Fetch changes trie roots + CHT-based proof for these roots (#896)

* build CHT for changes tries roots * collect chnages tries roots proof in key_changes_proof * flush check_changes_proof * fixed compilation * LightDataChecker now has a ref to the blockchain * continue passing proofs * new light db tests * more CHT tests * more tests for key changes proof when headers are missing * lost files
2026-06-11 23:31:07 +00:00 · 2018-11-14 18:06:10 +03:00
parent 7f8ee0f53b
commit fa84cec382
19 changed files with 1035 additions and 313 deletions
@@ -23,6 +23,8 @@
 //! root has. A correct proof implies that the claimed block is identical to the one
 //! we discarded.

+use std::collections::HashSet;
+
 use hash_db;
 use heapsize::HeapSizeOf;
 use trie;
@@ -30,7 +32,8 @@ use trie;
 use primitives::{H256, convert_hash};
 use runtime_primitives::traits::{As, Header as HeaderT, SimpleArithmetic, One};
 use state_machine::backend::InMemory as InMemoryState;
-use state_machine::{prove_read, read_proof_check};
+use state_machine::{MemoryDB, TrieBackend, Backend as StateBackend,
+	prove_read_on_trie_backend, read_proof_check, read_proof_check_on_proving_backend};

 use error::{Error as ClientError, ErrorKind as ClientErrorKind, Result as ClientResult};

@@ -63,41 +66,48 @@ pub fn compute_root<Header, Hasher, I>(
 	cht_size: u64,
 	cht_num: Header::Number,
 	hashes: I,
-) -> Option<Hasher::Out>
+) -> ClientResult<Hasher::Out>
 	where
 		Header: HeaderT,
 		Hasher: hash_db::Hasher,
 		Hasher::Out: Ord,
-		I: IntoIterator<Item=Option<Header::Hash>>,
+		I: IntoIterator<Item=ClientResult<Option<Header::Hash>>>,
 {
-	build_pairs::<Header, I>(cht_size, cht_num, hashes)
-		.map(|pairs| trie::trie_root::<Hasher, _, _, _>(pairs))
+	Ok(trie::trie_root::<Hasher, _, _, _>(
+		build_pairs::<Header, I>(cht_size, cht_num, hashes)?
+	))
 }

 /// Build CHT-based header proof.
-pub fn build_proof<Header, Hasher, I>(
+pub fn build_proof<Header, Hasher, BlocksI, HashesI>(
 	cht_size: u64,
 	cht_num: Header::Number,
-	block_num: Header::Number,
-	hashes: I
-) -> Option<Vec<Vec<u8>>>
+	blocks: BlocksI,
+	hashes: HashesI
+) -> ClientResult<Vec<Vec<u8>>>
 	where
 		Header: HeaderT,
 		Hasher: hash_db::Hasher,
 		Hasher::Out: Ord + HeapSizeOf,
-		I: IntoIterator<Item=Option<Header::Hash>>,
+		BlocksI: IntoIterator<Item=Header::Number>,
+		HashesI: IntoIterator<Item=ClientResult<Option<Header::Hash>>>,
 {
-	let transaction = build_pairs::<Header, I>(cht_size, cht_num, hashes)?
+	let transaction = build_pairs::<Header, _>(cht_size, cht_num, hashes)?
 		.into_iter()
 		.map(|(k, v)| (None, k, Some(v)))
 		.collect::<Vec<_>>();
 	let storage = InMemoryState::<Hasher>::default().update(transaction);
-	let (value, proof) = prove_read(storage, &encode_cht_key(block_num)).ok()?;
-	if value.is_none() {
-		None
-	} else {
-		Some(proof)
+	let trie_storage = storage.try_into_trie_backend()
+		.expect("InMemoryState::try_into_trie_backend always returns Some; qed");
+	let mut total_proof = HashSet::new();
+	for block in blocks.into_iter() {
+		debug_assert_eq!(block_to_cht_number(cht_size, block), Some(cht_num));
+
+		let (value, proof) = prove_read_on_trie_backend(&trie_storage, &encode_cht_key(block))?;
+		assert!(value.is_some(), "we have just built trie that includes the value for block");
+		total_proof.extend(proof);
 	}
+	Ok(total_proof.into_iter().collect())
 }

 /// Check CHT-based header proof.
@@ -109,20 +119,104 @@ pub fn check_proof<Header, Hasher>(
 ) -> ClientResult<()>
 	where
 		Header: HeaderT,
-		Header::Hash: AsRef<[u8]>,
 		Hasher: hash_db::Hasher,
 		Hasher::Out: Ord + HeapSizeOf,
+{
+	do_check_proof::<Header, Hasher, _>(local_root, local_number, remote_hash, move |local_root, local_cht_key|
+		read_proof_check::<Hasher>(local_root, remote_proof,
+			local_cht_key).map_err(|e| ClientError::from(e)))
+}
+
+/// Check CHT-based header proof on pre-created proving backend.
+pub fn check_proof_on_proving_backend<Header, Hasher>(
+	local_root: Header::Hash,
+	local_number: Header::Number,
+	remote_hash: Header::Hash,
+	proving_backend: &TrieBackend<MemoryDB<Hasher>, Hasher>,
+) -> ClientResult<()>
+	where
+		Header: HeaderT,
+		Hasher: hash_db::Hasher,
+		Hasher::Out: Ord + HeapSizeOf,
+{
+	do_check_proof::<Header, Hasher, _>(local_root, local_number, remote_hash, |_, local_cht_key|
+		read_proof_check_on_proving_backend::<Hasher>(
+			proving_backend, local_cht_key).map_err(|e| ClientError::from(e)))
+}
+
+/// Check CHT-based header proof using passed checker function.
+fn do_check_proof<Header, Hasher, F>(
+	local_root: Header::Hash,
+	local_number: Header::Number,
+	remote_hash: Header::Hash,
+	checker: F,
+) -> ClientResult<()>
+	where
+		Header: HeaderT,
+		Hasher: hash_db::Hasher,
+		Hasher::Out: Ord + HeapSizeOf,
+		F: FnOnce(Hasher::Out, &[u8]) -> ClientResult<Option<Vec<u8>>>,
 {
 	let root: Hasher::Out = convert_hash(&local_root);
 	let local_cht_key = encode_cht_key(local_number);
-	let local_cht_value = read_proof_check::<Hasher>(root, remote_proof,
-		&local_cht_key).map_err(|e| ClientError::from(e))?;
-	let local_cht_value = local_cht_value.ok_or_else(|| ClientErrorKind::InvalidHeaderProof)?;
-	let local_hash = decode_cht_value(&local_cht_value).ok_or_else(|| ClientErrorKind::InvalidHeaderProof)?;
+	let local_cht_value = checker(root, &local_cht_key)?;
+	let local_cht_value = local_cht_value.ok_or_else(|| ClientErrorKind::InvalidCHTProof)?;
+	let local_hash = decode_cht_value(&local_cht_value).ok_or_else(|| ClientErrorKind::InvalidCHTProof)?;
 	match &local_hash[..] == remote_hash.as_ref() {
 		true => Ok(()),
-		false => Err(ClientErrorKind::InvalidHeaderProof.into()),
+		false => Err(ClientErrorKind::InvalidCHTProof.into()),
 	}
+
+}
+
+/// Group ordered blocks by CHT number and call functor with blocks of each group.
+pub fn for_each_cht_group<Header, I, F, P>(
+	cht_size: u64,
+	blocks: I,
+	mut functor: F,
+	mut functor_param: P,
+) -> ClientResult<()>
+	where
+		Header: HeaderT,
+		I: IntoIterator<Item=Header::Number>,
+		F: FnMut(P, Header::Number, Vec<Header::Number>) -> ClientResult<P>,
+{
+	let mut current_cht_num = None;
+	let mut current_cht_blocks = Vec::new();
+	for block in blocks {
+		let new_cht_num = match block_to_cht_number(cht_size, block.as_()) {
+			Some(new_cht_num) => new_cht_num,
+			None => return Err(ClientErrorKind::Backend(format!(
+				"Cannot compute CHT root for the block #{}", block)).into()
+			),
+		};
+
+		let advance_to_next_cht = current_cht_num.is_some() && current_cht_num != Some(new_cht_num);
+		if advance_to_next_cht {
+			let current_cht_num = current_cht_num.expect("advance_to_next_cht is true;
+				it is true only when current_cht_num is Some; qed");
+			assert!(new_cht_num > current_cht_num, "for_each_cht_group only supports ordered iterators");
+
+			functor_param = functor(
+				functor_param,
+				As::sa(current_cht_num),
+				::std::mem::replace(&mut current_cht_blocks, Vec::new()),
+			)?;
+		}
+
+		current_cht_blocks.push(block);
+		current_cht_num = Some(new_cht_num);
+	}
+
+	if let Some(current_cht_num) = current_cht_num {
+		functor(
+			functor_param,
+			As::sa(current_cht_num),
+			::std::mem::replace(&mut current_cht_blocks, Vec::new()),
+		)?;
+	}
+
+	Ok(())
 }

 /// Build pairs for computing CHT.
@@ -130,26 +224,29 @@ fn build_pairs<Header, I>(
 	cht_size: u64,
 	cht_num: Header::Number,
 	hashes: I
-) -> Option<Vec<(Vec<u8>, Vec<u8>)>>
+) -> ClientResult<Vec<(Vec<u8>, Vec<u8>)>>
 	where
 		Header: HeaderT,
-		I: IntoIterator<Item=Option<Header::Hash>>,
+		I: IntoIterator<Item=ClientResult<Option<Header::Hash>>>,
 {
 	let start_num = start_number(cht_size, cht_num);
 	let mut pairs = Vec::new();
 	let mut hash_number = start_num;
 	for hash in hashes.into_iter().take(cht_size as usize) {
-		pairs.push(hash.map(|hash| (
+		let hash = hash?.ok_or_else(|| ClientError::from(
+			ClientErrorKind::MissingHashRequiredForCHT(cht_num.as_(), hash_number.as_())
+		))?;
+		pairs.push((
 			encode_cht_key(hash_number).to_vec(),
 			encode_cht_value(hash)
-		))?);
+		));
 		hash_number += Header::Number::one();
 	}

 	if pairs.len() as u64 == cht_size {
-		Some(pairs)
+		Ok(pairs)
 	} else {
-		None
+		Err(ClientErrorKind::MissingHashRequiredForCHT(cht_num.as_(), hash_number.as_()).into())
 	}
 }

@@ -241,30 +338,59 @@ mod tests {

 	#[test]
 	fn build_pairs_fails_when_no_enough_blocks() {
-		assert!(build_pairs::<Header, _>(SIZE, 0, vec![Some(1.into()); SIZE as usize / 2]).is_none());
+		assert!(build_pairs::<Header, _>(SIZE, 0,
+			::std::iter::repeat_with(|| Ok(Some(1.into()))).take(SIZE as usize / 2)).is_err());
 	}

 	#[test]
 	fn build_pairs_fails_when_missing_block() {
-		assert!(build_pairs::<Header, _>(SIZE, 0, ::std::iter::repeat(Some(1.into())).take(SIZE as usize / 2)
-			.chain(::std::iter::once(None))
-			.chain(::std::iter::repeat(Some(2.into())).take(SIZE as usize / 2 - 1))).is_none());
+		assert!(build_pairs::<Header, _>(SIZE, 0, ::std::iter::repeat_with(|| Ok(Some(1.into()))).take(SIZE as usize / 2)
+			.chain(::std::iter::once(Ok(None)))
+			.chain(::std::iter::repeat_with(|| Ok(Some(2.into()))).take(SIZE as usize / 2 - 1))).is_err());
 	}

 	#[test]
 	fn compute_root_works() {
-		assert!(compute_root::<Header, Blake2Hasher, _>(SIZE, 42, vec![Some(1.into()); SIZE as usize]).is_some());
+		assert!(compute_root::<Header, Blake2Hasher, _>(SIZE, 42,
+			::std::iter::repeat_with(|| Ok(Some(1.into()))).take(SIZE as usize)).is_ok());
 	}

 	#[test]
-	fn build_proof_fails_when_querying_wrong_block() {
-		assert!(build_proof::<Header, Blake2Hasher, _>(
-			SIZE, 0, (SIZE * 1000) as u64, vec![Some(1.into()); SIZE as usize]).is_none());
+	#[should_panic]
+	fn build_proof_panics_when_querying_wrong_block() {
+		assert!(build_proof::<Header, Blake2Hasher, _, _>(
+			SIZE, 0, vec![(SIZE * 1000) as u64],
+				::std::iter::repeat_with(|| Ok(Some(1.into()))).take(SIZE as usize)).is_err());
 	}

 	#[test]
 	fn build_proof_works() {
-		assert!(build_proof::<Header, Blake2Hasher, _>(
-			SIZE, 0, (SIZE / 2) as u64, vec![Some(1.into()); SIZE as usize]).is_some());
+		assert!(build_proof::<Header, Blake2Hasher, _, _>(
+			SIZE, 0, vec![(SIZE / 2) as u64],
+				::std::iter::repeat_with(|| Ok(Some(1.into()))).take(SIZE as usize)).is_ok());
+	}
+
+	#[test]
+	#[should_panic]
+	fn for_each_cht_group_panics() {
+		let _ = for_each_cht_group::<Header, _, _, _>(SIZE, vec![SIZE * 5, SIZE * 2], |_, _, _| Ok(()), ());
+	}
+
+	#[test]
+	fn for_each_cht_group_works() {
+		let _ = for_each_cht_group::<Header, _, _, _>(SIZE, vec![
+			SIZE * 2 + 1, SIZE * 2 + 2, SIZE * 2 + 5,
+			SIZE * 4 + 1, SIZE * 4 + 7,
+			SIZE * 6 + 1
+		], |_, cht_num, blocks| {
+			match cht_num {
+				2 => assert_eq!(blocks, vec![SIZE * 2 + 1, SIZE * 2 + 2, SIZE * 2 + 5]),
+				4 => assert_eq!(blocks, vec![SIZE * 4 + 1, SIZE * 4 + 7]),
+				6 => assert_eq!(blocks, vec![SIZE * 6 + 1]),
+				_ => unreachable!(),
+			}
+
+			Ok(())
+		}, ());
 	}
 }
@@ -16,7 +16,7 @@

 //! Substrate Client

-use std::{marker::PhantomData, sync::Arc};
+use std::{marker::PhantomData, collections::{HashSet, BTreeMap}, sync::Arc};
 use error::Error;
 use futures::sync::mpsc;
 use parking_lot::{Mutex, RwLock};
@@ -29,7 +29,7 @@ use runtime_primitives::{
 use consensus::{ImportBlock, ImportResult, BlockOrigin};
 use runtime_primitives::traits::{
 	Block as BlockT, Header as HeaderT, Zero, As, NumberFor, CurrentHeight, BlockNumberToHash,
-	ApiRef, ProvideRuntimeApi
+	ApiRef, ProvideRuntimeApi, Digest, DigestItem,
 };
 use runtime_primitives::BuildStorage;
 use runtime_api::{Core as CoreAPI, CallApiAt, TaggedTransactionQueue, ConstructRuntimeApi};
@@ -38,8 +38,9 @@ use primitives::storage::{StorageKey, StorageData};
 use primitives::storage::well_known_keys;
 use codec::Decode;
 use state_machine::{
-	Backend as StateBackend, CodeExecutor, ChangesTrieAnchorBlockId,
+	DBValue, Backend as StateBackend, CodeExecutor, ChangesTrieAnchorBlockId,
 	ExecutionStrategy, ExecutionManager, prove_read,
+	ChangesTrieRootsStorage, ChangesTrieStorage,
 	key_changes, key_changes_proof, OverlayedChanges
 };
 use codec::Encode;
@@ -49,6 +50,7 @@ use blockchain::{self, Info as ChainInfo, Backend as ChainBackend, HeaderBackend
 use call_executor::{CallExecutor, LocalCallExecutor};
 use executor::{RuntimeVersion, RuntimeInfo};
 use notifications::{StorageNotifications, StorageEventStream};
+use light::fetcher::ChangesProof;
 use {cht, error, in_mem, block_builder::{self, api::BlockBuilder as BlockBuilderAPI}, genesis, consensus};

 /// Type that implements `futures::Stream` of block import events.
@@ -366,9 +368,8 @@ impl<B, E, Block, RA> Client<B, E, Block, RA> where
 		let block_num = *header.number();
 		let cht_num = cht::block_to_cht_number(cht_size, block_num).ok_or_else(proof_error)?;
 		let cht_start = cht::start_number(cht_size, cht_num);
-		let headers = (cht_start.as_()..).map(|num| self.block_hash(As::sa(num)).unwrap_or_default());
-		let proof = cht::build_proof::<Block::Header, Blake2Hasher, _>(cht_size, cht_num, block_num, headers)
-			.ok_or_else(proof_error)?;
+		let headers = (cht_start.as_()..).map(|num| self.block_hash(As::sa(num)));
+		let proof = cht::build_proof::<Block::Header, Blake2Hasher, _, _>(cht_size, cht_num, ::std::iter::once(block_num), headers)?;
 		Ok((header, proof))
 	}

@@ -402,6 +403,8 @@ impl<B, E, Block, RA> Client<B, E, Block, RA> where
 	}

 	/// Get proof for computation of (block, extrinsic) pairs where key has been changed at given blocks range.
+	/// `min` is the hash of the first block, which changes trie root is known to the requester - when we're using
+	/// changes tries from ascendants of this block, we should provide proofs for changes tries roots
 	/// `max` is the hash of the last block known to the requester - we can't use changes tries from descendants
 	/// of this block.
 	/// Works only for runtimes that are supporting changes tries.
@@ -409,9 +412,57 @@ impl<B, E, Block, RA> Client<B, E, Block, RA> where
 		&self,
 		first: Block::Hash,
 		last: Block::Hash,
+		min: Block::Hash,
 		max: Block::Hash,
 		key: &[u8]
-	) -> error::Result<(NumberFor<Block>, Vec<Vec<u8>>)> {
+	) -> error::Result<ChangesProof<Block::Header>> {
+		self.key_changes_proof_with_cht_size(
+			first,
+			last,
+			min,
+			max,
+			key,
+			cht::SIZE,
+		)
+	}
+
+	/// Does the same work as `key_changes_proof`, but assumes that CHTs are of passed size.
+	pub fn key_changes_proof_with_cht_size(
+		&self,
+		first: Block::Hash,
+		last: Block::Hash,
+		min: Block::Hash,
+		max: Block::Hash,
+		key: &[u8],
+		cht_size: u64,
+	) -> error::Result<ChangesProof<Block::Header>> {
+		struct AccessedRootsRecorder<'a, Block: BlockT> {
+			storage: &'a ChangesTrieStorage<Blake2Hasher>,
+			min: u64,
+			required_roots_proofs: Mutex<BTreeMap<NumberFor<Block>, H256>>,
+		};
+
+		impl<'a, Block: BlockT> ChangesTrieRootsStorage<Blake2Hasher> for AccessedRootsRecorder<'a, Block> {
+			fn root(&self, anchor: &ChangesTrieAnchorBlockId<H256>, block: u64) -> Result<Option<H256>, String> {
+				let root = self.storage.root(anchor, block)?;
+				if block < self.min {
+					if let Some(ref root) = root {
+						self.required_roots_proofs.lock().insert(
+							As::sa(block),
+							root.clone()
+						);
+					}
+				}
+				Ok(root)
+			}
+		}
+
+		impl<'a, Block: BlockT> ChangesTrieStorage<Blake2Hasher> for AccessedRootsRecorder<'a, Block> {
+			fn get(&self, key: &H256) -> Result<Option<DBValue>, String> {
+				self.storage.get(key)
+			}
+		}
+
 		let config = self.changes_trie_config.as_ref();
 		let storage = self.backend.changes_trie_storage();
 		let (config, storage) = match (config, storage) {
@@ -419,22 +470,76 @@ impl<B, E, Block, RA> Client<B, E, Block, RA> where
 			_ => return Err(error::ErrorKind::ChangesTriesNotSupported.into()),
 		};

+		let min_number = self.require_block_number_from_id(&BlockId::Hash(min))?;
+		let recording_storage = AccessedRootsRecorder::<Block> {
+			storage,
+			min: min_number.as_(),
+			required_roots_proofs: Mutex::new(BTreeMap::new()),
+		};
+
 		let max_number = ::std::cmp::min(
 			self.backend.blockchain().info()?.best_number,
 			self.require_block_number_from_id(&BlockId::Hash(max))?,
 		);
-		key_changes_proof::<_, Blake2Hasher>(
+
+		// fetch key changes proof
+		let key_changes_proof = key_changes_proof::<_, Blake2Hasher>(
 			config,
-			storage,
+			&recording_storage,
 			self.require_block_number_from_id(&BlockId::Hash(first))?.as_(),
 			&ChangesTrieAnchorBlockId {
 				hash: convert_hash(&last),
 				number: self.require_block_number_from_id(&BlockId::Hash(last))?.as_(),
 			},
 			max_number.as_(),
-			key)
-		.map_err(|err| error::ErrorKind::ChangesTrieAccessFailed(err).into())
-		.map(|proof| (max_number, proof))
+			key
+		)
+		.map_err(|err| error::Error::from(error::ErrorKind::ChangesTrieAccessFailed(err)))?;
+
+		// now gather proofs for all changes tries roots that were touched during key_changes_proof
+		// execution AND are unknown (i.e. replaced with CHT) to the requester
+		let roots = recording_storage.required_roots_proofs.into_inner();
+		let roots_proof = self.changes_trie_roots_proof(cht_size, roots.keys().cloned())?;
+
+		Ok(ChangesProof {
+			max_block: max_number,
+			proof: key_changes_proof,
+			roots: roots.into_iter().map(|(n, h)| (n, convert_hash(&h))).collect(),
+			roots_proof,
+		})
+	}
+
+	/// Generate CHT-based proof for roots of changes tries at given blocks.
+	fn changes_trie_roots_proof<I: IntoIterator<Item=NumberFor<Block>>>(
+		&self,
+		cht_size: u64,
+		blocks: I
+	) -> error::Result<Vec<Vec<u8>>> {
+		// most probably we have touched several changes tries that are parts of the single CHT
+		// => GroupBy changes tries by CHT number and then gather proof for the whole group at once
+		let mut proof = HashSet::new();
+
+		cht::for_each_cht_group::<Block::Header, _, _, _>(cht_size, blocks, |_, cht_num, cht_blocks| {
+			let cht_proof = self.changes_trie_roots_proof_at_cht(cht_size, cht_num, cht_blocks)?;
+			proof.extend(cht_proof);
+			Ok(())
+		}, ())?;
+
+		Ok(proof.into_iter().collect())
+	}
+
+	/// Generates CHT-based proof for roots of changes tries at given blocks (that are part of single CHT).
+	fn changes_trie_roots_proof_at_cht(
+		&self,
+		cht_size: u64,
+		cht_num: NumberFor<Block>,
+		blocks: Vec<NumberFor<Block>>
+	) -> error::Result<Vec<Vec<u8>>> {
+		let cht_start = cht::start_number(cht_size, cht_num);
+		let roots = (cht_start.as_()..).map(|num| self.header(&BlockId::Number(As::sa(num)))
+			.map(|block| block.and_then(|block| block.digest().log(DigestItem::as_changes_trie_root).cloned())));
+		let proof = cht::build_proof::<Block::Header, Blake2Hasher, _, _>(cht_size, cht_num, blocks, roots)?;
+		Ok(proof)
 	}

 	/// Create a new block, built on the head of the chain.
@@ -1097,7 +1202,7 @@ pub(crate) mod tests {
 	use super::*;
 	use keyring::Keyring;
 	use primitives::twox_128;
-	use runtime_primitives::traits::{Digest as DigestT, DigestItem as DigestItemT};
+	use runtime_primitives::traits::DigestItem as DigestItemT;
 	use runtime_primitives::generic::DigestItem;
 	use test_client::{self, TestClient};
 	use consensus::BlockOrigin;
@@ -88,8 +88,8 @@ error_chain! {
 			display("This method is not currently available when running in light client mode"),
 		}

-		/// Invalid remote header proof.
-		InvalidHeaderProof {
+		/// Invalid remote CHT-based proof.
+		InvalidCHTProof {
 			description("invalid header proof"),
 			display("Remote node has responded with invalid header proof"),
 		}
@@ -135,6 +135,12 @@ error_chain! {
 			description("Potential long-range attack: block not in finalized chain."),
 			display("Potential long-range attack: block not in finalized chain."),
 		}
+
+		/// Hash that is required for building CHT is missing.
+		MissingHashRequiredForCHT(cht_num: u64, block_number: u64) {
+			description("missed hash required for building CHT"),
+			display("Failed to get hash of block#{} for building CHT#{}", block_number, cht_num),
+		}
 	}
 }

@@ -94,7 +94,8 @@ struct BlockchainStorage<Block: BlockT> {
 	finalized_hash: Block::Hash,
 	finalized_number: NumberFor<Block>,
 	genesis_hash: Block::Hash,
-	cht_roots: HashMap<NumberFor<Block>, Block::Hash>,
+	header_cht_roots: HashMap<NumberFor<Block>, Block::Hash>,
+	changes_trie_cht_roots: HashMap<NumberFor<Block>, Block::Hash>,
 	leaves: LeafSet<Block::Hash, NumberFor<Block>>,
 }

@@ -142,7 +143,8 @@ impl<Block: BlockT> Blockchain<Block> {
 				finalized_hash: Default::default(),
 				finalized_number: Zero::zero(),
 				genesis_hash: Default::default(),
-				cht_roots: HashMap::new(),
+				header_cht_roots: HashMap::new(),
+				changes_trie_cht_roots: HashMap::new(),
 				leaves: LeafSet::new(),
 			}));
 		Blockchain {
@@ -233,9 +235,9 @@ impl<Block: BlockT> Blockchain<Block> {
 			&& this.genesis_hash == other.genesis_hash
 	}

-	/// Insert CHT root.
+	/// Insert header CHT root.
 	pub fn insert_cht_root(&self, block: NumberFor<Block>, cht_root: Block::Hash) {
-		self.storage.write().cht_roots.insert(block, cht_root);
+		self.storage.write().header_cht_roots.insert(block, cht_root);
 	}

 	fn finalize_header(&self, id: BlockId<Block>) -> error::Result<()> {
@@ -339,9 +341,14 @@ impl<Block: BlockT> light::blockchain::Storage<Block> for Blockchain<Block>
 		Blockchain::finalize_header(self, id)
 	}

-	fn cht_root(&self, _cht_size: u64, block: NumberFor<Block>) -> error::Result<Block::Hash> {
-		self.storage.read().cht_roots.get(&block).cloned()
-			.ok_or_else(|| error::ErrorKind::Backend(format!("CHT for block {} not exists", block)).into())
+	fn header_cht_root(&self, _cht_size: u64, block: NumberFor<Block>) -> error::Result<Block::Hash> {
+		self.storage.read().header_cht_roots.get(&block).cloned()
+			.ok_or_else(|| error::ErrorKind::Backend(format!("Header CHT for block {} not exists", block)).into())
+	}
+
+	fn changes_trie_cht_root(&self, _cht_size: u64, block: NumberFor<Block>) -> error::Result<Block::Hash> {
+		self.storage.read().changes_trie_cht_roots.get(&block).cloned()
+			.ok_or_else(|| error::ErrorKind::Backend(format!("Changes trie CHT for block {} not exists", block)).into())
 	}

 	fn cache(&self) -> Option<&blockchain::Cache<Block>> {
@@ -48,8 +48,11 @@ pub trait Storage<Block: BlockT>: BlockchainHeaderBackend<Block> {
 	/// Get last finalized header.
 	fn last_finalized(&self) -> ClientResult<Block::Hash>;

-	/// Get CHT root for given block. Fails if the block is not pruned (not a part of any CHT).
-	fn cht_root(&self, cht_size: u64, block: NumberFor<Block>) -> ClientResult<Block::Hash>;
+	/// Get headers CHT root for given block. Fails if the block is not pruned (not a part of any CHT).
+	fn header_cht_root(&self, cht_size: u64, block: NumberFor<Block>) -> ClientResult<Block::Hash>;
+
+	/// Get changes trie CHT root for given block. Fails if the block is not pruned (not a part of any CHT).
+	fn changes_trie_cht_root(&self, cht_size: u64, block: NumberFor<Block>) -> ClientResult<Block::Hash>;

 	/// Get storage cache.
 	fn cache(&self) -> Option<&BlockchainCache<Block>>;
@@ -106,7 +109,7 @@ impl<S, F, Block> BlockchainHeaderBackend<Block> for Blockchain<S, F> where Bloc

 				self.fetcher().upgrade().ok_or(ClientErrorKind::NotAvailableOnLightClient)?
 					.remote_header(RemoteHeaderRequest {
-						cht_root: self.storage.cht_root(cht::SIZE, number)?,
+						cht_root: self.storage.header_cht_root(cht::SIZE, number)?,
 						block: number,
 						retry_count: None,
 					})
@@ -155,3 +158,84 @@ impl<S, F, Block> BlockchainBackend<Block> for Blockchain<S, F> where Block: Blo
 		unimplemented!()
 	}
 }
+
+#[cfg(test)]
+pub mod tests {
+	use std::collections::HashMap;
+	use test_client::runtime::{Hash, Block, Header};
+	use blockchain::Info;
+	use light::fetcher::tests::OkCallFetcher;
+	use super::*;
+
+	pub type DummyBlockchain = Blockchain<DummyStorage, OkCallFetcher>;
+
+	pub struct DummyStorage {
+		pub changes_tries_cht_roots: HashMap<u64, Hash>,
+	}
+
+	impl DummyStorage {
+		pub fn new() -> Self {
+			DummyStorage {
+				changes_tries_cht_roots: HashMap::new(),
+			}
+		}
+	}
+
+	impl BlockchainHeaderBackend<Block> for DummyStorage {
+		fn header(&self, _id: BlockId<Block>) -> ClientResult<Option<Header>> {
+			Err(ClientErrorKind::Backend("Test error".into()).into())
+		}
+
+		fn info(&self) -> ClientResult<Info<Block>> {
+			Err(ClientErrorKind::Backend("Test error".into()).into())
+		}
+
+		fn status(&self, _id: BlockId<Block>) -> ClientResult<BlockStatus> {
+			Err(ClientErrorKind::Backend("Test error".into()).into())
+		}
+
+		fn number(&self, _hash: Hash) -> ClientResult<Option<NumberFor<Block>>> {
+			Err(ClientErrorKind::Backend("Test error".into()).into())
+		}
+
+		fn hash(&self, _number: u64) -> ClientResult<Option<Hash>> {
+			Err(ClientErrorKind::Backend("Test error".into()).into())
+		}
+	}
+
+	impl Storage<Block> for DummyStorage {
+		fn import_header(
+			&self,
+			_header: Header,
+			_authorities: Option<Vec<AuthorityId>>,
+			_state: NewBlockState,
+		) -> ClientResult<()> {
+			Err(ClientErrorKind::Backend("Test error".into()).into())
+		}
+
+		fn finalize_header(&self, _block: BlockId<Block>) -> ClientResult<()> {
+			Err(ClientErrorKind::Backend("Test error".into()).into())
+		}
+
+		fn last_finalized(&self) -> ClientResult<Hash> {
+			Err(ClientErrorKind::Backend("Test error".into()).into())
+		}
+
+		fn header_cht_root(&self, _cht_size: u64, _block: u64) -> ClientResult<Hash> {
+			Err(ClientErrorKind::Backend("Test error".into()).into())
+		}
+
+		fn changes_trie_cht_root(&self, cht_size: u64, block: u64) -> ClientResult<Hash> {
+			cht::block_to_cht_number(cht_size, block)
+				.and_then(|cht_num| self.changes_tries_cht_roots.get(&cht_num))
+				.cloned()
+				.ok_or_else(|| ClientErrorKind::Backend(
+					format!("Test error: CHT for block #{} not found", block)
+				).into())
+		}
+
+		fn cache(&self) -> Option<&BlockchainCache<Block>> {
+			None
+		}
+	}
+}
@@ -16,19 +16,22 @@

 //! Light client data fetcher. Fetches requested data from remote full nodes.

+use std::sync::Arc;
+use std::collections::BTreeMap;
 use std::marker::PhantomData;
 use futures::IntoFuture;

-use hash_db::Hasher;
+use hash_db::{HashDB, Hasher};
 use heapsize::HeapSizeOf;
 use primitives::{ChangesTrieConfiguration, convert_hash};
 use runtime_primitives::traits::{As, Block as BlockT, Header as HeaderT, NumberFor};
 use state_machine::{CodeExecutor, ChangesTrieRootsStorage, ChangesTrieAnchorBlockId,
-	read_proof_check, key_changes_proof_check};
+	TrieBackend, read_proof_check, key_changes_proof_check, create_proof_check_backend_storage};

 use call_executor::CallResult;
 use cht;
 use error::{Error as ClientError, ErrorKind as ClientErrorKind, Result as ClientResult};
+use light::blockchain::{Blockchain, Storage as BlockchainStorage};
 use light::call_executor::check_execution_proof;

 /// Remote call request.
@@ -83,15 +86,30 @@ pub struct RemoteChangesRequest<Header: HeaderT> {
 	/// Only use digests from blocks up to this hash. Should be last_block OR come
 	/// after this block and be the part of the same fork.
 	pub max_block: (Header::Number, Header::Hash),
-	// TODO: get rid of this + preserve change_trie_roots when replacing headers with CHT!!!
-	/// Changes trie roots for the range of blocks [first_block..max_block].
-	pub tries_roots: Vec<Header::Hash>,
+	/// Known changes trie roots for the range of blocks [tries_roots.0..max_block].
+	/// Proofs for roots of ascendants of tries_roots.0 are provided by the remote node.
+	pub tries_roots: (Header::Number, Header::Hash, Vec<Header::Hash>),
 	/// Storage key to read.
 	pub key: Vec<u8>,
 	/// Number of times to retry request. None means that default RETRY_COUNT is used.
 	pub retry_count: Option<usize>,
 }

+/// Key changes read proof.
+#[derive(Debug, PartialEq, Eq)]
+pub struct ChangesProof<Header: HeaderT> {
+	/// Max block that has been used in changes query.
+	pub max_block: Header::Number,
+	/// All touched nodes of all changes tries.
+	pub proof: Vec<Vec<u8>>,
+	/// All changes tries roots that have been touched AND are missing from
+	/// the requester' node. It is a map of block number => changes trie root.
+	pub roots: BTreeMap<Header::Number, Header::Hash>,
+	/// The proofs for all changes tries roots that have been touched AND are
+	/// missing from the requester' node. It is a map of CHT number => proof.
+	pub roots_proof: Vec<Vec<u8>>,
+}
+
 /// Light client data fetcher. Implementations of this trait must check if remote data
 /// is correct (see FetchedDataChecker) and return already checked data.
 pub trait Fetcher<Block: BlockT>: Send + Sync {
@@ -117,8 +135,8 @@ pub trait Fetcher<Block: BlockT>: Send + Sync {

 /// Light client remote data checker.
 ///
-/// Implementations of this trait should not use any blockchain data except that is
-/// passed to its methods.
+/// Implementations of this trait should not use any prunable blockchain data
+/// except that is passed to its methods.
 pub trait FetchChecker<Block: BlockT>: Send + Sync {
 	/// Check remote header proof.
 	fn check_header_proof(
@@ -143,32 +161,158 @@ pub trait FetchChecker<Block: BlockT>: Send + Sync {
 	fn check_changes_proof(
 		&self,
 		request: &RemoteChangesRequest<Block::Header>,
-		remote_max: NumberFor<Block>,
-		remote_proof: Vec<Vec<u8>>
+		proof: ChangesProof<Block::Header>
 	) -> ClientResult<Vec<(NumberFor<Block>, u32)>>;
 }

 /// Remote data checker.
-pub struct LightDataChecker<E, H> {
+pub struct LightDataChecker<E, H, B: BlockT, S: BlockchainStorage<B>, F> {
+	blockchain: Arc<Blockchain<S, F>>,
 	executor: E,
-	_hasher: PhantomData<H>,
+	_hasher: PhantomData<(B, H)>,
 }

-impl<E, H> LightDataChecker<E, H> {
+impl<E, H, B: BlockT, S: BlockchainStorage<B>, F> LightDataChecker<E, H, B, S, F> {
 	/// Create new light data checker.
-	pub fn new(executor: E) -> Self {
+	pub fn new(blockchain: Arc<Blockchain<S, F>>, executor: E) -> Self {
 		Self {
-			executor, _hasher: PhantomData
+			blockchain, executor, _hasher: PhantomData
 		}
 	}
+
+	/// Check remote changes query proof assuming that CHT-s are of given size.
+	fn check_changes_proof_with_cht_size(
+		&self,
+		request: &RemoteChangesRequest<B::Header>,
+		remote_proof: ChangesProof<B::Header>,
+		cht_size: u64,
+	) -> ClientResult<Vec<(NumberFor<B>, u32)>>
+		where
+			H: Hasher,
+			H::Out: Ord + HeapSizeOf,
+	{
+		// since we need roots of all changes tries for the range begin..max
+		// => remote node can't use max block greater that one that we have passed
+		if remote_proof.max_block > request.max_block.0 || remote_proof.max_block < request.last_block.0 {
+			return Err(ClientErrorKind::ChangesTrieAccessFailed(format!(
+				"Invalid max_block used by the remote node: {}. Local: {}..{}..{}",
+				remote_proof.max_block, request.first_block.0, request.last_block.0, request.max_block.0,
+			)).into());
+		}
+
+		// check if remote node has responded with extra changes trie roots proofs
+		// all changes tries roots must be in range [request.first_block.0; request.tries_roots.0)
+		let is_extra_first_root = remote_proof.roots.keys().next()
+			.map(|first_root| *first_root < request.first_block.0
+				|| *first_root >= request.tries_roots.0)
+			.unwrap_or(false);
+		let is_extra_last_root = remote_proof.roots.keys().next_back()
+			.map(|last_root| *last_root >= request.tries_roots.0)
+			.unwrap_or(false);
+		if is_extra_first_root || is_extra_last_root {
+			return Err(ClientErrorKind::ChangesTrieAccessFailed(format!(
+				"Extra changes tries roots proofs provided by the remote node: [{:?}..{:?}]. Expected in range: [{}; {})",
+				remote_proof.roots.keys().next(), remote_proof.roots.keys().next_back(),
+				request.first_block.0, request.tries_roots.0,
+			)).into());
+		}
+
+		// if request has been composed when some required headers were already pruned
+		// => remote node has sent us CHT-based proof of required changes tries roots
+		// => check that this proof is correct before proceeding with changes proof
+		let remote_max_block = remote_proof.max_block;
+		let remote_roots = remote_proof.roots;
+		let remote_roots_proof = remote_proof.roots_proof;
+		let remote_proof = remote_proof.proof;
+		if !remote_roots.is_empty() {
+			self.check_changes_tries_proof(
+				cht_size,
+				&remote_roots,
+				remote_roots_proof,
+			)?;
+		}
+
+		// and now check the key changes proof + get the changes
+		key_changes_proof_check::<_, H>(
+			&request.changes_trie_config,
+			&RootsStorage {
+				roots: (request.tries_roots.0, &request.tries_roots.2),
+				prev_roots: remote_roots,
+			},
+			remote_proof,
+			request.first_block.0.as_(),
+			&ChangesTrieAnchorBlockId {
+				hash: convert_hash(&request.last_block.1),
+				number: request.last_block.0.as_(),
+			},
+			remote_max_block.as_(),
+			&request.key)
+		.map(|pairs| pairs.into_iter().map(|(b, x)| (As::sa(b), x)).collect())
+		.map_err(|err| ClientErrorKind::ChangesTrieAccessFailed(err).into())
+	}
+
+	/// Check CHT-based proof for changes tries roots.
+	fn check_changes_tries_proof(
+		&self,
+		cht_size: u64,
+		remote_roots: &BTreeMap<NumberFor<B>, B::Hash>,
+		remote_roots_proof: Vec<Vec<u8>>,
+	) -> ClientResult<()>
+		where
+			H: Hasher,
+			H::Out: Ord + HeapSizeOf,
+	{
+		// all the checks are sharing the same storage
+		let storage = create_proof_check_backend_storage(remote_roots_proof);
+
+		// we remote_roots.keys() are sorted => we can use this to group changes tries roots
+		// that are belongs to the same CHT
+		let blocks = remote_roots.keys().cloned();
+		cht::for_each_cht_group::<B::Header, _, _, _>(cht_size, blocks, |mut storage, _, cht_blocks| {
+			// get local changes trie CHT root for given CHT
+			// it should be there, because it is never pruned AND request has been composed
+			// when required header has been pruned (=> replaced with CHT)
+			let first_block = cht_blocks.first().cloned()
+				.expect("for_each_cht_group never calls callback with empty groups");
+			let local_cht_root = self.blockchain.storage().changes_trie_cht_root(cht_size, first_block)?;
+
+			// check changes trie root for every block within CHT range
+			for block in cht_blocks {
+				// check if the proofs storage contains the root
+				// normally this happens in when the proving backend is created, but since
+				// we share the storage for multiple checks, do it here
+				let mut cht_root = H::Out::default();
+				cht_root.as_mut().copy_from_slice(local_cht_root.as_ref());
+				if !storage.contains(&cht_root) {
+					return Err(ClientErrorKind::InvalidCHTProof.into());
+				}
+
+				// check proof for single changes trie root
+				let proving_backend = TrieBackend::new(storage, cht_root);
+				let remote_changes_trie_root = remote_roots[&block];
+				cht::check_proof_on_proving_backend::<B::Header, H>(
+					local_cht_root,
+					block,
+					remote_changes_trie_root,
+					&proving_backend)?;
+
+				// and return the storage to use in following checks
+				storage = proving_backend.into_storage();
+			}
+
+			Ok(storage)
+		}, storage)
+	}
 }

-impl<E, Block, H> FetchChecker<Block> for LightDataChecker<E, H>
+impl<E, Block, H, S, F> FetchChecker<Block> for LightDataChecker<E, H, Block, S, F>
 	where
 		Block: BlockT,
 		E: CodeExecutor<H>,
 		H: Hasher,
 		H::Out: Ord + HeapSizeOf,
+		S: BlockchainStorage<Block>,
+		F: Send + Sync,
 {
 	fn check_header_proof(
 		&self,
@@ -177,7 +321,7 @@ impl<E, Block, H> FetchChecker<Block> for LightDataChecker<E, H>
 		remote_proof: Vec<Vec<u8>>
 	) -> ClientResult<Block::Header> {
 		let remote_header = remote_header.ok_or_else(||
-			ClientError::from(ClientErrorKind::InvalidHeaderProof))?;
+			ClientError::from(ClientErrorKind::InvalidCHTProof))?;
 		let remote_header_hash = remote_header.hash();
 		cht::check_proof::<Block::Header, H>(
 			request.cht_root,
@@ -207,55 +351,39 @@ impl<E, Block, H> FetchChecker<Block> for LightDataChecker<E, H>
 	fn check_changes_proof(
 		&self,
 		request: &RemoteChangesRequest<Block::Header>,
-		remote_max: NumberFor<Block>,
-		remote_proof: Vec<Vec<u8>>
+		remote_proof: ChangesProof<Block::Header>
 	) -> ClientResult<Vec<(NumberFor<Block>, u32)>> {
-		// since we need roots of all changes tries for the range begin..max
-		// => remote node can't use max block greater that one that we have passed
-		if remote_max > request.max_block.0 || remote_max < request.last_block.0 {
-			return Err(ClientErrorKind::ChangesTrieAccessFailed(format!(
-				"Invalid max_block used by the remote node: {}. Local: {}..{}..{}",
-				remote_max, request.first_block.0, request.last_block.0, request.max_block.0,
-			)).into());
-		}
-
-		let first_number = request.first_block.0.as_();
-		key_changes_proof_check::<_, H>(
-			&request.changes_trie_config,
-			&RootsStorage {
-				first: first_number,
-				roots: &request.tries_roots,
-			},
-			remote_proof,
-			first_number,
-			&ChangesTrieAnchorBlockId {
-				hash: convert_hash(&request.last_block.1),
-				number: request.last_block.0.as_(),
-			},
-			remote_max.as_(),
-			&request.key)
-		.map(|pairs| pairs.into_iter().map(|(b, x)| (As::sa(b), x)).collect())
-		.map_err(|err| ClientErrorKind::ChangesTrieAccessFailed(err).into())
+		self.check_changes_proof_with_cht_size(request, remote_proof, cht::SIZE)
 	}
 }

-/// A view of HashMap<Number, Hash> as a changes trie roots storage.
-struct RootsStorage<'a, Hash: 'a> {
-	first: u64,
-	roots: &'a [Hash],
+/// A view of BTreeMap<Number, Hash> as a changes trie roots storage.
+struct RootsStorage<'a, Number: As<u64>, Hash: 'a> {
+	roots: (Number, &'a [Hash]),
+	prev_roots: BTreeMap<Number, Hash>,
 }

-impl<'a, H, Hash> ChangesTrieRootsStorage<H> for RootsStorage<'a, Hash>
+impl<'a, H, Number, Hash> ChangesTrieRootsStorage<H> for RootsStorage<'a, Number, Hash>
 	where
 		H: Hasher,
+		Number: Send + Sync + Eq + ::std::cmp::Ord + Copy + As<u64>,
 		Hash: 'a + Send + Sync + Clone + AsRef<[u8]>,
 {
 	fn root(&self, _anchor: &ChangesTrieAnchorBlockId<H::Out>, block: u64) -> Result<Option<H::Out>, String> {
 		// we can't ask for roots from parallel forks here => ignore anchor
-		Ok(block.checked_sub(self.first)
-			.and_then(|index| self.roots.get(index as usize))
-			.cloned()
-			.map(|root| convert_hash(&root)))
+		let root = if block < self.roots.0.as_() {
+			self.prev_roots.get(&As::sa(block)).cloned()
+		} else {
+			block.checked_sub(self.roots.0.as_())
+				.and_then(|index| self.roots.1.get(index as usize))
+				.cloned()
+		};
+
+		Ok(root.map(|root| {
+			let mut hasher_root: H::Out = Default::default();
+			hasher_root.as_mut().copy_from_slice(root.as_ref());
+			hasher_root
+		}))
 	}
 }

@@ -263,18 +391,20 @@ impl<'a, H, Hash> ChangesTrieRootsStorage<H> for RootsStorage<'a, Hash>
 pub mod tests {
 	use futures::future::{ok, err, FutureResult};
 	use parking_lot::Mutex;
+	use keyring::Keyring;
 	use call_executor::CallResult;
 	use client::tests::prepare_client_with_key_changes;
 	use executor::{self, NativeExecutionDispatch};
 	use error::Error as ClientError;
-	use test_client::{self, TestClient};
+	use test_client::{self, TestClient, blockchain::HeaderBackend};
 	use test_client::runtime::{self, Hash, Block, Header};
 	use consensus::BlockOrigin;

 	use in_mem::{Blockchain as InMemoryBlockchain};
 	use light::fetcher::{Fetcher, FetchChecker, LightDataChecker,
 		RemoteCallRequest, RemoteHeaderRequest};
-	use primitives::{Blake2Hasher};
+	use light::blockchain::tests::{DummyStorage, DummyBlockchain};
+	use primitives::{twox_128, Blake2Hasher};
 	use primitives::storage::well_known_keys;
 	use runtime_primitives::generic::BlockId;
 	use state_machine::Backend;
@@ -305,10 +435,9 @@ pub mod tests {
 		}
 	}

-	fn prepare_for_read_proof_check() -> (
-		LightDataChecker<executor::NativeExecutor<test_client::LocalExecutor>, Blake2Hasher>,
-		Header, Vec<Vec<u8>>, usize)
-	{
+	type TestChecker = LightDataChecker<executor::NativeExecutor<test_client::LocalExecutor>, Blake2Hasher, Block, DummyStorage, OkCallFetcher>;
+
+	fn prepare_for_read_proof_check() -> (TestChecker, Header, Vec<Vec<u8>>, usize) {
 		// prepare remote client
 		let remote_client = test_client::new();
 		let remote_block_id = BlockId::Number(0);
@@ -330,21 +459,19 @@ pub mod tests {
 			::backend::NewBlockState::Final,
 		).unwrap();
 		let local_executor = test_client::LocalExecutor::new();
-		let local_checker = LightDataChecker::new(local_executor);
+		let local_checker = LightDataChecker::new(Arc::new(DummyBlockchain::new(DummyStorage::new())), local_executor);
 		(local_checker, remote_block_header, remote_read_proof, authorities_len)
 	}

-	fn prepare_for_header_proof_check(insert_cht: bool) -> (
-		LightDataChecker<executor::NativeExecutor<test_client::LocalExecutor>, Blake2Hasher>,
-		Hash, Header, Vec<Vec<u8>>)
-	{
+	fn prepare_for_header_proof_check(insert_cht: bool) -> (TestChecker, Hash, Header, Vec<Vec<u8>>) {
 		// prepare remote client
 		let remote_client = test_client::new();
 		let mut local_headers_hashes = Vec::new();
 		for i in 0..4 {
 			let builder = remote_client.new_block().unwrap();
 			remote_client.justify_and_import(BlockOrigin::Own, builder.bake().unwrap()).unwrap();
-			local_headers_hashes.push(remote_client.block_hash(i + 1).unwrap());
+			local_headers_hashes.push(remote_client.block_hash(i + 1)
+				.map_err(|_| ClientErrorKind::Backend("TestError".into()).into()));
 		}

 		// 'fetch' header proof from remote node
@@ -353,12 +480,12 @@ pub mod tests {

 		// check remote read proof locally
 		let local_storage = InMemoryBlockchain::<Block>::new();
-		let local_cht_root = cht::compute_root::<Header, Blake2Hasher, _>(4, 0, local_headers_hashes.into_iter()).unwrap();
+		let local_cht_root = cht::compute_root::<Header, Blake2Hasher, _>(4, 0, local_headers_hashes).unwrap();
 		if insert_cht {
 			local_storage.insert_cht_root(1, local_cht_root);
 		}
 		let local_executor = test_client::LocalExecutor::new();
-		let local_checker = LightDataChecker::new(local_executor);
+		let local_checker = LightDataChecker::new(Arc::new(DummyBlockchain::new(DummyStorage::new())), local_executor);
 		(local_checker, local_cht_root, remote_block_header, remote_header_proof)
 	}

@@ -406,10 +533,12 @@ pub mod tests {
 	}

 	#[test]
-	fn changes_proof_is_generated_and_checked() {
+	fn changes_proof_is_generated_and_checked_when_headers_are_not_pruned() {
 		let (remote_client, local_roots, test_cases) = prepare_client_with_key_changes();
-		let local_checker = LightDataChecker::<_, Blake2Hasher>::new(
-			test_client::LocalExecutor::new());
+		let local_checker = TestChecker::new(
+			Arc::new(DummyBlockchain::new(DummyStorage::new())),
+			test_client::LocalExecutor::new()
+		);
 		let local_checker = &local_checker as &FetchChecker<Block>;
 		let max = remote_client.info().unwrap().chain.best_number;
 		let max_hash = remote_client.info().unwrap().chain.best_hash;
@@ -419,8 +548,8 @@ pub mod tests {
 			let end_hash = remote_client.block_hash(end).unwrap().unwrap();

 			// 'fetch' changes proof from remote node
-			let (remote_max, remote_proof) = remote_client.key_changes_proof(
-				begin_hash, end_hash, max_hash, &key
+			let remote_proof = remote_client.key_changes_proof(
+				begin_hash, end_hash, begin_hash, max_hash, &key
 			).unwrap();

 			// check proof on local client
@@ -430,12 +559,16 @@ pub mod tests {
 				first_block: (begin, begin_hash),
 				last_block: (end, end_hash),
 				max_block: (max, max_hash),
-				tries_roots: local_roots_range,
+				tries_roots: (begin, begin_hash, local_roots_range),
 				key: key,
 				retry_count: None,
 			};
-			let local_result = local_checker.check_changes_proof(
-				&request, remote_max, remote_proof).unwrap();
+			let local_result = local_checker.check_changes_proof(&request, ChangesProof {
+				max_block: remote_proof.max_block,
+				proof: remote_proof.proof,
+				roots: remote_proof.roots,
+				roots_proof: remote_proof.roots_proof,
+			}).unwrap();

 			// ..and ensure that result is the same as on remote node
 			match local_result == expected_result {
@@ -446,11 +579,60 @@ pub mod tests {
 		}
 	}

+	#[test]
+	fn changes_proof_is_generated_and_checked_when_headers_are_pruned() {
+		// we're testing this test case here:
+		// (1, 4, dave.clone(), vec![(4, 0), (1, 1), (1, 0)]),
+		let (remote_client, remote_roots, _) = prepare_client_with_key_changes();
+		let dave = twox_128(&runtime::system::balance_of_key(Keyring::Dave.to_raw_public().into())).to_vec();
+
+		// 'fetch' changes proof from remote node:
+		// we're fetching changes for range b1..b4
+		// we do not know changes trie roots before b3 (i.e. we only know b3+b4)
+		// but we have changes trie CHT root for b1...b4
+		let b1 = remote_client.block_hash_from_id(&BlockId::Number(1)).unwrap().unwrap();
+		let b3 = remote_client.block_hash_from_id(&BlockId::Number(3)).unwrap().unwrap();
+		let b4 = remote_client.block_hash_from_id(&BlockId::Number(4)).unwrap().unwrap();
+		let remote_proof = remote_client.key_changes_proof_with_cht_size(
+			b1, b4, b3, b4, &dave, 4
+		).unwrap();
+
+		// prepare local checker, having a root of changes trie CHT#0
+		let local_cht_root = cht::compute_root::<Header, Blake2Hasher, _>(4, 0, remote_roots.iter().cloned().map(|ct| Ok(Some(ct)))).unwrap();
+		let mut local_storage = DummyStorage::new();
+		local_storage.changes_tries_cht_roots.insert(0, local_cht_root);
+		let local_checker = TestChecker::new(
+			Arc::new(DummyBlockchain::new(local_storage)),
+			test_client::LocalExecutor::new()
+		);
+
+		// check proof on local client
+		let request = RemoteChangesRequest::<Header> {
+			changes_trie_config: runtime::changes_trie_config(),
+			first_block: (1, b1),
+			last_block: (4, b4),
+			max_block: (4, b4),
+			tries_roots: (3, b3, vec![remote_roots[2].clone(), remote_roots[3].clone()]),
+			key: dave,
+			retry_count: None,
+		};
+		let local_result = local_checker.check_changes_proof_with_cht_size(&request, ChangesProof {
+			max_block: remote_proof.max_block,
+			proof: remote_proof.proof,
+			roots: remote_proof.roots,
+			roots_proof: remote_proof.roots_proof,
+		}, 4).unwrap();
+
+		assert_eq!(local_result, vec![(4, 0), (1, 1), (1, 0)]);
+	}
+
 	#[test]
 	fn check_changes_proof_fails_if_proof_is_wrong() {
 		let (remote_client, local_roots, test_cases) = prepare_client_with_key_changes();
-		let local_checker = LightDataChecker::<_, Blake2Hasher>::new(
-			test_client::LocalExecutor::new());
+		let local_checker = TestChecker::new(
+			Arc::new(DummyBlockchain::new(DummyStorage::new())),
+			test_client::LocalExecutor::new()
+		);
 		let local_checker = &local_checker as &FetchChecker<Block>;
 		let max = remote_client.info().unwrap().chain.best_number;
 		let max_hash = remote_client.info().unwrap().chain.best_hash;
@@ -460,24 +642,86 @@ pub mod tests {
 		let end_hash = remote_client.block_hash(end).unwrap().unwrap();

 		// 'fetch' changes proof from remote node
-		let (remote_max, mut remote_proof) = remote_client.key_changes_proof(
-			begin_hash, end_hash, max_hash, &key).unwrap();
+		let remote_proof = remote_client.key_changes_proof(
+			begin_hash, end_hash, begin_hash, max_hash, &key).unwrap();
+
 		let local_roots_range = local_roots.clone()[(begin - 1) as usize..].to_vec();
 		let request = RemoteChangesRequest::<Header> {
 			changes_trie_config: runtime::changes_trie_config(),
 			first_block: (begin, begin_hash),
 			last_block: (end, end_hash),
 			max_block: (max, max_hash),
-			tries_roots: local_roots_range.clone(),
+			tries_roots: (begin, begin_hash, local_roots_range.clone()),
 			key: key,
 			retry_count: None,
 		};

 		// check proof on local client using max from the future
-		assert!(local_checker.check_changes_proof(&request, remote_max + 1, remote_proof.clone()).is_err());
+		assert!(local_checker.check_changes_proof(&request, ChangesProof {
+			max_block: remote_proof.max_block + 1,
+			proof: remote_proof.proof.clone(),
+			roots: remote_proof.roots.clone(),
+			roots_proof: remote_proof.roots_proof.clone(),
+		}).is_err());

 		// check proof on local client using broken proof
-		remote_proof = local_roots_range.into_iter().map(|v| v.as_bytes().to_vec()).collect();
-		assert!(local_checker.check_changes_proof(&request, remote_max, remote_proof).is_err());
+		assert!(local_checker.check_changes_proof(&request, ChangesProof {
+			max_block: remote_proof.max_block,
+			proof: local_roots_range.clone().into_iter().map(|v| v.as_ref().to_vec()).collect(),
+			roots: remote_proof.roots,
+			roots_proof: remote_proof.roots_proof,
+		}).is_err());
+
+		// extra roots proofs are provided
+		assert!(local_checker.check_changes_proof(&request, ChangesProof {
+			max_block: remote_proof.max_block,
+			proof: remote_proof.proof.clone(),
+			roots: vec![(begin - 1, Default::default())].into_iter().collect(),
+			roots_proof: vec![],
+		}).is_err());
+		assert!(local_checker.check_changes_proof(&request, ChangesProof {
+			max_block: remote_proof.max_block,
+			proof: remote_proof.proof.clone(),
+			roots: vec![(end + 1, Default::default())].into_iter().collect(),
+			roots_proof: vec![],
+		}).is_err());
+	}
+
+	#[test]
+	fn check_changes_tries_proof_fails_if_proof_is_wrong() {
+		// we're testing this test case here:
+		// (1, 4, dave.clone(), vec![(4, 0), (1, 1), (1, 0)]),
+		let (remote_client, remote_roots, _) = prepare_client_with_key_changes();
+		let local_cht_root = cht::compute_root::<Header, Blake2Hasher, _>(
+			4, 0, remote_roots.iter().cloned().map(|ct| Ok(Some(ct)))).unwrap();
+		let dave = twox_128(&runtime::system::balance_of_key(Keyring::Dave.to_raw_public().into())).to_vec();
+
+		// 'fetch' changes proof from remote node:
+		// we're fetching changes for range b1..b4
+		// we do not know changes trie roots before b3 (i.e. we only know b3+b4)
+		// but we have changes trie CHT root for b1...b4
+		let b1 = remote_client.block_hash_from_id(&BlockId::Number(1)).unwrap().unwrap();
+		let b3 = remote_client.block_hash_from_id(&BlockId::Number(3)).unwrap().unwrap();
+		let b4 = remote_client.block_hash_from_id(&BlockId::Number(4)).unwrap().unwrap();
+		let remote_proof = remote_client.key_changes_proof_with_cht_size(
+			b1, b4, b3, b4, &dave, 4
+		).unwrap();
+
+		// fails when changes trie CHT is missing from the local db
+		let local_checker = TestChecker::new(
+			Arc::new(DummyBlockchain::new(DummyStorage::new())),
+			test_client::LocalExecutor::new()
+		);
+		assert!(local_checker.check_changes_tries_proof(4, &remote_proof.roots,
+			remote_proof.roots_proof.clone()).is_err());
+
+		// fails when proof is broken
+		let mut local_storage = DummyStorage::new();
+		local_storage.changes_tries_cht_roots.insert(0, local_cht_root);
+		let local_checker = TestChecker::new(
+			Arc::new(DummyBlockchain::new(local_storage)),
+			test_client::LocalExecutor::new()
+		);
+		assert!(local_checker.check_changes_tries_proof(4, &remote_proof.roots, vec![]).is_err());
 	}
 }
@@ -65,13 +65,14 @@ where
 }

 /// Create an instance of fetch data checker.
-pub fn new_fetch_checker<E, H>(
+pub fn new_fetch_checker<E, H, B: BlockT, S: BlockchainStorage<B>, F>(
+	blockchain: Arc<Blockchain<S, F>>,
 	executor: E,
-) -> LightDataChecker<E, H>
+) -> LightDataChecker<E, H, B, S, F>
 	where
 		E: CodeExecutor<H>,
 		H: Hasher,

 {
-	LightDataChecker::new(executor)
+	LightDataChecker::new(blockchain, executor)
 }