Merge pull request #3185 from tendermint/release/v0.29.0

Release/v0.29.0
fix changelog indent (#3190 )
2025-07-15 20:41:37 +00:00 · 2019-01-22 13:19:28 -05:00 · 2019-01-22 12:24:26 -05:00 · 2019-01-21 19:32:10 -05:00 · 2019-01-21 10:02:57 -05:00 · 2019-01-21 09:21:04 -05:00
280 changed files with 8913 additions and 11815 deletions
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -3,10 +3,17 @@ version: 2
 defaults: &defaults
  working_directory: /go/src/github.com/tendermint/tendermint
  docker:
-    - image: circleci/golang:1.10.3
+    - image: circleci/golang:1.11.4
  environment:
    GOBIN: /tmp/workspace/bin

+docs_update_config: &docs_update_config
+  working_directory: ~/repo
+  docker:
+    - image: tendermint/docs_deployment
+  environment:
+    AWS_REGION: us-east-1
+
 jobs:
  setup_dependencies:
    <<: *defaults
@@ -92,6 +99,7 @@ jobs:
          command: |
            export PATH="$GOBIN:$PATH"
            make get_tools
+            make get_dev_tools
      - run:
          name: dependencies
          command: |
@@ -338,10 +346,25 @@ jobs:
          name: upload
          command: bash .circleci/codecov.sh -f coverage.txt

+  deploy_docs:
+    <<: *docs_update_config
+    steps:
+      - checkout
+      - run:
+          name: Trigger website build
+          command: |
+            chamber exec tendermint -- start_website_build
+
 workflows:
  version: 2
  test-suite:
    jobs:
+      - deploy_docs:
+          filters:
+            branches:
+              only:
+                - master
+                - develop
      - setup_dependencies
      - lint:
          requires:
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,378 @@
 # Changelog

+## v0.29.0
+
+*January 21, 2019*
+
+Special thanks to external contributors on this release:
+@bradyjoestar, @kunaldhariwal, @gauthamzz, @hrharder
+
+This release is primarily about making some breaking changes to
+the Block protocol version before Cosmos launch, and to fixing more issues
+in the proposer selection algorithm discovered on Cosmos testnets.
+
+The Block protocol changes include using a standard Merkle tree format (RFC 6962),
+fixing some inconsistencies between field orders in Vote and Proposal structs,
+and constraining the hash of the ConsensusParams to include only a few fields.
+
+The proposer selection algorithm saw significant progress,
+including a [formal proof by @cwgoes for the base-case in Idris](https://github.com/cwgoes/tm-proposer-idris)
+and a [much more detailed specification (still in progress) by
+@ancazamfir](https://github.com/tendermint/tendermint/pull/3140).
+
+Fixes to the proposer selection algorithm include normalizing the proposer
+priorities to mitigate the effects of large changes to the validator set.
+That said, we just discovered [another bug](https://github.com/tendermint/tendermint/issues/3181),
+which will be fixed in the next breaking release.
+
+While we are trying to stabilize the Block protocol to preserve compatibility
+with old chains, there may be some final changes yet to come before Cosmos
+launch as we continue to audit and test the software.
+
+Friendly reminder, we have a [bug bounty
+program](https://hackerone.com/tendermint).
+
+### BREAKING CHANGES:
+
+* CLI/RPC/Config
+
+* Apps
+  - [state] [\#3049](https://github.com/tendermint/tendermint/issues/3049) Total voting power of the validator set is upper bounded by
+    `MaxInt64 / 8`. Apps must ensure they do not return changes to the validator
+    set that cause this maximum to be exceeded.
+
+* Go API
+  - [node] [\#3082](https://github.com/tendermint/tendermint/issues/3082) MetricsProvider now requires you to pass a chain ID
+  - [types] [\#2713](https://github.com/tendermint/tendermint/issues/2713) Rename `TxProof.LeafHash` to `TxProof.Leaf`
+  - [crypto/merkle] [\#2713](https://github.com/tendermint/tendermint/issues/2713) `SimpleProof.Verify` takes a `leaf` instead of a
+    `leafHash` and performs the hashing itself
+
+* Blockchain Protocol
+  * [crypto/merkle] [\#2713](https://github.com/tendermint/tendermint/issues/2713) Merkle trees now match the RFC 6962 specification
+  * [types] [\#3078](https://github.com/tendermint/tendermint/issues/3078) Re-order Timestamp and BlockID in CanonicalVote so it's
+    consistent with CanonicalProposal (BlockID comes
+    first)
+  * [types] [\#3165](https://github.com/tendermint/tendermint/issues/3165) Hash of ConsensusParams only includes BlockSize.MaxBytes and
+    BlockSize.MaxGas
+
+* P2P Protocol
+  - [consensus] [\#3049](https://github.com/tendermint/tendermint/issues/3049) Normalize priorities to not exceed `2*TotalVotingPower` to mitigate unfair proposer selection
+    heavily preferring earlier joined validators in the case of an early bonded large validator unbonding
+
+### FEATURES:
+
+### IMPROVEMENTS:
+- [rpc] [\#3065](https://github.com/tendermint/tendermint/issues/3065) Return maxPerPage (100), not defaultPerPage (30) if `per_page` is greater than the max 100.
+- [instrumentation] [\#3082](https://github.com/tendermint/tendermint/issues/3082) Add `chain_id` label for all metrics
+
+### BUG FIXES:
+- [crypto] [\#3164](https://github.com/tendermint/tendermint/issues/3164) Update `btcd` fork for rare signRFC6979 bug
+- [lite] [\#3171](https://github.com/tendermint/tendermint/issues/3171) Fix verifying large validator set changes
+- [log] [\#3125](https://github.com/tendermint/tendermint/issues/3125) Fix year format
+- [mempool] [\#3168](https://github.com/tendermint/tendermint/issues/3168) Limit tx size to fit in the max reactor msg size
+- [scripts] [\#3147](https://github.com/tendermint/tendermint/issues/3147) Fix json2wal for large block parts (@bradyjoestar)
+
+## v0.28.1
+
+*January 18th, 2019*
+
+Special thanks to external contributors on this release:
+@HaoyangLiu
+
+Friendly reminder, we have a [bug bounty
+program](https://hackerone.com/tendermint).
+
+### BUG FIXES:
+- [consensus] Fix consensus halt from proposing blocks with too much evidence
+
+## v0.28.0
+
+*January 16th, 2019*
+
+Special thanks to external contributors on this release:
+@fmauricios, @gianfelipe93, @husio, @needkane, @srmo, @yutianwu
+
+This release is primarily about upgrades to the `privval` system -
+separating the `priv_validator.json` into distinct config and data files, and
+refactoring the socket validator to support reconnections.
+
+**Note:** Please backup your existing `priv_validator.json` before using this
+version.
+
+See [UPGRADING.md](UPGRADING.md) for more details.
+
+### BREAKING CHANGES:
+
+* CLI/RPC/Config
+  - [cli] Removed `--proxy_app=dummy` option. Use `kvstore` (`persistent_kvstore`) instead.
+  - [cli] Renamed `--proxy_app=nilapp` to `--proxy_app=noop`.
+  - [config] [\#2992](https://github.com/tendermint/tendermint/issues/2992) `allow_duplicate_ip` is now set to false
+  - [privval] [\#1181](https://github.com/tendermint/tendermint/issues/1181) Split `priv_validator.json` into immutable (`config/priv_validator_key.json`) and mutable (`data/priv_validator_state.json`) parts (@yutianwu)
+  - [privval] [\#2926](https://github.com/tendermint/tendermint/issues/2926) Split up `PubKeyMsg` into `PubKeyRequest` and `PubKeyResponse` to be consistent with other message types
+  - [privval] [\#2923](https://github.com/tendermint/tendermint/issues/2923) Listen for unix socket connections instead of dialing them
+
+* Apps
+
+* Go API
+  - [types] [\#2981](https://github.com/tendermint/tendermint/issues/2981) Remove `PrivValidator.GetAddress()`
+
+* Blockchain Protocol
+
+* P2P Protocol
+
+### FEATURES:
+- [rpc] [\#3052](https://github.com/tendermint/tendermint/issues/3052) Include peer's remote IP in `/net_info`
+
+### IMPROVEMENTS:
+- [consensus] [\#3086](https://github.com/tendermint/tendermint/issues/3086) Log peerID on ignored votes (@srmo)
+- [docs] [\#3061](https://github.com/tendermint/tendermint/issues/3061) Added specification for signing consensus msgs at
+  ./docs/spec/consensus/signing.md
+- [privval] [\#2948](https://github.com/tendermint/tendermint/issues/2948) Memoize pubkey so it's only requested once on startup
+- [privval] [\#2923](https://github.com/tendermint/tendermint/issues/2923) Retry RemoteSigner connections on error
+
+### BUG FIXES:
+
+- [build] [\#3085](https://github.com/tendermint/tendermint/issues/3085) Fix `Version` field in build scripts (@husio)
+- [crypto/multisig] [\#3102](https://github.com/tendermint/tendermint/issues/3102) Fix multisig keys address length
+- [crypto/encoding] [\#3101](https://github.com/tendermint/tendermint/issues/3101) Fix `PubKeyMultisigThreshold` unmarshalling into `crypto.PubKey` interface
+- [p2p/conn] [\#3111](https://github.com/tendermint/tendermint/issues/3111) Make SecretConnection thread safe
+- [rpc] [\#3053](https://github.com/tendermint/tendermint/issues/3053) Fix internal error in `/tx_search` when results are empty
+  (@gianfelipe93)
+- [types] [\#2926](https://github.com/tendermint/tendermint/issues/2926) Do not panic if retrieving the privval's public key fails
+
+## v0.27.4
+
+*December 21st, 2018*
+
+### BUG FIXES:
+
+- [mempool] [\#3036](https://github.com/tendermint/tendermint/issues/3036) Fix
+  LRU cache by popping the least recently used item when the cache is full,
+  not the most recently used one!
+
+## v0.27.3
+
+*December 16th, 2018*
+
+### BREAKING CHANGES:
+
+* Go API
+  - [dep] [\#3027](https://github.com/tendermint/tendermint/issues/3027) Revert to mainline Go crypto library, eliminating the modified
+    `bcrypt.GenerateFromPassword`
+
+## v0.27.2
+
+*December 16th, 2018*
+
+### IMPROVEMENTS:
+
+- [node] [\#3025](https://github.com/tendermint/tendermint/issues/3025) Validate NodeInfo addresses on startup.
+
+### BUG FIXES:
+
+- [p2p] [\#3025](https://github.com/tendermint/tendermint/pull/3025) Revert to using defers in addrbook.  Fixes deadlocks in pex and consensus upon invalid ExternalAddr/ListenAddr configuration.
+
+## v0.27.1
+
+*December 15th, 2018*
+
+Special thanks to external contributors on this release:
+@danil-lashin, @hleb-albau, @james-ray, @leo-xinwang
+
+### FEATURES:
+- [rpc] [\#2964](https://github.com/tendermint/tendermint/issues/2964) Add `UnconfirmedTxs(limit)` and `NumUnconfirmedTxs()` methods to HTTP/Local clients (@danil-lashin)
+- [docs] [\#3004](https://github.com/tendermint/tendermint/issues/3004) Enable full-text search on docs pages
+
+### IMPROVEMENTS:
+- [consensus] [\#2971](https://github.com/tendermint/tendermint/issues/2971) Return error if ValidatorSet is empty after InitChain
+  (@leo-xinwang)
+- [ci/cd] [\#3005](https://github.com/tendermint/tendermint/issues/3005) Updated CircleCI job to trigger website build when docs are updated
+- [docs] Various updates
+
+### BUG FIXES:
+- [cmd] [\#2983](https://github.com/tendermint/tendermint/issues/2983) `testnet` command always sets `addr_book_strict = false`
+- [config] [\#2980](https://github.com/tendermint/tendermint/issues/2980) Fix CORS options formatting
+- [kv indexer] [\#2912](https://github.com/tendermint/tendermint/issues/2912) Don't ignore key when executing CONTAINS
+- [mempool] [\#2961](https://github.com/tendermint/tendermint/issues/2961) Call `notifyTxsAvailable` if there're txs left after committing a block, but recheck=false
+- [mempool] [\#2994](https://github.com/tendermint/tendermint/issues/2994) Reject txs with negative GasWanted
+- [p2p] [\#2990](https://github.com/tendermint/tendermint/issues/2990) Fix a bug where seeds don't disconnect from a peer after 3h
+- [consensus] [\#3006](https://github.com/tendermint/tendermint/issues/3006) Save state after InitChain only when stateHeight is also 0 (@james-ray)
+
+## v0.27.0
+
+*December 5th, 2018*
+
+Special thanks to external contributors on this release:
+@danil-lashin, @srmo
+
+Special thanks to @dlguddus for discovering a [major
+issue](https://github.com/tendermint/tendermint/issues/2718#issuecomment-440888677)
+in the proposer selection algorithm.
+
+Friendly reminder, we have a [bug bounty
+program](https://hackerone.com/tendermint).
+
+This release is primarily about fixes to the proposer selection algorithm
+in preparation for the [Cosmos Game of
+Stakes](https://blog.cosmos.network/the-game-of-stakes-is-open-for-registration-83a404746ee6).
+It also makes use of the `ConsensusParams.Validator.PubKeyTypes` to restrict the
+key types that can be used by validators, and removes the `Heartbeat` consensus
+message.
+
+### BREAKING CHANGES:
+
+* CLI/RPC/Config
+  - [rpc] [\#2932](https://github.com/tendermint/tendermint/issues/2932) Rename `accum` to `proposer_priority`
+
+* Go API
+  - [db] [\#2913](https://github.com/tendermint/tendermint/pull/2913)
+    ReverseIterator API change: start < end, and end is exclusive.
+  - [types] [\#2932](https://github.com/tendermint/tendermint/issues/2932) Rename `Validator.Accum` to `Validator.ProposerPriority`
+
+* Blockchain Protocol
+  - [state] [\#2714](https://github.com/tendermint/tendermint/issues/2714) Validators can now only use pubkeys allowed within
+    ConsensusParams.Validator.PubKeyTypes
+
+* P2P Protocol
+  - [consensus] [\#2871](https://github.com/tendermint/tendermint/issues/2871)
+    Remove *ProposalHeartbeat* message as it serves no real purpose (@srmo)
+  - [state] Fixes for proposer selection:
+    - [\#2785](https://github.com/tendermint/tendermint/issues/2785) Accum for new validators is `-1.125*totalVotingPower` instead of 0
+    - [\#2941](https://github.com/tendermint/tendermint/issues/2941) val.Accum is preserved during ValidatorSet.Update to avoid being
+      reset to 0
+
+### IMPROVEMENTS:
+
+- [state] [\#2929](https://github.com/tendermint/tendermint/issues/2929) Minor refactor of updateState logic (@danil-lashin)
+- [node] [\#2959](https://github.com/tendermint/tendermint/issues/2959) Allow node to start even if software's BlockProtocol is
+  different from state's BlockProtocol
+- [pex] [\#2959](https://github.com/tendermint/tendermint/issues/2959) Pex reactor logger uses `module=pex`
+
+### BUG FIXES:
+
+- [p2p] [\#2968](https://github.com/tendermint/tendermint/issues/2968) Panic on transport error rather than continuing to run but not
+  accept new connections
+- [p2p] [\#2969](https://github.com/tendermint/tendermint/issues/2969) Fix mismatch in peer count between `/net_info` and the prometheus
+  metrics
+- [rpc] [\#2408](https://github.com/tendermint/tendermint/issues/2408) `/broadcast_tx_commit`: Fix "interface conversion: interface {} in nil, not EventDataTx" panic (could happen if somebody sent a tx using `/broadcast_tx_commit` while Tendermint was being stopped)
+- [state] [\#2785](https://github.com/tendermint/tendermint/issues/2785) Fix accum for new validators to be `-1.125*totalVotingPower`
+  instead of 0, forcing them to wait before becoming the proposer. Also:
+    - do not batch clip
+    - keep accums averaged near 0
+- [txindex/kv] [\#2925](https://github.com/tendermint/tendermint/issues/2925) Don't return false positives when range searching for a prefix of a tag value
+- [types] [\#2938](https://github.com/tendermint/tendermint/issues/2938) Fix regression in v0.26.4 where we panic on empty
+  genDoc.Validators
+- [types] [\#2941](https://github.com/tendermint/tendermint/issues/2941) Preserve val.Accum during ValidatorSet.Update to avoid it being
+  reset to 0 every time a validator is updated
+
+## v0.26.4
+
+*November 27th, 2018*
+
+Special thanks to external contributors on this release:
+@ackratos, @goolAdapter, @james-ray, @joe-bowman, @kostko,
+@nagarajmanjunath, @tomtau
+
+Friendly reminder, we have a [bug bounty
+program](https://hackerone.com/tendermint).
+
+### FEATURES:
+
+- [rpc] [\#2747](https://github.com/tendermint/tendermint/issues/2747) Enable subscription to tags emitted from `BeginBlock`/`EndBlock` (@kostko)
+- [types] [\#2747](https://github.com/tendermint/tendermint/issues/2747) Add `ResultBeginBlock` and `ResultEndBlock` fields to `EventDataNewBlock`
+    and `EventDataNewBlockHeader` to support subscriptions (@kostko)
+- [types] [\#2918](https://github.com/tendermint/tendermint/issues/2918) Add Marshal, MarshalTo, Unmarshal methods to various structs
+  to support Protobuf compatibility (@nagarajmanjunath)
+
+### IMPROVEMENTS:
+
+- [config] [\#2877](https://github.com/tendermint/tendermint/issues/2877) Add `blocktime_iota` to the config.toml (@ackratos)
+    - NOTE: this should be a ConsensusParam, not part of the config, and will be
+      removed from the config at a later date
+      ([\#2920](https://github.com/tendermint/tendermint/issues/2920).
+- [mempool] [\#2882](https://github.com/tendermint/tendermint/issues/2882) Add txs from Update to cache
+- [mempool] [\#2891](https://github.com/tendermint/tendermint/issues/2891) Remove local int64 counter from being stored in every tx
+- [node] [\#2866](https://github.com/tendermint/tendermint/issues/2866) Add ability to instantiate IPCVal (@joe-bowman)
+
+### BUG FIXES:
+
+- [blockchain] [\#2731](https://github.com/tendermint/tendermint/issues/2731) Retry both blocks if either is bad to avoid getting stuck during fast sync (@goolAdapter)
+- [consensus] [\#2893](https://github.com/tendermint/tendermint/issues/2893) Use genDoc.Validators instead of state.NextValidators on replay when appHeight==0 (@james-ray)
+- [log] [\#2868](https://github.com/tendermint/tendermint/issues/2868) Fix `module=main` setting overriding all others
+    - NOTE: this changes the default logging behaviour to be much less verbose.
+      Set `log_level="info"` to restore the previous behaviour.
+- [rpc] [\#2808](https://github.com/tendermint/tendermint/issues/2808) Fix `accum` field in `/validators` by calling `IncrementAccum` if necessary
+- [rpc] [\#2811](https://github.com/tendermint/tendermint/issues/2811) Allow integer IDs in JSON-RPC requests (@tomtau)
+- [txindex/kv] [\#2759](https://github.com/tendermint/tendermint/issues/2759) Fix tx.height range queries
+- [txindex/kv] [\#2775](https://github.com/tendermint/tendermint/issues/2775) Order tx results by index if height is the same
+- [txindex/kv] [\#2908](https://github.com/tendermint/tendermint/issues/2908) Don't return false positives when searching for a prefix of a tag value
+
+## v0.26.3
+
+*November 17th, 2018*
+
+Special thanks to external contributors on this release:
+@danil-lashin, @kevlubkcm, @krhubert, @srmo
+
+Friendly reminder, we have a [bug bounty
+program](https://hackerone.com/tendermint).
+
+### BREAKING CHANGES:
+
+* Go API
+  - [rpc] [\#2791](https://github.com/tendermint/tendermint/issues/2791) Functions that start HTTP servers are now blocking:
+    - Impacts `StartHTTPServer`, `StartHTTPAndTLSServer`, and `StartGRPCServer`
+    - These functions now take a `net.Listener` instead of an address
+  - [rpc] [\#2767](https://github.com/tendermint/tendermint/issues/2767) Subscribing to events
+  `NewRound` and `CompleteProposal` return new types `EventDataNewRound` and
+  `EventDataCompleteProposal`, respectively, instead of the generic `EventDataRoundState`. (@kevlubkcm)
+
+### FEATURES:
+
+- [log] [\#2843](https://github.com/tendermint/tendermint/issues/2843) New `log_format` config option, which can be set to 'plain' for colored
+  text or 'json' for JSON output
+- [types] [\#2767](https://github.com/tendermint/tendermint/issues/2767) New event types EventDataNewRound (with ProposerInfo) and EventDataCompleteProposal (with BlockID). (@kevlubkcm)
+
+### IMPROVEMENTS:
+
+- [dep] [\#2844](https://github.com/tendermint/tendermint/issues/2844) Dependencies are no longer pinned to an exact version in the
+  Gopkg.toml:
+  - Serialization libs are allowed to vary by patch release
+  - Other libs are allowed to vary by minor release
+- [p2p] [\#2857](https://github.com/tendermint/tendermint/issues/2857) "Send failed" is logged at debug level instead of error.
+- [rpc] [\#2780](https://github.com/tendermint/tendermint/issues/2780) Add read and write timeouts to HTTP servers
+- [state] [\#2848](https://github.com/tendermint/tendermint/issues/2848) Make "Update to validators" msg value pretty (@danil-lashin)
+
+### BUG FIXES:
+- [consensus] [\#2819](https://github.com/tendermint/tendermint/issues/2819) Don't send proposalHearbeat if not a validator
+- [docs] [\#2859](https://github.com/tendermint/tendermint/issues/2859) Fix ConsensusParams details in spec
+- [libs/autofile] [\#2760](https://github.com/tendermint/tendermint/issues/2760) Comment out autofile permissions check - should fix
+  running Tendermint on Windows
+- [p2p] [\#2869](https://github.com/tendermint/tendermint/issues/2869) Set connection config properly instead of always using default
+- [p2p/pex] [\#2802](https://github.com/tendermint/tendermint/issues/2802) Seed mode fixes:
+  - Only disconnect from inbound peers
+  - Use FlushStop instead of Sleep to ensure all messages are sent before
+    disconnecting
+
+## v0.26.2
+
+*November 15th, 2018*
+
+Special thanks to external contributors on this release: @hleb-albau, @zhuzeyu
+
+Friendly reminder, we have a [bug bounty program](https://hackerone.com/tendermint).
+
+### FEATURES:
+
+- [rpc] [\#2582](https://github.com/tendermint/tendermint/issues/2582) Enable CORS on RPC API (@hleb-albau)
+
+### BUG FIXES:
+
+- [abci] [\#2748](https://github.com/tendermint/tendermint/issues/2748) Unlock mutex in localClient so even when app panics (e.g. during CheckTx), consensus continue working
+- [abci] [\#2748](https://github.com/tendermint/tendermint/issues/2748) Fix DATA RACE in localClient
+- [amino] [\#2822](https://github.com/tendermint/tendermint/issues/2822) Update to v0.14.1 to support compiling on 32-bit platforms
+- [rpc] [\#2748](https://github.com/tendermint/tendermint/issues/2748) Drain channel before calling Unsubscribe(All) in `/broadcast_tx_commit`
+
 ## v0.26.1

 *November 11, 2018*
@@ -134,6 +507,8 @@ increasing attention to backwards compatibility. Thanks for bearing with us!
 - [abci] [\#2557](https://github.com/tendermint/tendermint/issues/2557) Add `Codespace` field to `Response{CheckTx, DeliverTx, Query}`
 - [abci] [\#2662](https://github.com/tendermint/tendermint/issues/2662) Add `BlockVersion` and `P2PVersion` to `RequestInfo`
 - [crypto/merkle] [\#2298](https://github.com/tendermint/tendermint/issues/2298) General Merkle Proof scheme for chaining various types of Merkle trees together
+- [docs/architecture] [\#1181](https://github.com/tendermint/tendermint/issues/1181) S
+plit immutable and mutable parts of priv_validator.json

 ### IMPROVEMENTS:
 - Additional Metrics
--- a/CHANGELOG_PENDING.md
+++ b/CHANGELOG_PENDING.md
@@ -1,13 +1,9 @@
-# Pending
+## v0.30.0

-## v0.26.2
-
-*TBA*
+*TBD*

 Special thanks to external contributors on this release:

-Friendly reminder, we have a [bug bounty program](https://hackerone.com/tendermint).
-
 ### BREAKING CHANGES:

 * CLI/RPC/Config
@@ -25,4 +21,3 @@ Friendly reminder, we have a [bug bounty program](https://hackerone.com/tendermi
 ### IMPROVEMENTS:

 ### BUG FIXES:
-
--- a/CODE_OF_CONDUCT.md
+++ b/CODE_OF_CONDUCT.md
@@ -6,7 +6,7 @@ This code of conduct applies to all projects run by the Tendermint/COSMOS team a


 # Conduct
-## Contact: adrian@tendermint.com
+## Contact: conduct@tendermint.com

 * We are committed to providing a friendly, safe and welcoming environment for all, regardless of level of experience, gender, gender identity and expression, sexual orientation, disability, personal appearance, body size, race, ethnicity, age, religion, nationality, or other similar characteristic.

--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -27,8 +27,8 @@ Of course, replace `ebuchman` with your git handle.

 To pull in updates from the origin repo, run

-    * `git fetch upstream`
-    * `git rebase upstream/master` (or whatever branch you want)
+  * `git fetch upstream`
+  * `git rebase upstream/master` (or whatever branch you want)

 Please don't make Pull Requests to `master`.

@@ -50,6 +50,11 @@ as apps, tools, and the core, should use dep.
 Run `dep status` to get a list of vendor dependencies that may not be
 up-to-date.

+When updating dependencies, please only update the particular dependencies you
+need. Instead of running `dep ensure -update`, which will update anything,
+specify exactly the dependency you want to update, eg.
+`dep ensure -update github.com/tendermint/go-amino`.
+
 ## Vagrant

 If you are a [Vagrant](https://www.vagrantup.com/) user, you can get started
@@ -64,43 +69,74 @@ vagrant ssh
 make test
 ```

-## Testing
+## Changelog

-All repos should be hooked up to [CircleCI](https://circleci.com/).
+Every fix, improvement, feature, or breaking change should be made in a
+pull-request that includes an update to the `CHANGELOG_PENDING.md` file.

-If they have `.go` files in the root directory, they will be automatically
-tested by circle using `go test -v -race ./...`. If not, they will need a
-`circle.yml`. Ideally, every repo has a `Makefile` that defines `make test` and
-includes its continuous integration status using a badge in the `README.md`.
+Changelog entries should be formatted as follows:
+
+```
+- [module] \#xxx Some description about the change (@contributor)
+```
+
+Here, `module` is the part of the code that changed (typically a
+top-level Go package), `xxx` is the pull-request number, and `contributor`
+is the author/s of the change.
+
+It's also acceptable for `xxx` to refer to the relevent issue number, but pull-request
+numbers are preferred.
+Note this means pull-requests should be opened first so the changelog can then
+be updated with the pull-request's number.
+There is no need to include the full link, as this will be added
+automatically during release. But please include the backslash and pound, eg. `\#2313`.
+
+Changelog entries should be ordered alphabetically according to the
+`module`, and numerically according to the pull-request number.
+
+Changes with multiple classifications should be doubly included (eg. a bug fix
+that is also a breaking change should be recorded under both).
+
+Breaking changes are further subdivided according to the APIs/users they impact.
+Any change that effects multiple APIs/users should be recorded multiply - for
+instance, a change to the `Blockchain Protocol` that removes a field from the
+header should also be recorded under `CLI/RPC/Config` since the field will be
+removed from the header in rpc responses as well.

 ## Branching Model and Release

-User-facing repos should adhere to the branching model: http://nvie.com/posts/a-successful-git-branching-model/.
-That is, these repos should be well versioned, and any merge to master requires a version bump and tagged release.
-
-Libraries need not follow the model strictly, but would be wise to,
-especially `go-p2p` and `go-rpc`, as their versions are referenced in tendermint core.
+All repos should adhere to the branching model: http://nvie.com/posts/a-successful-git-branching-model/.
+This means that all pull-requests should be made against develop. Any merge to
+master constitutes a tagged release.

 ### Development Procedure:
 - the latest state of development is on `develop`
 - `develop` must never fail `make test`
- no --force onto `develop` (except when reverting a broken commit, which should seldom happen)
+- never --force onto `develop` (except when reverting a broken commit, which should seldom happen)
 - create a development branch either on github.com/tendermint/tendermint, or your fork (using `git remote add origin`)
- before submitting a pull request, begin `git rebase` on top of `develop`
+- make changes and update the `CHANGELOG_PENDING.md` to record your change
+- before submitting a pull request, run `git rebase` on top of the latest `develop`

 ### Pull Merge Procedure:
- ensure pull branch is rebased on develop
+- ensure pull branch is based on a recent develop
 - run `make test` to ensure that all tests pass
 - merge pull request
- the `unstable` branch may be used to aggregate pull merges before testing once
- push master may request that pull requests be rebased on top of `unstable`
+- the `unstable` branch may be used to aggregate pull merges before fixing tests

 ### Release Procedure:
 - start on `develop`
 - run integration tests (see `test_integrations` in Makefile)
- prepare changelog/release issue
+- prepare changelog:
+    - copy `CHANGELOG_PENDING.md` to top of `CHANGELOG.md`
+    - run `python ./scripts/linkify_changelog.py CHANGELOG.md` to add links for
+      all issues
+    - run `bash ./scripts/authors.sh` to get a list of authors since the latest
+      release, and add the github aliases of external contributors to the top of
+      the changelog. To lookup an alias from an email, try `bash
+      ./scripts/authors.sh <email>`
+    - reset the `CHANGELOG_PENDING.md`
 - bump versions
- push to release-vX.X.X to run the extended integration tests on the CI
+- push to release/vX.X.X to run the extended integration tests on the CI
 - merge to master
 - merge master back to develop

@@ -115,3 +151,13 @@ especially `go-p2p` and `go-rpc`, as their versions are referenced in tendermint
 - merge hotfix-vX.X.X to master
 - merge hotfix-vX.X.X to develop
 - delete the hotfix-vX.X.X branch
+
+
+## Testing
+
+All repos should be hooked up to [CircleCI](https://circleci.com/).
+
+If they have `.go` files in the root directory, they will be automatically
+tested by circle using `go test -v -race ./...`. If not, they will need a
+`circle.yml`. Ideally, every repo has a `Makefile` that defines `make test` and
+includes its continuous integration status using a badge in the `README.md`.
--- a/DOCKER/build.sh
+++ b/DOCKER/build.sh
@@ -3,7 +3,7 @@ set -e

 # Get the tag from the version, or try to figure it out.
 if [ -z "$TAG" ]; then
-	TAG=$(awk -F\" '/Version =/ { print $2; exit }' < ../version/version.go)
+	TAG=$(awk -F\" '/TMCoreSemVer =/ { print $2; exit }' < ../version/version.go)
 fi
 if [ -z "$TAG" ]; then
 		echo "Please specify a tag."
--- a/DOCKER/push.sh
+++ b/DOCKER/push.sh
@@ -3,7 +3,7 @@ set -e

 # Get the tag from the version, or try to figure it out.
 if [ -z "$TAG" ]; then
-	TAG=$(awk -F\" '/Version =/ { print $2; exit }' < ../version/version.go)
+	TAG=$(awk -F\" '/TMCoreSemVer =/ { print $2; exit }' < ../version/version.go)
 fi
 if [ -z "$TAG" ]; then
 		echo "Please specify a tag."
--- a/Gopkg.lock
+++ b/Gopkg.lock
@@ -218,14 +218,16 @@
  version = "v1.0.0"

 [[projects]]
-  digest = "1:c1a04665f9613e082e1209cf288bf64f4068dcd6c87a64bf1c4ff006ad422ba0"
+  digest = "1:26663fafdea73a38075b07e8e9d82fc0056379d2be8bb4e13899e8fda7c7dd23"
  name = "github.com/prometheus/client_golang"
  packages = [
    "prometheus",
+    "prometheus/internal",
    "prometheus/promhttp",
  ]
  pruneopts = "UT"
-  revision = "ae27198cdd90bf12cd134ad79d1366a6cf49f632"
+  revision = "abad2d1bd44235a26707c172eab6bca5bf2dbad3"
+  version = "v0.9.1"

 [[projects]]
  branch = "master"
@@ -267,6 +269,14 @@
  pruneopts = "UT"
  revision = "e2704e165165ec55d062f5919b4b29494e9fa790"

+[[projects]]
+  digest = "1:b0c25f00bad20d783d259af2af8666969e2fc343fa0dc9efe52936bbd67fb758"
+  name = "github.com/rs/cors"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "9a47f48565a795472d43519dd49aac781f3034fb"
+  version = "v1.6.0"
+
 [[projects]]
  digest = "1:6a4a11ba764a56d2758899ec6f3848d24698d48442ebce85ee7a3f63284526cd"
  name = "github.com/spf13/afero"
@@ -351,22 +361,23 @@
  revision = "6b91fda63f2e36186f1c9d0e48578defb69c5d43"

 [[projects]]
-  digest = "1:605b6546f3f43745695298ec2d342d3e952b6d91cdf9f349bea9315f677d759f"
+  digest = "1:83f5e189eea2baad419a6a410984514266ff690075759c87e9ede596809bd0b8"
  name = "github.com/tendermint/btcd"
  packages = ["btcec"]
  pruneopts = "UT"
-  revision = "e5840949ff4fff0c56f9b6a541e22b63581ea9df"
+  revision = "80daadac05d1cd29571fccf27002d79667a88b58"
+  version = "v0.1.1"

 [[projects]]
-  digest = "1:10b3a599325740c84a7c81f3f3cb2e1fdb70b3ea01b7fa28495567a2519df431"
+  digest = "1:ad9c4c1a4e7875330b1f62906f2830f043a23edb5db997e3a5ac5d3e6eadf80a"
  name = "github.com/tendermint/go-amino"
  packages = ["."]
  pruneopts = "UT"
-  revision = "6dcc6ddc143e116455c94b25c1004c99e0d0ca12"
-  version = "v0.14.0"
+  revision = "dc14acf9ef15f85828bfbc561ed9dd9d2a284885"
+  version = "v0.14.1"

 [[projects]]
-  digest = "1:72b71e3a29775e5752ed7a8012052a3dee165e27ec18cedddae5288058f09acf"
+  digest = "1:00d2b3e64cdc3fa69aa250dfbe4cc38c4837d4f37e62279be2ae52107ffbbb44"
  name = "golang.org/x/crypto"
  packages = [
    "bcrypt",
@@ -387,8 +398,7 @@
    "salsa20/salsa",
  ]
  pruneopts = "UT"
-  revision = "3764759f34a542a3aef74d6b02e35be7ab893bba"
-  source = "github.com/tendermint/crypto"
+  revision = "505ab145d0a99da450461ae2c1a9f6cd10d1f447"

 [[projects]]
  digest = "1:d36f55a999540d29b6ea3c2ea29d71c76b1d9853fdcd3e5c5cb4836f2ba118f1"
@@ -516,6 +526,7 @@
    "github.com/prometheus/client_golang/prometheus",
    "github.com/prometheus/client_golang/prometheus/promhttp",
    "github.com/rcrowley/go-metrics",
+    "github.com/rs/cors",
    "github.com/spf13/cobra",
    "github.com/spf13/viper",
    "github.com/stretchr/testify/assert",
--- a/Gopkg.toml
+++ b/Gopkg.toml
@@ -20,53 +20,64 @@
 #   unused-packages = true
 #
 ###########################################################
-# NOTE: All packages should be pinned to specific versions.
-# Packages without releases must pin to a commit.
-

+# Allow only patch releases for serialization libraries
 [[constraint]]
-  name = "github.com/go-kit/kit"
-  version = "=0.6.0"
+  name = "github.com/tendermint/go-amino"
+  version = "~0.14.1"

 [[constraint]]
  name = "github.com/gogo/protobuf"
-  version = "=1.1.1"
+  version = "~1.1.1"

 [[constraint]]
  name = "github.com/golang/protobuf"
-  version = "=1.1.0"
+  version = "~1.1.0"
+
+# Allow only minor releases for other libraries
+[[constraint]]
+  name = "github.com/go-kit/kit"
+  version = "^0.6.0"

 [[constraint]]
  name = "github.com/gorilla/websocket"
-  version = "=1.2.0"
+  version = "^1.2.0"
+
+[[constraint]]
+  name = "github.com/rs/cors"
+  version = "^1.6.0"

 [[constraint]]
  name = "github.com/pkg/errors"
-  version = "=0.8.0"
+  version = "^0.8.0"

 [[constraint]]
  name = "github.com/spf13/cobra"
-  version = "=0.0.1"
+  version = "^0.0.1"

 [[constraint]]
  name = "github.com/spf13/viper"
-  version = "=1.0.0"
+  version = "^1.0.0"

 [[constraint]]
  name = "github.com/stretchr/testify"
-  version = "=1.2.1"
-
-[[constraint]]
-  name = "github.com/tendermint/go-amino"
-  version = "v0.14.0"
+  version = "^1.2.1"

 [[constraint]]
  name = "google.golang.org/grpc"
-  version = "=1.13.0"
+  version = "^1.13.0"

 [[constraint]]
  name = "github.com/fortytw2/leaktest"
-  version = "=1.2.0"
+  version = "^1.2.0"
+
+[[constraint]]
+  name = "github.com/prometheus/client_golang"
+  version = "^0.9.1"
+
+[[constraint]]
+  name = "github.com/tendermint/btcd"
+  version = "v0.1.1"

 ###################################
 ## Some repos dont have releases.
@@ -74,8 +85,7 @@

 [[constraint]]
  name = "golang.org/x/crypto"
-  source = "github.com/tendermint/crypto"
-  revision = "3764759f34a542a3aef74d6b02e35be7ab893bba"
+  revision = "505ab145d0a99da450461ae2c1a9f6cd10d1f447"

 [[override]]
  name = "github.com/jmhodges/levigo"
@@ -86,14 +96,6 @@
  name = "github.com/btcsuite/btcutil"
  revision = "d4cc87b860166d00d6b5b9e0d3b3d71d6088d4d4"

-[[constraint]]
-  name = "github.com/tendermint/btcd"
-  revision = "e5840949ff4fff0c56f9b6a541e22b63581ea9df"
-
-# Haven't made a release since 2016.
-[[constraint]]
-  name = "github.com/prometheus/client_golang"
-  revision = "ae27198cdd90bf12cd134ad79d1366a6cf49f632"

 [[constraint]]
  name = "github.com/rcrowley/go-metrics"
--- a/11
+++ b/11
@@ -17,7 +17,6 @@ all: check build test install

 check: check_tools get_vendor_deps

-
 ########################################
 ### Build Tendermint

@@ -33,6 +32,9 @@ build_race:
 install:
 	CGO_ENABLED=0 go install  $(BUILD_FLAGS) -tags $(BUILD_TAGS) ./cmd/tendermint

+install_c:
+	CGO_ENABLED=1 go install  $(BUILD_FLAGS) -tags "$(BUILD_TAGS) gcc" ./cmd/tendermint
+
 ########################################
 ### Protobuf

@@ -79,6 +81,8 @@ check_tools:
 get_tools:
 	@echo "--> Installing tools"
 	./scripts/get_tools.sh
+
+get_dev_tools:
 	@echo "--> Downloading linters (this may take awhile)"
 	$(GOPATH)/src/github.com/alecthomas/gometalinter/scripts/install.sh -b $(GOBIN)

@@ -288,8 +292,7 @@ build-linux:
 	GOOS=linux GOARCH=amd64 $(MAKE) build

 build-docker-localnode:
-	cd networks/local
-	make
+	@cd networks/local && make

 # Run a 4-node testnet locally
 localnet-start: localnet-stop
@@ -327,4 +330,4 @@ build-slate:
 # To avoid unintended conflicts with file names, always add to .PHONY
 # unless there is a reason not to.
 # https://www.gnu.org/software/make/manual/html_node/Phony-Targets.html
-.PHONY: check build build_race build_abci dist install install_abci check_dep check_tools get_tools update_tools get_vendor_deps draw_deps get_protoc protoc_abci protoc_libs gen_certs clean_certs grpc_dbserver test_cover test_apps test_persistence test_p2p test test_race test_integrations test_release test100 vagrant_test fmt rpc-docs build-linux localnet-start localnet-stop build-docker build-docker-localnode sentry-start sentry-config sentry-stop build-slate protoc_grpc protoc_all
+.PHONY: check build build_race build_abci dist install install_abci check_dep check_tools get_tools get_dev_tools update_tools get_vendor_deps draw_deps get_protoc protoc_abci protoc_libs gen_certs clean_certs grpc_dbserver test_cover test_apps test_persistence test_p2p test test_race test_integrations test_release test100 vagrant_test fmt rpc-docs build-linux localnet-start localnet-stop build-docker build-docker-localnode sentry-start sentry-config sentry-stop build-slate protoc_grpc protoc_all build_c install_c
--- a/README.md
+++ b/README.md
@@ -1,8 +1,8 @@
 # Tendermint

 [Byzantine-Fault Tolerant](https://en.wikipedia.org/wiki/Byzantine_fault_tolerance)
-[State Machine Replication](https://en.wikipedia.org/wiki/State_machine_replication).
-Or [Blockchain](https://en.wikipedia.org/wiki/Blockchain_(database)) for short.
+[State Machines](https://en.wikipedia.org/wiki/State_machine_replication).
+Or [Blockchain](https://en.wikipedia.org/wiki/Blockchain_(database)), for short.

 [![version](https://img.shields.io/github/tag/tendermint/tendermint.svg)](https://github.com/tendermint/tendermint/releases/latest)
 [![API Reference](
@@ -41,7 +41,7 @@ please [contact us](mailto:partners@tendermint.com) and [join the chat](https://
 ## Security

 To report a security vulnerability, see our [bug bounty
-program](https://tendermint.com/security).
+program](https://hackerone.com/tendermint)

 For examples of the kinds of bugs we're looking for, see [SECURITY.md](SECURITY.md)

@@ -49,61 +49,43 @@ For examples of the kinds of bugs we're looking for, see [SECURITY.md](SECURITY.

 Requirement|Notes
 ---|---
-Go version | Go1.10 or higher
+Go version | Go1.11.4 or higher

-## Install
+## Documentation
+
+Complete documentation can be found on the [website](https://tendermint.com/docs/).
+
+### Install

 See the [install instructions](/docs/introduction/install.md)

-## Quick Start
+### Quick Start

- [Single node](/docs/tendermint-core/using-tendermint.md)
- [Local cluster using docker-compose](/networks/local)
+- [Single node](/docs/introduction/quick-start.md)
+- [Local cluster using docker-compose](/docs/networks/docker-compose.md)
 - [Remote cluster using terraform and ansible](/docs/networks/terraform-and-ansible.md)
 - [Join the Cosmos testnet](https://cosmos.network/testnet)

-## Resources
-
-### Tendermint Core
-
-For details about the blockchain data structures and the p2p protocols, see the
-the [Tendermint specification](/docs/spec).
-
-For details on using the software, see the [documentation](/docs/) which is also
-hosted at: https://tendermint.com/docs/
-
-### Tools
-
-Benchmarking and monitoring is provided by `tm-bench` and `tm-monitor`, respectively.
-Their code is found [here](/tools) and these binaries need to be built seperately.
-Additional documentation is found [here](/docs/tools).
-
-### Sub-projects
-
-* [Amino](http://github.com/tendermint/go-amino), a reflection-based improvement on proto3
-* [IAVL](http://github.com/tendermint/iavl), Merkleized IAVL+ Tree implementation
-
-### Applications
-
-* [Cosmos SDK](http://github.com/cosmos/cosmos-sdk); a cryptocurrency application framework
-* [Ethermint](http://github.com/cosmos/ethermint); Ethereum on Tendermint
-* [Many more](https://tendermint.com/ecosystem)
-
-### Research
-
-* [Master's Thesis on Tendermint](https://atrium.lib.uoguelph.ca/xmlui/handle/10214/9769)
-* [Original Whitepaper](https://tendermint.com/static/docs/tendermint.pdf)
-* [Blog](https://blog.cosmos.network/tendermint/home)
-
 ## Contributing

-Yay open source! Please see our [contributing guidelines](CONTRIBUTING.md).
+Please abide by the [Code of Conduct](CODE_OF_CONDUCT.md) in all interactions,
+and the [contributing guidelines](CONTRIBUTING.md) when submitting code.
+
+Join the larger community on the [forum](https://forum.cosmos.network/) and the [chat](https://riot.im/app/#/room/#tendermint:matrix.org).
+
+To learn more about the structure of the software, watch the [Developer
+Sessions](https://www.youtube.com/playlist?list=PLdQIb0qr3pnBbG5ZG-0gr3zM86_s8Rpqv)
+and read some [Architectural
+Decision Records](https://github.com/tendermint/tendermint/tree/master/docs/architecture).
+
+Learn more by reading the code and comparing it to the
+[specification](https://github.com/tendermint/tendermint/tree/develop/docs/spec).

 ## Versioning

-### SemVer
+### Semantic Versioning

-Tendermint uses [SemVer](http://semver.org/) to determine when and how the version changes.
+Tendermint uses [Semantic Versioning](http://semver.org/) to determine when and how the version changes.
 According to SemVer, anything in the public API can change at any time before version 1.0.0

 To provide some stability to Tendermint users in these 0.X.X days, the MINOR version is used
@@ -140,8 +122,40 @@ data into the new chain.
 However, any bump in the PATCH version should be compatible with existing histories
 (if not please open an [issue](https://github.com/tendermint/tendermint/issues)).

-For more information on upgrading, see [here](./UPGRADING.md)
+For more information on upgrading, see [UPGRADING.md](./UPGRADING.md)

-## Code of Conduct
+## Resources
+
+### Tendermint Core
+
+For details about the blockchain data structures and the p2p protocols, see the
+[Tendermint specification](/docs/spec).
+
+For details on using the software, see the [documentation](/docs/) which is also
+hosted at: https://tendermint.com/docs/
+
+### Tools
+
+Benchmarking and monitoring is provided by `tm-bench` and `tm-monitor`, respectively.
+Their code is found [here](/tools) and these binaries need to be built seperately.
+Additional documentation is found [here](/docs/tools).
+
+### Sub-projects
+
+* [Amino](http://github.com/tendermint/go-amino), reflection-based proto3, with
+  interfaces
+* [IAVL](http://github.com/tendermint/iavl), Merkleized IAVL+ Tree implementation
+
+### Applications
+
+* [Cosmos SDK](http://github.com/cosmos/cosmos-sdk); a cryptocurrency application framework
+* [Ethermint](http://github.com/cosmos/ethermint); Ethereum on Tendermint
+* [Many more](https://tendermint.com/ecosystem)
+
+### Research
+
+* [The latest gossip on BFT consensus](https://arxiv.org/abs/1807.04938)
+* [Master's Thesis on Tendermint](https://atrium.lib.uoguelph.ca/xmlui/handle/10214/9769)
+* [Original Whitepaper](https://tendermint.com/static/docs/tendermint.pdf)
+* [Blog](https://blog.cosmos.network/tendermint/home)

-Please read, understand and adhere to our [code of conduct](CODE_OF_CONDUCT.md).
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -1,7 +1,8 @@
 # Security

 As part of our [Coordinated Vulnerability Disclosure
-Policy](https://tendermint.com/security), we operate a bug bounty.
+Policy](https://tendermint.com/security), we operate a [bug
+bounty](https://hackerone.com/tendermint).
 See the policy for more details on submissions and rewards.

 Here is a list of examples of the kinds of bugs we're most interested in:
--- a/UPGRADING.md
+++ b/UPGRADING.md
@@ -3,9 +3,121 @@
 This guide provides steps to be followed when you upgrade your applications to
 a newer version of Tendermint Core.

+## v0.29.0
+
+This release contains some breaking changes to the block and p2p protocols,
+and will not be compatible with any previous versions of the software, primarily
+due to changes in how various data structures are hashed.
+
+Any implementations of Tendermint blockchain verification, including lite clients,
+will need to be updated. For specific details:
+- [Merkle tree](./docs/spec/blockchain/encoding.md#merkle-trees)
+- [ConsensusParams](./docs/spec/blockchain/state.md#consensusparams)
+
+There was also a small change to field ordering in the vote struct. Any
+implementations of an out-of-process validator (like a Key-Management Server)
+will need to be updated. For specific details:
+- [Vote](https://github.com/tendermint/tendermint/blob/develop/docs/spec/consensus/signing.md#votes)
+
+Finally, the proposer selection algorithm continues to evolve. See the
+[work-in-progress
+specification](https://github.com/tendermint/tendermint/pull/3140).
+
+For everything else, please see the [CHANGELOG](./CHANGELOG.md#v0.29.0).
+
+## v0.28.0
+
+This release breaks the format for the `priv_validator.json` file
+and the protocol used for the external validator process.
+It is compatible with v0.27.0 blockchains (neither the BlockProtocol nor the
+P2PProtocol have changed).
+
+Please read carefully for details about upgrading.
+
+**Note:** Backup your `config/priv_validator.json`
+before proceeding.
+
+### `priv_validator.json`
+
+The `config/priv_validator.json` is now two files:
+`config/priv_validator_key.json` and `data/priv_validator_state.json`.
+The former contains the key material, the later contains the details on the last
+message signed.
+
+When running v0.28.0 for the first time, it will back up any pre-existing
+`priv_validator.json` file and proceed to split it into the two new files.
+Upgrading should happen automatically without problem.
+
+To upgrade manually, use the provided `privValUpgrade.go` script, with exact paths for the old
+`priv_validator.json` and the locations for the two new files. It's recomended
+to use the default paths, of `config/priv_validator_key.json` and
+`data/priv_validator_state.json`, respectively:
+
+```
+go run scripts/privValUpgrade.go <old-path> <new-key-path> <new-state-path>
+```
+
+### External validator signers
+
+The Unix and TCP implementations of the remote signing validator
+have been consolidated into a single implementation.
+Thus in both cases, the external process is expected to dial
+Tendermint. This is different from how Unix sockets used to work, where
+Tendermint dialed the external process.
+
+The `PubKeyMsg` was also split into separate `Request` and `Response` types
+for consistency with other messages.
+
+Note that the TCP sockets don't yet use a persistent key,
+so while they're encrypted, they can't yet be properly authenticated.
+See [#3105](https://github.com/tendermint/tendermint/issues/3105).
+Note the Unix socket has neither encryption nor authentication, but will
+add a shared-secret in [#3099](https://github.com/tendermint/tendermint/issues/3099).
+
+## v0.27.0
+
+This release contains some breaking changes to the block and p2p protocols,
+but does not change any core data structures, so it should be compatible with
+existing blockchains from the v0.26 series that only used Ed25519 validator keys.
+Blockchains using Secp256k1 for validators will not be compatible. This is due
+to the fact that we now enforce which key types validators can use as a
+consensus param. The default is Ed25519, and Secp256k1 must be activated
+explicitly.
+
+It is recommended to upgrade all nodes at once to avoid incompatibilities at the
+peer layer - namely, the heartbeat consensus message has been removed (only
+relevant if `create_empty_blocks=false` or `create_empty_blocks_interval > 0`),
+and the proposer selection algorithm has changed. Since proposer information is
+never included in the blockchain, this change only affects the peer layer.
+
+### Go API Changes
+
+#### libs/db
+
+The ReverseIterator API has changed the meaning of `start` and `end`.
+Before, iteration was from `start` to `end`, where
+`start > end`. Now, iteration is from `end` to `start`, where `start < end`.
+The iterator also excludes `end`. This change allows a simplified and more
+intuitive logic, aligning the semantic meaning of `start` and `end` in the
+`Iterator` and `ReverseIterator`.
+
+### Applications
+
+This release enforces a new consensus parameter, the
+ValidatorParams.PubKeyTypes. Applications must ensure that they only return
+validator updates with the allowed PubKeyTypes. If a validator update includes a
+pubkey type that is not included in the ConsensusParams.Validator.PubKeyTypes,
+block execution will fail and the consensus will halt.
+
+By default, only Ed25519 pubkeys may be used for validators. Enabling
+Secp256k1 requires explicit modification of the ConsensusParams.
+Please update your application accordingly (ie. restrict validators to only be
+able to use Ed25519 keys, or explicitly add additional key types to the genesis
+file).
+
 ## v0.26.0

-New 0.26.0 release contains a lot of changes to core data types and protocols. It is not
+This release contains a lot of changes to core data types and protocols. It is not
 compatible to the old versions and there is no straight forward way to update
 old data to be compatible with the new version.

@@ -67,7 +179,7 @@ For more information, see:

 ### Go API Changes

-#### crypto.merkle
+#### crypto/merkle

 The `merkle.Hasher` interface was removed. Functions which used to take `Hasher`
 now simply take `[]byte`. This means that any objects being Merklized should be
--- a/2
+++ b/2
@@ -53,6 +53,6 @@ Vagrant.configure("2") do |config|

    # get all deps and tools, ready to install/test
    su - vagrant  -c 'source /home/vagrant/.bash_profile'
-    su - vagrant -c 'cd /home/vagrant/go/src/github.com/tendermint/tendermint && make get_tools && make get_vendor_deps'
+    su - vagrant -c 'cd /home/vagrant/go/src/github.com/tendermint/tendermint && make get_tools && make get_dev_tools && make get_vendor_deps'
  SHELL
 end
--- a/abci/client/client.go
+++ b/abci/client/client.go
@@ -105,8 +105,8 @@ func (reqRes *ReqRes) SetCallback(cb func(res *types.Response)) {
 		return
 	}

-	defer reqRes.mtx.Unlock()
 	reqRes.cb = cb
+	reqRes.mtx.Unlock()
 }

 func (reqRes *ReqRes) GetCallback() func(*types.Response) {
--- a/abci/client/grpc_client.go
+++ b/abci/client/grpc_client.go
@@ -54,7 +54,7 @@ RETRY_LOOP:
 			if cli.mustConnect {
 				return err
 			}
-			cli.Logger.Error(fmt.Sprintf("abci.grpcClient failed to connect to %v.  Retrying...\n", cli.addr))
+			cli.Logger.Error(fmt.Sprintf("abci.grpcClient failed to connect to %v.  Retrying...\n", cli.addr), "err", err)
 			time.Sleep(time.Second * dialRetryIntervalSeconds)
 			continue RETRY_LOOP
 		}
@@ -111,8 +111,8 @@ func (cli *grpcClient) Error() error {
 // NOTE: callback may get internally generated flush responses.
 func (cli *grpcClient) SetResponseCallback(resCb Callback) {
 	cli.mtx.Lock()
-	defer cli.mtx.Unlock()
 	cli.resCb = resCb
+	cli.mtx.Unlock()
 }

 //----------------------------------------
--- a/abci/client/local_client.go
+++ b/abci/client/local_client.go
@@ -9,8 +9,13 @@ import (

 var _ Client = (*localClient)(nil)

+// NOTE: use defer to unlock mutex because Application might panic (e.g., in
+// case of malicious tx or query). It only makes sense for publicly exposed
+// methods like CheckTx (/broadcast_tx_* RPC endpoint) or Query (/abci_query
+// RPC endpoint), but defers are used everywhere for the sake of consistency.
 type localClient struct {
 	cmn.BaseService
+
 	mtx *sync.Mutex
 	types.Application
 	Callback
@@ -30,8 +35,8 @@ func NewLocalClient(mtx *sync.Mutex, app types.Application) *localClient {

 func (app *localClient) SetResponseCallback(cb Callback) {
 	app.mtx.Lock()
-	defer app.mtx.Unlock()
 	app.Callback = cb
+	app.mtx.Unlock()
 }

 // TODO: change types.Application to include Error()?
@@ -45,6 +50,9 @@ func (app *localClient) FlushAsync() *ReqRes {
 }

 func (app *localClient) EchoAsync(msg string) *ReqRes {
+	app.mtx.Lock()
+	defer app.mtx.Unlock()
+
 	return app.callback(
 		types.ToRequestEcho(msg),
 		types.ToResponseEcho(msg),
@@ -53,8 +61,9 @@ func (app *localClient) EchoAsync(msg string) *ReqRes {

 func (app *localClient) InfoAsync(req types.RequestInfo) *ReqRes {
 	app.mtx.Lock()
+	defer app.mtx.Unlock()
+
 	res := app.Application.Info(req)
-	app.mtx.Unlock()
 	return app.callback(
 		types.ToRequestInfo(req),
 		types.ToResponseInfo(res),
@@ -63,8 +72,9 @@ func (app *localClient) InfoAsync(req types.RequestInfo) *ReqRes {

 func (app *localClient) SetOptionAsync(req types.RequestSetOption) *ReqRes {
 	app.mtx.Lock()
+	defer app.mtx.Unlock()
+
 	res := app.Application.SetOption(req)
-	app.mtx.Unlock()
 	return app.callback(
 		types.ToRequestSetOption(req),
 		types.ToResponseSetOption(res),
@@ -73,8 +83,9 @@ func (app *localClient) SetOptionAsync(req types.RequestSetOption) *ReqRes {

 func (app *localClient) DeliverTxAsync(tx []byte) *ReqRes {
 	app.mtx.Lock()
+	defer app.mtx.Unlock()
+
 	res := app.Application.DeliverTx(tx)
-	app.mtx.Unlock()
 	return app.callback(
 		types.ToRequestDeliverTx(tx),
 		types.ToResponseDeliverTx(res),
@@ -83,8 +94,9 @@ func (app *localClient) DeliverTxAsync(tx []byte) *ReqRes {

 func (app *localClient) CheckTxAsync(tx []byte) *ReqRes {
 	app.mtx.Lock()
+	defer app.mtx.Unlock()
+
 	res := app.Application.CheckTx(tx)
-	app.mtx.Unlock()
 	return app.callback(
 		types.ToRequestCheckTx(tx),
 		types.ToResponseCheckTx(res),
@@ -93,8 +105,9 @@ func (app *localClient) CheckTxAsync(tx []byte) *ReqRes {

 func (app *localClient) QueryAsync(req types.RequestQuery) *ReqRes {
 	app.mtx.Lock()
+	defer app.mtx.Unlock()
+
 	res := app.Application.Query(req)
-	app.mtx.Unlock()
 	return app.callback(
 		types.ToRequestQuery(req),
 		types.ToResponseQuery(res),
@@ -103,8 +116,9 @@ func (app *localClient) QueryAsync(req types.RequestQuery) *ReqRes {

 func (app *localClient) CommitAsync() *ReqRes {
 	app.mtx.Lock()
+	defer app.mtx.Unlock()
+
 	res := app.Application.Commit()
-	app.mtx.Unlock()
 	return app.callback(
 		types.ToRequestCommit(),
 		types.ToResponseCommit(res),
@@ -113,19 +127,20 @@ func (app *localClient) CommitAsync() *ReqRes {

 func (app *localClient) InitChainAsync(req types.RequestInitChain) *ReqRes {
 	app.mtx.Lock()
+	defer app.mtx.Unlock()
+
 	res := app.Application.InitChain(req)
-	reqRes := app.callback(
+	return app.callback(
 		types.ToRequestInitChain(req),
 		types.ToResponseInitChain(res),
 	)
-	app.mtx.Unlock()
-	return reqRes
 }

 func (app *localClient) BeginBlockAsync(req types.RequestBeginBlock) *ReqRes {
 	app.mtx.Lock()
+	defer app.mtx.Unlock()
+
 	res := app.Application.BeginBlock(req)
-	app.mtx.Unlock()
 	return app.callback(
 		types.ToRequestBeginBlock(req),
 		types.ToResponseBeginBlock(res),
@@ -134,8 +149,9 @@ func (app *localClient) BeginBlockAsync(req types.RequestBeginBlock) *ReqRes {

 func (app *localClient) EndBlockAsync(req types.RequestEndBlock) *ReqRes {
 	app.mtx.Lock()
+	defer app.mtx.Unlock()
+
 	res := app.Application.EndBlock(req)
-	app.mtx.Unlock()
 	return app.callback(
 		types.ToRequestEndBlock(req),
 		types.ToResponseEndBlock(res),
@@ -154,64 +170,73 @@ func (app *localClient) EchoSync(msg string) (*types.ResponseEcho, error) {

 func (app *localClient) InfoSync(req types.RequestInfo) (*types.ResponseInfo, error) {
 	app.mtx.Lock()
+	defer app.mtx.Unlock()
+
 	res := app.Application.Info(req)
-	app.mtx.Unlock()
 	return &res, nil
 }

 func (app *localClient) SetOptionSync(req types.RequestSetOption) (*types.ResponseSetOption, error) {
 	app.mtx.Lock()
+	defer app.mtx.Unlock()
+
 	res := app.Application.SetOption(req)
-	app.mtx.Unlock()
 	return &res, nil
 }

 func (app *localClient) DeliverTxSync(tx []byte) (*types.ResponseDeliverTx, error) {
 	app.mtx.Lock()
+	defer app.mtx.Unlock()
+
 	res := app.Application.DeliverTx(tx)
-	app.mtx.Unlock()
 	return &res, nil
 }

 func (app *localClient) CheckTxSync(tx []byte) (*types.ResponseCheckTx, error) {
 	app.mtx.Lock()
+	defer app.mtx.Unlock()
+
 	res := app.Application.CheckTx(tx)
-	app.mtx.Unlock()
 	return &res, nil
 }

 func (app *localClient) QuerySync(req types.RequestQuery) (*types.ResponseQuery, error) {
 	app.mtx.Lock()
+	defer app.mtx.Unlock()
+
 	res := app.Application.Query(req)
-	app.mtx.Unlock()
 	return &res, nil
 }

 func (app *localClient) CommitSync() (*types.ResponseCommit, error) {
 	app.mtx.Lock()
+	defer app.mtx.Unlock()
+
 	res := app.Application.Commit()
-	app.mtx.Unlock()
 	return &res, nil
 }

 func (app *localClient) InitChainSync(req types.RequestInitChain) (*types.ResponseInitChain, error) {
 	app.mtx.Lock()
+	defer app.mtx.Unlock()
+
 	res := app.Application.InitChain(req)
-	app.mtx.Unlock()
 	return &res, nil
 }

 func (app *localClient) BeginBlockSync(req types.RequestBeginBlock) (*types.ResponseBeginBlock, error) {
 	app.mtx.Lock()
+	defer app.mtx.Unlock()
+
 	res := app.Application.BeginBlock(req)
-	app.mtx.Unlock()
 	return &res, nil
 }

 func (app *localClient) EndBlockSync(req types.RequestEndBlock) (*types.ResponseEndBlock, error) {
 	app.mtx.Lock()
+	defer app.mtx.Unlock()
+
 	res := app.Application.EndBlock(req)
-	app.mtx.Unlock()
 	return &res, nil
 }

--- a/abci/client/socket_client.go
+++ b/abci/client/socket_client.go
@@ -67,7 +67,7 @@ RETRY_LOOP:
 			if cli.mustConnect {
 				return err
 			}
-			cli.Logger.Error(fmt.Sprintf("abci.socketClient failed to connect to %v.  Retrying...", cli.addr))
+			cli.Logger.Error(fmt.Sprintf("abci.socketClient failed to connect to %v.  Retrying...", cli.addr), "err", err)
 			time.Sleep(time.Second * dialRetryIntervalSeconds)
 			continue RETRY_LOOP
 		}
@@ -118,8 +118,8 @@ func (cli *socketClient) Error() error {
 // NOTE: callback may get internally generated flush responses.
 func (cli *socketClient) SetResponseCallback(resCb Callback) {
 	cli.mtx.Lock()
-	defer cli.mtx.Unlock()
 	cli.resCb = resCb
+	cli.mtx.Unlock()
 }

 //----------------------------------------
--- a/abci/cmd/abci-cli/abci-cli.go
+++ b/abci/cmd/abci-cli/abci-cli.go
@@ -58,7 +58,7 @@ var RootCmd = &cobra.Command{
 	PersistentPreRunE: func(cmd *cobra.Command, args []string) error {

 		switch cmd.Use {
-		case "counter", "kvstore", "dummy": // for the examples apps, don't pre-run
+		case "counter", "kvstore": // for the examples apps, don't pre-run
 			return nil
 		case "version": // skip running for version command
 			return nil
@@ -127,10 +127,6 @@ func addCounterFlags() {
 	counterCmd.PersistentFlags().BoolVarP(&flagSerial, "serial", "", false, "enforce incrementing (serial) transactions")
 }

-func addDummyFlags() {
-	dummyCmd.PersistentFlags().StringVarP(&flagPersist, "persist", "", "", "directory to use for a database")
-}
-
 func addKVStoreFlags() {
 	kvstoreCmd.PersistentFlags().StringVarP(&flagPersist, "persist", "", "", "directory to use for a database")
 }
@@ -152,10 +148,6 @@ func addCommands() {
 	// examples
 	addCounterFlags()
 	RootCmd.AddCommand(counterCmd)
-	// deprecated, left for backwards compatibility
-	addDummyFlags()
-	RootCmd.AddCommand(dummyCmd)
-	// replaces dummy, see issue #196
 	addKVStoreFlags()
 	RootCmd.AddCommand(kvstoreCmd)
 }
@@ -291,18 +283,6 @@ var counterCmd = &cobra.Command{
 	},
 }

-// deprecated, left for backwards compatibility
-var dummyCmd = &cobra.Command{
-	Use:        "dummy",
-	Deprecated: "use: [abci-cli kvstore] instead",
-	Short:      "ABCI demo example",
-	Long:       "ABCI demo example",
-	Args:       cobra.ExactArgs(0),
-	RunE: func(cmd *cobra.Command, args []string) error {
-		return cmdKVStore(cmd, args)
-	},
-}
-
 var kvstoreCmd = &cobra.Command{
 	Use:   "kvstore",
 	Short: "ABCI demo example",
--- a/blockchain/pool.go
+++ b/blockchain/pool.go
@@ -168,9 +168,12 @@ func (pool *BlockPool) IsCaughtUp() bool {
 		return false
 	}

-	// some conditions to determine if we're caught up
-	receivedBlockOrTimedOut := (pool.height > 0 || time.Since(pool.startTime) > 5*time.Second)
-	ourChainIsLongestAmongPeers := pool.maxPeerHeight == 0 || pool.height >= pool.maxPeerHeight
+	// Some conditions to determine if we're caught up.
+	// Ensures we've either received a block or waited some amount of time,
+	// and that we're synced to the highest known height. Note we use maxPeerHeight - 1
+	// because to sync block H requires block H+1 to verify the LastCommit.
+	receivedBlockOrTimedOut := pool.height > 0 || time.Since(pool.startTime) > 5*time.Second
+	ourChainIsLongestAmongPeers := pool.maxPeerHeight == 0 || pool.height >= (pool.maxPeerHeight-1)
 	isCaughtUp := receivedBlockOrTimedOut && ourChainIsLongestAmongPeers
 	return isCaughtUp
 }
@@ -252,7 +255,8 @@ func (pool *BlockPool) AddBlock(peerID p2p.ID, block *types.Block, blockSize int
 			peer.decrPending(blockSize)
 		}
 	} else {
-		// Bad peer?
+		pool.Logger.Info("invalid peer", "peer", peerID, "blockHeight", block.Height)
+		pool.sendError(errors.New("invalid peer"), peerID)
 	}
 }

@@ -292,7 +296,7 @@ func (pool *BlockPool) RemovePeer(peerID p2p.ID) {
 func (pool *BlockPool) removePeer(peerID p2p.ID) {
 	for _, requester := range pool.requesters {
 		if requester.getPeerID() == peerID {
-			requester.redo()
+			requester.redo(peerID)
 		}
 	}
 	delete(pool.peers, peerID)
@@ -326,8 +330,11 @@ func (pool *BlockPool) makeNextRequester() {
 	defer pool.mtx.Unlock()

 	nextHeight := pool.height + pool.requestersLen()
+	if nextHeight > pool.maxPeerHeight {
+		return
+	}
+
 	request := newBPRequester(pool, nextHeight)
-	// request.SetLogger(pool.Logger.With("height", nextHeight))

 	pool.requesters[nextHeight] = request
 	atomic.AddInt32(&pool.numPending, 1)
@@ -453,7 +460,7 @@ type bpRequester struct {
 	pool       *BlockPool
 	height     int64
 	gotBlockCh chan struct{}
-	redoCh     chan struct{}
+	redoCh     chan p2p.ID //redo may send multitime, add peerId to identify repeat

 	mtx    sync.Mutex
 	peerID p2p.ID
@@ -465,7 +472,7 @@ func newBPRequester(pool *BlockPool, height int64) *bpRequester {
 		pool:       pool,
 		height:     height,
 		gotBlockCh: make(chan struct{}, 1),
-		redoCh:     make(chan struct{}, 1),
+		redoCh:     make(chan p2p.ID, 1),

 		peerID: "",
 		block:  nil,
@@ -524,9 +531,9 @@ func (bpr *bpRequester) reset() {
 // Tells bpRequester to pick another peer and try again.
 // NOTE: Nonblocking, and does nothing if another redo
 // was already requested.
-func (bpr *bpRequester) redo() {
+func (bpr *bpRequester) redo(peerId p2p.ID) {
 	select {
-	case bpr.redoCh <- struct{}{}:
+	case bpr.redoCh <- peerId:
 	default:
 	}
 }
@@ -565,9 +572,13 @@ OUTER_LOOP:
 				return
 			case <-bpr.Quit():
 				return
-			case <-bpr.redoCh:
-				bpr.reset()
-				continue OUTER_LOOP
+			case peerID := <-bpr.redoCh:
+				if peerID == bpr.peerID {
+					bpr.reset()
+					continue OUTER_LOOP
+				} else {
+					continue WAIT_LOOP
+				}
 			case <-bpr.gotBlockCh:
 				// We got a block!
 				// Continue the for-loop and wait til Quit.
--- a/blockchain/pool_test.go
+++ b/blockchain/pool_test.go
@@ -16,16 +16,52 @@ func init() {
 }

 type testPeer struct {
-	id     p2p.ID
-	height int64
+	id        p2p.ID
+	height    int64
+	inputChan chan inputData //make sure each peer's data is sequential
 }

-func makePeers(numPeers int, minHeight, maxHeight int64) map[p2p.ID]testPeer {
-	peers := make(map[p2p.ID]testPeer, numPeers)
+type inputData struct {
+	t       *testing.T
+	pool    *BlockPool
+	request BlockRequest
+}
+
+func (p testPeer) runInputRoutine() {
+	go func() {
+		for input := range p.inputChan {
+			p.simulateInput(input)
+		}
+	}()
+}
+
+// Request desired, pretend like we got the block immediately.
+func (p testPeer) simulateInput(input inputData) {
+	block := &types.Block{Header: types.Header{Height: input.request.Height}}
+	input.pool.AddBlock(input.request.PeerID, block, 123)
+	input.t.Logf("Added block from peer %v (height: %v)", input.request.PeerID, input.request.Height)
+}
+
+type testPeers map[p2p.ID]testPeer
+
+func (ps testPeers) start() {
+	for _, v := range ps {
+		v.runInputRoutine()
+	}
+}
+
+func (ps testPeers) stop() {
+	for _, v := range ps {
+		close(v.inputChan)
+	}
+}
+
+func makePeers(numPeers int, minHeight, maxHeight int64) testPeers {
+	peers := make(testPeers, numPeers)
 	for i := 0; i < numPeers; i++ {
 		peerID := p2p.ID(cmn.RandStr(12))
 		height := minHeight + cmn.RandInt63n(maxHeight-minHeight)
-		peers[peerID] = testPeer{peerID, height}
+		peers[peerID] = testPeer{peerID, height, make(chan inputData, 10)}
 	}
 	return peers
 }
@@ -45,6 +81,9 @@ func TestBasic(t *testing.T) {

 	defer pool.Stop()

+	peers.start()
+	defer peers.stop()
+
 	// Introduce each peer.
 	go func() {
 		for _, peer := range peers {
@@ -77,12 +116,8 @@ func TestBasic(t *testing.T) {
 			if request.Height == 300 {
 				return // Done!
 			}
-			// Request desired, pretend like we got the block immediately.
-			go func() {
-				block := &types.Block{Header: types.Header{Height: request.Height}}
-				pool.AddBlock(request.PeerID, block, 123)
-				t.Logf("Added block from peer %v (height: %v)", request.PeerID, request.Height)
-			}()
+
+			peers[request.PeerID].inputChan <- inputData{t, pool, request}
 		}
 	}
 }
--- a/blockchain/reactor.go
+++ b/blockchain/reactor.go
@@ -264,8 +264,12 @@ FOR_LOOP:
 				bcR.Logger.Info("Time to switch to consensus reactor!", "height", height)
 				bcR.pool.Stop()

-				conR := bcR.Switch.Reactor("CONSENSUS").(consensusReactor)
-				conR.SwitchToConsensus(state, blocksSynced)
+				conR, ok := bcR.Switch.Reactor("CONSENSUS").(consensusReactor)
+				if ok {
+					conR.SwitchToConsensus(state, blocksSynced)
+				} else {
+					// should only happen during testing
+				}

 				break FOR_LOOP
 			}
@@ -314,6 +318,13 @@ FOR_LOOP:
 					// still need to clean up the rest.
 					bcR.Switch.StopPeerForError(peer, fmt.Errorf("BlockchainReactor validation error: %v", err))
 				}
+				peerID2 := bcR.pool.RedoRequest(second.Height)
+				peer2 := bcR.Switch.Peers().Get(peerID2)
+				if peer2 != nil && peer2 != peer {
+					// NOTE: we've already removed the peer's request, but we
+					// still need to clean up the rest.
+					bcR.Switch.StopPeerForError(peer2, fmt.Errorf("BlockchainReactor validation error: %v", err))
+				}
 				continue FOR_LOOP
 			} else {
 				bcR.pool.PopRequest()
@@ -421,11 +432,7 @@ type bcBlockResponseMessage struct {

 // ValidateBasic performs basic validation.
 func (m *bcBlockResponseMessage) ValidateBasic() error {
-	if err := m.Block.ValidateBasic(); err != nil {
-		return err
-	}
-
-	return nil
+	return m.Block.ValidateBasic()
 }

 func (m *bcBlockResponseMessage) String() string {
--- a/blockchain/reactor_test.go
+++ b/blockchain/reactor_test.go
@@ -1,72 +1,151 @@
 package blockchain

 import (
-	"net"
+	"sort"
 	"testing"
+	"time"

+	"github.com/stretchr/testify/assert"
+
+	abci "github.com/tendermint/tendermint/abci/types"
+	cfg "github.com/tendermint/tendermint/config"
 	cmn "github.com/tendermint/tendermint/libs/common"
 	dbm "github.com/tendermint/tendermint/libs/db"
 	"github.com/tendermint/tendermint/libs/log"
-
-	cfg "github.com/tendermint/tendermint/config"
 	"github.com/tendermint/tendermint/p2p"
 	"github.com/tendermint/tendermint/proxy"
 	sm "github.com/tendermint/tendermint/state"
 	"github.com/tendermint/tendermint/types"
+	tmtime "github.com/tendermint/tendermint/types/time"
 )

-func makeStateAndBlockStore(logger log.Logger) (sm.State, *BlockStore) {
-	config := cfg.ResetTestRoot("blockchain_reactor_test")
-	// blockDB := dbm.NewDebugDB("blockDB", dbm.NewMemDB())
-	// stateDB := dbm.NewDebugDB("stateDB", dbm.NewMemDB())
+var config *cfg.Config
+
+func randGenesisDoc(numValidators int, randPower bool, minPower int64) (*types.GenesisDoc, []types.PrivValidator) {
+	validators := make([]types.GenesisValidator, numValidators)
+	privValidators := make([]types.PrivValidator, numValidators)
+	for i := 0; i < numValidators; i++ {
+		val, privVal := types.RandValidator(randPower, minPower)
+		validators[i] = types.GenesisValidator{
+			PubKey: val.PubKey,
+			Power:  val.VotingPower,
+		}
+		privValidators[i] = privVal
+	}
+	sort.Sort(types.PrivValidatorsByAddress(privValidators))
+
+	return &types.GenesisDoc{
+		GenesisTime: tmtime.Now(),
+		ChainID:     config.ChainID(),
+		Validators:  validators,
+	}, privValidators
+}
+
+func makeVote(header *types.Header, blockID types.BlockID, valset *types.ValidatorSet, privVal types.PrivValidator) *types.Vote {
+	addr := privVal.GetPubKey().Address()
+	idx, _ := valset.GetByAddress(addr)
+	vote := &types.Vote{
+		ValidatorAddress: addr,
+		ValidatorIndex:   idx,
+		Height:           header.Height,
+		Round:            1,
+		Timestamp:        tmtime.Now(),
+		Type:             types.PrecommitType,
+		BlockID:          blockID,
+	}
+
+	privVal.SignVote(header.ChainID, vote)
+
+	return vote
+}
+
+type BlockchainReactorPair struct {
+	reactor *BlockchainReactor
+	app     proxy.AppConns
+}
+
+func newBlockchainReactor(logger log.Logger, genDoc *types.GenesisDoc, privVals []types.PrivValidator, maxBlockHeight int64) BlockchainReactorPair {
+	if len(privVals) != 1 {
+		panic("only support one validator")
+	}
+
+	app := &testApp{}
+	cc := proxy.NewLocalClientCreator(app)
+	proxyApp := proxy.NewAppConns(cc)
+	err := proxyApp.Start()
+	if err != nil {
+		panic(cmn.ErrorWrap(err, "error start app"))
+	}
+
 	blockDB := dbm.NewMemDB()
 	stateDB := dbm.NewMemDB()
 	blockStore := NewBlockStore(blockDB)
-	state, err := sm.LoadStateFromDBOrGenesisFile(stateDB, config.GenesisFile())
+
+	state, err := sm.LoadStateFromDBOrGenesisDoc(stateDB, genDoc)
 	if err != nil {
 		panic(cmn.ErrorWrap(err, "error constructing state from genesis file"))
 	}
-	return state, blockStore
-}

-func newBlockchainReactor(logger log.Logger, maxBlockHeight int64) *BlockchainReactor {
-	state, blockStore := makeStateAndBlockStore(logger)
-
-	// Make the blockchainReactor itself
+	// Make the BlockchainReactor itself.
+	// NOTE we have to create and commit the blocks first because
+	// pool.height is determined from the store.
 	fastSync := true
-	var nilApp proxy.AppConnConsensus
-	blockExec := sm.NewBlockExecutor(dbm.NewMemDB(), log.TestingLogger(), nilApp,
+	blockExec := sm.NewBlockExecutor(dbm.NewMemDB(), log.TestingLogger(), proxyApp.Consensus(),
 		sm.MockMempool{}, sm.MockEvidencePool{})

+	// let's add some blocks in
+	for blockHeight := int64(1); blockHeight <= maxBlockHeight; blockHeight++ {
+		lastCommit := &types.Commit{}
+		if blockHeight > 1 {
+			lastBlockMeta := blockStore.LoadBlockMeta(blockHeight - 1)
+			lastBlock := blockStore.LoadBlock(blockHeight - 1)
+
+			vote := makeVote(&lastBlock.Header, lastBlockMeta.BlockID, state.Validators, privVals[0])
+			lastCommit = &types.Commit{Precommits: []*types.Vote{vote}, BlockID: lastBlockMeta.BlockID}
+		}
+
+		thisBlock := makeBlock(blockHeight, state, lastCommit)
+
+		thisParts := thisBlock.MakePartSet(types.BlockPartSizeBytes)
+		blockID := types.BlockID{thisBlock.Hash(), thisParts.Header()}
+
+		state, err = blockExec.ApplyBlock(state, blockID, thisBlock)
+		if err != nil {
+			panic(cmn.ErrorWrap(err, "error apply block"))
+		}
+
+		blockStore.SaveBlock(thisBlock, thisParts, lastCommit)
+	}
+
 	bcReactor := NewBlockchainReactor(state.Copy(), blockExec, blockStore, fastSync)
 	bcReactor.SetLogger(logger.With("module", "blockchain"))

-	// Next: we need to set a switch in order for peers to be added in
-	bcReactor.Switch = p2p.NewSwitch(cfg.DefaultP2PConfig(), nil)
-
-	// Lastly: let's add some blocks in
-	for blockHeight := int64(1); blockHeight <= maxBlockHeight; blockHeight++ {
-		firstBlock := makeBlock(blockHeight, state)
-		secondBlock := makeBlock(blockHeight+1, state)
-		firstParts := firstBlock.MakePartSet(types.BlockPartSizeBytes)
-		blockStore.SaveBlock(firstBlock, firstParts, secondBlock.LastCommit)
-	}
-
-	return bcReactor
+	return BlockchainReactorPair{bcReactor, proxyApp}
 }

 func TestNoBlockResponse(t *testing.T) {
-	maxBlockHeight := int64(20)
+	config = cfg.ResetTestRoot("blockchain_reactor_test")
+	genDoc, privVals := randGenesisDoc(1, false, 30)

-	bcr := newBlockchainReactor(log.TestingLogger(), maxBlockHeight)
-	bcr.Start()
-	defer bcr.Stop()
+	maxBlockHeight := int64(65)

-	// Add some peers in
-	peer := newbcrTestPeer(p2p.ID(cmn.RandStr(12)))
-	bcr.AddPeer(peer)
+	reactorPairs := make([]BlockchainReactorPair, 2)

-	chID := byte(0x01)
+	reactorPairs[0] = newBlockchainReactor(log.TestingLogger(), genDoc, privVals, maxBlockHeight)
+	reactorPairs[1] = newBlockchainReactor(log.TestingLogger(), genDoc, privVals, 0)
+
+	p2p.MakeConnectedSwitches(config.P2P, 2, func(i int, s *p2p.Switch) *p2p.Switch {
+		s.AddReactor("BLOCKCHAIN", reactorPairs[i].reactor)
+		return s
+
+	}, p2p.Connect2Switches)
+
+	defer func() {
+		for _, r := range reactorPairs {
+			r.reactor.Stop()
+			r.app.Stop()
+		}
+	}()

 	tests := []struct {
 		height   int64
@@ -78,72 +157,100 @@ func TestNoBlockResponse(t *testing.T) {
 		{100, false},
 	}

-	// receive a request message from peer,
-	// wait for our response to be received on the peer
-	for _, tt := range tests {
-		reqBlockMsg := &bcBlockRequestMessage{tt.height}
-		reqBlockBytes := cdc.MustMarshalBinaryBare(reqBlockMsg)
-		bcr.Receive(chID, peer, reqBlockBytes)
-		msg := peer.lastBlockchainMessage()
+	for {
+		if reactorPairs[1].reactor.pool.IsCaughtUp() {
+			break
+		}

+		time.Sleep(10 * time.Millisecond)
+	}
+
+	assert.Equal(t, maxBlockHeight, reactorPairs[0].reactor.store.Height())
+
+	for _, tt := range tests {
+		block := reactorPairs[1].reactor.store.LoadBlock(tt.height)
 		if tt.existent {
-			if blockMsg, ok := msg.(*bcBlockResponseMessage); !ok {
-				t.Fatalf("Expected to receive a block response for height %d", tt.height)
-			} else if blockMsg.Block.Height != tt.height {
-				t.Fatalf("Expected response to be for height %d, got %d", tt.height, blockMsg.Block.Height)
-			}
+			assert.True(t, block != nil)
 		} else {
-			if noBlockMsg, ok := msg.(*bcNoBlockResponseMessage); !ok {
-				t.Fatalf("Expected to receive a no block response for height %d", tt.height)
-			} else if noBlockMsg.Height != tt.height {
-				t.Fatalf("Expected response to be for height %d, got %d", tt.height, noBlockMsg.Height)
-			}
+			assert.True(t, block == nil)
 		}
 	}
 }

-/*
 // NOTE: This is too hard to test without
 // an easy way to add test peer to switch
 // or without significant refactoring of the module.
 // Alternatively we could actually dial a TCP conn but
 // that seems extreme.
 func TestBadBlockStopsPeer(t *testing.T) {
-	maxBlockHeight := int64(20)
+	config = cfg.ResetTestRoot("blockchain_reactor_test")
+	genDoc, privVals := randGenesisDoc(1, false, 30)

-	bcr := newBlockchainReactor(log.TestingLogger(), maxBlockHeight)
-	bcr.Start()
-	defer bcr.Stop()
+	maxBlockHeight := int64(148)

-	// Add some peers in
-	peer := newbcrTestPeer(p2p.ID(cmn.RandStr(12)))
+	otherChain := newBlockchainReactor(log.TestingLogger(), genDoc, privVals, maxBlockHeight)
+	defer func() {
+		otherChain.reactor.Stop()
+		otherChain.app.Stop()
+	}()

-	// XXX: This doesn't add the peer to anything,
-	// so it's hard to check that it's later removed
-	bcr.AddPeer(peer)
-	assert.True(t, bcr.Switch.Peers().Size() > 0)
+	reactorPairs := make([]BlockchainReactorPair, 4)

-	// send a bad block from the peer
-	// default blocks already dont have commits, so should fail
-	block := bcr.store.LoadBlock(3)
-	msg := &bcBlockResponseMessage{Block: block}
-	peer.Send(BlockchainChannel, struct{ BlockchainMessage }{msg})
+	reactorPairs[0] = newBlockchainReactor(log.TestingLogger(), genDoc, privVals, maxBlockHeight)
+	reactorPairs[1] = newBlockchainReactor(log.TestingLogger(), genDoc, privVals, 0)
+	reactorPairs[2] = newBlockchainReactor(log.TestingLogger(), genDoc, privVals, 0)
+	reactorPairs[3] = newBlockchainReactor(log.TestingLogger(), genDoc, privVals, 0)

-	ticker := time.NewTicker(time.Millisecond * 10)
-	timer := time.NewTimer(time.Second * 2)
-LOOP:
-	for {
-		select {
-		case <-ticker.C:
-			if bcr.Switch.Peers().Size() == 0 {
-				break LOOP
-			}
-		case <-timer.C:
-			t.Fatal("Timed out waiting to disconnect peer")
+	switches := p2p.MakeConnectedSwitches(config.P2P, 4, func(i int, s *p2p.Switch) *p2p.Switch {
+		s.AddReactor("BLOCKCHAIN", reactorPairs[i].reactor)
+		return s
+
+	}, p2p.Connect2Switches)
+
+	defer func() {
+		for _, r := range reactorPairs {
+			r.reactor.Stop()
+			r.app.Stop()
 		}
+	}()
+
+	for {
+		if reactorPairs[3].reactor.pool.IsCaughtUp() {
+			break
+		}
+
+		time.Sleep(1 * time.Second)
 	}
+
+	//at this time, reactors[0-3] is the newest
+	assert.Equal(t, 3, reactorPairs[1].reactor.Switch.Peers().Size())
+
+	//mark reactorPairs[3] is an invalid peer
+	reactorPairs[3].reactor.store = otherChain.reactor.store
+
+	lastReactorPair := newBlockchainReactor(log.TestingLogger(), genDoc, privVals, 0)
+	reactorPairs = append(reactorPairs, lastReactorPair)
+
+	switches = append(switches, p2p.MakeConnectedSwitches(config.P2P, 1, func(i int, s *p2p.Switch) *p2p.Switch {
+		s.AddReactor("BLOCKCHAIN", reactorPairs[len(reactorPairs)-1].reactor)
+		return s
+
+	}, p2p.Connect2Switches)...)
+
+	for i := 0; i < len(reactorPairs)-1; i++ {
+		p2p.Connect2Switches(switches, i, len(reactorPairs)-1)
+	}
+
+	for {
+		if lastReactorPair.reactor.pool.IsCaughtUp() || lastReactorPair.reactor.Switch.Peers().Size() == 0 {
+			break
+		}
+
+		time.Sleep(1 * time.Second)
+	}
+
+	assert.True(t, lastReactorPair.reactor.Switch.Peers().Size() < len(reactorPairs)-1)
 }
-*/

 //----------------------------------------------
 // utility funcs
@@ -155,55 +262,41 @@ func makeTxs(height int64) (txs []types.Tx) {
 	return txs
 }

-func makeBlock(height int64, state sm.State) *types.Block {
-	block, _ := state.MakeBlock(height, makeTxs(height), new(types.Commit), nil, state.Validators.GetProposer().Address)
+func makeBlock(height int64, state sm.State, lastCommit *types.Commit) *types.Block {
+	block, _ := state.MakeBlock(height, makeTxs(height), lastCommit, nil, state.Validators.GetProposer().Address)
 	return block
 }

-// The Test peer
-type bcrTestPeer struct {
-	cmn.BaseService
-	id p2p.ID
-	ch chan interface{}
+type testApp struct {
+	abci.BaseApplication
 }

-var _ p2p.Peer = (*bcrTestPeer)(nil)
+var _ abci.Application = (*testApp)(nil)

-func newbcrTestPeer(id p2p.ID) *bcrTestPeer {
-	bcr := &bcrTestPeer{
-		id: id,
-		ch: make(chan interface{}, 2),
-	}
-	bcr.BaseService = *cmn.NewBaseService(nil, "bcrTestPeer", bcr)
-	return bcr
+func (app *testApp) Info(req abci.RequestInfo) (resInfo abci.ResponseInfo) {
+	return abci.ResponseInfo{}
 }

-func (tp *bcrTestPeer) lastBlockchainMessage() interface{} { return <-tp.ch }
-
-func (tp *bcrTestPeer) TrySend(chID byte, msgBytes []byte) bool {
-	var msg BlockchainMessage
-	err := cdc.UnmarshalBinaryBare(msgBytes, &msg)
-	if err != nil {
-		panic(cmn.ErrorWrap(err, "Error while trying to parse a BlockchainMessage"))
-	}
-	if _, ok := msg.(*bcStatusResponseMessage); ok {
-		// Discard status response messages since they skew our results
-		// We only want to deal with:
-		// + bcBlockResponseMessage
-		// + bcNoBlockResponseMessage
-	} else {
-		tp.ch <- msg
-	}
-	return true
+func (app *testApp) BeginBlock(req abci.RequestBeginBlock) abci.ResponseBeginBlock {
+	return abci.ResponseBeginBlock{}
 }

-func (tp *bcrTestPeer) Send(chID byte, msgBytes []byte) bool { return tp.TrySend(chID, msgBytes) }
-func (tp *bcrTestPeer) NodeInfo() p2p.NodeInfo               { return p2p.DefaultNodeInfo{} }
-func (tp *bcrTestPeer) Status() p2p.ConnectionStatus         { return p2p.ConnectionStatus{} }
-func (tp *bcrTestPeer) ID() p2p.ID                           { return tp.id }
-func (tp *bcrTestPeer) IsOutbound() bool                     { return false }
-func (tp *bcrTestPeer) IsPersistent() bool                   { return true }
-func (tp *bcrTestPeer) Get(s string) interface{}             { return s }
-func (tp *bcrTestPeer) Set(string, interface{})              {}
-func (tp *bcrTestPeer) RemoteIP() net.IP                     { return []byte{127, 0, 0, 1} }
-func (tp *bcrTestPeer) OriginalAddr() *p2p.NetAddress        { return nil }
+func (app *testApp) EndBlock(req abci.RequestEndBlock) abci.ResponseEndBlock {
+	return abci.ResponseEndBlock{}
+}
+
+func (app *testApp) DeliverTx(tx []byte) abci.ResponseDeliverTx {
+	return abci.ResponseDeliverTx{Tags: []cmn.KVPair{}}
+}
+
+func (app *testApp) CheckTx(tx []byte) abci.ResponseCheckTx {
+	return abci.ResponseCheckTx{}
+}
+
+func (app *testApp) Commit() abci.ResponseCommit {
+	return abci.ResponseCommit{}
+}
+
+func (app *testApp) Query(reqQuery abci.RequestQuery) (resQuery abci.ResponseQuery) {
+	return
+}
--- a/blockchain/store_test.go
+++ b/blockchain/store_test.go
@@ -9,13 +9,30 @@ import (

 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
+	cfg "github.com/tendermint/tendermint/config"
+	cmn "github.com/tendermint/tendermint/libs/common"
 	"github.com/tendermint/tendermint/libs/db"
+	dbm "github.com/tendermint/tendermint/libs/db"
 	"github.com/tendermint/tendermint/libs/log"
+	sm "github.com/tendermint/tendermint/state"

 	"github.com/tendermint/tendermint/types"
 	tmtime "github.com/tendermint/tendermint/types/time"
 )

+func makeStateAndBlockStore(logger log.Logger) (sm.State, *BlockStore) {
+	config := cfg.ResetTestRoot("blockchain_reactor_test")
+	// blockDB := dbm.NewDebugDB("blockDB", dbm.NewMemDB())
+	// stateDB := dbm.NewDebugDB("stateDB", dbm.NewMemDB())
+	blockDB := dbm.NewMemDB()
+	stateDB := dbm.NewMemDB()
+	state, err := sm.LoadStateFromDBOrGenesisFile(stateDB, config.GenesisFile())
+	if err != nil {
+		panic(cmn.ErrorWrap(err, "error constructing state from genesis file"))
+	}
+	return state, NewBlockStore(blockDB)
+}
+
 func TestLoadBlockStoreStateJSON(t *testing.T) {
 	db := db.NewMemDB()

@@ -65,7 +82,7 @@ func freshBlockStore() (*BlockStore, db.DB) {
 var (
 	state, _ = makeStateAndBlockStore(log.NewTMLogger(new(bytes.Buffer)))

-	block       = makeBlock(1, state)
+	block       = makeBlock(1, state, new(types.Commit))
 	partSet     = block.MakePartSet(2)
 	part1       = partSet.GetPart(0)
 	part2       = partSet.GetPart(1)
@@ -88,7 +105,7 @@ func TestBlockStoreSaveLoadBlock(t *testing.T) {
 	}

 	// save a block
-	block := makeBlock(bs.Height()+1, state)
+	block := makeBlock(bs.Height()+1, state, new(types.Commit))
 	validPartSet := block.MakePartSet(2)
 	seenCommit := &types.Commit{Precommits: []*types.Vote{{Height: 10,
 		Timestamp: tmtime.Now()}}}
@@ -294,7 +311,7 @@ func TestLoadBlockPart(t *testing.T) {
 	gotPart, _, panicErr := doFn(loadPart)
 	require.Nil(t, panicErr, "an existent and proper block should not panic")
 	require.Nil(t, res, "a properly saved block should return a proper block")
-	require.Equal(t, gotPart.(*types.Part).Hash(), part1.Hash(),
+	require.Equal(t, gotPart.(*types.Part), part1,
 		"expecting successful retrieval of previously saved block")
 }

@@ -331,7 +348,7 @@ func TestLoadBlockMeta(t *testing.T) {
 func TestBlockFetchAtHeight(t *testing.T) {
 	state, bs := makeStateAndBlockStore(log.NewTMLogger(new(bytes.Buffer)))
 	require.Equal(t, bs.Height(), int64(0), "initially the height should be zero")
-	block := makeBlock(bs.Height()+1, state)
+	block := makeBlock(bs.Height()+1, state, new(types.Commit))

 	partSet := block.MakePartSet(2)
 	seenCommit := &types.Commit{Precommits: []*types.Vote{{Height: 10,
--- a/cmd/priv_val_server/main.go
+++ b/cmd/priv_val_server/main.go
@@ -3,6 +3,7 @@ package main
 import (
 	"flag"
 	"os"
+	"time"

 	"github.com/tendermint/tendermint/crypto/ed25519"
 	cmn "github.com/tendermint/tendermint/libs/common"
@@ -13,9 +14,10 @@ import (

 func main() {
 	var (
-		addr        = flag.String("addr", ":26659", "Address of client to connect to")
-		chainID     = flag.String("chain-id", "mychain", "chain id")
-		privValPath = flag.String("priv", "", "priv val file path")
+		addr             = flag.String("addr", ":26659", "Address of client to connect to")
+		chainID          = flag.String("chain-id", "mychain", "chain id")
+		privValKeyPath   = flag.String("priv-key", "", "priv val key file path")
+		privValStatePath = flag.String("priv-state", "", "priv val state file path")

 		logger = log.NewTMLogger(
 			log.NewSyncWriter(os.Stdout),
@@ -27,18 +29,26 @@ func main() {
 		"Starting private validator",
 		"addr", *addr,
 		"chainID", *chainID,
-		"privPath", *privValPath,
+		"privKeyPath", *privValKeyPath,
+		"privStatePath", *privValStatePath,
 	)

-	pv := privval.LoadFilePV(*privValPath)
+	pv := privval.LoadFilePV(*privValKeyPath, *privValStatePath)

-	rs := privval.NewRemoteSigner(
-		logger,
-		*chainID,
-		*addr,
-		pv,
-		ed25519.GenPrivKey(),
-	)
+	var dialer privval.Dialer
+	protocol, address := cmn.ProtocolAndAddress(*addr)
+	switch protocol {
+	case "unix":
+		dialer = privval.DialUnixFn(address)
+	case "tcp":
+		connTimeout := 3 * time.Second // TODO
+		dialer = privval.DialTCPFn(address, connTimeout, ed25519.GenPrivKey())
+	default:
+		logger.Error("Unknown protocol", "protocol", protocol)
+		os.Exit(1)
+	}
+
+	rs := privval.NewRemoteSigner(logger, *chainID, pv, dialer)
 	err := rs.Start()
 	if err != nil {
 		panic(err)
--- a/cmd/tendermint/commands/gen_validator.go
+++ b/cmd/tendermint/commands/gen_validator.go
@@ -17,7 +17,7 @@ var GenValidatorCmd = &cobra.Command{
 }

 func genValidator(cmd *cobra.Command, args []string) {
-	pv := privval.GenFilePV("")
+	pv := privval.GenFilePV("", "")
 	jsbz, err := cdc.MarshalJSON(pv)
 	if err != nil {
 		panic(err)
--- a/cmd/tendermint/commands/init.go
+++ b/cmd/tendermint/commands/init.go
@@ -4,7 +4,6 @@ import (
 	"fmt"

 	"github.com/spf13/cobra"
-
 	cfg "github.com/tendermint/tendermint/config"
 	cmn "github.com/tendermint/tendermint/libs/common"
 	"github.com/tendermint/tendermint/p2p"
@@ -26,15 +25,18 @@ func initFiles(cmd *cobra.Command, args []string) error {

 func initFilesWithConfig(config *cfg.Config) error {
 	// private validator
-	privValFile := config.PrivValidatorFile()
+	privValKeyFile := config.PrivValidatorKeyFile()
+	privValStateFile := config.PrivValidatorStateFile()
 	var pv *privval.FilePV
-	if cmn.FileExists(privValFile) {
-		pv = privval.LoadFilePV(privValFile)
-		logger.Info("Found private validator", "path", privValFile)
+	if cmn.FileExists(privValKeyFile) {
+		pv = privval.LoadFilePV(privValKeyFile, privValStateFile)
+		logger.Info("Found private validator", "keyFile", privValKeyFile,
+			"stateFile", privValStateFile)
 	} else {
-		pv = privval.GenFilePV(privValFile)
+		pv = privval.GenFilePV(privValKeyFile, privValStateFile)
 		pv.Save()
-		logger.Info("Generated private validator", "path", privValFile)
+		logger.Info("Generated private validator", "keyFile", privValKeyFile,
+			"stateFile", privValStateFile)
 	}

 	nodeKeyFile := config.NodeKeyFile()
@@ -57,9 +59,10 @@ func initFilesWithConfig(config *cfg.Config) error {
 			GenesisTime:     tmtime.Now(),
 			ConsensusParams: types.DefaultConsensusParams(),
 		}
+		key := pv.GetPubKey()
 		genDoc.Validators = []types.GenesisValidator{{
-			Address: pv.GetPubKey().Address(),
-			PubKey:  pv.GetPubKey(),
+			Address: key.Address(),
+			PubKey:  key,
 			Power:   10,
 		}}

--- a/cmd/tendermint/commands/reset_priv_validator.go
+++ b/cmd/tendermint/commands/reset_priv_validator.go
@@ -5,6 +5,7 @@ import (

 	"github.com/spf13/cobra"

+	cmn "github.com/tendermint/tendermint/libs/common"
 	"github.com/tendermint/tendermint/libs/log"
 	"github.com/tendermint/tendermint/privval"
 )
@@ -27,36 +28,41 @@ var ResetPrivValidatorCmd = &cobra.Command{
 // XXX: this is totally unsafe.
 // it's only suitable for testnets.
 func resetAll(cmd *cobra.Command, args []string) {
-	ResetAll(config.DBDir(), config.P2P.AddrBookFile(), config.PrivValidatorFile(), logger)
+	ResetAll(config.DBDir(), config.P2P.AddrBookFile(), config.PrivValidatorKeyFile(),
+		config.PrivValidatorStateFile(), logger)
 }

 // XXX: this is totally unsafe.
 // it's only suitable for testnets.
 func resetPrivValidator(cmd *cobra.Command, args []string) {
-	resetFilePV(config.PrivValidatorFile(), logger)
+	resetFilePV(config.PrivValidatorKeyFile(), config.PrivValidatorStateFile(), logger)
 }

-// ResetAll removes the privValidator and address book files plus all data.
+// ResetAll removes address book files plus all data, and resets the privValdiator data.
 // Exported so other CLI tools can use it.
-func ResetAll(dbDir, addrBookFile, privValFile string, logger log.Logger) {
-	resetFilePV(privValFile, logger)
+func ResetAll(dbDir, addrBookFile, privValKeyFile, privValStateFile string, logger log.Logger) {
 	removeAddrBook(addrBookFile, logger)
 	if err := os.RemoveAll(dbDir); err == nil {
 		logger.Info("Removed all blockchain history", "dir", dbDir)
 	} else {
 		logger.Error("Error removing all blockchain history", "dir", dbDir, "err", err)
 	}
+	// recreate the dbDir since the privVal state needs to live there
+	cmn.EnsureDir(dbDir, 0700)
+	resetFilePV(privValKeyFile, privValStateFile, logger)
 }

-func resetFilePV(privValFile string, logger log.Logger) {
-	if _, err := os.Stat(privValFile); err == nil {
-		pv := privval.LoadFilePV(privValFile)
+func resetFilePV(privValKeyFile, privValStateFile string, logger log.Logger) {
+	if _, err := os.Stat(privValKeyFile); err == nil {
+		pv := privval.LoadFilePVEmptyState(privValKeyFile, privValStateFile)
 		pv.Reset()
-		logger.Info("Reset private validator file to genesis state", "file", privValFile)
+		logger.Info("Reset private validator file to genesis state", "keyFile", privValKeyFile,
+			"stateFile", privValStateFile)
 	} else {
-		pv := privval.GenFilePV(privValFile)
+		pv := privval.GenFilePV(privValKeyFile, privValStateFile)
 		pv.Save()
-		logger.Info("Generated private validator file", "file", privValFile)
+		logger.Info("Generated private validator file", "file", "keyFile", privValKeyFile,
+			"stateFile", privValStateFile)
 	}
 }

--- a/cmd/tendermint/commands/root.go
+++ b/cmd/tendermint/commands/root.go
@@ -54,6 +54,9 @@ var RootCmd = &cobra.Command{
 		if err != nil {
 			return err
 		}
+		if config.LogFormat == cfg.LogFormatJSON {
+			logger = log.NewTMJSONLogger(log.NewSyncWriter(os.Stdout))
+		}
 		logger, err = tmflags.ParseLogLevel(config.LogLevel, logger, cfg.DefaultLogLevel())
 		if err != nil {
 			return err
--- a/cmd/tendermint/commands/run_node.go
+++ b/cmd/tendermint/commands/run_node.go
@@ -24,7 +24,7 @@ func AddNodeFlags(cmd *cobra.Command) {
 	cmd.Flags().Bool("fast_sync", config.FastSync, "Fast blockchain syncing")

 	// abci flags
-	cmd.Flags().String("proxy_app", config.ProxyApp, "Proxy app address, or 'nilapp' or 'kvstore' for local testing.")
+	cmd.Flags().String("proxy_app", config.ProxyApp, "Proxy app address, or one of: 'kvstore', 'persistent_kvstore', 'counter', 'counter_serial' or 'noop' for local testing.")
 	cmd.Flags().String("abci", config.ABCI, "Specify abci transport (socket | grpc)")

 	// rpc flags
--- a/cmd/tendermint/commands/show_validator.go
+++ b/cmd/tendermint/commands/show_validator.go
@@ -16,7 +16,7 @@ var ShowValidatorCmd = &cobra.Command{
 }

 func showValidator(cmd *cobra.Command, args []string) {
-	privValidator := privval.LoadOrGenFilePV(config.PrivValidatorFile())
+	privValidator := privval.LoadOrGenFilePV(config.PrivValidatorKeyFile(), config.PrivValidatorStateFile())
 	pubKeyJSONBytes, _ := cdc.MarshalJSON(privValidator.GetPubKey())
 	fmt.Println(string(pubKeyJSONBytes))
 }
--- a/cmd/tendermint/commands/testnet.go
+++ b/cmd/tendermint/commands/testnet.go
@@ -85,11 +85,18 @@ func testnetFiles(cmd *cobra.Command, args []string) error {
 			_ = os.RemoveAll(outputDir)
 			return err
 		}
+		err = os.MkdirAll(filepath.Join(nodeDir, "data"), nodeDirPerm)
+		if err != nil {
+			_ = os.RemoveAll(outputDir)
+			return err
+		}

 		initFilesWithConfig(config)

-		pvFile := filepath.Join(nodeDir, config.BaseConfig.PrivValidator)
-		pv := privval.LoadFilePV(pvFile)
+		pvKeyFile := filepath.Join(nodeDir, config.BaseConfig.PrivValidatorKey)
+		pvStateFile := filepath.Join(nodeDir, config.BaseConfig.PrivValidatorState)
+
+		pv := privval.LoadFilePV(pvKeyFile, pvStateFile)
 		genVals[i] = types.GenesisValidator{
 			Address: pv.GetPubKey().Address(),
 			PubKey:  pv.GetPubKey(),
@@ -127,14 +134,32 @@ func testnetFiles(cmd *cobra.Command, args []string) error {
 		}
 	}

+	// Gather persistent peer addresses.
+	var (
+		persistentPeers string
+		err             error
+	)
 	if populatePersistentPeers {
-		err := populatePersistentPeersInConfigAndWriteIt(config)
+		persistentPeers, err = persistentPeersString(config)
 		if err != nil {
 			_ = os.RemoveAll(outputDir)
 			return err
 		}
 	}

+	// Overwrite default config.
+	for i := 0; i < nValidators+nNonValidators; i++ {
+		nodeDir := filepath.Join(outputDir, fmt.Sprintf("%s%d", nodeDirPrefix, i))
+		config.SetRoot(nodeDir)
+		config.P2P.AddrBookStrict = false
+		config.P2P.AllowDuplicateIP = true
+		if populatePersistentPeers {
+			config.P2P.PersistentPeers = persistentPeers
+		}
+
+		cfg.WriteConfigFile(filepath.Join(nodeDir, "config", "config.toml"), config)
+	}
+
 	fmt.Printf("Successfully initialized %v node directories\n", nValidators+nNonValidators)
 	return nil
 }
@@ -157,28 +182,16 @@ func hostnameOrIP(i int) string {
 	return fmt.Sprintf("%s%d", hostnamePrefix, i)
 }

-func populatePersistentPeersInConfigAndWriteIt(config *cfg.Config) error {
+func persistentPeersString(config *cfg.Config) (string, error) {
 	persistentPeers := make([]string, nValidators+nNonValidators)
 	for i := 0; i < nValidators+nNonValidators; i++ {
 		nodeDir := filepath.Join(outputDir, fmt.Sprintf("%s%d", nodeDirPrefix, i))
 		config.SetRoot(nodeDir)
 		nodeKey, err := p2p.LoadNodeKey(config.NodeKeyFile())
 		if err != nil {
-			return err
+			return "", err
 		}
 		persistentPeers[i] = p2p.IDAddressString(nodeKey.ID(), fmt.Sprintf("%s:%d", hostnameOrIP(i), p2pPort))
 	}
-	persistentPeersList := strings.Join(persistentPeers, ",")
-
-	for i := 0; i < nValidators+nNonValidators; i++ {
-		nodeDir := filepath.Join(outputDir, fmt.Sprintf("%s%d", nodeDirPrefix, i))
-		config.SetRoot(nodeDir)
-		config.P2P.PersistentPeers = persistentPeersList
-		config.P2P.AddrBookStrict = false
-
-		// overwrite default config
-		cfg.WriteConfigFile(filepath.Join(nodeDir, "config", "config.toml"), config)
-	}
-
-	return nil
+	return strings.Join(persistentPeers, ","), nil
 }
--- a/config/config.go
+++ b/config/config.go
@@ -14,6 +14,11 @@ const (
 	FuzzModeDrop = iota
 	// FuzzModeDelay is a mode in which we randomly sleep
 	FuzzModeDelay
+
+	// LogFormatPlain is a format for colored text
+	LogFormatPlain = "plain"
+	// LogFormatJSON is a format for json output
+	LogFormatJSON = "json"
 )

 // NOTE: Most of the structs & relevant comments + the
@@ -30,15 +35,24 @@ var (
 	defaultConfigFileName  = "config.toml"
 	defaultGenesisJSONName = "genesis.json"

-	defaultPrivValName  = "priv_validator.json"
+	defaultPrivValKeyName   = "priv_validator_key.json"
+	defaultPrivValStateName = "priv_validator_state.json"
+
 	defaultNodeKeyName  = "node_key.json"
 	defaultAddrBookName = "addrbook.json"

-	defaultConfigFilePath  = filepath.Join(defaultConfigDir, defaultConfigFileName)
-	defaultGenesisJSONPath = filepath.Join(defaultConfigDir, defaultGenesisJSONName)
-	defaultPrivValPath     = filepath.Join(defaultConfigDir, defaultPrivValName)
-	defaultNodeKeyPath     = filepath.Join(defaultConfigDir, defaultNodeKeyName)
-	defaultAddrBookPath    = filepath.Join(defaultConfigDir, defaultAddrBookName)
+	defaultConfigFilePath   = filepath.Join(defaultConfigDir, defaultConfigFileName)
+	defaultGenesisJSONPath  = filepath.Join(defaultConfigDir, defaultGenesisJSONName)
+	defaultPrivValKeyPath   = filepath.Join(defaultConfigDir, defaultPrivValKeyName)
+	defaultPrivValStatePath = filepath.Join(defaultDataDir, defaultPrivValStateName)
+
+	defaultNodeKeyPath  = filepath.Join(defaultConfigDir, defaultNodeKeyName)
+	defaultAddrBookPath = filepath.Join(defaultConfigDir, defaultAddrBookName)
+)
+
+var (
+	oldPrivVal     = "priv_validator.json"
+	oldPrivValPath = filepath.Join(defaultConfigDir, oldPrivVal)
 )

 // Config defines the top level configuration for a Tendermint node
@@ -94,6 +108,9 @@ func (cfg *Config) SetRoot(root string) *Config {
 // ValidateBasic performs basic validation (checking param bounds, etc.) and
 // returns an error if any check fails.
 func (cfg *Config) ValidateBasic() error {
+	if err := cfg.BaseConfig.ValidateBasic(); err != nil {
+		return err
+	}
 	if err := cfg.RPC.ValidateBasic(); err != nil {
 		return errors.Wrap(err, "Error in [rpc] section")
 	}
@@ -145,11 +162,17 @@ type BaseConfig struct {
 	// Output level for logging
 	LogLevel string `mapstructure:"log_level"`

+	// Output format: 'plain' (colored text) or 'json'
+	LogFormat string `mapstructure:"log_format"`
+
 	// Path to the JSON file containing the initial validator set and other meta data
 	Genesis string `mapstructure:"genesis_file"`

 	// Path to the JSON file containing the private key to use as a validator in the consensus protocol
-	PrivValidator string `mapstructure:"priv_validator_file"`
+	PrivValidatorKey string `mapstructure:"priv_validator_key_file"`
+
+	// Path to the JSON file containing the last sign state of a validator
+	PrivValidatorState string `mapstructure:"priv_validator_state_file"`

 	// TCP or UNIX socket address for Tendermint to listen on for
 	// connections from an external PrivValidator process
@@ -172,18 +195,20 @@ type BaseConfig struct {
 // DefaultBaseConfig returns a default base configuration for a Tendermint node
 func DefaultBaseConfig() BaseConfig {
 	return BaseConfig{
-		Genesis:           defaultGenesisJSONPath,
-		PrivValidator:     defaultPrivValPath,
-		NodeKey:           defaultNodeKeyPath,
-		Moniker:           defaultMoniker,
-		ProxyApp:          "tcp://127.0.0.1:26658",
-		ABCI:              "socket",
-		LogLevel:          DefaultPackageLogLevels(),
-		ProfListenAddress: "",
-		FastSync:          true,
-		FilterPeers:       false,
-		DBBackend:         "leveldb",
-		DBPath:            "data",
+		Genesis:            defaultGenesisJSONPath,
+		PrivValidatorKey:   defaultPrivValKeyPath,
+		PrivValidatorState: defaultPrivValStatePath,
+		NodeKey:            defaultNodeKeyPath,
+		Moniker:            defaultMoniker,
+		ProxyApp:           "tcp://127.0.0.1:26658",
+		ABCI:               "socket",
+		LogLevel:           DefaultPackageLogLevels(),
+		LogFormat:          LogFormatPlain,
+		ProfListenAddress:  "",
+		FastSync:           true,
+		FilterPeers:        false,
+		DBBackend:          "leveldb",
+		DBPath:             "data",
 	}
 }

@@ -206,9 +231,20 @@ func (cfg BaseConfig) GenesisFile() string {
 	return rootify(cfg.Genesis, cfg.RootDir)
 }

-// PrivValidatorFile returns the full path to the priv_validator.json file
-func (cfg BaseConfig) PrivValidatorFile() string {
-	return rootify(cfg.PrivValidator, cfg.RootDir)
+// PrivValidatorKeyFile returns the full path to the priv_validator_key.json file
+func (cfg BaseConfig) PrivValidatorKeyFile() string {
+	return rootify(cfg.PrivValidatorKey, cfg.RootDir)
+}
+
+// PrivValidatorFile returns the full path to the priv_validator_state.json file
+func (cfg BaseConfig) PrivValidatorStateFile() string {
+	return rootify(cfg.PrivValidatorState, cfg.RootDir)
+}
+
+// OldPrivValidatorFile returns the full path of the priv_validator.json from pre v0.28.0.
+// TODO: eventually remove.
+func (cfg BaseConfig) OldPrivValidatorFile() string {
+	return rootify(oldPrivValPath, cfg.RootDir)
 }

 // NodeKeyFile returns the full path to the node_key.json file
@@ -221,6 +257,17 @@ func (cfg BaseConfig) DBDir() string {
 	return rootify(cfg.DBPath, cfg.RootDir)
 }

+// ValidateBasic performs basic validation (checking param bounds, etc.) and
+// returns an error if any check fails.
+func (cfg BaseConfig) ValidateBasic() error {
+	switch cfg.LogFormat {
+	case LogFormatPlain, LogFormatJSON:
+	default:
+		return errors.New("unknown log_format (must be 'plain' or 'json')")
+	}
+	return nil
+}
+
 // DefaultLogLevel returns a default log level of "error"
 func DefaultLogLevel() string {
 	return "error"
@@ -242,13 +289,25 @@ type RPCConfig struct {
 	// TCP or UNIX socket address for the RPC server to listen on
 	ListenAddress string `mapstructure:"laddr"`

+	// A list of origins a cross-domain request can be executed from.
+	// If the special '*' value is present in the list, all origins will be allowed.
+	// An origin may contain a wildcard (*) to replace 0 or more characters (i.e.: http://*.domain.com).
+	// Only one wildcard can be used per origin.
+	CORSAllowedOrigins []string `mapstructure:"cors_allowed_origins"`
+
+	// A list of methods the client is allowed to use with cross-domain requests.
+	CORSAllowedMethods []string `mapstructure:"cors_allowed_methods"`
+
+	// A list of non simple headers the client is allowed to use with cross-domain requests.
+	CORSAllowedHeaders []string `mapstructure:"cors_allowed_headers"`
+
 	// TCP or UNIX socket address for the gRPC server to listen on
 	// NOTE: This server only supports /broadcast_tx_commit
 	GRPCListenAddress string `mapstructure:"grpc_laddr"`

 	// Maximum number of simultaneous connections.
 	// Does not include RPC (HTTP&WebSocket) connections. See max_open_connections
-	// If you want to accept more significant number than the default, make sure
+	// If you want to accept a larger number than the default, make sure
 	// you increase your OS limits.
 	// 0 - unlimited.
 	GRPCMaxOpenConnections int `mapstructure:"grpc_max_open_connections"`
@@ -258,7 +317,7 @@ type RPCConfig struct {

 	// Maximum number of simultaneous connections (including WebSocket).
 	// Does not include gRPC connections. See grpc_max_open_connections
-	// If you want to accept more significant number than the default, make sure
+	// If you want to accept a larger number than the default, make sure
 	// you increase your OS limits.
 	// 0 - unlimited.
 	// Should be < {ulimit -Sn} - {MaxNumInboundPeers} - {MaxNumOutboundPeers} - {N of wal, db and other open files}
@@ -269,8 +328,10 @@ type RPCConfig struct {
 // DefaultRPCConfig returns a default configuration for the RPC server
 func DefaultRPCConfig() *RPCConfig {
 	return &RPCConfig{
-		ListenAddress: "tcp://0.0.0.0:26657",
-
+		ListenAddress:          "tcp://0.0.0.0:26657",
+		CORSAllowedOrigins:     []string{},
+		CORSAllowedMethods:     []string{"HEAD", "GET", "POST"},
+		CORSAllowedHeaders:     []string{"Origin", "Accept", "Content-Type", "X-Requested-With", "X-Server-Time"},
 		GRPCListenAddress:      "",
 		GRPCMaxOpenConnections: 900,

@@ -300,6 +361,11 @@ func (cfg *RPCConfig) ValidateBasic() error {
 	return nil
 }

+// IsCorsEnabled returns true if cross-origin resource sharing is enabled.
+func (cfg *RPCConfig) IsCorsEnabled() bool {
+	return len(cfg.CORSAllowedOrigins) != 0
+}
+
 //-----------------------------------------------------------------------------
 // P2PConfig

@@ -392,7 +458,7 @@ func DefaultP2PConfig() *P2PConfig {
 		RecvRate:                5120000, // 5 mB/s
 		PexReactor:              true,
 		SeedMode:                false,
-		AllowDuplicateIP:        true, // so non-breaking yet
+		AllowDuplicateIP:        false,
 		HandshakeTimeout:        20 * time.Second,
 		DialTimeout:             3 * time.Second,
 		TestDialFail:            false,
@@ -732,12 +798,12 @@ type InstrumentationConfig struct {
 	PrometheusListenAddr string `mapstructure:"prometheus_listen_addr"`

 	// Maximum number of simultaneous connections.
-	// If you want to accept more significant number than the default, make sure
+	// If you want to accept a larger number than the default, make sure
 	// you increase your OS limits.
 	// 0 - unlimited.
 	MaxOpenConnections int `mapstructure:"max_open_connections"`

-	// Tendermint instrumentation namespace.
+	// Instrumentation namespace.
 	Namespace string `mapstructure:"namespace"`
 }

--- a/config/toml.go
+++ b/config/toml.go
@@ -86,13 +86,19 @@ db_dir = "{{ js .BaseConfig.DBPath }}"
 # Output level for logging, including package level options
 log_level = "{{ .BaseConfig.LogLevel }}"

+# Output format: 'plain' (colored text) or 'json'
+log_format = "{{ .BaseConfig.LogFormat }}"
+
 ##### additional base config options #####

 # Path to the JSON file containing the initial validator set and other meta data
 genesis_file = "{{ js .BaseConfig.Genesis }}"

 # Path to the JSON file containing the private key to use as a validator in the consensus protocol
-priv_validator_file = "{{ js .BaseConfig.PrivValidator }}"
+priv_validator_key_file = "{{ js .BaseConfig.PrivValidatorKey }}"
+
+# Path to the JSON file containing the last sign state of a validator
+priv_validator_state_file = "{{ js .BaseConfig.PrivValidatorState }}"

 # TCP or UNIX socket address for Tendermint to listen on for
 # connections from an external PrivValidator process
@@ -119,13 +125,24 @@ filter_peers = {{ .BaseConfig.FilterPeers }}
 # TCP or UNIX socket address for the RPC server to listen on
 laddr = "{{ .RPC.ListenAddress }}"

+# A list of origins a cross-domain request can be executed from
+# Default value '[]' disables cors support
+# Use '["*"]' to allow any origin
+cors_allowed_origins = [{{ range .RPC.CORSAllowedOrigins }}{{ printf "%q, " . }}{{end}}]
+
+# A list of methods the client is allowed to use with cross-domain requests
+cors_allowed_methods = [{{ range .RPC.CORSAllowedMethods }}{{ printf "%q, " . }}{{end}}]
+
+# A list of non simple headers the client is allowed to use with cross-domain requests
+cors_allowed_headers = [{{ range .RPC.CORSAllowedHeaders }}{{ printf "%q, " . }}{{end}}]
+
 # TCP or UNIX socket address for the gRPC server to listen on
 # NOTE: This server only supports /broadcast_tx_commit
 grpc_laddr = "{{ .RPC.GRPCListenAddress }}"

 # Maximum number of simultaneous connections.
 # Does not include RPC (HTTP&WebSocket) connections. See max_open_connections
-# If you want to accept more significant number than the default, make sure
+# If you want to accept a larger number than the default, make sure
 # you increase your OS limits.
 # 0 - unlimited.
 # Should be < {ulimit -Sn} - {MaxNumInboundPeers} - {MaxNumOutboundPeers} - {N of wal, db and other open files}
@@ -137,7 +154,7 @@ unsafe = {{ .RPC.Unsafe }}

 # Maximum number of simultaneous connections (including WebSocket).
 # Does not include gRPC connections. See grpc_max_open_connections
-# If you want to accept more significant number than the default, make sure
+# If you want to accept a larger number than the default, make sure
 # you increase your OS limits.
 # 0 - unlimited.
 # Should be < {ulimit -Sn} - {MaxNumInboundPeers} - {MaxNumOutboundPeers} - {N of wal, db and other open files}
@@ -246,14 +263,17 @@ create_empty_blocks_interval = "{{ .Consensus.CreateEmptyBlocksInterval }}"
 peer_gossip_sleep_duration = "{{ .Consensus.PeerGossipSleepDuration }}"
 peer_query_maj23_sleep_duration = "{{ .Consensus.PeerQueryMaj23SleepDuration }}"

+# Block time parameters. Corresponds to the minimum time increment between consecutive blocks.
+blocktime_iota = "{{ .Consensus.BlockTimeIota }}"
+
 ##### transactions indexer configuration options #####
 [tx_index]

 # What indexer to use for transactions
 #
 # Options:
-#   1) "null" (default)
-#   2) "kv" - the simplest possible indexer, backed by key-value storage (defaults to levelDB; see DBBackend).
+#   1) "null"
+#   2) "kv" (default) - the simplest possible indexer, backed by key-value storage (defaults to levelDB; see DBBackend).
 indexer = "{{ .TxIndex.Indexer }}"

 # Comma-separated list of tags to index (by default the only tag is "tx.hash")
@@ -285,7 +305,7 @@ prometheus = {{ .Instrumentation.Prometheus }}
 prometheus_listen_addr = "{{ .Instrumentation.PrometheusListenAddr }}"

 # Maximum number of simultaneous connections.
-# If you want to accept more significant number than the default, make sure
+# If you want to accept a larger number than the default, make sure
 # you increase your OS limits.
 # 0 - unlimited.
 max_open_connections = {{ .Instrumentation.MaxOpenConnections }}
@@ -325,7 +345,8 @@ func ResetTestRoot(testName string) *Config {
 	baseConfig := DefaultBaseConfig()
 	configFilePath := filepath.Join(rootDir, defaultConfigFilePath)
 	genesisFilePath := filepath.Join(rootDir, baseConfig.Genesis)
-	privFilePath := filepath.Join(rootDir, baseConfig.PrivValidator)
+	privKeyFilePath := filepath.Join(rootDir, baseConfig.PrivValidatorKey)
+	privStateFilePath := filepath.Join(rootDir, baseConfig.PrivValidatorState)

 	// Write default config file if missing.
 	if !cmn.FileExists(configFilePath) {
@@ -335,7 +356,8 @@ func ResetTestRoot(testName string) *Config {
 		cmn.MustWriteFile(genesisFilePath, []byte(testGenesis), 0644)
 	}
 	// we always overwrite the priv val
-	cmn.MustWriteFile(privFilePath, []byte(testPrivValidator), 0644)
+	cmn.MustWriteFile(privKeyFilePath, []byte(testPrivValidatorKey), 0644)
+	cmn.MustWriteFile(privStateFilePath, []byte(testPrivValidatorState), 0644)

 	config := TestConfig().SetRoot(rootDir)
 	return config
@@ -357,7 +379,7 @@ var testGenesis = `{
  "app_hash": ""
 }`

-var testPrivValidator = `{
+var testPrivValidatorKey = `{
  "address": "A3258DCBF45DCA0DF052981870F2D1441A36D145",
  "pub_key": {
    "type": "tendermint/PubKeyEd25519",
@@ -366,8 +388,11 @@ var testPrivValidator = `{
  "priv_key": {
    "type": "tendermint/PrivKeyEd25519",
    "value": "EVkqJO/jIXp3rkASXfh9YnyToYXRXhBr6g9cQVxPFnQBP/5povV4HTjvsy530kybxKHwEi85iU8YL0qQhSYVoQ=="
-  },
-  "last_height": "0",
-  "last_round": "0",
-  "last_step": 0
+  }
+}`
+
+var testPrivValidatorState = `{
+  "height": "0",
+  "round": "0",
+  "step": 0
 }`
--- a/config/toml_test.go
+++ b/config/toml_test.go
@@ -60,7 +60,7 @@ func TestEnsureTestRoot(t *testing.T) {

 	// TODO: make sure the cfg returned and testconfig are the same!
 	baseConfig := DefaultBaseConfig()
-	ensureFiles(t, rootDir, defaultDataDir, baseConfig.Genesis, baseConfig.PrivValidator)
+	ensureFiles(t, rootDir, defaultDataDir, baseConfig.Genesis, baseConfig.PrivValidatorKey, baseConfig.PrivValidatorState)
 }

 func checkConfig(configFile string) bool {
--- a/consensus/common_test.go
+++ b/consensus/common_test.go
@@ -6,14 +6,18 @@ import (
 	"fmt"
 	"io/ioutil"
 	"os"
-	"path"
+	"path/filepath"
 	"reflect"
 	"sort"
 	"sync"
 	"testing"
 	"time"

+	"github.com/go-kit/kit/log/term"
+
 	abcicli "github.com/tendermint/tendermint/abci/client"
+	"github.com/tendermint/tendermint/abci/example/counter"
+	"github.com/tendermint/tendermint/abci/example/kvstore"
 	abci "github.com/tendermint/tendermint/abci/types"
 	bc "github.com/tendermint/tendermint/blockchain"
 	cfg "github.com/tendermint/tendermint/config"
@@ -27,11 +31,6 @@ import (
 	sm "github.com/tendermint/tendermint/state"
 	"github.com/tendermint/tendermint/types"
 	tmtime "github.com/tendermint/tendermint/types/time"
-
-	"github.com/tendermint/tendermint/abci/example/counter"
-	"github.com/tendermint/tendermint/abci/example/kvstore"
-
-	"github.com/go-kit/kit/log/term"
 )

 const (
@@ -72,9 +71,10 @@ func NewValidatorStub(privValidator types.PrivValidator, valIndex int) *validato
 }

 func (vs *validatorStub) signVote(voteType types.SignedMsgType, hash []byte, header types.PartSetHeader) (*types.Vote, error) {
+	addr := vs.PrivValidator.GetPubKey().Address()
 	vote := &types.Vote{
 		ValidatorIndex:   vs.Index,
-		ValidatorAddress: vs.PrivValidator.GetAddress(),
+		ValidatorAddress: addr,
 		Height:           vs.Height,
 		Round:            vs.Round,
 		Timestamp:        tmtime.Now(),
@@ -151,8 +151,9 @@ func signAddVotes(to *ConsensusState, voteType types.SignedMsgType, hash []byte,

 func validatePrevote(t *testing.T, cs *ConsensusState, round int, privVal *validatorStub, blockHash []byte) {
 	prevotes := cs.Votes.Prevotes(round)
+	address := privVal.GetPubKey().Address()
 	var vote *types.Vote
-	if vote = prevotes.GetByAddress(privVal.GetAddress()); vote == nil {
+	if vote = prevotes.GetByAddress(address); vote == nil {
 		panic("Failed to find prevote from validator")
 	}
 	if blockHash == nil {
@@ -168,8 +169,9 @@ func validatePrevote(t *testing.T, cs *ConsensusState, round int, privVal *valid

 func validateLastPrecommit(t *testing.T, cs *ConsensusState, privVal *validatorStub, blockHash []byte) {
 	votes := cs.LastCommit
+	address := privVal.GetPubKey().Address()
 	var vote *types.Vote
-	if vote = votes.GetByAddress(privVal.GetAddress()); vote == nil {
+	if vote = votes.GetByAddress(address); vote == nil {
 		panic("Failed to find precommit from validator")
 	}
 	if !bytes.Equal(vote.BlockID.Hash, blockHash) {
@@ -179,8 +181,9 @@ func validateLastPrecommit(t *testing.T, cs *ConsensusState, privVal *validatorS

 func validatePrecommit(t *testing.T, cs *ConsensusState, thisRound, lockRound int, privVal *validatorStub, votedBlockHash, lockedBlockHash []byte) {
 	precommits := cs.Votes.Precommits(thisRound)
+	address := privVal.GetPubKey().Address()
 	var vote *types.Vote
-	if vote = precommits.GetByAddress(privVal.GetAddress()); vote == nil {
+	if vote = precommits.GetByAddress(address); vote == nil {
 		panic("Failed to find precommit from validator")
 	}

@@ -281,9 +284,10 @@ func newConsensusStateWithConfigAndBlockStore(thisConfig *cfg.Config, state sm.S
 }

 func loadPrivValidator(config *cfg.Config) *privval.FilePV {
-	privValidatorFile := config.PrivValidatorFile()
-	ensureDir(path.Dir(privValidatorFile), 0700)
-	privValidator := privval.LoadOrGenFilePV(privValidatorFile)
+	privValidatorKeyFile := config.PrivValidatorKeyFile()
+	ensureDir(filepath.Dir(privValidatorKeyFile), 0700)
+	privValidatorStateFile := config.PrivValidatorStateFile()
+	privValidator := privval.LoadOrGenFilePV(privValidatorKeyFile, privValidatorStateFile)
 	privValidator.Reset()
 	return privValidator
 }
@@ -405,8 +409,24 @@ func ensureNewVote(voteCh <-chan interface{}, height int64, round int) {
 }

 func ensureNewRound(roundCh <-chan interface{}, height int64, round int) {
-	ensureNewEvent(roundCh, height, round, ensureTimeout,
-		"Timeout expired while waiting for NewRound event")
+	select {
+	case <-time.After(ensureTimeout):
+		panic("Timeout expired while waiting for NewRound event")
+	case ev := <-roundCh:
+		rs, ok := ev.(types.EventDataNewRound)
+		if !ok {
+			panic(
+				fmt.Sprintf(
+					"expected a EventDataNewRound, got %v.Wrong subscription channel?",
+					reflect.TypeOf(rs)))
+		}
+		if rs.Height != height {
+			panic(fmt.Sprintf("expected height %v, got %v", height, rs.Height))
+		}
+		if rs.Round != round {
+			panic(fmt.Sprintf("expected round %v, got %v", round, rs.Round))
+		}
+	}
 }

 func ensureNewTimeout(timeoutCh <-chan interface{}, height int64, round int, timeout int64) {
@@ -416,8 +436,24 @@ func ensureNewTimeout(timeoutCh <-chan interface{}, height int64, round int, tim
 }

 func ensureNewProposal(proposalCh <-chan interface{}, height int64, round int) {
-	ensureNewEvent(proposalCh, height, round, ensureTimeout,
-		"Timeout expired while waiting for NewProposal event")
+	select {
+	case <-time.After(ensureTimeout):
+		panic("Timeout expired while waiting for NewProposal event")
+	case ev := <-proposalCh:
+		rs, ok := ev.(types.EventDataCompleteProposal)
+		if !ok {
+			panic(
+				fmt.Sprintf(
+					"expected a EventDataCompleteProposal, got %v.Wrong subscription channel?",
+					reflect.TypeOf(rs)))
+		}
+		if rs.Height != height {
+			panic(fmt.Sprintf("expected height %v, got %v", height, rs.Height))
+		}
+		if rs.Round != round {
+			panic(fmt.Sprintf("expected round %v, got %v", round, rs.Round))
+		}
+	}
 }

 func ensureNewValidBlock(validBlockCh <-chan interface{}, height int64, round int) {
@@ -492,6 +528,30 @@ func ensureVote(voteCh <-chan interface{}, height int64, round int,
 	}
 }

+func ensureProposal(proposalCh <-chan interface{}, height int64, round int, propId types.BlockID) {
+	select {
+	case <-time.After(ensureTimeout):
+		panic("Timeout expired while waiting for NewProposal event")
+	case ev := <-proposalCh:
+		rs, ok := ev.(types.EventDataCompleteProposal)
+		if !ok {
+			panic(
+				fmt.Sprintf(
+					"expected a EventDataCompleteProposal, got %v.Wrong subscription channel?",
+					reflect.TypeOf(rs)))
+		}
+		if rs.Height != height {
+			panic(fmt.Sprintf("expected height %v, got %v", height, rs.Height))
+		}
+		if rs.Round != round {
+			panic(fmt.Sprintf("expected round %v, got %v", round, rs.Round))
+		}
+		if !rs.BlockID.Equals(propId) {
+			panic("Proposed block does not match expected block")
+		}
+	}
+}
+
 func ensurePrecommit(voteCh <-chan interface{}, height int64, round int) {
 	ensureVote(voteCh, height, round, types.PrecommitType)
 }
@@ -535,7 +595,7 @@ func randConsensusNet(nValidators int, testName string, tickerFunc func() Timeou
 		for _, opt := range configOpts {
 			opt(thisConfig)
 		}
-		ensureDir(path.Dir(thisConfig.Consensus.WalFile()), 0700) // dir for wal
+		ensureDir(filepath.Dir(thisConfig.Consensus.WalFile()), 0700) // dir for wal
 		app := appFunc()
 		vals := types.TM2PB.ValidatorUpdates(state.Validators)
 		app.InitChain(abci.RequestInitChain{Validators: vals})
@@ -556,16 +616,21 @@ func randConsensusNetWithPeers(nValidators, nPeers int, testName string, tickerF
 		stateDB := dbm.NewMemDB() // each state needs its own db
 		state, _ := sm.LoadStateFromDBOrGenesisDoc(stateDB, genDoc)
 		thisConfig := ResetConfig(fmt.Sprintf("%s_%d", testName, i))
-		ensureDir(path.Dir(thisConfig.Consensus.WalFile()), 0700) // dir for wal
+		ensureDir(filepath.Dir(thisConfig.Consensus.WalFile()), 0700) // dir for wal
 		var privVal types.PrivValidator
 		if i < nValidators {
 			privVal = privVals[i]
 		} else {
-			tempFile, err := ioutil.TempFile("", "priv_validator_")
+			tempKeyFile, err := ioutil.TempFile("", "priv_validator_key_")
 			if err != nil {
 				panic(err)
 			}
-			privVal = privval.GenFilePV(tempFile.Name())
+			tempStateFile, err := ioutil.TempFile("", "priv_validator_state_")
+			if err != nil {
+				panic(err)
+			}
+
+			privVal = privval.GenFilePV(tempKeyFile.Name(), tempStateFile.Name())
 		}

 		app := appFunc()
--- a/consensus/mempool_test.go
+++ b/consensus/mempool_test.go
@@ -10,6 +10,7 @@ import (

 	"github.com/tendermint/tendermint/abci/example/code"
 	abci "github.com/tendermint/tendermint/abci/types"
+	sm "github.com/tendermint/tendermint/state"
 	"github.com/tendermint/tendermint/types"
 )

@@ -17,12 +18,17 @@ func init() {
 	config = ResetConfig("consensus_mempool_test")
 }

+// for testing
+func assertMempool(txn txNotifier) sm.Mempool {
+	return txn.(sm.Mempool)
+}
+
 func TestMempoolNoProgressUntilTxsAvailable(t *testing.T) {
 	config := ResetConfig("consensus_mempool_txs_available_test")
 	config.Consensus.CreateEmptyBlocks = false
 	state, privVals := randGenesisState(1, false, 10)
 	cs := newConsensusStateWithConfig(config, state, privVals[0], NewCounterApplication())
-	cs.mempool.EnableTxsAvailable()
+	assertMempool(cs.txNotifier).EnableTxsAvailable()
 	height, round := cs.Height, cs.Round
 	newBlockCh := subscribe(cs.eventBus, types.EventQueryNewBlock)
 	startTestRound(cs, height, round)
@@ -40,7 +46,7 @@ func TestMempoolProgressAfterCreateEmptyBlocksInterval(t *testing.T) {
 	config.Consensus.CreateEmptyBlocksInterval = ensureTimeout
 	state, privVals := randGenesisState(1, false, 10)
 	cs := newConsensusStateWithConfig(config, state, privVals[0], NewCounterApplication())
-	cs.mempool.EnableTxsAvailable()
+	assertMempool(cs.txNotifier).EnableTxsAvailable()
 	height, round := cs.Height, cs.Round
 	newBlockCh := subscribe(cs.eventBus, types.EventQueryNewBlock)
 	startTestRound(cs, height, round)
@@ -55,7 +61,7 @@ func TestMempoolProgressInHigherRound(t *testing.T) {
 	config.Consensus.CreateEmptyBlocks = false
 	state, privVals := randGenesisState(1, false, 10)
 	cs := newConsensusStateWithConfig(config, state, privVals[0], NewCounterApplication())
-	cs.mempool.EnableTxsAvailable()
+	assertMempool(cs.txNotifier).EnableTxsAvailable()
 	height, round := cs.Height, cs.Round
 	newBlockCh := subscribe(cs.eventBus, types.EventQueryNewBlock)
 	newRoundCh := subscribe(cs.eventBus, types.EventQueryNewRound)
@@ -71,19 +77,19 @@ func TestMempoolProgressInHigherRound(t *testing.T) {
 	}
 	startTestRound(cs, height, round)

-	ensureNewRoundStep(newRoundCh, height, round) // first round at first height
-	ensureNewEventOnChannel(newBlockCh)           // first block gets committed
+	ensureNewRound(newRoundCh, height, round) // first round at first height
+	ensureNewEventOnChannel(newBlockCh)       // first block gets committed

 	height = height + 1 // moving to the next height
 	round = 0

-	ensureNewRoundStep(newRoundCh, height, round) // first round at next height
-	deliverTxsRange(cs, 0, 1)                     // we deliver txs, but dont set a proposal so we get the next round
+	ensureNewRound(newRoundCh, height, round) // first round at next height
+	deliverTxsRange(cs, 0, 1)                 // we deliver txs, but dont set a proposal so we get the next round
 	ensureNewTimeout(timeoutCh, height, round, cs.config.TimeoutPropose.Nanoseconds())

-	round = round + 1                             // moving to the next round
-	ensureNewRoundStep(newRoundCh, height, round) // wait for the next round
-	ensureNewEventOnChannel(newBlockCh)           // now we can commit the block
+	round = round + 1                         // moving to the next round
+	ensureNewRound(newRoundCh, height, round) // wait for the next round
+	ensureNewEventOnChannel(newBlockCh)       // now we can commit the block
 }

 func deliverTxsRange(cs *ConsensusState, start, end int) {
@@ -91,7 +97,7 @@ func deliverTxsRange(cs *ConsensusState, start, end int) {
 	for i := start; i < end; i++ {
 		txBytes := make([]byte, 8)
 		binary.BigEndian.PutUint64(txBytes, uint64(i))
-		err := cs.mempool.CheckTx(txBytes, nil)
+		err := assertMempool(cs.txNotifier).CheckTx(txBytes, nil)
 		if err != nil {
 			panic(fmt.Sprintf("Error after CheckTx: %v", err))
 		}
@@ -141,7 +147,7 @@ func TestMempoolRmBadTx(t *testing.T) {
 		// Try to send the tx through the mempool.
 		// CheckTx should not err, but the app should return a bad abci code
 		// and the tx should get removed from the pool
-		err := cs.mempool.CheckTx(txBytes, func(r *abci.Response) {
+		err := assertMempool(cs.txNotifier).CheckTx(txBytes, func(r *abci.Response) {
 			if r.GetCheckTx().Code != code.CodeTypeBadNonce {
 				t.Fatalf("expected checktx to return bad nonce, got %v", r)
 			}
@@ -153,7 +159,7 @@ func TestMempoolRmBadTx(t *testing.T) {

 		// check for the tx
 		for {
-			txs := cs.mempool.ReapMaxBytesMaxGas(int64(len(txBytes)), -1)
+			txs := assertMempool(cs.txNotifier).ReapMaxBytesMaxGas(int64(len(txBytes)), -1)
 			if len(txs) == 0 {
 				emptyMempoolCh <- struct{}{}
 				return
--- a/consensus/metrics.go
+++ b/consensus/metrics.go
@@ -8,7 +8,11 @@ import (
 	stdprometheus "github.com/prometheus/client_golang/prometheus"
 )

-const MetricsSubsystem = "consensus"
+const (
+	// MetricsSubsystem is a subsystem shared by all metrics exposed by this
+	// package.
+	MetricsSubsystem = "consensus"
+)

 // Metrics contains metrics exposed by this package.
 type Metrics struct {
@@ -50,101 +54,107 @@ type Metrics struct {
 }

 // PrometheusMetrics returns Metrics build using Prometheus client library.
-func PrometheusMetrics(namespace string) *Metrics {
+// Optionally, labels can be provided along with their values ("foo",
+// "fooValue").
+func PrometheusMetrics(namespace string, labelsAndValues ...string) *Metrics {
+	labels := []string{}
+	for i := 0; i < len(labelsAndValues); i += 2 {
+		labels = append(labels, labelsAndValues[i])
+	}
 	return &Metrics{
 		Height: prometheus.NewGaugeFrom(stdprometheus.GaugeOpts{
 			Namespace: namespace,
 			Subsystem: MetricsSubsystem,
 			Name:      "height",
 			Help:      "Height of the chain.",
-		}, []string{}),
+		}, labels).With(labelsAndValues...),
 		Rounds: prometheus.NewGaugeFrom(stdprometheus.GaugeOpts{
 			Namespace: namespace,
 			Subsystem: MetricsSubsystem,
 			Name:      "rounds",
 			Help:      "Number of rounds.",
-		}, []string{}),
+		}, labels).With(labelsAndValues...),

 		Validators: prometheus.NewGaugeFrom(stdprometheus.GaugeOpts{
 			Namespace: namespace,
 			Subsystem: MetricsSubsystem,
 			Name:      "validators",
 			Help:      "Number of validators.",
-		}, []string{}),
+		}, labels).With(labelsAndValues...),
 		ValidatorsPower: prometheus.NewGaugeFrom(stdprometheus.GaugeOpts{
 			Namespace: namespace,
 			Subsystem: MetricsSubsystem,
 			Name:      "validators_power",
 			Help:      "Total power of all validators.",
-		}, []string{}),
+		}, labels).With(labelsAndValues...),
 		MissingValidators: prometheus.NewGaugeFrom(stdprometheus.GaugeOpts{
 			Namespace: namespace,
 			Subsystem: MetricsSubsystem,
 			Name:      "missing_validators",
 			Help:      "Number of validators who did not sign.",
-		}, []string{}),
+		}, labels).With(labelsAndValues...),
 		MissingValidatorsPower: prometheus.NewGaugeFrom(stdprometheus.GaugeOpts{
 			Namespace: namespace,
 			Subsystem: MetricsSubsystem,
 			Name:      "missing_validators_power",
 			Help:      "Total power of the missing validators.",
-		}, []string{}),
+		}, labels).With(labelsAndValues...),
 		ByzantineValidators: prometheus.NewGaugeFrom(stdprometheus.GaugeOpts{
 			Namespace: namespace,
 			Subsystem: MetricsSubsystem,
 			Name:      "byzantine_validators",
 			Help:      "Number of validators who tried to double sign.",
-		}, []string{}),
+		}, labels).With(labelsAndValues...),
 		ByzantineValidatorsPower: prometheus.NewGaugeFrom(stdprometheus.GaugeOpts{
 			Namespace: namespace,
 			Subsystem: MetricsSubsystem,
 			Name:      "byzantine_validators_power",
 			Help:      "Total power of the byzantine validators.",
-		}, []string{}),
+		}, labels).With(labelsAndValues...),

 		BlockIntervalSeconds: prometheus.NewGaugeFrom(stdprometheus.GaugeOpts{
 			Namespace: namespace,
 			Subsystem: MetricsSubsystem,
 			Name:      "block_interval_seconds",
 			Help:      "Time between this and the last block.",
-		}, []string{}),
+		}, labels).With(labelsAndValues...),

 		NumTxs: prometheus.NewGaugeFrom(stdprometheus.GaugeOpts{
 			Namespace: namespace,
 			Subsystem: MetricsSubsystem,
 			Name:      "num_txs",
 			Help:      "Number of transactions.",
-		}, []string{}),
+		}, labels).With(labelsAndValues...),
 		BlockSizeBytes: prometheus.NewGaugeFrom(stdprometheus.GaugeOpts{
 			Namespace: namespace,
 			Subsystem: MetricsSubsystem,
 			Name:      "block_size_bytes",
 			Help:      "Size of the block.",
-		}, []string{}),
+		}, labels).With(labelsAndValues...),
 		TotalTxs: prometheus.NewGaugeFrom(stdprometheus.GaugeOpts{
 			Namespace: namespace,
 			Subsystem: MetricsSubsystem,
 			Name:      "total_txs",
 			Help:      "Total number of transactions.",
-		}, []string{}),
+		}, labels).With(labelsAndValues...),
 		CommittedHeight: prometheus.NewGaugeFrom(stdprometheus.GaugeOpts{
 			Namespace: namespace,
 			Subsystem: MetricsSubsystem,
 			Name:      "latest_block_height",
 			Help:      "The latest block height.",
-		}, []string{}),
+		}, labels).With(labelsAndValues...),
 		FastSyncing: prometheus.NewGaugeFrom(stdprometheus.GaugeOpts{
 			Namespace: namespace,
 			Subsystem: MetricsSubsystem,
 			Name:      "fast_syncing",
 			Help:      "Whether or not a node is fast syncing. 1 if yes, 0 if no.",
-		}, []string{}),
+		}, labels).With(labelsAndValues...),
 		BlockParts: prometheus.NewCounterFrom(stdprometheus.CounterOpts{
 			Namespace: namespace,
 			Subsystem: MetricsSubsystem,
 			Name:      "block_parts",
 			Help:      "Number of blockparts transmitted by peer.",
-		}, []string{"peer_id"}),
+		}, append(labels, "peer_id")).With(labelsAndValues...),
 	}
 }

--- a/consensus/reactor.go
+++ b/consensus/reactor.go
@@ -8,7 +8,7 @@ import (

 	"github.com/pkg/errors"

-	amino "github.com/tendermint/go-amino"
+	"github.com/tendermint/go-amino"
 	cstypes "github.com/tendermint/tendermint/consensus/types"
 	cmn "github.com/tendermint/tendermint/libs/common"
 	tmevents "github.com/tendermint/tendermint/libs/events"
@@ -183,7 +183,11 @@ func (conR *ConsensusReactor) RemovePeer(peer p2p.Peer, reason interface{}) {
 		return
 	}
 	// TODO
-	//peer.Get(PeerStateKey).(*PeerState).Disconnect()
+	// ps, ok := peer.Get(PeerStateKey).(*PeerState)
+	// if !ok {
+	// 	panic(fmt.Sprintf("Peer %v has no state", peer))
+	// }
+	// ps.Disconnect()
 }

 // Receive implements Reactor
@@ -214,7 +218,10 @@ func (conR *ConsensusReactor) Receive(chID byte, src p2p.Peer, msgBytes []byte)
 	conR.Logger.Debug("Receive", "src", src, "chId", chID, "msg", msg)

 	// Get peer states
-	ps := src.Get(types.PeerStateKey).(*PeerState)
+	ps, ok := src.Get(types.PeerStateKey).(*PeerState)
+	if !ok {
+		panic(fmt.Sprintf("Peer %v has no state", src))
+	}

 	switch chID {
 	case StateChannel:
@@ -257,11 +264,6 @@ func (conR *ConsensusReactor) Receive(chID byte, src p2p.Peer, msgBytes []byte)
 				BlockID: msg.BlockID,
 				Votes:   ourVotes,
 			}))
-		case *ProposalHeartbeatMessage:
-			hb := msg.Heartbeat
-			conR.Logger.Debug("Received proposal heartbeat message",
-				"height", hb.Height, "round", hb.Round, "sequence", hb.Sequence,
-				"valIdx", hb.ValidatorIndex, "valAddr", hb.ValidatorAddress)
 		default:
 			conR.Logger.Error(fmt.Sprintf("Unknown message type %v", reflect.TypeOf(msg)))
 		}
@@ -293,9 +295,9 @@ func (conR *ConsensusReactor) Receive(chID byte, src p2p.Peer, msgBytes []byte)
 		switch msg := msg.(type) {
 		case *VoteMessage:
 			cs := conR.conS
-			cs.mtx.Lock()
+			cs.mtx.RLock()
 			height, valSize, lastCommitSize := cs.Height, cs.Validators.Size(), cs.LastCommit.Size()
-			cs.mtx.Unlock()
+			cs.mtx.RUnlock()
 			ps.EnsureVoteBitArrays(height, valSize)
 			ps.EnsureVoteBitArrays(height-1, lastCommitSize)
 			ps.SetHasVote(msg.Vote)
@@ -362,8 +364,8 @@ func (conR *ConsensusReactor) FastSync() bool {

 //--------------------------------------

-// subscribeToBroadcastEvents subscribes for new round steps, votes and
-// proposal heartbeats using internal pubsub defined on state to broadcast
+// subscribeToBroadcastEvents subscribes for new round steps and votes
+// using internal pubsub defined on state to broadcast
 // them to peers upon receiving.
 func (conR *ConsensusReactor) subscribeToBroadcastEvents() {
 	const subscriber = "consensus-reactor"
@@ -382,10 +384,6 @@ func (conR *ConsensusReactor) subscribeToBroadcastEvents() {
 			conR.broadcastHasVoteMessage(data.(*types.Vote))
 		})

-	conR.conS.evsw.AddListenerForEvent(subscriber, types.EventProposalHeartbeat,
-		func(data tmevents.EventData) {
-			conR.broadcastProposalHeartbeatMessage(data.(*types.Heartbeat))
-		})
 }

 func (conR *ConsensusReactor) unsubscribeFromBroadcastEvents() {
@@ -393,13 +391,6 @@ func (conR *ConsensusReactor) unsubscribeFromBroadcastEvents() {
 	conR.conS.evsw.RemoveListener(subscriber)
 }

-func (conR *ConsensusReactor) broadcastProposalHeartbeatMessage(hb *types.Heartbeat) {
-	conR.Logger.Debug("Broadcasting proposal heartbeat message",
-		"height", hb.Height, "round", hb.Round, "sequence", hb.Sequence)
-	msg := &ProposalHeartbeatMessage{hb}
-	conR.Switch.Broadcast(StateChannel, cdc.MustMarshalBinaryBare(msg))
-}
-
 func (conR *ConsensusReactor) broadcastNewRoundStepMessage(rs *cstypes.RoundState) {
 	nrsMsg := makeRoundStepMessage(rs)
 	conR.Switch.Broadcast(StateChannel, cdc.MustMarshalBinaryBare(nrsMsg))
@@ -428,7 +419,10 @@ func (conR *ConsensusReactor) broadcastHasVoteMessage(vote *types.Vote) {
 	/*
 		// TODO: Make this broadcast more selective.
 		for _, peer := range conR.Switch.Peers().List() {
-			ps := peer.Get(PeerStateKey).(*PeerState)
+			ps, ok := peer.Get(PeerStateKey).(*PeerState)
+			if !ok {
+				panic(fmt.Sprintf("Peer %v has no state", peer))
+			}
 			prs := ps.GetRoundState()
 			if prs.Height == vote.Height {
 				// TODO: Also filter on round?
@@ -826,7 +820,10 @@ func (conR *ConsensusReactor) peerStatsRoutine() {
 				continue
 			}
 			// Get peer state
-			ps := peer.Get(types.PeerStateKey).(*PeerState)
+			ps, ok := peer.Get(types.PeerStateKey).(*PeerState)
+			if !ok {
+				panic(fmt.Sprintf("Peer %v has no state", peer))
+			}
 			switch msg.Msg.(type) {
 			case *VoteMessage:
 				if numVotes := ps.RecordVote(); numVotes%votesToContributeToBecomeGoodPeer == 0 {
@@ -859,7 +856,10 @@ func (conR *ConsensusReactor) StringIndented(indent string) string {
 	s := "ConsensusReactor{\n"
 	s += indent + "  " + conR.conS.StringIndented(indent+"  ") + "\n"
 	for _, peer := range conR.Switch.Peers().List() {
-		ps := peer.Get(types.PeerStateKey).(*PeerState)
+		ps, ok := peer.Get(types.PeerStateKey).(*PeerState)
+		if !ok {
+			panic(fmt.Sprintf("Peer %v has no state", peer))
+		}
 		s += indent + "  " + ps.StringIndented(indent+"  ") + "\n"
 	}
 	s += indent + "}"
@@ -1371,7 +1371,6 @@ func RegisterConsensusMessages(cdc *amino.Codec) {
 	cdc.RegisterConcrete(&HasVoteMessage{}, "tendermint/HasVote", nil)
 	cdc.RegisterConcrete(&VoteSetMaj23Message{}, "tendermint/VoteSetMaj23", nil)
 	cdc.RegisterConcrete(&VoteSetBitsMessage{}, "tendermint/VoteSetBits", nil)
-	cdc.RegisterConcrete(&ProposalHeartbeatMessage{}, "tendermint/ProposalHeartbeat", nil)
 }

 func decodeMsg(bz []byte) (msg ConsensusMessage, err error) {
@@ -1648,18 +1647,3 @@ func (m *VoteSetBitsMessage) String() string {
 }

 //-------------------------------------
-
-// ProposalHeartbeatMessage is sent to signal that a node is alive and waiting for transactions for a proposal.
-type ProposalHeartbeatMessage struct {
-	Heartbeat *types.Heartbeat
-}
-
-// ValidateBasic performs basic validation.
-func (m *ProposalHeartbeatMessage) ValidateBasic() error {
-	return m.Heartbeat.ValidateBasic()
-}
-
-// String returns a string representation.
-func (m *ProposalHeartbeatMessage) String() string {
-	return fmt.Sprintf("[HEARTBEAT %v]", m.Heartbeat)
-}
--- a/consensus/reactor_test.go
+++ b/consensus/reactor_test.go
@@ -143,7 +143,8 @@ func TestReactorWithEvidence(t *testing.T) {
 		// mock the evidence pool
 		// everyone includes evidence of another double signing
 		vIdx := (i + 1) % nValidators
-		evpool := newMockEvidencePool(privVals[vIdx].GetAddress())
+		addr := privVals[vIdx].GetPubKey().Address()
+		evpool := newMockEvidencePool(addr)

 		// Make ConsensusState
 		blockExec := sm.NewBlockExecutor(stateDB, log.TestingLogger(), proxyAppConnCon, mempool, evpool)
@@ -213,8 +214,8 @@ func (m *mockEvidencePool) Update(block *types.Block, state sm.State) {

 //------------------------------------

-// Ensure a testnet sends proposal heartbeats and makes blocks when there are txs
-func TestReactorProposalHeartbeats(t *testing.T) {
+// Ensure a testnet makes blocks when there are txs
+func TestReactorCreatesBlockWhenEmptyBlocksFalse(t *testing.T) {
 	N := 4
 	css := randConsensusNet(N, "consensus_reactor_test", newMockTickerFunc(true), newCounter,
 		func(c *cfg.Config) {
@@ -222,20 +223,9 @@ func TestReactorProposalHeartbeats(t *testing.T) {
 		})
 	reactors, eventChans, eventBuses := startConsensusNet(t, css, N)
 	defer stopConsensusNet(log.TestingLogger(), reactors, eventBuses)
-	heartbeatChans := make([]chan interface{}, N)
-	var err error
-	for i := 0; i < N; i++ {
-		heartbeatChans[i] = make(chan interface{}, 1)
-		err = eventBuses[i].Subscribe(context.Background(), testSubscriber, types.EventQueryProposalHeartbeat, heartbeatChans[i])
-		require.NoError(t, err)
-	}
-	// wait till everyone sends a proposal heartbeat
-	timeoutWaitGroup(t, N, func(j int) {
-		<-heartbeatChans[j]
-	}, css)

 	// send a tx
-	if err := css[3].mempool.CheckTx([]byte{1, 2, 3}, nil); err != nil {
+	if err := assertMempool(css[3].txNotifier).CheckTx([]byte{1, 2, 3}, nil); err != nil {
 		//t.Fatal(err)
 	}

@@ -279,7 +269,8 @@ func TestReactorVotingPowerChange(t *testing.T) {
 	// map of active validators
 	activeVals := make(map[string]struct{})
 	for i := 0; i < nVals; i++ {
-		activeVals[string(css[i].privValidator.GetAddress())] = struct{}{}
+		addr := css[i].privValidator.GetPubKey().Address()
+		activeVals[string(addr)] = struct{}{}
 	}

 	// wait till everyone makes block 1
@@ -342,7 +333,8 @@ func TestReactorValidatorSetChanges(t *testing.T) {
 	// map of active validators
 	activeVals := make(map[string]struct{})
 	for i := 0; i < nVals; i++ {
-		activeVals[string(css[i].privValidator.GetAddress())] = struct{}{}
+		addr := css[i].privValidator.GetPubKey().Address()
+		activeVals[string(addr)] = struct{}{}
 	}

 	// wait till everyone makes block 1
@@ -456,7 +448,7 @@ func waitForAndValidateBlock(t *testing.T, n int, activeVals map[string]struct{}
 		err := validateBlock(newBlock, activeVals)
 		assert.Nil(t, err)
 		for _, tx := range txs {
-			err := css[j].mempool.CheckTx(tx, nil)
+			err := assertMempool(css[j].txNotifier).CheckTx(tx, nil)
 			assert.Nil(t, err)
 		}
 	}, css)
--- a/consensus/replay.go
+++ b/consensus/replay.go
@@ -11,7 +11,6 @@ import (
 	"time"

 	abci "github.com/tendermint/tendermint/abci/types"
-	"github.com/tendermint/tendermint/version"
 	//auto "github.com/tendermint/tendermint/libs/autofile"
 	cmn "github.com/tendermint/tendermint/libs/common"
 	dbm "github.com/tendermint/tendermint/libs/db"
@@ -20,6 +19,7 @@ import (
 	"github.com/tendermint/tendermint/proxy"
 	sm "github.com/tendermint/tendermint/state"
 	"github.com/tendermint/tendermint/types"
+	"github.com/tendermint/tendermint/version"
 )

 var crc32c = crc32.MakeTable(crc32.Castagnoli)
@@ -247,6 +247,7 @@ func (h *Handshaker) Handshake(proxyApp proxy.AppConns) error {

 	// Set AppVersion on the state.
 	h.initialState.Version.Consensus.App = version.Protocol(res.AppVersion)
+	sm.SaveState(h.stateDB, h.initialState)

 	// Replay blocks up to the latest in the blockstore.
 	_, err = h.ReplayBlocks(h.initialState, appHash, blockHeight, proxyApp)
@@ -276,7 +277,12 @@ func (h *Handshaker) ReplayBlocks(

 	// If appBlockHeight == 0 it means that we are at genesis and hence should send InitChain.
 	if appBlockHeight == 0 {
-		nextVals := types.TM2PB.ValidatorUpdates(state.NextValidators) // state.Validators would work too.
+		validators := make([]*types.Validator, len(h.genDoc.Validators))
+		for i, val := range h.genDoc.Validators {
+			validators[i] = types.NewValidator(val.PubKey, val.Power)
+		}
+		validatorSet := types.NewValidatorSet(validators)
+		nextVals := types.TM2PB.ValidatorUpdates(validatorSet)
 		csParams := types.TM2PB.ConsensusParams(h.genDoc.ConsensusParams)
 		req := abci.RequestInitChain{
 			Time:            h.genDoc.GenesisTime,
@@ -290,19 +296,27 @@ func (h *Handshaker) ReplayBlocks(
 			return nil, err
 		}

-		// If the app returned validators or consensus params, update the state.
-		if len(res.Validators) > 0 {
-			vals, err := types.PB2TM.ValidatorUpdates(res.Validators)
-			if err != nil {
-				return nil, err
+		if stateBlockHeight == 0 { //we only update state when we are in initial state
+			// If the app returned validators or consensus params, update the state.
+			if len(res.Validators) > 0 {
+				vals, err := types.PB2TM.ValidatorUpdates(res.Validators)
+				if err != nil {
+					return nil, err
+				}
+				state.Validators = types.NewValidatorSet(vals)
+				state.NextValidators = types.NewValidatorSet(vals)
+			} else {
+				// If validator set is not set in genesis and still empty after InitChain, exit.
+				if len(h.genDoc.Validators) == 0 {
+					return nil, fmt.Errorf("Validator set is nil in genesis and still empty after InitChain")
+				}
 			}
-			state.Validators = types.NewValidatorSet(vals)
-			state.NextValidators = types.NewValidatorSet(vals)
+
+			if res.ConsensusParams != nil {
+				state.ConsensusParams = types.PB2TM.ConsensusParams(res.ConsensusParams)
+			}
+			sm.SaveState(h.stateDB, state)
 		}
-		if res.ConsensusParams != nil {
-			state.ConsensusParams = types.PB2TM.ConsensusParams(res.ConsensusParams)
-		}
-		sm.SaveState(h.stateDB, state)
 	}

 	// First handle edge cases and constraints on the storeBlockHeight.
--- a/consensus/replay_file.go
+++ b/consensus/replay_file.go
@@ -58,7 +58,18 @@ func (cs *ConsensusState) ReplayFile(file string, console bool) error {
 	if err != nil {
 		return errors.Errorf("failed to subscribe %s to %v", subscriber, types.EventQueryNewRoundStep)
 	}
-	defer cs.eventBus.Unsubscribe(ctx, subscriber, types.EventQueryNewRoundStep)
+	defer func() {
+		// drain newStepCh to make sure we don't block
+	LOOP:
+		for {
+			select {
+			case <-newStepCh:
+			default:
+				break LOOP
+			}
+		}
+		cs.eventBus.Unsubscribe(ctx, subscriber, types.EventQueryNewRoundStep)
+	}()

 	// just open the file for reading, no need to use wal
 	fp, err := os.OpenFile(file, os.O_RDONLY, 0600)
@@ -126,7 +137,7 @@ func (pb *playback) replayReset(count int, newStepCh chan interface{}) error {
 	pb.cs.Wait()

 	newCS := NewConsensusState(pb.cs.config, pb.genesisState.Copy(), pb.cs.blockExec,
-		pb.cs.blockStore, pb.cs.mempool, pb.cs.evpool)
+		pb.cs.blockStore, pb.cs.txNotifier, pb.cs.evpool)
 	newCS.SetEventBus(pb.cs.eventBus)
 	newCS.startForReplay()

@@ -221,7 +232,18 @@ func (pb *playback) replayConsoleLoop() int {
 			if err != nil {
 				cmn.Exit(fmt.Sprintf("failed to subscribe %s to %v", subscriber, types.EventQueryNewRoundStep))
 			}
-			defer pb.cs.eventBus.Unsubscribe(ctx, subscriber, types.EventQueryNewRoundStep)
+			defer func() {
+				// drain newStepCh to make sure we don't block
+			LOOP:
+				for {
+					select {
+					case <-newStepCh:
+					default:
+						break LOOP
+					}
+				}
+				pb.cs.eventBus.Unsubscribe(ctx, subscriber, types.EventQueryNewRoundStep)
+			}()

 			if len(tokens) == 1 {
 				if err := pb.replayReset(1, newStepCh); err != nil {
--- a/consensus/replay_test.go
+++ b/consensus/replay_test.go
@@ -17,7 +17,7 @@ import (

 	"github.com/tendermint/tendermint/abci/example/kvstore"
 	abci "github.com/tendermint/tendermint/abci/types"
-	crypto "github.com/tendermint/tendermint/crypto"
+	"github.com/tendermint/tendermint/crypto"
 	auto "github.com/tendermint/tendermint/libs/autofile"
 	dbm "github.com/tendermint/tendermint/libs/db"
 	"github.com/tendermint/tendermint/version"
@@ -87,7 +87,7 @@ func sendTxs(cs *ConsensusState, ctx context.Context) {
 			return
 		default:
 			tx := []byte{byte(i)}
-			cs.mempool.CheckTx(tx, nil)
+			assertMempool(cs.txNotifier).CheckTx(tx, nil)
 			i++
 		}
 	}
@@ -315,28 +315,21 @@ func testHandshakeReplay(t *testing.T, nBlocks int, mode uint) {
 	config := ResetConfig("proxy_test_")

 	walBody, err := WALWithNBlocks(NUM_BLOCKS)
-	if err != nil {
-		t.Fatal(err)
-	}
+	require.NoError(t, err)
 	walFile := tempWALWithData(walBody)
 	config.Consensus.SetWalFile(walFile)

-	privVal := privval.LoadFilePV(config.PrivValidatorFile())
+	privVal := privval.LoadFilePV(config.PrivValidatorKeyFile(), config.PrivValidatorStateFile())

 	wal, err := NewWAL(walFile)
-	if err != nil {
-		t.Fatal(err)
-	}
+	require.NoError(t, err)
 	wal.SetLogger(log.TestingLogger())
-	if err := wal.Start(); err != nil {
-		t.Fatal(err)
-	}
+	err = wal.Start()
+	require.NoError(t, err)
 	defer wal.Stop()

 	chain, commits, err := makeBlockchainFromWAL(wal)
-	if err != nil {
-		t.Fatalf(err.Error())
-	}
+	require.NoError(t, err)

 	stateDB, state, store := stateAndStore(config, privVal.GetPubKey(), kvstore.ProtocolVersion)
 	store.chain = chain
@@ -640,7 +633,7 @@ func TestInitChainUpdateValidators(t *testing.T) {
 	clientCreator := proxy.NewLocalClientCreator(app)

 	config := ResetConfig("proxy_test_")
-	privVal := privval.LoadFilePV(config.PrivValidatorFile())
+	privVal := privval.LoadFilePV(config.PrivValidatorKeyFile(), config.PrivValidatorStateFile())
 	stateDB, state, store := stateAndStore(config, privVal.GetPubKey(), 0x0)

 	oldValAddr := state.Validators.Validators[0].Address
@@ -666,12 +659,6 @@ func TestInitChainUpdateValidators(t *testing.T) {
 	assert.Equal(t, newValAddr, expectValAddr)
 }

-func newInitChainApp(vals []abci.ValidatorUpdate) *initChainApp {
-	return &initChainApp{
-		vals: vals,
-	}
-}
-
 // returns the vals on InitChain
 type initChainApp struct {
 	abci.BaseApplication
--- a/consensus/state.go
+++ b/consensus/state.go
@@ -2,13 +2,14 @@ package consensus

 import (
 	"bytes"
-	"errors"
 	"fmt"
 	"reflect"
 	"runtime/debug"
 	"sync"
 	"time"

+	"github.com/pkg/errors"
+
 	cmn "github.com/tendermint/tendermint/libs/common"
 	"github.com/tendermint/tendermint/libs/fail"
 	"github.com/tendermint/tendermint/libs/log"
@@ -22,13 +23,6 @@ import (
 	"github.com/tendermint/tendermint/types"
 )

-//-----------------------------------------------------------------------------
-// Config
-
-const (
-	proposalHeartbeatIntervalSeconds = 2
-)
-
 //-----------------------------------------------------------------------------
 // Errors

@@ -63,6 +57,16 @@ func (ti *timeoutInfo) String() string {
 	return fmt.Sprintf("%v ; %d/%d %v", ti.Duration, ti.Height, ti.Round, ti.Step)
 }

+// interface to the mempool
+type txNotifier interface {
+	TxsAvailable() <-chan struct{}
+}
+
+// interface to the evidence pool
+type evidencePool interface {
+	AddEvidence(types.Evidence) error
+}
+
 // ConsensusState handles execution of the consensus algorithm.
 // It processes votes and proposals, and upon reaching agreement,
 // commits blocks to the chain and executes them against the application.
@@ -74,11 +78,18 @@ type ConsensusState struct {
 	config        *cfg.ConsensusConfig
 	privValidator types.PrivValidator // for signing votes

-	// services for creating and executing blocks
-	blockExec  *sm.BlockExecutor
+	// store blocks and commits
 	blockStore sm.BlockStore
-	mempool    sm.Mempool
-	evpool     sm.EvidencePool
+
+	// create and execute blocks
+	blockExec *sm.BlockExecutor
+
+	// notify us if txs are available
+	txNotifier txNotifier
+
+	// add evidence to the pool
+	// when it's detected
+	evpool evidencePool

 	// internal state
 	mtx sync.RWMutex
@@ -118,7 +129,7 @@ type ConsensusState struct {
 	done chan struct{}

 	// synchronous pubsub between consensus state and reactor.
-	// state only emits EventNewRoundStep, EventVote and EventProposalHeartbeat
+	// state only emits EventNewRoundStep and EventVote
 	evsw tmevents.EventSwitch

 	// for reporting metrics
@@ -134,15 +145,15 @@ func NewConsensusState(
 	state sm.State,
 	blockExec *sm.BlockExecutor,
 	blockStore sm.BlockStore,
-	mempool sm.Mempool,
-	evpool sm.EvidencePool,
+	txNotifier txNotifier,
+	evpool evidencePool,
 	options ...StateOption,
 ) *ConsensusState {
 	cs := &ConsensusState{
 		config:           config,
 		blockExec:        blockExec,
 		blockStore:       blockStore,
-		mempool:          mempool,
+		txNotifier:       txNotifier,
 		peerMsgQueue:     make(chan msgInfo, msgQueueSize),
 		internalMsgQueue: make(chan msgInfo, msgQueueSize),
 		timeoutTicker:    NewTimeoutTicker(),
@@ -207,18 +218,16 @@ func (cs *ConsensusState) GetState() sm.State {
 // GetLastHeight returns the last height committed.
 // If there were no blocks, returns 0.
 func (cs *ConsensusState) GetLastHeight() int64 {
-	cs.mtx.Lock()
-	defer cs.mtx.Unlock()
-
+	cs.mtx.RLock()
+	defer cs.mtx.RUnlock()
 	return cs.RoundState.Height - 1
 }

 // GetRoundState returns a shallow copy of the internal consensus state.
 func (cs *ConsensusState) GetRoundState() *cstypes.RoundState {
 	cs.mtx.RLock()
-	defer cs.mtx.RUnlock()
-
 	rs := cs.RoundState // copy
+	cs.mtx.RUnlock()
 	return &rs
 }

@@ -226,7 +235,6 @@ func (cs *ConsensusState) GetRoundState() *cstypes.RoundState {
 func (cs *ConsensusState) GetRoundStateJSON() ([]byte, error) {
 	cs.mtx.RLock()
 	defer cs.mtx.RUnlock()
-
 	return cdc.MarshalJSON(cs.RoundState)
 }

@@ -234,7 +242,6 @@ func (cs *ConsensusState) GetRoundStateJSON() ([]byte, error) {
 func (cs *ConsensusState) GetRoundStateSimpleJSON() ([]byte, error) {
 	cs.mtx.RLock()
 	defer cs.mtx.RUnlock()
-
 	return cdc.MarshalJSON(cs.RoundState.RoundStateSimple())
 }

@@ -248,15 +255,15 @@ func (cs *ConsensusState) GetValidators() (int64, []*types.Validator) {
 // SetPrivValidator sets the private validator account for signing votes.
 func (cs *ConsensusState) SetPrivValidator(priv types.PrivValidator) {
 	cs.mtx.Lock()
-	defer cs.mtx.Unlock()
 	cs.privValidator = priv
+	cs.mtx.Unlock()
 }

 // SetTimeoutTicker sets the local timer. It may be useful to overwrite for testing.
 func (cs *ConsensusState) SetTimeoutTicker(timeoutTicker TimeoutTicker) {
 	cs.mtx.Lock()
-	defer cs.mtx.Unlock()
 	cs.timeoutTicker = timeoutTicker
+	cs.mtx.Unlock()
 }

 // LoadCommit loads the commit for a given height.
@@ -328,10 +335,11 @@ func (cs *ConsensusState) startRoutines(maxSteps int) {
 	go cs.receiveRoutine(maxSteps)
 }

-// OnStop implements cmn.Service. It stops all routines and waits for the WAL to finish.
+// OnStop implements cmn.Service.
 func (cs *ConsensusState) OnStop() {
 	cs.evsw.Stop()
 	cs.timeoutTicker.Stop()
+	// WAL is stopped in receiveRoutine.
 }

 // Wait waits for the the main routine to return.
@@ -493,7 +501,7 @@ func (cs *ConsensusState) updateToState(state sm.State) {
 	// If state isn't further out than cs.state, just ignore.
 	// This happens when SwitchToConsensus() is called in the reactor.
 	// We don't want to reset e.g. the Votes, but we still want to
-	// signal the new round step, because other services (eg. mempool)
+	// signal the new round step, because other services (eg. txNotifier)
 	// depend on having an up-to-date peer state!
 	if !cs.state.IsEmpty() && (state.LastBlockHeight <= cs.state.LastBlockHeight) {
 		cs.Logger.Info("Ignoring updateToState()", "newHeight", state.LastBlockHeight+1, "oldHeight", cs.state.LastBlockHeight+1)
@@ -608,7 +616,7 @@ func (cs *ConsensusState) receiveRoutine(maxSteps int) {
 		var mi msgInfo

 		select {
-		case <-cs.mempool.TxsAvailable():
+		case <-cs.txNotifier.TxsAvailable():
 			cs.handleTxsAvailable()
 		case mi = <-cs.peerMsgQueue:
 			cs.wal.Write(mi)
@@ -755,7 +763,7 @@ func (cs *ConsensusState) enterNewRound(height int64, round int) {
 	validators := cs.Validators
 	if cs.Round < round {
 		validators = validators.Copy()
-		validators.IncrementAccum(round - cs.Round)
+		validators.IncrementProposerPriority(round - cs.Round)
 	}

 	// Setup new round
@@ -776,7 +784,7 @@ func (cs *ConsensusState) enterNewRound(height int64, round int) {
 	cs.Votes.SetRound(round + 1) // also track next round (round+1) to allow round-skipping
 	cs.triggeredTimeoutPrecommit = false

-	cs.eventBus.PublishEventNewRound(cs.RoundStateEvent())
+	cs.eventBus.PublishEventNewRound(cs.NewRoundEvent())
 	cs.metrics.Rounds.Set(float64(round))

 	// Wait for txs to be available in the mempool
@@ -788,7 +796,6 @@ func (cs *ConsensusState) enterNewRound(height int64, round int) {
 			cs.scheduleTimeout(cs.config.CreateEmptyBlocksInterval, height, round,
 				cstypes.RoundStepNewRound)
 		}
-		go cs.proposalHeartbeat(height, round)
 	} else {
 		cs.enterPropose(height, round)
 	}
@@ -805,32 +812,6 @@ func (cs *ConsensusState) needProofBlock(height int64) bool {
 	return !bytes.Equal(cs.state.AppHash, lastBlockMeta.Header.AppHash)
 }

-func (cs *ConsensusState) proposalHeartbeat(height int64, round int) {
-	counter := 0
-	addr := cs.privValidator.GetAddress()
-	valIndex, _ := cs.Validators.GetByAddress(addr)
-	chainID := cs.state.ChainID
-	for {
-		rs := cs.GetRoundState()
-		// if we've already moved on, no need to send more heartbeats
-		if rs.Step > cstypes.RoundStepNewRound || rs.Round > round || rs.Height > height {
-			return
-		}
-		heartbeat := &types.Heartbeat{
-			Height:           rs.Height,
-			Round:            rs.Round,
-			Sequence:         counter,
-			ValidatorAddress: addr,
-			ValidatorIndex:   valIndex,
-		}
-		cs.privValidator.SignHeartbeat(chainID, heartbeat)
-		cs.eventBus.PublishEventProposalHeartbeat(types.EventDataProposalHeartbeat{heartbeat})
-		cs.evsw.FireEvent(types.EventProposalHeartbeat, heartbeat)
-		counter++
-		time.Sleep(proposalHeartbeatIntervalSeconds * time.Second)
-	}
-}
-
 // Enter (CreateEmptyBlocks): from enterNewRound(height,round)
 // Enter (CreateEmptyBlocks, CreateEmptyBlocksInterval > 0 ): after enterNewRound(height,round), after timeout of CreateEmptyBlocksInterval
 // Enter (!CreateEmptyBlocks) : after enterNewRound(height,round), once txs are in the mempool
@@ -866,13 +847,14 @@ func (cs *ConsensusState) enterPropose(height int64, round int) {
 	}

 	// if not a validator, we're done
-	if !cs.Validators.HasAddress(cs.privValidator.GetAddress()) {
-		logger.Debug("This node is not a validator", "addr", cs.privValidator.GetAddress(), "vals", cs.Validators)
+	address := cs.privValidator.GetPubKey().Address()
+	if !cs.Validators.HasAddress(address) {
+		logger.Debug("This node is not a validator", "addr", address, "vals", cs.Validators)
 		return
 	}
 	logger.Debug("This node is a validator")

-	if cs.isProposer() {
+	if cs.isProposer(address) {
 		logger.Info("enterPropose: Our turn to propose", "proposer", cs.Validators.GetProposer().Address, "privValidator", cs.privValidator)
 		cs.decideProposal(height, round)
 	} else {
@@ -880,8 +862,8 @@ func (cs *ConsensusState) enterPropose(height int64, round int) {
 	}
 }

-func (cs *ConsensusState) isProposer() bool {
-	return bytes.Equal(cs.Validators.GetProposer().Address, cs.privValidator.GetAddress())
+func (cs *ConsensusState) isProposer(address []byte) bool {
+	return bytes.Equal(cs.Validators.GetProposer().Address, address)
 }

 func (cs *ConsensusState) defaultDecideProposal(height int64, round int) {
@@ -956,20 +938,8 @@ func (cs *ConsensusState) createProposalBlock() (block *types.Block, blockParts
 		return
 	}

-	maxBytes := cs.state.ConsensusParams.BlockSize.MaxBytes
-	maxGas := cs.state.ConsensusParams.BlockSize.MaxGas
-	// bound evidence to 1/10th of the block
-	evidence := cs.evpool.PendingEvidence(types.MaxEvidenceBytesPerBlock(maxBytes))
-	// Mempool validated transactions
-	txs := cs.mempool.ReapMaxBytesMaxGas(types.MaxDataBytes(
-		maxBytes,
-		cs.state.Validators.Size(),
-		len(evidence),
-	), maxGas)
-	proposerAddr := cs.privValidator.GetAddress()
-	block, parts := cs.state.MakeBlock(cs.Height, txs, commit, evidence, proposerAddr)
-
-	return block, parts
+	proposerAddr := cs.privValidator.GetPubKey().Address()
+	return cs.blockExec.CreateProposalBlock(cs.Height, cs.state, commit, proposerAddr)
 }

 // Enter: `timeoutPropose` after entering Propose.
@@ -1408,7 +1378,7 @@ func (cs *ConsensusState) defaultSetProposal(proposal *types.Proposal) error {
 		return nil
 	}

-  // Verify POLRound, which must be -1 or in range [0, proposal.Round).
+	// Verify POLRound, which must be -1 or in range [0, proposal.Round).
 	if proposal.POLRound < -1 ||
 		(proposal.POLRound >= 0 && proposal.POLRound >= proposal.Round) {
 		return ErrInvalidProposalPOLRound
@@ -1466,7 +1436,7 @@ func (cs *ConsensusState) addProposalBlockPart(msg *BlockPartMessage, peerID p2p
 		}
 		// NOTE: it's possible to receive complete proposal blocks for future rounds without having the proposal
 		cs.Logger.Info("Received complete proposal block", "height", cs.ProposalBlock.Height, "hash", cs.ProposalBlock.Hash())
-		cs.eventBus.PublishEventCompleteProposal(cs.RoundStateEvent())
+		cs.eventBus.PublishEventCompleteProposal(cs.CompleteProposalEvent())

 		// Update Valid* if we can.
 		prevotes := cs.Votes.Prevotes(cs.Round)
@@ -1511,7 +1481,8 @@ func (cs *ConsensusState) tryAddVote(vote *types.Vote, peerID p2p.ID) (bool, err
 		if err == ErrVoteHeightMismatch {
 			return added, err
 		} else if voteErr, ok := err.(*types.ErrVoteConflictingVotes); ok {
-			if bytes.Equal(vote.ValidatorAddress, cs.privValidator.GetAddress()) {
+			addr := cs.privValidator.GetPubKey().Address()
+			if bytes.Equal(vote.ValidatorAddress, addr) {
 				cs.Logger.Error("Found conflicting vote from ourselves. Did you unsafe_reset a validator?", "height", vote.Height, "round", vote.Round, "type", vote.Type)
 				return added, err
 			}
@@ -1563,7 +1534,7 @@ func (cs *ConsensusState) addVote(vote *types.Vote, peerID p2p.ID) (added bool,
 	// Not necessarily a bad peer, but not favourable behaviour.
 	if vote.Height != cs.Height {
 		err = ErrVoteHeightMismatch
-		cs.Logger.Info("Vote ignored and not added", "voteHeight", vote.Height, "csHeight", cs.Height, "err", err)
+		cs.Logger.Info("Vote ignored and not added", "voteHeight", vote.Height, "csHeight", cs.Height, "peerID", peerID)
 		return
 	}

@@ -1676,7 +1647,7 @@ func (cs *ConsensusState) addVote(vote *types.Vote, peerID p2p.ID) (added bool,
 }

 func (cs *ConsensusState) signVote(type_ types.SignedMsgType, hash []byte, header types.PartSetHeader) (*types.Vote, error) {
-	addr := cs.privValidator.GetAddress()
+	addr := cs.privValidator.GetPubKey().Address()
 	valIndex, _ := cs.Validators.GetByAddress(addr)

 	vote := &types.Vote{
@@ -1712,7 +1683,7 @@ func (cs *ConsensusState) voteTime() time.Time {
 // sign the vote and publish on internalMsgQueue
 func (cs *ConsensusState) signAddVote(type_ types.SignedMsgType, hash []byte, header types.PartSetHeader) *types.Vote {
 	// if we don't have a key or we're not in the validator set, do nothing
-	if cs.privValidator == nil || !cs.Validators.HasAddress(cs.privValidator.GetAddress()) {
+	if cs.privValidator == nil || !cs.Validators.HasAddress(cs.privValidator.GetPubKey().Address()) {
 		return nil
 	}
 	vote, err := cs.signVote(type_, hash, header)
--- a/consensus/state_test.go
+++ b/consensus/state_test.go
@@ -73,7 +73,8 @@ func TestStateProposerSelection0(t *testing.T) {

 	// Commit a block and ensure proposer for the next height is correct.
 	prop := cs1.GetRoundState().Validators.GetProposer()
-	if !bytes.Equal(prop.Address, cs1.privValidator.GetAddress()) {
+	address := cs1.privValidator.GetPubKey().Address()
+	if !bytes.Equal(prop.Address, address) {
 		t.Fatalf("expected proposer to be validator %d. Got %X", 0, prop.Address)
 	}

@@ -87,7 +88,8 @@ func TestStateProposerSelection0(t *testing.T) {
 	ensureNewRound(newRoundCh, height+1, 0)

 	prop = cs1.GetRoundState().Validators.GetProposer()
-	if !bytes.Equal(prop.Address, vss[1].GetAddress()) {
+	addr := vss[1].GetPubKey().Address()
+	if !bytes.Equal(prop.Address, addr) {
 		panic(fmt.Sprintf("expected proposer to be validator %d. Got %X", 1, prop.Address))
 	}
 }
@@ -110,7 +112,8 @@ func TestStateProposerSelection2(t *testing.T) {
 	// everyone just votes nil. we get a new proposer each round
 	for i := 0; i < len(vss); i++ {
 		prop := cs1.GetRoundState().Validators.GetProposer()
-		correctProposer := vss[(i+round)%len(vss)].GetAddress()
+		addr := vss[(i+round)%len(vss)].GetPubKey().Address()
+		correctProposer := addr
 		if !bytes.Equal(prop.Address, correctProposer) {
 			panic(fmt.Sprintf("expected RoundState.Validators.GetProposer() to be validator %d. Got %X", (i+2)%len(vss), prop.Address))
 		}
@@ -197,9 +200,8 @@ func TestStateBadProposal(t *testing.T) {
 	stateHash[0] = byte((stateHash[0] + 1) % 255)
 	propBlock.AppHash = stateHash
 	propBlockParts := propBlock.MakePartSet(partSize)
-	proposal := types.NewProposal(
-		vs2.Height, round, -1,
-		types.BlockID{propBlock.Hash(), propBlockParts.Header()})
+	blockID := types.BlockID{propBlock.Hash(), propBlockParts.Header()}
+	proposal := types.NewProposal(vs2.Height, round, -1, blockID)
 	if err := vs2.SignProposal(config.ChainID(), proposal); err != nil {
 		t.Fatal("failed to sign bad proposal", err)
 	}
@@ -213,7 +215,7 @@ func TestStateBadProposal(t *testing.T) {
 	startTestRound(cs1, height, round)

 	// wait for proposal
-	ensureNewProposal(proposalCh, height, round)
+	ensureProposal(proposalCh, height, round, blockID)

 	// wait for prevote
 	ensurePrevote(voteCh, height, round)
@@ -506,7 +508,8 @@ func TestStateLockPOLRelock(t *testing.T) {

 	timeoutWaitCh := subscribe(cs1.eventBus, types.EventQueryTimeoutWait)
 	proposalCh := subscribe(cs1.eventBus, types.EventQueryCompleteProposal)
-	voteCh := subscribeToVoter(cs1, cs1.privValidator.GetAddress())
+	addr := cs1.privValidator.GetPubKey().Address()
+	voteCh := subscribeToVoter(cs1, addr)
 	newRoundCh := subscribe(cs1.eventBus, types.EventQueryNewRound)
 	newBlockCh := subscribe(cs1.eventBus, types.EventQueryNewBlockHeader)

@@ -597,7 +600,8 @@ func TestStateLockPOLUnlock(t *testing.T) {
 	timeoutWaitCh := subscribe(cs1.eventBus, types.EventQueryTimeoutWait)
 	newRoundCh := subscribe(cs1.eventBus, types.EventQueryNewRound)
 	unlockCh := subscribe(cs1.eventBus, types.EventQueryUnlock)
-	voteCh := subscribeToVoter(cs1, cs1.privValidator.GetAddress())
+	addr := cs1.privValidator.GetPubKey().Address()
+	voteCh := subscribeToVoter(cs1, addr)

 	// everything done from perspective of cs1

@@ -690,7 +694,8 @@ func TestStateLockPOLSafety1(t *testing.T) {
 	timeoutProposeCh := subscribe(cs1.eventBus, types.EventQueryTimeoutPropose)
 	timeoutWaitCh := subscribe(cs1.eventBus, types.EventQueryTimeoutWait)
 	newRoundCh := subscribe(cs1.eventBus, types.EventQueryNewRound)
-	voteCh := subscribeToVoter(cs1, cs1.privValidator.GetAddress())
+	addr := cs1.privValidator.GetPubKey().Address()
+	voteCh := subscribeToVoter(cs1, addr)

 	// start round and wait for propose and prevote
 	startTestRound(cs1, cs1.Height, round)
@@ -806,7 +811,8 @@ func TestStateLockPOLSafety2(t *testing.T) {
 	timeoutWaitCh := subscribe(cs1.eventBus, types.EventQueryTimeoutWait)
 	newRoundCh := subscribe(cs1.eventBus, types.EventQueryNewRound)
 	unlockCh := subscribe(cs1.eventBus, types.EventQueryUnlock)
-	voteCh := subscribeToVoter(cs1, cs1.privValidator.GetAddress())
+	addr := cs1.privValidator.GetPubKey().Address()
+	voteCh := subscribeToVoter(cs1, addr)

 	// the block for R0: gets polkad but we miss it
 	// (even though we signed it, shhh)
@@ -897,7 +903,8 @@ func TestProposeValidBlock(t *testing.T) {
 	timeoutProposeCh := subscribe(cs1.eventBus, types.EventQueryTimeoutPropose)
 	newRoundCh := subscribe(cs1.eventBus, types.EventQueryNewRound)
 	unlockCh := subscribe(cs1.eventBus, types.EventQueryUnlock)
-	voteCh := subscribeToVoter(cs1, cs1.privValidator.GetAddress())
+	addr := cs1.privValidator.GetPubKey().Address()
+	voteCh := subscribeToVoter(cs1, addr)

 	// start round and wait for propose and prevote
 	startTestRound(cs1, cs1.Height, round)
@@ -983,7 +990,8 @@ func TestSetValidBlockOnDelayedPrevote(t *testing.T) {
 	timeoutWaitCh := subscribe(cs1.eventBus, types.EventQueryTimeoutWait)
 	newRoundCh := subscribe(cs1.eventBus, types.EventQueryNewRound)
 	validBlockCh := subscribe(cs1.eventBus, types.EventQueryValidBlock)
-	voteCh := subscribeToVoter(cs1, cs1.privValidator.GetAddress())
+	addr := cs1.privValidator.GetPubKey().Address()
+	voteCh := subscribeToVoter(cs1, addr)

 	// start round and wait for propose and prevote
 	startTestRound(cs1, cs1.Height, round)
@@ -1042,7 +1050,8 @@ func TestSetValidBlockOnDelayedProposal(t *testing.T) {
 	timeoutProposeCh := subscribe(cs1.eventBus, types.EventQueryTimeoutPropose)
 	newRoundCh := subscribe(cs1.eventBus, types.EventQueryNewRound)
 	validBlockCh := subscribe(cs1.eventBus, types.EventQueryValidBlock)
-	voteCh := subscribeToVoter(cs1, cs1.privValidator.GetAddress())
+	addr := cs1.privValidator.GetPubKey().Address()
+	voteCh := subscribeToVoter(cs1, addr)
 	proposalCh := subscribe(cs1.eventBus, types.EventQueryCompleteProposal)

 	round = round + 1 // move to round in which P0 is not proposer
@@ -1112,7 +1121,8 @@ func TestWaitingTimeoutProposeOnNewRound(t *testing.T) {

 	timeoutWaitCh := subscribe(cs1.eventBus, types.EventQueryTimeoutPropose)
 	newRoundCh := subscribe(cs1.eventBus, types.EventQueryNewRound)
-	voteCh := subscribeToVoter(cs1, cs1.privValidator.GetAddress())
+	addr := cs1.privValidator.GetPubKey().Address()
+	voteCh := subscribeToVoter(cs1, addr)

 	// start round
 	startTestRound(cs1, height, round)
@@ -1145,7 +1155,8 @@ func TestRoundSkipOnNilPolkaFromHigherRound(t *testing.T) {

 	timeoutWaitCh := subscribe(cs1.eventBus, types.EventQueryTimeoutWait)
 	newRoundCh := subscribe(cs1.eventBus, types.EventQueryNewRound)
-	voteCh := subscribeToVoter(cs1, cs1.privValidator.GetAddress())
+	addr := cs1.privValidator.GetPubKey().Address()
+	voteCh := subscribeToVoter(cs1, addr)

 	// start round
 	startTestRound(cs1, height, round)
@@ -1178,7 +1189,8 @@ func TestWaitTimeoutProposeOnNilPolkaForTheCurrentRound(t *testing.T) {

 	timeoutProposeCh := subscribe(cs1.eventBus, types.EventQueryTimeoutPropose)
 	newRoundCh := subscribe(cs1.eventBus, types.EventQueryNewRound)
-	voteCh := subscribeToVoter(cs1, cs1.privValidator.GetAddress())
+	addr := cs1.privValidator.GetPubKey().Address()
+	voteCh := subscribeToVoter(cs1, addr)

 	// start round in which PO is not proposer
 	startTestRound(cs1, height, round)
@@ -1362,7 +1374,8 @@ func TestStateHalt1(t *testing.T) {
 	timeoutWaitCh := subscribe(cs1.eventBus, types.EventQueryTimeoutWait)
 	newRoundCh := subscribe(cs1.eventBus, types.EventQueryNewRound)
 	newBlockCh := subscribe(cs1.eventBus, types.EventQueryNewBlock)
-	voteCh := subscribeToVoter(cs1, cs1.privValidator.GetAddress())
+	addr := cs1.privValidator.GetPubKey().Address()
+	voteCh := subscribeToVoter(cs1, addr)

 	// start round and wait for propose and prevote
 	startTestRound(cs1, height, round)
--- a/consensus/types/height_vote_set_test.go
+++ b/consensus/types/height_vote_set_test.go
@@ -50,8 +50,9 @@ func TestPeerCatchupRounds(t *testing.T) {

 func makeVoteHR(t *testing.T, height int64, round int, privVals []types.PrivValidator, valIndex int) *types.Vote {
 	privVal := privVals[valIndex]
+	addr := privVal.GetPubKey().Address()
 	vote := &types.Vote{
-		ValidatorAddress: privVal.GetAddress(),
+		ValidatorAddress: addr,
 		ValidatorIndex:   valIndex,
 		Height:           height,
 		Round:            round,
--- a/consensus/types/peer_round_state.go
+++ b/consensus/types/peer_round_state.go
@@ -55,3 +55,31 @@ func (prs PeerRoundState) StringIndented(indent string) string {
 		indent, prs.CatchupCommit, prs.CatchupCommitRound,
 		indent)
 }
+
+//-----------------------------------------------------------
+// These methods are for Protobuf Compatibility
+
+// Size returns the size of the amino encoding, in bytes.
+func (ps *PeerRoundState) Size() int {
+	bs, _ := ps.Marshal()
+	return len(bs)
+}
+
+// Marshal returns the amino encoding.
+func (ps *PeerRoundState) Marshal() ([]byte, error) {
+	return cdc.MarshalBinaryBare(ps)
+}
+
+// MarshalTo calls Marshal and copies to the given buffer.
+func (ps *PeerRoundState) MarshalTo(data []byte) (int, error) {
+	bs, err := ps.Marshal()
+	if err != nil {
+		return -1, err
+	}
+	return copy(data, bs), nil
+}
+
+// Unmarshal deserializes from amino encoded form.
+func (ps *PeerRoundState) Unmarshal(bs []byte) error {
+	return cdc.UnmarshalBinaryBare(bs, ps)
+}
--- a/consensus/types/round_state.go
+++ b/consensus/types/round_state.go
@@ -112,18 +112,50 @@ func (rs *RoundState) RoundStateSimple() RoundStateSimple {
 	}
 }

+// NewRoundEvent returns the RoundState with proposer information as an event.
+func (rs *RoundState) NewRoundEvent() types.EventDataNewRound {
+	addr := rs.Validators.GetProposer().Address
+	idx, _ := rs.Validators.GetByAddress(addr)
+
+	return types.EventDataNewRound{
+		Height: rs.Height,
+		Round:  rs.Round,
+		Step:   rs.Step.String(),
+		Proposer: types.ValidatorInfo{
+			Address: addr,
+			Index:   idx,
+		},
+	}
+}
+
+// CompleteProposalEvent returns information about a proposed block as an event.
+func (rs *RoundState) CompleteProposalEvent() types.EventDataCompleteProposal {
+	// We must construct BlockID from ProposalBlock and ProposalBlockParts
+	// cs.Proposal is not guaranteed to be set when this function is called
+	blockId := types.BlockID{
+		Hash:        rs.ProposalBlock.Hash(),
+		PartsHeader: rs.ProposalBlockParts.Header(),
+	}
+
+	return types.EventDataCompleteProposal{
+		Height:  rs.Height,
+		Round:   rs.Round,
+		Step:    rs.Step.String(),
+		BlockID: blockId,
+	}
+}
+
 // RoundStateEvent returns the H/R/S of the RoundState as an event.
 func (rs *RoundState) RoundStateEvent() types.EventDataRoundState {
 	// copy the RoundState.
 	// TODO: if we want to avoid this, we may need synchronous events after all
 	rsCopy := *rs
-	edrs := types.EventDataRoundState{
+	return types.EventDataRoundState{
 		Height:     rs.Height,
 		Round:      rs.Round,
 		Step:       rs.Step.String(),
 		RoundState: &rsCopy,
 	}
-	return edrs
 }

 // String returns a string
@@ -169,3 +201,31 @@ func (rs *RoundState) StringShort() string {
 	return fmt.Sprintf(`RoundState{H:%v R:%v S:%v ST:%v}`,
 		rs.Height, rs.Round, rs.Step, rs.StartTime)
 }
+
+//-----------------------------------------------------------
+// These methods are for Protobuf Compatibility
+
+// Size returns the size of the amino encoding, in bytes.
+func (rs *RoundStateSimple) Size() int {
+	bs, _ := rs.Marshal()
+	return len(bs)
+}
+
+// Marshal returns the amino encoding.
+func (rs *RoundStateSimple) Marshal() ([]byte, error) {
+	return cdc.MarshalBinaryBare(rs)
+}
+
+// MarshalTo calls Marshal and copies to the given buffer.
+func (rs *RoundStateSimple) MarshalTo(data []byte) (int, error) {
+	bs, err := rs.Marshal()
+	if err != nil {
+		return -1, err
+	}
+	return copy(data, bs), nil
+}
+
+// Unmarshal deserializes from amino encoded form.
+func (rs *RoundStateSimple) Unmarshal(bs []byte) error {
+	return cdc.UnmarshalBinaryBare(bs, rs)
+}
--- a/consensus/wal_generator.go
+++ b/consensus/wal_generator.go
@@ -40,8 +40,9 @@ func WALGenerateNBlocks(wr io.Writer, numBlocks int) (err error) {
 	// COPY PASTE FROM node.go WITH A FEW MODIFICATIONS
 	// NOTE: we can't import node package because of circular dependency.
 	// NOTE: we don't do handshake so need to set state.Version.Consensus.App directly.
-	privValidatorFile := config.PrivValidatorFile()
-	privValidator := privval.LoadOrGenFilePV(privValidatorFile)
+	privValidatorKeyFile := config.PrivValidatorKeyFile()
+	privValidatorStateFile := config.PrivValidatorStateFile()
+	privValidator := privval.LoadOrGenFilePV(privValidatorKeyFile, privValidatorStateFile)
 	genDoc, err := types.GenesisDocFromFile(config.GenesisFile())
 	if err != nil {
 		return errors.Wrap(err, "failed to read genesis file")
--- a/consensus/wal_test.go
+++ b/consensus/wal_test.go
@@ -7,13 +7,13 @@ import (
 	"io/ioutil"
 	"os"
 	"path/filepath"
-
 	// "sync"
 	"testing"
 	"time"

 	"github.com/tendermint/tendermint/consensus/types"
 	"github.com/tendermint/tendermint/libs/autofile"
+	"github.com/tendermint/tendermint/libs/log"
 	tmtypes "github.com/tendermint/tendermint/types"
 	tmtime "github.com/tendermint/tendermint/types/time"

@@ -23,29 +23,27 @@ import (

 func TestWALTruncate(t *testing.T) {
 	walDir, err := ioutil.TempDir("", "wal")
-	if err != nil {
-		panic(fmt.Errorf("failed to create temp WAL file: %v", err))
-	}
+	require.NoError(t, err)
 	defer os.RemoveAll(walDir)

 	walFile := filepath.Join(walDir, "wal")

 	//this magic number 4K can truncate the content when RotateFile. defaultHeadSizeLimit(10M) is hard to simulate.
 	//this magic number 1 * time.Millisecond make RotateFile check frequently. defaultGroupCheckDuration(5s) is hard to simulate.
-	wal, err := NewWAL(walFile, autofile.GroupHeadSizeLimit(4096), autofile.GroupCheckDuration(1*time.Millisecond))
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	wal.Start()
+	wal, err := NewWAL(walFile,
+		autofile.GroupHeadSizeLimit(4096),
+		autofile.GroupCheckDuration(1*time.Millisecond),
+	)
+	require.NoError(t, err)
+	wal.SetLogger(log.TestingLogger())
+	err = wal.Start()
+	require.NoError(t, err)
 	defer wal.Stop()

 	//60 block's size nearly 70K, greater than group's headBuf size(4096 * 10), when headBuf is full, truncate content will Flush to the file.
 	//at this time, RotateFile is called, truncate content exist in each file.
 	err = WALGenerateNBlocks(wal.Group(), 60)
-	if err != nil {
-		t.Fatal(err)
-	}
+	require.NoError(t, err)

 	time.Sleep(1 * time.Millisecond) //wait groupCheckDuration, make sure RotateFile run

@@ -99,9 +97,8 @@ func TestWALSearchForEndHeight(t *testing.T) {
 	walFile := tempWALWithData(walBody)

 	wal, err := NewWAL(walFile)
-	if err != nil {
-		t.Fatal(err)
-	}
+	require.NoError(t, err)
+	wal.SetLogger(log.TestingLogger())

 	h := int64(3)
 	gr, found, err := wal.SearchForEndHeight(h, &WALSearchOptions{})
--- a/crypto/armor/armor.go
+++ b/crypto/armor/armor.go
@@ -5,7 +5,7 @@ import (
 	"fmt"
 	"io/ioutil"

-	"golang.org/x/crypto/openpgp/armor" // forked to github.com/tendermint/crypto
+	"golang.org/x/crypto/openpgp/armor"
 )

 func EncodeArmor(blockType string, headers map[string]string, data []byte) string {
--- a/crypto/ed25519/ed25519.go
+++ b/crypto/ed25519/ed25519.go
@@ -7,7 +7,7 @@ import (
 	"io"

 	amino "github.com/tendermint/go-amino"
-	"golang.org/x/crypto/ed25519" // forked to github.com/tendermint/crypto
+	"golang.org/x/crypto/ed25519"

 	"github.com/tendermint/tendermint/crypto"
 	"github.com/tendermint/tendermint/crypto/tmhash"
@@ -18,8 +18,8 @@ import (
 var _ crypto.PrivKey = PrivKeyEd25519{}

 const (
-	PrivKeyAminoRoute = "tendermint/PrivKeyEd25519"
-	PubKeyAminoRoute  = "tendermint/PubKeyEd25519"
+	PrivKeyAminoName = "tendermint/PrivKeyEd25519"
+	PubKeyAminoName  = "tendermint/PubKeyEd25519"
 	// Size of an Edwards25519 signature. Namely the size of a compressed
 	// Edwards25519 point, and a field element. Both of which are 32 bytes.
 	SignatureSize = 64
@@ -30,11 +30,11 @@ var cdc = amino.NewCodec()
 func init() {
 	cdc.RegisterInterface((*crypto.PubKey)(nil), nil)
 	cdc.RegisterConcrete(PubKeyEd25519{},
-		PubKeyAminoRoute, nil)
+		PubKeyAminoName, nil)

 	cdc.RegisterInterface((*crypto.PrivKey)(nil), nil)
 	cdc.RegisterConcrete(PrivKeyEd25519{},
-		PrivKeyAminoRoute, nil)
+		PrivKeyAminoName, nil)
 }

 // PrivKeyEd25519 implements crypto.PrivKey.
--- a/crypto/encoding/amino/amino.go
+++ b/crypto/encoding/amino/amino.go
@@ -12,11 +12,11 @@ import (

 var cdc = amino.NewCodec()

-// routeTable is used to map public key concrete types back
-// to their amino routes. This should eventually be handled
+// nameTable is used to map public key concrete types back
+// to their registered amino names. This should eventually be handled
 // by amino. Example usage:
-// routeTable[reflect.TypeOf(ed25519.PubKeyEd25519{})] = ed25519.PubKeyAminoRoute
-var routeTable = make(map[reflect.Type]string, 3)
+// nameTable[reflect.TypeOf(ed25519.PubKeyEd25519{})] = ed25519.PubKeyAminoName
+var nameTable = make(map[reflect.Type]string, 3)

 func init() {
 	// NOTE: It's important that there be no conflicts here,
@@ -29,16 +29,16 @@ func init() {

 	// TODO: Have amino provide a way to go from concrete struct to route directly.
 	// Its currently a private API
-	routeTable[reflect.TypeOf(ed25519.PubKeyEd25519{})] = ed25519.PubKeyAminoRoute
-	routeTable[reflect.TypeOf(secp256k1.PubKeySecp256k1{})] = secp256k1.PubKeyAminoRoute
-	routeTable[reflect.TypeOf(&multisig.PubKeyMultisigThreshold{})] = multisig.PubKeyMultisigThresholdAminoRoute
+	nameTable[reflect.TypeOf(ed25519.PubKeyEd25519{})] = ed25519.PubKeyAminoName
+	nameTable[reflect.TypeOf(secp256k1.PubKeySecp256k1{})] = secp256k1.PubKeyAminoName
+	nameTable[reflect.TypeOf(multisig.PubKeyMultisigThreshold{})] = multisig.PubKeyMultisigThresholdAminoRoute
 }

-// PubkeyAminoRoute returns the amino route of a pubkey
+// PubkeyAminoName returns the amino route of a pubkey
 // cdc is currently passed in, as eventually this will not be using
 // a package level codec.
-func PubkeyAminoRoute(cdc *amino.Codec, key crypto.PubKey) (string, bool) {
-	route, found := routeTable[reflect.TypeOf(key)]
+func PubkeyAminoName(cdc *amino.Codec, key crypto.PubKey) (string, bool) {
+	route, found := nameTable[reflect.TypeOf(key)]
 	return route, found
 }

@@ -47,17 +47,17 @@ func RegisterAmino(cdc *amino.Codec) {
 	// These are all written here instead of
 	cdc.RegisterInterface((*crypto.PubKey)(nil), nil)
 	cdc.RegisterConcrete(ed25519.PubKeyEd25519{},
-		ed25519.PubKeyAminoRoute, nil)
+		ed25519.PubKeyAminoName, nil)
 	cdc.RegisterConcrete(secp256k1.PubKeySecp256k1{},
-		secp256k1.PubKeyAminoRoute, nil)
+		secp256k1.PubKeyAminoName, nil)
 	cdc.RegisterConcrete(multisig.PubKeyMultisigThreshold{},
 		multisig.PubKeyMultisigThresholdAminoRoute, nil)

 	cdc.RegisterInterface((*crypto.PrivKey)(nil), nil)
 	cdc.RegisterConcrete(ed25519.PrivKeyEd25519{},
-		ed25519.PrivKeyAminoRoute, nil)
+		ed25519.PrivKeyAminoName, nil)
 	cdc.RegisterConcrete(secp256k1.PrivKeySecp256k1{},
-		secp256k1.PrivKeyAminoRoute, nil)
+		secp256k1.PrivKeyAminoName, nil)
 }

 func PrivKeyFromBytes(privKeyBytes []byte) (privKey crypto.PrivKey, err error) {
--- a/crypto/encoding/amino/encode_test.go
+++ b/crypto/encoding/amino/encode_test.go
@@ -128,18 +128,18 @@ func TestPubKeyInvalidDataProperReturnsEmpty(t *testing.T) {
 	require.Nil(t, pk)
 }

-func TestPubkeyAminoRoute(t *testing.T) {
+func TestPubkeyAminoName(t *testing.T) {
 	tests := []struct {
 		key   crypto.PubKey
 		want  string
 		found bool
 	}{
-		{ed25519.PubKeyEd25519{}, ed25519.PubKeyAminoRoute, true},
-		{secp256k1.PubKeySecp256k1{}, secp256k1.PubKeyAminoRoute, true},
-		{&multisig.PubKeyMultisigThreshold{}, multisig.PubKeyMultisigThresholdAminoRoute, true},
+		{ed25519.PubKeyEd25519{}, ed25519.PubKeyAminoName, true},
+		{secp256k1.PubKeySecp256k1{}, secp256k1.PubKeyAminoName, true},
+		{multisig.PubKeyMultisigThreshold{}, multisig.PubKeyMultisigThresholdAminoRoute, true},
 	}
 	for i, tc := range tests {
-		got, found := PubkeyAminoRoute(cdc, tc.key)
+		got, found := PubkeyAminoName(cdc, tc.key)
 		require.Equal(t, tc.found, found, "not equal on tc %d", i)
 		if tc.found {
 			require.Equal(t, tc.want, got, "not equal on tc %d", i)
--- a/crypto/hash.go
+++ b/crypto/hash.go
@@ -3,7 +3,7 @@ package crypto
 import (
 	"crypto/sha256"

-	"golang.org/x/crypto/ripemd160" // forked to github.com/tendermint/crypto
+	"golang.org/x/crypto/ripemd160"
 )

 func Sha256(bytes []byte) []byte {
--- a/crypto/merkle/hash.go
+++ b/crypto/merkle/hash.go
@@ -0,0 +1,21 @@
+package merkle
+
+import (
+	"github.com/tendermint/tendermint/crypto/tmhash"
+)
+
+// TODO: make these have a large predefined capacity
+var (
+	leafPrefix  = []byte{0}
+	innerPrefix = []byte{1}
+)
+
+// returns tmhash(0x00 || leaf)
+func leafHash(leaf []byte) []byte {
+	return tmhash.Sum(append(leafPrefix, leaf...))
+}
+
+// returns tmhash(0x01 || left || right)
+func innerHash(left []byte, right []byte) []byte {
+	return tmhash.Sum(append(innerPrefix, append(left, right...)...))
+}
--- a/crypto/merkle/proof_simple_value.go
+++ b/crypto/merkle/proof_simple_value.go
@@ -71,11 +71,11 @@ func (op SimpleValueOp) Run(args [][]byte) ([][]byte, error) {
 	hasher.Write(value) // does not error
 	vhash := hasher.Sum(nil)

+	bz := new(bytes.Buffer)
 	// Wrap <op.Key, vhash> to hash the KVPair.
-	hasher = tmhash.New()
-	encodeByteSlice(hasher, []byte(op.key)) // does not error
-	encodeByteSlice(hasher, []byte(vhash))  // does not error
-	kvhash := hasher.Sum(nil)
+	encodeByteSlice(bz, []byte(op.key)) // does not error
+	encodeByteSlice(bz, []byte(vhash))  // does not error
+	kvhash := leafHash(bz.Bytes())

 	if !bytes.Equal(kvhash, op.Proof.LeafHash) {
 		return nil, cmn.NewError("leaf hash mismatch: want %X got %X", op.Proof.LeafHash, kvhash)
--- a/crypto/merkle/rfc6962_test.go
+++ b/crypto/merkle/rfc6962_test.go
@@ -0,0 +1,97 @@
+package merkle
+
+// Copyright 2016 Google Inc. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// These tests were taken from https://github.com/google/trillian/blob/master/merkle/rfc6962/rfc6962_test.go,
+// and consequently fall under the above license.
+import (
+	"bytes"
+	"encoding/hex"
+	"testing"
+
+	"github.com/tendermint/tendermint/crypto/tmhash"
+)
+
+func TestRFC6962Hasher(t *testing.T) {
+	_, leafHashTrail := trailsFromByteSlices([][]byte{[]byte("L123456")})
+	leafHash := leafHashTrail.Hash
+	_, leafHashTrail = trailsFromByteSlices([][]byte{[]byte{}})
+	emptyLeafHash := leafHashTrail.Hash
+	for _, tc := range []struct {
+		desc string
+		got  []byte
+		want string
+	}{
+		// Since creating a merkle tree of no leaves is unsupported here, we skip
+		// the corresponding trillian test vector.
+
+		// Check that the empty hash is not the same as the hash of an empty leaf.
+		// echo -n 00 | xxd -r -p | sha256sum
+		{
+			desc: "RFC6962 Empty Leaf",
+			want: "6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d"[:tmhash.Size*2],
+			got:  emptyLeafHash,
+		},
+		// echo -n 004C313233343536 | xxd -r -p | sha256sum
+		{
+			desc: "RFC6962 Leaf",
+			want: "395aa064aa4c29f7010acfe3f25db9485bbd4b91897b6ad7ad547639252b4d56"[:tmhash.Size*2],
+			got:  leafHash,
+		},
+		// echo -n 014E3132334E343536 | xxd -r -p | sha256sum
+		{
+			desc: "RFC6962 Node",
+			want: "aa217fe888e47007fa15edab33c2b492a722cb106c64667fc2b044444de66bbb"[:tmhash.Size*2],
+			got:  innerHash([]byte("N123"), []byte("N456")),
+		},
+	} {
+		t.Run(tc.desc, func(t *testing.T) {
+			wantBytes, err := hex.DecodeString(tc.want)
+			if err != nil {
+				t.Fatalf("hex.DecodeString(%x): %v", tc.want, err)
+			}
+			if got, want := tc.got, wantBytes; !bytes.Equal(got, want) {
+				t.Errorf("got %x, want %x", got, want)
+			}
+		})
+	}
+}
+
+func TestRFC6962HasherCollisions(t *testing.T) {
+	// Check that different leaves have different hashes.
+	leaf1, leaf2 := []byte("Hello"), []byte("World")
+	_, leafHashTrail := trailsFromByteSlices([][]byte{leaf1})
+	hash1 := leafHashTrail.Hash
+	_, leafHashTrail = trailsFromByteSlices([][]byte{leaf2})
+	hash2 := leafHashTrail.Hash
+	if bytes.Equal(hash1, hash2) {
+		t.Errorf("Leaf hashes should differ, but both are %x", hash1)
+	}
+	// Compute an intermediate subtree hash.
+	_, subHash1Trail := trailsFromByteSlices([][]byte{hash1, hash2})
+	subHash1 := subHash1Trail.Hash
+	// Check that this is not the same as a leaf hash of their concatenation.
+	preimage := append(hash1, hash2...)
+	_, forgedHashTrail := trailsFromByteSlices([][]byte{preimage})
+	forgedHash := forgedHashTrail.Hash
+	if bytes.Equal(subHash1, forgedHash) {
+		t.Errorf("Hasher is not second-preimage resistant")
+	}
+	// Swap the order of nodes and check that the hash is different.
+	_, subHash2Trail := trailsFromByteSlices([][]byte{hash2, hash1})
+	subHash2 := subHash2Trail.Hash
+	if bytes.Equal(subHash1, subHash2) {
+		t.Errorf("Subtree hash does not depend on the order of leaves")
+	}
+}
--- a/crypto/merkle/simple_map_test.go
+++ b/crypto/merkle/simple_map_test.go
@@ -13,14 +13,14 @@ func TestSimpleMap(t *testing.T) {
 		values []string // each string gets converted to []byte in test
 		want   string
 	}{
-		{[]string{"key1"}, []string{"value1"}, "321d150de16dceb51c72981b432b115045383259b1a550adf8dc80f927508967"},
-		{[]string{"key1"}, []string{"value2"}, "2a9e4baf321eac99f6eecc3406603c14bc5e85bb7b80483cbfc75b3382d24a2f"},
+		{[]string{"key1"}, []string{"value1"}, "a44d3cc7daba1a4600b00a2434b30f8b970652169810d6dfa9fb1793a2189324"},
+		{[]string{"key1"}, []string{"value2"}, "0638e99b3445caec9d95c05e1a3fc1487b4ddec6a952ff337080360b0dcc078c"},
 		// swap order with 2 keys
-		{[]string{"key1", "key2"}, []string{"value1", "value2"}, "c4d8913ab543ba26aa970646d4c99a150fd641298e3367cf68ca45fb45a49881"},
-		{[]string{"key2", "key1"}, []string{"value2", "value1"}, "c4d8913ab543ba26aa970646d4c99a150fd641298e3367cf68ca45fb45a49881"},
+		{[]string{"key1", "key2"}, []string{"value1", "value2"}, "8fd19b19e7bb3f2b3ee0574027d8a5a4cec370464ea2db2fbfa5c7d35bb0cff3"},
+		{[]string{"key2", "key1"}, []string{"value2", "value1"}, "8fd19b19e7bb3f2b3ee0574027d8a5a4cec370464ea2db2fbfa5c7d35bb0cff3"},
 		// swap order with 3 keys
-		{[]string{"key1", "key2", "key3"}, []string{"value1", "value2", "value3"}, "b23cef00eda5af4548a213a43793f2752d8d9013b3f2b64bc0523a4791196268"},
-		{[]string{"key1", "key3", "key2"}, []string{"value1", "value3", "value2"}, "b23cef00eda5af4548a213a43793f2752d8d9013b3f2b64bc0523a4791196268"},
+		{[]string{"key1", "key2", "key3"}, []string{"value1", "value2", "value3"}, "1dd674ec6782a0d586a903c9c63326a41cbe56b3bba33ed6ff5b527af6efb3dc"},
+		{[]string{"key1", "key3", "key2"}, []string{"value1", "value3", "value2"}, "1dd674ec6782a0d586a903c9c63326a41cbe56b3bba33ed6ff5b527af6efb3dc"},
 	}
 	for i, tc := range tests {
 		db := newSimpleMap()
--- a/crypto/merkle/simple_proof.go
+++ b/crypto/merkle/simple_proof.go
@@ -5,7 +5,6 @@ import (
 	"errors"
 	"fmt"

-	"github.com/tendermint/tendermint/crypto/tmhash"
 	cmn "github.com/tendermint/tendermint/libs/common"
 )

@@ -67,7 +66,8 @@ func SimpleProofsFromMap(m map[string][]byte) (rootHash []byte, proofs map[strin

 // Verify that the SimpleProof proves the root hash.
 // Check sp.Index/sp.Total manually if needed
-func (sp *SimpleProof) Verify(rootHash []byte, leafHash []byte) error {
+func (sp *SimpleProof) Verify(rootHash []byte, leaf []byte) error {
+	leafHash := leafHash(leaf)
 	if sp.Total < 0 {
 		return errors.New("Proof total must be positive")
 	}
@@ -128,19 +128,19 @@ func computeHashFromAunts(index int, total int, leafHash []byte, innerHashes [][
 		if len(innerHashes) == 0 {
 			return nil
 		}
-		numLeft := (total + 1) / 2
+		numLeft := getSplitPoint(total)
 		if index < numLeft {
 			leftHash := computeHashFromAunts(index, numLeft, leafHash, innerHashes[:len(innerHashes)-1])
 			if leftHash == nil {
 				return nil
 			}
-			return simpleHashFromTwoHashes(leftHash, innerHashes[len(innerHashes)-1])
+			return innerHash(leftHash, innerHashes[len(innerHashes)-1])
 		}
 		rightHash := computeHashFromAunts(index-numLeft, total-numLeft, leafHash, innerHashes[:len(innerHashes)-1])
 		if rightHash == nil {
 			return nil
 		}
-		return simpleHashFromTwoHashes(innerHashes[len(innerHashes)-1], rightHash)
+		return innerHash(innerHashes[len(innerHashes)-1], rightHash)
 	}
 }

@@ -182,12 +182,13 @@ func trailsFromByteSlices(items [][]byte) (trails []*SimpleProofNode, root *Simp
 	case 0:
 		return nil, nil
 	case 1:
-		trail := &SimpleProofNode{tmhash.Sum(items[0]), nil, nil, nil}
+		trail := &SimpleProofNode{leafHash(items[0]), nil, nil, nil}
 		return []*SimpleProofNode{trail}, trail
 	default:
-		lefts, leftRoot := trailsFromByteSlices(items[:(len(items)+1)/2])
-		rights, rightRoot := trailsFromByteSlices(items[(len(items)+1)/2:])
-		rootHash := simpleHashFromTwoHashes(leftRoot.Hash, rightRoot.Hash)
+		k := getSplitPoint(len(items))
+		lefts, leftRoot := trailsFromByteSlices(items[:k])
+		rights, rightRoot := trailsFromByteSlices(items[k:])
+		rootHash := innerHash(leftRoot.Hash, rightRoot.Hash)
 		root := &SimpleProofNode{rootHash, nil, nil, nil}
 		leftRoot.Parent = root
 		leftRoot.Right = rightRoot
--- a/crypto/merkle/simple_tree.go
+++ b/crypto/merkle/simple_tree.go
@@ -1,23 +1,9 @@
 package merkle

 import (
-	"github.com/tendermint/tendermint/crypto/tmhash"
+	"math/bits"
 )

-// simpleHashFromTwoHashes is the basic operation of the Merkle tree: Hash(left | right).
-func simpleHashFromTwoHashes(left, right []byte) []byte {
-	var hasher = tmhash.New()
-	err := encodeByteSlice(hasher, left)
-	if err != nil {
-		panic(err)
-	}
-	err = encodeByteSlice(hasher, right)
-	if err != nil {
-		panic(err)
-	}
-	return hasher.Sum(nil)
-}
-
 // SimpleHashFromByteSlices computes a Merkle tree where the leaves are the byte slice,
 // in the provided order.
 func SimpleHashFromByteSlices(items [][]byte) []byte {
@@ -25,11 +11,12 @@ func SimpleHashFromByteSlices(items [][]byte) []byte {
 	case 0:
 		return nil
 	case 1:
-		return tmhash.Sum(items[0])
+		return leafHash(items[0])
 	default:
-		left := SimpleHashFromByteSlices(items[:(len(items)+1)/2])
-		right := SimpleHashFromByteSlices(items[(len(items)+1)/2:])
-		return simpleHashFromTwoHashes(left, right)
+		k := getSplitPoint(len(items))
+		left := SimpleHashFromByteSlices(items[:k])
+		right := SimpleHashFromByteSlices(items[k:])
+		return innerHash(left, right)
 	}
 }

@@ -44,3 +31,17 @@ func SimpleHashFromMap(m map[string][]byte) []byte {
 	}
 	return sm.Hash()
 }
+
+// getSplitPoint returns the largest power of 2 less than length
+func getSplitPoint(length int) int {
+	if length < 1 {
+		panic("Trying to split a tree with size < 1")
+	}
+	uLength := uint(length)
+	bitlen := bits.Len(uLength)
+	k := 1 << uint(bitlen-1)
+	if k == length {
+		k >>= 1
+	}
+	return k
+}
--- a/crypto/merkle/simple_tree_test.go
+++ b/crypto/merkle/simple_tree_test.go
@@ -34,7 +34,6 @@ func TestSimpleProof(t *testing.T) {

 	// For each item, check the trail.
 	for i, item := range items {
-		itemHash := tmhash.Sum(item)
 		proof := proofs[i]

 		// Check total/index
@@ -43,30 +42,53 @@ func TestSimpleProof(t *testing.T) {
 		require.Equal(t, proof.Total, total, "Unmatched totals: %d vs %d", proof.Total, total)

 		// Verify success
-		err := proof.Verify(rootHash, itemHash)
-		require.NoError(t, err, "Verificatior failed: %v.", err)
+		err := proof.Verify(rootHash, item)
+		require.NoError(t, err, "Verification failed: %v.", err)

 		// Trail too long should make it fail
 		origAunts := proof.Aunts
 		proof.Aunts = append(proof.Aunts, cmn.RandBytes(32))
-		err = proof.Verify(rootHash, itemHash)
+		err = proof.Verify(rootHash, item)
 		require.Error(t, err, "Expected verification to fail for wrong trail length")

 		proof.Aunts = origAunts

 		// Trail too short should make it fail
 		proof.Aunts = proof.Aunts[0 : len(proof.Aunts)-1]
-		err = proof.Verify(rootHash, itemHash)
+		err = proof.Verify(rootHash, item)
 		require.Error(t, err, "Expected verification to fail for wrong trail length")

 		proof.Aunts = origAunts

 		// Mutating the itemHash should make it fail.
-		err = proof.Verify(rootHash, MutateByteSlice(itemHash))
+		err = proof.Verify(rootHash, MutateByteSlice(item))
 		require.Error(t, err, "Expected verification to fail for mutated leaf hash")

 		// Mutating the rootHash should make it fail.
-		err = proof.Verify(MutateByteSlice(rootHash), itemHash)
+		err = proof.Verify(MutateByteSlice(rootHash), item)
 		require.Error(t, err, "Expected verification to fail for mutated root hash")
 	}
 }
+
+func Test_getSplitPoint(t *testing.T) {
+	tests := []struct {
+		length int
+		want   int
+	}{
+		{1, 0},
+		{2, 1},
+		{3, 2},
+		{4, 2},
+		{5, 4},
+		{10, 8},
+		{20, 16},
+		{100, 64},
+		{255, 128},
+		{256, 128},
+		{257, 256},
+	}
+	for _, tt := range tests {
+		got := getSplitPoint(tt.length)
+		require.Equal(t, tt.want, got, "getSplitPoint(%d) = %v, want %v", tt.length, got, tt.want)
+	}
+}
--- a/crypto/multisig/threshold_pubkey.go
+++ b/crypto/multisig/threshold_pubkey.go
@@ -2,7 +2,6 @@ package multisig

 import (
 	"github.com/tendermint/tendermint/crypto"
-	"github.com/tendermint/tendermint/crypto/tmhash"
 )

 // PubKeyMultisigThreshold implements a K of N threshold multisig.
@@ -11,7 +10,7 @@ type PubKeyMultisigThreshold struct {
 	PubKeys []crypto.PubKey `json:"pubkeys"`
 }

-var _ crypto.PubKey = &PubKeyMultisigThreshold{}
+var _ crypto.PubKey = PubKeyMultisigThreshold{}

 // NewPubKeyMultisigThreshold returns a new PubKeyMultisigThreshold.
 // Panics if len(pubkeys) < k or 0 >= k.
@@ -22,7 +21,7 @@ func NewPubKeyMultisigThreshold(k int, pubkeys []crypto.PubKey) crypto.PubKey {
 	if len(pubkeys) < k {
 		panic("threshold k of n multisignature: len(pubkeys) < k")
 	}
-	return &PubKeyMultisigThreshold{uint(k), pubkeys}
+	return PubKeyMultisigThreshold{uint(k), pubkeys}
 }

 // VerifyBytes expects sig to be an amino encoded version of a MultiSignature.
@@ -31,8 +30,8 @@ func NewPubKeyMultisigThreshold(k int, pubkeys []crypto.PubKey) crypto.PubKey {
 // and all signatures are valid. (Not just k of the signatures)
 // The multisig uses a bitarray, so multiple signatures for the same key is not
 // a concern.
-func (pk *PubKeyMultisigThreshold) VerifyBytes(msg []byte, marshalledSig []byte) bool {
-	var sig *Multisignature
+func (pk PubKeyMultisigThreshold) VerifyBytes(msg []byte, marshalledSig []byte) bool {
+	var sig Multisignature
 	err := cdc.UnmarshalBinaryBare(marshalledSig, &sig)
 	if err != nil {
 		return false
@@ -64,19 +63,19 @@ func (pk *PubKeyMultisigThreshold) VerifyBytes(msg []byte, marshalledSig []byte)
 }

 // Bytes returns the amino encoded version of the PubKeyMultisigThreshold
-func (pk *PubKeyMultisigThreshold) Bytes() []byte {
+func (pk PubKeyMultisigThreshold) Bytes() []byte {
 	return cdc.MustMarshalBinaryBare(pk)
 }

 // Address returns tmhash(PubKeyMultisigThreshold.Bytes())
-func (pk *PubKeyMultisigThreshold) Address() crypto.Address {
-	return crypto.Address(tmhash.Sum(pk.Bytes()))
+func (pk PubKeyMultisigThreshold) Address() crypto.Address {
+	return crypto.AddressHash(pk.Bytes())
 }

 // Equals returns true iff pk and other both have the same number of keys, and
 // all constituent keys are the same, and in the same order.
-func (pk *PubKeyMultisigThreshold) Equals(other crypto.PubKey) bool {
-	otherKey, sameType := other.(*PubKeyMultisigThreshold)
+func (pk PubKeyMultisigThreshold) Equals(other crypto.PubKey) bool {
+	otherKey, sameType := other.(PubKeyMultisigThreshold)
 	if !sameType {
 		return false
 	}
--- a/crypto/multisig/threshold_pubkey_test.go
+++ b/crypto/multisig/threshold_pubkey_test.go
@@ -82,7 +82,7 @@ func TestMultiSigPubKeyEquality(t *testing.T) {
 	msg := []byte{1, 2, 3, 4}
 	pubkeys, _ := generatePubKeysAndSignatures(5, msg)
 	multisigKey := NewPubKeyMultisigThreshold(2, pubkeys)
-	var unmarshalledMultisig *PubKeyMultisigThreshold
+	var unmarshalledMultisig PubKeyMultisigThreshold
 	cdc.MustUnmarshalBinaryBare(multisigKey.Bytes(), &unmarshalledMultisig)
 	require.True(t, multisigKey.Equals(unmarshalledMultisig))

@@ -95,6 +95,29 @@ func TestMultiSigPubKeyEquality(t *testing.T) {
 	require.False(t, multisigKey.Equals(multisigKey2))
 }

+func TestAddress(t *testing.T) {
+	msg := []byte{1, 2, 3, 4}
+	pubkeys, _ := generatePubKeysAndSignatures(5, msg)
+	multisigKey := NewPubKeyMultisigThreshold(2, pubkeys)
+	require.Len(t, multisigKey.Address().Bytes(), 20)
+}
+
+func TestPubKeyMultisigThresholdAminoToIface(t *testing.T) {
+	msg := []byte{1, 2, 3, 4}
+	pubkeys, _ := generatePubKeysAndSignatures(5, msg)
+	multisigKey := NewPubKeyMultisigThreshold(2, pubkeys)
+
+	ab, err := cdc.MarshalBinaryLengthPrefixed(multisigKey)
+	require.NoError(t, err)
+	// like other crypto.Pubkey implementations (e.g. ed25519.PubKeyEd25519),
+	// PubKeyMultisigThreshold should be deserializable into a crypto.PubKey:
+	var pubKey crypto.PubKey
+	err = cdc.UnmarshalBinaryLengthPrefixed(ab, &pubKey)
+	require.NoError(t, err)
+
+	require.Equal(t, multisigKey, pubKey)
+}
+
 func generatePubKeysAndSignatures(n int, msg []byte) (pubkeys []crypto.PubKey, signatures [][]byte) {
 	pubkeys = make([]crypto.PubKey, n)
 	signatures = make([][]byte, n)
--- a/crypto/multisig/wire.go
+++ b/crypto/multisig/wire.go
@@ -20,7 +20,7 @@ func init() {
 	cdc.RegisterConcrete(PubKeyMultisigThreshold{},
 		PubKeyMultisigThresholdAminoRoute, nil)
 	cdc.RegisterConcrete(ed25519.PubKeyEd25519{},
-		ed25519.PubKeyAminoRoute, nil)
+		ed25519.PubKeyAminoName, nil)
 	cdc.RegisterConcrete(secp256k1.PubKeySecp256k1{},
-		secp256k1.PubKeyAminoRoute, nil)
+		secp256k1.PubKeyAminoName, nil)
 }
--- a/crypto/secp256k1/secp256k1.go
+++ b/crypto/secp256k1/secp256k1.go
@@ -9,15 +9,15 @@ import (

 	secp256k1 "github.com/tendermint/btcd/btcec"
 	amino "github.com/tendermint/go-amino"
-	"golang.org/x/crypto/ripemd160" // forked to github.com/tendermint/crypto
+	"golang.org/x/crypto/ripemd160"

 	"github.com/tendermint/tendermint/crypto"
 )

 //-------------------------------------
 const (
-	PrivKeyAminoRoute = "tendermint/PrivKeySecp256k1"
-	PubKeyAminoRoute  = "tendermint/PubKeySecp256k1"
+	PrivKeyAminoName = "tendermint/PrivKeySecp256k1"
+	PubKeyAminoName  = "tendermint/PubKeySecp256k1"
 )

 var cdc = amino.NewCodec()
@@ -25,11 +25,11 @@ var cdc = amino.NewCodec()
 func init() {
 	cdc.RegisterInterface((*crypto.PubKey)(nil), nil)
 	cdc.RegisterConcrete(PubKeySecp256k1{},
-		PubKeyAminoRoute, nil)
+		PubKeyAminoName, nil)

 	cdc.RegisterInterface((*crypto.PrivKey)(nil), nil)
 	cdc.RegisterConcrete(PrivKeySecp256k1{},
-		PrivKeyAminoRoute, nil)
+		PrivKeyAminoName, nil)
 }

 //-------------------------------------
--- a/crypto/xchacha20poly1305/xchachapoly.go
+++ b/crypto/xchacha20poly1305/xchachapoly.go
@@ -8,7 +8,7 @@ import (
 	"errors"
 	"fmt"

-	"golang.org/x/crypto/chacha20poly1305" // forked to github.com/tendermint/crypto
+	"golang.org/x/crypto/chacha20poly1305"
 )

 // Implements crypto.AEAD
--- a/crypto/xsalsa20symmetric/symmetric.go
+++ b/crypto/xsalsa20symmetric/symmetric.go
@@ -4,7 +4,7 @@ import (
 	"errors"
 	"fmt"

-	"golang.org/x/crypto/nacl/secretbox" // forked to github.com/tendermint/crypto
+	"golang.org/x/crypto/nacl/secretbox"

 	"github.com/tendermint/tendermint/crypto"
 	cmn "github.com/tendermint/tendermint/libs/common"
--- a/crypto/xsalsa20symmetric/symmetric_test.go
+++ b/crypto/xsalsa20symmetric/symmetric_test.go
@@ -6,7 +6,7 @@ import (
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"

-	"golang.org/x/crypto/bcrypt" // forked to github.com/tendermint/crypto
+	"golang.org/x/crypto/bcrypt"

 	"github.com/tendermint/tendermint/crypto"
 )
@@ -30,9 +30,7 @@ func TestSimpleWithKDF(t *testing.T) {

 	plaintext := []byte("sometext")
 	secretPass := []byte("somesecret")
-	salt := []byte("somesaltsomesalt") // len 16
-	// NOTE: we use a fork of x/crypto so we can inject our own randomness for salt
-	secret, err := bcrypt.GenerateFromPassword(salt, secretPass, 12)
+	secret, err := bcrypt.GenerateFromPassword(secretPass, 12)
 	if err != nil {
 		t.Error(err)
 	}
--- a/docs/.vuepress/config.js
+++ b/docs/.vuepress/config.js
@@ -8,8 +8,21 @@ module.exports = {
    lineNumbers: true
  },
  themeConfig: {
-    lastUpdated: "Last Updated",
-    nav: [{ text: "Back to Tendermint", link: "https://tendermint.com" }],
+    repo: "tendermint/tendermint",
+    editLinks: true,
+    docsDir: "docs",
+    docsBranch: "develop",
+    editLinkText: 'Edit this page on Github',
+    lastUpdated: true,
+    algolia: {
+      apiKey: '59f0e2deb984aa9cdf2b3a5fd24ac501',
+      indexName: 'tendermint',
+      debug: false
+    },
+    nav: [
+      { text: "Back to Tendermint", link: "https://tendermint.com" },
+      { text: "RPC", link: "../rpc/" }
+    ],
    sidebar: [
      {
        title: "Introduction",
@@ -21,6 +34,20 @@ module.exports = {
          "/introduction/what-is-tendermint"
        ]
      },
+      {
+        title: "Apps",
+        collapsable: false,
+        children: [
+          "/app-dev/getting-started",
+          "/app-dev/abci-cli",
+          "/app-dev/app-architecture",
+          "/app-dev/app-development",
+          "/app-dev/subscribing-to-events-via-websocket",
+          "/app-dev/indexing-transactions",
+          "/app-dev/abci-spec",
+          "/app-dev/ecosystem"
+        ]
+      },
      {
        title: "Tendermint Core",
        collapsable: false,
@@ -39,15 +66,6 @@ module.exports = {
          "/tendermint-core/validators"
        ]
      },
-      {
-        title: "Tools",
-        collapsable: false,
-        children:  [
-	  "/tools/",
-	  "/tools/benchmarking",
-	  "/tools/monitoring"
-	]
-      },
      {
        title: "Networks",
        collapsable: false,
@@ -58,18 +76,13 @@ module.exports = {
        ]
      },
      {
-        title: "Apps",
+        title: "Tools",
        collapsable: false,
-        children: [
-          "/app-dev/getting-started",
-          "/app-dev/abci-cli",
-          "/app-dev/app-architecture",
-          "/app-dev/app-development",
-          "/app-dev/subscribing-to-events-via-websocket",
-          "/app-dev/indexing-transactions",
-          "/app-dev/abci-spec",
-          "/app-dev/ecosystem"
-        ]
+        children:  [
+	  "/tools/",
+	  "/tools/benchmarking",
+	  "/tools/monitoring"
+	]
      },
      {
        title: "Tendermint Spec",
--- a/docs/DOCS_README.md
+++ b/docs/DOCS_README.md
@@ -12,10 +12,10 @@ respectively.

 ## How It Works

-There is a Jenkins job listening for changes in the `/docs` directory, on both
+There is a CircleCI job listening for changes in the `/docs` directory, on both
 the  `master` and `develop` branches. Any updates to files in this directory
 on those branches will automatically trigger a website deployment. Under the hood,
-a private website repository has make targets consumed by a standard Jenkins task.
+the private website repository has a `make build-docs` target consumed by a CircleCI job in that repo.

 ## README

@@ -93,6 +93,10 @@ python -m SimpleHTTPServer 8080

 then navigate to localhost:8080 in your browser.

+## Search
+
+We are using [Algolia](https://www.algolia.com) to power full-text search. This uses a public API search-only key in the `config.js` as well as a [tendermint.json](https://github.com/algolia/docsearch-configs/blob/master/configs/tendermint.json) configuration file that we can update with PRs.
+
 ## Consistency

 Because the build processes are identical (as is the information contained herein), this file should be kept in sync as
--- a/docs/README.md
+++ b/docs/README.md
@@ -21,7 +21,7 @@ For more details on using Tendermint, see the respective documentation for

 ## Contribute

-To contribute to the documentation, see [this file](./DOCS_README.md) for details of the build process and
+To contribute to the documentation, see [this file](https://github.com/tendermint/tendermint/blob/master/docs/DOCS_README.md) for details of the build process and
 considerations when making changes.

 ## Version
--- a/docs/app-dev/abci-cli.md
+++ b/docs/app-dev/abci-cli.md
@@ -11,13 +11,10 @@ Make sure you [have Go installed](https://golang.org/doc/install).
 Next, install the `abci-cli` tool and example applications:

 ```
-go get github.com/tendermint/tendermint
-```
-
-to get vendored dependencies:
-
-```
-cd $GOPATH/src/github.com/tendermint/tendermint
+mkdir -p $GOPATH/src/github.com/tendermint
+cd $GOPATH/src/github.com/tendermint
+git clone https://github.com/tendermint/tendermint.git
+cd tendermint
 make get_tools
 make get_vendor_deps
 make install_abci
--- a/docs/app-dev/app-architecture.md
+++ b/docs/app-dev/app-architecture.md
@@ -5,7 +5,7 @@ Tendermint blockchain application.

 The following diagram provides a superb example:

-<https://drive.google.com/open?id=1yR2XpRi9YCY9H9uMfcw8-RMJpvDyvjz9>
+![](../imgs/cosmos-tendermint-stack-4k.jpg)

 The end-user application here is the Cosmos Voyager, at the bottom left.
 Voyager communicates with a REST API exposed by a local Light-Client
@@ -45,6 +45,6 @@ Tendermint.
 See the following for more extensive documentation:

 - [Interchain Standard for the Light-Client REST API](https://github.com/cosmos/cosmos-sdk/pull/1028)
- [Tendermint RPC Docs](https://tendermint.github.io/slate/)
+- [Tendermint RPC Docs](https://tendermint.com/rpc/)
 - [Tendermint in Production](../tendermint-core/running-in-production.md)
 - [ABCI spec](./abci-spec.md)
--- a/docs/app-dev/ecosystem.json
+++ b/docs/app-dev/ecosystem.json
@@ -63,6 +63,13 @@
      "author": "Zach Balder",
      "description": "Public service reporting and tracking"
    },
+    {
+      "name": "ParadigmCore",
+      "url": "https://github.com/ParadigmFoundation/ParadigmCore",
+      "language": "TypeScript",
+      "author": "Paradigm Labs",
+      "description": "Reference implementation of the Paradigm Protocol, and OrderStream network client."
+    },
    {
      "name": "Passchain",
      "url": "https://github.com/trusch/passchain",
@@ -122,7 +129,7 @@
  ],
  "abciServers": [
    {
-      "name": "abci",
+      "name": "go-abci",
      "url": "https://github.com/tendermint/tendermint/tree/master/abci",
      "language": "Go",
      "author": "Tendermint"
@@ -133,6 +140,12 @@
      "language": "Javascript",
      "author": "Tendermint"
    },
+    {
+      "name": "rust-tsp",
+      "url": "https://github.com/tendermint/rust-tsp",
+      "language": "Rust",
+      "author": "Tendermint"
+    },
    {
      "name": "cpp-tmsp",
      "url": "https://github.com/mdyring/cpp-tmsp",
@@ -164,7 +177,7 @@
      "author": "Dave Bryson"
    },
    {
-      "name": "tm-abci",
+      "name": "tm-abci (fork of py-abci with async IO)",
      "url": "https://github.com/SoftblocksCo/tm-abci",
      "language": "Python",
      "author": "Softblocks"
@@ -176,34 +189,12 @@
      "author": "Dennis McKinnon"
    }
  ],
-  "deploymentTools": [
+  "aminoLibraries": [
    {
-      "name": "mintnet-kubernetes",
-      "url": "https://github.com/tendermint/tools",
-      "technology": "Docker and Kubernetes",
-      "author": "Tendermint",
-      "description": "Deploy a Tendermint test network using Google's kubernetes"
-    },
-    {
-      "name": "terraforce",
-      "url": "https://github.com/tendermint/tools",
-      "technology": "Terraform",
-      "author": "Tendermint",
-      "description": "Terraform + our custom terraforce tool; deploy a production Tendermint network with load balancing over multiple AWS availability zones"
-    },
-    {
-      "name": "ansible-tendermint",
-      "url": "https://github.com/tendermint/tools",
-      "technology": "Ansible",
-      "author": "Tendermint",
-      "description": "Ansible playbooks + Tendermint"
-    },
-    {
-      "name": "brooklyn-tendermint",
-      "url": "https://github.com/cloudsoft/brooklyn-tendermint",
-      "technology": "Clocker for Apache Brooklyn ",
-      "author": "Cloudsoft",
-      "description": "Deploy a tendermint test network in docker containers "
+      "name": "JS-Amino",
+      "url": "https://github.com/TanNgocDo/Js-Amino",
+      "language": "Javascript",
+      "author": "TanNgocDo"
    }
  ]
 }
--- a/docs/app-dev/ecosystem.md
+++ b/docs/app-dev/ecosystem.md
@@ -1,21 +1,9 @@
 # Ecosystem

 The growing list of applications built using various pieces of the
-Tendermint stack can be found at:
+Tendermint stack can be found at the [ecosystem page](https://tendermint.com/ecosystem).

- https://tendermint.com/ecosystem
-
-We thank the community for their contributions thus far and welcome the
+We thank the community for their contributions and welcome the
 addition of new projects. A pull request can be submitted to [this
 file](https://github.com/tendermint/tendermint/blob/master/docs/app-dev/ecosystem.json)
 to include your project.
-
-## Other Tools
-
-See [deploy testnets](./deploy-testnets) for information about all
-the tools built by Tendermint. We have Kubernetes, Ansible, and
-Terraform integrations.
-
-For upgrading from older to newer versions of tendermint and to migrate
-your chain data, see [tm-migrator](https://github.com/hxzqlh/tm-tools)
-written by @hxzqlh.
--- a/docs/app-dev/getting-started.md
+++ b/docs/app-dev/getting-started.md
@@ -252,14 +252,12 @@ we'll run a Javascript version of the `counter`. To run it, you'll need
 to [install node](https://nodejs.org/en/download/).

 You'll also need to fetch the relevant repository, from
-[here](https://github.com/tendermint/js-abci) then install it. As go
-devs, we keep all our code under the `$GOPATH`, so run:
+[here](https://github.com/tendermint/js-abci), then install it:

 ```
-go get github.com/tendermint/js-abci &> /dev/null
-cd $GOPATH/src/github.com/tendermint/js-abci/example
-npm install
-cd ..
+git clone https://github.com/tendermint/js-abci.git
+cd js-abci
+npm install abci
 ```

 Kill the previous `counter` and `tendermint` processes. Now run the app:
@@ -276,13 +274,16 @@ tendermint node
 ```

 Once again, you should see blocks streaming by - but now, our
-application is written in javascript! Try sending some transactions, and
+application is written in Javascript! Try sending some transactions, and
 like before - the results should be the same:

 ```
-curl localhost:26657/broadcast_tx_commit?tx=0x00 # ok
-curl localhost:26657/broadcast_tx_commit?tx=0x05 # invalid nonce
-curl localhost:26657/broadcast_tx_commit?tx=0x01 # ok
+# ok
+curl localhost:26657/broadcast_tx_commit?tx=0x00
+# invalid nonce
+curl localhost:26657/broadcast_tx_commit?tx=0x05
+# ok
+curl localhost:26657/broadcast_tx_commit?tx=0x01
 ```

 Neat, eh?
--- a/docs/app-dev/indexing-transactions.md
+++ b/docs/app-dev/indexing-transactions.md
@@ -78,7 +78,7 @@ endpoint:
 curl "localhost:26657/tx_search?query=\"account.name='igor'\"&prove=true"
 ```

-Check out [API docs](https://tendermint.github.io/slate/?shell#txsearch)
+Check out [API docs](https://tendermint.com/rpc/#txsearch)
 for more information on query syntax and other options.

 ## Subscribing to transactions
@@ -97,5 +97,5 @@ by providing a query to `/subscribe` RPC endpoint.
 }
 ```

-Check out [API docs](https://tendermint.github.io/slate/#subscribe) for
+Check out [API docs](https://tendermint.com/rpc/#subscribe) for
 more information on query syntax and other options.
--- a/docs/app-dev/subscribing-to-events-via-websocket.md
+++ b/docs/app-dev/subscribing-to-events-via-websocket.md
@@ -54,7 +54,7 @@ Response:
                    "value": "ww0z4WaZ0Xg+YI10w43wTWbBmM3dpVza4mmSQYsd0ck="
                  },
                  "voting_power": "10",
-                  "accum": "0"
+                  "proposer_priority": "0"
                }
              ]
            }
--- a/docs/architecture/adr-008-priv-validator.md
+++ b/docs/architecture/adr-008-priv-validator.md
@@ -5,14 +5,17 @@ implementations:

 - FilePV uses an unencrypted private key in a "priv_validator.json" file - no
  configuration required (just `tendermint init`).
- SocketPV uses a socket to send signing requests to another process - user is
-  responsible for starting that process themselves.
+- TCPVal and IPCVal use TCP and Unix sockets respectively to send signing requests
+  to another process - the user is responsible for starting that process themselves.

-The SocketPV address can be provided via flags at the command line - doing so
-will cause Tendermint to ignore any "priv_validator.json" file and to listen on
-the given address for incoming connections from an external priv_validator
-process. It will halt any operation until at least one external process
-succesfully connected.
+Both TCPVal and IPCVal addresses can be provided via flags at the command line
+or in the configuration file; TCPVal addresses must be of the form
+`tcp://<ip_address>:<port>` and IPCVal addresses `unix:///path/to/file.sock` -
+doing so will cause Tendermint to ignore any private validator files.
+
+TCPVal will listen on the given address for incoming connections from an external
+private validator process. It will halt any operation until at least one external
+process successfully connected.

 The external priv_validator process will dial the address to connect to
 Tendermint, and then Tendermint will send requests on the ensuing connection to
@@ -21,6 +24,9 @@ but the Tendermint process makes all requests. In a later stage we're going to
 support multiple validators for fault tolerance. To prevent double signing they
 need to be synced, which is deferred to an external solution (see #1185).

+Conversely, IPCVal will make an outbound connection to an existing socket opened
+by the external validator process.
+
 In addition, Tendermint will provide implementations that can be run in that
 external process. These include:

--- a/docs/architecture/adr-020-block-size.md
+++ b/docs/architecture/adr-020-block-size.md
@@ -7,6 +7,7 @@
 28-08-2018: Third version after Ethan's comments
 30-08-2018: AminoOverheadForBlock => MaxAminoOverheadForBlock
 31-08-2018: Bounding evidence and chain ID
+13-01-2019: Add section on MaxBytes vs MaxDataBytes

 ## Context

@@ -20,6 +21,32 @@ We should just remove MaxTxs all together and stick with MaxBytes, and have a
 But we can't just reap BlockSize.MaxBytes, since MaxBytes is for the entire block,
 not for the txs inside the block. There's extra amino overhead + the actual
 headers on top of the actual transactions + evidence + last commit.
+We could also consider using a MaxDataBytes instead of or in addition to MaxBytes.
+
+## MaxBytes vs MaxDataBytes
+
+The [PR #3045](https://github.com/tendermint/tendermint/pull/3045) suggested
+additional clarity/justification was necessary here, wither respect to the use
+of MaxDataBytes in addition to, or instead of, MaxBytes.
+
+MaxBytes provides a clear limit on the total size of a block that requires no
+additional calculation if you want to use it to bound resource usage, and there
+has been considerable discussions about optimizing tendermint around 1MB blocks.
+Regardless, we need some maximum on the size of a block so we can avoid
+unmarshalling blocks that are too big during the consensus, and it seems more
+straightforward to provide a single fixed number for this rather than a
+computation of "MaxDataBytes + everything else you need to make room for
+(signatures, evidence, header)". MaxBytes provides a simple bound so we can
+always say "blocks are less than X MB".
+
+Having both MaxBytes and MaxDataBytes feels like unnecessary complexity. It's
+not particularly surprising for MaxBytes to imply the maximum size of the
+entire block (not just txs), one just has to know that a block includes header,
+txs, evidence, votes. For more fine grained control over the txs included in the
+block, there is the MaxGas. In practice, the MaxGas may be expected to do most of
+the tx throttling, and the MaxBytes to just serve as an upper bound on the total
+size. Applications can use MaxGas as a MaxDataBytes by just taking the gas for
+every tx to be its size in bytes.

 ## Proposed solution

@@ -61,7 +88,7 @@ MaxXXX stayed the same.

 ## Status

-Proposed.
+Accepted.

 ## Consequences

--- a/docs/architecture/adr-030-consensus-refactor.md
+++ b/docs/architecture/adr-030-consensus-refactor.md
@@ -126,6 +126,312 @@ func TestConsensusXXX(t *testing.T) {
 }
 ```

+
+## Consensus Executor
+
+## Consensus Core
+
+```go
+type Event interface{}
+
+type EventNewHeight struct {
+    Height           int64
+    ValidatorId      int
+}
+
+type EventNewRound HeightAndRound
+
+type EventProposal struct {
+    Height           int64
+    Round            int
+    Timestamp        Time
+    BlockID          BlockID
+    POLRound         int
+    Sender           int   
+}
+
+type Majority23PrevotesBlock struct {
+    Height           int64
+    Round            int
+    BlockID          BlockID
+}
+
+type Majority23PrecommitBlock struct {
+    Height           int64
+    Round            int
+    BlockID          BlockID
+}
+
+type HeightAndRound struct {
+    Height           int64
+    Round            int
+}
+
+type Majority23PrevotesAny HeightAndRound
+type Majority23PrecommitAny HeightAndRound
+type TimeoutPropose HeightAndRound
+type TimeoutPrevotes HeightAndRound
+type TimeoutPrecommit HeightAndRound
+
+
+type Message interface{}
+
+type MessageProposal struct {
+    Height           int64
+    Round            int
+    BlockID          BlockID
+    POLRound         int
+}
+
+type VoteType int
+
+const (
+	VoteTypeUnknown VoteType = iota
+	Prevote
+	Precommit
+)
+
+
+type MessageVote struct {
+    Height           int64
+    Round            int
+    BlockID          BlockID
+    Type             VoteType
+}
+
+
+type MessageDecision struct {
+    Height           int64
+    Round            int
+    BlockID          BlockID
+}
+
+type TriggerTimeout struct {
+    Height           int64
+    Round            int
+    Duration         Duration
+}
+
+
+type RoundStep int
+
+const (
+	RoundStepUnknown RoundStep = iota
+	RoundStepPropose       
+	RoundStepPrevote
+	RoundStepPrecommit
+	RoundStepCommit
+)
+
+type State struct {
+	Height           int64
+	Round            int
+	Step             RoundStep
+	LockedValue      BlockID
+	LockedRound      int
+	ValidValue       BlockID
+	ValidRound       int
+	ValidatorId      int
+	ValidatorSetSize int
+}
+
+func proposer(height int64, round int) int {}
+func getValue() BlockID {}
+
+func Consensus(event Event, state State) (State, Message, TriggerTimeout) {
+    msg = nil
+    timeout = nil
+	switch event := event.(type) {
+    	case EventNewHeight:
+    		if event.Height > state.Height {
+    		    state.Height = event.Height
+    		    state.Round = -1
+    		    state.Step = RoundStepPropose
+    		    state.LockedValue = nil
+    		    state.LockedRound = -1
+    		    state.ValidValue = nil
+    		    state.ValidRound = -1
+    		    state.ValidatorId = event.ValidatorId
+    		} 
+    	    return state, msg, timeout
+    	
+    	case EventNewRound:
+    		if event.Height == state.Height and event.Round > state.Round {
+               state.Round = eventRound
+               state.Step = RoundStepPropose
+               if proposer(state.Height, state.Round) == state.ValidatorId {
+                   proposal = state.ValidValue
+                   if proposal == nil {
+                   	    proposal = getValue()
+                   }
+                   msg =  MessageProposal { state.Height, state.Round, proposal, state.ValidRound }
+               }
+               timeout = TriggerTimeout { state.Height, state.Round, timeoutPropose(state.Round) }
+            }
+    	    return state, msg, timeout
+    	
+    	case EventProposal:
+    		if event.Height == state.Height and event.Round == state.Round and 
+    	       event.Sender == proposal(state.Height, state.Round) and state.Step == RoundStepPropose { 
+    	       	if event.POLRound >= state.LockedRound or event.BlockID == state.BlockID or state.LockedRound == -1 {
+    	       		msg = MessageVote { state.Height, state.Round, event.BlockID, Prevote }
+    	       	}
+    	       	state.Step = RoundStepPrevote
+            }
+    	    return state, msg, timeout
+    	
+    	case TimeoutPropose:
+    		if event.Height == state.Height and event.Round == state.Round and state.Step == RoundStepPropose {
+    		    msg = MessageVote { state.Height, state.Round, nil, Prevote }
+    			state.Step = RoundStepPrevote
+            }
+    	    return state, msg, timeout
+    	
+    	case Majority23PrevotesBlock:
+    		if event.Height == state.Height and event.Round == state.Round and state.Step >= RoundStepPrevote and event.Round > state.ValidRound {
+    		    state.ValidRound = event.Round
+    		    state.ValidValue = event.BlockID
+    		    if state.Step == RoundStepPrevote {
+    		    	state.LockedRound = event.Round
+    		    	state.LockedValue = event.BlockID
+    		    	msg = MessageVote { state.Height, state.Round, event.BlockID, Precommit }
+    		    	state.Step = RoundStepPrecommit
+    		    }
+            }
+    	    return state, msg, timeout
+    	
+    	case Majority23PrevotesAny:
+    		if event.Height == state.Height and event.Round == state.Round and state.Step == RoundStepPrevote {
+    			timeout = TriggerTimeout { state.Height, state.Round, timeoutPrevote(state.Round) }
+    		}
+    	    return state, msg, timeout
+    	
+    	case TimeoutPrevote:
+    		if event.Height == state.Height and event.Round == state.Round and state.Step == RoundStepPrevote {
+    			msg = MessageVote { state.Height, state.Round, nil, Precommit }
+    			state.Step = RoundStepPrecommit
+    		}
+    	    return state, msg, timeout
+    	
+    	case Majority23PrecommitBlock:
+    		if event.Height == state.Height {
+    		    state.Step = RoundStepCommit
+    		    state.LockedValue = event.BlockID
+    		}
+    	    return state, msg, timeout
+    		
+    	case Majority23PrecommitAny:
+    		if event.Height == state.Height and event.Round == state.Round {
+    			timeout = TriggerTimeout { state.Height, state.Round, timeoutPrecommit(state.Round) }
+    		}
+    	    return state, msg, timeout
+    	
+    	case TimeoutPrecommit:
+            if event.Height == state.Height and event.Round == state.Round {
+            	state.Round = state.Round + 1
+            }
+    	    return state, msg, timeout
+	}
+}	
+
+func ConsensusExecutor() {
+	proposal = nil
+	votes = HeightVoteSet { Height: 1 }
+	state = State {
+		Height:       1
+		Round:        0          
+		Step:         RoundStepPropose
+		LockedValue:  nil
+		LockedRound:  -1
+		ValidValue:   nil
+		ValidRound:   -1
+	}
+	
+	event = EventNewHeight {1, id}
+	state, msg, timeout = Consensus(event, state)
+	
+	event = EventNewRound {state.Height, 0}
+	state, msg, timeout = Consensus(event, state)
+	
+	if msg != nil {
+		send msg
+	}
+	
+	if timeout != nil {
+		trigger timeout
+	}
+	
+	for {
+		select {
+		    case message := <- msgCh:
+		    	switch msg := message.(type) {
+		    	    case MessageProposal:
+		    	        
+		    	    case MessageVote:	
+		    	    	if msg.Height == state.Height {
+		    	    		newVote = votes.AddVote(msg)
+		    	    		if newVote {
+		    	    			switch msg.Type {
+                                	case Prevote:
+                                		prevotes = votes.Prevotes(msg.Round)
+                                		if prevotes.WeakCertificate() and msg.Round > state.Round {
+                                			event = EventNewRound { msg.Height, msg.Round }
+                                			state, msg, timeout = Consensus(event, state)
+                                			state = handleStateChange(state, msg, timeout)
+                                		}	
+                                		
+                                		if blockID, ok = prevotes.TwoThirdsMajority(); ok and blockID != nil {
+                                		    if msg.Round == state.Round and hasBlock(blockID) {
+                                		    	event = Majority23PrevotesBlock { msg.Height, msg.Round, blockID }
+                                		    	state, msg, timeout = Consensus(event, state)
+                                		    	state = handleStateChange(state, msg, timeout)
+                                		    } 
+                                		    if proposal != nil and proposal.POLRound == msg.Round and hasBlock(blockID) {
+                                		        event = EventProposal {
+                                                        Height: state.Height
+                                                        Round:  state.Round
+                                                        BlockID: blockID
+                                                        POLRound: proposal.POLRound
+                                                        Sender: message.Sender
+                                		        }
+                                		        state, msg, timeout = Consensus(event, state)
+                                		        state = handleStateChange(state, msg, timeout)
+                                		    }
+                                		}
+                                		
+                                		if prevotes.HasTwoThirdsAny() and msg.Round == state.Round {
+                                			event = Majority23PrevotesAny { msg.Height, msg.Round, blockID }
+                                			state, msg, timeout = Consensus(event, state)
+                                            state = handleStateChange(state, msg, timeout)
+                                		}
+                                		
+                                	case Precommit:	
+                                		
+		    	    		    }
+		    	    	    }
+		    	        }
+		    case timeout := <- timeoutCh:
+		    
+		    case block := <- blockCh:	
+		    	
+		}
+	}
+}
+	
+func handleStateChange(state, msg, timeout) State {
+	if state.Step == Commit {
+		state = ExecuteBlock(state.LockedValue)
+	}	
+	if msg != nil {
+		send msg
+	}	
+	if timeout != nil {
+		trigger timeout
+	}	
+}
+
+```
+
 ### Implementation roadmap

 * implement proposed implementation
--- a/docs/architecture/adr-034-priv-validator-file-structure.md
+++ b/docs/architecture/adr-034-priv-validator-file-structure.md
@@ -0,0 +1,72 @@
+# ADR 034: PrivValidator file structure
+
+## Changelog
+
+03-11-2018: Initial Draft
+
+## Context
+
+For now, the PrivValidator file `priv_validator.json` contains mutable and immutable parts. 
+Even in an insecure mode which does not encrypt private key on disk, it is reasonable to separate 
+the mutable part and immutable part.
+
+References:
+[#1181](https://github.com/tendermint/tendermint/issues/1181)
+[#2657](https://github.com/tendermint/tendermint/issues/2657)
+[#2313](https://github.com/tendermint/tendermint/issues/2313)
+
+## Proposed Solution
+
+We can split mutable and immutable parts with two structs:
+```go
+// FilePVKey stores the immutable part of PrivValidator
+type FilePVKey struct {
+	Address types.Address  `json:"address"`
+	PubKey  crypto.PubKey  `json:"pub_key"`
+	PrivKey crypto.PrivKey `json:"priv_key"`
+
+	filePath string
+}
+
+// FilePVState stores the mutable part of PrivValidator
+type FilePVLastSignState struct {
+	Height    int64        `json:"height"`
+	Round     int          `json:"round"`
+	Step      int8         `json:"step"`
+	Signature []byte       `json:"signature,omitempty"`
+	SignBytes cmn.HexBytes `json:"signbytes,omitempty"`
+
+	filePath string
+	mtx      sync.Mutex
+}
+```
+
+Then we can combine `FilePVKey` with `FilePVLastSignState` and will get the original `FilePV`.
+
+```go
+type FilePV struct {
+	Key           FilePVKey
+	LastSignState FilePVLastSignState
+}
+```
+
+As discussed, `FilePV` should be located in `config`, and `FilePVLastSignState` should be stored in `data`. The 
+store path of each file should be specified in `config.yml`.
+
+What we need to do next is changing the methods of `FilePV`.
+
+## Status
+
+Draft.
+
+## Consequences
+
+### Positive
+
+- separate the mutable and immutable of PrivValidator
+
+### Negative
+
+- need to add more config for file path
+
+### Neutral
--- a/docs/architecture/adr-035-documentation.md
+++ b/docs/architecture/adr-035-documentation.md
@@ -0,0 +1,40 @@
+# ADR 035: Documentation
+
+Author: @zramsay (Zach Ramsay)
+
+## Changelog
+
+###  November 2nd 2018
+
+- initial write-up
+
+## Context
+
+The Tendermint documentation has undergone several changes until settling on the current model. Originally, the documentation was hosted on the website and had to be updated asynchronously from the code. Along with the other repositories requiring documentation, the whole stack moved to using Read The Docs to automatically generate, publish, and host the documentation. This, however, was insufficient; the RTD site had advertisement, it wasn't easily accessible to devs, didn't collect metrics, was another set of external links, etc.
+
+## Decision
+
+For two reasons, the decision was made to use VuePress:
+
+1) ability to get metrics (implemented on both Tendermint and SDK)
+2) host the documentation on the website as a `/docs` endpoint.
+
+This is done while maintaining synchrony between the docs and code, i.e., the website is built whenever the docs are updated.
+
+## Status
+
+The two points above have been implemented; the `config.js` has a Google Analytics identifier and the documentation workflow has been up and running largely without problems for several months. Details about the documentation build & workflow can be found [here](../DOCS_README.md)
+
+## Consequences
+
+Because of the organizational seperation between Tendermint & Cosmos, there is a challenge of "what goes where" for certain aspects of documentation.
+
+### Positive
+
+This architecture is largely positive relative to prior docs arrangements.
+
+### Negative
+
+A significant portion of the docs automation / build process is in private repos with limited access/visibility to devs. However, these tasks are handled by the SRE team.
+
+### Neutral
--- a/docs/architecture/adr-template.md
+++ b/docs/architecture/adr-template.md
@@ -1,19 +1,36 @@
-# ADR 000: Template for an ADR
-
-Author:
+# ADR {ADR-NUMBER}: {TITLE}

 ## Changelog
+* {date}: {changelog}

 ## Context

+> This section contains all the context one needs to understand the current state, and why there is a problem. It should be as succinct as possible and introduce the high level idea behind the solution. 
 ## Decision

+> This section explains all of the details of the proposed solution, including implementation details.
+It should also describe affects / corollary items that may need to be changed as a part of this.
+If the proposed change will be large, please also indicate a way to do the change to maximize ease of review.
+(e.g. the optimal split of things to do between separate PR's)
+
 ## Status

+> A decision may be "proposed" if it hasn't been agreed upon yet, or "accepted" once it is agreed upon. If a later ADR changes or reverses a decision, it may be marked as "deprecated" or "superseded" with a reference to its replacement.
+
+{Deprecated|Proposed|Accepted}
+
 ## Consequences

+> This section describes the consequences, after applying the decision. All consequences should be summarized here, not just the "positive" ones.
+
 ### Positive

 ### Negative

 ### Neutral
+
+## References
+
+> Are there any relevant PR comments, issues that led up to this, or articles referrenced for why we made the given design choice? If so link them here!
+
+* {reference link}
--- a/docs/imgs/cosmos-tendermint-stack-4k.jpg
+++ b/docs/imgs/cosmos-tendermint-stack-4k.jpg
--- a/docs/introduction/install.md
+++ b/docs/introduction/install.md
@@ -79,11 +79,9 @@ make install

 Install [LevelDB](https://github.com/google/leveldb) (minimum version is 1.7).

-Build Tendermint with C libraries: `make build_c`.
-
 ### Ubuntu

-Install LevelDB with snappy:
+Install LevelDB with snappy (optionally):

 ```
 sudo apt-get update
@@ -95,9 +93,9 @@ wget https://github.com/google/leveldb/archive/v1.20.tar.gz && \
  tar -zxvf v1.20.tar.gz && \
  cd leveldb-1.20/ && \
  make && \
-  cp -r out-static/lib* out-shared/lib* /usr/local/lib/ && \
+  sudo cp -r out-static/lib* out-shared/lib* /usr/local/lib/ && \
  cd include/ && \
-  cp -r leveldb /usr/local/include/ && \
+  sudo cp -r leveldb /usr/local/include/ && \
  sudo ldconfig && \
  rm -f v1.20.tar.gz
 ```
@@ -109,8 +107,16 @@ Set database backend to cleveldb:
 db_backend = "cleveldb"
 ```

-To build Tendermint, run
+To install Tendermint, run

 ```
-CGO_LDFLAGS="-lsnappy" go build -ldflags "-X github.com/tendermint/tendermint/version.GitCommit=`git rev-parse --short=8 HEAD`" -tags "tendermint gcc" -o build/tendermint ./cmd/tendermint/
+CGO_LDFLAGS="-lsnappy" make install_c
 ```
+
+or run
+
+```
+CGO_LDFLAGS="-lsnappy" make build_c
+```
+
+to put the binary in `./build`.
--- a/docs/introduction/quick-start.md
+++ b/docs/introduction/quick-start.md
@@ -40,7 +40,11 @@ These files are found in `$HOME/.tendermint`:
 ```
 $ ls $HOME/.tendermint

-config.toml  data  genesis.json  priv_validator.json
+config  data
+
+$ ls $HOME/.tendermint/config/
+
+config.toml  genesis.json  node_key.json  priv_validator.json
 ```

 For a single, local node, no further configuration is required.
@@ -110,7 +114,18 @@ source ~/.profile

 This will install `go` and other dependencies, get the Tendermint source code, then compile the `tendermint` binary.

-Next, use the `tendermint testnet` command to create four directories of config files (found in `./mytestnet`) and copy each directory to the relevant machine in the cloud, so that each machine has `$HOME/mytestnet/node[0-3]` directory. Then from each machine, run:
+Next, use the `tendermint testnet` command to create four directories of config files (found in `./mytestnet`) and copy each directory to the relevant machine in the cloud, so that each machine has `$HOME/mytestnet/node[0-3]` directory.
+
+Before you can start the network, you'll need peers identifiers (IPs are not enough and can change). We'll refer to them as ID1, ID2, ID3, ID4.
+
+```
+tendermint show_node_id --home ./mytestnet/node0
+tendermint show_node_id --home ./mytestnet/node1
+tendermint show_node_id --home ./mytestnet/node2
+tendermint show_node_id --home ./mytestnet/node3
+```
+
+Finally, from each machine, run:

 ```
 tendermint node --home ./mytestnet/node0 --proxy_app=kvstore --p2p.persistent_peers="ID1@IP1:26656,ID2@IP2:26656,ID3@IP3:26656,ID4@IP4:26656"
@@ -121,6 +136,6 @@ tendermint node --home ./mytestnet/node3 --proxy_app=kvstore --p2p.persistent_pe

 Note that after the third node is started, blocks will start to stream in
 because >2/3 of validators (defined in the `genesis.json`) have come online.
-Seeds can also be specified in the `config.toml`. See [here](../tendermint-core/configuration.md) for more information about configuration options.
+Persistent peers can also be specified in the `config.toml`. See [here](../tendermint-core/configuration.md) for more information about configuration options.

 Transactions can then be sent as covered in the single, local node example above.
--- a/docs/introduction/what-is-tendermint.md
+++ b/docs/introduction/what-is-tendermint.md
@@ -70,10 +70,6 @@ Tendermint is in essence similar software, but with two key differences:
  the application logic that's right for them, from key-value store to
  cryptocurrency to e-voting platform and beyond.

-The layout of this Tendermint website content is also ripped directly
-and without shame from [consul.io](https://www.consul.io/) and the other
-[Hashicorp sites](https://www.hashicorp.com/#tools).
-
 ### Bitcoin, Ethereum, etc.

 Tendermint emerged in the tradition of cryptocurrencies like Bitcoin,
--- a/docs/networks/docker-compose.md
+++ b/docs/networks/docker-compose.md
@@ -1,20 +1,17 @@
 # Docker Compose

-With Docker Compose, we can spin up local testnets in a single command:
-
-```
-make localnet-start
-```
+With Docker Compose, you can spin up local testnets with a single command.

 ## Requirements

- [Install tendermint](/docs/install.md)
- [Install docker](https://docs.docker.com/engine/installation/)
- [Install docker-compose](https://docs.docker.com/compose/install/)
+1. [Install tendermint](/docs/introduction/install.md)
+2. [Install docker](https://docs.docker.com/engine/installation/)
+3. [Install docker-compose](https://docs.docker.com/compose/install/)

 ## Build

-Build the `tendermint` binary and the `tendermint/localnode` docker image.
+Build the `tendermint` binary and, optionally, the `tendermint/localnode`
+docker image.

 Note the binary will be mounted into the container so it can be updated without
 rebuilding the image.
@@ -25,11 +22,10 @@ cd $GOPATH/src/github.com/tendermint/tendermint
 # Build the linux binary in ./build
 make build-linux

-# Build tendermint/localnode image
+# (optionally) Build tendermint/localnode image
 make build-docker-localnode
 ```

-
 ## Run a testnet

 To start a 4 node testnet run:
@@ -38,9 +34,13 @@ To start a 4 node testnet run:
 make localnet-start
 ```

-The nodes bind their RPC servers to ports 26657, 26660, 26662, and 26664 on the host.
+The nodes bind their RPC servers to ports 26657, 26660, 26662, and 26664 on the
+host.
+
 This file creates a 4-node network using the localnode image.
-The nodes of the network expose their P2P and RPC endpoints to the host machine on ports 26656-26657, 26659-26660, 26661-26662, and 26663-26664 respectively.
+
+The nodes of the network expose their P2P and RPC endpoints to the host machine
+on ports 26656-26657, 26659-26660, 26661-26662, and 26663-26664 respectively.

 To update the binary, just rebuild it and restart the nodes:

@@ -52,34 +52,40 @@ make localnet-start

 ## Configuration

-The `make localnet-start` creates files for a 4-node testnet in `./build` by calling the `tendermint testnet` command.
+The `make localnet-start` creates files for a 4-node testnet in `./build` by
+calling the `tendermint testnet` command.

-The `./build` directory is mounted to the `/tendermint` mount point to attach the binary and config files to the container.
+The `./build` directory is mounted to the `/tendermint` mount point to attach
+the binary and config files to the container.

-For instance, to create a single node testnet:
+To change the number of validators / non-validators change the `localnet-start` Makefile target:
+
+```
+localnet-start: localnet-stop
+	@if ! [ -f build/node0/config/genesis.json ]; then docker run --rm -v $(CURDIR)/build:/tendermint:Z tendermint/localnode testnet --v 5 --n 3 --o . --populate-persistent-peers --starting-ip-address 192.167.10.2 ; fi
+	docker-compose up
+```
+
+The command now will generate config files for 5 validators and 3
+non-validators network.
+
+Before running it, don't forget to cleanup the old files:

 ```
 cd $GOPATH/src/github.com/tendermint/tendermint

 # Clear the build folder
-rm -rf ./build
-
-# Build binary
-make build-linux
-
-# Create configuration
-docker run -e LOG="stdout" -v `pwd`/build:/tendermint tendermint/localnode testnet --o . --v 1
-
-#Run the node
-docker run -v `pwd`/build:/tendermint tendermint/localnode
-
+rm -rf ./build/node*
 ```

 ## Logging

-Log is saved under the attached volume, in the `tendermint.log` file. If the `LOG` environment variable is set to `stdout` at start, the log is not saved, but printed on the screen.
+Log is saved under the attached volume, in the `tendermint.log` file. If the
+`LOG` environment variable is set to `stdout` at start, the log is not saved,
+but printed on the screen.

 ## Special binaries

-If you have multiple binaries with different names, you can specify which one to run with the BINARY environment variable. The path of the binary is relative to the attached volume.
-
+If you have multiple binaries with different names, you can specify which one
+to run with the `BINARY` environment variable. The path of the binary is relative
+to the attached volume.
--- a/docs/package-lock.json
+++ b/docs/package-lock.json
--- a/docs/package.json
+++ b/docs/package.json
@@ -1,40 +0,0 @@
-{
-  "dependencies": {
-    "prettier": "^1.13.7",
-    "remark-cli": "^5.0.0",
-    "remark-lint-no-dead-urls": "^0.3.0",
-    "remark-lint-write-good": "^1.0.3",
-    "textlint": "^10.2.1",
-    "textlint-rule-stop-words": "^1.0.3"
-  },
-  "name": "tendermint",
-  "description": "Tendermint Core Documentation",
-  "version": "0.0.1",
-  "main": "README.md",
-  "devDependencies": {},
-  "scripts": {
-    "lint:json": "prettier \"**/*.json\" --write",
-    "lint:md": "prettier \"**/*.md\" --write && remark . && textlint \"md/**\"",
-    "lint": "yarn lint:json && yarn lint:md"
-  },
-  "repository": {
-    "type": "git",
-    "url": "git+https://github.com/tendermint/tendermint.git"
-  },
-  "keywords": [
-    "tendermint",
-    "blockchain"
-  ],
-  "author": "Tendermint",
-  "license": "ISC",
-  "bugs": {
-    "url": "https://github.com/tendermint/tendermint/issues"
-  },
-  "homepage": "https://tendermint.com/docs/",
-  "remarkConfig": {
-    "plugins": [
-      "remark-lint-no-dead-urls",
-      "remark-lint-write-good"
-    ]
-  }
-}
--- a/docs/spec/README.md
+++ b/docs/spec/README.md
@@ -14,31 +14,31 @@ please submit them to our [bug bounty](https://tendermint.com/security)!

 ### Data Structures

- [Encoding and Digests](https://github.com/tendermint/tendermint/blob/master/docs/spec/blockchain/encoding.md)
- [Blockchain](https://github.com/tendermint/tendermint/blob/master/docs/spec/blockchain/blockchain.md)
- [State](https://github.com/tendermint/tendermint/blob/master/docs/spec/blockchain/state.md)
+- [Encoding and Digests](./blockchain/encoding.md)
+- [Blockchain](./blockchain/blockchain.md)
+- [State](./blockchain/state.md)

 ### Consensus Protocol

- [Consensus Algorithm](/docs/spec/consensus/consensus.md)
- [Creating a proposal](/docs/spec/consensus/creating-proposal.md)
- [Time](/docs/spec/consensus/bft-time.md)
- [Light-Client](/docs/spec/consensus/light-client.md)
+- [Consensus Algorithm](./consensus/consensus.md)
+- [Creating a proposal](./consensus/creating-proposal.md)
+- [Time](./consensus/bft-time.md)
+- [Light-Client](./consensus/light-client.md)

 ### P2P and Network Protocols

- [The Base P2P Layer](https://github.com/tendermint/tendermint/tree/master/docs/spec/p2p): multiplex the protocols ("reactors") on authenticated and encrypted TCP connections
- [Peer Exchange (PEX)](https://github.com/tendermint/tendermint/tree/master/docs/spec/reactors/pex): gossip known peer addresses so peers can find each other
- [Block Sync](https://github.com/tendermint/tendermint/tree/master/docs/spec/reactors/block_sync): gossip blocks so peers can catch up quickly
- [Consensus](https://github.com/tendermint/tendermint/tree/master/docs/spec/reactors/consensus): gossip votes and block parts so new blocks can be committed
- [Mempool](https://github.com/tendermint/tendermint/tree/master/docs/spec/reactors/mempool): gossip transactions so they get included in blocks
- Evidence: Forthcoming, see [this issue](https://github.com/tendermint/tendermint/issues/2329).
+- [The Base P2P Layer](./p2p/): multiplex the protocols ("reactors") on authenticated and encrypted TCP connections
+- [Peer Exchange (PEX)](./reactors/pex/): gossip known peer addresses so peers can find each other
+- [Block Sync](./reactors/block_sync/): gossip blocks so peers can catch up quickly
+- [Consensus](./reactors/consensus/): gossip votes and block parts so new blocks can be committed
+- [Mempool](./reactors/mempool/): gossip transactions so they get included in blocks
+- [Evidence](./reactors/evidence/): sending invalid evidence will stop the peer

 ### Software

- [ABCI](/docs/spec/software/abci.md): Details about interactions between the
+- [ABCI](./software/abci.md): Details about interactions between the
  application and consensus engine over ABCI
- [Write-Ahead Log](/docs/spec/software/wal.md): Details about how the consensus
+- [Write-Ahead Log](./software/wal.md): Details about how the consensus
  engine preserves data and recovers from crash failures

 ## Overview
--- a/docs/spec/abci/abci.md
+++ b/docs/spec/abci/abci.md
@@ -45,7 +45,9 @@ include a `Tags` field in their `Response*`. Each tag is key-value pair denoting
 something about what happened during the methods execution.

 Tags can be used to index transactions and blocks according to what happened
-during their execution.
+during their execution. Note that the set of tags returned for a block from
+`BeginBlock` and `EndBlock` are merged. In case both methods return the same
+tag, only the value defined in `EndBlock` is used.

 Keys and values in tags must be UTF-8 encoded strings (e.g.
 "account.owner": "Bob", "balance": "100.0",
--- a/docs/spec/abci/apps.md
+++ b/docs/spec/abci/apps.md
@@ -166,6 +166,11 @@ the tags will be hashed into the next block header.
 The application may set the validator set during InitChain, and update it during
 EndBlock.

+Note that the maximum total power of the validator set is bounded by
+`MaxTotalVotingPower = MaxInt64 / 8`. Applications are responsible for ensuring
+they do not make changes to the validator set that cause it to exceed this
+limit.
+
 ### InitChain

 ResponseInitChain can return a list of validators.
@@ -206,6 +211,7 @@ following rules:
  - if the validator does not already exist, it will be added to the validator
    set with the given power
  - if the validator does already exist, its power will be adjusted to the given power
+- the total power of the new validator set must not exceed MaxTotalVotingPower

 Note the updates returned in block `H` will only take effect at block `H+2`.

@@ -407,21 +413,22 @@ If `storeBlockHeight == stateBlockHeight && appBlockHeight < storeBlockHeight`,
 replay all blocks in full from `appBlockHeight` to `storeBlockHeight`.
 This happens if we completed processing the block, but the app forgot its height.

-If `storeBlockHeight == stateBlockHeight && appBlockHeight == storeBlockHeight`, we're done
+If `storeBlockHeight == stateBlockHeight && appBlockHeight == storeBlockHeight`, we're done.
 This happens if we crashed at an opportune spot.

 If `storeBlockHeight == stateBlockHeight+1`
 This happens if we started processing the block but didn't finish.

-    If `appBlockHeight < stateBlockHeight`
-    	replay all blocks in full from `appBlockHeight` to `storeBlockHeight-1`,
-    	and replay the block at `storeBlockHeight` using the WAL.
-    This happens if the app forgot the last block it committed.
+If `appBlockHeight < stateBlockHeight`
+    replay all blocks in full from `appBlockHeight` to `storeBlockHeight-1`,
+    and replay the block at `storeBlockHeight` using the WAL.
+This happens if the app forgot the last block it committed.

-    If `appBlockHeight == stateBlockHeight`,
-    	replay the last block (storeBlockHeight) in full.
-    This happens if we crashed before the app finished Commit
+If `appBlockHeight == stateBlockHeight`,
+    replay the last block (storeBlockHeight) in full.
+This happens if we crashed before the app finished Commit
+
+If `appBlockHeight == storeBlockHeight`
+    update the state using the saved ABCI responses but dont run the block against the real app.
+This happens if we crashed after the app finished Commit but before Tendermint saved the state.

-    If appBlockHeight == storeBlockHeight {
-    	update the state using the saved ABCI responses but dont run the block against the real app.
-    This happens if we crashed after the app finished Commit but before Tendermint saved the state.
--- a/docs/spec/blockchain/blockchain.md
+++ b/docs/spec/blockchain/blockchain.md
@@ -51,7 +51,7 @@ type Header struct {

 	// hashes of block data
 	LastCommitHash []byte // commit from validators from the last block
-	DataHash       []byte // Merkle root of transactions
+	DataHash       []byte // MerkleRoot of transaction hashes

 	// hashes from the app output from the prev block
 	ValidatorsHash     []byte // validators for the current block
@@ -83,25 +83,27 @@ type Version struct {
 ## BlockID

 The `BlockID` contains two distinct Merkle roots of the block.
-The first, used as the block's main hash, is the Merkle root
-of all the fields in the header. The second, used for secure gossipping of
-the block during consensus, is the Merkle root of the complete serialized block
-cut into parts. The `BlockID` includes these two hashes, as well as the number of
-parts.
+The first, used as the block's main hash, is the MerkleRoot
+of all the fields in the header (ie. `MerkleRoot(header)`.
+The second, used for secure gossipping of the block during consensus,
+is the MerkleRoot of the complete serialized block
+cut into parts (ie. `MerkleRoot(MakeParts(block))`).
+The `BlockID` includes these two hashes, as well as the number of
+parts (ie. `len(MakeParts(block))`)

 ```go
 type BlockID struct {
    Hash []byte
-    Parts PartsHeader
+    PartsHeader PartSetHeader
 }

-type PartsHeader struct {
-    Hash []byte
+type PartSetHeader struct {
    Total int32
+    Hash []byte
 }
 ```

-TODO: link to details of merkle sums.
+See [MerkleRoot](/docs/spec/blockchain/encoding.md#MerkleRoot) for details.

 ## Time

@@ -109,10 +111,6 @@ Tendermint uses the
 [Google.Protobuf.WellKnownTypes.Timestamp](https://developers.google.com/protocol-buffers/docs/reference/csharp/class/google/protobuf/well-known-types/timestamp)
 format, which uses two integers, one for Seconds and for Nanoseconds.

-NOTE: there is currently a small divergence between Tendermint and the
-Google.Protobuf.WellKnownTypes.Timestamp that should be resolved. See [this
-issue](https://github.com/tendermint/go-amino/issues/223) for details.
-
 ## Data

 Data is just a wrapper for a list of transactions, where transactions are
@@ -146,12 +144,12 @@ The vote includes information about the validator signing it.

 ```go
 type Vote struct {
-	Type             SignedMsgType  // byte
+	Type             byte
 	Height           int64
 	Round            int
-	Timestamp        time.Time
 	BlockID          BlockID
-	ValidatorAddress Address
+	Timestamp        Time
+	ValidatorAddress []byte
 	ValidatorIndex   int
 	Signature        []byte
 }
@@ -164,8 +162,8 @@ a _precommit_ has `vote.Type == 2`.
 ## Signature

 Signatures in Tendermint are raw bytes representing the underlying signature.
-The only signature scheme currently supported for Tendermint validators is
-ED25519. The signature is the raw 64-byte ED25519 signature.
+
+See the [signature spec](/docs/spec/blockchain/encoding.md#key-types) for more.

 ## EvidenceData

@@ -192,6 +190,8 @@ type DuplicateVoteEvidence struct {
 }
 ```

+See the [pubkey spec](/docs/spec/blockchain/encoding.md#key-types) for more.
+
 ## Validation

 Here we describe the validation rules for every element in a block.
@@ -209,7 +209,7 @@ the current version of the `state` corresponds to the state
 after executing transactions from the `prevBlock`.
 Elements of an object are accessed as expected,
 ie. `block.Header`.
-See [here](https://github.com/tendermint/tendermint/blob/master/docs/spec/blockchain/state.md) for the definition of `state`.
+See the [definition of `State`](/docs/spec/blockchain/state.md).

 ### Header

@@ -230,7 +230,7 @@ The block version must match the state version.
 len(block.ChainID) < 50
 ```

-ChainID must be maximum 50 UTF-8 symbols.
+ChainID must be less than 50 bytes.

 ### Height

@@ -288,28 +288,25 @@ The first block has `block.Header.TotalTxs = block.Header.NumberTxs`.
 LastBlockID is the previous block's BlockID:

 ```go
-prevBlockParts := MakeParts(prevBlock, state.LastConsensusParams.BlockGossip.BlockPartSize)
+prevBlockParts := MakeParts(prevBlock)
 block.Header.LastBlockID == BlockID {
-    Hash: SimpleMerkleRoot(prevBlock.Header),
+    Hash: MerkleRoot(prevBlock.Header),
    PartsHeader{
-        Hash: SimpleMerkleRoot(prevBlockParts),
+        Hash: MerkleRoot(prevBlockParts),
        Total: len(prevBlockParts),
    },
 }
 ```

-Note: it depends on the ConsensusParams,
-which are held in the `state` and may be updated by the application.
-
 The first block has `block.Header.LastBlockID == BlockID{}`.

 ### LastCommitHash

 ```go
-block.Header.LastCommitHash == SimpleMerkleRoot(block.LastCommit)
+block.Header.LastCommitHash == MerkleRoot(block.LastCommit.Precommits)
 ```

-Simple Merkle root of the votes included in the block.
+MerkleRoot of the votes included in the block.
 These are the votes that committed the previous block.

 The first block has `block.Header.LastCommitHash == []byte{}`
@@ -317,37 +314,42 @@ The first block has `block.Header.LastCommitHash == []byte{}`
 ### DataHash

 ```go
-block.Header.DataHash == SimpleMerkleRoot(block.Txs.Txs)
+block.Header.DataHash == MerkleRoot(Hashes(block.Txs.Txs))
 ```

-Simple Merkle root of the transactions included in the block.
+MerkleRoot of the hashes of transactions included in the block.
+
+Note the transactions are hashed before being included in the Merkle tree,
+so the leaves of the Merkle tree are the hashes, not the transactions
+themselves. This is because transaction hashes are regularly used as identifiers for
+transactions.

 ### ValidatorsHash

 ```go
-block.ValidatorsHash == SimpleMerkleRoot(state.Validators)
+block.ValidatorsHash == MerkleRoot(state.Validators)
 ```

-Simple Merkle root of the current validator set that is committing the block.
+MerkleRoot of the current validator set that is committing the block.
 This can be used to validate the `LastCommit` included in the next block.

 ### NextValidatorsHash

 ```go
-block.NextValidatorsHash == SimpleMerkleRoot(state.NextValidators)
+block.NextValidatorsHash == MerkleRoot(state.NextValidators)
 ```

-Simple Merkle root of the next validator set that will be the validator set that commits the next block.
+MerkleRoot of the next validator set that will be the validator set that commits the next block.
 This is included so that the current validator set gets a chance to sign the
 next validator sets Merkle root.

-### ConsensusParamsHash
+### ConsensusHash

 ```go
-block.ConsensusParamsHash == TMHASH(amino(state.ConsensusParams))
+block.ConsensusHash == state.ConsensusParams.Hash()
 ```

-Hash of the amino-encoded consensus parameters.
+Hash of the amino-encoding of a subset of the consensus parameters.

 ### AppHash

@@ -362,20 +364,20 @@ The first block has `block.Header.AppHash == []byte{}`.
 ### LastResultsHash

 ```go
-block.ResultsHash == SimpleMerkleRoot(state.LastResults)
+block.ResultsHash == MerkleRoot(state.LastResults)
 ```

-Simple Merkle root of the results of the transactions in the previous block.
+MerkleRoot of the results of the transactions in the previous block.

 The first block has `block.Header.ResultsHash == []byte{}`.

 ## EvidenceHash

 ```go
-block.EvidenceHash == SimpleMerkleRoot(block.Evidence)
+block.EvidenceHash == MerkleRoot(block.Evidence)
 ```

-Simple Merkle root of the evidence of Byzantine behaviour included in this block.
+MerkleRoot of the evidence of Byzantine behaviour included in this block.

 ### ProposerAddress

--- a/docs/spec/blockchain/encoding.md
+++ b/docs/spec/blockchain/encoding.md
@@ -30,6 +30,12 @@ For example, the byte-array `[0xA, 0xB]` would be encoded as `0x020A0B`,
 while a byte-array containing 300 entires beginning with `[0xA, 0xB, ...]` would
 be encoded as `0xAC020A0B...` where `0xAC02` is the UVarint encoding of 300.

+## Hashing
+
+Tendermint uses `SHA256` as its hash function.
+Objects are always Amino encoded before being hashed.
+So `SHA256(obj)` is short for `SHA256(AminoEncode(obj))`.
+
 ## Public Key Cryptography

 Tendermint uses Amino to distinguish between different types of private keys,
@@ -59,40 +65,36 @@ You can simply use below table and concatenate Prefix || Length (of raw bytes) |
 | PubKeySecp256k1    | tendermint/PubKeySecp256k1    | 0xEB5AE987 | 0x21     |       |
 | PrivKeyEd25519     | tendermint/PrivKeyEd25519     | 0xA3288910 | 0x40     |       |
 | PrivKeySecp256k1   | tendermint/PrivKeySecp256k1   | 0xE1B0F79B | 0x20     |       |
-| SignatureEd25519   | tendermint/SignatureEd25519   | 0x2031EA53 | 0x40     |       |
-| SignatureSecp256k1 | tendermint/SignatureSecp256k1 | 0x7FC4A495 | variable |
+| PubKeyMultisigThreshold | tendermint/PubKeyMultisigThreshold | 0x22C1F7E2 | variable |  |

-|
+### Example

-### Examples
-
-1. For example, the 33-byte (or 0x21-byte in hex) Secp256k1 pubkey
+For example, the 33-byte (or 0x21-byte in hex) Secp256k1 pubkey
   `020BD40F225A57ED383B440CF073BC5539D0341F5767D2BF2D78406D00475A2EE9`
   would be encoded as
-   `EB5AE98221020BD40F225A57ED383B440CF073BC5539D0341F5767D2BF2D78406D00475A2EE9`
+   `EB5AE98721020BD40F225A57ED383B440CF073BC5539D0341F5767D2BF2D78406D00475A2EE9`

-2. For example, the variable size Secp256k1 signature (in this particular example 70 or 0x46 bytes)
-   `304402201CD4B8C764D2FD8AF23ECFE6666CA8A53886D47754D951295D2D311E1FEA33BF02201E0F906BB1CF2C30EAACFFB032A7129358AFF96B9F79B06ACFFB18AC90C2ADD7`
-   would be encoded as
-   `16E1FEEA46304402201CD4B8C764D2FD8AF23ECFE6666CA8A53886D47754D951295D2D311E1FEA33BF02201E0F906BB1CF2C30EAACFFB032A7129358AFF96B9F79B06ACFFB18AC90C2ADD7`
+### Key Types

-### Addresses
-
-Addresses for each public key types are computed as follows:
+Each type specifies it's own pubkey, address, and signature format.

 #### Ed25519

-First 20-bytes of the SHA256 hash of the raw 32-byte public key:
+TODO: pubkey
+
+The address is the first 20-bytes of the SHA256 hash of the raw 32-byte public key:

 ```
 address = SHA256(pubkey)[:20]
 ```

-NOTE: before v0.22.0, this was the RIPEMD160 of the Amino encoded public key.
+The signature is the raw 64-byte ED25519 signature.

 #### Secp256k1

-RIPEMD160 hash of the SHA256 hash of the OpenSSL compressed public key:
+TODO: pubkey
+
+The address is the RIPEMD160 hash of the SHA256 hash of the OpenSSL compressed public key:

 ```
 address = RIPEMD160(SHA256(pubkey))
@@ -100,12 +102,21 @@ address = RIPEMD160(SHA256(pubkey))

 This is the same as Bitcoin.

+The signature is the 64-byte concatenation of ECDSA `r` and `s` (ie. `r || s`),
+where `s` is lexicographically less than its inverse, to prevent malleability.
+This is like Ethereum, but without the extra byte for pubkey recovery, since
+Tendermint assumes the pubkey is always provided anyway.
+
+#### Multisig
+
+TODO
+
 ## Other Common Types

 ### BitArray

-The BitArray is used in block headers and some consensus messages to signal
-whether or not something was done by each validator. BitArray is represented
+The BitArray is used in some consensus messages to represent votes received from
+validators, or parts received in a block. It is represented
 with a struct containing the number of bits (`Bits`) and the bit-array itself
 encoded in base64 (`Elems`).

@@ -127,24 +138,27 @@ representing `1` and `0`. Ie. the BitArray `10110` would be JSON encoded as
 Part is used to break up blocks into pieces that can be gossiped in parallel
 and securely verified using a Merkle tree of the parts.

-Part contains the index of the part in the larger set (`Index`), the actual
-underlying data of the part (`Bytes`), and a simple Merkle proof that the part is contained in
-the larger set (`Proof`).
+Part contains the index of the part (`Index`), the actual
+underlying data of the part (`Bytes`), and a Merkle proof that the part is contained in
+the set (`Proof`).

 ```go
 type Part struct {
    Index int
-    Bytes byte[]
-    Proof byte[]
+    Bytes []byte
+    Proof SimpleProof
 }
 ```

+See details of SimpleProof, below.
+
 ### MakeParts

 Encode an object using Amino and slice it into parts.
+Tendermint uses a part size of 65536 bytes.

 ```go
-func MakeParts(obj interface{}, partSize int) []Part
+func MakeParts(block Block) []Part
 ```

 ## Merkle Trees
@@ -152,12 +166,17 @@ func MakeParts(obj interface{}, partSize int) []Part
 For an overview of Merkle trees, see
 [wikipedia](https://en.wikipedia.org/wiki/Merkle_tree)

-A Simple Tree is a simple compact binary tree for a static list of items. Simple Merkle trees are used in numerous places in Tendermint to compute a cryptographic digest of a data structure. In a Simple Tree, the transactions and validation signatures of a block are hashed using this simple merkle tree logic.
+We use the RFC 6962 specification of a merkle tree, with sha256 as the hash function.
+Merkle trees are used throughout Tendermint to compute a cryptographic digest of a data structure.
+The differences between RFC 6962 and the simplest form a merkle tree are that:

-If the number of items is not a power of two, the tree will not be full
-and some leaf nodes will be at different levels. Simple Tree tries to
-keep both sides of the tree the same size, but the left side may be one
-greater, for example:
+1) leaf nodes and inner nodes have different hashes.
+   This is for "second pre-image resistance", to prevent the proof to an inner node being valid as the proof of a leaf.
+   The leaf nodes are `SHA256(0x00 || leaf_data)`, and inner nodes are `SHA256(0x01 || left_hash || right_hash)`.
+
+2) When the number of items isn't a power of two, the left half of the tree is as big as it could be.
+   (The smallest power of two less than the number of items) This allows new leaves to be added with less
+   recomputation. For example:

 ```
   Simple Tree with 6 items           Simple Tree with 7 items
@@ -171,68 +190,79 @@ greater, for example:
     / \             / \                / \             / \
    /   \           /   \              /   \           /   \
   /     \         /     \            /     \         /     \
-  *       h2      *       h5         *       *       *       h6
- / \             / \                / \     / \     / \
-h0  h1          h3  h4             h0  h1  h2  h3  h4  h5
+  *       *       h4     h5          *       *       *       h6
+ / \     / \                        / \     / \     / \
+h0  h1  h2 h3                      h0  h1  h2  h3  h4  h5
 ```

-Tendermint always uses the `TMHASH` hash function, which is equivalent to
-SHA256:
+### MerkleRoot

-```
-func TMHASH(bz []byte) []byte {
-    return SHA256(bz)
-}
-```
-
-### Simple Merkle Root
-
-The function `SimpleMerkleRoot` is a simple recursive function defined as follows:
+The function `MerkleRoot` is a simple recursive function defined as follows:

 ```go
-func SimpleMerkleRoot(hashes [][]byte) []byte{
-    switch len(hashes) {
-    case 0:
-        return nil
-    case 1:
-        return hashes[0]
-    default:
-        left := SimpleMerkleRoot(hashes[:(len(hashes)+1)/2])
-        right := SimpleMerkleRoot(hashes[(len(hashes)+1)/2:])
-        return SimpleConcatHash(left, right)
-    }
+// SHA256(0x00 || leaf)
+func leafHash(leaf []byte) []byte {
+	return tmhash.Sum(append(0x00, leaf...))
 }

-func SimpleConcatHash(left, right []byte) []byte{
-    left = encodeByteSlice(left)
-    right = encodeByteSlice(right)
-    return TMHASH(append(left, right))
+// SHA256(0x01 || left || right)
+func innerHash(left []byte, right []byte) []byte {
+	return tmhash.Sum(append(0x01, append(left, right...)...))
+}
+
+// largest power of 2 less than k
+func getSplitPoint(k int) { ... }
+
+func MerkleRoot(items [][]byte) []byte{
+	switch len(items) {
+	case 0:
+		return nil
+	case 1:
+		return leafHash(leafs[0])
+	default:
+		k := getSplitPoint(len(items))
+		left := MerkleRoot(items[:k])
+		right := MerkleRoot(items[k:])
+		return innerHash(left, right)
+	}
 }
 ```

-Note that the leaves are Amino encoded as byte-arrays (ie. simple Uvarint length
-prefix) before being concatenated together and hashed.
+Note: `MerkleRoot` operates on items which are arbitrary byte arrays, not
+necessarily hashes. For items which need to be hashed first, we introduce the
+`Hashes` function:

-Note: we will abuse notion and invoke `SimpleMerkleRoot` with arguments of type `struct` or type `[]struct`.
-For `struct` arguments, we compute a `[][]byte` containing the hash of each
+```
+func Hashes(items [][]byte) [][]byte {
+    return SHA256 of each item
+}
+```
+
+Note: we will abuse notion and invoke `MerkleRoot` with arguments of type `struct` or type `[]struct`.
+For `struct` arguments, we compute a `[][]byte` containing the amino encoding of each
 field in the struct, in the same order the fields appear in the struct.
-For `[]struct` arguments, we compute a `[][]byte` by hashing the individual `struct` elements.
+For `[]struct` arguments, we compute a `[][]byte` by amino encoding the individual `struct` elements.

 ### Simple Merkle Proof

-Proof that a leaf is in a Merkle tree consists of a simple structure:
+Proof that a leaf is in a Merkle tree is composed as follows:

-```
+```golang
 type SimpleProof struct {
+        Total int
+        Index int
+        LeafHash []byte
        Aunts [][]byte
 }
 ```

-Which is verified using the following:
+Which is verified as follows:

-```
-func (proof SimpleProof) Verify(index, total int, leafHash, rootHash []byte) bool {
-	computedHash := computeHashFromAunts(index, total, leafHash, proof.Aunts)
+```golang
+func (proof SimpleProof) Verify(rootHash []byte, leaf []byte) bool {
+	assert(proof.LeafHash, leafHash(leaf)
+
+	computedHash := computeHashFromAunts(proof.Index, proof.Total, proof.LeafHash, proof.Aunts)
    return computedHash == rootHash
 }

@@ -246,26 +276,18 @@ func computeHashFromAunts(index, total int, leafHash []byte, innerHashes [][]byt

 	assert(len(innerHashes) > 0)

-	numLeft := (total + 1) / 2
+	numLeft := getSplitPoint(total) // largest power of 2 less than total
 	if index < numLeft {
 		leftHash := computeHashFromAunts(index, numLeft, leafHash, innerHashes[:len(innerHashes)-1])
 		assert(leftHash != nil)
-		return SimpleHashFromTwoHashes(leftHash, innerHashes[len(innerHashes)-1])
+		return innerHash(leftHash, innerHashes[len(innerHashes)-1])
 	}
 	rightHash := computeHashFromAunts(index-numLeft, total-numLeft, leafHash, innerHashes[:len(innerHashes)-1])
 	assert(rightHash != nil)
-	return SimpleHashFromTwoHashes(innerHashes[len(innerHashes)-1], rightHash)
+	return innerHash(innerHashes[len(innerHashes)-1], rightHash)
 }
 ```

-### Simple Tree with Dictionaries
-
-The Simple Tree is used to merkelize a list of items, so to merkelize a
-(short) dictionary of key-value pairs, encode the dictionary as an
-ordered list of `KVPair` structs. The block hash is such a hash
-derived from all the fields of the block `Header`. The state hash is
-similarly derived.
-
 ### IAVL+ Tree

 Because Tendermint only uses a Simple Merkle Tree, application developers are expect to use their own Merkle tree in their applications. For example, the IAVL+ Tree - an immutable self-balancing binary tree for persisting application state is used by the [Cosmos SDK](https://github.com/cosmos/cosmos-sdk/blob/develop/docs/sdk/core/multistore.md)
@@ -309,12 +331,14 @@ type CanonicalVote struct {
 	Type      byte
 	Height    int64            `binary:"fixed64"`
 	Round     int64            `binary:"fixed64"`
-	Timestamp time.Time
 	BlockID   CanonicalBlockID
+	Timestamp time.Time
 	ChainID   string
 }
 ```

 The field ordering and the fixed sized encoding for the first three fields is optimized to ease parsing of SignBytes
 in HSMs. It creates fixed offsets for relevant fields that need to be read in this context.
-See [#1622](https://github.com/tendermint/tendermint/issues/1622) for more details.
+For more details, see the [signing spec](/docs/spec/consensus/signing.md).
+Also, see the motivating discussion in
+[#1622](https://github.com/tendermint/tendermint/issues/1622).
--- a/docs/spec/blockchain/state.md
+++ b/docs/spec/blockchain/state.md
@@ -60,7 +60,7 @@ When hashing the Validator struct, the address is not included,
 because it is redundant with the pubkey.

 The `state.Validators`, `state.LastValidators`, and `state.NextValidators`, must always by sorted by validator address,
-so that there is a canonical order for computing the SimpleMerkleRoot.
+so that there is a canonical order for computing the MerkleRoot.

 We also define a `TotalVotingPower` function, to return the total voting power:

@@ -78,32 +78,44 @@ func TotalVotingPower(vals []Validators) int64{

 ConsensusParams define various limits for blockchain data structures.
 Like validator sets, they are set during genesis and can be updated by the application through ABCI.
+When hashed, only a subset of the params are included, to allow the params to
+evolve without breaking the header.

-```
+```go
 type ConsensusParams struct {
 	BlockSize
-	TxSize
-	BlockGossip
-	EvidenceParams
+	Evidence
+	Validator
+}
+
+type hashedParams struct {
+    BlockMaxBytes int64
+    BlockMaxGas   int64
+}
+
+func (params ConsensusParams) Hash() []byte {
+    SHA256(hashedParams{
+        BlockMaxBytes: params.BlockSize.MaxBytes,
+        BlockMaxGas: params.BlockSize.MaxGas,
+    })
 }

 type BlockSize struct {
-	MaxBytes        int
+	MaxBytes        int64
 	MaxGas          int64
 }

-type TxSize struct {
-	MaxBytes int
-	MaxGas   int64
-}
-
-type BlockGossip struct {
-	BlockPartSizeBytes int
-}
-
-type EvidenceParams struct {
+type Evidence struct {
 	MaxAge int64
 }
+
+type Validator struct {
+	PubKeyTypes []string
+}
+
+type ValidatorParams struct {
+	PubKeyTypes []string
+}
 ```

 #### BlockSize
@@ -115,20 +127,15 @@ otherwise.
 Blocks should additionally be limited by the amount of "gas" consumed by the
 transactions in the block, though this is not yet implemented.

-#### TxSize
-
-These parameters are not yet enforced and may disappear. See [issue
-#2347](https://github.com/tendermint/tendermint/issues/2347).
-
-#### BlockGossip
-
-When gossipping blocks in the consensus, they are first split into parts. The
-size of each part is `ConsensusParams.BlockGossip.BlockPartSizeBytes`.
-
-#### EvidenceParams
+#### Evidence

 For evidence in a block to be valid, it must satisfy:

 ```
-block.Header.Height - evidence.Height < ConsensusParams.EvidenceParams.MaxAge
+block.Header.Height - evidence.Height < ConsensusParams.Evidence.MaxAge
 ```
+
+#### Validator
+
+Validators from genesis file and `ResponseEndBlock` must have pubkeys of type ∈
+`ConsensusParams.Validator.PubKeyTypes`.
--- a/docs/spec/consensus/signing.md
+++ b/docs/spec/consensus/signing.md
@@ -0,0 +1,205 @@
+# Validator Signing
+
+Here we specify the rules for validating a proposal and vote before signing.
+First we include some general notes on validating data structures common to both types.
+We then provide specific validation rules for each. Finally, we include validation rules to prevent double-sigining.
+
+## SignedMsgType
+
+The `SignedMsgType` is a single byte that refers to the type of the message
+being signed. It is defined in Go as follows:
+
+```
+// SignedMsgType is a type of signed message in the consensus.
+type SignedMsgType byte
+
+const (
+	// Votes
+	PrevoteType   SignedMsgType = 0x01
+	PrecommitType SignedMsgType = 0x02
+
+	// Proposals
+	ProposalType SignedMsgType = 0x20
+)
+```
+
+All signed messages must correspond to one of these types.
+
+## Timestamp
+
+Timestamp validation is subtle and there are currently no bounds placed on the
+timestamp included in a proposal or vote. It is expected that validators will honestly
+report their local clock time. The median of all timestamps
+included in a commit is used as the timestamp for the next block height.
+
+Timestamps are expected to be strictly monotonic for a given validator, though
+this is not currently enforced.
+
+## ChainID
+
+ChainID is an unstructured string with a max length of 50-bytes.
+In the future, the ChainID may become structured, and may take on longer lengths.
+For now, it is recommended that signers be configured for a particular ChainID,
+and to only sign votes and proposals corresponding to that ChainID.
+
+## BlockID
+
+BlockID is the structure used to represent the block:
+
+```
+type BlockID struct {
+	Hash        []byte
+	PartsHeader PartSetHeader
+}
+
+type PartSetHeader struct {
+	Hash  []byte
+	Total int
+}
+```
+
+To be included in a valid vote or proposal, BlockID must either represent a `nil` block, or a complete one.
+We introduce two methods, `BlockID.IsZero()` and `BlockID.IsComplete()` for these cases, respectively.
+
+`BlockID.IsZero()` returns true for BlockID `b` if each of the following
+are true:
+
+```
+b.Hash == nil
+b.PartsHeader.Total == 0
+b.PartsHeader.Hash == nil
+```
+
+`BlockID.IsComplete()` returns true for BlockID `b` if each of the following
+are true:
+
+```
+len(b.Hash) == 32
+b.PartsHeader.Total > 0
+len(b.PartsHeader.Hash) == 32
+```
+
+## Proposals
+
+The structure of a proposal for signing looks like:
+
+```
+type CanonicalProposal struct {
+	Type      SignedMsgType // type alias for byte
+	Height    int64         `binary:"fixed64"`
+	Round     int64         `binary:"fixed64"`
+	POLRound  int64         `binary:"fixed64"`
+	BlockID   BlockID
+	Timestamp time.Time
+	ChainID   string
+}
+```
+
+A proposal is valid if each of the following lines evaluates to true for proposal `p`:
+
+```
+p.Type == 0x20
+p.Height > 0
+p.Round >= 0
+p.POLRound >= -1
+p.BlockID.IsComplete()
+```
+
+In other words, a proposal is valid for signing if it contains the type of a Proposal
+(0x20), has a positive, non-zero height, a
+non-negative round, a POLRound not less than -1, and a complete BlockID.
+
+## Votes
+
+The structure of a vote for signing looks like:
+
+```
+type CanonicalVote struct {
+	Type      SignedMsgType // type alias for byte
+	Height    int64         `binary:"fixed64"`
+	Round     int64         `binary:"fixed64"`
+	BlockID   BlockID
+	Timestamp time.Time
+	ChainID   string
+}
+```
+
+A vote is valid if each of the following lines evaluates to true for vote `v`:
+
+```
+v.Type == 0x1 || v.Type == 0x2
+v.Height > 0
+v.Round >= 0
+v.BlockID.IsZero() || v.BlockID.IsComplete()
+```
+
+In other words, a vote is valid for signing if it contains the type of a Prevote
+or Precommit (0x1 or 0x2, respectively), has a positive, non-zero height, a
+non-negative round, and an empty or valid BlockID.
+
+## Invalid Votes and Proposals
+
+Votes and proposals which do not satisfy the above rules are considered invalid.
+Peers gossipping invalid votes and proposals may be disconnected from other peers on the network.
+Note, however, that there is not currently any explicit mechanism to punish validators signing votes or proposals that fail
+these basic validation rules.
+
+## Double Signing
+
+Signers must be careful not to sign conflicting messages, also known as "double signing" or "equivocating".
+Tendermint has mechanisms to publish evidence of validators that signed conflicting votes, so they can be punished
+by the application. Note Tendermint does not currently handle evidence of conflciting proposals, though it may in the future.
+
+### State
+
+To prevent such double signing, signers must track the height, round, and type of the last message signed.
+Assume the signer keeps the following state, `s`:
+
+```
+type LastSigned struct {
+	Height	int64
+	Round	int64
+	Type	SignedMsgType // byte
+}
+```
+
+After signing a vote or proposal `m`, the signer sets:
+
+```
+s.Height = m.Height
+s.Round = m.Round
+s.Type = m.Type
+```
+
+### Proposals
+
+A signer should only sign a proposal `p` if any of the following lines are true:
+
+```
+p.Height > s.Height
+p.Height == s.Height && p.Round > s.Round
+```
+
+In other words, a proposal should only be signed if it's at a higher height, or a higher round for the same height.
+Once a proposal or vote has been signed for a given height and round, a proposal should never be signed for the same height and round.
+
+### Votes
+
+A signer should only sign a vote `v` if any of the following lines are true:
+
+```
+v.Height > s.Height
+v.Height == s.Height && v.Round > s.Round
+v.Height == s.Height && v.Round == s.Round && v.Step == 0x1 && s.Step == 0x20
+v.Height == s.Height && v.Round == s.Round && v.Step == 0x2 && s.Step != 0x2
+```
+
+In other words, a vote should only be signed if it's:
+
+- at a higher height
+- at a higher round for the same height
+- a prevote for the same height and round where we haven't signed a prevote or precommit (but have signed a proposal)
+- a precommit for the same height and round where we haven't signed a precommit (but have signed a proposal and/or a prevote)
+
+This means that once a validator signs a prevote for a given height and round, the only other message it can sign for that height and round is a precommit.
+And once a validator signs a precommit for a given height and round, it must not sign any other message for that same height and round.
--- a/docs/spec/reactors/block_sync/reactor.md
+++ b/docs/spec/reactors/block_sync/reactor.md
@@ -65,24 +65,24 @@ type Requester {
  mtx          Mutex
  block        Block
  height       int64
-  peerID       p2p.ID
-  redoChannel  chan struct{}
+   peerID       p2p.ID
+  redoChannel  chan p2p.ID //redo may send multi-time; peerId is used to identify repeat
 }
 ```

-Pool is core data structure that stores last executed block (`height`), assignment of requests to peers (`requesters`), current height for each peer and number of pending requests for each peer (`peers`), maximum peer height, etc.
+Pool is a core data structure that stores last executed block (`height`), assignment of requests to peers (`requesters`), current height for each peer and number of pending requests for each peer (`peers`), maximum peer height, etc.

 ```go
 type Pool {
-  mtx Mutex
-  requesters       map[int64]*Requester
-  height           int64
-  peers            map[p2p.ID]*Peer
-  maxPeerHeight    int64
-  numPending       int32
-  store            BlockStore
-  requestsChannel  chan<- BlockRequest
-  errorsChannel    chan<- peerError
+  mtx                Mutex
+  requesters         map[int64]*Requester
+  height             int64
+  peers              map[p2p.ID]*Peer
+  maxPeerHeight      int64
+  numPending         int32
+  store              BlockStore
+  requestsChannel    chan<- BlockRequest
+  errorsChannel      chan<- peerError
 }
 ```

@@ -90,11 +90,11 @@ Peer data structure stores for each peer current `height` and number of pending

 ```go
 type Peer struct {
-  id         p2p.ID
-  height     int64
-  numPending int32
-  timeout    *time.Timer
-  didTimeout bool
+  id           p2p.ID
+  height       int64
+  numPending   int32
+  timeout      *time.Timer
+  didTimeout   bool
 }
 ```

@@ -169,11 +169,11 @@ Requester task is responsible for fetching a single block at position `height`.

 ```go
 fetchBlock(height, pool):
-  while true do
+  while true do {
    peerID = nil
    block = nil
    peer = pickAvailablePeer(height)
-    peerId = peer.id
+    peerID = peer.id

    enqueue BlockRequest(height, peerID) to pool.requestsChannel
    redo = false
@@ -181,12 +181,15 @@ fetchBlock(height, pool):
      select {
        upon receiving Quit message do
          return
-        upon receiving message on redoChannel do
-          mtx.Lock()
-          pool.numPending++
-          redo = true
-          mtx.UnLock()
+        upon receiving redo message with id on redoChannel do
+          if peerID == id {
+            mtx.Lock()
+            pool.numPending++
+            redo = true
+            mtx.UnLock()	
+          }
      }
+    }

 pickAvailablePeer(height):
  selectedPeer = nil
@@ -244,7 +247,7 @@ createRequesters(pool):
 main(pool):
  create trySyncTicker with interval trySyncIntervalMS
  create statusUpdateTicker with interval statusUpdateIntervalSeconds
-  create switchToConsensusTicker with interbal switchToConsensusIntervalSeconds
+  create switchToConsensusTicker with interval switchToConsensusIntervalSeconds

  while true do
    select {
--- a/Show More
+++ b/Show More