Comments (3)
Take a look at https://github.com/google/trillian-examples/tree/master/witness/ for our generic witness. The nested directories up to and including https://github.com/google/trillian-examples/tree/master/witness/golang/omniwitness/monolith are worth visiting too, as these contain the generic implementation, a Dockerized version that monitors all known public logs that use the generic checkpoint format, and finally a single binary that does this all as a single process.
Each individual witness deployment checks that it sees an append-only view of the log. In order to get a central view of what multiple witnesses see, we have experimental distributors running (https://github.com/mhutchinson/mhutchinson-distributor, https://github.com/WolseyBankWitness/rediffusion). Witnesses push any checkpoints they have co-signed to these distributors in the form of PRs. Github actions merge these PRs after validation, and also merge any equivalent checkpoints seen by multiple witnesses. The code backing these is from https://github.com/google/trillian-examples/tree/master/serverless/deploy/github/distributor. This approach seems to work well, and we are considering what a non-experimental version of this would look like.
from trillian.
Hi Jan,
Yes, this is something we're looking at currently.
We're experimenting with what we're calling "witnessing", there's some working code and notes here: https://github.com/google/trillian-examples/tree/master/witness
Some of the thinking behind it is in the Think Global, Act Local: Gossip and Client Audits in Verifiable Data Structures paper.
We have an experimental deployment up which is witnessing a number of active logs (both Trillian and non-Trillian-based [e.g. serverless logs). At a high level, we have a few witness nodes running which watch known logs for updated checkpoints, verify consistency with prior checkpoints they've seen for the same log, and cosign [only] checkpoints which are consistent. These "witnessed" checkpoints are then made available through some sort of "distributor" for Believers to consume (they would have their own policy about what constitutes a "good" checkpoint - e.g. "the newest checkpoint signed by the log, and at least 3 known witnesses one of which should be either EFF or my friend Dave" or whatever).
We have some very experimental/placeholder distributors running on GitHub (e.g. https://github.com/WolseyBankWitness/rediffusion), these use GitHub Actions to update themselves based on automated PRs from the witnesses. We'll likely be looking at other mechanisms for distributing checkpoints in the future though.
There's a [hopefully] very easy to deploy all-in-one binary we're using for this at the moment if you'd like to have a play with it too: https://github.com/google/trillian-examples/tree/master/witness/golang/omniwitness/monolith
Hope that's helpful, would love to hear more about your particular use case of transparency logs too.
from trillian.
I'll close this for now since there's been no further follow up, feel free to reopen though.
from trillian.
Related Issues (20)
- KeepAlive in etcd client cannot ensure the permanent validity of lease
- Brainstorming: Verkle Tree support in Trillian (constant-sized proofs) HOT 1
- Would there be any interest in more k8s "native" tooling for integration testing? HOT 6
- Unable to create a tree in Trillian log mysql database HOT 4
- Bazel not building
- MySQL: World-writable config warning during startup
- Trillian log server and signer config file does not allow comments HOT 1
- Tag a new release with transparency-dev/merkle extracted HOT 4
- Drop dependency from certificate-transparency-go HOT 1
- Scripts and documentation still refer to pre-Go-module practices HOT 1
- Build and use image for ./examples/deployment/kubernetes/createtree HOT 1
- Cleanup: remove `tree_ids_with_no_ephemeral_nodes` flag after it is the default behavior
- Bump golangci-lint and remove //nolint comments in experimental/batchmap/cmd/verify/verify.go
- Are these the correct 'release' containers for log_[signer,server]? HOT 5
- Cockroach tests are pinned to historic version HOT 4
- TX rollback error: sql: transaction has already been committed or rolled back HOT 2
- Document SCTs and the tradeoffs involved in using them
- FR: Ability to configure tree hashing algorithm, along with SHA3 support HOT 6
- Alternative construction to merkle trees
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from trillian.