Partial vs Complete Catchup: what are the differences in terms of security?stellar-code stuck with Joining...
When can a QA tester start his job?
Why zero tolerance on nudity in space?
Dilemma of explaining to interviewer that he is the reason for declining second interview
LuaTex and em dashes
Consequences of lack of rigour
Looking for access to original paper for Category O
I will be going to Sweden on business purpose .Can I visit London from Sweden and how much UK visa will cost?
What's a good word to describe a public place that looks like it wouldn't be rough?
Graph with overlapping labels
Play Zip, Zap, Zop
Can a long polymer chain interact with itself via van der Waals forces?
Do authors have to be politically correct in article-writing?
Publishing research using outdated methods
How can I get my players to come to the game session after agreeing to a date?
What incentives do banks have to gather up loans into pools (backed by Ginnie Mae)and selling them?
What is the most fuel efficient way out of the Solar System?
Citing paywalled articles accessed via illegal web sharing
Can we harness gravitational potential energy?
Eww, those bytes are gross
What is the wife of a henpecked husband called?
Cat is tipping over bed-side lamps during the night
Traveling through the asteriod belt?
Nested word series [humans only]
Why avoid shared user accounts?
Partial vs Complete Catchup: what are the differences in terms of security?
stellar-code stuck with Joining SCPShould Every Node Contain The Same Quorum Set Configuration?FATAL when switching from test network to public network on stellar-coreHelp - why can’t I synch stellar core?Stellar Core node is typically behind SDF by 20 to 100 ledgersWhat are the message size limitations of stellar consensus protocol?Limiting the size of local buckets on the coreSetting the network interface for core?Node sync issue - private networkPartial Catch-up on Validator nodes
Lets assume I power-up a new core and join (as validator) to a network of pre-existing other nodes. In addition, to speed things up, I chose to do a partial catchup from one history archive. Now, having synced up, is it possible that my new core has a state that's been tampered with?
In other words, when I perform partial catchup, what are the risks in terms of security?
UPDATE: I'm slightly changing the question to make it more interesting: Suppose the network I join has conspired against me and they've all tampered with the state (the bucketlist) stored on their history to reflect a state that's different than the one I would arrive to by replaying the txs from the genesis block. Is this possible? If it is, then a full catchup does have benefits over a partial one.
stellar-core scp catchup
edited 2 hours ago
Orbit Lens
5,5861925
asked 5 hours ago
FuzzyAmiFuzzyAmi
731312
add a comment |
Lets assume I power-up a new core and join (as validator) to a network of pre-existing other nodes. In addition, to speed things up, I chose to do a partial catchup from one history archive. Now, having synced up, is it possible that my new core has a state that's been tampered with?
In other words, when I perform partial catchup, what are the risks in terms of security?
UPDATE: I'm slightly changing the question to make it more interesting: Suppose the network I join has conspired against me and they've all tampered with the state (the bucketlist) stored on their history to reflect a state that's different than the one I would arrive to by replaying the txs from the genesis block. Is this possible? If it is, then a full catchup does have benefits over a partial one.
stellar-core scp catchup
edited 2 hours ago
Orbit Lens
5,5861925
asked 5 hours ago
FuzzyAmiFuzzyAmi
731312
add a comment |
Lets assume I power-up a new core and join (as validator) to a network of pre-existing other nodes. In addition, to speed things up, I chose to do a partial catchup from one history archive. Now, having synced up, is it possible that my new core has a state that's been tampered with?
In other words, when I perform partial catchup, what are the risks in terms of security?
UPDATE: I'm slightly changing the question to make it more interesting: Suppose the network I join has conspired against me and they've all tampered with the state (the bucketlist) stored on their history to reflect a state that's different than the one I would arrive to by replaying the txs from the genesis block. Is this possible? If it is, then a full catchup does have benefits over a partial one.
stellar-core scp catchup
edited 2 hours ago
Orbit Lens
5,5861925
asked 5 hours ago
FuzzyAmiFuzzyAmi
731312
Lets assume I power-up a new core and join (as validator) to a network of pre-existing other nodes. In addition, to speed things up, I chose to do a partial catchup from one history archive. Now, having synced up, is it possible that my new core has a state that's been tampered with?
In other words, when I perform partial catchup, what are the risks in terms of security?
UPDATE: I'm slightly changing the question to make it more interesting: Suppose the network I join has conspired against me and they've all tampered with the state (the bucketlist) stored on their history to reflect a state that's different than the one I would arrive to by replaying the txs from the genesis block. Is this possible? If it is, then a full catchup does have benefits over a partial one.
stellar-core scp catchup
stellar-core scp catchup
edited 2 hours ago
Orbit Lens
5,5861925
asked 5 hours ago
FuzzyAmiFuzzyAmi
731312
edited 2 hours ago
Orbit Lens
5,5861925
asked 5 hours ago
FuzzyAmiFuzzyAmi
731312
edited 2 hours ago
Orbit Lens
5,5861925
edited 2 hours ago
Orbit Lens
5,5861925
edited 2 hours ago
Orbit Lens
5,5861925
5,5861925
asked 5 hours ago
FuzzyAmiFuzzyAmi
731312
asked 5 hours ago
FuzzyAmiFuzzyAmi
731312
asked 5 hours ago
FuzzyAmiFuzzyAmi
731312
731312
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
Each node synchronizes the state with the quorum set, so archives tampering won't work. The node will be unable to catch up with SCP quorum if the local state differs from the quorum-approved state. Nobody can modify a single archive file without messing up the whole archive because each ledger contains hash of the previous ledger and they are validated during the catchup. The node will discard the ledger with invalid hash.
Therefore, there is no difference whether you are doing full or partial catchup.
EDIT:
- Attackers control both the quorum set and archives destination → Newly-connected node will be 100% compromised.
- Attackers control only the quorum set or the archives data → New node will connect and follow the SCP majority, but won't be able to catchup with the history. It will be unable to apply the state from buckets if hashes don't match. I don't think that the node will be able to act as validator in this case.
If the archives are tempered, you won't be able to ingest the history regardless whether you are starting from the genesis block or not.
answered 3 hours ago
Orbit LensOrbit Lens
5,5861925
thank you for the answer. I updated my question and added a corner case where I think it might be beneficial to perform full catchup. Also, would you be so kind as to add a 'catchup' tag to this SO? thx!
– FuzzyAmi
2 hours ago
1
@FuzzyAmi I updated the answer
– Orbit Lens
2 hours ago
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "686"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstellar.stackexchange.com%2fquestions%2f2246%2fpartial-vs-complete-catchup-what-are-the-differences-in-terms-of-security%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Each node synchronizes the state with the quorum set, so archives tampering won't work. The node will be unable to catch up with SCP quorum if the local state differs from the quorum-approved state. Nobody can modify a single archive file without messing up the whole archive because each ledger contains hash of the previous ledger and they are validated during the catchup. The node will discard the ledger with invalid hash.
Therefore, there is no difference whether you are doing full or partial catchup.
EDIT:
- Attackers control both the quorum set and archives destination → Newly-connected node will be 100% compromised.
- Attackers control only the quorum set or the archives data → New node will connect and follow the SCP majority, but won't be able to catchup with the history. It will be unable to apply the state from buckets if hashes don't match. I don't think that the node will be able to act as validator in this case.
If the archives are tempered, you won't be able to ingest the history regardless whether you are starting from the genesis block or not.
answered 3 hours ago
Orbit LensOrbit Lens
5,5861925
thank you for the answer. I updated my question and added a corner case where I think it might be beneficial to perform full catchup. Also, would you be so kind as to add a 'catchup' tag to this SO? thx!
– FuzzyAmi
2 hours ago
1
@FuzzyAmi I updated the answer
– Orbit Lens
2 hours ago
add a comment |
Each node synchronizes the state with the quorum set, so archives tampering won't work. The node will be unable to catch up with SCP quorum if the local state differs from the quorum-approved state. Nobody can modify a single archive file without messing up the whole archive because each ledger contains hash of the previous ledger and they are validated during the catchup. The node will discard the ledger with invalid hash.
Therefore, there is no difference whether you are doing full or partial catchup.
EDIT:
- Attackers control both the quorum set and archives destination → Newly-connected node will be 100% compromised.
- Attackers control only the quorum set or the archives data → New node will connect and follow the SCP majority, but won't be able to catchup with the history. It will be unable to apply the state from buckets if hashes don't match. I don't think that the node will be able to act as validator in this case.
If the archives are tempered, you won't be able to ingest the history regardless whether you are starting from the genesis block or not.
answered 3 hours ago
Orbit LensOrbit Lens
5,5861925
thank you for the answer. I updated my question and added a corner case where I think it might be beneficial to perform full catchup. Also, would you be so kind as to add a 'catchup' tag to this SO? thx!
– FuzzyAmi
2 hours ago
1
@FuzzyAmi I updated the answer
– Orbit Lens
2 hours ago
add a comment |
Each node synchronizes the state with the quorum set, so archives tampering won't work. The node will be unable to catch up with SCP quorum if the local state differs from the quorum-approved state. Nobody can modify a single archive file without messing up the whole archive because each ledger contains hash of the previous ledger and they are validated during the catchup. The node will discard the ledger with invalid hash.
Therefore, there is no difference whether you are doing full or partial catchup.
EDIT:
- Attackers control both the quorum set and archives destination → Newly-connected node will be 100% compromised.
- Attackers control only the quorum set or the archives data → New node will connect and follow the SCP majority, but won't be able to catchup with the history. It will be unable to apply the state from buckets if hashes don't match. I don't think that the node will be able to act as validator in this case.
If the archives are tempered, you won't be able to ingest the history regardless whether you are starting from the genesis block or not.
answered 3 hours ago
Orbit LensOrbit Lens
5,5861925
Each node synchronizes the state with the quorum set, so archives tampering won't work. The node will be unable to catch up with SCP quorum if the local state differs from the quorum-approved state. Nobody can modify a single archive file without messing up the whole archive because each ledger contains hash of the previous ledger and they are validated during the catchup. The node will discard the ledger with invalid hash.
Therefore, there is no difference whether you are doing full or partial catchup.
EDIT:
- Attackers control both the quorum set and archives destination → Newly-connected node will be 100% compromised.
- Attackers control only the quorum set or the archives data → New node will connect and follow the SCP majority, but won't be able to catchup with the history. It will be unable to apply the state from buckets if hashes don't match. I don't think that the node will be able to act as validator in this case.
If the archives are tempered, you won't be able to ingest the history regardless whether you are starting from the genesis block or not.
answered 3 hours ago
Orbit LensOrbit Lens
5,5861925
edited 2 hours ago
answered 3 hours ago
Orbit LensOrbit Lens
5,5861925
answered 3 hours ago
Orbit LensOrbit Lens
5,5861925
answered 3 hours ago
Orbit LensOrbit Lens
5,5861925
5,5861925
thank you for the answer. I updated my question and added a corner case where I think it might be beneficial to perform full catchup. Also, would you be so kind as to add a 'catchup' tag to this SO? thx!
– FuzzyAmi
2 hours ago
1
@FuzzyAmi I updated the answer
– Orbit Lens
2 hours ago
add a comment |
thank you for the answer. I updated my question and added a corner case where I think it might be beneficial to perform full catchup. Also, would you be so kind as to add a 'catchup' tag to this SO? thx!
– FuzzyAmi
2 hours ago
1
@FuzzyAmi I updated the answer
– Orbit Lens
2 hours ago
thank you for the answer. I updated my question and added a corner case where I think it might be beneficial to perform full catchup. Also, would you be so kind as to add a 'catchup' tag to this SO? thx!
– FuzzyAmi
2 hours ago
thank you for the answer. I updated my question and added a corner case where I think it might be beneficial to perform full catchup. Also, would you be so kind as to add a 'catchup' tag to this SO? thx!
– FuzzyAmi
2 hours ago
1
1
@FuzzyAmi I updated the answer
– Orbit Lens
2 hours ago
@FuzzyAmi I updated the answer
– Orbit Lens
2 hours ago
add a comment |
Thanks for contributing an answer to Stellar Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstellar.stackexchange.com%2fquestions%2f2246%2fpartial-vs-complete-catchup-what-are-the-differences-in-terms-of-security%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
