27 KiB
EIP-7732 -- The Beacon Chain
Table of contents
- Introduction
- Constants
- Preset
- Containers
- Helper functions
- Beacon chain state transition function
Introduction
This is the beacon chain specification of the enshrined proposer builder separation feature.
Note: This specification is built upon Electra and is under active development.
This feature adds new staked consensus participants called Builders and new honest validators duties called payload timeliness attestations. The slot is divided in four intervals. Honest validators gather signed bids (a SignedExecutionPayloadHeader
) from builders and submit their consensus blocks (a SignedBeaconBlock
) including these bids at the beginning of the slot. At the start of the second interval, honest validators submit attestations just as they do previous to this feature). At the start of the third interval, aggregators aggregate these attestations and the builder broadcasts either a full payload or a message indicating that they are withholding the payload (a SignedExecutionPayloadEnvelope
). At the start of the fourth interval, some validators selected to be members of the new Payload Timeliness Committee (PTC) attest to the presence and timeliness of the builder's payload.
At any given slot, the status of the blockchain's head may be either
- A block from a previous slot (e.g. the current slot's proposer did not submit its block).
- An empty block from the current slot (e.g. the proposer submitted a timely block, but the builder did not reveal the payload on time).
- A full block for the current slot (both the proposer and the builder revealed on time).
Constants
Payload status
Name | Value |
---|---|
PAYLOAD_ABSENT |
uint8(0) |
PAYLOAD_PRESENT |
uint8(1) |
PAYLOAD_WITHHELD |
uint8(2) |
PAYLOAD_INVALID_STATUS |
uint8(3) |
Preset
Misc
Name | Value |
---|---|
PTC_SIZE |
uint64(2**9) (=512) # (New in EIP-7732) |
Domain types
Name | Value |
---|---|
DOMAIN_BEACON_BUILDER |
DomainType('0x1B000000') # (New in EIP-7732) |
DOMAIN_PTC_ATTESTER |
DomainType('0x0C000000') # (New in EIP-7732) |
Max operations per block
Name | Value |
---|---|
MAX_PAYLOAD_ATTESTATIONS |
2**2 (= 4) # (New in EIP-7732) |
Containers
New containers
PayloadAttestationData
class PayloadAttestationData(Container):
beacon_block_root: Root
slot: Slot
payload_status: uint8
PayloadAttestation
class PayloadAttestation(Container):
aggregation_bits: Bitvector[PTC_SIZE]
data: PayloadAttestationData
signature: BLSSignature
PayloadAttestationMessage
class PayloadAttestationMessage(Container):
validator_index: ValidatorIndex
data: PayloadAttestationData
signature: BLSSignature
IndexedPayloadAttestation
class IndexedPayloadAttestation(Container):
attesting_indices: List[ValidatorIndex, PTC_SIZE]
data: PayloadAttestationData
signature: BLSSignature
SignedExecutionPayloadHeader
class SignedExecutionPayloadHeader(Container):
message: ExecutionPayloadHeader
signature: BLSSignature
ExecutionPayloadEnvelope
class ExecutionPayloadEnvelope(Container):
payload: ExecutionPayload
builder_index: ValidatorIndex
beacon_block_root: Root
blob_kzg_commitments: List[KZGCommitment, MAX_BLOB_COMMITMENTS_PER_BLOCK]
payload_withheld: boolean
state_root: Root
SignedExecutionPayloadEnvelope
class SignedExecutionPayloadEnvelope(Container):
message: ExecutionPayloadEnvelope
signature: BLSSignature
Modified containers
BeaconBlockBody
Note: The Beacon Block body is modified to contain a Signed ExecutionPayloadHeader
. The containers BeaconBlock
and SignedBeaconBlock
are modified indirectly.
class BeaconBlockBody(Container):
randao_reveal: BLSSignature
eth1_data: Eth1Data # Eth1 data vote
graffiti: Bytes32 # Arbitrary data
# Operations
proposer_slashings: List[ProposerSlashing, MAX_PROPOSER_SLASHINGS]
attester_slashings: List[AttesterSlashing, MAX_ATTESTER_SLASHINGS]
attestations: List[Attestation, MAX_ATTESTATIONS]
deposits: List[Deposit, MAX_DEPOSITS]
voluntary_exits: List[SignedVoluntaryExit, MAX_VOLUNTARY_EXITS]
sync_aggregate: SyncAggregate
# Execution
# Removed execution_payload [Removed in EIP-7732]
# Removed blob_kzg_commitments [Removed in EIP-7732]
bls_to_execution_changes: List[SignedBLSToExecutionChange, MAX_BLS_TO_EXECUTION_CHANGES]
# PBS
signed_execution_payload_header: SignedExecutionPayloadHeader # [New in EIP-7732]
payload_attestations: List[PayloadAttestation, MAX_PAYLOAD_ATTESTATIONS] # [New in EIP-7732]
ExecutionPayloadHeader
Note: The ExecutionPayloadHeader
is modified to only contain the block hash of the committed ExecutionPayload
in addition to the builder's payment information, gas limit and KZG commitments root to verify the inclusion proofs.
class ExecutionPayloadHeader(Container):
parent_block_hash: Hash32
parent_block_root: Root
block_hash: Hash32
gas_limit: uint64
builder_index: ValidatorIndex
slot: Slot
value: Gwei
blob_kzg_commitments_root: Root
BeaconState
Note: The BeaconState
is modified to track the last withdrawals honored in the CL. The latest_execution_payload_header
is modified semantically to refer not to a past committed ExecutionPayload
but instead it corresponds to the state's slot builder's bid. Another addition is to track the last committed block hash and the last slot that was full, that is in which there were both consensus and execution blocks included.
class BeaconState(Container):
# Versioning
genesis_time: uint64
genesis_validators_root: Root
slot: Slot
fork: Fork
# History
latest_block_header: BeaconBlockHeader
block_roots: Vector[Root, SLOTS_PER_HISTORICAL_ROOT]
state_roots: Vector[Root, SLOTS_PER_HISTORICAL_ROOT]
historical_roots: List[Root, HISTORICAL_ROOTS_LIMIT] # Frozen in Capella, replaced by historical_summaries
# Eth1
eth1_data: Eth1Data
eth1_data_votes: List[Eth1Data, EPOCHS_PER_ETH1_VOTING_PERIOD * SLOTS_PER_EPOCH]
eth1_deposit_index: uint64
# Registry
validators: List[Validator, VALIDATOR_REGISTRY_LIMIT]
balances: List[Gwei, VALIDATOR_REGISTRY_LIMIT]
# Randomness
randao_mixes: Vector[Bytes32, EPOCHS_PER_HISTORICAL_VECTOR]
# Slashings
slashings: Vector[Gwei, EPOCHS_PER_SLASHINGS_VECTOR] # Per-epoch sums of slashed effective balances
# Participation
previous_epoch_participation: List[ParticipationFlags, VALIDATOR_REGISTRY_LIMIT]
current_epoch_participation: List[ParticipationFlags, VALIDATOR_REGISTRY_LIMIT]
# Finality
justification_bits: Bitvector[JUSTIFICATION_BITS_LENGTH] # Bit set for every recent justified epoch
previous_justified_checkpoint: Checkpoint
current_justified_checkpoint: Checkpoint
finalized_checkpoint: Checkpoint
# Inactivity
inactivity_scores: List[uint64, VALIDATOR_REGISTRY_LIMIT]
# Sync
current_sync_committee: SyncCommittee
next_sync_committee: SyncCommittee
# Execution
latest_execution_payload_header: ExecutionPayloadHeader
# Withdrawals
next_withdrawal_index: WithdrawalIndex
next_withdrawal_validator_index: ValidatorIndex
# Deep history valid from Capella onwards
historical_summaries: List[HistoricalSummary, HISTORICAL_ROOTS_LIMIT]
deposit_requests_start_index: uint64
deposit_balance_to_consume: Gwei
exit_balance_to_consume: Gwei
earliest_exit_epoch: Epoch
consolidation_balance_to_consume: Gwei
earliest_consolidation_epoch: Epoch
pending_balance_deposits: List[PendingBalanceDeposit, PENDING_BALANCE_DEPOSITS_LIMIT]
pending_partial_withdrawals: List[PendingPartialWithdrawal, PENDING_PARTIAL_WITHDRAWALS_LIMIT]
pending_consolidations: List[PendingConsolidation, PENDING_CONSOLIDATIONS_LIMIT]
# PBS
latest_block_hash: Hash32 # [New in EIP-7732]
latest_full_slot: Slot # [New in EIP-7732]
latest_withdrawals_root: Root # [New in EIP-7732]
Helper functions
Math
bit_floor
def bit_floor(n: uint64) -> uint64:
"""
if ``n`` is not zero, returns the largest power of `2` that is not greater than `n`.
"""
if n == 0:
return 0
return uint64(1) << (n.bit_length() - 1)
Misc
remove_flag
def remove_flag(flags: ParticipationFlags, flag_index: int) -> ParticipationFlags:
flag = ParticipationFlags(2**flag_index)
return flags & ~flag
Predicates
is_valid_indexed_payload_attestation
def is_valid_indexed_payload_attestation(
state: BeaconState,
indexed_payload_attestation: IndexedPayloadAttestation) -> bool:
"""
Check if ``indexed_payload_attestation`` is not empty, has sorted and unique indices and has
a valid aggregate signature.
"""
# Verify the data is valid
if indexed_payload_attestation.data.payload_status >= PAYLOAD_INVALID_STATUS:
return False
# Verify indices are sorted and unique
indices = indexed_payload_attestation.attesting_indices
if len(indices) == 0 or not indices == sorted(set(indices)):
return False
# Verify aggregate signature
pubkeys = [state.validators[i].pubkey for i in indices]
domain = get_domain(state, DOMAIN_PTC_ATTESTER, None)
signing_root = compute_signing_root(indexed_payload_attestation.data, domain)
return bls.FastAggregateVerify(pubkeys, signing_root, indexed_payload_attestation.signature)
is_parent_block_full
This function returns true if the last committed payload header was fulfilled with a payload, this can only happen when both beacon block and payload were present. This function must be called on a beacon state before processing the execution payload header in the block.
def is_parent_block_full(state: BeaconState) -> bool:
return state.latest_execution_payload_header.block_hash == state.latest_block_hash
Beacon State accessors
get_ptc
def get_ptc(state: BeaconState, slot: Slot) -> Vector[ValidatorIndex, PTC_SIZE]:
"""
Get the payload timeliness committee for the given ``slot``
"""
epoch = compute_epoch_at_slot(slot)
committees_per_slot = bit_floor(min(get_committee_count_per_slot(state, epoch), PTC_SIZE))
members_per_committee = PTC_SIZE // committees_per_slot
validator_indices: List[ValidatorIndex] = []
for idx in range(committees_per_slot):
beacon_committee = get_beacon_committee(state, slot, CommitteeIndex(idx))
validator_indices += beacon_committee[:members_per_committee]
return validator_indices
Modified get_attesting_indices
get_attesting_indices
is modified to ignore PTC votes
def get_attesting_indices(state: BeaconState, attestation: Attestation) -> Set[ValidatorIndex]:
"""
Return the set of attesting indices corresponding to ``aggregation_bits`` and ``committee_bits``.
"""
output: Set[ValidatorIndex] = set()
committee_indices = get_committee_indices(attestation.committee_bits)
committee_offset = 0
for index in committee_indices:
committee = get_beacon_committee(state, attestation.data.slot, index)
committee_attesters = set(
index for i, index in enumerate(committee) if attestation.aggregation_bits[committee_offset + i])
output = output.union(committee_attesters)
committee_offset += len(committee)
if compute_epoch_at_slot(attestation.data.slot) < EIP7732_FORK_EPOCH:
return output
ptc = get_ptc(state, attestation.data.slot)
return set(i for i in output if i not in ptc)
get_payload_attesting_indices
def get_payload_attesting_indices(state: BeaconState, slot: Slot,
payload_attestation: PayloadAttestation) -> Set[ValidatorIndex]:
"""
Return the set of attesting indices corresponding to ``payload_attestation``.
"""
ptc = get_ptc(state, slot)
return set(index for i, index in enumerate(ptc) if payload_attestation.aggregation_bits[i])
get_indexed_payload_attestation
def get_indexed_payload_attestation(state: BeaconState, slot: Slot,
payload_attestation: PayloadAttestation) -> IndexedPayloadAttestation:
"""
Return the indexed payload attestation corresponding to ``payload_attestation``.
"""
attesting_indices = get_payload_attesting_indices(state, slot, payload_attestation)
return IndexedPayloadAttestation(
attesting_indices=sorted(attesting_indices),
data=payload_attestation.data,
signature=payload_attestation.signature,
)
Beacon chain state transition function
Note: state transition is fundamentally modified in EIP-7732. The full state transition is broken in two parts, first importing a signed block and then importing an execution payload.
The post-state corresponding to a pre-state state
and a signed beacon block signed_block
is defined as state_transition(state, signed_block)
. State transitions that trigger an unhandled exception (e.g. a failed assert
or an out-of-range list access) are considered invalid. State transitions that cause a uint64
overflow or underflow are also considered invalid.
The post-state corresponding to a pre-state state
and a signed execution payload envelope signed_envelope
is defined as process_execution_payload(state, signed_envelope)
. State transitions that trigger an unhandled exception (e.g. a failed assert
or an out-of-range list access) are considered invalid. State transitions that cause an uint64
overflow or underflow are also considered invalid.
Block processing
def process_block(state: BeaconState, block: BeaconBlock) -> None:
process_block_header(state, block)
process_withdrawals(state) # [Modified in EIP-7732]
process_execution_payload_header(state, block) # [Modified in EIP-7732, removed process_execution_payload]
process_randao(state, block.body)
process_eth1_data(state, block.body)
process_operations(state, block.body) # [Modified in EIP-7732]
process_sync_aggregate(state, block.body.sync_aggregate)
Withdrawals
Modified process_withdrawals
Note: This is modified to take only the state
as parameter. Withdrawals are deterministic given the beacon state, any execution payload that has the corresponding block as parent beacon block is required to honor these withdrawals in the execution layer. This function must be called before process_execution_payload_header
as this latter function affects validator balances.
def process_withdrawals(state: BeaconState) -> None:
# return early if the parent block was empty
if not is_parent_block_full(state):
return
withdrawals, partial_withdrawals_count = get_expected_withdrawals(state)
state.latest_withdrawals_root = hash_tree_root(withdrawals)
for withdrawal in withdrawals:
decrease_balance(state, withdrawal.validator_index, withdrawal.amount)
# Update pending partial withdrawals
state.pending_partial_withdrawals = state.pending_partial_withdrawals[partial_withdrawals_count:]
# Update the next withdrawal index if this block contained withdrawals
if len(withdrawals) != 0:
latest_withdrawal = withdrawals[-1]
state.next_withdrawal_index = WithdrawalIndex(latest_withdrawal.index + 1)
# Update the next validator index to start the next withdrawal sweep
if len(withdrawals) == MAX_WITHDRAWALS_PER_PAYLOAD:
# Next sweep starts after the latest withdrawal's validator index
next_validator_index = ValidatorIndex((withdrawals[-1].validator_index + 1) % len(state.validators))
state.next_withdrawal_validator_index = next_validator_index
else:
# Advance sweep by the max length of the sweep if there was not a full set of withdrawals
next_index = state.next_withdrawal_validator_index + MAX_VALIDATORS_PER_WITHDRAWALS_SWEEP
next_validator_index = ValidatorIndex(next_index % len(state.validators))
state.next_withdrawal_validator_index = next_validator_index
Execution payload header
New verify_execution_payload_header_signature
def verify_execution_payload_header_signature(state: BeaconState,
signed_header: SignedExecutionPayloadHeader) -> bool:
# Check the signature
builder = state.validators[signed_header.message.builder_index]
signing_root = compute_signing_root(signed_header.message, get_domain(state, DOMAIN_BEACON_BUILDER))
return bls.Verify(builder.pubkey, signing_root, signed_header.signature)
New process_execution_payload_header
def process_execution_payload_header(state: BeaconState, block: BeaconBlock) -> None:
# Verify the header signature
signed_header = block.body.signed_execution_payload_header
assert verify_execution_payload_header_signature(state, signed_header)
# Check that the builder has funds to cover the bid
header = signed_header.message
builder_index = header.builder_index
amount = header.value
assert state.balances[builder_index] >= amount
# Verify that the bid is for the current slot
assert header.slot == block.slot
# Verify that the bid is for the right parent block
assert header.parent_block_hash == state.latest_block_hash
assert header.parent_block_root == block.parent_root
# Transfer the funds from the builder to the proposer
decrease_balance(state, builder_index, amount)
increase_balance(state, block.proposer_index, amount)
# Cache the signed execution payload header
state.latest_execution_payload_header = header
Operations
Modified process_operations
Note: process_operations
is modified to process PTC attestations
def process_operations(state: BeaconState, body: BeaconBlockBody) -> None:
# Verify that outstanding deposits are processed up to the maximum number of deposits
assert len(body.deposits) == min(MAX_DEPOSITS, state.eth1_data.deposit_count - state.eth1_deposit_index)
def for_ops(operations: Sequence[Any], fn: Callable[[BeaconState, Any], None]) -> None:
for operation in operations:
fn(state, operation)
for_ops(body.proposer_slashings, process_proposer_slashing)
for_ops(body.attester_slashings, process_attester_slashing)
for_ops(body.attestations, process_attestation)
for_ops(body.deposits, process_deposit)
for_ops(body.voluntary_exits, process_voluntary_exit)
for_ops(body.bls_to_execution_changes, process_bls_to_execution_change)
# Removed `process_deposit_request` in EIP-7732
# Removed `process_withdrawal_request` in EIP-7732
# Removed `process_consolidation_request` in EIP-7732
for_ops(body.payload_attestations, process_payload_attestation) # [New in EIP-7732]
Payload Attestations
process_payload_attestation
def process_payload_attestation(state: BeaconState, payload_attestation: PayloadAttestation) -> None:
# Check that the attestation is for the parent beacon block
data = payload_attestation.data
assert data.beacon_block_root == state.latest_block_header.parent_root
# Check that the attestation is for the previous slot
assert data.slot + 1 == state.slot
# Verify signature
indexed_payload_attestation = get_indexed_payload_attestation(state, data.slot, payload_attestation)
assert is_valid_indexed_payload_attestation(state, indexed_payload_attestation)
if state.slot % SLOTS_PER_EPOCH == 0:
epoch_participation = state.previous_epoch_participation
else:
epoch_participation = state.current_epoch_participation
# Return early if the attestation is for the wrong payload status
payload_was_present = data.slot == state.latest_full_slot
voted_present = data.payload_status == PAYLOAD_PRESENT
proposer_reward_denominator = (WEIGHT_DENOMINATOR - PROPOSER_WEIGHT) * WEIGHT_DENOMINATOR // PROPOSER_WEIGHT
proposer_index = get_beacon_proposer_index(state)
if voted_present != payload_was_present:
# Unset the flags in case they were set by an equivocating ptc attestation
proposer_penalty_numerator = 0
for index in indexed_payload_attestation.attesting_indices:
for flag_index, weight in enumerate(PARTICIPATION_FLAG_WEIGHTS):
if has_flag(epoch_participation[index], flag_index):
epoch_participation[index] = remove_flag(epoch_participation[index], flag_index)
proposer_penalty_numerator += get_base_reward(state, index) * weight
# Penalize the proposer
proposer_penalty = Gwei(2 * proposer_penalty_numerator // proposer_reward_denominator)
decrease_balance(state, proposer_index, proposer_penalty)
return
# Reward the proposer and set all the participation flags in case of correct attestations
proposer_reward_numerator = 0
for index in indexed_payload_attestation.attesting_indices:
for flag_index, weight in enumerate(PARTICIPATION_FLAG_WEIGHTS):
if not has_flag(epoch_participation[index], flag_index):
epoch_participation[index] = add_flag(epoch_participation[index], flag_index)
proposer_reward_numerator += get_base_reward(state, index) * weight
# Reward proposer
proposer_reward = Gwei(proposer_reward_numerator // proposer_reward_denominator)
increase_balance(state, proposer_index, proposer_reward)
Modified process_execution_payload
New verify_execution_payload_envelope_signature
def verify_execution_payload_envelope_signature(
state: BeaconState, signed_envelope: SignedExecutionPayloadEnvelope) -> bool:
builder = state.validators[signed_envelope.message.builder_index]
signing_root = compute_signing_root(signed_envelope.message, get_domain(state, DOMAIN_BEACON_BUILDER))
return bls.Verify(builder.pubkey, signing_root, signed_envelope.signature)
Note: process_execution_payload
is now an independent check in state transition. It is called when importing a signed execution payload proposed by the builder of the current slot.
def process_execution_payload(state: BeaconState,
signed_envelope: SignedExecutionPayloadEnvelope,
execution_engine: ExecutionEngine, verify: bool = True) -> None:
# Verify signature
if verify:
assert verify_execution_payload_envelope_signature(state, signed_envelope)
envelope = signed_envelope.message
payload = envelope.payload
# Verify consistency with the beacon block
assert envelope.beacon_block_root == hash_tree_root(state.latest_block_header)
# Verify consistency with the committed header
committed_header = state.latest_execution_payload_header
assert envelope.builder_index == committed_header.builder_index
assert committed_header.blob_kzg_commitments_root == hash_tree_root(envelope.blob_kzg_commitments)
if not envelope.payload_withheld:
# Verify the withdrawals root
assert hash_tree_root(payload.withdrawals) == state.last_withdrawals_root
# Verify the gas_limit
assert committed_header.gas_limit == payload.gas_limit
assert committed_header.block_hash == payload.block_hash
# Verify consistency of the parent hash with respect to the previous execution payload
assert payload.parent_hash == state.latest_block_hash
# Verify prev_randao
assert payload.prev_randao == get_randao_mix(state, get_current_epoch(state))
# Verify timestamp
assert payload.timestamp == compute_timestamp_at_slot(state, state.slot)
# Verify the execution payload is valid
versioned_hashes = [kzg_commitment_to_versioned_hash(commitment)
for commitment in envelope.blob_kzg_commitments]
assert execution_engine.verify_and_notify_new_payload(
NewPayloadRequest(
execution_payload=payload,
versioned_hashes=versioned_hashes,
parent_beacon_block_root=state.latest_block_header.parent_root,
)
)
# Process Electra operations
def for_ops(operations: Sequence[Any], fn: Callable[[BeaconState, Any], None]) -> None:
for operation in operations:
fn(state, operation)
for_ops(payload.deposit_requests, process_deposit_request)
for_ops(payload.withdrawal_requests, process_withdrawal_request)
for_ops(payload, process_consolidation_request)
# Cache the execution payload header and proposer
state.latest_block_hash = payload.block_hash
state.latest_full_slot = state.slot
# Verify the state root
if verify:
assert envelope.state_root == hash_tree_root(state)