Bulk signature verification (#507)

* Add basic block processing benches

* Start reviving state processing benches

* Fix old block builders

* Add optimization for faster pubkey add

* Tidy benches, add another

* Add extra block processing bench

* Start working on faster BLS scheme

* Add partially complete sig verify optimization

* Add .gitignore to state processing

* Add progress on faster signature verification

* Fix SignatureSet for fake_crypto

* Tidy attester slashings sig set

* Tidy bulk signature verifier

* Refactor signature sets to be cleaner

* Start threading SignatureStrategy through code

* Add (empty) test dir

* Move BenchingBlockBuilder

* Add initial block signature verification tests

* Add tests for bulk signature verification

* Start threading SignatureStrategy in block proc.

* Refactor per_block_processing errors

* Use sig set tuples instead of lists of two

* Remove dead code

* Thread VerifySignatures through per_block_processing

* Add bulk signature verification

* Introduce parallel bulk signature verification

* Expand state processing benches

* Fix additional compile errors

* Fix issue where par iter chunks is 0

* Update milagro_bls dep

* Remove debugs, code fragment in beacon chain

* Tidy, add comments to block sig verifier

* Fix various PR comments

* Add block_root option to per_block_processing

* Fix comment in block signature verifier

* Fix comments from PR review

* Remove old comment

* Fix comment

eth2/utils/bls/src/aggregate_public_key.rs

@@ -1,5 +1,5 @@
 use super::PublicKey;
-use milagro_bls::AggregatePublicKey as RawAggregatePublicKey;
+use milagro_bls::{AggregatePublicKey as RawAggregatePublicKey, G1Point};
 
 /// A BLS aggregate public key.
 ///
@@ -13,15 +13,31 @@ impl AggregatePublicKey {
         AggregatePublicKey(RawAggregatePublicKey::new())
     }
 
+    pub fn add_without_affine(&mut self, public_key: &PublicKey) {
+        self.0.point.add(&public_key.as_raw().point)
+    }
+
+    pub fn affine(&mut self) {
+        self.0.point.affine()
+    }
+
     pub fn add(&mut self, public_key: &PublicKey) {
         self.0.add(public_key.as_raw())
     }
 
+    pub fn add_point(&mut self, point: &G1Point) {
+        self.0.point.add(point)
+    }
+
     /// Returns the underlying public key.
     pub fn as_raw(&self) -> &RawAggregatePublicKey {
         &self.0
     }
 
+    pub fn into_raw(self) -> RawAggregatePublicKey {
+        self.0
+    }
+
     /// Return a hex string representation of this key's bytes.
     #[cfg(test)]
     pub fn as_hex_string(&self) -> String {

eth2/utils/bls/src/aggregate_signature.rs

@@ -1,6 +1,7 @@
 use super::*;
 use milagro_bls::{
     AggregatePublicKey as RawAggregatePublicKey, AggregateSignature as RawAggregateSignature,
+    G2Point,
 };
 use serde::de::{Deserialize, Deserializer};
 use serde::ser::{Serialize, Serializer};
@@ -76,13 +77,13 @@ impl AggregateSignature {
             aggregate_public_keys.iter().map(|pk| pk.as_raw()).collect();
 
         // Messages are concatenated into one long message.
-        let mut msg: Vec<u8> = vec![];
+        let mut msgs: Vec<Vec<u8>> = vec![];
         for message in messages {
-            msg.extend_from_slice(message);
+            msgs.push(message.to_vec());
         }
 
         self.aggregate_signature
-            .verify_multiple(&msg[..], domain, &aggregate_public_keys[..])
+            .verify_multiple(&msgs, domain, &aggregate_public_keys[..])
     }
 
     /// Return AggregateSignature as bytes
@@ -112,6 +113,19 @@ impl AggregateSignature {
         Ok(Self::empty_signature())
     }
 
+    /// Returns the underlying signature.
+    pub fn as_raw(&self) -> &RawAggregateSignature {
+        &self.aggregate_signature
+    }
+
+    /// Returns the underlying signature.
+    pub fn from_point(point: G2Point) -> Self {
+        Self {
+            aggregate_signature: RawAggregateSignature { point },
+            is_empty: false,
+        }
+    }
+
     /// Returns if the AggregateSignature `is_empty`
     pub fn is_empty(&self) -> bool {
         self.is_empty

eth2/utils/bls/src/fake_aggregate_public_key.rs

@@ -1,4 +1,5 @@
 use super::{PublicKey, BLS_PUBLIC_KEY_BYTE_SIZE};
+use milagro_bls::G1Point;
 
 /// A BLS aggregate public key.
 ///
@@ -7,6 +8,8 @@ use super::{PublicKey, BLS_PUBLIC_KEY_BYTE_SIZE};
 #[derive(Debug, Clone, Default)]
 pub struct FakeAggregatePublicKey {
     bytes: Vec<u8>,
+    /// Never used, only use for compatibility with "real" `AggregatePublicKey`.
+    pub point: G1Point,
 }
 
 impl FakeAggregatePublicKey {
@@ -14,10 +17,19 @@ impl FakeAggregatePublicKey {
         Self::zero()
     }
 
+    pub fn add_without_affine(&mut self, _public_key: &PublicKey) {
+        // No nothing.
+    }
+
+    pub fn affine(&mut self) {
+        // No nothing.
+    }
+
     /// Creates a new all-zero's aggregate public key
     pub fn zero() -> Self {
         Self {
             bytes: vec![0; BLS_PUBLIC_KEY_BYTE_SIZE],
+            point: G1Point::new(),
         }
     }
 
@@ -25,10 +37,18 @@ impl FakeAggregatePublicKey {
         // No nothing.
     }
 
-    pub fn as_raw(&self) -> &FakeAggregatePublicKey {
+    pub fn add_point(&mut self, _point: &G1Point) {
+        // No nothing.
+    }
+
+    pub fn as_raw(&self) -> &Self {
         &self
     }
 
+    pub fn into_raw(self) -> Self {
+        self
+    }
+
     pub fn as_bytes(&self) -> Vec<u8> {
         self.bytes.clone()
     }

eth2/utils/bls/src/fake_aggregate_signature.rs

@@ -2,6 +2,7 @@ use super::{
     fake_aggregate_public_key::FakeAggregatePublicKey, fake_signature::FakeSignature,
     BLS_AGG_SIG_BYTE_SIZE,
 };
+use milagro_bls::G2Point;
 use serde::de::{Deserialize, Deserializer};
 use serde::ser::{Serialize, Serializer};
 use serde_hex::{encode as hex_encode, PrefixedHexVisitor};
@@ -14,6 +15,8 @@ use ssz::{ssz_encode, Decode, DecodeError, Encode};
 #[derive(Debug, PartialEq, Clone, Default, Eq)]
 pub struct FakeAggregateSignature {
     bytes: Vec<u8>,
+    /// Never used, only use for compatibility with "real" `AggregateSignature`.
+    pub point: G2Point,
 }
 
 impl FakeAggregateSignature {
@@ -26,9 +29,14 @@ impl FakeAggregateSignature {
     pub fn zero() -> Self {
         Self {
             bytes: vec![0; BLS_AGG_SIG_BYTE_SIZE],
+            point: G2Point::new(),
         }
     }
 
+    pub fn as_raw(&self) -> &Self {
+        &self
+    }
+
     /// Does glorious nothing.
     pub fn add(&mut self, _signature: &FakeSignature) {
         // Do nothing.
@@ -69,6 +77,7 @@ impl FakeAggregateSignature {
         } else {
             Ok(Self {
                 bytes: bytes.to_vec(),
+                point: G2Point::new(),
             })
         }
     }

eth2/utils/bls/src/fake_public_key.rs

@@ -1,4 +1,5 @@
 use super::{SecretKey, BLS_PUBLIC_KEY_BYTE_SIZE};
+use milagro_bls::G1Point;
 use serde::de::{Deserialize, Deserializer};
 use serde::ser::{Serialize, Serializer};
 use serde_hex::{encode as hex_encode, HexVisitor};
@@ -14,6 +15,8 @@ use std::hash::{Hash, Hasher};
 #[derive(Debug, Clone, Eq)]
 pub struct FakePublicKey {
     bytes: Vec<u8>,
+    /// Never used, only use for compatibility with "real" `PublicKey`.
+    pub point: G1Point,
 }
 
 impl FakePublicKey {
@@ -25,6 +28,7 @@ impl FakePublicKey {
     pub fn zero() -> Self {
         Self {
             bytes: vec![0; BLS_PUBLIC_KEY_BYTE_SIZE],
+            point: G1Point::new(),
         }
     }
 
@@ -39,6 +43,7 @@ impl FakePublicKey {
     pub fn from_bytes(bytes: &[u8]) -> Result<Self, DecodeError> {
         Ok(Self {
             bytes: bytes.to_vec(),
+            point: G1Point::new(),
         })
     }
 

eth2/utils/bls/src/fake_signature.rs

@@ -1,5 +1,6 @@
 use super::{PublicKey, SecretKey, BLS_SIG_BYTE_SIZE};
 use hex::encode as hex_encode;
+use milagro_bls::G2Point;
 use serde::de::{Deserialize, Deserializer};
 use serde::ser::{Serialize, Serializer};
 use serde_hex::HexVisitor;
@@ -13,6 +14,8 @@ use ssz::{ssz_encode, Decode, DecodeError, Encode};
 pub struct FakeSignature {
     bytes: Vec<u8>,
     is_empty: bool,
+    /// Never used, only use for compatibility with "real" `Signature`.
+    pub point: G2Point,
 }
 
 impl FakeSignature {
@@ -26,6 +29,7 @@ impl FakeSignature {
         Self {
             bytes: vec![0; BLS_SIG_BYTE_SIZE],
             is_empty: true,
+            point: G2Point::new(),
         }
     }
 
@@ -39,6 +43,10 @@ impl FakeSignature {
         true
     }
 
+    pub fn as_raw(&self) -> &Self {
+        &self
+    }
+
     /// _Always_ returns true.
     pub fn verify_hashed(
         &self,
@@ -61,6 +69,7 @@ impl FakeSignature {
             Ok(Self {
                 bytes: bytes.to_vec(),
                 is_empty,
+                point: G2Point::new(),
             })
         }
     }

eth2/utils/bls/src/lib.rs

@@ -7,12 +7,14 @@ mod keypair;
 mod public_key_bytes;
 mod secret_key;
 mod signature_bytes;
+mod signature_set;
 
 pub use crate::keypair::Keypair;
 pub use crate::public_key_bytes::PublicKeyBytes;
 pub use crate::secret_key::SecretKey;
 pub use crate::signature_bytes::SignatureBytes;
-pub use milagro_bls::{compress_g2, hash_on_g2};
+pub use milagro_bls::{compress_g2, hash_on_g2, G1Point};
+pub use signature_set::{verify_signature_sets, SignatureSet, SignedMessage};
 
 #[cfg(feature = "fake_crypto")]
 mod fake_aggregate_public_key;

eth2/utils/bls/src/signature_set.rs

@@ -0,0 +1,193 @@
+use crate::{AggregatePublicKey, AggregateSignature, PublicKey, Signature};
+use milagro_bls::{G1Point, G2Point};
+
+#[cfg(not(feature = "fake_crypto"))]
+use milagro_bls::AggregateSignature as RawAggregateSignature;
+
+type Message = Vec<u8>;
+type Domain = u64;
+
+#[derive(Clone)]
+pub struct SignedMessage<'a> {
+    signing_keys: Vec<&'a G1Point>,
+    message: Message,
+}
+
+impl<'a> SignedMessage<'a> {
+    pub fn new<T>(signing_keys: Vec<&'a T>, message: Message) -> Self
+    where
+        T: G1Ref,
+    {
+        Self {
+            signing_keys: signing_keys.iter().map(|k| k.g1_ref()).collect(),
+            message,
+        }
+    }
+}
+
+#[derive(Clone)]
+pub struct SignatureSet<'a> {
+    pub signature: &'a G2Point,
+    signed_messages: Vec<SignedMessage<'a>>,
+    domain: Domain,
+}
+
+impl<'a> SignatureSet<'a> {
+    pub fn single<S, T>(
+        signature: &'a S,
+        signing_key: &'a T,
+        message: Message,
+        domain: Domain,
+    ) -> Self
+    where
+        T: G1Ref,
+        S: G2Ref,
+    {
+        Self {
+            signature: signature.g2_ref(),
+            signed_messages: vec![SignedMessage::new(vec![signing_key], message)],
+            domain,
+        }
+    }
+
+    pub fn dual<S, T>(
+        signature: &'a S,
+        message_0: Message,
+        message_0_signing_keys: Vec<&'a T>,
+        message_1: Message,
+        message_1_signing_keys: Vec<&'a T>,
+        domain: Domain,
+    ) -> Self
+    where
+        T: G1Ref,
+        S: G2Ref,
+    {
+        Self {
+            signature: signature.g2_ref(),
+            signed_messages: vec![
+                SignedMessage::new(message_0_signing_keys, message_0),
+                SignedMessage::new(message_1_signing_keys, message_1),
+            ],
+            domain,
+        }
+    }
+
+    pub fn new<S>(signature: &'a S, signed_messages: Vec<SignedMessage<'a>>, domain: Domain) -> Self
+    where
+        S: G2Ref,
+    {
+        Self {
+            signature: signature.g2_ref(),
+            signed_messages,
+            domain,
+        }
+    }
+
+    pub fn is_valid(&self) -> bool {
+        let sig = milagro_bls::AggregateSignature {
+            point: self.signature.clone(),
+        };
+
+        let mut messages: Vec<Vec<u8>> = vec![];
+        let mut pubkeys = vec![];
+
+        self.signed_messages.iter().for_each(|signed_message| {
+            messages.push(signed_message.message.clone());
+
+            let point = if signed_message.signing_keys.len() == 1 {
+                signed_message.signing_keys[0].clone()
+            } else {
+                aggregate_public_keys(&signed_message.signing_keys)
+            };
+
+            pubkeys.push(milagro_bls::AggregatePublicKey { point });
+        });
+
+        let pubkey_refs: Vec<&milagro_bls::AggregatePublicKey> =
+            pubkeys.iter().map(std::borrow::Borrow::borrow).collect();
+
+        sig.verify_multiple(&messages, self.domain, &pubkey_refs)
+    }
+}
+
+#[cfg(not(feature = "fake_crypto"))]
+pub fn verify_signature_sets<'a>(iter: impl Iterator<Item = SignatureSet<'a>>) -> bool {
+    let rng = &mut rand::thread_rng();
+    RawAggregateSignature::verify_multiple_signatures(rng, iter.map(Into::into))
+}
+
+#[cfg(feature = "fake_crypto")]
+pub fn verify_signature_sets<'a>(_iter: impl Iterator<Item = SignatureSet<'a>>) -> bool {
+    true
+}
+
+type VerifySet<'a> = (G2Point, Vec<G1Point>, Vec<Vec<u8>>, u64);
+
+impl<'a> Into<VerifySet<'a>> for SignatureSet<'a> {
+    fn into(self) -> VerifySet<'a> {
+        let signature = self.signature.clone();
+
+        let (pubkeys, messages): (Vec<G1Point>, Vec<Message>) = self
+            .signed_messages
+            .into_iter()
+            .map(|signed_message| {
+                let key = if signed_message.signing_keys.len() == 1 {
+                    signed_message.signing_keys[0].clone()
+                } else {
+                    aggregate_public_keys(&signed_message.signing_keys)
+                };
+
+                (key, signed_message.message)
+            })
+            .unzip();
+
+        (signature, pubkeys, messages, self.domain)
+    }
+}
+
+/// Create an aggregate public key for a list of validators, failing if any key can't be found.
+fn aggregate_public_keys<'a>(public_keys: &'a [&'a G1Point]) -> G1Point {
+    let mut aggregate =
+        public_keys
+            .iter()
+            .fold(AggregatePublicKey::new(), |mut aggregate, &pubkey| {
+                aggregate.add_point(pubkey);
+                aggregate
+            });
+
+    aggregate.affine();
+
+    aggregate.into_raw().point
+}
+
+pub trait G1Ref {
+    fn g1_ref(&self) -> &G1Point;
+}
+
+impl G1Ref for AggregatePublicKey {
+    fn g1_ref(&self) -> &G1Point {
+        &self.as_raw().point
+    }
+}
+
+impl G1Ref for PublicKey {
+    fn g1_ref(&self) -> &G1Point {
+        &self.as_raw().point
+    }
+}
+
+pub trait G2Ref {
+    fn g2_ref(&self) -> &G2Point;
+}
+
+impl G2Ref for AggregateSignature {
+    fn g2_ref(&self) -> &G2Point {
+        &self.as_raw().point
+    }
+}
+
+impl G2Ref for Signature {
+    fn g2_ref(&self) -> &G2Point {
+        &self.as_raw().point
+    }
+}