Skip to content

[P0] Make handling of warm keys deterministic #986

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
Brgndy25 wants to merge 10 commits into
base: upgrade-v0.2.12
Choose a base branch
from
Open

[P0] Make handling of warm keys deterministic #986

Changes from 1 commit
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
8410fbb
[#913] Add finalized nonce computation for recovery
Brgndy25 Mar 30, 2026
ab44f95
[#913] Plumb DiffRecord through GetDiffs and gossip recovery
Brgndy25 Mar 30, 2026
36bc095
[#913] Trust BFT-finalized warm keys on gossip recovery replay
Brgndy25 Mar 31, 2026
a334443
[#913] refactor: removed redunant check in twoThirdsWeight
Brgndy25 Apr 3, 2026
7b8f359
#[913] Add unit tests for computeFinalizedNonce
Brgndy25 Apr 6, 2026
5f3e1ae
#[913] Add ApplyRecoveredDiffs tests for warm-key inject vs resolver
Brgndy25 Apr 6, 2026
1e98450
Merge branch 'upgrade-v0.2.12' into brgndy25/#913-impl-warm-key-deter…
Brgndy25 Apr 6, 2026
1b54432
#[913] Log storage errors when loading signatures for finalized nonce
Brgndy25 Apr 8, 2026
7b60578
#[913] Optimize computeFinalizedNonce (linear pass, merged threshold)
Brgndy25 Apr 8, 2026
fbf4922
#[913] Roll back injected warm keys when recovered diff apply fails
Brgndy25 Apr 8, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
61 changes: 61 additions & 0 deletions subnet/host/finality.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
package host

import (
"subnet/storage"
"subnet/types"
)

// computeFinalizedNonce returns the highest nonce F such that >=2/3 of the
// session group (by slot count) has signed at nonce >= F.
//
// A slot that signed at nonce n is considered to have implicitly confirmed all
// nonces <= n by building on top of them.
func computeFinalizedNonce(store storage.Storage, escrowID string, latestNonce uint64, group []types.SlotAssignment) uint64 {
// confirmedBy[n] = bitmap of slots that have signed at nonce >= n.
// Bitmap128 is a value type (16 bytes); max group size is 128.
confirmedBy := make(map[uint64]types.Bitmap128)

for n := uint64(1); n <= latestNonce; n++ {
sigs, err := store.GetSignatures(escrowID, n)
if err != nil {
continue
}
Copy link
Copy Markdown
Collaborator

@akup akup Apr 8, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should add log at error level here if err != nil

Copy link
Copy Markdown
Collaborator Author

@Brgndy25 Brgndy25 Apr 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed

for slotID := range sigs {
// This slot signed at n, confirming all nonces 1..n.
for prev := uint64(1); prev <= n; prev++ {
bm := confirmedBy[prev] // zero value if absent
bm.Set(slotID)
confirmedBy[prev] = bm
}
}
}
Copy link
Copy Markdown
Collaborator

@akup akup Apr 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Here is O(N^2) cycle when O(N) is intended to be.
We just don't need inner cycle

for prev := uint64(1); prev <= n; prev++

It could be:

confirmedBy := make(map[uint64]types.Bitmap128)
// running = slots that have signed at any nonce >= current n.
var running types.Bitmap128
for n := latestNonce; n > 0; n-- {
	sigs, err := store.GetSignatures(escrowID, n)
	if err != nil {
		// keep previous running set; just skip adding new signers for this nonce
		confirmedBy[n] = running
		continue
	}
	// A slot that signed at n confirms all nonces <= n.
	// In reverse traversal, that means it belongs to running for n and all lower nonces.
	for slotID := range sigs {
		running.Set(slotID)
	}
	confirmedBy[n] = running
}

O(N) cycle

Copy link
Copy Markdown
Collaborator

@akup akup Apr 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Moreover we don't need next cycle, we can here add

...
confirmedBy[n] = running
if bitmapSlotWeight(confirmedBy[f], group) >= threshold {
  return n
}

Copy link
Copy Markdown
Collaborator Author

@Brgndy25 Brgndy25 Apr 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed


threshold := twoThirdsWeight(group)
for f := latestNonce; f > 0; f-- {
if bitmapSlotWeight(confirmedBy[f], group) >= threshold {
return f
Copy link

Copilot AI Mar 31, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

computeFinalizedNonce uses twoThirdsWeight(group) as the threshold, but twoThirdsWeight currently computes ceil(2/3 * n). This is weaker than the finalization threshold used elsewhere (e.g. Host.checkFinalization uses 2*len(group)/3 + 1, i.e. >2/3). As a result, finalized may be overestimated (e.g. group size 3 => threshold 2 here vs 3 in checkFinalization), causing ApplyRecoveredDiffs to trust WarmKeyDelta from the wire before the nonce is actually finalized. Align the threshold calculation with the existing finalization rule (>2/3).

Copilot uses AI. Check for mistakes.
}
}
return 0 // warm-up period: not yet finalized
}

// bitmapSlotWeight counts the number of group slots whose bit is set in bm.
func bitmapSlotWeight(bm types.Bitmap128, group []types.SlotAssignment) uint32 {
var total uint32
for _, sa := range group {
if bm.IsSet(sa.SlotID) {
total++
}
}
return total
}

// twoThirdsWeight returns ceil(2/3 * totalSlots).
func twoThirdsWeight(group []types.SlotAssignment) uint32 {
total := uint32(len(group))
if total == 0 {
return 0
}
return (total*2 + 2) / 3
}