共识算法之POA

POA共识机制

POA（Proof of Authority)，即授权证明，是通过一组授过权的节点来生成新的区块和验证新的区块。
也叫（Proof of Activity）活跃证明，因为这组授权节点是从所有活跃节点中产生的。

授权节点（signers)

就是矿工节点，负责打包交易，产生区块，由授权的signer投票超过50%产生新的signer。如果signer作恶，他最多只能攻击连续块(SIGNER_COUNT / 2) + 1)中的一个，作恶期间可以由其他的signer投票踢出作恶的signer。

算法公式

                                   n = F(signer,msgHash)

其中F()是数字签名函数，n是签名后生成的数据，signer是授权节点，在以太坊中是一个Address类型(20 bytes)的地址。mshHash是要签名的数据摘要，对应以太坊中Hash类型(32bytes)的哈希值。签名算法F(),采用的是椭圆曲线数字签名算法(ECDSA)。
这个授权节点有一个限制，就是必须是认证（authorized)的。

现在我们通过源码看一下POA签名过程。

func (s *Ethereum) StartMining(threads int) error {
    ~~~~~~代码省略
    // Configure the local mining address
        eb, err := s.Etherbase()
        if err != nil {
            log.Error("Cannot start mining without etherbase", "err", err)
            return fmt.Errorf("etherbase missing: %v", err)
        }
        if clique, ok := s.engine.(*clique.Clique); ok {
            wallet, err := s.accountManager.Find(accounts.Account{Address: eb})
            if wallet == nil || err != nil {
                log.Error("Etherbase account unavailable locally", "err", err)
                return fmt.Errorf("signer missing: %v", err)
            }
            clique.Authorize(eb, wallet.SignHash)
        }
}

上面的代码在backend.go中。这里是Clique的初始化，通过判断当前s.engine的类型是否是Clique来初始化签名者(signer)和签名函数(SignHash)。
上面的代码中eb是当前节点的主帐户地址(acounts[0])，通过 clique.Authorize(eb, wallet.SignHash)配置签名者和签名函数,签名函数是通过wallet 对象获取的。
下面是Authorize和SignHash方法

// Authorize injects a private key into the consensus engine to mint new blocks
// with.
func (c *Clique) Authorize(signer common.Address, signFn SignerFn) {
    c.lock.Lock()
    defer c.lock.Unlock()

    c.signer = signer
    c.signFn = signFn
}

// SignHash calculates a ECDSA signature for the given hash. The produced
// signature is in the [R || S || V] format where V is 0 or 1.
func (ks *KeyStore) SignHash(a accounts.Account, hash []byte) ([]byte, error) {
    // Look up the key to sign with and abort if it cannot be found
    ks.mu.RLock()
    defer ks.mu.RUnlock()

    unlockedKey, found := ks.unlocked[a.Address]
    if !found {
        return nil, ErrLocked
    }
    // Sign the hash using plain ECDSA operations
    return crypto.Sign(hash, unlockedKey.PrivateKey)
}

可以看到SignHash函数的功能就是用签名者账户的私钥对hash数值进行签名。

设置了签名者和签名函数后，我们就看下整个POA最主要的部分，就是在签名者对区块进行签名认证的过程 :Seal()函数,在clique.go中

// Seal implements consensus.Engine, attempting to create a sealed block using
// the local signing credentials.
func (c *Clique) Seal(chain consensus.ChainReader, block *types.Block, results chan<- *types.Block, stop <-chan struct{}) error {
    header := block.Header()

    // Sealing the genesis block is not supported
    number := header.Number.Uint64()
    if number == 0 {
        return errUnknownBlock
    }
    // For 0-period chains, refuse to seal empty blocks (no reward but would spin sealing)
    if c.config.Period == 0 && len(block.Transactions()) == 0 {
        log.Info("Sealing paused, waiting for transactions")
        return nil
    }
    // Don't hold the signer fields for the entire sealing procedure
    c.lock.RLock()
    signer, signFn := c.signer, c.signFn
    c.lock.RUnlock()

    // Bail out if we're unauthorized to sign a block
    snap, err := c.snapshot(chain, number-1, header.ParentHash, nil)
    if err != nil {
        return err
    }
    if _, authorized := snap.Signers[signer]; !authorized {
        return errUnauthorizedSigner
    }
    // If we're amongst the recent signers, wait for the next block
    for seen, recent := range snap.Recents {
        if recent == signer {
            // Signer is among recents, only wait if the current block doesn't shift it out
            if limit := uint64(len(snap.Signers)/2 + 1); number < limit || seen > number-limit {
                log.Info("Signed recently, must wait for others")
                return nil
            }
        }
    }
    // Sweet, the protocol permits us to sign the block, wait for our time
    delay := time.Unix(header.Time.Int64(), 0).Sub(time.Now()) // nolint: gosimple
    if header.Difficulty.Cmp(diffNoTurn) == 0 {
        // It's not our turn explicitly to sign, delay it a bit
        wiggle := time.Duration(len(snap.Signers)/2+1) * wiggleTime
        delay += time.Duration(rand.Int63n(int64(wiggle)))

        log.Trace("Out-of-turn signing requested", "wiggle", common.PrettyDuration(wiggle))
    }
    // Sign all the things!
    sighash, err := signFn(accounts.Account{Address: signer}, sigHash(header).Bytes())
    if err != nil {
        return err
    }
    copy(header.Extra[len(header.Extra)-extraSeal:], sighash)
    // Wait until sealing is terminated or delay timeout.
    log.Trace("Waiting for slot to sign and propagate", "delay", common.PrettyDuration(delay))
    go func() {
        select {
        case <-stop:
            return
        case <-time.After(delay):
        }

        select {
        case results <- block.WithSeal(header):
        default:
            log.Warn("Sealing result is not read by miner", "sealhash", c.SealHash(header))
        }
    }()

    return nil
}

通过代码可以看到签名过程做了5步认证限制:
1.不给创世区块签名

 number := header.Number.Uint64()
    if number == 0 {
        return errUnknownBlock
    }

2.如果Period为0并且打包的交易个数为0,则是无效区块。

// For 0-period chains, refuse to seal empty blocks (no reward but would spin sealing)
    if c.config.Period == 0 && len(block.Transactions()) == 0 {
        log.Info("Sealing paused, waiting for transactions")
        return nil
    }

3.检查该节点是否是授权节点

// Bail out if we're unauthorized to sign a block
    snap, err := c.snapshot(chain, number-1, header.ParentHash, nil)
    if err != nil {
        return err
    }
    if _, authorized := snap.Signers[signer]; !authorized {
        return errUnauthorizedSigner
    }

4.检查该节点是否刚签过名

    // If we're amongst the recent signers, wait for the next block
    for seen, recent := range snap.Recents {
        if recent == signer {
            // Signer is among recents, only wait if the current block doesn't shift it out
            if limit := uint64(len(snap.Signers)/2 + 1); number < limit || seen > number-limit {
                log.Info("Signed recently, must wait for others")
                return nil
            }
        }
    }

5.检查是否轮到该节点签名了。

    // Sweet, the protocol permits us to sign the block, wait for our time
    delay := time.Unix(header.Time.Int64(), 0).Sub(time.Now()) // nolint: gosimple
    if header.Difficulty.Cmp(diffNoTurn) == 0 {
        // It's not our turn explicitly to sign, delay it a bit
        wiggle := time.Duration(len(snap.Signers)/2+1) * wiggleTime
        delay += time.Duration(rand.Int63n(int64(wiggle)))

        log.Trace("Out-of-turn signing requested", "wiggle", common.PrettyDuration(wiggle))
    }

上面五步执行完毕后，就可以使用签名者的SignFn函数签名了,我们接看往下看:

// Sign all the things!
    sighash, err := signFn(accounts.Account{Address: signer}, sigHash(header).Bytes())
    if err != nil {
        return err
    }
    copy(header.Extra[len(header.Extra)-extraSeal:], sighash)
    // Wait until sealing is terminated or delay timeout.
    log.Trace("Waiting for slot to sign and propagate", "delay", common.PrettyDuration(delay))
    go func() {
        select {
        case <-stop:
            return
        case <-time.After(delay):
        }

        select {
        case results <- block.WithSeal(header):
        default:
            log.Warn("Sealing result is not read by miner", "sealhash", c.SealHash(header))
        }
    }()

通过上面的代码我们看到，在调用signFn后，将签名后的结果存放在了header的Extra字段中。最后通过block.WithSeal(header）函数 通过区块头重新组装成一个区块，并将结果赋给results，通过通道返回。

通过上面的代码，我们大概了解了POA共识是如何生成新的区块的。大家有时间可以到源码中再了解一下。