Optionally skip RANDAO verification during block production (#3116)

## Proposed Changes

Allow Lighthouse to speculatively create blocks via the `/eth/v1/validators/blocks` endpoint by optionally skipping the RANDAO verification that we introduced in #2740. When `verify_randao=false` is passed as a query parameter the `randao_reveal` is not required to be present, and if present will only be lightly checked (must be a valid BLS sig). If `verify_randao` is omitted it defaults to true and Lighthouse behaves exactly as it did previously, hence this PR is backwards-compatible.

I'd like to get this change into `unstable` pretty soon as I've got 3 projects building on top of it:

- [`blockdreamer`](https://github.com/michaelsproul/blockdreamer), which mocks block production every slot in order to fingerprint clients
- analysis of Lighthouse's block packing _optimality_, which uses `blockdreamer` to extract interesting instances of the attestation packing problem
- analysis of Lighthouse's block packing _performance_ (as in speed) on the `tree-states` branch

## Additional Info

Having tested `blockdreamer` with Prysm, Nimbus and Teku I noticed that none of them verify the randao signature on `/eth/v1/validator/blocks`. I plan to open a PR to the `beacon-APIs` repo anyway so that this parameter can be standardised in case the other clients add RANDAO verification by default in future.

beacon_node/beacon_chain/src/beacon_chain.rs

@@ -147,6 +147,12 @@ pub enum ChainSegmentResult<T: EthSpec> {
     },
 }
 
+/// Configure the signature verification of produced blocks.
+pub enum ProduceBlockVerification {
+    VerifyRandao,
+    NoVerification,
+}
+
 /// The accepted clock drift for nodes gossiping blocks and attestations. See:
 ///
 /// https://github.com/ethereum/eth2.0-specs/blob/v0.12.1/specs/phase0/p2p-interface.md#configuration
@@ -2891,6 +2897,22 @@ impl<T: BeaconChainTypes> BeaconChain<T> {
         randao_reveal: Signature,
         slot: Slot,
         validator_graffiti: Option<Graffiti>,
+    ) -> Result<BeaconBlockAndState<T::EthSpec>, BlockProductionError> {
+        self.produce_block_with_verification(
+            randao_reveal,
+            slot,
+            validator_graffiti,
+            ProduceBlockVerification::VerifyRandao,
+        )
+    }
+
+    /// Same as `produce_block` but allowing for configuration of RANDAO-verification.
+    pub fn produce_block_with_verification(
+        &self,
+        randao_reveal: Signature,
+        slot: Slot,
+        validator_graffiti: Option<Graffiti>,
+        verification: ProduceBlockVerification,
     ) -> Result<BeaconBlockAndState<T::EthSpec>, BlockProductionError> {
         metrics::inc_counter(&metrics::BLOCK_PRODUCTION_REQUESTS);
         let _complete_timer = metrics::start_timer(&metrics::BLOCK_PRODUCTION_TIMES);
@@ -2948,6 +2970,7 @@ impl<T: BeaconChainTypes> BeaconChain<T> {
             slot,
             randao_reveal,
             validator_graffiti,
+            verification,
         )
     }
 
@@ -2970,6 +2993,7 @@ impl<T: BeaconChainTypes> BeaconChain<T> {
         produce_at_slot: Slot,
         randao_reveal: Signature,
         validator_graffiti: Option<Graffiti>,
+        verification: ProduceBlockVerification,
     ) -> Result<BeaconBlockAndState<T::EthSpec>, BlockProductionError> {
         let eth1_chain = self
             .eth1_chain
@@ -3160,11 +3184,15 @@ impl<T: BeaconChainTypes> BeaconChain<T> {
         }
 
         let process_timer = metrics::start_timer(&metrics::BLOCK_PRODUCTION_PROCESS_TIMES);
+        let signature_strategy = match verification {
+            ProduceBlockVerification::VerifyRandao => BlockSignatureStrategy::VerifyRandao,
+            ProduceBlockVerification::NoVerification => BlockSignatureStrategy::NoVerification,
+        };
         per_block_processing(
             &mut state,
             &block,
             None,
-            BlockSignatureStrategy::VerifyRandao,
+            signature_strategy,
             VerifyBlockRoot::True,
             &self.spec,
         )?;

beacon_node/beacon_chain/src/lib.rs

@@ -41,8 +41,8 @@ mod validator_pubkey_cache;
 
 pub use self::beacon_chain::{
     AttestationProcessingOutcome, BeaconChain, BeaconChainTypes, BeaconStore, ChainSegmentResult,
-    ForkChoiceError, HeadInfo, HeadSafetyStatus, StateSkipConfig, WhenSlotSkipped,
-    INVALID_JUSTIFIED_PAYLOAD_SHUTDOWN_REASON, MAXIMUM_GOSSIP_CLOCK_DISPARITY,
+    ForkChoiceError, HeadInfo, HeadSafetyStatus, ProduceBlockVerification, StateSkipConfig,
+    WhenSlotSkipped, INVALID_JUSTIFIED_PAYLOAD_SHUTDOWN_REASON, MAXIMUM_GOSSIP_CLOCK_DISPARITY,
 };
 pub use self::beacon_snapshot::BeaconSnapshot;
 pub use self::chain_config::ChainConfig;

beacon_node/beacon_chain/src/test_utils.rs

@@ -2,7 +2,7 @@ pub use crate::persisted_beacon_chain::PersistedBeaconChain;
 pub use crate::{
     beacon_chain::{BEACON_CHAIN_DB_KEY, ETH1_CACHE_DB_KEY, FORK_CHOICE_DB_KEY, OP_POOL_DB_KEY},
     migrate::MigratorConfig,
-    BeaconChainError,
+    BeaconChainError, ProduceBlockVerification,
 };
 use crate::{
     builder::{BeaconChainBuilder, Witness},
@@ -604,7 +604,14 @@ where
 
         let (block, state) = self
             .chain
-            .produce_block_on_state(state, None, slot, randao_reveal, Some(graffiti))
+            .produce_block_on_state(
+                state,
+                None,
+                slot,
+                randao_reveal,
+                Some(graffiti),
+                ProduceBlockVerification::VerifyRandao,
+            )
             .unwrap();
 
         let signed_block = block.sign(
@@ -658,7 +665,14 @@ where
 
         let (block, state) = self
             .chain
-            .produce_block_on_state(state, None, slot, randao_reveal, Some(graffiti))
+            .produce_block_on_state(
+                state,
+                None,
+                slot,
+                randao_reveal,
+                Some(graffiti),
+                ProduceBlockVerification::VerifyRandao,
+            )
             .unwrap();
 
         let signed_block = block.sign(