Perform transaction authentication in trusted full nodes

[Mirko-von-Leipzig]

Submitted transactions (and batches) currently get transformed into AuthenticatedTransactions in the sequencer before they are submitted to the mempool. This authentication:

• rejects double spending early
• authenticates any unauthenticated note IDs that are committed

Once it gets to the mempool, this extra information remains valid so long as the authentication reference block overlaps with the mempool's retained history. In other words, a transaction has N blocks between authentication against the database & being processed by the mempool. If this fails, it is considered an internal error since this means the processing was slow.

Since full nodes have a complete copy of the sequencer data (minus sync delay), we can offload this database IO from the sequencer to full nodes. This authentication data would be trusted since verifying it would require the same database IO we are offloading.. In other words, this can only be done by the network operator's own internal full nodes, and not by external full nodes. Though the latter could still do double spending checks for early rejection.

I propose we add a new gRPC sequencer service, intended only for internal use, which contains the SubmitAuthenticatedTx and SubmitAuthenticatedTxBatch methods.

Internal full nodes which have access to these endpoints should replace the current submission workflow with the workflow performed by the sequencer:

• submit to validator
• authenticate tx
• forward both to the sequencer

Effectively, the current sequencer impl would be split just prior to mempool submission, with the former half going to the trusted full node.

Such trusted full nodes would require an additional:

• validator url and
• sequencer url

note that the latter is not necessarily the same as the upstream url (which could be daisy chaining). Though maybe we shouldn't do this and instead have:

• upstream.url for untrusted
• (sequencer.url, validator.url) for trusted

[bobbinth]

How do we ensure that external nodes don't use the "privileged" endpoints? Is this done at the infrastructure or application levels?

[Mirko-von-Leipzig]

How do we ensure that external nodes don't use the "privileged" endpoints? Is this done at the infrastructure or application levels?

Infrastructure in the sense that external nodes only know about the official rpc url.

The sequencer would have an additional internal port for this service. Or if we wish it to be the same port we can restrict it via grpc infra

[sergerad]

@Mirko-von-Leipzig could you please elaborate on the data flow / sequence to illustrate this approach a bit more? The flow is starting to get complex and I might not have my head around it. I presume this would happen on the full node before it forwards write requests to the sequencer? Or would this instead involve bouncing back to a fullnode from the sequencer?

Is the impetus behind this a performance optimization only? How certain are we that we need this optimization and that the suggested approach helps the bottleneck?

[Mirko-von-Leipzig]

Is the impetus behind this a performance optimization only?

Yes its a performance improvement. More specifically, it moves the database IO required for every transaction from the sequencer to the full nodes.

How certain are we that we need this optimization and that the suggested approach helps the bottleneck?

How long is a piece of string 🤷 I think given its moving database IO from a single place, to somewhere where it can scale horizontally, that its worth doing.

I presume this would happen on the full node before it forwards write requests to the sequencer? Or would this instead involve bouncing back to a fullnode from the sequencer?

This happens on the full node, no bouncing.

@Mirko-von-Leipzig could you please elaborate on the data flow / sequence to illustrate this approach a bit more? The flow is starting to get complex and I might not have my head around it.

Sure, each proven transaction undergoes the following flow:

1. Basic checks e.g. hasn't already expired, isn't a network tx etc
2. Proof verification
3. Validator submission & verification
4. Authentication i.e. the old GetTransactionInputs
5. Mempool submission

What we want to do, is move (1-4) to trusted full nodes, where possible. We do still need to allow for other node network topologies e.g. only having a single sequencer node. So we have the following:

• Sequencer:
  • receives a proven transaction (via the normal RPC API): perform 1-5.
  • receives an authenticated transaction (via new internal trusted API): perform 5.
• Full node:
  • has no trusted sequencer url: perform (1, 2) as quick sanity checks, forward to upstream
  • has trusted sequencer: perform (1-4) and submit authenticated transaction

[sergerad]

@Mirko-von-Leipzig lets see if we can align on the design:

---

Design: offloading transaction validation to trusted full nodes

1. Goal & trust model

Move pre-mempool work (basic checks → proof verification → validator re-execution →
authentication) off the sequencer and onto trusted full nodes, while preserving:

• the public proven-tx path on the sequencer (single-node topologies), and
• the existing "dumb forwarding" full-node path (untrusted full nodes).

The sequencer trusts the authentication computed by the trusted full node. The sequencer's new
endpoint feeds the full-node-supplied TransactionInputs straight into the mempool via
AuthenticatedTransaction::new_unchecked — no proof verification, no re-execution, no store lookup
on the sequencer for this path. That is why the endpoint must be a private, network-isolated interface:
anyone who can reach it can inject transactions the sequencer will not independently verify. We can
add mTLS down the line if we wish.

2. Node roles after this change

There are three node roles. The sequencer remains a single role/node; what's new is that
it exposes a second gRPC service (see below).

Node role	Receives	Steps performed
Sequencer (single node)	proven tx / batch (public) or authenticated tx / batch (private)	1–5 on the public path; 5 only on the private path
Full node (untrusted, today's full-node)	proven tx / batch	1–2, forward upstream (unchanged)
Trusted full node (new subcommand)	proven tx / batch	1–4, submit authenticated tx/batch to sequencer

The sequencer exposes two gRPC services

The single sequencer node serves two distinct gRPC services on two separate listeners, so
they can be exposed/firewalled independently:

Service	Listener	Audience	Path
rpc.Api (existing public RPC)	public RPC port	external clients	proven tx → steps 1–5
trusted.Api (new)	private port (off by default)	trusted full nodes only	authenticated tx → step 5 only

Both services drive the same in-process BlockProducerApi / mempool; the trusted service
is just a thinner entry point that skips re-verification.

The validator is a single shared instance. The trusted full node points its
--validator.url at the same validator the sequencer uses, so the validator still records
(and will later sign) every tx — no validator code changes.

3. Proto / gRPC changes

New internal proto, e.g. proto/proto/internal/trusted.proto (package trusted):

service Api {
    rpc SubmitAuthenticatedTx(AuthenticatedTransaction) returns (blockchain.BlockNumber) {}
    rpc SubmitAuthenticatedTxBatch(AuthenticatedTransactionBatch) returns (blockchain.BlockNumber) {}
}

message AuthenticatedTransaction {
    bytes transaction = 1;       // ProvenTransaction::to_bytes
    AuthInputs auth_inputs = 2;  // what get_tx_inputs produced on the full node
}

message AuthenticatedTransactionBatch {
    bytes proposed_batch = 1;            // ProposedBatch::to_bytes
    repeated AuthInputs auth_inputs = 2; // one per tx, same ordering as the batch
}

// Wire form of block-producer's store::TransactionInputs
message AuthInputs {
    account.AccountId account_id = 1;
    optional primitives.Digest account_commitment = 2;
    repeated NullifierRecord nullifiers = 3;       // nullifier + block_num (0 = unspent)
    repeated primitives.Digest found_unauthenticated_notes = 4;
    fixed32 current_block_height = 5;
}

This AuthInputs is the block-producer's lightweight TransactionInputs
(crates/block-producer/src/store/mod.rs), not the protocol TransactionInputs already on
ProvenTransaction.transaction_inputs (that one is for validator re-execution and is
unchanged). Add TryFrom/From conversions between AuthInputs proto and
block_producer::store::TransactionInputs in crates/proto/src/domain/. The service
descriptor must not be registered on the public RPC reflection set.

4. Module changes

crates/block-producer (server/mod.rs) — split the existing submit methods so the
back half is reusable:

• Extract add_authenticated(tx, inputs) from today's submit_proven_tx (the new_unchecked
  • mempool-lock + add_transaction part).
• submit_proven_tx becomes get_tx_inputs → add_authenticated (behavior identical).
• New public submit_authenticated_tx(tx, inputs) → add_authenticated directly (skips
  get_tx_inputs).
• Same split for the batch variants (add_authenticated_batch).

Sequencer trusted gRPC server — a new small server (mirroring crates/rpc/src/server)
that owns a BlockProducerApi handle and implements trusted.Api by decoding →
submit_authenticated_tx/_batch. It binds its own listener (separate port from public
RPC) so it can be firewalled independently. It does not get the public RPC's accept-header /
rate-limit / network-tx-auth layers; only standard tracing/panic layers.

crates/rpc (server/mod.rs, api/submit_proven_tx*.rs) — add a third RpcMode:

RpcMode::TrustedFullNode {
    validator: Box<ValidatorClient>,
    sequencer: Box<TrustedClient>,
}

RpcService already holds store: Arc<State> (the replica state), so steps 1–4 all have what
they need. In submit_proven_tx::handle, after the existing steps 1–2 (which already run
before the mode branch), add the TrustedFullNode arm:

1. step 3 — validator.submit_proven_transaction(request) (same call the sequencer makes today);
2. step 4 — get_tx_inputs(&self.store, &tx) against the replica state;
3. convert to AuthInputs proto, call sequencer.submit_authenticated_tx(...).

Batch arm mirrors submit_proven_tx_batch (ref check + re-prove + per-tx validator submit +
per-tx get_tx_inputs, then submit_authenticated_tx_batch).

crates/proto/src/clients — add TrustedClient (for trusted.Api) alongside ValidatorClient etc.

5. CLI changes (bin/node/src/commands/modes.rs)

New subcommand trusted-full-node. It's FullNodeCommand plus:

• --validator.url / MIDEN_NODE_VALIDATOR_URL (same validator as sequencer),
• --sequencer.url / MIDEN_NODE_SEQUENCER_URL (the sequencer's private trusted-submission endpoint).

Its handle builds RpcMode::TrustedFullNode { validator, sequencer } instead of
full_node(...). It still runs the RpcSync loop (it needs an up-to-date replica to
authenticate against) and keeps the readiness gating.

SequencerCommand gains an opt-in flag to expose the trusted service:

• --trusted-submission.listen / MIDEN_NODE_TRUSTED_SUBMISSION_URL (bind address for the
  private port; off when unset).

When set, the sequencer spawns the trusted gRPC server task with a block_producer.api()
handle next to the existing RPC + sequencer tasks.

6. Configuration / deployment

• Network isolation is the security boundary. The trusted-submission port must be
  reachable only from trusted full nodes (private subnet / k8s NetworkPolicy / firewall). An
  exposed port = unauthenticated, unverified tx injection.
• Trusted full nodes need routes to both the sequencer's trusted port and the shared validator.
• Update Docker Compose / k8s manifests with a trusted-full-node example and a separate
  sequencer service port + restrictive policy.
  pattern). Optional for v1.
• Operational constraint: a trusted full node's replica must stay within state_retention
  blocks of the sequencer, or submissions are rejected as StaleInputs (it derives
  current_block_height from its own committed chain tip). Add a replica-lag metric/alert for
  trusted nodes; the existing RpcSync readiness gating should keep it well inside the window.

8. Phased plan

1. Proto + conversions — add trusted.proto (trusted.Api), AuthInputs ↔
   block_producer::store::TransactionInputs, generate client. (No behavior change.)
2. Block-producer API split — extract add_authenticated[_batch], add
   submit_authenticated_tx[_batch]. Pure refactor, covered by existing mempool tests.
3. Sequencer trusted server — new gRPC server + --trusted-submission.listen flag on
   SequencerCommand, opt-in. Sequencer behavior otherwise unchanged.
4. Trusted full-node mode — RpcMode::TrustedFullNode, the two handler arms,
   trusted-full-node subcommand.
5. Deployment + docs — compose/k8s, network policy, operator docs, replica-lag metric;
   integration test: trusted full node → sequencer trusted port → block inclusion.

The feature only activates once a sequencer sets --trusted-submission.listen and a
trusted-full-node is pointed at it.

[Mirko-von-Leipzig]

I suspect you're over complicating this. This shouldn't be much work; its

1. one new (minor) RPC service on the sequencer
2. two additional optional CLI args
3. no need for a new CLI node; this is still just a full node
4. moving some code around, factoring some parts out for easier reuse

The hardest part here imo is (4). And I would start there since it informs the shape everything else needs.