From 1abb54dabd6af4fa9e79cdc914626e2da3e11a46 Mon Sep 17 00:00:00 2001 From: Kirk Baird Date: Tue, 28 Apr 2020 13:15:46 +1000 Subject: [PATCH] Milagro BLS update (#985) * Start updating types * WIP * Signature hacking * Existing EF tests passing with fake_crypto * Updates * Delete outdated API spec * The refactor continues * It compiles * WIP test fixes * All release tests passing bar genesis state parsing * Update and test YamlConfig * Update to spec v0.10 compatible BLS * Updates to BLS EF tests * Add EF test for AggregateVerify And delete unused hash2curve tests for uncompressed points * Update EF tests to v0.10.1 * Use optional block root correctly in block proc * Use genesis fork in deposit domain. All tests pass * Cargo fmt * Fast aggregate verify test * Update REST API docs * Cargo fmt * Fix unused import * Bump spec tags to v0.10.1 * Add `seconds_per_eth1_block` to chainspec * Update to timestamp based eth1 voting scheme * Return None from `get_votes_to_consider` if block cache is empty * Handle overflows in `is_candidate_block` * Revert to failing tests * Fix eth1 data sets test * Choose default vote according to spec * Fix collect_valid_votes tests * Fix `get_votes_to_consider` to choose all eligible blocks * Uncomment winning_vote tests * Add comments; remove unused code * Reduce seconds_per_eth1_block for simulation * Addressed review comments * Add test for default vote case * Fix logs * Remove unused functions * Meter default eth1 votes * Fix comments * Address review comments; remove unused dependency * Add first attempt at attestation proc. re-write * Add version 2 of attestation processing * Minor fixes * Add validator pubkey cache * Make get_indexed_attestation take a committee * Link signature processing into new attn verification * First working version * Ensure pubkey cache is updated * Add more metrics, slight optimizations * Clone committee cache during attestation processing * Update shuffling cache during block processing * Remove old commented-out code * Fix shuffling cache insert bug * Used indexed attestation in fork choice * Restructure attn processing, add metrics * Add more detailed metrics * Tidy, fix failing tests * Fix failing tests, tidy * Disable/delete two outdated tests * Add new Pubkeys struct to signature_sets * Refactor with functional approach * Update beacon chain * Remove decompressed member from pubkey bytes * Add hashmap for indices lookup * Change `get_attesting_indices` to use Vec * Fix failing test * Tidy * Add pubkey cache persistence file * Add more comments * Integrate persistence file into builder * Add pubkey cache tests * Add data_dir to beacon chain builder * Remove Option in pubkey cache persistence file * Ensure consistency between datadir/data_dir * Fix failing network test * Tidy * Fix todos * Improve tests * Split up block processing metrics * Tidy * Refactor get_pubkey_from_state * Remove commented-out code * Add BeaconChain::validator_pubkey * Update milagro_bls Signed-off-by: Kirk Baird * Cargo fmt Signed-off-by: Kirk Baird * Use Option::filter * Remove Box * Comment out tests that fail due to hard-coded * Fix fake crypto Signed-off-by: Kirk Baird * Fix Cow::Borrowed Signed-off-by: Kirk Baird * Cargo fmt Signed-off-by: Kirk Baird Co-authored-by: Michael Sproul Co-authored-by: Michael Sproul Co-authored-by: pawan Co-authored-by: Paul Hauner --- Cargo.lock | 16 +- beacon_node/beacon_chain/src/beacon_chain.rs | 6 +- .../beacon_chain/src/block_verification.rs | 10 +- .../block_signature_verifier.rs | 12 +- .../per_block_processing/signature_sets.rs | 52 ++--- eth2/utils/bls/Cargo.toml | 2 +- eth2/utils/bls/src/aggregate_public_key.rs | 6 +- eth2/utils/bls/src/aggregate_signature.rs | 54 ++--- .../bls/src/fake_aggregate_public_key.rs | 11 + .../utils/bls/src/fake_aggregate_signature.rs | 28 ++- eth2/utils/bls/src/lib.rs | 4 +- eth2/utils/bls/src/signature_set.rs | 191 ++++-------------- eth2/utils/eth2_interop_keypairs/Cargo.toml | 2 +- .../src/cases/bls_aggregate_verify.rs | 4 +- 14 files changed, 157 insertions(+), 241 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 09ae033402..d1eecd785e 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -82,7 +82,7 @@ dependencies = [ [[package]] name = "amcl" version = "0.2.0" -source = "git+https://github.com/sigp/milagro_bls?branch=eth2.0-v0.10#38c6c33925b24c9319a1febfb621ff9bbf6d49f7" +source = "git+https://github.com/sigp/milagro_bls?tag=v1.0.0#ac3e5c3a48aed7ea810ac411655963f5177430b7" dependencies = [ "hex 0.3.2 (registry+https://github.com/rust-lang/crates.io-index)", "lazy_static 1.4.0 (registry+https://github.com/rust-lang/crates.io-index)", @@ -370,7 +370,7 @@ dependencies = [ "eth2_ssz 0.1.2", "eth2_ssz_types 0.2.0", "hex 0.3.2 (registry+https://github.com/rust-lang/crates.io-index)", - "milagro_bls 1.0.1 (git+https://github.com/sigp/milagro_bls?branch=eth2.0-v0.10)", + "milagro_bls 1.0.0 (git+https://github.com/sigp/milagro_bls?tag=v1.0.0)", "rand 0.7.3 (registry+https://github.com/rust-lang/crates.io-index)", "serde 1.0.106 (registry+https://github.com/rust-lang/crates.io-index)", "serde_derive 1.0.106 (registry+https://github.com/rust-lang/crates.io-index)", @@ -1185,7 +1185,7 @@ dependencies = [ "eth2_hashing 0.1.1", "hex 0.3.2 (registry+https://github.com/rust-lang/crates.io-index)", "lazy_static 1.4.0 (registry+https://github.com/rust-lang/crates.io-index)", - "milagro_bls 1.0.1 (git+https://github.com/sigp/milagro_bls?branch=eth2.0-v0.10)", + "milagro_bls 1.0.0 (git+https://github.com/sigp/milagro_bls?tag=v1.0.0)", "num-bigint 0.2.6 (registry+https://github.com/rust-lang/crates.io-index)", "serde 1.0.106 (registry+https://github.com/rust-lang/crates.io-index)", "serde_derive 1.0.106 (registry+https://github.com/rust-lang/crates.io-index)", @@ -2524,10 +2524,10 @@ dependencies = [ [[package]] name = "milagro_bls" -version = "1.0.1" -source = "git+https://github.com/sigp/milagro_bls?branch=eth2.0-v0.10#38c6c33925b24c9319a1febfb621ff9bbf6d49f7" +version = "1.0.0" +source = "git+https://github.com/sigp/milagro_bls?tag=v1.0.0#ac3e5c3a48aed7ea810ac411655963f5177430b7" dependencies = [ - "amcl 0.2.0 (git+https://github.com/sigp/milagro_bls?branch=eth2.0-v0.10)", + "amcl 0.2.0 (git+https://github.com/sigp/milagro_bls?tag=v1.0.0)", "hex 0.4.2 (registry+https://github.com/rust-lang/crates.io-index)", "lazy_static 1.4.0 (registry+https://github.com/rust-lang/crates.io-index)", "rand 0.7.3 (registry+https://github.com/rust-lang/crates.io-index)", @@ -5186,7 +5186,7 @@ dependencies = [ "checksum aesni 0.6.0 (registry+https://github.com/rust-lang/crates.io-index)" = "2f70a6b5f971e473091ab7cfb5ffac6cde81666c4556751d8d5620ead8abf100" "checksum ahash 0.2.18 (registry+https://github.com/rust-lang/crates.io-index)" = "6f33b5018f120946c1dcf279194f238a9f146725593ead1c08fa47ff22b0b5d3" "checksum aho-corasick 0.7.10 (registry+https://github.com/rust-lang/crates.io-index)" = "8716408b8bc624ed7f65d223ddb9ac2d044c0547b6fa4b0d554f3a9540496ada" -"checksum amcl 0.2.0 (git+https://github.com/sigp/milagro_bls?branch=eth2.0-v0.10)" = "" +"checksum amcl 0.2.0 (git+https://github.com/sigp/milagro_bls?tag=v1.0.0)" = "" "checksum ansi_term 0.11.0 (registry+https://github.com/rust-lang/crates.io-index)" = "ee49baf6cb617b853aa8d93bf420db2383fab46d314482ca2803b40d5fde979b" "checksum arc-swap 0.4.5 (registry+https://github.com/rust-lang/crates.io-index)" = "d663a8e9a99154b5fb793032533f6328da35e23aac63d5c152279aa8ba356825" "checksum arrayref 0.3.6 (registry+https://github.com/rust-lang/crates.io-index)" = "a4c527152e37cf757a3f78aae5a06fbeefdb07ccc535c980a3208ee3060dd544" @@ -5381,7 +5381,7 @@ dependencies = [ "checksum maybe-uninit 2.0.0 (registry+https://github.com/rust-lang/crates.io-index)" = "60302e4db3a61da70c0cb7991976248362f30319e88850c487b9b95bbf059e00" "checksum memchr 2.3.3 (registry+https://github.com/rust-lang/crates.io-index)" = "3728d817d99e5ac407411fa471ff9800a778d88a24685968b36824eaf4bee400" "checksum memoffset 0.5.4 (registry+https://github.com/rust-lang/crates.io-index)" = "b4fc2c02a7e374099d4ee95a193111f72d2110197fe200272371758f6c3643d8" -"checksum milagro_bls 1.0.1 (git+https://github.com/sigp/milagro_bls?branch=eth2.0-v0.10)" = "" +"checksum milagro_bls 1.0.0 (git+https://github.com/sigp/milagro_bls?tag=v1.0.0)" = "" "checksum mime 0.2.6 (registry+https://github.com/rust-lang/crates.io-index)" = "ba626b8a6de5da682e1caa06bdb42a335aee5a84db8e5046a3e8ab17ba0a3ae0" "checksum mime 0.3.16 (registry+https://github.com/rust-lang/crates.io-index)" = "2a60c7ce501c71e03a9c9c0d35b861413ae925bd979cc7a4e30d060069aaac8d" "checksum mime_guess 2.0.3 (registry+https://github.com/rust-lang/crates.io-index)" = "2684d4c2e97d99848d30b324b00c8fcc7e5c897b7cbb5819b09e7c90e8baf212" diff --git a/beacon_node/beacon_chain/src/beacon_chain.rs b/beacon_node/beacon_chain/src/beacon_chain.rs index e76bd8daf9..8b4db6f4d7 100644 --- a/beacon_node/beacon_chain/src/beacon_chain.rs +++ b/beacon_node/beacon_chain/src/beacon_chain.rs @@ -1124,11 +1124,7 @@ impl BeaconChain { })?; let signature_set = indexed_attestation_signature_set_from_pubkeys( - |validator_index| { - pubkey_cache - .get(validator_index) - .map(|pk| Cow::Borrowed(pk.as_point())) - }, + |validator_index| pubkey_cache.get(validator_index).map(Cow::Borrowed), &attestation.signature, &indexed_attestation, &fork, diff --git a/beacon_node/beacon_chain/src/block_verification.rs b/beacon_node/beacon_chain/src/block_verification.rs index 2ec6cfdc72..886835c6d0 100644 --- a/beacon_node/beacon_chain/src/block_verification.rs +++ b/beacon_node/beacon_chain/src/block_verification.rs @@ -53,9 +53,7 @@ use slog::{error, Logger}; use slot_clock::SlotClock; use ssz::Encode; use state_processing::{ - block_signature_verifier::{ - BlockSignatureVerifier, Error as BlockSignatureVerifierError, G1Point, - }, + block_signature_verifier::{BlockSignatureVerifier, Error as BlockSignatureVerifierError}, per_block_processing, per_slot_processing, BlockProcessingError, BlockSignatureStrategy, SlotProcessingError, }; @@ -66,7 +64,7 @@ use store::{Error as DBError, StateBatch}; use tree_hash::TreeHash; use types::{ BeaconBlock, BeaconState, BeaconStateError, ChainSpec, CloneConfig, EthSpec, Hash256, - RelativeEpoch, SignedBeaconBlock, Slot, + PublicKey, RelativeEpoch, SignedBeaconBlock, Slot, }; mod block_processing_outcome; @@ -813,7 +811,7 @@ fn get_signature_verifier<'a, E: EthSpec>( state: &'a BeaconState, validator_pubkey_cache: &'a ValidatorPubkeyCache, spec: &'a ChainSpec, -) -> BlockSignatureVerifier<'a, E, impl Fn(usize) -> Option> + Clone> { +) -> BlockSignatureVerifier<'a, E, impl Fn(usize) -> Option> + Clone> { BlockSignatureVerifier::new( state, move |validator_index| { @@ -822,7 +820,7 @@ fn get_signature_verifier<'a, E: EthSpec>( if validator_index < state.validators.len() { validator_pubkey_cache .get(validator_index) - .map(|pk| Cow::Borrowed(pk.as_point())) + .map(|pk| Cow::Borrowed(pk)) } else { None } diff --git a/eth2/state_processing/src/per_block_processing/block_signature_verifier.rs b/eth2/state_processing/src/per_block_processing/block_signature_verifier.rs index a3d824cbd7..13f6d099d2 100644 --- a/eth2/state_processing/src/per_block_processing/block_signature_verifier.rs +++ b/eth2/state_processing/src/per_block_processing/block_signature_verifier.rs @@ -3,7 +3,7 @@ use super::signature_sets::{Error as SignatureSetError, Result as SignatureSetResult, *}; use crate::common::get_indexed_attestation; use crate::per_block_processing::errors::{AttestationInvalid, BlockOperationError}; -use bls::{verify_signature_sets, SignatureSet}; +use bls::{verify_signature_sets, PublicKey, SignatureSet}; use rayon::prelude::*; use std::borrow::Cow; use types::{ @@ -11,8 +11,6 @@ use types::{ SignedBeaconBlock, }; -pub use bls::G1Point; - pub type Result = std::result::Result; #[derive(Debug, PartialEq)] @@ -53,18 +51,18 @@ impl From> for Error { pub struct BlockSignatureVerifier<'a, T, F> where T: EthSpec, - F: Fn(usize) -> Option> + Clone, + F: Fn(usize) -> Option> + Clone, { get_pubkey: F, state: &'a BeaconState, spec: &'a ChainSpec, - sets: Vec>, + sets: Vec, } impl<'a, T, F> BlockSignatureVerifier<'a, T, F> where T: EthSpec, - F: Fn(usize) -> Option> + Clone, + F: Fn(usize) -> Option> + Clone, { /// Create a new verifier without any included signatures. See the `include...` functions to /// add signatures, and the `verify` @@ -116,7 +114,7 @@ where .sets .into_par_iter() .chunks(num_chunks) - .map(|chunk| verify_signature_sets(chunk.into_iter())) + .map(|chunk| verify_signature_sets(chunk)) .reduce(|| true, |current, this| current && this); if result { diff --git a/eth2/state_processing/src/per_block_processing/signature_sets.rs b/eth2/state_processing/src/per_block_processing/signature_sets.rs index 8a58cebd5d..20dba7de3d 100644 --- a/eth2/state_processing/src/per_block_processing/signature_sets.rs +++ b/eth2/state_processing/src/per_block_processing/signature_sets.rs @@ -2,7 +2,7 @@ //! validated individually, or alongside in others in a potentially cheaper bulk operation. //! //! This module exposes one function to extract each type of `SignatureSet` from a `BeaconBlock`. -use bls::{G1Point, G1Ref, SignatureSet, SignedMessage}; +use bls::SignatureSet; use ssz::DecodeError; use std::borrow::Cow; use std::convert::TryInto; @@ -44,7 +44,7 @@ impl From for Error { pub fn get_pubkey_from_state<'a, T>( state: &'a BeaconState, validator_index: usize, -) -> Option> +) -> Option> where T: EthSpec, { @@ -55,7 +55,7 @@ where let pk: Option = (&v.pubkey).try_into().ok(); pk }) - .map(|pk| Cow::Owned(pk.into_point())) + .map(Cow::Owned) } /// A signature set that is valid if a block was signed by the expected block producer. @@ -65,10 +65,10 @@ pub fn block_proposal_signature_set<'a, T, F>( signed_block: &'a SignedBeaconBlock, block_root: Option, spec: &'a ChainSpec, -) -> Result> +) -> Result where T: EthSpec, - F: Fn(usize) -> Option>, + F: Fn(usize) -> Option>, { let block = &signed_block.message; let proposer_index = state.get_beacon_proposer_index(block.slot, spec)?; @@ -103,10 +103,10 @@ pub fn randao_signature_set<'a, T, F>( get_pubkey: F, block: &'a BeaconBlock, spec: &'a ChainSpec, -) -> Result> +) -> Result where T: EthSpec, - F: Fn(usize) -> Option>, + F: Fn(usize) -> Option>, { let proposer_index = state.get_beacon_proposer_index(block.slot, spec)?; @@ -132,10 +132,10 @@ pub fn proposer_slashing_signature_set<'a, T, F>( get_pubkey: F, proposer_slashing: &'a ProposerSlashing, spec: &'a ChainSpec, -) -> Result<(SignatureSet<'a>, SignatureSet<'a>)> +) -> Result<(SignatureSet, SignatureSet)> where T: EthSpec, - F: Fn(usize) -> Option>, + F: Fn(usize) -> Option>, { let proposer_index = proposer_slashing.signed_header_1.message.proposer_index as usize; @@ -161,9 +161,9 @@ where fn block_header_signature_set<'a, T: EthSpec>( state: &'a BeaconState, signed_header: &'a SignedBeaconBlockHeader, - pubkey: Cow<'a, G1Point>, + pubkey: Cow<'a, PublicKey>, spec: &'a ChainSpec, -) -> Result> { +) -> Result { let domain = spec.get_domain( signed_header.message.slot.epoch(T::slots_per_epoch()), Domain::BeaconProposer, @@ -191,10 +191,10 @@ pub fn indexed_attestation_signature_set<'a, 'b, T, F>( signature: &'a AggregateSignature, indexed_attestation: &'b IndexedAttestation, spec: &'a ChainSpec, -) -> Result> +) -> Result where T: EthSpec, - F: Fn(usize) -> Option>, + F: Fn(usize) -> Option>, { let pubkeys = indexed_attestation .attesting_indices @@ -213,9 +213,9 @@ where ); let message = indexed_attestation.data.signing_root(domain); - let signed_message = SignedMessage::new(pubkeys, message.as_bytes().to_vec()); + let message = message.as_bytes().to_vec(); - Ok(SignatureSet::new(signature, vec![signed_message])) + Ok(SignatureSet::new(signature, pubkeys, message)) } /// Returns the signature set for the given `indexed_attestation` but pubkeys are supplied directly @@ -227,10 +227,10 @@ pub fn indexed_attestation_signature_set_from_pubkeys<'a, 'b, T, F>( fork: &Fork, genesis_validators_root: Hash256, spec: &'a ChainSpec, -) -> Result> +) -> Result where T: EthSpec, - F: Fn(usize) -> Option>, + F: Fn(usize) -> Option>, { let pubkeys = indexed_attestation .attesting_indices @@ -249,9 +249,9 @@ where ); let message = indexed_attestation.data.signing_root(domain); - let signed_message = SignedMessage::new(pubkeys, message.as_bytes().to_vec()); + let message = message.as_bytes().to_vec(); - Ok(SignatureSet::new(signature, vec![signed_message])) + Ok(SignatureSet::new(signature, pubkeys, message)) } /// Returns the signature set for the given `attester_slashing` and corresponding `pubkeys`. @@ -260,10 +260,10 @@ pub fn attester_slashing_signature_sets<'a, T, F>( get_pubkey: F, attester_slashing: &'a AttesterSlashing, spec: &'a ChainSpec, -) -> Result<(SignatureSet<'a>, SignatureSet<'a>)> +) -> Result<(SignatureSet, SignatureSet)> where T: EthSpec, - F: Fn(usize) -> Option> + Clone, + F: Fn(usize) -> Option> + Clone, { Ok(( indexed_attestation_signature_set( @@ -305,12 +305,12 @@ pub fn deposit_pubkey_signature_message( /// `deposit_pubkey_signature_message`. pub fn deposit_signature_set<'a>( pubkey_signature_message: &'a (PublicKey, Signature, Vec), -) -> SignatureSet<'a> { +) -> SignatureSet { let (pubkey, signature, message) = pubkey_signature_message; // Note: Deposits are valid across forks, thus the deposit domain is computed - // with the fork zeroed. - SignatureSet::single(signature, pubkey.g1_ref(), message.clone()) + // with the fok zeroed. + SignatureSet::single(&signature, Cow::Borrowed(pubkey), message.clone()) } /// Returns a signature set that is valid if the `SignedVoluntaryExit` was signed by the indicated @@ -320,10 +320,10 @@ pub fn exit_signature_set<'a, T, F>( get_pubkey: F, signed_exit: &'a SignedVoluntaryExit, spec: &'a ChainSpec, -) -> Result> +) -> Result where T: EthSpec, - F: Fn(usize) -> Option>, + F: Fn(usize) -> Option>, { let exit = &signed_exit.message; let proposer_index = exit.validator_index as usize; diff --git a/eth2/utils/bls/Cargo.toml b/eth2/utils/bls/Cargo.toml index f22263e313..706bb7ed63 100644 --- a/eth2/utils/bls/Cargo.toml +++ b/eth2/utils/bls/Cargo.toml @@ -5,7 +5,7 @@ authors = ["Paul Hauner "] edition = "2018" [dependencies] -milagro_bls = { git = "https://github.com/sigp/milagro_bls", branch = "eth2.0-v0.10" } +milagro_bls = { git = "https://github.com/sigp/milagro_bls", tag = "v1.0.0" } eth2_hashing = "0.1.0" hex = "0.3" rand = "0.7.2" diff --git a/eth2/utils/bls/src/aggregate_public_key.rs b/eth2/utils/bls/src/aggregate_public_key.rs index 4085b6f25b..6389915c4f 100644 --- a/eth2/utils/bls/src/aggregate_public_key.rs +++ b/eth2/utils/bls/src/aggregate_public_key.rs @@ -1,5 +1,5 @@ use super::{PublicKey, BLS_PUBLIC_KEY_BYTE_SIZE}; -use milagro_bls::{AggregatePublicKey as RawAggregatePublicKey, G1Point}; +use milagro_bls::AggregatePublicKey as RawAggregatePublicKey; use serde::de::{Deserialize, Deserializer}; use serde::ser::{Serialize, Serializer}; use serde_hex::{encode as hex_encode, PrefixedHexVisitor}; @@ -37,10 +37,6 @@ impl AggregatePublicKey { self.0.add(public_key.as_raw()) } - pub fn add_point(&mut self, point: &G1Point) { - self.0.point.add(point) - } - /// Returns the underlying public key. pub fn as_raw(&self) -> &RawAggregatePublicKey { &self.0 diff --git a/eth2/utils/bls/src/aggregate_signature.rs b/eth2/utils/bls/src/aggregate_signature.rs index 8ea582a4c7..8ff6c8bd8b 100644 --- a/eth2/utils/bls/src/aggregate_signature.rs +++ b/eth2/utils/bls/src/aggregate_signature.rs @@ -1,8 +1,5 @@ use super::*; -use milagro_bls::{ - AggregatePublicKey as RawAggregatePublicKey, AggregateSignature as RawAggregateSignature, - G2Point, -}; +use milagro_bls::{AggregateSignature as RawAggregateSignature, G2Point}; use serde::de::{Deserialize, Deserializer}; use serde::ser::{Serialize, Serializer}; use serde_hex::{encode as hex_encode, PrefixedHexVisitor}; @@ -32,16 +29,19 @@ impl AggregateSignature { /// Add (aggregate) a signature to the `AggregateSignature`. pub fn add(&mut self, signature: &Signature) { - if self.is_empty { - self.aggregate_signature = RawAggregateSignature::new(); - self.is_empty = false; - } + // Only empty if both are empty + self.is_empty = self.is_empty && signature.is_empty(); + // Note: empty signatures will have point at infinity which is equivalent of adding 0. self.aggregate_signature.add(signature.as_raw()) } /// Add (aggregate) another `AggregateSignature`. pub fn add_aggregate(&mut self, agg_signature: &AggregateSignature) { + // Only empty if both are empty + self.is_empty = self.is_empty && agg_signature.is_empty(); + + // Note: empty signatures will have point at infinity which is equivalent of adding 0. self.aggregate_signature .add_aggregate(&agg_signature.aggregate_signature) } @@ -55,32 +55,32 @@ impl AggregateSignature { return false; } self.aggregate_signature - .verify(msg, aggregate_public_key.as_raw()) + .fast_aggregate_verify_pre_aggregated(msg, aggregate_public_key.as_raw()) } - /// Verify this AggregateSignature against multiple AggregatePublickeys with multiple Messages. + /// Verify the `AggregateSignature` against an `AggregatePublicKey`. /// - /// All PublicKeys related to a Message should be aggregated into one AggregatePublicKey. - /// Each AggregatePublicKey has a 1:1 ratio with a 32 byte Message. - pub fn verify_multiple( - &self, - messages: &[&[u8]], - aggregate_public_keys: &[&AggregatePublicKey], - ) -> bool { + /// Only returns `true` if the set of keys in the `AggregatePublicKey` match the set of keys + /// that signed the `AggregateSignature`. + pub fn verify_unaggregated(&self, msg: &[u8], public_keys: &[&PublicKey]) -> bool { if self.is_empty { return false; } - let aggregate_public_keys: Vec<&RawAggregatePublicKey> = - aggregate_public_keys.iter().map(|pk| pk.as_raw()).collect(); - - // Messages are concatenated into one long message. - let mut msgs: Vec> = vec![]; - for message in messages { - msgs.push(message.to_vec()); - } - + let public_key_refs: Vec<_> = public_keys.iter().map(|pk| pk.as_raw()).collect(); self.aggregate_signature - .verify_multiple(&msgs, &aggregate_public_keys[..]) + .fast_aggregate_verify(msg, &public_key_refs) + } + + /// Verify this AggregateSignature against multiple AggregatePublickeys and Messages. + /// + /// Each AggregatePublicKey has a 1:1 ratio with a 32 byte Message. + pub fn verify_multiple(&self, messages: &[&[u8]], public_keys: &[&PublicKey]) -> bool { + if self.is_empty { + return false; + } + let public_keys_refs: Vec<_> = public_keys.iter().map(|pk| pk.as_raw()).collect(); + self.aggregate_signature + .aggregate_verify(&messages, &public_keys_refs) } /// Return AggregateSignature as bytes diff --git a/eth2/utils/bls/src/fake_aggregate_public_key.rs b/eth2/utils/bls/src/fake_aggregate_public_key.rs index 4eed94d654..fc9b7db5ad 100644 --- a/eth2/utils/bls/src/fake_aggregate_public_key.rs +++ b/eth2/utils/bls/src/fake_aggregate_public_key.rs @@ -67,6 +67,17 @@ impl FakeAggregatePublicKey { // No nothing. } + pub fn aggregate(_pks: &[&PublicKey]) -> Self { + Self::new() + } + + pub fn from_public_key(public_key: &PublicKey) -> Self { + Self { + bytes: public_key.as_bytes(), + point: public_key.point.clone(), + } + } + pub fn as_raw(&self) -> &Self { &self } diff --git a/eth2/utils/bls/src/fake_aggregate_signature.rs b/eth2/utils/bls/src/fake_aggregate_signature.rs index 19fe400387..401c448788 100644 --- a/eth2/utils/bls/src/fake_aggregate_signature.rs +++ b/eth2/utils/bls/src/fake_aggregate_signature.rs @@ -1,6 +1,6 @@ use super::{ - fake_aggregate_public_key::FakeAggregatePublicKey, fake_signature::FakeSignature, - BLS_AGG_SIG_BYTE_SIZE, + fake_aggregate_public_key::FakeAggregatePublicKey, fake_public_key::FakePublicKey, + fake_signature::FakeSignature, BLS_AGG_SIG_BYTE_SIZE, }; use milagro_bls::G2Point; use serde::de::{Deserialize, Deserializer}; @@ -47,6 +47,11 @@ impl FakeAggregateSignature { // Do nothing. } + /// Does glorious nothing. + pub fn aggregate(&mut self, _agg_sig: &FakeAggregateSignature) { + // Do nothing. + } + /// _Always_ returns `true`. pub fn verify(&self, _msg: &[u8], _aggregate_public_key: &FakeAggregatePublicKey) -> bool { true @@ -56,11 +61,28 @@ impl FakeAggregateSignature { pub fn verify_multiple( &self, _messages: &[&[u8]], - _aggregate_public_keys: &[&FakeAggregatePublicKey], + _aggregate_public_keys: &[&FakePublicKey], ) -> bool { true } + /// _Always_ returns `true`. + pub fn fast_aggregate_verify_pre_aggregated( + &self, + _messages: &[u8], + _aggregate_public_keys: &FakeAggregatePublicKey, + ) -> bool { + true + } + + /// _Always_ returns `true`. + pub fn from_signature(signature: &FakeSignature) -> Self { + Self { + bytes: signature.as_bytes(), + point: signature.point.clone(), + } + } + /// Convert bytes to fake BLS aggregate signature pub fn from_bytes(bytes: &[u8]) -> Result { if bytes.len() != BLS_AGG_SIG_BYTE_SIZE { diff --git a/eth2/utils/bls/src/lib.rs b/eth2/utils/bls/src/lib.rs index 27196fcc27..a057d85bb7 100644 --- a/eth2/utils/bls/src/lib.rs +++ b/eth2/utils/bls/src/lib.rs @@ -13,8 +13,8 @@ pub use crate::keypair::Keypair; pub use crate::public_key_bytes::PublicKeyBytes; pub use crate::secret_key::SecretKey; pub use crate::signature_bytes::SignatureBytes; -pub use milagro_bls::{compress_g2, hash_on_g2, G1Point}; -pub use signature_set::{verify_signature_sets, G1Ref, SignatureSet, SignedMessage}; +pub use milagro_bls::{compress_g2, hash_to_curve_g2}; +pub use signature_set::{verify_signature_sets, SignatureSet}; #[cfg(feature = "fake_crypto")] mod fake_aggregate_public_key; diff --git a/eth2/utils/bls/src/signature_set.rs b/eth2/utils/bls/src/signature_set.rs index ab49d1414a..76a82e96d0 100644 --- a/eth2/utils/bls/src/signature_set.rs +++ b/eth2/utils/bls/src/signature_set.rs @@ -1,179 +1,74 @@ -use crate::{AggregatePublicKey, AggregateSignature, PublicKey, Signature}; -use milagro_bls::{G1Point, G2Point}; +use crate::{AggregateSignature, PublicKey, Signature}; use std::borrow::Cow; #[cfg(not(feature = "fake_crypto"))] -use milagro_bls::AggregateSignature as RawAggregateSignature; +use milagro_bls::{ + AggregatePublicKey as RawAggregatePublicKey, AggregateSignature as RawAggregateSignature, + PublicKey as RawPublicKey, +}; + +#[cfg(feature = "fake_crypto")] +use crate::fakes::{ + AggregatePublicKey as RawAggregatePublicKey, AggregateSignature as RawAggregateSignature, + PublicKey as RawPublicKey, +}; type Message = Vec; #[derive(Clone, Debug)] -pub struct SignedMessage<'a> { - signing_keys: Vec>, +pub struct SignatureSet { + pub signature: RawAggregateSignature, + signing_keys: RawAggregatePublicKey, message: Message, } -impl<'a> SignedMessage<'a> { - pub fn new(signing_keys: Vec>, message: Message) -> Self { +impl SignatureSet { + pub fn single(signature: &Signature, signing_key: Cow, message: Message) -> Self { Self { - signing_keys, + signature: RawAggregateSignature::from_signature(signature.as_raw()), + signing_keys: RawAggregatePublicKey::from_public_key(signing_key.as_raw()), message, } } -} -#[derive(Clone, Debug)] -pub struct SignatureSet<'a> { - pub signature: &'a G2Point, - signed_messages: Vec>, -} - -impl<'a> SignatureSet<'a> { - pub fn single(signature: &'a S, signing_key: Cow<'a, G1Point>, message: Message) -> Self - where - S: G2Ref, - { - Self { - signature: signature.g2_ref(), - signed_messages: vec![SignedMessage::new(vec![signing_key], message)], - } - } - - pub fn dual( - signature: &'a S, - message_0: Message, - message_0_signing_keys: Vec>, - message_1: Message, - message_1_signing_keys: Vec>, + pub fn new( + signature: &AggregateSignature, + signing_keys: Vec>, + message: Message, ) -> Self - where - T: G1Ref + Clone, - S: G2Ref, - { +where { + let signing_keys_refs: Vec<&RawPublicKey> = + signing_keys.iter().map(|pk| pk.as_raw()).collect(); Self { - signature: signature.g2_ref(), - signed_messages: vec![ - SignedMessage::new(message_0_signing_keys, message_0), - SignedMessage::new(message_1_signing_keys, message_1), - ], - } - } - - pub fn new(signature: &'a S, signed_messages: Vec>) -> Self - where - S: G2Ref, - { - Self { - signature: signature.g2_ref(), - signed_messages, + signature: signature.as_raw().clone(), + signing_keys: RawAggregatePublicKey::aggregate(&signing_keys_refs), + message, } } pub fn is_valid(&self) -> bool { - let sig = milagro_bls::AggregateSignature { - point: self.signature.clone(), - }; - - let mut messages: Vec> = vec![]; - let mut pubkeys = vec![]; - - self.signed_messages.iter().for_each(|signed_message| { - messages.push(signed_message.message.clone()); - - let point = if signed_message.signing_keys.len() == 1 { - signed_message.signing_keys[0].clone().into_owned() - } else { - aggregate_public_keys(&signed_message.signing_keys) - }; - - pubkeys.push(milagro_bls::AggregatePublicKey { point }); - }); - - let pubkey_refs: Vec<&milagro_bls::AggregatePublicKey> = - pubkeys.iter().map(std::borrow::Borrow::borrow).collect(); - - sig.verify_multiple(&messages, &pubkey_refs) + self.signature + .fast_aggregate_verify_pre_aggregated(&self.message, &self.signing_keys) } } +type VerifySet<'a> = ( + &'a RawAggregateSignature, + &'a RawAggregatePublicKey, + &'a [u8], +); + #[cfg(not(feature = "fake_crypto"))] -pub fn verify_signature_sets<'a>(iter: impl Iterator>) -> bool { +pub fn verify_signature_sets<'a>(sets: Vec) -> bool { let rng = &mut rand::thread_rng(); - RawAggregateSignature::verify_multiple_signatures(rng, iter.map(Into::into)) + let verify_set: Vec = sets + .iter() + .map(|ss| (&ss.signature, &ss.signing_keys, ss.message.as_slice())) + .collect(); + RawAggregateSignature::verify_multiple_aggregate_signatures(rng, verify_set.into_iter()) } #[cfg(feature = "fake_crypto")] -pub fn verify_signature_sets<'a>(_iter: impl Iterator>) -> bool { +pub fn verify_signature_sets<'a>(sets: Vec) -> bool { true } - -type VerifySet<'a> = (G2Point, Vec, Vec>); - -impl<'a> Into> for SignatureSet<'a> { - fn into(self) -> VerifySet<'a> { - let signature = self.signature.clone(); - - let (pubkeys, messages): (Vec, Vec) = self - .signed_messages - .into_iter() - .map(|signed_message| { - let key = if signed_message.signing_keys.len() == 1 { - signed_message.signing_keys[0].clone().into_owned() - } else { - aggregate_public_keys(&signed_message.signing_keys) - }; - - (key, signed_message.message) - }) - .unzip(); - - (signature, pubkeys, messages) - } -} - -/// Create an aggregate public key for a list of validators, failing if any key can't be found. -fn aggregate_public_keys<'a>(public_keys: &'a [Cow<'a, G1Point>]) -> G1Point { - let mut aggregate = - public_keys - .iter() - .fold(AggregatePublicKey::new(), |mut aggregate, pubkey| { - aggregate.add_point(&pubkey); - aggregate - }); - - aggregate.affine(); - - aggregate.into_raw().point -} - -pub trait G1Ref { - fn g1_ref(&self) -> Cow<'_, G1Point>; -} - -impl G1Ref for AggregatePublicKey { - fn g1_ref(&self) -> Cow<'_, G1Point> { - Cow::Borrowed(&self.as_raw().point) - } -} - -impl G1Ref for PublicKey { - fn g1_ref(&self) -> Cow<'_, G1Point> { - Cow::Borrowed(&self.as_raw().point) - } -} - -pub trait G2Ref { - fn g2_ref(&self) -> &G2Point; -} - -impl G2Ref for AggregateSignature { - fn g2_ref(&self) -> &G2Point { - &self.as_raw().point - } -} - -impl G2Ref for Signature { - fn g2_ref(&self) -> &G2Point { - &self.as_raw().point - } -} diff --git a/eth2/utils/eth2_interop_keypairs/Cargo.toml b/eth2/utils/eth2_interop_keypairs/Cargo.toml index 641f82c257..edfec7ffb4 100644 --- a/eth2/utils/eth2_interop_keypairs/Cargo.toml +++ b/eth2/utils/eth2_interop_keypairs/Cargo.toml @@ -11,7 +11,7 @@ lazy_static = "1.4.0" num-bigint = "0.2.3" eth2_hashing = "0.1.0" hex = "0.3" -milagro_bls = { git = "https://github.com/sigp/milagro_bls", branch = "eth2.0-v0.10" } +milagro_bls = { git = "https://github.com/sigp/milagro_bls", tag = "v1.0.0" } serde_yaml = "0.8.11" serde = "1.0.102" serde_derive = "1.0.102" diff --git a/tests/ef_tests/src/cases/bls_aggregate_verify.rs b/tests/ef_tests/src/cases/bls_aggregate_verify.rs index c6a2b2d4f3..7cac4e9066 100644 --- a/tests/ef_tests/src/cases/bls_aggregate_verify.rs +++ b/tests/ef_tests/src/cases/bls_aggregate_verify.rs @@ -1,12 +1,12 @@ use super::*; use crate::case_result::compare_result; use crate::cases::common::BlsCase; -use bls::{AggregatePublicKey, AggregateSignature}; +use bls::{AggregateSignature, PublicKey}; use serde_derive::Deserialize; #[derive(Debug, Clone, Deserialize)] pub struct BlsAggregatePair { - pub pubkey: AggregatePublicKey, + pub pubkey: PublicKey, pub message: String, }