FIP-0017: Three-messages Lightweight Sector updates
Author | nicola, lucaniz, irenegia |
---|---|
Discussions-To | https://github.com/filecoin-project/FIPs/issues/131 |
Status | Draft |
Type | Core |
Created | 2021-07-27 |
Spec Sections
Simple Summary
A protocol for updating any sector with new data without re-sealing.
Abstract
The intuition is that the miner “xor”-s (techically field addition) the new data with some unpredictable randomness into the last layer of the Proof of Replication.
The miner generates three messages:
- Declares an update with
DeclareUpdate
with the new deals - Gets the encoding randomness from the chain and generates a
PreCommitReplicaUpdate
- Gets the challenges seed from the chain and generates
ProveCommitReplicaUpdate
Change Motivation
Since 90+% of sectors in the Filecoin Network are CC sectors, having a protocol that allows for updating CC sectors to store real data without incurring in a full re-sealing would massively improve our network in terms of the amount of real data stored through it.
- It would allow decoupling sealing latency from deal-making speed - offering storage clients an improved experience for how quickly their data can land in on-chain deals
- It would unlock the 8EiB of storage already committed to the Filecoin network to be quickly used for deals - enabling a 100PiB+ client to make deals for their entire dataset with a single miner like f0127595 which already has 120PiB of committed capacity.
- It makes utilizing existing committed capacity much cheaper for miners (since they’ve already invested the sealing cost), increasing the chances they pay clients to add FIL+ data to these sectors.
What this FIP does not support (see Future Work section)
- Deal updates
- Moving deals across sectors
Specification
Three-messages Update Protocol
- Miner publishes
Miner.DeclareUpdate(deals []DealID, sectorId SectorID)
:- Input
deals
is the full list of deals
- Validity
- Fail if caller is not a worker account
- Fail if miner is in debt
- Fails if miner has deals in the sector ID which are not in
deals
and that have not expired yet.
- Collaterals
- Requires deposit of
SectorUpdateDeposit
- Requires deposit of new deal collateral and new initial pledge based on the new deals
- Requires deposit of
- Side effects
- Stores
deals
for this sector in the actor (TODO: we must extend the miner actor to support this) - Commits the miner to complete the update protocol, failure to do so by a certain time will make the miner lose the deposit. That time is:
currentEpoch + SectorUpdateExpiry
.
- Stores
- Input
- Miner runs
ReplicaUpdate
routine:- Gets
SectorUpdateRandomness
from the declared update epoch plusPreCommitReplicaUpdateRandDelay
epochs - Evaluates the replica
newReplica[i] = Enc(sectorKey[i], data[i], rand)
, wherenewReplica
is the vector ofFr
elements of the new replicasectorKey
is the vector ofFr
elements of the last layer of the sealing processdata
is the vector ofFr
elements of the deals data ordered and padded as done in the sealing subroutinerand
is theSectorUpdateRandomness
- Generate a new commitment
UpdatingSectorCID
- Gets
- Miner publishes
PreCommitReplicaUpdate(rui ReplicaUpdateInfo)
- Input
rui.SealedSectorCID
- (TODO: check what other inputs are needed)
- Side effects
- Store the new commitment on-chain (TODO: define where this should happen)
- Input
- Miner runs
ReplicaUpdateProve
routine- Let
seed = SectorUpdateProveSeed
, taken from precommit epoch plusPreCommitReplicaUpdateChallengeDelay
. - Let
rand = SectorUpdateRandomness
, taken from declare update epoch plusProveCommitReplicaUpdateRandDelay
- Generate a SNARK that proves
- For challenge
i=0..SectorUpdateProveChallenges
,c = ChallengeGen(seed, i)
- Encoding: we have that
newReplica[c] = Enc(sectorKey[c], data[c], rand)
- Inclusion proofs:
newReplica[c]
is the opening ofUpdatingSectorCID
at positionc
sectorKey[c]
is the opening ofCommRLast
fromSealedSectorCID
at positionc
data[c]
is the opening ofUnsealedSectorCID
at positionc
- Encoding: we have that
- The following was correctly computed
newReplica[c] = Enc(sectorKey[c], data[c], seed)
- For challenge
- Let
- Miner publishes
Miner.ProveCommitReplicaUpdate(proof)
:- Verify the proof of correct data update:
- Generate challenges from
SectorUpdateRandomness
- Get
SectorUpdateProveSeed
(seed
) - Get
UpdatingSectorCID
commitment for this sector - Get
deals
for this sector and generateUnsealedSectorCID
from the CIDs of the deals - Verify that
proof
is valid for using inputs:SectorUpdateRandomness
,SectorUpdateSeed
,UpdatingSectorCID
,Challenges
- Generate challenges from
- Collateral:
- Return
SectorUpdateDeposit
- Return
- Side effects:
- Update
SealedSectorCID
withUpdatingSectorCID
- TODO: Remove book keeping for the in-progress update
- TODO: Keep the last DeclareUpdate epoch to simplify future retrieval
- Update
- Verify the proof of correct data update:
Retrieving updated data
- From the
replica
:- Get
SectorUpdateRandomness
for the lastDeclareUpdate
- Regenerate
sectorKey
by re-sealing the sector - For each
i
:Dec(sectorKey[i], replica[i], rand)
- Get
Algorithms
Encoding
The current encoding algorithm is the following:
Enc(sectorKey[i], data[i], rand) = sectorKey[i] + data[i] * rand
Note that it requires re-encoding the entire sector with the new randomness.
See future work on how to improve this.
Design Rationale
Parameters choice
PreCommitReplicaUpdateRandDelay
: 150 epochsPreCommitReplicaUpdateRandDelay > Finality
in order to avoid miner to adaptively choose data Ddeals (can be 150-300 epochs)
ProveCommitReplicaUpdateChallengeDelay
: 150 epochsProveCommitReplicaUpdateChallengeDelay> Finality
in order to avoid miner to be able to do long forks to grind better challenges
SectorUpdateProveChallenges
: (TODO choose number of challenges)
TODO
Pledge
- SectorUpdateDeposit:
DeclareUpdate
requires a pledge which covers bothPreCommitReplicaUpdate
(to ensure that they cannot grind on data) andProveCommitReplicaUpdate
(to ensure that they cannot grind on on-chain randomness) and it is given back atProveCommitReplicaUpdate
- InitialPledge: We must update the IP of the sector based on its new QA Power. (TODO: explain why and when)
Backwards Compatibility
All sectors can be upgraded.
Breaking immutability of sectors and deals
Test Cases
TODO
Security Considerations
Loosing epsilon-Replication guarantees
This changes changes the security property of Filecoin. Retrievability of the files and space-hardness are still guaranteed. TODO: expand on this.
Incentive Considerations
TODO
Product Considerations
TODO
Implementation
- TODO: Initial Pledge should be updated in one of the new methods, we believe it should be PreCommit.
- TODO: How do we best represent deals in Declare update? Do we relist all the deals or we show a diff of deals?
- TODO: If we were to do 10x the snark (which shouldn’t be a big burden) we can remove the PreCommit step and fold it into ProveCommit - is this something that we should try doing?
Future work
- DeclareDeals to support deal transfer: allow moving deals from sector to sector
- CapacityDeals: allow purchasing a capacity of the storage of a miner instead of the storage of a specific deal
- Update protocol that does not require to perform an operation on a full sector.
- DealUpdates: a license to terminate a deal in place for a new one (e.g. a user wants to update a portion of their files)
Copyright
Copyright and related rights waived via CC0.
Citation
Please cite this document as:
nicola, lucaniz, irenegia, "FIP-0017: Three-messages Lightweight Sector updates [DRAFT]," Filecoin Improvement Proposals, no. 0017, July 2021. [Online serial]. Available: https://fips.fission.app/fips/fip-0017.