2019-03-28 22:54:39 +00:00
# Ethereum 2.0 Phase 1 -- Custody Game
2019-05-06 10:30:32 -05:00
**Notice**: This document is a work-in-progress for researchers and implementers.
2019-03-28 22:54:39 +00:00
## Table of contents
2019-12-10 15:17:06 +01:00
<!-- START doctoc generated TOC please keep comment here to allow auto update -->
<!-- DON'T EDIT THIS SECTION, INSTEAD RE - RUN doctoc TO UPDATE -->
2019-03-28 22:54:39 +00:00
2019-12-10 15:17:06 +01:00
- [Introduction ](#introduction )
- [Constants ](#constants )
- [Misc ](#misc )
2020-01-14 01:42:19 +01:00
- [Configuration ](#configuration )
2019-12-10 15:17:06 +01:00
- [Time parameters ](#time-parameters )
- [Max operations per block ](#max-operations-per-block )
- [Reward and penalty quotients ](#reward-and-penalty-quotients )
- [Data structures ](#data-structures )
2020-01-03 07:49:23 -07:00
- [New Beacon Chain operations ](#new-beacon-chain-operations )
2020-05-19 07:33:07 -06:00
- [`CustodyChunkChallenge` ](#custodychunkchallenge )
- [`CustodyChunkChallengeRecord` ](#custodychunkchallengerecord )
- [`CustodyChunkResponse` ](#custodychunkresponse )
2020-01-03 07:49:23 -07:00
- [`CustodySlashing` ](#custodyslashing )
- [`SignedCustodySlashing` ](#signedcustodyslashing )
2019-12-10 15:17:06 +01:00
- [`CustodyKeyReveal` ](#custodykeyreveal )
- [`EarlyDerivedSecretReveal` ](#earlyderivedsecretreveal )
- [Helpers ](#helpers )
2020-04-30 19:25:18 +01:00
- [`replace_empty_or_append` ](#replace_empty_or_append )
2019-12-10 15:17:06 +01:00
- [`legendre_bit` ](#legendre_bit )
2020-04-05 15:10:09 +01:00
- [`get_custody_atoms` ](#get_custody_atoms )
2020-04-05 15:47:59 +01:00
- [`get_custody_secrets` ](#get_custody_secrets )
2020-06-12 12:07:31 +01:00
- [`universal_hash_function` ](#universal_hash_function )
2020-01-03 07:49:23 -07:00
- [`compute_custody_bit` ](#compute_custody_bit )
2019-12-10 15:17:06 +01:00
- [`get_randao_epoch_for_custody_period` ](#get_randao_epoch_for_custody_period )
- [`get_custody_period_for_validator` ](#get_custody_period_for_validator )
- [Per-block processing ](#per-block-processing )
2020-01-03 07:49:23 -07:00
- [Custody Game Operations ](#custody-game-operations )
2020-04-30 19:25:18 +01:00
- [Chunk challenges ](#chunk-challenges )
- [Custody chunk response ](#custody-chunk-response )
2019-12-10 15:17:06 +01:00
- [Custody key reveals ](#custody-key-reveals )
- [Early derived secret reveals ](#early-derived-secret-reveals )
2020-01-03 07:49:23 -07:00
- [Custody Slashings ](#custody-slashings )
2019-12-10 15:17:06 +01:00
- [Per-epoch processing ](#per-epoch-processing )
2020-01-03 07:49:23 -07:00
- [Handling of reveal deadlines ](#handling-of-reveal-deadlines )
- [Final updates ](#final-updates )
2019-12-10 15:17:06 +01:00
<!-- END doctoc generated TOC please keep comment here to allow auto update -->
2019-03-28 22:54:39 +00:00
## Introduction
2020-01-10 11:42:55 -07:00
This document details the beacon chain additions and changes in Phase 1 of Ethereum 2.0 to support the shard data custody game, building upon the [Phase 0 ](../phase0/beacon-chain.md ) specification.
2019-03-28 22:54:39 +00:00
## Constants
### Misc
2020-01-13 19:47:33 +01:00
2019-11-20 04:15:15 +01:00
| Name | Value | Unit |
2020-03-03 01:28:58 +01:00
| - | - | - |
2020-04-05 14:39:00 +01:00
| `CUSTODY_PRIME` | `2 ** 256 - 189` | - |
| `CUSTODY_SECRETS` | `3` | - |
| `BYTES_PER_CUSTODY_ATOM` | `32` | bytes |
2020-06-12 17:16:08 +01:00
| `CUSTODY_PROBABILITY_EXPONENT` | `10` | - |
2019-03-28 22:54:39 +00:00
2020-01-13 19:47:33 +01:00
## Configuration
2019-03-28 22:54:39 +00:00
### Time parameters
| Name | Value | Unit | Duration |
| - | - | :-: | :-: |
2019-05-03 11:30:55 +02:00
| `RANDAO_PENALTY_EPOCHS` | `2**1` (= 2) | epochs | 12.8 minutes |
2020-06-13 15:15:37 +01:00
| `EARLY_DERIVED_SECRET_PENALTY_MAX_FUTURE_EPOCHS` | `2**15` (= 32,768) | epochs | ~146 days |
| `EPOCHS_PER_CUSTODY_PERIOD` | `2**14` (= 16,384) | epochs | ~73 days |
2019-05-03 11:30:55 +02:00
| `CUSTODY_PERIOD_TO_RANDAO_PADDING` | `2**11` (= 2,048) | epochs | ~9 days |
2020-06-13 15:15:37 +01:00
| `MAX_CHUNK_CHALLENGE_DELAY` | `2**15` (= 32,768) | epochs | ~146 days |
2020-06-16 07:15:00 -06:00
| `CHUNK_RESPONSE_DEADLINE` | `2**14` (= 16,384) | epochs | ~73 days |
2019-03-28 22:54:39 +00:00
2019-03-31 22:54:46 +08:00
### Max operations per block
2019-03-28 22:54:39 +00:00
| Name | Value |
| - | - |
2020-06-16 17:23:09 +01:00
| `MAX_CUSTODY_CHUNK_CHALLENGE_RECORDS` | `2**20` (= 1,048,576) |
2020-01-13 19:00:24 +01:00
| `MAX_CUSTODY_KEY_REVEALS` | `2**8` (= 256) |
2020-06-15 15:13:45 +08:00
| `MAX_EARLY_DERIVED_SECRET_REVEALS` | `2**0` (= 1) |
2020-04-24 17:06:27 +01:00
| `MAX_CUSTODY_CHUNK_CHALLENGES` | `2**2` (= 4) |
2020-05-19 07:50:05 -06:00
| `MAX_CUSTODY_CHUNK_CHALLENGE_RESPONSES` | `2**4` (= 16) |
2020-06-15 15:13:45 +08:00
| `MAX_CUSTODY_SLASHINGS` | `2**0` (= 1) |
2019-03-28 22:54:39 +00:00
2019-05-03 11:30:55 +02:00
### Reward and penalty quotients
2019-05-12 13:46:17 -07:00
| Name | Value |
| - | - |
2019-05-03 11:30:55 +02:00
| `EARLY_DERIVED_SECRET_REVEAL_SLOT_REWARD_MULTIPLE` | `2**1` (= 2) |
2020-01-13 19:47:33 +01:00
| `MINOR_REWARD_QUOTIENT` | `2**8` (= 256) |
2019-05-03 11:30:55 +02:00
2019-03-28 22:54:39 +00:00
## Data structures
2019-11-20 04:15:15 +01:00
### New Beacon Chain operations
2019-03-28 22:54:39 +00:00
2020-05-19 07:33:07 -06:00
#### `CustodyChunkChallenge`
```python
class CustodyChunkChallenge(Container):
responder_index: ValidatorIndex
shard_transition: ShardTransition
attestation: Attestation
data_index: uint64
chunk_index: uint64
```
#### `CustodyChunkChallengeRecord`
```python
class CustodyChunkChallengeRecord(Container):
challenge_index: uint64
challenger_index: ValidatorIndex
responder_index: ValidatorIndex
inclusion_epoch: Epoch
data_root: Root
chunk_index: uint64
```
#### `CustodyChunkResponse`
```python
class CustodyChunkResponse(Container):
challenge_index: uint64
chunk_index: uint64
chunk: ByteVector[BYTES_PER_CUSTODY_CHUNK]
branch: Vector[Root, CUSTODY_RESPONSE_DEPTH]
```
2019-11-20 04:15:15 +01:00
#### `CustodySlashing`
2019-03-28 22:54:39 +00:00
```python
2019-11-20 04:15:15 +01:00
class CustodySlashing(Container):
# (Attestation.data.shard_transition_root as ShardTransition).shard_data_roots[data_index] is the root of the data.
data_index: uint64
malefactor_index: ValidatorIndex
2020-01-03 07:29:23 -07:00
malefactor_secret: BLSSignature
2019-11-20 04:15:15 +01:00
whistleblower_index: ValidatorIndex
shard_transition: ShardTransition
2019-06-05 15:29:26 +02:00
attestation: Attestation
2020-01-08 18:19:18 +08:00
data: ByteList[MAX_SHARD_BLOCK_SIZE]
2019-12-05 13:49:52 -07:00
```
#### `SignedCustodySlashing`
```python
class SignedCustodySlashing(Container):
message: CustodySlashing
2019-06-15 18:25:37 -04:00
signature: BLSSignature
2019-03-28 22:54:39 +00:00
```
#### `CustodyKeyReveal`
```python
2019-06-05 15:29:26 +02:00
class CustodyKeyReveal(Container):
2019-05-03 11:30:55 +02:00
# Index of the validator whose key is being revealed
2019-06-12 20:08:19 -04:00
revealer_index: ValidatorIndex
2019-05-03 11:30:55 +02:00
# Reveal (masked signature)
2019-06-15 18:25:37 -04:00
reveal: BLSSignature
2019-05-03 11:30:55 +02:00
```
#### `EarlyDerivedSecretReveal`
Represents an early (punishable) reveal of one of the derived secrets, where derived secrets are RANDAO reveals and custody reveals (both are part of the same domain).
```python
2019-06-05 15:29:26 +02:00
class EarlyDerivedSecretReveal(Container):
2019-05-03 11:30:55 +02:00
# Index of the validator whose key is being revealed
2019-06-15 18:25:37 -04:00
revealed_index: ValidatorIndex
2019-05-03 11:30:55 +02:00
# RANDAO epoch of the key that is being revealed
2019-06-12 20:08:19 -04:00
epoch: Epoch
2019-05-03 11:30:55 +02:00
# Reveal (masked signature)
2019-06-15 18:25:37 -04:00
reveal: BLSSignature
2019-05-03 11:30:55 +02:00
# Index of the validator who revealed (whistleblower)
2019-06-15 18:25:37 -04:00
masker_index: ValidatorIndex
2019-05-03 11:30:55 +02:00
# Mask used to hide the actual reveal signature (prevent reveal from being stolen)
2019-11-12 21:29:58 +01:00
mask: Bytes32
2019-03-28 22:54:39 +00:00
```
## Helpers
2020-04-24 17:06:27 +01:00
### `replace_empty_or_append`
2019-05-03 11:30:55 +02:00
```python
2020-06-12 11:53:00 +01:00
def replace_empty_or_append(l: List, new_element: Any) -> int:
for i in range(len(l)):
if l[i] == type(new_element)():
l[i] = new_element
2020-04-24 17:06:27 +01:00
return i
2020-06-12 11:53:00 +01:00
l.append(new_element)
return len(l) - 1
2019-03-28 22:54:39 +00:00
```
2019-08-11 10:05:17 -07:00
### `legendre_bit`
Returns the Legendre symbol `(a/q)` normalizes as a bit (i.e. `((a/q) + 1) // 2` ). In a production implementation, a well-optimized library (e.g. GMP) should be used for this.
2019-06-27 12:41:22 +01:00
```python
2019-08-11 10:05:17 -07:00
def legendre_bit(a: int, q: int) -> int:
if a >= q:
return legendre_bit(a % q, q)
if a == 0:
2019-09-23 19:07:10 +01:00
return 0
2019-08-11 10:05:17 -07:00
assert(q > a > 0 and q % 2 == 1)
t = 1
n = q
while a != 0:
while a % 2 == 0:
a //= 2
r = n % 8
if r == 3 or r == 5:
t = -t
a, n = n, a
if a % 4 == n % 4 == 3:
t = -t
a %= n
if n == 1:
return (t + 1) // 2
else:
return 0
```
2020-04-05 14:39:00 +01:00
### `get_custody_atoms`
2019-08-11 10:05:17 -07:00
2019-11-20 04:15:15 +01:00
Given one set of data, return the custody atoms: each atom will be combined with one legendre bit.
2019-08-11 10:05:17 -07:00
```python
2019-11-20 04:15:15 +01:00
def get_custody_atoms(bytez: bytes) -> Sequence[bytes]:
bytez += b'\x00' * (-len(bytez) % BYTES_PER_CUSTODY_ATOM) # right-padding
return [bytez[i:i + BYTES_PER_CUSTODY_ATOM]
for i in range(0, len(bytez), BYTES_PER_CUSTODY_ATOM)]
2019-06-27 12:41:22 +01:00
```
2020-04-05 14:39:00 +01:00
### `get_custody_secrets`
Extract the custody secrets from the signature
2019-03-28 22:54:39 +00:00
```python
2020-04-05 15:35:11 +01:00
def get_custody_secrets(key: BLSSignature) -> Sequence[int]:
2019-12-20 08:41:46 +02:00
full_G2_element = bls.signature_to_G2(key)
2020-04-05 14:39:00 +01:00
signature = full_G2_element[0].coeffs
2020-04-05 15:35:11 +01:00
signature_bytes = b"".join(x.to_bytes(48, "little") for x in signature)
2020-06-12 11:17:44 +01:00
secrets = [int.from_bytes(signature_bytes[i:i + BYTES_PER_CUSTODY_ATOM], "little")
2020-04-05 15:35:11 +01:00
for i in range(0, len(signature_bytes), 32)]
2020-04-05 14:39:00 +01:00
return secrets
```
2020-06-12 12:04:30 +01:00
### `universal_hash_function`
2019-03-28 22:54:39 +00:00
```python
2020-06-12 12:04:30 +01:00
def universal_hash_function(data_chunks: Sequence[bytes], secrets: Sequence[int]) -> int:
n = len(data_chunks)
return (
2020-06-12 11:16:19 +01:00
sum(
secrets[i % CUSTODY_SECRETS]**i * int.from_bytes(atom, "little") % CUSTODY_PRIME
2020-06-12 12:04:30 +01:00
for i, atom in enumerate(data_chunks)
2020-06-12 11:16:19 +01:00
) + secrets[n % CUSTODY_SECRETS]**n
) % CUSTODY_PRIME
2020-06-12 12:04:30 +01:00
```
### `compute_custody_bit`
```python
def compute_custody_bit(key: BLSSignature, data: ByteList[MAX_SHARD_BLOCK_SIZE]) -> bit:
2020-03-13 17:15:25 +00:00
custody_atoms = get_custody_atoms(data)
2020-06-12 12:04:30 +01:00
secrets = get_custody_secrets(key)
uhf = universal_hash_function(custody_atoms, secrets)
2020-06-12 23:44:36 +01:00
legendre_bits = [legendre_bit(uhf + secrets[0] + i, CUSTODY_PRIME) for i in range(CUSTODY_PROBABILITY_EXPONENT)]
2020-06-12 17:16:08 +01:00
return all(legendre_bits)
2019-03-28 22:54:39 +00:00
```
2019-05-03 11:30:55 +02:00
### `get_randao_epoch_for_custody_period`
2019-03-28 22:54:39 +00:00
```python
2019-06-30 13:00:22 -05:00
def get_randao_epoch_for_custody_period(period: uint64, validator_index: ValidatorIndex) -> Epoch:
2019-05-03 11:30:55 +02:00
next_period_start = (period + 1) * EPOCHS_PER_CUSTODY_PERIOD - validator_index % EPOCHS_PER_CUSTODY_PERIOD
2019-06-12 20:08:19 -04:00
return Epoch(next_period_start + CUSTODY_PERIOD_TO_RANDAO_PADDING)
2019-05-03 11:30:55 +02:00
```
2019-08-11 10:05:17 -07:00
### `get_custody_period_for_validator`
2019-05-03 11:30:55 +02:00
2019-05-07 12:13:22 +01:00
```python
2019-11-18 15:07:50 -07:00
def get_custody_period_for_validator(validator_index: ValidatorIndex, epoch: Epoch) -> int:
2019-05-03 11:30:55 +02:00
'''
2019-06-28 10:19:59 -05:00
Return the reveal period for a given validator.
2019-05-03 11:30:55 +02:00
'''
return (epoch + validator_index % EPOCHS_PER_CUSTODY_PERIOD) // EPOCHS_PER_CUSTODY_PERIOD
2019-03-28 22:54:39 +00:00
```
2019-03-31 21:20:43 -05:00
2019-03-28 22:54:39 +00:00
## Per-block processing
2019-11-15 23:42:28 +01:00
### Custody Game Operations
2019-03-28 22:54:39 +00:00
2019-11-15 23:42:28 +01:00
```python
def process_custody_game_operations(state: BeaconState, body: BeaconBlockBody) -> None:
2019-11-20 04:43:32 +01:00
def for_ops(operations: Sequence[Any], fn: Callable[[BeaconState, Any], None]) -> None:
2019-11-15 23:42:28 +01:00
for operation in operations:
fn(state, operation)
2020-05-19 07:50:05 -06:00
for_ops(body.chunk_challenges, process_chunk_challenge)
2020-06-18 03:39:51 +03:00
for_ops(body.chunk_challenge_responses, process_chunk_challenge_response)
2019-11-16 11:13:47 +01:00
for_ops(body.custody_key_reveals, process_custody_key_reveal)
for_ops(body.early_derived_secret_reveals, process_early_derived_secret_reveal)
2019-11-20 04:15:15 +01:00
for_ops(body.custody_slashings, process_custody_slashing)
2019-11-15 23:42:28 +01:00
```
2019-03-28 22:54:39 +00:00
2020-04-24 17:06:27 +01:00
#### Chunk challenges
```python
def process_chunk_challenge(state: BeaconState, challenge: CustodyChunkChallenge) -> None:
# Verify the attestation
assert is_valid_indexed_attestation(state, get_indexed_attestation(state, challenge.attestation))
2020-05-19 08:31:16 -06:00
# Verify it is not too late to challenge the attestation
max_attestation_challenge_epoch = challenge.attestation.data.target.epoch + MAX_CHUNK_CHALLENGE_DELAY
assert get_current_epoch(state) < = max_attestation_challenge_epoch
# Verify it is not too late to challenge the responder
2020-04-24 17:06:27 +01:00
responder = state.validators[challenge.responder_index]
2020-05-19 08:31:16 -06:00
if responder.exit_epoch < FAR_FUTURE_EPOCH:
assert get_current_epoch(state) < = responder.exit_epoch + MAX_CHUNK_CHALLENGE_DELAY
2020-04-24 17:06:27 +01:00
# Verify responder is slashable
assert is_slashable_validator(responder, get_current_epoch(state))
# Verify the responder participated in the attestation
attesters = get_attesting_indices(state, challenge.attestation.data, challenge.attestation.aggregation_bits)
assert challenge.responder_index in attesters
# Verify shard transition is correctly given
assert hash_tree_root(challenge.shard_transition) == challenge.attestation.data.shard_transition_root
data_root = challenge.shard_transition.shard_data_roots[challenge.data_index]
# Verify the challenge is not a duplicate
for record in state.custody_chunk_challenge_records:
assert (
2020-05-01 00:16:00 +01:00
record.data_root != data_root or
2020-04-24 17:06:27 +01:00
record.chunk_index != challenge.chunk_index
)
# Verify depth
2020-05-19 08:31:16 -06:00
shard_block_length = challenge.shard_transition.shard_block_lengths[challenge.data_index]
transition_chunks = (shard_block_length + BYTES_PER_CUSTODY_CHUNK - 1) // BYTES_PER_CUSTODY_CHUNK
2020-04-24 17:06:27 +01:00
assert challenge.chunk_index < transition_chunks
# Add new chunk challenge record
new_record = CustodyChunkChallengeRecord(
challenge_index=state.custody_chunk_challenge_index,
challenger_index=get_beacon_proposer_index(state),
responder_index=challenge.responder_index,
inclusion_epoch=get_current_epoch(state),
data_root=challenge.shard_transition.shard_data_roots[challenge.data_index],
chunk_index=challenge.chunk_index,
)
replace_empty_or_append(state.custody_chunk_challenge_records, new_record)
state.custody_chunk_challenge_index += 1
# Postpone responder withdrawability
responder.withdrawable_epoch = FAR_FUTURE_EPOCH
```
#### Custody chunk response
```python
def process_chunk_challenge_response(state: BeaconState,
response: CustodyChunkResponse) -> None:
2020-05-19 08:31:16 -06:00
# Get matching challenge (if any) from records
matching_challenges = [
record for record in state.custody_chunk_challenge_records
if record.challenge_index == response.challenge_index
]
2020-06-16 15:05:12 +01:00
assert len(matching_challenges) == 1
2020-05-19 08:31:16 -06:00
challenge = matching_challenges[0]
2020-04-24 17:06:27 +01:00
# Verify chunk index
assert response.chunk_index == challenge.chunk_index
# Verify the chunk matches the crosslink data root
assert is_valid_merkle_branch(
leaf=hash_tree_root(response.chunk),
branch=response.branch,
2020-04-27 16:08:49 +01:00
depth=CUSTODY_RESPONSE_DEPTH,
2020-04-24 17:06:27 +01:00
index=response.chunk_index,
root=challenge.data_root,
)
# Clear the challenge
2020-06-12 11:18:07 +01:00
index_in_records = state.custody_chunk_challenge_records.index(challenge)
state.custody_chunk_challenge_records[index_in_records] = CustodyChunkChallengeRecord()
2020-04-24 17:06:27 +01:00
# Reward the proposer
proposer_index = get_beacon_proposer_index(state)
2020-05-01 00:32:02 +01:00
increase_balance(state, proposer_index, Gwei(get_base_reward(state, proposer_index) // MINOR_REWARD_QUOTIENT))
2020-04-24 17:06:27 +01:00
```
2019-05-03 11:30:55 +02:00
#### Custody key reveals
2019-03-28 22:54:39 +00:00
```python
2019-06-28 10:19:59 -05:00
def process_custody_key_reveal(state: BeaconState, reveal: CustodyKeyReveal) -> None:
2019-05-03 11:30:55 +02:00
"""
Process ``CustodyKeyReveal` ` operation.
Note that this function mutates ``state` `.
"""
2019-06-09 20:41:21 +01:00
revealer = state.validators[reveal.revealer_index]
2019-08-11 10:05:17 -07:00
epoch_to_sign = get_randao_epoch_for_custody_period(revealer.next_custody_secret_to_reveal, reveal.revealer_index)
2019-05-03 11:30:55 +02:00
2019-11-18 15:07:50 -07:00
custody_reveal_period = get_custody_period_for_validator(reveal.revealer_index, get_current_epoch(state))
2020-05-19 08:31:16 -06:00
# Only past custody periods can be revealed, except after exiting the exit period can be revealed
is_past_reveal = revealer.next_custody_secret_to_reveal < custody_reveal_period
is_exited = revealer.exit_epoch < = get_current_epoch(state)
is_exit_period_reveal = (
revealer.next_custody_secret_to_reveal
== get_custody_period_for_validator(reveal.revealer_index, revealer.exit_epoch - 1)
)
assert is_past_reveal or (is_exited and is_exit_period_reveal)
2019-05-03 11:30:55 +02:00
# Revealed validator is active or exited, but not withdrawn
assert is_slashable_validator(revealer, get_current_epoch(state))
# Verify signature
2019-12-17 15:33:37 +02:00
domain = get_domain(state, DOMAIN_RANDAO, epoch_to_sign)
2020-01-03 08:18:34 +01:00
signing_root = compute_signing_root(epoch_to_sign, domain)
assert bls.Verify(revealer.pubkey, signing_root, reveal.reveal)
2019-05-03 11:30:55 +02:00
# Process reveal
2020-05-19 08:31:16 -06:00
if is_exited and is_exit_period_reveal:
2020-04-28 01:09:20 +01:00
revealer.all_custody_secrets_revealed_epoch = get_current_epoch(state)
2019-08-11 10:05:17 -07:00
revealer.next_custody_secret_to_reveal += 1
2019-05-03 11:30:55 +02:00
2019-11-20 04:15:15 +01:00
# Reward Block Proposer
2019-06-30 12:42:24 -05:00
proposer_index = get_beacon_proposer_index(state)
2019-06-12 20:08:19 -04:00
increase_balance(
state,
proposer_index,
Gwei(get_base_reward(state, reveal.revealer_index) // MINOR_REWARD_QUOTIENT)
)
2019-05-03 11:30:55 +02:00
```
2019-05-24 01:34:39 +08:00
#### Early derived secret reveals
2019-05-03 11:30:55 +02:00
```python
2019-06-28 10:19:59 -05:00
def process_early_derived_secret_reveal(state: BeaconState, reveal: EarlyDerivedSecretReveal) -> None:
2019-05-03 11:30:55 +02:00
"""
Process ``EarlyDerivedSecretReveal` ` operation.
Note that this function mutates ``state` `.
"""
2019-06-09 20:41:21 +01:00
revealed_validator = state.validators[reveal.revealed_index]
2019-05-20 09:47:44 +02:00
derived_secret_location = reveal.epoch % EARLY_DERIVED_SECRET_PENALTY_MAX_FUTURE_EPOCHS
2019-05-03 11:30:55 +02:00
assert reveal.epoch >= get_current_epoch(state) + RANDAO_PENALTY_EPOCHS
assert reveal.epoch < get_current_epoch ( state ) + EARLY_DERIVED_SECRET_PENALTY_MAX_FUTURE_EPOCHS
2019-06-20 23:02:22 +02:00
assert not revealed_validator.slashed
2019-05-20 09:47:44 +02:00
assert reveal.revealed_index not in state.exposed_derived_secrets[derived_secret_location]
2019-05-03 11:30:55 +02:00
# Verify signature correctness
2019-06-09 20:41:21 +01:00
masker = state.validators[reveal.masker_index]
2019-05-03 11:30:55 +02:00
pubkeys = [revealed_validator.pubkey, masker.pubkey]
2019-12-17 15:33:37 +02:00
domain = get_domain(state, DOMAIN_RANDAO, reveal.epoch)
2020-01-07 13:07:09 +01:00
signing_roots = [compute_signing_root(root, domain) for root in [hash_tree_root(reveal.epoch), reveal.mask]]
2020-05-09 11:48:48 +08:00
assert bls.AggregateVerify(pubkeys, signing_roots, reveal.reveal)
2019-03-28 22:54:39 +00:00
2019-05-03 11:30:55 +02:00
if reveal.epoch >= get_current_epoch(state) + CUSTODY_PERIOD_TO_RANDAO_PADDING:
# Full slashing when the secret was revealed so early it may be a valid custody
# round key
slash_validator(state, reveal.revealed_index, reveal.masker_index)
2019-03-28 22:54:39 +00:00
else:
2019-05-05 12:10:39 +01:00
# Only a small penalty proportional to proposer slot reward for RANDAO reveal
2019-05-03 11:30:55 +02:00
# that does not interfere with the custody period
2019-05-05 12:10:39 +01:00
# The penalty is proportional to the max proposer reward
2019-05-03 11:30:55 +02:00
# Calculate penalty
max_proposer_slot_reward = (
2019-05-20 09:47:44 +02:00
get_base_reward(state, reveal.revealed_index)
* SLOTS_PER_EPOCH
// len(get_active_validator_indices(state, get_current_epoch(state)))
// PROPOSER_REWARD_QUOTIENT
)
2019-06-12 20:08:19 -04:00
penalty = Gwei(
2019-05-20 09:47:44 +02:00
max_proposer_slot_reward
* EARLY_DERIVED_SECRET_REVEAL_SLOT_REWARD_MULTIPLE
* (len(state.exposed_derived_secrets[derived_secret_location]) + 1)
2019-05-03 11:30:55 +02:00
)
# Apply penalty
2019-06-30 12:42:24 -05:00
proposer_index = get_beacon_proposer_index(state)
2019-05-03 11:30:55 +02:00
whistleblower_index = reveal.masker_index
2019-06-28 21:35:26 +08:00
whistleblowing_reward = Gwei(penalty // WHISTLEBLOWER_REWARD_QUOTIENT)
2019-06-12 20:08:19 -04:00
proposer_reward = Gwei(whistleblowing_reward // PROPOSER_REWARD_QUOTIENT)
2019-05-03 11:30:55 +02:00
increase_balance(state, proposer_index, proposer_reward)
increase_balance(state, whistleblower_index, whistleblowing_reward - proposer_reward)
decrease_balance(state, reveal.revealed_index, penalty)
2019-05-05 12:10:39 +01:00
# Mark this derived secret as exposed so validator cannot be punished repeatedly
2019-05-20 09:47:44 +02:00
state.exposed_derived_secrets[derived_secret_location].append(reveal.revealed_index)
2019-03-28 22:54:39 +00:00
```
2019-11-20 04:15:15 +01:00
#### Custody Slashings
2019-03-28 22:54:39 +00:00
```python
2019-12-05 13:49:52 -07:00
def process_custody_slashing(state: BeaconState, signed_custody_slashing: SignedCustodySlashing) -> None:
custody_slashing = signed_custody_slashing.message
2019-11-20 04:15:15 +01:00
attestation = custody_slashing.attestation
# Any signed custody-slashing should result in at least one slashing.
# If the custody bits are valid, then the claim itself is slashed.
malefactor = state.validators[custody_slashing.malefactor_index]
whistleblower = state.validators[custody_slashing.whistleblower_index]
domain = get_domain(state, DOMAIN_CUSTODY_BIT_SLASHING, get_current_epoch(state))
2020-01-13 18:55:21 +01:00
signing_root = compute_signing_root(custody_slashing, domain)
assert bls.Verify(whistleblower.pubkey, signing_root, signed_custody_slashing.signature)
2019-11-20 04:15:15 +01:00
# Verify that the whistleblower is slashable
assert is_slashable_validator(whistleblower, get_current_epoch(state))
# Verify that the claimed malefactor is slashable
assert is_slashable_validator(malefactor, get_current_epoch(state))
2019-03-28 22:54:39 +00:00
# Verify the attestation
2019-11-20 04:15:15 +01:00
assert is_valid_indexed_attestation(state, get_indexed_attestation(state, attestation))
2019-03-31 21:20:43 -05:00
2019-11-20 04:15:15 +01:00
# TODO: can do a single combined merkle proof of data being attested.
# Verify the shard transition is indeed attested by the attestation
shard_transition = custody_slashing.shard_transition
2020-04-27 16:08:49 +01:00
assert hash_tree_root(shard_transition) == attestation.data.shard_transition_root
2019-11-20 04:15:15 +01:00
# Verify that the provided data matches the shard-transition
2020-06-12 11:28:30 +01:00
assert (
custody_slashing.data.get_backing().get_left().merkle_root()
2020-05-01 00:16:00 +01:00
== shard_transition.shard_data_roots[custody_slashing.data_index]
2020-06-12 11:28:30 +01:00
)
2020-04-27 16:08:49 +01:00
assert len(custody_slashing.data) == shard_transition.shard_block_lengths[custody_slashing.data_index]
2019-03-28 22:54:39 +00:00
2019-11-20 04:43:32 +01:00
# Verify existence and participation of claimed malefactor
2019-06-28 12:23:22 +01:00
attesters = get_attesting_indices(state, attestation.data, attestation.aggregation_bits)
2019-11-20 04:15:15 +01:00
assert custody_slashing.malefactor_index in attesters
2019-11-20 04:48:00 +01:00
# Verify the malefactor custody key
epoch_to_sign = get_randao_epoch_for_custody_period(
2019-11-20 05:11:19 +01:00
get_custody_period_for_validator(custody_slashing.malefactor_index, attestation.data.target.epoch),
2019-11-20 04:48:00 +01:00
custody_slashing.malefactor_index,
)
domain = get_domain(state, DOMAIN_RANDAO, epoch_to_sign)
2020-01-09 14:56:06 +01:00
signing_root = compute_signing_root(epoch_to_sign, domain)
assert bls.Verify(malefactor.pubkey, signing_root, custody_slashing.malefactor_secret)
2019-11-20 04:48:00 +01:00
2019-11-20 04:15:15 +01:00
# Compute the custody bit
2020-01-03 07:29:23 -07:00
computed_custody_bit = compute_custody_bit(custody_slashing.malefactor_secret, custody_slashing.data)
2020-06-12 17:16:08 +01:00
2019-11-20 04:15:15 +01:00
# Verify the claim
2020-06-12 17:16:08 +01:00
if computed_custody_bit == 1:
2019-11-20 04:15:15 +01:00
# Slash the malefactor, reward the other committee members
slash_validator(state, custody_slashing.malefactor_index)
2020-06-12 17:16:08 +01:00
committee = get_beacon_committee(state, attestation.data.slot, attestation.data.index)
2019-11-20 05:11:19 +01:00
others_count = len(committee) - 1
whistleblower_reward = Gwei(malefactor.effective_balance // WHISTLEBLOWER_REWARD_QUOTIENT // others_count)
2019-11-20 04:15:15 +01:00
for attester_index in attesters:
if attester_index != custody_slashing.malefactor_index:
increase_balance(state, attester_index, whistleblower_reward)
# No special whisteblower reward: it is expected to be an attester. Others are free to slash too however.
else:
# The claim was false, the custody bit was correct. Slash the whistleblower that induced this work.
slash_validator(state, custody_slashing.whistleblower_index)
2019-03-28 22:54:39 +00:00
```
## Per-epoch processing
2019-11-20 04:15:15 +01:00
### Handling of reveal deadlines
2019-05-03 11:30:55 +02:00
2019-05-07 12:13:22 +01:00
```python
2019-05-03 11:30:55 +02:00
def process_reveal_deadlines(state: BeaconState) -> None:
2019-11-20 05:11:19 +01:00
epoch = get_current_epoch(state)
2019-06-09 20:41:21 +01:00
for index, validator in enumerate(state.validators):
2020-06-13 15:15:37 +01:00
deadline = validator.next_custody_secret_to_reveal + 1
2020-05-19 08:31:16 -06:00
if get_custody_period_for_validator(ValidatorIndex(index), epoch) > deadline:
2020-04-24 17:06:27 +01:00
slash_validator(state, ValidatorIndex(index))
2019-05-03 11:30:55 +02:00
```
2020-04-24 17:06:27 +01:00
```python
def process_challenge_deadlines(state: BeaconState) -> None:
for custody_chunk_challenge in state.custody_chunk_challenge_records:
2020-06-13 15:15:37 +01:00
if get_current_epoch(state) > custody_chunk_challenge.inclusion_epoch + EPOCHS_PER_CUSTODY_PERIOD:
2020-04-24 17:06:27 +01:00
slash_validator(state, custody_chunk_challenge.responder_index, custody_chunk_challenge.challenger_index)
2020-06-12 12:04:30 +01:00
index_in_records = state.custody_chunk_challenge_records.index(custody_chunk_challenge)
2020-06-12 11:28:49 +01:00
state.custody_chunk_challenge_records[index_in_records] = CustodyChunkChallengeRecord()
2019-05-03 11:30:55 +02:00
```
2019-11-20 04:15:15 +01:00
### Final updates
2019-05-03 11:30:55 +02:00
```python
2019-11-15 21:11:42 +01:00
def process_custody_final_updates(state: BeaconState) -> None:
2019-05-03 11:30:55 +02:00
# Clean up exposed RANDAO key reveals
2019-11-20 04:15:15 +01:00
state.exposed_derived_secrets[get_current_epoch(state) % EARLY_DERIVED_SECRET_PENALTY_MAX_FUTURE_EPOCHS] = []
2020-04-28 01:09:20 +01:00
# Reset withdrawable epochs if challenge records are empty
records = state.custody_chunk_challenge_records
2020-05-19 08:31:16 -06:00
validator_indices_in_records = set([record.responder_index for record in records])
2020-04-28 01:09:20 +01:00
for index, validator in enumerate(state.validators):
if validator.exit_epoch != FAR_FUTURE_EPOCH:
2020-06-16 15:16:20 +01:00
not_all_secrets_are_revealed = validator.all_custody_secrets_revealed_epoch == FAR_FUTURE_EPOCH
if index in validator_indices_in_records or not_all_secrets_are_revealed:
2020-04-28 01:09:20 +01:00
# Delay withdrawable epochs if challenge records are not empty or not all
# custody secrets revealed
validator.withdrawable_epoch = FAR_FUTURE_EPOCH
else:
2020-06-16 15:16:20 +01:00
# Reset withdrawable epochs if challenge records are empty and all secrets are revealed
2020-04-28 01:09:20 +01:00
if validator.withdrawable_epoch == FAR_FUTURE_EPOCH:
validator.withdrawable_epoch = Epoch(validator.all_custody_secrets_revealed_epoch
+ MIN_VALIDATOR_WITHDRAWABILITY_DELAY)
2019-05-03 11:30:55 +02:00
```