POA共识机制
POA(Proof of Authority),即授权证明,是通过一组授过权的节点来生成新的区块和验证新的区块。
也叫(Proof of Activity)活跃证明,因为这组授权节点是从所有活跃节点中产生的。
授权节点(signers)
就是矿工节点,负责打包交易,产生区块,由授权的signer投票超过50%产生新的signer。如果signer作恶,他最多只能攻击连续块(SIGNER_COUNT / 2) + 1)中的一个,作恶期间可以由其他的signer投票踢出作恶的signer。
算法公式
n = F(signer,msgHash)
其中F()是数字签名函数,n是签名后生成的数据,signer是授权节点,在以太坊中是一个Address类型(20 bytes)的地址。mshHash是要签名的数据摘要,对应以太坊中Hash类型(32bytes)的哈希值。签名算法F(),采用的是椭圆曲线数字签名算法(ECDSA)。
这个授权节点有一个限制,就是必须是认证(authorized)的。
现在我们通过源码看一下POA签名过程。
func (s *Ethereum) StartMining(threads int) error {
~~~~~~代码省略
// Configure the local mining address
eb, err := s.Etherbase()
if err != nil {
log.Error("Cannot start mining without etherbase", "err", err)
return fmt.Errorf("etherbase missing: %v", err)
}
if clique, ok := s.engine.(*clique.Clique); ok {
wallet, err := s.accountManager.Find(accounts.Account{Address: eb})
if wallet == nil || err != nil {
log.Error("Etherbase account unavailable locally", "err", err)
return fmt.Errorf("signer missing: %v", err)
}
clique.Authorize(eb, wallet.SignHash)
}
}
上面的代码在backend.go中。这里是Clique的初始化,通过判断当前s.engine的类型是否是Clique来初始化签名者(signer)和签名函数(SignHash)。
上面的代码中eb是当前节点的主帐户地址(acounts[0]),通过 clique.Authorize(eb, wallet.SignHash)配置签名者和签名函数,签名函数是通过wallet 对象获取的。
下面是Authorize和SignHash方法
// Authorize injects a private key into the consensus engine to mint new blocks
// with.
func (c *Clique) Authorize(signer common.Address, signFn SignerFn) {
c.lock.Lock()
defer c.lock.Unlock()
c.signer = signer
c.signFn = signFn
}
// SignHash calculates a ECDSA signature for the given hash. The produced
// signature is in the [R || S || V] format where V is 0 or 1.
func (ks *KeyStore) SignHash(a accounts.Account, hash []byte) ([]byte, error) {
// Look up the key to sign with and abort if it cannot be found
ks.mu.RLock()
defer ks.mu.RUnlock()
unlockedKey, found := ks.unlocked[a.Address]
if !found {
return nil, ErrLocked
}
// Sign the hash using plain ECDSA operations
return crypto.Sign(hash, unlockedKey.PrivateKey)
}
可以看到SignHash函数的功能就是用签名者账户的私钥对hash数值进行签名。
设置了签名者和签名函数后,我们就看下整个POA最主要的部分,就是在签名者对区块进行签名认证的过程 :Seal()函数,在clique.go中
// Seal implements consensus.Engine, attempting to create a sealed block using
// the local signing credentials.
func (c *Clique) Seal(chain consensus.ChainReader, block *types.Block, results chan<- *types.Block, stop <-chan struct{}) error {
header := block.Header()
// Sealing the genesis block is not supported
number := header.Number.Uint64()
if number == 0 {
return errUnknownBlock
}
// For 0-period chains, refuse to seal empty blocks (no reward but would spin sealing)
if c.config.Period == 0 && len(block.Transactions()) == 0 {
log.Info("Sealing paused, waiting for transactions")
return nil
}
// Don't hold the signer fields for the entire sealing procedure
c.lock.RLock()
signer, signFn := c.signer, c.signFn
c.lock.RUnlock()
// Bail out if we're unauthorized to sign a block
snap, err := c.snapshot(chain, number-1, header.ParentHash, nil)
if err != nil {
return err
}
if _, authorized := snap.Signers[signer]; !authorized {
return errUnauthorizedSigner
}
// If we're amongst the recent signers, wait for the next block
for seen, recent := range snap.Recents {
if recent == signer {
// Signer is among recents, only wait if the current block doesn't shift it out
if limit := uint64(len(snap.Signers)/2 + 1); number < limit || seen > number-limit {
log.Info("Signed recently, must wait for others")
return nil
}
}
}
// Sweet, the protocol permits us to sign the block, wait for our time
delay := time.Unix(header.Time.Int64(), 0).Sub(time.Now()) // nolint: gosimple
if header.Difficulty.Cmp(diffNoTurn) == 0 {
// It's not our turn explicitly to sign, delay it a bit
wiggle := time.Duration(len(snap.Signers)/2+1) * wiggleTime
delay += time.Duration(rand.Int63n(int64(wiggle)))
log.Trace("Out-of-turn signing requested", "wiggle", common.PrettyDuration(wiggle))
}
// Sign all the things!
sighash, err := signFn(accounts.Account{Address: signer}, sigHash(header).Bytes())
if err != nil {
return err
}
copy(header.Extra[len(header.Extra)-extraSeal:], sighash)
// Wait until sealing is terminated or delay timeout.
log.Trace("Waiting for slot to sign and propagate", "delay", common.PrettyDuration(delay))
go func() {
select {
case <-stop:
return
case <-time.After(delay):
}
select {
case results <- block.WithSeal(header):
default:
log.Warn("Sealing result is not read by miner", "sealhash", c.SealHash(header))
}
}()
return nil
}
通过代码可以看到签名过程做了5步认证限制:
1.不给创世区块签名
number := header.Number.Uint64()
if number == 0 {
return errUnknownBlock
}
2.如果Period为0并且打包的交易个数为0,则是无效区块。
// For 0-period chains, refuse to seal empty blocks (no reward but would spin sealing)
if c.config.Period == 0 && len(block.Transactions()) == 0 {
log.Info("Sealing paused, waiting for transactions")
return nil
}
3.检查该节点是否是授权节点
// Bail out if we're unauthorized to sign a block
snap, err := c.snapshot(chain, number-1, header.ParentHash, nil)
if err != nil {
return err
}
if _, authorized := snap.Signers[signer]; !authorized {
return errUnauthorizedSigner
}
4.检查该节点是否刚签过名
// If we're amongst the recent signers, wait for the next block
for seen, recent := range snap.Recents {
if recent == signer {
// Signer is among recents, only wait if the current block doesn't shift it out
if limit := uint64(len(snap.Signers)/2 + 1); number < limit || seen > number-limit {
log.Info("Signed recently, must wait for others")
return nil
}
}
}
5.检查是否轮到该节点签名了。
// Sweet, the protocol permits us to sign the block, wait for our time
delay := time.Unix(header.Time.Int64(), 0).Sub(time.Now()) // nolint: gosimple
if header.Difficulty.Cmp(diffNoTurn) == 0 {
// It's not our turn explicitly to sign, delay it a bit
wiggle := time.Duration(len(snap.Signers)/2+1) * wiggleTime
delay += time.Duration(rand.Int63n(int64(wiggle)))
log.Trace("Out-of-turn signing requested", "wiggle", common.PrettyDuration(wiggle))
}
上面五步执行完毕后,就可以使用签名者的SignFn函数签名了,我们接看往下看:
// Sign all the things!
sighash, err := signFn(accounts.Account{Address: signer}, sigHash(header).Bytes())
if err != nil {
return err
}
copy(header.Extra[len(header.Extra)-extraSeal:], sighash)
// Wait until sealing is terminated or delay timeout.
log.Trace("Waiting for slot to sign and propagate", "delay", common.PrettyDuration(delay))
go func() {
select {
case <-stop:
return
case <-time.After(delay):
}
select {
case results <- block.WithSeal(header):
default:
log.Warn("Sealing result is not read by miner", "sealhash", c.SealHash(header))
}
}()
通过上面的代码我们看到,在调用signFn后,将签名后的结果存放在了header的Extra字段中。最后通过block.WithSeal(header)函数 通过区块头重新组装成一个区块,并将结果赋给results,通过通道返回。
通过上面的代码,我们大概了解了POA共识是如何生成新的区块的。大家有时间可以到源码中再了解一下。
