ics | title | stage | category | kind | requires | author | created | modified |
---|---|---|---|---|---|---|---|---|
4 |
Channel & Packet Semantics |
draft |
IBC/TAO |
instantiation |
2, 3, 5, 24 |
Christopher Goes <[email protected]> |
2019-03-07 |
2019-08-25 |
The "channel" abstraction provides message delivery semantics to the interblockchain communication protocol, in three categories: ordering, exactly-once delivery, and module permissioning. A channel serves as a conduit for packets passing between a module on one chain and a module on another, ensuring that packets are executed only once, delivered in the order in which they were sent (if necessary), and delivered only to the corresponding module owning the other end of the channel on the destination chain. Each channel is associated with a particular connection, and a connection may have any number of associated channels, allowing the use of common identifiers and amortising the cost of header verification across all the channels utilising a connection & light client.
Channels are payload-agnostic. The modules which send and receive IBC packets decide how to construct packet data and how to act upon the incoming packet data, and must utilise their own application logic to determine which state transactions to apply according to what data the packet contains.
The interblockchain communication protocol uses a cross-chain message passing model. IBC packets are relayed from one blockchain to the other by external relayer processes. Chain A
and chain B
confirm new blocks independently, and packets from one chain to the other may be delayed, censored, or re-ordered arbitrarily. Packets are visible to relayers and can be read from a blockchain by any relayer process and submitted to any other blockchain.
The IBC protocol must provide ordering (for ordered channels) and exactly-once delivery guarantees to allow applications to reason about the combined state of connected modules on two chains. For example, an application may wish to allow a single tokenized asset to be transferred between and held on multiple blockchains while preserving fungibility and conservation of supply. The application can mint asset vouchers on chain
B
when a particular IBC packet is committed to chainB
, and require outgoing sends of that packet on chainA
to escrow an equal amount of the asset on chainA
until the vouchers are later redeemed back to chainA
with an IBC packet in the reverse direction. This ordering guarantee along with correct application logic can ensure that total supply is preserved across both chains and that any vouchers minted on chainB
can later be redeemed back to chainA
.
In order to provide the desired ordering, exactly-once delivery, and module permissioning semantics to the application layer, the interblockchain communication protocol must implement an abstraction to enforce these semantics — channels are this abstraction.
ConsensusState
is as defined in ICS 2.
Connection
is as defined in ICS 3.
Port
and authenticateCapability
are as defined in ICS 5.
hash
is a generic collision-resistant hash function, the specifics of which must be agreed on by the modules utilising the channel. hash
can be defined differently by different chains.
Identifier
, get
, set
, delete
, getCurrentHeight
, and module-system related primitives are as defined in ICS 24.
A channel is a pipeline for exactly-once packet delivery between specific modules on separate blockchains, which has at least one end capable of sending packets and one end capable of receiving packets.
A bidirectional channel is a channel where packets can flow in both directions: from A
to B
and from B
to A
.
A unidirectional channel is a channel where packets can only flow in one direction: from A
to B
(or from B
to A
, the order of naming is arbitrary).
An ordered channel is a channel where packets are delivered exactly in the order which they were sent.
An unordered channel is a channel where packets can be delivered in any order, which may differ from the order in which they were sent.
enum ChannelOrder {
ORDERED,
UNORDERED,
}
Directionality and ordering are independent, so one can speak of a bidirectional unordered channel, a unidirectional ordered channel, etc.
All channels provide exactly-once packet delivery, meaning that a packet sent on one end of a channel is delivered no more and no less than once, eventually, to the other end.
This specification only concerns itself with bidirectional channels. Unidirectional channels can use almost exactly the same protocol and will be outlined in a future ICS.
An end of a channel is a data structure on one chain storing channel metadata:
interface ChannelEnd {
state: ChannelState
ordering: ChannelOrder
counterpartyPortIdentifier: Identifier
counterpartyChannelIdentifier: Identifier
connectionHops: [Identifier]
version: string
}
- The
state
is the current state of the channel end. - The
ordering
field indicates whether the channel is ordered or unordered. - The
counterpartyPortIdentifier
identifies the port on the counterparty chain which owns the other end of the channel. - The
counterpartyChannelIdentifier
identifies the channel end on the counterparty chain. - The
nextSequenceSend
, stored separately, tracks the sequence number for the next packet to be sent. - The
nextSequenceRecv
, stored separately, tracks the sequence number for the next packet to be received. - The
nextSequenceAck
, stored separately, tracks the sequence number for the next packet to be acknowledged. - The
connectionHops
stores the list of connection identifiers, in order, along which packets sent on this channel will travel. At the moment this list must be of length 1. In the future multi-hop channels may be supported. - The
version
string stores an opaque channel version, which is agreed upon during the handshake. This can determine module-level configuration such as which packet encoding is used for the channel. This version is not used by the core IBC protocol.
Channel ends have a state:
enum ChannelState {
INIT,
TRYOPEN,
OPEN,
CLOSED,
}
- A channel end in
INIT
state has just started the opening handshake. - A channel end in
TRYOPEN
state has acknowledged the handshake step on the counterparty chain. - A channel end in
OPEN
state has completed the handshake and is ready to send and receive packets. - A channel end in
CLOSED
state has been closed and can no longer be used to send or receive packets.
A Packet
, in the interblockchain communication protocol, is a particular interface defined as follows:
interface Packet {
sequence: uint64
timeoutHeight: Height
timeoutTimestamp: uint64
sourcePort: Identifier
sourceChannel: Identifier
destPort: Identifier
destChannel: Identifier
data: bytes
}
- The
sequence
number corresponds to the order of sends and receives, where a packet with an earlier sequence number must be sent and received before a packet with a later sequence number. - The
timeoutHeight
indicates a consensus height on the destination chain after which the packet will no longer be processed, and will instead count as having timed-out. - The
timeoutTimestamp
indicates a timestamp on the destination chain after which the packet will no longer be processed, and will instead count as having timed-out. - The
sourcePort
identifies the port on the sending chain. - The
sourceChannel
identifies the channel end on the sending chain. - The
destPort
identifies the port on the receiving chain. - The
destChannel
identifies the channel end on the receiving chain. - The
data
is an opaque value which can be defined by the application logic of the associated modules.
Note that a Packet
is never directly serialised. Rather it is an intermediary structure used in certain function calls that may need to be created or processed by modules calling the IBC handler.
An OpaquePacket
is a packet, but cloaked in an obscuring data type by the host state machine, such that a module cannot act upon it other than to pass it to the IBC handler. The IBC handler can cast a Packet
to an OpaquePacket
and vice versa.
type OpaquePacket = object
- The speed of packet transmission and confirmation should be limited only by the speed of the underlying chains. Proofs should be batchable where possible.
- IBC packets sent on one end of a channel should be delivered exactly once to the other end.
- No network synchrony assumptions should be required for exactly-once safety. If one or both of the chains halt, packets may be delivered no more than once, and once the chains resume packets should be able to flow again.
- On ordered channels, packets should be sent and received in the same order: if packet x is sent before packet y by a channel end on chain
A
, packet x must be received before packet y by the corresponding channel end on chainB
. - On unordered channels, packets may be sent and received in any order. Unordered packets, like ordered packets, have individual timeouts specified in terms of the destination chain's height.
- Channels should be permissioned to one module on each end, determined during the handshake and immutable afterwards (higher-level logic could tokenize channel ownership by tokenising ownership of the port). Only the module associated with a channel end should be able to send or receive on it.
The architecture of clients, connections, channels and packets:
Channel structures are stored under a store path prefix unique to a combination of a port identifier and channel identifier:
function channelPath(portIdentifier: Identifier, channelIdentifier: Identifier): Path {
return "channelEnds/ports/{portIdentifier}/channels/{channelIdentifier}"
}
The capability key associated with a channel is stored under the channelCapabilityPath
:
function channelCapabilityPath(portIdentifier: Identifier, channelIdentifier: Identifier): Path {
return "{channelPath(portIdentifier, channelIdentifier)}/key"
}
The nextSequenceSend
, nextSequenceRecv
, and nextSequenceAck
unsigned integer counters are stored separately so they can be proved individually:
function nextSequenceSendPath(portIdentifier: Identifier, channelIdentifier: Identifier): Path {
return "seqSends/ports/{portIdentifier}/channels/{channelIdentifier}/nextSequenceSend"
}
function nextSequenceRecvPath(portIdentifier: Identifier, channelIdentifier: Identifier): Path {
return "seqRecvs/ports/{portIdentifier}/channels/{channelIdentifier}/nextSequenceRecv"
}
function nextSequenceAckPath(portIdentifier: Identifier, channelIdentifier: Identifier): Path {
return "seqAcks/ports/{portIdentifier}/channels/{channelIdentifier}/nextSequenceAck"
}
Constant-size commitments to packet data fields are stored under the packet sequence number:
function packetCommitmentPath(portIdentifier: Identifier, channelIdentifier: Identifier, sequence: uint64): Path {
return "commitments/ports/{portIdentifier}/channels/{channelIdentifier}/packets/" + sequence
}
Absence of the path in the store is equivalent to a zero-bit.
Packet receipt data are stored under the packetReceiptPath
function packetReceiptPath(portIdentifier: Identifier, channelIdentifier: Identifier, sequence: uint64): Path {
return "receipts/ports/{portIdentifier}/channels/{channelIdentifier}/receipts/" + sequence
}
Packet acknowledgement data are stored under the packetAcknowledgementPath
:
function packetAcknowledgementPath(portIdentifier: Identifier, channelIdentifier: Identifier, sequence: uint64): Path {
return "acks/ports/{portIdentifier}/channels/{channelIdentifier}/acknowledgements/" + sequence
}
During the handshake process, two ends of a channel come to agreement on a version bytestring associated with that channel. The contents of this version bytestring are and will remain opaque to the IBC core protocol. Host state machines MAY utilise the version data to indicate supported IBC/APP protocols, agree on packet encoding formats, or negotiate other channel-related metadata related to custom logic on top of IBC.
Host state machines MAY also safely ignore the version data or specify an empty string.
Note: If the host state machine is utilising object capability authentication (see ICS 005), all functions utilising ports take an additional capability parameter.
Channels are stored under a unique (portIdentifier, channelIdentifier)
prefix.
The validation function validatePortIdentifier
MAY be provided.
type validateChannelIdentifier = (portIdentifier: Identifier, channelIdentifier: Identifier) => boolean
If not provided, the default validateChannelIdentifier
function will always return true
.
Initiator | Datagram | Chain acted upon | Prior state (A, B) | Posterior state (A, B) |
---|---|---|---|---|
Actor | ChanOpenInit | A | (none, none) | (INIT, none) |
Relayer | ChanOpenTry | B | (INIT, none) | (INIT, TRYOPEN) |
Relayer | ChanOpenAck | A | (INIT, TRYOPEN) | (OPEN, TRYOPEN) |
Relayer | ChanOpenConfirm | B | (OPEN, TRYOPEN) | (OPEN, OPEN) |
Initiator | Datagram | Chain acted upon | Prior state (A, B) | Posterior state (A, B) |
---|---|---|---|---|
Actor | ChanCloseInit | A | (OPEN, OPEN) | (CLOSED, OPEN) |
Relayer | ChanCloseConfirm | B | (CLOSED, OPEN) | (CLOSED, CLOSED) |
The chanOpenInit
function is called by a module to initiate a channel opening handshake with a module on another chain.
The opening channel must provide the identifiers of the local channel identifier, local port, remote port, and remote channel identifier.
When the opening handshake is complete, the module which initiates the handshake will own the end of the created channel on the host ledger, and the counterparty module which it specifies will own the other end of the created channel on the counterparty chain. Once a channel is created, ownership cannot be changed (although higher-level abstractions could be implemented to provide this).
Chains MUST implement a function generateIdentifier
which chooses an identifier, e.g. by incrementing a counter:
type generateIdentifier = () -> Identifier
function chanOpenInit(
order: ChannelOrder,
connectionHops: [Identifier],
portIdentifier: Identifier,
counterpartyPortIdentifier: Identifier,
version: string): CapabilityKey {
channelIdentifier = generateIdentifier()
abortTransactionUnless(validateChannelIdentifier(portIdentifier, channelIdentifier))
abortTransactionUnless(connectionHops.length === 1) // for v1 of the IBC protocol
abortTransactionUnless(provableStore.get(channelPath(portIdentifier, channelIdentifier)) === null)
connection = provableStore.get(connectionPath(connectionHops[0]))
// optimistic channel handshakes are allowed
abortTransactionUnless(connection !== null)
abortTransactionUnless(authenticateCapability(portPath(portIdentifier), portCapability))
channel = ChannelEnd{INIT, order, counterpartyPortIdentifier,
"", connectionHops, version}
provableStore.set(channelPath(portIdentifier, channelIdentifier), channel)
channelCapability = newCapability(channelCapabilityPath(portIdentifier, channelIdentifier))
provableStore.set(nextSequenceSendPath(portIdentifier, channelIdentifier), 1)
provableStore.set(nextSequenceRecvPath(portIdentifier, channelIdentifier), 1)
provableStore.set(nextSequenceAckPath(portIdentifier, channelIdentifier), 1)
return channelCapability
}
The chanOpenTry
function is called by a module to accept the first step of a channel opening handshake initiated by a module on another chain.
function chanOpenTry(
order: ChannelOrder,
connectionHops: [Identifier],
portIdentifier: Identifier,
previousIdentifier: Identifier,
counterpartyChosenChannelIdentifer: Identifier,
counterpartyPortIdentifier: Identifier,
counterpartyChannelIdentifier: Identifier,
version: string,
counterpartyVersion: string,
proofInit: CommitmentProof,
proofHeight: Height): CapabilityKey {
if (previousIdentifier !== "") {
previous = provableStore.get(channelPath(portIdentifier, channelIdentifier))
abortTransactionUnless(
(previous !== null) &&
(previous.state === INIT &&
previous.order === order &&
previous.counterpartyPortIdentifier === counterpartyPortIdentifier &&
previous.counterpartyChannelIdentifier === "" &&
previous.connectionHops === connectionHops &&
previous.version === version)
)
channelIdentifier = previousIdentifier
} else {
// generate a new identifier if the provided identifier was the sentinel empty-string
channelIdentifier = generateIdentifier()
}
abortTransactionUnless(validateChannelIdentifier(portIdentifier, channelIdentifier))
abortTransactionUnless(connectionHops.length === 1) // for v1 of the IBC protocol
abortTransactionUnless(authenticateCapability(portPath(portIdentifier), portCapability))
connection = provableStore.get(connectionPath(connectionHops[0]))
abortTransactionUnless(connection !== null)
abortTransactionUnless(connection.state === OPEN)
expected = ChannelEnd{INIT, order, portIdentifier,
"", [connection.counterpartyConnectionIdentifier], counterpartyVersion}
abortTransactionUnless(connection.verifyChannelState(
proofHeight,
proofInit,
counterpartyPortIdentifier,
counterpartyChannelIdentifier,
expected
))
channel = ChannelEnd{TRYOPEN, order, counterpartyPortIdentifier,
counterpartyChannelIdentifier, connectionHops, version}
provableStore.set(channelPath(portIdentifier, channelIdentifier), channel)
channelCapability = newCapability(channelCapabilityPath(portIdentifier, channelIdentifier))
// only reset sequences if the previous channel didn't exist, else we might overwrite optimistically-sent packets
if (previous === null) {
provableStore.set(nextSequenceSendPath(portIdentifier, channelIdentifier), 1)
provableStore.set(nextSequenceRecvPath(portIdentifier, channelIdentifier), 1)
provableStore.set(nextSequenceAckPath(portIdentifier, channelIdentifier), 1)
}
return channelCapability
}
The chanOpenAck
is called by the handshake-originating module to acknowledge the acceptance of the initial request by the
counterparty module on the other chain.
function chanOpenAck(
portIdentifier: Identifier,
channelIdentifier: Identifier,
counterpartyVersion: string,
counterpartyChannelIdentifier: string,
proofTry: CommitmentProof,
proofHeight: Height) {
channel = provableStore.get(channelPath(portIdentifier, channelIdentifier))
abortTransactionUnless(channel.state === INIT || channel.state === TRYOPEN)
abortTransactionUnless(authenticateCapability(channelCapabilityPath(portIdentifier, channelIdentifier), capability))
connection = provableStore.get(connectionPath(channel.connectionHops[0]))
abortTransactionUnless(connection !== null)
abortTransactionUnless(connection.state === OPEN)
expected = ChannelEnd{TRYOPEN, channel.order, portIdentifier,
channelIdentifier, [connection.counterpartyConnectionIdentifier], counterpartyVersion}
abortTransactionUnless(connection.verifyChannelState(
proofHeight,
proofTry,
channel.counterpartyPortIdentifier,
counterpartyChannelIdentifier,
expected
))
channel.state = OPEN
channel.version = counterpartyVersion
channel.counterpartyChannelIdentifier = counterpartyChannelIdentifier
provableStore.set(channelPath(portIdentifier, channelIdentifier), channel)
}
The chanOpenConfirm
function is called by the handshake-accepting module to acknowledge the acknowledgement
of the handshake-originating module on the other chain and finish the channel opening handshake.
function chanOpenConfirm(
portIdentifier: Identifier,
channelIdentifier: Identifier,
proofAck: CommitmentProof,
proofHeight: Height) {
channel = provableStore.get(channelPath(portIdentifier, channelIdentifier))
abortTransactionUnless(channel !== null)
abortTransactionUnless(channel.state === TRYOPEN)
abortTransactionUnless(authenticateCapability(channelCapabilityPath(portIdentifier, channelIdentifier), capability))
connection = provableStore.get(connectionPath(channel.connectionHops[0]))
abortTransactionUnless(connection !== null)
abortTransactionUnless(connection.state === OPEN)
expected = ChannelEnd{OPEN, channel.order, portIdentifier,
channelIdentifier, [connection.counterpartyConnectionIdentifier], channel.version}
abortTransactionUnless(connection.verifyChannelState(
proofHeight,
proofAck,
channel.counterpartyPortIdentifier,
channel.counterpartyChannelIdentifier,
expected
))
channel.state = OPEN
provableStore.set(channelPath(portIdentifier, channelIdentifier), channel)
}
The chanCloseInit
function is called by either module to close their end of the channel. Once closed, channels cannot be reopened.
Calling modules MAY atomically execute appropriate application logic in conjunction with calling chanCloseInit
.
Any in-flight packets can be timed-out as soon as a channel is closed.
function chanCloseInit(
portIdentifier: Identifier,
channelIdentifier: Identifier) {
abortTransactionUnless(authenticateCapability(channelCapabilityPath(portIdentifier, channelIdentifier), capability))
channel = provableStore.get(channelPath(portIdentifier, channelIdentifier))
abortTransactionUnless(channel !== null)
abortTransactionUnless(channel.state !== CLOSED)
connection = provableStore.get(connectionPath(channel.connectionHops[0]))
abortTransactionUnless(connection !== null)
abortTransactionUnless(connection.state === OPEN)
channel.state = CLOSED
provableStore.set(channelPath(portIdentifier, channelIdentifier), channel)
}
The chanCloseConfirm
function is called by the counterparty module to close their end of the channel,
since the other end has been closed.
Calling modules MAY atomically execute appropriate application logic in conjunction with calling chanCloseConfirm
.
Once closed, channels cannot be reopened and identifiers cannot be reused. Identifier reuse is prevented because we want to prevent potential replay of previously sent packets. The replay problem is analogous to using sequence numbers with signed messages, except where the light client algorithm "signs" the messages (IBC packets), and the replay prevention sequence is the combination of port identifier, channel identifier, and packet sequence - hence we cannot allow the same port identifier & channel identifier to be reused again with a sequence reset to zero, since this might allow packets to be replayed. It would be possible to safely reuse identifiers if timeouts of a particular maximum height/time were mandated & tracked, and future specification versions may incorporate this feature.
function chanCloseConfirm(
portIdentifier: Identifier,
channelIdentifier: Identifier,
proofInit: CommitmentProof,
proofHeight: Height) {
abortTransactionUnless(authenticateCapability(channelCapabilityPath(portIdentifier, channelIdentifier), capability))
channel = provableStore.get(channelPath(portIdentifier, channelIdentifier))
abortTransactionUnless(channel !== null)
abortTransactionUnless(channel.state !== CLOSED)
connection = provableStore.get(connectionPath(channel.connectionHops[0]))
abortTransactionUnless(connection !== null)
abortTransactionUnless(connection.state === OPEN)
expected = ChannelEnd{CLOSED, channel.order, portIdentifier,
channelIdentifier, [connection.counterpartyConnectionIdentifier], channel.version}
abortTransactionUnless(connection.verifyChannelState(
proofHeight,
proofInit,
channel.counterpartyPortIdentifier,
channel.counterpartyChannelIdentifier,
expected
))
channel.state = CLOSED
provableStore.set(channelPath(portIdentifier, channelIdentifier), channel)
}
The following sequence of steps must occur for a packet to be sent from module 1 on machine A to module 2 on machine B, starting from scratch.
The module can interface with the IBC handler through ICS 25 or ICS 26.
- Initial client & port setup, in any order
- Establishment of a connection & channel, optimistic send, in order
- Connection opening handshake started from A to B by module 1 (see ICS 3)
- Channel opening handshake started from 1 to 2 using the newly created connection (this ICS)
- Packet sent over the newly created channel from 1 to 2 (this ICS)
- Successful completion of handshakes (if either handshake fails, the connection/channel can be closed & the packet timed-out)
- Connection opening handshake completes successfully (see ICS 3) (this will require participation of a relayer process)
- Channel opening handshake completes successfully (this ICS) (this will require participation of a relayer process)
- Packet confirmation on machine B, module 2 (or packet timeout if the timeout height has passed) (this will require participation of a relayer process)
- Acknowledgement (possibly) relayed back from module 2 on machine B to module 1 on machine A
Represented spatially, packet transit between two machines can be rendered as follows:
The sendPacket
function is called by a module in order to send an IBC packet on a channel end owned by the calling module to the corresponding module on the counterparty chain.
Calling modules MUST execute application logic atomically in conjunction with calling sendPacket
.
The IBC handler performs the following steps in order:
- Checks that the channel & connection are open to send packets
- Checks that the calling module owns the sending port
- Checks that the packet metadata matches the channel & connection information
- Checks that the timeout height specified has not already passed on the destination chain
- Increments the send sequence counter associated with the channel
- Stores a constant-size commitment to the packet data & packet timeout
Note that the full packet is not stored in the state of the chain - merely a short hash-commitment to the data & timeout value. The packet data can be calculated from the transaction execution and possibly returned as log output which relayers can index.
function sendPacket(packet: Packet) {
channel = provableStore.get(channelPath(packet.sourcePort, packet.sourceChannel))
// optimistic sends are permitted once the handshake has started
abortTransactionUnless(channel !== null)
abortTransactionUnless(channel.state !== CLOSED)
abortTransactionUnless(authenticateCapability(channelCapabilityPath(packet.sourcePort, packet.sourceChannel), capability))
abortTransactionUnless(packet.destPort === channel.counterpartyPortIdentifier)
abortTransactionUnless(packet.destChannel === channel.counterpartyChannelIdentifier)
connection = provableStore.get(connectionPath(channel.connectionHops[0]))
abortTransactionUnless(connection !== null)
// sanity-check that the timeout height hasn't already passed in our local client tracking the receiving chain
latestClientHeight = provableStore.get(clientPath(connection.clientIdentifier)).latestClientHeight()
abortTransactionUnless(packet.timeoutHeight === 0 || latestClientHeight < packet.timeoutHeight)
nextSequenceSend = provableStore.get(nextSequenceSendPath(packet.sourcePort, packet.sourceChannel))
abortTransactionUnless(packet.sequence === nextSequenceSend)
// all assertions passed, we can alter state
nextSequenceSend = nextSequenceSend + 1
provableStore.set(nextSequenceSendPath(packet.sourcePort, packet.sourceChannel), nextSequenceSend)
provableStore.set(packetCommitmentPath(packet.sourcePort, packet.sourceChannel, packet.sequence),
hash(packet.data, packet.timeoutHeight, packet.timeoutTimestamp))
// log that a packet has been sent
emitLogEntry("sendPacket", {sequence: packet.sequence, data: packet.data, timeoutHeight: packet.timeoutHeight, timeoutTimestamp: packet.timeoutTimestamp})
}
The recvPacket
function is called by a module in order to receive an IBC packet sent on the corresponding channel end on the counterparty chain.
Atomically in conjunction with calling recvPacket
, calling modules MUST either execute application logic or queue the packet for future execution.
The IBC handler performs the following steps in order:
- Checks that the channel & connection are open to receive packets
- Checks that the calling module owns the receiving port
- Checks that the packet metadata matches the channel & connection information
- Checks that the packet sequence is the next sequence the channel end expects to receive (for ordered channels)
- Checks that the timeout height has not yet passed
- Checks the inclusion proof of packet data commitment in the outgoing chain's state
- Sets a store path to indicate that the packet has been received (unordered channels only)
- Increments the packet receive sequence associated with the channel end (ordered channels only)
function recvPacket(
packet: OpaquePacket,
proof: CommitmentProof,
proofHeight: Height): Packet {
channel = provableStore.get(channelPath(packet.destPort, packet.destChannel))
abortTransactionUnless(channel !== null)
abortTransactionUnless(channel.state === OPEN)
abortTransactionUnless(authenticateCapability(channelCapabilityPath(packet.destPort, packet.destChannel), capability))
abortTransactionUnless(packet.sourcePort === channel.counterpartyPortIdentifier)
abortTransactionUnless(packet.sourceChannel === channel.counterpartyChannelIdentifier)
abortTransactionUnless(connection !== null)
abortTransactionUnless(connection.state === OPEN)
abortTransactionUnless(packet.timeoutHeight === 0 || getConsensusHeight() < packet.timeoutHeight)
abortTransactionUnless(packet.timeoutTimestamp === 0 || currentTimestamp() < packet.timeoutTimestamp)
abortTransactionUnless(connection.verifyPacketData(
proofHeight,
proof,
packet.sourcePort,
packet.sourceChannel,
packet.sequence,
concat(packet.data, packet.timeoutHeight, packet.timeoutTimestamp)
))
// all assertions passed (except sequence check), we can alter state
if (channel.order === ORDERED) {
nextSequenceRecv = provableStore.get(nextSequenceRecvPath(packet.destPort, packet.destChannel))
abortTransactionUnless(packet.sequence === nextSequenceRecv)
nextSequenceRecv = nextSequenceRecv + 1
provableStore.set(nextSequenceRecvPath(packet.destPort, packet.destChannel), nextSequenceRecv)
} else {
// for unordered channels we must set the receipt so it can be verified on the other side
// this receipt does not contain any data, since the packet has not yet been processed
// it's just a single store key set to an empty string to indicate that the packet has been received
abortTransactionUnless(provableStore.get(packetReceiptPath(packet.destPort, packet.destChannel, packet.sequence) === null))
provableStore.set(
packetReceiptPath(packet.destPort, packet.destChannel, packet.sequence),
"1"
)
}
// log that a packet has been received
emitLogEntry("recvPacket", {sequence: packet.sequence, timeoutHeight: packet.timeoutHeight, port: packet.destPort, channel: packet.destChannel,
timeoutTimestamp: packet.timeoutTimestamp, data: packet.data})
// return transparent packet
return packet
}
The writeAcknowledgement
function is called by a module in order to write data which resulted from processing an IBC packet that the sending chain can then verify, a sort of "execution receipt" or "RPC call response".
Calling modules MUST execute application logic atomically in conjunction with calling writeAcknowledgement
.
This is an asynchronous acknowledgement, the contents of which do not need to be determined when the packet is received, only when processing is complete. In the synchronous case, writeAcknowledgement
can be called in the same transaction (atomically) with recvPacket
.
Acknowledging packets is not required; however, if an ordered channel uses acknowledgements, either all or no packets must be acknowledged (since the acknowledgements are processed in order). Note that if packets are not acknowledged, packet commitments cannot be deleted on the source chain. Future versions of IBC may include ways for modules to specify whether or not they will be acknowledging packets in order to allow for cleanup.
writeAcknowledgement
does not check if the packet being acknowledged was actually received, because this would result in proofs being verified twice for acknowledged packets. This aspect of correctness is the responsibility of the calling module.
The calling module MUST only call writeAcknowledgement
with a packet previously received from recvPacket
.
The IBC handler performs the following steps in order:
- Checks that an acknowledgement for this packet has not yet been written
- Sets the opaque acknowledgement value at a store path unique to the packet
function writeAcknowledgement(
packet: Packet,
acknowledgement: bytes): Packet {
// cannot already have written the acknowledgement
abortTransactionUnless(provableStore.get(packetAcknowledgementPath(packet.destPort, packet.destChannel, packet.sequence) === null))
// write the acknowledgement
provableStore.set(
packetAcknowledgementPath(packet.destPort, packet.destChannel, packet.sequence),
hash(acknowledgement)
)
// log that a packet has been acknowledged
emitLogEntry("writeAcknowledgement", {sequence: packet.sequence, timeoutHeight: packet.timeoutHeight, port: packet.destPort, channel: packet.destChannel,
timeoutTimestamp: packet.timeoutTimestamp, data: packet.data, acknowledgement})
}
The acknowledgePacket
function is called by a module to process the acknowledgement of a packet previously sent by
the calling module on a channel to a counterparty module on the counterparty chain.
acknowledgePacket
also cleans up the packet commitment, which is no longer necessary since the packet has been received and acted upon.
Calling modules MAY atomically execute appropriate application acknowledgement-handling logic in conjunction with calling acknowledgePacket
.
function acknowledgePacket(
packet: OpaquePacket,
acknowledgement: bytes,
proof: CommitmentProof,
proofHeight: Height): Packet {
// abort transaction unless that channel is open, calling module owns the associated port, and the packet fields match
channel = provableStore.get(channelPath(packet.sourcePort, packet.sourceChannel))
abortTransactionUnless(channel !== null)
abortTransactionUnless(channel.state === OPEN)
abortTransactionUnless(authenticateCapability(channelCapabilityPath(packet.sourcePort, packet.sourceChannel), capability))
abortTransactionUnless(packet.destPort === channel.counterpartyPortIdentifier)
abortTransactionUnless(packet.destChannel === channel.counterpartyChannelIdentifier)
connection = provableStore.get(connectionPath(channel.connectionHops[0]))
abortTransactionUnless(connection !== null)
abortTransactionUnless(connection.state === OPEN)
// verify we sent the packet and haven't cleared it out yet
abortTransactionUnless(provableStore.get(packetCommitmentPath(packet.sourcePort, packet.sourceChannel, packet.sequence))
=== hash(packet.data, packet.timeoutHeight, packet.timeoutTimestamp))
// abort transaction unless correct acknowledgement on counterparty chain
abortTransactionUnless(connection.verifyPacketAcknowledgement(
proofHeight,
proof,
packet.destPort,
packet.destChannel,
packet.sequence,
acknowledgement
))
// abort transaction unless acknowledgement is processed in order
if (channel.order === ORDERED) {
nextSequenceAck = provableStore.get(nextSequenceAckPath(packet.sourcePort, packet.sourceChannel))
abortTransactionUnless(packet.sequence === nextSequenceAck)
nextSequenceAck = nextSequenceAck + 1
provableStore.set(nextSequenceAckPath(packet.sourcePort, packet.sourceChannel), nextSequenceAck)
}
// all assertions passed, we can alter state
// delete our commitment so we can't "acknowledge" again
provableStore.delete(packetCommitmentPath(packet.sourcePort, packet.sourceChannel, packet.sequence))
// return transparent packet
return packet
}
The acknowledgement returned from the remote chain is defined as arbitrary bytes in the IBC protocol. This data may either encode a successful execution or a failure (anything besides a timeout). There is no generic way to distinguish the two cases, which requires that any client-side packet visualiser understands every app-specific protocol in order to distinguish the case of successful or failed relay. In order to reduce this issue, we offer an additional specification for acknowledgement formats, which SHOULD be used by the app-specific protocols.
message Acknowledgement {
oneof response {
bytes result = 21;
string error = 22;
}
}
If an application uses a different format for acknowledgement bytes, it MUST not deserialise to a valid protobuf message
of this format. Note that all packets contain exactly one non-empty field, and it must be result or error. The field
numbers 21 and 22 were explicitly chosen to avoid accidental conflicts with other protobuf message formats used
for acknowledgements. The first byte of any message with this format will be the non-ASCII values 0xaa
(result)
or 0xb2
(error).
Application semantics may require some timeout: an upper limit to how long the chain will wait for a transaction to be processed before considering it an error. Since the two chains have different local clocks, this is an obvious attack vector for a double spend - an attacker may delay the relay of the receipt or wait to send the packet until right after the timeout - so applications cannot safely implement naive timeout logic themselves.
Note that in order to avoid any possible "double-spend" attacks, the timeout algorithm requires that the destination chain is running and reachable. One can prove nothing in a complete network partition, and must wait to connect; the timeout must be proven on the recipient chain, not simply the absence of a response on the sending chain.
The timeoutPacket
function is called by a module which originally attempted to send a packet to a counterparty module,
where the timeout height or timeout timestamp has passed on the counterparty chain without the packet being committed, to prove that the packet
can no longer be executed and to allow the calling module to safely perform appropriate state transitions.
Calling modules MAY atomically execute appropriate application timeout-handling logic in conjunction with calling timeoutPacket
.
In the case of an ordered channel, timeoutPacket
checks the recvSequence
of the receiving channel end and closes the channel if a packet has timed out.
In the case of an unordered channel, timeoutPacket
checks the absence of the receipt key (which will have been written if the packet was received). Unordered channels are expected to continue in the face of timed-out packets.
If relations are enforced between timeout heights of subsequent packets, safe bulk timeouts of all packets prior to a timed-out packet can be performed. This specification omits details for now.
function timeoutPacket(
packet: OpaquePacket,
proof: CommitmentProof,
proofHeight: Height,
nextSequenceRecv: Maybe<uint64>): Packet {
channel = provableStore.get(channelPath(packet.sourcePort, packet.sourceChannel))
abortTransactionUnless(channel !== null)
abortTransactionUnless(channel.state === OPEN)
abortTransactionUnless(authenticateCapability(channelCapabilityPath(packet.sourcePort, packet.sourceChannel), capability))
abortTransactionUnless(packet.destChannel === channel.counterpartyChannelIdentifier)
connection = provableStore.get(connectionPath(channel.connectionHops[0]))
// note: the connection may have been closed
abortTransactionUnless(packet.destPort === channel.counterpartyPortIdentifier)
// check that timeout height or timeout timestamp has passed on the other end
abortTransactionUnless(
(packet.timeoutHeight > 0 && proofHeight >= packet.timeoutHeight) ||
(packet.timeoutTimestamp > 0 && connection.getTimestampAtHeight(proofHeight) > packet.timeoutTimestamp))
// verify we actually sent this packet, check the store
abortTransactionUnless(provableStore.get(packetCommitmentPath(packet.sourcePort, packet.sourceChannel, packet.sequence))
=== hash(packet.data, packet.timeoutHeight, packet.timeoutTimestamp))
if channel.order === ORDERED {
// ordered channel: check that packet has not been received
abortTransactionUnless(nextSequenceRecv <= packet.sequence)
// ordered channel: check that the recv sequence is as claimed
abortTransactionUnless(connection.verifyNextSequenceRecv(
proofHeight,
proof,
packet.destPort,
packet.destChannel,
nextSequenceRecv
))
} else
// unordered channel: verify absence of receipt at packet index
abortTransactionUnless(connection.verifyPacketReceiptAbsence(
proofHeight,
proof,
packet.destPort,
packet.destChannel,
packet.sequence
))
// all assertions passed, we can alter state
// delete our commitment
provableStore.delete(packetCommitmentPath(packet.sourcePort, packet.sourceChannel, packet.sequence))
if channel.order === ORDERED {
// ordered channel: close the channel
channel.state = CLOSED
provableStore.set(channelPath(packet.sourcePort, packet.sourceChannel), channel)
}
// return transparent packet
return packet
}
The timeoutOnClose
function is called by a module in order to prove that the channel
to which an unreceived packet was addressed has been closed, so the packet will never be received
(even if the timeoutHeight
or timeoutTimestamp
has not yet been reached).
Calling modules MAY atomically execute appropriate application timeout-handling logic in conjunction with calling timeoutOnClose
.
function timeoutOnClose(
packet: Packet,
proof: CommitmentProof,
proofClosed: CommitmentProof,
proofHeight: Height,
nextSequenceRecv: Maybe<uint64>): Packet {
channel = provableStore.get(channelPath(packet.sourcePort, packet.sourceChannel))
// note: the channel may have been closed
abortTransactionUnless(authenticateCapability(channelCapabilityPath(packet.sourcePort, packet.sourceChannel), capability))
abortTransactionUnless(packet.destChannel === channel.counterpartyChannelIdentifier)
connection = provableStore.get(connectionPath(channel.connectionHops[0]))
// note: the connection may have been closed
abortTransactionUnless(packet.destPort === channel.counterpartyPortIdentifier)
// verify we actually sent this packet, check the store
abortTransactionUnless(provableStore.get(packetCommitmentPath(packet.sourcePort, packet.sourceChannel, packet.sequence))
=== hash(packet.data, packet.timeoutHeight, packet.timeoutTimestamp))
// check that the opposing channel end has closed
expected = ChannelEnd{CLOSED, channel.order, channel.portIdentifier,
channel.channelIdentifier, channel.connectionHops.reverse(), channel.version}
abortTransactionUnless(connection.verifyChannelState(
proofHeight,
proofClosed,
channel.counterpartyPortIdentifier,
channel.counterpartyChannelIdentifier,
expected
))
if channel.order === ORDERED {
// ordered channel: check that the recv sequence is as claimed
abortTransactionUnless(connection.verifyNextSequenceRecv(
proofHeight,
proof,
packet.destPort,
packet.destChannel,
nextSequenceRecv
))
// ordered channel: check that packet has not been received
abortTransactionUnless(nextSequenceRecv <= packet.sequence)
} else
// unordered channel: verify absence of receipt at packet index
abortTransactionUnless(connection.verifyPacketReceiptAbsence(
proofHeight,
proof,
packet.destPort,
packet.destChannel,
packet.sequence
))
// all assertions passed, we can alter state
// delete our commitment
provableStore.delete(packetCommitmentPath(packet.sourcePort, packet.sourceChannel, packet.sequence))
if channel.order === ORDERED {
// ordered channel: close the channel
channel.state = CLOSED
provableStore.set(channelPath(packet.sourcePort, packet.sourceChannel), channel)
}
// return transparent packet
return packet
}
Packets must be acknowledged in order to be cleaned-up.
If two machines simultaneously initiate channel opening handshakes with each other, attempting to use the same identifiers, both will fail and new identifiers must be used.
There is an unavoidable race condition on identifier allocation on the destination chain. Modules would be well-advised to utilise pseudo-random, non-valuable identifiers. Managing to claim the identifier that another module wishes to use, however, while annoying, cannot man-in-the-middle a handshake since the receiving module must already own the port to which the handshake was targeted.
There is no race condition between a packet timeout and packet confirmation, as the packet will either have passed the timeout height prior to receipt or not.
Verification of cross-chain state prevents man-in-the-middle attacks for both connection handshakes & channel handshakes since all information (source, destination client, channel, etc.) is known by the module which starts the handshake and confirmed prior to handshake completion.
If a connection or channel is closed while packets are in-flight, the packets can no longer be received on the destination chain and can be timed-out on the source chain.
Channels can be queried with queryChannel
:
function queryChannel(connId: Identifier, chanId: Identifier): ChannelEnd | void {
return provableStore.get(channelPath(connId, chanId))
}
- The unique combinations of channel & port identifiers are first-come-first-serve: once a pair has been allocated, only the modules owning the ports in question can send or receive on that channel.
- Packets are delivered exactly once, assuming that the chains are live within the timeout window, and in case of timeout can be timed-out exactly once on the sending chain.
- The channel handshake cannot be man-in-the-middle attacked by another module on either blockchain or another blockchain's IBC handler.
Not applicable.
Data structures & encoding can be versioned at the connection or channel level. Channel logic is completely agnostic to packet data formats, which can be changed by the modules any way they like at any time.
Coming soon.
Coming soon.
Jun 5, 2019 - Draft submitted
Jul 4, 2019 - Modifications for unordered channels & acknowledgements
Jul 16, 2019 - Alterations for multi-hop routing future compatibility
Jul 29, 2019 - Revisions to handle timeouts after connection closure
Aug 13, 2019 - Various edits
Aug 25, 2019 - Cleanup
All content herein is licensed under Apache 2.0.