This post is a bit different than our usual offerings in that it’s not about security — at least not directly. We have been asked to look into some security aspects of the Cosmos Network, which is based on the Tendermint blockchain technology. In order to do so, I wanted to understand what its network communications looked like, and so to help others and facilitate discussions, I wanted to capture that here. We’ll take a super quick look at what Cosmos / Tendermint is, what the network components of it are, what the key data components of it are, and then how they talk to each other.
Cosmos / Tendermint
Let’s start with the underlying technology: Tendermint is a blockchain technology designed to utilize Proof of Stake instead of Proof of Work (as Bitcoin and Ethereum do), as well as be Byzantine Fault-Tolerant in that it can withstand up to 1/3 of the validators failing (including being actively malicious) before it becomes unavailable, as well as requiring over 2/3 of the validators to be actively malicious before it stores invalid blocks on the chain.
The Cosmos Network is a network of blockchains, in the same way that the Internet is a network of networks. The core blockchain in this collection is called Cosmos Hub, and is powered by Tendermint, although other blockchains can be wired up to Cosmos. Such a network of blockchains enables applications like exchanges — not just trading one cryptocurrency for another, but doing things like trading cryptocurrency for energy contracts.
While Cosmos may be able to run different blockchain technologies, the remainder of this post will be focused on the implementation of Tendermint for Cosmos Hub.
Full Node: A machine that keeps the full ledger of the blockchain.
Validator: A Full Node that can propose new blocks and vote to accept or reject proposed blocks. Cosmos Hub will be limited to 100 Validators initially, up to 300 after ten years. Validators should be very secure, will be punished if they behave badly, and as a consequence should not be directly accessible from the public Internet.
Sentry Node: Since Validators should not be accessible from the public Internet, Sentry Nodes are Full Nodes that are typically accessible from the public Internet, essentially acting as an application firewall for Validators by receiving messages and validating them before forwarding them along. Sentries may also be private, either for internal redundancy, or facilitating Validator-to-Validator communication.
Application Node: Applications can technically connect to any publicly available Full Node to interact with the rest of the network, but in practice they will generally run their own Full Nodes for such interactions.
Seed Node: A node that constantly queries the other publicly available nodes to discover their peers such that it can provide a list of “seed” nodes to any new node to connect to the network.
Lightweight Node: A machine that only keeps the most recent block or blocks of the blockchain.
Transaction: A discrete and deterministic state change being recorded by an application.
Block: A collection of transactions.
Blockchain: An ordered collection of Blocks, validated by consensus.
By default, Tendermint RPC communication occurs over an HTTP REST interface on TCP port 26657 (what we call the Application Connection below). P2P communication occurs over TCP port 26656. We’ll start with the big picture of how all the components talk to each other, and then zoom in for greater detail on each area.
Now we’ll take a closer look at the Applications, Other Nodes, Validators and Public Sentry Nodes, Private Sentry Nodes, and wrap up with some anti-patterns. But first, a closer look at the Key for the connections we see here.
Validators and Public Sentry Nodes
Private Sentry Nodes
So there you have it, a quick summary of what the Cosmos Network, Cosmos Hub, and Tendermint along with their components and how they all connect to each other. This is still something I am figuring out, so please leave your feedback in the comments and I will update as appropriate.
This post, specifically, is licensed as follows:
Cosmos / Tendermint Network Architecture by S Terry Brugger, PhD is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Based on a work at https://bubowerks.io/blog/2018/07/19/cosmos-tendermint-network-architecture/.