Sfdwhf

Eww, those bytes are gross

What are "industrial chops"?

Spring Boot request header return null value

What is the most fuel efficient way out of the Solar System?

Why did the villain in the first Men in Black movie care about Earth's Cockroaches?

Porting Linux to another platform requirements

How should I handle players who ignore the session zero agreement?

How can my powered armor quickly replace its ceramic plates?

When can a QA tester start his job?

A starship is travelling at 0.9c and collides with a small rock. Will it leave a clean hole through, or will more happen?

Bash Script Function Return True-False

Does theoretical physics suggest that gravity is the exchange of gravitons or deformation/bending of spacetime?

Finding lengths when circles and squares tangents.

Does a phylactery of a lich have to be a box?

Do authors have to be politically correct in article-writing?

Consequences of lack of rigour

Nested word series [humans only]

I will be going to Sweden on business purpose .Can I visit London from Sweden and how much UK visa will cost?

What incentives do banks have to gather up loans into pools (backed by Ginnie Mae)and selling them?

What are career options for big-picture thinkers with no experience?

Is it a fallacy if someone claims they need an explanation for every word of your argument to the point where they don't understand common terms?

Why is it that Bernie Sanders is always called a "socialist"?

What is the wife of a henpecked husband called?

Publishing research using outdated methods

Partial vs Complete Catchup: what are the differences in terms of security?

stellar-code stuck with Joining SCPShould Every Node Contain The Same Quorum Set Configuration?FATAL when switching from test network to public network on stellar-coreHelp - why can’t I synch stellar core?Stellar Core node is typically behind SDF by 20 to 100 ledgersWhat are the message size limitations of stellar consensus protocol?Limiting the size of local buckets on the coreSetting the network interface for core?Node sync issue - private networkPartial Catch-up on Validator nodes

2

Lets assume I power-up a new core and join (as validator) to a network of pre-existing other nodes. In addition, to speed things up, I chose to do a partial catchup from one history archive. Now, having synced up, is it possible that my new core has a state that's been tampered with?

In other words, when I perform partial catchup, what are the risks in terms of security?

UPDATE: I'm slightly changing the question to make it more interesting: Suppose the network I join has conspired against me and they've all tampered with the state (the bucketlist) stored on their history to reflect a state that's different than the one I would arrive to by replaying the txs from the genesis block. Is this possible? If it is, then a full catchup does have benefits over a partial one.

stellar-core scp catchup

share|improve this question

edited 2 hours ago

Orbit Lens

5,5861925

asked 5 hours ago

FuzzyAmiFuzzyAmi

731312

add a comment | 

2

Lets assume I power-up a new core and join (as validator) to a network of pre-existing other nodes. In addition, to speed things up, I chose to do a partial catchup from one history archive. Now, having synced up, is it possible that my new core has a state that's been tampered with?

In other words, when I perform partial catchup, what are the risks in terms of security?

UPDATE: I'm slightly changing the question to make it more interesting: Suppose the network I join has conspired against me and they've all tampered with the state (the bucketlist) stored on their history to reflect a state that's different than the one I would arrive to by replaying the txs from the genesis block. Is this possible? If it is, then a full catchup does have benefits over a partial one.

stellar-core scp catchup

share|improve this question

edited 2 hours ago

Orbit Lens

5,5861925

asked 5 hours ago

FuzzyAmiFuzzyAmi

731312

add a comment | 

Lets assume I power-up a new core and join (as validator) to a network of pre-existing other nodes. In addition, to speed things up, I chose to do a partial catchup from one history archive. Now, having synced up, is it possible that my new core has a state that's been tampered with?

In other words, when I perform partial catchup, what are the risks in terms of security?

UPDATE: I'm slightly changing the question to make it more interesting: Suppose the network I join has conspired against me and they've all tampered with the state (the bucketlist) stored on their history to reflect a state that's different than the one I would arrive to by replaying the txs from the genesis block. Is this possible? If it is, then a full catchup does have benefits over a partial one.

stellar-core scp catchup

share|improve this question

edited 2 hours ago

Orbit Lens

5,5861925

asked 5 hours ago

FuzzyAmiFuzzyAmi

731312

share|improve this question

edited 2 hours ago

Orbit Lens

5,5861925

asked 5 hours ago

FuzzyAmiFuzzyAmi

731312

share|improve this question

edited 2 hours ago

Orbit Lens

5,5861925

asked 5 hours ago

FuzzyAmiFuzzyAmi

731312

edited 2 hours ago

Orbit Lens

5,5861925

edited 2 hours ago

Orbit Lens

5,5861925

asked 5 hours ago

FuzzyAmiFuzzyAmi

731312

asked 5 hours ago

FuzzyAmiFuzzyAmi

731312

1 Answer
1

active

oldest

votes

3

Each node synchronizes the state with the quorum set, so archives tampering won't work. The node will be unable to catch up with SCP quorum if the local state differs from the quorum-approved state. Nobody can modify a single archive file without messing up the whole archive because each ledger contains hash of the previous ledger and they are validated during the catchup. The node will discard the ledger with invalid hash.

Therefore, there is no difference whether you are doing full or partial catchup.

EDIT:

1. Attackers control both the quorum set and archives destination → Newly-connected node will be 100% compromised.


2. Attackers control only the quorum set or the archives data → New node will connect and follow the SCP majority, but won't be able to catchup with the history. It will be unable to apply the state from buckets if hashes don't match. I don't think that the node will be able to act as validator in this case.

If the archives are tempered, you won't be able to ingest the history regardless whether you are starting from the genesis block or not.

share|improve this answer

edited 2 hours ago

answered 3 hours ago

Orbit LensOrbit Lens

5,5861925

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  thank you for the answer. I updated my question and added a corner case where I think it might be beneficial to perform full catchup. Also, would you be so kind as to add a 'catchup' tag to this SO? thx!
  
  – FuzzyAmi
  2 hours ago
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  @FuzzyAmi I updated the answer
  
  – Orbit Lens
  2 hours ago
  

  
  
  
  

add a comment | 

Your Answer

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "686"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstellar.stackexchange.com%2fquestions%2f2246%2fpartial-vs-complete-catchup-what-are-the-differences-in-terms-of-security%23new-answer', 'question_page');
}
);

Post as a guest

Name

Email

Required, but never shown

3

Each node synchronizes the state with the quorum set, so archives tampering won't work. The node will be unable to catch up with SCP quorum if the local state differs from the quorum-approved state. Nobody can modify a single archive file without messing up the whole archive because each ledger contains hash of the previous ledger and they are validated during the catchup. The node will discard the ledger with invalid hash.

Therefore, there is no difference whether you are doing full or partial catchup.

EDIT:

1. Attackers control both the quorum set and archives destination → Newly-connected node will be 100% compromised.


2. Attackers control only the quorum set or the archives data → New node will connect and follow the SCP majority, but won't be able to catchup with the history. It will be unable to apply the state from buckets if hashes don't match. I don't think that the node will be able to act as validator in this case.

If the archives are tempered, you won't be able to ingest the history regardless whether you are starting from the genesis block or not.

share|improve this answer

edited 2 hours ago

answered 3 hours ago

Orbit LensOrbit Lens

5,5861925

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  thank you for the answer. I updated my question and added a corner case where I think it might be beneficial to perform full catchup. Also, would you be so kind as to add a 'catchup' tag to this SO? thx!
  
  – FuzzyAmi
  2 hours ago
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  @FuzzyAmi I updated the answer
  
  – Orbit Lens
  2 hours ago
  

  
  
  
  

add a comment | 

3

Each node synchronizes the state with the quorum set, so archives tampering won't work. The node will be unable to catch up with SCP quorum if the local state differs from the quorum-approved state. Nobody can modify a single archive file without messing up the whole archive because each ledger contains hash of the previous ledger and they are validated during the catchup. The node will discard the ledger with invalid hash.

Therefore, there is no difference whether you are doing full or partial catchup.

EDIT:

1. Attackers control both the quorum set and archives destination → Newly-connected node will be 100% compromised.


2. Attackers control only the quorum set or the archives data → New node will connect and follow the SCP majority, but won't be able to catchup with the history. It will be unable to apply the state from buckets if hashes don't match. I don't think that the node will be able to act as validator in this case.

If the archives are tempered, you won't be able to ingest the history regardless whether you are starting from the genesis block or not.

share|improve this answer

edited 2 hours ago

answered 3 hours ago

Orbit LensOrbit Lens

5,5861925

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  thank you for the answer. I updated my question and added a corner case where I think it might be beneficial to perform full catchup. Also, would you be so kind as to add a 'catchup' tag to this SO? thx!
  
  – FuzzyAmi
  2 hours ago
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  @FuzzyAmi I updated the answer
  
  – Orbit Lens
  2 hours ago
  

  
  
  
  

add a comment | 

Each node synchronizes the state with the quorum set, so archives tampering won't work. The node will be unable to catch up with SCP quorum if the local state differs from the quorum-approved state. Nobody can modify a single archive file without messing up the whole archive because each ledger contains hash of the previous ledger and they are validated during the catchup. The node will discard the ledger with invalid hash.

Therefore, there is no difference whether you are doing full or partial catchup.

EDIT:

1. Attackers control both the quorum set and archives destination → Newly-connected node will be 100% compromised.


2. Attackers control only the quorum set or the archives data → New node will connect and follow the SCP majority, but won't be able to catchup with the history. It will be unable to apply the state from buckets if hashes don't match. I don't think that the node will be able to act as validator in this case.

If the archives are tempered, you won't be able to ingest the history regardless whether you are starting from the genesis block or not.

share|improve this answer

edited 2 hours ago

answered 3 hours ago

Orbit LensOrbit Lens

5,5861925

share|improve this answer

edited 2 hours ago

answered 3 hours ago

Orbit LensOrbit Lens

5,5861925

answered 3 hours ago

Orbit LensOrbit Lens

5,5861925

answered 3 hours ago

Orbit LensOrbit Lens

5,5861925