Merge branch 'master' into vitalik91

specs/bls_signature.md

@@ -71,8 +71,8 @@ q = 4002409555221667393417789825735904156556882819939007885332058136124031650490
 
 def hash_to_G2(message: bytes32, domain: uint64) -> [uint384]:
     # Initial candidate x coordinate
-    x_re = int.from_bytes(hash(bytes8(domain) + b'\x01' + message), 'big')
+    x_re = int.from_bytes(hash(message + bytes8(domain) + b'\x01'), 'big')
-    x_im = int.from_bytes(hash(bytes8(domain) + b'\x02' + message), 'big')
+    x_im = int.from_bytes(hash(message + bytes8(domain) + b'\x02'), 'big')
     x_coordinate = Fq2([x_re, x_im])  # x = x_re + i * x_im
     
     # Test candidate y coordinates until a one is found

specs/core/0_beacon-chain.md

@@ -358,11 +358,11 @@ Unless otherwise indicated, code appearing in `this style` is to be interpreted
 
 ```python
 {
-    # Receipt Merkle branch
+    # Branch in the deposit tree
-    'merkle_branch': '[hash32]',
+    'branch': '[hash32]',
-    # Merkle tree index
+    # Index in the deposit tree
-    'merkle_tree_index': 'uint64',
+    'index': 'uint64',
-    # Deposit data
+    # Data
     'deposit_data': DepositData,
 }
 ```
@@ -371,12 +371,12 @@ Unless otherwise indicated, code appearing in `this style` is to be interpreted
 
 ```python
 {
-    # Deposit input
-    'deposit_input': DepositInput,
     # Amount in Gwei
     'amount': 'uint64',
     # Timestamp from deposit contract
     'timestamp': 'uint64',
+    # Deposit input
+    'deposit_input': DepositInput,
 }
 ```
 
@@ -648,7 +648,7 @@ DEPOSIT_CONTRACT_TREE_DEPTH: constant(uint256) = 32
 TWO_TO_POWER_OF_TREE_DEPTH: constant(uint256) = 4294967296  # 2**32
 SECONDS_PER_DAY: constant(uint256) = 86400
 
-Deposit: event({previous_deposit_root: bytes32, data: bytes[2064], deposit_count: uint256})
+Deposit: event({previous_deposit_root: bytes32, data: bytes[2064], merkle_tree_index: bytes[8]})
 ChainStart: event({deposit_root: bytes32, time: bytes[8]})
 
 deposit_tree: map(uint256, bytes32)
@@ -665,8 +665,9 @@ def deposit(deposit_input: bytes[2048]):
     msg_gwei_bytes8: bytes[8] = slice(concat("", convert(msg.value / GWEI_PER_ETH, bytes32)), start=24, len=8)
     timestamp_bytes8: bytes[8] = slice(concat("", convert(block.timestamp, bytes32)), start=24, len=8)
     deposit_data: bytes[2064] = concat(msg_gwei_bytes8, timestamp_bytes8, deposit_input)
+    merkle_tree_index: bytes[8] = slice(concat("", convert(index, bytes32)), start=24, len=8)
 
-    log.Deposit(self.deposit_tree[1], deposit_data, self.deposit_count)
+    log.Deposit(self.deposit_tree[1], deposit_data, merkle_tree_index)
 
     # add deposit to merkle tree
     self.deposit_tree[index] = sha3(deposit_data)
@@ -866,7 +867,7 @@ def get_committee_count_per_slot(active_validator_count: int) -> int:
 #### `get_shuffling`
 
 ```python
-def get_shuffling(seed: Hash32,
+def get_shuffling(randao_mix: Hash32,
                   validators: List[ValidatorRecord],
                   slot: int) -> List[List[int]]
     """
@@ -1011,8 +1012,7 @@ def get_attestation_participants(state: BeaconState,
     
     assert attestation.shard in [shard for _, shard in shard_committees]
     shard_committee = [committee for committee, shard in shard_committees if shard == attestation_data.shard][0]
-    
+    assert len(participation_bitfield) == (len(committee) + 7) // 8
-    assert len(participation_bitfield) == ceil_div8(len(shard_committee))
 
     # Find the participating attesters in the committee
     participants = []
@@ -1130,6 +1130,7 @@ def integer_squareroot(n: int) -> int:
     """
     The largest integer ``x`` such that ``x**2`` is less than ``n``.
     """
+    assert n >= 0
     x = n
     y = (x + 1) // 2
     while y < x:
@@ -1220,7 +1221,7 @@ def get_initial_beacon_state(initial_validator_deposits: List[Deposit],
         # Recent state
         latest_crosslinks=[CrosslinkRecord(slot=GENESIS_SLOT, shard_block_root=ZERO_HASH) for _ in range(SHARD_COUNT)],
         latest_block_roots=[ZERO_HASH for _ in range(LATEST_BLOCK_ROOTS_LENGTH)],
-        latest_penalized_exit_balances=[0 for _ in LATEST_PENALIZED_EXIT_LENGTH],
+        latest_penalized_exit_balances=[0 for _ in range(LATEST_PENALIZED_EXIT_LENGTH)],
         latest_attestations=[],
         batched_block_roots=[],
 
@@ -1505,11 +1506,12 @@ For each `attestation` in `block.body.attestations`:
 Verify that `len(block.body.deposits) <= MAX_DEPOSITS`.
 
 [TODO: add logic to ensure that deposits from 1.0 chain are processed in order]
+[TODO: update the call to `verify_merkle_branch` below if it needs to change after we process deposits in order]
 
 For each `deposit` in `block.body.deposits`:
 
-* Let `serialized_deposit_data` be the serialized form of `deposit.deposit_data`. It should be the `DepositInput` followed by 8 bytes for `deposit_data.amount` and 8 bytes for `deposit_data.timestamp`. That is, it should match `deposit_data` in the [Ethereum 1.0 deposit contract](#ethereum-10-deposit-contract) of which the hash was placed into the Merkle tree.
+* Let `serialized_deposit_data` be the serialized form of `deposit.deposit_data`. It should be 8 bytes for `deposit_data.amount` followed by 8 bytes for `deposit_data.timestamp` and then the `DepositInput` bytes. That is, it should match `deposit_data` in the [Ethereum 1.0 deposit contract](#ethereum-10-deposit-contract) of which the hash was placed into the Merkle tree.
-* Use the following procedure to verify `deposit.merkle_branch`, setting `leaf=serialized_deposit_data`, `depth=DEPOSIT_CONTRACT_TREE_DEPTH` and `root=state.latest_deposit_root`:
+* Verify that `verify_merkle_branch(hash(serialized_deposit_data), deposit.branch, DEPOSIT_CONTRACT_TREE_DEPTH, deposit.index, state.latest_deposit_root)` is `True`.
 
 ```python
 def verify_merkle_branch(leaf: Hash32, branch: [Hash32], depth: int, index: int, root: Hash32) -> bool: