Branch data Line data Source code
1 : : // Copyright (c) 2012-2021 The Bitcoin Core developers
2 : : // Distributed under the MIT software license, see the accompanying
3 : : // file COPYING or http://www.opensource.org/licenses/mit-license.php.
4 : :
5 : : #ifndef BITCOIN_COMMON_BLOOM_H
6 : : #define BITCOIN_COMMON_BLOOM_H
7 : :
8 : : #include <serialize.h>
9 : : #include <span.h>
10 : :
11 : : #include <vector>
12 : :
13 : : class COutPoint;
14 : : class CTransaction;
15 : :
16 : : //! 20,000 items with fp rate < 0.1% or 10,000 items and <0.0001%
17 : : static constexpr unsigned int MAX_BLOOM_FILTER_SIZE = 36000; // bytes
18 : : static constexpr unsigned int MAX_HASH_FUNCS = 50;
19 : :
20 : : /**
21 : : * First two bits of nFlags control how much IsRelevantAndUpdate actually updates
22 : : * The remaining bits are reserved
23 : : */
24 : : enum bloomflags
25 : : {
26 : : BLOOM_UPDATE_NONE = 0,
27 : : BLOOM_UPDATE_ALL = 1,
28 : : // Only adds outpoints to the filter if the output is a pay-to-pubkey/pay-to-multisig script
29 : : BLOOM_UPDATE_P2PUBKEY_ONLY = 2,
30 : : BLOOM_UPDATE_MASK = 3,
31 : : };
32 : :
33 : : /**
34 : : * BloomFilter is a probabilistic filter which SPV clients provide
35 : : * so that we can filter the transactions we send them.
36 : : *
37 : : * This allows for significantly more efficient transaction and block downloads.
38 : : *
39 : : * Because bloom filters are probabilistic, a SPV node can increase the false-
40 : : * positive rate, making us send it transactions which aren't actually its,
41 : : * allowing clients to trade more bandwidth for more privacy by obfuscating which
42 : : * keys are controlled by them.
43 : : */
44 [ + - - + ]: 45 : class CBloomFilter
[ + - + -
+ - + - +
- + - + -
+ - + - +
- + - ]
45 : : {
46 : : private:
47 : : std::vector<unsigned char> vData;
48 : : unsigned int nHashFuncs;
49 : : unsigned int nTweak;
50 : : unsigned char nFlags;
51 : :
52 : : unsigned int Hash(unsigned int nHashNum, Span<const unsigned char> vDataToHash) const;
53 : :
54 : : public:
55 : : /**
56 : : * Creates a new bloom filter which will provide the given fp rate when filled with the given number of elements
57 : : * Note that if the given parameters will result in a filter outside the bounds of the protocol limits,
58 : : * the filter created will be as close to the given parameters as possible within the protocol limits.
59 : : * This will apply if nFPRate is very low or nElements is unreasonably high.
60 : : * nTweak is a constant which is added to the seed value passed to the hash function
61 : : * It should generally always be a random value (and is largely only exposed for unit testing)
62 : : * nFlags should be one of the BLOOM_UPDATE_* enums (not _MASK)
63 : : */
64 : : CBloomFilter(const unsigned int nElements, const double nFPRate, const unsigned int nTweak, unsigned char nFlagsIn);
65 [ + - ]: 9 : CBloomFilter() : nHashFuncs(0), nTweak(0), nFlags(0) {}
66 : :
67 : 12 : SERIALIZE_METHODS(CBloomFilter, obj) { READWRITE(obj.vData, obj.nHashFuncs, obj.nTweak, obj.nFlags); }
68 : :
69 : : void insert(Span<const unsigned char> vKey);
70 : : void insert(const COutPoint& outpoint);
71 : :
72 : : bool contains(Span<const unsigned char> vKey) const;
73 : : bool contains(const COutPoint& outpoint) const;
74 : :
75 : : //! True if the size is <= MAX_BLOOM_FILTER_SIZE and the number of hash functions is <= MAX_HASH_FUNCS
76 : : //! (catch a filter which was just deserialized which was too big)
77 : : bool IsWithinSizeConstraints() const;
78 : :
79 : : //! Also adds any outputs which match the filter to the filter (to match their spending txes)
80 : : bool IsRelevantAndUpdate(const CTransaction& tx);
81 : : };
82 : :
83 : : /**
84 : : * RollingBloomFilter is a probabilistic "keep track of most recently inserted" set.
85 : : * Construct it with the number of items to keep track of, and a false-positive
86 : : * rate. Unlike CBloomFilter, by default nTweak is set to a cryptographically
87 : : * secure random value for you. Similarly rather than clear() the method
88 : : * reset() is provided, which also changes nTweak to decrease the impact of
89 : : * false-positives.
90 : : *
91 : : * contains(item) will always return true if item was one of the last N to 1.5*N
92 : : * insert()'ed ... but may also return true for items that were not inserted.
93 : : *
94 : : * It needs around 1.8 bytes per element per factor 0.1 of false positive rate.
95 : : * For example, if we want 1000 elements, we'd need:
96 : : * - ~1800 bytes for a false positive rate of 0.1
97 : : * - ~3600 bytes for a false positive rate of 0.01
98 : : * - ~5400 bytes for a false positive rate of 0.001
99 : : *
100 : : * If we make these simplifying assumptions:
101 : : * - logFpRate / log(0.5) doesn't get rounded or clamped in the nHashFuncs calculation
102 : : * - nElements is even, so that nEntriesPerGeneration == nElements / 2
103 : : *
104 : : * Then we get a more accurate estimate for filter bytes:
105 : : *
106 : : * 3/(log(256)*log(2)) * log(1/fpRate) * nElements
107 : : */
108 : 4410 : class CRollingBloomFilter
109 : : {
110 : : public:
111 : : CRollingBloomFilter(const unsigned int nElements, const double nFPRate);
112 : :
113 : : void insert(Span<const unsigned char> vKey);
114 : : bool contains(Span<const unsigned char> vKey) const;
115 : :
116 : : void reset();
117 : :
118 : : private:
119 : : int nEntriesPerGeneration;
120 : : int nEntriesThisGeneration;
121 : : int nGeneration;
122 : : std::vector<uint64_t> data;
123 : : unsigned int nTweak;
124 : : int nHashFuncs;
125 : : };
126 : :
127 : : #endif // BITCOIN_COMMON_BLOOM_H
|
