New BLS in Phase 1

2019-12-17 15:33:37 +02:00 · 2019-12-17 15:33:37 +02:00 · 995c895b9c
parent c239ffb78c
commit 995c895b9c
4 changed files with 23 additions and 39 deletions
--- a/scripts/build_spec.py
+++ b/scripts/build_spec.py
@ -59,10 +59,9 @@ from eth2spec.utils.ssz.ssz_typing import (
 )
 from eth2spec.utils.bls import (
    Verify,
-    Sign,
-    Aggregate,
+    AggregateVerify,
    FastAggregateVerify,
-    bls_aggregate_pubkeys,
+    bls_signature_to_G2,
 )

 from eth2spec.utils.hash_function import hash
@ -86,7 +85,7 @@ def get_eth1_data(distance: uint64) -> Bytes32:
    return hash(distance)


-def hash(x: bytes) -> Bytes32:  # type: ignore
+def hash(x: bytes) -> Bytes32:
    if x not in hash_cache:
        hash_cache[x] = Bytes32(_hash(x))
    return hash_cache[x]
--- a/specs/core/1_custody-game.md
+++ b/specs/core/1_custody-game.md
@ -429,16 +429,9 @@ def process_custody_key_reveal(state: BeaconState, reveal: CustodyKeyReveal) ->
    assert is_slashable_validator(revealer, get_current_epoch(state))

    # Verify signature
-    assert bls_verify(
-        pubkey=revealer.pubkey,
-        message_hash=hash_tree_root(epoch_to_sign),
-        signature=reveal.reveal,
-        domain=get_domain(
-            state=state,
-            domain_type=DOMAIN_RANDAO,
-            message_epoch=epoch_to_sign,
-        ),
-    )
+    domain = get_domain(state, DOMAIN_RANDAO, epoch_to_sign)
+    message = compute_domain_wrapper_root(epoch_to_sign, domain)
+    assert Verify(revealer.pubkey, message, reveal.reveal)

    # Decrement max reveal lateness if response is timely
    if epoch_to_sign + EPOCHS_PER_CUSTODY_PERIOD >= get_current_epoch(state):
@ -487,21 +480,12 @@ def process_early_derived_secret_reveal(state: BeaconState, reveal: EarlyDerived
    # Verify signature correctness
    masker = state.validators[reveal.masker_index]
    pubkeys = [revealed_validator.pubkey, masker.pubkey]
-    message_hashes = [
-        hash_tree_root(reveal.epoch),
-        reveal.mask,
-    ]

-    assert bls_verify_multiple(
-        pubkeys=pubkeys,
-        message_hashes=message_hashes,
-        signature=reveal.reveal,
-        domain=get_domain(
-            state=state,
-            domain_type=DOMAIN_RANDAO,
-            message_epoch=reveal.epoch,
-        ),
-    )
+    domain = get_domain(state, DOMAIN_RANDAO, reveal.epoch)
+    messages = [compute_domain_wrapper_root(message, domain)
+                for message in [hash_tree_root(reveal.epoch), reveal.mask]]
+
+    assert AggregateVerify(pubkeys, messages, reveal.reveal)

    if reveal.epoch >= get_current_epoch(state) + CUSTODY_PERIOD_TO_RANDAO_PADDING:
        # Full slashing when the secret was revealed so early it may be a valid custody
@ -598,7 +582,7 @@ def process_bit_challenge(state: BeaconState, challenge: CustodyBitChallenge) ->
    challenger = state.validators[challenge.challenger_index]
    domain = get_domain(state, DOMAIN_CUSTODY_BIT_CHALLENGE, get_current_epoch(state))
    # TODO incorrect hash-tree-root, but this changes with phase 1 PR #1483
-    assert bls_verify(challenger.pubkey, hash_tree_root(challenge), challenge.signature, domain)
+    assert Verify(challenger.pubkey, compute_domain_wrapper_root(challenge, domain), challenge.signature)
    # Verify challenger is slashable
    assert is_slashable_validator(challenger, get_current_epoch(state))
    # Verify attestation
@ -622,7 +606,7 @@ def process_bit_challenge(state: BeaconState, challenge: CustodyBitChallenge) ->
        challenge.responder_index,
    )
    domain = get_domain(state, DOMAIN_RANDAO, epoch_to_sign)
-    assert bls_verify(responder.pubkey, hash_tree_root(epoch_to_sign), challenge.responder_key, domain)
+    assert Verify(responder.pubkey, compute_domain_wrapper_root(epoch_to_sign, domain), challenge.responder_key)
    # Verify the chunk count
    chunk_count = get_custody_chunk_count(attestation.data.crosslink)
    assert chunk_count == len(challenge.chunk_bits)
--- a/specs/core/1_shard-data-chains.md
+++ b/specs/core/1_shard-data-chains.md
@ -386,7 +386,7 @@ def process_shard_block_header(beacon_state: BeaconState, shard_state: ShardStat
    assert not proposer.slashed
    # Verify proposer signature
    domain = get_domain(beacon_state, DOMAIN_SHARD_PROPOSER, compute_epoch_of_shard_slot(block.slot))
-    assert bls_verify(proposer.pubkey, hash_tree_root(block), block.signature, domain)
+    assert Verify(proposer.pubkey, compute_domain_wrapper_root(block, domain), block.signature)
 ```

 #### Attestations
@ -406,8 +406,9 @@ def process_shard_attestations(beacon_state: BeaconState, shard_state: ShardStat
        assert block.aggregation_bits[i] == 0b0
    # Verify attester aggregate signature
    domain = get_domain(beacon_state, DOMAIN_SHARD_ATTESTER, compute_epoch_of_shard_slot(block.slot))
-    message = hash_tree_root(ShardAttestationData(slot=shard_state.slot, parent_root=block.parent_root))
-    assert bls_verify(bls_aggregate_pubkeys(pubkeys), message, block.attestations, domain)
+    shard_attestation_data = ShardAttestationData(slot=shard_state.slot, parent_root=block.parent_root)
+    message = compute_domain_wrapper_root(shard_attestation_data, domain)
+    assert FastAggregateVerify(pubkeys, message, block.attestations)
    # Proposer micro-reward
    proposer_index = get_shard_proposer_index(beacon_state, shard_state.shard, block.slot)
    reward = attestation_count * get_base_reward(beacon_state, proposer_index) // PROPOSER_REWARD_QUOTIENT
--- a/test_libs/pyspec/eth2spec/utils/bls.py
+++ b/test_libs/pyspec/eth2spec/utils/bls.py
@ -27,9 +27,9 @@ def Verify(PK, message, signature):
    return bls.verify(message_hash=message, pubkey=PK, signature=signature, domain=b'')


-# @only_with_bls(alt_return=True)
-# def AggregateVerify(PKs, messages, signature):
-#     return bls.verify_multiple(pubkeys=pubkeys, message_hashes=messages, signature=signature, domain=b'')
+@only_with_bls(alt_return=True)
+def AggregateVerify(PKs, messages, signature):
+    return bls.verify_multiple(pubkeys=PKs, message_hashes=messages, signature=signature, domain=b'')


@only_with_bls(alt_return=True)
@ -38,9 +38,9 @@ def FastAggregateVerify(PKs, message, signature):
    return bls.verify(pubkey=aggregate_pubkey, message_hash=message, signature=signature, domain=b'')


-@only_with_bls(alt_return=STUB_PUBKEY)
-def bls_aggregate_pubkeys(PKs):
-    return bls.aggregate_pubkeys(PKs)
+# @only_with_bls(alt_return=STUB_PUBKEY)
+# def bls_aggregate_pubkeys(PKs):
+#     return bls.aggregate_pubkeys(PKs)


@only_with_bls(alt_return=STUB_SIGNATURE)