2020-05-02 02:22:31 +08:00
|
|
|
# Ethereum 2.0 Phase 1 -- Shard Transition and Fraud Proofs
|
|
|
|
|
|
|
|
**Notice**: This document is a work-in-progress for researchers and implementers.
|
|
|
|
|
|
|
|
## Table of contents
|
|
|
|
|
2020-01-03 07:49:23 -07:00
|
|
|
<!-- START doctoc generated TOC please keep comment here to allow auto update -->
|
|
|
|
<!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
|
|
|
|
**Table of Contents** *generated with [DocToc](https://github.com/thlorenz/doctoc)*
|
|
|
|
|
2020-05-02 02:22:31 +08:00
|
|
|
- [Introduction](#introduction)
|
|
|
|
- [Helper functions](#helper-functions)
|
|
|
|
- [Misc](#misc)
|
|
|
|
- [Shard block verification functions](#shard-block-verification-functions)
|
|
|
|
- [Shard state transition](#shard-state-transition)
|
|
|
|
- [Fraud proofs](#fraud-proofs)
|
|
|
|
- [Verifying the proof](#verifying-the-proof)
|
|
|
|
- [Honest committee member behavior](#honest-committee-member-behavior)
|
|
|
|
- [Helper functions](#helper-functions-1)
|
|
|
|
- [Make attestations](#make-attestations)
|
2020-01-03 07:49:23 -07:00
|
|
|
|
|
|
|
<!-- END doctoc generated TOC please keep comment here to allow auto update -->
|
|
|
|
|
2020-05-02 02:22:31 +08:00
|
|
|
## Introduction
|
2019-11-15 21:11:42 +01:00
|
|
|
|
2020-05-02 02:22:31 +08:00
|
|
|
This document describes the shard transition function and fraud proofs as part of Phase 1 of Ethereum 2.0.
|
2019-11-15 21:11:42 +01:00
|
|
|
|
2020-05-02 02:22:31 +08:00
|
|
|
## Helper functions
|
2019-11-15 21:11:42 +01:00
|
|
|
|
2020-05-02 02:22:31 +08:00
|
|
|
### Misc
|
2019-11-15 21:11:42 +01:00
|
|
|
|
2020-05-02 02:22:31 +08:00
|
|
|
```python
|
|
|
|
def compute_shard_transition_digest(beacon_state: BeaconState,
|
|
|
|
shard_state: ShardState,
|
|
|
|
beacon_parent_root: Root,
|
|
|
|
shard_body_root: Root) -> Bytes32:
|
|
|
|
# TODO: use SSZ hash tree root
|
|
|
|
return hash(
|
|
|
|
hash_tree_root(shard_state) + beacon_parent_root + shard_body_root
|
|
|
|
)
|
|
|
|
```
|
2019-11-15 21:11:42 +01:00
|
|
|
|
2020-05-02 02:22:31 +08:00
|
|
|
### Shard block verification functions
|
2019-11-15 21:11:42 +01:00
|
|
|
|
2020-05-02 02:22:31 +08:00
|
|
|
```python
|
|
|
|
def verify_shard_block_message(beacon_state: BeaconState,
|
|
|
|
shard_state: ShardState,
|
|
|
|
block: ShardBlock,
|
|
|
|
slot: Slot,
|
|
|
|
shard: Shard) -> bool:
|
|
|
|
assert block.shard_parent_root == shard_state.latest_block_root
|
|
|
|
assert block.slot == slot
|
2020-05-28 21:32:27 +08:00
|
|
|
assert block.shard == shard
|
2020-05-02 02:22:31 +08:00
|
|
|
assert block.proposer_index == get_shard_proposer_index(beacon_state, slot, shard)
|
|
|
|
assert 0 < len(block.body) <= MAX_SHARD_BLOCK_SIZE
|
|
|
|
return True
|
|
|
|
```
|
2019-11-15 21:11:42 +01:00
|
|
|
|
2020-05-02 02:22:31 +08:00
|
|
|
```python
|
|
|
|
def verify_shard_block_signature(beacon_state: BeaconState,
|
|
|
|
signed_block: SignedShardBlock) -> bool:
|
|
|
|
proposer = beacon_state.validators[signed_block.message.proposer_index]
|
|
|
|
domain = get_domain(beacon_state, DOMAIN_SHARD_PROPOSAL, compute_epoch_at_slot(signed_block.message.slot))
|
|
|
|
signing_root = compute_signing_root(signed_block.message, domain)
|
|
|
|
return bls.Verify(proposer.pubkey, signing_root, signed_block.signature)
|
|
|
|
```
|
2019-11-15 21:11:42 +01:00
|
|
|
|
2020-05-02 02:22:31 +08:00
|
|
|
## Shard state transition
|
2019-11-15 21:11:42 +01:00
|
|
|
|
|
|
|
```python
|
2020-04-02 10:53:46 +08:00
|
|
|
def shard_state_transition(beacon_state: BeaconState,
|
2020-04-06 19:30:32 +08:00
|
|
|
shard_state: ShardState,
|
2020-04-20 16:57:29 +08:00
|
|
|
block: ShardBlock) -> None:
|
2020-06-01 14:31:45 -07:00
|
|
|
"""
|
|
|
|
Update ``shard_state`` with shard ``block`` and ``beacon_state`.
|
|
|
|
"""
|
|
|
|
shard_state.slot = block.slot
|
2020-04-16 19:43:48 +08:00
|
|
|
prev_gasprice = shard_state.gasprice
|
2020-06-01 14:31:45 -07:00
|
|
|
shard_state.gasprice = compute_updated_gasprice(prev_gasprice, len(block.body))
|
2020-06-02 08:09:43 -07:00
|
|
|
if len(block.body) == 0:
|
|
|
|
latest_block_root = shard_state.latest_block_root
|
|
|
|
else:
|
|
|
|
latest_block_root = hash_tree_root(block)
|
|
|
|
shard_state.latest_block_root = latest_block_root
|
2020-04-20 16:57:29 +08:00
|
|
|
shard_state.transition_digest = compute_shard_transition_digest(
|
2020-04-16 19:43:48 +08:00
|
|
|
beacon_state,
|
|
|
|
shard_state,
|
2020-04-20 16:57:29 +08:00
|
|
|
block.beacon_parent_root,
|
2020-05-25 18:45:38 +03:00
|
|
|
hash_tree_root(block.body),
|
2020-04-16 19:43:48 +08:00
|
|
|
)
|
|
|
|
```
|
|
|
|
|
2020-05-02 02:22:31 +08:00
|
|
|
We have a pure function `get_post_shard_state` for describing the fraud proof verification and honest validator behavior.
|
|
|
|
|
2020-04-16 19:43:48 +08:00
|
|
|
```python
|
2020-04-20 16:57:29 +08:00
|
|
|
def get_post_shard_state(beacon_state: BeaconState,
|
|
|
|
shard_state: ShardState,
|
|
|
|
block: ShardBlock) -> ShardState:
|
|
|
|
"""
|
|
|
|
A pure function that returns a new post ShardState instead of modifying the given `shard_state`.
|
|
|
|
"""
|
|
|
|
post_state = shard_state.copy()
|
|
|
|
shard_state_transition(beacon_state, post_state, block)
|
|
|
|
return post_state
|
|
|
|
```
|
|
|
|
|
2020-05-02 02:22:31 +08:00
|
|
|
## Fraud proofs
|
2019-11-15 21:11:42 +01:00
|
|
|
|
2020-04-02 11:22:21 +08:00
|
|
|
### Verifying the proof
|
|
|
|
|
2020-04-06 19:30:32 +08:00
|
|
|
TODO. The intent is to have a single universal fraud proof type, which contains the following parts:
|
|
|
|
|
|
|
|
1. An on-time attestation `attestation` on some shard `shard` signing a `transition: ShardTransition`
|
|
|
|
2. An index `offset_index` of a particular position to focus on
|
|
|
|
3. The `transition: ShardTransition` itself
|
|
|
|
4. The full body of the shard block `shard_block`
|
|
|
|
5. A Merkle proof to the `shard_states` in the parent block the attestation is referencing
|
2020-04-16 19:43:48 +08:00
|
|
|
6. The `subkey` to generate the custody bit
|
2020-04-06 19:30:32 +08:00
|
|
|
|
|
|
|
Call the following function to verify the proof:
|
|
|
|
|
2020-04-02 11:22:21 +08:00
|
|
|
```python
|
2020-04-16 19:43:48 +08:00
|
|
|
def is_valid_fraud_proof(beacon_state: BeaconState,
|
|
|
|
attestation: Attestation,
|
|
|
|
offset_index: uint64,
|
|
|
|
transition: ShardTransition,
|
2020-04-20 16:57:29 +08:00
|
|
|
block: ShardBlock,
|
2020-04-16 19:43:48 +08:00
|
|
|
subkey: BLSPubkey,
|
|
|
|
beacon_parent_block: BeaconBlock) -> bool:
|
2020-04-06 19:30:32 +08:00
|
|
|
# 1. Check if `custody_bits[offset_index][j] != generate_custody_bit(subkey, block_contents)` for any `j`.
|
2020-04-02 11:22:21 +08:00
|
|
|
custody_bits = attestation.custody_bits_blocks
|
2020-05-13 16:13:33 +03:00
|
|
|
for j in range(len(custody_bits[offset_index])):
|
2020-04-20 16:57:29 +08:00
|
|
|
if custody_bits[offset_index][j] != generate_custody_bit(subkey, block):
|
2020-04-02 11:22:21 +08:00
|
|
|
return True
|
|
|
|
|
2020-04-06 19:30:32 +08:00
|
|
|
# 2. Check if the shard state transition result is wrong between
|
|
|
|
# `transition.shard_states[offset_index - 1]` to `transition.shard_states[offset_index]`.
|
|
|
|
if offset_index == 0:
|
2020-04-28 11:28:21 +08:00
|
|
|
shard = get_shard(beacon_state, attestation)
|
2020-05-13 16:13:33 +03:00
|
|
|
shard_states = beacon_parent_block.body.shard_transitions[shard].shard_states
|
2020-05-13 16:25:16 +03:00
|
|
|
shard_state = shard_states[len(shard_states) - 1]
|
2020-04-02 11:22:21 +08:00
|
|
|
else:
|
2020-04-20 16:57:29 +08:00
|
|
|
shard_state = transition.shard_states[offset_index - 1] # Not doing the actual state updates here.
|
2020-04-06 19:30:32 +08:00
|
|
|
|
2020-04-20 16:57:29 +08:00
|
|
|
shard_state = get_post_shard_state(beacon_state, shard_state, block)
|
|
|
|
if shard_state.transition_digest != transition.shard_states[offset_index].transition_digest:
|
2020-04-02 11:22:21 +08:00
|
|
|
return True
|
|
|
|
|
|
|
|
return False
|
|
|
|
```
|
|
|
|
|
|
|
|
```python
|
|
|
|
def generate_custody_bit(subkey: BLSPubkey, block: ShardBlock) -> bool:
|
|
|
|
# TODO
|
|
|
|
...
|
|
|
|
```
|