diff --git a/.vitepress/config.ts b/.vitepress/config.ts index b9ec5079450..90eb8d0fd4f 100644 --- a/.vitepress/config.ts +++ b/.vitepress/config.ts @@ -411,33 +411,6 @@ function sidebarHome() { ], }, { text: "Consensus", link: "/nodes/consensus-node" }, - { - text: "Blobstream for validators", - collapsed: true, - items: [ - { - text: "Install the binary", - link: "/nodes/blobstream-binary", - }, - { - text: "Blobstream Orchestrator", - link: "/nodes/blobstream-orchestrator", - }, - { text: "Key management", link: "/nodes/blobstream-keys" }, - { - text: "Blobstream Relayer", - link: "/nodes/blobstream-relayer", - }, - { - text: "Deploy the contract", - link: "/nodes/blobstream-deploy", - }, - { - text: "Blobstream Bootstrapper", - link: "/nodes/blobstream-bootstrapper", - }, - ], - }, { text: "IBC relayers", collapsed: true, @@ -553,9 +526,12 @@ function sidebarHome() { }, { text: "Integrate with Blobstream", - link: "/developers/blobstream", collapsed: true, items: [ + { + text: "Overview of Blobstream", + link: "/developers/blobstream", + }, { text: "Integrate with Blobstream contracts", link: "/developers/blobstream-contracts", @@ -568,6 +544,20 @@ function sidebarHome() { text: "Querying the Blobstream proofs", link: "/developers/blobstream-proof-queries", }, + { + text: "Local Blobstream X operators", + collapsed: true, + items: [ + { + text: "Requesting data commitment ranges", + link: "/developers/requesting-data-commitment-ranges", + }, + { + text: "Non-canonical Blobstream X deployments", + link: "/developers/blobstream-x-deploy", + }, + ], + }, ], }, { diff --git a/developers/blobstream-contracts.md b/developers/blobstream-contracts.md index 2f51bdd5e9a..efd4d69f0af 100644 --- a/developers/blobstream-contracts.md +++ b/developers/blobstream-contracts.md @@ -13,12 +13,15 @@ Make sure to have the following installed: - [Foundry](https://github.com/foundry-rs/foundry) -### Installing Blobstream contracts +### Installing Blobstream X contracts -Install the Blobstream contracts repo as a dependency: +We will be using the Blobstream X implementation of +Blobstream, so we can install its repo as a dependency: + +Install the Blobstream X contracts repo as a dependency: ```sh -forge install celestiaorg/blobstream-contracts --no-commit +forge install TBD --no-commit ``` Note that the minimum Solidity compiler version for using the Blobstream @@ -27,38 +30,39 @@ contracts is `0.8.19`. ### Example usage Example minimal Solidity contract for a stub ZK rollup that leverages the -Blobstream contract to check that data has been posted to Celestia: +`BlobstreamX.sol` contract to check that data has been posted to Celestia: ```solidity // SPDX-License-Identifier: Apache-2.0 pragma solidity ^0.8.19; +TBD import "blobstream-contracts/IDAOracle.sol"; import "blobstream-contracts/DataRootTuple.sol"; import "blobstream-contracts/lib/tree/binary/BinaryMerkleProof.sol"; contract MyRollup { - IDAOracle immutable blobstream; + IDAOracle immutable blobstreamX; bytes32[] public rollup_block_hashes; - constructor(IDAOracle _blobstream) { - blobstream = _blobstream; + constructor(IDAOracle _blobstreamX) { + blobstreamX = _blobstreamX; } function submitRollupBlock( bytes32 _rollup_block_hash, bytes calldata _zk_proof, - uint256 _blobstream_nonce, + uint256 _blobstreamX_nonce, DataRootTuple calldata _tuple, BinaryMerkleProof calldata _proof ) public { // Verify that the data root tuple (analog. block header) has been // attested to by the Blobstream contract. require( - blobstream.verifyAttestation(_blobstream_nonce, _tuple, _proof) + blobstreamX.verifyAttestation(_blobstreamX_nonce, _tuple, _proof) ); - // Verify the ZKP. + // Verify the ZKP (zero-knowledge proof). // _tuple.dataRoot is a public input, leaves (shares) are private inputs. require(verifyZKP(_rollup_block_hash, _zk_proof, _tuple.dataRoot)); @@ -93,18 +97,18 @@ verifying a Merkle inclusion proof. The [`IDAOracle`](https://github.com/celestiaorg/blobstream-contracts/blob/master/src/IDAOracle.sol) (**D**ata **A**vailability **O**racle Interface) interface allows L2 contracts -on Ethereum to query the Blobstream contract for relayed `DataRootTuple`s. The -single interface method `verifyAttestation` verifies a Merkle inclusion proof -that a `DataRootTuple` is included under a specific batch (indexed by batch -nonce). In other words, analogously it verifies that a specific block header is -included in the canonical Celestia chain. +on Ethereum to query the `BlobstreamX.sol` contract for relayed `DataRootTuple`s. +The single interface method `verifyAttestation` verifies a Merkle inclusion +proof that a `DataRootTuple` is included under a specific batch (indexed by +batch nonce). In other words, analogously it verifies that a specific block +header is included in the canonical Celestia chain. ## Querying the proof To prove that the data was published to Celestia, check out the -[proof queries documentation](./blobstream-proof-queries.md) +[proof queries documentation](./blobstreamx-proof-queries.md) to understand how to query the proofs from Celestia consensus -nodes and make them usable in the Blobstream verifier contract. +nodes and make them usable in the Blobstream X verifier contract. ## Verifying data inclusion for fraud proofs @@ -119,27 +123,27 @@ against a `DataRootTuple`. The library is stateless, and allows to pass an In the `DAVerifier` library, we find functions that help with data inclusion verification and calculating the square size of a -Celestia block. These functions work with the Blobstream smart contract, +Celestia block. These functions work with the Blobstream X smart contract, using different proofs to check and confirm the data's availability. Let's take a closer look at these functions: - [`verifySharesToDataRootTupleRoot`](https://github.com/celestiaorg/blobstream-contracts/blob/3a552d8f7bfbed1f3175933260e6e440915d2da4/src/lib/verifier/DAVerifier.sol#L80-L124): This function verifies that the - shares, which were posted to Celestia, were committed to by the Blobstream + shares, which were posted to Celestia, were committed to by the Blobstream X smart contract. It checks that the data root was committed to by the - Blobstream smart contract and that the shares were committed to by the + Blobstream X smart contract and that the shares were committed to by the rows roots. - [`verifyRowRootToDataRootTupleRoot`](https://github.com/celestiaorg/blobstream-contracts/blob/3a552d8f7bfbed1f3175933260e6e440915d2da4/src/lib/verifier/DAVerifier.sol#L133-L155): This function verifies that a row/column root, from a Celestia block, was committed to by the - Blobstream smart contract. It checks that the data root was committed - to by the Blobstream smart contract and that the row root commits to + Blobstream X smart contract. It checks that the data root was committed + to by the Blobstream X smart contract and that the row root commits to the data root. - [`verifyMultiRowRootsToDataRootTupleRoot`](https://github.com/celestiaorg/blobstream-contracts/blob/3a552d8f7bfbed1f3175933260e6e440915d2da4/src/lib/verifier/DAVerifier.sol#L164-L194): This function verifies that a set of rows/columns, from a Celestia block, were committed - to by the Blobstream smart contract. It checks that the data root was - committed to by the Blobstream smart contract and that the rows roots + to by the Blobstream X smart contract. It checks that the data root was + committed to by the Blobstream X smart contract and that the rows roots commit to the data root. - [`computeSquareSizeFromRowProof`](https://github.com/celestiaorg/blobstream-contracts/blob/3a552d8f7bfbed1f3175933260e6e440915d2da4/src/lib/verifier/DAVerifier.sol#L204-L215): This function computes the Celestia @@ -155,4 +159,4 @@ take a closer look at these functions: `verifySharesToDataRootTupleRoot()` method. For an overview of a demo rollup implementation, head to -[the next section](./blobstream-offchain.md). +[the next section](./blobstreamx-offchain.md). diff --git a/developers/blobstream-offchain.md b/developers/blobstream-offchain.md index 6e748295053..5609d55cf31 100644 --- a/developers/blobstream-offchain.md +++ b/developers/blobstream-offchain.md @@ -6,11 +6,14 @@ description: Learn how to integrate your L2's offchain logic with Blobstream ## Blobstream demo rollup -Rollups can use the Blobstream for DA by posting their data to Celestia and then +Rollups can use Blobstream for DA by posting their data to Celestia and then proving that it was posted on Ethereum. This is done identically to how any -rollup or user would post data to Celestia, and then the validators sign over -additional commitments that are relayed to Ethereum via a light client relay -(aka Blobstream!). This demo will outline (note outline is not an +rollup or user would post data to Celestia. Then, a zero-knowledge proof that +Celestia validators have come to consensus on Celestia block headers is +generated, and subsequently relayed to Ethereum to the Blobstream X smart +contract. + +This demo rollup will outline (the outline is not an implementation! please do not expect to copy and paste this code đŸ™‚) a very simple Blobstream rollup to illustrate at a high level what this could look like. diff --git a/developers/blobstream-proof-queries.md b/developers/blobstream-proof-queries.md index 3fd50f7c3c1..a3160848cf9 100644 --- a/developers/blobstream-proof-queries.md +++ b/developers/blobstream-proof-queries.md @@ -4,22 +4,115 @@ description: Learn how to query the inclusion proofs used in Blobstream # Blobstream proofs queries + + ## Prerequisites - Access to a Celestia [consensus full node](../nodes/consensus-node.md) RPC endpoint (or full node). The node doesn't need to be a validating node in order for the proofs to be queried. A full node is enough. -## Querying the proofs +## Overview of the proof queries + +To prove the inclusion of PayForBlobs (PFB) transactions, blobs or shares, +committed to in a Celestia block, we use the Celestia consensus node's RPC to +query for proofs that can be verified in a rollup settlement contract via +Blobstream. In fact, when a PFB transaction is included in a block, it +gets separated into a PFB transaction (without the blob), and the actual +data blob that it carries. These two are split into shares, which are the +low level constructs of a Celestia block, and saved to the corresponding +Celestia block. Learn more about shares in the +[shares specs](https://celestiaorg.github.io/celestia-app/specs/shares.html). + +The two diagrams below summarize how a single share, which can contain a +PFB transaction, or a part of the rollup data that was posted using a PFB, +is committed to in Blobstream. + +The share is highlighted in green. `R0`, `R1` etc, represent the respective +row and column roots, the blue and pink gradients are erasure encoded data. +More details on the square layout can be found +[in the data square layout](https://github.com/celestiaorg/celestia-app/blob/v1.1.0/specs/src/specs/data_square_layout.md) +and +[data structures](https://github.com/celestiaorg/celestia-app/blob/v1.1.0/specs/src/specs/data_structures.md#erasure-coding) +portion of the specs. + +### The Celestia square + +![Square](/img/blobstream/blobstream-square.png) -To prove PFBs, blobs or shares, we can use the Celestia consensus node's RPC to -query proofs for them: +### The commitment scheme + +![Blobstream Commitment Diagram](/img/blobstream/blobstream-commitment-diagram.png) + +So to prove inclusion of a share to a Celestia block, we use Blobstream +as a source of truth. Currently, we will be using the Blobstream X implementation +of Blobstream, more information on Blobstream X can be found in +[the overview](./blobstream.md#blobstream-x). In a nutshell, Blobstream X +attests to the data posted to Celestia in the Blobstream X contract via +verifying a zk-proof of the headers of a batch of Celestia blocks. Then, it +keeps reference of that batch of blocks using the merkleized commitment +of their `(dataRoot, height)` resulting in a `data root tuple root`. +Check the above diagram which shows: + +- 0: those are the shares, that when unified, contain the PFB or the rollup + data blob. +- 1: the row and column roots are the namespace merkle tree roots over + the shares. More information on the NMT in the + [NMT specs](https://celestiaorg.github.io/celestia-app/specs/data_structures.html?highlight=namespace%20merkle#namespace-merkle-tree). + These commit to the rows and columns containing the above shares. +- 2: the data roots: which are the binary merkle tree commitment over + the row and column roots. This means that if you can prove that a share + is part of a row, using a namespace merkle proof. Then prove that this + row is committed to by the data root. Then you can be sure that that share + was published to the corresponding block. +- 3: in order to batch multiple blocks into the same commitment, we create + a commitment over the `(dataRoot, height)` tuple for a batch of blocks, + which results in a data root tuple root. It's this commitment that gets + stored in the Blobstream X smart contract. + +So, if we're able to prove that a share is part of a row, then that row is +committed to by a data root. Then, prove that that data root along with its +height is committed to by the data root tuple root, which gets saved to the +Blobstream X contract, we can be sure that that share was committed to in +the corresponding Celestia block. + +In this document, we will provide details on how to query the above proofs, +and how to adapt them to be sent to a rollup contract for verification. + +## Hands-on demonstration + +This part will provide the details of proof generation, and the way to +make the results of the proofs queries ready to be consumed by the +target rollup contract. + +:::tip NOTE +For the go client snippets, make sure to have the following replaces in +your `go.mod`: + + + +```go +// go.mod + github.com/cosmos/cosmos-sdk => github.com/celestiaorg/cosmos-sdk v1.18.3-sdk-v0.46.14 + github.com/gogo/protobuf => github.com/regen-network/protobuf v1.3.3-alpha.regen.1 + github.com/syndtr/goleveldb => github.com/syndtr/goleveldb v1.0.1-0.20210819022825-2ae1ddf74ef7 + github.com/tendermint/tendermint => github.com/celestiaorg/celestia-core v1.32.0-tm-v0.34.29 + +) +``` + + + +Also, make sure to update the versions to match the latest +`github.com/celestiaorg/cosmos-sdk` and +`github.com/celestiaorg/celestia-core` versions. +::: ### 1. Data root inclusion proof -To prove the data root is committed to by the Blobstream smart contract, we will -need to provide a Merkle proof of the data root tuple to a data root tuple root. -This can be created using the +To prove the data root is committed to by the Blobstream X smart +contract, we will need to provide a Merkle proof of the data root +tuple to a data root tuple root. This can be created using the [`data_root_inclusion_proof`](https://github.com/celestiaorg/celestia-core/blob/c3ab251659f6fe0f36d10e0dbd14c29a78a85352/rpc/client/http/http.go#L492-L511) query. @@ -27,47 +120,220 @@ This [endpoint](https://github.com/celestiaorg/celestia-core/blob/793ece9bbd732a allows querying a data root to data root tuple root proof. It takes a block `height`, a starting block, and an end block, then it generates the binary Merkle proof of the `DataRootTuple`, corresponding to that `height`, -to the `DataRootTupleRoot` which is committed to in the Blobstream contract. - -Example request: `/data_root_inclusion_proof?height=15&start=10&end=20` - -Which queries the proof of the height `15` to the data commitment defined -by the range `[10, 20)`. - -Example response: - -```json -{ - "jsonrpc": "2.0", - "id": -1, - "result": { - "proof": { - "total": "10", - "index": "5", - "leaf_hash": "vkRaRg7FGtZ/ZhsJRh/Uhhb3U6dPaYJ1pJNEfrwq5HE=", - "aunts": [ - "nmBWWwHpipHwagaI7MAqM/yhCDb4cz7z4lRxmVRq5f8=", - "nyzLbFJjnSKOfRZur8xvJiJLA+wBPtwm0KbYglILxLg=", - "GI/tJ9WSwcyHM0r0i8t+p3hPFtDieuYR9wSPVkL1r2s=", - "+SGf6MfzMmtDKz5MLlH+y7mPV9Moo2x5rLjLe3gbFQo=" - ] - } - } +to the `DataRootTupleRoot` which is committed to in the Blobstream X contract. + +The endpoint can be queried using the golang client: + +```go +package main + +import ( + "context" + "fmt" + "github.com/tendermint/tendermint/rpc/client/http" + "os" +) + +func main() { + ctx := context.Background() + trpc, err := http.New("tcp://localhost:26657", "/websocket") + if err != nil { + fmt.Println(err) + os.Exit(1) + } + err = trpc.Start() + if err != nil { + fmt.Println(err) + os.Exit(1) + } + dcProof, err := trpc.DataRootInclusionProof(ctx, 15, 10, 20) + if err != nil { + fmt.Println(err) + os.Exit(1) + } + fmt.Println(dcProof.Proof.String()) } ``` -:::tip NOTE -The values are base64 encoded. For these to be usable -with the solidity smart contract, they need to be converted to `bytes32`. -Check the next section for more information. -::: + + +### Full example of proving that a Celestia block was committed to by Blobstream X contract + +```go +package main + +import ( + "context" + "fmt" + "github.com/celestiaorg/celestia-app/pkg/square" + "github.com/ethereum/go-ethereum/accounts/abi/bind" + ethcmn "github.com/ethereum/go-ethereum/common" + "github.com/ethereum/go-ethereum/ethclient" + blobstreamxwrapper "github.com/succinctlabs/blobstreamx/bindings" + "github.com/tendermint/tendermint/crypto/merkle" + "github.com/tendermint/tendermint/rpc/client/http" + "math/big" + "os" +) + +func main() { + err := verify() + if err != nil { + fmt.Println(err) + os.Exit(1) + } +} + +func verify() error { + ctx := context.Background() + + // start the tendermint RPC client + trpc, err := http.New("tcp://localhost:26657", "/websocket") + if err != nil { + return err + } + err = trpc.Start() + if err != nil { + return err + } + + // get the PayForBlob transaction that contains the published blob + tx, err := trpc.Tx(ctx, []byte("tx_hash"), true) + if err != nil { + return err + } + + // get the block containing the PayForBlob transaction + blockRes, err := trpc.Block(ctx, &tx.Height) + if err != nil { + return err + } + + // get the nonce corresponding to the block height that contains + // the PayForBlob transaction + // since BlobstreamX emits events when new batches are submitted, + // we will query the events + // and look for the range committing to the blob + // first, connect to an EVM RPC endpoint + ethClient, err := ethclient.Dial("evm_rpc_endpoint") + if err != nil { + return err + } + defer ethClient.Close() + + // use the BlobstreamX contract binding + wrapper, err := blobstreamxwrapper.NewBlobstreamX(ethcmn.HexToAddress("contract_Address"), ethClient) + if err != nil { + return err + } + + LatestBlockNumber, err := ethClient.BlockNumber(context.Background()) + if err != nil { + return err + } + + eventsIterator, err := wrapper.FilterDataCommitmentStored( + &bind.FilterOpts{ + Context: ctx, + Start: LatestBlockNumber - 90000, + End: &LatestBlockNumber, + }, + nil, + nil, + nil, + ) + if err != nil { + return err + } + + var event *blobstreamxwrapper.BlobstreamXDataCommitmentStored + for eventsIterator.Next() { + e := eventsIterator.Event + if int64(e.StartBlock) <= tx.Height && tx.Height < int64(e.EndBlock) { + event = &blobstreamxwrapper.BlobstreamXDataCommitmentStored{ + ProofNonce: e.ProofNonce, + StartBlock: e.StartBlock, + EndBlock: e.EndBlock, + DataCommitment: e.DataCommitment, + } + break + } + } + if err := eventsIterator.Error(); err != nil { + return err + } + err = eventsIterator.Close() + if err != nil { + return err + } + if event == nil { + return fmt.Errorf("couldn't find range containing the transaction height") + } + + // get the block data root inclusion proof to the data root tuple root + dcProof, err := trpc.DataRootInclusionProof(ctx, uint64(tx.Height), event.StartBlock, event.EndBlock) + if err != nil { + return err + } + + // verify that the data root was committed to by the BlobstreamX contract + committed, err := VerifyDataRootInclusion(ctx, wrapper, event.ProofNonce.Uint64(), uint64(tx.Height), blockRes.Block.DataHash, dcProof.Proof) + if err != nil { + return err + } + if committed { + fmt.Println("data root was committed to by the BlobstreamX contract") + } else { + fmt.Println("data root was not committed to by the BlobstreamX contract") + return nil + } + return nil +} + +func VerifyDataRootInclusion( + _ context.Context, + blobstreamXwrapper *blobstreamxwrapper.BlobstreamX, + nonce uint64, + height uint64, + dataRoot []byte, + proof merkle.Proof, +) (bool, error) { + tuple := blobstreamxwrapper.DataRootTuple{ + Height: big.NewInt(int64(height)), + DataRoot: *(*[32]byte)(dataRoot), + } + + sideNodes := make([][32]byte, len(proof.Aunts)) + for i, aunt := range proof.Aunts { + sideNodes[i] = *(*[32]byte)(aunt) + } + wrappedProof := blobstreamxwrapper.BinaryMerkleProof{ + SideNodes: sideNodes, + Key: big.NewInt(proof.Index), + NumLeaves: big.NewInt(proof.Total), + } + + valid, err := blobstreamXwrapper.VerifyAttestation( + &bind.CallOpts{}, + big.NewInt(int64(nonce)), + tuple, + wrappedProof, + ) + if err != nil { + return false, err + } + return valid, nil +} +``` + + ### 2. Transaction inclusion proof To prove that a rollup transaction is part of the data root, we will need to -provide two proofs: (1) a namespace Merkle proof of the transaction to (2) +provide two proofs: (1) a namespace Merkle proof of the transaction to a row root. This could be done via proving the shares that contain the -transaction to the row root using a namespace Merkle proof. And, a +transaction to the row root using a namespace Merkle proof. (2) And, a binary Merkle proof of the row root to the data root. These proofs can be generated using the @@ -88,69 +354,25 @@ If the share range spans multiple rows, then the proof can contain multiple NMT and binary proofs. ::: -Example request: `/prove_shares?height=15&startShare=0&endShare=1` - -Which queries the proof of shares `[0,1)` in block `15`. - -Example response: - -```json -{ - "jsonrpc": "2.0", - "id": -1, - "result": { - "data": [ - "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQBAAABXAAAACbaAgrOAgqgAQqdAQogL2NlbGVzdGlhLmJsb2IudjEuTXNnUGF5Rm9yQmxvYnMSeQovY2VsZXN0aWExdWc1ZWt0MmNjN250dzRkdG1zZDlsN3N0cTBzN3Z5ZTd5bTJyZHISHQAAAAAAAAAAAAAAAAAAAAAAAAASExIyQkMkMoiZGgKXAiIgrfloW1M/Y33zlD2luveDELZzr9cF92+2eTaImIWhN9pCAQASZwpQCkYKHy9jb3Ntb3MuY3J5cHRvLnNlY3AyNTZrMS5QdWJLZXkSIwohA36hewmW/AXtrw6S+QsNUzFGfeg37Da6igoP2ZQcK+04EgQKAggBGAISEwoNCgR1dGlhEgUyMTAwMBDQ6AwaQClYLQPNrFoD6H8mgmwxjFeNhwhRu39EcrVKMFkNQ8+HHuodhdOQIG/8DXEmrBwrpwj6hi+3uEsZ+0p5vrf3v8sSAQEaBElORFgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=" - ], - "share_proofs": [ - { - "end": 1, - "nodes": [ - "AAAAAAAAAAAAAAAAAAAAAAAAABITEjJCQyQyiJkAAAAAAAAAAAAAAAAAAAAAAAAAEhMSMkJDJDKImbiwnpOdwIZBFr0UiFhPKwGy/XIIjL+gqm0fqxIw0z0o", - "/////////////////////////////////////////////////////////////////////////////3+fuhlzUfKJnZD8yg/JOtZla2V3g2Q7y+18iH5j0Uxk" - ] - } - ], - "namespace_id": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA==", - "row_proof": { - "row_roots": [ - "000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000121312324243243288993946154604701154F739F3D1B5475786DDD960F06D8708D4E870DA6501C51750" - ], - "proofs": [ - { - "total": "8", - "index": "0", - "leaf_hash": "300xzO8TiLwPNuREY6OJcRKzTHQ4y6yy6qH0wAuMMrc=", - "aunts": [ - "ugp0sV9YNEI5pOiYR7RdOdswwlfBh2o3XiRsmMNmbKs=", - "3dMFZFaWZMTZVXhphF5TxlCJ+CT3EvmMFOpiXFH+ID4=", - "srl59GiTSiwC9LqdYASzFC6TvusyY7njX8/XThp6Xws=" - ] - } - ], - "start_row": 0, - "end_row": 0 - }, - "namespace_version": 0 - } -} -``` +The endpoint can be queried using the golang client: -:::tip NOTE -The values are base64 encoded. For these to be usable -with the solidity smart contract, they need to be converted to `bytes32`. -Check the next section for more information. -::: +```go + sharesProof, err := trpc.ProveShares(ctx, 15, 0, 1) + if err != nil { + ... + } +``` -## Converting the proofs to be usable in the `DAVerifier` contract +## Converting the proofs to be usable in the `DAVerifier` library -The `DAVerifier` smart contract takes the following proof format: +Smart contracts that use the `DAVerifier` library takes the following proof +format: ```solidity /// @notice Contains the necessary parameters to prove that some shares, which were posted to -/// the Celestia network, were committed to by the Blobstream smart contract. +/// the Celestia network, were committed to by the BlobstreamX smart contract. struct SharesProof { // The shares that were committed to. bytes[] data; @@ -162,12 +384,12 @@ struct SharesProof { NamespaceNode[] rowRoots; // The proofs of the rowRoots to the data root. BinaryMerkleProof[] rowProofs; - // The proof of the data root tuple to the data root tuple root that was posted to the Blobstream contract. + // The proof of the data root tuple to the data root tuple root that was posted to the BlobstreamX contract. AttestationProof attestationProof; } /// @notice Contains the necessary parameters needed to verify that a data root tuple -/// was committed to, by the Blobstream smart contract, at some specif nonce. +/// was committed to, by the BlobstreamX smart contract, at some specif nonce. struct AttestationProof { // the attestation nonce that commits to the data root tuple. uint256 tupleRootNonce; @@ -192,33 +414,14 @@ we can convert it to bytes using the `abi.encode(...)` as done for [this variable](https://github.com/celestiaorg/blobstream-contracts/blob/3a552d8f7bfbed1f3175933260e6e440915d2da4/src/lib/verifier/test/RollupInclusionProofs.t.sol#L384-L402). This can be gotten from the above result of the [transaction inclusion proof](#2-transaction-inclusion-proof) -query in the field `data`, which is in `base64` encoded then be -converted to hex to be used as described. +query in the field `data`. ### `shareProofs` This is the shares proof to the row roots. These can contain multiple proofs if the shares containing the blob span across multiple rows. To construct them, we will use the result of the -[transaction inclusion proof](#2-transaction-inclusion-proof) section: - -```json -"share_proofs": [ - { - "start": ..., - "end": ..., - "nodes": [ - "...", - "..." - ] - } -], -``` - -:::tip NOTE -If any of the fields is empty, then it will not be in the response. -For example, if the `start` field is `0`, it will be omitted in the response. -::: +[transaction inclusion proof](#2-transaction-inclusion-proof) section. While the `NamespaceMerkleMultiproof` being: @@ -240,7 +443,8 @@ So, we can construct the `NamespaceMerkleMultiproof` with the following mapping: - `endKey` in the Solidity struct **==** `end` in the query response - `sideNodes` in the Solidity struct **==** `nodes` in the query response -- The `NamespaceNode`, which is the type of the `sideNodes`, is defined as follows: +- The `NamespaceNode`, which is the type of the `sideNodes`, is defined as + follows: ```solidity /// @notice Namespace Merkle Tree node. @@ -284,6 +488,68 @@ An example of doing this can be found in the [RollupInclusionProofs.t.sol](https://github.com/celestiaorg/blobstream-contracts/blob/3a552d8f7bfbed1f3175933260e6e440915d2da4/src/lib/verifier/test/RollupInclusionProofs.t.sol#L465-L477) test. +A golang helper that can be used to make this conversion is as follows: + + + +```go +func toNamespaceMerkleMultiProofs(proofs []*tmproto.NMTProof) []client.NamespaceMerkleMultiproof { + shareProofs := make([]client.NamespaceMerkleMultiproof, len(proofs)) + for i, proof := range proofs { + sideNodes := make([]client.NamespaceNode, len(proof.Nodes)) + for j, node := range proof.Nodes { + sideNodes[j] = *toNamespaceNode(node) + } + shareProofs[i] = client.NamespaceMerkleMultiproof{ + BeginKey: big.NewInt(int64(proof.Start)), + EndKey: big.NewInt(int64(proof.End)), + SideNodes: sideNodes, + } + } + return shareProofs +} + +func minNamespace(innerNode []byte) *client.Namespace { + version := innerNode[0] + var id [28]byte + for i, b := range innerNode[1:28] { + id[i] = b + } + return &client.Namespace{ + Version: [1]byte{version}, + Id: id, + } +} + +func maxNamespace(innerNode []byte) *client.Namespace { + version := innerNode[29] + var id [28]byte + for i, b := range innerNode[30:57] { + id[i] = b + } + return &client.Namespace{ + Version: [1]byte{version}, + Id: id, + } +} + +func toNamespaceNode(node []byte) *client.NamespaceNode { + minNs := minNamespace(node) + maxNs := maxNamespace(node) + var digest [32]byte + for i, b := range node[58:] { + digest[i] = b + } + return &client.NamespaceNode{ + Min: *minNs, + Max: *maxNs, + Digest: digest, + } +} +``` + +with `proofs` being `sharesProof.ShareProofs`. + ### `namespace` Which is the namespace used by the rollup when submitting data to Celestia. @@ -310,25 +576,43 @@ An example can be found in the [RollupInclusionProofs.t.sol](https://github.com/celestiaorg/blobstream-contracts/blob/3a552d8f7bfbed1f3175933260e6e440915d2da4/src/lib/verifier/test/RollupInclusionProofs.t.sol#L488) test. +A method to convert to namespace, provided that the namespace +size is 29, is as follows: + +```go +func namespace(namespaceID []byte) *client.Namespace { + version := namespaceID[0] + var id [28]byte + for i, b := range namespaceID[1:] { + id[i] = b + } + return &client.Namespace{ + Version: [1]byte{version}, + Id: id, + } +} +``` + +with `namespace` being `sharesProof.NamespaceID`. + ### `rowRoots` Which are the roots of the rows where the shares containing the Rollup data are -localised. These can be taken from the `prove_shares` query response: - -```json -"row_proof": -{ - "row_roots": - [ - "..." - ], -}, +localised. + +In golang, the proof can be converted as follows: + +```go +func toRowRoots(roots []bytes.HexBytes) []client.NamespaceNode { + rowRoots := make([]client.NamespaceNode, len(roots)) + for i, root := range roots { + rowRoots[i] = *toNamespaceNode(root.Bytes()) + } + return rowRoots +} ``` -The values inside the `row_roots` are already in hex, and the Solidity type -of the `rowRoots` is `NamespaceNode`. So, we will construct them similar to the -`sideNodes` of the [`shareProofs`](#shareproofs). Except that no base64 -conversion is needed. +with `roots` being `sharesProof.RowProof.RowRoots`. ### `rowProofs` @@ -346,47 +630,52 @@ struct BinaryMerkleProof { } ``` -To construct them, we take the response of the `prove_shares` query: - -```json -"row_proof": { - "row_roots": [ - "..." - ], - "proofs": [ - { - "total": "...", - "index": "...", - "leaf_hash": "...", - "aunts": [ - "...", - "..." - ] - } - ], -``` - +To construct them, we take the response of the `prove_shares` query, and do the following mapping: - `key` in the Solidity struct **==** `index` in the query response - `numLeaves` in the Solidity struct **==** `total` in the query response - `sideNodes` in the Solidity struct **==** `aunts` in the query response -The type of the `sideNodes` is a `bytes32`. So, we take the values in the query -response, we convert them from base64 to hex, then we create the values. +The type of the `sideNodes` is a `bytes32`. An example can be found in the [RollupInclusionProofs.t.sol](https://github.com/celestiaorg/blobstream-contracts/blob/3a552d8f7bfbed1f3175933260e6e440915d2da4/src/lib/verifier/test/RollupInclusionProofs.t.sol#L479-L484) test. +A golang helper to convert the row proofs is as follows: + +```go +func toRowProofs(proofs []*merkle.Proof) []client.BinaryMerkleProof { + rowProofs := make([]client.BinaryMerkleProof, len(proofs)) + for i, proof := range proofs { + sideNodes := make( [][32]byte, len(proof.Aunts)) + for j, sideNode := range proof.Aunts { + var bzSideNode [32]byte + for k, b := range sideNode { + bzSideNode[k] = b + } + sideNodes[j] = bzSideNode + } + rowProofs[i] = client.BinaryMerkleProof{ + SideNodes: sideNodes, + Key: big.NewInt(proof.Index), + NumLeaves: big.NewInt(proof.Total), + } + } +} +``` + +with `proofs` being `sharesProof.RowProof.Proofs`. + ### `attestationProof` This is the proof of the data root to the data root tuple root, which is committed -to in the Blobstream contract: +to in the Blobstream X contract: ```solidity /// @notice Contains the necessary parameters needed to verify that a data root tuple -/// was committed to, by the Blobstream smart contract, at some specif nonce. +/// was committed to, by the BlobstreamX smart contract, at some specif nonce. struct AttestationProof { // the attestation nonce that commits to the data root tuple. uint256 tupleRootNonce; @@ -397,7 +686,7 @@ struct AttestationProof { } ``` -- `tupleRootNonce`: the nonce at which Blobstream committed to the batch containing +- `tupleRootNonce`: the nonce at which Blobstream X committed to the batch containing the block containing the data. - `tuple`: the `DataRootTuple` of the block: @@ -428,43 +717,447 @@ An example can be found in the [RollupInclusionProofs.t.sol](https://github.com/celestiaorg/blobstream-contracts/blob/3a552d8f7bfbed1f3175933260e6e440915d2da4/src/lib/verifier/test/RollupInclusionProofs.t.sol#L488) test. +A golang helper to create an attestation proof: + +```go +func toAttestationProof( + nonce uint64, + height uint64, + blockDataRoot [32]byte, + dataRootInclusionProof merkle.Proof, +) client.AttestationProof { + sideNodes := make( [][32]byte, len(dataRootInclusionProof.Aunts)) + for i, sideNode := range dataRootInclusionProof.Aunts { + var bzSideNode [32]byte + for k, b := range sideNode { + bzSideNode[k] = b + } + sideNodes[i] = bzSideNode + } + + return client.AttestationProof{ + TupleRootNonce: big.NewInt(int64(nonce)), + Tuple: client.DataRootTuple{ + Height: big.NewInt(int64(height)), + DataRoot: blockDataRoot, + }, + Proof: client.BinaryMerkleProof{ + SideNodes: sideNodes, + Key: big.NewInt(dataRootInclusionProof.Index), + NumLeaves: big.NewInt(dataRootInclusionProof.Total), + }, + } +} +``` + +with the `nonce` being the attestation nonce, which can be retrieved using `BlobstreamX` +contract events. Check below for an example. And `height` being the Celestia +Block height that contains the rollup data, along with the `blockDataRoot` being +the data root of the block height. Finally, `dataRootInclusionProof` is the +Celestia block data root inclusion proof to the data root tuple root that +was queried in the begining of this page. + If the `dataRoot` or the `tupleRootNonce` is unknown during the verification: -- `dataRoot`: can be queried using the `/block?height=15` query (`15` in this - example endpoint), and taking the `data_hash` field from the response. -- `tupleRootNonce`: can be retried using a `gRPC` query to the app to the - [`/qgb/v1/data_commitment/range/height`](https://github.com/celestiaorg/celestia-app/blob/c517bd27c4e0b3d6e4521a7d2946662cb0f19f1d/proto/celestia/qgb/v1/query.proto#L51-L56) - endpoint. An example can be found in the - [`verify`](https://github.com/celestiaorg/celestia-app/blob/c517bd27c4e0b3d6e4521a7d2946662cb0f19f1d/x/blobstream/client/verify.go#L245-L251) - command. +- `dataRoot`: can be queried using the `/block?height=15` query + (`15` in this example endpoint), and taking the `data_hash` + field from the response. +- `tupleRootNonce`: can be retried via querying the + `BlobstreamXDataCommitmentStored` events from the BlobstreamX + contract and looking for the nonce attesting to the + corresponding data. An example: -## High-level diagrams + -The two diagrams below summarize how a single share is committed to in Blobstream. -The share is highlighted in green. `R0`, `R1`, etc represent the respective row and -column roots, the blue and pink gradients are erasure encoded data. More details -on the square layout can be found -[in the data square layout](https://github.com/celestiaorg/celestia-app/blob/v1.1.0/specs/src/specs/data_square_layout.md) -and -[data structures](https://github.com/celestiaorg/celestia-app/blob/v1.1.0/specs/src/specs/data_structures.md#erasure-coding) -portion of the specs. +```go + // get the nonce corresponding to the block height that contains the PayForBlob transaction + // since BlobstreamX emits events when new batches are submitted, we will query the events + // and look for the range committing to the blob + // first, connect to an EVM RPC endpoint + ethClient, err := ethclient.Dial("evm_rpc_endpoint") + if err != nil { + return err + } + defer ethClient.Close() + + // use the BlobstreamX contract binding + wrapper, err := blobstreamxwrapper.NewBlobstreamX(ethcmn.HexToAddress("contract_Address"), ethClient) + if err != nil { + return err + } + + LatestBlockNumber, err := ethClient.BlockNumber(ctx) + if err != nil { + return err + } + + eventsIterator, err := wrapper.FilterDataCommitmentStored( + &bind.FilterOpts{ + Context: ctx, + Start: LatestBlockNumber - 90000, // 90000 can be replaced with the range of EVM blocks to look for the events in + End: &LatestBlockNumber, + }, + nil, + nil, + nil, + ) + if err != nil { + return err + } + + var event *blobstreamxwrapper.BlobstreamXDataCommitmentStored + for eventsIterator.Next() { + e := eventsIterator.Event + if int64(e.StartBlock) <= tx.Height && tx.Height < int64(e.EndBlock) { + event = &blobstreamxwrapper.BlobstreamXDataCommitmentStored{ + ProofNonce: e.ProofNonce, + StartBlock: e.StartBlock, + EndBlock: e.EndBlock, + DataCommitment: e.DataCommitment, + } + break + } + } + if err := eventsIterator.Error(); err != nil { + return err + } + err = eventsIterator.Close() + if err != nil { + return err + } + if event == nil { + return fmt.Errorf("couldn't find range containing the block height") + } +``` -### The Celestia square +### Listening for new data commitments -![Square](/img/blobstream/blobstream-square.png) +For listening for new `BlobstreamXDataCommitmentStored` events, sequencers can +use the `WatchDataCommitmentStored` as follows: -### The commitment scheme +```go + ethClient, err := ethclient.Dial("evm_rpc") + if err != nil { + return err + } + defer ethClient.Close() + blobstreamWrapper, err := blobstreamxwrapper.NewBlobstreamXFilterer(ethcmn.HexToAddress("contract_address"), ethClient) + if err != nil { + return err + } -![Blobstream Commitment Diagram](/img/blobstream/blobstream-commitment-diagram.png) + eventsChan := make(chan *blobstreamxwrapper.BlobstreamXDataCommitmentStored, 100) + subscription, err := blobstreamWrapper.WatchDataCommitmentStored( + &bind.WatchOpts{ + Context: ctx, + }, + eventsChan, + nil, + nil, + nil, + ) + if err != nil { + return err + } + defer subscription.Unsubscribe() + + for { + select { + case <-ctx.Done(): + return ctx.Err() + case err := <-subscription.Err(): + return err + case event := <-eventsChan: + // process the event + fmt.Println(event) + } + } +``` + + + +Then, new proofs can be created as documented above using the new +data commitments contained in the received events. + +### Example rollup that uses the DAVerifier + +An example rollup that uses the DAVerifier can be as simple as: + + + +```solidity +pragma solidity ^0.8.22; + +import {DAVerifier} from "@blobstream/lib/verifier/DAVerifier.sol"; +import {IDAOracle} from "@blobstream/IDAOracle.sol"; + +contract SimpleRollup { + IDAOracle bridge; + ... + function submitFraudProof(SharesProof memory _sharesProof, bytes32 _root) public { + // (1) verify that the data is committed to by BlobstreamX contract + (bool committedTo, DAVerifier.ErrorCodes err) = DAVerifier.verifySharesToDataRootTupleRoot(bridge, _sharesProof, _root); + if (!committedTo) { + revert("the data was not committed to by Blobstream"); + } + // (2) verify that the data is part of the rollup block + // (3) parse the data + // (4) verify invalid state transition + // (5) effects + } +} +``` + +Then, you can submit the fraud proof using golang as follows: + +```go +package main + +import ( + "context" + "fmt" + "github.com/celestiaorg/celestia-app/pkg/square" + "github.com/celestiaorg/celestia-app/x/qgb/client" + "github.com/ethereum/go-ethereum/accounts/abi/bind" + ethcmn "github.com/ethereum/go-ethereum/common" + "github.com/ethereum/go-ethereum/ethclient" + blobstreamxwrapper "github.com/succinctlabs/blobstreamx/bindings" + "github.com/tendermint/tendermint/crypto/merkle" + "github.com/tendermint/tendermint/libs/bytes" + tmproto "github.com/tendermint/tendermint/proto/tendermint/types" + "github.com/tendermint/tendermint/rpc/client/http" + "github.com/tendermint/tendermint/types" + "math/big" + "os" +) + +func main() { + err := verify() + if err != nil { + fmt.Println(err) + os.Exit(1) + } +} + +func verify() error { + ctx := context.Background() + + + // ... + // check the first section for this part of the implementation + + // get the nonce corresponding to the block height that contains the PayForBlob transaction + // since Blobstream X emits events when new batches are submitted, we will query the events + // and look for the range committing to the blob + // first, connect to an EVM RPC endpoint + ethClient, err := ethclient.Dial("evm_rpc_endpoint") + if err != nil { + return err + } + defer ethClient.Close() + + // ... + // check the first section for this part of the implementation + + // now we will create the shares proof to be verified by the SimpleRollup + // contract that uses the DAVerifier library + + // get the proof of the shares containing the blob to the data root + sharesProof, err := trpc.ProveShares(ctx, 16, uint64(blobShareRange.Start), uint64(blobShareRange.End)) + if err != nil { + return err + } + + // use the SimpleRollup contract binding to submit to it a fraud proof + simpleRollupWrapper, err := client.NewWrappers(ethcmn.HexToAddress("contract_Address"), ethClient) + if err != nil { + return err + } + + // submit the fraud proof containing the share data that had the invalid state transition for example + // along with its proof + err = submitFraudProof( + ctx, + simpleRollupWrapper, + sharesProof, + event.ProofNonce.Uint64(), + uint64(tx.Height), + dcProof.Proof, + blockRes.Block.DataHash, + ) + + return nil +} + +func submitFraudProof( + ctx context.Context, + simpleRollup *client.Wrappers, + sharesProof types.ShareProof, + nonce uint64, + height uint64, + dataRootInclusionProof merkle.Proof, + dataRoot []byte, +) error { + var blockDataRoot [32]byte + for i, b := range dataRoot[58:] { + blockDataRoot[i] = b + } + tx, err := simpleRollup.SubmitFraudProof( + &bind.TransactOpts{ + Context: ctx, + }, + client.SharesProof{ + Data: sharesProof.Data, + ShareProofs: toNamespaceMerkleMultiProofs(sharesProof.ShareProofs), + Namespace: *namespace(sharesProof.NamespaceID), + RowRoots: toRowRoots(sharesProof.RowProof.RowRoots), + RowProofs: toRowProofs(sharesProof.RowProof.Proofs), + AttestationProof: toAttestationProof(nonce, height, blockDataRoot, dataRootInclusionProof), + }, + blockDataRoot, + ) + if err != nil { + return err + } + // wait for transaction +} + +func toAttestationProof( + nonce uint64, + height uint64, + blockDataRoot [32]byte, + dataRootInclusionProof merkle.Proof, +) client.AttestationProof { + sideNodes := make( [][32]byte, len(dataRootInclusionProof.Aunts)) + for i, sideNode := range dataRootInclusionProof.Aunts { + var bzSideNode [32]byte + for k, b := range sideNode { + bzSideNode[k] = b + } + sideNodes[i] = bzSideNode + } + + return client.AttestationProof{ + TupleRootNonce: big.NewInt(int64(nonce)), + Tuple: client.DataRootTuple{ + Height: big.NewInt(int64(height)), + DataRoot: blockDataRoot, + }, + Proof: client.BinaryMerkleProof{ + SideNodes: sideNodes, + Key: big.NewInt(dataRootInclusionProof.Index), + NumLeaves: big.NewInt(dataRootInclusionProof.Total), + }, + } +} + +func toRowRoots(roots []bytes.HexBytes) []client.NamespaceNode { + rowRoots := make([]client.NamespaceNode, len(roots)) + for i, root := range roots { + rowRoots[i] = *toNamespaceNode(root.Bytes()) + } + return rowRoots +} + +func toRowProofs(proofs []*merkle.Proof) []client.BinaryMerkleProof { + rowProofs := make([]client.BinaryMerkleProof, len(proofs)) + for i, proof := range proofs { + sideNodes := make( [][32]byte, len(proof.Aunts)) + for j, sideNode := range proof.Aunts { + var bzSideNode [32]byte + for k, b := range sideNode { + bzSideNode[k] = b + } + sideNodes[j] = bzSideNode + } + rowProofs[i] = client.BinaryMerkleProof{ + SideNodes: sideNodes, + Key: big.NewInt(proof.Index), + NumLeaves: big.NewInt(proof.Total), + } + } +} + +func toNamespaceMerkleMultiProofs(proofs []*tmproto.NMTProof) []client.NamespaceMerkleMultiproof { + shareProofs := make([]client.NamespaceMerkleMultiproof, len(proofs)) + for i, proof := range proofs { + sideNodes := make([]client.NamespaceNode, len(proof.Nodes)) + for j, node := range proof.Nodes { + sideNodes[j] = *toNamespaceNode(node) + } + shareProofs[i] = client.NamespaceMerkleMultiproof{ + BeginKey: big.NewInt(int64(proof.Start)), + EndKey: big.NewInt(int64(proof.End)), + SideNodes: sideNodes, + } + } + return shareProofs +} + +func minNamespace(innerNode []byte) *client.Namespace { + version := innerNode[0] + var id [28]byte + for i, b := range innerNode[1:28] { + id[i] = b + } + return &client.Namespace{ + Version: [1]byte{version}, + Id: id, + } +} + +func maxNamespace(innerNode []byte) *client.Namespace { + version := innerNode[29] + var id [28]byte + for i, b := range innerNode[30:57] { + id[i] = b + } + return &client.Namespace{ + Version: [1]byte{version}, + Id: id, + } +} + +func toNamespaceNode(node []byte) *client.NamespaceNode { + minNs := minNamespace(node) + maxNs := maxNamespace(node) + var digest [32]byte + for i, b := range node[58:] { + digest[i] = b + } + return &client.NamespaceNode{ + Min: *minNs, + Max: *maxNs, + Digest: digest, + } +} + +func namespace(namespaceID []byte) *client.Namespace { + version := namespaceID[0] + var id [28]byte + for i, b := range namespaceID[1:] { + id[i] = b + } + return &client.Namespace{ + Version: [1]byte{version}, + Id: id, + } +} +``` + +For the step (2), check the [rollup inclusion proofs documentation](https://github.com/celestiaorg/blobstream-contracts/blob/master/docs/inclusion-proofs.md) +for more information. ## Conclusion After creating all the proofs, and verifying them: 1. Verify inclusion proof of the transaction to Celestia data root -2. Prove that the data root tuple is committed to by the Blobstream smart contract +2. Prove that the data root tuple is committed to by the Blobstream X smart + contract -We can be sure that the data was published to Celestia. +We can be sure that the data was published to Celestia, and then rollups can +proceed with their normal fraud proving mechanism. :::tip NOTE The above proof constructions are implemented in Solidity, diff --git a/developers/blobstream-x-deploy.md b/developers/blobstream-x-deploy.md new file mode 100644 index 00000000000..270c93db302 --- /dev/null +++ b/developers/blobstream-x-deploy.md @@ -0,0 +1,13 @@ +# Non-canonical Blobstream X deployments + +If you want to deploy Blobstream X to a new chain, where a +canonical Succinct Gateway contract does not exist, you +need to do the following. + +## Deploy a new `SuccinctGateway` contract + +[Deploy a new `SuccinctGateway` contract to the new chain](https://docs.succinct.xyz/platform/onchain-integration#gateway-deployment). + +## Deploy a `BlobstreamX` contract to the new chain + +[Follow the guide to use your deployed `SuccinctGateway` to deploy a new Blobstream X contract](https://github.com/succinctlabs/blobstreamx?tab=readme-ov-file#deploy-blobstream-x-contract). diff --git a/developers/blobstream.md b/developers/blobstream.md index d26ef945b6f..def660a771a 100644 --- a/developers/blobstream.md +++ b/developers/blobstream.md @@ -2,10 +2,12 @@ description: Learn how to integrate your L2 with Blobstream --- -# Integrate with Blobstream +# Blobstream: Streaming modular DA to Ethereum ![Blobstream logo](/img/blobstream/blobstream_logo.png) +## What is Blobstream? + [Blobstream](https://blog.celestia.org/introducing-blobstream/) is the first data availability solution for Ethereum that securely scales with the number of users. Formerly known as the [Quantum Gravity Bridge (QGB)](https://blog.celestia.org/celestiums/), @@ -14,79 +16,106 @@ on Ethereum, for integration by developers into L2 contracts. This enables Ether developers to build high-throughput L2s using Celestia's optimised DA layer, the first with Data Availability Sampling (DAS). -The following docs go over how developers can integrate Blobstream. -There are also docs on how to run a [Blobstream orchestrator](../nodes/blobstream-binary.md) -as a Celestia validator which won't be covered in the following sections -aimed at developers. - -## Overview - -Blobstream, -consists of two components: an [orchestrator](../nodes/blobstream-orchestrator.md) -and a [relayer](../nodes/blobstream-relayer.md). - -In the following diagram, we show how a layer 2 (L2) would post data to -Celestia and then verify that it was published in the target EVM chain. - -![Blobstream-Architecture](/img/blobstream/Blobstream.png) - -Data will first be attested to by the Celestia validator set, _i.e._ -signing commitments committing to the data. Then, these signatures will be -relayed to the target EVM chain (in this case, Ethereum). Finally, -the L2, or any party, will be able to verify that the data was published -to Celestia directly on the EVM chain on the Blobstream smart contract. You can -reference [the Blobstream smart contract](https://github.com/celestiaorg/blobstream-contracts/blob/master/src/Blobstream.sol). - -The **orchestrator** is part of the validator setup and works as follows: - -- celestia-app creates an attestation on the state machine level that needs to - be signed -- The orchestrator queries the attestation, signs it, then submits the signature - to the Blobstream P2P network - -The **relayer** submits the attestations' signatures from the Blobstream -P2P network to the target EVM chain. +An implementation of Blobstream, by [Succinct](https://docs.succinct.xyz/), called +[Blobstream X](https://github.com/succinctlabs/blobstreamx), is out +and will be used in the canonical deployments. This implementation proves the +validity of Celestia block headers on a target EVM chain using zero-knowledge (ZK) +proofs, which allow inheriting all the security +guarantees of Celestia. + +## What is Blobstream X? + +Blobstream X is an implementation of Blobstream with a +ZK light client that bridges Celestia’s modular DA layer to +Ethereum to allow high-throughput rollups to use Celestia’s DA while settling +on Ethereum. + +Optimistic or ZK rollups that settle on Ethereum, but wish to use Celestia for +DA, require a mechanism for _bridging_ Celestia’s data root to Ethereum as part +of the settlement process. This data root is used during inclusion proofs to +prove that particular rollup transactions were included and made available in +the Celestia network. + +Bridging Celestia’s data root to Ethereum requires running a Celestia +_light client_ as a smart contract on Ethereum, to make the latest state +of the Celestia chain known on Ethereum and available to rollups. Blobstream +X utilizes the latest advances in ZK proofs to generate a +_succinct proof_ that enough Celestia validators have come to consensus +(according to the CometBFT consensus protocol) on a block header, and +verifies this proof in the Blobstream X Ethereum smart contract to update +it with the latest Celestia header. + +The Blobstream X ZK proof not only verifies the consensus of +Celestia validators, but it also merkelizes and hashes all the data roots +in the block range from the previous update to the current update, making +accessible all Celestia data roots (verifiable with a Merkle inclusion proof +against the stored Merkle root) to rollups. + +Blobstream X is built and deployed with +[Succinct's protocol](https://docs.succinct.xyz). + +![blobstream x draft diagram](/img/blobstream/Celestia_Blobstream_X1b.png) + +## Integrate with Blobstream X + +The following docs go over how developers can integrate Blobstream X. + +You can [find the repository for Blobstream X](https://github.com/succinctlabs/blobstreamx) +along with code for: + +- [The Blobstream X smart contract - `BlobstreamX.sol`](https://github.com/succinctlabs/blobstreamx/blob/main/contracts/src/BlobstreamX.sol) +- [The Blobstream X circuits](https://alpha.succinct.xyz/celestia/blobstreamx) +- [The Blobstream X contract Golang bindings](https://github.com/succinctlabs/blobstreamx/blob/main/bindings/BlobstreamX.go) + +Canonical deployments of Blobstream X will be maintained on the +following chains: Arbitrum One, Base and Ethereum Mainnet. Every 1 +hour, Succinct will post an update to the Blobstream X contract +that will include a new data commitment range that covers a 1-hour +block range from the `latestBlock` in the Blobstream X contract. +On Ethereum Mainnet, the Blobstream X contract will be updated +every 4 hours. :::tip NOTE -If the contract is still not deployed, then it needs to be -deployed before it is used by the relayer. See the -[deployment documentation](../nodes/blobstream-deploy.md) for more details. +Custom ranges can be requested using the `BlobstreamX` contract +to create proofs for specific Celestia block batches. These ranges +can be constructed as `[latestBlock, customTargetBlock)`, with +`latestBlock` is the latest block height that was committed to by the +`BlobstreamX` contract, and `latestBlock > customTargetBlock`, +and `customTargetBlock - latestBlock <= DATA_COMMITMENT_MAX`. + +Block ranges that are before the contract's `latestBlock` can't be +proven a second time in different batches. + +More information can be found in the [`requestHeaderRange(...)`](https://github.com/succinctlabs/blobstreamx/blob/364d3dc8c8dc9fd44b6f9f049cfb18479e56cec4/contracts/src/BlobstreamX.sol#L78-L101) +method. ::: -## How Blobstream works - -Blobstream allows Celestia block header data roots to be relayed in one -direction, from Celestia to an EVM chain. It does not support bridging -assets such as fungible or non-fungible tokens directly, and cannot send -messages from the EVM chain back to Celestia. +### How Blobstream X works -It works by relying on a set of signers to attest to some event on Celestia: -the Celestia validator set. The Blobstream contract keeps track of the -Celestia validator set by updating its view of the validator set with -`updateValidatorSet()`. More than 2/3 of the voting power of the current -view of the validator set must sign off on new relayed events, submitted with -`submitDataRootTupleRoot()`. Each event is a batch of `DataRootTuple`s, with -each tuple representing a single -[data root (i.e. block header)](https://celestiaorg.github.io/celestia-app/specs/data_structures.html#header). -Relayed tuples are in the same order as Celestia block headers. +As shown in the diagram below, the entrypoint for updates to the Blobstream +X contract is through the `SuccinctGateway` smart contract, which is a +simple entrypoint contract that verifies proofs (against a deployed +onchain verifier for the Blobstream X circuit) and then calls the +`BlobstreamX.sol` contract to update it. +[Find more information about the `SuccinctGateway`](https://docs.succinct.xyz/platform/onchain-integration#succinct-gateway). -![Blobstream attestation flow](/img/blobstream/Celestia_Blobstream_attestation_flow.jpg) +![blobstream x overview diagram draft](/img/blobstream/Celestia_Blobstream_X2b.png) -### Events and messages relayed + -**Validator sets**: -The relayer informs the Blobstream contract who are the current -validators and their power. -This results in an execution of the `updateValidatorSet` function. - -**Batches**: -The relayer informs the Blobstream contract of new data root tuple roots. -This results in an execution of the `submitDataRootTupleRoot` function. +:::tip NOTE +If the Blobstream X contract is not deployed on a desired chain, +it needs to be deployed before it can be used by your rollup. See the +[deployment documentation](https://docs.succinct.xyz/platform/onchain-integration#gateway-deployment) +for more details. +::: -## How to integrate +### How to integrate with Blobstream X -Integrating your L2 with Blobstream requires two components: your onchain smart -contract logic, and your offchain client logic. The next three sections cover these +Integrating your L2 with Blobstream X requires two components: your +[onchain smart contract logic](./blobstream-x-contracts.md), +and your [offchain client logic for your rollup](./blobstream-x-offchain.md). +The next three sections cover these topics: - [Integrate with Blobstream contracts](./blobstream-contracts.md) @@ -95,16 +124,19 @@ topics: ### Deployed contracts -You can interact with the Blobstream contracts today on testnet. The Blobstream Solidity -smart contracts are currently deployed on the following Ethereum testnets: +You can interact with the Blobstream X contracts today on testnet. The +Blobstream X Solidity smart contracts are currently deployed on +the following Ethereum testnets: -| Contract | EVM network | Contract address | Attested data | +| Contract | EVM network | Contract address | Attested data on Celestia | | ------------ | ---------------- | ------------------------------------------------------------------------------------------------------------------------------- | ------------- | -| Blobstream | Sepolia | [`0x3a5cbB6EF4756DA0b3f6DAE7aB6430fD8c46d247`](https://sepolia.etherscan.io/address/0x3a5cbB6EF4756DA0b3f6DAE7aB6430fD8c46d247) | Mocha testnet | -| Blobstream | Arbitrum Sepolia | [`0x040769edbca5218e616c8eb16e4faea49ced5e33`](https://sepolia.arbiscan.io/address/0x040769edbca5218e616c8eb16e4faea49ced5e33) | Mocha testnet | -| Blobstream X | Goerli | [`0x67ea962864cdad3f2202118dc6f65ff510f7bb4d`](https://goerli.etherscan.io/address/0x67ea962864cdad3f2202118dc6f65ff510f7bb4d) | Mocha testnet | +| Blobstream X | Ethereum Mainnet | [`Not yet deployed`](https://etherscan.io/address/0xTODO) | [Mainnet Beta](../nodes/mainnet.md) | +| Blobstream X | Arbitrum One | [`Not yet deployed`](https://arbiscan.io/address/0xTODO) | [Mainnet Beta](../nodes/mainnet.md) | +| Blobstream X | Base | [`Not yet deployed`](https://goerli.etherscan.io/address/0xTODO) | [Mainnet Beta](../nodes/mainnet.md) | +| Blobstream X | Ethereum Sepolia | [`Not yet deployed`](https://sepolia.etherscan.io/address/0x48B257EC1610d04191cC2c528d0c940AdbE1E439) | [Mainnet Beta](../nodes/mainnet.md) | +| Blobstream X | Arbitrum Sepolia | [`Not yet deployed`](https://sepolia.arbiscan.io/address/0xTODO) | [Mocha testnet](../nodes/mocha-testnet.md) | @@ -113,9 +145,7 @@ smart contracts are currently deployed on the following Ethereum testnets: ### Decentralization and security Blobstream is built on Celestia, which uses a CometBFT-based proof-of-stake -system. An incorrect data availability attestation in this system will -ultimately be penalized (currently not implemented), ensuring validators -act in good faith. Thus, Blobstream shares the same security assumptions +system. Blobstream shares the same security assumptions as Celestia. In contrast, data availability committees (DACs), are typically centralized or semi-centralized, relying on a specific set of entities or individuals to vouch for data availability. @@ -130,8 +160,8 @@ attestations or confirmations from its permissioned members. ### Flexibility and scalability -Blobstream is designed to offer high-throughput data availability for Ethereum L2s, -aiming to strike a balance between scalability and security. It operates +Blobstream is designed to offer high-throughput data availability for Ethereum +L2s, aiming to strike a balance between scalability and security. It operates independently of Ethereum's gas costs, as Celestia's resource pricing is more byte-focused rather than computation-centric. On the other hand, the scalability and flexibility of a DAC would depend on its specific design and implementation. diff --git a/developers/requesting-data-commitment-ranges.md b/developers/requesting-data-commitment-ranges.md new file mode 100644 index 00000000000..fab49c36556 --- /dev/null +++ b/developers/requesting-data-commitment-ranges.md @@ -0,0 +1,57 @@ +# Requesting data commitment ranges + +By default, the Succinct team will be maintaining canonical Blobstream X +deployments on Ethereum, updating every 4 hours, and on Arbitrum One +and Base, updating every 1 hour. If you wish for the Blobstream X contract +to be updated at a different cadence, then you have several different +options for how to update the smart contract. + +To request proofs to be submitted to the Blobstream X contract at a +different cadence, you can do one of the following: + +## Recommended setup + +Run the Blobstream X operator with hosted proving on the Succinct +platform, by running an operator script that pings the platform with +proof requests at a specified cadence. + +[Follow these instructions to run the operator script](https://github.com/succinctlabs/blobstreamx?tab=readme-ov-file#operator-with-hosted-proving). + +Here are example values for the `.env` file: + +1. `TENDERMINT_RPC_URL` from + [the public Celestia list](https://docs.celestia.org/nodes/mainnet#consensus-nodes). +2. `SUCCINCT_RPC_URL` = `https://alpha.succinct.xyz/api` +3. Request for `SUCCINCT_API_KEY` from + [the Succinct team](https://alpha.succinct.xyz/partner). +4. `CHAIN_ID` is the chain ID of the deployed Blobstream X contract. +5. `CONTRACT_ADDRESS`: Blobstream X proxy contract address. +6. `NEXT_HEADER_FUNCTION_ID` & `HEADER_RANGE_FUNCTION_ID`: Get the + `functionId`'s from the Blobstream X contract by using the + `nextHeaderFunctionId` and `headerRangeFunctionId` respectively, + which are public storage variables. + +## Local proving + +[Run the Blobstream X operator with local proving](https://github.com/succinctlabs/blobstreamx?tab=readme-ov-file#local-proving--relaying). + +:::tip +Note: Requires a large cloud machine to run in a reasonable +amount of time. EC2 r6a.16xlarge takes ~30 minutes to generate a +header range proof. +::: + +## Request proof onchain + +Directly request a proof via the Blobstream X contract interface. +Unlike the Blobstream X operator which handles requests off-chain, +requesting on-chain requires gas, but the proof will be generated +and relayed by the Succinct platform. + +1. Call `requestHeaderRange(uint64 _targetBlock)` with the end + of the range you want a commitment for. + +2. A `DataCommitmentStored(uint256, uint64, uint64, bytes32)` + will be emitted for the requested range when it is stored in the + contract. Listen to this event to know that the proof has been + generated successfully. diff --git a/importBlobstream.mjs b/importBlobstream.mjs deleted file mode 100644 index d83ebdc69de..00000000000 --- a/importBlobstream.mjs +++ /dev/null @@ -1,42 +0,0 @@ -import fs from 'fs'; -import fetch from 'node-fetch'; - -const filesToImport = [ - { - url: 'https://raw.githubusercontent.com/celestiaorg/orchestrator-relayer/main/docs/deploy.md', - fileName: 'blobstream-deploy.md', - }, - { - url: 'https://raw.githubusercontent.com/celestiaorg/orchestrator-relayer/main/docs/keys.md', - fileName: 'blobstream-keys.md', - }, - { - url: 'https://raw.githubusercontent.com/celestiaorg/orchestrator-relayer/main/docs/orchestrator.md', - fileName: 'blobstream-orchestrator.md', - }, - { - url: 'https://raw.githubusercontent.com/celestiaorg/orchestrator-relayer/main/docs/relayer.md', - fileName: 'blobstream-relayer.md', - }, - { - url: 'https://raw.githubusercontent.com/celestiaorg/orchestrator-relayer/main/docs/bootstrapper.md', - fileName: 'blobstream-bootstrapper.md', - } -]; - -async function importMarkdown(file) { - try { - const response = await fetch(file.url); - if (response.ok) { - const markdown = await response.text(); - fs.writeFileSync(`./nodes/${file.fileName}`, markdown); - console.log(`Markdown file '${file.fileName}' successfully imported!`); - } else { - console.error(`Error fetching the markdown file: ${response.statusText}`); - } - } catch (error) { - console.error(`Error importing the markdown file: ${error.message}`); - } -} - -filesToImport.forEach(importMarkdown); diff --git a/nodes/blobstream-binary.md b/nodes/blobstream-binary.md deleted file mode 100644 index c08814c96ab..00000000000 --- a/nodes/blobstream-binary.md +++ /dev/null @@ -1,95 +0,0 @@ ---- -description: This guide shows you how to install the Blobstream binary. ---- - -# Blobstream for validators - -[Blobstream](https://blog.celestia.org/introducing-blobstream/) -allows Ethereum developers to build high-throughput L2s using Celestia, -the first data availability layer with data availability sampling. - -This page and following tutorials will go over Blobstream and how validators -on Celestia can run it. - -If you're looking to learn more, you can view -[the `orchestrator-relayer` repository](https://github.com/celestiaorg/orchestrator-relayer) -or [read more about how Blobstream works](../developers/blobstream.md#overview). - -## Install the Blobstream binary - - - - -The [orchestrator](./blobstream-orchestrator.md) is the software that signs the -Blobstream attestations, and the [relayer](./blobstream-relayer.md) is the -software that relays them to the target EVM chain. - -The following sections in this category presume you have the following setup: - -- A celestia-app - [validator node](./consensus-node.md#optional-setting-up-a-validator) running -- The following hardware minimum requirements for running the orchestrator: - - Memory: **2 GB RAM** - - CPU: **1 core** - - Disk: **10 GB SSD Storage** - -### Install - -1. [Install Go](https://go.dev/doc/install) {{constants.golangBlobstream}} - -2. Clone the `https://github.com/celestiaorg/orchestrator-relayer` repository: - - ```bash-vue - git clone https://github.com/celestiaorg/orchestrator-relayer.git - cd orchestrator-relayer - git checkout {{constants.orchrelayVersion}} - ``` - - These commands check you out to: - of @celestiaorg/orchestrator-relayer - -3. Install the Blobstream CLI - - ```sh - make install - ``` - -### Usage - -```sh -# Print help -blobstream --help -``` - -### Next steps - -1. If you are a Celestia validator, all you need to do is run the - orchestrator. Check out - [the Blobstream orchestrator page](./blobstream-orchestrator.md) for more details. -2. [Learn about key management](./blobstream-keys.md) -3. Optional: If you want to post commitments on an EVM chain, you will need to deploy - a new Blobstream contract and run a relayer, - or run a relayer for an already deployed Blobstream contract. Check out - [the Blobstream relayer page](./blobstream-relayer.md) for - relayer docs and [the Blobstream deployment page](./blobstream-deploy.md) for - how to deploy a new Blobstream contract. -4. Optional: [Learn how to run a Blobstream bootstrapper node](./blobstream-bootstrapper.md) - -:::tip -The Blobstream P2P network is a separate network than the consensus or -the data availability one. Thus, you will need its specific -bootstrappers to be able to connect to it. -::: - -### Useful links - -The smart contract implementation is in [blobstream-contracts](https://github.com/celestiaorg/blobstream-contracts/). - -The state machine implementation is in [x/blobstream](https://github.com/celestiaorg/celestia-app/tree/main/x/blobstream). - -Blobstream ADRs are in [the docs](https://github.com/celestiaorg/celestia-app/tree/main/docs/architecture). - -Blobstream design explained in [this blog post on layer 2s](https://blog.celestia.org/celestiums/). diff --git a/nodes/blobstream-bootstrapper.md b/nodes/blobstream-bootstrapper.md deleted file mode 100644 index a814e9715e4..00000000000 --- a/nodes/blobstream-bootstrapper.md +++ /dev/null @@ -1,62 +0,0 @@ -# Blobstream bootstrapper - -To bootstrap the Blobstream P2P network, we use the bootstrapper Blobstream -node type to accept connections from freshly created orchestrators/relayers -and share its peer table with them. - -## How to run - -### Install the Blobstream binary - -Make sure to have the Blobstream binary installed. Check -[the Blobstream binary page](https://docs.celestia.org/nodes/blobstream-binary) -for more details. - -### Init the store - -Before starting the bootstrapper, we will need to init the store: - -```sh -blobstream bootstrapper init -``` - -By default, the store will be created in `~/.bootstrapper`. However, -if you want to specify a custom location, you can use the `--home` flag. -Or, you can use the following environment variable: - - - -| Variable | Explanation | Default value | Required | -| ------------------- | ----------------------------------- | ----------------- | -------- | -| `BOOTSTRAPPER_HOME` | Home directory for the bootstrapper | `~/.bootstrapper` | Optional | - -### Add keys - -The P2P private key is optional, and a new one will be generated automatically -on the start if none is provided. - -The `p2p` sub-command will help you set up this key if you want to use a specific -one: - -```sh -blobstream bootstrapper p2p --help -``` - -### Open the P2P port - -In order for the bootstrapper node to work, you will need to expose the P2P -port, which is by default `30000`. - -### Start the bootstrapper - -Now that we have the store initialized, we can start the bootstrapper: - -```shell -blobstream bootstrapper start -``` - -#### Systemd service - -An example of a systemd service that can be used for bootstrappers can be -found in the -[orchestrator documentation](https://docs.celestia.org/nodes/blobstream-orchestrator). diff --git a/nodes/blobstream-deploy.md b/nodes/blobstream-deploy.md deleted file mode 100644 index 5e775a8ef9d..00000000000 --- a/nodes/blobstream-deploy.md +++ /dev/null @@ -1,74 +0,0 @@ ---- -sidebar_label: Deploy the Blobstream contract -description: Learn how to deploy the Blobstream smart contract. ---- - -# Deploy the Blobstream contract - - - -The `deploy` is a helper command that allows deploying the Blobstream smart contract to a new EVM chain: - -```sh -blobstream deploy --help - -Deploys the Blobstream contract and initializes it using the provided Celestia chain - -Usage: - blobstream deploy [flags] - blobstream deploy [command] - -Available Commands: - keys Blobstream keys manager -``` - -## How to run - -### Install the Blobstream binary - -Make sure to have the Blobstream binary installed. Check [the Blobstream binary page](https://docs.celestia.org/nodes/blobstream-binary) for more details. - -### Add keys - -In order to deploy a Blobstream smart contract, you will need a funded EVM address and its private key. The `keys` command will help you set up this key: - -```sh -blobstream deploy keys --help -``` - -To import your EVM private key, there is the `import` subcommand to assist you with that: - -```sh -blobstream deploy keys evm import --help -``` - -This subcommand allows you to either import a raw ECDSA private key provided as plaintext, or import it from a file. The files are JSON keystore files encrypted using a passphrase like in [this example](https://geth.ethereum.org/docs/developers/dapp-developer/native-accounts). - -After adding the key, you can check that it's added via running: - -```sh -blobstream deploy keys evm list -``` - -For more information about the `keys` command, check [the `keys` documentation](https://docs.celestia.org/nodes/blobstream-keys). - -### Deploy the contract - -Now, we can deploy the Blobstream contract to a new EVM chain: - -```sh -blobstream deploy \ - --evm.chain-id 4 \ - --core.grpc localhost:9090 \ - --core.rpc localhost:26657 \ - --starting-nonce latest \ - --evm.rpc http://localhost:8545 -``` - -The `--starting-nonce` can have the following values: - -- `latest`: to deploy the Blobstream contract starting from the latest validator set. -- `earliest`: to deploy the Blobstream contract starting from genesis. -- `nonce`: you can provide a custom nonce on where you want Blobstream to start. If the provided nonce is not a `Valset` attestation, then the valset before it will be used to deploy the Blobstream smart contract. - -And, now you will see the Blobstream smart contract address in the logs along with the transaction hash. diff --git a/nodes/blobstream-keys.md b/nodes/blobstream-keys.md deleted file mode 100644 index ea9d87d91b4..00000000000 --- a/nodes/blobstream-keys.md +++ /dev/null @@ -1,362 +0,0 @@ ---- -sidebar_label: Key management -description: Learn how to manage EVM private keys and P2P identities. ---- - -# Key management - - - -The Blobstream `keys` command allows managing EVM private keys and P2P identities. It is defined as a subcommand for multiple commands with the only difference being the directory where the keys are stored. For the remaining functionality, it is the same for all the commands. - -## Orchestrator command - -The `blobstream orchestrator keys` command manages keys for the orchestrator. By default, it uses the orchestrator default home directory to store the keys: `~/.orchestrator/keystore`. However, the default home can be changed either by specifying a different directory using the `--home` flag or setting the following environment variable: - -| Variable | Explanation | Default value | Required | -| ------------------- | ----------------------------------- | ----------------- | -------- | -| `ORCHESTRATOR_HOME` | Home directory for the orchestrator | `~/.orchestrator` | Optional | - -## Relayer command - -The `blobstream relayer keys` command manages keys for the relayer. By default, it uses the relayer default home directory to store the keys: `~/.relayer/keystore`. However, the default home can be changed either by specifying a different directory using the `--home` flag or setting the following environment variable: - -| Variable | Explanation | Default value | Required | -| -------------- | ------------------------------ | ------------- | -------- | -| `RELAYER_HOME` | Home directory for the relayer | `~/.relayer` | Optional | - -## Deploy command - -The `blobstream deploy keys` command manages keys for the deployer. By default, it uses the deployer default home directory to store the keys: `~/.deployer/keystore`. However, the default home can be changed either by specifying a different directory using the `--home` flag or setting the following environment variable: - -| Variable | Explanation | Default value | Required | -| --------------- | ------------------------------------- | ------------- | -------- | -| `DEPLOYER_HOME` | Home directory for the deploy command | `~/.deployer` | Optional | - -## Store initialization (!) - -For the `keys` command, the home directory will be created automatically for commands that `add/import` new keys without having to manually initialize the store. Thus, you should be careful when running those. - -However, if it finds an already initialized store, it will only add new keys to it and not overwrite it. - -For the remaining subcommands `update/delete/list`, if the store is not initialized, the command will complain and change nothing on the file system. - -## Options - -As specified above, aside from the difference in the default home directory, the `keys` subcommand is similar for all commands and handles the keys in the same way. - -The examples will use the orchestrator command to access the keys. However, the same behaviour applies to the other commands as well. - -```sh -blobstream orchestrator keys --help - -Blobstream keys manager - -Usage: - blobstream orchestrator keys [command] - -Available Commands: - evm Blobstream EVM keys manager - p2p Blobstream p2p keys manager - -Flags: - -h, --help help for keys - -Use "blobstream orchestrator keys [command] --help" for more information about a command. -``` - -### EVM keystore - -The first subcommand of the `keys` command is `evm`. This command allows managing EVM keys. - -The EVM keys are `ECDSA` keys using the `secp256k1` curve. The implementation uses `geth` file system keystore [implementation](https://geth.ethereum.org/docs/developers/dapp-developer/native-accounts). Thus, keys can be used interchangeably with any compatible software. - -```sh -blobstream orchestrator keys evm --help - -Blobstream EVM keys manager - -Usage: - blobstream orchestrator keys evm [command] - -Available Commands: - add create a new EVM address - delete delete an EVM addresses from the key store - import import evm keys to the keystore - list list EVM addresses in key store - update update an EVM account passphrase - -Flags: - -h, --help help for evm - -Use "blobstream orchestrator keys evm [command] --help" for more information about a command. -``` - -The store also uses the `accounts.StandardScryptN` and `accounts.StandardScryptP` for the `Scrypt` password-based key derivation algorithm to improve its resistance to parallel hardware attacks: - -```go -evmKs = keystore.NewKeyStore(evmKeyStorePath(path), keystore.StandardScryptN, keystore.StandardScryptP) -``` - -#### EVM: Add subcommand - -The `add` subcommand allows creating a new EVM private key and storing it in the keystore: - -```sh -blobstream orchestrator keys evm add --help - -create a new EVM address - -Usage: - blobstream orchestrator keys evm add [flags] -``` - -The passphrase of the key encryption can be passed as a flag. But it is advised not to pass it as plain text and instead enter it when prompted interactively. - -After creating a new key, you will see its corresponding address printed: - -```sh -blobstream orchestrator keys evm add - -I[2023-04-13|14:16:11.387] successfully opened store path=/home/midnight/.orchestrator -I[2023-04-13|14:16:11.387] please provide a passphrase for your account -I[2023-04-13|14:16:30.533] account created successfully address=0xaF319b70de80232539ad576f88739afD2dF44187 -I[2023-04-13|14:16:30.534] successfully closed store path=/home/midnight/.orchestrator -``` - -#### EVM: Delete subcommand - -The `delete` subcommand allows deleting an EVM private key from store via providing its corresponding address: - -```sh -blobstream orchestrator keys evm delete --help - -delete an EVM addresses from the key store - -Usage: - blobstream orchestrator keys evm delete [flags] -``` - -The provided address should be a `0x` prefixed EVM address. - -After running the command, you will be prompted to enter the passphrase for the encrypted private key, if not passed as a flag. - -Then, you will be prompted to confirm that you want to delete that private key. Make sure to verify if you're deleting the right one because once deleted, it can no longer be recovered! - -```sh -blobstream orchestrator keys evm delete 0x27a1F8CE94187E4b043f4D57548EF2348Ed556c7 - -I[2023-04-13|15:01:41.308] successfully opened store path=/home/midnight/.orchestrator -I[2023-04-13|15:01:41.309] deleting account address=0x27a1F8CE94187E4b043f4D57548EF2348Ed556c7 -I[2023-04-13|15:01:41.309] please provide the address passphrase -I[2023-04-13|15:01:43.268] Are you sure you want to delete your private key? This action cannot be undone and may result in permanent loss of access to your account. -Please enter 'yes' or 'no' to confirm your decision: yes -I[2023-04-13|15:01:45.532] private key has been deleted successfully address=0x27a1F8CE94187E4b043f4D57548EF2348Ed556c7 -I[2023-04-13|15:01:45.534] successfully closed store path=/home/midnight/.orchestrator -``` - -#### EVM: List subcommand - -The `list` subcommand allows listing the existing keys in the keystore: - -```sh -blobstream orchestrator keys evm list - -I[2023-04-13|16:08:45.084] successfully opened store path=/home/midnight/.orchestrator -I[2023-04-13|16:08:45.084] listing accounts available in store -I[2023-04-13|16:08:45.084] 0x7Dd8F9CAfe6D25165249A454F2d0b72FD149Bbba -I[2023-04-13|16:08:45.084] successfully closed store path=/home/midnight/.orchestrator -``` - -You could specify a different home using the `--home` flag to list the keys in another home directory. - -#### EVM: Update subcommand - -The `update` subcommand allows changing the EVM private key passphrase to a new one. It takes as argument the `0x` prefixed EVM address corresponding to the private key we want to edit. - -```sh -blobstream orchestrator evm update --help - -update an EVM account passphrase - -Usage: - blobstream orchestrator keys evm update [flags] -``` - -Example: - -```sh -blobstream orchestrator evm update 0x7Dd8F9CAfe6D25165249A454F2d0b72FD149Bbba - -I[2023-04-13|16:21:17.139] successfully opened store path=/home/midnight/.orchestrator -I[2023-04-13|16:21:17.140] updating account address=0x7Dd8F9CAfe6D25165249A454F2d0b72FD149Bbba -I[2023-04-13|16:21:17.140] please provide the address passphrase -I[2023-04-13|16:21:18.134] please provide the address new passphrase -I[2023-04-13|16:21:22.403] successfully updated the passphrase address=0x7Dd8F9CAfe6D25165249A454F2d0b72FD149Bbba -I[2023-04-13|16:21:22.420] successfully closed store path=/home/midnight/.orchestrator -``` - -Both the passphrases can be provided as flags, but it's better to pass them interactively for more security. - -The `--home` can be specified if the store is not in the default directory. - -#### EVM: Import subcommand - -The `import` subcommand allows importing existing private keys into the keystore. It has two subcommands: `ecdsa` and `file`. The first allows importing a private key in plaintext, while the other allows importing a private key from a JSON file secured with a passphrase. - -```sh -blobstream orchestrator keys evm import --help - -import evm keys to the keystore - -Usage: - blobstream orchestrator keys evm import [command] - -Available Commands: - ecdsa import an EVM address from an ECDSA private key - file import an EVM address from a file - -Flags: - -h, --help help for import - -Use "blobstream orchestrator keys evm import [command] --help" for more information about a command. -``` - -#### EVM: Import ECDSA - -For the first one, it takes as argument the private key in plaintext. Then, it prompts for the passphrase to use when encrypting the key and saving it to the keystore. The passphrase could be passed as a flag using the `--evm.passphrase`, but it's advised not to. - -Example: - -```sh -blobstream orchestrator keys evm import ecdsa da6ed55cb2894ac2c9c10209c09de8e8b9d109b910338d5bf3d747a7e1fc9eb7 - -I[2023-04-13|17:00:48.617] successfully opened store path=/home/midnight/.orchestrator -I[2023-04-13|17:00:48.617] importing account -I[2023-04-13|17:00:48.617] please provide the address passphrase -I[2023-04-13|17:00:51.989] successfully imported file address=0x6B452Da14195b0aDc3C960E56a078Cf8f50448f8 -I[2023-04-13|17:00:51.990] successfully closed store path=/home/midnight/.orchestrator -``` - -#### EVM: Import file - -For the second, it takes a JSON key file, as defined in [@ethereum/eth-keyfile](https://github.com/ethereum/eth-keyfile), and imports it to your keystore, so it can be used for signatures. - -```sh -blobstream orchestrator keys evm import file --help - -import an EVM address from a file - -Usage: - blobstream orchestrator keys evm import file [flags] -``` - -For example, if we have a file in the current directory containing a private key, we could run the following: - -```sh -blobstream orchestrator keys evm import file UTC--2023-04-13T15-00-50.302148204Z--966e6f22781ef6a6a82bbb4db3df8e225dfd9488 - -I[2023-04-13|17:31:53.307] successfully opened store path=/home/midnight/.orchestrator -I[2023-04-13|17:31:53.307] importing account -I[2023-04-13|17:31:53.308] please provide the address passphrase -I[2023-04-13|17:31:54.440] please provide the address new passphrase -I[2023-04-13|17:31:58.436] successfully imported file address=0x966e6f22781EF6a6A82BBB4DB3df8E225DfD9488 -I[2023-04-13|17:31:58.437] successfully closed store path=/home/midnight/.orchestrator -``` - -with the `passphrase` being the current file passphrase, and the `new passphrase` being the new passphrase that will be used to encrypt the private key in the Blobstream store. - -### P2P keystore - -Similar to the above EVM keystore, the P2P store has similar subcommands for handling the P2P Ed25519 private keys. However, it doesn't use any passphrase to secure them because they aren't that important. Any key could be used, and it is not binding to any identity. Thus, there is no need to secure them. - -To access the P2P keystore, run the following: - -```sh -blobstream orchestrator keys p2p - -Blobstream p2p keys manager - -Usage: - blobstream orchestrator keys p2p [command] - -Available Commands: - add create a new Ed25519 P2P address - delete delete an Ed25519 P2P private key from store - import import an existing p2p private key - list list existing p2p addresses - -Flags: - -h, --help help for p2p - -Use "blobstream orchestrator keys p2p [command] --help" for more information about a command. -``` - -The `orchestrator` could be replaced by `relayer` and the only difference would be the default home directory. Aside from that, all the methods defined for the orchestrator will also work with the relayer. - -#### P2P: Add subcommand - -The `add` subcommand creates a new p2p key to the p2p store: - -```sh -blobstream orchestrator keys p2p add --help - -create a new Ed25519 P2P address - -Usage: - blobstream orchestrator keys p2p add [flags] -``` - -It takes as argument an optional `` which would be the name that we can use to reference that private key. If not specified, an incremental nickname will be assigned. - -```sh -blobstream orchestrator keys p2p add - -I[2023-04-13|17:38:17.289] successfully opened store path=/home/midnight/.orchestrator -I[2023-04-13|17:38:17.290] generating a new Ed25519 private key nickname=1 -I[2023-04-13|17:38:17.291] key created successfully nickname=1 -I[2023-04-13|17:38:17.291] successfully closed store path=/home/midnight/.orchestrator -``` - -For example, in the above execution, the nickname `1` was given to the newly added key, since we didn't provide a nickname. - -The nickname will be needed in case the orchestrator needs to use a specific private key to connect to the P2P network, and that nickname will be provided as a flag. However, if not provided, the orchestrator/relayer will choose the first key in the store and just use it to connect. - -#### P2P: Delete subcommand - -The `delete` subcommand will delete a P2P private key from store referenced by its nickname: - -```sh -blobstream orchestrator keys p2p delete --help - -delete an Ed25519 P2P private key from store - -Usage: - blobstream orchestrator keys p2p delete [flags] -``` - -#### P2P: Import subcommand - -The `import` subcommand will import an existing Ed25519 private key to the store. It takes as argument the nickname that we wish to save the private key under, and the actual private key in hex format without `0x`: - -```sh -blobstream orchestrator keys p2p import --help - -import an existing p2p private key - -Usage: - blobstream orchestrator keys p2p import [flags] -``` - -#### P2P: List subcommand - -The `list` subcommand lists the existing P2P private keys in the store: - -```sh -blobstream orchestrator keys p2p list --help - -list existing p2p addresses - -Usage: - blobstream orchestrator keys p2p list [flags] -``` diff --git a/nodes/blobstream-orchestrator.md b/nodes/blobstream-orchestrator.md deleted file mode 100644 index e6986c582a4..00000000000 --- a/nodes/blobstream-orchestrator.md +++ /dev/null @@ -1,309 +0,0 @@ ---- -sidebar_label: Blobstream Orchestrator -description: Learn about the Blobstream Orchestrator. ---- - -# Blobstream Orchestrator - - - - -The role of the orchestrator is to sign attestations using its corresponding validator EVM private key. These attestations are generated within the Blobstream module of the Celestia-app state machine. To learn more about what attestations are, you can refer to [the Blobstream overview](https://github.com/celestiaorg/celestia-app/tree/main/x/blobstream). - -> **_NOTE:_** -> Running a Blobstream orchestrator is an incredibly important aspect of running a validator. The signatures created there will be used to commit to block data in the exact way as the signatures included in the commit. Not running an orchestrator potentially has the same consequences (enforced by social slashing and eventually the protocol itself) as not signing a block. - -## How it works - -The orchestrator does the following: - -1. Connect to a Celestia-app full node or validator node via RPC and gRPC and wait for new attestations -2. Once an attestation is created inside the Blobstream state machine, the orchestrator queries it. -3. After getting the attestation, the orchestrator signs it using the provided EVM private key. The private key should correspond to the EVM address provided when creating the validator. Read [more about Blobstream keys](https://docs.celestia.org/nodes/blobstream-keys/). -4. Then, the orchestrator pushes its signature to the P2P network it is connected to, via adding it as a DHT value. -5. Listen for new attestations and go back to step 2. - -The orchestrator connects to a separate P2P network from the consensus or the data availability networks. - -The bootstrapper node for the Mocha testnet is: - -```sh -/dns/bootstr-0-mocha-blobstream.celestia-mocha.com/tcp/30000/p2p/12D3KooWLrw6EQgDwvgqrqT8wLNJoQYN3SDAzaAxJgyiTa2xowyF -``` - -Make sure to specify the bootstrapper using the `--p2p.bootstrappers` flag when running the orchestrator or set it in the `/config/config.toml` config file. - -This means that even if the consensus node is already connected to the consensus network, if the orchestrator doesn't start with a list of bootstrapper to its specific network, then, it will not work and will output the following logs: - -```text -I[2023-04-26|00:04:08.175] waiting for routing table to populate targetnumberofpeers=1 currentcount=0 -I[2023-04-26|00:04:18.175] waiting for routing table to populate targetnumberofpeers=1 currentcount=0 -I[2023-04-26|00:04:28.175] waiting for routing table to populate targetnumberofpeers=1 currentcount=0 -``` - -## How to run - -### Requirements - -To run an orchestrator, you will need to have access to the following: - -- Access to your EVM address private key. This address doesn't need to be funded in any network. If yours is not yet set, check the [register an EVM address](#register-evm-address) section. -- A list of bootstrappers for the P2P network. -- Access to your consensus node RPC and gRPC ports. - -### Install the Blobstream binary - -Make sure to have the Blobstream binary installed. Check [the Blobstream binary page](https://docs.celestia.org/nodes/blobstream-binary) for more details. - -### Init the store - -Before starting the orchestrator, we will need to init the store: - -```sh -blobstream orchestrator init -``` - -By default, the store will be created under `~/.orchestrator`. However, if you want to specify a custom location, you can use the `--home` flag. Or, you can use the following environment variable: - -| Variable | Explanation | Default value | Required | -| ------------------- | ----------------------------------- | ----------------- | -------- | -| `ORCHESTRATOR_HOME` | Home directory for the orchestrator | `~/.orchestrator` | Optional | - -### Add keys - -In order for the orchestrator to start, it will need two private keys: - -- EVM private key -- P2P private key - -The EVM private key is the most important one since it needs to correspond to the EVM address provided when creating the validator. - -The P2P private key is optional, and a new one will be generated automatically on the start if none is provided. - -The `keys` command will help you set up these keys: - -```sh -blobstream orchestrator keys --help -``` - -To add an EVM private key, check the next section. - -#### EVM key - -Because EVM keys are important, we provide a keystore that will help manage them. The keystore uses a file system keystore protected by a passphrase to store and open private keys. - -To import your EVM private key, there is the `import` subcommand to assist you with that: - -```sh -blobstream orchestrator keys evm import --help -``` - -This subcommand allows you to either import a raw ECDSA private key provided as plaintext, import it from a file, or use a BIP39 mnemonic and derive a private key from it. The files are JSON keystore files encrypted using a passphrase like in [this example](https://geth.ethereum.org/docs/developers/dapp-developer/native-accounts). - -After adding the key, you can check that it's added via running: - -```sh -blobstream orchestrator keys evm list -``` - -For more information about the `keys` command, check [the `keys` documentation](https://docs.celestia.org/nodes/blobstream-keys). - -Then, you will need to register the EVM address for your validator as specified in the [Register EVM Address](#register-evm-address) section. - -### Open the P2P port - -In order for the signature propagation to be successful, you will need to expose the P2P port, which is by default `30000`. - -If not, then the signatures may not be available to the network and relayers will not be able to query them. - -### Start the orchestrator - -Now that we have the store initialized, we can start the orchestrator. Make sure you have your Celestia-app node RPC and gRPC accessible, and able to connect to the P2P network bootstrappers. - -The orchestrator accepts the following flags: - -```sh -blobstream orchestrator start --help - -Starts the Blobstream orchestrator to sign attestations - -Usage: - blobstream orchestrator start [flags] - -Flags: - --core.grpc string Specify the celestia app grpc address (default "localhost:9090") - --core.rpc string Specify the celestia app rest rpc address (default "tcp://localhost:26657") - --evm.account string Specify the EVM account address to use for signing (Note: the private key should be in the keystore) - --evm.passphrase string the evm account passphrase (if not specified as a flag, it will be asked interactively) - --grpc.insecure allow gRPC over insecure channels, if not TLS the server must use TLS - -h, --help help for start - --home string The Blobstream orchestrator home directory (default "/Users/joshstein/.orchestrator") - --log.format string The logging format (json|plain) (default "plain") - --log.level string The logging level (trace|debug|info|warn|error|fatal|panic) (default "info") - --p2p.bootstrappers string Comma-separated multiaddresses of p2p peers to connect to - --p2p.listen-addr string MultiAddr for the p2p peer to listen on (default "/ip4/0.0.0.0/tcp/30000") - --p2p.nickname string Nickname of the p2p private key to use (if not provided, an existing one from the p2p store or a newly generated one will be used) -``` - -Also, you can set the necessary configuration in the orchestrator's TOML config file. You can find the orchestrator's TOML config file in the orchestrator's home directory under `config/config.toml`. This would save you from setting all the flags in the command. - -> **_NOTE:_** The CLI flags take precedence over the config files for the same parameters. - -To start the orchestrator in the default home directory, run the following: - -```sh -blobstream orchestrator start --evm.account 0x966e6f22781EF6a6A82BBB4DB3df8E225DfD9488 -``` - -> **_NOTE:_** The above command assumes that the necessary configuration is specified in the `/config/config.toml` file. - -Then, you will be prompted to enter your EVM key passphrase so that the orchestrator can use it to sign attestations. Make sure that it's the EVM address that was provided when creating the validator. If not, then the orchestrator will not sign, and you will keep seeing a "validator not part of valset" warning message. If you see such message, first verify that your validator is part of the active validator set. If so, then probably the EVM address provided to the orchestrator is not the right one, and you should check which EVM address is registered to your validator. Check the [Register EVM Address](#register-evm-address) section for more information. - -If you no longer have access to your EVM address, you could always edit your validator with a new EVM address. This can be done through the `edit-validator` command. Check the [Register EVM Address](#register-evm-address) section. - -### Known issues - -#### `transport: authentication handshake failed` - -```text -rpc error: code = Unavailable desc = connection error: desc = "transport: authentication handshake failed: tls: first record does not look like a TLS handshake" -``` - -Seeing this error means that the orchestrator/relayer is trying to connect to a gRPC endpoint that is not secure. To bypass this, use the `--grpc.insecure` flag. However, we recommend using secure gRPC connections. - -#### `failed to query last valset before nonce (most likely pruned)` - -This warning shows that an attestation, that is needed by the orchestrator/relayer, has been pruned from the state machine. However, it's not an issue since we implemented fallback mechanisms that will use the P2P network to get it. And if that doesn't work, connecting the orchestrator/relayer to an archive node will get that attestation. - -So, seeing that warning is not a problem. - -### Register EVM Address - -When creating a validator, a random EVM address corresponding to its operator is set in the Blobstream state. This address will be used by the orchestrator to sign attestations. And since validators will generally not have access to its corresponding private key, that address needs to be edited with one whose private key is known to the validator operator. - -> **_NOTE:_** When a validator wants to start an orchestrator for a Celestia network for the first time, they will need to generate an EVM address offchain, either using the [EVM keystore](#evm-key) methods or a third party software that allows generating Ethereum addresses and provide you with a private key or a BIP39 mnemonic. - -So, to edit an EVM address for a certain validator, its corresponding account needs to send a `RegisterEVMAddress` transaction with the new address. - -First, you should get your validator `valoper` address. To do so, run the following: - -```sh -celestia-appd keys show --bech val -``` - -This assumes that you're using the default home directory, the default keystore etc. If not, make sure to add the flags that correspond to your situation. - -To check which EVM address is registered for your `valoper` address, run the following: - -```sh -celestia-appd query qgb evm -``` - -Then, to proceed with the edit, run the following command: - -```shell -celestia-appd tx qgb register \ - \ - \ - --fees 30000utia \ - --broadcast-mode block \ - --yes \ - --from your_wallet -``` - -Example command output: - -```sh -code: 0 -codespace: "" -data: 12300A2E2F63656C65737469612E7167622E76312E4D7367526567697374657245564D41646472657373526573706F6E7365 -events: -... -gas_used: "66959" -gas_wanted: "210000" -height: "3" -info: "" -logs: -- events: - - attributes: - - key: action - value: /celestia.blobstream.v1.MsgRegisterEVMAddress - type: message - log: "" - msg_index: 0 -raw_log: '[{"msg_index":0,"events":[{"type":"message","attributes":[{"key":"action","value":"/celestia.blobstream.v1.MsgRegisterEVMAddress"}]}]}]' -timestamp: "" -tx: null -txhash: 4199EA959A2CFEFCD4726D8D8F7B536458A46A27318D3483A4E9614F560606BC -``` - -Now, you can verify that the EVM address has been updated using the following command: - -```sh -celestia-appd query qgb evm -``` - -Now, you can restart the orchestrator, and it should start signing. - -Note: A validator set change is triggered if more than 5% of the total staking power of the network changes. This means that even if you change your EVM address, and you don't see your orchestrator signing, it's alright. Just wait until the validator set changes, and then your orchestrator will automatically start signing. - -### Updating the EVM address if its corresponding private key is lost - -If, for some reason, the private key, corresponding to the EVM account that was registered above, was lost, or some validator wants to change it for some reason, then they can re-register another EVM address for their validator using the same above command using the new EVM address. - -If the validator still has access to the previously running orchestrator, it would be safer to keep it running in a separate process, initialize a new orchestrator in a new home directory, and run it using the new EVM address. Then, once the new orchestrator starts signing, the old one can be stopped. - -Running a second orchestrator in the same machine would require using different P2P listening ports, i.e. changing the `listen-addr` value in the `/config/config.toml` file and using different ports between the two instances. - -#### Systemd service - -If you want to start the orchestrator as a `systemd` service, you could use the following: - -- Make sure you have the store initialized and the EVM address private key imported. Check the above sections for how to do that. -- Put the following configuration under: `/etc/systemd/system/orchestrator.service`: - -```text -[Unit] -Description=Blobstream orchestrator service -After=network.target - -[Service] -Type=simple -ExecStart= orchestrator start --evm.account --evm.passphrase -LimitNOFILE=infinity -LimitCORE=infinity -Restart=always -RestartSec=1 -StartLimitBurst=5 -User= -StandardError=journal -StandardOutput=journal -TTYPath=/dev/tty0 - -[Install] -WantedBy=multi-user.target -``` - -- Start the orchestrator service using: - -```shell -sudo systemctl start orchestrator -``` - -- Follow the logs to see if everything is running correctly: - -```shell -sudo journalctl -f -u orchestrator -``` - -And you should see the orchestrator signing. - -##### Issue: Journald not outputting the logs - -Sometimes, `journald` wouldn't load the logs from the specified service. An easy fix would be to restart it: - -```shell -sudo systemctl restart systemd-journald -``` - -Then, you should be able to follow the logs as expected. diff --git a/nodes/blobstream-relayer.md b/nodes/blobstream-relayer.md deleted file mode 100644 index f71df6953f1..00000000000 --- a/nodes/blobstream-relayer.md +++ /dev/null @@ -1,123 +0,0 @@ ---- -sidebar_label: Blobstream Relayer -description: Learn about the Blobstream Relayer. ---- - -# Blobstream Relayer - - - -The role of the relayer is to gather attestations' signatures from the orchestrators, and submit them to a target EVM chain. The attestations are generated within the Blobstream module of the Celestia-app state machine. To learn more about what attestations are, you can refer to [the Blobstream overview](https://github.com/celestiaorg/celestia-app/tree/main/x/blobstream). - -Also, while every validator in the Celestia validator set needs to run an orchestrator, we only need one entity to run the relayer, and it can be anyone. Thus, if you're a validator, most likely you want to read [the orchestrator documentation](https://docs.celestia.org/nodes/blobstream-orchestrator/). - -Every relayer needs to target a Blobstream smart contract. This contract can be deployed, if not already, using the `blobstream deploy` command. More details in the [Deploy the Blobstream contract guide](https://docs.celestia.org/nodes/blobstream-deploy/). - -## How it works - -The relayer works as follows: - -1. Connect to a Celestia-app full node or validator node via RPC and gRPC and wait for attestations. -2. Once an attestation is created inside the Blobstream state machine, the relayer queries it. -3. After getting the attestation, the relayer checks if the target Blobstream smart contract's nonce is lower than the attestation. -4. If so, the relayer queries the P2P network for signatures from the orchestrators. -5. Once the relayer finds more than 2/3s signatures, it submits them to the target Blobstream smart contract where they get validated. -6. Listen for new attestations and go back to step 2. - -The relayer connects to a separate P2P network from the consensus or the data availability one. So, we will provide bootstrappers for that one. - -This means that even if the consensus node is already connected to the consensus network, if the relayer doesn't start with a list of bootstrapper to its specific network, then, it will not work and will output the following logs: - -```text -I[2023-04-26|00:04:08.175] waiting for routing table to populate targetnumberofpeers=1 currentcount=0 -I[2023-04-26|00:04:18.175] waiting for routing table to populate targetnumberofpeers=1 currentcount=0 -I[2023-04-26|00:04:28.175] waiting for routing table to populate targetnumberofpeers=1 currentcount=0 -``` - -## How to run - -### Install the Blobstream binary - -Make sure to have the Blobstream binary installed. Check out the [Install the Blobstream binary page](https://docs.celestia.org/nodes/blobstream-binary) for more details. - -### Init the store - -Before starting the relayer, we will need to init the store: - -```sh -blobstream relayer init -``` - -By default, the store will be created un `~/.relayer`. However, if you want to specify a custom location, you can use the `--home` flag. Or, you can use the following environment variable: - -| Variable | Explanation | Default value | Required | -| -------------- | ------------------------------ | ------------- | -------- | -| `RELAYER_HOME` | Home directory for the relayer | `~/.relayer` | Optional | - -### Add keys - -In order for the relayer to start, it will need two private keys: - -- EVM private key -- P2P private key - -The EVM private key is the most important since it needs to be funded, so it is able to send transactions in the target EVM chain. - -The P2P private key is optional, and a new one will be generated automatically on the start if none is provided. - -The `keys` command will help you set up these keys: - -```sh -blobstream relayer keys --help -``` - -To add an EVM private key, check the next section. - -#### EVM key - -Because EVM keys are important, we provide a keystore that will help manage them. The keystore uses a file system keystore protected by a passphrase to store and open private keys. - -To import your EVM private key, there is the `import` subcommand to assist you with that: - -```sh -blobstream relayer keys evm import --help -``` - -This subcommand allows you to either import a raw ECDSA private key provided as plaintext, or import it from a file. The files are JSON keystore files encrypted using a passphrase like [in this example](https://geth.ethereum.org/docs/developers/dapp-developer/native-accounts). - -After adding the key, you can check that it's added via running: - -```sh -blobstream relayer keys evm list -``` - -For more information about the `keys` command, check [the `keys` documentation](https://docs.celestia.org/nodes/blobstream-keys). - -### Start the relayer - -Now that we have the store initialized, and we have a target Blobstream smart contract address, we can start the relayer. Make sure you have your Celestia-app node RPC and gRPC accessible, and able to connect to the P2P network bootstrappers. - -The relayer accepts the following flags: - -```sh -blobstream relayer start --help - -Runs the Blobstream relayer to submit attestations to the target EVM chain - -Usage: - blobstream relayer start [flags] -``` - -Also, you can set the necessary configuration in the relayers's TOML config file. You can find the orchestrator's TOML config file in the relayer's home directory under `config/config.toml`. - -> **_NOTE:_** The CLI flags take precedence over the config files for the same parameters. - -To start the relayer using the default home directory, run the following: - -```sh -/bin/blobstream relayer start --evm.account=0x35a1F8CE94187E4b043f4D57548EF2348Ed556c8 -``` - -> **_NOTE:_** The above command assumes that the necessary configuration is specified in the `/config/config.toml` file. - -Then, you will be prompted to enter your EVM key passphrase for the EVM address passed using the `--evm.account` flag, so that the relayer can use it to send transactions to the target Blobstream smart contract. Make sure that it's funded. diff --git a/nodes/consensus-node.md b/nodes/consensus-node.md index f1359dffb6f..563d776e17a 100644 --- a/nodes/consensus-node.md +++ b/nodes/consensus-node.md @@ -451,12 +451,6 @@ Follow You have successfully set up a bridge node that is syncing with the network. -#### Setup Blobstream keys - -First, prepare an EVM address with a private key that you have -access to. We will use it to register your validator's EVM address -[later in this page](#register-your-validators-evm-address). - ### Run the validator node In order to start your validator node, run the following: @@ -524,38 +518,9 @@ tx: null txhash: ``` -### Register your validator's EVM address {#register-your-validators-evm-address} - -This section will cover how to register your validator's EVM address. -This is required to run an orchestrator. - -To register your EVM address, run the following. Be sure to replace -`YOUR_EVM_ADDRESS` with your EVM address: - -```bash -VALIDATOR_ADDRESS=$(celestia-appd keys show $VALIDATOR_WALLET --bech val -a) -EVM_ADDRESS="YOUR_EVM_ADDRESS" - -celestia-appd tx qgb register \ - $VALIDATOR_ADDRESS \ - $EVM_ADDRESS \ - --from $VALIDATOR_WALLET \ - --fees 30000utia \ - -b block \ - -y & -``` - You should now be able to see your validator from [a block explorer](./mocha-testnet.md#explorers) -### Run a Blobstream orchestrator - -For validators, running a Blobstream orchestrator is **incredibly important** -for both Mocha and Mainnet (when announced). Blobstream orchestrator enables -validators to sign attestations. -[Refer to the documentation](https://docs.celestia.org/nodes/blobstream-orchestrator/#how-to-run) -to run an orchestrator. - ### Submit your validator information After starting your node, please submit your node as a seed and peer to the diff --git a/public/img/blobstream/Celestia_Blobstream_X1b.png b/public/img/blobstream/Celestia_Blobstream_X1b.png new file mode 100644 index 00000000000..eb6f9e97dba Binary files /dev/null and b/public/img/blobstream/Celestia_Blobstream_X1b.png differ diff --git a/public/img/blobstream/Celestia_Blobstream_X2b.png b/public/img/blobstream/Celestia_Blobstream_X2b.png new file mode 100644 index 00000000000..651457bb2c8 Binary files /dev/null and b/public/img/blobstream/Celestia_Blobstream_X2b.png differ