Line data    Source code

       1             : // Copyright (c) 2012-2021 The Bitcoin Core developers
       2             : // Distributed under the MIT software license, see the accompanying
       3             : // file COPYING or http://www.opensource.org/licenses/mit-license.php.
       4             : 
       5             : #ifndef BITCOIN_COMMON_BLOOM_H
       6             : #define BITCOIN_COMMON_BLOOM_H
       7             : 
       8             : #include <serialize.h>
       9             : #include <span.h>
      10             : 
      11             : #include <vector>
      12             : 
      13             : class COutPoint;
      14             : class CScript;
      15             : class CTransaction;
      16             : class CTxOut;
      17             : class uint256;
      18             : 
      19             : //! 20,000 items with fp rate < 0.1% or 10,000 items and <0.0001%
      20             : static constexpr unsigned int MAX_BLOOM_FILTER_SIZE = 36000; // bytes
      21             : static constexpr unsigned int MAX_HASH_FUNCS = 50;
      22             : 
      23             : /**
      24             :  * First two bits of nFlags control how much IsRelevantAndUpdate actually updates
      25             :  * The remaining bits are reserved
      26             :  */
      27             : enum bloomflags
      28             : {
      29             :     BLOOM_UPDATE_NONE = 0,
      30             :     BLOOM_UPDATE_ALL = 1,
      31             :     // Only adds outpoints to the filter if the output is a pay-to-pubkey/pay-to-multisig script
      32             :     BLOOM_UPDATE_P2PUBKEY_ONLY = 2,
      33             :     BLOOM_UPDATE_MASK = 3,
      34             : };
      35             : 
      36             : /**
      37             :  * BloomFilter is a probabilistic filter which SPV clients provide
      38             :  * so that we can filter the transactions we send them.
      39             :  *
      40             :  * This allows for significantly more efficient transaction and block downloads.
      41             :  *
      42             :  * Because bloom filters are probabilistic, a SPV node can increase the false-
      43             :  * positive rate, making us send it transactions which aren't actually its,
      44             :  * allowing clients to trade more bandwidth for more privacy by obfuscating which
      45             :  * keys are controlled by them.
      46             :  */
      47             : class CBloomFilter
      48             : {
      49             : private:
      50             :     std::vector<unsigned char> vData;
      51             :     unsigned int nHashFuncs;
      52             :     unsigned int nTweak;
      53             :     unsigned char nFlags;
      54             : 
      55             :     unsigned int Hash(unsigned int nHashNum, Span<const unsigned char> vDataToHash) const;
      56             : 
      57             :     // Check matches for arbitrary script data elements
      58             :     bool CheckScript(const CScript& script) const;
      59             :     // Check particular CTxOut helper
      60             :     bool ProcessTxOut(const CTxOut& txout, const uint256& hash, unsigned int index);
      61             :     // Check additional matches for special transactions
      62             :     bool CheckSpecialTransactionMatchesAndUpdate(const CTransaction& tx);
      63             : public:
      64             :     /**
      65             :      * Creates a new bloom filter which will provide the given fp rate when filled with the given number of elements
      66             :      * Note that if the given parameters will result in a filter outside the bounds of the protocol limits,
      67             :      * the filter created will be as close to the given parameters as possible within the protocol limits.
      68             :      * This will apply if nFPRate is very low or nElements is unreasonably high.
      69             :      * nTweak is a constant which is added to the seed value passed to the hash function
      70             :      * It should generally always be a random value (and is largely only exposed for unit testing)
      71             :      * nFlags should be one of the BLOOM_UPDATE_* enums (not _MASK)
      72             :      */
      73             :     CBloomFilter(const unsigned int nElements, const double nFPRate, const unsigned int nTweak, unsigned char nFlagsIn);
      74        1768 :     CBloomFilter() : nHashFuncs(0), nTweak(0), nFlags(0) {}
      75             : 
      76        4533 :     SERIALIZE_METHODS(CBloomFilter, obj) { READWRITE(obj.vData, obj.nHashFuncs, obj.nTweak, obj.nFlags); }
      77             : 
      78             :     void insert(Span<const unsigned char> vKey);
      79             :     void insert(const COutPoint& outpoint);
      80             : 
      81             :     bool contains(Span<const unsigned char> vKey) const;
      82             :     bool contains(const COutPoint& outpoint) const;
      83             : 
      84             :     //! True if the size is <= MAX_BLOOM_FILTER_SIZE and the number of hash functions is <= MAX_HASH_FUNCS
      85             :     //! (catch a filter which was just deserialized which was too big)
      86             :     bool IsWithinSizeConstraints() const;
      87             : 
      88             :     //! Also adds any outputs which match the filter to the filter (to match their spending txes)
      89             :     bool IsRelevantAndUpdate(const CTransaction& tx);
      90             : };
      91             : 
      92             : /**
      93             :  * RollingBloomFilter is a probabilistic "keep track of most recently inserted" set.
      94             :  * Construct it with the number of items to keep track of, and a false-positive
      95             :  * rate. Unlike CBloomFilter, by default nTweak is set to a cryptographically
      96             :  * secure random value for you. Similarly rather than clear() the method
      97             :  * reset() is provided, which also changes nTweak to decrease the impact of
      98             :  * false-positives.
      99             :  *
     100             :  * contains(item) will always return true if item was one of the last N to 1.5*N
     101             :  * insert()'ed ... but may also return true for items that were not inserted.
     102             :  *
     103             :  * It needs around 1.8 bytes per element per factor 0.1 of false positive rate.
     104             :  * For example, if we want 1000 elements, we'd need:
     105             :  * - ~1800 bytes for a false positive rate of 0.1
     106             :  * - ~3600 bytes for a false positive rate of 0.01
     107             :  * - ~5400 bytes for a false positive rate of 0.001
     108             :  *
     109             :  * If we make these simplifying assumptions:
     110             :  * - logFpRate / log(0.5) doesn't get rounded or clamped in the nHashFuncs calculation
     111             :  * - nElements is even, so that nEntriesPerGeneration == nElements / 2
     112             :  *
     113             :  * Then we get a more accurate estimate for filter bytes:
     114             :  *
     115             :  *     3/(log(256)*log(2)) * log(1/fpRate) * nElements
     116             :  */
     117             : class CRollingBloomFilter
     118             : {
     119             : public:
     120             :     CRollingBloomFilter(const unsigned int nElements, const double nFPRate);
     121             : 
     122             :     void insert(Span<const unsigned char> vKey);
     123             :     bool contains(Span<const unsigned char> vKey) const;
     124             : 
     125             :     void reset();
     126             : 
     127             : private:
     128             :     int nEntriesPerGeneration;
     129             :     int nEntriesThisGeneration;
     130             :     int nGeneration;
     131             :     std::vector<uint64_t> data;
     132             :     unsigned int nTweak;
     133             :     int nHashFuncs;
     134             : };
     135             : 
     136             : #endif // BITCOIN_COMMON_BLOOM_H