We are exited to announce that litep2p is running for 14 days on all parity-owned Kusama Validators! This milestone marks a significant step towards making litep2p the default network backend. Deploying litep2p across multiple validators has enabled us to identify additional areas of improvement and address edge-cases that were previously undetected when using a single non-validator node or our testing stacks.
Ecosystem Validator Involvement
Our next phase involves gradually rolling litep2p to ecosystem validators on Kusama. This transition will begin shortly after the next Polkadot 2412 stable release.
Further details will be shared in the Kusama Validators Room, so stay tuned for updates!
Releases
Since our last announcement, we’ve embraced a more rapid release cycle and are excited to share three new versions: v0.8.2, v0.8.3, and v0.8.4. Below is a summary of the improvements and fixes introduced in each release.
Release v0.8.2: Enhance Security And Stability
This release ensures that the signature payload of the crypto/noise protocol is verified before processing. This critical security measure prevents potential attacks, such as impersonation of peer IDs.
The release also fixes a debug_assert! condition that was causing incorrect assumption in cases of rapidly opening and closing connections.
-
req-resp: Fix panic on connection closed for substream open failure (#291)
-
crypto/noise: Verify crypto/noise signature payload (#278)
-
transport_service/logs: Provide less details for trace logs (#292)
Crypto/Noise Protocol
The crypto/noise protocol plays two roles: encryption and authentication of peer identity during communication.
The encryption is handled by a set of Diffie-Hellman keys (public PkDH and secret SkDH) generated for each connection.
These keys are distinct from the node’s PeerID keys (Pk and Sk), which identify the node in the network.
Authentication is achieved by verifying the signature of the payload sent by the peer.
Alice signs a message containing the PkDH using the Sk (private PeerID keys) and sends it to Bob.
Bob verifies the signature using Alice’s Pk (public PeerID keys) and the same message containing the PkDH, ensuring Alice’s ownership of the PeerID keys.
Release v0.8.3: Fixing Memory Leaks
This release resolves subtle memory leaks in the Notification and RequestResponse protocols, both caused by improper handling of substream IDs for closed connections.
These issues were identified thanks to insights from the Litep2p metrics implementation (PR #294). We plan to integrate metrics to monitor the internal state of protocols and expose this data in future releases:
-
req-resp: Fix memory leak of pending substreams (#297)
-
notification: Fix memory leak of pending substreams (#296)
Release v0.8.4: Improving Resilience of MDNS
We addressed an issue where one of our five validators malfunctioned due to an MDNS component failure. The MDNS component was not resilient to failures when submitting an MDNS query on the multicast address.
This release aims to fix that and improve the Identify protocol by reducing delays in processing outbound events.