Dynamic Manifest: Ship a trusted instance 0

[Stebalien]

Problem: We need to know where F3 "starts" in order to validate the chain. If we have the Filecoin state-tree at the F3 genesis epoch, this is trivial (we can just use that power table to validate the first finality certificate). Unfortunately, if we're restoring from a snapshot, we won't have that state.

Ideally the snapshot would contain the F3 chain. But that requires altering the snapshot format. Even better, clients should ship with a baked-in initial power table, but that's not possible until F3 genesis has happened.

For now (for testing), we should handle this using the dynamic manifest server. Basically, in addition to the dynamic manifest, we need to also broadcast the first finality certificate (once it has been produced). That way new nodes can join without having the relevant historical state:

1. Node tries to start, fails to load the appropriate power table.
2. Node receives a message from the dynamic manifest server containing the first instance.
3. Node uses the finality exchange protocol to fetch the initial power table, validating that it matches the power table of the base tipset in the 0th finality certificate
4. Finally, the node can start F3, catching up with the finality exchange protocol.

[Stebalien]

As a part of this, we need to make sure F3 is robust against missing state.

[Kubuxu]

How about we put an optional initial power table into the manifest? If it is set, use it; otherwise, use chain.
We can then broadcast sequence number 1 manifest for normal bootstrap, and then after that, sequence number 2 could include the power table.

[Stebalien]

Hm. I don't want to include the entire power table, but we could include just the hash of it.

[Stebalien]

(because we rebroadcast this manifest)

[Stebalien]

Replaced by #485.