3 posts tagged with "Cardano database"

Switching to Cardano database incremental certification​

A new incremental certification process has been introduced for the Cardano node internal database. This enhancement is part of ongoing efforts to improve the Mithril protocol and optimize Cardano node bootstrapping.

More information about the Cardano database certification is available at:

• Cardano node database
• Cardano node database v2.

The Cardano node database v2 certification offers incremental verification and greater efficiency compared to the original method. It will progressively replace the current certification process for the Cardano node internal database.

To facilitate this transition, updates have been made to both the Mithril client CLI and the Mithril client library. These changes are designed to support the new incremental certification process and ensure a smooth user experience.

In particular, the cardano-db command in the Mithril client CLI has been updated to support the new incremental certification process and eventually a seamless switch to the new backend. A new --backend option has been added to the command, allowing users to specify the certification version:

• --backend v1 uses the original Cardano node database certification (this remains the default)
• --backend v2 enables the new incremental Cardano node database certification.

To support this transition, both certification versions will remain available during the migration period, allowing users to adapt at their own pace.

• Distribution 2524:

  • Introduced the --backend parameter in the cardano-db command
  • The default backend is v1; the v2 backend is still considered unstable
  • No breaking changes in the client CLI
  • The v2 backend is accessible via the cardano_database_v2 function in the client library.

• Distribution +1:

  • The v2 backend will be promoted to stable status but will remain optional
  • The v1 backend will continue to be the default.

• Distribution +2:

  • The v2 backend will become the default
  • The v1 backend will be deprecated.

• Distribution +3:

  • The v1 backend will be decommissioned and removed from the client CLI and library.

• Distribution +4:

  • The v1 backend will be fully removed from the signer and aggregator.

If you have any questions or need assistance, contact the team on the Discord channel.

Mithril snapshots for Cardano database could be compromised by an adversary​

The Mithril team has published a security advisory for users running the Mithril client on the mainnet infrastructure:

• Identifier: GHSA-qv97-5qr8-2266
• Title: Mithril snapshots for Cardano database could be compromised by an adversary
• Location: GHSA-qv97-5qr8-2266
• Severity: Moderate (4.9/10).

curl --proto '=https' --tlsv1.2 -sSf https://raw.githubusercontent.com/input-output-hk/mithril/refs/heads/main/mithril-install.sh | sh -s -- -c mithril-client -d 2517.1 -p $(pwd)

For any inquiries or assistance, contact the team on the Discord channel.

Breaking changes in client library and CLI​

The 2517 release introduces breaking changes to the Mithril client CLI and library.

Client CLI​

The command for downloading a certified Cardano database using the Mithril client CLI has been updated starting from version 0.12.1:

• The existing command remains functional but no longer downloads ancillary files (ledger state snapshot and last immutable file) by default. As a result, the fast bootstrap feature is disabled, requiring the Cardano node to compute the ledger state from the genesis block during startup:

mithril-client cardano-database download latest

• To include ancillary files and enable fast bootstrap, use the new command with the --include-ancillary option:

mithril-client cardano-database download latest --include-ancillary --ancillary-verification-key <ANCILLARY_VERIFICATION_KEY>

To update the Mithril client CLI, use the following one-line command. By default, it downloads to the current directory. To specify a custom folder, use the -p option:

curl --proto '=https' --tlsv1.2 -sSf https://raw.githubusercontent.com/input-output-hk/mithril/refs/heads/main/mithril-install.sh | sh -s -- -c mithril-client -d 2517.1 -p $(pwd)

For more details, refer to the Mithril client node documentation.

Client Library​

The Mithril client library has also been updated. By default, it no longer downloads ancillary files (ledger state snapshot and last immutable file), which disables the fast bootstrap feature. Consequently, the Cardano node must compute the ledger state from the genesis block during startup.

To enable fast bootstrap, use the download_unpack_full function instead of download_unpack and provide the set_ancillary_verification_key parameter:

• Set the ancillary verification key using the set_ancillary_verification_key method when building the client:

let client = ClientBuilder::aggregator(AGGREGATOR_ENDPOINT, GENESIS_VERIFICATION_KEY)
    .set_ancillary_verification_key(ANCILLARY_VERIFICATION_KEY.to_string()) // Added line
    .with_origin_tag(Some("EXAMPLE".to_string()))
    .build()?;

• Use the download_unpack_full function to download ancillary files:

client
    .cardano_database()
    .download_unpack_full(&snapshot, target_directory)
    .await?;

For more information and a complete example, refer to the Mithril client library documentation.

If you have any questions or need assistance, contact the team on the Discord channel.