From db9fdb9b72fdc5ee5b27b5655fbb2669b84da003 Mon Sep 17 00:00:00 2001 From: vbuterin Date: Sat, 17 Nov 2018 18:20:39 -0500 Subject: [PATCH 01/36] Switch from alt_bn255 to BLS12-381 --- specs/core/0_beacon-chain.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/specs/core/0_beacon-chain.md b/specs/core/0_beacon-chain.md index 273bf75f5..0304b11b2 100644 --- a/specs/core/0_beacon-chain.md +++ b/specs/core/0_beacon-chain.md @@ -137,7 +137,7 @@ An `AttestationRecord` has the following fields: # Hash of last justified beacon block 'justified_block_hash': 'hash32', # BLS aggregate signature - 'aggregate_sig': ['uint256'] + 'aggregate_sig': ['uint384'] } ``` @@ -227,7 +227,7 @@ A `ValidatorRecord` has the following fields: ```python { # BLS public key - 'pubkey': 'uint256', + 'pubkey': 'uint384', # Withdrawal shard number 'withdrawal_shard': 'uint16', # Withdrawal address @@ -609,6 +609,8 @@ def add_validator(validators: List[ValidatorRecord], return index ``` +`BLSVerify` is a function for verifying a BLS-12-381 signature, defined in the BLS-12-381 spec. + ## Routine for removing a validator ```python From 8a2e1d55a506f85cb35970361e7150cce80931b2 Mon Sep 17 00:00:00 2001 From: Danny Ryan Date: Sun, 18 Nov 2018 10:34:23 +0900 Subject: [PATCH 02/36] fix bls12-381 to be in standard notation --- specs/core/0_beacon-chain.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/specs/core/0_beacon-chain.md b/specs/core/0_beacon-chain.md index 0304b11b2..681ff876f 100644 --- a/specs/core/0_beacon-chain.md +++ b/specs/core/0_beacon-chain.md @@ -609,7 +609,7 @@ def add_validator(validators: List[ValidatorRecord], return index ``` -`BLSVerify` is a function for verifying a BLS-12-381 signature, defined in the BLS-12-381 spec. +`BLSVerify` is a function for verifying a BLS12-381 signature, defined in the BLS12-381 spec. ## Routine for removing a validator From 54217772fed49499a980b9ac1d947c6a84f52f51 Mon Sep 17 00:00:00 2001 From: vbuterin Date: Mon, 19 Nov 2018 20:13:58 -0500 Subject: [PATCH 03/36] Added domain separation --- specs/core/0_beacon-chain.md | 39 ++++++++++++++++++++++++------------ 1 file changed, 26 insertions(+), 13 deletions(-) diff --git a/specs/core/0_beacon-chain.md b/specs/core/0_beacon-chain.md index 6914c64e7..22c55a997 100644 --- a/specs/core/0_beacon-chain.md +++ b/specs/core/0_beacon-chain.md @@ -90,6 +90,15 @@ The primary source of load on the beacon chain are "attestations". Attestations | `ENTRY` | `0` | | `EXIT` | `1` | +**Domains for BLS signatures** + +| Name | Value | +| - | :-: | +| `DOMAIN_DEPOSIT` | `0` | +| `DOMAIN_ATTESTATION` | `1` | +| `DOMAIN_PROPOSAL` | `2` | +| `DOMAIN_LOGOUT` | `3` | + ### PoW chain registration contract The initial deployment phases of Ethereum 2.0 are implemented without consensus changes to the PoW chain. A registration contract is added to the PoW chain to deposit ETH. This contract has a `registration` function which takes as arguments `pubkey`, `withdrawal_shard`, `withdrawal_address`, `randao_commitment` as defined in a `ValidatorRecord` below. A BLS `proof_of_possession` of types `bytes` is given as a final argument. @@ -152,8 +161,6 @@ An `AttestationSignedData` has the following fields: ```python { - # Fork version - 'fork_version': 'uint64', # Slot number 'slot': 'uint64', # Shard number @@ -652,7 +659,7 @@ The `add_validator` routine is defined below. This routine should be run for every validator that is inducted as part of a log created on the PoW chain [TODO: explain where to check for these logs]. The status of the validators added after genesis is `PENDING_ACTIVATION`. These logs should be processed in the order in which they are emitted by the PoW chain. -First, a helper function: +First, some helper functions: ```python def min_empty_validator(validators: List[ValidatorRecord], current_slot: int): @@ -662,10 +669,15 @@ def min_empty_validator(validators: List[ValidatorRecord], current_slot: int): return None ``` +```python +def get_fork_version(state: State, slot: uint64): + return state.pre_fork_version if slot < state.fork_slot_number else state.post_fork_version +``` + Now, to add a validator: ```python -def add_validator(validators: List[ValidatorRecord], +def add_validator(state: State, pubkey: int, proof_of_possession: bytes, withdrawal_shard: int, @@ -678,7 +690,8 @@ def add_validator(validators: List[ValidatorRecord], signed_message = as_bytes32(pubkey) + as_bytes2(withdrawal_shard) + withdrawal_address + randao_commitment assert BLSVerify(pub=pubkey, msg=hash(signed_message), - sig=proof_of_possession) + sig=proof_of_possession, + domain=get_fork_version(state, current_slot) * 2**32 + DOMAIN_DEPOSIT) # Pubkey uniqueness assert pubkey not in [v.pubkey for v in validators] rec = ValidatorRecord( @@ -815,9 +828,9 @@ For each one of these attestations: * Compute `parent_hashes` = `[get_block_hash(state, block, slot - CYCLE_LENGTH + i) for i in range(1, CYCLE_LENGTH - len(oblique_parent_hashes) + 1)] + oblique_parent_hashes` (eg, if `CYCLE_LENGTH = 4`, `slot = 5`, the actual block hashes starting from slot 0 are `Z A B C D E F G H I J`, and `oblique_parent_hashes = [D', E']` then `parent_hashes = [B, C, D' E']`). Note that when *creating* an attestation for a block, the hash of that block itself won't yet be in the `state`, so you would need to add it explicitly. * Let `attestation_indices` be `get_shards_and_committees_for_slot(state, slot)[x]`, choosing `x` so that `attestation_indices.shard` equals the `shard` value provided to find the set of validators that is creating this attestation record. * Verify that `len(attester_bitfield) == ceil_div8(len(attestation_indices))`, where `ceil_div8 = (x + 7) // 8`. Verify that bits `len(attestation_indices)....` and higher, if present (i.e. `len(attestation_indices)` is not a multiple of 8), are all zero. -* Derive a group public key by adding the public keys of all of the attesters in `attestation_indices` for whom the corresponding bit in `attester_bitfield` (the ith bit is `(attester_bitfield[i // 8] >> (7 - (i %8))) % 2`) equals 1. -* Let `fork_version = pre_fork_version if slot < fork_slot_number else post_fork_version`. -* Verify that `aggregate_sig` verifies using the group pubkey generated and the serialized form of `AttestationSignedData(fork_version, slot, shard, parent_hashes, shard_block_hash, last_crosslinked_hash, shard_block_combined_data_root, justified_slot)` as the message. +* Derive a `group_public_key` by adding the public keys of all of the attesters in `attestation_indices` for whom the corresponding bit in `attester_bitfield` (the ith bit is `(attester_bitfield[i // 8] >> (7 - (i %8))) % 2`) equals 1. +* Let `data = AttestationSignedData(slot, shard, parent_hashes, shard_block_hash, last_crosslinked_hash, shard_block_combined_data_root, justified_slot)` +* Check `BLSVerify(pubkey=group_public_key, msg=data, sig=aggregate_sig, domain=get_fork_version(state, slot) * 2**32 + DOMAIN_ATTESTATION)` Extend the list of `AttestationRecord` objects in the `state` with those included in the block, ordering the new additions in the same order as they came in the block. @@ -843,12 +856,12 @@ For each `SpecialRecord` `obj` in `block.specials`, verify that its `kind` is on ```python { 'validator_index': 'uint64', - 'signature': '[uint256]' + 'signature': '[uint384]' } ``` Perform the following checks: -* Let `fork_version = pre_fork_version if block.slot < fork_slot_number else post_fork_version`. Verify that `BLSVerify(pubkey=validators[data.validator_index].pubkey, msg=hash(LOGOUT_MESSAGE + bytes8(fork_version)), sig=data.signature)` +* Verify that `BLSVerify(pubkey=validators[data.validator_index].pubkey, msg=hash(LOGOUT_MESSAGE + bytes8(fork_version)), sig=data.signature, domain=get_fork_version(state, current_slot) * 2**32 + DOMAIN_LOGOUT)` * Verify that `validators[validator_index].status == ACTIVE`. Run `exit_validator(data.validator_index, state, penalize=False, current_slot=block.slot)`. @@ -859,16 +872,16 @@ Run `exit_validator(data.validator_index, state, penalize=False, current_slot=bl { 'vote1_aggregate_sig_indices': '[uint24]', 'vote1_data': AttestationSignedData, - 'vote1_aggregate_sig': '[uint256]', + 'vote1_aggregate_sig': '[uint384]', 'vote2_aggregate_sig_indices': '[uint24]', 'vote2_data': AttestationSignedData, - 'vote2_aggregate_sig': '[uint256]', + 'vote2_aggregate_sig': '[uint384]', } ``` Perform the following checks: -* For each `aggregate_sig`, verify that `BLSVerify(pubkey=aggregate_pubkey([validators[i].pubkey for i in aggregate_sig_indices]), msg=vote_data, sig=aggsig)` passes. +* For each `aggregate_sig`, verify that `BLSVerify(pubkey=aggregate_pubkey([validators[i].pubkey for i in aggregate_sig_indices]), msg=vote_data, sig=aggsig, domain=get_fork_version(state, vote_data.slot) * 2**32 + DOMAIN_ATTESTATION)` passes. * Verify that `vote1_data != vote2_data`. * Let `intersection = [x for x in vote1_aggregate_sig_indices if x in vote2_aggregate_sig_indices]`. Verify that `len(intersection) >= 1`. * Verify that `vote1_data.justified_slot < vote2_data.justified_slot < vote2_data.slot <= vote1_data.slot`. From e925fe5705f2b112b1682c52ea781aba3b0b4950 Mon Sep 17 00:00:00 2001 From: vbuterin Date: Mon, 19 Nov 2018 20:15:10 -0500 Subject: [PATCH 04/36] Forgot to change validators -> state.validators --- specs/core/0_beacon-chain.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/specs/core/0_beacon-chain.md b/specs/core/0_beacon-chain.md index 22c55a997..61ad95c28 100644 --- a/specs/core/0_beacon-chain.md +++ b/specs/core/0_beacon-chain.md @@ -693,7 +693,7 @@ def add_validator(state: State, sig=proof_of_possession, domain=get_fork_version(state, current_slot) * 2**32 + DOMAIN_DEPOSIT) # Pubkey uniqueness - assert pubkey not in [v.pubkey for v in validators] + assert pubkey not in [v.pubkey for v in state.validators] rec = ValidatorRecord( pubkey=pubkey, withdrawal_shard=withdrawal_shard, @@ -705,12 +705,12 @@ def add_validator(state: State, exit_slot=0, exit_seq=0 ) - index = min_empty_validator(validators) + index = min_empty_validator(state.validators) if index is None: - validators.append(rec) - return len(validators) - 1 + state.validators.append(rec) + return len(state.validators) - 1 else: - validators[index] = rec + state.validators[index] = rec return index ``` From bc53f0e386ce822278fe9b429a6d8b8589138e8d Mon Sep 17 00:00:00 2001 From: vbuterin Date: Thu, 22 Nov 2018 08:24:20 -0500 Subject: [PATCH 05/36] Fork choice rule Added the LMD GHOST fork choice rule. --- specs/core/0_beacon-chain.md | 28 +++++++++++++++++++++++----- 1 file changed, 23 insertions(+), 5 deletions(-) diff --git a/specs/core/0_beacon-chain.md b/specs/core/0_beacon-chain.md index 9ac39501c..423d26f1b 100644 --- a/specs/core/0_beacon-chain.md +++ b/specs/core/0_beacon-chain.md @@ -337,15 +337,33 @@ Beacon block production is significantly different because of the proof of stake ### Beacon chain fork choice rule -The beacon chain uses the Casper FFG fork choice rule of "favor the chain containing the highest-slot-number justified block". To choose between chains that are all descended from the same justified block, the chain uses "immediate message driven GHOST" (IMD GHOST) to choose the head of the chain. +The beacon chain uses a hybrid fork choice rule that combines together FFG justification/finality with latest-message-driven GHOST. -For a description see: **https://ethresear.ch/t/beacon-chain-casper-ffg-rpj-mini-spec/2760** +The following is a description of how to calculate the head at any given point in time. -For an implementation with a network simulator see: **https://github.com/ethereum/research/blob/master/clock_disparity/ghost_node.py** +1. Set `finalized_head` to the finalized block with the highest slot number. +2. Set `justified_head` be the descendant of `finalized_head` that is justified, and has been known to be justified for at least `SLOT_DURATION * CYCLE_LENGTH` seconds, with the highest slot number. +3. Return `LMD_GHOST(store, justified_head)`, where `store` contains all attestations and blocks that the validator has received. -Here's an example of its working (green is finalized blocks, yellow is justified, grey is attestations): +Let `get_most_recent_attestation_target(store, v)` be a function that returns the block that a validator attested to in the attestation in `store` that has the highest slot number. Let `get_ancestor(store, block, slot)` be the function that returns the ancestor of the given block at the given slot; it could be defined recursively as `def get_ancestor(store, block, slot): return block if block.slot == slot else get_ancestor(store, store.get_parent(block), slot)`. LMD GHOST is defined as follows: -![](https://vitalik.ca/files/RPJ.png) +```python +def lmd_ghost(store, start): + validators = [start.state.validators[i] for i in range(get_active_validators(start.state.validators, start.slot))] + latest_message_targets = [get_most_recent_attestation_target(store, v) for v in validators] + head = start + while 1: + c = get_children(head) + if len(c) == 0: + return head + + def get_vote_count(block): + return len([t for t in latest_message_targets if get_ancestor(store, t, block.slot) == block]) + + head = max(c, key=get_vote_count) +``` + +Note that the above is a definition, not an optimal implementation; implementations that determine the head in logarithmic time are possible. ## Beacon chain state transition function From 50458c1d3101e4807ffb58a2ff3261b4c434617a Mon Sep 17 00:00:00 2001 From: Justin Date: Thu, 22 Nov 2018 23:09:36 +0000 Subject: [PATCH 06/36] Various fixes regarding PoW receipt roots Question: What happens if the block proposer at the `POW_RECEIPT_ROOT_VOTING_PERIOD` boundary puts a bad receipt root? Does this give too much power to that block proposer? --- specs/core/0_beacon-chain.md | 52 ++++++++++++++++++------------------ 1 file changed, 26 insertions(+), 26 deletions(-) diff --git a/specs/core/0_beacon-chain.md b/specs/core/0_beacon-chain.md index 9ac39501c..1a373eb2f 100644 --- a/specs/core/0_beacon-chain.md +++ b/specs/core/0_beacon-chain.md @@ -44,17 +44,17 @@ The primary source of load on the beacon chain are "attestations". Attestations | `MIN_VALIDATOR_SET_CHANGE_INTERVAL` | 2**8 (= 256) | slots | ~25 minutes | | `SHARD_PERSISTENT_COMMITTEE_CHANGE_PERIOD` | 2**17 (= 131,072) | slots | ~9 days | | `MIN_ATTESTATION_INCLUSION_DELAY` | 2**2 (= 4) | slots | ~24 seconds | -| `RANDAO_SLOTS_PER_LAYER` | 2**12 (= 4096) | slots | ~7 hours | +| `RANDAO_SLOTS_PER_LAYER` | 2**12 (= 4,096) | slots | ~7 hours | | `SQRT_E_DROP_TIME` | 2**18 (= 262,144) | slots | ~18 days | | `WITHDRAWALS_PER_CYCLE` | 2**2 (=4) | validators | 5.2m ETH in ~6 months | -| `MIN_WITHDRAWAL_PERIOD` | 2**13 (= 8192) | slots | ~14 hours | +| `MIN_WITHDRAWAL_PERIOD` | 2**13 (= 8,192) | slots | ~14 hours | | `DELETION_PERIOD` | 2**22 (= 4,194,304) | slots | ~290 days | | `COLLECTIVE_PENALTY_CALCULATION_PERIOD` | 2**20 (= 1,048,576) | slots | ~2.4 months | +| `POW_RECEIPT_ROOT_VOTING_PERIOD` | 2**10 (= 1,024) | slots | ~1.7 hours | | `SLASHING_WHISTLEBLOWER_REWARD_DENOMINATOR` | 2**9 (= 512) | | `BASE_REWARD_QUOTIENT` | 2**15 (= 32,768) | — | | `MAX_VALIDATOR_CHURN_QUOTIENT` | 2**5 (= 32) | — | -| `POW_HASH_VOTING_PERIOD` | 2**10 (=1024) | - | -| `POW_CONTRACT_MERKLE_TREE_DEPTH` | 2**5 (=32) | - | +| `POW_CONTRACT_MERKLE_TREE_DEPTH` | 2**5 (= 32) | - | | `LOGOUT_MESSAGE` | `"LOGOUT"` | — | | `INITIAL_FORK_VERSION` | 0 | — | @@ -109,7 +109,7 @@ A `BeaconBlock` has the following fields: 'slot': 'uint64', # Proposer RANDAO reveal 'randao_reveal': 'hash32', - # Recent PoW chain reference (receipt root) + # Recent PoW receipt root 'candidate_pow_receipt_root': 'hash32', # Skip list of previous beacon block hashes # i'th item is the most recent ancestor whose slot is a multiple of 2**i for i = 0, ..., 31 @@ -236,8 +236,8 @@ The `BeaconState` has the following fields: 'current_exit_seq': 'uint64', # Genesis time 'genesis_time': 'uint64', - # PoW chain reference - 'known_pow_receipt_root': 'hash32', + # PoW receipt root + 'processed_pow_receipt_root': 'hash32', 'candidate_pow_receipt_root': 'hash32', 'candidate_pow_receipt_root_votes': 'uint64', # Parameters relevant to hard forks / versioning. @@ -328,7 +328,7 @@ For a block on the beacon chain to be processed by a node, four conditions have * The parent pointed to by the `ancestor_hashes[0]` has already been processed and accepted * An attestation from the _proposer_ of the block (see later for definition) is included along with the block in the network message object -* The PoW chain block pointed to by the `pow_chain_reference` has already been processed and accepted +* The PoW chain block pointed to by the `processed_pow_receipt_root` has already been processed and accepted * The node's local clock time is greater than or equal to the minimum timestamp as computed by `GENESIS_TIME + block.slot * SLOT_DURATION` If these conditions are not met, the client should delay processing the beacon block until the conditions are all satisfied. @@ -551,8 +551,8 @@ def int_sqrt(n: int) -> int: The beacon chain is initialized when a condition is met inside a contract on the existing PoW chain. This contract's code in Vyper is as follows: ```python -HashChainValue: event({prev_tip: bytes32, data: bytes[2064], total_deposit_count: int128}) -ChainStart: event({hash_chain_tip: bytes32, time: bytes[8]}) +HashChainValue: event({previous_receipt_root: bytes32, data: bytes[2064], total_deposit_count: int128}) +ChainStart: event({receipt_root: bytes32, time: bytes[8]}) receipt_tree: bytes32[int128] total_deposit_count: int128 @@ -597,7 +597,7 @@ If the user wishes to deposit more than `DEPOSIT_SIZE` ETH, they would need to m * `initial_validator_entries` equal to the list of data records published as HashChainValue logs so far, in the order in which they were published (oldest to newest). * `genesis_time` equal to the `time` value published in the log -* `pow_hash_chain_tip` equal to the `hash_chain_tip` value published in the log +* `pow_receipt_root` equal to the `receipt_root` value published in the log ### On startup @@ -619,7 +619,7 @@ A valid block with slot `0` (the "genesis block") has the following values. Othe `STARTUP_STATE_ROOT` is the root of the initial state, computed by running the following code: ```python -def on_startup(initial_validator_entries: List[Any], genesis_time: uint64, pow_hash_chain_tip: Hash32) -> BeaconState: +def on_startup(initial_validator_entries: List[Any], genesis_time: uint64, pow_receipt_root: Hash32) -> BeaconState: # Induct validators validators = [] for pubkey, proof_of_possession, withdrawal_shard, withdrawal_address, \ @@ -655,14 +655,13 @@ def on_startup(initial_validator_entries: List[Any], genesis_time: uint64, pow_h persistent_committees=split(shuffle(validators, bytes([0] * 32)), SHARD_COUNT), persistent_committee_reassignments=[], deposits_penalized_in_period=[], - next_shuffling_seed=b'\x00'*32, + next_shuffling_seed=bytes([0] * 32), validator_set_delta_hash_chain=bytes([0] * 32), # stub current_exit_seq=0, genesis_time=genesis_time, - known_pow_hash_chain_tip=pow_hash_chain_tip, - processed_pow_hash_chain_tip=pow_hash_chain_tip, - candidate_pow_hash_chain_tip=bytes([0] * 32), - candidate_pow_hash_chain_tip_votes=0, + processed_pow_receipt_root=pow_receipt_root, + candidate_pow_receipt_root=bytes([0] * 32), + candidate_pow_receipt_root_votes=0, pre_fork_version=INITIAL_FORK_VERSION, post_fork_version=INITIAL_FORK_VERSION, fork_slot_number=0, @@ -790,7 +789,7 @@ def on_startup(initial_validator_entries: List[Any]) -> BeaconState: persistent_committees=split(shuffle(validators, bytes([0] * 32)), SHARD_COUNT), persistent_committee_reassignments=[], deposits_penalized_in_period=[], - next_shuffling_seed=b'\x00'*32, + next_shuffling_seed=bytes([0] * 32), validator_set_delta_hash_chain=bytes([0] * 32), # stub pre_fork_version=INITIAL_FORK_VERSION, post_fork_version=INITIAL_FORK_VERSION, @@ -860,11 +859,13 @@ Verify that `BLSVerify(pubkey=get_beacon_proposer(state, block.slot).pubkey, dat ### Verify and process RANDAO reveal * Let `repeat_hash(x, n) = x if n == 0 else repeat_hash(hash(x), n-1)`. -* Let `V = get_beacon_proposer(state, block.slot). +* Let `V = get_beacon_proposer(state, block.slot)`. * Verify that `repeat_hash(block.randao_reveal, (block.slot - V.randao_last_change) // RANDAO_SLOTS_PER_LAYER + 1) == V.randao_commitment` * Set `state.randao_mix = xor(state.randao_mix, block.randao_reveal)`, `V.randao_commitment = block.randao_reveal`, `V.randao_last_change = block.slot` -Finally, if `block.candidate_pow_hash_chain_tip = state.candidate_pow_hash_chain_tip`, set `state.candidate_hash_chain_tip_votes += 1`. +### Process PoW receipt root + +If `block.candidate_pow_receipt_root = state.candidate_pow_receipt_root` set `state.candidate_pow_receipt_root_votes += 1`. ### Process penalties, logouts and other special objects @@ -938,7 +939,7 @@ For each `proposal_signature`, verify that `BLSVerify(pubkey=validators[proposer Note that `deposit_data` in serialized form should be the `DepositParams` followed by 8 bytes for the `msg_value` and 8 bytes for the `timestamp`, or exactly the `deposit_data` in the PoW contract of which the hash was placed into the Merkle tree. -Use the following procedure to verify the `merkle_branch`, setting `leaf=serialized_deposit_data`, `depth=POW_CONTRACT_MERKLE_TREE_DEPTH` and `root=state.known_pow_receipt_root`: +Use the following procedure to verify the `merkle_branch`, setting `leaf=serialized_deposit_data`, `depth=POW_CONTRACT_MERKLE_TREE_DEPTH` and `root=state.processed_pow_receipt_root`: ```python def verify_merkle_branch(leaf: Hash32, branch: [Hash32], depth: int, index: int, root: Hash32) -> bool: @@ -1012,11 +1013,11 @@ For every shard number `shard` for which a crosslink committee exists in the cyc #### PoW chain related rules -If `last_state_recalculation_slot % POW_HASH_VOTING_PERIOD == 0`, then: +If `last_state_recalculation_slot % POW_RECEIPT_ROOT_VOTING_PERIOD == 0`, then: -* If `state.candidate_hash_chain_tip_votes * 3 >= POW_HASH_VOTING_PERIOD * 2`, set `state.hash_chain_tip = state.candidate_hash_chain_tip` -* Set `state.candidate_hash_chain_tip = block.candidate_pow_hash_chain_tip` -* Set `state.candidate_hash_chain_tip_votes = 0` +* If `state.candidate_pow_receipt_root_votes * 3 >= POW_RECEIPT_ROOT_VOTING_PERIOD * 2` set `state.processed_pow_receipt_root = state.candidate_pow_receipt_root`. +* Set `state.candidate_pow_receipt_root = block.candidate_pow_receipt_root`. +* Set `state.candidate_pow_receipt_root_votes = 0`. ### Validator set change @@ -1151,7 +1152,6 @@ Note: This spec is ~65% complete. **Missing** -* [ ] Specify the rules around acceptable values for `pow_chain_reference` ([issue 58](https://github.com/ethereum/eth2.0-specs/issues/58)) * [ ] Specify the shard chain blocks, blobs, proposers, etc. * [ ] Specify the deposit contract on the PoW chain in Vyper * [ ] Specify the beacon chain genesis rules ([issue 58](https://github.com/ethereum/eth2.0-specs/issues/58)) From f3094e179e1523e3b8bde078ca3231dfc04729c7 Mon Sep 17 00:00:00 2001 From: vbuterin Date: Fri, 23 Nov 2018 08:54:24 -0500 Subject: [PATCH 07/36] Resolved Justin's questions --- specs/core/0_beacon-chain.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/specs/core/0_beacon-chain.md b/specs/core/0_beacon-chain.md index 423d26f1b..ae067f588 100644 --- a/specs/core/0_beacon-chain.md +++ b/specs/core/0_beacon-chain.md @@ -341,11 +341,11 @@ The beacon chain uses a hybrid fork choice rule that combines together FFG justi The following is a description of how to calculate the head at any given point in time. -1. Set `finalized_head` to the finalized block with the highest slot number. -2. Set `justified_head` be the descendant of `finalized_head` that is justified, and has been known to be justified for at least `SLOT_DURATION * CYCLE_LENGTH` seconds, with the highest slot number. -3. Return `LMD_GHOST(store, justified_head)`, where `store` contains all attestations and blocks that the validator has received. +1. Set `finalized_head` to the finalized block with the highest slot number (as in, the block B with the highest slot number such that there exists a descendant of B the processing of which set B as finalized) +2. Set `justified_head` be the descendant of `finalized_head` that is justified, and has been known to be justified for at least `SLOT_DURATION * CYCLE_LENGTH` seconds, with the highest slot number (as in, the block B with the highest slot number such that there exists a descendant of B the processing of which set B as justified; if no such block exists, then it is just set to the `finalized_head`) +3. Return `LMD_GHOST(store, justified_head)`, where `store` contains all attestations and blocks that the validator has received, including those that have not been included in any chain. -Let `get_most_recent_attestation_target(store, v)` be a function that returns the block that a validator attested to in the attestation in `store` that has the highest slot number. Let `get_ancestor(store, block, slot)` be the function that returns the ancestor of the given block at the given slot; it could be defined recursively as `def get_ancestor(store, block, slot): return block if block.slot == slot else get_ancestor(store, store.get_parent(block), slot)`. LMD GHOST is defined as follows: +Let `get_most_recent_attestation_target(store, v)` be a function that returns the block that a validator attested to in the attestation in `store` with the highest slot number; only attestations pointing to blocks that the validator has verified (including recursively verifying ancestors) are considered. If more than one attestation exists in the same slot, `get_most_recent_attestation_target` should return the attestation that the client learned about earlier. Let `get_ancestor(store, block, slot)` be the function that returns the ancestor of the given block at the given slot; it could be defined recursively as `def get_ancestor(store, block, slot): return block if block.slot == slot else get_ancestor(store, store.get_parent(block), slot)`. LMD GHOST is defined as follows: ```python def lmd_ghost(store, start): From 92981e9714e0a8f6d62c90af35544edfacdbf0b4 Mon Sep 17 00:00:00 2001 From: Justin Date: Fri, 23 Nov 2018 14:46:25 +0000 Subject: [PATCH 08/36] Started cleaning up fork choice rule definition --- specs/core/0_beacon-chain.md | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/specs/core/0_beacon-chain.md b/specs/core/0_beacon-chain.md index ae067f588..53845a3ba 100644 --- a/specs/core/0_beacon-chain.md +++ b/specs/core/0_beacon-chain.md @@ -337,15 +337,15 @@ Beacon block production is significantly different because of the proof of stake ### Beacon chain fork choice rule -The beacon chain uses a hybrid fork choice rule that combines together FFG justification/finality with latest-message-driven GHOST. +The beacon chain fork choice rule is a hybrid that combines justification and finality with Latest Message Driven (LMD) GHOST. At any point in time a validator `v` calculates the head as follows. -The following is a description of how to calculate the head at any given point in time. - -1. Set `finalized_head` to the finalized block with the highest slot number (as in, the block B with the highest slot number such that there exists a descendant of B the processing of which set B as finalized) -2. Set `justified_head` be the descendant of `finalized_head` that is justified, and has been known to be justified for at least `SLOT_DURATION * CYCLE_LENGTH` seconds, with the highest slot number (as in, the block B with the highest slot number such that there exists a descendant of B the processing of which set B as justified; if no such block exists, then it is just set to the `finalized_head`) -3. Return `LMD_GHOST(store, justified_head)`, where `store` contains all attestations and blocks that the validator has received, including those that have not been included in any chain. - -Let `get_most_recent_attestation_target(store, v)` be a function that returns the block that a validator attested to in the attestation in `store` with the highest slot number; only attestations pointing to blocks that the validator has verified (including recursively verifying ancestors) are considered. If more than one attestation exists in the same slot, `get_most_recent_attestation_target` should return the attestation that the client learned about earlier. Let `get_ancestor(store, block, slot)` be the function that returns the ancestor of the given block at the given slot; it could be defined recursively as `def get_ancestor(store, block, slot): return block if block.slot == slot else get_ancestor(store, store.get_parent(block), slot)`. LMD GHOST is defined as follows: +* Let `store` be the set of all attestations and blocks that the validator `v` has verified (in particular, ancestors must be recursively verified), including attestations not included in any chain. +* Let `finalized_head` be the finalized block with the highest slot number. (A block `B` is finalized if there is a descendant of `B` in `store` the processing of which sets `B` as finalized.) +* Let `justified_head` be the descendant of `finalized_head` with the highest slot number that has been justified for at least `CYCLE_LENGTH` slots. (A block `B` is justified is there is a descendant of `B` in `store` the processing of which sets `B` as justified.) If no such descendant exists set `justified_head` to `finalized_head`. +* Let `get_most_recent_attestation(store, validator)` be the attestation in `store` from `validator` with the highest slot number. If several such attestations exist use the one the validator `v` verified first. +* Let `get_most_recent_attestation_target(store, validator)` be the target block in `get_most_recent_attestation(store, validator)`. +* Let `get_ancestor(store, block, slot)` be the ancestor of `block` with slot number `slot`. The `get_ancestor` function can be defined recursively as `def get_ancestor(store, block, slot): return block if block.slot == slot else get_ancestor(store, store.get_parent(block), slot)`. +* The head is `lmd_ghost(store, justified_head)` where the function `lmd_ghost` is defined below. Note that the implementation below is suboptimal; there are implementations that compute the head in logarithmic time. ```python def lmd_ghost(store, start): @@ -363,8 +363,6 @@ def lmd_ghost(store, start): head = max(c, key=get_vote_count) ``` -Note that the above is a definition, not an optimal implementation; implementations that determine the head in logarithmic time are possible. - ## Beacon chain state transition function We now define the state transition function. At the high level, the state transition is made up of two parts: From 361bcd6be493d4933461cdf32aba9b33641845e8 Mon Sep 17 00:00:00 2001 From: Justin Date: Fri, 23 Nov 2018 15:23:22 +0000 Subject: [PATCH 09/36] More polishing to fork choice rule --- specs/core/0_beacon-chain.md | 28 +++++++++++++--------------- 1 file changed, 13 insertions(+), 15 deletions(-) diff --git a/specs/core/0_beacon-chain.md b/specs/core/0_beacon-chain.md index 53845a3ba..7f4522360 100644 --- a/specs/core/0_beacon-chain.md +++ b/specs/core/0_beacon-chain.md @@ -337,30 +337,29 @@ Beacon block production is significantly different because of the proof of stake ### Beacon chain fork choice rule -The beacon chain fork choice rule is a hybrid that combines justification and finality with Latest Message Driven (LMD) GHOST. At any point in time a validator `v` calculates the head as follows. +The beacon chain fork choice rule is a hybrid that combines justification and finality with Latest Message Driven (LMD) Greediest Heaviest Observed SubTree (GHOST). At any point in time a validator `v` calculates the beacon chain head as follows. -* Let `store` be the set of all attestations and blocks that the validator `v` has verified (in particular, ancestors must be recursively verified), including attestations not included in any chain. +* Let `store` be the set of attestations and blocks that the validator `v` has observed and verified (in particular, block ancestors must be recursively verified). Attestations not part of any chain are still included in `store`. * Let `finalized_head` be the finalized block with the highest slot number. (A block `B` is finalized if there is a descendant of `B` in `store` the processing of which sets `B` as finalized.) * Let `justified_head` be the descendant of `finalized_head` with the highest slot number that has been justified for at least `CYCLE_LENGTH` slots. (A block `B` is justified is there is a descendant of `B` in `store` the processing of which sets `B` as justified.) If no such descendant exists set `justified_head` to `finalized_head`. -* Let `get_most_recent_attestation(store, validator)` be the attestation in `store` from `validator` with the highest slot number. If several such attestations exist use the one the validator `v` verified first. -* Let `get_most_recent_attestation_target(store, validator)` be the target block in `get_most_recent_attestation(store, validator)`. * Let `get_ancestor(store, block, slot)` be the ancestor of `block` with slot number `slot`. The `get_ancestor` function can be defined recursively as `def get_ancestor(store, block, slot): return block if block.slot == slot else get_ancestor(store, store.get_parent(block), slot)`. +* Let `get_latest_attestation(store, validator)` be the attestation in `store` from `validator` with the highest slot number. If several such attestations exist use the one the validator `v` verified first. +* Let `get_latest_attestation_target(store, validator)` be the target block in the attestation `get_latest_attestation(store, validator)`. * The head is `lmd_ghost(store, justified_head)` where the function `lmd_ghost` is defined below. Note that the implementation below is suboptimal; there are implementations that compute the head in logarithmic time. ```python def lmd_ghost(store, start): - validators = [start.state.validators[i] for i in range(get_active_validators(start.state.validators, start.slot))] - latest_message_targets = [get_most_recent_attestation_target(store, v) for v in validators] + active_validators = [start.state.validators[i] for i in range(get_active_validators(start.state.validators, start.slot))] + latest_attestation_targets = [get_latest_attestation_target(store, validator) for validator in active_validators] + def get_vote_count(block): + return len([target for target in latest_attestation_targets if get_ancestor(store, target, block.slot) == block]) + head = start while 1: - c = get_children(head) - if len(c) == 0: - return head - - def get_vote_count(block): - return len([t for t in latest_message_targets if get_ancestor(store, t, block.slot) == block]) - - head = max(c, key=get_vote_count) + children = get_children(head) + if len(children) == 0: + return head + head = max(children, key=get_vote_count) ``` ## Beacon chain state transition function @@ -1187,7 +1186,6 @@ Note: This spec is ~65% complete. **Possible modifications and additions** -* [ ] Replace the IMD fork choice rule with LMD * [ ] Homogenise types to `uint64` ([PR 36](https://github.com/ethereum/eth2.0-specs/pull/36)) * [ ] Reduce the slot duration to 8 seconds * [ ] Allow for the delayed inclusion of aggregated signatures From b76eae8a71d700ee6bd88867ba21790e6a18dfb9 Mon Sep 17 00:00:00 2001 From: Justin Date: Fri, 23 Nov 2018 15:37:37 +0000 Subject: [PATCH 10/36] Update 0_beacon-chain.md --- specs/core/0_beacon-chain.md | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/specs/core/0_beacon-chain.md b/specs/core/0_beacon-chain.md index 7f4522360..820c20edc 100644 --- a/specs/core/0_beacon-chain.md +++ b/specs/core/0_beacon-chain.md @@ -337,22 +337,23 @@ Beacon block production is significantly different because of the proof of stake ### Beacon chain fork choice rule -The beacon chain fork choice rule is a hybrid that combines justification and finality with Latest Message Driven (LMD) Greediest Heaviest Observed SubTree (GHOST). At any point in time a validator `v` calculates the beacon chain head as follows. +The beacon chain fork choice rule is a hybrid that combines justification and finality with Latest Message Driven (LMD) Greediest Heaviest Observed SubTree (GHOST). At any point in time a validator `v` subjectively calculates the beacon chain head as follows. * Let `store` be the set of attestations and blocks that the validator `v` has observed and verified (in particular, block ancestors must be recursively verified). Attestations not part of any chain are still included in `store`. * Let `finalized_head` be the finalized block with the highest slot number. (A block `B` is finalized if there is a descendant of `B` in `store` the processing of which sets `B` as finalized.) * Let `justified_head` be the descendant of `finalized_head` with the highest slot number that has been justified for at least `CYCLE_LENGTH` slots. (A block `B` is justified is there is a descendant of `B` in `store` the processing of which sets `B` as justified.) If no such descendant exists set `justified_head` to `finalized_head`. * Let `get_ancestor(store, block, slot)` be the ancestor of `block` with slot number `slot`. The `get_ancestor` function can be defined recursively as `def get_ancestor(store, block, slot): return block if block.slot == slot else get_ancestor(store, store.get_parent(block), slot)`. -* Let `get_latest_attestation(store, validator)` be the attestation in `store` from `validator` with the highest slot number. If several such attestations exist use the one the validator `v` verified first. +* Let `get_latest_attestation(store, validator)` be the attestation with the highest slot number in `store` from `validator`. If several such attestations exist use the one the validator `v` observed first. * Let `get_latest_attestation_target(store, validator)` be the target block in the attestation `get_latest_attestation(store, validator)`. * The head is `lmd_ghost(store, justified_head)` where the function `lmd_ghost` is defined below. Note that the implementation below is suboptimal; there are implementations that compute the head in logarithmic time. ```python def lmd_ghost(store, start): - active_validators = [start.state.validators[i] for i in range(get_active_validators(start.state.validators, start.slot))] - latest_attestation_targets = [get_latest_attestation_target(store, validator) for validator in active_validators] + validators = start.state.validators + active_validators = [validators[i] for i in range(get_active_validators(validators, start.slot))] + attestation_targets = [get_latest_attestation_target(store, validator) for validator in active_validators] def get_vote_count(block): - return len([target for target in latest_attestation_targets if get_ancestor(store, target, block.slot) == block]) + return len([target for target in attestation_targets if get_ancestor(store, target, block.slot) == block]) head = start while 1: From ea31ff3cea51830f8693770f69dab8b2ab49b45e Mon Sep 17 00:00:00 2001 From: Justin Date: Fri, 23 Nov 2018 16:05:30 +0000 Subject: [PATCH 11/36] Fix minor bug in `ghost_lmd` --- specs/core/0_beacon-chain.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/specs/core/0_beacon-chain.md b/specs/core/0_beacon-chain.md index 820c20edc..ba92b601b 100644 --- a/specs/core/0_beacon-chain.md +++ b/specs/core/0_beacon-chain.md @@ -350,7 +350,7 @@ The beacon chain fork choice rule is a hybrid that combines justification and fi ```python def lmd_ghost(store, start): validators = start.state.validators - active_validators = [validators[i] for i in range(get_active_validators(validators, start.slot))] + active_validators = [validators[i] for i in range(get_active_validator_indices(validators, start.slot))] attestation_targets = [get_latest_attestation_target(store, validator) for validator in active_validators] def get_vote_count(block): return len([target for target in attestation_targets if get_ancestor(store, target, block.slot) == block]) From 70b181fe320d72c9e681d7bb59fee9490e7a35c9 Mon Sep 17 00:00:00 2001 From: Jacek Sieka Date: Fri, 23 Nov 2018 12:57:17 -0600 Subject: [PATCH 12/36] Small fixes * pick out committee when getting proposer * avoid unsigned underflow when chain is starting (since we're using uint) --- specs/core/0_beacon-chain.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/specs/core/0_beacon-chain.md b/specs/core/0_beacon-chain.md index d674823a6..034f8123f 100644 --- a/specs/core/0_beacon-chain.md +++ b/specs/core/0_beacon-chain.md @@ -515,7 +515,7 @@ The following is a function that determines the proposer of a beacon block: ```python def get_beacon_proposer(state:BeaconState, slot: int) -> ValidatorRecord: - first_committee = get_shards_and_committees_for_slot(state, slot)[0] + first_committee = get_shards_and_committees_for_slot(state, slot)[0].committee index = first_committee[slot % len(first_committee)] return state.validators[index] ``` @@ -686,7 +686,7 @@ First, a helper function: ```python def min_empty_validator(validators: List[ValidatorRecord], current_slot: int): for i, v in enumerate(validators): - if v.status == WITHDRAWN and v.exit_slot <= current_slot - DELETION_PERIOD: + if v.status == WITHDRAWN and v.exit_slot + DELETION_PERIOD <= current_slot: return i return None ``` From 6f44db789f97b5cc054c4ae9528a726390096db6 Mon Sep 17 00:00:00 2001 From: vbuterin Date: Fri, 23 Nov 2018 14:57:43 -0500 Subject: [PATCH 13/36] s/=/==/ --- specs/core/0_beacon-chain.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/specs/core/0_beacon-chain.md b/specs/core/0_beacon-chain.md index 1a373eb2f..202e71fdc 100644 --- a/specs/core/0_beacon-chain.md +++ b/specs/core/0_beacon-chain.md @@ -865,7 +865,7 @@ Verify that `BLSVerify(pubkey=get_beacon_proposer(state, block.slot).pubkey, dat ### Process PoW receipt root -If `block.candidate_pow_receipt_root = state.candidate_pow_receipt_root` set `state.candidate_pow_receipt_root_votes += 1`. +If `block.candidate_pow_receipt_root == state.candidate_pow_receipt_root` set `state.candidate_pow_receipt_root_votes += 1`. ### Process penalties, logouts and other special objects From ee40888d2eebd0157ff518a367b98b0a4c8b185b Mon Sep 17 00:00:00 2001 From: vbuterin Date: Fri, 23 Nov 2018 15:01:15 -0500 Subject: [PATCH 14/36] Fix to fixes --- specs/core/0_beacon-chain.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/specs/core/0_beacon-chain.md b/specs/core/0_beacon-chain.md index ba92b601b..ca80daa09 100644 --- a/specs/core/0_beacon-chain.md +++ b/specs/core/0_beacon-chain.md @@ -350,7 +350,7 @@ The beacon chain fork choice rule is a hybrid that combines justification and fi ```python def lmd_ghost(store, start): validators = start.state.validators - active_validators = [validators[i] for i in range(get_active_validator_indices(validators, start.slot))] + active_validators = [validators[i] for i in get_active_validator_indices(validators, start.slot)] attestation_targets = [get_latest_attestation_target(store, validator) for validator in active_validators] def get_vote_count(block): return len([target for target in attestation_targets if get_ancestor(store, target, block.slot) == block]) From 545e35e4b1bc12439a3a9a4c20c36aa6a2bd8360 Mon Sep 17 00:00:00 2001 From: vbuterin Date: Fri, 23 Nov 2018 15:10:03 -0500 Subject: [PATCH 15/36] Clarified "logarithmic" --- specs/core/0_beacon-chain.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/specs/core/0_beacon-chain.md b/specs/core/0_beacon-chain.md index ca80daa09..72e733eed 100644 --- a/specs/core/0_beacon-chain.md +++ b/specs/core/0_beacon-chain.md @@ -345,7 +345,7 @@ The beacon chain fork choice rule is a hybrid that combines justification and fi * Let `get_ancestor(store, block, slot)` be the ancestor of `block` with slot number `slot`. The `get_ancestor` function can be defined recursively as `def get_ancestor(store, block, slot): return block if block.slot == slot else get_ancestor(store, store.get_parent(block), slot)`. * Let `get_latest_attestation(store, validator)` be the attestation with the highest slot number in `store` from `validator`. If several such attestations exist use the one the validator `v` observed first. * Let `get_latest_attestation_target(store, validator)` be the target block in the attestation `get_latest_attestation(store, validator)`. -* The head is `lmd_ghost(store, justified_head)` where the function `lmd_ghost` is defined below. Note that the implementation below is suboptimal; there are implementations that compute the head in logarithmic time. +* The head is `lmd_ghost(store, justified_head)` where the function `lmd_ghost` is defined below. Note that the implementation below is suboptimal; there are implementations that compute the head in time logarithmic in slot count. ```python def lmd_ghost(store, start): From 048090acf6371c0b6455fc14649fb838bb147007 Mon Sep 17 00:00:00 2001 From: Hsiao-Wei Wang Date: Fri, 23 Nov 2018 15:10:59 -0500 Subject: [PATCH 16/36] Update specs/core/0_beacon-chain.md Co-Authored-By: vbuterin --- specs/core/0_beacon-chain.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/specs/core/0_beacon-chain.md b/specs/core/0_beacon-chain.md index 1f2f5c9c5..ef1b27235 100644 --- a/specs/core/0_beacon-chain.md +++ b/specs/core/0_beacon-chain.md @@ -699,7 +699,7 @@ def min_empty_validator(validators: List[ValidatorRecord], current_slot: int): ``` ```python -def get_fork_version(state: State, slot: uint64): +def get_fork_version(state: State, slot: int) -> int: return state.pre_fork_version if slot < state.fork_slot_number else state.post_fork_version ``` From 5508a0f9c5d3696777e2b65cbbe1f656156b60e8 Mon Sep 17 00:00:00 2001 From: vbuterin Date: Fri, 23 Nov 2018 15:13:21 -0500 Subject: [PATCH 17/36] get_fork_version -> get_domain --- specs/core/0_beacon-chain.md | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/specs/core/0_beacon-chain.md b/specs/core/0_beacon-chain.md index ef1b27235..99d15269f 100644 --- a/specs/core/0_beacon-chain.md +++ b/specs/core/0_beacon-chain.md @@ -701,6 +701,9 @@ def min_empty_validator(validators: List[ValidatorRecord], current_slot: int): ```python def get_fork_version(state: State, slot: int) -> int: return state.pre_fork_version if slot < state.fork_slot_number else state.post_fork_version + +def get_domain(state: State, slot: int, base_domain: int) -> int: + return get_fork_version(state, slot) * 2**32 + base_domain ``` Now, to add a validator: @@ -720,7 +723,7 @@ def add_validator(state: State, assert BLSVerify(pub=pubkey, msg=hash(signed_message), sig=proof_of_possession, - domain=get_fork_version(state, current_slot) * 2**32 + DOMAIN_DEPOSIT) + domain=get_domain(state, current_slot, DOMAIN_DEPOSIT)) # Pubkey uniqueness assert pubkey not in [v.pubkey for v in state.validators] rec = ValidatorRecord( @@ -862,7 +865,7 @@ For each `AttestationRecord` object: * Verify that `len(attester_bitfield) == ceil_div8(len(attestation_indices))`, where `ceil_div8 = (x + 7) // 8`. Verify that bits `len(attestation_indices)....` and higher, if present (i.e. `len(attestation_indices)` is not a multiple of 8), are all zero. * Derive a `group_public_key` by adding the public keys of all of the attesters in `attestation_indices` for whom the corresponding bit in `attester_bitfield` (the ith bit is `(attester_bitfield[i // 8] >> (7 - (i %8))) % 2`) equals 1. * Let `data = AttestationSignedData(slot, shard, parent_hashes, shard_block_hash, last_crosslinked_hash, shard_block_combined_data_root, justified_slot)` -* Check `BLSVerify(pubkey=group_public_key, msg=data, sig=aggregate_sig, domain=get_fork_version(state, slot) * 2**32 + DOMAIN_ATTESTATION)` +* Check `BLSVerify(pubkey=group_public_key, msg=data, sig=aggregate_sig, domain=get_domain(state, slot, DOMAIN_ATTESTATION))` Extend the list of `AttestationRecord` objects in the `state` with those included in the block, ordering the new additions in the same order as they came in the block. @@ -897,7 +900,7 @@ For each `SpecialRecord` `obj` in `block.specials`, verify that its `kind` is on ``` Perform the following checks: -* Verify that `BLSVerify(pubkey=validators[data.validator_index].pubkey, msg=hash(LOGOUT_MESSAGE + bytes8(fork_version)), sig=data.signature, domain=get_fork_version(state, current_slot) * 2**32 + DOMAIN_LOGOUT)` +* Verify that `BLSVerify(pubkey=validators[data.validator_index].pubkey, msg=hash(LOGOUT_MESSAGE + bytes8(fork_version)), sig=data.signature, domain=get_domain(state, current_slot, DOMAIN_LOGOUT))` * Verify that `validators[validator_index].status == ACTIVE`. Run `exit_validator(data.validator_index, state, block, penalize=False, current_slot=block.slot)`. @@ -917,7 +920,7 @@ Run `exit_validator(data.validator_index, state, block, penalize=False, current_ Perform the following checks: -* For each `aggregate_sig`, verify that `BLSVerify(pubkey=aggregate_pubkey([validators[i].pubkey for i in aggregate_sig_indices]), msg=vote_data, sig=aggsig, domain=get_fork_version(state, vote_data.slot) * 2**32 + DOMAIN_ATTESTATION)` passes. +* For each `aggregate_sig`, verify that `BLSVerify(pubkey=aggregate_pubkey([validators[i].pubkey for i in aggregate_sig_indices]), msg=vote_data, sig=aggsig, domain=get_domain(state, vote_data.slot, DOMAIN_ATTESTATION))` passes. * Verify that `vote1_data != vote2_data`. * Let `intersection = [x for x in vote1_aggregate_sig_indices if x in vote2_aggregate_sig_indices]`. Verify that `len(intersection) >= 1`. * Verify that `vote1_data.justified_slot < vote2_data.justified_slot < vote2_data.slot <= vote1_data.slot`. From c098978efb5c384d839fcc596b9a6a79875f5cc1 Mon Sep 17 00:00:00 2001 From: vbuterin Date: Fri, 23 Nov 2018 15:14:53 -0500 Subject: [PATCH 18/36] Fixed domain separation for proposals --- specs/core/0_beacon-chain.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/specs/core/0_beacon-chain.md b/specs/core/0_beacon-chain.md index 99d15269f..559b90b16 100644 --- a/specs/core/0_beacon-chain.md +++ b/specs/core/0_beacon-chain.md @@ -873,7 +873,7 @@ Extend the list of `AttestationRecord` objects in the `state` with those include Let `proposal_hash = hash(ProposalSignedData(fork_version, block.slot, 2**64 - 1, block_hash_without_sig))` where `block_hash_without_sig` is the hash of the block except setting `proposer_signature` to `[0, 0]`. -Verify that `BLSVerify(pubkey=get_beacon_proposer(state, block.slot).pubkey, data=proposal_hash, sig=block.proposer_signature)` passes. +Verify that `BLSVerify(pubkey=get_beacon_proposer(state, block.slot).pubkey, data=proposal_hash, sig=block.proposer_signature, domain=get_domain(state, block.slot, DOMAIN_PROPOSAL))` passes. ### Verify and process RANDAO reveal @@ -938,7 +938,7 @@ For each validator index `v` in `intersection`, if `state.validators[v].status` 'proposal1_signature': '[uint256]', } ``` -For each `proposal_signature`, verify that `BLSVerify(pubkey=validators[proposer_index].pubkey, msg=hash(proposal_data), sig=proposal_signature)` passes. Verify that `proposal1_data.slot == proposal2_data.slot` but `proposal1 != proposal2`. If `state.validators[proposer_index].status` does not equal `PENALIZED`, then run `exit_validator(proposer_index, state, penalize=True, current_slot=block.slot)` +For each `proposal_signature`, verify that `BLSVerify(pubkey=validators[proposer_index].pubkey, msg=hash(proposal_data), sig=proposal_signature, domain=get_domain(state, proposal_data.slot, DOMAIN_PROPOSAL))` passes. Verify that `proposal1_data.slot == proposal2_data.slot` but `proposal1 != proposal2`. If `state.validators[proposer_index].status` does not equal `PENALIZED`, then run `exit_validator(proposer_index, state, penalize=True, current_slot=block.slot)` #### DEPOSIT_PROOF From 020ec39260f1aaa2a6df11111df9ce1d7e9c9807 Mon Sep 17 00:00:00 2001 From: vbuterin Date: Fri, 23 Nov 2018 15:25:45 -0500 Subject: [PATCH 19/36] Clarify variables --- specs/core/0_beacon-chain.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/specs/core/0_beacon-chain.md b/specs/core/0_beacon-chain.md index 559b90b16..999a5b566 100644 --- a/specs/core/0_beacon-chain.md +++ b/specs/core/0_beacon-chain.md @@ -920,7 +920,7 @@ Run `exit_validator(data.validator_index, state, block, penalize=False, current_ Perform the following checks: -* For each `aggregate_sig`, verify that `BLSVerify(pubkey=aggregate_pubkey([validators[i].pubkey for i in aggregate_sig_indices]), msg=vote_data, sig=aggsig, domain=get_domain(state, vote_data.slot, DOMAIN_ATTESTATION))` passes. +* For each `vote`, verify that `BLSVerify(pubkey=aggregate_pubkey([validators[i].pubkey for i in vote_aggregate_sig_indices]), msg=vote_data, sig=vote_aggregate_sig, domain=get_domain(state, vote_data.slot, DOMAIN_ATTESTATION))` passes. * Verify that `vote1_data != vote2_data`. * Let `intersection = [x for x in vote1_aggregate_sig_indices if x in vote2_aggregate_sig_indices]`. Verify that `len(intersection) >= 1`. * Verify that `vote1_data.justified_slot < vote2_data.justified_slot < vote2_data.slot <= vote1_data.slot`. From c8e9ff3d87c22e3b0e4dce8f04b6c28fe8957021 Mon Sep 17 00:00:00 2001 From: Hsiao-Wei Wang Date: Thu, 22 Nov 2018 20:13:08 +0800 Subject: [PATCH 20/36] `shard_id` -> `shard` patch --- specs/core/0_beacon-chain.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/specs/core/0_beacon-chain.md b/specs/core/0_beacon-chain.md index 326bca17b..608abb564 100644 --- a/specs/core/0_beacon-chain.md +++ b/specs/core/0_beacon-chain.md @@ -160,8 +160,8 @@ A `ProposalSignedData` has the following fields: 'fork_version': 'uint64', # Slot number 'slot': 'uint64', - # Shard ID (or `2**64 - 1` for beacon chain) - 'shard_id': 'uint64', + # Shard number (or `2**64 - 1` for beacon chain) + 'shard': 'uint64', # Block hash 'block_hash': 'hash32', } From 4ba62bb80a38a620670d25e6db27b7eaa509d157 Mon Sep 17 00:00:00 2001 From: Hsiao-Wei Wang Date: Sun, 25 Nov 2018 00:22:28 +0800 Subject: [PATCH 21/36] Remove leftover --- specs/core/0_beacon-chain.md | 54 ------------------------------------ 1 file changed, 54 deletions(-) diff --git a/specs/core/0_beacon-chain.md b/specs/core/0_beacon-chain.md index 608abb564..28fee7b20 100644 --- a/specs/core/0_beacon-chain.md +++ b/specs/core/0_beacon-chain.md @@ -764,60 +764,6 @@ def exit_validator(index, state, block, penalize, current_slot): add_validator_set_change_record(state, index, validator.pubkey, EXIT) ``` -## On startup - -Run the following code: - -```python -def on_startup(initial_validator_entries: List[Any]) -> BeaconState: - # Induct validators - validators = [] - for pubkey, proof_of_possession, withdrawal_shard, withdrawal_address, \ - randao_commitment in initial_validator_entries: - add_validator( - validators=validators, - pubkey=pubkey, - proof_of_possession=proof_of_possession, - withdrawal_shard=withdrawal_shard, - withdrawal_address=withdrawal_address, - randao_commitment=randao_commitment, - current_slot=0, - status=ACTIVE, - ) - # Setup state - x = get_new_shuffling(bytes([0] * 32), validators, 0) - crosslinks = [ - CrosslinkRecord( - slot=0, - hash=bytes([0] * 32) - ) - for i in range(SHARD_COUNT) - ] - state = BeaconState( - validator_set_change_slot=0, - validators=validators, - crosslinks=crosslinks, - last_state_recalculation_slot=0, - last_finalized_slot=0, - last_justified_slot=0, - justified_streak=0, - shard_and_committee_for_slots=x + x, - persistent_committees=split(shuffle(validators, bytes([0] * 32)), SHARD_COUNT), - persistent_committee_reassignments=[], - deposits_penalized_in_period=[], - next_shuffling_seed=bytes([0] * 32), - validator_set_delta_hash_chain=bytes([0] * 32), # stub - pre_fork_version=INITIAL_FORK_VERSION, - post_fork_version=INITIAL_FORK_VERSION, - fork_slot_number=0, - pending_attestations=[], - recent_block_hashes=[bytes([0] * 32) for _ in range(CYCLE_LENGTH * 2)], - randao_mix=bytes([0] * 32) # stub - ) - - return state -``` - ## Per-block processing This procedure should be carried out every beacon block. From d0f7937089df34934c95ed0b37b0fca72588f354 Mon Sep 17 00:00:00 2001 From: Justin Date: Sat, 24 Nov 2018 19:54:05 +0000 Subject: [PATCH 22/36] Remove TODO See for example https://github.com/ethereum/eth2.0-specs/issues/128 --- specs/core/0_beacon-chain.md | 36 ------------------------------------ 1 file changed, 36 deletions(-) diff --git a/specs/core/0_beacon-chain.md b/specs/core/0_beacon-chain.md index 28fee7b20..33271cf35 100644 --- a/specs/core/0_beacon-chain.md +++ b/specs/core/0_beacon-chain.md @@ -1108,42 +1108,6 @@ while len(state.persistent_committee_reassignments) > 0 and state.persistent_com state.persistent_committees[rec.shard].append(rec.validator_index) ``` -### TODO - -Note: This spec is ~65% complete. - -**Missing** - -* [ ] Specify the shard chain blocks, blobs, proposers, etc. -* [ ] Specify the deposit contract on the PoW chain in Vyper -* [ ] Specify the beacon chain genesis rules ([issue 58](https://github.com/ethereum/eth2.0-specs/issues/58)) -* [ ] Specify the logic for proofs of custody, including slashing conditions -* [ ] Specify BLSVerify and rework the spec for BLS12-381 throughout -* [ ] Specify the constraints for `SpecialRecord`s ([issue 43](https://github.com/ethereum/eth2.0-specs/issues/43)) -* [ ] Specify the calculation and validation of `BeaconBlock.state_root` -* [ ] Undergo peer review, security audits and formal verification - -**Documentation** - -* [ ] Specify the various assumptions (global clock, networking latency, validator honesty, validator liveness, etc.) -* [ ] Add an appendix on gossip networks and the offchain signature aggregation logic -* [ ] Add a glossary (in a separate `glossary.md`) to comprehensively and precisely define all the terms -* [ ] Clearly document the various edge cases, e.g. with committee sizing -* [ ] Rework the document for readability - -**Possible modifications and additions** - -* [ ] Homogenise types to `uint64` ([PR 36](https://github.com/ethereum/eth2.0-specs/pull/36)) -* [ ] Reduce the slot duration to 8 seconds -* [ ] Allow for the delayed inclusion of aggregated signatures -* [ ] Introduce a RANDAO slashing condition for early reveals -* [ ] Use a separate hash function for the proof of possession -* [ ] Rework the `ShardAndCommittee` data structures -* [ ] Add a double-batched Merkle accumulator for historical beacon chain blocks -* [ ] Allow for deposits larger than 32 ETH, as well as deposit top-ups -* [ ] Add penalties for deposits below 32 ETH (or some other threshold) -* [ ] Add a `SpecialRecord` to (re)register - # Appendix ## Appendix A - Hash function From d0f43663a34e7c1844d8838032732615acc4b29a Mon Sep 17 00:00:00 2001 From: Danny Ryan Date: Sat, 24 Nov 2018 14:40:48 -0600 Subject: [PATCH 23/36] Update 0_beacon-chain.md --- specs/core/0_beacon-chain.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/specs/core/0_beacon-chain.md b/specs/core/0_beacon-chain.md index 999a5b566..72103e732 100644 --- a/specs/core/0_beacon-chain.md +++ b/specs/core/0_beacon-chain.md @@ -863,7 +863,7 @@ For each `AttestationRecord` object: * Compute `parent_hashes` = `[get_block_hash(state, block, slot - CYCLE_LENGTH + i) for i in range(1, CYCLE_LENGTH - len(oblique_parent_hashes) + 1)] + oblique_parent_hashes` (eg, if `CYCLE_LENGTH = 4`, `slot = 5`, the actual block hashes starting from slot 0 are `Z A B C D E F G H I J`, and `oblique_parent_hashes = [D', E']` then `parent_hashes = [B, C, D' E']`). Note that when *creating* an attestation for a block, the hash of that block itself won't yet be in the `state`, so you would need to add it explicitly. * Let `attestation_indices` be `get_shards_and_committees_for_slot(state, slot)[x]`, choosing `x` so that `attestation_indices.shard` equals the `shard` value provided to find the set of validators that is creating this attestation record. * Verify that `len(attester_bitfield) == ceil_div8(len(attestation_indices))`, where `ceil_div8 = (x + 7) // 8`. Verify that bits `len(attestation_indices)....` and higher, if present (i.e. `len(attestation_indices)` is not a multiple of 8), are all zero. -* Derive a `group_public_key` by adding the public keys of all of the attesters in `attestation_indices` for whom the corresponding bit in `attester_bitfield` (the ith bit is `(attester_bitfield[i // 8] >> (7 - (i %8))) % 2`) equals 1. +* Derive a `group_public_key` by adding the public keys of all of the attesters in `attestation_indices` for whom the corresponding bit in `attester_bitfield` (the ith bit is `(attester_bitfield[i // 8] >> (7 - (i % 8))) % 2`) equals 1. * Let `data = AttestationSignedData(slot, shard, parent_hashes, shard_block_hash, last_crosslinked_hash, shard_block_combined_data_root, justified_slot)` * Check `BLSVerify(pubkey=group_public_key, msg=data, sig=aggregate_sig, domain=get_domain(state, slot, DOMAIN_ATTESTATION))` From 6bdff4e82eca1e6e9ada9e6f4e8a99b14d1e88cb Mon Sep 17 00:00:00 2001 From: vbuterin Date: Sat, 24 Nov 2018 16:04:07 -0500 Subject: [PATCH 24/36] Fix Justin's issues 10 and 12 --- specs/core/0_beacon-chain.md | 28 +++++++++++----------------- 1 file changed, 11 insertions(+), 17 deletions(-) diff --git a/specs/core/0_beacon-chain.md b/specs/core/0_beacon-chain.md index 33271cf35..796360404 100644 --- a/specs/core/0_beacon-chain.md +++ b/specs/core/0_beacon-chain.md @@ -94,7 +94,7 @@ The primary source of load on the beacon chain are "attestations". Attestations ### PoW chain registration contract -The initial deployment phases of Ethereum 2.0 are implemented without consensus changes to the PoW chain. A registration contract is added to the PoW chain to deposit ETH. This contract has a `registration` function which takes as arguments `pubkey`, `withdrawal_shard`, `withdrawal_address`, `randao_commitment` as defined in a `ValidatorRecord` below. A BLS `proof_of_possession` of types `bytes` is given as a final argument. +The initial deployment phases of Ethereum 2.0 are implemented without consensus changes to the PoW chain. A registration contract is added to the PoW chain to deposit ETH. This contract has a `registration` function which takes as arguments `pubkey`, `withdrawal_credentials`, `randao_commitment` as defined in a `ValidatorRecord` below. A BLS `proof_of_possession` of types `bytes` is given as a final argument. The registration contract emits a log with the various arguments for consumption by the beacon chain. It does not do validation, pushing the registration logic to the beacon chain. In particular, the proof of possession (based on the BLS12-381 curve) is not verified by the registration contract. @@ -260,10 +260,8 @@ A `ValidatorRecord` has the following fields: { # BLS public key 'pubkey': 'uint256', - # Withdrawal shard number - 'withdrawal_shard': 'uint16', - # Withdrawal address - 'withdrawal_address': 'address', + # Withdrawal credentials + 'withdrawal_credentials': 'hash32', # RANDAO commitment 'randao_commitment': 'hash32', # Slot the RANDAO commitment was last changed @@ -603,8 +601,7 @@ The contract is at address `DEPOSIT_CONTRACT_ADDRESS`. When a user wishes to bec { 'pubkey': 'int256', 'proof_of_possession': ['int256'], - 'withdrawal_shard': 'int64', - 'withdrawal_address`: 'bytes20', + 'withdrawal_credentials`: 'hash32', 'randao_commitment`: 'hash32' } ``` @@ -638,14 +635,13 @@ A valid block with slot `0` (the "genesis block") has the following values. Othe def on_startup(initial_validator_entries: List[Any], genesis_time: uint64, pow_receipt_root: Hash32) -> BeaconState: # Induct validators validators = [] - for pubkey, proof_of_possession, withdrawal_shard, withdrawal_address, \ + for pubkey, proof_of_possession, withdrawal_credentials, \ randao_commitment in initial_validator_entries: add_validator( validators=validators, pubkey=pubkey, proof_of_possession=proof_of_possession, - withdrawal_shard=withdrawal_shard, - withdrawal_address=withdrawal_address, + withdrawal_credentials=withdrawal_credentials, randao_commitment=randao_commitment, current_slot=0, status=ACTIVE, @@ -712,14 +708,13 @@ Now, to add a validator: def add_validator(validators: List[ValidatorRecord], pubkey: int, proof_of_possession: bytes, - withdrawal_shard: int, - withdrawal_address: Address, + withdrawal_credentials: Hash32, randao_commitment: Hash32, status: int, current_slot: int) -> int: # if following assert fails, validator induction failed # move on to next validator registration log - signed_message = bytes32(pubkey) + bytes2(withdrawal_shard) + withdrawal_address + randao_commitment + signed_message = bytes32(pubkey) + bytes2(withdrawal_shard) + withdrawal_credentials + randao_commitment assert BLSVerify(pub=pubkey, msg=hash(signed_message), sig=proof_of_possession) @@ -727,8 +722,7 @@ def add_validator(validators: List[ValidatorRecord], assert pubkey not in [v.pubkey for v in validators] rec = ValidatorRecord( pubkey=pubkey, - withdrawal_shard=withdrawal_shard, - withdrawal_address=withdrawal_address, + withdrawal_credentials=withdrawal_credentials, randao_commitment=randao_commitment, randao_last_change=current_slot, balance=DEPOSIT_SIZE * GWEI_PER_ETH, @@ -916,7 +910,7 @@ def verify_merkle_branch(leaf: Hash32, branch: [Hash32], depth: int, index: int, Verify that `deposit_data.msg_value == DEPOSIT_SIZE` and `block.slot - (deposit_data.timestamp - state.genesis_time) // SLOT_DURATION < DELETION_PERIOD`. -Run `add_validator(validators, deposit_data.deposit_params.pubkey, deposit_data.deposit_params.proof_of_possession, deposit_data.deposit_params.withdrawal_shard, data.deposit_params.withdrawal_address, deposit_data.deposit_params.randao_commitment, PENDING_ACTIVATION, block.slot)`. +Run `add_validator(validators, deposit_data.deposit_params.pubkey, deposit_data.deposit_params.proof_of_possession, deposit_data.deposit_params.withdrawal_credentials, deposit_data.deposit_params.randao_commitment, PENDING_ACTIVATION, block.slot)`. ## State recalculations (every `CYCLE_LENGTH` slots) @@ -977,7 +971,7 @@ For every shard number `shard` for which a crosslink committee exists in the cyc If `last_state_recalculation_slot % POW_RECEIPT_ROOT_VOTING_PERIOD == 0`, then: -* If `state.candidate_pow_receipt_root_votes * 3 >= POW_RECEIPT_ROOT_VOTING_PERIOD * 2` set `state.processed_pow_receipt_root = state.candidate_pow_receipt_root`. +* If `state.candidate_pow_receipt_root_votes * 2 >= POW_RECEIPT_ROOT_VOTING_PERIOD` set `state.processed_pow_receipt_root = state.candidate_pow_receipt_root`. * Set `state.candidate_pow_receipt_root = block.candidate_pow_receipt_root`. * Set `state.candidate_pow_receipt_root_votes = 0`. From b92889cf8391ba3e0dd5ea63eee780a888dd87d1 Mon Sep 17 00:00:00 2001 From: vbuterin Date: Sat, 24 Nov 2018 16:07:25 -0500 Subject: [PATCH 25/36] Add a minimum deposit time equal to the SHARD_PERSISTENT_COMMITTEE_CHANGE_PERIOD --- specs/core/0_beacon-chain.md | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/specs/core/0_beacon-chain.md b/specs/core/0_beacon-chain.md index 796360404..1efd98d4b 100644 --- a/specs/core/0_beacon-chain.md +++ b/specs/core/0_beacon-chain.md @@ -270,8 +270,8 @@ A `ValidatorRecord` has the following fields: 'balance': 'uint64', # Status code 'status': 'uint8', - # Slot when validator exited (or 0) - 'exit_slot': 'uint64' + # Slot when validator last changed status (or 0) + 'last_status_change_slot': 'uint64' # Sequence number when validator exited (or 0) 'exit_seq': 'uint64' } @@ -697,7 +697,7 @@ First, a helper function: ```python def min_empty_validator(validators: List[ValidatorRecord], current_slot: int): for i, v in enumerate(validators): - if v.status == WITHDRAWN and v.exit_slot + DELETION_PERIOD <= current_slot: + if v.status == WITHDRAWN and v.last_status_change_slot + DELETION_PERIOD <= current_slot: return i return None ``` @@ -727,7 +727,7 @@ def add_validator(validators: List[ValidatorRecord], randao_last_change=current_slot, balance=DEPOSIT_SIZE * GWEI_PER_ETH, status=status, - exit_slot=0, + last_status_change_slot=current_slot, exit_seq=0 ) index = min_empty_validator(validators) @@ -744,7 +744,7 @@ def add_validator(validators: List[ValidatorRecord], ```python def exit_validator(index, state, block, penalize, current_slot): validator = state.validators[index] - validator.exit_slot = current_slot + validator.last_status_change_slot = current_slot validator.exit_seq = state.current_exit_seq state.current_exit_seq += 1 if penalize: @@ -841,6 +841,7 @@ Perform the following checks: * Let `fork_version = pre_fork_version if block.slot < fork_slot_number else post_fork_version`. Verify that `BLSVerify(pubkey=validators[data.validator_index].pubkey, msg=hash(LOGOUT_MESSAGE + bytes8(fork_version)), sig=data.signature)` * Verify that `validators[validator_index].status == ACTIVE`. +* Verify that `block.slot >= last_status_change_slot + SHARD_PERSISTENT_COMMITTEE_CHANGE_PERIOD` Run `exit_validator(data.validator_index, state, block, penalize=False, current_slot=block.slot)`. @@ -1010,7 +1011,7 @@ def change_validators(validators: List[ValidatorRecord], current_slot: int) -> N ) if validators[i].status == PENDING_EXIT: validators[i].status = PENDING_WITHDRAW - validators[i].exit_slot = current_slot + validators[i].last_status_change_slot = current_slot total_changed += validators[i].balance add_validator_set_change_record( state=state, @@ -1032,14 +1033,14 @@ def change_validators(validators: List[ValidatorRecord], current_slot: int) -> N # calculate their penalties if they were slashed def withdrawable(v): - return v.status in (PENDING_WITHDRAW, PENALIZED) and current_slot >= v.exit_slot + MIN_WITHDRAWAL_PERIOD + return v.status in (PENDING_WITHDRAW, PENALIZED) and current_slot >= v.last_status_change_slot + MIN_WITHDRAWAL_PERIOD withdrawable_validators = sorted(filter(withdrawable, validators), key=lambda v: v.exit_seq) for v in withdrawable_validators[:WITHDRAWALS_PER_CYCLE]: if v.status == PENALIZED: v.balance -= v.balance * min(total_penalties * 3, total_balance) // total_balance v.status = WITHDRAWN - v.exit_slot = current_slot + v.last_status_change_slot = current_slot withdraw_amount = v.balance ... From 4be17dea143c104a4f81940852dd6aed2ff9eb61 Mon Sep 17 00:00:00 2001 From: vbuterin Date: Sat, 24 Nov 2018 16:12:27 -0500 Subject: [PATCH 26/36] Made candidate PoW receipt roots into a map --- specs/core/0_beacon-chain.md | 24 +++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/specs/core/0_beacon-chain.md b/specs/core/0_beacon-chain.md index 1efd98d4b..cc4113aad 100644 --- a/specs/core/0_beacon-chain.md +++ b/specs/core/0_beacon-chain.md @@ -238,8 +238,7 @@ The `BeaconState` has the following fields: 'genesis_time': 'uint64', # PoW receipt root 'processed_pow_receipt_root': 'hash32', - 'candidate_pow_receipt_root': 'hash32', - 'candidate_pow_receipt_root_votes': 'uint64', + 'candidate_pow_receipt_roots': [CandidateReceiptRootRecord], # Parameters relevant to hard forks / versioning. # Should be updated only by hard forks. 'pre_fork_version': 'uint64', @@ -312,6 +311,15 @@ A `ShardReassignmentRecord` object has the following fields: } ``` +A `CandidateReceiptRootRecord` object contains the following fields: + +```python +{ + 'receipt_root': 'hash32', + 'votes': 'uint64', +} +``` + ## Beacon chain processing The beacon chain is the "main chain" of the PoS system. The beacon chain's main responsibilities are: @@ -620,7 +628,7 @@ A valid block with slot `0` (the "genesis block") has the following values. Othe { 'slot': 0, 'randao_reveal': bytes32(0), - 'candidate_pow_receipt_root': bytes32(0), + 'candidate_pow_receipt_roots': [], 'ancestor_hashes': [bytes32(0) for i in range(32)], 'state_root': STARTUP_STATE_ROOT, 'attestations': [], @@ -672,8 +680,7 @@ def on_startup(initial_validator_entries: List[Any], genesis_time: uint64, pow_r current_exit_seq=0, genesis_time=genesis_time, processed_pow_receipt_root=pow_receipt_root, - candidate_pow_receipt_root=bytes([0] * 32), - candidate_pow_receipt_root_votes=0, + candidate_pow_receipt_roots=[], pre_fork_version=INITIAL_FORK_VERSION, post_fork_version=INITIAL_FORK_VERSION, fork_slot_number=0, @@ -821,7 +828,7 @@ Verify that `BLSVerify(pubkey=get_beacon_proposer(state, block.slot).pubkey, dat ### Process PoW receipt root -If `block.candidate_pow_receipt_root == state.candidate_pow_receipt_root` set `state.candidate_pow_receipt_root_votes += 1`. +If `block.candidate_pow_receipt_root` is `x.receipt_root` for some `x` in `state.candidate_pow_receipt_roots`, set `x.votes += 1`. Otherwise, append to `state.candidate_pow_receipt_roots` a new `CandidateReceiptRootRecord(receipt_root=block.candidate_pow_receipt_root, votes=1)`. ### Process penalties, logouts and other special objects @@ -972,9 +979,8 @@ For every shard number `shard` for which a crosslink committee exists in the cyc If `last_state_recalculation_slot % POW_RECEIPT_ROOT_VOTING_PERIOD == 0`, then: -* If `state.candidate_pow_receipt_root_votes * 2 >= POW_RECEIPT_ROOT_VOTING_PERIOD` set `state.processed_pow_receipt_root = state.candidate_pow_receipt_root`. -* Set `state.candidate_pow_receipt_root = block.candidate_pow_receipt_root`. -* Set `state.candidate_pow_receipt_root_votes = 0`. +* If for any `x` in `state.candidate_pow_receipt_root`, `x.votes * 2 >= POW_RECEIPT_ROOT_VOTING_PERIOD` set `state.processed_pow_receipt_root = x.receipt_root`. +* Set `state.candidate_pow_receipt_roots = []`. ### Validator set change From 40d289f1a3004caafdecabeb4e9faa74b40c435f Mon Sep 17 00:00:00 2001 From: vbuterin Date: Sat, 24 Nov 2018 16:16:27 -0500 Subject: [PATCH 27/36] Resolved Justin's #13 --- specs/core/0_beacon-chain.md | 1 + 1 file changed, 1 insertion(+) diff --git a/specs/core/0_beacon-chain.md b/specs/core/0_beacon-chain.md index 1efd98d4b..1600519f5 100644 --- a/specs/core/0_beacon-chain.md +++ b/specs/core/0_beacon-chain.md @@ -803,6 +803,7 @@ For each `AttestationRecord` object: * Derive a group public key by adding the public keys of all of the attesters in `attestation_indices` for whom the corresponding bit in `attester_bitfield` (the ith bit is `(attester_bitfield[i // 8] >> (7 - (i %8))) % 2`) equals 1. * Let `fork_version = pre_fork_version if slot < fork_slot_number else post_fork_version`. * Verify that `aggregate_sig` verifies using the group pubkey generated and the serialized form of `AttestationSignedData(fork_version, slot, shard, parent_hashes, shard_block_hash, last_crosslinked_hash, shard_block_combined_data_root, justified_slot)` as the message. +* [TO BE REMOVED IN PHASE 1] Verify that `shard_block_hash == bytes([0] * 32)` Extend the list of `AttestationRecord` objects in the `state` with those included in the block, ordering the new additions in the same order as they came in the block. From 5ba47b476a0ded767cc8b23d263c881c06986614 Mon Sep 17 00:00:00 2001 From: vbuterin Date: Sat, 24 Nov 2018 16:20:20 -0500 Subject: [PATCH 28/36] Shard uint16 -> uint64 --- specs/core/0_beacon-chain.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/specs/core/0_beacon-chain.md b/specs/core/0_beacon-chain.md index 1600519f5..791faf84d 100644 --- a/specs/core/0_beacon-chain.md +++ b/specs/core/0_beacon-chain.md @@ -132,7 +132,7 @@ An `AttestationRecord` has the following fields: # Slot number 'slot': 'uint64', # Shard number - 'shard': 'uint16', + 'shard': 'uint64', # Beacon block hashes not part of the current chain, oldest to newest 'oblique_parent_hashes': ['hash32'], # Shard block hash being attested to @@ -176,7 +176,7 @@ An `AttestationSignedData` has the following fields: # Slot number 'slot': 'uint64', # Shard number - 'shard': 'uint16', + 'shard': 'uint64', # CYCLE_LENGTH parent hashes 'parent_hashes': ['hash32'], # Shard block hash @@ -293,7 +293,7 @@ A `ShardAndCommittee` object has the following fields: ```python { # Shard number - 'shard': 'uint16', + 'shard': 'uint64', # Validator indices 'committee': ['uint24'] } @@ -306,7 +306,7 @@ A `ShardReassignmentRecord` object has the following fields: # Which validator to reassign 'validator_index': 'uint24', # To which shard - 'shard': 'uint16', + 'shard': 'uint64', # When 'slot': 'uint64' } From 755eadb20a3645368c15c369d5d8ce8c15234cfa Mon Sep 17 00:00:00 2001 From: Justin Date: Sat, 24 Nov 2018 21:41:53 +0000 Subject: [PATCH 29/36] Fixes to PoW receipt roots --- specs/core/0_beacon-chain.md | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/specs/core/0_beacon-chain.md b/specs/core/0_beacon-chain.md index cc4113aad..5d0c31309 100644 --- a/specs/core/0_beacon-chain.md +++ b/specs/core/0_beacon-chain.md @@ -238,7 +238,7 @@ The `BeaconState` has the following fields: 'genesis_time': 'uint64', # PoW receipt root 'processed_pow_receipt_root': 'hash32', - 'candidate_pow_receipt_roots': [CandidateReceiptRootRecord], + 'candidate_pow_receipt_roots': [CandidatePoWReceiptRootRecord], # Parameters relevant to hard forks / versioning. # Should be updated only by hard forks. 'pre_fork_version': 'uint64', @@ -311,12 +311,14 @@ A `ShardReassignmentRecord` object has the following fields: } ``` -A `CandidateReceiptRootRecord` object contains the following fields: +A `CandidatePoWReceiptRootRecord` object contains the following fields: ```python { - 'receipt_root': 'hash32', - 'votes': 'uint64', + # Candidate PoW receipt root + 'candidate_pow_receipt_root': 'hash32', + # Vote count + 'votes': 'uint64' } ``` @@ -618,7 +620,7 @@ If the user wishes to deposit more than `DEPOSIT_SIZE` ETH, they would need to m * `initial_validator_entries` equal to the list of data records published as HashChainValue logs so far, in the order in which they were published (oldest to newest). * `genesis_time` equal to the `time` value published in the log -* `pow_receipt_root` equal to the `receipt_root` value published in the log +* `processed_pow_receipt_root` equal to the `receipt_root` value published in the log ### On startup @@ -640,7 +642,7 @@ A valid block with slot `0` (the "genesis block") has the following values. Othe `STARTUP_STATE_ROOT` is the root of the initial state, computed by running the following code: ```python -def on_startup(initial_validator_entries: List[Any], genesis_time: uint64, pow_receipt_root: Hash32) -> BeaconState: +def on_startup(initial_validator_entries: List[Any], genesis_time: uint64, processed_pow_receipt_root: Hash32) -> BeaconState: # Induct validators validators = [] for pubkey, proof_of_possession, withdrawal_credentials, \ @@ -679,7 +681,7 @@ def on_startup(initial_validator_entries: List[Any], genesis_time: uint64, pow_r validator_set_delta_hash_chain=bytes([0] * 32), # stub current_exit_seq=0, genesis_time=genesis_time, - processed_pow_receipt_root=pow_receipt_root, + processed_pow_receipt_root=processed_pow_receipt_root, candidate_pow_receipt_roots=[], pre_fork_version=INITIAL_FORK_VERSION, post_fork_version=INITIAL_FORK_VERSION, @@ -828,7 +830,7 @@ Verify that `BLSVerify(pubkey=get_beacon_proposer(state, block.slot).pubkey, dat ### Process PoW receipt root -If `block.candidate_pow_receipt_root` is `x.receipt_root` for some `x` in `state.candidate_pow_receipt_roots`, set `x.votes += 1`. Otherwise, append to `state.candidate_pow_receipt_roots` a new `CandidateReceiptRootRecord(receipt_root=block.candidate_pow_receipt_root, votes=1)`. +If `block.candidate_pow_receipt_root` is `x.candidate_pow_receipt_root` for some `x` in `state.candidate_pow_receipt_roots`, set `x.votes += 1`. Otherwise, append to `state.candidate_pow_receipt_roots` a new `CandidatePoWReceiptRootRecord(candidate_pow_receipt_root=block.candidate_pow_receipt_root, votes=1)`. ### Process penalties, logouts and other special objects From 6fe5928a84d445d45c806bc217aa8c889fd63e87 Mon Sep 17 00:00:00 2001 From: vbuterin Date: Sun, 25 Nov 2018 08:06:37 -0500 Subject: [PATCH 30/36] Blocks to fixed size, add proposal signatures --- specs/core/1_shard-data-chains.md | 76 ++++++++++++++----------------- 1 file changed, 33 insertions(+), 43 deletions(-) diff --git a/specs/core/1_shard-data-chains.md b/specs/core/1_shard-data-chains.md index c01c6e98f..18341265e 100644 --- a/specs/core/1_shard-data-chains.md +++ b/specs/core/1_shard-data-chains.md @@ -19,7 +19,14 @@ Phase 1 depends upon all of the constants defined in [Phase 0](0_beacon-chain.md | Constant | Value | Unit | Approximation | |------------------------|-----------------|-------|---------------| | `CHUNK_SIZE` | 2**8 (= 256) | bytes | | -| `MAX_SHARD_BLOCK_SIZE` | 2**15 (= 32768) | bytes | | +| `SHARD_BLOCK_SIZE` | 2**14 (= 16384) | bytes | | + +### Flags, domains, etc. + +| Constant | Value | +|------------------------|-----------------| +| `SHARD_PROPOSER_DOMAIN`| 129 | +| `SHARD_ATTESTER_DOMAIN`| 130 | ## Data Structures @@ -43,7 +50,9 @@ A `ShardBlock` object has the following fields: 'data_root': 'hash32' # State root (placeholder for now) 'state_root': 'hash32', - # Attestation (including block signature) + # Block signature + 'signature': ['uint256'], + # Attestation 'attester_bitfield': 'bytes', 'aggregate_sig': ['uint256'], } @@ -61,31 +70,27 @@ To validate a block header on shard `shard_id`, compute as follows: * Verify that `beacon_chain_ref` is the hash of a block in the beacon chain with slot less than or equal to `slot`. Verify that `beacon_chain_ref` is equal to or a descendant of the `beacon_chain_ref` specified in the `ShardBlock` pointed to by `parent_hash`. * Let `state` be the state of the beacon chain block referred to by `beacon_chain_ref`. Let `validators` be `[validators[i] for i in state.current_persistent_committees[shard_id]]`. * Assert `len(attester_bitfield) == ceil_div8(len(validators))` -* Let `curblock_proposer_index = hash(state.randao_mix + bytes8(shard_id) + bytes8(slot)) % len(validators)`. Let `parent_proposer_index` be the same value calculated for the parent block. -* Make sure that the `parent_proposer_index`'th bit in the `attester_bitfield` is set to 1. -* Generate the group public key by adding the public keys of all the validators for whom the corresponding position in the bitfield is set to 1. Verify the `aggregate_sig` using this as the pubkey and the `parent_hash` as the message. +* Let `proposer_index = hash(state.randao_mix + bytes8(shard_id) + bytes8(slot)) % len(validators)`. Let `msg` be the block but with the `block.signature` set to `[0, 0]`. Verify that `BLSVerify(pub=validators[proposer_index].pubkey, msg=hash(msg), sig=block.signature, domain=get_domain(state, slot, SHARD_PROPOSER_DOMAIN))` passes. +* Generate the `group_public_key` by adding the public keys of all the validators for whom the corresponding position in the bitfield is set to 1. Verify that `BLSVerify(pub=group_public_key, msg=parent_hash, sig=block.aggregate_sig, domain=get_domain(state, slot, SHARD_ATTESTER_DOMAIN))` passes. + +### Block Merklization heper + +```python +def merkle_root(block_body): + assert len(block_body) == SHARD_BLOCK_SIZE + chunks = SHARD_BLOCK_SIZE // CHUNK_SIZE + o = [0] * chunks + [block_body[i * CHUNK_SIZE: (i+1) * CHUNK_SIZE] for i in range(chunks)] + for i in range(chunks-1, 0, -1): + o[i] = hash(o[i*2] + o[i*2+1]) + return o[1] +``` ### Verifying shard block data -At network layer, we expect a shard block header to be broadcast along with its `block_body`. First, we define a helper function that takes as input beacon chain state and outputs the max block size in bytes: +At network layer, we expect a shard block header to be broadcast along with its `block_body`. -```python -def shard_block_maxbytes(state): - max_grains = MAX_SHARD_BLOCK_SIZE // CHUNK_SIZE - validators_at_target_committee_size = SHARD_COUNT * TARGET_COMMITTEE_SIZE - - # number of grains per block is proportional to the number of validators - # up until `validators_at_target_committee_size` - grains = min( - len(get_active_validator_indices(state.validators)) * max_grains // validators_at_target_committee_size, - max_grains - ) - - return CHUNK_SIZE * grains -``` - -* Verify that `len(block_body) == shard_block_maxbytes(state)` -* Define `filler_bytes = next_power_of_2(len(block_body)) - len(block_body)`. Compute a simple binary Merkle tree of `block_body + bytes([0] * filler_bytes)` and verify that the root equals the `data_root` in the header. +* Verify that `len(block_body) == SHARD_BLOCK_SIZE` +* Verify that `merkle_root(block_body)` equals the `data_root` in the header. ### Verifying a crosslink @@ -93,23 +98,13 @@ A node should sign a crosslink only if the following conditions hold. **If a nod First, the conditions must recursively apply to the crosslink referenced in `last_crosslink_hash` for the same shard (unless `last_crosslink_hash` equals zero, in which case we are at the genesis). -Second, we verify the `shard_block_combined_data_root`. Let `h` be the slot _immediately after_ the slot of the shard block included by the last crosslink, and `h+n-1` be the slot number of the block directly referenced by the current `shard_block_hash`. Let `B[i]` be the block at slot `h+i` in the shard chain. Let `bodies[0] .... bodies[n-1]` be the bodies of these blocks and `roots[0] ... roots[n-1]` the data roots. If there is a missing slot in the shard chain at position `h+i`, then `bodies[i] == b'\x00' * shard_block_maxbytes(state[i])` and `roots[i]` be the Merkle root of the empty data. Define `compute_merkle_root` be a simple Merkle root calculating function that takes as input a list of objects, where the list's length must be an exact power of two. Let `state[i]` be the beacon chain state at height `h+i` (if the beacon chain is missing a block at some slot, the state is unchanged), and `depths[i]` be equal to `log2(next_power_of_2(shard_block_maxbytes(state[i]) // CHUNK_SIZE))` (ie. the expected depth of the i'th data tree). We define the function for computing the combined data root as follows: +Second, we verify the `shard_block_combined_data_root`. Let `h` be the slot _immediately after_ the slot of the shard block included by the last crosslink, and `h+n-1` be the slot number of the block directly referenced by the current `shard_block_hash`. Let `B[i]` be the block at slot `h+i` in the shard chain. Let `bodies[0] .... bodies[n-1]` be the bodies of these blocks and `roots[0] ... roots[n-1]` the data roots. If there is a missing slot in the shard chain at position `h+i`, then `bodies[i] == b'\x00' * shard_block_maxbytes(state[i])` and `roots[i]` be the Merkle root of the empty data. Define `compute_merkle_root` be a simple Merkle root calculating function that takes as input a list of objects, where the list's length must be an exact power of two. We define the function for computing the combined data root as follows: ```python -def get_zeroroot_at_depth(n): - o = b'\x00' * CHUNK_SIZE - for i in range(n): - o = hash(o + o) - return o +ZERO_ROOT = merkle_root(bytes([0] * SHARD_BLOCK_SIZE)) -def mk_combined_data_root(depths, roots): - default_value = get_zeroroot_at_depth(max(depths)) - data = [default_value for _ in range(next_power_of_2(len(roots)))] - for i, (depth, root) in enumerate(zip(depths, roots)): - value = root - for j in range(depth, max(depths)): - value = hash(value, get_zeroroot_at_depth(depth + j)) - data[i] = value +def mk_combined_data_root(roots): + data = roots + [ZERO_ROOT for _ in range(len(roots), next_power_of_2(len(roots)))] return compute_merkle_root(data) ``` @@ -117,12 +112,7 @@ This outputs the root of a tree of the data roots, with the data roots all adjus ```python def mk_combined_data_root(depths, bodies): - default_value = get_zeroroot_at_depth(max(depths)) - padded_body_length = max([CHUNK_SIZE * 2**d for d in depths]) - data = b'' - for body in bodies: - padded_body = body + bytes([0] * (padded_body_length - len(body))) - data += padded_body + data = b''.join(bodies) data += bytes([0] * (next_power_of_2(len(data)) - len(data)) return compute_merkle_root([data[pos:pos+CHUNK_SIZE] for pos in range(0, len(data), CHUNK_SIZE)]) ``` From 16d05b353a86f787e2c1dcf0bcdca8fd7463c942 Mon Sep 17 00:00:00 2001 From: Danny Ryan Date: Sun, 25 Nov 2018 09:54:29 -0600 Subject: [PATCH 31/36] remove `GENESIS_TIME` from constants This constant has been superseded by `BeaconState.genesis_time` --- specs/core/0_beacon-chain.md | 1 - 1 file changed, 1 deletion(-) diff --git a/specs/core/0_beacon-chain.md b/specs/core/0_beacon-chain.md index 81a4ebdeb..376cb5c66 100644 --- a/specs/core/0_beacon-chain.md +++ b/specs/core/0_beacon-chain.md @@ -38,7 +38,6 @@ The primary source of load on the beacon chain are "attestations". Attestations | `GWEI_PER_ETH` | 10**9 | Gwei/ETH | | `DEPOSIT_CONTRACT_ADDRESS` | **TBD** | - | | `TARGET_COMMITTEE_SIZE` | 2**8 (= 256) | validators | -| `GENESIS_TIME` | **TBD** | seconds | | `SLOT_DURATION` | 6 | seconds | | `CYCLE_LENGTH` | 2**6 (= 64) | slots | ~6 minutes | | `MIN_VALIDATOR_SET_CHANGE_INTERVAL` | 2**8 (= 256) | slots | ~25 minutes | From e7110767234cc5aaea356c61c1877ef46b8156a3 Mon Sep 17 00:00:00 2001 From: Danny Ryan Date: Sun, 25 Nov 2018 10:02:43 -0600 Subject: [PATCH 32/36] Update 0_beacon-chain.md --- specs/core/0_beacon-chain.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/specs/core/0_beacon-chain.md b/specs/core/0_beacon-chain.md index 376cb5c66..e5c2da3bb 100644 --- a/specs/core/0_beacon-chain.md +++ b/specs/core/0_beacon-chain.md @@ -343,7 +343,7 @@ For a block on the beacon chain to be processed by a node, four conditions have * The parent pointed to by the `ancestor_hashes[0]` has already been processed and accepted * An attestation from the _proposer_ of the block (see later for definition) is included along with the block in the network message object * The PoW chain block pointed to by the `processed_pow_receipt_root` has already been processed and accepted -* The node's local clock time is greater than or equal to the minimum timestamp as computed by `GENESIS_TIME + block.slot * SLOT_DURATION` +* The node's local clock time is greater than or equal to the minimum timestamp as computed by `state.genesis_time + block.slot * SLOT_DURATION` If these conditions are not met, the client should delay processing the beacon block until the conditions are all satisfied. From c0aa43804bf1b07f45fabc41769e0237b5e6e16d Mon Sep 17 00:00:00 2001 From: Danny Ryan Date: Sun, 25 Nov 2018 10:12:48 -0600 Subject: [PATCH 33/36] block proposer sig to uint384 --- specs/core/0_beacon-chain.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/specs/core/0_beacon-chain.md b/specs/core/0_beacon-chain.md index e5c2da3bb..611aa8ce6 100644 --- a/specs/core/0_beacon-chain.md +++ b/specs/core/0_beacon-chain.md @@ -129,7 +129,7 @@ A `BeaconBlock` has the following fields: # Specials (e.g. logouts, penalties) 'specials': [SpecialRecord], # Proposer signature - 'proposer_signature': ['uint256'], + 'proposer_signature': ['uint384'], } ``` @@ -900,9 +900,9 @@ For each validator index `v` in `intersection`, if `state.validators[v].status` { 'proposer_index': 'uint24', 'proposal1_data': ProposalSignedData, - 'proposal1_signature': '[uint256]', + 'proposal1_signature': '[uint384]', 'proposal2_data': ProposalSignedData, - 'proposal1_signature': '[uint256]', + 'proposal1_signature': '[uint384]', } ``` For each `proposal_signature`, verify that `BLSVerify(pubkey=validators[proposer_index].pubkey, msg=hash(proposal_data), sig=proposal_signature, domain=get_domain(state, proposal_data.slot, DOMAIN_PROPOSAL))` passes. Verify that `proposal1_data.slot == proposal2_data.slot` but `proposal1 != proposal2`. If `state.validators[proposer_index].status` does not equal `PENALIZED`, then run `exit_validator(proposer_index, state, penalize=True, current_slot=block.slot)` From e539de99225ffcd41cc30cade5f3790d552ba408 Mon Sep 17 00:00:00 2001 From: Danny Ryan Date: Sun, 25 Nov 2018 10:37:52 -0600 Subject: [PATCH 34/36] remove fork_version from ProposalSignedData --- specs/core/0_beacon-chain.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/specs/core/0_beacon-chain.md b/specs/core/0_beacon-chain.md index 611aa8ce6..47178dc4b 100644 --- a/specs/core/0_beacon-chain.md +++ b/specs/core/0_beacon-chain.md @@ -164,8 +164,6 @@ A `ProposalSignedData` has the following fields: ```python { - # Fork version - 'fork_version': 'uint64', # Slot number 'slot': 'uint64', # Shard number (or `2**64 - 1` for beacon chain) @@ -835,7 +833,7 @@ Extend the list of `AttestationRecord` objects in the `state` with those include ### Verify proposer signature -Let `proposal_hash = hash(ProposalSignedData(fork_version, block.slot, 2**64 - 1, block_hash_without_sig))` where `block_hash_without_sig` is the hash of the block except setting `proposer_signature` to `[0, 0]`. +Let `proposal_hash = hash(ProposalSignedData(block.slot, 2**64 - 1, block_hash_without_sig))` where `block_hash_without_sig` is the hash of the block except setting `proposer_signature` to `[0, 0]`. Verify that `BLSVerify(pubkey=get_beacon_proposer(state, block.slot).pubkey, data=proposal_hash, sig=block.proposer_signature, domain=get_domain(state, block.slot, DOMAIN_PROPOSAL))` passes. From 6c660de8ff3c424c96cb260a15e7dfc611e7d412 Mon Sep 17 00:00:00 2001 From: chainsafe Date: Sun, 25 Nov 2018 12:03:27 -0500 Subject: [PATCH 35/36] updated spelling --- specs/core/1_shard-data-chains.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/specs/core/1_shard-data-chains.md b/specs/core/1_shard-data-chains.md index 18341265e..59a6f6c1a 100644 --- a/specs/core/1_shard-data-chains.md +++ b/specs/core/1_shard-data-chains.md @@ -73,7 +73,7 @@ To validate a block header on shard `shard_id`, compute as follows: * Let `proposer_index = hash(state.randao_mix + bytes8(shard_id) + bytes8(slot)) % len(validators)`. Let `msg` be the block but with the `block.signature` set to `[0, 0]`. Verify that `BLSVerify(pub=validators[proposer_index].pubkey, msg=hash(msg), sig=block.signature, domain=get_domain(state, slot, SHARD_PROPOSER_DOMAIN))` passes. * Generate the `group_public_key` by adding the public keys of all the validators for whom the corresponding position in the bitfield is set to 1. Verify that `BLSVerify(pub=group_public_key, msg=parent_hash, sig=block.aggregate_sig, domain=get_domain(state, slot, SHARD_ATTESTER_DOMAIN))` passes. -### Block Merklization heper +### Block Merklization helper ```python def merkle_root(block_body): From 2902170b261451ac33fc98fe1f19d6d541a0477f Mon Sep 17 00:00:00 2001 From: vbuterin Date: Sun, 25 Nov 2018 22:22:15 -0500 Subject: [PATCH 36/36] Reduce width of vyper code --- specs/core/0_beacon-chain.md | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/specs/core/0_beacon-chain.md b/specs/core/0_beacon-chain.md index 47178dc4b..c4fe82c27 100644 --- a/specs/core/0_beacon-chain.md +++ b/specs/core/0_beacon-chain.md @@ -362,10 +362,13 @@ The beacon chain fork choice rule is a hybrid that combines justification and fi ```python def lmd_ghost(store, start): validators = start.state.validators - active_validators = [validators[i] for i in get_active_validator_indices(validators, start.slot)] - attestation_targets = [get_latest_attestation_target(store, validator) for validator in active_validators] + active_validators = [validators[i] for i in + get_active_validator_indices(validators, start.slot)] + attestation_targets = [get_latest_attestation_target(store, validator) + for validator in active_validators] def get_vote_count(block): - return len([target for target in attestation_targets if get_ancestor(store, target, block.slot) == block]) + return len([target for target in attestation_targets if + get_ancestor(store, target, block.slot) == block]) head = start while 1: