Commit 12b543c
fix: v19+v20 — authenticated P2P + BFT-certified rotation + scalable PK registry
v19 — architectural BFT hardening (closes h=90-104 stall on 5-node testnet):
* Authenticated QUIC handshake (Phase 2.A advisory)
Added optional Dilithium3 proof to NodeHandshake binding (node_id, ts,
block_height). Three-way deserialize ladder preserves backward compat
with v9.7..v18 peers. Receiver verifies via CONSENSUS_PK_REGISTRY using
the same path as consensus messages. Bogus proof drops the connection;
legacy peers admitted with [WARN][HANDSHAKE] no_dilithium_proof for
audit. Closes the spoofer-on-198.36.48.234 admittance vector.
* Validator-count source authentication
get_active_validator_count() in genesis epoch now reads from
consensus_pk_registry_len() (cryptographically bound identities) instead
of count_unique_live_peers + 1 (TLS-only admittance). Spoofers without
Dilithium SK no longer inflate 2f+1 thresholds. WARN fallback when
registry not yet populated.
* BFT-certified rotation round (eliminates atomic race)
Producer selection at node.rs:19416 reads p2p.get_highest_certified_round
directly from the 2f+1 BFT-certified DashMap instead of CURRENT_TIMEOUT_ROUND
atomic. The atomic was reset on every tip-advance, occasionally yielding
0 mid-tick while the network was at non-zero round. Direct read is
monotonic, deterministic across honest validators. Atomic kept for
telemetry only.
* Range-sync for big gaps
block_pipeline orphan-parent path now batches sync_blocks(from, to) when
child_h - local_tip > 5, replacing N×30s single-flight cascade with one
parallel top-3-peers fetch. Cuts gap-recovery from 420s to ~3s for
14-block gaps. Single-flight dedup with 60s TTL.
* Misc cleanup
LightNodeRotation marked deprecated (light nodes are pure-API mobile
wallets, not Helios-style light clients). Hardware-flaky
test_high_tps_generation marked #[ignore] alongside benchmark::tests::*.
v20 — PK Registry scaling (supports up to 1M active super-nodes):
* Default cap raised 50K -> 100K (~210 MB at full load, ~5-7 years runway
at projected mainnet growth Y1-Y5)
* PkEntry struct with pinned flag (genesis anchors NEVER evicted)
* Lock-free LAST_ACTIVITY DashMap for O(1) activity tracking on every
successful PK lookup
* In-line single-shot eviction on cap-full (defence in depth)
* Background periodic sweep evict_idle_consensus_pks() wired into hourly
cleanup in rpc.rs (default 30-day idle threshold)
* deactivate_consensus_pk() for explicit unregistration (refuses pinned)
* Env runtime overrides QNET_PK_REGISTRY_CAP (clamped to 1M hard bound)
and QNET_PK_REGISTRY_IDLE_DAYS for operator tunability
Tests: 21 new regression tests (8 v20 PK registry + 6 v19 range-sync +
7 v19 handshake helpers). Total 212 passed across qnet-consensus (70)
and qnet-integration (142, 12 ignored hardware bench).
Build: cargo build --release clean in 17m26s, 0 warnings.
qnet-node.exe binary 22.3 MB optimized.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>1 parent a705718 commit 12b543c
8 files changed
Lines changed: 1599 additions & 98 deletions
File tree
- core/qnet-consensus/src
- development/qnet-integration/src
Large diffs are not rendered by default.
Large diffs are not rendered by default.
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
590 | 590 | | |
591 | 591 | | |
592 | 592 | | |
593 | | - | |
594 | | - | |
| 593 | + | |
| 594 | + | |
| 595 | + | |
| 596 | + | |
| 597 | + | |
| 598 | + | |
| 599 | + | |
| 600 | + | |
| 601 | + | |
595 | 602 | | |
596 | 603 | | |
597 | 604 | | |
598 | 605 | | |
599 | 606 | | |
600 | 607 | | |
601 | 608 | | |
602 | | - | |
603 | | - | |
| 609 | + | |
| 610 | + | |
| 611 | + | |
| 612 | + | |
| 613 | + | |
604 | 614 | | |
605 | 615 | | |
606 | 616 | | |
607 | 617 | | |
608 | | - | |
609 | | - | |
610 | | - | |
| 618 | + | |
| 619 | + | |
| 620 | + | |
611 | 621 | | |
612 | 622 | | |
613 | 623 | | |
614 | 624 | | |
615 | 625 | | |
616 | | - | |
617 | | - | |
| 626 | + | |
| 627 | + | |
| 628 | + | |
| 629 | + | |
618 | 630 | | |
619 | 631 | | |
620 | 632 | | |
| |||
19403 | 19415 | | |
19404 | 19416 | | |
19405 | 19417 | | |
19406 | | - | |
19407 | | - | |
19408 | | - | |
19409 | | - | |
19410 | | - | |
19411 | | - | |
19412 | | - | |
19413 | | - | |
19414 | | - | |
19415 | | - | |
19416 | | - | |
| 19418 | + | |
| 19419 | + | |
| 19420 | + | |
| 19421 | + | |
| 19422 | + | |
| 19423 | + | |
| 19424 | + | |
| 19425 | + | |
| 19426 | + | |
| 19427 | + | |
| 19428 | + | |
| 19429 | + | |
| 19430 | + | |
| 19431 | + | |
| 19432 | + | |
| 19433 | + | |
| 19434 | + | |
| 19435 | + | |
| 19436 | + | |
| 19437 | + | |
| 19438 | + | |
| 19439 | + | |
| 19440 | + | |
| 19441 | + | |
| 19442 | + | |
| 19443 | + | |
| 19444 | + | |
| 19445 | + | |
| 19446 | + | |
| 19447 | + | |
| 19448 | + | |
| 19449 | + | |
| 19450 | + | |
| 19451 | + | |
| 19452 | + | |
| 19453 | + | |
| 19454 | + | |
| 19455 | + | |
| 19456 | + | |
| 19457 | + | |
| 19458 | + | |
19417 | 19459 | | |
19418 | 19460 | | |
19419 | 19461 | | |
| |||
19428 | 19470 | | |
19429 | 19471 | | |
19430 | 19472 | | |
19431 | | - | |
| 19473 | + | |
| 19474 | + | |
| 19475 | + | |
| 19476 | + | |
| 19477 | + | |
| 19478 | + | |
| 19479 | + | |
19432 | 19480 | | |
19433 | 19481 | | |
19434 | 19482 | | |
| |||
0 commit comments