Tendermint on non-deterministic signatures

[ValarDragon]

Tendermint's logic hasn't been vetted for non-deterministic signatures. It needs to be investigated if the current logic holds for non-determinstic signatures. The signer can always create multiple valid signatures on the same message in both secp and ed25519

[ebuchman]

So, afaik, the logic holds for non-deterministic signatures as follows:

• a proposal with an alternate signature is treated like a double-signed proposal: it's basically ignored. we actually don't currently punish or otherwise inhibit this behaviour
• a vote with an alternate signature is treated like a duplicate: it's also ignored.

Question is whether we should treat such a duplicate vote as a double signing event? It wouldn't actually cause an issue to the consensus, and if one validator sees one signature and another sees another, they have the same impact on the progression of the consensus. The only difference will be in the CanonicalCommit, as it will use whichever vote the proposer happened to see.

We should probably investigate this further and be explicit about how we treat this case compared to others, but on first review it looks like we should be OK.

Any other use of votes should come with a Merkle proof, so alternate signatures shouldn't be able to interfere with anything there.

Any other thoughts? @ValarDragon @milosevic ?

[ebuchman]

We should write tests for this in the consensus pkg and probably in the lite package and document the relevant behaviour around this for any code that handles signatures.

[ebuchman]

#2871 is somewhat related, though what we're talking about here wouldn't count as a bad peer there.

Note we also have non-determinism in the timestamps - the same validator can send two votes with different timestamps (and hence different signatures). Currently, these messages are just ignored; they don't count as double signing, since the BlockID is the same, and it doesn't matter which commit we see during consensus time - the actual merklized commit will be canonicalized when the next block is proposed.

I'll add the test and doc labels and drop this from launch.