the729
diff --git a/‎.gitignore
+2-1 b/‎.gitignore
+2-1
diff --git a/‎client/accumulator.go
+43 b/‎client/accumulator.go
+43
diff --git a/‎client/client.go
+14 b/‎client/client.go
+14
diff --git a/‎client/client_js.go
+4 b/‎client/client_js.go
+4
diff --git a/‎client/query_account.go
+8-5 b/‎client/query_account.go
+8-5
diff --git a/‎client/query_event.go
+8-5 b/‎client/query_event.go
+8-5
diff --git a/‎client/query_ledger.go
+29-2 b/‎client/query_ledger.go
+29-2
diff --git a/‎client/query_txn.go
+16-10 b/‎client/query_txn.go
+16-10
diff --git a/‎example/cli_client/cmd_query.go
+11-5 b/‎example/cli_client/cmd_query.go
+11-5
diff --git a/‎example/cli_client/cmd_transfer.go
+2 b/‎example/cli_client/cmd_transfer.go
+2
diff --git a/‎example/cli_client/known_version.go
+45 b/‎example/cli_client/known_version.go
+45
@@ -11,8 +11,9 @@
 # Output of the go coverage tool, specifically when used with LiteIDE
 *.out
 
-wallet.toml*
+wallet.toml
 example/cli_client/cli_client
+known_version.toml
 
 ignore/
 node_modules/
@@ -0,0 +1,43 @@
+package client
+
+import (
+	"fmt"
+
+	"github.com/the729/go-libra/crypto/sha3libra"
+	"github.com/the729/go-libra/types/proof/accumulator"
+)
+
+func (c *Client) SetKnownVersion(knownVersion uint64, subtrees [][]byte) error {
+	acc := &accumulator.Accumulator{
+		Hasher:             sha3libra.NewTransactionAccumulator(),
+		FrozenSubtreeRoots: cloneSubtrees(subtrees),
+		NumLeaves:          knownVersion + 1,
+	}
+	_, err := acc.RootHash()
+	if err != nil {
+		return fmt.Errorf("known accumulator invalid: %s", err)
+	}
+	c.accMu.Lock()
+	defer c.accMu.Unlock()
+	c.acc = acc
+	return nil
+}
+
+func (c *Client) GetKnownVersion() (knownVersion uint64, subtrees [][]byte) {
+	c.accMu.RLock()
+	defer c.accMu.RUnlock()
+	return c.acc.NumLeaves - 1, cloneSubtrees(c.acc.FrozenSubtreeRoots)
+}
+
+func cloneSubtrees(in [][]byte) [][]byte {
+	if in == nil {
+		return nil
+	}
+	out := make([][]byte, 0, len(in))
+	for _, h := range in {
+		h1 := make([]byte, len(h))
+		copy(h1, h)
+		out = append(out, h1)
+	}
+	return out
+}
@@ -15,12 +15,16 @@ All queries are cryptographically verified to proof their inclusion and integrit
 package client
 
 import (
+	"encoding/hex"
 	"fmt"
+	"sync"
 
 	"google.golang.org/grpc"
 
 	"github.com/the729/go-libra/config"
+	"github.com/the729/go-libra/crypto/sha3libra"
 	"github.com/the729/go-libra/generated/pbac"
+	"github.com/the729/go-libra/types/proof/accumulator"
 	"github.com/the729/go-libra/types/validator"
 )
 
@@ -30,6 +34,8 @@ type Client struct {
 	conn     *grpc.ClientConn
 	ac       pbac.AdmissionControlClient
 	verifier validator.Verifier
+	acc      *accumulator.Accumulator
+	accMu    sync.RWMutex
 }
 
 // New creates a new Libra Client.
@@ -41,6 +47,14 @@ func New(ServerAddr, TrustedPeerFile string) (*Client, error) {
 	if err := c.connect(ServerAddr); err != nil {
 		return nil, err
 	}
+
+	genesisHash, _ := hex.DecodeString("b1f2c172f22b8a9e7fd89a64f75b3b10d64431ccbb1f89a00aff5725e4284fb1")
+	c.acc = &accumulator.Accumulator{
+		Hasher:             sha3libra.NewTransactionAccumulator(),
+		FrozenSubtreeRoots: [][]byte{genesisHash},
+		NumLeaves:          1,
+	}
+
 	return c, nil
 }
 
 
@@ -16,9 +16,11 @@ package client
 
 import (
 	"fmt"
+	"sync"
 
 	"github.com/the729/go-libra/config"
 	"github.com/the729/go-libra/generated/pbac"
+	"github.com/the729/go-libra/types/proof/accumulator"
 	"github.com/the729/go-libra/types/validator"
 )
 
@@ -27,6 +29,8 @@ import (
 type Client struct {
 	ac       pbac.AdmissionControlClient
 	verifier validator.Verifier
+	acc      *accumulator.Accumulator
+	accMu    sync.RWMutex
 }
 
 // New creates a new Libra Client.
 
@@ -12,8 +12,13 @@ import (
 // QueryAccountState queries account state from RPC server by account address, and does necessary
 // crypto verifications.
 func (c *Client) QueryAccountState(ctx context.Context, addr types.AccountAddress) (*types.ProvenAccountState, error) {
+	c.accMu.RLock()
+	frozenSubtreeRoots := cloneSubtrees(c.acc.FrozenSubtreeRoots)
+	numLeaves := c.acc.NumLeaves
+	c.accMu.RUnlock()
+
 	resp, err := c.ac.UpdateToLatestLedger(ctx, &pbtypes.UpdateToLatestLedgerRequest{
-		ClientKnownVersion: 0,
+		ClientKnownVersion: numLeaves - 1,
 		RequestedItems: []*pbtypes.RequestItem{
 			&pbtypes.RequestItem{
 				RequestedItems: &pbtypes.RequestItem_GetAccountStateRequest{
@@ -30,11 +35,9 @@ func (c *Client) QueryAccountState(ctx context.Context, addr types.AccountAddres
 	// respj, _ := json.MarshalIndent(resp, "", "    ")
 	// log.Println(string(respj))
 
-	li := &types.LedgerInfoWithSignatures{}
-	li.FromProto(resp.LedgerInfoWithSigs)
-	pli, err := li.Verify(c.verifier)
+	pli, err := c.verifyLedgerInfoAndConsistency(resp, numLeaves, frozenSubtreeRoots)
 	if err != nil {
-		return nil, fmt.Errorf("ledger info verification failed: %v", err)
+		return nil, err
 	}
 
 	account := &types.AccountStateWithProof{}
 
@@ -11,7 +11,13 @@ import (
 
 // QueryEventsByAccessPath queries list of events by access path does necessary crypto verifications.
 func (c *Client) QueryEventsByAccessPath(ctx context.Context, ap *types.AccessPath, start uint64, ascending bool, limit uint64) ([]*types.ProvenEvent, error) {
+	c.accMu.RLock()
+	frozenSubtreeRoots := cloneSubtrees(c.acc.FrozenSubtreeRoots)
+	numLeaves := c.acc.NumLeaves
+	c.accMu.RUnlock()
+
 	resp, err := c.ac.UpdateToLatestLedger(ctx, &pbtypes.UpdateToLatestLedgerRequest{
+		ClientKnownVersion: numLeaves - 1,
 		RequestedItems: []*pbtypes.RequestItem{
 			{
 				RequestedItems: &pbtypes.RequestItem_GetEventsByEventAccessPathRequest{
@@ -32,13 +38,10 @@ func (c *Client) QueryEventsByAccessPath(ctx context.Context, ap *types.AccessPa
 		return nil, err
 	}
 
-	li := &types.LedgerInfoWithSignatures{}
-	li.FromProto(resp.LedgerInfoWithSigs)
-	pli, err := li.Verify(c.verifier)
+	pli, err := c.verifyLedgerInfoAndConsistency(resp, numLeaves, frozenSubtreeRoots)
 	if err != nil {
-		return nil, fmt.Errorf("ledger info verification failed: %v", err)
+		return nil, err
 	}
-	// log.Printf("Ledger info: version %d, time %d", li.LedgerInfo.Version, li.LedgerInfo.TimestampUsec)
 
 	resp1 := resp.ResponseItems[0].GetGetEventsByEventAccessPathResponse()
 	if resp1 == nil {
 
@@ -9,9 +9,14 @@ import (
 )
 
 // QueryLedgerInfo queries ledger info from RPC server, and does necessary crypto verifications.
-func (c *Client) QueryLedgerInfo(ctx context.Context, knownVersion uint64) (*types.ProvenLedgerInfo, error) {
+func (c *Client) QueryLedgerInfo(ctx context.Context) (*types.ProvenLedgerInfo, error) {
+	c.accMu.RLock()
+	frozenSubtreeRoots := cloneSubtrees(c.acc.FrozenSubtreeRoots)
+	numLeaves := c.acc.NumLeaves
+	c.accMu.RUnlock()
+
 	resp, err := c.ac.UpdateToLatestLedger(ctx, &pbtypes.UpdateToLatestLedgerRequest{
-		ClientKnownVersion: knownVersion,
+		ClientKnownVersion: numLeaves - 1,
 	})
 	if err != nil {
 		return nil, err
@@ -20,12 +25,34 @@ func (c *Client) QueryLedgerInfo(ctx context.Context, knownVersion uint64) (*typ
 	// respj, _ := json.MarshalIndent(resp, "", "    ")
 	// log.Println(string(respj))
 
+	pli, err := c.verifyLedgerInfoAndConsistency(resp, numLeaves, frozenSubtreeRoots)
+	if err != nil {
+		return nil, err
+	}
+
+	return pli, nil
+}
+
+func (c *Client) verifyLedgerInfoAndConsistency(
+	resp *pbtypes.UpdateToLatestLedgerResponse,
+	numLeaves uint64, frozenSubtreeRoots [][]byte,
+) (*types.ProvenLedgerInfo, error) {
+
 	li := &types.LedgerInfoWithSignatures{}
 	li.FromProto(resp.LedgerInfoWithSigs)
 	pli, err := li.Verify(c.verifier)
 	if err != nil {
 		return nil, fmt.Errorf("ledger info verification failed: %v", err)
 	}
+	numLeaves, frozenSubtreeRoots, err = pli.VerifyConsistency(numLeaves, frozenSubtreeRoots, resp.LedgerConsistencyProof.Subtrees)
+	if err != nil {
+		return nil, fmt.Errorf("ledger not consistent with known version: %v", err)
+	}
+	c.accMu.Lock()
+	if numLeaves > c.acc.NumLeaves {
+		c.acc.FrozenSubtreeRoots, c.acc.NumLeaves = frozenSubtreeRoots, numLeaves
+	}
+	c.accMu.Unlock()
 
 	return pli, nil
 }
@@ -12,7 +12,13 @@ import (
 // QueryTransactionRange queries a list of transactions from RPC server, and does necessary
 // crypto verifications.
 func (c *Client) QueryTransactionRange(ctx context.Context, start, limit uint64, withEvents bool) (*types.ProvenTransactionList, error) {
+	c.accMu.RLock()
+	frozenSubtreeRoots := cloneSubtrees(c.acc.FrozenSubtreeRoots)
+	numLeaves := c.acc.NumLeaves
+	c.accMu.RUnlock()
+
 	resp, err := c.ac.UpdateToLatestLedger(ctx, &pbtypes.UpdateToLatestLedgerRequest{
+		ClientKnownVersion: numLeaves - 1,
 		RequestedItems: []*pbtypes.RequestItem{
 			{
 				RequestedItems: &pbtypes.RequestItem_GetTransactionsRequest{
@@ -32,13 +38,10 @@ func (c *Client) QueryTransactionRange(ctx context.Context, start, limit uint64,
 	// b, err := json.MarshalIndent(resp, "", "    ")
 	// log.Printf("resp: %s", string(b))
 
-	li := &types.LedgerInfoWithSignatures{}
-	li.FromProto(resp.LedgerInfoWithSigs)
-	pli, err := li.Verify(c.verifier)
+	pli, err := c.verifyLedgerInfoAndConsistency(resp, numLeaves, frozenSubtreeRoots)
 	if err != nil {
-		return nil, fmt.Errorf("ledger info verification failed: %v", err)
+		return nil, err
 	}
-	// log.Printf("Ledger info: version %d, time %d", li.LedgerInfo.Version, li.LedgerInfo.TimestampUsec)
 
 	txnList := &types.TransactionListWithProof{}
 	err = txnList.FromProtoResponse(resp.ResponseItems[0].GetGetTransactionsResponse())
@@ -59,7 +62,13 @@ func (c *Client) QueryTransactionRange(ctx context.Context, start, limit uint64,
 // QueryTransactionByAccountSeq queries the transaction that is sent from a specific account at a specific sequence number,
 // and does necessary crypto verifications.
 func (c *Client) QueryTransactionByAccountSeq(ctx context.Context, addr types.AccountAddress, sequence uint64, withEvents bool) (*types.ProvenTransaction, error) {
+	c.accMu.RLock()
+	frozenSubtreeRoots := cloneSubtrees(c.acc.FrozenSubtreeRoots)
+	numLeaves := c.acc.NumLeaves
+	c.accMu.RUnlock()
+
 	resp, err := c.ac.UpdateToLatestLedger(ctx, &pbtypes.UpdateToLatestLedgerRequest{
+		ClientKnownVersion: numLeaves - 1,
 		RequestedItems: []*pbtypes.RequestItem{
 			{
 				RequestedItems: &pbtypes.RequestItem_GetAccountTransactionBySequenceNumberRequest{
@@ -79,13 +88,10 @@ func (c *Client) QueryTransactionByAccountSeq(ctx context.Context, addr types.Ac
 	// b, err := json.MarshalIndent(resp, "", "    ")
 	// log.Printf("resp: %s", string(b))
 
-	li := &types.LedgerInfoWithSignatures{}
-	li.FromProto(resp.LedgerInfoWithSigs)
-	pli, err := li.Verify(c.verifier)
+	pli, err := c.verifyLedgerInfoAndConsistency(resp, numLeaves, frozenSubtreeRoots)
 	if err != nil {
-		return nil, fmt.Errorf("ledger info verification failed: %v", err)
+		return nil, err
 	}
-	// log.Printf("Ledger info: version %d, time %d", li.LedgerInfo.Version, li.LedgerInfo.TimestampUsec)
 
 	resp1 := resp.ResponseItems[0].GetGetAccountTransactionBySequenceNumberResponse()
 	if resp1 == nil {
 
@@ -22,12 +22,10 @@ func cmdQueryLedgerInfo(ctx *cli.Context) error {
 		log.Fatal(err)
 	}
 	defer c.Close()
+	loadKnownVersion(c, KnownVersionFile)
+	defer saveKnownVersion(c, KnownVersionFile)
 
-	knownVersion, err := strconv.ParseUint(ctx.Args().Get(0), 10, 64)
-	if err != nil {
-		return err
-	}
-	ledgerInfo, err := c.QueryLedgerInfo(context.Background(), knownVersion)
+	ledgerInfo, err := c.QueryLedgerInfo(context.Background())
 	if err != nil {
 		return err
 	}
@@ -42,6 +40,8 @@ func cmdQueryAccountState(ctx *cli.Context) error {
 		log.Fatal(err)
 	}
 	defer c.Close()
+	loadKnownVersion(c, KnownVersionFile)
+	defer saveKnownVersion(c, KnownVersionFile)
 
 	wallet, err := LoadAccounts(WalletFile)
 	if err != nil {
@@ -88,6 +88,8 @@ func cmdQueryTransactionRange(ctx *cli.Context) error {
 		log.Fatal(err)
 	}
 	defer c.Close()
+	loadKnownVersion(c, KnownVersionFile)
+	defer saveKnownVersion(c, KnownVersionFile)
 
 	start, err := strconv.Atoi(ctx.Args().Get(0))
 	if err != nil {
@@ -118,6 +120,8 @@ func cmdQueryTransactionByAccountSeq(ctx *cli.Context) error {
 		log.Fatal(err)
 	}
 	defer c.Close()
+	loadKnownVersion(c, KnownVersionFile)
+	defer saveKnownVersion(c, KnownVersionFile)
 
 	wallet, err := LoadAccounts(WalletFile)
 	if err != nil {
@@ -149,6 +153,8 @@ func cmdQueryEvents(ctx *cli.Context) error {
 		log.Fatal(err)
 	}
 	defer c.Close()
+	loadKnownVersion(c, KnownVersionFile)
+	defer saveKnownVersion(c, KnownVersionFile)
 
 	wallet, err := LoadAccounts(WalletFile)
 	if err != nil {
 
@@ -18,6 +18,8 @@ func cmdTransfer(ctx *cli.Context) error {
 		log.Fatal(err)
 	}
 	defer c.Close()
+	loadKnownVersion(c, KnownVersionFile)
+	defer saveKnownVersion(c, KnownVersionFile)
 
 	wallet, err := LoadAccounts(WalletFile)
 	if err != nil {
 
@@ -0,0 +1,45 @@
+package main
+
+import (
+	"fmt"
+	"log"
+	"os"
+
+	"github.com/BurntSushi/toml"
+	"github.com/the729/go-libra/client"
+)
+
+type knownVersionState struct {
+	KnownVersion uint64   `toml:"known_version"`
+	Subtrees     [][]byte `toml:"subtrees"`
+}
+
+func loadKnownVersion(c *client.Client, filepath string) error {
+	v := &knownVersionState{}
+	_, err := toml.DecodeFile(filepath, v)
+	if err != nil {
+		return fmt.Errorf("toml decode file error: %v", err)
+	}
+	if len(v.Subtrees) == 0 {
+		return fmt.Errorf("empty subtree")
+	}
+	err = c.SetKnownVersion(v.KnownVersion, v.Subtrees)
+	if err != nil {
+		return fmt.Errorf("set accumulator error: %v", err)
+	}
+	return nil
+}
+
+func saveKnownVersion(c *client.Client, filepath string) error {
+	v := &knownVersionState{}
+	v.KnownVersion, v.Subtrees = c.GetKnownVersion()
+	f, err := os.Create(filepath)
+	if err != nil {
+		return fmt.Errorf("create file error: %v", err)
+	}
+	err = toml.NewEncoder(f).Encode(v)
+	if err != nil {
+		log.Printf("cannot encode toml file: %v", err)
+	}
+	return nil
+}
Original file line number	Diff line number	Diff line change
`@@ -18,6 +18,8 @@ func cmdTransfer(ctx *cli.Context) error {`
`18`	`18`	`log.Fatal(err)`
`19`	`19`	`}`
`20`	`20`	`defer c.Close()`
	`21`	`+ loadKnownVersion(c, KnownVersionFile)`
	`22`	`+ defer saveKnownVersion(c, KnownVersionFile)`
`21`	`23`
`22`	`24`	`wallet, err := LoadAccounts(WalletFile)`
`23`	`25`	`if err != nil {`