* Implement tuples and a chunk-size reduction to 32 bytes (see #665 and #679)
* Simplify presentation where appropriate. For example, deserialisation is implicit from serialisation (similar to `bls_sign` being implicit from `bls_verify`) and is left as an implementation exercise.
* Dramatically reduce spec size and hopefully improve readability.
* Address the slot/epoch underflow problem, even for Java implementers! 🎉
* Squash a bug with `get_previous_epoch`
* Fix#642
* Address #626 (Vitalik, Danny, myself agree that avoiding signed integers is probably best)
* Updated phase 1: branch challenges
* Removed unnecessary line
* Added early subkey reveal slashing
* Revealing during the active period is still revealing early
* Added....
* Machinery for publishing old subkeys
* Inability to withdraw until you published all subkeys
* After a validator exits the queue there's still a minimum 1-day delay before they can withdraw (in the future this delay will be used as an opportunity to start a PoC challenge game)
* Update 1_shard-data-chains.md
* formatting
* minor edits
* Added masking scheme for reveals
Secure under the aggregate extraction infeasibility assumption described on pages 11-12 of https://crypto.stanford.edu/~dabo/pubs/papers/aggreg.pdf
* Added rewards going to challengers
* Add ToC and reorg the constant tables
* Remove tags
* fix constant formatting
* normalize domain constants in phase 1
* Update 1_shard-data-chains.md
* Update 1_shard-data-chains.md
* Update 1_shard-data-chains.md
* Added transition logic
* Fix ToC
* Fix ToC
* Adjusted for #615
* Added more helpers
* epoch -> slot
* fix some type hints
* clean up `get_attestation_merkle_depth`
This function is used to get the merkle root of some block roots which are themselves hashes, so the leaves do not need to be rehashed.
Unfortunately, it's easy to assume that a merkle_root function would hash its leaves, so it should be clarified.
If this is accepted, then we can replace all uses of signing in the protocol, which are currently done in a relatively inconsistent way (see proposer signatures, attester signatures, shard proposer signatures, exit message signatures.....) could be unified.
* Bring forward changes to withdrawability from phase 1
* The `WITHDRAWABLE` flag is removed; instead, a validator's withdrawability is determined through the `withdrawable_epoch` field (renamed and re-purposed from `withdrawal_epoch` which was not used)
* When a validator passes through the withdrawal queue, the `prepare_validator_for_withdrawal` function does not let them withdraw immediately; instead, they have to wait `MIN_VALIDATOR_WITHDRAWAL_EPOCHS`. This extra minimum delay serves no value in phase 0, but is crucial for phase 1 as the period between a validator passing through the queue and the validator being eligible to withdraw is where proof of custody challenges can come in; adding it in phase 0 is only half a line of code so easier to add it now.
* If a validator is penalized, they are no longer subject to the exit queue; instead, their `withdrawable_epoch` is set `LATEST_PENALIZED_EXIT_LENGTH` into the future and this is used to determine when the validator can withdraw
* Changes the eligibility condition for a transfer to use the `withdrawable_epoch`
1. Use `+` to concatenate the merkle roots in `hash` function.
2. Fix `pad_to_power_of_2`: padding with `[b'\x00' * SHARD_BLOCK_SIZE]`,
not `[SHARD_BLOCK_SIZE]`.
Reasons to use `merkle_hash` instead of `hash` for containers:
1) **Smaller witnesses**: `BeaconState` is a somewhat wide container (26 fields as of now, likely 30+ in phase 2). With concatenation and plain concatenation the size of the Merkle witnesses for the top level are ~32 bytes per field element.
2) **Faster incremental hashing**
3) **Consistency**: Consistent with `merkle_hash` for lists/vectors.