2020-05-02 02:22:31 +08:00
# Ethereum 2.0 Phase 1 -- Shard Transition and Fraud Proofs
**Notice**: This document is a work-in-progress for researchers and implementers.
## Table of contents
2020-01-03 07:49:23 -07:00
<!-- START doctoc generated TOC please keep comment here to allow auto update -->
<!-- DON'T EDIT THIS SECTION, INSTEAD RE - RUN doctoc TO UPDATE -->
**Table of Contents** *generated with [DocToc](https://github.com/thlorenz/doctoc)*
2020-05-02 02:22:31 +08:00
- [Introduction ](#introduction )
- [Helper functions ](#helper-functions )
- [Misc ](#misc )
- [Shard block verification functions ](#shard-block-verification-functions )
- [Shard state transition ](#shard-state-transition )
- [Fraud proofs ](#fraud-proofs )
- [Verifying the proof ](#verifying-the-proof )
- [Honest committee member behavior ](#honest-committee-member-behavior )
- [Helper functions ](#helper-functions-1 )
- [Make attestations ](#make-attestations )
2020-01-03 07:49:23 -07:00
<!-- END doctoc generated TOC please keep comment here to allow auto update -->
2020-05-02 02:22:31 +08:00
## Introduction
2019-11-15 21:11:42 +01:00
2020-05-02 02:22:31 +08:00
This document describes the shard transition function and fraud proofs as part of Phase 1 of Ethereum 2.0.
2019-11-15 21:11:42 +01:00
2020-05-02 02:22:31 +08:00
## Helper functions
2019-11-15 21:11:42 +01:00
2020-05-02 02:22:31 +08:00
### Misc
2019-11-15 21:11:42 +01:00
2020-05-02 02:22:31 +08:00
```python
def compute_shard_transition_digest(beacon_state: BeaconState,
shard_state: ShardState,
beacon_parent_root: Root,
shard_body_root: Root) -> Bytes32:
# TODO: use SSZ hash tree root
return hash(
hash_tree_root(shard_state) + beacon_parent_root + shard_body_root
)
```
2019-11-15 21:11:42 +01:00
2020-05-02 02:22:31 +08:00
### Shard block verification functions
2019-11-15 21:11:42 +01:00
2020-05-02 02:22:31 +08:00
```python
def verify_shard_block_message(beacon_state: BeaconState,
shard_state: ShardState,
block: ShardBlock,
slot: Slot,
shard: Shard) -> bool:
assert block.shard_parent_root == shard_state.latest_block_root
assert block.slot == slot
assert block.proposer_index == get_shard_proposer_index(beacon_state, slot, shard)
assert 0 < len ( block . body ) < = MAX_SHARD_BLOCK_SIZE
return True
```
2019-11-15 21:11:42 +01:00
2020-05-02 02:22:31 +08:00
```python
def verify_shard_block_signature(beacon_state: BeaconState,
signed_block: SignedShardBlock) -> bool:
proposer = beacon_state.validators[signed_block.message.proposer_index]
domain = get_domain(beacon_state, DOMAIN_SHARD_PROPOSAL, compute_epoch_at_slot(signed_block.message.slot))
signing_root = compute_signing_root(signed_block.message, domain)
return bls.Verify(proposer.pubkey, signing_root, signed_block.signature)
```
2019-11-15 21:11:42 +01:00
2020-05-02 02:22:31 +08:00
## Shard state transition
2019-11-15 21:11:42 +01:00
```python
2020-04-02 10:53:46 +08:00
def shard_state_transition(beacon_state: BeaconState,
2020-04-06 19:30:32 +08:00
shard_state: ShardState,
2020-04-20 16:57:29 +08:00
block: ShardBlock) -> None:
2020-04-06 19:30:32 +08:00
# Update shard state
2020-04-16 19:43:48 +08:00
prev_gasprice = shard_state.gasprice
2020-04-20 16:57:29 +08:00
if len(block.body) == 0:
2020-04-16 19:43:48 +08:00
latest_block_root = shard_state.latest_block_root
else:
2020-04-20 16:57:29 +08:00
latest_block_root = hash_tree_root(block)
2020-04-16 19:43:48 +08:00
2020-04-20 16:57:29 +08:00
shard_state.transition_digest = compute_shard_transition_digest(
2020-04-16 19:43:48 +08:00
beacon_state,
shard_state,
2020-04-20 16:57:29 +08:00
block.beacon_parent_root,
block.body,
2020-04-16 19:43:48 +08:00
)
2020-04-20 16:57:29 +08:00
shard_state.gasprice = compute_updated_gasprice(prev_gasprice, len(block.body))
shard_state.slot = block.slot
2020-04-16 19:43:48 +08:00
shard_state.latest_block_root = latest_block_root
```
2020-05-02 02:22:31 +08:00
We have a pure function `get_post_shard_state` for describing the fraud proof verification and honest validator behavior.
2020-04-16 19:43:48 +08:00
```python
2020-04-20 16:57:29 +08:00
def get_post_shard_state(beacon_state: BeaconState,
shard_state: ShardState,
block: ShardBlock) -> ShardState:
"""
A pure function that returns a new post ShardState instead of modifying the given `shard_state` .
"""
post_state = shard_state.copy()
shard_state_transition(beacon_state, post_state, block)
return post_state
```
2020-05-02 02:22:31 +08:00
## Fraud proofs
2019-11-15 21:11:42 +01:00
2020-04-02 11:22:21 +08:00
### Verifying the proof
2020-04-06 19:30:32 +08:00
TODO. The intent is to have a single universal fraud proof type, which contains the following parts:
1. An on-time attestation `attestation` on some shard `shard` signing a `transition: ShardTransition`
2. An index `offset_index` of a particular position to focus on
3. The `transition: ShardTransition` itself
4. The full body of the shard block `shard_block`
5. A Merkle proof to the `shard_states` in the parent block the attestation is referencing
2020-04-16 19:43:48 +08:00
6. The `subkey` to generate the custody bit
2020-04-06 19:30:32 +08:00
Call the following function to verify the proof:
2020-04-02 11:22:21 +08:00
```python
2020-04-16 19:43:48 +08:00
def is_valid_fraud_proof(beacon_state: BeaconState,
attestation: Attestation,
offset_index: uint64,
transition: ShardTransition,
2020-04-20 16:57:29 +08:00
block: ShardBlock,
2020-04-16 19:43:48 +08:00
subkey: BLSPubkey,
beacon_parent_block: BeaconBlock) -> bool:
2020-04-06 19:30:32 +08:00
# 1. Check if `custody_bits[offset_index][j] != generate_custody_bit(subkey, block_contents)` for any `j` .
2020-04-02 11:22:21 +08:00
custody_bits = attestation.custody_bits_blocks
2020-04-06 19:30:32 +08:00
for j in range(custody_bits[offset_index]):
2020-04-20 16:57:29 +08:00
if custody_bits[offset_index][j] != generate_custody_bit(subkey, block):
2020-04-02 11:22:21 +08:00
return True
2020-04-06 19:30:32 +08:00
# 2. Check if the shard state transition result is wrong between
# `transition.shard_states[offset_index - 1]` to `transition.shard_states[offset_index]` .
if offset_index == 0:
2020-04-28 11:28:21 +08:00
shard = get_shard(beacon_state, attestation)
2020-04-20 16:57:29 +08:00
shard_state = beacon_parent_block.shard_transitions[shard].shard_states[-1]
2020-04-02 11:22:21 +08:00
else:
2020-04-20 16:57:29 +08:00
shard_state = transition.shard_states[offset_index - 1] # Not doing the actual state updates here.
2020-04-06 19:30:32 +08:00
2020-04-20 16:57:29 +08:00
shard_state = get_post_shard_state(beacon_state, shard_state, block)
if shard_state.transition_digest != transition.shard_states[offset_index].transition_digest:
2020-04-02 11:22:21 +08:00
return True
return False
```
```python
def generate_custody_bit(subkey: BLSPubkey, block: ShardBlock) -> bool:
# TODO
...
```
2019-11-15 21:11:42 +01:00
## Honest committee member behavior
2020-04-06 19:30:32 +08:00
### Helper functions
```python
def get_winning_proposal(beacon_state: BeaconState, proposals: Sequence[SignedShardBlock]) -> SignedShardBlock:
2020-04-16 17:18:11 +08:00
# TODO: Let `winning_proposal` be the proposal with the largest number of total attestations from slots in
2020-04-06 19:30:32 +08:00
# `state.shard_next_slots[shard]....slot-1` supporting it or any of its descendants, breaking ties by choosing
# the first proposal locally seen. Do `proposals.append(winning_proposal)` .
return proposals[-1] # stub
```
```python
2020-04-16 19:43:48 +08:00
def compute_shard_body_roots(proposals: Sequence[SignedShardBlock]) -> Sequence[Root]:
2020-04-06 19:30:32 +08:00
return [hash_tree_root(proposal.message.body) for proposal in proposals]
```
2020-04-11 01:12:40 +08:00
```python
def get_proposal_choices_at_slot(beacon_state: BeaconState,
shard_state: ShardState,
slot: Slot,
shard: Shard,
shard_blocks: Sequence[SignedShardBlock],
2020-04-16 19:43:48 +08:00
validate_signature: bool=True) -> Sequence[SignedShardBlock]:
"""
Return the valid shard blocks at the given ``slot` `.
Note that this function doesn't change the state.
"""
2020-04-11 01:12:40 +08:00
choices = []
shard_blocks_at_slot = [block for block in shard_blocks if block.message.slot == slot]
for block in shard_blocks_at_slot:
try:
2020-04-16 19:43:48 +08:00
# Verify block message and signature
2020-04-20 16:57:29 +08:00
# TODO these validations should have been checked upon receiving shard blocks.
assert verify_shard_block_message(beacon_state, shard_state, block.message, slot, shard)
2020-04-16 19:43:48 +08:00
if validate_signature:
2020-04-11 01:12:40 +08:00
assert verify_shard_block_signature(beacon_state, block)
2020-04-20 16:57:29 +08:00
shard_state = get_post_shard_state(beacon_state, shard_state, block.message)
2020-04-11 01:12:40 +08:00
except Exception:
pass # TODO: throw error in the test helper
else:
choices.append(block)
return choices
```
```python
def get_proposal_at_slot(beacon_state: BeaconState,
shard_state: ShardState,
slot: Shard,
shard: Shard,
shard_blocks: Sequence[SignedShardBlock],
2020-04-16 19:43:48 +08:00
validate_signature: bool=True) -> Tuple[SignedShardBlock, ShardState]:
"""
Return ``proposal``, ``shard_state`` of the given ``slot` `.
Note that this function doesn't change the state.
"""
2020-04-11 01:12:40 +08:00
choices = get_proposal_choices_at_slot(
beacon_state=beacon_state,
shard_state=shard_state,
slot=slot,
shard=shard,
shard_blocks=shard_blocks,
2020-04-16 19:43:48 +08:00
validate_signature=validate_signature,
2020-04-11 01:12:40 +08:00
)
if len(choices) == 0:
2020-04-16 19:43:48 +08:00
block = ShardBlock(slot=slot)
proposal = SignedShardBlock(message=block)
2020-04-11 01:12:40 +08:00
elif len(choices) == 1:
proposal = choices[0]
else:
proposal = get_winning_proposal(beacon_state, choices)
2020-04-16 19:43:48 +08:00
# Apply state transition
2020-04-20 16:57:29 +08:00
shard_state = get_post_shard_state(beacon_state, shard_state, proposal.message)
2020-04-11 01:12:40 +08:00
2020-04-16 19:43:48 +08:00
return proposal, shard_state
2020-04-11 01:12:40 +08:00
```
```python
def get_shard_state_transition_result(
beacon_state: BeaconState,
shard: Shard,
shard_blocks: Sequence[SignedShardBlock],
2020-04-16 19:43:48 +08:00
validate_signature: bool=True,
2020-04-11 01:12:40 +08:00
) -> Tuple[Sequence[SignedShardBlock], Sequence[ShardState], Sequence[Root]]:
proposals = []
shard_states = []
2020-04-20 16:57:29 +08:00
shard_state = beacon_state.shard_states[shard]
2020-04-11 01:12:40 +08:00
for slot in get_offset_slots(beacon_state, shard):
2020-04-16 19:43:48 +08:00
proposal, shard_state = get_proposal_at_slot(
2020-04-11 01:12:40 +08:00
beacon_state=beacon_state,
shard_state=shard_state,
slot=slot,
shard=shard,
shard_blocks=shard_blocks,
2020-04-16 19:43:48 +08:00
validate_signature=validate_signature,
2020-04-11 01:12:40 +08:00
)
shard_states.append(shard_state)
proposals.append(proposal)
2020-04-16 19:43:48 +08:00
shard_data_roots = compute_shard_body_roots(proposals)
2020-04-11 01:12:40 +08:00
return proposals, shard_states, shard_data_roots
```
2020-04-06 19:30:32 +08:00
### Make attestations
2019-11-15 21:11:42 +01:00
2020-05-14 14:55:29 -07:00
Suppose you are a committee member on shard `shard` at slot `current_slot` and you have received shard blocks `shard_blocks` since the latest successful crosslink for `shard` into the beacon chain. Let `beacon_state` be the head beacon state you are building on, and let `QUARTER_PERIOD = SECONDS_PER_SLOT // 4` . `2 * QUARTER_PERIOD` seconds into slot `current_slot` , run `get_shard_transition(beacon_state, shard, shard_blocks)` to get `shard_transition` .
2019-11-15 21:11:42 +01:00
2020-04-06 19:30:32 +08:00
```python
def get_shard_transition(beacon_state: BeaconState,
shard: Shard,
shard_blocks: Sequence[SignedShardBlock]) -> ShardTransition:
offset_slots = get_offset_slots(beacon_state, shard)
start_slot = offset_slots[0]
proposals, shard_states, shard_data_roots = get_shard_state_transition_result(beacon_state, shard, shard_blocks)
assert len(proposals) > 0
assert len(shard_data_roots) > 0
shard_block_lengths = []
proposer_signatures = []
for proposal in proposals:
shard_block_lengths.append(len(proposal.message.body))
if proposal.signature != BLSSignature():
proposer_signatures.append(proposal.signature)
proposer_signature_aggregate = bls.Aggregate(proposer_signatures)
return ShardTransition(
start_slot=start_slot,
shard_block_lengths=shard_block_lengths,
shard_data_roots=shard_data_roots,
shard_states=shard_states,
proposer_signature_aggregate=proposer_signature_aggregate,
)
```