Milagro BLS update (#985)

* Start updating types

* WIP

* Signature hacking

* Existing EF tests passing with fake_crypto

* Updates

* Delete outdated API spec

* The refactor continues

* It compiles

* WIP test fixes

* All release tests passing bar genesis state parsing

* Update and test YamlConfig

* Update to spec v0.10 compatible BLS

* Updates to BLS EF tests

* Add EF test for AggregateVerify

And delete unused hash2curve tests for uncompressed points

* Update EF tests to v0.10.1

* Use optional block root correctly in block proc

* Use genesis fork in deposit domain. All tests pass

* Cargo fmt

* Fast aggregate verify test

* Update REST API docs

* Cargo fmt

* Fix unused import

* Bump spec tags to v0.10.1

* Add `seconds_per_eth1_block` to chainspec

* Update to timestamp based eth1 voting scheme

* Return None from `get_votes_to_consider` if block cache is empty

* Handle overflows in `is_candidate_block`

* Revert to failing tests

* Fix eth1 data sets test

* Choose default vote according to spec

* Fix collect_valid_votes tests

* Fix `get_votes_to_consider` to choose all eligible blocks

* Uncomment winning_vote tests

* Add comments; remove unused code

* Reduce seconds_per_eth1_block for simulation

* Addressed review comments

* Add test for default vote case

* Fix logs

* Remove unused functions

* Meter default eth1 votes

* Fix comments

* Address review comments; remove unused dependency

* Add first attempt at attestation proc. re-write

* Add version 2 of attestation processing

* Minor fixes

* Add validator pubkey cache

* Make get_indexed_attestation take a committee

* Link signature processing into new attn verification

* First working version

* Ensure pubkey cache is updated

* Add more metrics, slight optimizations

* Clone committee cache during attestation processing

* Update shuffling cache during block processing

* Remove old commented-out code

* Fix shuffling cache insert bug

* Used indexed attestation in fork choice

* Restructure attn processing, add metrics

* Add more detailed metrics

* Tidy, fix failing tests

* Fix failing tests, tidy

* Disable/delete two outdated tests

* Add new Pubkeys struct to signature_sets

* Refactor with functional approach

* Update beacon chain

* Remove decompressed member from pubkey bytes

* Add hashmap for indices lookup

* Change `get_attesting_indices` to use Vec

* Fix failing test

* Tidy

* Add pubkey cache persistence file

* Add more comments

* Integrate persistence file into builder

* Add pubkey cache tests

* Add data_dir to beacon chain builder

* Remove Option in pubkey cache persistence file

* Ensure consistency between datadir/data_dir

* Fix failing network test

* Tidy

* Fix todos

* Improve tests

* Split up block processing metrics

* Tidy

* Refactor get_pubkey_from_state

* Remove commented-out code

* Add BeaconChain::validator_pubkey

* Update milagro_bls

Signed-off-by: Kirk Baird <baird.k@outlook.com>

* Cargo fmt

Signed-off-by: Kirk Baird <baird.k@outlook.com>

* Use Option::filter

* Remove Box

* Comment out tests that fail due to hard-coded

* Fix fake crypto

Signed-off-by: Kirk Baird <baird.k@outlook.com>

* Fix Cow::Borrowed

Signed-off-by: Kirk Baird <baird.k@outlook.com>

* Cargo fmt

Signed-off-by: Kirk Baird <baird.k@outlook.com>

Co-authored-by: Michael Sproul <michael@sigmaprime.io>
Co-authored-by: Michael Sproul <micsproul@gmail.com>
Co-authored-by: pawan <pawandhananjay@gmail.com>
Co-authored-by: Paul Hauner <paul@paulhauner.com>

eth2/utils/bls/src/aggregate_signature.rs

@@ -1,8 +1,5 @@
 use super::*;
-use milagro_bls::{
-    AggregatePublicKey as RawAggregatePublicKey, AggregateSignature as RawAggregateSignature,
-    G2Point,
-};
+use milagro_bls::{AggregateSignature as RawAggregateSignature, G2Point};
 use serde::de::{Deserialize, Deserializer};
 use serde::ser::{Serialize, Serializer};
 use serde_hex::{encode as hex_encode, PrefixedHexVisitor};
@@ -32,16 +29,19 @@ impl AggregateSignature {
 
     /// Add (aggregate) a signature to the `AggregateSignature`.
     pub fn add(&mut self, signature: &Signature) {
-        if self.is_empty {
-            self.aggregate_signature = RawAggregateSignature::new();
-            self.is_empty = false;
-        }
+        // Only empty if both are empty
+        self.is_empty = self.is_empty && signature.is_empty();
 
+        // Note: empty signatures will have point at infinity which is equivalent of adding 0.
         self.aggregate_signature.add(signature.as_raw())
     }
 
     /// Add (aggregate) another `AggregateSignature`.
     pub fn add_aggregate(&mut self, agg_signature: &AggregateSignature) {
+        // Only empty if both are empty
+        self.is_empty = self.is_empty && agg_signature.is_empty();
+
+        // Note: empty signatures will have point at infinity which is equivalent of adding 0.
         self.aggregate_signature
             .add_aggregate(&agg_signature.aggregate_signature)
     }
@@ -55,32 +55,32 @@ impl AggregateSignature {
             return false;
         }
         self.aggregate_signature
-            .verify(msg, aggregate_public_key.as_raw())
+            .fast_aggregate_verify_pre_aggregated(msg, aggregate_public_key.as_raw())
     }
 
-    /// Verify this AggregateSignature against multiple AggregatePublickeys with multiple Messages.
+    /// Verify the `AggregateSignature` against an `AggregatePublicKey`.
     ///
-    ///  All PublicKeys related to a Message should be aggregated into one AggregatePublicKey.
-    ///  Each AggregatePublicKey has a 1:1 ratio with a 32 byte Message.
-    pub fn verify_multiple(
-        &self,
-        messages: &[&[u8]],
-        aggregate_public_keys: &[&AggregatePublicKey],
-    ) -> bool {
+    /// Only returns `true` if the set of keys in the `AggregatePublicKey` match the set of keys
+    /// that signed the `AggregateSignature`.
+    pub fn verify_unaggregated(&self, msg: &[u8], public_keys: &[&PublicKey]) -> bool {
         if self.is_empty {
             return false;
         }
-        let aggregate_public_keys: Vec<&RawAggregatePublicKey> =
-            aggregate_public_keys.iter().map(|pk| pk.as_raw()).collect();
-
-        // Messages are concatenated into one long message.
-        let mut msgs: Vec<Vec<u8>> = vec![];
-        for message in messages {
-            msgs.push(message.to_vec());
-        }
-
+        let public_key_refs: Vec<_> = public_keys.iter().map(|pk| pk.as_raw()).collect();
         self.aggregate_signature
-            .verify_multiple(&msgs, &aggregate_public_keys[..])
+            .fast_aggregate_verify(msg, &public_key_refs)
+    }
+
+    /// Verify this AggregateSignature against multiple AggregatePublickeys and Messages.
+    ///
+    /// Each AggregatePublicKey has a 1:1 ratio with a 32 byte Message.
+    pub fn verify_multiple(&self, messages: &[&[u8]], public_keys: &[&PublicKey]) -> bool {
+        if self.is_empty {
+            return false;
+        }
+        let public_keys_refs: Vec<_> = public_keys.iter().map(|pk| pk.as_raw()).collect();
+        self.aggregate_signature
+            .aggregate_verify(&messages, &public_keys_refs)
     }
 
     /// Return AggregateSignature as bytes