75/WAKU2-SYNC

[ABresting]

This is the initial version of Sync RFC supported by a Technical PoC. The Prolly trees used are complete and flexible for future changes. This RFC is developed using the following research brainstorming:
waku-org/research#78
waku-org/research#62

[jimstir]

@ABresting This rfc should be 75.

[kaichaosun]

Is this spec for sync protocol or there is another one?
Message reliability is a use case of sync protocol, if no other spec, I think the name of this spec should be something like sync.

[ABresting]

It can be, but in the research direction doc it is referred under Message-Reliability umbrella.

[jm-clius]

Not critical for raw spec, but although this is indeed part of the overall track towards message reliability, this spec only introduces a new sync protocol and should be titled accordingly - something like WAKU2-SYNC. A separate spec will then take concepts introduced here and in other protocols to describe WAKU2-MESSAGE-RELIABILITY in a consolidated spec.

[kaichaosun]

• Link the issue seems not friendly as there are discussions and everyone who wants to understand the spec needs to read it, should we make the spec self-contained for such information?
• Sync store protocol is confusing, in my understanding sync protocol can be implemented by any nodes in waku network, and store node is the one implements sync protocol by default. It's probably better to structure this spec by making this point explicitly.

[ABresting]

Thanks very useful feedback here:

1. In the research issue mentioned above, the main content of the issue was modified based on the comments/discussions. So with time the conclusion of the discussions were integrated in the main issue content. Should we open another sanitized issue if this one seems polluted a bit?
2. During the discussions it was noted that for v0 at least Store node should be the only one implementing it BUT I get the point and IMO it is convenient with the current Prolly tree design that Sync can also be part of the non-Store nodes (it comes with added work of taking messages from relay and then making a tree).

It's probably better to structure this spec by making this point explicitly.

As leadership decides, I can amend the RFC -> any node can run Sync protocol.

[kaichaosun]

Should we open another sanitized issue if this one seems polluted a bit?

Why not put the conclusions from the issue in this spec? and update this spec when new feature/fix needs to be included.

As leadership decides, I can amend the RFC -> any node can run Sync protocol.

I think the community knows the answer better than the leadership :)
Definitely need more input about this from other devs/researchers.

[ABresting]

Why not put the conclusions from the issue in this spec? and update this spec when new feature/fix needs to be included.

that sounds cool, I can maybe just TLDR; issue into this spec.

[jm-clius]

1. Indeed. Specs should preferably not refer to resources outside of the body of specifications that its building on. However, since we're quite informal for the raw spec, I think it's OK to be more focused on how the protocol itself works and less on the contextualisation - in other words, I'd suggest simply removing the entire line "The detailed explanation...". The necessary context can grow in this spec in successive iterations.
2. I would just call this something like "Waku Sync Protocol" and not add any conclusions as to what type of nodes can or cannot run the protocol - the only requirement is that the node must be keeping track of a list of message hashes in a prolly tree (which will have to be specified too, but that spec can be TBD for now).

a client receives the messages through Sync

https://rfc.vac.dev/spec/14/#deterministic-message-hashing message hashes?

Store is planned to work in conjunction with Sync to provide a reliable message delivery mechanism.

It's OK to add outside context in a raw spec. Note however that this spec should ultimately not know about "reliable message delivery" or "store" protocol, but simply be a minimalist protocol description that only "knows" about message hashes in a prolly tree. I think this would make the spec simpler to understand too, simplifying its goal. I would suggest just removing this line.

[kaichaosun]

How about ExchangeRootRequest by sending local root to a remote peer? this will give flexibility for scenarios which don't depend on any store nodes.

[ABresting]

this will give flexibility for scenarios which don't depend on any store nodes.

I am not sure I am following this part? could you please elaborate more on this point?

Just to provide more context, a client sends a request to a server (here client and server are peer nodes) to get its root so, here the requesting node (client) holds the responsibility of computation based on root received. For server it should be a passive process. With ExchangeRootRequest I looks like client is also sending it's root, which should not be the case.

[kaichaosun]

I'm thinking about this scenario, in a p2p network, when peers comes online and connected with each other, each peer shares the root of the Prolly Tree, so that the other knows who is ahead, and decides which one should be client and which one should be server.

If p2p connection could happen in contentTopic level (I believe currently p2p connection attached if peers share the same pubsub topic), it will make community based sync possible and remove the dependency for store node.

[ABresting]

so that the other knows who is ahead, and decides which one should be client and which one should be server.

so basically, when an operator goes offline, they somehow know to have missed messages while they were offline, in this case the operator sends a query request based on the last available timestamp and gets messages in the old traditional way. Sync is highly useful in the case where the connection is ad-hoc that an operator might miss some messages if not all. This type of Sync request/root-check should be done in a cronjob type within certain intervals.

it will make community based sync possible and remove the dependency for store node.

This seems like a multidimensional question, you are looking at it from Status/chat perspective, it should be dealt in app level policies in Waku client of how and where to create the Prolly tree.

[jm-clius]

I think it's possible to save bandwidth by having the first message contain the requester's own root node. This means that initially the protocol doesn't quite behave as client-server in the first message. Each node can use this to periodically request the roots of peers to determine if it has any gaps. The responder can use this first message to also determine if it has any gaps. Both sides then have the option to initiate the sync process, but this time as client of the interaction until it has retrieved the hashes of missed messages.

[kaichaosun]

get the root node of the Prolly tree at the height of the root of the Prolly tree.

Can you elaborate a bit more to help me understand?

[ABresting]

basically, in current Prolly tree implementation, if client has 5 elements (key-value pair nodes) then those 5 nodes must be present until a certain height (the process of a node promotion to a height in Prolly tree), and in any other Prolly tree in the network with any number of key-value pair nodes the comparison must start from the lowest common height only.

[ABresting]

also amended the RFC Step 4 for better clarity.

[kaichaosun]

Does Waku has validation around messages? If any, probably worth to link it here. This will helps to resolve the concerns around the malicious sync service peers. (I like the word service in stead of server 😄 )

I think the sync protocol is also related to the content topics, and can be linked too.

[ABresting]

IMO in Waku client code there is a validation of any message when it is put into Store. Sync protocol can inherit this advantage.

I think the sync protocol is also related to the content topics, and can be linked too.

You mean Sync based on content_topic as in libp2p construct? if so, then it can be achieved in 2 ways:

• Make Prolly tree of messages filtered on a content topic.
• Make another Prolly tree based on content topics as key, and then do an intersection of both the results (timestamp and content_topic prolly tree output).

[kaichaosun]

I also have concern about using timestamp as the key. some know issues like,

• duplicated timestamp
• malicious peers arbitrary set timestamps
• result in unbalanced tree with discontinued timestamps

I haven't go into the details of this spec's implementation, would be helpful if you already thought through these concerns.

[ABresting]

Good points, but like you said they have been thought through in the design discussions. Brief comments:

• Duplicated timestamps can be a feature where the value part of key-value store value can be a list of message_hash that belongs to same timestamps. It will be a rare event considering the nanoseconds unix timestamp used in TWN. The Prolly tree can easily be extended to support this.
• malicious peers arbitrarily set timestamps: This is also handled at the relay/store level as messages outside 20sec lag are discarded anyways from a Node's perspective, also RLN might help eradicate this issue to a certain degree.
• unbalanced tree: there is no design based on pockets of epochs or timestamps that one pocket see high volume of messages and others see a low volume. Tree is balanced probabilistically based on individual key.

[jm-clius]

It will be a rare event considering the nanoseconds unix timestamp used in TWN

Note that this should not be a rare event. Even though the timestamp field has nanosecond resolution, the populated timestamps will have coarse resolution to prevent timing attacks (e.g. 500ms boundaries with many messages having matching timestamps).

Maliciously setting timestamps will indeed be handled on the relay layer (validating messages, epoch, etc. via RLN).

[kaichaosun]

Duplicated timestamps can be a feature where the value part of key-value store value can be a list of message_hash that belongs to same timestamps.

Make a list of messages hashes for the same timestamp adding complexity to resolve messages, and not using the great value (support frequent and arbitrary places insertion, or am I misunderstand it?) provided by Prolly Tree.
Time range based query is a unstable and only convenient for client to be online again and fast catchup. It's not the focus of Sync Protocol to help with the time range based query, and should not depend on this query for the tree's integrity.

Is there any concern not use message hash directly instead of using timestamp?

I'm also wondering what's the performance for insertion if there are tens of thousands even millions of messages. It can be mitigated by only construct the tree within last a few months though.

[jm-clius]

Thanks for this! I have added a couple of questions and comment as starting point. The most important is to add some (simple) description of how the tree traversal actually works, which message types are involved, etc.

[jm-clius]

Not critical for raw spec, but although this is indeed part of the overall track towards message reliability, this spec only introduces a new sync protocol and should be titled accordingly - something like WAKU2-SYNC. A separate spec will then take concepts introduced here and in other protocols to describe WAKU2-MESSAGE-RELIABILITY in a consolidated spec.

[jm-clius]

Semantics, but wouldn't it be truer (and make the spec simpler in scope) to explicitly say something like "sync protocol enables a node to synchronize the set of Waku message hashes that it it may have missed". This spec can then focus purely on the problem of message hashes. For clarity, a section on how this could be used to synchronize stored messages could be added, but the bulk of the spec could just describe "hash syncing".

[jm-clius]

Also possible to link to https://rfc.vac.dev/spec/14/#deterministic-message-hashing to describe this newly introduced concept of "message hashes".

[jm-clius]

Minor note: we use semantic breaks between each sentence (or full clause). These do not render in the spec, but makes it much easier to add review comments or edit specific lines without having to work with paragraphs.

[jm-clius]

1. Indeed. Specs should preferably not refer to resources outside of the body of specifications that its building on. However, since we're quite informal for the raw spec, I think it's OK to be more focused on how the protocol itself works and less on the contextualisation - in other words, I'd suggest simply removing the entire line "The detailed explanation...". The necessary context can grow in this spec in successive iterations.
2. I would just call this something like "Waku Sync Protocol" and not add any conclusions as to what type of nodes can or cannot run the protocol - the only requirement is that the node must be keeping track of a list of message hashes in a prolly tree (which will have to be specified too, but that spec can be TBD for now).

a client receives the messages through Sync

https://rfc.vac.dev/spec/14/#deterministic-message-hashing message hashes?

Store is planned to work in conjunction with Sync to provide a reliable message delivery mechanism.

It's OK to add outside context in a raw spec. Note however that this spec should ultimately not know about "reliable message delivery" or "store" protocol, but simply be a minimalist protocol description that only "knows" about message hashes in a prolly tree. I think this would make the spec simpler to understand too, simplifying its goal. I would suggest just removing this line.

[jm-clius]

Wouldn't another requirement be that each node MUST contain an empty or populated prolly tree of message hashes (structure specification TBD) that it wants to synchronize with the peer?

[jm-clius]

Minor note: I think the spelling is "merkle" and not "merkel", unless you're referring to the previous chancellor of Germany. :)

[jm-clius]

Would key here be a timestamp? Wouldn't that imply that the references should be int64?

[jm-clius]

It will be a rare event considering the nanoseconds unix timestamp used in TWN

Note that this should not be a rare event. Even though the timestamp field has nanosecond resolution, the populated timestamps will have coarse resolution to prevent timing attacks (e.g. 500ms boundaries with many messages having matching timestamps).

Maliciously setting timestamps will indeed be handled on the relay layer (validating messages, epoch, etc. via RLN).

[jm-clius]

A couple of questions:

1. Why doesn't the client ask for the root at the desired height in the first request message already?
2. Couldn't there be more than one node at the requested height? Which one does the server respond with or am I missing something?

[ABresting]

client ask for the root at the desired height in the first request message already?

that's an excellent suggestion, I see no reason why not!

Couldn't there be more than one node at the requested height? Which one does the server respond with or am I missing something?

The root of a Prolly tree is tail/fake node. Imagine a Tree X contains only 5 levels, then it means, 5th level has a single node below this level (level 4) it will have intermediate nodes along with a right most tail node ofcourse. Now, Tree Y contains 7 levels so to find the diff Y's level 5 tail/fake node will be sent as a root, not its intermediate nodes at level 5. With this property, a diff is found out.

[jm-clius]

Right. Thanks, I think this make sense. In other words, this only works if one tree really compares a true root to the "fake" root of another tree? If both, for some reason, compares a fake root (which is in fact a tail at a certain level), they may see a false match.

Perhaps worth explicitly stating in the spec what the definition of "root at desired height" means.

[ABresting]

I think the fake root concept explanation should go into the Prolly Tree Spec and not in this spec. I will briefly mention something like this:

Root of the Prolly tree is used in this Sync mechanism, which is a Merkle tree with a probabilistic data structure.

As per the Prolly tree design, there is a fake root present at every level/height of the Prolly tree, to Sync properly both roots must be from the same height/level inside the Prolly tree.

[jm-clius]

Is it possible to expand this step and explain the messages, field and logic involved:
e.g. if the client detects a difference in root, it requests the children of that node using message_x. For each child node that differs, it continues using message_x to retrieve child nodes until...

[jm-clius]

I think it's possible to save bandwidth by having the first message contain the requester's own root node. This means that initially the protocol doesn't quite behave as client-server in the first message. Each node can use this to periodically request the roots of peers to determine if it has any gaps. The responder can use this first message to also determine if it has any gaps. Both sides then have the option to initiate the sync process, but this time as client of the interaction until it has retrieved the hashes of missed messages.

[ABresting]

I think it's possible to save bandwidth by having the first message contain the requester's own root node. This means that initially the protocol doesn't quite behave as client-server in the first message. Each node can use this to periodically request the roots of peers to determine if it has any gaps. The responder can use this first message to also determine if it has any gaps. Both sides then have the option to initiate the sync process, but this time as client of the interaction until it has retrieved the hashes of missed messages.

I think it is a valid point. It can be step number 1 where two nodes exchange their roots along with height of the root. Based on this they decide if they want to Sync or not.

One thing to note, if two Prolly Trees are different at the same height then they must Sync. In this case, the sync mechanism for each node will work exclusively and there is less scope for piggybacking on network packet level. So they anyways they follow separate flow. Which is fine. Included this in the new PR. @jm-clius

[jm-clius]

Thanks for the additions! I think it will be helpful to break Step 5 down into substeps, e.g.:

If the requester detects a mismatch in merkle hash, it requests the children of the mismatching node by sending with

.
It does so iteratively for every mismatch at every level.
It continues this process until it receives with

[jm-clius]

Do we see any reason for this height to be different to the level inside the Node field? If not, perhaps the protocol can stipulate that the desired height is equal to the level of the root node in the request?

[ABresting]

Good suggestion! let me make this change.

[jm-clius]

Still not sure I'm clear what messages are involved and how those fields are populated? What is the first message that a requesting node sends to discover the children of the mismatching node?

[ABresting]

As suggested I have amended the Steps a bit:

Step 5: The client node starts traversing the Prolly tree from the root node to the leaf nodes and finds the missing nodes or nodes with different merkle hash at every level of the tree starting from the top.
5a) If the client detects the missing key or difference of merkle hash at a key of a certain level, then it requests the server node to get the intermediate child node belonging to that key.

5b) And the keys with no difference in merkle hash are skipped.

This step continues iteratively until the client reaches the leaf nodes of the tree.

[kaichaosun]

Can you explicitly make the definition of Merkle hash in this spec? It's a still unclear to me after search a few places.

[ABresting]

added a brief explanation.

[kaichaosun]

Duplicated timestamps can be a feature where the value part of key-value store value can be a list of message_hash that belongs to same timestamps.

Make a list of messages hashes for the same timestamp adding complexity to resolve messages, and not using the great value (support frequent and arbitrary places insertion, or am I misunderstand it?) provided by Prolly Tree.
Time range based query is a unstable and only convenient for client to be online again and fast catchup. It's not the focus of Sync Protocol to help with the time range based query, and should not depend on this query for the tree's integrity.

Is there any concern not use message hash directly instead of using timestamp?

I'm also wondering what's the performance for insertion if there are tens of thousands even millions of messages. It can be mitigated by only construct the tree within last a few months though.

[kaichaosun]

Is this called root node in the Prolly tree, or do you mean tail node?

[ABresting]

basically, every level of the Prolly tree contains a tail/fake node, at the top level there is only one Node left i.e. tail/fake node which we call Root node. These details should go inside the Prolly Tree Spec.

[ABresting]

Is there any concern not use message hash directly instead of using timestamp?

mostly has to do with the searching and traversing the prolly tree, so having a key with timestamp provides more structure to the data at Prolly tree level.

I'm also wondering what's the performance for insertion if there are tens of thousands even millions of messages. It can be mitigated by only construct the tree within last a few months though.

insertions, deletion, update etc are log-based complexities, which is good enough considering the benefits. The width of the tree i.e. data, months, days and date is still an open question, but afaik, full nodes can choose more width since search with lower width trees works just fine considering Prolly tree design.

[jimstir]

Continue discussion at waku-org/specs#7. Some Waku RFCs are being moved to waku/specs repo as there will be a new RFC process. The raw status and assigned slug number is removed as new waku/specs do not need to follow 1/COSS.