Branch data     Line data    Source code

       1                 :            : // Copyright (c) 2012-2021 The Bitcoin Core developers
       2                 :            : // Distributed under the MIT software license, see the accompanying
       3                 :            : // file COPYING or http://www.opensource.org/licenses/mit-license.php.
       4                 :            : 
       5                 :            : #ifndef BITCOIN_COMMON_BLOOM_H
       6                 :            : #define BITCOIN_COMMON_BLOOM_H
       7                 :            : 
       8                 :            : #include <serialize.h>
       9                 :            : #include <span.h>
      10                 :            : 
      11                 :            : #include <vector>
      12                 :            : 
      13                 :            : class COutPoint;
      14                 :            : class CTransaction;
      15                 :            : 
      16                 :            : //! 20,000 items with fp rate < 0.1% or 10,000 items and <0.0001%
      17                 :            : static constexpr unsigned int MAX_BLOOM_FILTER_SIZE = 36000; // bytes
      18                 :            : static constexpr unsigned int MAX_HASH_FUNCS = 50;
      19                 :            : 
      20                 :            : /**
      21                 :            :  * First two bits of nFlags control how much IsRelevantAndUpdate actually updates
      22                 :            :  * The remaining bits are reserved
      23                 :            :  */
      24                 :            : enum bloomflags
      25                 :            : {
      26                 :            :     BLOOM_UPDATE_NONE = 0,
      27                 :            :     BLOOM_UPDATE_ALL = 1,
      28                 :            :     // Only adds outpoints to the filter if the output is a pay-to-pubkey/pay-to-multisig script
      29                 :            :     BLOOM_UPDATE_P2PUBKEY_ONLY = 2,
      30                 :            :     BLOOM_UPDATE_MASK = 3,
      31                 :            : };
      32                 :            : 
      33                 :            : /**
      34                 :            :  * BloomFilter is a probabilistic filter which SPV clients provide
      35                 :            :  * so that we can filter the transactions we send them.
      36                 :            :  *
      37                 :            :  * This allows for significantly more efficient transaction and block downloads.
      38                 :            :  *
      39                 :            :  * Because bloom filters are probabilistic, a SPV node can increase the false-
      40                 :            :  * positive rate, making us send it transactions which aren't actually its,
      41                 :            :  * allowing clients to trade more bandwidth for more privacy by obfuscating which
      42                 :            :  * keys are controlled by them.
      43                 :            :  */
      44                 :            : class CBloomFilter
      45                 :            : {
      46                 :            : private:
      47                 :            :     std::vector<unsigned char> vData;
      48                 :            :     unsigned int nHashFuncs;
      49                 :            :     unsigned int nTweak;
      50                 :            :     unsigned char nFlags;
      51                 :            : 
      52                 :            :     unsigned int Hash(unsigned int nHashNum, Span<const unsigned char> vDataToHash) const;
      53                 :            : 
      54                 :            : public:
      55                 :            :     /**
      56                 :            :      * Creates a new bloom filter which will provide the given fp rate when filled with the given number of elements
      57                 :            :      * Note that if the given parameters will result in a filter outside the bounds of the protocol limits,
      58                 :            :      * the filter created will be as close to the given parameters as possible within the protocol limits.
      59                 :            :      * This will apply if nFPRate is very low or nElements is unreasonably high.
      60                 :            :      * nTweak is a constant which is added to the seed value passed to the hash function
      61                 :            :      * It should generally always be a random value (and is largely only exposed for unit testing)
      62                 :            :      * nFlags should be one of the BLOOM_UPDATE_* enums (not _MASK)
      63                 :            :      */
      64                 :            :     CBloomFilter(const unsigned int nElements, const double nFPRate, const unsigned int nTweak, unsigned char nFlagsIn);
      65                 :       2338 :     CBloomFilter() : nHashFuncs(0), nTweak(0), nFlags(0) {}
      66                 :            : 
      67                 :       6480 :     SERIALIZE_METHODS(CBloomFilter, obj) { READWRITE(obj.vData, obj.nHashFuncs, obj.nTweak, obj.nFlags); }
      68                 :            : 
      69                 :            :     void insert(Span<const unsigned char> vKey);
      70                 :            :     void insert(const COutPoint& outpoint);
      71                 :            : 
      72                 :            :     bool contains(Span<const unsigned char> vKey) const;
      73                 :            :     bool contains(const COutPoint& outpoint) const;
      74                 :            : 
      75                 :            :     //! True if the size is <= MAX_BLOOM_FILTER_SIZE and the number of hash functions is <= MAX_HASH_FUNCS
      76                 :            :     //! (catch a filter which was just deserialized which was too big)
      77                 :            :     bool IsWithinSizeConstraints() const;
      78                 :            : 
      79                 :            :     //! Also adds any outputs which match the filter to the filter (to match their spending txes)
      80                 :            :     bool IsRelevantAndUpdate(const CTransaction& tx);
      81                 :            : };
      82                 :            : 
      83                 :            : /**
      84                 :            :  * RollingBloomFilter is a probabilistic "keep track of most recently inserted" set.
      85                 :            :  * Construct it with the number of items to keep track of, and a false-positive
      86                 :            :  * rate. Unlike CBloomFilter, by default nTweak is set to a cryptographically
      87                 :            :  * secure random value for you. Similarly rather than clear() the method
      88                 :            :  * reset() is provided, which also changes nTweak to decrease the impact of
      89                 :            :  * false-positives.
      90                 :            :  *
      91                 :            :  * contains(item) will always return true if item was one of the last N to 1.5*N
      92                 :            :  * insert()'ed ... but may also return true for items that were not inserted.
      93                 :            :  *
      94                 :            :  * It needs around 1.8 bytes per element per factor 0.1 of false positive rate.
      95                 :            :  * For example, if we want 1000 elements, we'd need:
      96                 :            :  * - ~1800 bytes for a false positive rate of 0.1
      97                 :            :  * - ~3600 bytes for a false positive rate of 0.01
      98                 :            :  * - ~5400 bytes for a false positive rate of 0.001
      99                 :            :  *
     100                 :            :  * If we make these simplifying assumptions:
     101                 :            :  * - logFpRate / log(0.5) doesn't get rounded or clamped in the nHashFuncs calculation
     102                 :            :  * - nElements is even, so that nEntriesPerGeneration == nElements / 2
     103                 :            :  *
     104                 :            :  * Then we get a more accurate estimate for filter bytes:
     105                 :            :  *
     106                 :            :  *     3/(log(256)*log(2)) * log(1/fpRate) * nElements
     107                 :            :  */
     108                 :            : class CRollingBloomFilter
     109                 :            : {
     110                 :            : public:
     111                 :            :     CRollingBloomFilter(const unsigned int nElements, const double nFPRate);
     112                 :            : 
     113                 :            :     void insert(Span<const unsigned char> vKey);
     114                 :            :     bool contains(Span<const unsigned char> vKey) const;
     115                 :            : 
     116                 :            :     void reset();
     117                 :            : 
     118                 :            : private:
     119                 :            :     int nEntriesPerGeneration;
     120                 :            :     int nEntriesThisGeneration;
     121                 :            :     int nGeneration;
     122                 :            :     std::vector<uint64_t> data;
     123                 :            :     unsigned int nTweak;
     124                 :            :     int nHashFuncs;
     125                 :            : };
     126                 :            : 
     127                 :            : #endif // BITCOIN_COMMON_BLOOM_H