feat: embed signed close_group in PaymentQuote#28
Draft
mickvandijke wants to merge 5 commits intomainfrom
Draft
Conversation
The client now extracts close group views from quote responses and validates that a mutually-recognizing subset of at least CLOSE_GROUP_MAJORITY peers exists before paying. This ensures the client only pays when the data will be accepted by enough close group nodes for durable storage and replication. The validation finds the largest subset of queried peers where every peer in the subset appears in every other peer's close group view — matching the server-side threshold that nodes enforce during payment verification. Fails with CloseGroupQuorumFailure if no such subset of sufficient size exists. Key changes: - get_store_quotes extracts close_group from ChunkQuoteResponse::Success - validate_close_group_quorum finds largest mutual-recognition clique - New CloseGroupQuorumFailure error variant in data::error Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Without the P2P node, test nodes return empty close_group views in quote responses, which causes the new quorum validation to always fail. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Covers next_combination, is_mutual_subset, find_largest_mutual_subset, and validate_close_group_quorum with 16 tests: full clique, partial clique at majority boundary, below-majority failure, empty views, asymmetric recognition, rogue peer, and combination enumeration. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Reorder quoted peers so that mutually-recognizing quorum members appear first in the list returned by get_store_quotes. Since chunk_put_to_close_group takes the first CLOSE_GROUP_MAJORITY peers as its initial upload targets, this ensures we try the peers most likely to accept payment proofs before falling back to non-quorum peers. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Move the close group view from ChunkQuoteResponse into the PaymentQuote struct so it is covered by the ML-DSA-65 signature. This prevents a malicious node from lying about its close group view. Changes span three repos (evmlib, saorsa-node, ant-core): - evmlib: add close_group field to PaymentQuote, include in signing bytes - saorsa-node: remove close_group from ChunkQuoteResponse, pass it to create_quote instead; verifier also accepts peers from the node's own signed quote to handle routing table churn - ant-core: extract close_group from deserialized PaymentQuote; add e2e test suite (e2e_close_group_quorum) verifying the full flow Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
close_groupfromChunkQuoteResponse::Successinto thePaymentQuotestruct, covered by the ML-DSA-65 signature — prevents a malicious node from forging its close group viewclose_groupto handle routing table churn between quote issuance and PUT arrivalclose_groupfrom deserializedPaymentQuotefor quorum validation (same algorithm, just different data source)e2e_close_group_quorum) with 6 tests verifying the full flowNote: This PR contains the ant-core side. The corresponding changes in evmlib and saorsa-node must be published before the path deps can be replaced with version pins.
Test plan
cargo check— all three repos compilecargo test --lib --all— 141 unit tests passcargo test --test e2e_close_group_quorum— 6/6 passcargo test --test e2e_chunk— 9/9 passcargo test --test e2e_data— 6/6 passcargo test --test e2e_file— 4/4 passcargo test --test e2e_payment— 8/8 passcargo test --test e2e_security— 10/10 passcargo test --test e2e_merkle— 4/4 pass🤖 Generated with Claude Code