mirror of
https://github.com/status-im/eth2.0-specs.git
synced 2025-01-12 19:54:34 +00:00
5.9 KiB
5.9 KiB
Ethereum 2.0 Phase 1 -- Shard Transition and Fraud Proofs
Notice: This document is a work-in-progress for researchers and implementers.
Table of contents
Table of Contents generated with DocToc
Introduction
This document describes the shard transition function and fraud proofs as part of Phase 1 of Ethereum 2.0.
Helper functions
Misc
def compute_shard_transition_digest(beacon_state: BeaconState,
shard_state: ShardState,
beacon_parent_root: Root,
shard_body_root: Root) -> Bytes32:
# TODO: use SSZ hash tree root
return hash(
hash_tree_root(shard_state) + beacon_parent_root + shard_body_root
)
Shard block verification functions
def verify_shard_block_message(beacon_state: BeaconState,
shard_state: ShardState,
block: ShardBlock,
slot: Slot,
shard: Shard) -> bool:
assert block.shard_parent_root == shard_state.latest_block_root
assert block.slot == slot
assert block.shard == shard
assert block.proposer_index == get_shard_proposer_index(beacon_state, slot, shard)
assert 0 < len(block.body) <= MAX_SHARD_BLOCK_SIZE
return True
def verify_shard_block_signature(beacon_state: BeaconState,
signed_block: SignedShardBlock) -> bool:
proposer = beacon_state.validators[signed_block.message.proposer_index]
domain = get_domain(beacon_state, DOMAIN_SHARD_PROPOSAL, compute_epoch_at_slot(signed_block.message.slot))
signing_root = compute_signing_root(signed_block.message, domain)
return bls.Verify(proposer.pubkey, signing_root, signed_block.signature)
Shard state transition
def shard_state_transition(beacon_state: BeaconState,
shard_state: ShardState,
block: ShardBlock) -> None:
"""
Update ``shard_state`` with shard ``block`` and ``beacon_state`.
"""
shard_state.slot = block.slot
prev_gasprice = shard_state.gasprice
shard_state.gasprice = compute_updated_gasprice(prev_gasprice, len(block.body))
if len(block.body) == 0:
latest_block_root = shard_state.latest_block_root
else:
latest_block_root = hash_tree_root(block)
shard_state.latest_block_root = latest_block_root
shard_state.transition_digest = compute_shard_transition_digest(
beacon_state,
shard_state,
block.beacon_parent_root,
hash_tree_root(block.body),
)
We have a pure function get_post_shard_state
for describing the fraud proof verification and honest validator behavior.
def get_post_shard_state(beacon_state: BeaconState,
shard_state: ShardState,
block: ShardBlock) -> ShardState:
"""
A pure function that returns a new post ShardState instead of modifying the given `shard_state`.
"""
post_state = shard_state.copy()
shard_state_transition(beacon_state, post_state, block)
return post_state
Fraud proofs
Verifying the proof
TODO. The intent is to have a single universal fraud proof type, which contains the following parts:
- An on-time attestation
attestation
on some shardshard
signing atransition: ShardTransition
- An index
offset_index
of a particular position to focus on - The
transition: ShardTransition
itself - The full body of the shard block
shard_block
- A Merkle proof to the
shard_states
in the parent block the attestation is referencing - The
subkey
to generate the custody bit
Call the following function to verify the proof:
def is_valid_fraud_proof(beacon_state: BeaconState,
attestation: Attestation,
offset_index: uint64,
transition: ShardTransition,
block: ShardBlock,
subkey: BLSPubkey,
beacon_parent_block: BeaconBlock) -> bool:
# 1. Check if `custody_bits[offset_index][j] != generate_custody_bit(subkey, block_contents)` for any `j`.
custody_bits = attestation.custody_bits_blocks
for j in range(len(custody_bits[offset_index])):
if custody_bits[offset_index][j] != generate_custody_bit(subkey, block):
return True
# 2. Check if the shard state transition result is wrong between
# `transition.shard_states[offset_index - 1]` to `transition.shard_states[offset_index]`.
if offset_index == 0:
shard = get_shard(beacon_state, attestation)
shard_states = beacon_parent_block.body.shard_transitions[shard].shard_states
shard_state = shard_states[len(shard_states) - 1]
else:
shard_state = transition.shard_states[offset_index - 1] # Not doing the actual state updates here.
shard_state = get_post_shard_state(beacon_state, shard_state, block)
if shard_state.transition_digest != transition.shard_states[offset_index].transition_digest:
return True
return False
def generate_custody_bit(subkey: BLSPubkey, block: ShardBlock) -> bool:
# TODO
...