Put real block state proofs behind feature flag

Signed-off-by: Matt Hess <[email protected]>

Author: mhess-swl

hedera-node/hedera-app/src/main/java/com/hedera/node/app/blocks/impl/BlockStreamManagerImpl.java

@@ -29,6 +29,7 @@
 import com.hedera.hapi.block.stream.BlockItem;
 import com.hedera.hapi.block.stream.BlockProof;
 import com.hedera.hapi.block.stream.ChainOfTrustProof;
+import com.hedera.hapi.block.stream.MerklePath;
 import com.hedera.hapi.block.stream.MerkleSiblingHash;
 import com.hedera.hapi.block.stream.StateProof;
 import com.hedera.hapi.block.stream.SubMerkleTree;
@@ -784,17 +785,31 @@ private synchronized void finishProofWithSignature(
             } else {
                 // This is a pending block whose block number precedes the signed block number, so we construct an
                 // indirect state proof
-                final var stateProof = BlockStateProofGenerator.generateStateProof(
-                        currentPendingBlock,
-                        blockNumber,
-                        blockSignature,
-                        signedBlock.blockTimestamp(),
-                        // Pass the remaining pending blocks, but don't remove them from the queue
-                        pendingBlocks.stream());
-                proof = currentPendingBlock.proofBuilder().blockStateProof(stateProof);
-
-                if (log.isDebugEnabled()) {
-                    logStateProof(blockSignature, currentPendingBlock, blockNumber, stateProof);
+
+                if (configProvider
+                        .getConfiguration()
+                        .getConfigData(BlockStreamConfig.class)
+                        .enableStateProofs()) {
+                    final var stateProof = BlockStateProofGenerator.generateStateProof(
+                            currentPendingBlock,
+                            blockNumber,
+                            blockSignature,
+                            signedBlock.blockTimestamp(),
+                            // Pass the remaining pending blocks, but don't remove them from the queue
+                            pendingBlocks.stream());
+                    proof = currentPendingBlock.proofBuilder().blockStateProof(stateProof);
+
+                    if (log.isDebugEnabled()) {
+                        logStateProof(blockSignature, currentPendingBlock, blockNumber, stateProof);
+                    }
+                } else {
+                    // (FUTURE) Once state proofs are enabled, this placeholder proof can be removed
+                    proof = currentPendingBlock
+                            .proofBuilder()
+                            .blockStateProof(StateProof.newBuilder()
+                                    .paths(MerklePath.newBuilder().build())
+                                    .signedBlockProof(latestSignedBlockProof)
+                                    .build());
                 }
 
                 // Update the metrics

hedera-node/hedera-app/src/test/java/com/hedera/node/app/blocks/impl/BlockStreamManagerImplTest.java

@@ -687,10 +687,10 @@ void supportsMultiplePendingBlocksWithIndirectProofAsExpected() throws ParseExce
         assertEquals(
                 FIRST_FAKE_SIGNATURE,
                 aProof.blockStateProof().signedBlockProof().blockSignature());
-        // An indirect state proof must have 3 merkle paths
-        assertEquals(
-                BlockStateProofGenerator.EXPECTED_MERKLE_PATH_COUNT,
-                aProof.blockStateProof().paths().size());
+        // (FUTURE) An indirect state proof must have 3 merkle paths. Enable when full state proofs are supported.
+        //        assertEquals(
+        //                BlockStateProofGenerator.EXPECTED_MERKLE_PATH_COUNT,
+        //                aProof.blockStateProof().paths().size());
         // And the proof for N+1 using a direct proof
         final var bProofItem = lastBItem.get();
         assertNotNull(bProofItem);

hedera-node/hedera-config/src/main/java/com/hedera/node/config/data/BlockStreamConfig.java

@@ -35,7 +35,8 @@ public record BlockStreamConfig(
         @ConfigProperty(defaultValue = "100") @Min(1) @NodeProperty int maxConsecutiveScheduleSecondsToProbe,
         @ConfigProperty(defaultValue = "1s") @Min(1) @NodeProperty Duration quiescedHeartbeatInterval,
         @ConfigProperty(defaultValue = "512") @NodeProperty int maxReadDepth,
-        @ConfigProperty(defaultValue = "500000000") @NodeProperty int maxReadBytesSize) {
+        @ConfigProperty(defaultValue = "500000000") @NodeProperty int maxReadBytesSize,
+        @ConfigProperty(defaultValue = "false") @NetworkProperty boolean enableStateProofs) {
 
     /**
      * Whether to stream to block nodes.

hedera-node/test-clients/build.gradle.kts

@@ -269,6 +269,7 @@ tasks.register<Test>("testSubprocess") {
     val hintsThresholdDenominator =
         if (gradle.startParameter.taskNames.contains("hapiTestRestart")) "4" else "3"
     systemProperty("hapi.spec.hintsThresholdDenominator", hintsThresholdDenominator)
+    systemProperty("hapi.spec.block.stateproof.verification", "false")
 
     // Default quiet mode is "false" unless we are running in CI or set it explicitly to "true"
     systemProperty(

hedera-node/test-clients/src/main/java/com/hedera/services/bdd/junit/support/validators/block/IndirectProofSequenceValidator.java

@@ -49,12 +49,14 @@ class IndirectProofSequenceValidator {
 
     private final Map<Long, Bytes> expectedBlockRootHashes = new HashMap<>();
     private final Map<Long, Bytes> expectedPreviousBlockRootHashes = new HashMap<>();
+    private final Map<Long, MerkleSiblingHash[]> expectedSiblingsByBlock = new HashMap<>();
 
     /**
      * The signed block proof corresponding to the latest signed block number. This is needed to
      * verify the indirect proofs and must be the last proof in the sequence.
      */
     private BlockProof signedProof;
+
     /**
      * The consensus timestamp of the signed block corresponding to the latest signed block number.
      */
@@ -93,9 +95,10 @@ boolean containsIndirectProofs() {
     void registerProof(
             final long blockNumber,
             final @NonNull BlockProof proof,
-            final @NonNull Bytes blockRootHash,
+            final @NonNull Bytes expectedBlockHash,
             final @NonNull Bytes previousBlockHash,
-            final @NonNull Timestamp blockTimestamp) {
+            final @NonNull Timestamp blockTimestamp,
+            final @NonNull MerkleSiblingHash[] expectedSiblings) {
         if (endOfSequenceReached) {
             throw new IllegalStateException(
                     "Cannot track indirect proof for block #%s: end of sequence previously reached"
@@ -135,10 +138,7 @@ void registerProof(
             // Block's Merkle Path 2: block contents path
             // Technically we could roll the timestamp into the sibling hashes here, but for clarity we keep them
             // separate
-            final var siblingHashes = proof.blockStateProof().paths().get(BLOCK_CONTENTS_PATH_INDEX).siblings().stream()
-                    .map(s -> new MerkleSiblingHash(s.isLeft(), s.hash()))
-                    .toList();
-            final var mp2 = new PartialMerklePath(null, previousBlockHash, siblingHashes);
+            final var mp2 = new PartialMerklePath(null, previousBlockHash, Arrays.asList(expectedSiblings));
 
             // Block's Merkle Path 3: parent (i.e. combined hash of left child and right child)
             // This is the combined result and should have no data
@@ -150,8 +150,9 @@ void registerProof(
             actualIndirectProofs.put(blockNumber, proof.blockStateProof());
         }
 
-        expectedBlockRootHashes.put(blockNumber, blockRootHash);
+        expectedBlockRootHashes.put(blockNumber, expectedBlockHash);
         expectedPreviousBlockRootHashes.put(blockNumber, previousBlockHash);
+        expectedSiblingsByBlock.put(blockNumber, expectedSiblings);
 
         log.info("Registered proof for block {}", blockNumber);
     }
@@ -313,8 +314,8 @@ private Map<Long, MerklePath[]> constructExpectedMerklePaths() {
         // Merkle Path 2: enumerate all sibling hashes for remaining UNSIGNED blocks
         MerklePath.Builder earliestBlockMp2 = MerklePath.newBuilder();
 
-        // Create a set of siblings for all unsigned blocks remaining, plus another set for the signed block (excluding
-        // its timestamp)
+        // Create a set of siblings for all _unsigned_ blocks remaining, plus another set for the signed block
+        // (excluding its timestamp)
         final var numBlocksRemaining = signedBlockNum - firstUnsignedBlockNum;
         final var totalExpectedSiblings = expectedSiblingsFrom(numBlocksRemaining);
         final SiblingNode[] allSiblingHashes = new SiblingNode[totalExpectedSiblings];
@@ -361,11 +362,12 @@ private Map<Long, MerklePath[]> constructExpectedMerklePaths() {
             final var currUnsignedBlockSiblings = new SiblingNode[currUnsignedBlockSiblingsSize];
             final var currUnsignedBlockStartingIndex =
                     (int) ((currUnsignedBlock - firstUnsignedBlockNum) * UNSIGNED_BLOCK_SIBLING_COUNT);
+            currentBlockNum = 0;
             for (int i = currUnsignedBlockStartingIndex; i < allSiblingHashes.length; i++) {
                 // Copy the subset of sibling hashes from the full set of hashes (note: COPIES the current hash)
-                currUnsignedBlockSiblings[i] = allSiblingHashes[currUnsignedBlockStartingIndex + i]
-                        .copyBuilder()
-                        .build();
+                currUnsignedBlockSiblings[(int) currentBlockNum] =
+                        allSiblingHashes[i].copyBuilder().build();
+                currentBlockNum++;
             }
 
             newMp2.siblings(currUnsignedBlockSiblings).nextPathIndex(FINAL_MERKLE_PATH_INDEX);
@@ -415,8 +417,14 @@ private void verifyHashSequence() {
         // Verify the sequence of hashes by recomputing each block hash from the previous block
         // hash and the indirect proof
         final var finalExpectedHash = expectedBlockRootHashes.get(signedBlockNum);
+        assertTrue(
+                finalExpectedHash.length() > 0,
+                "Final expected block hash is empty for signed block " + signedBlockNum);
         for (long blockNum = firstUnsignedBlockNum; blockNum < signedBlockNum; blockNum++) {
             final var expectedPreviousBlockHash = expectedPreviousBlockRootHashes.get(blockNum);
+            assertTrue(
+                    expectedPreviousBlockHash.length() > 0,
+                    "Expected previous block hash is empty for block " + blockNum);
 
             final var actualBlockStateProof = actualIndirectProofs.get(blockNum);
             assertNotNull(actualBlockStateProof, "Missing indirect state proof for block " + blockNum);
@@ -489,7 +497,7 @@ private static int expectedSiblingsFrom(final long numUnsignedBlocksRemaining) {
         // For the signed block we _do_ include its siblings in the state proof's block contents path, but we _don't_
         // include the timestamp as a sibling hash. The verification algorithm expects the signed block's timestamp to
         // be provided separately.
-        return unsignedSiblingCount + +SIGNED_BLOCK_SIBLING_COUNT;
+        return unsignedSiblingCount + SIGNED_BLOCK_SIBLING_COUNT;
     }
 
     // A quick note: any field in this record can be null depending on which of the three types of merkle path it