11 KiB
11 KiB
Table of Contents generated with DocToc
Ethereum 2.0 Phase 1 -- Shard Transition and Fraud Proofs
Notice: This document is a work-in-progress for researchers and implementers.
Table of contents
TODO
Introduction
This document describes the shard transition function and fraud proofs as part of Phase 1 of Ethereum 2.0.
Fraud proofs
Shard state transition function
def shard_state_transition(beacon_state: BeaconState,
shard: Shard,
slot: Slot,
shard_state: ShardState,
beacon_parent_root: Root,
signed_block: SignedShardBlock) -> None:
# Update shard state
shard_state.data = hash(
hash_tree_root(shard_state) + hash_tree_root(beacon_parent_root) + hash_tree_root(signed_block.message.body)
)
shard_state.slot = slot
shard_state.latest_block_root = hash_tree_root(signed_block.message)
def verify_shard_block_signature(beacon_state: BeaconState,
signed_block: SignedShardBlock) -> bool:
proposer = beacon_state.validators[signed_block.message.proposer_index]
domain = get_domain(beacon_state, DOMAIN_SHARD_PROPOSAL, compute_epoch_at_slot(signed_block.message.slot))
signing_root = compute_signing_root(signed_block.message, domain)
return bls.Verify(proposer.pubkey, signing_root, signed_block.signature)
Verifying the proof
TODO. The intent is to have a single universal fraud proof type, which contains the following parts:
- An on-time attestation
attestationon some shardshardsigning atransition: ShardTransition - An index
offset_indexof a particular position to focus on - The
transition: ShardTransitionitself - The full body of the shard block
shard_block - A Merkle proof to the
shard_statesin the parent block the attestation is referencing
Call the following function to verify the proof:
def verify_fraud_proof(beacon_state: BeaconState,
attestation: Attestation,
offset_index: uint64,
transition: ShardTransition,
signed_block: SignedShardBlock,
subkey: BLSPubkey,
beacon_parent_block: BeaconBlock) -> bool:
# 1. Check if `custody_bits[offset_index][j] != generate_custody_bit(subkey, block_contents)` for any `j`.
shard = get_shard(beacon_state, attestation)
slot = attestation.data.slot
custody_bits = attestation.custody_bits_blocks
for j in range(custody_bits[offset_index]):
if custody_bits[offset_index][j] != generate_custody_bit(subkey, signed_block):
return True
# 2. Check if the shard state transition result is wrong between
# `transition.shard_states[offset_index - 1]` to `transition.shard_states[offset_index]`.
if offset_index == 0:
shard_state = beacon_parent_block.shard_transitions[shard].shard_states[-1]
else:
shard_state = transition.shard_states[offset_index - 1].copy() # Not doing the actual state updates here.
shard_state_transition(
beacon_state=beacon_state,
shard=shard,
slot=slot,
shard_state=shard_state,
beacon_parent_root=hash_tree_root(beacon_parent_block),
signed_block=signed_block,
)
if shard_state.latest_block_root != transition.shard_states[offset_index].data:
return True
return False
def generate_custody_bit(subkey: BLSPubkey, block: ShardBlock) -> bool:
# TODO
...
Honest committee member behavior
Helper functions
def get_winning_proposal(beacon_state: BeaconState, proposals: Sequence[SignedShardBlock]) -> SignedShardBlock:
# TODO: Let `winning_proposal` be the proposal with the largest number of total attestations from slots in
# `state.shard_next_slots[shard]....slot-1` supporting it or any of its descendants, breaking ties by choosing
# the first proposal locally seen. Do `proposals.append(winning_proposal)`.
return proposals[-1] # stub
def get_empty_body_block(shard_parent_root: Root,
beacon_parent_root: Root,
slot: Slot,
proposer_index: ValidatorIndex) -> ShardBlock:
return ShardBlock(
shard_parent_root=shard_parent_root,
beacon_parent_root=beacon_parent_root,
slot=slot,
proposer_index=proposer_index,
)
def is_empty_body(proposal: ShardBlock) -> bool:
# TODO
return len(proposal.body) == 0
def compute_shard_data_roots(proposals: Sequence[SignedShardBlock]) -> Sequence[Root]:
return [hash_tree_root(proposal.message.body) for proposal in proposals]
def get_proposal_choices_at_slot(beacon_state: BeaconState,
shard_state: ShardState,
slot: Slot,
shard: Shard,
shard_blocks: Sequence[SignedShardBlock],
validate_result: bool=True) -> Sequence[SignedShardBlock]:
choices = []
beacon_parent_root = get_block_root_at_slot(beacon_state, get_previous_slot(beacon_state.slot))
proposer_index = get_shard_proposer_index(beacon_state, slot, shard)
shard_blocks_at_slot = [block for block in shard_blocks if block.message.slot == slot]
for block in shard_blocks_at_slot:
temp_shard_state = shard_state.copy() # Not doing the actual state updates here.
# Try to apply state transition to temp_shard_state.
try:
# Verify the proposer_index and signature
assert block.message.proposer_index == proposer_index
if validate_result:
assert verify_shard_block_signature(beacon_state, block)
shard_state_transition(
beacon_state=beacon_state,
shard=shard,
slot=slot,
shard_state=temp_shard_state,
beacon_parent_root=beacon_parent_root,
signed_block=block,
)
except Exception:
pass # TODO: throw error in the test helper
else:
choices.append(block)
return choices
def get_proposal_at_slot(beacon_state: BeaconState,
shard_state: ShardState,
slot: Shard,
shard: Shard,
shard_parent_root: Root,
shard_blocks: Sequence[SignedShardBlock],
validate_result: bool=True) -> Tuple[SignedShardBlock, ShardState, Root]:
beacon_parent_root = get_block_root_at_slot(beacon_state, get_previous_slot(beacon_state.slot))
proposer_index = get_shard_proposer_index(beacon_state, slot, shard)
shard_state = shard_state.copy() # Don't update the given shard_state
choices = get_proposal_choices_at_slot(
beacon_state=beacon_state,
shard_state=shard_state,
slot=slot,
shard=shard,
shard_blocks=shard_blocks,
validate_result=validate_result,
)
if len(choices) == 0:
block_header = get_empty_body_block(
shard_parent_root=shard_parent_root,
beacon_parent_root=beacon_parent_root,
slot=slot,
proposer_index=proposer_index,
)
proposal = SignedShardBlock(message=block_header)
elif len(choices) == 1:
proposal = choices[0]
else:
proposal = get_winning_proposal(beacon_state, choices)
shard_parent_root = hash_tree_root(proposal.message)
if not is_empty_body(proposal.message):
# Apply state transition to shard_state.
shard_state_transition(
beacon_state=beacon_state,
shard=shard,
slot=slot,
shard_state=shard_state,
beacon_parent_root=beacon_parent_root,
signed_block=proposal,
)
return proposal, shard_state, shard_parent_root
def get_shard_state_transition_result(
beacon_state: BeaconState,
shard: Shard,
shard_blocks: Sequence[SignedShardBlock],
validate_result: bool=True,
) -> Tuple[Sequence[SignedShardBlock], Sequence[ShardState], Sequence[Root]]:
proposals = []
shard_states = []
shard_state = beacon_state.shard_states[shard].copy()
shard_parent_root = beacon_state.shard_states[shard].latest_block_root
for slot in get_offset_slots(beacon_state, shard):
proposal, shard_state, shard_parent_root = get_proposal_at_slot(
beacon_state=beacon_state,
shard_state=shard_state,
slot=slot,
shard=shard,
shard_parent_root=shard_parent_root,
shard_blocks=shard_blocks,
validate_result=validate_result,
)
shard_states.append(shard_state)
proposals.append(proposal)
shard_data_roots = compute_shard_data_roots(proposals)
return proposals, shard_states, shard_data_roots
Make attestations
Suppose you are a committee member on shard shard at slot current_slot and you have received shard blocks shard_blocks since the latest successful crosslink for shard into the beacon chain. Let state be the head beacon state you are building on, and let QUARTER_PERIOD = SECONDS_PER_SLOT // 4. 2 * QUARTER_PERIOD seconds into slot current_slot, run get_shard_transition(beacon_state, shard, shard_blocks) to get shard_transition.
def get_shard_transition(beacon_state: BeaconState,
shard: Shard,
shard_blocks: Sequence[SignedShardBlock]) -> ShardTransition:
offset_slots = get_offset_slots(beacon_state, shard)
start_slot = offset_slots[0]
proposals, shard_states, shard_data_roots = get_shard_state_transition_result(beacon_state, shard, shard_blocks)
assert len(proposals) > 0
assert len(shard_data_roots) > 0
shard_block_lengths = []
proposer_signatures = []
for proposal in proposals:
shard_block_lengths.append(len(proposal.message.body))
if proposal.signature != BLSSignature():
proposer_signatures.append(proposal.signature)
proposer_signature_aggregate = bls.Aggregate(proposer_signatures)
return ShardTransition(
start_slot=start_slot,
shard_block_lengths=shard_block_lengths,
shard_data_roots=shard_data_roots,
shard_states=shard_states,
proposer_signature_aggregate=proposer_signature_aggregate,
)