From a4f8a77c027766af6cbc12f9f5cddc08fe0b85bc Mon Sep 17 00:00:00 2001 From: Martin Lundfall Date: Mon, 16 Dec 2019 12:55:18 +0100 Subject: [PATCH 01/46] Fix spelling errors found by codespell --- Makefile | 3 +++ scripts/build_spec.py | 2 +- specs/core/0_beacon-chain.md | 2 +- specs/test_formats/ssz_generic/README.md | 2 +- .../block_processing/test_process_attester_slashing.py | 4 ++-- .../epoch_processing/test_process_rewards_and_penalties.py | 2 +- 6 files changed, 9 insertions(+), 6 deletions(-) diff --git a/Makefile b/Makefile index 2cdb1021f..2bd87aed8 100644 --- a/Makefile +++ b/Makefile @@ -77,6 +77,9 @@ check_toc: $(MARKDOWN_FILES:=.toc) diff -q $* $*.tmp && \ rm $*.tmp +codespell: + ! codespell . --skip ./.git | grep -v 'disabled' + lint: $(PY_SPEC_ALL_TARGETS) cd $(PY_SPEC_DIR); . venv/bin/activate; \ flake8 --ignore=E252,W504,W503 --max-line-length=120 ./eth2spec \ diff --git a/scripts/build_spec.py b/scripts/build_spec.py index cca5a1bf9..d5689b082 100644 --- a/scripts/build_spec.py +++ b/scripts/build_spec.py @@ -252,7 +252,7 @@ def combine_ssz_objects(old_objects: Dict[str, str], new_objects: Dict[str, str] return old_objects -# inserts are handeled the same way as functions +# inserts are handled the same way as functions combine_inserts = combine_functions diff --git a/specs/core/0_beacon-chain.md b/specs/core/0_beacon-chain.md index e7c62d342..ab1ea2c08 100644 --- a/specs/core/0_beacon-chain.md +++ b/specs/core/0_beacon-chain.md @@ -560,7 +560,7 @@ def int_to_bytes(n: uint64, length: uint64) -> bytes: ```python def bytes_to_int(data: bytes) -> uint64: """ - Return the integer deserialization of ``data`` intepreted as ``ENDIANNESS``-endian. + Return the integer deserialization of ``data`` interpreted as ``ENDIANNESS``-endian. """ return int.from_bytes(data, ENDIANNESS) ``` diff --git a/specs/test_formats/ssz_generic/README.md b/specs/test_formats/ssz_generic/README.md index b6faa04af..68bdbc15f 100644 --- a/specs/test_formats/ssz_generic/README.md +++ b/specs/test_formats/ssz_generic/README.md @@ -150,7 +150,7 @@ Template: Data: -{container name}: Any of the container names listed below (exluding the `(Container)` python super type) +{container name}: Any of the container names listed below (excluding the `(Container)` python super type) ``` ```python diff --git a/test_libs/pyspec/eth2spec/test/phase_0/block_processing/test_process_attester_slashing.py b/test_libs/pyspec/eth2spec/test/phase_0/block_processing/test_process_attester_slashing.py index 98a6e25e5..19fdd04a2 100644 --- a/test_libs/pyspec/eth2spec/test/phase_0/block_processing/test_process_attester_slashing.py +++ b/test_libs/pyspec/eth2spec/test/phase_0/block_processing/test_process_attester_slashing.py @@ -262,7 +262,7 @@ def test_att1_duplicate_index_normal_signed(spec, state): indices.pop(1) # remove an index, make room for the additional duplicate index. attester_slashing.attestation_1.attesting_indices = sorted(indices) - # sign it, the signature will be valid for a single occurence. If the transition accidentally ignores the duplicate. + # sign it, the signature will be valid for a single occurrence. If the transition accidentally ignores the duplicate. sign_indexed_attestation(spec, state, attester_slashing.attestation_1) indices.append(indices[0]) # add one of the indices a second time @@ -282,7 +282,7 @@ def test_att2_duplicate_index_normal_signed(spec, state): indices.pop(2) # remove an index, make room for the additional duplicate index. attester_slashing.attestation_2.attesting_indices = sorted(indices) - # sign it, the signature will be valid for a single occurence. If the transition accidentally ignores the duplicate. + # sign it, the signature will be valid for a single occurrence. If the transition accidentally ignores the duplicate. sign_indexed_attestation(spec, state, attester_slashing.attestation_2) indices.append(indices[1]) # add one of the indices a second time diff --git a/test_libs/pyspec/eth2spec/test/phase_0/epoch_processing/test_process_rewards_and_penalties.py b/test_libs/pyspec/eth2spec/test/phase_0/epoch_processing/test_process_rewards_and_penalties.py index 7d844b63b..b4fc46b7d 100644 --- a/test_libs/pyspec/eth2spec/test/phase_0/epoch_processing/test_process_rewards_and_penalties.py +++ b/test_libs/pyspec/eth2spec/test/phase_0/epoch_processing/test_process_rewards_and_penalties.py @@ -155,7 +155,7 @@ def test_duplicate_attestation(spec, state): next_epoch(spec, single_state) next_epoch(spec, dup_state) - # Run non-duplicate inclusion rewards for comparision. Do not yield test vectors + # Run non-duplicate inclusion rewards for comparison. Do not yield test vectors for _ in run_process_rewards_and_penalties(spec, single_state): pass From 5234e431ec71643e57da90825728d9a5db963054 Mon Sep 17 00:00:00 2001 From: Martin Lundfall Date: Mon, 16 Dec 2019 12:55:51 +0100 Subject: [PATCH 02/46] Add codespell to ci --- .circleci/config.yml | 10 ++++++++++ Makefile | 1 + 2 files changed, 11 insertions(+) diff --git a/.circleci/config.yml b/.circleci/config.yml index 19ab1543a..60d26e896 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -112,6 +112,15 @@ jobs: - run: name: Check table of contents command: sudo npm install -g doctoc && make check_toc + codespell: + docker: + - image: circleci/python:3.6 + working_directory: ~/specs-repo + steps: + - checkout + - run: + name: Check codespell + command: pip install codespell --user && make codespell lint: docker: - image: circleci/python:3.6 @@ -158,6 +167,7 @@ workflows: requires: - install_pyspec_test - table_of_contents + - codespell - lint: requires: - test diff --git a/Makefile b/Makefile index 2bd87aed8..61fc34a52 100644 --- a/Makefile +++ b/Makefile @@ -78,6 +78,7 @@ check_toc: $(MARKDOWN_FILES:=.toc) rm $*.tmp codespell: + # Check codespell for errors, but disregard entries in .codespell-whitelist ! codespell . --skip ./.git | grep -v 'disabled' lint: $(PY_SPEC_ALL_TARGETS) From 21c8c58cb18c717b59b715c089a588501b27a5d4 Mon Sep 17 00:00:00 2001 From: Martin Lundfall Date: Mon, 16 Dec 2019 13:22:08 +0100 Subject: [PATCH 03/46] edit comment to make line shorter --- .../block_processing/test_process_attester_slashing.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test_libs/pyspec/eth2spec/test/phase_0/block_processing/test_process_attester_slashing.py b/test_libs/pyspec/eth2spec/test/phase_0/block_processing/test_process_attester_slashing.py index 19fdd04a2..dba48ca64 100644 --- a/test_libs/pyspec/eth2spec/test/phase_0/block_processing/test_process_attester_slashing.py +++ b/test_libs/pyspec/eth2spec/test/phase_0/block_processing/test_process_attester_slashing.py @@ -262,7 +262,7 @@ def test_att1_duplicate_index_normal_signed(spec, state): indices.pop(1) # remove an index, make room for the additional duplicate index. attester_slashing.attestation_1.attesting_indices = sorted(indices) - # sign it, the signature will be valid for a single occurrence. If the transition accidentally ignores the duplicate. + # The signature will be valid for a single occurrence. If the transition accidentally ignores the duplicate. sign_indexed_attestation(spec, state, attester_slashing.attestation_1) indices.append(indices[0]) # add one of the indices a second time @@ -282,7 +282,7 @@ def test_att2_duplicate_index_normal_signed(spec, state): indices.pop(2) # remove an index, make room for the additional duplicate index. attester_slashing.attestation_2.attesting_indices = sorted(indices) - # sign it, the signature will be valid for a single occurrence. If the transition accidentally ignores the duplicate. + # The signature will be valid for a single occurrence. If the transition accidentally ignores the duplicate. sign_indexed_attestation(spec, state, attester_slashing.attestation_2) indices.append(indices[1]) # add one of the indices a second time From 798fadc3cb432ac6c260ecf456e58d3ca6ebbbe4 Mon Sep 17 00:00:00 2001 From: Martin Lundfall Date: Mon, 16 Dec 2019 14:11:05 +0100 Subject: [PATCH 04/46] Makefile: Use codespell as intended --- Makefile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/Makefile b/Makefile index 61fc34a52..2b165ad7d 100644 --- a/Makefile +++ b/Makefile @@ -78,8 +78,7 @@ check_toc: $(MARKDOWN_FILES:=.toc) rm $*.tmp codespell: - # Check codespell for errors, but disregard entries in .codespell-whitelist - ! codespell . --skip ./.git | grep -v 'disabled' + codespell . --skip ./.git -I .codespell-whitelist lint: $(PY_SPEC_ALL_TARGETS) cd $(PY_SPEC_DIR); . venv/bin/activate; \ From 502ee295379c1f3c5c3649e12330fb5be5d7a83b Mon Sep 17 00:00:00 2001 From: Carl Beekhuizen Date: Tue, 17 Dec 2019 12:04:56 +0200 Subject: [PATCH 05/46] Phase 0 new BLS --- scripts/build_spec.py | 23 +-- specs/bls_signature.md | 148 ------------------ specs/core/0_beacon-chain.md | 64 +++++--- specs/validator/0_beacon-chain-validator.md | 16 +- .../eth2spec/test/helpers/attestations.py | 17 +- .../pyspec/eth2spec/test/helpers/block.py | 24 +-- .../eth2spec/test/helpers/block_header.py | 10 +- .../pyspec/eth2spec/test/helpers/custody.py | 51 ++---- .../pyspec/eth2spec/test/helpers/deposits.py | 10 +- .../test/helpers/phase1/attestations.py | 18 +-- .../test/helpers/phase1/shard_block.py | 14 +- .../eth2spec/test/helpers/voluntary_exits.py | 14 +- .../eth2spec/test/sanity/test_blocks.py | 23 +-- test_libs/pyspec/eth2spec/utils/bls.py | 26 +-- 14 files changed, 136 insertions(+), 322 deletions(-) delete mode 100644 specs/bls_signature.md diff --git a/scripts/build_spec.py b/scripts/build_spec.py index 834a2dcf7..ca8bbb6dd 100644 --- a/scripts/build_spec.py +++ b/scripts/build_spec.py @@ -11,7 +11,7 @@ from typing import ( PHASE0_IMPORTS = '''from typing import ( - Any, Dict, Set, Sequence, Tuple, Optional + Any, Dict, Set, Sequence, Tuple, Optional, TypeVar ) from dataclasses import ( @@ -21,20 +21,23 @@ from dataclasses import ( from eth2spec.utils.ssz.ssz_impl import hash_tree_root from eth2spec.utils.ssz.ssz_typing import ( - boolean, Container, List, Vector, uint64, + boolean, Container, List, Vector, uint64, SSZType, Bytes1, Bytes4, Bytes8, Bytes32, Bytes48, Bytes96, Bitlist, Bitvector, ) from eth2spec.utils.bls import ( - bls_aggregate_signatures, + Verify, + Sign, + Aggregate, + FastAggregateVerify, bls_aggregate_pubkeys, - bls_verify, - bls_sign, ) from eth2spec.utils.hash_function import hash + +SSZObject = TypeVar('SSZObject', bound=SSZType) ''' PHASE1_IMPORTS = '''from typing import ( - Any, Dict, Set, Sequence, MutableSequence, NewType, Tuple, Union, + Any, Dict, Set, Sequence, MutableSequence, NewType, Tuple, Union, TypeVar ) from math import ( log2, @@ -56,10 +59,11 @@ from eth2spec.utils.ssz.ssz_typing import ( uint64, bit, boolean, byte, ) from eth2spec.utils.bls import ( + Verify, + Sign, + Aggregate, + FastAggregateVerify, bls_aggregate_pubkeys, - bls_verify, - bls_verify_multiple, - bls_signature_to_G2, ) from eth2spec.utils.hash_function import hash @@ -67,6 +71,7 @@ from eth2spec.utils.hash_function import hash SSZVariableName = str GeneralizedIndex = NewType('GeneralizedIndex', int) +SSZObject = TypeVar('SSZObject', bound=SSZType) ''' SUNDRY_CONSTANTS_FUNCTIONS = ''' def ceillog2(x: uint64) -> int: diff --git a/specs/bls_signature.md b/specs/bls_signature.md deleted file mode 100644 index aafeeb54d..000000000 --- a/specs/bls_signature.md +++ /dev/null @@ -1,148 +0,0 @@ -# BLS signature verification - -**Notice**: This document is a placeholder to facilitate the emergence of cross-client testnets. Substantive changes are postponed until [BLS standardisation](https://github.com/cfrg/draft-irtf-cfrg-bls-signature) is finalized. - -**Warning**: The constructions in this document should not be considered secure. In particular, the `hash_to_G2` function is known to be unsecure. - -## Table of contents - - - - - -- [Curve parameters](#curve-parameters) -- [Point representations](#point-representations) - - [G1 points](#g1-points) - - [G2 points](#g2-points) -- [Helpers](#helpers) - - [`hash_to_G2`](#hash_to_g2) - - [`modular_squareroot`](#modular_squareroot) -- [Aggregation operations](#aggregation-operations) - - [`bls_aggregate_pubkeys`](#bls_aggregate_pubkeys) - - [`bls_aggregate_signatures`](#bls_aggregate_signatures) -- [Signature verification](#signature-verification) - - [`bls_verify`](#bls_verify) - - [`bls_verify_multiple`](#bls_verify_multiple) - - - - -## Curve parameters - -The BLS12-381 curve parameters are defined [here](https://z.cash/blog/new-snark-curve). - -## Point representations - -We represent points in the groups G1 and G2 following [zkcrypto/pairing](https://github.com/zkcrypto/pairing/tree/master/src/bls12_381). We denote by `q` the field modulus and by `i` the imaginary unit. - -### G1 points - -A point in G1 is represented as a 384-bit integer `z` decomposed as a 381-bit integer `x` and three 1-bit flags in the top bits: - -* `x = z % 2**381` -* `a_flag = (z % 2**382) // 2**381` -* `b_flag = (z % 2**383) // 2**382` -* `c_flag = (z % 2**384) // 2**383` - -Respecting bit ordering, `z` is decomposed as `(c_flag, b_flag, a_flag, x)`. - -We require: - -* `x < q` -* `c_flag == 1` -* if `b_flag == 1` then `a_flag == x == 0` and `z` represents the point at infinity -* if `b_flag == 0` then `z` represents the point `(x, y)` where `y` is the valid coordinate such that `(y * 2) // q == a_flag` - -### G2 points - -A point in G2 is represented as a pair of 384-bit integers `(z1, z2)`. We decompose `z1` as above into `x1`, `a_flag1`, `b_flag1`, `c_flag1` and `z2` into `x2`, `a_flag2`, `b_flag2`, `c_flag2`. - -We require: - -* `x1 < q` and `x2 < q` -* `a_flag2 == b_flag2 == c_flag2 == 0` -* `c_flag1 == 1` -* if `b_flag1 == 1` then `a_flag1 == x1 == x2 == 0` and `(z1, z2)` represents the point at infinity -* if `b_flag1 == 0` then `(z1, z2)` represents the point `(x1 * i + x2, y)` where `y` is the valid coordinate such that the imaginary part `y_im` of `y` satisfies `(y_im * 2) // q == a_flag1` - -## Helpers - -### `hash_to_G2` - -```python -G2_cofactor = 305502333931268344200999753193121504214466019254188142667664032982267604182971884026507427359259977847832272839041616661285803823378372096355777062779109 -q = 4002409555221667393417789825735904156556882819939007885332058136124031650490837864442687629129015664037894272559787 - -def hash_to_G2(message_hash: Bytes32, domain: Bytes8) -> Tuple[uint384, uint384]: - # Initial candidate x coordinate - x_re = int.from_bytes(hash(message_hash + domain + b'\x01'), 'big') - x_im = int.from_bytes(hash(message_hash + domain + b'\x02'), 'big') - x_coordinate = Fq2([x_re, x_im]) # x = x_re + i * x_im - - # Test candidate y coordinates until a one is found - while 1: - y_coordinate_squared = x_coordinate ** 3 + Fq2([4, 4]) # The curve is y^2 = x^3 + 4(i + 1) - y_coordinate = modular_squareroot(y_coordinate_squared) - if y_coordinate is not None: # Check if quadratic residue found - return multiply_in_G2((x_coordinate, y_coordinate), G2_cofactor) - x_coordinate += Fq2([1, 0]) # Add 1 and try again -``` - -### `modular_squareroot` - -`modular_squareroot(x)` returns a solution `y` to `y**2 % q == x`, and `None` if none exists. If there are two solutions, the one with higher imaginary component is favored; if both solutions have equal imaginary component, the one with higher real component is favored (note that this is equivalent to saying that the single solution with either imaginary component > p/2 or imaginary component zero and real component > p/2 is favored). - -The following is a sample implementation; implementers are free to implement modular square roots as they wish. Note that `x2 = -x1` is an _additive modular inverse_ so real and imaginary coefficients remain in `[0 .. q-1]`. `coerce_to_int(element: Fq) -> int` is a function that takes Fq element `element` (i.e. integers `mod q`) and converts it to a regular integer. - -```python -Fq2_order = q ** 2 - 1 -eighth_roots_of_unity = [Fq2([1,1]) ** ((Fq2_order * k) // 8) for k in range(8)] - -def modular_squareroot(value: Fq2) -> Fq2: - candidate_squareroot = value ** ((Fq2_order + 8) // 16) - check = candidate_squareroot ** 2 / value - if check in eighth_roots_of_unity[::2]: - x1 = candidate_squareroot / eighth_roots_of_unity[eighth_roots_of_unity.index(check) // 2] - x2 = -x1 - x1_re, x1_im = coerce_to_int(x1.coeffs[0]), coerce_to_int(x1.coeffs[1]) - x2_re, x2_im = coerce_to_int(x2.coeffs[0]), coerce_to_int(x2.coeffs[1]) - return x1 if (x1_im > x2_im or (x1_im == x2_im and x1_re > x2_re)) else x2 - return None -``` - -## Aggregation operations - -### `bls_aggregate_pubkeys` - -Let `bls_aggregate_pubkeys(pubkeys: List[Bytes48]) -> Bytes48` return `pubkeys[0] + .... + pubkeys[len(pubkeys)-1]`, where `+` is the elliptic curve addition operation over the G1 curve. (When `len(pubkeys) == 0` the empty sum is the G1 point at infinity.) - -### `bls_aggregate_signatures` - -Let `bls_aggregate_signatures(signatures: List[Bytes96]) -> Bytes96` return `signatures[0] + .... + signatures[len(signatures)-1]`, where `+` is the elliptic curve addition operation over the G2 curve. (When `len(signatures) == 0` the empty sum is the G2 point at infinity.) - -## Signature verification - -In the following, `e` is the pairing function and `g` is the G1 generator with the following coordinates (see [here](https://github.com/zkcrypto/pairing/tree/master/src/bls12_381#g1)): - -```python -g_x = 3685416753713387016781088315183077757961620795782546409894578378688607592378376318836054947676345821548104185464507 -g_y = 1339506544944476473020471379941921221584933875938349620426543736416511423956333506472724655353366534992391756441569 -g = Fq2([g_x, g_y]) -``` - -### `bls_verify` - -Let `bls_verify(pubkey: Bytes48, message_hash: Bytes32, signature: Bytes96, domain: Bytes8) -> bool`: - -* Verify that `pubkey` is a valid G1 point. -* Verify that `signature` is a valid G2 point. -* Verify that `e(pubkey, hash_to_G2(message_hash, domain)) == e(g, signature)`. - -### `bls_verify_multiple` - -Let `bls_verify_multiple(pubkeys: List[Bytes48], message_hashes: List[Bytes32], signature: Bytes96, domain: Bytes8) -> bool`: - -* Verify that each `pubkey` in `pubkeys` is a valid G1 point. -* Verify that `signature` is a valid G2 point. -* Verify that `len(pubkeys)` equals `len(message_hashes)` and denote the length `L`. -* Verify that `e(pubkeys[0], hash_to_G2(message_hashes[0], domain)) * ... * e(pubkeys[L-1], hash_to_G2(message_hashes[L-1], domain)) == e(g, signature)`. diff --git a/specs/core/0_beacon-chain.md b/specs/core/0_beacon-chain.md index 20087c069..71980e88c 100644 --- a/specs/core/0_beacon-chain.md +++ b/specs/core/0_beacon-chain.md @@ -379,6 +379,14 @@ class BeaconBlockHeader(Container): body_root: Root ``` +#### `DomainWrapper` + +```python +class DomainWrapper(Container): + root: Root + domain: Domain +``` + ### Beacon operations #### `ProposerSlashing` @@ -575,13 +583,17 @@ def bytes_to_int(data: bytes) -> uint64: `def hash_tree_root(object: SSZSerializable) -> Root` is a function for hashing objects into a single root by utilizing a hash tree structure, as defined in the [SSZ spec](../simple-serialize.md#merkleization). -#### `bls_verify` +#### BLS Signatures -`bls_verify` is a function for verifying a BLS signature, as defined in the [BLS Signature spec](../bls_signature.md#bls_verify). +Eth2 makes use of BLS signatures as specified in the [IETF draft BLS specification](https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-00). -#### `bls_aggregate_pubkeys` +Specifically, eth2 uses the `BLS_SIG_BLS12381G2-SHA256-SSWU-RO-_POP_` ciphersuite where it makes use of the following functions: -`bls_aggregate_pubkeys` is a function for aggregating multiple BLS public keys into a single aggregate key, as defined in the [BLS Signature spec](../bls_signature.md#bls_aggregate_pubkeys). +* `def Sign(SK: int, message: Bytes) -> BLSSignature` +* `def Verify(PK: BLSPubkey, message: Bytes, signature: BLSSignature) -> bool` +* `def Aggregate(signatures: Sequence[BLSSignature]) -> BLSSignature` +* `def bls_aggregate_pubkeys(PKs: Sequence[BLSPubkey]) -> BLSPubkey` +* `def FastAggregateVerify(PKs: Sequence[BLSSignature], message: Bytes, signature: BLSSignature) -> bool` ### Predicates @@ -664,14 +676,10 @@ def is_valid_indexed_attestation(state: BeaconState, indexed_attestation: Indexe if not indices == sorted(set(indices)): return False # Verify aggregate signature - if not bls_verify( - pubkey=bls_aggregate_pubkeys([state.validators[i].pubkey for i in indices]), - message_hash=hash_tree_root(indexed_attestation.data), - signature=indexed_attestation.signature, - domain=get_domain(state, DOMAIN_BEACON_ATTESTER, indexed_attestation.data.target.epoch), - ): - return False - return True + pubkeys = [state.validators[i].pubkey for i in indices] + domain = get_domain(state, DOMAIN_BEACON_ATTESTER, indexed_attestation.data.target.epoch) + message = compute_domain_wrapper_root(indexed_attestation.data, domain) + return FastAggregateVerify(pubkeys, message, indexed_attestation.signature) ``` #### `is_valid_merkle_branch` @@ -789,6 +797,17 @@ def compute_domain(domain_type: DomainType, fork_version: Version=Version()) -> return Domain(domain_type + fork_version) ``` +### `compute_domain_wrapper_root` + +```python +def compute_domain_wrapper_root(object: SSZObject, domain: Domain) -> Root: + domain_wrapped_object = DomainWrapper( + root=hash_tree_root(object), + domain=domain, + ) + return hash_tree_root(domain_wrapped_object) +``` + ### Beacon state accessors #### `get_current_epoch` @@ -1131,8 +1150,8 @@ def state_transition(state: BeaconState, signed_block: SignedBeaconBlock, valida ```python def verify_block_signature(state: BeaconState, signed_block: SignedBeaconBlock) -> bool: proposer = state.validators[get_beacon_proposer_index(state)] - domain = get_domain(state, DOMAIN_BEACON_PROPOSER) - return bls_verify(proposer.pubkey, hash_tree_root(signed_block.message), signed_block.signature, domain) + message = compute_domain_wrapper_root(signed_block.message, get_domain(state, DOMAIN_BEACON_PROPOSER)) + return Verify(proposer.pubkey, message, signed_block.signature) ``` ```python @@ -1431,7 +1450,8 @@ def process_randao(state: BeaconState, body: BeaconBlockBody) -> None: epoch = get_current_epoch(state) # Verify RANDAO reveal proposer = state.validators[get_beacon_proposer_index(state)] - assert bls_verify(proposer.pubkey, hash_tree_root(epoch), body.randao_reveal, get_domain(state, DOMAIN_RANDAO)) + message = compute_domain_wrapper_root(epoch, get_domain(state, DOMAIN_RANDAO)) + assert Verify(proposer.pubkey, message, body.randao_reveal) # Mix in RANDAO reveal mix = xor(get_randao_mix(state, epoch), hash(body.randao_reveal)) state.randao_mixes[epoch % EPOCHS_PER_HISTORICAL_VECTOR] = mix @@ -1478,8 +1498,11 @@ def process_proposer_slashing(state: BeaconState, proposer_slashing: ProposerSla assert is_slashable_validator(proposer, get_current_epoch(state)) # Signatures are valid for signed_header in (proposer_slashing.signed_header_1, proposer_slashing.signed_header_2): - domain = get_domain(state, DOMAIN_BEACON_PROPOSER, compute_epoch_at_slot(signed_header.message.slot)) - assert bls_verify(proposer.pubkey, hash_tree_root(signed_header.message), signed_header.signature, domain) + message = compute_domain_wrapper_root( + object=signed_header.message, + domain=get_domain(state, DOMAIN_BEACON_PROPOSER, compute_epoch_at_slot(signed_header.message.slot)), + ) + assert Verify(proposer.pubkey, message, signed_header.signature) slash_validator(state, proposer_slashing.proposer_index) ``` @@ -1557,12 +1580,12 @@ def process_deposit(state: BeaconState, deposit: Deposit) -> None: # Verify the deposit signature (proof of possession) for new validators. # Note: The deposit contract does not check signatures. # Note: Deposits are valid across forks, thus the deposit domain is retrieved directly from `compute_domain`. - domain = compute_domain(DOMAIN_DEPOSIT) deposit_message = DepositMessage( pubkey=deposit.data.pubkey, withdrawal_credentials=deposit.data.withdrawal_credentials, amount=deposit.data.amount) - if not bls_verify(pubkey, hash_tree_root(deposit_message), deposit.data.signature, domain): + message = compute_domain_wrapper_root(deposit_message, compute_domain(DOMAIN_DEPOSIT)) + if not Verify(pubkey, message, deposit.data.signature): return # Add validator and balance entries @@ -1598,7 +1621,8 @@ def process_voluntary_exit(state: BeaconState, signed_voluntary_exit: SignedVolu assert get_current_epoch(state) >= validator.activation_epoch + PERSISTENT_COMMITTEE_PERIOD # Verify signature domain = get_domain(state, DOMAIN_VOLUNTARY_EXIT, voluntary_exit.epoch) - assert bls_verify(validator.pubkey, hash_tree_root(voluntary_exit), signed_voluntary_exit.signature, domain) + message = compute_domain_wrapper_root(voluntary_exit, domain) + assert Verify(validator.pubkey, message, signed_voluntary_exit.signature) # Initiate exit initiate_validator_exit(state, voluntary_exit.validator_index) ``` diff --git a/specs/validator/0_beacon-chain-validator.md b/specs/validator/0_beacon-chain-validator.md index 76bcc3b7d..5e80e84a6 100644 --- a/specs/validator/0_beacon-chain-validator.md +++ b/specs/validator/0_beacon-chain-validator.md @@ -117,7 +117,7 @@ To submit a deposit: - Set `deposit_data.withdrawal_credentials` to `withdrawal_credentials`. - Set `deposit_data.amount` to `amount`. - Let `deposit_message` be a `DepositMessage` with all the `DepositData` contents except the `signature`. -- Let `signature` be the result of `bls_sign` of the `hash_tree_root(deposit_message)` with `domain=compute_domain(DOMAIN_DEPOSIT)`. (Deposits are valid regardless of fork version, `compute_domain` will default to zeroes there). +- Let `signature` be the result of `Sign` of the `compute_domain_wrapper_root(deposit_message, domain)` with `domain=compute_domain(DOMAIN_DEPOSIT)`. (Deposits are valid regardless of fork version, `compute_domain` will default to zeroes there). - Let `deposit_data_root` be `hash_tree_root(deposit_data)`. - Send a transaction on the Ethereum 1.0 chain to `DEPOSIT_CONTRACT_ADDRESS` executing `def deposit(pubkey: bytes[48], withdrawal_credentials: bytes[32], signature: bytes[96], deposit_data_root: bytes32)` along with a deposit of `amount` Gwei. @@ -234,7 +234,8 @@ Set `block.body.randao_reveal = epoch_signature` where `epoch_signature` is obta ```python def get_epoch_signature(state: BeaconState, block: BeaconBlock, privkey: int) -> BLSSignature: domain = get_domain(state, DOMAIN_RANDAO, compute_epoch_at_slot(block.slot)) - return bls_sign(privkey, hash_tree_root(compute_epoch_at_slot(block.slot)), domain) + message = compute_domain_wrapper_root(compute_epoch_at_slot(block.slot), domain) + return Sign(privkey, message) ``` ##### Eth1 Data @@ -311,7 +312,8 @@ def compute_new_state_root(state: BeaconState, block: BeaconBlock) -> Root: ```python def get_block_signature(state: BeaconState, header: BeaconBlockHeader, privkey: int) -> BLSSignature: domain = get_domain(state, DOMAIN_BEACON_PROPOSER, compute_epoch_at_slot(header.slot)) - return bls_sign(privkey, hash_tree_root(header), domain) + message = compute_domain_wrapper_root(compute_epoch_at_slot(header), domain) + return Sign(privkey, message) ``` ### Attesting @@ -369,7 +371,8 @@ Set `attestation.signature = signed_attestation_data` where `signed_attestation_ ```python def get_signed_attestation_data(state: BeaconState, attestation: IndexedAttestation, privkey: int) -> BLSSignature: domain = get_domain(state, DOMAIN_BEACON_ATTESTER, attestation.data.target.epoch) - return bls_sign(privkey, hash_tree_root(attestation.data), domain) + message = compute_domain_wrapper_root(attestation.data, domain) + return Sign(privkey, message) ``` #### Broadcast attestation @@ -387,7 +390,8 @@ A validator is selected to aggregate based upon the return value of `is_aggregat ```python def get_slot_signature(state: BeaconState, slot: Slot, privkey: int) -> BLSSignature: domain = get_domain(state, DOMAIN_BEACON_ATTESTER, compute_epoch_at_slot(slot)) - return bls_sign(privkey, hash_tree_root(slot), domain) + message = compute_domain_wrapper_root(slot, domain) + return Sign(privkey, message) ``` ```python @@ -418,7 +422,7 @@ Set `aggregate_attestation.signature = aggregate_signature` where `aggregate_sig ```python def get_aggregate_signature(attestations: Sequence[Attestation]) -> BLSSignature: signatures = [attestation.signature for attestation in attestations] - return bls_aggregate_signatures(signatures) + return Aggregate(signatures) ``` #### Broadcast aggregate diff --git a/test_libs/pyspec/eth2spec/test/helpers/attestations.py b/test_libs/pyspec/eth2spec/test/helpers/attestations.py index 3ed54888f..03ebb7b9b 100644 --- a/test_libs/pyspec/eth2spec/test/helpers/attestations.py +++ b/test_libs/pyspec/eth2spec/test/helpers/attestations.py @@ -3,7 +3,7 @@ from typing import List from eth2spec.test.helpers.block import build_empty_block_for_next_slot, transition_unsigned_block, \ build_empty_block from eth2spec.test.helpers.keys import privkeys -from eth2spec.utils.bls import bls_sign, bls_aggregate_signatures +from eth2spec.utils.bls import Sign, Aggregate from eth2spec.utils.ssz.ssz_typing import Bitlist @@ -77,8 +77,7 @@ def sign_aggregate_attestation(spec, state, attestation_data, participants: List privkey ) ) - - return bls_aggregate_signatures(signatures) + return Aggregate(signatures) def sign_indexed_attestation(spec, state, indexed_attestation): @@ -97,15 +96,9 @@ def sign_attestation(spec, state, attestation): def get_attestation_signature(spec, state, attestation_data, privkey): - return bls_sign( - message_hash=attestation_data.hash_tree_root(), - privkey=privkey, - domain=spec.get_domain( - state=state, - domain_type=spec.DOMAIN_BEACON_ATTESTER, - message_epoch=attestation_data.target.epoch, - ) - ) + domain = spec.get_domain(state, spec.DOMAIN_BEACON_ATTESTER, attestation_data.target.epoch) + message = spec.compute_domain_wrapper_root(attestation_data, domain) + return Sign(privkey, message) def fill_aggregate_attestation(spec, state, attestation, signed=False): diff --git a/test_libs/pyspec/eth2spec/test/helpers/block.py b/test_libs/pyspec/eth2spec/test/helpers/block.py index b8c514eb4..2dac70d8d 100644 --- a/test_libs/pyspec/eth2spec/test/helpers/block.py +++ b/test_libs/pyspec/eth2spec/test/helpers/block.py @@ -1,7 +1,7 @@ from copy import deepcopy from eth2spec.test.helpers.keys import privkeys -from eth2spec.utils.bls import bls_sign, only_with_bls +from eth2spec.utils.bls import Sign, only_with_bls from eth2spec.utils.ssz.ssz_impl import hash_tree_root @@ -28,15 +28,9 @@ def apply_randao_reveal(spec, state, block, proposer_index=None): proposer_index = get_proposer_index_maybe(spec, state, block.slot, proposer_index) privkey = privkeys[proposer_index] - block.body.randao_reveal = bls_sign( - privkey=privkey, - message_hash=hash_tree_root(spec.compute_epoch_at_slot(block.slot)), - domain=spec.get_domain( - state, - message_epoch=spec.compute_epoch_at_slot(block.slot), - domain_type=spec.DOMAIN_RANDAO, - ) - ) + domain = spec.get_domain(state, spec.DOMAIN_RANDAO, spec.compute_epoch_at_slot(block.slot)) + message = spec.compute_domain_wrapper_root(spec.compute_epoch_at_slot(block.slot), domain) + block.body.randao_reveal = Sign(privkey, message) # Fully ignore the function if BLS is off, beacon-proposer index calculation is slow. @@ -46,14 +40,10 @@ def apply_sig(spec, state, signed_block, proposer_index=None): proposer_index = get_proposer_index_maybe(spec, state, block.slot, proposer_index) privkey = privkeys[proposer_index] + domain = spec.get_domain(state, spec.DOMAIN_BEACON_PROPOSER, spec.compute_epoch_at_slot(block.slot)) + message = compute_domain_wrapper_root(block, domain) - signed_block.signature = bls_sign( - message_hash=hash_tree_root(block), - privkey=privkey, - domain=spec.get_domain( - state, - spec.DOMAIN_BEACON_PROPOSER, - spec.compute_epoch_at_slot(block.slot))) + signed_block.signature = Sign(privkey, message) def sign_block(spec, state, block, proposer_index=None): diff --git a/test_libs/pyspec/eth2spec/test/helpers/block_header.py b/test_libs/pyspec/eth2spec/test/helpers/block_header.py index a9c8145ae..5f439b6a2 100644 --- a/test_libs/pyspec/eth2spec/test/helpers/block_header.py +++ b/test_libs/pyspec/eth2spec/test/helpers/block_header.py @@ -1,4 +1,4 @@ -from eth2spec.utils.bls import bls_sign +from eth2spec.utils.bls import Sign from eth2spec.utils.ssz.ssz_impl import hash_tree_root @@ -7,8 +7,6 @@ def sign_block_header(spec, state, header, privkey): state=state, domain_type=spec.DOMAIN_BEACON_PROPOSER, ) - return spec.SignedBeaconBlockHeader(message=header, signature=bls_sign( - message_hash=hash_tree_root(header), - privkey=privkey, - domain=domain, - )) + message = spec.compute_domain_wrapper_root(header, domain) + signature = Sign(privkey, message) + return spec.SignedBeaconBlockHeader(message=header, signature=signature) diff --git a/test_libs/pyspec/eth2spec/test/helpers/custody.py b/test_libs/pyspec/eth2spec/test/helpers/custody.py index f6ca8ecd9..517cd9545 100644 --- a/test_libs/pyspec/eth2spec/test/helpers/custody.py +++ b/test_libs/pyspec/eth2spec/test/helpers/custody.py @@ -1,5 +1,5 @@ from eth2spec.test.helpers.keys import privkeys -from eth2spec.utils.bls import bls_sign, bls_aggregate_signatures +from eth2spec.utils.bls import Sign, Aggregate from eth2spec.utils.hash_function import hash from eth2spec.utils.ssz.ssz_typing import Bitlist, ByteVector, Bitvector from eth2spec.utils.ssz.ssz_impl import chunkify, pack, hash_tree_root @@ -17,28 +17,15 @@ def get_valid_early_derived_secret_reveal(spec, state, epoch=None): epoch = current_epoch + spec.CUSTODY_PERIOD_TO_RANDAO_PADDING # Generate the secret that is being revealed - reveal = bls_sign( - message_hash=hash_tree_root(spec.Epoch(epoch)), - privkey=privkeys[revealed_index], - domain=spec.get_domain( - state=state, - domain_type=spec.DOMAIN_RANDAO, - message_epoch=epoch, - ), - ) + domain = spec.get_domain(state, spec.DOMAIN_RANDAO, epoch) + message = spec.compute_domain_wrapper_root(spec.Epoch(epoch), domain) + reveal = Sign(privkeys[revealed_index], message) # Generate the mask (any random 32 bytes that don't reveal the masker's secret will do) mask = hash(reveal) # Generate masker's signature on the mask - masker_signature = bls_sign( - message_hash=mask, - privkey=privkeys[masker_index], - domain=spec.get_domain( - state=state, - domain_type=spec.DOMAIN_RANDAO, - message_epoch=epoch, - ), - ) - masked_reveal = bls_aggregate_signatures([reveal, masker_signature]) + message = spec.compute_domain_wrapper_root(mask, domain) + masker_signature = Sign(privkeys[masker_index], message) + masked_reveal = Aggregate([reveal, masker_signature]) return spec.EarlyDerivedSecretReveal( revealed_index=revealed_index, @@ -60,15 +47,9 @@ def get_valid_custody_key_reveal(spec, state, period=None): epoch_to_sign = spec.get_randao_epoch_for_custody_period(period, revealer_index) # Generate the secret that is being revealed - reveal = bls_sign( - message_hash=hash_tree_root(spec.Epoch(epoch_to_sign)), - privkey=privkeys[revealer_index], - domain=spec.get_domain( - state=state, - domain_type=spec.DOMAIN_RANDAO, - message_epoch=epoch_to_sign, - ), - ) + domain = spec.get_domain(state, spec.DOMAIN_RANDAO, epoch_to_sign) + message = spec.compute_domain_wrapper_root(spec.Epoch(epoch_to_sign), domain) + reveal = Sign(privkeys[revealer_index], message) return spec.CustodyKeyReveal( revealer_index=revealer_index, reveal=reveal, @@ -92,15 +73,9 @@ def get_valid_bit_challenge(spec, state, attestation, invalid_custody_bit=False) responder_index) # Generate the responder key - responder_key = bls_sign( - message_hash=hash_tree_root(spec.Epoch(epoch)), - privkey=privkeys[responder_index], - domain=spec.get_domain( - state=state, - domain_type=spec.DOMAIN_RANDAO, - message_epoch=epoch, - ), - ) + domain = spec.get_domain(state, spec.DOMAIN_RANDAO, epoch) + message = spec.compute_domain_wrapper_root(spec.compute_domain_wrapper_root, domain) + responder_key = Sign(privkeys[responder_index], message) chunk_count = spec.get_custody_chunk_count(attestation.data.crosslink) diff --git a/test_libs/pyspec/eth2spec/test/helpers/deposits.py b/test_libs/pyspec/eth2spec/test/helpers/deposits.py index fdab01ca9..90a3ac8f0 100644 --- a/test_libs/pyspec/eth2spec/test/helpers/deposits.py +++ b/test_libs/pyspec/eth2spec/test/helpers/deposits.py @@ -1,5 +1,5 @@ from eth2spec.test.helpers.keys import pubkeys, privkeys -from eth2spec.utils.bls import bls_sign +from eth2spec.utils.bls import Sign from eth2spec.utils.merkle_minimal import calc_merkle_tree_from_leaves, get_merkle_proof from eth2spec.utils.ssz.ssz_impl import hash_tree_root from eth2spec.utils.ssz.ssz_typing import List @@ -30,12 +30,8 @@ def sign_deposit_data(spec, deposit_data, privkey, state=None): pubkey=deposit_data.pubkey, withdrawal_credentials=deposit_data.withdrawal_credentials, amount=deposit_data.amount) - signature = bls_sign( - message_hash=hash_tree_root(deposit_message), - privkey=privkey, - domain=domain, - ) - deposit_data.signature = signature + message = spec.compute_domain_wrapper_root(deposit_message, domain) + deposit_data.signature = Sign(privkey, message) def build_deposit(spec, diff --git a/test_libs/pyspec/eth2spec/test/helpers/phase1/attestations.py b/test_libs/pyspec/eth2spec/test/helpers/phase1/attestations.py index 4f0a9fb0a..c6983e71b 100644 --- a/test_libs/pyspec/eth2spec/test/helpers/phase1/attestations.py +++ b/test_libs/pyspec/eth2spec/test/helpers/phase1/attestations.py @@ -1,7 +1,7 @@ from eth2spec.test.helpers.keys import privkeys from eth2spec.utils.bls import ( - bls_aggregate_signatures, - bls_sign, + Aggregate, + Sign, ) @@ -25,16 +25,10 @@ def sign_shard_attestation(spec, beacon_state, shard_state, block, participants) ) ) - return bls_aggregate_signatures(signatures) + return Aggregate(signatures) def get_attestation_signature(spec, beacon_state, shard_state, message_hash, block_epoch, privkey): - return bls_sign( - message_hash=message_hash, - privkey=privkey, - domain=spec.get_domain( - state=beacon_state, - domain_type=spec.DOMAIN_SHARD_ATTESTER, - message_epoch=block_epoch, - ) - ) + domain=spec.get_domain(beacon_state, spec.DOMAIN_SHARD_ATTESTER, block_epoch) + message = spec.compute_domain_wrapper(message_hash, domain) + return Sign(privkey, message) diff --git a/test_libs/pyspec/eth2spec/test/helpers/phase1/shard_block.py b/test_libs/pyspec/eth2spec/test/helpers/phase1/shard_block.py index 8d12110e7..d8a4bcc60 100644 --- a/test_libs/pyspec/eth2spec/test/helpers/phase1/shard_block.py +++ b/test_libs/pyspec/eth2spec/test/helpers/phase1/shard_block.py @@ -2,7 +2,7 @@ from copy import deepcopy from eth2spec.test.helpers.keys import privkeys from eth2spec.utils.bls import ( - bls_sign, + Sign, only_with_bls, ) from eth2spec.utils.ssz.ssz_impl import ( @@ -21,15 +21,9 @@ def sign_shard_block(spec, beacon_state, shard_state, block, proposer_index=None privkey = privkeys[proposer_index] - block.signature = bls_sign( - message_hash=hash_tree_root(block), - privkey=privkey, - domain=spec.get_domain( - beacon_state, - spec.DOMAIN_SHARD_PROPOSER, - spec.compute_epoch_of_shard_slot(block.slot), - ) - ) + domain=spec.get_domain(beacon_state, spec.DOMAIN_SHARD_PROPOSER, compute_epoch_of_shard_slot(block.slot)) + message = spec.compute_domain_wrapper(block, domain) + block.signature = Sign(privkey, message) def build_empty_shard_block(spec, diff --git a/test_libs/pyspec/eth2spec/test/helpers/voluntary_exits.py b/test_libs/pyspec/eth2spec/test/helpers/voluntary_exits.py index 62d8f13ba..4f9fc7c30 100644 --- a/test_libs/pyspec/eth2spec/test/helpers/voluntary_exits.py +++ b/test_libs/pyspec/eth2spec/test/helpers/voluntary_exits.py @@ -1,17 +1,11 @@ -from eth2spec.utils.bls import bls_sign +from eth2spec.utils.bls import Sign from eth2spec.utils.ssz.ssz_impl import hash_tree_root def sign_voluntary_exit(spec, state, voluntary_exit, privkey): + domain = spec.get_domain(state, spec.DOMAIN_VOLUNTARY_EXIT, voluntary_exit.epoch) + message = spec.compute_domain_wrapper_root(voluntary_exit, domain) return spec.SignedVoluntaryExit( message=voluntary_exit, - signature=bls_sign( - message_hash=hash_tree_root(voluntary_exit), - privkey=privkey, - domain=spec.get_domain( - state=state, - domain_type=spec.DOMAIN_VOLUNTARY_EXIT, - message_epoch=voluntary_exit.epoch, - ) - ) + signature=Sign(privkey, message) ) diff --git a/test_libs/pyspec/eth2spec/test/sanity/test_blocks.py b/test_libs/pyspec/eth2spec/test/sanity/test_blocks.py index c2f980ba0..c13bab903 100644 --- a/test_libs/pyspec/eth2spec/test/sanity/test_blocks.py +++ b/test_libs/pyspec/eth2spec/test/sanity/test_blocks.py @@ -1,7 +1,7 @@ from copy import deepcopy from eth2spec.utils.ssz.ssz_impl import hash_tree_root -from eth2spec.utils.bls import bls_sign +from eth2spec.utils.bls import Sign from eth2spec.test.helpers.state import get_balance, state_transition_and_sign_block, next_slot from eth2spec.test.helpers.block import build_empty_block_for_next_slot, build_empty_block, sign_block, \ @@ -104,15 +104,11 @@ def test_zero_block_sig(spec, state): @always_bls def test_invalid_block_sig(spec, state): block = build_empty_block_for_next_slot(spec, state) + domain = spec.get_domain(state, spec.DOMAIN_BEACON_PROPOSER, spec.compute_epoch_at_slot(block.slot)) + message = spec.compute_domain_wrapper_root(block, domain) invalid_signed_block = spec.SignedBeaconBlock( message=block, - signature=bls_sign( - message_hash=hash_tree_root(block), - privkey=123456, - domain=spec.get_domain( - state, - spec.DOMAIN_BEACON_PROPOSER, - spec.compute_epoch_at_slot(block.slot))) + signature=Sign(123456, message) ) expect_assertion_error(lambda: spec.state_transition(state, invalid_signed_block)) @@ -417,16 +413,11 @@ def test_voluntary_exit(spec, state): epoch=spec.get_current_epoch(state), validator_index=validator_index, ) + domain = spec.get_domain(state, spec.DOMAIN_VOLUNTARY_EXIT) + message = spec.compute_domain_wrapper_root(voluntary_exit, domain) signed_voluntary_exit = spec.SignedVoluntaryExit( message=voluntary_exit, - signature=bls_sign( - message_hash=hash_tree_root(voluntary_exit), - privkey=privkeys[validator_index], - domain=spec.get_domain( - state=state, - domain_type=spec.DOMAIN_VOLUNTARY_EXIT, - ) - ) + signature=Sign(privkeys[validator_index], message) ) # Add to state via block transition diff --git a/test_libs/pyspec/eth2spec/utils/bls.py b/test_libs/pyspec/eth2spec/utils/bls.py index f40e5ab04..580d4e75b 100644 --- a/test_libs/pyspec/eth2spec/utils/bls.py +++ b/test_libs/pyspec/eth2spec/utils/bls.py @@ -23,31 +23,35 @@ def only_with_bls(alt_return=None): @only_with_bls(alt_return=True) -def bls_verify(pubkey, message_hash, signature, domain): - return bls.verify(message_hash=message_hash, pubkey=pubkey, - signature=signature, domain=domain) +def Verify(PK, message, signature): + return bls.verify(message_hash=message, pubkey=PK, signature=signature, domain=b'') + + +# @only_with_bls(alt_return=True) +# def AggregateVerify(PKs, messages, signature): +# return bls.verify_multiple(pubkeys=pubkeys, message_hashes=messages, signature=signature, domain=b'') @only_with_bls(alt_return=True) -def bls_verify_multiple(pubkeys, message_hashes, signature, domain): - return bls.verify_multiple(pubkeys=pubkeys, message_hashes=message_hashes, - signature=signature, domain=domain) +def FastAggregateVerify(PKs, message, signature): + aggregate_pubkey = bls.aggregate_pubkeys(PKs) + return bls.verify(pubkey=aggregate_pubkey, message_hash=message, signature=signature, domain=b'') @only_with_bls(alt_return=STUB_PUBKEY) -def bls_aggregate_pubkeys(pubkeys): +def bls_aggregate_pubkeys(PKs): return bls.aggregate_pubkeys(pubkeys) @only_with_bls(alt_return=STUB_SIGNATURE) -def bls_aggregate_signatures(signatures): +def Aggregate(signatures): return bls.aggregate_signatures(signatures) @only_with_bls(alt_return=STUB_SIGNATURE) -def bls_sign(message_hash, privkey, domain): - return bls.sign(message_hash=message_hash, privkey=privkey, - domain=domain) +def Sign(SK, message): + return bls.sign(message_hash=message, privkey=SK, + domain=b'') @only_with_bls(alt_return=STUB_COORDINATES) From 80eb721895339802bbe00b501ce16ea13a9c098d Mon Sep 17 00:00:00 2001 From: Carl Beekhuizen Date: Tue, 17 Dec 2019 12:20:34 +0200 Subject: [PATCH 06/46] Domains are bytes --- scripts/build_spec.py | 2 +- specs/core/0_beacon-chain.md | 12 +++++------- specs/core/1_custody-game.md | 2 +- specs/core/1_shard-data-chains.md | 4 ++-- 4 files changed, 9 insertions(+), 11 deletions(-) diff --git a/scripts/build_spec.py b/scripts/build_spec.py index ca8bbb6dd..0baa487c3 100644 --- a/scripts/build_spec.py +++ b/scripts/build_spec.py @@ -169,7 +169,7 @@ def objects_to_spec(functions: Dict[str, str], functions_spec = '\n\n'.join(functions.values()) for k in list(constants.keys()): if k.startswith('DOMAIN_'): - constants[k] = f"DomainType(({constants[k]}).to_bytes(length=4, byteorder='little'))" + constants[k] = f"DomainType(bytes.fromhex('{constants[k]}'[2:]))" if k == "BLS12_381_Q": constants[k] += " # noqa: E501" constants_spec = '\n'.join(map(lambda x: '%s = %s' % (x, constants[x]), constants)) diff --git a/specs/core/0_beacon-chain.md b/specs/core/0_beacon-chain.md index 71980e88c..271be3ef7 100644 --- a/specs/core/0_beacon-chain.md +++ b/specs/core/0_beacon-chain.md @@ -249,15 +249,13 @@ The following values are (non-configurable) constants used throughout the specif ### Domain types -The following types are defined, mapping into `DomainType` (little endian): - | Name | Value | | - | - | -| `DOMAIN_BEACON_PROPOSER` | `0` | -| `DOMAIN_BEACON_ATTESTER` | `1` | -| `DOMAIN_RANDAO` | `2` | -| `DOMAIN_DEPOSIT` | `3` | -| `DOMAIN_VOLUNTARY_EXIT` | `4` | +| `DOMAIN_BEACON_PROPOSER` | `0x00000000` | +| `DOMAIN_BEACON_ATTESTER` | `0x01000000` | +| `DOMAIN_RANDAO` | `0x02000000` | +| `DOMAIN_DEPOSIT` | `0x03000000` | +| `DOMAIN_VOLUNTARY_EXIT` | `0x04000000` | ## Containers diff --git a/specs/core/1_custody-game.md b/specs/core/1_custody-game.md index 017e2a22a..4f3b26c7c 100644 --- a/specs/core/1_custody-game.md +++ b/specs/core/1_custody-game.md @@ -131,7 +131,7 @@ The following types are defined, mapping into `DomainType` (little endian): | Name | Value | | - | - | -| `DOMAIN_CUSTODY_BIT_CHALLENGE` | `6` | +| `DOMAIN_CUSTODY_BIT_CHALLENGE` | `0x05000000` | ### TODO PLACEHOLDER diff --git a/specs/core/1_shard-data-chains.md b/specs/core/1_shard-data-chains.md index d5964fe7d..9d537a789 100644 --- a/specs/core/1_shard-data-chains.md +++ b/specs/core/1_shard-data-chains.md @@ -101,8 +101,8 @@ This document describes the shard transition function (data layer only) and the | Name | Value | | - | - | -| `DOMAIN_SHARD_PROPOSER` | `128` | -| `DOMAIN_SHARD_ATTESTER` | `129` | +| `DOMAIN_SHARD_PROPOSER` | `0x80000000` | +| `DOMAIN_SHARD_ATTESTER` | `0x81000000` | ## Containers From c239ffb78cf2cfc2bf2cafbce2dcfda82f3151aa Mon Sep 17 00:00:00 2001 From: Carl Beekhuizen Date: Tue, 17 Dec 2019 12:30:46 +0200 Subject: [PATCH 07/46] Linting fixes --- scripts/build_spec.py | 3 +-- specs/core/0_beacon-chain.md | 2 +- test_libs/pyspec/eth2spec/test/helpers/block.py | 2 +- test_libs/pyspec/eth2spec/test/helpers/block_header.py | 1 - test_libs/pyspec/eth2spec/test/helpers/phase1/attestations.py | 3 +-- test_libs/pyspec/eth2spec/test/helpers/phase1/shard_block.py | 3 +-- test_libs/pyspec/eth2spec/test/helpers/voluntary_exits.py | 1 - test_libs/pyspec/eth2spec/test/sanity/test_blocks.py | 1 - test_libs/pyspec/eth2spec/utils/bls.py | 2 +- 9 files changed, 6 insertions(+), 12 deletions(-) diff --git a/scripts/build_spec.py b/scripts/build_spec.py index 0baa487c3..caae39533 100644 --- a/scripts/build_spec.py +++ b/scripts/build_spec.py @@ -25,11 +25,10 @@ from eth2spec.utils.ssz.ssz_typing import ( Bytes1, Bytes4, Bytes8, Bytes32, Bytes48, Bytes96, Bitlist, Bitvector, ) from eth2spec.utils.bls import ( - Verify, Sign, + Verify, Aggregate, FastAggregateVerify, - bls_aggregate_pubkeys, ) from eth2spec.utils.hash_function import hash diff --git a/specs/core/0_beacon-chain.md b/specs/core/0_beacon-chain.md index 271be3ef7..f2dd8d96c 100644 --- a/specs/core/0_beacon-chain.md +++ b/specs/core/0_beacon-chain.md @@ -1499,7 +1499,7 @@ def process_proposer_slashing(state: BeaconState, proposer_slashing: ProposerSla message = compute_domain_wrapper_root( object=signed_header.message, domain=get_domain(state, DOMAIN_BEACON_PROPOSER, compute_epoch_at_slot(signed_header.message.slot)), - ) + ) assert Verify(proposer.pubkey, message, signed_header.signature) slash_validator(state, proposer_slashing.proposer_index) diff --git a/test_libs/pyspec/eth2spec/test/helpers/block.py b/test_libs/pyspec/eth2spec/test/helpers/block.py index 2dac70d8d..6d22dd545 100644 --- a/test_libs/pyspec/eth2spec/test/helpers/block.py +++ b/test_libs/pyspec/eth2spec/test/helpers/block.py @@ -41,7 +41,7 @@ def apply_sig(spec, state, signed_block, proposer_index=None): proposer_index = get_proposer_index_maybe(spec, state, block.slot, proposer_index) privkey = privkeys[proposer_index] domain = spec.get_domain(state, spec.DOMAIN_BEACON_PROPOSER, spec.compute_epoch_at_slot(block.slot)) - message = compute_domain_wrapper_root(block, domain) + message = spec.compute_domain_wrapper_root(block, domain) signed_block.signature = Sign(privkey, message) diff --git a/test_libs/pyspec/eth2spec/test/helpers/block_header.py b/test_libs/pyspec/eth2spec/test/helpers/block_header.py index 5f439b6a2..926cebee9 100644 --- a/test_libs/pyspec/eth2spec/test/helpers/block_header.py +++ b/test_libs/pyspec/eth2spec/test/helpers/block_header.py @@ -1,5 +1,4 @@ from eth2spec.utils.bls import Sign -from eth2spec.utils.ssz.ssz_impl import hash_tree_root def sign_block_header(spec, state, header, privkey): diff --git a/test_libs/pyspec/eth2spec/test/helpers/phase1/attestations.py b/test_libs/pyspec/eth2spec/test/helpers/phase1/attestations.py index c6983e71b..cbb6cde75 100644 --- a/test_libs/pyspec/eth2spec/test/helpers/phase1/attestations.py +++ b/test_libs/pyspec/eth2spec/test/helpers/phase1/attestations.py @@ -24,11 +24,10 @@ def sign_shard_attestation(spec, beacon_state, shard_state, block, participants) privkey, ) ) - return Aggregate(signatures) def get_attestation_signature(spec, beacon_state, shard_state, message_hash, block_epoch, privkey): - domain=spec.get_domain(beacon_state, spec.DOMAIN_SHARD_ATTESTER, block_epoch) + domain = spec.get_domain(beacon_state, spec.DOMAIN_SHARD_ATTESTER, block_epoch) message = spec.compute_domain_wrapper(message_hash, domain) return Sign(privkey, message) diff --git a/test_libs/pyspec/eth2spec/test/helpers/phase1/shard_block.py b/test_libs/pyspec/eth2spec/test/helpers/phase1/shard_block.py index d8a4bcc60..b0fe39209 100644 --- a/test_libs/pyspec/eth2spec/test/helpers/phase1/shard_block.py +++ b/test_libs/pyspec/eth2spec/test/helpers/phase1/shard_block.py @@ -20,8 +20,7 @@ def sign_shard_block(spec, beacon_state, shard_state, block, proposer_index=None proposer_index = spec.get_shard_proposer_index(beacon_state, shard_state.shard, block.slot) privkey = privkeys[proposer_index] - - domain=spec.get_domain(beacon_state, spec.DOMAIN_SHARD_PROPOSER, compute_epoch_of_shard_slot(block.slot)) + domain = spec.get_domain(beacon_state, spec.DOMAIN_SHARD_PROPOSER, spec.compute_epoch_of_shard_slot(block.slot)) message = spec.compute_domain_wrapper(block, domain) block.signature = Sign(privkey, message) diff --git a/test_libs/pyspec/eth2spec/test/helpers/voluntary_exits.py b/test_libs/pyspec/eth2spec/test/helpers/voluntary_exits.py index 4f9fc7c30..5c88f07e6 100644 --- a/test_libs/pyspec/eth2spec/test/helpers/voluntary_exits.py +++ b/test_libs/pyspec/eth2spec/test/helpers/voluntary_exits.py @@ -1,5 +1,4 @@ from eth2spec.utils.bls import Sign -from eth2spec.utils.ssz.ssz_impl import hash_tree_root def sign_voluntary_exit(spec, state, voluntary_exit, privkey): diff --git a/test_libs/pyspec/eth2spec/test/sanity/test_blocks.py b/test_libs/pyspec/eth2spec/test/sanity/test_blocks.py index c13bab903..8103f7be2 100644 --- a/test_libs/pyspec/eth2spec/test/sanity/test_blocks.py +++ b/test_libs/pyspec/eth2spec/test/sanity/test_blocks.py @@ -1,6 +1,5 @@ from copy import deepcopy -from eth2spec.utils.ssz.ssz_impl import hash_tree_root from eth2spec.utils.bls import Sign from eth2spec.test.helpers.state import get_balance, state_transition_and_sign_block, next_slot diff --git a/test_libs/pyspec/eth2spec/utils/bls.py b/test_libs/pyspec/eth2spec/utils/bls.py index 580d4e75b..e5f6d8d00 100644 --- a/test_libs/pyspec/eth2spec/utils/bls.py +++ b/test_libs/pyspec/eth2spec/utils/bls.py @@ -40,7 +40,7 @@ def FastAggregateVerify(PKs, message, signature): @only_with_bls(alt_return=STUB_PUBKEY) def bls_aggregate_pubkeys(PKs): - return bls.aggregate_pubkeys(pubkeys) + return bls.aggregate_pubkeys(PKs) @only_with_bls(alt_return=STUB_SIGNATURE) From 995c895b9c27b8bd59ee860b5b501e99dc138b5c Mon Sep 17 00:00:00 2001 From: Carl Beekhuizen Date: Tue, 17 Dec 2019 15:33:37 +0200 Subject: [PATCH 08/46] New BLS in Phase 1 --- scripts/build_spec.py | 7 +++-- specs/core/1_custody-game.md | 36 +++++++------------------- specs/core/1_shard-data-chains.md | 7 ++--- test_libs/pyspec/eth2spec/utils/bls.py | 12 ++++----- 4 files changed, 23 insertions(+), 39 deletions(-) diff --git a/scripts/build_spec.py b/scripts/build_spec.py index caae39533..56b128b45 100644 --- a/scripts/build_spec.py +++ b/scripts/build_spec.py @@ -59,10 +59,9 @@ from eth2spec.utils.ssz.ssz_typing import ( ) from eth2spec.utils.bls import ( Verify, - Sign, - Aggregate, + AggregateVerify, FastAggregateVerify, - bls_aggregate_pubkeys, + bls_signature_to_G2, ) from eth2spec.utils.hash_function import hash @@ -86,7 +85,7 @@ def get_eth1_data(distance: uint64) -> Bytes32: return hash(distance) -def hash(x: bytes) -> Bytes32: # type: ignore +def hash(x: bytes) -> Bytes32: if x not in hash_cache: hash_cache[x] = Bytes32(_hash(x)) return hash_cache[x] diff --git a/specs/core/1_custody-game.md b/specs/core/1_custody-game.md index 4f3b26c7c..0e3138a29 100644 --- a/specs/core/1_custody-game.md +++ b/specs/core/1_custody-game.md @@ -429,16 +429,9 @@ def process_custody_key_reveal(state: BeaconState, reveal: CustodyKeyReveal) -> assert is_slashable_validator(revealer, get_current_epoch(state)) # Verify signature - assert bls_verify( - pubkey=revealer.pubkey, - message_hash=hash_tree_root(epoch_to_sign), - signature=reveal.reveal, - domain=get_domain( - state=state, - domain_type=DOMAIN_RANDAO, - message_epoch=epoch_to_sign, - ), - ) + domain = get_domain(state, DOMAIN_RANDAO, epoch_to_sign) + message = compute_domain_wrapper_root(epoch_to_sign, domain) + assert Verify(revealer.pubkey, message, reveal.reveal) # Decrement max reveal lateness if response is timely if epoch_to_sign + EPOCHS_PER_CUSTODY_PERIOD >= get_current_epoch(state): @@ -487,21 +480,12 @@ def process_early_derived_secret_reveal(state: BeaconState, reveal: EarlyDerived # Verify signature correctness masker = state.validators[reveal.masker_index] pubkeys = [revealed_validator.pubkey, masker.pubkey] - message_hashes = [ - hash_tree_root(reveal.epoch), - reveal.mask, - ] - assert bls_verify_multiple( - pubkeys=pubkeys, - message_hashes=message_hashes, - signature=reveal.reveal, - domain=get_domain( - state=state, - domain_type=DOMAIN_RANDAO, - message_epoch=reveal.epoch, - ), - ) + domain = get_domain(state, DOMAIN_RANDAO, reveal.epoch) + messages = [compute_domain_wrapper_root(message, domain) + for message in [hash_tree_root(reveal.epoch), reveal.mask]] + + assert AggregateVerify(pubkeys, messages, reveal.reveal) if reveal.epoch >= get_current_epoch(state) + CUSTODY_PERIOD_TO_RANDAO_PADDING: # Full slashing when the secret was revealed so early it may be a valid custody @@ -598,7 +582,7 @@ def process_bit_challenge(state: BeaconState, challenge: CustodyBitChallenge) -> challenger = state.validators[challenge.challenger_index] domain = get_domain(state, DOMAIN_CUSTODY_BIT_CHALLENGE, get_current_epoch(state)) # TODO incorrect hash-tree-root, but this changes with phase 1 PR #1483 - assert bls_verify(challenger.pubkey, hash_tree_root(challenge), challenge.signature, domain) + assert Verify(challenger.pubkey, compute_domain_wrapper_root(challenge, domain), challenge.signature) # Verify challenger is slashable assert is_slashable_validator(challenger, get_current_epoch(state)) # Verify attestation @@ -622,7 +606,7 @@ def process_bit_challenge(state: BeaconState, challenge: CustodyBitChallenge) -> challenge.responder_index, ) domain = get_domain(state, DOMAIN_RANDAO, epoch_to_sign) - assert bls_verify(responder.pubkey, hash_tree_root(epoch_to_sign), challenge.responder_key, domain) + assert Verify(responder.pubkey, compute_domain_wrapper_root(epoch_to_sign, domain), challenge.responder_key) # Verify the chunk count chunk_count = get_custody_chunk_count(attestation.data.crosslink) assert chunk_count == len(challenge.chunk_bits) diff --git a/specs/core/1_shard-data-chains.md b/specs/core/1_shard-data-chains.md index 9d537a789..806da26f3 100644 --- a/specs/core/1_shard-data-chains.md +++ b/specs/core/1_shard-data-chains.md @@ -386,7 +386,7 @@ def process_shard_block_header(beacon_state: BeaconState, shard_state: ShardStat assert not proposer.slashed # Verify proposer signature domain = get_domain(beacon_state, DOMAIN_SHARD_PROPOSER, compute_epoch_of_shard_slot(block.slot)) - assert bls_verify(proposer.pubkey, hash_tree_root(block), block.signature, domain) + assert Verify(proposer.pubkey, compute_domain_wrapper_root(block, domain), block.signature) ``` #### Attestations @@ -406,8 +406,9 @@ def process_shard_attestations(beacon_state: BeaconState, shard_state: ShardStat assert block.aggregation_bits[i] == 0b0 # Verify attester aggregate signature domain = get_domain(beacon_state, DOMAIN_SHARD_ATTESTER, compute_epoch_of_shard_slot(block.slot)) - message = hash_tree_root(ShardAttestationData(slot=shard_state.slot, parent_root=block.parent_root)) - assert bls_verify(bls_aggregate_pubkeys(pubkeys), message, block.attestations, domain) + shard_attestation_data = ShardAttestationData(slot=shard_state.slot, parent_root=block.parent_root) + message = compute_domain_wrapper_root(shard_attestation_data, domain) + assert FastAggregateVerify(pubkeys, message, block.attestations) # Proposer micro-reward proposer_index = get_shard_proposer_index(beacon_state, shard_state.shard, block.slot) reward = attestation_count * get_base_reward(beacon_state, proposer_index) // PROPOSER_REWARD_QUOTIENT diff --git a/test_libs/pyspec/eth2spec/utils/bls.py b/test_libs/pyspec/eth2spec/utils/bls.py index e5f6d8d00..6aba2c35a 100644 --- a/test_libs/pyspec/eth2spec/utils/bls.py +++ b/test_libs/pyspec/eth2spec/utils/bls.py @@ -27,9 +27,9 @@ def Verify(PK, message, signature): return bls.verify(message_hash=message, pubkey=PK, signature=signature, domain=b'') -# @only_with_bls(alt_return=True) -# def AggregateVerify(PKs, messages, signature): -# return bls.verify_multiple(pubkeys=pubkeys, message_hashes=messages, signature=signature, domain=b'') +@only_with_bls(alt_return=True) +def AggregateVerify(PKs, messages, signature): + return bls.verify_multiple(pubkeys=PKs, message_hashes=messages, signature=signature, domain=b'') @only_with_bls(alt_return=True) @@ -38,9 +38,9 @@ def FastAggregateVerify(PKs, message, signature): return bls.verify(pubkey=aggregate_pubkey, message_hash=message, signature=signature, domain=b'') -@only_with_bls(alt_return=STUB_PUBKEY) -def bls_aggregate_pubkeys(PKs): - return bls.aggregate_pubkeys(PKs) +# @only_with_bls(alt_return=STUB_PUBKEY) +# def bls_aggregate_pubkeys(PKs): +# return bls.aggregate_pubkeys(PKs) @only_with_bls(alt_return=STUB_SIGNATURE) From 177ec939f099bc27d549996ab99ce986ba5566c7 Mon Sep 17 00:00:00 2001 From: Carl Beekhuizen Date: Tue, 17 Dec 2019 15:40:26 +0200 Subject: [PATCH 09/46] Update ToC --- specs/core/0_beacon-chain.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/specs/core/0_beacon-chain.md b/specs/core/0_beacon-chain.md index f2dd8d96c..f3e10c9be 100644 --- a/specs/core/0_beacon-chain.md +++ b/specs/core/0_beacon-chain.md @@ -34,6 +34,7 @@ - [`DepositMessage`](#depositmessage) - [`DepositData`](#depositdata) - [`BeaconBlockHeader`](#beaconblockheader) + - [`DomainWrapper`](#domainwrapper) - [Beacon operations](#beacon-operations) - [`ProposerSlashing`](#proposerslashing) - [`AttesterSlashing`](#attesterslashing) @@ -58,8 +59,7 @@ - [Crypto](#crypto) - [`hash`](#hash) - [`hash_tree_root`](#hash_tree_root) - - [`bls_verify`](#bls_verify) - - [`bls_aggregate_pubkeys`](#bls_aggregate_pubkeys) + - [BLS Signatures](#bls-signatures) - [Predicates](#predicates) - [`is_active_validator`](#is_active_validator) - [`is_eligible_for_activation_queue`](#is_eligible_for_activation_queue) @@ -76,6 +76,7 @@ - [`compute_start_slot_at_epoch`](#compute_start_slot_at_epoch) - [`compute_activation_exit_epoch`](#compute_activation_exit_epoch) - [`compute_domain`](#compute_domain) + - [`compute_domain_wrapper_root`](#compute_domain_wrapper_root) - [Beacon state accessors](#beacon-state-accessors) - [`get_current_epoch`](#get_current_epoch) - [`get_previous_epoch`](#get_previous_epoch) From 3dc78e0905355c2c744d08ccf1ec6cc4513f40a5 Mon Sep 17 00:00:00 2001 From: Carl Beekhuizen Date: Tue, 17 Dec 2019 15:57:00 +0200 Subject: [PATCH 10/46] kick CI cache --- .circleci/config.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 19ab1543a..5bf94b194 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -35,13 +35,13 @@ commands: description: "Restore the cache with pyspec keys" steps: - restore_cached_venv: - venv_name: v4-pyspec + venv_name: v5-pyspec reqs_checksum: cache-{{ checksum "test_libs/pyspec/requirements.txt" }}-{{ checksum "test_libs/pyspec/requirements-testing.txt" }} save_pyspec_cached_venv: description: Save a venv into a cache with pyspec keys" steps: - save_cached_venv: - venv_name: v4-pyspec + venv_name: v5-pyspec reqs_checksum: cache-{{ checksum "test_libs/pyspec/requirements.txt" }}-{{ checksum "test_libs/pyspec/requirements-testing.txt" }} venv_path: ./test_libs/pyspec/venv restore_deposit_contract_cached_venv: From d3f74ea0d9749065f217607fb85eaecdb6333b5b Mon Sep 17 00:00:00 2001 From: Carl Beekhuizen Date: Tue, 17 Dec 2019 16:22:46 +0200 Subject: [PATCH 11/46] Realise #1517 was a thing --- .circleci/config.yml | 4 ++-- scripts/build_spec.py | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 5bf94b194..19ab1543a 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -35,13 +35,13 @@ commands: description: "Restore the cache with pyspec keys" steps: - restore_cached_venv: - venv_name: v5-pyspec + venv_name: v4-pyspec reqs_checksum: cache-{{ checksum "test_libs/pyspec/requirements.txt" }}-{{ checksum "test_libs/pyspec/requirements-testing.txt" }} save_pyspec_cached_venv: description: Save a venv into a cache with pyspec keys" steps: - save_cached_venv: - venv_name: v5-pyspec + venv_name: v4-pyspec reqs_checksum: cache-{{ checksum "test_libs/pyspec/requirements.txt" }}-{{ checksum "test_libs/pyspec/requirements-testing.txt" }} venv_path: ./test_libs/pyspec/venv restore_deposit_contract_cached_venv: diff --git a/scripts/build_spec.py b/scripts/build_spec.py index 56b128b45..dcb530302 100644 --- a/scripts/build_spec.py +++ b/scripts/build_spec.py @@ -85,7 +85,7 @@ def get_eth1_data(distance: uint64) -> Bytes32: return hash(distance) -def hash(x: bytes) -> Bytes32: +def hash(x: bytes) -> Bytes32: # type: ignore if x not in hash_cache: hash_cache[x] = Bytes32(_hash(x)) return hash_cache[x] From fa916323f0e520208d0f51f5153d73482904c763 Mon Sep 17 00:00:00 2001 From: Danny Ryan Date: Tue, 17 Dec 2019 10:56:52 -0700 Subject: [PATCH 12/46] add basics for ENR bitfield --- specs/networking/p2p-interface.md | 9 +++++++++ specs/validator/0_beacon-chain-validator.md | 8 ++++++-- 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/specs/networking/p2p-interface.md b/specs/networking/p2p-interface.md index 84539713d..8487bd3ba 100644 --- a/specs/networking/p2p-interface.md +++ b/specs/networking/p2p-interface.md @@ -53,6 +53,7 @@ It consists of four main sections: - [The discovery domain: discv5](#the-discovery-domain-discv5) - [Integration into libp2p stacks](#integration-into-libp2p-stacks) - [ENR structure](#enr-structure) + - [Shard bitfield](#shard-bitfield) - [Interop](#interop-5) - [Mainnet](#mainnet-5) - [Topic advertisement](#topic-advertisement) @@ -557,6 +558,14 @@ The Ethereum Node Record (ENR) for an Ethereum 2.0 client MUST contain the follo Specifications of these parameters can be found in the [ENR Specification](http://eips.ethereum.org/EIPS/eip-778). +#### Shard bitfield + +The ENR MAY contain an entry signifying the shard subnet bitfield with the following form to more easily discover peers participating in particular shard gossip subnets. + +| Key | Value | +|:-------------|:-------------------------------------------------| +| `shards` | SSZ `Bitvector[MAX_COMMITTEES_PER_SLOT]` | + #### Interop In the interoperability testnet, all peers will support all capabilities defined in this document (gossip, full Req/Resp suite, discovery protocol), therefore the ENR record does not need to carry Eth2 capability information, as it would be superfluous. diff --git a/specs/validator/0_beacon-chain-validator.md b/specs/validator/0_beacon-chain-validator.md index 76bcc3b7d..f2a666dce 100644 --- a/specs/validator/0_beacon-chain-validator.md +++ b/specs/validator/0_beacon-chain-validator.md @@ -198,7 +198,7 @@ Specifically a validator should: * Call `get_committee_assignment(state, next_epoch, validator_index)` when checking for next epoch assignments. * Join the pubsub topic -- `committee_index{committee_index % ATTESTATION_SUBNET_COUNT}_beacon_attestation`. * If any current peers are subscribed to the topic, the validator simply sends `subscribe` messages for the new topic. - * If no current peers are subscribed to the topic, the validator must discover new peers on this topic. If "topic discovery" is available, use topic discovery to find peers that advertise subscription to the topic. If not, "guess and check" by connecting with a number of random new peers, persisting connections with peers subscribed to the topic and (potentially) dropping the new peers otherwise. + * If no current peers are subscribed to the topic, the validator must discover new peers on this topic. Find peers via the discovery protocol with an ENR containing the `shards` entry such that `ENR["shards"][committee_index % ATTESTATION_SUBNET_COUNT] == True`. ## Beacon chain responsibilities @@ -443,7 +443,11 @@ Where ## Phase 0 attestation subnet stability -Because Phase 0 does not have shards and thus does not have Shard Committees, there is no stable backbone to the attestation subnets (`committee_index{subnet_id}_beacon_attestation`). To provide this stability, each validator must randomly select and remain subscribed to `RANDOM_SUBNETS_PER_VALIDATOR` attestation subnets. The lifetime of each random subscription should be a random number of epochs between `EPOCHS_PER_RANDOM_SUBNET_SUBSCRIPTION` and `2 * EPOCHS_PER_RANDOM_SUBNET_SUBSCRIPTION]`. +Because Phase 0 does not have shards and thus does not have Shard Committees, there is no stable backbone to the attestation subnets (`committee_index{subnet_id}_beacon_attestation`). To provide this stability, each validator must + +* Randomly select and remain subscribed to `RANDOM_SUBNETS_PER_VALIDATOR` attestation subnets +* Maintain advertisement of the randomly selected subnets in their node's ENR `shards` entry by setting the randomly selected `subnet_id` bits to `True` (e.g. `ENR["shards"][subnet_id] = True`) for all persistent attestation subnets +* Set the lifetime of each random subscription to a random number of epochs between `EPOCHS_PER_RANDOM_SUBNET_SUBSCRIPTION` and `2 * EPOCHS_PER_RANDOM_SUBNET_SUBSCRIPTION]`. At the end of life for a subscription, select a new random subnet, update subnet subscriptions, and publish an updated ENR ## How to avoid slashing From caffe8d720b5987ac6d794f9b00182a9439666e0 Mon Sep 17 00:00:00 2001 From: Danny Ryan Date: Tue, 17 Dec 2019 16:25:30 -0700 Subject: [PATCH 13/46] update ENR to use attesation subnets instead of shards --- specs/networking/p2p-interface.md | 21 +++++++++------------ specs/validator/0_beacon-chain-validator.md | 8 ++++---- 2 files changed, 13 insertions(+), 16 deletions(-) diff --git a/specs/networking/p2p-interface.md b/specs/networking/p2p-interface.md index 8487bd3ba..38e9b366b 100644 --- a/specs/networking/p2p-interface.md +++ b/specs/networking/p2p-interface.md @@ -53,11 +53,10 @@ It consists of four main sections: - [The discovery domain: discv5](#the-discovery-domain-discv5) - [Integration into libp2p stacks](#integration-into-libp2p-stacks) - [ENR structure](#enr-structure) - - [Shard bitfield](#shard-bitfield) + - [Attestation subnet bitfield](#attestation-subnet-bitfield) - [Interop](#interop-5) - [Mainnet](#mainnet-5) - [Topic advertisement](#topic-advertisement) - - [Interop](#interop-6) - [Mainnet](#mainnet-6) - [Design decision rationale](#design-decision-rationale) - [Transport](#transport-1) @@ -558,13 +557,13 @@ The Ethereum Node Record (ENR) for an Ethereum 2.0 client MUST contain the follo Specifications of these parameters can be found in the [ENR Specification](http://eips.ethereum.org/EIPS/eip-778). -#### Shard bitfield +#### Attestation subnet bitfield -The ENR MAY contain an entry signifying the shard subnet bitfield with the following form to more easily discover peers participating in particular shard gossip subnets. +The ENR MAY contain an entry (`attnets`) signifying the attestation subnet bitfield with the following form to more easily discover peers participating in particular attestation gossip subnets. | Key | Value | |:-------------|:-------------------------------------------------| -| `shards` | SSZ `Bitvector[MAX_COMMITTEES_PER_SLOT]` | +| `attnets` | SSZ `Bitvector[ATTESTATION_SUBNET_COUNT]` | #### Interop @@ -578,13 +577,11 @@ On mainnet, ENRs MUST include a structure enumerating the capabilities offered b ### Topic advertisement -#### Interop - -This feature will not be used in the interoperability testnet. - #### Mainnet -In mainnet, we plan to use discv5’s topic advertisement feature as a rendezvous facility for peers on shards (thus subscribing to the relevant gossipsub topics). +discv5's topic advertisement feature is not expected to be ready for mainnet launch of Phase 0. + +Once this feature is built out and stable, we expect to use topic advertisement as a rendezvous facility for peers on shards. Until then, the ENR [attestation subnet bitfield](#attestation-subnet-bitfield) will be used for discovery of peers on particular subnets. # Design decision rationale @@ -773,9 +770,9 @@ The prohibition of unverified-block-gossiping extends to nodes that cannot verif ### How are we going to discover peers in a gossipsub topic? -Via discv5 topics. ENRs should not be used for this purpose, as they store identity, location, and capability information, not volatile [advertisements](#topic-advertisement). +In Phase 0, peers for attestation subnets will be found using the `attnets` entry in the ENR. -In the interoperability testnet, all peers will be subscribed to all global beacon chain topics, so discovering peers in specific shard topics will be unnecessary. +Although this method will be sufficient for early phases of Eth2, we aim to use the more appropriate discv5 topics for this and other similar tasks in the future. ENRs should ultimately not be used for this purpose. They are best suited to store identity, location, and capability information, rather than more volatile advertisements. ## Req/Resp diff --git a/specs/validator/0_beacon-chain-validator.md b/specs/validator/0_beacon-chain-validator.md index f2a666dce..341fb8e8c 100644 --- a/specs/validator/0_beacon-chain-validator.md +++ b/specs/validator/0_beacon-chain-validator.md @@ -197,8 +197,8 @@ The beacon chain shufflings are designed to provide a minimum of 1 epoch lookahe Specifically a validator should: * Call `get_committee_assignment(state, next_epoch, validator_index)` when checking for next epoch assignments. * Join the pubsub topic -- `committee_index{committee_index % ATTESTATION_SUBNET_COUNT}_beacon_attestation`. - * If any current peers are subscribed to the topic, the validator simply sends `subscribe` messages for the new topic. - * If no current peers are subscribed to the topic, the validator must discover new peers on this topic. Find peers via the discovery protocol with an ENR containing the `shards` entry such that `ENR["shards"][committee_index % ATTESTATION_SUBNET_COUNT] == True`. + * For any current peer subscribed to the topic, the validator simply sends a `subscribe` message for the new topic. + * If an _insufficient_ number of current peers are subscribed to the topic, the validator must discover new peers on this topic. Via the discovery protocol, find peers with an ENR containing the `attnets` entry such that `ENR["attnets"][committee_index % ATTESTATION_SUBNET_COUNT] == True`. ## Beacon chain responsibilities @@ -443,10 +443,10 @@ Where ## Phase 0 attestation subnet stability -Because Phase 0 does not have shards and thus does not have Shard Committees, there is no stable backbone to the attestation subnets (`committee_index{subnet_id}_beacon_attestation`). To provide this stability, each validator must +Because Phase 0 does not have shards and thus does not have Shard Committees, there is no stable backbone to the attestation subnets (`committee_index{subnet_id}_beacon_attestation`). To provide this stability, each validator must: * Randomly select and remain subscribed to `RANDOM_SUBNETS_PER_VALIDATOR` attestation subnets -* Maintain advertisement of the randomly selected subnets in their node's ENR `shards` entry by setting the randomly selected `subnet_id` bits to `True` (e.g. `ENR["shards"][subnet_id] = True`) for all persistent attestation subnets +* Maintain advertisement of the randomly selected subnets in their node's ENR `attnets` entry by setting the randomly selected `subnet_id` bits to `True` (e.g. `ENR["attnets"][subnet_id] = True`) for all persistent attestation subnets * Set the lifetime of each random subscription to a random number of epochs between `EPOCHS_PER_RANDOM_SUBNET_SUBSCRIPTION` and `2 * EPOCHS_PER_RANDOM_SUBNET_SUBSCRIPTION]`. At the end of life for a subscription, select a new random subnet, update subnet subscriptions, and publish an updated ENR ## How to avoid slashing From 4290c1dd1b60b4e2144c09d5f8a6385ff8c32b70 Mon Sep 17 00:00:00 2001 From: Daejun Park Date: Tue, 17 Dec 2019 18:58:56 -0600 Subject: [PATCH 14/46] Vyper b13 -> b13.hotfix1761 --- deposit_contract/contracts/validator_registration.json | 2 +- deposit_contract/contracts/validator_registration.v.py | 2 +- deposit_contract/requirements-testing.txt | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/deposit_contract/contracts/validator_registration.json b/deposit_contract/contracts/validator_registration.json index cd2004233..12cfd74ac 100644 --- a/deposit_contract/contracts/validator_registration.json +++ b/deposit_contract/contracts/validator_registration.json @@ -1 +1 @@ -{"abi": [{"name": "DepositEvent", "inputs": [{"type": "bytes", "name": "pubkey", "indexed": false}, {"type": "bytes", "name": "withdrawal_credentials", "indexed": false}, {"type": "bytes", "name": "amount", "indexed": false}, {"type": "bytes", "name": "signature", "indexed": false}, {"type": "bytes", "name": "index", "indexed": false}], "anonymous": false, "type": "event"}, {"outputs": [], "inputs": [], "constant": false, "payable": false, "type": "constructor"}, {"name": "get_deposit_root", "outputs": [{"type": "bytes32", "name": "out"}], "inputs": [], "constant": true, "payable": false, "type": "function", "gas": 95727}, {"name": "get_deposit_count", "outputs": [{"type": "bytes", "name": "out"}], "inputs": [], "constant": true, "payable": false, "type": "function", "gas": 18283}, {"name": "deposit", "outputs": [], "inputs": [{"type": "bytes", "name": "pubkey"}, {"type": "bytes", "name": "withdrawal_credentials"}, {"type": "bytes", "name": "signature"}, {"type": "bytes32", "name": "deposit_data_root"}], "constant": false, "payable": true, "type": "function", "gas": 1342680}], "bytecode": "0x740100000000000000000000000000000000000000006020526f7fffffffffffffffffffffffffffffff6040527fffffffffffffffffffffffffffffffff8000000000000000000000000000000060605274012a05f1fffffffffffffffffffffffffdabf41c006080527ffffffffffffffffffffffffed5fa0e000000000000000000000000000000000060a052341561009857600080fd5b6101406000601f818352015b600061014051602081106100b757600080fd5b600260c052602060c020015460208261016001015260208101905061014051602081106100e357600080fd5b600260c052602060c020015460208261016001015260208101905080610160526101609050602060c0825160208401600060025af161012157600080fd5b60c0519050606051600161014051018060405190131561014057600080fd5b809190121561014e57600080fd5b6020811061015b57600080fd5b600260c052602060c02001555b81516001018083528114156100a4575b505061127956600436101561000d576110f4565b600035601c52740100000000000000000000000000000000000000006020526f7fffffffffffffffffffffffffffffff6040527fffffffffffffffffffffffffffffffff8000000000000000000000000000000060605274012a05f1fffffffffffffffffffffffffdabf41c006080527ffffffffffffffffffffffffed5fa0e000000000000000000000000000000000060a052600015610286575b6101605261014052600061018052610140516101a0526101c060006008818352015b61018051600860008112156100e8578060000360020a82046100ef565b8060020a82025b905090506101805260ff6101a051166101e052610180516101e0516101805101101561011a57600080fd5b6101e0516101805101610180526101a0517ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff86000811215610163578060000360020a820461016a565b8060020a82025b905090506101a0525b81516001018083528114156100cb575b5050601860086020820661020001602082840111156101a157600080fd5b60208061022082610180600060046015f15050818152809050905090508051602001806102c0828460006004600a8704601201f16101de57600080fd5b50506102c05160206001820306601f82010390506103206102c0516020818352015b82610320511015156102115761022d565b6000610320516102e001535b8151600101808352811415610200575b50505060206102a05260406102c0510160206001820306601f8201039050610280525b6000610280511115156102625761027e565b602061028051036102a001516020610280510361028052610250565b610160515650005b63c5f2892f600051141561051857341561029f57600080fd5b6000610140526101405161016052600154610180526101a060006020818352015b60016001610180511614156103415760006101a051602081106102e257600080fd5b600060c052602060c02001546020826102400101526020810190506101605160208261024001015260208101905080610240526102409050602060c0825160208401600060025af161033357600080fd5b60c0519050610160526103af565b6000610160516020826101c00101526020810190506101a0516020811061036757600080fd5b600260c052602060c02001546020826101c0010152602081019050806101c0526101c09050602060c0825160208401600060025af16103a557600080fd5b60c0519050610160525b61018060026103bd57600080fd5b60028151048152505b81516001018083528114156102c0575b505060006101605160208261046001015260208101905061014051610160516101805163806732896102e0526001546103005261030051600658016100a9565b506103605260006103c0525b6103605160206001820306601f82010390506103c0511015156104445761045d565b6103c05161038001526103c0516020016103c052610422565b61018052610160526101405261036060088060208461046001018260208501600060046012f150508051820191505060006018602082066103e001602082840111156104a857600080fd5b60208061040082610140600060046015f150508181528090509050905060188060208461046001018260208501600060046014f150508051820191505080610460526104609050602060c0825160208401600060025af161050857600080fd5b60c051905060005260206000f350005b63621fd130600051141561062c57341561053157600080fd5b6380673289610140526001546101605261016051600658016100a9565b506101c0526000610220525b6101c05160206001820306601f82010390506102205110151561057c57610595565b610220516101e00152610220516020016102205261055a565b6101c0805160200180610280828460006004600a8704601201f16105b857600080fd5b50506102805160206001820306601f82010390506102e0610280516020818352015b826102e0511015156105eb57610607565b60006102e0516102a001535b81516001018083528114156105da575b5050506020610260526040610280510160206001820306601f8201039050610260f350005b632289511860005114156110f357605060043560040161014037603060043560040135111561065a57600080fd5b60406024356004016101c037602060243560040135111561067a57600080fd5b608060443560040161022037606060443560040135111561069a57600080fd5b63ffffffff600154106106ac57600080fd5b633b9aca006102e0526102e0516106c257600080fd5b6102e05134046102c052633b9aca006102c05110156106e057600080fd5b603061014051146106f057600080fd5b60206101c0511461070057600080fd5b6060610220511461071057600080fd5b610140610360525b6103605151602061036051016103605261036061036051101561073a57610718565b6380673289610380526102c0516103a0526103a051600658016100a9565b50610400526000610460525b6104005160206001820306601f8201039050610460511015156107865761079f565b6104605161042001526104605160200161046052610764565b610340610360525b61036051526020610360510361036052610140610360511015156107ca576107a7565b610400805160200180610300828460006004600a8704601201f16107ed57600080fd5b5050610140610480525b61048051516020610480510161048052610480610480511015610819576107f7565b63806732896104a0526001546104c0526104c051600658016100a9565b50610520526000610580525b6105205160206001820306601f8201039050610580511015156108645761087d565b6105805161054001526105805160200161058052610842565b610460610480525b61048051526020610480510361048052610140610480511015156108a857610885565b6105208051602001806105a0828460006004600a8704601201f16108cb57600080fd5b505060a06106205261062051610660526101408051602001806106205161066001828460006004600a8704601201f161090357600080fd5b505061062051610660015160206001820306601f82010390506106006106205161066001516040818352015b826106005110151561094057610961565b600061060051610620516106800101535b815160010180835281141561092f575b505050602061062051610660015160206001820306601f82010390506106205101016106205261062051610680526101c08051602001806106205161066001828460006004600a8704601201f16109b757600080fd5b505061062051610660015160206001820306601f82010390506106006106205161066001516020818352015b82610600511015156109f457610a15565b600061060051610620516106800101535b81516001018083528114156109e3575b505050602061062051610660015160206001820306601f820103905061062051010161062052610620516106a0526103008051602001806106205161066001828460006004600a8704601201f1610a6b57600080fd5b505061062051610660015160206001820306601f82010390506106006106205161066001516020818352015b8261060051101515610aa857610ac9565b600061060051610620516106800101535b8151600101808352811415610a97575b505050602061062051610660015160206001820306601f820103905061062051010161062052610620516106c0526102208051602001806106205161066001828460006004600a8704601201f1610b1f57600080fd5b505061062051610660015160206001820306601f82010390506106006106205161066001516060818352015b8261060051101515610b5c57610b7d565b600061060051610620516106800101535b8151600101808352811415610b4b575b505050602061062051610660015160206001820306601f820103905061062051010161062052610620516106e0526105a08051602001806106205161066001828460006004600a8704601201f1610bd357600080fd5b505061062051610660015160206001820306601f82010390506106006106205161066001516020818352015b8261060051101515610c1057610c31565b600061060051610620516106800101535b8151600101808352811415610bff575b505050602061062051610660015160206001820306601f8201039050610620510101610620527f649bbc62d0e31342afea4e5cd82d4049e7e1ee912fc0889aa790803be39038c561062051610660a160006107005260006101406030806020846107c001018260208501600060046016f150508051820191505060006010602082066107400160208284011115610cc757600080fd5b60208061076082610700600060046015f15050818152809050905090506010806020846107c001018260208501600060046013f1505080518201915050806107c0526107c09050602060c0825160208401600060025af1610d2757600080fd5b60c0519050610720526000600060406020820661086001610220518284011115610d5057600080fd5b606080610880826020602088068803016102200160006004601bf1505081815280905090509050602060c0825160208401600060025af1610d9057600080fd5b60c0519050602082610a600101526020810190506000604060206020820661092001610220518284011115610dc457600080fd5b606080610940826020602088068803016102200160006004601bf15050818152809050905090506020806020846109e001018260208501600060046015f1505080518201915050610700516020826109e0010152602081019050806109e0526109e09050602060c0825160208401600060025af1610e4157600080fd5b60c0519050602082610a6001015260208101905080610a6052610a609050602060c0825160208401600060025af1610e7857600080fd5b60c0519050610840526000600061072051602082610b000101526020810190506101c0602080602084610b0001018260208501600060046015f150508051820191505080610b0052610b009050602060c0825160208401600060025af1610ede57600080fd5b60c0519050602082610c800101526020810190506000610300600880602084610c0001018260208501600060046012f15050805182019150506000601860208206610b800160208284011115610f3357600080fd5b602080610ba082610700600060046015f1505081815280905090509050601880602084610c0001018260208501600060046014f150508051820191505061084051602082610c0001015260208101905080610c0052610c009050602060c0825160208401600060025af1610fa657600080fd5b60c0519050602082610c8001015260208101905080610c8052610c809050602060c0825160208401600060025af1610fdd57600080fd5b60c0519050610ae052606435610ae05114610ff757600080fd5b600180546001825401101561100b57600080fd5b6001815401815550600154610d0052610d2060006020818352015b60016001610d005116141561105b57610ae051610d20516020811061104a57600080fd5b600060c052602060c02001556110ef565b6000610d20516020811061106e57600080fd5b600060c052602060c0200154602082610d40010152602081019050610ae051602082610d4001015260208101905080610d4052610d409050602060c0825160208401600060025af16110bf57600080fd5b60c0519050610ae052610d0060026110d657600080fd5b60028151048152505b8151600101808352811415611026575b5050005b5b60006000fd5b61017f6112790361017f60003961017f611279036000f3"} \ No newline at end of file +{"abi": [{"name": "DepositEvent", "inputs": [{"type": "bytes", "name": "pubkey", "indexed": false}, {"type": "bytes", "name": "withdrawal_credentials", "indexed": false}, {"type": "bytes", "name": "amount", "indexed": false}, {"type": "bytes", "name": "signature", "indexed": false}, {"type": "bytes", "name": "index", "indexed": false}], "anonymous": false, "type": "event"}, {"outputs": [], "inputs": [], "constant": false, "payable": false, "type": "constructor"}, {"name": "get_deposit_root", "outputs": [{"type": "bytes32", "name": "out"}], "inputs": [], "constant": true, "payable": false, "type": "function", "gas": 95628}, {"name": "get_deposit_count", "outputs": [{"type": "bytes", "name": "out"}], "inputs": [], "constant": true, "payable": false, "type": "function", "gas": 18231}, {"name": "deposit", "outputs": [], "inputs": [{"type": "bytes", "name": "pubkey"}, {"type": "bytes", "name": "withdrawal_credentials"}, {"type": "bytes", "name": "signature"}, {"type": "bytes32", "name": "deposit_data_root"}], "constant": false, "payable": true, "type": "function", "gas": 1342274}], "bytecode": "0x740100000000000000000000000000000000000000006020526f7fffffffffffffffffffffffffffffff6040527fffffffffffffffffffffffffffffffff8000000000000000000000000000000060605274012a05f1fffffffffffffffffffffffffdabf41c006080527ffffffffffffffffffffffffed5fa0e000000000000000000000000000000000060a052341561009857600080fd5b6101406000601f818352015b600061014051602081106100b757600080fd5b600260c052602060c020015460208261016001015260208101905061014051602081106100e357600080fd5b600260c052602060c020015460208261016001015260208101905080610160526101609050602060c0825160208401600060025af161012157600080fd5b60c0519050606051600161014051018060405190131561014057600080fd5b809190121561014e57600080fd5b6020811061015b57600080fd5b600260c052602060c02001555b81516001018083528114156100a4575b505061123556600436101561000d576110b0565b600035601c52740100000000000000000000000000000000000000006020526f7fffffffffffffffffffffffffffffff6040527fffffffffffffffffffffffffffffffff8000000000000000000000000000000060605274012a05f1fffffffffffffffffffffffffdabf41c006080527ffffffffffffffffffffffffed5fa0e000000000000000000000000000000000060a05260001561027f575b6101605261014052600061018052610140516101a0526101c060006008818352015b61018051600860008112156100e8578060000360020a82046100ef565b8060020a82025b905090506101805260ff6101a051166101e052610180516101e0516101805101101561011a57600080fd5b6101e0516101805101610180526101a0517ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff86000811215610163578060000360020a820461016a565b8060020a82025b905090506101a0525b81516001018083528114156100cb575b5050601860086020820661020001602082840111156101a157600080fd5b60208061022082610180600060045af15050818152809050905090508051602001806102c08284600060045af16101d757600080fd5b50506102c05160206001820306601f82010390506103206102c0516020818352015b826103205110151561020a57610226565b6000610320516102e001535b81516001018083528114156101f9575b50505060206102a05260406102c0510160206001820306601f8201039050610280525b60006102805111151561025b57610277565b602061028051036102a001516020610280510361028052610249565b610160515650005b63c5f2892f600051141561050e57341561029857600080fd5b6000610140526101405161016052600154610180526101a060006020818352015b600160016101805116141561033a5760006101a051602081106102db57600080fd5b600060c052602060c02001546020826102400101526020810190506101605160208261024001015260208101905080610240526102409050602060c0825160208401600060025af161032c57600080fd5b60c0519050610160526103a8565b6000610160516020826101c00101526020810190506101a0516020811061036057600080fd5b600260c052602060c02001546020826101c0010152602081019050806101c0526101c09050602060c0825160208401600060025af161039e57600080fd5b60c0519050610160525b61018060026103b657600080fd5b60028151048152505b81516001018083528114156102b9575b505060006101605160208261046001015260208101905061014051610160516101805163806732896102e0526001546103005261030051600658016100a9565b506103605260006103c0525b6103605160206001820306601f82010390506103c05110151561043d57610456565b6103c05161038001526103c0516020016103c05261041b565b61018052610160526101405261036060088060208461046001018260208501600060045af150508051820191505060006018602082066103e001602082840111156104a057600080fd5b60208061040082610140600060045af150508181528090509050905060188060208461046001018260208501600060045af150508051820191505080610460526104609050602060c0825160208401600060025af16104fe57600080fd5b60c051905060005260206000f350005b63621fd130600051141561061c57341561052757600080fd5b6380673289610140526001546101605261016051600658016100a9565b506101c0526000610220525b6101c05160206001820306601f8201039050610220511015156105725761058b565b610220516101e001526102205160200161022052610550565b6101c08051602001806102808284600060045af16105a857600080fd5b50506102805160206001820306601f82010390506102e0610280516020818352015b826102e0511015156105db576105f7565b60006102e0516102a001535b81516001018083528114156105ca575b5050506020610260526040610280510160206001820306601f8201039050610260f350005b632289511860005114156110af57605060043560040161014037603060043560040135111561064a57600080fd5b60406024356004016101c037602060243560040135111561066a57600080fd5b608060443560040161022037606060443560040135111561068a57600080fd5b63ffffffff6001541061069c57600080fd5b633b9aca006102e0526102e0516106b257600080fd5b6102e05134046102c052633b9aca006102c05110156106d057600080fd5b603061014051146106e057600080fd5b60206101c051146106f057600080fd5b6060610220511461070057600080fd5b610140610360525b6103605151602061036051016103605261036061036051101561072a57610708565b6380673289610380526102c0516103a0526103a051600658016100a9565b50610400526000610460525b6104005160206001820306601f8201039050610460511015156107765761078f565b6104605161042001526104605160200161046052610754565b610340610360525b61036051526020610360510361036052610140610360511015156107ba57610797565b6104008051602001806103008284600060045af16107d757600080fd5b5050610140610480525b61048051516020610480510161048052610480610480511015610803576107e1565b63806732896104a0526001546104c0526104c051600658016100a9565b50610520526000610580525b6105205160206001820306601f82010390506105805110151561084e57610867565b610580516105400152610580516020016105805261082c565b610460610480525b61048051526020610480510361048052610140610480511015156108925761086f565b6105208051602001806105a08284600060045af16108af57600080fd5b505060a061062052610620516106605261014080516020018061062051610660018284600060045af16108e157600080fd5b505061062051610660015160206001820306601f82010390506106006106205161066001516040818352015b826106005110151561091e5761093f565b600061060051610620516106800101535b815160010180835281141561090d575b505050602061062051610660015160206001820306601f82010390506106205101016106205261062051610680526101c080516020018061062051610660018284600060045af161098f57600080fd5b505061062051610660015160206001820306601f82010390506106006106205161066001516020818352015b82610600511015156109cc576109ed565b600061060051610620516106800101535b81516001018083528114156109bb575b505050602061062051610660015160206001820306601f820103905061062051010161062052610620516106a05261030080516020018061062051610660018284600060045af1610a3d57600080fd5b505061062051610660015160206001820306601f82010390506106006106205161066001516020818352015b8261060051101515610a7a57610a9b565b600061060051610620516106800101535b8151600101808352811415610a69575b505050602061062051610660015160206001820306601f820103905061062051010161062052610620516106c05261022080516020018061062051610660018284600060045af1610aeb57600080fd5b505061062051610660015160206001820306601f82010390506106006106205161066001516060818352015b8261060051101515610b2857610b49565b600061060051610620516106800101535b8151600101808352811415610b17575b505050602061062051610660015160206001820306601f820103905061062051010161062052610620516106e0526105a080516020018061062051610660018284600060045af1610b9957600080fd5b505061062051610660015160206001820306601f82010390506106006106205161066001516020818352015b8261060051101515610bd657610bf7565b600061060051610620516106800101535b8151600101808352811415610bc5575b505050602061062051610660015160206001820306601f8201039050610620510101610620527f649bbc62d0e31342afea4e5cd82d4049e7e1ee912fc0889aa790803be39038c561062051610660a160006107005260006101406030806020846107c001018260208501600060045af150508051820191505060006010602082066107400160208284011115610c8c57600080fd5b60208061076082610700600060045af15050818152809050905090506010806020846107c001018260208501600060045af1505080518201915050806107c0526107c09050602060c0825160208401600060025af1610cea57600080fd5b60c0519050610720526000600060406020820661086001610220518284011115610d1357600080fd5b6060806108808260206020880688030161022001600060045af1505081815280905090509050602060c0825160208401600060025af1610d5257600080fd5b60c0519050602082610a600101526020810190506000604060206020820661092001610220518284011115610d8657600080fd5b6060806109408260206020880688030161022001600060045af15050818152809050905090506020806020846109e001018260208501600060045af1505080518201915050610700516020826109e0010152602081019050806109e0526109e09050602060c0825160208401600060025af1610e0157600080fd5b60c0519050602082610a6001015260208101905080610a6052610a609050602060c0825160208401600060025af1610e3857600080fd5b60c0519050610840526000600061072051602082610b000101526020810190506101c0602080602084610b0001018260208501600060045af150508051820191505080610b0052610b009050602060c0825160208401600060025af1610e9d57600080fd5b60c0519050602082610c800101526020810190506000610300600880602084610c0001018260208501600060045af15050805182019150506000601860208206610b800160208284011115610ef157600080fd5b602080610ba082610700600060045af1505081815280905090509050601880602084610c0001018260208501600060045af150508051820191505061084051602082610c0001015260208101905080610c0052610c009050602060c0825160208401600060025af1610f6257600080fd5b60c0519050602082610c8001015260208101905080610c8052610c809050602060c0825160208401600060025af1610f9957600080fd5b60c0519050610ae052606435610ae05114610fb357600080fd5b6001805460018254011015610fc757600080fd5b6001815401815550600154610d0052610d2060006020818352015b60016001610d005116141561101757610ae051610d20516020811061100657600080fd5b600060c052602060c02001556110ab565b6000610d20516020811061102a57600080fd5b600060c052602060c0200154602082610d40010152602081019050610ae051602082610d4001015260208101905080610d4052610d409050602060c0825160208401600060025af161107b57600080fd5b60c0519050610ae052610d00600261109257600080fd5b60028151048152505b8151600101808352811415610fe2575b5050005b5b60006000fd5b61017f6112350361017f60003961017f611235036000f3"} \ No newline at end of file diff --git a/deposit_contract/contracts/validator_registration.v.py b/deposit_contract/contracts/validator_registration.v.py index ca18cbdfd..671252e2e 100644 --- a/deposit_contract/contracts/validator_registration.v.py +++ b/deposit_contract/contracts/validator_registration.v.py @@ -1,4 +1,4 @@ -# Vyper target 0.1.0b13 +# Vyper target 0.1.0b13.hotfix1761 MIN_DEPOSIT_AMOUNT: constant(uint256) = 1000000000 # Gwei DEPOSIT_CONTRACT_TREE_DEPTH: constant(uint256) = 32 MAX_DEPOSIT_COUNT: constant(uint256) = 4294967295 # 2**DEPOSIT_CONTRACT_TREE_DEPTH - 1 diff --git a/deposit_contract/requirements-testing.txt b/deposit_contract/requirements-testing.txt index 9b07eae6f..fe4b88a23 100644 --- a/deposit_contract/requirements-testing.txt +++ b/deposit_contract/requirements-testing.txt @@ -1,5 +1,5 @@ eth-tester[py-evm]==0.1.0b39 -vyper==0.1.0b13 +https://github.com/vyperlang/vyper/archive/1761-HOTFIX-v0.1.0-beta.13.tar.gz web3==5.0.0b2 pytest==3.6.1 ../test_libs/pyspec From 331892ad15ac1a97bd64b1fdde432304988d9cdb Mon Sep 17 00:00:00 2001 From: Danny Ryan Date: Wed, 18 Dec 2019 13:30:02 -0700 Subject: [PATCH 15/46] bump version on despoit cache --- .circleci/config.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 19ab1543a..9ca22a0e1 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -48,13 +48,13 @@ commands: description: "Restore the cache with deposit_contract keys" steps: - restore_cached_venv: - venv_name: v6-deposit-contract + venv_name: v7-deposit-contract reqs_checksum: cache-{{ checksum "test_libs/pyspec/requirements.txt" }}-{{ checksum "deposit_contract/requirements-testing.txt" }} save_deposit_contract_cached_venv: description: Save a venv into a cache with deposit_contract keys" steps: - save_cached_venv: - venv_name: v6-deposit-contract + venv_name: v7-deposit-contract reqs_checksum: cache-{{ checksum "test_libs/pyspec/requirements.txt" }}-{{ checksum "deposit_contract/requirements-testing.txt" }} venv_path: ./deposit_contract/venv jobs: From 8a03e6d291caad8e4adcd37b4ae2b935768310ba Mon Sep 17 00:00:00 2001 From: Age Manning Date: Wed, 18 Dec 2019 10:08:52 +1100 Subject: [PATCH 16/46] Add gossipsub message-id specification --- specs/networking/p2p-interface.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/specs/networking/p2p-interface.md b/specs/networking/p2p-interface.md index 38e9b366b..2220740d9 100644 --- a/specs/networking/p2p-interface.md +++ b/specs/networking/p2p-interface.md @@ -212,6 +212,13 @@ Topics are plain UTF-8 strings and are encoded on the wire as determined by prot Each gossipsub [message](https://github.com/libp2p/go-libp2p-pubsub/blob/master/pb/rpc.proto#L17-L24) has a maximum size of `GOSSIP_MAX_SIZE`. Clients MUST reject (fail validation) messages that are over this size limit. Likewise, clients MUST NOT emit or propagate messages larger than this limit. +The message-id of a gossipsub message MUST be: + +```python + message-id: base64(SHA256(message.data)) +``` +where `base64` is the [URL-safe base64 alphabet](https://tools.ietf.org/html/rfc4648#section-3.2) with padding characters omitted. + The payload is carried in the `data` field of a gossipsub message, and varies depending on the topic: | Topic | Message Type | From 31d90ea7990ac90342a83df7b2fe154d57802f40 Mon Sep 17 00:00:00 2001 From: Danny Ryan Date: Wed, 18 Dec 2019 14:43:13 -0700 Subject: [PATCH 17/46] add p2p faq on why message-id override --- specs/networking/p2p-interface.md | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/specs/networking/p2p-interface.md b/specs/networking/p2p-interface.md index 2220740d9..7305a8b59 100644 --- a/specs/networking/p2p-interface.md +++ b/specs/networking/p2p-interface.md @@ -81,6 +81,7 @@ It consists of four main sections: - [How do we upgrade gossip channels (e.g. changes in encoding, compression)?](#how-do-we-upgrade-gossip-channels-eg-changes-in-encoding-compression) - [Why must all clients use the same gossip topic instead of one negotiated between each peer pair?](#why-must-all-clients-use-the-same-gossip-topic-instead-of-one-negotiated-between-each-peer-pair) - [Why are the topics strings and not hashes?](#why-are-the-topics-strings-and-not-hashes) + - [Why are we overriding the default libp2p pubsub `message-id`?](#why-are-we-overriding-the-default-libp2p-pubsub-message-id) - [Why are there `ATTESTATION_SUBNET_COUNT` attestation subnets?](#why-are-there-attestation_subnet_count-attestation-subnets) - [Why are attestations limited to be broadcast on gossip channels within `SLOTS_PER_EPOCH` slots?](#why-are-attestations-limited-to-be-broadcast-on-gossip-channels-within-slots_per_epoch-slots) - [Why are aggregate attestations broadcast to the global topic as `AggregateAndProof`s rather than just as `Attestation`s?](#why-are-aggregate-attestations-broadcast-to-the-global-topic-as-aggregateandproofs-rather-than-just-as-attestations) @@ -212,7 +213,7 @@ Topics are plain UTF-8 strings and are encoded on the wire as determined by prot Each gossipsub [message](https://github.com/libp2p/go-libp2p-pubsub/blob/master/pb/rpc.proto#L17-L24) has a maximum size of `GOSSIP_MAX_SIZE`. Clients MUST reject (fail validation) messages that are over this size limit. Likewise, clients MUST NOT emit or propagate messages larger than this limit. -The message-id of a gossipsub message MUST be: +The `message-id` of a gossipsub message MUST be: ```python message-id: base64(SHA256(message.data)) @@ -751,6 +752,16 @@ No security or privacy guarantees are lost as a result of choosing plaintext top Furthermore, the Eth2 topic names are shorter than their digest equivalents (assuming SHA-256 hash), so hashing topics would bloat messages unnecessarily. +## Why are we overriding the default libp2p pubsub `message-id`? + +For our current purposes, there is no need to address messages based on source peer, and it seems likely we might even override the message `from` to obfuscate the peer. By overriding the default `message-id` to use content-addressing we can filter unnecessary duplicates before hitting the application layer. + +Some examples of where messages could be duplicated: + +* A validator client connected to multiple beacon nodes publishing duplicate gossip messages +* Attestation aggregation strategies where clients partially aggregate attestations and propagate them. Partial aggregates could be duplicated +* Clients re-publishing seen messages + ### Why are there `ATTESTATION_SUBNET_COUNT` attestation subnets? Depending on the number of validators, it may be more efficient to group shard subnets and might provide better stability for the gossipsub channel. The exact grouping will be dependent on more involved network tests. This constant allows for more flexibility in setting up the network topology for attestation aggregation (as aggregation should happen on each subnet). The value is currently set to to be equal `MAX_COMMITTEES_PER_SLOT` until network tests indicate otherwise. From 01a2ef8158bbb9de7a849bb61fac3129f61254fd Mon Sep 17 00:00:00 2001 From: Danny Ryan Date: Wed, 18 Dec 2019 16:36:28 -0700 Subject: [PATCH 18/46] fix vyper custom build link and bump pycryptodome version --- deposit_contract/requirements-testing.txt | 2 +- test_libs/pyspec/requirements.txt | 2 +- test_libs/pyspec/setup.py | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/deposit_contract/requirements-testing.txt b/deposit_contract/requirements-testing.txt index fe4b88a23..c542121c2 100644 --- a/deposit_contract/requirements-testing.txt +++ b/deposit_contract/requirements-testing.txt @@ -1,5 +1,5 @@ eth-tester[py-evm]==0.1.0b39 -https://github.com/vyperlang/vyper/archive/1761-HOTFIX-v0.1.0-beta.13.tar.gz +git+https://github.com/vyperlang/vyper@1761-HOTFIX-v0.1.0-beta.13 web3==5.0.0b2 pytest==3.6.1 ../test_libs/pyspec diff --git a/test_libs/pyspec/requirements.txt b/test_libs/pyspec/requirements.txt index 480602779..8dfbccf66 100644 --- a/test_libs/pyspec/requirements.txt +++ b/test_libs/pyspec/requirements.txt @@ -1,6 +1,6 @@ eth-utils>=1.3.0,<2 eth-typing>=2.1.0,<3.0.0 -pycryptodome==3.7.3 +pycryptodome==3.9.4 py_ecc==1.7.1 dataclasses==0.6 ssz==0.1.3 diff --git a/test_libs/pyspec/setup.py b/test_libs/pyspec/setup.py index 94575f2a1..d41412eb8 100644 --- a/test_libs/pyspec/setup.py +++ b/test_libs/pyspec/setup.py @@ -7,7 +7,7 @@ setup( install_requires=[ "eth-utils>=1.3.0,<2", "eth-typing>=2.1.0,<3.0.0", - "pycryptodome==3.7.3", + "pycryptodome==3.9.4", "py_ecc==1.7.1", "ssz==0.1.3", "dataclasses==0.6", From c4b23590d402f4e1bae811601a779359cf10e14e Mon Sep 17 00:00:00 2001 From: Chih Cheng Liang Date: Thu, 19 Dec 2019 18:46:15 +0800 Subject: [PATCH 19/46] Add a note on requesting STATUS again --- specs/networking/p2p-interface.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/specs/networking/p2p-interface.md b/specs/networking/p2p-interface.md index 38e9b366b..9bcfe6aae 100644 --- a/specs/networking/p2p-interface.md +++ b/specs/networking/p2p-interface.md @@ -437,6 +437,8 @@ Clients SHOULD immediately disconnect from one another following the handshake a Once the handshake completes, the client with the lower `finalized_epoch` or `head_slot` (if the clients have equal `finalized_epoch`s) SHOULD request beacon blocks from its counterparty via the `BeaconBlocksByRange` request. +*Note*: Under bad network condition or after some rounds of `BeaconBlocksByRange` requests, the client might need to send `Status` request again to learn if the peer has a higher head. Implementers are free to implement such behavior in their own way. + #### Goodbye **Protocol ID:** ``/eth2/beacon_chain/req/goodbye/1/`` From 42a3dd4ab1b435cda8f77c8820b93f2545dbb3b7 Mon Sep 17 00:00:00 2001 From: Carl Beekhuizen Date: Thu, 19 Dec 2019 15:47:42 +0200 Subject: [PATCH 20/46] Implement @djrtwo's review suggestions --- specs/core/0_beacon-chain.md | 11 ++++------- specs/light_client/sync_protocol.md | 5 +++-- specs/validator/0_beacon-chain-validator.md | 2 +- test_libs/pyspec/eth2spec/utils/bls.py | 8 +------- 4 files changed, 9 insertions(+), 17 deletions(-) diff --git a/specs/core/0_beacon-chain.md b/specs/core/0_beacon-chain.md index f3e10c9be..d1371483a 100644 --- a/specs/core/0_beacon-chain.md +++ b/specs/core/0_beacon-chain.md @@ -591,7 +591,6 @@ Specifically, eth2 uses the `BLS_SIG_BLS12381G2-SHA256-SSWU-RO-_POP_` ciphersuit * `def Sign(SK: int, message: Bytes) -> BLSSignature` * `def Verify(PK: BLSPubkey, message: Bytes, signature: BLSSignature) -> bool` * `def Aggregate(signatures: Sequence[BLSSignature]) -> BLSSignature` -* `def bls_aggregate_pubkeys(PKs: Sequence[BLSPubkey]) -> BLSPubkey` * `def FastAggregateVerify(PKs: Sequence[BLSSignature], message: Bytes, signature: BLSSignature) -> bool` ### Predicates @@ -799,9 +798,9 @@ def compute_domain(domain_type: DomainType, fork_version: Version=Version()) -> ### `compute_domain_wrapper_root` ```python -def compute_domain_wrapper_root(object: SSZObject, domain: Domain) -> Root: +def compute_domain_wrapper_root(ssz_object: SSZObject, domain: Domain) -> Root: domain_wrapped_object = DomainWrapper( - root=hash_tree_root(object), + root=hash_tree_root(ssz_object), domain=domain, ) return hash_tree_root(domain_wrapped_object) @@ -1497,10 +1496,8 @@ def process_proposer_slashing(state: BeaconState, proposer_slashing: ProposerSla assert is_slashable_validator(proposer, get_current_epoch(state)) # Signatures are valid for signed_header in (proposer_slashing.signed_header_1, proposer_slashing.signed_header_2): - message = compute_domain_wrapper_root( - object=signed_header.message, - domain=get_domain(state, DOMAIN_BEACON_PROPOSER, compute_epoch_at_slot(signed_header.message.slot)), - ) + domain = get_domain(state, DOMAIN_BEACON_PROPOSER, compute_epoch_at_slot(signed_header.message.slot)) + message = compute_domain_wrapper_root(signed_header.message, domain) assert Verify(proposer.pubkey, message, signed_header.signature) slash_validator(state, proposer_slashing.proposer_index) diff --git a/specs/light_client/sync_protocol.md b/specs/light_client/sync_protocol.md index 05180516b..fd3fe2eb5 100644 --- a/specs/light_client/sync_protocol.md +++ b/specs/light_client/sync_protocol.md @@ -135,9 +135,10 @@ def update_memory(memory: LightClientMemory, update: LightClientUpdate) -> None: assert 3 * sum(filter(lambda i: update.aggregation_bits[i], balances)) > 2 * sum(balances) # Verify shard attestations - pubkey = bls_aggregate_pubkeys(filter(lambda i: update.aggregation_bits[i], pubkeys)) + pubkeys = filter(lambda i: update.aggregation_bits[i], pubkeys) domain = compute_domain(DOMAIN_SHARD_ATTESTER, update.fork_version) - assert bls_verify(pubkey, update.shard_block_root, update.signature, domain) + message = compute_domain_wrapper_root(update.shard_block_root, domain) + assert FastAggregateVerify(pubkey, message, update.signature) # Update period committees if entering a new period if next_period == current_period + 1: diff --git a/specs/validator/0_beacon-chain-validator.md b/specs/validator/0_beacon-chain-validator.md index 5e80e84a6..bb53946e0 100644 --- a/specs/validator/0_beacon-chain-validator.md +++ b/specs/validator/0_beacon-chain-validator.md @@ -312,7 +312,7 @@ def compute_new_state_root(state: BeaconState, block: BeaconBlock) -> Root: ```python def get_block_signature(state: BeaconState, header: BeaconBlockHeader, privkey: int) -> BLSSignature: domain = get_domain(state, DOMAIN_BEACON_PROPOSER, compute_epoch_at_slot(header.slot)) - message = compute_domain_wrapper_root(compute_epoch_at_slot(header), domain) + message = compute_domain_wrapper_root(header, domain) return Sign(privkey, message) ``` diff --git a/test_libs/pyspec/eth2spec/utils/bls.py b/test_libs/pyspec/eth2spec/utils/bls.py index 6aba2c35a..4b0ed6445 100644 --- a/test_libs/pyspec/eth2spec/utils/bls.py +++ b/test_libs/pyspec/eth2spec/utils/bls.py @@ -38,11 +38,6 @@ def FastAggregateVerify(PKs, message, signature): return bls.verify(pubkey=aggregate_pubkey, message_hash=message, signature=signature, domain=b'') -# @only_with_bls(alt_return=STUB_PUBKEY) -# def bls_aggregate_pubkeys(PKs): -# return bls.aggregate_pubkeys(PKs) - - @only_with_bls(alt_return=STUB_SIGNATURE) def Aggregate(signatures): return bls.aggregate_signatures(signatures) @@ -50,8 +45,7 @@ def Aggregate(signatures): @only_with_bls(alt_return=STUB_SIGNATURE) def Sign(SK, message): - return bls.sign(message_hash=message, privkey=SK, - domain=b'') + return bls.sign(message_hash=message, privkey=SK, domain=b'') @only_with_bls(alt_return=STUB_COORDINATES) From 62cbd0e7da372317a333df6a88337314d74d1cc8 Mon Sep 17 00:00:00 2001 From: Carl Beekhuizen Date: Thu, 19 Dec 2019 15:49:10 +0200 Subject: [PATCH 21/46] Revert domain 6 -> 5 to prevent confusion --- specs/core/1_custody-game.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/specs/core/1_custody-game.md b/specs/core/1_custody-game.md index 0e3138a29..d6c79c96d 100644 --- a/specs/core/1_custody-game.md +++ b/specs/core/1_custody-game.md @@ -131,7 +131,7 @@ The following types are defined, mapping into `DomainType` (little endian): | Name | Value | | - | - | -| `DOMAIN_CUSTODY_BIT_CHALLENGE` | `0x05000000` | +| `DOMAIN_CUSTODY_BIT_CHALLENGE` | `0x06000000` | ### TODO PLACEHOLDER From 2de5119cfe64eacc5310d9c512607c62499ab383 Mon Sep 17 00:00:00 2001 From: protolambda Date: Thu, 19 Dec 2019 17:31:58 +0100 Subject: [PATCH 22/46] fix two missing pre-states, and fix unsigned block --- test_libs/pyspec/eth2spec/test/sanity/test_blocks.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/test_libs/pyspec/eth2spec/test/sanity/test_blocks.py b/test_libs/pyspec/eth2spec/test/sanity/test_blocks.py index c2f980ba0..c32f4c583 100644 --- a/test_libs/pyspec/eth2spec/test/sanity/test_blocks.py +++ b/test_libs/pyspec/eth2spec/test/sanity/test_blocks.py @@ -83,7 +83,7 @@ def test_invalid_state_root(spec, state): expect_assertion_error(lambda: spec.state_transition(state, signed_block)) - yield 'blocks', [block] + yield 'blocks', [signed_block] yield 'post', None @@ -91,6 +91,8 @@ def test_invalid_state_root(spec, state): @spec_state_test @always_bls def test_zero_block_sig(spec, state): + yield 'pre', state + block = build_empty_block_for_next_slot(spec, state) invalid_signed_block = spec.SignedBeaconBlock(message=block) expect_assertion_error(lambda: spec.state_transition(state, invalid_signed_block)) @@ -103,6 +105,8 @@ def test_zero_block_sig(spec, state): @spec_state_test @always_bls def test_invalid_block_sig(spec, state): + yield 'pre', state + block = build_empty_block_for_next_slot(spec, state) invalid_signed_block = spec.SignedBeaconBlock( message=block, From e34d22e4f81e7dbcdaacebdf25a05e0a691428d6 Mon Sep 17 00:00:00 2001 From: Danny Ryan Date: Thu, 19 Dec 2019 14:04:45 -0700 Subject: [PATCH 23/46] bad -> abnormal --- specs/networking/p2p-interface.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/specs/networking/p2p-interface.md b/specs/networking/p2p-interface.md index 9bcfe6aae..6bdcc1233 100644 --- a/specs/networking/p2p-interface.md +++ b/specs/networking/p2p-interface.md @@ -437,7 +437,7 @@ Clients SHOULD immediately disconnect from one another following the handshake a Once the handshake completes, the client with the lower `finalized_epoch` or `head_slot` (if the clients have equal `finalized_epoch`s) SHOULD request beacon blocks from its counterparty via the `BeaconBlocksByRange` request. -*Note*: Under bad network condition or after some rounds of `BeaconBlocksByRange` requests, the client might need to send `Status` request again to learn if the peer has a higher head. Implementers are free to implement such behavior in their own way. +*Note*: Under abnormal network condition or after some rounds of `BeaconBlocksByRange` requests, the client might need to send `Status` request again to learn if the peer has a higher head. Implementers are free to implement such behavior in their own way. #### Goodbye From 1e410a1290aac7fbe118cfb3b2577fa4f3b4cdc9 Mon Sep 17 00:00:00 2001 From: Carl Beekhuizen Date: Fri, 20 Dec 2019 08:12:43 +0200 Subject: [PATCH 24/46] Fix typo due to change of interface Co-Authored-By: Danny Ryan --- specs/light_client/sync_protocol.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/specs/light_client/sync_protocol.md b/specs/light_client/sync_protocol.md index fd3fe2eb5..ff1ab0f0c 100644 --- a/specs/light_client/sync_protocol.md +++ b/specs/light_client/sync_protocol.md @@ -138,7 +138,7 @@ def update_memory(memory: LightClientMemory, update: LightClientUpdate) -> None: pubkeys = filter(lambda i: update.aggregation_bits[i], pubkeys) domain = compute_domain(DOMAIN_SHARD_ATTESTER, update.fork_version) message = compute_domain_wrapper_root(update.shard_block_root, domain) - assert FastAggregateVerify(pubkey, message, update.signature) + assert FastAggregateVerify(pubkeys, message, update.signature) # Update period committees if entering a new period if next_period == current_period + 1: From 7af4429011dd12c3e4102a55f4bee1a0ba85da52 Mon Sep 17 00:00:00 2001 From: Carl Beekhuizen Date: Fri, 20 Dec 2019 08:41:46 +0200 Subject: [PATCH 25/46] Make bls a module --- scripts/build_spec.py | 14 ++------------ specs/core/0_beacon-chain.md | 18 +++++++++--------- specs/core/1_custody-game.md | 10 +++++----- specs/core/1_shard-data-chains.md | 4 ++-- specs/light_client/sync_protocol.md | 2 +- specs/validator/0_beacon-chain-validator.md | 10 +++++----- .../eth2spec/test/helpers/attestations.py | 6 +++--- .../pyspec/eth2spec/test/helpers/block.py | 7 ++++--- .../eth2spec/test/helpers/block_header.py | 4 ++-- .../pyspec/eth2spec/test/helpers/custody.py | 12 ++++++------ .../pyspec/eth2spec/test/helpers/deposits.py | 4 ++-- .../test/helpers/phase1/attestations.py | 9 +++------ .../test/helpers/phase1/shard_block.py | 8 +++----- .../eth2spec/test/helpers/voluntary_exits.py | 4 ++-- .../pyspec/eth2spec/test/sanity/test_blocks.py | 6 +++--- test_libs/pyspec/eth2spec/utils/bls.py | 2 +- 16 files changed, 53 insertions(+), 67 deletions(-) diff --git a/scripts/build_spec.py b/scripts/build_spec.py index dcb530302..42d5a81d0 100644 --- a/scripts/build_spec.py +++ b/scripts/build_spec.py @@ -24,12 +24,7 @@ from eth2spec.utils.ssz.ssz_typing import ( boolean, Container, List, Vector, uint64, SSZType, Bytes1, Bytes4, Bytes8, Bytes32, Bytes48, Bytes96, Bitlist, Bitvector, ) -from eth2spec.utils.bls import ( - Sign, - Verify, - Aggregate, - FastAggregateVerify, -) +from eth2spec.utils import bls from eth2spec.utils.hash_function import hash @@ -57,12 +52,7 @@ from eth2spec.utils.ssz.ssz_typing import ( Bytes1, Bytes4, Bytes8, Bytes32, Bytes48, Bytes96, uint64, bit, boolean, byte, ) -from eth2spec.utils.bls import ( - Verify, - AggregateVerify, - FastAggregateVerify, - bls_signature_to_G2, -) +from eth2spec.utils import bls from eth2spec.utils.hash_function import hash diff --git a/specs/core/0_beacon-chain.md b/specs/core/0_beacon-chain.md index d1371483a..9c39801a6 100644 --- a/specs/core/0_beacon-chain.md +++ b/specs/core/0_beacon-chain.md @@ -584,15 +584,15 @@ def bytes_to_int(data: bytes) -> uint64: #### BLS Signatures -Eth2 makes use of BLS signatures as specified in the [IETF draft BLS specification](https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-00). - -Specifically, eth2 uses the `BLS_SIG_BLS12381G2-SHA256-SSWU-RO-_POP_` ciphersuite where it makes use of the following functions: +Eth2 makes use of BLS signatures as specified in the [IETF draft BLS specification](https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-00). Specifically, eth2 uses the `BLS_SIG_BLS12381G2-SHA256-SSWU-RO-_POP_` ciphersuite which implements the following interfaces: * `def Sign(SK: int, message: Bytes) -> BLSSignature` * `def Verify(PK: BLSPubkey, message: Bytes, signature: BLSSignature) -> bool` * `def Aggregate(signatures: Sequence[BLSSignature]) -> BLSSignature` * `def FastAggregateVerify(PKs: Sequence[BLSSignature], message: Bytes, signature: BLSSignature) -> bool` +Within these specifications, BLS signatures are treated as a module for notational clarity, thus to verify a signature `bls.Verify(...)` is used. + ### Predicates #### `is_active_validator` @@ -677,7 +677,7 @@ def is_valid_indexed_attestation(state: BeaconState, indexed_attestation: Indexe pubkeys = [state.validators[i].pubkey for i in indices] domain = get_domain(state, DOMAIN_BEACON_ATTESTER, indexed_attestation.data.target.epoch) message = compute_domain_wrapper_root(indexed_attestation.data, domain) - return FastAggregateVerify(pubkeys, message, indexed_attestation.signature) + return bls.FastAggregateVerify(pubkeys, message, indexed_attestation.signature) ``` #### `is_valid_merkle_branch` @@ -1149,7 +1149,7 @@ def state_transition(state: BeaconState, signed_block: SignedBeaconBlock, valida def verify_block_signature(state: BeaconState, signed_block: SignedBeaconBlock) -> bool: proposer = state.validators[get_beacon_proposer_index(state)] message = compute_domain_wrapper_root(signed_block.message, get_domain(state, DOMAIN_BEACON_PROPOSER)) - return Verify(proposer.pubkey, message, signed_block.signature) + return bls.Verify(proposer.pubkey, message, signed_block.signature) ``` ```python @@ -1449,7 +1449,7 @@ def process_randao(state: BeaconState, body: BeaconBlockBody) -> None: # Verify RANDAO reveal proposer = state.validators[get_beacon_proposer_index(state)] message = compute_domain_wrapper_root(epoch, get_domain(state, DOMAIN_RANDAO)) - assert Verify(proposer.pubkey, message, body.randao_reveal) + assert bls.Verify(proposer.pubkey, message, body.randao_reveal) # Mix in RANDAO reveal mix = xor(get_randao_mix(state, epoch), hash(body.randao_reveal)) state.randao_mixes[epoch % EPOCHS_PER_HISTORICAL_VECTOR] = mix @@ -1498,7 +1498,7 @@ def process_proposer_slashing(state: BeaconState, proposer_slashing: ProposerSla for signed_header in (proposer_slashing.signed_header_1, proposer_slashing.signed_header_2): domain = get_domain(state, DOMAIN_BEACON_PROPOSER, compute_epoch_at_slot(signed_header.message.slot)) message = compute_domain_wrapper_root(signed_header.message, domain) - assert Verify(proposer.pubkey, message, signed_header.signature) + assert bls.Verify(proposer.pubkey, message, signed_header.signature) slash_validator(state, proposer_slashing.proposer_index) ``` @@ -1581,7 +1581,7 @@ def process_deposit(state: BeaconState, deposit: Deposit) -> None: withdrawal_credentials=deposit.data.withdrawal_credentials, amount=deposit.data.amount) message = compute_domain_wrapper_root(deposit_message, compute_domain(DOMAIN_DEPOSIT)) - if not Verify(pubkey, message, deposit.data.signature): + if not bls.Verify(pubkey, message, deposit.data.signature): return # Add validator and balance entries @@ -1618,7 +1618,7 @@ def process_voluntary_exit(state: BeaconState, signed_voluntary_exit: SignedVolu # Verify signature domain = get_domain(state, DOMAIN_VOLUNTARY_EXIT, voluntary_exit.epoch) message = compute_domain_wrapper_root(voluntary_exit, domain) - assert Verify(validator.pubkey, message, signed_voluntary_exit.signature) + assert bls.Verify(validator.pubkey, message, signed_voluntary_exit.signature) # Initiate exit initiate_validator_exit(state, voluntary_exit.validator_index) ``` diff --git a/specs/core/1_custody-game.md b/specs/core/1_custody-game.md index d6c79c96d..7f94706e0 100644 --- a/specs/core/1_custody-game.md +++ b/specs/core/1_custody-game.md @@ -353,7 +353,7 @@ def custody_subchunkify(bytez: bytes) -> Sequence[bytes]: ```python def get_custody_chunk_bit(key: BLSSignature, chunk: bytes) -> bool: - full_G2_element = bls_signature_to_G2(key) + full_G2_element = bls.signature_to_G2(key) s = full_G2_element[0].coeffs bits = [legendre_bit((i + 1) * s[i % 2] + int.from_bytes(subchunk, "little"), BLS12_381_Q) for i, subchunk in enumerate(custody_subchunkify(chunk))] @@ -431,7 +431,7 @@ def process_custody_key_reveal(state: BeaconState, reveal: CustodyKeyReveal) -> # Verify signature domain = get_domain(state, DOMAIN_RANDAO, epoch_to_sign) message = compute_domain_wrapper_root(epoch_to_sign, domain) - assert Verify(revealer.pubkey, message, reveal.reveal) + assert bls.Verify(revealer.pubkey, message, reveal.reveal) # Decrement max reveal lateness if response is timely if epoch_to_sign + EPOCHS_PER_CUSTODY_PERIOD >= get_current_epoch(state): @@ -485,7 +485,7 @@ def process_early_derived_secret_reveal(state: BeaconState, reveal: EarlyDerived messages = [compute_domain_wrapper_root(message, domain) for message in [hash_tree_root(reveal.epoch), reveal.mask]] - assert AggregateVerify(pubkeys, messages, reveal.reveal) + assert bls.AggregateVerify(pubkeys, messages, reveal.reveal) if reveal.epoch >= get_current_epoch(state) + CUSTODY_PERIOD_TO_RANDAO_PADDING: # Full slashing when the secret was revealed so early it may be a valid custody @@ -582,7 +582,7 @@ def process_bit_challenge(state: BeaconState, challenge: CustodyBitChallenge) -> challenger = state.validators[challenge.challenger_index] domain = get_domain(state, DOMAIN_CUSTODY_BIT_CHALLENGE, get_current_epoch(state)) # TODO incorrect hash-tree-root, but this changes with phase 1 PR #1483 - assert Verify(challenger.pubkey, compute_domain_wrapper_root(challenge, domain), challenge.signature) + assert bls.Verify(challenger.pubkey, compute_domain_wrapper_root(challenge, domain), challenge.signature) # Verify challenger is slashable assert is_slashable_validator(challenger, get_current_epoch(state)) # Verify attestation @@ -606,7 +606,7 @@ def process_bit_challenge(state: BeaconState, challenge: CustodyBitChallenge) -> challenge.responder_index, ) domain = get_domain(state, DOMAIN_RANDAO, epoch_to_sign) - assert Verify(responder.pubkey, compute_domain_wrapper_root(epoch_to_sign, domain), challenge.responder_key) + assert bls.Verify(responder.pubkey, compute_domain_wrapper_root(epoch_to_sign, domain), challenge.responder_key) # Verify the chunk count chunk_count = get_custody_chunk_count(attestation.data.crosslink) assert chunk_count == len(challenge.chunk_bits) diff --git a/specs/core/1_shard-data-chains.md b/specs/core/1_shard-data-chains.md index 806da26f3..44d14ec8c 100644 --- a/specs/core/1_shard-data-chains.md +++ b/specs/core/1_shard-data-chains.md @@ -386,7 +386,7 @@ def process_shard_block_header(beacon_state: BeaconState, shard_state: ShardStat assert not proposer.slashed # Verify proposer signature domain = get_domain(beacon_state, DOMAIN_SHARD_PROPOSER, compute_epoch_of_shard_slot(block.slot)) - assert Verify(proposer.pubkey, compute_domain_wrapper_root(block, domain), block.signature) + assert bls.Verify(proposer.pubkey, compute_domain_wrapper_root(block, domain), block.signature) ``` #### Attestations @@ -408,7 +408,7 @@ def process_shard_attestations(beacon_state: BeaconState, shard_state: ShardStat domain = get_domain(beacon_state, DOMAIN_SHARD_ATTESTER, compute_epoch_of_shard_slot(block.slot)) shard_attestation_data = ShardAttestationData(slot=shard_state.slot, parent_root=block.parent_root) message = compute_domain_wrapper_root(shard_attestation_data, domain) - assert FastAggregateVerify(pubkeys, message, block.attestations) + assert bls.FastAggregateVerify(pubkeys, message, block.attestations) # Proposer micro-reward proposer_index = get_shard_proposer_index(beacon_state, shard_state.shard, block.slot) reward = attestation_count * get_base_reward(beacon_state, proposer_index) // PROPOSER_REWARD_QUOTIENT diff --git a/specs/light_client/sync_protocol.md b/specs/light_client/sync_protocol.md index ff1ab0f0c..de4f0be7c 100644 --- a/specs/light_client/sync_protocol.md +++ b/specs/light_client/sync_protocol.md @@ -138,7 +138,7 @@ def update_memory(memory: LightClientMemory, update: LightClientUpdate) -> None: pubkeys = filter(lambda i: update.aggregation_bits[i], pubkeys) domain = compute_domain(DOMAIN_SHARD_ATTESTER, update.fork_version) message = compute_domain_wrapper_root(update.shard_block_root, domain) - assert FastAggregateVerify(pubkeys, message, update.signature) + assert bls.FastAggregateVerify(pubkeys, message, update.signature) # Update period committees if entering a new period if next_period == current_period + 1: diff --git a/specs/validator/0_beacon-chain-validator.md b/specs/validator/0_beacon-chain-validator.md index bb53946e0..3bd3e1f22 100644 --- a/specs/validator/0_beacon-chain-validator.md +++ b/specs/validator/0_beacon-chain-validator.md @@ -235,7 +235,7 @@ Set `block.body.randao_reveal = epoch_signature` where `epoch_signature` is obta def get_epoch_signature(state: BeaconState, block: BeaconBlock, privkey: int) -> BLSSignature: domain = get_domain(state, DOMAIN_RANDAO, compute_epoch_at_slot(block.slot)) message = compute_domain_wrapper_root(compute_epoch_at_slot(block.slot), domain) - return Sign(privkey, message) + return bls.Sign(privkey, message) ``` ##### Eth1 Data @@ -313,7 +313,7 @@ def compute_new_state_root(state: BeaconState, block: BeaconBlock) -> Root: def get_block_signature(state: BeaconState, header: BeaconBlockHeader, privkey: int) -> BLSSignature: domain = get_domain(state, DOMAIN_BEACON_PROPOSER, compute_epoch_at_slot(header.slot)) message = compute_domain_wrapper_root(header, domain) - return Sign(privkey, message) + return bls.Sign(privkey, message) ``` ### Attesting @@ -372,7 +372,7 @@ Set `attestation.signature = signed_attestation_data` where `signed_attestation_ def get_signed_attestation_data(state: BeaconState, attestation: IndexedAttestation, privkey: int) -> BLSSignature: domain = get_domain(state, DOMAIN_BEACON_ATTESTER, attestation.data.target.epoch) message = compute_domain_wrapper_root(attestation.data, domain) - return Sign(privkey, message) + return bls.Sign(privkey, message) ``` #### Broadcast attestation @@ -391,7 +391,7 @@ A validator is selected to aggregate based upon the return value of `is_aggregat def get_slot_signature(state: BeaconState, slot: Slot, privkey: int) -> BLSSignature: domain = get_domain(state, DOMAIN_BEACON_ATTESTER, compute_epoch_at_slot(slot)) message = compute_domain_wrapper_root(slot, domain) - return Sign(privkey, message) + return bls.Sign(privkey, message) ``` ```python @@ -422,7 +422,7 @@ Set `aggregate_attestation.signature = aggregate_signature` where `aggregate_sig ```python def get_aggregate_signature(attestations: Sequence[Attestation]) -> BLSSignature: signatures = [attestation.signature for attestation in attestations] - return Aggregate(signatures) + return bls.Aggregate(signatures) ``` #### Broadcast aggregate diff --git a/test_libs/pyspec/eth2spec/test/helpers/attestations.py b/test_libs/pyspec/eth2spec/test/helpers/attestations.py index 03ebb7b9b..1082b7045 100644 --- a/test_libs/pyspec/eth2spec/test/helpers/attestations.py +++ b/test_libs/pyspec/eth2spec/test/helpers/attestations.py @@ -3,7 +3,7 @@ from typing import List from eth2spec.test.helpers.block import build_empty_block_for_next_slot, transition_unsigned_block, \ build_empty_block from eth2spec.test.helpers.keys import privkeys -from eth2spec.utils.bls import Sign, Aggregate +from eth2spec.utils import bls from eth2spec.utils.ssz.ssz_typing import Bitlist @@ -77,7 +77,7 @@ def sign_aggregate_attestation(spec, state, attestation_data, participants: List privkey ) ) - return Aggregate(signatures) + return bls.Aggregate(signatures) def sign_indexed_attestation(spec, state, indexed_attestation): @@ -98,7 +98,7 @@ def sign_attestation(spec, state, attestation): def get_attestation_signature(spec, state, attestation_data, privkey): domain = spec.get_domain(state, spec.DOMAIN_BEACON_ATTESTER, attestation_data.target.epoch) message = spec.compute_domain_wrapper_root(attestation_data, domain) - return Sign(privkey, message) + return bls.Sign(privkey, message) def fill_aggregate_attestation(spec, state, attestation, signed=False): diff --git a/test_libs/pyspec/eth2spec/test/helpers/block.py b/test_libs/pyspec/eth2spec/test/helpers/block.py index 6d22dd545..13669049f 100644 --- a/test_libs/pyspec/eth2spec/test/helpers/block.py +++ b/test_libs/pyspec/eth2spec/test/helpers/block.py @@ -1,7 +1,8 @@ from copy import deepcopy from eth2spec.test.helpers.keys import privkeys -from eth2spec.utils.bls import Sign, only_with_bls +from eth2spec.utils import bls +from eth2spec.utils.bls import only_with_bls from eth2spec.utils.ssz.ssz_impl import hash_tree_root @@ -30,7 +31,7 @@ def apply_randao_reveal(spec, state, block, proposer_index=None): domain = spec.get_domain(state, spec.DOMAIN_RANDAO, spec.compute_epoch_at_slot(block.slot)) message = spec.compute_domain_wrapper_root(spec.compute_epoch_at_slot(block.slot), domain) - block.body.randao_reveal = Sign(privkey, message) + block.body.randao_reveal = bls.Sign(privkey, message) # Fully ignore the function if BLS is off, beacon-proposer index calculation is slow. @@ -43,7 +44,7 @@ def apply_sig(spec, state, signed_block, proposer_index=None): domain = spec.get_domain(state, spec.DOMAIN_BEACON_PROPOSER, spec.compute_epoch_at_slot(block.slot)) message = spec.compute_domain_wrapper_root(block, domain) - signed_block.signature = Sign(privkey, message) + signed_block.signature = bls.Sign(privkey, message) def sign_block(spec, state, block, proposer_index=None): diff --git a/test_libs/pyspec/eth2spec/test/helpers/block_header.py b/test_libs/pyspec/eth2spec/test/helpers/block_header.py index 926cebee9..4f9f88644 100644 --- a/test_libs/pyspec/eth2spec/test/helpers/block_header.py +++ b/test_libs/pyspec/eth2spec/test/helpers/block_header.py @@ -1,4 +1,4 @@ -from eth2spec.utils.bls import Sign +from eth2spec.utils import bls def sign_block_header(spec, state, header, privkey): @@ -7,5 +7,5 @@ def sign_block_header(spec, state, header, privkey): domain_type=spec.DOMAIN_BEACON_PROPOSER, ) message = spec.compute_domain_wrapper_root(header, domain) - signature = Sign(privkey, message) + signature = bls.Sign(privkey, message) return spec.SignedBeaconBlockHeader(message=header, signature=signature) diff --git a/test_libs/pyspec/eth2spec/test/helpers/custody.py b/test_libs/pyspec/eth2spec/test/helpers/custody.py index 517cd9545..80b341526 100644 --- a/test_libs/pyspec/eth2spec/test/helpers/custody.py +++ b/test_libs/pyspec/eth2spec/test/helpers/custody.py @@ -1,5 +1,5 @@ from eth2spec.test.helpers.keys import privkeys -from eth2spec.utils.bls import Sign, Aggregate +from eth2spec.utils import bls from eth2spec.utils.hash_function import hash from eth2spec.utils.ssz.ssz_typing import Bitlist, ByteVector, Bitvector from eth2spec.utils.ssz.ssz_impl import chunkify, pack, hash_tree_root @@ -19,13 +19,13 @@ def get_valid_early_derived_secret_reveal(spec, state, epoch=None): # Generate the secret that is being revealed domain = spec.get_domain(state, spec.DOMAIN_RANDAO, epoch) message = spec.compute_domain_wrapper_root(spec.Epoch(epoch), domain) - reveal = Sign(privkeys[revealed_index], message) + reveal = bls.Sign(privkeys[revealed_index], message) # Generate the mask (any random 32 bytes that don't reveal the masker's secret will do) mask = hash(reveal) # Generate masker's signature on the mask message = spec.compute_domain_wrapper_root(mask, domain) - masker_signature = Sign(privkeys[masker_index], message) - masked_reveal = Aggregate([reveal, masker_signature]) + masker_signature = bls.Sign(privkeys[masker_index], message) + masked_reveal = bls.Aggregate([reveal, masker_signature]) return spec.EarlyDerivedSecretReveal( revealed_index=revealed_index, @@ -49,7 +49,7 @@ def get_valid_custody_key_reveal(spec, state, period=None): # Generate the secret that is being revealed domain = spec.get_domain(state, spec.DOMAIN_RANDAO, epoch_to_sign) message = spec.compute_domain_wrapper_root(spec.Epoch(epoch_to_sign), domain) - reveal = Sign(privkeys[revealer_index], message) + reveal = bls.Sign(privkeys[revealer_index], message) return spec.CustodyKeyReveal( revealer_index=revealer_index, reveal=reveal, @@ -75,7 +75,7 @@ def get_valid_bit_challenge(spec, state, attestation, invalid_custody_bit=False) # Generate the responder key domain = spec.get_domain(state, spec.DOMAIN_RANDAO, epoch) message = spec.compute_domain_wrapper_root(spec.compute_domain_wrapper_root, domain) - responder_key = Sign(privkeys[responder_index], message) + responder_key = bls.Sign(privkeys[responder_index], message) chunk_count = spec.get_custody_chunk_count(attestation.data.crosslink) diff --git a/test_libs/pyspec/eth2spec/test/helpers/deposits.py b/test_libs/pyspec/eth2spec/test/helpers/deposits.py index 90a3ac8f0..a307f524b 100644 --- a/test_libs/pyspec/eth2spec/test/helpers/deposits.py +++ b/test_libs/pyspec/eth2spec/test/helpers/deposits.py @@ -1,5 +1,5 @@ from eth2spec.test.helpers.keys import pubkeys, privkeys -from eth2spec.utils.bls import Sign +from eth2spec.utils import bls from eth2spec.utils.merkle_minimal import calc_merkle_tree_from_leaves, get_merkle_proof from eth2spec.utils.ssz.ssz_impl import hash_tree_root from eth2spec.utils.ssz.ssz_typing import List @@ -31,7 +31,7 @@ def sign_deposit_data(spec, deposit_data, privkey, state=None): withdrawal_credentials=deposit_data.withdrawal_credentials, amount=deposit_data.amount) message = spec.compute_domain_wrapper_root(deposit_message, domain) - deposit_data.signature = Sign(privkey, message) + deposit_data.signature = bls.Sign(privkey, message) def build_deposit(spec, diff --git a/test_libs/pyspec/eth2spec/test/helpers/phase1/attestations.py b/test_libs/pyspec/eth2spec/test/helpers/phase1/attestations.py index cbb6cde75..e521bd6c5 100644 --- a/test_libs/pyspec/eth2spec/test/helpers/phase1/attestations.py +++ b/test_libs/pyspec/eth2spec/test/helpers/phase1/attestations.py @@ -1,8 +1,5 @@ from eth2spec.test.helpers.keys import privkeys -from eth2spec.utils.bls import ( - Aggregate, - Sign, -) +from eth2spec.utils import bls def sign_shard_attestation(spec, beacon_state, shard_state, block, participants): @@ -24,10 +21,10 @@ def sign_shard_attestation(spec, beacon_state, shard_state, block, participants) privkey, ) ) - return Aggregate(signatures) + return bls.Aggregate(signatures) def get_attestation_signature(spec, beacon_state, shard_state, message_hash, block_epoch, privkey): domain = spec.get_domain(beacon_state, spec.DOMAIN_SHARD_ATTESTER, block_epoch) message = spec.compute_domain_wrapper(message_hash, domain) - return Sign(privkey, message) + return bls.Sign(privkey, message) diff --git a/test_libs/pyspec/eth2spec/test/helpers/phase1/shard_block.py b/test_libs/pyspec/eth2spec/test/helpers/phase1/shard_block.py index b0fe39209..f7275b88a 100644 --- a/test_libs/pyspec/eth2spec/test/helpers/phase1/shard_block.py +++ b/test_libs/pyspec/eth2spec/test/helpers/phase1/shard_block.py @@ -1,10 +1,8 @@ from copy import deepcopy from eth2spec.test.helpers.keys import privkeys -from eth2spec.utils.bls import ( - Sign, - only_with_bls, -) +from eth2spec.utils import bls +from eth2spec.utils.bls import only_with_bls from eth2spec.utils.ssz.ssz_impl import ( hash_tree_root, ) @@ -22,7 +20,7 @@ def sign_shard_block(spec, beacon_state, shard_state, block, proposer_index=None privkey = privkeys[proposer_index] domain = spec.get_domain(beacon_state, spec.DOMAIN_SHARD_PROPOSER, spec.compute_epoch_of_shard_slot(block.slot)) message = spec.compute_domain_wrapper(block, domain) - block.signature = Sign(privkey, message) + block.signature = bls.Sign(privkey, message) def build_empty_shard_block(spec, diff --git a/test_libs/pyspec/eth2spec/test/helpers/voluntary_exits.py b/test_libs/pyspec/eth2spec/test/helpers/voluntary_exits.py index 5c88f07e6..286f85e9f 100644 --- a/test_libs/pyspec/eth2spec/test/helpers/voluntary_exits.py +++ b/test_libs/pyspec/eth2spec/test/helpers/voluntary_exits.py @@ -1,4 +1,4 @@ -from eth2spec.utils.bls import Sign +from eth2spec.utils import bls def sign_voluntary_exit(spec, state, voluntary_exit, privkey): @@ -6,5 +6,5 @@ def sign_voluntary_exit(spec, state, voluntary_exit, privkey): message = spec.compute_domain_wrapper_root(voluntary_exit, domain) return spec.SignedVoluntaryExit( message=voluntary_exit, - signature=Sign(privkey, message) + signature=bls.Sign(privkey, message) ) diff --git a/test_libs/pyspec/eth2spec/test/sanity/test_blocks.py b/test_libs/pyspec/eth2spec/test/sanity/test_blocks.py index 8103f7be2..da89ef070 100644 --- a/test_libs/pyspec/eth2spec/test/sanity/test_blocks.py +++ b/test_libs/pyspec/eth2spec/test/sanity/test_blocks.py @@ -1,6 +1,6 @@ from copy import deepcopy -from eth2spec.utils.bls import Sign +from eth2spec.utils import bls from eth2spec.test.helpers.state import get_balance, state_transition_and_sign_block, next_slot from eth2spec.test.helpers.block import build_empty_block_for_next_slot, build_empty_block, sign_block, \ @@ -107,7 +107,7 @@ def test_invalid_block_sig(spec, state): message = spec.compute_domain_wrapper_root(block, domain) invalid_signed_block = spec.SignedBeaconBlock( message=block, - signature=Sign(123456, message) + signature=bls.Sign(123456, message) ) expect_assertion_error(lambda: spec.state_transition(state, invalid_signed_block)) @@ -416,7 +416,7 @@ def test_voluntary_exit(spec, state): message = spec.compute_domain_wrapper_root(voluntary_exit, domain) signed_voluntary_exit = spec.SignedVoluntaryExit( message=voluntary_exit, - signature=Sign(privkeys[validator_index], message) + signature=bls.Sign(privkeys[validator_index], message) ) # Add to state via block transition diff --git a/test_libs/pyspec/eth2spec/utils/bls.py b/test_libs/pyspec/eth2spec/utils/bls.py index 4b0ed6445..3cfc6121e 100644 --- a/test_libs/pyspec/eth2spec/utils/bls.py +++ b/test_libs/pyspec/eth2spec/utils/bls.py @@ -49,5 +49,5 @@ def Sign(SK, message): @only_with_bls(alt_return=STUB_COORDINATES) -def bls_signature_to_G2(signature): +def signature_to_G2(signature): return bls.api.signature_to_G2(signature) From 850d45dae0753d935a29d6fd153bb84468d55d5c Mon Sep 17 00:00:00 2001 From: Jacek Sieka Date: Thu, 19 Dec 2019 09:25:05 +0100 Subject: [PATCH 26/46] Allow empty lists in streamed responses It's possible that block request responses end up not containing any blocks, so we need a way to encode this. --- specs/networking/p2p-interface.md | 37 ++++++++++++++++++++++++------- 1 file changed, 29 insertions(+), 8 deletions(-) diff --git a/specs/networking/p2p-interface.md b/specs/networking/p2p-interface.md index 84539713d..948ed5ba9 100644 --- a/specs/networking/p2p-interface.md +++ b/specs/networking/p2p-interface.md @@ -92,6 +92,7 @@ It consists of four main sections: - [Why are messages length-prefixed with a protobuf varint in the SSZ-encoding?](#why-are-messages-length-prefixed-with-a-protobuf-varint-in-the-ssz-encoding) - [Why do we version protocol strings with ordinals instead of semver?](#why-do-we-version-protocol-strings-with-ordinals-instead-of-semver) - [Why is it called Req/Resp and not RPC?](#why-is-it-called-reqresp-and-not-rpc) + - [Why do we allow empty responses in block requests?](#why-do-we-allow-empty-responses-in-block-requests) - [Discovery](#discovery) - [Why are we using discv5 and not libp2p Kademlia DHT?](#why-are-we-using-discv5-and-not-libp2p-kademlia-dht) - [What is the difference between an ENR and a multiaddr, and why are we using ENRs?](#what-is-the-difference-between-an-enr-and-a-multiaddr-and-why-are-we-using-enrs) @@ -314,14 +315,14 @@ Request/response messages MUST adhere to the encoding specified in the protocol ``` request ::= | -response ::= + +response ::= * response_chunk ::= | | result ::= “0” | “1” | “2” | [“128” ... ”255”] ``` The encoding-dependent header may carry metadata or assertions such as the encoded payload length, for integrity and attack proofing purposes. Because req/resp streams are single-use and stream closures implicitly delimit the boundaries, it is not strictly necessary to length-prefix payloads; however, certain encodings like SSZ do, for added security. -A `response` is formed by one or more `response_chunk`s. The exact request determines whether a response consists of a single `response_chunk` or possibly many. Responses that consist of a single SSZ-list (such as `BlocksByRange` and `BlocksByRoot`) send each list item as a `response_chunk`. All other response types (non-Lists) send a single `response_chunk`. The encoded-payload of a `response_chunk` has a maximum uncompressed byte size of `MAX_CHUNK_SIZE`. +A `response` is formed by zero or more `response_chunk`s. Responses that consist of a single SSZ-list (such as `BlocksByRange` and `BlocksByRoot`) send each list item as a `response_chunk`. All other response types (non-Lists) send a single `response_chunk`. The encoded-payload of a `response_chunk` has a maximum uncompressed byte size of `MAX_CHUNK_SIZE`. Clients MUST ensure the each encoded payload of a `response_chunk` is less than or equal to `MAX_CHUNK_SIZE`; if not, they SHOULD reset the stream immediately. Clients tracking peer reputation MAY decrement the score of the misbehaving peer under this circumstance. @@ -344,7 +345,7 @@ The responder MUST: 1. Use the encoding strategy to read the optional header. 2. If there are any length assertions for length `N`, it should read exactly `N` bytes from the stream, at which point an EOF should arise (no more bytes). Should this not be the case, it should be treated as a failure. 3. Deserialize the expected type, and process the request. -4. Write the response which may consist of one or more `response_chunk`s (result, optional header, payload). +4. Write the response which may consist of zero or more `response_chunk`s (result, optional header, payload). 5. Close their write side of the stream. At this point, the stream will be fully closed. If steps (1), (2), or (3) fail due to invalid, malformed, or inconsistent data, the responder MUST respond in error. Clients tracking peer reputation MAY record such failures, as well as unexpected events, e.g. early stream resets. @@ -398,7 +399,7 @@ All messages that contain only a single field MUST be encoded directly as the ty Responses that are SSZ-lists (for example `[]SignedBeaconBlock`) send their constituents individually as `response_chunk`s. For example, the -`[]SignedBeaconBlock` response type sends one or more `response_chunk`s. Each _successful_ `response_chunk` contains a single `SignedBeaconBlock` payload. +`[]SignedBeaconBlock` response type sends zero or more `response_chunk`s. Each _successful_ `response_chunk` contains a single `SignedBeaconBlock` payload. ### Messages @@ -486,7 +487,7 @@ Requests count beacon blocks from the peer starting from `start_slot` on the cha The request MUST be encoded as an SSZ-container. -The response MUST consist of at least one `response_chunk` and MAY consist of many. Each _successful_ `response_chunk` MUST contain a single `SignedBeaconBlock` payload. +The response MUST consist of zero or more `response_chunk`. Each _successful_ `response_chunk` MUST contain a single `SignedBeaconBlock` payload. `BeaconBlocksByRange` is primarily used to sync historical blocks. @@ -494,7 +495,7 @@ Clients MUST support requesting blocks since the start of the weak subjectivity Clients MUST support `head_block_root` values since the latest finalized epoch. -Clients MUST respond with at least one block, if they have it. +Clients MUST respond with at least one block, if they have it and it exists in the range. Clients MAY limit the number of blocks in the response. Clients MUST order blocks by increasing slot number. @@ -524,11 +525,11 @@ Requests blocks by block root (= `hash_tree_root(SignedBeaconBlock.message)`). T The request MUST be encoded as an SSZ-field. -The response MUST consist of at least one `response_chunk` and MAY consist of many. Each _successful_ `response_chunk` MUST contain a single `SignedBeaconBlock` payload. +The response MUST consist of zero or more `response_chunk`. Each _successful_ `response_chunk` MUST contain a single `SignedBeaconBlock` payload. Clients MUST support requesting blocks since the latest finalized epoch. -Clients MUST respond with at least one block, if they have it. +Clients MUST respond with at least one block, if they have it. Clients MAY limit the number of blocks in the response. ## The discovery domain: discv5 @@ -827,6 +828,26 @@ For this reason, we remove and replace semver with ordinals that require explici Req/Resp is used to avoid confusion with JSON-RPC and similar user-client interaction mechanisms. +### Why do we allow empty responses in block requests? + +When requesting blocks by range or root, it may happen that there are no blocks in the selected range or the responding node does not have the requested blocks. + +Thus, it may happen that we need to transmit an empty list - there are several ways to encode this: + +0) Close the stream without sending any data +1) Add a `null` option to the `success` response, for example by introducing an additional byte +2) Respond with an error result, using a specific error code for "No data" + +Semantically, it is not an error that a block is missing during a slot making option 2 unnatural. + +Option 1 allows allows the responder to signal "no block", but this information may be wrong - for example in the case of a malicious node. + +Under option 0, there is no way for a client to distinguish between a slot without a block and an incomplete response, but given that it already must contain logic to handle the uncertainty of a malicious peer, option 0 was chosen. Clients should mark any slots missing blocks as unknown until they can be verified as not containing a block by successive blocks. + +Assuming option 0 with no special `null` encoding, consider a request for slots `2, 3, 4` - if there was no block produced at slot 4, the response would be `2, 3, EOF`. Now consider the same situation, but where only `4` is requested - closing the stream with only `EOF` (without any `response_chunk`) is consistent. + +Failing to provide blocks that nodes "should" have is reason to trust a peer less - for example, if a particular peer gossips a block, it should have access to its parent. If a request for the parent fails, it's indicative of poor peer quality since peers should validate blocks before gossiping them. + ## Discovery ### Why are we using discv5 and not libp2p Kademlia DHT? From 662a986d042164077fde259247ad99d2fc32e16c Mon Sep 17 00:00:00 2001 From: terence tsao Date: Wed, 25 Dec 2019 09:51:29 -0800 Subject: [PATCH 27/46] Update 0_fork-choice.md --- specs/core/0_fork-choice.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/specs/core/0_fork-choice.md b/specs/core/0_fork-choice.md index 34430d092..b286654af 100644 --- a/specs/core/0_fork-choice.md +++ b/specs/core/0_fork-choice.md @@ -196,7 +196,7 @@ def filter_block_tree(store: Store, block_root: Root, blocks: Dict[Root, BeaconB ```python def get_filtered_block_tree(store: Store) -> Dict[Root, BeaconBlock]: """ - Retrieve a filtered block true from ``store``, only returning branches + Retrieve a filtered block tree from ``store``, only returning branches whose leaf state's justified/finalized info agrees with that in ``store``. """ base = store.justified_checkpoint.root From 765176ec8ca1dda29a7534d44afb962eb3502fd7 Mon Sep 17 00:00:00 2001 From: Carl Beekhuizen Date: Fri, 27 Dec 2019 09:37:26 +0100 Subject: [PATCH 28/46] PySpec SSZ Bytes instantiated from hex --- scripts/build_spec.py | 2 -- specs/core/0_beacon-chain.md | 14 ++++++-------- specs/core/1_custody-game.md | 2 +- specs/core/1_shard-data-chains.md | 4 ++-- test_libs/pyspec/eth2spec/utils/ssz/ssz_typing.py | 7 ++++++- 5 files changed, 15 insertions(+), 14 deletions(-) diff --git a/scripts/build_spec.py b/scripts/build_spec.py index 67c9a547c..1a719cb29 100644 --- a/scripts/build_spec.py +++ b/scripts/build_spec.py @@ -163,8 +163,6 @@ def objects_to_spec(functions: Dict[str, str], del functions[k] functions_spec = '\n\n'.join(functions.values()) for k in list(constants.keys()): - if k.startswith('DOMAIN_'): - constants[k] = f"DomainType(({constants[k]}).to_bytes(length=4, byteorder='little'))" if k == "BLS12_381_Q": constants[k] += " # noqa: E501" constants_spec = '\n'.join(map(lambda x: '%s = %s' % (x, constants[x]), constants)) diff --git a/specs/core/0_beacon-chain.md b/specs/core/0_beacon-chain.md index 9c0b9fe66..0c9f49b74 100644 --- a/specs/core/0_beacon-chain.md +++ b/specs/core/0_beacon-chain.md @@ -199,7 +199,7 @@ The following values are (non-configurable) constants used throughout the specif | - | - | | `GENESIS_SLOT` | `Slot(0)` | | `GENESIS_EPOCH` | `Epoch(0)` | -| `BLS_WITHDRAWAL_PREFIX` | `Bytes1(b'\x00')` | +| `BLS_WITHDRAWAL_PREFIX` | `Bytes1('0x00')` | ### Time parameters @@ -249,15 +249,13 @@ The following values are (non-configurable) constants used throughout the specif ### Domain types -The following types are defined, mapping into `DomainType` (little endian): - | Name | Value | | - | - | -| `DOMAIN_BEACON_PROPOSER` | `0` | -| `DOMAIN_BEACON_ATTESTER` | `1` | -| `DOMAIN_RANDAO` | `2` | -| `DOMAIN_DEPOSIT` | `3` | -| `DOMAIN_VOLUNTARY_EXIT` | `4` | +| `DOMAIN_BEACON_PROPOSER` | `Bytes4('0x00000000')` | +| `DOMAIN_BEACON_ATTESTER` | `Bytes4('0x01000000')` | +| `DOMAIN_RANDAO` | `Bytes4('0x02000000')` | +| `DOMAIN_DEPOSIT` | `Bytes4('0x03000000')` | +| `DOMAIN_VOLUNTARY_EXIT` | `Bytes4('0x04000000')` | ## Containers diff --git a/specs/core/1_custody-game.md b/specs/core/1_custody-game.md index 017e2a22a..829c68ac1 100644 --- a/specs/core/1_custody-game.md +++ b/specs/core/1_custody-game.md @@ -131,7 +131,7 @@ The following types are defined, mapping into `DomainType` (little endian): | Name | Value | | - | - | -| `DOMAIN_CUSTODY_BIT_CHALLENGE` | `6` | +| `DOMAIN_CUSTODY_BIT_CHALLENGE` | `Bytes4('0x06000000')` | ### TODO PLACEHOLDER diff --git a/specs/core/1_shard-data-chains.md b/specs/core/1_shard-data-chains.md index d5964fe7d..408c9b2a8 100644 --- a/specs/core/1_shard-data-chains.md +++ b/specs/core/1_shard-data-chains.md @@ -101,8 +101,8 @@ This document describes the shard transition function (data layer only) and the | Name | Value | | - | - | -| `DOMAIN_SHARD_PROPOSER` | `128` | -| `DOMAIN_SHARD_ATTESTER` | `129` | +| `DOMAIN_SHARD_PROPOSER` | `Bytes4('0x80000000')` | +| `DOMAIN_SHARD_ATTESTER` | `Bytes4('0x81000000')` | ## Containers diff --git a/test_libs/pyspec/eth2spec/utils/ssz/ssz_typing.py b/test_libs/pyspec/eth2spec/utils/ssz/ssz_typing.py index 4bda43360..4ddff1b5e 100644 --- a/test_libs/pyspec/eth2spec/utils/ssz/ssz_typing.py +++ b/test_libs/pyspec/eth2spec/utils/ssz/ssz_typing.py @@ -451,10 +451,15 @@ class BaseBytes(bytes, Elements, metaclass=BytesType): @classmethod def extract_args(cls, *args): x = args - if len(x) == 1 and isinstance(x[0], (GeneratorType, bytes)): + if len(x) == 1 and isinstance(x[0], (GeneratorType, bytes, str)): x = x[0] if isinstance(x, bytes): # Includes BytesLike return x + if isinstance(x, str): + if x[:2] == '0x': + return bytes.fromhex(x[2:]) + else: + return bytes.fromhex(x) else: return bytes(x) # E.g. GeneratorType put into bytes. From e70863ca936a63b792f690d951eb757576f872cf Mon Sep 17 00:00:00 2001 From: Carl Beekhuizen Date: Mon, 30 Dec 2019 06:52:00 +0100 Subject: [PATCH 29/46] Bytes4 -> DomainType --- specs/core/0_beacon-chain.md | 10 +++++----- specs/core/1_custody-game.md | 2 +- specs/core/1_shard-data-chains.md | 4 ++-- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/specs/core/0_beacon-chain.md b/specs/core/0_beacon-chain.md index 0c9f49b74..647d1c9bd 100644 --- a/specs/core/0_beacon-chain.md +++ b/specs/core/0_beacon-chain.md @@ -251,11 +251,11 @@ The following values are (non-configurable) constants used throughout the specif | Name | Value | | - | - | -| `DOMAIN_BEACON_PROPOSER` | `Bytes4('0x00000000')` | -| `DOMAIN_BEACON_ATTESTER` | `Bytes4('0x01000000')` | -| `DOMAIN_RANDAO` | `Bytes4('0x02000000')` | -| `DOMAIN_DEPOSIT` | `Bytes4('0x03000000')` | -| `DOMAIN_VOLUNTARY_EXIT` | `Bytes4('0x04000000')` | +| `DOMAIN_BEACON_PROPOSER` | `DomainType('0x00000000')` | +| `DOMAIN_BEACON_ATTESTER` | `DomainType('0x01000000')` | +| `DOMAIN_RANDAO` | `DomainType('0x02000000')` | +| `DOMAIN_DEPOSIT` | `DomainType('0x03000000')` | +| `DOMAIN_VOLUNTARY_EXIT` | `DomainType('0x04000000')` | ## Containers diff --git a/specs/core/1_custody-game.md b/specs/core/1_custody-game.md index 829c68ac1..b1f61de2f 100644 --- a/specs/core/1_custody-game.md +++ b/specs/core/1_custody-game.md @@ -131,7 +131,7 @@ The following types are defined, mapping into `DomainType` (little endian): | Name | Value | | - | - | -| `DOMAIN_CUSTODY_BIT_CHALLENGE` | `Bytes4('0x06000000')` | +| `DOMAIN_CUSTODY_BIT_CHALLENGE` | `DomainType('0x06000000')` | ### TODO PLACEHOLDER diff --git a/specs/core/1_shard-data-chains.md b/specs/core/1_shard-data-chains.md index 408c9b2a8..93570dbee 100644 --- a/specs/core/1_shard-data-chains.md +++ b/specs/core/1_shard-data-chains.md @@ -101,8 +101,8 @@ This document describes the shard transition function (data layer only) and the | Name | Value | | - | - | -| `DOMAIN_SHARD_PROPOSER` | `Bytes4('0x80000000')` | -| `DOMAIN_SHARD_ATTESTER` | `Bytes4('0x81000000')` | +| `DOMAIN_SHARD_PROPOSER` | `DomainType('0x80000000')` | +| `DOMAIN_SHARD_ATTESTER` | `DomainType('0x81000000')` | ## Containers From 51bcb29e2820f3e4477f693506569905f92d55f8 Mon Sep 17 00:00:00 2001 From: Carl Beekhuizen Date: Fri, 3 Jan 2020 07:46:27 +0100 Subject: [PATCH 30/46] 'DomainWrapper' -> 'SigningRoot' --- specs/core/0_beacon-chain.md | 38 +++++++++---------- specs/core/1_custody-game.md | 8 ++-- specs/core/1_shard-data-chains.md | 4 +- specs/light_client/sync_protocol.md | 2 +- specs/validator/0_beacon-chain-validator.md | 10 ++--- .../eth2spec/test/helpers/attestations.py | 2 +- .../pyspec/eth2spec/test/helpers/block.py | 4 +- .../eth2spec/test/helpers/block_header.py | 2 +- .../pyspec/eth2spec/test/helpers/custody.py | 8 ++-- .../pyspec/eth2spec/test/helpers/deposits.py | 2 +- .../test/helpers/phase1/attestations.py | 2 +- .../test/helpers/phase1/shard_block.py | 2 +- .../eth2spec/test/helpers/voluntary_exits.py | 2 +- .../eth2spec/test/sanity/test_blocks.py | 4 +- 14 files changed, 45 insertions(+), 45 deletions(-) diff --git a/specs/core/0_beacon-chain.md b/specs/core/0_beacon-chain.md index 090738bc0..681d4b92b 100644 --- a/specs/core/0_beacon-chain.md +++ b/specs/core/0_beacon-chain.md @@ -34,7 +34,7 @@ - [`DepositMessage`](#depositmessage) - [`DepositData`](#depositdata) - [`BeaconBlockHeader`](#beaconblockheader) - - [`DomainWrapper`](#domainwrapper) + - [`SigningRoot`](#signingroot) - [Beacon operations](#beacon-operations) - [`ProposerSlashing`](#proposerslashing) - [`AttesterSlashing`](#attesterslashing) @@ -76,7 +76,7 @@ - [`compute_start_slot_at_epoch`](#compute_start_slot_at_epoch) - [`compute_activation_exit_epoch`](#compute_activation_exit_epoch) - [`compute_domain`](#compute_domain) - - [`compute_domain_wrapper_root`](#compute_domain_wrapper_root) + - [`compute_signing_root`](#compute_signing_root) - [Beacon state accessors](#beacon-state-accessors) - [`get_current_epoch`](#get_current_epoch) - [`get_previous_epoch`](#get_previous_epoch) @@ -378,11 +378,11 @@ class BeaconBlockHeader(Container): body_root: Root ``` -#### `DomainWrapper` +#### `SigningRoot` ```python -class DomainWrapper(Container): - root: Root +class SigningRoot(Container): + object_root: Root domain: Domain ``` @@ -586,10 +586,10 @@ def bytes_to_int(data: bytes) -> uint64: Eth2 makes use of BLS signatures as specified in the [IETF draft BLS specification](https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-00). Specifically, eth2 uses the `BLS_SIG_BLS12381G2-SHA256-SSWU-RO-_POP_` ciphersuite which implements the following interfaces: -* `def Sign(SK: int, message: Bytes) -> BLSSignature` -* `def Verify(PK: BLSPubkey, message: Bytes, signature: BLSSignature) -> bool` -* `def Aggregate(signatures: Sequence[BLSSignature]) -> BLSSignature` -* `def FastAggregateVerify(PKs: Sequence[BLSSignature], message: Bytes, signature: BLSSignature) -> bool` +- `def Sign(SK: int, message: Bytes) -> BLSSignature` +- `def Verify(PK: BLSPubkey, message: Bytes, signature: BLSSignature) -> bool` +- `def Aggregate(signatures: Sequence[BLSSignature]) -> BLSSignature` +- `def FastAggregateVerify(PKs: Sequence[BLSSignature], message: Bytes, signature: BLSSignature) -> bool` Within these specifications, BLS signatures are treated as a module for notational clarity, thus to verify a signature `bls.Verify(...)` is used. @@ -676,7 +676,7 @@ def is_valid_indexed_attestation(state: BeaconState, indexed_attestation: Indexe # Verify aggregate signature pubkeys = [state.validators[i].pubkey for i in indices] domain = get_domain(state, DOMAIN_BEACON_ATTESTER, indexed_attestation.data.target.epoch) - message = compute_domain_wrapper_root(indexed_attestation.data, domain) + message = compute_signing_root(indexed_attestation.data, domain) return bls.FastAggregateVerify(pubkeys, message, indexed_attestation.signature) ``` @@ -795,12 +795,12 @@ def compute_domain(domain_type: DomainType, fork_version: Version=Version()) -> return Domain(domain_type + fork_version) ``` -### `compute_domain_wrapper_root` +### `compute_signing_root` ```python -def compute_domain_wrapper_root(ssz_object: SSZObject, domain: Domain) -> Root: - domain_wrapped_object = DomainWrapper( - root=hash_tree_root(ssz_object), +def compute_signing_root(ssz_object: SSZObject, domain: Domain) -> Root: + domain_wrapped_object = SigningRoot( + object_root=hash_tree_root(ssz_object), domain=domain, ) return hash_tree_root(domain_wrapped_object) @@ -1148,7 +1148,7 @@ def state_transition(state: BeaconState, signed_block: SignedBeaconBlock, valida ```python def verify_block_signature(state: BeaconState, signed_block: SignedBeaconBlock) -> bool: proposer = state.validators[get_beacon_proposer_index(state)] - message = compute_domain_wrapper_root(signed_block.message, get_domain(state, DOMAIN_BEACON_PROPOSER)) + message = compute_signing_root(signed_block.message, get_domain(state, DOMAIN_BEACON_PROPOSER)) return bls.Verify(proposer.pubkey, message, signed_block.signature) ``` @@ -1448,7 +1448,7 @@ def process_randao(state: BeaconState, body: BeaconBlockBody) -> None: epoch = get_current_epoch(state) # Verify RANDAO reveal proposer = state.validators[get_beacon_proposer_index(state)] - message = compute_domain_wrapper_root(epoch, get_domain(state, DOMAIN_RANDAO)) + message = compute_signing_root(epoch, get_domain(state, DOMAIN_RANDAO)) assert bls.Verify(proposer.pubkey, message, body.randao_reveal) # Mix in RANDAO reveal mix = xor(get_randao_mix(state, epoch), hash(body.randao_reveal)) @@ -1497,7 +1497,7 @@ def process_proposer_slashing(state: BeaconState, proposer_slashing: ProposerSla # Signatures are valid for signed_header in (proposer_slashing.signed_header_1, proposer_slashing.signed_header_2): domain = get_domain(state, DOMAIN_BEACON_PROPOSER, compute_epoch_at_slot(signed_header.message.slot)) - message = compute_domain_wrapper_root(signed_header.message, domain) + message = compute_signing_root(signed_header.message, domain) assert bls.Verify(proposer.pubkey, message, signed_header.signature) slash_validator(state, proposer_slashing.proposer_index) @@ -1580,7 +1580,7 @@ def process_deposit(state: BeaconState, deposit: Deposit) -> None: pubkey=deposit.data.pubkey, withdrawal_credentials=deposit.data.withdrawal_credentials, amount=deposit.data.amount) - message = compute_domain_wrapper_root(deposit_message, compute_domain(DOMAIN_DEPOSIT)) + message = compute_signing_root(deposit_message, compute_domain(DOMAIN_DEPOSIT)) if not bls.Verify(pubkey, message, deposit.data.signature): return @@ -1617,7 +1617,7 @@ def process_voluntary_exit(state: BeaconState, signed_voluntary_exit: SignedVolu assert get_current_epoch(state) >= validator.activation_epoch + PERSISTENT_COMMITTEE_PERIOD # Verify signature domain = get_domain(state, DOMAIN_VOLUNTARY_EXIT, voluntary_exit.epoch) - message = compute_domain_wrapper_root(voluntary_exit, domain) + message = compute_signing_root(voluntary_exit, domain) assert bls.Verify(validator.pubkey, message, signed_voluntary_exit.signature) # Initiate exit initiate_validator_exit(state, voluntary_exit.validator_index) diff --git a/specs/core/1_custody-game.md b/specs/core/1_custody-game.md index a87ac17f1..273f27455 100644 --- a/specs/core/1_custody-game.md +++ b/specs/core/1_custody-game.md @@ -430,7 +430,7 @@ def process_custody_key_reveal(state: BeaconState, reveal: CustodyKeyReveal) -> # Verify signature domain = get_domain(state, DOMAIN_RANDAO, epoch_to_sign) - message = compute_domain_wrapper_root(epoch_to_sign, domain) + message = compute_signing_root(epoch_to_sign, domain) assert bls.Verify(revealer.pubkey, message, reveal.reveal) # Decrement max reveal lateness if response is timely @@ -482,7 +482,7 @@ def process_early_derived_secret_reveal(state: BeaconState, reveal: EarlyDerived pubkeys = [revealed_validator.pubkey, masker.pubkey] domain = get_domain(state, DOMAIN_RANDAO, reveal.epoch) - messages = [compute_domain_wrapper_root(message, domain) + messages = [compute_signing_root(message, domain) for message in [hash_tree_root(reveal.epoch), reveal.mask]] assert bls.AggregateVerify(pubkeys, messages, reveal.reveal) @@ -582,7 +582,7 @@ def process_bit_challenge(state: BeaconState, challenge: CustodyBitChallenge) -> challenger = state.validators[challenge.challenger_index] domain = get_domain(state, DOMAIN_CUSTODY_BIT_CHALLENGE, get_current_epoch(state)) # TODO incorrect hash-tree-root, but this changes with phase 1 PR #1483 - assert bls.Verify(challenger.pubkey, compute_domain_wrapper_root(challenge, domain), challenge.signature) + assert bls.Verify(challenger.pubkey, compute_signing_root(challenge, domain), challenge.signature) # Verify challenger is slashable assert is_slashable_validator(challenger, get_current_epoch(state)) # Verify attestation @@ -606,7 +606,7 @@ def process_bit_challenge(state: BeaconState, challenge: CustodyBitChallenge) -> challenge.responder_index, ) domain = get_domain(state, DOMAIN_RANDAO, epoch_to_sign) - assert bls.Verify(responder.pubkey, compute_domain_wrapper_root(epoch_to_sign, domain), challenge.responder_key) + assert bls.Verify(responder.pubkey, compute_signing_root(epoch_to_sign, domain), challenge.responder_key) # Verify the chunk count chunk_count = get_custody_chunk_count(attestation.data.crosslink) assert chunk_count == len(challenge.chunk_bits) diff --git a/specs/core/1_shard-data-chains.md b/specs/core/1_shard-data-chains.md index bae1d2a80..765655f74 100644 --- a/specs/core/1_shard-data-chains.md +++ b/specs/core/1_shard-data-chains.md @@ -386,7 +386,7 @@ def process_shard_block_header(beacon_state: BeaconState, shard_state: ShardStat assert not proposer.slashed # Verify proposer signature domain = get_domain(beacon_state, DOMAIN_SHARD_PROPOSER, compute_epoch_of_shard_slot(block.slot)) - assert bls.Verify(proposer.pubkey, compute_domain_wrapper_root(block, domain), block.signature) + assert bls.Verify(proposer.pubkey, compute_signing_root(block, domain), block.signature) ``` #### Attestations @@ -407,7 +407,7 @@ def process_shard_attestations(beacon_state: BeaconState, shard_state: ShardStat # Verify attester aggregate signature domain = get_domain(beacon_state, DOMAIN_SHARD_ATTESTER, compute_epoch_of_shard_slot(block.slot)) shard_attestation_data = ShardAttestationData(slot=shard_state.slot, parent_root=block.parent_root) - message = compute_domain_wrapper_root(shard_attestation_data, domain) + message = compute_signing_root(shard_attestation_data, domain) assert bls.FastAggregateVerify(pubkeys, message, block.attestations) # Proposer micro-reward proposer_index = get_shard_proposer_index(beacon_state, shard_state.shard, block.slot) diff --git a/specs/light_client/sync_protocol.md b/specs/light_client/sync_protocol.md index de4f0be7c..744f87ea5 100644 --- a/specs/light_client/sync_protocol.md +++ b/specs/light_client/sync_protocol.md @@ -137,7 +137,7 @@ def update_memory(memory: LightClientMemory, update: LightClientUpdate) -> None: # Verify shard attestations pubkeys = filter(lambda i: update.aggregation_bits[i], pubkeys) domain = compute_domain(DOMAIN_SHARD_ATTESTER, update.fork_version) - message = compute_domain_wrapper_root(update.shard_block_root, domain) + message = compute_signing_root(update.shard_block_root, domain) assert bls.FastAggregateVerify(pubkeys, message, update.signature) # Update period committees if entering a new period diff --git a/specs/validator/0_beacon-chain-validator.md b/specs/validator/0_beacon-chain-validator.md index d6366f920..ec7097617 100644 --- a/specs/validator/0_beacon-chain-validator.md +++ b/specs/validator/0_beacon-chain-validator.md @@ -117,7 +117,7 @@ To submit a deposit: - Set `deposit_data.withdrawal_credentials` to `withdrawal_credentials`. - Set `deposit_data.amount` to `amount`. - Let `deposit_message` be a `DepositMessage` with all the `DepositData` contents except the `signature`. -- Let `signature` be the result of `Sign` of the `compute_domain_wrapper_root(deposit_message, domain)` with `domain=compute_domain(DOMAIN_DEPOSIT)`. (Deposits are valid regardless of fork version, `compute_domain` will default to zeroes there). +- Let `signature` be the result of `Sign` of the `compute_signing_root(deposit_message, domain)` with `domain=compute_domain(DOMAIN_DEPOSIT)`. (Deposits are valid regardless of fork version, `compute_domain` will default to zeroes there). - Let `deposit_data_root` be `hash_tree_root(deposit_data)`. - Send a transaction on the Ethereum 1.0 chain to `DEPOSIT_CONTRACT_ADDRESS` executing `def deposit(pubkey: bytes[48], withdrawal_credentials: bytes[32], signature: bytes[96], deposit_data_root: bytes32)` along with a deposit of `amount` Gwei. @@ -234,7 +234,7 @@ Set `block.body.randao_reveal = epoch_signature` where `epoch_signature` is obta ```python def get_epoch_signature(state: BeaconState, block: BeaconBlock, privkey: int) -> BLSSignature: domain = get_domain(state, DOMAIN_RANDAO, compute_epoch_at_slot(block.slot)) - message = compute_domain_wrapper_root(compute_epoch_at_slot(block.slot), domain) + message = compute_signing_root(compute_epoch_at_slot(block.slot), domain) return bls.Sign(privkey, message) ``` @@ -312,7 +312,7 @@ def compute_new_state_root(state: BeaconState, block: BeaconBlock) -> Root: ```python def get_block_signature(state: BeaconState, header: BeaconBlockHeader, privkey: int) -> BLSSignature: domain = get_domain(state, DOMAIN_BEACON_PROPOSER, compute_epoch_at_slot(header.slot)) - message = compute_domain_wrapper_root(header, domain) + message = compute_signing_root(header, domain) return bls.Sign(privkey, message) ``` @@ -371,7 +371,7 @@ Set `attestation.signature = signed_attestation_data` where `signed_attestation_ ```python def get_signed_attestation_data(state: BeaconState, attestation: IndexedAttestation, privkey: int) -> BLSSignature: domain = get_domain(state, DOMAIN_BEACON_ATTESTER, attestation.data.target.epoch) - message = compute_domain_wrapper_root(attestation.data, domain) + message = compute_signing_root(attestation.data, domain) return bls.Sign(privkey, message) ``` @@ -390,7 +390,7 @@ A validator is selected to aggregate based upon the return value of `is_aggregat ```python def get_slot_signature(state: BeaconState, slot: Slot, privkey: int) -> BLSSignature: domain = get_domain(state, DOMAIN_BEACON_ATTESTER, compute_epoch_at_slot(slot)) - message = compute_domain_wrapper_root(slot, domain) + message = compute_signing_root(slot, domain) return bls.Sign(privkey, message) ``` diff --git a/test_libs/pyspec/eth2spec/test/helpers/attestations.py b/test_libs/pyspec/eth2spec/test/helpers/attestations.py index 1082b7045..52479fd75 100644 --- a/test_libs/pyspec/eth2spec/test/helpers/attestations.py +++ b/test_libs/pyspec/eth2spec/test/helpers/attestations.py @@ -97,7 +97,7 @@ def sign_attestation(spec, state, attestation): def get_attestation_signature(spec, state, attestation_data, privkey): domain = spec.get_domain(state, spec.DOMAIN_BEACON_ATTESTER, attestation_data.target.epoch) - message = spec.compute_domain_wrapper_root(attestation_data, domain) + message = spec.compute_signing_root(attestation_data, domain) return bls.Sign(privkey, message) diff --git a/test_libs/pyspec/eth2spec/test/helpers/block.py b/test_libs/pyspec/eth2spec/test/helpers/block.py index 13669049f..9b2cc5d03 100644 --- a/test_libs/pyspec/eth2spec/test/helpers/block.py +++ b/test_libs/pyspec/eth2spec/test/helpers/block.py @@ -30,7 +30,7 @@ def apply_randao_reveal(spec, state, block, proposer_index=None): privkey = privkeys[proposer_index] domain = spec.get_domain(state, spec.DOMAIN_RANDAO, spec.compute_epoch_at_slot(block.slot)) - message = spec.compute_domain_wrapper_root(spec.compute_epoch_at_slot(block.slot), domain) + message = spec.compute_signing_root(spec.compute_epoch_at_slot(block.slot), domain) block.body.randao_reveal = bls.Sign(privkey, message) @@ -42,7 +42,7 @@ def apply_sig(spec, state, signed_block, proposer_index=None): proposer_index = get_proposer_index_maybe(spec, state, block.slot, proposer_index) privkey = privkeys[proposer_index] domain = spec.get_domain(state, spec.DOMAIN_BEACON_PROPOSER, spec.compute_epoch_at_slot(block.slot)) - message = spec.compute_domain_wrapper_root(block, domain) + message = spec.compute_signing_root(block, domain) signed_block.signature = bls.Sign(privkey, message) diff --git a/test_libs/pyspec/eth2spec/test/helpers/block_header.py b/test_libs/pyspec/eth2spec/test/helpers/block_header.py index 4f9f88644..bb5fe692f 100644 --- a/test_libs/pyspec/eth2spec/test/helpers/block_header.py +++ b/test_libs/pyspec/eth2spec/test/helpers/block_header.py @@ -6,6 +6,6 @@ def sign_block_header(spec, state, header, privkey): state=state, domain_type=spec.DOMAIN_BEACON_PROPOSER, ) - message = spec.compute_domain_wrapper_root(header, domain) + message = spec.compute_signing_root(header, domain) signature = bls.Sign(privkey, message) return spec.SignedBeaconBlockHeader(message=header, signature=signature) diff --git a/test_libs/pyspec/eth2spec/test/helpers/custody.py b/test_libs/pyspec/eth2spec/test/helpers/custody.py index 80b341526..f75cb9607 100644 --- a/test_libs/pyspec/eth2spec/test/helpers/custody.py +++ b/test_libs/pyspec/eth2spec/test/helpers/custody.py @@ -18,12 +18,12 @@ def get_valid_early_derived_secret_reveal(spec, state, epoch=None): # Generate the secret that is being revealed domain = spec.get_domain(state, spec.DOMAIN_RANDAO, epoch) - message = spec.compute_domain_wrapper_root(spec.Epoch(epoch), domain) + message = spec.compute_signing_root(spec.Epoch(epoch), domain) reveal = bls.Sign(privkeys[revealed_index], message) # Generate the mask (any random 32 bytes that don't reveal the masker's secret will do) mask = hash(reveal) # Generate masker's signature on the mask - message = spec.compute_domain_wrapper_root(mask, domain) + message = spec.compute_signing_root(mask, domain) masker_signature = bls.Sign(privkeys[masker_index], message) masked_reveal = bls.Aggregate([reveal, masker_signature]) @@ -48,7 +48,7 @@ def get_valid_custody_key_reveal(spec, state, period=None): # Generate the secret that is being revealed domain = spec.get_domain(state, spec.DOMAIN_RANDAO, epoch_to_sign) - message = spec.compute_domain_wrapper_root(spec.Epoch(epoch_to_sign), domain) + message = spec.compute_signing_root(spec.Epoch(epoch_to_sign), domain) reveal = bls.Sign(privkeys[revealer_index], message) return spec.CustodyKeyReveal( revealer_index=revealer_index, @@ -74,7 +74,7 @@ def get_valid_bit_challenge(spec, state, attestation, invalid_custody_bit=False) # Generate the responder key domain = spec.get_domain(state, spec.DOMAIN_RANDAO, epoch) - message = spec.compute_domain_wrapper_root(spec.compute_domain_wrapper_root, domain) + message = spec.compute_signing_root(spec.compute_signing_root, domain) responder_key = bls.Sign(privkeys[responder_index], message) chunk_count = spec.get_custody_chunk_count(attestation.data.crosslink) diff --git a/test_libs/pyspec/eth2spec/test/helpers/deposits.py b/test_libs/pyspec/eth2spec/test/helpers/deposits.py index a307f524b..720704576 100644 --- a/test_libs/pyspec/eth2spec/test/helpers/deposits.py +++ b/test_libs/pyspec/eth2spec/test/helpers/deposits.py @@ -30,7 +30,7 @@ def sign_deposit_data(spec, deposit_data, privkey, state=None): pubkey=deposit_data.pubkey, withdrawal_credentials=deposit_data.withdrawal_credentials, amount=deposit_data.amount) - message = spec.compute_domain_wrapper_root(deposit_message, domain) + message = spec.compute_signing_root(deposit_message, domain) deposit_data.signature = bls.Sign(privkey, message) diff --git a/test_libs/pyspec/eth2spec/test/helpers/phase1/attestations.py b/test_libs/pyspec/eth2spec/test/helpers/phase1/attestations.py index e521bd6c5..7947ba811 100644 --- a/test_libs/pyspec/eth2spec/test/helpers/phase1/attestations.py +++ b/test_libs/pyspec/eth2spec/test/helpers/phase1/attestations.py @@ -26,5 +26,5 @@ def sign_shard_attestation(spec, beacon_state, shard_state, block, participants) def get_attestation_signature(spec, beacon_state, shard_state, message_hash, block_epoch, privkey): domain = spec.get_domain(beacon_state, spec.DOMAIN_SHARD_ATTESTER, block_epoch) - message = spec.compute_domain_wrapper(message_hash, domain) + message = spec.compute_signing_root(message_hash, domain) return bls.Sign(privkey, message) diff --git a/test_libs/pyspec/eth2spec/test/helpers/phase1/shard_block.py b/test_libs/pyspec/eth2spec/test/helpers/phase1/shard_block.py index f7275b88a..a72a50649 100644 --- a/test_libs/pyspec/eth2spec/test/helpers/phase1/shard_block.py +++ b/test_libs/pyspec/eth2spec/test/helpers/phase1/shard_block.py @@ -19,7 +19,7 @@ def sign_shard_block(spec, beacon_state, shard_state, block, proposer_index=None privkey = privkeys[proposer_index] domain = spec.get_domain(beacon_state, spec.DOMAIN_SHARD_PROPOSER, spec.compute_epoch_of_shard_slot(block.slot)) - message = spec.compute_domain_wrapper(block, domain) + message = spec.compute_signing_root(block, domain) block.signature = bls.Sign(privkey, message) diff --git a/test_libs/pyspec/eth2spec/test/helpers/voluntary_exits.py b/test_libs/pyspec/eth2spec/test/helpers/voluntary_exits.py index 286f85e9f..f186f1533 100644 --- a/test_libs/pyspec/eth2spec/test/helpers/voluntary_exits.py +++ b/test_libs/pyspec/eth2spec/test/helpers/voluntary_exits.py @@ -3,7 +3,7 @@ from eth2spec.utils import bls def sign_voluntary_exit(spec, state, voluntary_exit, privkey): domain = spec.get_domain(state, spec.DOMAIN_VOLUNTARY_EXIT, voluntary_exit.epoch) - message = spec.compute_domain_wrapper_root(voluntary_exit, domain) + message = spec.compute_signing_root(voluntary_exit, domain) return spec.SignedVoluntaryExit( message=voluntary_exit, signature=bls.Sign(privkey, message) diff --git a/test_libs/pyspec/eth2spec/test/sanity/test_blocks.py b/test_libs/pyspec/eth2spec/test/sanity/test_blocks.py index 5a7f654cf..ae02d8c1a 100644 --- a/test_libs/pyspec/eth2spec/test/sanity/test_blocks.py +++ b/test_libs/pyspec/eth2spec/test/sanity/test_blocks.py @@ -108,7 +108,7 @@ def test_invalid_block_sig(spec, state): block = build_empty_block_for_next_slot(spec, state) domain = spec.get_domain(state, spec.DOMAIN_BEACON_PROPOSER, spec.compute_epoch_at_slot(block.slot)) - message = spec.compute_domain_wrapper_root(block, domain) + message = spec.compute_signing_root(block, domain) invalid_signed_block = spec.SignedBeaconBlock( message=block, signature=bls.Sign(123456, message) @@ -417,7 +417,7 @@ def test_voluntary_exit(spec, state): validator_index=validator_index, ) domain = spec.get_domain(state, spec.DOMAIN_VOLUNTARY_EXIT) - message = spec.compute_domain_wrapper_root(voluntary_exit, domain) + message = spec.compute_signing_root(voluntary_exit, domain) signed_voluntary_exit = spec.SignedVoluntaryExit( message=voluntary_exit, signature=bls.Sign(privkeys[validator_index], message) From 8580ec33f286895f4d30b56b7377e268e8f1260c Mon Sep 17 00:00:00 2001 From: Carl Beekhuizen Date: Fri, 3 Jan 2020 08:18:34 +0100 Subject: [PATCH 31/46] 'message' -> 'signing_root' --- specs/core/0_beacon-chain.md | 24 ++++++++++----------- specs/core/1_custody-game.md | 4 ++-- specs/core/1_shard-data-chains.md | 4 ++-- specs/light_client/sync_protocol.md | 4 ++-- specs/validator/0_beacon-chain-validator.md | 16 +++++++------- 5 files changed, 26 insertions(+), 26 deletions(-) diff --git a/specs/core/0_beacon-chain.md b/specs/core/0_beacon-chain.md index 681d4b92b..4ba4a91bf 100644 --- a/specs/core/0_beacon-chain.md +++ b/specs/core/0_beacon-chain.md @@ -676,8 +676,8 @@ def is_valid_indexed_attestation(state: BeaconState, indexed_attestation: Indexe # Verify aggregate signature pubkeys = [state.validators[i].pubkey for i in indices] domain = get_domain(state, DOMAIN_BEACON_ATTESTER, indexed_attestation.data.target.epoch) - message = compute_signing_root(indexed_attestation.data, domain) - return bls.FastAggregateVerify(pubkeys, message, indexed_attestation.signature) + signing_root = compute_signing_root(indexed_attestation.data, domain) + return bls.FastAggregateVerify(pubkeys, signing_root, indexed_attestation.signature) ``` #### `is_valid_merkle_branch` @@ -1148,8 +1148,8 @@ def state_transition(state: BeaconState, signed_block: SignedBeaconBlock, valida ```python def verify_block_signature(state: BeaconState, signed_block: SignedBeaconBlock) -> bool: proposer = state.validators[get_beacon_proposer_index(state)] - message = compute_signing_root(signed_block.message, get_domain(state, DOMAIN_BEACON_PROPOSER)) - return bls.Verify(proposer.pubkey, message, signed_block.signature) + signing_root = compute_signing_root(signed_block.message, get_domain(state, DOMAIN_BEACON_PROPOSER)) + return bls.Verify(proposer.pubkey, signing_root, signed_block.signature) ``` ```python @@ -1448,8 +1448,8 @@ def process_randao(state: BeaconState, body: BeaconBlockBody) -> None: epoch = get_current_epoch(state) # Verify RANDAO reveal proposer = state.validators[get_beacon_proposer_index(state)] - message = compute_signing_root(epoch, get_domain(state, DOMAIN_RANDAO)) - assert bls.Verify(proposer.pubkey, message, body.randao_reveal) + signing_root = compute_signing_root(epoch, get_domain(state, DOMAIN_RANDAO)) + assert bls.Verify(proposer.pubkey, signing_root, body.randao_reveal) # Mix in RANDAO reveal mix = xor(get_randao_mix(state, epoch), hash(body.randao_reveal)) state.randao_mixes[epoch % EPOCHS_PER_HISTORICAL_VECTOR] = mix @@ -1497,8 +1497,8 @@ def process_proposer_slashing(state: BeaconState, proposer_slashing: ProposerSla # Signatures are valid for signed_header in (proposer_slashing.signed_header_1, proposer_slashing.signed_header_2): domain = get_domain(state, DOMAIN_BEACON_PROPOSER, compute_epoch_at_slot(signed_header.message.slot)) - message = compute_signing_root(signed_header.message, domain) - assert bls.Verify(proposer.pubkey, message, signed_header.signature) + signing_root = compute_signing_root(signed_header.message, domain) + assert bls.Verify(proposer.pubkey, signing_root, signed_header.signature) slash_validator(state, proposer_slashing.proposer_index) ``` @@ -1580,8 +1580,8 @@ def process_deposit(state: BeaconState, deposit: Deposit) -> None: pubkey=deposit.data.pubkey, withdrawal_credentials=deposit.data.withdrawal_credentials, amount=deposit.data.amount) - message = compute_signing_root(deposit_message, compute_domain(DOMAIN_DEPOSIT)) - if not bls.Verify(pubkey, message, deposit.data.signature): + signing_root = compute_signing_root(deposit_message, compute_domain(DOMAIN_DEPOSIT)) + if not bls.Verify(pubkey, signing_root, deposit.data.signature): return # Add validator and balance entries @@ -1617,8 +1617,8 @@ def process_voluntary_exit(state: BeaconState, signed_voluntary_exit: SignedVolu assert get_current_epoch(state) >= validator.activation_epoch + PERSISTENT_COMMITTEE_PERIOD # Verify signature domain = get_domain(state, DOMAIN_VOLUNTARY_EXIT, voluntary_exit.epoch) - message = compute_signing_root(voluntary_exit, domain) - assert bls.Verify(validator.pubkey, message, signed_voluntary_exit.signature) + signing_root = compute_signing_root(voluntary_exit, domain) + assert bls.Verify(validator.pubkey, signing_root, signed_voluntary_exit.signature) # Initiate exit initiate_validator_exit(state, voluntary_exit.validator_index) ``` diff --git a/specs/core/1_custody-game.md b/specs/core/1_custody-game.md index 273f27455..23f9f3f4d 100644 --- a/specs/core/1_custody-game.md +++ b/specs/core/1_custody-game.md @@ -430,8 +430,8 @@ def process_custody_key_reveal(state: BeaconState, reveal: CustodyKeyReveal) -> # Verify signature domain = get_domain(state, DOMAIN_RANDAO, epoch_to_sign) - message = compute_signing_root(epoch_to_sign, domain) - assert bls.Verify(revealer.pubkey, message, reveal.reveal) + signing_root = compute_signing_root(epoch_to_sign, domain) + assert bls.Verify(revealer.pubkey, signing_root, reveal.reveal) # Decrement max reveal lateness if response is timely if epoch_to_sign + EPOCHS_PER_CUSTODY_PERIOD >= get_current_epoch(state): diff --git a/specs/core/1_shard-data-chains.md b/specs/core/1_shard-data-chains.md index 765655f74..e04e3ba5e 100644 --- a/specs/core/1_shard-data-chains.md +++ b/specs/core/1_shard-data-chains.md @@ -407,8 +407,8 @@ def process_shard_attestations(beacon_state: BeaconState, shard_state: ShardStat # Verify attester aggregate signature domain = get_domain(beacon_state, DOMAIN_SHARD_ATTESTER, compute_epoch_of_shard_slot(block.slot)) shard_attestation_data = ShardAttestationData(slot=shard_state.slot, parent_root=block.parent_root) - message = compute_signing_root(shard_attestation_data, domain) - assert bls.FastAggregateVerify(pubkeys, message, block.attestations) + signing_root = compute_signing_root(shard_attestation_data, domain) + assert bls.FastAggregateVerify(pubkeys, signing_root, block.attestations) # Proposer micro-reward proposer_index = get_shard_proposer_index(beacon_state, shard_state.shard, block.slot) reward = attestation_count * get_base_reward(beacon_state, proposer_index) // PROPOSER_REWARD_QUOTIENT diff --git a/specs/light_client/sync_protocol.md b/specs/light_client/sync_protocol.md index 744f87ea5..5a7410180 100644 --- a/specs/light_client/sync_protocol.md +++ b/specs/light_client/sync_protocol.md @@ -137,8 +137,8 @@ def update_memory(memory: LightClientMemory, update: LightClientUpdate) -> None: # Verify shard attestations pubkeys = filter(lambda i: update.aggregation_bits[i], pubkeys) domain = compute_domain(DOMAIN_SHARD_ATTESTER, update.fork_version) - message = compute_signing_root(update.shard_block_root, domain) - assert bls.FastAggregateVerify(pubkeys, message, update.signature) + signing_root = compute_signing_root(update.shard_block_root, domain) + assert bls.FastAggregateVerify(pubkeys, signing_root, update.signature) # Update period committees if entering a new period if next_period == current_period + 1: diff --git a/specs/validator/0_beacon-chain-validator.md b/specs/validator/0_beacon-chain-validator.md index ec7097617..063cda12f 100644 --- a/specs/validator/0_beacon-chain-validator.md +++ b/specs/validator/0_beacon-chain-validator.md @@ -234,8 +234,8 @@ Set `block.body.randao_reveal = epoch_signature` where `epoch_signature` is obta ```python def get_epoch_signature(state: BeaconState, block: BeaconBlock, privkey: int) -> BLSSignature: domain = get_domain(state, DOMAIN_RANDAO, compute_epoch_at_slot(block.slot)) - message = compute_signing_root(compute_epoch_at_slot(block.slot), domain) - return bls.Sign(privkey, message) + signing_root = compute_signing_root(compute_epoch_at_slot(block.slot), domain) + return bls.Sign(privkey, signing_root) ``` ##### Eth1 Data @@ -312,8 +312,8 @@ def compute_new_state_root(state: BeaconState, block: BeaconBlock) -> Root: ```python def get_block_signature(state: BeaconState, header: BeaconBlockHeader, privkey: int) -> BLSSignature: domain = get_domain(state, DOMAIN_BEACON_PROPOSER, compute_epoch_at_slot(header.slot)) - message = compute_signing_root(header, domain) - return bls.Sign(privkey, message) + signing_root = compute_signing_root(header, domain) + return bls.Sign(privkey, signing_root) ``` ### Attesting @@ -371,8 +371,8 @@ Set `attestation.signature = signed_attestation_data` where `signed_attestation_ ```python def get_signed_attestation_data(state: BeaconState, attestation: IndexedAttestation, privkey: int) -> BLSSignature: domain = get_domain(state, DOMAIN_BEACON_ATTESTER, attestation.data.target.epoch) - message = compute_signing_root(attestation.data, domain) - return bls.Sign(privkey, message) + signing_root = compute_signing_root(attestation.data, domain) + return bls.Sign(privkey, signing_root) ``` #### Broadcast attestation @@ -390,8 +390,8 @@ A validator is selected to aggregate based upon the return value of `is_aggregat ```python def get_slot_signature(state: BeaconState, slot: Slot, privkey: int) -> BLSSignature: domain = get_domain(state, DOMAIN_BEACON_ATTESTER, compute_epoch_at_slot(slot)) - message = compute_signing_root(slot, domain) - return bls.Sign(privkey, message) + signing_root = compute_signing_root(slot, domain) + return bls.Sign(privkey, signing_root) ``` ```python From 261b6c0d239ebd96005a7e704c2053cb3fc6af96 Mon Sep 17 00:00:00 2001 From: Danny Ryan Date: Fri, 3 Jan 2020 09:37:37 -0700 Subject: [PATCH 32/46] modify get_eth1_data to use timestamp instead of block height --- configs/mainnet.yaml | 2 + configs/minimal.yaml | 2 + specs/validator/0_beacon-chain-validator.md | 49 ++++++++++++++++----- 3 files changed, 41 insertions(+), 12 deletions(-) diff --git a/configs/mainnet.yaml b/configs/mainnet.yaml index 0c3c058d5..d2d219562 100644 --- a/configs/mainnet.yaml +++ b/configs/mainnet.yaml @@ -39,6 +39,8 @@ TARGET_AGGREGATORS_PER_COMMITTEE: 16 RANDOM_SUBNETS_PER_VALIDATOR: 1 # 2**8 (= 256) EPOCHS_PER_RANDOM_SUBNET_SUBSCRIPTION: 256 +# 14 (estimate from Eth1 mainnet) +SECONDS_PER_ETH1_BLOCK: 14 # Deposit contract diff --git a/configs/minimal.yaml b/configs/minimal.yaml index 7adc82eae..aa3756fd3 100644 --- a/configs/minimal.yaml +++ b/configs/minimal.yaml @@ -39,6 +39,8 @@ TARGET_AGGREGATORS_PER_COMMITTEE: 16 RANDOM_SUBNETS_PER_VALIDATOR: 1 # 2**8 (= 256) EPOCHS_PER_RANDOM_SUBNET_SUBSCRIPTION: 256 +# 14 (estimate from Eth1 mainnet) +SECONDS_PER_ETH1_BLOCK: 14 # Deposit contract diff --git a/specs/validator/0_beacon-chain-validator.md b/specs/validator/0_beacon-chain-validator.md index 341fb8e8c..99b23c3fe 100644 --- a/specs/validator/0_beacon-chain-validator.md +++ b/specs/validator/0_beacon-chain-validator.md @@ -31,6 +31,8 @@ - [Constructing the `BeaconBlockBody`](#constructing-the-beaconblockbody) - [Randao reveal](#randao-reveal) - [Eth1 Data](#eth1-data) + - [`Eth1Block`](#eth1block) + - [`get_eth1_data`](#get_eth1_data) - [Proposer slashings](#proposer-slashings) - [Attester slashings](#attester-slashings) - [Attestations](#attestations) @@ -85,6 +87,7 @@ All terminology, constants, functions, and protocol mechanics defined in the [Ph | `TARGET_AGGREGATORS_PER_COMMITTEE` | `2**4` (= 16) | validators | | | `RANDOM_SUBNETS_PER_VALIDATOR` | `2**0` (= 1) | subnets | | | `EPOCHS_PER_RANDOM_SUBNET_SUBSCRIPTION` | `2**8` (= 256) | epochs | ~27 hours | +| `SECONDS_PER_ETH1_BLOCK` | `14` | seconds | | ## Becoming a validator @@ -239,28 +242,50 @@ def get_epoch_signature(state: BeaconState, block: BeaconBlock, privkey: int) -> ##### Eth1 Data -The `block.body.eth1_data` field is for block proposers to vote on recent Eth1 data. This recent data contains an Eth1 block hash as well as the associated deposit root (as calculated by the `get_deposit_root()` method of the deposit contract) and deposit count after execution of the corresponding Eth1 block. If over half of the block proposers in the current Eth1 voting period vote for the same `eth1_data` then `state.eth1_data` updates at the end of the voting period. Each deposit in `block.body.deposits` must verify against `state.eth1_data.eth1_deposit_root`. +The `block.body.eth1_data` field is for block proposers to vote on recent Eth1 data. This recent data contains an Eth1 block hash as well as the associated deposit root (as calculated by the `get_deposit_root()` method of the deposit contract) and deposit count after execution of the corresponding Eth1 block. If over half of the block proposers in the current Eth1 voting period vote for the same `eth1_data` then `state.eth1_data` updates immediately allowing new deposits to be processed. Each deposit in `block.body.deposits` must verify against `state.eth1_data.eth1_deposit_root`. -Let `get_eth1_data(distance: uint64) -> Eth1Data` be the (subjective) function that returns the Eth1 data at distance `distance` relative to the Eth1 head at the start of the current Eth1 voting period. Let `previous_eth1_distance` be the distance relative to the Eth1 block corresponding to `eth1_data.block_hash` found in the state at the _start_ of the current Eth1 voting period. Note that `eth1_data` can be updated in the middle of a voting period and thus the starting `eth1_data.block_hash` must be stored separately. +###### `Eth1Block` -An honest block proposer sets `block.body.eth1_data = get_eth1_vote(state, previous_eth1_distance)` where: +Let `Eth1Block` be an abstract object representing Eth1 blocks with the `timestamp` field available. ```python -def get_eth1_vote(state: BeaconState, previous_eth1_distance: uint64) -> Eth1Data: - new_eth1_data = [get_eth1_data(distance) for distance in range(ETH1_FOLLOW_DISTANCE, 2 * ETH1_FOLLOW_DISTANCE)] - all_eth1_data = [get_eth1_data(distance) for distance in range(ETH1_FOLLOW_DISTANCE, previous_eth1_distance)] +class Eth1Block(Container): + timestamp: uint64 + # All other eth1 block fields +``` - period_tail = state.slot % SLOTS_PER_ETH1_VOTING_PERIOD >= integer_squareroot(SLOTS_PER_ETH1_VOTING_PERIOD) - if period_tail: - votes_to_consider = all_eth1_data - else: - votes_to_consider = new_eth1_data +###### `get_eth1_data` + +Let `get_eth1_data(block: Eth1Block) -> Eth1Data` be the function that returns the Eth1 data for a given Eth1 block. + +An honest block proposer sets `block.body.eth1_data = get_eth1_vote(state)` where: + +```python +def voting_period_start_time(state: BeaconState) -> uint64: + eth1_voting_period_start_slot = state.slot % SLOTS_PER_ETH1_VOTING_PERIOD + return state.genesis_time + eth1_voting_period_start_slot * SECONDS_PER_SLOT +``` + +```python +def is_candidate_block(block: Eth1Block, period_start: uint64) -> bool: + return ( + block.timestamp <= period_start - SECONDS_PER_ETH1_BLOCK * ETH1_FOLLOW_DISTANCE + and block.timestamp >= period_start - SECONDS_PER_ETH1_BLOCK * ETH1_FOLLOW_DISTANCE * 2 + ) +``` + +```python +def get_eth1_vote(state: BeaconState, eth1_chain: Sequence[Eth1Block]) -> Eth1Data: + period_start = voting_period_start_time(state) + # `eth1_chain` abstractly represents all blocks in the eth1 chain. + votes_to_consider = [get_eth1_data(block) for block in eth1_chain if + is_candidate_block(block, period_start)] valid_votes = [vote for vote in state.eth1_data_votes if vote in votes_to_consider] return max( valid_votes, - key=lambda v: (valid_votes.count(v), -all_eth1_data.index(v)), # Tiebreak by smallest distance + key=lambda v: (valid_votes.count(v), -valid_votes.index(v)), # Tiebreak by smallest distance default=get_eth1_data(ETH1_FOLLOW_DISTANCE), ) ``` From 6dbc02031db930daf4f8f9d64793048f43aee857 Mon Sep 17 00:00:00 2001 From: Danny Ryan Date: Fri, 3 Jan 2020 17:48:03 -0700 Subject: [PATCH 33/46] add GENESIS_FORK_VERSION and make associated modifications to support configuration of this variable --- configs/mainnet.yaml | 2 ++ configs/minimal.yaml | 2 ++ specs/core/0_beacon-chain.md | 9 ++++++++- specs/validator/0_beacon-chain-validator.md | 2 +- 4 files changed, 13 insertions(+), 2 deletions(-) diff --git a/configs/mainnet.yaml b/configs/mainnet.yaml index 0c3c058d5..b61c25e6d 100644 --- a/configs/mainnet.yaml +++ b/configs/mainnet.yaml @@ -63,6 +63,8 @@ EFFECTIVE_BALANCE_INCREMENT: 1000000000 # --------------------------------------------------------------- # 0, GENESIS_EPOCH is derived from this constant GENESIS_SLOT: 0 +# Mainnet initial fork version, recommend altering for testnets +GENESIS_FORK_VERSION: 0x00000000 BLS_WITHDRAWAL_PREFIX: 0x00 diff --git a/configs/minimal.yaml b/configs/minimal.yaml index 7adc82eae..1be5d85ee 100644 --- a/configs/minimal.yaml +++ b/configs/minimal.yaml @@ -63,6 +63,8 @@ EFFECTIVE_BALANCE_INCREMENT: 1000000000 # --------------------------------------------------------------- # 0, GENESIS_EPOCH is derived from this constant GENESIS_SLOT: 0 +# Highest byte set to 0x01 to avoid collisions with mainnet versioning +GENESIS_FORK_VERSION: 0x00000001 BLS_WITHDRAWAL_PREFIX: 0x00 diff --git a/specs/core/0_beacon-chain.md b/specs/core/0_beacon-chain.md index 647d1c9bd..ffc292059 100644 --- a/specs/core/0_beacon-chain.md +++ b/specs/core/0_beacon-chain.md @@ -199,6 +199,7 @@ The following values are (non-configurable) constants used throughout the specif | - | - | | `GENESIS_SLOT` | `Slot(0)` | | `GENESIS_EPOCH` | `Epoch(0)` | +| `GENESIS_FORK_VERSION` | `Version('0x00000000')` | | `BLS_WITHDRAWAL_PREFIX` | `Bytes1('0x00')` | ### Time parameters @@ -780,7 +781,7 @@ def compute_activation_exit_epoch(epoch: Epoch) -> Epoch: #### `compute_domain` ```python -def compute_domain(domain_type: DomainType, fork_version: Version=Version()) -> Domain: +def compute_domain(domain_type: DomainType, fork_version: Version=GENESIS_FORK_VERSION) -> Domain: """ Return the domain for the ``domain_type`` and ``fork_version``. """ @@ -1063,8 +1064,14 @@ Before the Ethereum 2.0 genesis has been triggered, and for every Ethereum 1.0 b def initialize_beacon_state_from_eth1(eth1_block_hash: Bytes32, eth1_timestamp: uint64, deposits: Sequence[Deposit]) -> BeaconState: + fork = Fork( + previous_version=GENESIS_FORK_VERSION, + current_version=GENESIS_FORK_VERSION, + epoch=GENESIS_EPOCH, + ) state = BeaconState( genesis_time=eth1_timestamp - eth1_timestamp % SECONDS_PER_DAY + 2 * SECONDS_PER_DAY, + fork=fork, eth1_data=Eth1Data(block_hash=eth1_block_hash, deposit_count=len(deposits)), latest_block_header=BeaconBlockHeader(body_root=hash_tree_root(BeaconBlockBody())), randao_mixes=[eth1_block_hash] * EPOCHS_PER_HISTORICAL_VECTOR, # Seed RANDAO with Eth1 entropy diff --git a/specs/validator/0_beacon-chain-validator.md b/specs/validator/0_beacon-chain-validator.md index 341fb8e8c..f52bdc495 100644 --- a/specs/validator/0_beacon-chain-validator.md +++ b/specs/validator/0_beacon-chain-validator.md @@ -117,7 +117,7 @@ To submit a deposit: - Set `deposit_data.withdrawal_credentials` to `withdrawal_credentials`. - Set `deposit_data.amount` to `amount`. - Let `deposit_message` be a `DepositMessage` with all the `DepositData` contents except the `signature`. -- Let `signature` be the result of `bls_sign` of the `hash_tree_root(deposit_message)` with `domain=compute_domain(DOMAIN_DEPOSIT)`. (Deposits are valid regardless of fork version, `compute_domain` will default to zeroes there). +- Let `signature` be the result of `bls_sign` of the `hash_tree_root(deposit_message)` with `domain=compute_domain(DOMAIN_DEPOSIT)`. (_Warning_: Deposits _must_ be signed with `GENESIS_FORK_VERSION`, calling `compute_domain` without a second argument defaults to the correct version). - Let `deposit_data_root` be `hash_tree_root(deposit_data)`. - Send a transaction on the Ethereum 1.0 chain to `DEPOSIT_CONTRACT_ADDRESS` executing `def deposit(pubkey: bytes[48], withdrawal_credentials: bytes[32], signature: bytes[96], deposit_data_root: bytes32)` along with a deposit of `amount` Gwei. From 43d095214c653c8a5ed6243ddb69863034ce1945 Mon Sep 17 00:00:00 2001 From: Danny Ryan Date: Sun, 5 Jan 2020 14:10:06 -0700 Subject: [PATCH 34/46] add note that validator should broadcast attestation immediately when receiving block from expected proposer --- specs/validator/0_beacon-chain-validator.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/specs/validator/0_beacon-chain-validator.md b/specs/validator/0_beacon-chain-validator.md index f52bdc495..5d27eee47 100644 --- a/specs/validator/0_beacon-chain-validator.md +++ b/specs/validator/0_beacon-chain-validator.md @@ -318,7 +318,7 @@ def get_block_signature(state: BeaconState, header: BeaconBlockHeader, privkey: A validator is expected to create, sign, and broadcast an attestation during each epoch. The `committee`, assigned `index`, and assigned `slot` for which the validator performs this role during an epoch are defined by `get_committee_assignment(state, epoch, validator_index)`. -A validator should create and broadcast the `attestation` to the associated attestation subnet one-third of the way through the `slot` during which the validator is assigned―that is, `SECONDS_PER_SLOT / 3` seconds after the start of `slot`. +A validator should create and broadcast the `attestation` to the associated attestation subnet when either (a) the validator has received a valid block from the expected block proposer for the assigned `slot` or (b) one-third of the `slot` hash transpired (`SECONDS_PER_SLOT / 3` seconds after the start of `slot`) -- whichever comes _first_. *Note*: Although attestations during `GENESIS_EPOCH` do not count toward FFG finality, these initial attestations do give weight to the fork choice, are rewarded fork, and should be made. From 8515aec7aaeb465a61ccdef83fad672bfc69a642 Mon Sep 17 00:00:00 2001 From: Danny Ryan Date: Sun, 5 Jan 2020 15:03:13 -0700 Subject: [PATCH 35/46] move GENESIS_SLOT/EPOCH to constants as they are not truly configurable --- configs/mainnet.yaml | 2 -- configs/minimal.yaml | 2 -- specs/core/0_beacon-chain.md | 4 ++-- specs/validator/0_beacon-chain-validator.md | 3 ++- 4 files changed, 4 insertions(+), 7 deletions(-) diff --git a/configs/mainnet.yaml b/configs/mainnet.yaml index c211f8b43..866b6520b 100644 --- a/configs/mainnet.yaml +++ b/configs/mainnet.yaml @@ -63,8 +63,6 @@ EFFECTIVE_BALANCE_INCREMENT: 1000000000 # Initial values # --------------------------------------------------------------- -# 0, GENESIS_EPOCH is derived from this constant -GENESIS_SLOT: 0 # Mainnet initial fork version, recommend altering for testnets GENESIS_FORK_VERSION: 0x00000000 BLS_WITHDRAWAL_PREFIX: 0x00 diff --git a/configs/minimal.yaml b/configs/minimal.yaml index 7f26879d5..327cadbf3 100644 --- a/configs/minimal.yaml +++ b/configs/minimal.yaml @@ -63,8 +63,6 @@ EFFECTIVE_BALANCE_INCREMENT: 1000000000 # Initial values # --------------------------------------------------------------- -# 0, GENESIS_EPOCH is derived from this constant -GENESIS_SLOT: 0 # Highest byte set to 0x01 to avoid collisions with mainnet versioning GENESIS_FORK_VERSION: 0x00000001 BLS_WITHDRAWAL_PREFIX: 0x00 diff --git a/specs/core/0_beacon-chain.md b/specs/core/0_beacon-chain.md index ffc292059..614002056 100644 --- a/specs/core/0_beacon-chain.md +++ b/specs/core/0_beacon-chain.md @@ -158,6 +158,8 @@ The following values are (non-configurable) constants used throughout the specif | Name | Value | | - | - | +| `GENESIS_SLOT` | `Slot(0)` | +| `GENESIS_EPOCH` | `Epoch(0)` | | `FAR_FUTURE_EPOCH` | `Epoch(2**64 - 1)` | | `BASE_REWARDS_PER_EPOCH` | `4` | | `DEPOSIT_CONTRACT_TREE_DEPTH` | `2**5` (= 32) | @@ -197,8 +199,6 @@ The following values are (non-configurable) constants used throughout the specif | Name | Value | | - | - | -| `GENESIS_SLOT` | `Slot(0)` | -| `GENESIS_EPOCH` | `Epoch(0)` | | `GENESIS_FORK_VERSION` | `Version('0x00000000')` | | `BLS_WITHDRAWAL_PREFIX` | `Bytes1('0x00')` | diff --git a/specs/validator/0_beacon-chain-validator.md b/specs/validator/0_beacon-chain-validator.md index 62e80fe03..492da1aa3 100644 --- a/specs/validator/0_beacon-chain-validator.md +++ b/specs/validator/0_beacon-chain-validator.md @@ -263,7 +263,8 @@ An honest block proposer sets `block.body.eth1_data = get_eth1_vote(state)` wher ```python def voting_period_start_time(state: BeaconState) -> uint64: eth1_voting_period_start_slot = state.slot % SLOTS_PER_ETH1_VOTING_PERIOD - return state.genesis_time + eth1_voting_period_start_slot * SECONDS_PER_SLOT + time_since_genesis = (eth1_voting_period_start_slot - GENESIS_SLOT) * SECONDS_PER_SLOT + return state.genesis_time + time_since_genesis ``` ```python From 50c8727ae7f520274864a232417d013aecaf17b5 Mon Sep 17 00:00:00 2001 From: Danny Ryan Date: Sun, 5 Jan 2020 15:29:23 -0700 Subject: [PATCH 36/46] make genesis delay configurable --- configs/mainnet.yaml | 2 ++ configs/minimal.yaml | 2 ++ specs/core/0_beacon-chain.md | 4 ++-- test_libs/pyspec/eth2spec/test/genesis/test_initialization.py | 4 ++-- 4 files changed, 8 insertions(+), 4 deletions(-) diff --git a/configs/mainnet.yaml b/configs/mainnet.yaml index c211f8b43..7713f9863 100644 --- a/configs/mainnet.yaml +++ b/configs/mainnet.yaml @@ -72,6 +72,8 @@ BLS_WITHDRAWAL_PREFIX: 0x00 # Time parameters # --------------------------------------------------------------- +# 86400 seconds (1 day) +MIN_GENESIS_DELAY: 86400 # 12 seconds SECONDS_PER_SLOT: 12 # 2**0 (= 1) slots 12 seconds diff --git a/configs/minimal.yaml b/configs/minimal.yaml index 7f26879d5..70bb6ca34 100644 --- a/configs/minimal.yaml +++ b/configs/minimal.yaml @@ -72,6 +72,8 @@ BLS_WITHDRAWAL_PREFIX: 0x00 # Time parameters # --------------------------------------------------------------- +# [customized] Faster to spin up testnets, but does not give validator reasonable warning time for genesis +MIN_GENESIS_DELAY: 300 # [customized] Faster for testing purposes SECONDS_PER_SLOT: 6 # 2**0 (= 1) slots 6 seconds diff --git a/specs/core/0_beacon-chain.md b/specs/core/0_beacon-chain.md index ffc292059..9ffce3317 100644 --- a/specs/core/0_beacon-chain.md +++ b/specs/core/0_beacon-chain.md @@ -161,7 +161,6 @@ The following values are (non-configurable) constants used throughout the specif | `FAR_FUTURE_EPOCH` | `Epoch(2**64 - 1)` | | `BASE_REWARDS_PER_EPOCH` | `4` | | `DEPOSIT_CONTRACT_TREE_DEPTH` | `2**5` (= 32) | -| `SECONDS_PER_DAY` | `86400` | | `JUSTIFICATION_BITS_LENGTH` | `4` | | `ENDIANNESS` | `'little'` | @@ -206,6 +205,7 @@ The following values are (non-configurable) constants used throughout the specif | Name | Value | Unit | Duration | | - | - | :-: | :-: | +| `MIN_GENESIS_DELAY` | `86400` | seconds | 1 day | | `SECONDS_PER_SLOT` | `12` | seconds | 12 seconds | | `MIN_ATTESTATION_INCLUSION_DELAY` | `2**0` (= 1) | slots | 12 seconds | | `SLOTS_PER_EPOCH` | `2**5` (= 32) | slots | 6.4 minutes | @@ -1070,7 +1070,7 @@ def initialize_beacon_state_from_eth1(eth1_block_hash: Bytes32, epoch=GENESIS_EPOCH, ) state = BeaconState( - genesis_time=eth1_timestamp - eth1_timestamp % SECONDS_PER_DAY + 2 * SECONDS_PER_DAY, + genesis_time=eth1_timestamp - eth1_timestamp % MIN_GENESIS_DELAY + 2 * MIN_GENESIS_DELAY, fork=fork, eth1_data=Eth1Data(block_hash=eth1_block_hash, deposit_count=len(deposits)), latest_block_header=BeaconBlockHeader(body_root=hash_tree_root(BeaconBlockBody())), diff --git a/test_libs/pyspec/eth2spec/test/genesis/test_initialization.py b/test_libs/pyspec/eth2spec/test/genesis/test_initialization.py index 462065bb9..9b326590f 100644 --- a/test_libs/pyspec/eth2spec/test/genesis/test_initialization.py +++ b/test_libs/pyspec/eth2spec/test/genesis/test_initialization.py @@ -20,7 +20,7 @@ def test_initialize_beacon_state_from_eth1(spec): # initialize beacon_state state = spec.initialize_beacon_state_from_eth1(eth1_block_hash, eth1_timestamp, deposits) - assert state.genesis_time == eth1_timestamp - eth1_timestamp % spec.SECONDS_PER_DAY + 2 * spec.SECONDS_PER_DAY + assert state.genesis_time == eth1_timestamp - eth1_timestamp % spec.MIN_GENESIS_DELAY + 2 * spec.MIN_GENESIS_DELAY assert len(state.validators) == deposit_count assert state.eth1_data.deposit_root == deposit_root assert state.eth1_data.deposit_count == deposit_count @@ -55,7 +55,7 @@ def test_initialize_beacon_state_some_small_balances(spec): # initialize beacon_state state = spec.initialize_beacon_state_from_eth1(eth1_block_hash, eth1_timestamp, deposits) - assert state.genesis_time == eth1_timestamp - eth1_timestamp % spec.SECONDS_PER_DAY + 2 * spec.SECONDS_PER_DAY + assert state.genesis_time == eth1_timestamp - eth1_timestamp % spec.MIN_GENESIS_DELAY + 2 * spec.MIN_GENESIS_DELAY assert len(state.validators) == small_deposit_count assert state.eth1_data.deposit_root == deposit_root assert state.eth1_data.deposit_count == len(deposits) From 71206c9a261aaab60366beaf371095c3406cd2a8 Mon Sep 17 00:00:00 2001 From: protolambda Date: Mon, 6 Jan 2020 16:04:34 +0100 Subject: [PATCH 37/46] deposit with other fork version --- .../pyspec/eth2spec/test/helpers/deposits.py | 5 +++ .../block_processing/test_process_deposit.py | 32 ++++++++++++++++++- 2 files changed, 36 insertions(+), 1 deletion(-) diff --git a/test_libs/pyspec/eth2spec/test/helpers/deposits.py b/test_libs/pyspec/eth2spec/test/helpers/deposits.py index fdab01ca9..125a9e73c 100644 --- a/test_libs/pyspec/eth2spec/test/helpers/deposits.py +++ b/test_libs/pyspec/eth2spec/test/helpers/deposits.py @@ -49,6 +49,11 @@ def build_deposit(spec, deposit_data = build_deposit_data(spec, pubkey, privkey, amount, withdrawal_credentials, state=state, signed=signed) index = len(deposit_data_list) deposit_data_list.append(deposit_data) + return deposit_from_context(spec, deposit_data_list, index) + + +def deposit_from_context(spec, deposit_data_list, index): + deposit_data = deposit_data_list[index] root = hash_tree_root(List[spec.DepositData, 2**spec.DEPOSIT_CONTRACT_TREE_DEPTH](*deposit_data_list)) tree = calc_merkle_tree_from_leaves(tuple([d.hash_tree_root() for d in deposit_data_list])) proof = list(get_merkle_proof(tree, item_index=index, tree_len=32)) + [(index + 1).to_bytes(32, 'little')] diff --git a/test_libs/pyspec/eth2spec/test/phase_0/block_processing/test_process_deposit.py b/test_libs/pyspec/eth2spec/test/phase_0/block_processing/test_process_deposit.py index 1cef99394..71d23dcba 100644 --- a/test_libs/pyspec/eth2spec/test/phase_0/block_processing/test_process_deposit.py +++ b/test_libs/pyspec/eth2spec/test/phase_0/block_processing/test_process_deposit.py @@ -3,9 +3,10 @@ from eth2spec.test.helpers.deposits import ( build_deposit, prepare_state_and_deposit, sign_deposit_data, -) + deposit_from_context) from eth2spec.test.helpers.state import get_balance from eth2spec.test.helpers.keys import privkeys, pubkeys +from eth2spec.utils.bls import bls_sign def run_deposit_processing(spec, state, deposit, validator_index, valid=True, effective=True): @@ -93,6 +94,35 @@ def test_new_deposit_over_max(spec, state): yield from run_deposit_processing(spec, state, deposit, validator_index) +@with_all_phases +@spec_state_test +@always_bls +def test_invalid_sig_other_version(spec, state): + validator_index = len(state.validators) + amount = spec.MAX_EFFECTIVE_BALANCE + + pubkey = pubkeys[validator_index] + privkey = privkeys[validator_index] + withdrawal_credentials = spec.BLS_WITHDRAWAL_PREFIX + spec.hash(pubkey)[1:] + + deposit_data = spec.DepositData( + pubkey=pubkey, withdrawal_credentials=withdrawal_credentials, amount=amount, + signature=bls_sign( + message_hash=spec.hash_tree_root( + spec.DepositMessage(pubkey=pubkey, withdrawal_credentials=withdrawal_credentials, amount=amount)), + privkey=privkey, + domain=spec.compute_domain(domain_type=spec.DOMAIN_DEPOSIT, fork_version=spec.Version('0xaabbccdd')), + ) + ) + deposit, root, _ = deposit_from_context(spec, [deposit_data], 0) + + state.eth1_deposit_index = 0 + state.eth1_data.deposit_root = root + state.eth1_data.deposit_count = 1 + + yield from run_deposit_processing(spec, state, deposit, validator_index, valid=True, effective=False) + + @with_all_phases @spec_state_test @always_bls From 60954286f9e41f2870721889628ec91494964ae9 Mon Sep 17 00:00:00 2001 From: protolambda Date: Mon, 6 Jan 2020 16:16:38 +0100 Subject: [PATCH 38/46] make tests correctly sign for general genesis-domain --- .../pyspec/eth2spec/test/helpers/deposits.py | 22 +++++-------------- .../block_processing/test_process_deposit.py | 15 +++++++++++-- 2 files changed, 18 insertions(+), 19 deletions(-) diff --git a/test_libs/pyspec/eth2spec/test/helpers/deposits.py b/test_libs/pyspec/eth2spec/test/helpers/deposits.py index 125a9e73c..071e177fd 100644 --- a/test_libs/pyspec/eth2spec/test/helpers/deposits.py +++ b/test_libs/pyspec/eth2spec/test/helpers/deposits.py @@ -5,27 +5,18 @@ from eth2spec.utils.ssz.ssz_impl import hash_tree_root from eth2spec.utils.ssz.ssz_typing import List -def build_deposit_data(spec, pubkey, privkey, amount, withdrawal_credentials, state=None, signed=False): +def build_deposit_data(spec, pubkey, privkey, amount, withdrawal_credentials, signed=False): deposit_data = spec.DepositData( pubkey=pubkey, withdrawal_credentials=withdrawal_credentials, amount=amount, ) if signed: - sign_deposit_data(spec, deposit_data, privkey, state) + sign_deposit_data(spec, deposit_data, privkey) return deposit_data -def sign_deposit_data(spec, deposit_data, privkey, state=None): - if state is None: - # Genesis - domain = spec.compute_domain(spec.DOMAIN_DEPOSIT) - else: - domain = spec.get_domain( - state, - spec.DOMAIN_DEPOSIT, - ) - +def sign_deposit_data(spec, deposit_data, privkey): deposit_message = spec.DepositMessage( pubkey=deposit_data.pubkey, withdrawal_credentials=deposit_data.withdrawal_credentials, @@ -33,20 +24,19 @@ def sign_deposit_data(spec, deposit_data, privkey, state=None): signature = bls_sign( message_hash=hash_tree_root(deposit_message), privkey=privkey, - domain=domain, + domain=spec.compute_domain(spec.DOMAIN_DEPOSIT), ) deposit_data.signature = signature def build_deposit(spec, - state, deposit_data_list, pubkey, privkey, amount, withdrawal_credentials, signed): - deposit_data = build_deposit_data(spec, pubkey, privkey, amount, withdrawal_credentials, state=state, signed=signed) + deposit_data = build_deposit_data(spec, pubkey, privkey, amount, withdrawal_credentials, signed=signed) index = len(deposit_data_list) deposit_data_list.append(deposit_data) return deposit_from_context(spec, deposit_data_list, index) @@ -75,7 +65,6 @@ def prepare_genesis_deposits(spec, genesis_validator_count, amount, signed=False withdrawal_credentials = spec.BLS_WITHDRAWAL_PREFIX + spec.hash(pubkey)[1:] deposit, root, deposit_data_list = build_deposit( spec, - None, deposit_data_list, pubkey, privkey, @@ -103,7 +92,6 @@ def prepare_state_and_deposit(spec, state, validator_index, amount, withdrawal_c deposit, root, deposit_data_list = build_deposit( spec, - state, deposit_data_list, pubkey, privkey, diff --git a/test_libs/pyspec/eth2spec/test/phase_0/block_processing/test_process_deposit.py b/test_libs/pyspec/eth2spec/test/phase_0/block_processing/test_process_deposit.py index 71d23dcba..25222664d 100644 --- a/test_libs/pyspec/eth2spec/test/phase_0/block_processing/test_process_deposit.py +++ b/test_libs/pyspec/eth2spec/test/phase_0/block_processing/test_process_deposit.py @@ -105,6 +105,7 @@ def test_invalid_sig_other_version(spec, state): privkey = privkeys[validator_index] withdrawal_credentials = spec.BLS_WITHDRAWAL_PREFIX + spec.hash(pubkey)[1:] + # Go through the effort of manually signing, not something normally done. This sig domain will be invalid. deposit_data = spec.DepositData( pubkey=pubkey, withdrawal_credentials=withdrawal_credentials, amount=amount, signature=bls_sign( @@ -123,6 +124,18 @@ def test_invalid_sig_other_version(spec, state): yield from run_deposit_processing(spec, state, deposit, validator_index, valid=True, effective=False) +@with_all_phases +@spec_state_test +@always_bls +def test_valid_sig_but_forked_state(spec, state): + validator_index = len(state.validators) + amount = spec.MAX_EFFECTIVE_BALANCE + # deposits will always be valid, regardless of the current fork + state.fork.current_version = spec.Version('0x1234abcd') + deposit = prepare_state_and_deposit(spec, state, validator_index, amount, signed=True) + yield from run_deposit_processing(spec, state, deposit, validator_index, valid=True, effective=True) + + @with_all_phases @spec_state_test @always_bls @@ -185,7 +198,6 @@ def test_wrong_deposit_for_deposit_count(spec, state): privkey_1 = privkeys[index_1] _, _, deposit_data_leaves = build_deposit( spec, - state, deposit_data_leaves, pubkey_1, privkey_1, @@ -201,7 +213,6 @@ def test_wrong_deposit_for_deposit_count(spec, state): privkey_2 = privkeys[index_2] deposit_2, root_2, deposit_data_leaves = build_deposit( spec, - state, deposit_data_leaves, pubkey_2, privkey_2, From 8391d8ee5b847f45914d86bd073c473172f72fb1 Mon Sep 17 00:00:00 2001 From: protolambda Date: Mon, 6 Jan 2020 16:22:18 +0100 Subject: [PATCH 39/46] missed deposit case, also fix signing here --- .../test/phase_0/block_processing/test_process_deposit.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test_libs/pyspec/eth2spec/test/phase_0/block_processing/test_process_deposit.py b/test_libs/pyspec/eth2spec/test/phase_0/block_processing/test_process_deposit.py index 25222664d..05a40407b 100644 --- a/test_libs/pyspec/eth2spec/test/phase_0/block_processing/test_process_deposit.py +++ b/test_libs/pyspec/eth2spec/test/phase_0/block_processing/test_process_deposit.py @@ -238,6 +238,6 @@ def test_bad_merkle_proof(spec, state): # mess up merkle branch deposit.proof[5] = spec.Bytes32() - sign_deposit_data(spec, deposit.data, privkeys[validator_index], state=state) + sign_deposit_data(spec, deposit.data, privkeys[validator_index]) yield from run_deposit_processing(spec, state, deposit, validator_index, valid=False) From 9ea03dce6045ed515fdd03d9a66472271c75afe6 Mon Sep 17 00:00:00 2001 From: Danny Ryan Date: Mon, 6 Jan 2020 12:13:15 -0700 Subject: [PATCH 40/46] add compute_time_at_slot helper in validator doc --- specs/validator/0_beacon-chain-validator.md | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/specs/validator/0_beacon-chain-validator.md b/specs/validator/0_beacon-chain-validator.md index 492da1aa3..49261f21a 100644 --- a/specs/validator/0_beacon-chain-validator.md +++ b/specs/validator/0_beacon-chain-validator.md @@ -260,11 +260,15 @@ Let `get_eth1_data(block: Eth1Block) -> Eth1Data` be the function that returns t An honest block proposer sets `block.body.eth1_data = get_eth1_vote(state)` where: +```python +def compute_time_at_slot(state: BeaconState, slot: Slot) -> uint64: + return state.genesis_time + slot * SECONDS_PER_SLOT +``` + ```python def voting_period_start_time(state: BeaconState) -> uint64: - eth1_voting_period_start_slot = state.slot % SLOTS_PER_ETH1_VOTING_PERIOD - time_since_genesis = (eth1_voting_period_start_slot - GENESIS_SLOT) * SECONDS_PER_SLOT - return state.genesis_time + time_since_genesis + eth1_voting_period_start_slot = Slot(state.slot % SLOTS_PER_ETH1_VOTING_PERIOD) + return compute_time_at_slot(state, eth1_voting_period_start_slot) ``` ```python From b637b9ad72cd18619aaf8a7cd7422e31f7b190c6 Mon Sep 17 00:00:00 2001 From: Danny Ryan Date: Mon, 6 Jan 2020 17:19:31 -0700 Subject: [PATCH 41/46] fix mod bug for voting period --- specs/validator/0_beacon-chain-validator.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/specs/validator/0_beacon-chain-validator.md b/specs/validator/0_beacon-chain-validator.md index 49261f21a..36b4f4ac0 100644 --- a/specs/validator/0_beacon-chain-validator.md +++ b/specs/validator/0_beacon-chain-validator.md @@ -267,7 +267,7 @@ def compute_time_at_slot(state: BeaconState, slot: Slot) -> uint64: ```python def voting_period_start_time(state: BeaconState) -> uint64: - eth1_voting_period_start_slot = Slot(state.slot % SLOTS_PER_ETH1_VOTING_PERIOD) + eth1_voting_period_start_slot = Slot(state.slot - state.slot % SLOTS_PER_ETH1_VOTING_PERIOD) return compute_time_at_slot(state, eth1_voting_period_start_slot) ``` From fbfe024e7ad13b62efd5c2d4c56a34c5b15b45a9 Mon Sep 17 00:00:00 2001 From: Hsiao-Wei Wang Date: Tue, 7 Jan 2020 17:20:17 +0800 Subject: [PATCH 42/46] Rename vyper file from `.v.py` to `.vy` --- .gitattributes | 1 + Makefile | 2 +- .../{validator_registration.v.py => validator_registration.vy} | 0 deposit_contract/tests/contracts/utils.py | 2 +- specs/core/0_deposit-contract.md | 2 +- 5 files changed, 4 insertions(+), 3 deletions(-) create mode 100644 .gitattributes rename deposit_contract/contracts/{validator_registration.v.py => validator_registration.vy} (100%) diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 000000000..c2b17bf1a --- /dev/null +++ b/.gitattributes @@ -0,0 +1 @@ +*.vy linguist-language=Python diff --git a/Makefile b/Makefile index 2b165ad7d..51bff90d0 100644 --- a/Makefile +++ b/Makefile @@ -91,7 +91,7 @@ install_deposit_contract_test: $(PY_SPEC_ALL_TARGETS) compile_deposit_contract: cd $(DEPOSIT_CONTRACT_DIR); . venv/bin/activate; \ - python tool/compile_deposit_contract.py contracts/validator_registration.v.py; + python tool/compile_deposit_contract.py contracts/validator_registration.vy; test_deposit_contract: cd $(DEPOSIT_CONTRACT_DIR); . venv/bin/activate; \ diff --git a/deposit_contract/contracts/validator_registration.v.py b/deposit_contract/contracts/validator_registration.vy similarity index 100% rename from deposit_contract/contracts/validator_registration.v.py rename to deposit_contract/contracts/validator_registration.vy diff --git a/deposit_contract/tests/contracts/utils.py b/deposit_contract/tests/contracts/utils.py index de7c54489..12eac5832 100644 --- a/deposit_contract/tests/contracts/utils.py +++ b/deposit_contract/tests/contracts/utils.py @@ -5,7 +5,7 @@ DIR = os.path.dirname(__file__) def get_deposit_contract_code(): - file_path = os.path.join(DIR, './../../contracts/validator_registration.v.py') + file_path = os.path.join(DIR, './../../contracts/validator_registration.vy') deposit_contract_code = open(file_path).read() return deposit_contract_code diff --git a/specs/core/0_deposit-contract.md b/specs/core/0_deposit-contract.md index c9f366330..11be41b86 100644 --- a/specs/core/0_deposit-contract.md +++ b/specs/core/0_deposit-contract.md @@ -61,6 +61,6 @@ Every Ethereum 1.0 deposit emits a `DepositEvent` log for consumption by the bea ## Vyper code -The deposit contract source code, written in Vyper, is available [here](../../deposit_contract/contracts/validator_registration.v.py). +The deposit contract source code, written in Vyper, is available [here](../../deposit_contract/contracts/validator_registration.vy). *Note*: To save on gas, the deposit contract uses a progressive Merkle root calculation algorithm that requires only O(log(n)) storage. See [here](https://github.com/ethereum/research/blob/master/beacon_chain_impl/progressive_merkle_tree.py) for a Python implementation, and [here](https://github.com/runtimeverification/verified-smart-contracts/blob/master/deposit/formal-incremental-merkle-tree-algorithm.pdf) for a formal correctness proof. From 8948393e7699cdbee1492f22bbd9a360b8afc807 Mon Sep 17 00:00:00 2001 From: Carl Beekhuizen Date: Tue, 7 Jan 2020 13:07:09 +0100 Subject: [PATCH 43/46] Remove references to BLS messages --- specs/core/0_beacon-chain.md | 7 +++++-- specs/core/1_custody-game.md | 6 ++---- .../pyspec/eth2spec/test/helpers/attestations.py | 4 ++-- test_libs/pyspec/eth2spec/test/helpers/block.py | 8 ++++---- .../pyspec/eth2spec/test/helpers/block_header.py | 4 ++-- .../pyspec/eth2spec/test/helpers/custody.py | 16 ++++++++-------- .../pyspec/eth2spec/test/helpers/deposits.py | 4 ++-- .../eth2spec/test/helpers/phase1/attestations.py | 4 ++-- .../eth2spec/test/helpers/phase1/shard_block.py | 4 ++-- .../eth2spec/test/helpers/voluntary_exits.py | 4 ++-- .../pyspec/eth2spec/test/sanity/test_blocks.py | 8 ++++---- 11 files changed, 35 insertions(+), 34 deletions(-) diff --git a/specs/core/0_beacon-chain.md b/specs/core/0_beacon-chain.md index 4ba4a91bf..2bd7f23b7 100644 --- a/specs/core/0_beacon-chain.md +++ b/specs/core/0_beacon-chain.md @@ -799,6 +799,9 @@ def compute_domain(domain_type: DomainType, fork_version: Version=Version()) -> ```python def compute_signing_root(ssz_object: SSZObject, domain: Domain) -> Root: + """ + Return the signing root of an object by calculating the root of the object-domain tree. + """ domain_wrapped_object = SigningRoot( object_root=hash_tree_root(ssz_object), domain=domain, @@ -959,11 +962,11 @@ def get_total_active_balance(state: BeaconState) -> Gwei: #### `get_domain` ```python -def get_domain(state: BeaconState, domain_type: DomainType, message_epoch: Epoch=None) -> Domain: +def get_domain(state: BeaconState, domain_type: DomainType, epoch: Epoch=None) -> Domain: """ Return the signature domain (fork version concatenated with domain type) of a message. """ - epoch = get_current_epoch(state) if message_epoch is None else message_epoch + epoch = get_current_epoch(state) if epoch is None else epoch fork_version = state.fork.previous_version if epoch < state.fork.epoch else state.fork.current_version return compute_domain(domain_type, fork_version) ``` diff --git a/specs/core/1_custody-game.md b/specs/core/1_custody-game.md index 23f9f3f4d..4df9c3352 100644 --- a/specs/core/1_custody-game.md +++ b/specs/core/1_custody-game.md @@ -482,10 +482,8 @@ def process_early_derived_secret_reveal(state: BeaconState, reveal: EarlyDerived pubkeys = [revealed_validator.pubkey, masker.pubkey] domain = get_domain(state, DOMAIN_RANDAO, reveal.epoch) - messages = [compute_signing_root(message, domain) - for message in [hash_tree_root(reveal.epoch), reveal.mask]] - - assert bls.AggregateVerify(pubkeys, messages, reveal.reveal) + signing_roots = [compute_signing_root(root, domain) for root in [hash_tree_root(reveal.epoch), reveal.mask]] + assert bls.AggregateVerify(pubkeys, signing_roots, reveal.reveal) if reveal.epoch >= get_current_epoch(state) + CUSTODY_PERIOD_TO_RANDAO_PADDING: # Full slashing when the secret was revealed so early it may be a valid custody diff --git a/test_libs/pyspec/eth2spec/test/helpers/attestations.py b/test_libs/pyspec/eth2spec/test/helpers/attestations.py index 52479fd75..cb3e86320 100644 --- a/test_libs/pyspec/eth2spec/test/helpers/attestations.py +++ b/test_libs/pyspec/eth2spec/test/helpers/attestations.py @@ -97,8 +97,8 @@ def sign_attestation(spec, state, attestation): def get_attestation_signature(spec, state, attestation_data, privkey): domain = spec.get_domain(state, spec.DOMAIN_BEACON_ATTESTER, attestation_data.target.epoch) - message = spec.compute_signing_root(attestation_data, domain) - return bls.Sign(privkey, message) + signing_root = spec.compute_signing_root(attestation_data, domain) + return bls.Sign(privkey, signing_root) def fill_aggregate_attestation(spec, state, attestation, signed=False): diff --git a/test_libs/pyspec/eth2spec/test/helpers/block.py b/test_libs/pyspec/eth2spec/test/helpers/block.py index 9b2cc5d03..dda03cbf1 100644 --- a/test_libs/pyspec/eth2spec/test/helpers/block.py +++ b/test_libs/pyspec/eth2spec/test/helpers/block.py @@ -30,8 +30,8 @@ def apply_randao_reveal(spec, state, block, proposer_index=None): privkey = privkeys[proposer_index] domain = spec.get_domain(state, spec.DOMAIN_RANDAO, spec.compute_epoch_at_slot(block.slot)) - message = spec.compute_signing_root(spec.compute_epoch_at_slot(block.slot), domain) - block.body.randao_reveal = bls.Sign(privkey, message) + signing_root = spec.compute_signing_root(spec.compute_epoch_at_slot(block.slot), domain) + block.body.randao_reveal = bls.Sign(privkey, signing_root) # Fully ignore the function if BLS is off, beacon-proposer index calculation is slow. @@ -42,9 +42,9 @@ def apply_sig(spec, state, signed_block, proposer_index=None): proposer_index = get_proposer_index_maybe(spec, state, block.slot, proposer_index) privkey = privkeys[proposer_index] domain = spec.get_domain(state, spec.DOMAIN_BEACON_PROPOSER, spec.compute_epoch_at_slot(block.slot)) - message = spec.compute_signing_root(block, domain) + signing_root = spec.compute_signing_root(block, domain) - signed_block.signature = bls.Sign(privkey, message) + signed_block.signature = bls.Sign(privkey, signing_root) def sign_block(spec, state, block, proposer_index=None): diff --git a/test_libs/pyspec/eth2spec/test/helpers/block_header.py b/test_libs/pyspec/eth2spec/test/helpers/block_header.py index bb5fe692f..c1bc746cc 100644 --- a/test_libs/pyspec/eth2spec/test/helpers/block_header.py +++ b/test_libs/pyspec/eth2spec/test/helpers/block_header.py @@ -6,6 +6,6 @@ def sign_block_header(spec, state, header, privkey): state=state, domain_type=spec.DOMAIN_BEACON_PROPOSER, ) - message = spec.compute_signing_root(header, domain) - signature = bls.Sign(privkey, message) + signing_root = spec.compute_signing_root(header, domain) + signature = bls.Sign(privkey, signing_root) return spec.SignedBeaconBlockHeader(message=header, signature=signature) diff --git a/test_libs/pyspec/eth2spec/test/helpers/custody.py b/test_libs/pyspec/eth2spec/test/helpers/custody.py index f75cb9607..e00d64a17 100644 --- a/test_libs/pyspec/eth2spec/test/helpers/custody.py +++ b/test_libs/pyspec/eth2spec/test/helpers/custody.py @@ -18,13 +18,13 @@ def get_valid_early_derived_secret_reveal(spec, state, epoch=None): # Generate the secret that is being revealed domain = spec.get_domain(state, spec.DOMAIN_RANDAO, epoch) - message = spec.compute_signing_root(spec.Epoch(epoch), domain) - reveal = bls.Sign(privkeys[revealed_index], message) + signing_root = spec.compute_signing_root(spec.Epoch(epoch), domain) + reveal = bls.Sign(privkeys[revealed_index], signing_root) # Generate the mask (any random 32 bytes that don't reveal the masker's secret will do) mask = hash(reveal) # Generate masker's signature on the mask - message = spec.compute_signing_root(mask, domain) - masker_signature = bls.Sign(privkeys[masker_index], message) + signing_root = spec.compute_signing_root(mask, domain) + masker_signature = bls.Sign(privkeys[masker_index], signing_root) masked_reveal = bls.Aggregate([reveal, masker_signature]) return spec.EarlyDerivedSecretReveal( @@ -48,8 +48,8 @@ def get_valid_custody_key_reveal(spec, state, period=None): # Generate the secret that is being revealed domain = spec.get_domain(state, spec.DOMAIN_RANDAO, epoch_to_sign) - message = spec.compute_signing_root(spec.Epoch(epoch_to_sign), domain) - reveal = bls.Sign(privkeys[revealer_index], message) + signing_root = spec.compute_signing_root(spec.Epoch(epoch_to_sign), domain) + reveal = bls.Sign(privkeys[revealer_index], signing_root) return spec.CustodyKeyReveal( revealer_index=revealer_index, reveal=reveal, @@ -74,8 +74,8 @@ def get_valid_bit_challenge(spec, state, attestation, invalid_custody_bit=False) # Generate the responder key domain = spec.get_domain(state, spec.DOMAIN_RANDAO, epoch) - message = spec.compute_signing_root(spec.compute_signing_root, domain) - responder_key = bls.Sign(privkeys[responder_index], message) + signing_root = spec.compute_signing_root(spec.Epoch(epoch), domain) + responder_key = bls.Sign(privkeys[responder_index], signing_root) chunk_count = spec.get_custody_chunk_count(attestation.data.crosslink) diff --git a/test_libs/pyspec/eth2spec/test/helpers/deposits.py b/test_libs/pyspec/eth2spec/test/helpers/deposits.py index 720704576..337ad7d82 100644 --- a/test_libs/pyspec/eth2spec/test/helpers/deposits.py +++ b/test_libs/pyspec/eth2spec/test/helpers/deposits.py @@ -30,8 +30,8 @@ def sign_deposit_data(spec, deposit_data, privkey, state=None): pubkey=deposit_data.pubkey, withdrawal_credentials=deposit_data.withdrawal_credentials, amount=deposit_data.amount) - message = spec.compute_signing_root(deposit_message, domain) - deposit_data.signature = bls.Sign(privkey, message) + signing_root = spec.compute_signing_root(deposit_message, domain) + deposit_data.signature = bls.Sign(privkey, signing_root) def build_deposit(spec, diff --git a/test_libs/pyspec/eth2spec/test/helpers/phase1/attestations.py b/test_libs/pyspec/eth2spec/test/helpers/phase1/attestations.py index 7947ba811..622183fe9 100644 --- a/test_libs/pyspec/eth2spec/test/helpers/phase1/attestations.py +++ b/test_libs/pyspec/eth2spec/test/helpers/phase1/attestations.py @@ -26,5 +26,5 @@ def sign_shard_attestation(spec, beacon_state, shard_state, block, participants) def get_attestation_signature(spec, beacon_state, shard_state, message_hash, block_epoch, privkey): domain = spec.get_domain(beacon_state, spec.DOMAIN_SHARD_ATTESTER, block_epoch) - message = spec.compute_signing_root(message_hash, domain) - return bls.Sign(privkey, message) + signing_root = spec.compute_signing_root(message_hash, domain) + return bls.Sign(privkey, signing_root) diff --git a/test_libs/pyspec/eth2spec/test/helpers/phase1/shard_block.py b/test_libs/pyspec/eth2spec/test/helpers/phase1/shard_block.py index a72a50649..6e1fba8dc 100644 --- a/test_libs/pyspec/eth2spec/test/helpers/phase1/shard_block.py +++ b/test_libs/pyspec/eth2spec/test/helpers/phase1/shard_block.py @@ -19,8 +19,8 @@ def sign_shard_block(spec, beacon_state, shard_state, block, proposer_index=None privkey = privkeys[proposer_index] domain = spec.get_domain(beacon_state, spec.DOMAIN_SHARD_PROPOSER, spec.compute_epoch_of_shard_slot(block.slot)) - message = spec.compute_signing_root(block, domain) - block.signature = bls.Sign(privkey, message) + signing_root = spec.compute_signing_root(block, domain) + block.signature = bls.Sign(privkey, signing_root) def build_empty_shard_block(spec, diff --git a/test_libs/pyspec/eth2spec/test/helpers/voluntary_exits.py b/test_libs/pyspec/eth2spec/test/helpers/voluntary_exits.py index f186f1533..55310ef7d 100644 --- a/test_libs/pyspec/eth2spec/test/helpers/voluntary_exits.py +++ b/test_libs/pyspec/eth2spec/test/helpers/voluntary_exits.py @@ -3,8 +3,8 @@ from eth2spec.utils import bls def sign_voluntary_exit(spec, state, voluntary_exit, privkey): domain = spec.get_domain(state, spec.DOMAIN_VOLUNTARY_EXIT, voluntary_exit.epoch) - message = spec.compute_signing_root(voluntary_exit, domain) + signing_root = spec.compute_signing_root(voluntary_exit, domain) return spec.SignedVoluntaryExit( message=voluntary_exit, - signature=bls.Sign(privkey, message) + signature=bls.Sign(privkey, signing_root) ) diff --git a/test_libs/pyspec/eth2spec/test/sanity/test_blocks.py b/test_libs/pyspec/eth2spec/test/sanity/test_blocks.py index ae02d8c1a..b386d36b4 100644 --- a/test_libs/pyspec/eth2spec/test/sanity/test_blocks.py +++ b/test_libs/pyspec/eth2spec/test/sanity/test_blocks.py @@ -108,10 +108,10 @@ def test_invalid_block_sig(spec, state): block = build_empty_block_for_next_slot(spec, state) domain = spec.get_domain(state, spec.DOMAIN_BEACON_PROPOSER, spec.compute_epoch_at_slot(block.slot)) - message = spec.compute_signing_root(block, domain) + signing_root = spec.compute_signing_root(block, domain) invalid_signed_block = spec.SignedBeaconBlock( message=block, - signature=bls.Sign(123456, message) + signature=bls.Sign(123456, signing_root) ) expect_assertion_error(lambda: spec.state_transition(state, invalid_signed_block)) @@ -417,10 +417,10 @@ def test_voluntary_exit(spec, state): validator_index=validator_index, ) domain = spec.get_domain(state, spec.DOMAIN_VOLUNTARY_EXIT) - message = spec.compute_signing_root(voluntary_exit, domain) + signing_root = spec.compute_signing_root(voluntary_exit, domain) signed_voluntary_exit = spec.SignedVoluntaryExit( message=voluntary_exit, - signature=bls.Sign(privkeys[validator_index], message) + signature=bls.Sign(privkeys[validator_index], signing_root) ) # Add to state via block transition From 12ea891ce5b6716918e9c65afffcd3e92f427bfb Mon Sep 17 00:00:00 2001 From: Carl Beekhuizen Date: Tue, 7 Jan 2020 20:52:20 +0100 Subject: [PATCH 44/46] `py_ecc` 2.0.0 baby! --- specs/core/0_beacon-chain.md | 1 + specs/core/1_custody-game.md | 2 +- .../pyspec/eth2spec/test/helpers/keys.py | 4 ++-- test_libs/pyspec/eth2spec/utils/bls.py | 20 +++++++++---------- test_libs/pyspec/requirements.txt | 2 +- 5 files changed, 15 insertions(+), 14 deletions(-) diff --git a/specs/core/0_beacon-chain.md b/specs/core/0_beacon-chain.md index 2bd7f23b7..afa1ea657 100644 --- a/specs/core/0_beacon-chain.md +++ b/specs/core/0_beacon-chain.md @@ -590,6 +590,7 @@ Eth2 makes use of BLS signatures as specified in the [IETF draft BLS specificati - `def Verify(PK: BLSPubkey, message: Bytes, signature: BLSSignature) -> bool` - `def Aggregate(signatures: Sequence[BLSSignature]) -> BLSSignature` - `def FastAggregateVerify(PKs: Sequence[BLSSignature], message: Bytes, signature: BLSSignature) -> bool` +- `def AggregateVerify(pairs: Sequence[PK: BLSSignature, message: Bytes], signature: BLSSignature) -> bool` Within these specifications, BLS signatures are treated as a module for notational clarity, thus to verify a signature `bls.Verify(...)` is used. diff --git a/specs/core/1_custody-game.md b/specs/core/1_custody-game.md index 4df9c3352..fdaf9af42 100644 --- a/specs/core/1_custody-game.md +++ b/specs/core/1_custody-game.md @@ -483,7 +483,7 @@ def process_early_derived_secret_reveal(state: BeaconState, reveal: EarlyDerived domain = get_domain(state, DOMAIN_RANDAO, reveal.epoch) signing_roots = [compute_signing_root(root, domain) for root in [hash_tree_root(reveal.epoch), reveal.mask]] - assert bls.AggregateVerify(pubkeys, signing_roots, reveal.reveal) + assert bls.AggregateVerify(zip(pubkeys, signing_roots), reveal.reveal) if reveal.epoch >= get_current_epoch(state) + CUSTODY_PERIOD_TO_RANDAO_PADDING: # Full slashing when the secret was revealed so early it may be a valid custody diff --git a/test_libs/pyspec/eth2spec/test/helpers/keys.py b/test_libs/pyspec/eth2spec/test/helpers/keys.py index f47cd7c10..23bb95131 100644 --- a/test_libs/pyspec/eth2spec/test/helpers/keys.py +++ b/test_libs/pyspec/eth2spec/test/helpers/keys.py @@ -1,6 +1,6 @@ -from py_ecc import bls +from py_ecc.bls import G2ProofOfPossession as bls from eth2spec.phase0 import spec privkeys = [i + 1 for i in range(spec.SLOTS_PER_EPOCH * 16)] -pubkeys = [bls.privtopub(privkey) for privkey in privkeys] +pubkeys = [bls.PrivToPub(privkey) for privkey in privkeys] pubkey_to_privkey = {pubkey: privkey for privkey, pubkey in zip(privkeys, pubkeys)} diff --git a/test_libs/pyspec/eth2spec/utils/bls.py b/test_libs/pyspec/eth2spec/utils/bls.py index 3cfc6121e..83371ac62 100644 --- a/test_libs/pyspec/eth2spec/utils/bls.py +++ b/test_libs/pyspec/eth2spec/utils/bls.py @@ -1,11 +1,12 @@ -from py_ecc import bls +from py_ecc.bls import G2ProofOfPossession as bls +from py_ecc.bls.g2_primatives import signature_to_G2 as _signature_to_G2 # Flag to make BLS active or not. Used for testing, do not ignore BLS in production unless you know what you are doing. bls_active = True STUB_SIGNATURE = b'\x11' * 96 STUB_PUBKEY = b'\x22' * 48 -STUB_COORDINATES = bls.api.signature_to_G2(bls.sign(b"", 0, b"\0" * 8)) +STUB_COORDINATES = _signature_to_G2(bls.Sign(0, b"")) def only_with_bls(alt_return=None): @@ -24,30 +25,29 @@ def only_with_bls(alt_return=None): @only_with_bls(alt_return=True) def Verify(PK, message, signature): - return bls.verify(message_hash=message, pubkey=PK, signature=signature, domain=b'') + return bls.Verify(PK, message, signature) @only_with_bls(alt_return=True) -def AggregateVerify(PKs, messages, signature): - return bls.verify_multiple(pubkeys=PKs, message_hashes=messages, signature=signature, domain=b'') +def AggregateVerify(pairs, signature): + return bls.AggregateVerify(pairs, signature) @only_with_bls(alt_return=True) def FastAggregateVerify(PKs, message, signature): - aggregate_pubkey = bls.aggregate_pubkeys(PKs) - return bls.verify(pubkey=aggregate_pubkey, message_hash=message, signature=signature, domain=b'') + return bls.FastAggregateVerify(PKs, message, signature) @only_with_bls(alt_return=STUB_SIGNATURE) def Aggregate(signatures): - return bls.aggregate_signatures(signatures) + return bls.Aggregate(signatures) @only_with_bls(alt_return=STUB_SIGNATURE) def Sign(SK, message): - return bls.sign(message_hash=message, privkey=SK, domain=b'') + return bls.Sign(SK, message) @only_with_bls(alt_return=STUB_COORDINATES) def signature_to_G2(signature): - return bls.api.signature_to_G2(signature) + return _signature_to_G2(signature) diff --git a/test_libs/pyspec/requirements.txt b/test_libs/pyspec/requirements.txt index 8dfbccf66..60acb5d35 100644 --- a/test_libs/pyspec/requirements.txt +++ b/test_libs/pyspec/requirements.txt @@ -1,6 +1,6 @@ eth-utils>=1.3.0,<2 eth-typing>=2.1.0,<3.0.0 pycryptodome==3.9.4 -py_ecc==1.7.1 +py_ecc==2.0.0 dataclasses==0.6 ssz==0.1.3 From 1f70d3eb975334e1c3ea6dd9ad552172064462a6 Mon Sep 17 00:00:00 2001 From: Danny Ryan Date: Tue, 7 Jan 2020 15:12:24 -0700 Subject: [PATCH 45/46] add additional upgrade to py_ecc 2.0.0 to packages --- test_generators/bls/requirements.txt | 2 +- test_libs/pyspec/setup.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/test_generators/bls/requirements.txt b/test_generators/bls/requirements.txt index 84a28d357..8a72affe0 100644 --- a/test_generators/bls/requirements.txt +++ b/test_generators/bls/requirements.txt @@ -1,3 +1,3 @@ -py_ecc==1.7.1 +py_ecc==2.0.0 eth-utils==1.6.0 ../../test_libs/gen_helpers diff --git a/test_libs/pyspec/setup.py b/test_libs/pyspec/setup.py index d41412eb8..5be0db7f8 100644 --- a/test_libs/pyspec/setup.py +++ b/test_libs/pyspec/setup.py @@ -8,7 +8,7 @@ setup( "eth-utils>=1.3.0,<2", "eth-typing>=2.1.0,<3.0.0", "pycryptodome==3.9.4", - "py_ecc==1.7.1", + "py_ecc==2.0.0", "ssz==0.1.3", "dataclasses==0.6", ] From 19ca7af5ed65896c4fe3f6effadca0f176cb00cf Mon Sep 17 00:00:00 2001 From: Danny Ryan Date: Tue, 7 Jan 2020 15:15:51 -0700 Subject: [PATCH 46/46] bump circleci cache versions --- .circleci/config.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 26b259738..f3870d922 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -35,26 +35,26 @@ commands: description: "Restore the cache with pyspec keys" steps: - restore_cached_venv: - venv_name: v4-pyspec + venv_name: v5-pyspec reqs_checksum: cache-{{ checksum "test_libs/pyspec/requirements.txt" }}-{{ checksum "test_libs/pyspec/requirements-testing.txt" }} save_pyspec_cached_venv: description: Save a venv into a cache with pyspec keys" steps: - save_cached_venv: - venv_name: v4-pyspec + venv_name: v5-pyspec reqs_checksum: cache-{{ checksum "test_libs/pyspec/requirements.txt" }}-{{ checksum "test_libs/pyspec/requirements-testing.txt" }} venv_path: ./test_libs/pyspec/venv restore_deposit_contract_cached_venv: description: "Restore the cache with deposit_contract keys" steps: - restore_cached_venv: - venv_name: v7-deposit-contract + venv_name: v8-deposit-contract reqs_checksum: cache-{{ checksum "test_libs/pyspec/requirements.txt" }}-{{ checksum "deposit_contract/requirements-testing.txt" }} save_deposit_contract_cached_venv: description: Save a venv into a cache with deposit_contract keys" steps: - save_cached_venv: - venv_name: v7-deposit-contract + venv_name: v8-deposit-contract reqs_checksum: cache-{{ checksum "test_libs/pyspec/requirements.txt" }}-{{ checksum "deposit_contract/requirements-testing.txt" }} venv_path: ./deposit_contract/venv jobs: