6a Mon Sep 17 00:00:00 2001 From: Simon Noetzlin Date: Mon, 6 Nov 2023 08:15:50 +0100 Subject: [PATCH 3/5] nit --- .../adrs/adr-005-cryptographic-equivocation-verification.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/docs/adrs/adr-005-cryptographic-equivocation-verification.md b/docs/docs/adrs/adr-005-cryptographic-equivocation-verification.md index 007f41aee6..e0c8fb7f93 100644 --- a/docs/docs/adrs/adr-005-cryptographic-equivocation-verification.md +++ b/docs/docs/adrs/adr-005-cryptographic-equivocation-verification.md @@ -8,7 +8,7 @@ title: Cryptographic verification of equivocation evidence * 5/1/2023: First draft * 7/23/2023: Add light client attacks handling * 9/6/2023: Add double signing attacks handling -* 11/3/2023: Update limitations to handle amnesia attacks +* 11/3/2023: Update limitation about amnesia attacks ## Status From 56194642f811cd410a8ee5ddf038ff8c136282e7 Mon Sep 17 00:00:00 2001 From: Simon Noetzlin Date: Mon, 6 Nov 2023 10:42:35 +0100 Subject: [PATCH 4/5] update changelog --- .../adrs/adr-005-cryptographic-equivocation-verification.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/docs/adrs/adr-005-cryptographic-equivocation-verification.md b/docs/docs/adrs/adr-005-cryptographic-equivocation-verification.md index e0c8fb7f93..5e9a242ed7 100644 --- a/docs/docs/adrs/adr-005-cryptographic-equivocation-verification.md +++ b/docs/docs/adrs/adr-005-cryptographic-equivocation-verification.md @@ -8,7 +8,7 @@ title: Cryptographic verification of equivocation evidence * 5/1/2023: First draft * 7/23/2023: Add light client attacks handling * 9/6/2023: Add double signing attacks handling -* 11/3/2023: Update limitation about amnesia attacks +* 11/3/2023: Update limitations to clarify amnesia attacks are ignored ## Status From b398630bf421007cbe7b9dada29321a2b3bbd3d2 Mon Sep 17 00:00:00 2001 From: Simon Noetzlin Date: Mon, 6 Nov 2023 10:43:08 +0100 Subject: [PATCH 5/5] Update docs/docs/adrs/adr-005-cryptographic-equivocation-verification.md Co-authored-by: insumity --- .../adrs/adr-005-cryptographic-equivocation-verification.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/docs/adrs/adr-005-cryptographic-equivocation-verification.md b/docs/docs/adrs/adr-005-cryptographic-equivocation-verification.md index 5e9a242ed7..657ca25355 100644 --- a/docs/docs/adrs/adr-005-cryptographic-equivocation-verification.md +++ b/docs/docs/adrs/adr-005-cryptographic-equivocation-verification.md @@ -138,7 +138,7 @@ either using its infraction height or its unsigned timestamp. Note that changes The underlying reason is that a malicious validator could take advantage of getting tombstoned to avoid being slashed on the provider ([see comment](https://github.com/cosmos/interchain-security/pull/1232#issuecomment-1693127641)). -- Currently, the endpoint can only handle "equivocation" light client attacks. This is because the "lunatic" attacks require the endpoint to possess the ability to dissociate which header is conflicted or trusted upon receiving a misbehavior message. Without this information, it's not possible to define the Byzantine validators from the conflicting headers (see [comment](https://github.com/cosmos/interchain-security/pull/826#discussion_r1268668684)). In addition, "amnesia" attacks are ignored, similar to CometBFT (see https://github.com/cometbft/cometbft/blob/main/docs/architecture/tendermint-core/adr-056-light-client-amnesia-attacks.md#decision). +- Currently, the endpoint can only handle _equivocation_ light client attacks. This is because the _lunatic_ attacks require the endpoint to possess the ability to dissociate which header is conflicted or trusted upon receiving a misbehavior message. Without this information, it's not possible to extract the Byzantine validators from the conflicting headers (see [comment](https://github.com/cosmos/interchain-security/pull/826#discussion_r1268668684)). In addition, "amnesia" attacks are ignored, similar to CometBFT (see [ADR-056](https://github.com/cometbft/cometbft/blob/main/docs/architecture/tendermint-core/adr-056-light-client-amnesia-attacks.md#decision)). ## Consequences