2020-05-01 18:22:31 +00:00
# Ethereum 2.0 Phase 1 -- Shard Transition and Fraud Proofs
**Notice**: This document is a work-in-progress for researchers and implementers.
## Table of contents
2020-01-03 14:49:23 +00:00
<!-- START doctoc generated TOC please keep comment here to allow auto update -->
<!-- DON'T EDIT THIS SECTION, INSTEAD RE - RUN doctoc TO UPDATE -->
2020-09-23 20:55:22 +00:00
2020-01-03 14:49:23 +00:00
2020-05-01 18:22:31 +00:00
- [Introduction ](#introduction )
- [Helper functions ](#helper-functions )
- [Shard block verification functions ](#shard-block-verification-functions )
2020-06-24 10:08:26 +00:00
- [`verify_shard_block_message` ](#verify_shard_block_message )
- [`verify_shard_block_signature` ](#verify_shard_block_signature )
- [Shard state transition function ](#shard-state-transition-function )
2020-05-01 18:22:31 +00:00
- [Fraud proofs ](#fraud-proofs )
- [Verifying the proof ](#verifying-the-proof )
2020-01-03 14:49:23 +00:00
<!-- END doctoc generated TOC please keep comment here to allow auto update -->
2020-05-01 18:22:31 +00:00
## Introduction
2019-11-15 20:11:42 +00:00
2020-05-01 18:22:31 +00:00
This document describes the shard transition function and fraud proofs as part of Phase 1 of Ethereum 2.0.
2019-11-15 20:11:42 +00:00
2020-05-01 18:22:31 +00:00
## Helper functions
2019-11-15 20:11:42 +00:00
2020-05-01 18:22:31 +00:00
### Shard block verification functions
2019-11-15 20:11:42 +00:00
2020-06-24 10:08:26 +00:00
#### `verify_shard_block_message`
2020-05-01 18:22:31 +00:00
```python
2020-06-08 15:49:24 +00:00
def verify_shard_block_message(beacon_parent_state: BeaconState,
2020-06-05 08:19:25 +00:00
shard_parent_state: ShardState,
2020-06-08 15:49:24 +00:00
block: ShardBlock) -> bool:
2020-06-05 08:19:25 +00:00
# Check `shard_parent_root` field
assert block.shard_parent_root == shard_parent_state.latest_block_root
# Check `beacon_parent_root` field
2020-06-08 15:49:24 +00:00
beacon_parent_block_header = beacon_parent_state.latest_block_header.copy()
2020-06-05 21:19:46 +00:00
if beacon_parent_block_header.state_root == Root():
2020-06-08 15:49:24 +00:00
beacon_parent_block_header.state_root = hash_tree_root(beacon_parent_state)
2020-06-05 21:19:46 +00:00
beacon_parent_root = hash_tree_root(beacon_parent_block_header)
2020-06-05 08:19:25 +00:00
assert block.beacon_parent_root == beacon_parent_root
# Check `slot` field
2020-06-08 15:49:24 +00:00
shard = block.shard
next_slot = Slot(block.slot + 1)
offset_slots = compute_offset_slots(get_latest_slot_for_shard(beacon_parent_state, shard), next_slot)
assert block.slot in offset_slots
2020-06-05 08:19:25 +00:00
# Check `proposer_index` field
2020-06-08 15:49:24 +00:00
assert block.proposer_index == get_shard_proposer_index(beacon_parent_state, block.slot, shard)
2020-06-05 08:19:25 +00:00
# Check `body` field
2020-05-01 18:22:31 +00:00
assert 0 < len ( block . body ) < = MAX_SHARD_BLOCK_SIZE
return True
```
2019-11-15 20:11:42 +00:00
2020-06-24 10:08:26 +00:00
#### `verify_shard_block_signature`
2020-05-01 18:22:31 +00:00
```python
2020-06-24 04:14:22 +00:00
def verify_shard_block_signature(beacon_parent_state: BeaconState,
2020-05-01 18:22:31 +00:00
signed_block: SignedShardBlock) -> bool:
2020-06-24 04:14:22 +00:00
proposer = beacon_parent_state.validators[signed_block.message.proposer_index]
domain = get_domain(beacon_parent_state, DOMAIN_SHARD_PROPOSAL, compute_epoch_at_slot(signed_block.message.slot))
2020-05-01 18:22:31 +00:00
signing_root = compute_signing_root(signed_block.message, domain)
return bls.Verify(proposer.pubkey, signing_root, signed_block.signature)
```
2019-11-15 20:11:42 +00:00
2020-06-24 10:08:26 +00:00
## Shard state transition function
2020-06-25 03:14:25 +00:00
The post-state corresponding to a pre-state `shard_state` and a signed block `signed_block` is defined as `shard_state_transition(shard_state, signed_block, beacon_parent_state)` , where `beacon_parent_state` is the parent beacon state of the `signed_block` . State transitions that trigger an unhandled exception (e.g. a failed `assert` or an out-of-range list access) are considered invalid. State transitions that cause a `uint64` overflow or underflow are also considered invalid.
2019-11-15 20:11:42 +00:00
```python
2020-06-22 15:41:02 +00:00
def shard_state_transition(shard_state: ShardState,
2020-06-24 04:14:22 +00:00
signed_block: SignedShardBlock,
2020-06-25 03:14:25 +00:00
beacon_parent_state: BeaconState,
validate_result: bool = True) -> ShardState:
assert verify_shard_block_message(beacon_parent_state, shard_state, signed_block.message)
if validate_result:
2020-06-24 04:14:22 +00:00
assert verify_shard_block_signature(beacon_parent_state, signed_block)
2020-06-22 15:11:21 +00:00
2020-06-24 04:14:22 +00:00
process_shard_block(shard_state, signed_block.message)
2020-06-22 15:11:21 +00:00
return shard_state
```
```python
def process_shard_block(shard_state: ShardState,
block: ShardBlock) -> None:
2020-06-01 21:31:45 +00:00
"""
2020-06-09 18:43:59 +00:00
Update ``shard_state`` with shard ``block``.
2020-06-01 21:31:45 +00:00
"""
shard_state.slot = block.slot
2020-04-16 11:43:48 +00:00
prev_gasprice = shard_state.gasprice
2020-06-18 12:34:34 +00:00
shard_block_length = len(block.body)
shard_state.gasprice = compute_updated_gasprice(prev_gasprice, uint64(shard_block_length))
2020-06-24 10:18:50 +00:00
if shard_block_length != 0:
shard_state.latest_block_root = hash_tree_root(block)
2020-04-16 11:43:48 +00:00
```
2020-05-01 18:22:31 +00:00
## Fraud proofs
2019-11-15 20:11:42 +00:00
2020-04-02 03:22:21 +00:00
### Verifying the proof
2020-04-06 11:30:32 +00:00
TODO. The intent is to have a single universal fraud proof type, which contains the following parts:
1. An on-time attestation `attestation` on some shard `shard` signing a `transition: ShardTransition`
2. An index `offset_index` of a particular position to focus on
3. The `transition: ShardTransition` itself
4. The full body of the shard block `shard_block`
5. A Merkle proof to the `shard_states` in the parent block the attestation is referencing
2020-04-16 11:43:48 +00:00
6. The `subkey` to generate the custody bit
2020-04-06 11:30:32 +00:00
Call the following function to verify the proof:
2020-04-02 03:22:21 +00:00
```python
2020-04-16 11:43:48 +00:00
def is_valid_fraud_proof(beacon_state: BeaconState,
attestation: Attestation,
offset_index: uint64,
transition: ShardTransition,
2020-04-20 08:57:29 +00:00
block: ShardBlock,
2020-04-16 11:43:48 +00:00
subkey: BLSPubkey,
beacon_parent_block: BeaconBlock) -> bool:
2020-04-06 11:30:32 +00:00
# 1. Check if `custody_bits[offset_index][j] != generate_custody_bit(subkey, block_contents)` for any `j` .
2020-04-02 03:22:21 +00:00
custody_bits = attestation.custody_bits_blocks
2020-05-13 13:13:33 +00:00
for j in range(len(custody_bits[offset_index])):
2020-04-20 08:57:29 +00:00
if custody_bits[offset_index][j] != generate_custody_bit(subkey, block):
2020-04-02 03:22:21 +00:00
return True
2020-04-06 11:30:32 +00:00
# 2. Check if the shard state transition result is wrong between
# `transition.shard_states[offset_index - 1]` to `transition.shard_states[offset_index]` .
if offset_index == 0:
2020-06-15 16:16:39 +00:00
shard_states = beacon_parent_block.body.shard_transitions[attestation.data.shard].shard_states
2020-05-13 13:25:16 +00:00
shard_state = shard_states[len(shard_states) - 1]
2020-04-02 03:22:21 +00:00
else:
2020-04-20 08:57:29 +00:00
shard_state = transition.shard_states[offset_index - 1] # Not doing the actual state updates here.
2020-04-06 11:30:32 +00:00
2020-07-01 14:23:05 +00:00
process_shard_block(shard_state, block)
2020-06-09 18:43:59 +00:00
if shard_state != transition.shard_states[offset_index]:
2020-04-02 03:22:21 +00:00
return True
return False
```
```python
def generate_custody_bit(subkey: BLSPubkey, block: ShardBlock) -> bool:
# TODO
...
```