From 65d3c6aeb68ecd5b168929ccedc877bad197988e Mon Sep 17 00:00:00 2001 From: Jacek Sieka Date: Tue, 7 Feb 2023 10:55:51 +0100 Subject: [PATCH 01/46] Free the blobs This PR reintroduces and further decouples blocks and blobs in EIP-4844, so as to improve network and processing performance. Block and blob processing, for the purpose of gossip validation, are independent: they can both be propagated and gossip-validated in parallel - the decoupled design allows 4 important optimizations (or, if you are so inclined, removes 4 unnecessary pessimizations): * Blocks and blobs travel on independent meshes allowing for better parallelization and utilization of high-bandwidth peers * Re-broadcasting after validation can start earlier allowing more efficient use of upload bandwidth - blocks for example can be rebroadcast to peers while blobs are still being downloaded * bandwidth-reduction techniques such as per-peer deduplication are more efficient because of the smaller message size * gossip verification happens independently for blocks and blobs, allowing better sharing / use of CPU and I/O resources in clients With growing block sizes and additional blob data to stream, the network streaming time becomes a dominant factor in propagation times - on a 100mbit line, streaming 1mb to 8 peers takes ~1s - this process is repeated for each hop in both incoming and outgoing directions. This design in particular sends each blob on a separate subnet, thus maximising the potential for parallelisation and providing a natural path for growing the number of blobs per block should the network be judged to be able to handle it. Changes compared to the current design include: * `BlobsSidecar` is split into individual `BlobSidecar` containers - each container is signed individually by the proposer * the signature is used during gossip validation but later dropped. * KZG commitment verification is moved out of the gossip pipeline and instead done before fork choice addition, when both block and sidecars have arrived * clients may verify individual blob commitments earlier * more generally and similar to block verification, gossip propagation is performed solely based on trivial consistency checks and proposer signature verification * by-root blob requests are done per-blob, so as to retain the ability to fill in blobs one-by-one assuming clients generally receive blobs from gossip * by-range blob requests are done per-block, so as to simplify historical sync * range and root requests are limited to `128` entries for both blocks and blobs - practically, the current higher limit of `1024` for blocks does not get used and keeping the limits consistent simplifies implementation - with the merge, block sizes have grown significantly and clients generally fetch smaller chunks. --- specs/eip4844/beacon-chain.md | 5 +- specs/eip4844/fork-choice.md | 39 +++------ specs/eip4844/p2p-interface.md | 147 ++++++++++++++++++++------------- specs/eip4844/validator.md | 33 ++++---- 4 files changed, 124 insertions(+), 100 deletions(-) diff --git a/specs/eip4844/beacon-chain.md b/specs/eip4844/beacon-chain.md index f681ab951e..145710a890 100644 --- a/specs/eip4844/beacon-chain.md +++ b/specs/eip4844/beacon-chain.md @@ -44,6 +44,7 @@ This upgrade adds blobs to the beacon chain as part of EIP-4844. This is an exte | Name | SSZ equivalent | Description | | - | - | - | | `VersionedHash` | `Bytes32` | | +| `BlobIndex` | `uint64` | | ## Constants @@ -52,7 +53,7 @@ This upgrade adds blobs to the beacon chain as part of EIP-4844. This is an exte | Name | Value | | - | - | | `BLOB_TX_TYPE` | `uint8(0x05)` | -| `VERSIONED_HASH_VERSION_KZG` | `Bytes1('0x01')` | +| `VERSIONED_HASH_VERSION_KZG` | `Bytes1('0x01')` | ## Preset @@ -249,7 +250,7 @@ def process_blob_kzg_commitments(state: BeaconState, body: BeaconBlockBody) -> N *Note*: The function `initialize_beacon_state_from_eth1` is modified for pure EIP-4844 testing only. -The `BeaconState` initialization is unchanged, except for the use of the updated `eip4844.BeaconBlockBody` type +The `BeaconState` initialization is unchanged, except for the use of the updated `eip4844.BeaconBlockBody` type when initializing the first body-root. ```python diff --git a/specs/eip4844/fork-choice.md b/specs/eip4844/fork-choice.md index 8dea28dedc..3e909423e9 100644 --- a/specs/eip4844/fork-choice.md +++ b/specs/eip4844/fork-choice.md @@ -7,9 +7,8 @@ - [Introduction](#introduction) - [Containers](#containers) - - [`BlobsSidecar`](#blobssidecar) - [Helpers](#helpers) - - [`validate_blobs_sidecar`](#validate_blobs_sidecar) + - [`validate_blob_sidecars`](#validate_blob_sidecars) - [`is_data_available`](#is_data_available) - [Updated fork-choice handlers](#updated-fork-choice-handlers) - [`on_block`](#on_block) @@ -23,54 +22,42 @@ This is the modification of the fork choice accompanying the EIP-4844 upgrade. ## Containers -### `BlobsSidecar` - -```python -class BlobsSidecar(Container): - beacon_block_root: Root - beacon_block_slot: Slot - blobs: List[Blob, MAX_BLOBS_PER_BLOCK] - kzg_aggregated_proof: KZGProof -``` - ## Helpers -#### `validate_blobs_sidecar` +#### `validate_blob_sidecars` ```python -def validate_blobs_sidecar(slot: Slot, +def validate_blob_sidecars(slot: Slot, beacon_block_root: Root, expected_kzg_commitments: Sequence[KZGCommitment], - blobs_sidecar: BlobsSidecar) -> None: + blob_sidecars: Sequence[BlobSidecar]) -> None: assert slot == blobs_sidecar.beacon_block_slot assert beacon_block_root == blobs_sidecar.beacon_block_root - blobs = blobs_sidecar.blobs - kzg_aggregated_proof = blobs_sidecar.kzg_aggregated_proof - assert len(expected_kzg_commitments) == len(blobs) - - assert verify_aggregate_kzg_proof(blobs, expected_kzg_commitments, kzg_aggregated_proof) + assert len(expected_kzg_commitments) == len(blob_sidecars) + # TODO validate commitments individually or aggregate first? + # assert verify_aggregate_kzg_proof(blobs, expected_kzg_commitments, kzg_aggregated_proof) ``` #### `is_data_available` The implementation of `is_data_available` will become more sophisticated during later scaling upgrades. -Initially, verification requires every verifying actor to retrieve the matching `BlobsSidecar`, -and validate the sidecar with `validate_blobs_sidecar`. +Initially, verification requires every verifying actor to retrieve all matching `BlobSidecar`s, +and validate the sidecar with `validate_blob_sidecars`. -The block MUST NOT be considered valid until a valid `BlobsSidecar` has been downloaded. Blocks that have been previously validated as available SHOULD be considered available even if the associated `BlobsSidecar` has subsequently been pruned. +The block MUST NOT be considered valid until all valid `BlobSidecar`s have been downloaded. Blocks that have been previously validated as available SHOULD be considered available even if the associated `BlobSidecar`s has subsequently been pruned. ```python def is_data_available(slot: Slot, beacon_block_root: Root, blob_kzg_commitments: Sequence[KZGCommitment]) -> bool: # `retrieve_blobs_sidecar` is implementation and context dependent, raises an exception if not available. # Note: the p2p network does not guarantee sidecar retrieval outside of `MIN_EPOCHS_FOR_BLOBS_SIDECARS_REQUESTS` - sidecar = retrieve_blobs_sidecar(slot, beacon_block_root) + sidecars = retrieve_blob_sidecars(slot, beacon_block_root) # For testing, `retrieve_blobs_sidecar` returns "TEST". # TODO: Remove it once we have a way to inject `BlobsSidecar` into tests. if isinstance(sidecar, str): return True - validate_blobs_sidecar(slot, beacon_block_root, blob_kzg_commitments, sidecar) + validate_blob_sidecars(slot, beacon_block_root, blob_kzg_commitments, sidecars) return True ``` @@ -102,7 +89,7 @@ def on_block(store: Store, signed_block: SignedBeaconBlock) -> None: # [New in EIP-4844] # Check if blob data is available # If not, this block MAY be queued and subsequently considered when blob data becomes available - assert is_data_available(block.slot, hash_tree_root(block), block.body.blob_kzg_commitments) + assert is_data_available(block.slot, hash_tree_root(block), block.body.blob_kzg_commitments) # Check the block is valid and compute the post-state state = pre_state.copy() diff --git a/specs/eip4844/p2p-interface.md b/specs/eip4844/p2p-interface.md index ae9380f7a8..94821a82cb 100644 --- a/specs/eip4844/p2p-interface.md +++ b/specs/eip4844/p2p-interface.md @@ -10,23 +10,22 @@ The specification of these changes continues in the same format as the network s - - [Configuration](#configuration) - - [Containers](#containers) - - [`SignedBeaconBlockAndBlobsSidecar`](#signedbeaconblockandblobssidecar) - - [The gossip domain: gossipsub](#the-gossip-domain-gossipsub) - - [Topics and messages](#topics-and-messages) - - [Global topics](#global-topics) - - [`beacon_block`](#beacon_block) - - [`beacon_block_and_blobs_sidecar`](#beacon_block_and_blobs_sidecar) - - [Transitioning the gossip](#transitioning-the-gossip) - - [The Req/Resp domain](#the-reqresp-domain) - - [Messages](#messages) - - [BeaconBlocksByRange v2](#beaconblocksbyrange-v2) - - [BeaconBlocksByRoot v2](#beaconblocksbyroot-v2) - - [BeaconBlockAndBlobsSidecarByRoot v1](#beaconblockandblobssidecarbyroot-v1) - - [BlobsSidecarsByRange v1](#blobssidecarsbyrange-v1) -- [Design decision rationale](#design-decision-rationale) - - [Why are blobs relayed as a sidecar, separate from beacon blocks?](#why-are-blobs-relayed-as-a-sidecar-separate-from-beacon-blocks) +- [Configuration](#configuration) +- [Containers](#containers) + - [`BlobSidecar`](#blobsidecar) + - [`SignedBlobSidecar`](#signedblobsidecar) +- [The gossip domain: gossipsub](#the-gossip-domain-gossipsub) + - [Topics and messages](#topics-and-messages) + - [Global topics](#global-topics) + - [`beacon_block`](#beacon_block) + - [`blob_sidecar_{index}`](#blob_sidecar_index) + - [Transitioning the gossip](#transitioning-the-gossip) +- [The Req/Resp domain](#the-reqresp-domain) + - [Messages](#messages) + - [BeaconBlocksByRange v2](#beaconblocksbyrange-v2) + - [BeaconBlocksByRoot v2](#beaconblocksbyroot-v2) + - [BlobSidecarsByRoot v1](#blobsidecarsbyroot-v1) + - [BlobsSidecarsByRange v1](#blobssidecarsbyrange-v1) @@ -35,17 +34,31 @@ The specification of these changes continues in the same format as the network s | Name | Value | Description | |------------------------------------------|-----------------------------------|---------------------------------------------------------------------| -| `MAX_REQUEST_BLOBS_SIDECARS` | `2**7` (= 128) | Maximum number of blobs sidecars in a single request | +| `MAX_REQUEST_BLOCKS_EIP4844` | `2**7` (= 128) | Maximum number of blocks in a single request | | `MIN_EPOCHS_FOR_BLOBS_SIDECARS_REQUESTS` | `2**12` (= 4096 epochs, ~18 days) | The minimum epoch range over which a node must serve blobs sidecars | ## Containers -### `SignedBeaconBlockAndBlobsSidecar` +### `BlobSidecar` ```python -class SignedBeaconBlockAndBlobsSidecar(Container): - beacon_block: SignedBeaconBlock - blobs_sidecar: BlobsSidecar +class BlobSidecar(Container): + block_root: Root + index: BlobIndex # Index of blob in block + slot: Slot + block_parent_root: Root # Proposer shuffling determinant + proposer_index: ValidatorIndex + blob: Blob + kzg_commitment: KZGCommitment + kzg_proof: KZGProof # Allows for quick verification of kzg_commitment +``` + +### `SignedBlobSidecar` + +```python +class SignedBlobSidecar(Container): + message: BlobSidecar + signature: Signature ``` ## The gossip domain: gossipsub @@ -65,34 +78,35 @@ The new topics along with the type of the `data` field of a gossipsub message ar | Name | Message Type | | - | - | -| `beacon_block_and_blobs_sidecar` | `SignedBeaconBlockAndBlobsSidecar` (new) | +| `blob_sidecar_{index}` | `SignedBlobSidecar` (new) | #### Global topics -EIP-4844 introduces a new global topic for beacon block and blobs-sidecars. +EIP-4844 introduces new global topics for blob sidecars. ##### `beacon_block` -This topic is deprecated and clients **MUST NOT** expose in their topic set to any peer. Implementers do not need to do -anything beyond simply skip implementation, and it is explicitly called out as it is a departure from previous versioning -of this topic. +The *type* of the payload of this topic changes to the (modified) `SignedBeaconBlock` found in EIP4844. -Refer to [the section below](#transitioning-the-gossip) for details on how to transition the gossip. +##### `blob_sidecar_{index}` -##### `beacon_block_and_blobs_sidecar` +This topic is used to propagate signed blob sidecars, one for each sidecar index. -This topic is used to propagate new signed and coupled beacon blocks and blobs sidecars to all nodes on the networks. +The following validations MUST pass before forwarding the `sidecar` on the network, assuming the alias `sidecar = signed_blob_sidecar.message`: -In addition to the gossip validations for the `beacon_block` topic from prior specifications, the following validations MUST pass before forwarding the `signed_beacon_block_and_blobs_sidecar` on the network. -Alias `signed_beacon_block = signed_beacon_block_and_blobs_sidecar.beacon_block`, `block = signed_beacon_block.message`, `execution_payload = block.body.execution_payload`. -- _[REJECT]_ The KZG commitments correspond to the versioned hashes in the transactions list - -- i.e. `verify_kzg_commitments_against_transactions(block.body.execution_payload.transactions, block.body.blob_kzg_commitments)` - -Alias `sidecar = signed_beacon_block_and_blobs_sidecar.blobs_sidecar`. -- _[IGNORE]_ the `sidecar.beacon_block_slot` is for the current slot (with a `MAXIMUM_GOSSIP_CLOCK_DISPARITY` allowance) - -- i.e. `sidecar.beacon_block_slot == block.slot`. -- _[REJECT]_ The KZG commitments in the block are valid against the provided blobs sidecar - -- i.e. `validate_blobs_sidecar(block.slot, hash_tree_root(block), block.body.blob_kzg_commitments, sidecar)` +- _[REJECT]_ The sidecar is for the correct topic -- + i.e. `sidecar.index` matches the topic `{index}`. +- _[IGNORE]_ The sidecar is not from a future slot (with a `MAXIMUM_GOSSIP_CLOCK_DISPARITY` allowance) +- _[IGNORE]_ The sidecar is from a slot greater than the latest finalized slot -- + i.e. validate that `sidecar.slot > compute_start_slot_at_epoch(state.finalized_checkpoint.epoch)` +- _[REJECT]_ The proposer signature, `signed_blob_sidecar.signature`, is valid with respect to the `sidecar.proposer_index` pubkey. +- _[IGNORE]_ The sidecar is the only sidecar with valid signature received for the tuple `(sidecar.slot, sidecar.proposer_index, sidecar.index)`. + -- Clients MUST discard blocks where multiple sidecars for the same proposer and index have been observed. +- _[REJECT]_ The sidecar is proposed by the expected `proposer_index` for the block's slot + in the context of the current shuffling (defined by `parent_root`/`slot`). + If the `proposer_index` cannot immediately be verified against the expected shuffling, + the sidecar MAY be queued for later processing while proposers for the block's branch are calculated -- + in such a case _do not_ `REJECT`, instead `IGNORE` this message. ### Transitioning the gossip @@ -121,6 +135,8 @@ Per `context = compute_fork_digest(fork_version, genesis_validators_root)`: | `CAPELLA_FORK_VERSION` | `capella.SignedBeaconBlock` | | `EIP4844_FORK_VERSION` | `eip4844.SignedBeaconBlock` | +No more than `MAX_REQUEST_BLOCKS_EIP4844` may be requested at a time. + #### BeaconBlocksByRoot v2 **Protocol ID:** `/eth2/beacon_chain/req/beacon_blocks_by_root/2/` @@ -139,15 +155,23 @@ Per `context = compute_fork_digest(fork_version, genesis_validators_root)`: | `BELLATRIX_FORK_VERSION` | `bellatrix.SignedBeaconBlock` | | `CAPELLA_FORK_VERSION` | `capella.SignedBeaconBlock` | -#### BeaconBlockAndBlobsSidecarByRoot v1 +No more than `MAX_REQUEST_BLOCKS_EIP4844` may be requested at a time. -**Protocol ID:** `/eth2/beacon_chain/req/beacon_block_and_blobs_sidecar_by_root/1/` +#### BlobSidecarsByRoot v1 + +**Protocol ID:** `/eth2/beacon_chain/req/blob_sidecars_by_root/1/` Request Content: +```python +class BlobIdentifier(Container): + block_root: Root + index: uint64 +``` + ``` ( - List[Root, MAX_REQUEST_BLOCKS] + List[BlobIdentifier, MAX_REQUEST_BLOCKS_EIP4844] ) ``` @@ -155,29 +179,32 @@ Response Content: ``` ( - List[SignedBeaconBlockAndBlobsSidecar, MAX_REQUEST_BLOCKS] + List[BlobSidecar, MAX_REQUEST_BLOCKS_EIP4844] ) ``` -Requests blocks by block root (= `hash_tree_root(SignedBeaconBlockAndBlobsSidecar.beacon_block.message)`). -The response is a list of `SignedBeaconBlockAndBlobsSidecar` whose length is less than or equal to the number of requests. +Requests sidecars by block root and index. +The response is a list of `BlobSidecar` whose length is less than or equal to the number of requests. It may be less in the case that the responding peer is missing blocks and sidecars. -No more than `MAX_REQUEST_BLOCKS` may be requested at a time. +The response is unsigned, i.e. `BlobSidecar`, as the signature of the beacon block proposer +may not be available beyond the initial distribution via gossip. + +No more than `MAX_REQUEST_BLOCKS_EIP4844` may be requested at a time. -`BeaconBlockAndBlobsSidecarByRoot` is primarily used to recover recent blocks and sidecars (e.g. when receiving a block or attestation whose parent is unknown). +`BlobSidecarsByRoot` is primarily used to recover recent blocks and sidecars (e.g. when receiving a block or attestation whose parent is unknown). The response MUST consist of zero or more `response_chunk`. -Each _successful_ `response_chunk` MUST contain a single `SignedBeaconBlockAndBlobsSidecar` payload. +Each _successful_ `response_chunk` MUST contain a single `BlobSidecar` payload. -Clients MUST support requesting blocks and sidecars since `minimum_request_epoch`, where `minimum_request_epoch = max(finalized_epoch, current_epoch - MIN_EPOCHS_FOR_BLOBS_SIDECARS_REQUESTS, EIP4844_FORK_EPOCH)`. If any root in the request content references a block earlier than `minimum_request_epoch`, peers SHOULD respond with error code `3: ResourceUnavailable`. +Clients MUST support requesting sidecars since `minimum_request_epoch`, where `minimum_request_epoch = max(finalized_epoch, current_epoch - MIN_EPOCHS_FOR_BLOBS_SIDECARS_REQUESTS, EIP4844_FORK_EPOCH)`. If any root in the request content references a block earlier than `minimum_request_epoch`, peers MAY respond with error code `3: ResourceUnavailable` or not include the blob in the response. -Clients MUST respond with at least one block and sidecar, if they have it. +Clients MUST respond with at least one sidecar, if they have it. Clients MAY limit the number of blocks and sidecars in the response. #### BlobsSidecarsByRange v1 -**Protocol ID:** `/eth2/beacon_chain/req/blobs_sidecars_by_range/1/` +**Protocol ID:** `/eth2/beacon_chain/req/blob_sidecars_by_range/1/` Request Content: ``` @@ -188,16 +215,22 @@ Request Content: ``` Response Content: + +```python +class BlobSidecars(Container): + block_root: Root + List[BlobSidecar, MAX_BLOBS_PER_BLOCK] + ``` ( - List[BlobsSidecar, MAX_REQUEST_BLOBS_SIDECARS] + List[BlobSidecars, MAX_REQUEST_BLOCKS_EIP4844] ) ``` -Requests blobs sidecars in the slot range `[start_slot, start_slot + count)`, +Requests blob sidecars in the slot range `[start_slot, start_slot + count)`, leading up to the current head block as selected by fork choice. -The response is unsigned, i.e. `BlobsSidecarsByRange`, as the signature of the beacon block proposer +The response is unsigned, i.e. `BlobSidecarsByRange`, as the signature of the beacon block proposer may not be available beyond the initial distribution via gossip. Before consuming the next response chunk, the response reader SHOULD verify the blobs sidecar is well-formatted and @@ -215,7 +248,7 @@ Clients MUST keep a record of signed blobs sidecars seen on the epoch range where `current_epoch` is defined by the current wall-clock time, and clients MUST support serving requests of blobs on this range. -Peers that are unable to reply to blobs sidecars requests within the `MIN_EPOCHS_FOR_BLOBS_SIDECARS_REQUESTS` +Peers that are unable to reply to blob sidecar requests within the `MIN_EPOCHS_FOR_BLOBS_SIDECARS_REQUESTS` epoch range SHOULD respond with error code `3: ResourceUnavailable`. Such peers that are unable to successfully reply to this range of requests MAY get descored or disconnected at any time. @@ -229,7 +262,7 @@ participating in the networking immediately, other peers MAY disconnect and/or temporarily ban such an un-synced or semi-synced client. Clients MUST respond with at least the first blobs sidecar that exists in the range, if they have it, -and no more than `MAX_REQUEST_BLOBS_SIDECARS` sidecars. +and no more than `MAX_REQUEST_BLOCKS_EIP4844` sidecars. The following blobs sidecars, where they exist, MUST be sent in consecutive order. diff --git a/specs/eip4844/validator.md b/specs/eip4844/validator.md index bfdd69370a..619444351d 100644 --- a/specs/eip4844/validator.md +++ b/specs/eip4844/validator.md @@ -79,27 +79,30 @@ def validate_blobs_and_kzg_commitments(execution_payload: ExecutionPayload, 3. If valid, set `block.body.blob_kzg_commitments = blob_kzg_commitments`. -#### Constructing the `SignedBeaconBlockAndBlobsSidecar` -To construct a `SignedBeaconBlockAndBlobsSidecar`, a `signed_beacon_block_and_blobs_sidecar` is defined with the necessary context for block and sidecar proposal. - -##### Block -Set `signed_beacon_block_and_blobs_sidecar.beacon_block = block` where `block` is obtained above. +#### Constructing the `SignedBlobSidecar` +To construct a `SignedBlobSidecar`, a `signed_blob_sidecar` is defined with the necessary context for block and sidecar proposal. ##### Sidecar -Coupled with block, the corresponding blobs are packaged into a sidecar object for distribution to the network. -Set `signed_beacon_block_and_blobs_sidecar.blobs_sidecar = sidecar` where `sidecar` is obtained from: +Coupled with block, the corresponding blobs are packaged into sidecar objects for distribution to the network. + +Each `sidecar` is obtained from: ```python -def get_blobs_sidecar(block: BeaconBlock, blobs: Sequence[Blob]) -> BlobsSidecar: - return BlobsSidecar( - beacon_block_root=hash_tree_root(block), - beacon_block_slot=block.slot, - blobs=blobs, - kzg_aggregated_proof=compute_aggregate_kzg_proof(blobs), - ) +def get_blob_sidecar(block: BeaconBlock, blobs: Sequence[Blob]) -> Sequence[BlobsSidecar]: + return [ + BlobsSidecar( + block_root=hash_tree_root(block), + index=idx + slot=block.slot, + block_parent_root=block.parent_root, + blob=blob, + kzg_commitment=block.body.blob_kzg_commitments[idx], + kzg_aggregated_proof=compute_kzg_proof(blob),) + for idx, blob in enumerate(blobs) + ] ``` -This `signed_beacon_block_and_blobs_sidecar` is then published to the global `beacon_block_and_blobs_sidecar` topic. +Each `sidecar` is then published to the global `blob_sidecar_{index}` topics according to its index. After publishing the peers on the network may request the sidecar through sync-requests, or a local user may be interested. The validator MUST hold on to sidecars for `MIN_EPOCHS_FOR_BLOBS_SIDECARS_REQUESTS` epochs and serve when capable, From 1e07685f74bf9d508d2acbb8c6b82aace53142d7 Mon Sep 17 00:00:00 2001 From: Jacek Sieka Date: Tue, 7 Feb 2023 11:14:59 +0100 Subject: [PATCH 02/46] doctoc --- specs/eip4844/validator.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/specs/eip4844/validator.md b/specs/eip4844/validator.md index 619444351d..4ea7051e93 100644 --- a/specs/eip4844/validator.md +++ b/specs/eip4844/validator.md @@ -16,8 +16,7 @@ - [Block and sidecar proposal](#block-and-sidecar-proposal) - [Constructing the `BeaconBlockBody`](#constructing-the-beaconblockbody) - [Blob KZG commitments](#blob-kzg-commitments) - - [Constructing the `SignedBeaconBlockAndBlobsSidecar`](#constructing-the-signedbeaconblockandblobssidecar) - - [Block](#block) + - [Constructing the `SignedBlobSidecar`](#constructing-the-signedblobsidecar) - [Sidecar](#sidecar) From deb82e2f26e9a7cf3062bcce544e842fcfdb72b5 Mon Sep 17 00:00:00 2001 From: Jacek Sieka Date: Tue, 7 Feb 2023 11:23:18 +0100 Subject: [PATCH 03/46] fix member --- specs/eip4844/validator.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/specs/eip4844/validator.md b/specs/eip4844/validator.md index 4ea7051e93..a4ff8b8f20 100644 --- a/specs/eip4844/validator.md +++ b/specs/eip4844/validator.md @@ -96,7 +96,7 @@ def get_blob_sidecar(block: BeaconBlock, blobs: Sequence[Blob]) -> Sequence[Blob block_parent_root=block.parent_root, blob=blob, kzg_commitment=block.body.blob_kzg_commitments[idx], - kzg_aggregated_proof=compute_kzg_proof(blob),) + kzg_proof=compute_kzg_proof(blob),) for idx, blob in enumerate(blobs) ] ``` From 368e70d9bef4f29a16f1c2f7018fe68eaeeb7b06 Mon Sep 17 00:00:00 2001 From: Age Manning Date: Thu, 2 Feb 2023 14:47:28 +1100 Subject: [PATCH 04/46] Remove sending empty blobs sidecar responses --- specs/deneb/p2p-interface.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/specs/deneb/p2p-interface.md b/specs/deneb/p2p-interface.md index b1ff8b9226..f6b1050314 100644 --- a/specs/deneb/p2p-interface.md +++ b/specs/deneb/p2p-interface.md @@ -235,8 +235,9 @@ The following blobs sidecars, where they exist, MUST be sent in consecutive orde Clients MAY limit the number of blobs sidecars in the response. -An empty `BlobSidecar` is one that does not contain any blobs, but contains non-zero `beacon_block_root`, `beacon_block_slot` and a valid `kzg_aggregated_proof`. -Clients MAY NOT want to consider empty `BlobSidecar`s in rate limiting logic. +Slots that do not contain known blobs MUST be skipped, mimicking the behaviour +of the `BlocksByRange` request. Only response chunks with known blobs should +therefore be sent. The response MUST contain no more than `count` blobs sidecars. From ffc78e99282e65cc4da92c4dba0743be434d367b Mon Sep 17 00:00:00 2001 From: Jacek Sieka Date: Fri, 10 Feb 2023 10:40:43 +0100 Subject: [PATCH 05/46] fixes * separate constant for blob requests * pedantry --- specs/eip4844/p2p-interface.md | 62 +++++++++++++++++----------------- specs/eip4844/validator.md | 32 ++++++++++-------- 2 files changed, 48 insertions(+), 46 deletions(-) diff --git a/specs/eip4844/p2p-interface.md b/specs/eip4844/p2p-interface.md index 94821a82cb..98365f8238 100644 --- a/specs/eip4844/p2p-interface.md +++ b/specs/eip4844/p2p-interface.md @@ -10,22 +10,24 @@ The specification of these changes continues in the same format as the network s -- [Configuration](#configuration) -- [Containers](#containers) - - [`BlobSidecar`](#blobsidecar) - - [`SignedBlobSidecar`](#signedblobsidecar) -- [The gossip domain: gossipsub](#the-gossip-domain-gossipsub) - - [Topics and messages](#topics-and-messages) - - [Global topics](#global-topics) - - [`beacon_block`](#beacon_block) - - [`blob_sidecar_{index}`](#blob_sidecar_index) - - [Transitioning the gossip](#transitioning-the-gossip) -- [The Req/Resp domain](#the-reqresp-domain) - - [Messages](#messages) - - [BeaconBlocksByRange v2](#beaconblocksbyrange-v2) - - [BeaconBlocksByRoot v2](#beaconblocksbyroot-v2) - - [BlobSidecarsByRoot v1](#blobsidecarsbyroot-v1) - - [BlobsSidecarsByRange v1](#blobssidecarsbyrange-v1) + - [Configuration](#configuration) + - [Containers](#containers) + - [`BlobSidecar`](#blobsidecar) + - [`SignedBlobSidecar`](#signedblobsidecar) + - [The gossip domain: gossipsub](#the-gossip-domain-gossipsub) + - [Topics and messages](#topics-and-messages) + - [Global topics](#global-topics) + - [`beacon_block`](#beacon_block) + - [`blob_sidecar_{index}`](#blob_sidecar_index) + - [Transitioning the gossip](#transitioning-the-gossip) + - [The Req/Resp domain](#the-reqresp-domain) + - [Messages](#messages) + - [BeaconBlocksByRange v2](#beaconblocksbyrange-v2) + - [BeaconBlocksByRoot v2](#beaconblocksbyroot-v2) + - [BlobSidecarsByRoot v1](#blobsidecarsbyroot-v1) + - [BlobSidecarsByRange v1](#blobsidecarsbyrange-v1) +- [Design decision rationale](#design-decision-rationale) + - [Why are blobs relayed as a sidecar, separate from beacon blocks?](#why-are-blobs-relayed-as-a-sidecar-separate-from-beacon-blocks) @@ -35,6 +37,7 @@ The specification of these changes continues in the same format as the network s | Name | Value | Description | |------------------------------------------|-----------------------------------|---------------------------------------------------------------------| | `MAX_REQUEST_BLOCKS_EIP4844` | `2**7` (= 128) | Maximum number of blocks in a single request | +| `MAX_REQUEST_BLOB_SIDECARS` | `2**7` (= 128) | Maximum number of blob sidecars in a single request | | `MIN_EPOCHS_FOR_BLOBS_SIDECARS_REQUESTS` | `2**12` (= 4096 epochs, ~18 days) | The minimum epoch range over which a node must serve blobs sidecars | ## Containers @@ -68,7 +71,8 @@ Some gossip meshes are upgraded in the fork of EIP-4844 to support upgraded type ### Topics and messages Topics follow the same specification as in prior upgrades. -The `beacon_block` topic is deprecated and replaced by the `beacon_block_and_blobs_sidecar` topic. All other topics remain stable. + +The `beacon_block` topic is modified to also support EIP4844 blocks and new topics are added per table below. All other topics remain stable. The specification around the creation, validation, and dissemination of messages has not changed from the Capella document unless explicitly noted here. @@ -94,19 +98,14 @@ This topic is used to propagate signed blob sidecars, one for each sidecar index The following validations MUST pass before forwarding the `sidecar` on the network, assuming the alias `sidecar = signed_blob_sidecar.message`: -- _[REJECT]_ The sidecar is for the correct topic -- - i.e. `sidecar.index` matches the topic `{index}`. +- _[REJECT]_ The sidecar is for the correct topic -- i.e. `sidecar.index` matches the topic `{index}`. - _[IGNORE]_ The sidecar is not from a future slot (with a `MAXIMUM_GOSSIP_CLOCK_DISPARITY` allowance) -- _[IGNORE]_ The sidecar is from a slot greater than the latest finalized slot -- - i.e. validate that `sidecar.slot > compute_start_slot_at_epoch(state.finalized_checkpoint.epoch)` +- _[IGNORE]_ The sidecar is from a slot greater than the latest finalized slot -- i.e. validate that `sidecar.slot > compute_start_slot_at_epoch(state.finalized_checkpoint.epoch)` - _[REJECT]_ The proposer signature, `signed_blob_sidecar.signature`, is valid with respect to the `sidecar.proposer_index` pubkey. - _[IGNORE]_ The sidecar is the only sidecar with valid signature received for the tuple `(sidecar.slot, sidecar.proposer_index, sidecar.index)`. -- Clients MUST discard blocks where multiple sidecars for the same proposer and index have been observed. -- _[REJECT]_ The sidecar is proposed by the expected `proposer_index` for the block's slot - in the context of the current shuffling (defined by `parent_root`/`slot`). - If the `proposer_index` cannot immediately be verified against the expected shuffling, - the sidecar MAY be queued for later processing while proposers for the block's branch are calculated -- - in such a case _do not_ `REJECT`, instead `IGNORE` this message. +- _[REJECT]_ The sidecar is proposed by the expected `proposer_index` for the block's slot in the context of the current shuffling (defined by `parent_root`/`slot`). + If the `proposer_index` cannot immediately be verified against the expected shuffling, the sidecar MAY be queued for later processing while proposers for the block's branch are calculated -- in such a case _do not_ `REJECT`, instead `IGNORE` this message. ### Transitioning the gossip @@ -171,7 +170,7 @@ class BlobIdentifier(Container): ``` ( - List[BlobIdentifier, MAX_REQUEST_BLOCKS_EIP4844] + List[BlobIdentifier, MAX_REQUEST_BLOBS_SIDECARS * MAX_BLOBS_PER_BLOCK] ) ``` @@ -179,7 +178,7 @@ Response Content: ``` ( - List[BlobSidecar, MAX_REQUEST_BLOCKS_EIP4844] + List[BlobSidecar, MAX_REQUEST_BLOBS_SIDECARS * MAX_BLOBS_PER_BLOCK] ) ``` @@ -190,7 +189,7 @@ It may be less in the case that the responding peer is missing blocks and sideca The response is unsigned, i.e. `BlobSidecar`, as the signature of the beacon block proposer may not be available beyond the initial distribution via gossip. -No more than `MAX_REQUEST_BLOCKS_EIP4844` may be requested at a time. +No more than `MAX_REQUEST_BLOBS_SIDECARS * MAX_BLOBS_PER_BLOCK` may be requested at a time. `BlobSidecarsByRoot` is primarily used to recover recent blocks and sidecars (e.g. when receiving a block or attestation whose parent is unknown). @@ -202,7 +201,7 @@ Clients MUST support requesting sidecars since `minimum_request_epoch`, where `m Clients MUST respond with at least one sidecar, if they have it. Clients MAY limit the number of blocks and sidecars in the response. -#### BlobsSidecarsByRange v1 +#### BlobSidecarsByRange v1 **Protocol ID:** `/eth2/beacon_chain/req/blob_sidecars_by_range/1/` @@ -220,10 +219,11 @@ Response Content: class BlobSidecars(Container): block_root: Root List[BlobSidecar, MAX_BLOBS_PER_BLOCK] +``` ``` ( - List[BlobSidecars, MAX_REQUEST_BLOCKS_EIP4844] + List[BlobSidecars, MAX_REQUEST_BLOB_SIDECARS] ) ``` diff --git a/specs/eip4844/validator.md b/specs/eip4844/validator.md index a4ff8b8f20..8c3fc6faf3 100644 --- a/specs/eip4844/validator.md +++ b/specs/eip4844/validator.md @@ -16,7 +16,7 @@ - [Block and sidecar proposal](#block-and-sidecar-proposal) - [Constructing the `BeaconBlockBody`](#constructing-the-beaconblockbody) - [Blob KZG commitments](#blob-kzg-commitments) - - [Constructing the `SignedBlobSidecar`](#constructing-the-signedblobsidecar) + - [Constructing the `SignedBlobSidecar`s](#constructing-the-signedblobsidecars) - [Sidecar](#sidecar) @@ -78,27 +78,29 @@ def validate_blobs_and_kzg_commitments(execution_payload: ExecutionPayload, 3. If valid, set `block.body.blob_kzg_commitments = blob_kzg_commitments`. -#### Constructing the `SignedBlobSidecar` +#### Constructing the `SignedBlobSidecar`s + To construct a `SignedBlobSidecar`, a `signed_blob_sidecar` is defined with the necessary context for block and sidecar proposal. ##### Sidecar -Coupled with block, the corresponding blobs are packaged into sidecar objects for distribution to the network. +Blobs associated with a block are packaged into sidecar objects for distribution to the network. Each `sidecar` is obtained from: ```python -def get_blob_sidecar(block: BeaconBlock, blobs: Sequence[Blob]) -> Sequence[BlobsSidecar]: - return [ - BlobsSidecar( - block_root=hash_tree_root(block), - index=idx - slot=block.slot, - block_parent_root=block.parent_root, - blob=blob, - kzg_commitment=block.body.blob_kzg_commitments[idx], - kzg_proof=compute_kzg_proof(blob),) - for idx, blob in enumerate(blobs) - ] +def get_blob_sidecars(block: BeaconBlock, blobs: Sequence[Blob]) -> Sequence[BlobsSidecar]: + return [ + BlobsSidecar( + block_root=hash_tree_root(block), + index=index, + slot=block.slot, + block_parent_root=block.parent_root, + blob=blob, + kzg_commitment=block.body.blob_kzg_commitments[idx], + kzg_proof=compute_kzg_proof(blob), + ) + for index, blob in enumerate(blobs) + ] ``` Each `sidecar` is then published to the global `blob_sidecar_{index}` topics according to its index. From 8bc19d99aea32897be7eace506b1b344b33b0de1 Mon Sep 17 00:00:00 2001 From: Jacek Sieka Date: Fri, 10 Feb 2023 11:16:51 +0100 Subject: [PATCH 06/46] fixes * expand sidecar gossip conditions * editing * add spec text for `BlobSidecar` signatures --- specs/deneb/fork-choice.md | 2 +- specs/deneb/p2p-interface.md | 49 +++++++++++++++++++----------------- specs/deneb/validator.md | 19 +++++++++++--- 3 files changed, 43 insertions(+), 27 deletions(-) diff --git a/specs/deneb/fork-choice.md b/specs/deneb/fork-choice.md index 89eac22020..ea235c0553 100644 --- a/specs/deneb/fork-choice.md +++ b/specs/deneb/fork-choice.md @@ -53,7 +53,7 @@ def is_data_available(slot: Slot, beacon_block_root: Root, blob_kzg_commitments: sidecars = retrieve_blob_sidecars(slot, beacon_block_root) # For testing, `retrieve_blobs_sidecar` returns "TEST". - # TODO: Remove it once we have a way to inject `BlobsSidecar` into tests. + # TODO: Remove it once we have a way to inject `BlobSidecar` into tests. if isinstance(sidecar, str): return True diff --git a/specs/deneb/p2p-interface.md b/specs/deneb/p2p-interface.md index f023657952..41af2f9f14 100644 --- a/specs/deneb/p2p-interface.md +++ b/specs/deneb/p2p-interface.md @@ -10,22 +10,22 @@ The specification of these changes continues in the same format as the network s - - [Configuration](#configuration) - - [Containers](#containers) - - [`BlobSidecar`](#blobsidecar) - - [`SignedBlobSidecar`](#signedblobsidecar) - - [The gossip domain: gossipsub](#the-gossip-domain-gossipsub) - - [Topics and messages](#topics-and-messages) - - [Global topics](#global-topics) - - [`beacon_block`](#beacon_block) - - [`blob_sidecar_{index}`](#blob_sidecar_index) - - [Transitioning the gossip](#transitioning-the-gossip) - - [The Req/Resp domain](#the-reqresp-domain) - - [Messages](#messages) - - [BeaconBlocksByRange v2](#beaconblocksbyrange-v2) - - [BeaconBlocksByRoot v2](#beaconblocksbyroot-v2) - - [BlobSidecarsByRoot v1](#blobsidecarsbyroot-v1) - - [BlobSidecarsByRange v1](#blobsidecarsbyrange-v1) +- [Configuration](#configuration) +- [Containers](#containers) + - [`BlobSidecar`](#blobsidecar) + - [`SignedBlobSidecar`](#signedblobsidecar) +- [The gossip domain: gossipsub](#the-gossip-domain-gossipsub) + - [Topics and messages](#topics-and-messages) + - [Global topics](#global-topics) + - [`beacon_block`](#beacon_block) + - [`blob_sidecar_{index}`](#blob_sidecar_index) + - [Transitioning the gossip](#transitioning-the-gossip) +- [The Req/Resp domain](#the-reqresp-domain) + - [Messages](#messages) + - [BeaconBlocksByRange v2](#beaconblocksbyrange-v2) + - [BeaconBlocksByRoot v2](#beaconblocksbyroot-v2) + - [BlobSidecarsByRoot v1](#blobsidecarsbyroot-v1) + - [BlobSidecarsByRange v1](#blobsidecarsbyrange-v1) - [Design decision rationale](#design-decision-rationale) - [Why are blobs relayed as a sidecar, separate from beacon blocks?](#why-are-blobs-relayed-as-a-sidecar-separate-from-beacon-blocks) @@ -99,8 +99,9 @@ This topic is used to propagate signed blob sidecars, one for each sidecar index The following validations MUST pass before forwarding the `sidecar` on the network, assuming the alias `sidecar = signed_blob_sidecar.message`: - _[REJECT]_ The sidecar is for the correct topic -- i.e. `sidecar.index` matches the topic `{index}`. -- _[IGNORE]_ The sidecar is not from a future slot (with a `MAXIMUM_GOSSIP_CLOCK_DISPARITY` allowance) +- _[IGNORE]_ The sidecar is not from a future slot (with a `MAXIMUM_GOSSIP_CLOCK_DISPARITY` allowance) -- i.e. validate that `sidecar.slot <= current_slot` (a client MAY queue future blocks for processing at the appropriate slot). - _[IGNORE]_ The sidecar is from a slot greater than the latest finalized slot -- i.e. validate that `sidecar.slot > compute_start_slot_at_epoch(state.finalized_checkpoint.epoch)` +- _[IGNORE]_ The blob's block's parent defined by `sidecar.block_parent_root`) has been seen (via both gossip and non-gossip sources) (a client MAY queue blocks for processing once the parent block is retrieved). - _[REJECT]_ The proposer signature, `signed_blob_sidecar.signature`, is valid with respect to the `sidecar.proposer_index` pubkey. - _[IGNORE]_ The sidecar is the only sidecar with valid signature received for the tuple `(sidecar.slot, sidecar.proposer_index, sidecar.index)`. -- Clients MUST discard blocks where multiple sidecars for the same proposer and index have been observed. @@ -140,9 +141,6 @@ No more than `MAX_REQUEST_BLOCKS_DENEB` may be requested at a time. **Protocol ID:** `/eth2/beacon_chain/req/beacon_blocks_by_root/2/` -After `DENEB_FORK_EPOCH`, `BeaconBlocksByRootV2` is replaced by `BeaconBlockAndBlobsSidecarByRootV1`. -Clients MUST support requesting blocks by root for pre-fork-epoch blocks. - Per `context = compute_fork_digest(fork_version, genesis_validators_root)`: [1]: # (eth2spec: skip) @@ -153,6 +151,7 @@ Per `context = compute_fork_digest(fork_version, genesis_validators_root)`: | `ALTAIR_FORK_VERSION` | `altair.SignedBeaconBlock` | | `BELLATRIX_FORK_VERSION` | `bellatrix.SignedBeaconBlock` | | `CAPELLA_FORK_VERSION` | `capella.SignedBeaconBlock` | +| `DENEB_FORK_VERSION` | `deneb.SignedBeaconBlock` | No more than `MAX_REQUEST_BLOCKS_DENEB` may be requested at a time. @@ -160,6 +159,8 @@ No more than `MAX_REQUEST_BLOCKS_DENEB` may be requested at a time. **Protocol ID:** `/eth2/beacon_chain/req/blob_sidecars_by_root/1/` +New in deneb. + Request Content: ```python @@ -191,7 +192,7 @@ may not be available beyond the initial distribution via gossip. No more than `MAX_REQUEST_BLOBS_SIDECARS * MAX_BLOBS_PER_BLOCK` may be requested at a time. -`BlobSidecarsByRoot` is primarily used to recover recent blocks and sidecars (e.g. when receiving a block or attestation whose parent is unknown). +`BlobSidecarsByRoot` is primarily used to recover recent blobs (e.g. when receiving a block with a transaction whose corresponding blob is missing). The response MUST consist of zero or more `response_chunk`. Each _successful_ `response_chunk` MUST contain a single `BlobSidecar` payload. @@ -205,6 +206,8 @@ Clients MAY limit the number of blocks and sidecars in the response. **Protocol ID:** `/eth2/beacon_chain/req/blob_sidecars_by_range/1/` +New in deneb. + Request Content: ``` ( @@ -282,9 +285,9 @@ Clients MUST respond with blobs sidecars that are consistent from a single chain After the initial blobs sidecar, clients MAY stop in the process of responding if their fork choice changes the view of the chain in the context of the request. -# Design decision rationale +## Design decision rationale -## Why are blobs relayed as a sidecar, separate from beacon blocks? +### Why are blobs relayed as a sidecar, separate from beacon blocks? This "sidecar" design provides forward compatibility for further data increases by black-boxing `is_data_available()`: with full sharding `is_data_available()` can be replaced by data-availability-sampling (DAS) diff --git a/specs/deneb/validator.md b/specs/deneb/validator.md index 1b6995ad80..bd05c31d2d 100644 --- a/specs/deneb/validator.md +++ b/specs/deneb/validator.md @@ -88,9 +88,9 @@ Blobs associated with a block are packaged into sidecar objects for distribution Each `sidecar` is obtained from: ```python -def get_blob_sidecars(block: BeaconBlock, blobs: Sequence[Blob]) -> Sequence[BlobsSidecar]: +def get_blob_sidecars(block: BeaconBlock, blobs: Sequence[Blob]) -> Sequence[BlobSidecar]: return [ - BlobsSidecar( + BlobSidecar( block_root=hash_tree_root(block), index=index, slot=block.slot, @@ -101,11 +101,24 @@ def get_blob_sidecars(block: BeaconBlock, blobs: Sequence[Blob]) -> Sequence[Blo ) for index, blob in enumerate(blobs) ] + ``` -Each `sidecar` is then published to the global `blob_sidecar_{index}` topics according to its index. +Then `signed_sidecar = SignedBlobSidecar(message=sidecar, signature=signature)` is constructed and to the global `blob_sidecar_{index}` topics according to its index. + +`signature` is obtained from: + +```python +def get_blob_sidecar_signature(state: BeaconState, + sidecar: BlobSidecar, + privkey: int) -> BLSSignature: + domain = get_domain(state, DOMAIN_BEACON_PROPOSER, compute_epoch_at_slot(sidecar.slot)) + signing_root = compute_signing_root(sidecar, domain) + return bls.Sign(privkey, signing_root) +``` After publishing the peers on the network may request the sidecar through sync-requests, or a local user may be interested. + The validator MUST hold on to sidecars for `MIN_EPOCHS_FOR_BLOBS_SIDECARS_REQUESTS` epochs and serve when capable, to ensure the data-availability of these blobs throughout the network. From c8719f85246a64383bd8cd0a977f88d7a3a255bb Mon Sep 17 00:00:00 2001 From: Jacek Sieka Date: Tue, 14 Feb 2023 13:32:18 +0100 Subject: [PATCH 07/46] Apply suggestions from code review Co-authored-by: Danny Ryan --- specs/deneb/p2p-interface.md | 12 ++++++------ specs/deneb/validator.md | 4 ++-- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/specs/deneb/p2p-interface.md b/specs/deneb/p2p-interface.md index 41af2f9f14..d77e4f371d 100644 --- a/specs/deneb/p2p-interface.md +++ b/specs/deneb/p2p-interface.md @@ -47,13 +47,13 @@ The specification of these changes continues in the same format as the network s ```python class BlobSidecar(Container): block_root: Root - index: BlobIndex # Index of blob in block + index: BlobIndex # Index of blob in block slot: Slot - block_parent_root: Root # Proposer shuffling determinant + block_parent_root: Root # Proposer shuffling determinant proposer_index: ValidatorIndex blob: Blob kzg_commitment: KZGCommitment - kzg_proof: KZGProof # Allows for quick verification of kzg_commitment + kzg_proof: KZGProof # Allows for quick verification of kzg_commitment ``` ### `SignedBlobSidecar` @@ -101,11 +101,11 @@ The following validations MUST pass before forwarding the `sidecar` on the netwo - _[REJECT]_ The sidecar is for the correct topic -- i.e. `sidecar.index` matches the topic `{index}`. - _[IGNORE]_ The sidecar is not from a future slot (with a `MAXIMUM_GOSSIP_CLOCK_DISPARITY` allowance) -- i.e. validate that `sidecar.slot <= current_slot` (a client MAY queue future blocks for processing at the appropriate slot). - _[IGNORE]_ The sidecar is from a slot greater than the latest finalized slot -- i.e. validate that `sidecar.slot > compute_start_slot_at_epoch(state.finalized_checkpoint.epoch)` -- _[IGNORE]_ The blob's block's parent defined by `sidecar.block_parent_root`) has been seen (via both gossip and non-gossip sources) (a client MAY queue blocks for processing once the parent block is retrieved). +- _[IGNORE]_ The blob's block's parent (defined by `sidecar.block_parent_root`) has been seen (via both gossip and non-gossip sources) (a client MAY queue blocks for processing once the parent block is retrieved). - _[REJECT]_ The proposer signature, `signed_blob_sidecar.signature`, is valid with respect to the `sidecar.proposer_index` pubkey. - _[IGNORE]_ The sidecar is the only sidecar with valid signature received for the tuple `(sidecar.slot, sidecar.proposer_index, sidecar.index)`. -- Clients MUST discard blocks where multiple sidecars for the same proposer and index have been observed. -- _[REJECT]_ The sidecar is proposed by the expected `proposer_index` for the block's slot in the context of the current shuffling (defined by `parent_root`/`slot`). +- _[REJECT]_ The sidecar is proposed by the expected `proposer_index` for the block's slot in the context of the current shuffling (defined by `block_parent_root`/`slot`). If the `proposer_index` cannot immediately be verified against the expected shuffling, the sidecar MAY be queued for later processing while proposers for the block's branch are calculated -- in such a case _do not_ `REJECT`, instead `IGNORE` this message. ### Transitioning the gossip @@ -185,7 +185,7 @@ Response Content: Requests sidecars by block root and index. The response is a list of `BlobSidecar` whose length is less than or equal to the number of requests. -It may be less in the case that the responding peer is missing blocks and sidecars. +It may be less in the case that the responding peer is missing blocks or sidecars. The response is unsigned, i.e. `BlobSidecar`, as the signature of the beacon block proposer may not be available beyond the initial distribution via gossip. diff --git a/specs/deneb/validator.md b/specs/deneb/validator.md index bd05c31d2d..a415fbf438 100644 --- a/specs/deneb/validator.md +++ b/specs/deneb/validator.md @@ -96,7 +96,7 @@ def get_blob_sidecars(block: BeaconBlock, blobs: Sequence[Blob]) -> Sequence[Blo slot=block.slot, block_parent_root=block.parent_root, blob=blob, - kzg_commitment=block.body.blob_kzg_commitments[idx], + kzg_commitment=block.body.blob_kzg_commitments[index], kzg_proof=compute_kzg_proof(blob), ) for index, blob in enumerate(blobs) @@ -104,7 +104,7 @@ def get_blob_sidecars(block: BeaconBlock, blobs: Sequence[Blob]) -> Sequence[Blo ``` -Then `signed_sidecar = SignedBlobSidecar(message=sidecar, signature=signature)` is constructed and to the global `blob_sidecar_{index}` topics according to its index. +Then `signed_sidecar = SignedBlobSidecar(message=sidecar, signature=signature)` is constructed and published to the `blob_sidecar_{index}` topics according to its index. `signature` is obtained from: From e6b8324e25f4e2151346629cd4535b6fde3ca083 Mon Sep 17 00:00:00 2001 From: Jacek Sieka Date: Tue, 14 Feb 2023 13:39:59 +0100 Subject: [PATCH 08/46] sidecar domain --- specs/deneb/beacon-chain.md | 6 ++++++ specs/deneb/validator.md | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/specs/deneb/beacon-chain.md b/specs/deneb/beacon-chain.md index 97b426f5d6..c06e44f39b 100644 --- a/specs/deneb/beacon-chain.md +++ b/specs/deneb/beacon-chain.md @@ -48,6 +48,12 @@ This upgrade adds blobs to the beacon chain as part of Deneb. This is an extensi ## Constants +### Domain types + +| Name | Value | +| - | - | +| `DOMAIN_BLOB_SIDECAR` | `DomainType('0x0B000000')` | + ### Blob | Name | Value | diff --git a/specs/deneb/validator.md b/specs/deneb/validator.md index a415fbf438..1d4a7287e9 100644 --- a/specs/deneb/validator.md +++ b/specs/deneb/validator.md @@ -112,7 +112,7 @@ Then `signed_sidecar = SignedBlobSidecar(message=sidecar, signature=signature)` def get_blob_sidecar_signature(state: BeaconState, sidecar: BlobSidecar, privkey: int) -> BLSSignature: - domain = get_domain(state, DOMAIN_BEACON_PROPOSER, compute_epoch_at_slot(sidecar.slot)) + domain = get_domain(state, DOMAIN_BLOB_SIDECAR, compute_epoch_at_slot(sidecar.slot)) signing_root = compute_signing_root(sidecar, domain) return bls.Sign(privkey, signing_root) ``` From 58207c1c05b494b97bf01176547e2ed8749783f5 Mon Sep 17 00:00:00 2001 From: Jacek Sieka Date: Tue, 14 Feb 2023 14:18:29 +0100 Subject: [PATCH 09/46] Upper limit on indices --- specs/deneb/fork-choice.md | 2 +- specs/deneb/p2p-interface.md | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/specs/deneb/fork-choice.md b/specs/deneb/fork-choice.md index ea235c0553..29d59048b3 100644 --- a/specs/deneb/fork-choice.md +++ b/specs/deneb/fork-choice.md @@ -44,7 +44,7 @@ The implementation of `is_data_available` will become more sophisticated during Initially, verification requires every verifying actor to retrieve all matching `BlobSidecar`s, and validate the sidecar with `validate_blob_sidecars`. -The block MUST NOT be considered valid until all valid `BlobSidecar`s have been downloaded. Blocks that have been previously validated as available SHOULD be considered available even if the associated `BlobSidecar`s has subsequently been pruned. +The block MUST NOT be considered valid until all valid `BlobSidecar`s have been downloaded. Blocks that have been previously validated as available SHOULD be considered available even if the associated `BlobSidecar`s have subsequently been pruned. ```python def is_data_available(slot: Slot, beacon_block_root: Root, blob_kzg_commitments: Sequence[KZGCommitment]) -> bool: diff --git a/specs/deneb/p2p-interface.md b/specs/deneb/p2p-interface.md index d77e4f371d..3cbc000529 100644 --- a/specs/deneb/p2p-interface.md +++ b/specs/deneb/p2p-interface.md @@ -94,7 +94,7 @@ The *type* of the payload of this topic changes to the (modified) `SignedBeaconB ##### `blob_sidecar_{index}` -This topic is used to propagate signed blob sidecars, one for each sidecar index. +This topic is used to propagate signed blob sidecars, one for each sidecar index. The number of indices is defined by `MAX_BLOBS_PER_BLOCK`. The following validations MUST pass before forwarding the `sidecar` on the network, assuming the alias `sidecar = signed_blob_sidecar.message`: @@ -108,6 +108,7 @@ The following validations MUST pass before forwarding the `sidecar` on the netwo - _[REJECT]_ The sidecar is proposed by the expected `proposer_index` for the block's slot in the context of the current shuffling (defined by `block_parent_root`/`slot`). If the `proposer_index` cannot immediately be verified against the expected shuffling, the sidecar MAY be queued for later processing while proposers for the block's branch are calculated -- in such a case _do not_ `REJECT`, instead `IGNORE` this message. + ### Transitioning the gossip See gossip transition details found in the [Altair document](../altair/p2p-interface.md#transitioning-the-gossip) for From 3a37c3c4978467f8909f66d8899b80b9e1373e72 Mon Sep 17 00:00:00 2001 From: Jacek Sieka Date: Wed, 15 Feb 2023 08:00:39 +0100 Subject: [PATCH 10/46] Allow clients to orphan blocks from spammy proposers Proposers that spam the blob topic with multiple blob versions, some of which are invalid, MAY see their block orphaned. --- specs/deneb/p2p-interface.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/specs/deneb/p2p-interface.md b/specs/deneb/p2p-interface.md index 3cbc000529..6f64e5514e 100644 --- a/specs/deneb/p2p-interface.md +++ b/specs/deneb/p2p-interface.md @@ -104,7 +104,7 @@ The following validations MUST pass before forwarding the `sidecar` on the netwo - _[IGNORE]_ The blob's block's parent (defined by `sidecar.block_parent_root`) has been seen (via both gossip and non-gossip sources) (a client MAY queue blocks for processing once the parent block is retrieved). - _[REJECT]_ The proposer signature, `signed_blob_sidecar.signature`, is valid with respect to the `sidecar.proposer_index` pubkey. - _[IGNORE]_ The sidecar is the only sidecar with valid signature received for the tuple `(sidecar.slot, sidecar.proposer_index, sidecar.index)`. - -- Clients MUST discard blocks where multiple sidecars for the same proposer and index have been observed. + -- If full verification of the blob fails at a later processing stage, clients MUST clear the blob from this "seen" cache so as to allow a the valid blob to propagate. Block producers MAY orphan blocks if they have observed multiple blobs signed by the proposer for the same "seen" tuple. - _[REJECT]_ The sidecar is proposed by the expected `proposer_index` for the block's slot in the context of the current shuffling (defined by `block_parent_root`/`slot`). If the `proposer_index` cannot immediately be verified against the expected shuffling, the sidecar MAY be queued for later processing while proposers for the block's branch are calculated -- in such a case _do not_ `REJECT`, instead `IGNORE` this message. From da34af97d4b6575131e67c2bf22acb6de4f0951d Mon Sep 17 00:00:00 2001 From: Jacek Sieka Date: Wed, 15 Feb 2023 08:51:57 +0100 Subject: [PATCH 11/46] simplify blob verification, range request * validate blobs using raw types * remove `BlobSidecars` and send flattened list of `BlobSidecar` instances instead --- specs/deneb/fork-choice.md | 35 +++++++++++++++--------------- specs/deneb/p2p-interface.md | 41 ++++++++++++------------------------ 2 files changed, 30 insertions(+), 46 deletions(-) diff --git a/specs/deneb/fork-choice.md b/specs/deneb/fork-choice.md index 29d59048b3..58c281a597 100644 --- a/specs/deneb/fork-choice.md +++ b/specs/deneb/fork-choice.md @@ -27,37 +27,36 @@ This is the modification of the fork choice accompanying the Deneb upgrade. #### `validate_blob_sidecars` ```python -def validate_blob_sidecars(slot: Slot, - beacon_block_root: Root, - expected_kzg_commitments: Sequence[KZGCommitment], - blob_sidecars: Sequence[BlobSidecar]) -> None: - assert slot == blobs_sidecar.beacon_block_slot - assert beacon_block_root == blobs_sidecar.beacon_block_root - assert len(expected_kzg_commitments) == len(blob_sidecars) - # TODO validate commitments individually or aggregate first? - # assert verify_aggregate_kzg_proof(blobs, expected_kzg_commitments, kzg_aggregated_proof) +def validate_blobs(expected_kzg_commitments: Sequence[KZGCommitment], + blobs: Sequence[Blob], + proofs: Sequence[KZGProof]) -> None: + assert len(expected_kzg_commitments) == len(blobs) + assert len(blobs) == len(proofs) + + # Clients MAY use `verify_blob_kzg_proof_multi` for efficiency + for commitment, blob, proof in zip(expected_kzg_commitments, blobs, proofs): + assert verify_blob_kzg_proof(commitment, blob, proof) ``` #### `is_data_available` The implementation of `is_data_available` will become more sophisticated during later scaling upgrades. -Initially, verification requires every verifying actor to retrieve all matching `BlobSidecar`s, -and validate the sidecar with `validate_blob_sidecars`. +Initially, verification requires every verifying actor to retrieve all matching `Blob`s and `KZGProof`s, and validate them with `validate_blobs`. -The block MUST NOT be considered valid until all valid `BlobSidecar`s have been downloaded. Blocks that have been previously validated as available SHOULD be considered available even if the associated `BlobSidecar`s have subsequently been pruned. +The block MUST NOT be considered valid until all valid `Blob`s have been downloaded. Blocks that have been previously validated as available SHOULD be considered available even if the associated `Blob`s have subsequently been pruned. ```python -def is_data_available(slot: Slot, beacon_block_root: Root, blob_kzg_commitments: Sequence[KZGCommitment]) -> bool: - # `retrieve_blobs_sidecar` is implementation and context dependent, raises an exception if not available. +def is_data_available(beacon_block_root: Root, blob_kzg_commitments: Sequence[KZGCommitment]) -> bool: + # `retrieve_blobs_and_proofs` is implementation and context dependent, raises an exception if not available. It returns all the blobs for the given block root. # Note: the p2p network does not guarantee sidecar retrieval outside of `MIN_EPOCHS_FOR_BLOBS_SIDECARS_REQUESTS` - sidecars = retrieve_blob_sidecars(slot, beacon_block_root) + blobs, proofs = retrieve_blobs_and_proofs(beacon_block_root) - # For testing, `retrieve_blobs_sidecar` returns "TEST". + # For testing, `retrieve_blobs_and_proofs` returns "TEST". # TODO: Remove it once we have a way to inject `BlobSidecar` into tests. if isinstance(sidecar, str): return True - validate_blob_sidecars(slot, beacon_block_root, blob_kzg_commitments, sidecars) + validate_blobs(expected_kzg_commitments, blobs, proofs) return True ``` @@ -89,7 +88,7 @@ def on_block(store: Store, signed_block: SignedBeaconBlock) -> None: # [New in Deneb] # Check if blob data is available # If not, this block MAY be queued and subsequently considered when blob data becomes available - assert is_data_available(block.slot, hash_tree_root(block), block.body.blob_kzg_commitments) + assert is_data_available(hash_tree_root(block), block.body.blob_kzg_commitments) # Check the block is valid and compute the post-state state = pre_state.copy() diff --git a/specs/deneb/p2p-interface.md b/specs/deneb/p2p-interface.md index 6f64e5514e..63a63feda6 100644 --- a/specs/deneb/p2p-interface.md +++ b/specs/deneb/p2p-interface.md @@ -218,34 +218,24 @@ Request Content: ``` Response Content: - -```python -class BlobSidecars(Container): - block_root: Root - List[BlobSidecar, MAX_BLOBS_PER_BLOCK] -``` - ``` ( - List[BlobSidecars, MAX_REQUEST_BLOB_SIDECARS] + List[BlobSidecar, MAX_REQUEST_BLOB_SIDECARS * MAX_BLOBS_PER_BLOCK] ) ``` -Requests blob sidecars in the slot range `[start_slot, start_slot + count)`, -leading up to the current head block as selected by fork choice. +Requests blob sidecars in the slot range `[start_slot, start_slot + count)`, leading up to the current head block as selected by fork choice. -The response is unsigned, i.e. `BlobSidecarsByRange`, as the signature of the beacon block proposer -may not be available beyond the initial distribution via gossip. +The response is unsigned, i.e. `BlobSidecarsByRange`, as the signature of the beacon block proposer may not be available beyond the initial distribution via gossip. -Before consuming the next response chunk, the response reader SHOULD verify the blobs sidecar is well-formatted and -correct w.r.t. the expected KZG commitments through `validate_blobs_sidecar`. +Before consuming the next response chunk, the response reader SHOULD verify the blobs sidecar is well-formatted and correct w.r.t. the expected KZG commitments through `validate_blobs_sidecar`. -`BlobsSidecarsByRange` is primarily used to sync blobs that may have been missed on gossip and to sync within the `MIN_EPOCHS_FOR_BLOBS_SIDECARS_REQUESTS` window. +`BlobSidecarsByRange` is primarily used to sync blobs that may have been missed on gossip and to sync within the `MIN_EPOCHS_FOR_BLOBS_SIDECARS_REQUESTS` window. The request MUST be encoded as an SSZ-container. The response MUST consist of zero or more `response_chunk`. -Each _successful_ `response_chunk` MUST contain a single `BlobsSidecar` payload. +Each _successful_ `response_chunk` MUST contain a single `BlobSidecar` payload. Clients MUST keep a record of signed blobs sidecars seen on the epoch range `[max(current_epoch - MIN_EPOCHS_FOR_BLOBS_SIDECARS_REQUESTS, DENEB_FORK_EPOCH), current_epoch]` @@ -265,26 +255,21 @@ to be fully compliant with `BlobsSidecarsByRange` requests. participating in the networking immediately, other peers MAY disconnect and/or temporarily ban such an un-synced or semi-synced client. -Clients MUST respond with at least the first blobs sidecar that exists in the range, if they have it, -and no more than `MAX_REQUEST_BLOCKS_DENEB` sidecars. +Clients MUST respond with at least the first blobs sidecar that exists in the range, if they have it, and no more than `MAX_REQUEST_BLOB_SIDECARS * MAX_BLOBS_PER_BLOCK` sidecars. -The following blobs sidecars, where they exist, MUST be sent in consecutive order. +The following blobs sidecars, where they exist, MUST be sent in consecutive `(slot, index)` order. Clients MAY limit the number of blobs sidecars in the response. -An empty `BlobSidecar` is one that does not contain any blobs, but contains non-zero `beacon_block_root`, `beacon_block_slot` and a valid `kzg_aggregated_proof`. -Clients MAY NOT want to consider empty `BlobSidecar`s in rate limiting logic. - -The response MUST contain no more than `count` blobs sidecars. +The response MUST contain no more than `count * MAX_BLOBS_PER_BLOCK` blob sidecars. -Clients MUST respond with blobs sidecars from their view of the current fork choice --- that is, blobs sidecars as included by blocks from the single chain defined by the current head. +Clients MUST respond with blob sidecars from their view of the current fork choice +-- that is, blob sidecars as included by blocks from the single chain defined by the current head. Of note, blocks from slots before the finalization MUST lead to the finalized block reported in the `Status` handshake. -Clients MUST respond with blobs sidecars that are consistent from a single chain within the context of the request. +Clients MUST respond with blob sidecars that are consistent from a single chain within the context of the request. -After the initial blobs sidecar, clients MAY stop in the process of responding -if their fork choice changes the view of the chain in the context of the request. +After the initial blob sidecar, clients MAY stop in the process of responding if their fork choice changes the view of the chain in the context of the request. ## Design decision rationale From a5f61fc173cc4c8bf350bc72945f5cf3dc39bae5 Mon Sep 17 00:00:00 2001 From: Jacek Sieka Date: Wed, 15 Feb 2023 08:57:23 +0100 Subject: [PATCH 12/46] correct function --- specs/deneb/validator.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/specs/deneb/validator.md b/specs/deneb/validator.md index 1d4a7287e9..d867098744 100644 --- a/specs/deneb/validator.md +++ b/specs/deneb/validator.md @@ -97,7 +97,7 @@ def get_blob_sidecars(block: BeaconBlock, blobs: Sequence[Blob]) -> Sequence[Blo block_parent_root=block.parent_root, blob=blob, kzg_commitment=block.body.blob_kzg_commitments[index], - kzg_proof=compute_kzg_proof(blob), + kzg_proof=compute_blob_kzg_proof(blob), ) for index, blob in enumerate(blobs) ] From f0dc126602041679ed50f3cc8d6f6efccc0fa0ab Mon Sep 17 00:00:00 2001 From: Jacek Sieka Date: Wed, 15 Feb 2023 09:10:31 +0100 Subject: [PATCH 13/46] doctoc --- specs/deneb/beacon-chain.md | 1 + 1 file changed, 1 insertion(+) diff --git a/specs/deneb/beacon-chain.md b/specs/deneb/beacon-chain.md index c06e44f39b..ba0148d47f 100644 --- a/specs/deneb/beacon-chain.md +++ b/specs/deneb/beacon-chain.md @@ -11,6 +11,7 @@ - [Introduction](#introduction) - [Custom types](#custom-types) - [Constants](#constants) + - [Domain types](#domain-types) - [Blob](#blob) - [Preset](#preset) - [Execution](#execution) From 7637158a2fe8c54d36b1f69dd2932c5de9a2794e Mon Sep 17 00:00:00 2001 From: Ben Edgington Date: Wed, 15 Feb 2023 11:39:33 +0000 Subject: [PATCH 14/46] Change get_latest_attesting_balances() to get_weight() --- specs/phase0/fork-choice.md | 9 ++++----- .../core/pyspec/eth2spec/test/helpers/optimistic_sync.py | 2 +- .../eth2spec/test/phase0/fork_choice/test_on_block.py | 8 ++++---- 3 files changed, 9 insertions(+), 10 deletions(-) diff --git a/specs/phase0/fork-choice.md b/specs/phase0/fork-choice.md index f2ccc24b9d..3176c1cd5d 100644 --- a/specs/phase0/fork-choice.md +++ b/specs/phase0/fork-choice.md @@ -18,7 +18,7 @@ - [`get_current_slot`](#get_current_slot) - [`compute_slots_since_epoch_start`](#compute_slots_since_epoch_start) - [`get_ancestor`](#get_ancestor) - - [`get_latest_attesting_balance`](#get_latest_attesting_balance) + - [`get_weight`](#get_weight) - [`filter_block_tree`](#filter_block_tree) - [`get_filtered_block_tree`](#get_filtered_block_tree) - [`get_head`](#get_head) @@ -174,10 +174,10 @@ def get_ancestor(store: Store, root: Root, slot: Slot) -> Root: return root ``` -#### `get_latest_attesting_balance` +#### `get_weight` ```python -def get_latest_attesting_balance(store: Store, root: Root) -> Gwei: +def get_weight(store: Store, root: Root) -> Gwei: state = store.checkpoint_states[store.justified_checkpoint] active_indices = get_active_validator_indices(state, get_current_epoch(state)) attestation_score = Gwei(sum( @@ -197,7 +197,6 @@ def get_latest_attesting_balance(store: Store, root: Root) -> Gwei: committee_weight = get_total_active_balance(state) // SLOTS_PER_EPOCH proposer_score = (committee_weight * PROPOSER_SCORE_BOOST) // 100 return attestation_score + proposer_score - ``` #### `filter_block_tree` @@ -270,7 +269,7 @@ def get_head(store: Store) -> Root: return head # Sort by latest attesting balance with ties broken lexicographically # Ties broken by favoring block with lexicographically higher root - head = max(children, key=lambda root: (get_latest_attesting_balance(store, root), root)) + head = max(children, key=lambda root: (get_weight(store, root), root)) ``` #### `should_update_justified_checkpoint` diff --git a/tests/core/pyspec/eth2spec/test/helpers/optimistic_sync.py b/tests/core/pyspec/eth2spec/test/helpers/optimistic_sync.py index 6f42aa9bad..816c7a10b7 100644 --- a/tests/core/pyspec/eth2spec/test/helpers/optimistic_sync.py +++ b/tests/core/pyspec/eth2spec/test/helpers/optimistic_sync.py @@ -177,7 +177,7 @@ def get_opt_head_block_root(spec, mega_store): return head # Sort by latest attesting balance with ties broken lexicographically # Ties broken by favoring block with lexicographically higher root - head = max(children, key=lambda root: (spec.get_latest_attesting_balance(store, root), root)) + head = max(children, key=lambda root: (spec.get_weight(store, root), root)) def is_invalidated(mega_store, block_root): diff --git a/tests/core/pyspec/eth2spec/test/phase0/fork_choice/test_on_block.py b/tests/core/pyspec/eth2spec/test/phase0/fork_choice/test_on_block.py index eede246302..23514b325b 100644 --- a/tests/core/pyspec/eth2spec/test/phase0/fork_choice/test_on_block.py +++ b/tests/core/pyspec/eth2spec/test/phase0/fork_choice/test_on_block.py @@ -729,14 +729,14 @@ def test_proposer_boost(spec, state): on_tick_and_append_step(spec, store, time, test_steps) yield from add_block(spec, store, signed_block, test_steps) assert store.proposer_boost_root == spec.hash_tree_root(block) - assert spec.get_latest_attesting_balance(store, spec.hash_tree_root(block)) > 0 + assert spec.get_weight(store, spec.hash_tree_root(block)) > 0 # Ensure that boost is removed after slot is over time = (store.genesis_time + block.slot * spec.config.SECONDS_PER_SLOT + spec.config.SECONDS_PER_SLOT) on_tick_and_append_step(spec, store, time, test_steps) assert store.proposer_boost_root == spec.Root() - assert spec.get_latest_attesting_balance(store, spec.hash_tree_root(block)) == 0 + assert spec.get_weight(store, spec.hash_tree_root(block)) == 0 next_slots(spec, state, 3) block = build_empty_block_for_next_slot(spec, state) @@ -747,14 +747,14 @@ def test_proposer_boost(spec, state): on_tick_and_append_step(spec, store, time, test_steps) yield from add_block(spec, store, signed_block, test_steps) assert store.proposer_boost_root == spec.hash_tree_root(block) - assert spec.get_latest_attesting_balance(store, spec.hash_tree_root(block)) > 0 + assert spec.get_weight(store, spec.hash_tree_root(block)) > 0 # Ensure that boost is removed after slot is over time = (store.genesis_time + block.slot * spec.config.SECONDS_PER_SLOT + spec.config.SECONDS_PER_SLOT) on_tick_and_append_step(spec, store, time, test_steps) assert store.proposer_boost_root == spec.Root() - assert spec.get_latest_attesting_balance(store, spec.hash_tree_root(block)) == 0 + assert spec.get_weight(store, spec.hash_tree_root(block)) == 0 test_steps.append({ 'checks': { From c39fda19c6bfdb39054c4f3e02d2316886efaa04 Mon Sep 17 00:00:00 2001 From: Jacek Sieka Date: Thu, 16 Feb 2023 08:18:52 +0100 Subject: [PATCH 15/46] Apply suggestions from code review Co-authored-by: Danny Ryan Co-authored-by: Jimmy Chen --- specs/deneb/fork-choice.md | 5 +++-- specs/deneb/p2p-interface.md | 8 ++++---- specs/deneb/validator.md | 2 +- 3 files changed, 8 insertions(+), 7 deletions(-) diff --git a/specs/deneb/fork-choice.md b/specs/deneb/fork-choice.md index 58c281a597..46403cbe99 100644 --- a/specs/deneb/fork-choice.md +++ b/specs/deneb/fork-choice.md @@ -24,7 +24,7 @@ This is the modification of the fork choice accompanying the Deneb upgrade. ## Helpers -#### `validate_blob_sidecars` +#### `validate_blobs` ```python def validate_blobs(expected_kzg_commitments: Sequence[KZGCommitment], @@ -47,7 +47,8 @@ The block MUST NOT be considered valid until all valid `Blob`s have been downloa ```python def is_data_available(beacon_block_root: Root, blob_kzg_commitments: Sequence[KZGCommitment]) -> bool: - # `retrieve_blobs_and_proofs` is implementation and context dependent, raises an exception if not available. It returns all the blobs for the given block root. + # `retrieve_blobs_and_proofs` is implementation and context dependent + # It returns all the blobs for the given block root, and raises an exception if not available # Note: the p2p network does not guarantee sidecar retrieval outside of `MIN_EPOCHS_FOR_BLOBS_SIDECARS_REQUESTS` blobs, proofs = retrieve_blobs_and_proofs(beacon_block_root) diff --git a/specs/deneb/p2p-interface.md b/specs/deneb/p2p-interface.md index 63a63feda6..258b9e3f1f 100644 --- a/specs/deneb/p2p-interface.md +++ b/specs/deneb/p2p-interface.md @@ -228,7 +228,7 @@ Requests blob sidecars in the slot range `[start_slot, start_slot + count)`, lea The response is unsigned, i.e. `BlobSidecarsByRange`, as the signature of the beacon block proposer may not be available beyond the initial distribution via gossip. -Before consuming the next response chunk, the response reader SHOULD verify the blobs sidecar is well-formatted and correct w.r.t. the expected KZG commitments through `validate_blobs_sidecar`. +Before consuming the next response chunk, the response reader SHOULD verify the blob sidecar is well-formatted and correct w.r.t. the expected KZG commitments through `validate_blobs`. `BlobSidecarsByRange` is primarily used to sync blobs that may have been missed on gossip and to sync within the `MIN_EPOCHS_FOR_BLOBS_SIDECARS_REQUESTS` window. @@ -255,11 +255,11 @@ to be fully compliant with `BlobsSidecarsByRange` requests. participating in the networking immediately, other peers MAY disconnect and/or temporarily ban such an un-synced or semi-synced client. -Clients MUST respond with at least the first blobs sidecar that exists in the range, if they have it, and no more than `MAX_REQUEST_BLOB_SIDECARS * MAX_BLOBS_PER_BLOCK` sidecars. +Clients MUST respond with at least the first blob sidecar that exists in the range, if they have it, and no more than `MAX_REQUEST_BLOB_SIDECARS * MAX_BLOBS_PER_BLOCK` sidecars. -The following blobs sidecars, where they exist, MUST be sent in consecutive `(slot, index)` order. +The following blob sidecars, where they exist, MUST be sent in consecutive `(slot, index)` order. -Clients MAY limit the number of blobs sidecars in the response. +Clients MAY limit the number of blob sidecars in the response. The response MUST contain no more than `count * MAX_BLOBS_PER_BLOCK` blob sidecars. diff --git a/specs/deneb/validator.md b/specs/deneb/validator.md index d867098744..45a8e5c834 100644 --- a/specs/deneb/validator.md +++ b/specs/deneb/validator.md @@ -104,7 +104,7 @@ def get_blob_sidecars(block: BeaconBlock, blobs: Sequence[Blob]) -> Sequence[Blo ``` -Then `signed_sidecar = SignedBlobSidecar(message=sidecar, signature=signature)` is constructed and published to the `blob_sidecar_{index}` topics according to its index. +Then for each sidecar, `signed_sidecar = SignedBlobSidecar(message=sidecar, signature=signature)` is constructed and published to the `blob_sidecar_{index}` topics according to its index. `signature` is obtained from: From 639ff9b2b0acfbba0e642e04da6efa76ad1f5292 Mon Sep 17 00:00:00 2001 From: Jacek Sieka Date: Thu, 16 Feb 2023 08:30:40 +0100 Subject: [PATCH 16/46] Update specs/deneb/p2p-interface.md Co-authored-by: Jimmy Chen --- specs/deneb/p2p-interface.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/specs/deneb/p2p-interface.md b/specs/deneb/p2p-interface.md index 258b9e3f1f..2ba8de409f 100644 --- a/specs/deneb/p2p-interface.md +++ b/specs/deneb/p2p-interface.md @@ -38,7 +38,7 @@ The specification of these changes continues in the same format as the network s |------------------------------------------|-----------------------------------|---------------------------------------------------------------------| | `MAX_REQUEST_BLOCKS_DENEB` | `2**7` (= 128) | Maximum number of blocks in a single request | | `MAX_REQUEST_BLOB_SIDECARS` | `2**7` (= 128) | Maximum number of blob sidecars in a single request | -| `MIN_EPOCHS_FOR_BLOBS_SIDECARS_REQUESTS` | `2**12` (= 4096 epochs, ~18 days) | The minimum epoch range over which a node must serve blobs sidecars | +| `MIN_EPOCHS_FOR_BLOB_SIDECARS_REQUESTS` | `2**12` (= 4096 epochs, ~18 days) | The minimum epoch range over which a node must serve blob sidecars | ## Containers From 24a19bb886f7294f8b9c8ff990818936b044f5fa Mon Sep 17 00:00:00 2001 From: Jacek Sieka Date: Thu, 16 Feb 2023 09:12:34 +0100 Subject: [PATCH 17/46] fixes * fight the test suite * clarify who orphans the block * must supply all blobs of a block in range request --- setup.py | 4 ++-- specs/deneb/fork-choice.md | 6 +++--- specs/deneb/p2p-interface.md | 23 ++++++++++++++--------- 3 files changed, 19 insertions(+), 14 deletions(-) diff --git a/setup.py b/setup.py index f87ed5a6cf..7b1c718b8c 100644 --- a/setup.py +++ b/setup.py @@ -653,9 +653,9 @@ def preparations(cls): @classmethod def sundry_functions(cls) -> str: return super().sundry_functions() + '\n\n' + ''' -def retrieve_blobs_sidecar(slot: Slot, beacon_block_root: Root) -> PyUnion[BlobsSidecar, str]: +def retrieve_blobs_and_proofs(slot: Slot, beacon_block_root: Root) -> PyUnion[BlobsSidecar, str]: # pylint: disable=unused-argument - return "TEST"''' + return ("TEST", "TEST")''' @classmethod def hardcoded_custom_type_dep_constants(cls, spec_object) -> str: diff --git a/specs/deneb/fork-choice.md b/specs/deneb/fork-choice.md index 46403cbe99..a2866092d2 100644 --- a/specs/deneb/fork-choice.md +++ b/specs/deneb/fork-choice.md @@ -8,7 +8,7 @@ - [Introduction](#introduction) - [Containers](#containers) - [Helpers](#helpers) - - [`validate_blob_sidecars`](#validate_blob_sidecars) + - [`validate_blobs`](#validate_blobs) - [`is_data_available`](#is_data_available) - [Updated fork-choice handlers](#updated-fork-choice-handlers) - [`on_block`](#on_block) @@ -52,9 +52,9 @@ def is_data_available(beacon_block_root: Root, blob_kzg_commitments: Sequence[KZ # Note: the p2p network does not guarantee sidecar retrieval outside of `MIN_EPOCHS_FOR_BLOBS_SIDECARS_REQUESTS` blobs, proofs = retrieve_blobs_and_proofs(beacon_block_root) - # For testing, `retrieve_blobs_and_proofs` returns "TEST". + # For testing, `retrieve_blobs_and_proofs` returns ("TEST", "TEST"). # TODO: Remove it once we have a way to inject `BlobSidecar` into tests. - if isinstance(sidecar, str): + if isinstance(blobs, str): return True validate_blobs(expected_kzg_commitments, blobs, proofs) diff --git a/specs/deneb/p2p-interface.md b/specs/deneb/p2p-interface.md index 2ba8de409f..5e0b162070 100644 --- a/specs/deneb/p2p-interface.md +++ b/specs/deneb/p2p-interface.md @@ -14,6 +14,7 @@ The specification of these changes continues in the same format as the network s - [Containers](#containers) - [`BlobSidecar`](#blobsidecar) - [`SignedBlobSidecar`](#signedblobsidecar) + - [`BlobIdentifier`](#blobidentifier) - [The gossip domain: gossipsub](#the-gossip-domain-gossipsub) - [Topics and messages](#topics-and-messages) - [Global topics](#global-topics) @@ -61,7 +62,15 @@ class BlobSidecar(Container): ```python class SignedBlobSidecar(Container): message: BlobSidecar - signature: Signature + signature: BLSSignature +``` + +### `BlobIdentifier` + +```python +class BlobIdentifier(Container): + block_root: Root + index: uint64 ``` ## The gossip domain: gossipsub @@ -104,7 +113,7 @@ The following validations MUST pass before forwarding the `sidecar` on the netwo - _[IGNORE]_ The blob's block's parent (defined by `sidecar.block_parent_root`) has been seen (via both gossip and non-gossip sources) (a client MAY queue blocks for processing once the parent block is retrieved). - _[REJECT]_ The proposer signature, `signed_blob_sidecar.signature`, is valid with respect to the `sidecar.proposer_index` pubkey. - _[IGNORE]_ The sidecar is the only sidecar with valid signature received for the tuple `(sidecar.slot, sidecar.proposer_index, sidecar.index)`. - -- If full verification of the blob fails at a later processing stage, clients MUST clear the blob from this "seen" cache so as to allow a the valid blob to propagate. Block producers MAY orphan blocks if they have observed multiple blobs signed by the proposer for the same "seen" tuple. + -- If full verification of the blob fails at a later processing stage, clients MUST clear the blob from this "seen" cache so as to allow a the valid blob to propagate. The next block producer MAY orphan the block if they have observed multiple blobs signed by the proposer for the same "seen" tuple. - _[REJECT]_ The sidecar is proposed by the expected `proposer_index` for the block's slot in the context of the current shuffling (defined by `block_parent_root`/`slot`). If the `proposer_index` cannot immediately be verified against the expected shuffling, the sidecar MAY be queued for later processing while proposers for the block's branch are calculated -- in such a case _do not_ `REJECT`, instead `IGNORE` this message. @@ -164,12 +173,6 @@ New in deneb. Request Content: -```python -class BlobIdentifier(Container): - block_root: Root - index: uint64 -``` - ``` ( List[BlobIdentifier, MAX_REQUEST_BLOBS_SIDECARS * MAX_BLOBS_PER_BLOCK] @@ -255,7 +258,9 @@ to be fully compliant with `BlobsSidecarsByRange` requests. participating in the networking immediately, other peers MAY disconnect and/or temporarily ban such an un-synced or semi-synced client. -Clients MUST respond with at least the first blob sidecar that exists in the range, if they have it, and no more than `MAX_REQUEST_BLOB_SIDECARS * MAX_BLOBS_PER_BLOCK` sidecars. +Clients MUST respond with at least the blob sidecars of the first blob-carrying block that exists in the range, if they have it, and no more than `MAX_REQUEST_BLOB_SIDECARS * MAX_BLOBS_PER_BLOCK` sidecars. + +Clients MUST include all blob sidecars of each block from which they include blob sidecars. The following blob sidecars, where they exist, MUST be sent in consecutive `(slot, index)` order. From 5fe857b2096c6a903ac0c822cae66e2236f03feb Mon Sep 17 00:00:00 2001 From: Jacek Sieka Date: Thu, 16 Feb 2023 09:20:40 +0100 Subject: [PATCH 18/46] fixes --- setup.py | 2 +- specs/deneb/p2p-interface.md | 2 +- specs/deneb/validator.md | 1 - 3 files changed, 2 insertions(+), 3 deletions(-) diff --git a/setup.py b/setup.py index 7b1c718b8c..666ba8afc1 100644 --- a/setup.py +++ b/setup.py @@ -653,7 +653,7 @@ def preparations(cls): @classmethod def sundry_functions(cls) -> str: return super().sundry_functions() + '\n\n' + ''' -def retrieve_blobs_and_proofs(slot: Slot, beacon_block_root: Root) -> PyUnion[BlobsSidecar, str]: +def retrieve_blobs_and_proofs(slot: Slot, beacon_block_root: Root) -> PyUnion[(Blob, KZGProof), (str, str)]: # pylint: disable=unused-argument return ("TEST", "TEST")''' diff --git a/specs/deneb/p2p-interface.md b/specs/deneb/p2p-interface.md index 5e0b162070..163522ec3a 100644 --- a/specs/deneb/p2p-interface.md +++ b/specs/deneb/p2p-interface.md @@ -284,5 +284,5 @@ This "sidecar" design provides forward compatibility for further data increases with full sharding `is_data_available()` can be replaced by data-availability-sampling (DAS) thus avoiding all blobs being downloaded by all beacon nodes on the network. -Such sharding design may introduce an updated `BlobsSidecar` to identify the shard, +Such sharding design may introduce an updated `BlobSidecar` to identify the shard, but does not affect the `BeaconBlock` structure. diff --git a/specs/deneb/validator.md b/specs/deneb/validator.md index 45a8e5c834..b29330ce57 100644 --- a/specs/deneb/validator.md +++ b/specs/deneb/validator.md @@ -52,7 +52,6 @@ def get_blobs_and_kzg_commitments(payload_id: PayloadId) -> Tuple[Sequence[BLSFi ## Beacon chain responsibilities All validator responsibilities remain unchanged other than those noted below. -Namely, the blob handling and the addition of `SignedBeaconBlockAndBlobsSidecar`. ### Block and sidecar proposal From f23ed0cdbc4d7590212653a460eb709350e7ed37 Mon Sep 17 00:00:00 2001 From: Hsiao-Wei Wang Date: Thu, 16 Feb 2023 21:11:18 +0800 Subject: [PATCH 19/46] Make linter happy --- setup.py | 2 +- specs/deneb/fork-choice.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/setup.py b/setup.py index 031ac7457c..9c5488f126 100644 --- a/setup.py +++ b/setup.py @@ -653,7 +653,7 @@ def preparations(cls): @classmethod def sundry_functions(cls) -> str: return super().sundry_functions() + '\n\n' + ''' -def retrieve_blobs_and_proofs(slot: Slot, beacon_block_root: Root) -> PyUnion[(Blob, KZGProof), (str, str)]: +def retrieve_blobs_and_proofs(beacon_block_root: Root) -> PyUnion[Tuple[Blob, KZGProof], Tuple[str, str]]: # pylint: disable=unused-argument return ("TEST", "TEST")''' diff --git a/specs/deneb/fork-choice.md b/specs/deneb/fork-choice.md index 2757e591ef..8fa08357a7 100644 --- a/specs/deneb/fork-choice.md +++ b/specs/deneb/fork-choice.md @@ -54,7 +54,7 @@ def is_data_available(beacon_block_root: Root, blob_kzg_commitments: Sequence[KZ # For testing, `retrieve_blobs_and_proofs` returns ("TEST", "TEST"). # TODO: Remove it once we have a way to inject `BlobSidecar` into tests. - if isinstance(blobs, str): + if isinstance(blobs, str) or isinstance(proofs, str): return True validate_blobs(blob_kzg_commitments, blobs, proofs) From a7e45db9ac2b60a33e144444969ad3ac0aae3d4c Mon Sep 17 00:00:00 2001 From: Hsiao-Wei Wang Date: Thu, 16 Feb 2023 22:09:57 +0800 Subject: [PATCH 20/46] Fix `verify_kzg_proof_batch` and the tests --- specs/deneb/fork-choice.md | 4 +-- specs/deneb/polynomial-commitments.md | 9 ++++--- ...lobs_sidecar.py => test_validate_blobs.py} | 26 ++++++++++--------- 3 files changed, 21 insertions(+), 18 deletions(-) rename tests/core/pyspec/eth2spec/test/deneb/unittests/fork_choice/{test_validate_blobs_sidecar.py => test_validate_blobs.py} (54%) diff --git a/specs/deneb/fork-choice.md b/specs/deneb/fork-choice.md index 8fa08357a7..e93eb54faf 100644 --- a/specs/deneb/fork-choice.md +++ b/specs/deneb/fork-choice.md @@ -33,9 +33,7 @@ def validate_blobs(expected_kzg_commitments: Sequence[KZGCommitment], assert len(expected_kzg_commitments) == len(blobs) assert len(blobs) == len(proofs) - # Clients MAY use `verify_blob_kzg_proof_multi` for efficiency - for commitment, blob, proof in zip(expected_kzg_commitments, blobs, proofs): - assert verify_blob_kzg_proof(commitment, blob, proof) + assert verify_blob_kzg_proof_batch(blobs, expected_kzg_commitments, proofs) ``` #### `is_data_available` diff --git a/specs/deneb/polynomial-commitments.md b/specs/deneb/polynomial-commitments.md index afcf934fc7..76affe6200 100644 --- a/specs/deneb/polynomial-commitments.md +++ b/specs/deneb/polynomial-commitments.md @@ -411,15 +411,18 @@ def verify_kzg_proof_batch(commitments: Sequence[KZGCommitment], # Verify: e(sum r^i proof_i, [s]) == # e(sum r^i (commitment_i - [y_i]) + sum r^i z_i proof_i, [1]) proof_lincomb = g1_lincomb(proofs, r_powers) - proof_z_lincomb = g1_lincomb(proofs, [z * r_power for z, r_power in zip(zs, r_powers)]) + proof_z_lincomb = g1_lincomb( + proofs, + [BLSFieldElement((int(z) * int(r_power)) % BLS_MODULUS) for z, r_power in zip(zs, r_powers)], + ) C_minus_ys = [bls.add(bls.bytes48_to_G1(commitment), bls.multiply(bls.G1, BLS_MODULUS - y)) for commitment, y in zip(commitments, ys)] C_minus_y_as_KZGCommitments = [KZGCommitment(bls.G1_to_bytes48(x)) for x in C_minus_ys] C_minus_y_lincomb = g1_lincomb(C_minus_y_as_KZGCommitments, r_powers) return bls.pairing_check([ - [proof_lincomb, bls.neg(KZG_SETUP_G2[1])], - [bls.add(C_minus_y_lincomb, proof_z_lincomb), bls.G2] + [bls.bytes48_to_G1(proof_lincomb), bls.neg(bls.bytes96_to_G2(KZG_SETUP_G2[1]))], + [bls.add(bls.bytes48_to_G1(C_minus_y_lincomb), bls.bytes48_to_G1(proof_z_lincomb)), bls.G2] ]) ``` diff --git a/tests/core/pyspec/eth2spec/test/deneb/unittests/fork_choice/test_validate_blobs_sidecar.py b/tests/core/pyspec/eth2spec/test/deneb/unittests/fork_choice/test_validate_blobs.py similarity index 54% rename from tests/core/pyspec/eth2spec/test/deneb/unittests/fork_choice/test_validate_blobs_sidecar.py rename to tests/core/pyspec/eth2spec/test/deneb/unittests/fork_choice/test_validate_blobs.py index 87ed9ff8ea..d9934c5ade 100644 --- a/tests/core/pyspec/eth2spec/test/deneb/unittests/fork_choice/test_validate_blobs_sidecar.py +++ b/tests/core/pyspec/eth2spec/test/deneb/unittests/fork_choice/test_validate_blobs.py @@ -16,7 +16,7 @@ ) -def _run_validate_blobs_sidecar_test(spec, state, blob_count): +def _run_validate_blobs(spec, state, blob_count): block = build_empty_block_for_next_slot(spec, state) opaque_tx, blobs, blob_kzg_commitments = get_sample_opaque_tx(spec, blob_count=blob_count) block.body.blob_kzg_commitments = blob_kzg_commitments @@ -24,30 +24,32 @@ def _run_validate_blobs_sidecar_test(spec, state, blob_count): block.body.execution_payload.block_hash = compute_el_block_hash(spec, block.body.execution_payload) state_transition_and_sign_block(spec, state, block) - blobs_sidecar = spec.get_blobs_sidecar(block, blobs) - expected_commitments = [spec.blob_to_kzg_commitment(blobs[i]) for i in range(blob_count)] - spec.validate_blobs_sidecar(block.slot, block.hash_tree_root(), expected_commitments, blobs_sidecar) + # Also test the proof generation in `get_blob_sidecars` + blob_sidecars = spec.get_blob_sidecars(block, blobs) + blobs = [sidecar.blob for sidecar in blob_sidecars] + kzg_proofs = [sidecar.kzg_proof for sidecar in blob_sidecars] + spec.validate_blobs(blob_kzg_commitments, blobs, kzg_proofs) @with_deneb_and_later @spec_state_test -def test_validate_blobs_sidecar_zero_blobs(spec, state): - _run_validate_blobs_sidecar_test(spec, state, blob_count=0) +def test_validate_blobs_zero_blobs(spec, state): + _run_validate_blobs(spec, state, blob_count=0) @with_deneb_and_later @spec_state_test -def test_validate_blobs_sidecar_one_blob(spec, state): - _run_validate_blobs_sidecar_test(spec, state, blob_count=1) +def test_validate_blobs_one_blob(spec, state): + _run_validate_blobs(spec, state, blob_count=1) @with_deneb_and_later @spec_state_test -def test_validate_blobs_sidecar_two_blobs(spec, state): - _run_validate_blobs_sidecar_test(spec, state, blob_count=2) +def test_validate_blobs_two_blobs(spec, state): + _run_validate_blobs(spec, state, blob_count=2) @with_deneb_and_later @spec_state_test -def test_validate_blobs_sidecar_max_blobs(spec, state): - _run_validate_blobs_sidecar_test(spec, state, blob_count=spec.MAX_BLOBS_PER_BLOCK) +def test_validate_blobs_max_blobs(spec, state): + _run_validate_blobs(spec, state, blob_count=spec.MAX_BLOBS_PER_BLOCK) From a562710fe6f6c15f93f06f6d40ba7599133747b5 Mon Sep 17 00:00:00 2001 From: Hsiao-Wei Wang Date: Fri, 17 Feb 2023 01:22:11 +0800 Subject: [PATCH 21/46] Fix `compute_quotient_eval_within_domain` overflow --- specs/deneb/polynomial-commitments.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/specs/deneb/polynomial-commitments.md b/specs/deneb/polynomial-commitments.md index afcf934fc7..593c1a4f3e 100644 --- a/specs/deneb/polynomial-commitments.md +++ b/specs/deneb/polynomial-commitments.md @@ -459,7 +459,7 @@ def compute_quotient_eval_within_domain(z: BLSFieldElement, f_i = int(BLS_MODULUS) + int(polynomial[i]) - int(y) % BLS_MODULUS numerator = f_i * int(omega_i) % BLS_MODULUS denominator = int(z) * (int(BLS_MODULUS) + int(z) - int(omega_i)) % BLS_MODULUS - result += div(BLSFieldElement(numerator), BLSFieldElement(denominator)) + result += int(div(BLSFieldElement(numerator), BLSFieldElement(denominator))) return BLSFieldElement(result % BLS_MODULUS) ``` From 9dd7d2ba2f5b9bb1ce50494d1971d483764afcb6 Mon Sep 17 00:00:00 2001 From: Danny Ryan Date: Fri, 17 Feb 2023 11:59:56 -0700 Subject: [PATCH 22/46] fix Blob pluralization in a few places --- specs/deneb/p2p-interface.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/specs/deneb/p2p-interface.md b/specs/deneb/p2p-interface.md index 163522ec3a..8357776abb 100644 --- a/specs/deneb/p2p-interface.md +++ b/specs/deneb/p2p-interface.md @@ -201,7 +201,7 @@ No more than `MAX_REQUEST_BLOBS_SIDECARS * MAX_BLOBS_PER_BLOCK` may be requested The response MUST consist of zero or more `response_chunk`. Each _successful_ `response_chunk` MUST contain a single `BlobSidecar` payload. -Clients MUST support requesting sidecars since `minimum_request_epoch`, where `minimum_request_epoch = max(finalized_epoch, current_epoch - MIN_EPOCHS_FOR_BLOBS_SIDECARS_REQUESTS, DENEB_FORK_EPOCH)`. If any root in the request content references a block earlier than `minimum_request_epoch`, peers MAY respond with error code `3: ResourceUnavailable` or not include the blob in the response. +Clients MUST support requesting sidecars since `minimum_request_epoch`, where `minimum_request_epoch = max(finalized_epoch, current_epoch - MIN_EPOCHS_FOR_BLOB_SIDECARS_REQUESTS, DENEB_FORK_EPOCH)`. If any root in the request content references a block earlier than `minimum_request_epoch`, peers MAY respond with error code `3: ResourceUnavailable` or not include the blob in the response. Clients MUST respond with at least one sidecar, if they have it. Clients MAY limit the number of blocks and sidecars in the response. @@ -233,7 +233,7 @@ The response is unsigned, i.e. `BlobSidecarsByRange`, as the signature of the be Before consuming the next response chunk, the response reader SHOULD verify the blob sidecar is well-formatted and correct w.r.t. the expected KZG commitments through `validate_blobs`. -`BlobSidecarsByRange` is primarily used to sync blobs that may have been missed on gossip and to sync within the `MIN_EPOCHS_FOR_BLOBS_SIDECARS_REQUESTS` window. +`BlobSidecarsByRange` is primarily used to sync blobs that may have been missed on gossip and to sync within the `MIN_EPOCHS_FOR_BLOB_SIDECARS_REQUESTS` window. The request MUST be encoded as an SSZ-container. @@ -241,18 +241,18 @@ The response MUST consist of zero or more `response_chunk`. Each _successful_ `response_chunk` MUST contain a single `BlobSidecar` payload. Clients MUST keep a record of signed blobs sidecars seen on the epoch range -`[max(current_epoch - MIN_EPOCHS_FOR_BLOBS_SIDECARS_REQUESTS, DENEB_FORK_EPOCH), current_epoch]` +`[max(current_epoch - MIN_EPOCHS_FOR_BLOB_SIDECARS_REQUESTS, DENEB_FORK_EPOCH), current_epoch]` where `current_epoch` is defined by the current wall-clock time, and clients MUST support serving requests of blobs on this range. -Peers that are unable to reply to blob sidecar requests within the `MIN_EPOCHS_FOR_BLOBS_SIDECARS_REQUESTS` +Peers that are unable to reply to blob sidecar requests within the `MIN_EPOCHS_FOR_BLOB_SIDECARS_REQUESTS` epoch range SHOULD respond with error code `3: ResourceUnavailable`. Such peers that are unable to successfully reply to this range of requests MAY get descored or disconnected at any time. *Note*: The above requirement implies that nodes that start from a recent weak subjectivity checkpoint -MUST backfill the local blobs database to at least epoch `current_epoch - MIN_EPOCHS_FOR_BLOBS_SIDECARS_REQUESTS` -to be fully compliant with `BlobsSidecarsByRange` requests. +MUST backfill the local blobs database to at least epoch `current_epoch - MIN_EPOCHS_FOR_BLOB_SIDECARS_REQUESTS` +to be fully compliant with `BlobSidecarsByRange` requests. *Note*: Although clients that bootstrap from a weak subjectivity checkpoint can begin participating in the networking immediately, other peers MAY From c1a2962b31ee17c9795308e690a568a26c2e8917 Mon Sep 17 00:00:00 2001 From: kevaundray Date: Sat, 18 Feb 2023 15:09:43 +0000 Subject: [PATCH 23/46] Update polynomial-commitments.md --- specs/deneb/polynomial-commitments.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/specs/deneb/polynomial-commitments.md b/specs/deneb/polynomial-commitments.md index 593c1a4f3e..0e076cd4ef 100644 --- a/specs/deneb/polynomial-commitments.md +++ b/specs/deneb/polynomial-commitments.md @@ -469,7 +469,7 @@ def compute_quotient_eval_within_domain(z: BLSFieldElement, ```python def compute_kzg_proof_impl(polynomial: Polynomial, z: BLSFieldElement) -> KZGProof: """ - Helper function for compute_kzg_proof() and compute_aggregate_kzg_proof(). + Helper function for compute_kzg_proof(). """ roots_of_unity_brp = bit_reversal_permutation(ROOTS_OF_UNITY) From 54d2559eb54db217844d30098662e0be3c8d9e5c Mon Sep 17 00:00:00 2001 From: Jacek Sieka Date: Sat, 18 Feb 2023 17:45:16 +0100 Subject: [PATCH 24/46] remove producer reorg on multi-blob * also, use root/index for uniqueness --- specs/deneb/p2p-interface.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/specs/deneb/p2p-interface.md b/specs/deneb/p2p-interface.md index 8357776abb..b11e61ef65 100644 --- a/specs/deneb/p2p-interface.md +++ b/specs/deneb/p2p-interface.md @@ -112,8 +112,7 @@ The following validations MUST pass before forwarding the `sidecar` on the netwo - _[IGNORE]_ The sidecar is from a slot greater than the latest finalized slot -- i.e. validate that `sidecar.slot > compute_start_slot_at_epoch(state.finalized_checkpoint.epoch)` - _[IGNORE]_ The blob's block's parent (defined by `sidecar.block_parent_root`) has been seen (via both gossip and non-gossip sources) (a client MAY queue blocks for processing once the parent block is retrieved). - _[REJECT]_ The proposer signature, `signed_blob_sidecar.signature`, is valid with respect to the `sidecar.proposer_index` pubkey. -- _[IGNORE]_ The sidecar is the only sidecar with valid signature received for the tuple `(sidecar.slot, sidecar.proposer_index, sidecar.index)`. - -- If full verification of the blob fails at a later processing stage, clients MUST clear the blob from this "seen" cache so as to allow a the valid blob to propagate. The next block producer MAY orphan the block if they have observed multiple blobs signed by the proposer for the same "seen" tuple. +- _[IGNORE]_ The sidecar is the only sidecar with valid signature received for the tuple `(sidecar.block_root, sidecar.index)`. - _[REJECT]_ The sidecar is proposed by the expected `proposer_index` for the block's slot in the context of the current shuffling (defined by `block_parent_root`/`slot`). If the `proposer_index` cannot immediately be verified against the expected shuffling, the sidecar MAY be queued for later processing while proposers for the block's branch are calculated -- in such a case _do not_ `REJECT`, instead `IGNORE` this message. From 0632a5a32ca0e7915a8d63600d47f950f4c64c31 Mon Sep 17 00:00:00 2001 From: kevaundray Date: Mon, 20 Feb 2023 10:54:16 +0000 Subject: [PATCH 25/46] Update specs/deneb/polynomial-commitments.md Co-authored-by: Hsiao-Wei Wang --- specs/deneb/polynomial-commitments.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/specs/deneb/polynomial-commitments.md b/specs/deneb/polynomial-commitments.md index 0e076cd4ef..31138a5efd 100644 --- a/specs/deneb/polynomial-commitments.md +++ b/specs/deneb/polynomial-commitments.md @@ -469,7 +469,7 @@ def compute_quotient_eval_within_domain(z: BLSFieldElement, ```python def compute_kzg_proof_impl(polynomial: Polynomial, z: BLSFieldElement) -> KZGProof: """ - Helper function for compute_kzg_proof(). + Helper function for `compute_kzg_proof()` and `compute_blob_kzg_proof()`. """ roots_of_unity_brp = bit_reversal_permutation(ROOTS_OF_UNITY) From 83cf02f66818b71256d7c2d6cf41f66118cf4951 Mon Sep 17 00:00:00 2001 From: kevaundray Date: Mon, 20 Feb 2023 10:57:39 +0000 Subject: [PATCH 26/46] Remove repeated computation --- specs/deneb/polynomial-commitments.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/specs/deneb/polynomial-commitments.md b/specs/deneb/polynomial-commitments.md index 593c1a4f3e..6978317d7d 100644 --- a/specs/deneb/polynomial-commitments.md +++ b/specs/deneb/polynomial-commitments.md @@ -479,7 +479,7 @@ def compute_kzg_proof_impl(polynomial: Polynomial, z: BLSFieldElement) -> KZGPro # For all x_i, compute (x_i - z) denominator_poly = [BLSFieldElement((int(x) - int(z)) % BLS_MODULUS) - for x in bit_reversal_permutation(ROOTS_OF_UNITY)] + for x in roots_of_unity_brp] # Compute the quotient polynomial directly in evaluation form quotient_polynomial = [BLSFieldElement(0)] * FIELD_ELEMENTS_PER_BLOB From 4e2a9920f1e1f1f7496289161fa7d830bb5b1d0e Mon Sep 17 00:00:00 2001 From: Jacek Sieka Date: Mon, 20 Feb 2023 12:15:53 +0100 Subject: [PATCH 27/46] Update specs/deneb/p2p-interface.md Co-authored-by: g11tech --- specs/deneb/p2p-interface.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/specs/deneb/p2p-interface.md b/specs/deneb/p2p-interface.md index b11e61ef65..531161b4e9 100644 --- a/specs/deneb/p2p-interface.md +++ b/specs/deneb/p2p-interface.md @@ -70,7 +70,7 @@ class SignedBlobSidecar(Container): ```python class BlobIdentifier(Container): block_root: Root - index: uint64 + index: BlobIndex ``` ## The gossip domain: gossipsub From ac0ec660d39e9d2470c0efb6be8ad53815085833 Mon Sep 17 00:00:00 2001 From: Jacek Sieka Date: Mon, 20 Feb 2023 16:35:11 +0100 Subject: [PATCH 28/46] add parent validation requirement sama as block --- specs/deneb/p2p-interface.md | 1 + 1 file changed, 1 insertion(+) diff --git a/specs/deneb/p2p-interface.md b/specs/deneb/p2p-interface.md index 531161b4e9..040d594dd2 100644 --- a/specs/deneb/p2p-interface.md +++ b/specs/deneb/p2p-interface.md @@ -111,6 +111,7 @@ The following validations MUST pass before forwarding the `sidecar` on the netwo - _[IGNORE]_ The sidecar is not from a future slot (with a `MAXIMUM_GOSSIP_CLOCK_DISPARITY` allowance) -- i.e. validate that `sidecar.slot <= current_slot` (a client MAY queue future blocks for processing at the appropriate slot). - _[IGNORE]_ The sidecar is from a slot greater than the latest finalized slot -- i.e. validate that `sidecar.slot > compute_start_slot_at_epoch(state.finalized_checkpoint.epoch)` - _[IGNORE]_ The blob's block's parent (defined by `sidecar.block_parent_root`) has been seen (via both gossip and non-gossip sources) (a client MAY queue blocks for processing once the parent block is retrieved). +- _[REJECT]_ The blob's block's parent (defined by `sidecar.block_parent_root`) passes validation. - _[REJECT]_ The proposer signature, `signed_blob_sidecar.signature`, is valid with respect to the `sidecar.proposer_index` pubkey. - _[IGNORE]_ The sidecar is the only sidecar with valid signature received for the tuple `(sidecar.block_root, sidecar.index)`. - _[REJECT]_ The sidecar is proposed by the expected `proposer_index` for the block's slot in the context of the current shuffling (defined by `block_parent_root`/`slot`). From dff740752b9b0f20792e242c2e789cc88f1fe787 Mon Sep 17 00:00:00 2001 From: djrtwo Date: Mon, 20 Feb 2023 10:07:24 -0700 Subject: [PATCH 29/46] add deposit+bls_change test --- .../test/capella/sanity/test_blocks.py | 43 ++++++++++++++++++- 1 file changed, 41 insertions(+), 2 deletions(-) diff --git a/tests/core/pyspec/eth2spec/test/capella/sanity/test_blocks.py b/tests/core/pyspec/eth2spec/test/capella/sanity/test_blocks.py index 079990e3e1..d62e458be6 100644 --- a/tests/core/pyspec/eth2spec/test/capella/sanity/test_blocks.py +++ b/tests/core/pyspec/eth2spec/test/capella/sanity/test_blocks.py @@ -37,7 +37,7 @@ @with_capella_and_later @spec_state_test -def test_success_bls_change(spec, state): +def test_bls_change(spec, state): index = 0 signed_address_change = get_signed_address_change(spec, state, validator_index=index) pre_credentials = state.validators[index].withdrawal_credentials @@ -60,7 +60,46 @@ def test_success_bls_change(spec, state): @with_capella_and_later @spec_state_test -def test_success_exit_and_bls_change(spec, state): +def test_deposit_and_bls_change(spec, state): + initial_registry_len = len(state.validators) + initial_balances_len = len(state.balances) + + validator_index = len(state.validators) + amount = spec.MAX_EFFECTIVE_BALANCE + deposit = prepare_state_and_deposit(spec, state, validator_index, amount, signed=True) + + signed_address_change = get_signed_address_change( + spec, state, + validator_index=validator_index, + withdrawal_pubkey=deposit.data.pubkey, # Deposit helper defaults to use pubkey as withdrawal credential + ) + + deposit_credentials = deposit.data.withdrawal_credentials + assert deposit_credentials[:1] == spec.BLS_WITHDRAWAL_PREFIX + + yield 'pre', state + + block = build_empty_block_for_next_slot(spec, state) + block.body.deposits.append(deposit) + block.body.bls_to_execution_changes.append(signed_address_change) + + signed_block = state_transition_and_sign_block(spec, state, block) + + yield 'blocks', [signed_block] + yield 'post', state + + assert len(state.validators) == initial_registry_len + 1 + assert len(state.balances) == initial_balances_len + 1 + validator_credentials = state.validators[validator_index].withdrawal_credentials + assert deposit_credentials != validator_credentials + assert validator_credentials[:1] == spec.ETH1_ADDRESS_WITHDRAWAL_PREFIX + assert validator_credentials[1:12] == b'\x00' * 11 + assert validator_credentials[12:] == signed_address_change.message.to_execution_address + + +@with_capella_and_later +@spec_state_test +def test_exit_and_bls_change(spec, state): # move state forward SHARD_COMMITTEE_PERIOD epochs to allow for exit state.slot += spec.config.SHARD_COMMITTEE_PERIOD * spec.SLOTS_PER_EPOCH From 95401cf6e46aa9ba47d78e9a50ccc2ca87e4e1ec Mon Sep 17 00:00:00 2001 From: Age Manning Date: Thu, 26 Jan 2023 19:30:49 +1100 Subject: [PATCH 30/46] Clarify context bytes in the RPC methods in 4844 --- specs/deneb/p2p-interface.md | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/specs/deneb/p2p-interface.md b/specs/deneb/p2p-interface.md index 040d594dd2..ea29eb7f4b 100644 --- a/specs/deneb/p2p-interface.md +++ b/specs/deneb/p2p-interface.md @@ -171,6 +171,14 @@ No more than `MAX_REQUEST_BLOCKS_DENEB` may be requested at a time. New in deneb. +The `` field is calculated as `context = compute_fork_digest(fork_version, genesis_validators_root)`: + +[1]: # (eth2spec: skip) + +| `fork_version` | Chunk SSZ type | +|--------------------------|-------------------------------| +| `DENEB_FORK_VERSION` | `deneb.BlobSidecar` | + Request Content: ``` @@ -212,6 +220,14 @@ Clients MAY limit the number of blocks and sidecars in the response. New in deneb. +The `` field is calculated as `context = compute_fork_digest(fork_version, genesis_validators_root)`: + +[1]: # (eth2spec: skip) + +| `fork_version` | Chunk SSZ type | +|--------------------------|-------------------------------| +| `DENEB_FORK_VERSION` | `deneb.BlobSidecar` | + Request Content: ``` ( From 7ff627e03290e2706d811c3915256f45351f3151 Mon Sep 17 00:00:00 2001 From: Hsiao-Wei Wang Date: Tue, 21 Feb 2023 01:14:46 +0800 Subject: [PATCH 31/46] bump VERSION.txt to 1.3.0-rc.3 --- tests/core/pyspec/eth2spec/VERSION.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/core/pyspec/eth2spec/VERSION.txt b/tests/core/pyspec/eth2spec/VERSION.txt index 1d074f43e5..99aab26b29 100644 --- a/tests/core/pyspec/eth2spec/VERSION.txt +++ b/tests/core/pyspec/eth2spec/VERSION.txt @@ -1 +1 @@ -1.3.0-rc.2 +1.3.0-rc.3 From 9391f3ccfca279ec6d02e9b689b5b77c949da1e1 Mon Sep 17 00:00:00 2001 From: kasey Date: Tue, 21 Feb 2023 21:48:21 -0600 Subject: [PATCH 32/46] fix MAX_REQUEST_BLOBS_SIDECARS typo --- specs/deneb/p2p-interface.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/specs/deneb/p2p-interface.md b/specs/deneb/p2p-interface.md index ea29eb7f4b..378a65fdc2 100644 --- a/specs/deneb/p2p-interface.md +++ b/specs/deneb/p2p-interface.md @@ -183,7 +183,7 @@ Request Content: ``` ( - List[BlobIdentifier, MAX_REQUEST_BLOBS_SIDECARS * MAX_BLOBS_PER_BLOCK] + List[BlobIdentifier, MAX_REQUEST_BLOB_SIDECARS * MAX_BLOBS_PER_BLOCK] ) ``` @@ -191,7 +191,7 @@ Response Content: ``` ( - List[BlobSidecar, MAX_REQUEST_BLOBS_SIDECARS * MAX_BLOBS_PER_BLOCK] + List[BlobSidecar, MAX_REQUEST_BLOB_SIDECARS * MAX_BLOBS_PER_BLOCK] ) ``` @@ -202,7 +202,7 @@ It may be less in the case that the responding peer is missing blocks or sidecar The response is unsigned, i.e. `BlobSidecar`, as the signature of the beacon block proposer may not be available beyond the initial distribution via gossip. -No more than `MAX_REQUEST_BLOBS_SIDECARS * MAX_BLOBS_PER_BLOCK` may be requested at a time. +No more than `MAX_REQUEST_BLOB_SIDECARS * MAX_BLOBS_PER_BLOCK` may be requested at a time. `BlobSidecarsByRoot` is primarily used to recover recent blobs (e.g. when receiving a block with a transaction whose corresponding blob is missing). From 837233a1be3350032a058df6730f0af910e05179 Mon Sep 17 00:00:00 2001 From: Henri DF Date: Wed, 22 Feb 2023 16:50:56 +0100 Subject: [PATCH 33/46] Fix reference to block->sidecar (This was probably a cut-n-paste from block validation) --- specs/deneb/p2p-interface.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/specs/deneb/p2p-interface.md b/specs/deneb/p2p-interface.md index ea29eb7f4b..840ea18630 100644 --- a/specs/deneb/p2p-interface.md +++ b/specs/deneb/p2p-interface.md @@ -108,9 +108,9 @@ This topic is used to propagate signed blob sidecars, one for each sidecar index The following validations MUST pass before forwarding the `sidecar` on the network, assuming the alias `sidecar = signed_blob_sidecar.message`: - _[REJECT]_ The sidecar is for the correct topic -- i.e. `sidecar.index` matches the topic `{index}`. -- _[IGNORE]_ The sidecar is not from a future slot (with a `MAXIMUM_GOSSIP_CLOCK_DISPARITY` allowance) -- i.e. validate that `sidecar.slot <= current_slot` (a client MAY queue future blocks for processing at the appropriate slot). +- _[IGNORE]_ The sidecar is not from a future slot (with a `MAXIMUM_GOSSIP_CLOCK_DISPARITY` allowance) -- i.e. validate that `sidecar.slot <= current_slot` (a client MAY queue future sidecars for processing at the appropriate slot). - _[IGNORE]_ The sidecar is from a slot greater than the latest finalized slot -- i.e. validate that `sidecar.slot > compute_start_slot_at_epoch(state.finalized_checkpoint.epoch)` -- _[IGNORE]_ The blob's block's parent (defined by `sidecar.block_parent_root`) has been seen (via both gossip and non-gossip sources) (a client MAY queue blocks for processing once the parent block is retrieved). +- _[IGNORE]_ The blob's block's parent (defined by `sidecar.block_parent_root`) has been seen (via both gossip and non-gossip sources) (a client MAY queue sidecars for processing once the parent block is retrieved). - _[REJECT]_ The blob's block's parent (defined by `sidecar.block_parent_root`) passes validation. - _[REJECT]_ The proposer signature, `signed_blob_sidecar.signature`, is valid with respect to the `sidecar.proposer_index` pubkey. - _[IGNORE]_ The sidecar is the only sidecar with valid signature received for the tuple `(sidecar.block_root, sidecar.index)`. From d8111d7d3b9a021d3f4c6ea85a81c467669b55f2 Mon Sep 17 00:00:00 2001 From: Henri DF Date: Wed, 22 Feb 2023 16:51:56 +0100 Subject: [PATCH 34/46] Refer to "sidecar" consistently --- specs/deneb/p2p-interface.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/specs/deneb/p2p-interface.md b/specs/deneb/p2p-interface.md index 840ea18630..52ad411f89 100644 --- a/specs/deneb/p2p-interface.md +++ b/specs/deneb/p2p-interface.md @@ -110,8 +110,8 @@ The following validations MUST pass before forwarding the `sidecar` on the netwo - _[REJECT]_ The sidecar is for the correct topic -- i.e. `sidecar.index` matches the topic `{index}`. - _[IGNORE]_ The sidecar is not from a future slot (with a `MAXIMUM_GOSSIP_CLOCK_DISPARITY` allowance) -- i.e. validate that `sidecar.slot <= current_slot` (a client MAY queue future sidecars for processing at the appropriate slot). - _[IGNORE]_ The sidecar is from a slot greater than the latest finalized slot -- i.e. validate that `sidecar.slot > compute_start_slot_at_epoch(state.finalized_checkpoint.epoch)` -- _[IGNORE]_ The blob's block's parent (defined by `sidecar.block_parent_root`) has been seen (via both gossip and non-gossip sources) (a client MAY queue sidecars for processing once the parent block is retrieved). -- _[REJECT]_ The blob's block's parent (defined by `sidecar.block_parent_root`) passes validation. +- _[IGNORE]_ The sidecar's block's parent (defined by `sidecar.block_parent_root`) has been seen (via both gossip and non-gossip sources) (a client MAY queue sidecars for processing once the parent block is retrieved). +- _[REJECT]_ The sidecar's block's parent (defined by `sidecar.block_parent_root`) passes validation. - _[REJECT]_ The proposer signature, `signed_blob_sidecar.signature`, is valid with respect to the `sidecar.proposer_index` pubkey. - _[IGNORE]_ The sidecar is the only sidecar with valid signature received for the tuple `(sidecar.block_root, sidecar.index)`. - _[REJECT]_ The sidecar is proposed by the expected `proposer_index` for the block's slot in the context of the current shuffling (defined by `block_parent_root`/`slot`). From 970da9efd2b5b1bdd46dda6b7f676e7d8cffdc90 Mon Sep 17 00:00:00 2001 From: Henri DF Date: Wed, 22 Feb 2023 17:15:39 +0100 Subject: [PATCH 35/46] Clean up max request blobs constants The spec currently defines `MAX_REQUEST_BLOB_SIDECARS` as the "maximum number of blob sidecars in a single request", but then later in the RPC description defines the max is `MAX_REQUEST_BLOB_SIDECARS * MAX_BLOBS_PER_BLOCK`. Clean this up by defining `MAX_REQUEST_BLOB_SIDECARS` to be the actual max. --- specs/deneb/p2p-interface.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/specs/deneb/p2p-interface.md b/specs/deneb/p2p-interface.md index ea29eb7f4b..22d8cf94c4 100644 --- a/specs/deneb/p2p-interface.md +++ b/specs/deneb/p2p-interface.md @@ -38,7 +38,7 @@ The specification of these changes continues in the same format as the network s | Name | Value | Description | |------------------------------------------|-----------------------------------|---------------------------------------------------------------------| | `MAX_REQUEST_BLOCKS_DENEB` | `2**7` (= 128) | Maximum number of blocks in a single request | -| `MAX_REQUEST_BLOB_SIDECARS` | `2**7` (= 128) | Maximum number of blob sidecars in a single request | +| `MAX_REQUEST_BLOB_SIDECARS` | `MAX_REQUEST_BLOCKS_DENEB * MAX_BLOBS_PER_BLOCK` | Maximum number of blob sidecars in a single request | | `MIN_EPOCHS_FOR_BLOB_SIDECARS_REQUESTS` | `2**12` (= 4096 epochs, ~18 days) | The minimum epoch range over which a node must serve blob sidecars | ## Containers @@ -183,7 +183,7 @@ Request Content: ``` ( - List[BlobIdentifier, MAX_REQUEST_BLOBS_SIDECARS * MAX_BLOBS_PER_BLOCK] + List[BlobIdentifier, MAX_REQUEST_BLOBS_SIDECARS] ) ``` @@ -191,7 +191,7 @@ Response Content: ``` ( - List[BlobSidecar, MAX_REQUEST_BLOBS_SIDECARS * MAX_BLOBS_PER_BLOCK] + List[BlobSidecar, MAX_REQUEST_BLOBS_SIDECARS] ) ``` @@ -202,7 +202,7 @@ It may be less in the case that the responding peer is missing blocks or sidecar The response is unsigned, i.e. `BlobSidecar`, as the signature of the beacon block proposer may not be available beyond the initial distribution via gossip. -No more than `MAX_REQUEST_BLOBS_SIDECARS * MAX_BLOBS_PER_BLOCK` may be requested at a time. +No more than `MAX_REQUEST_BLOBS_SIDECARS` may be requested at a time. `BlobSidecarsByRoot` is primarily used to recover recent blobs (e.g. when receiving a block with a transaction whose corresponding blob is missing). @@ -239,7 +239,7 @@ Request Content: Response Content: ``` ( - List[BlobSidecar, MAX_REQUEST_BLOB_SIDECARS * MAX_BLOBS_PER_BLOCK] + List[BlobSidecar, MAX_REQUEST_BLOB_SIDECARS] ) ``` @@ -274,7 +274,7 @@ to be fully compliant with `BlobSidecarsByRange` requests. participating in the networking immediately, other peers MAY disconnect and/or temporarily ban such an un-synced or semi-synced client. -Clients MUST respond with at least the blob sidecars of the first blob-carrying block that exists in the range, if they have it, and no more than `MAX_REQUEST_BLOB_SIDECARS * MAX_BLOBS_PER_BLOCK` sidecars. +Clients MUST respond with at least the blob sidecars of the first blob-carrying block that exists in the range, if they have it, and no more than `MAX_REQUEST_BLOB_SIDECARS` sidecars. Clients MUST include all blob sidecars of each block from which they include blob sidecars. From e7035dacf5f1f20fddfd0a2b45ae97e0bcf7e449 Mon Sep 17 00:00:00 2001 From: Hsiao-Wei Wang Date: Thu, 23 Feb 2023 22:46:55 +0800 Subject: [PATCH 36/46] Remove the outdated statement --- specs/deneb/fork.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/specs/deneb/fork.md b/specs/deneb/fork.md index 1ace26c7f5..23b3f23c7b 100644 --- a/specs/deneb/fork.md +++ b/specs/deneb/fork.md @@ -64,8 +64,6 @@ Note that for the pure Deneb networks, we don't apply `upgrade_to_deneb` since i ### Upgrading the state -Since the `deneb.BeaconState` format is equal to the `capella.BeaconState` format, we only have to update `BeaconState.fork`. - ```python def upgrade_to_deneb(pre: capella.BeaconState) -> BeaconState: epoch = capella.get_current_epoch(pre) @@ -82,10 +80,10 @@ def upgrade_to_deneb(pre: capella.BeaconState) -> BeaconState: timestamp=pre.latest_execution_payload_header.timestamp, extra_data=pre.latest_execution_payload_header.extra_data, base_fee_per_gas=pre.latest_execution_payload_header.base_fee_per_gas, - excess_data_gas=uint256(0), # [New in Deneb] block_hash=pre.latest_execution_payload_header.block_hash, transactions_root=pre.latest_execution_payload_header.transactions_root, withdrawals_root=pre.latest_execution_payload_header.withdrawals_root, + excess_data_gas=uint256(0), # [New in Deneb] ) post = BeaconState( # Versioning From 136c78ddc77416ae55ed89f231dbfb4ad58b58d1 Mon Sep 17 00:00:00 2001 From: henridf Date: Fri, 24 Feb 2023 14:07:16 +0100 Subject: [PATCH 37/46] Update fork-choice.md Fix outdated (likely a Bellatrix cut-paste) description of change. --- specs/deneb/fork-choice.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/specs/deneb/fork-choice.md b/specs/deneb/fork-choice.md index e93eb54faf..91ff3c4b1a 100644 --- a/specs/deneb/fork-choice.md +++ b/specs/deneb/fork-choice.md @@ -63,7 +63,7 @@ def is_data_available(beacon_block_root: Root, blob_kzg_commitments: Sequence[KZ ### `on_block` -*Note*: The only modification is the addition of the verification of transition block conditions. +*Note*: The only modification is the addition of the blob data availability check. ```python def on_block(store: Store, signed_block: SignedBeaconBlock) -> None: From 195babdf3d55c6661dad4ce658b4679063cb33e7 Mon Sep 17 00:00:00 2001 From: Hsiao-Wei Wang Date: Fri, 24 Feb 2023 17:56:38 +0800 Subject: [PATCH 38/46] Refactoring the specs list. Avoid listing specs again and again. --- Makefile | 29 ++++++++++++++++------------- 1 file changed, 16 insertions(+), 13 deletions(-) diff --git a/Makefile b/Makefile index d4259b2fe9..1bb78cb0c7 100644 --- a/Makefile +++ b/Makefile @@ -33,6 +33,12 @@ MARKDOWN_FILES = $(wildcard $(SPEC_DIR)/phase0/*.md) \ $(wildcard $(SPEC_DIR)/_features/sharding/*.md) \ $(wildcard $(SSZ_DIR)/*.md) +ALL_EXECUTABLE_SPECS = phase0 altair bellatrix capella deneb +# The parameters for commands. Use `foreach` to avoid listing specs again. +COVERAGE_SCOPE := $(foreach S,$(ALL_EXECUTABLE_SPECS), --cov=eth2spec.$S.$(TEST_PRESET_TYPE)) +PYLINT_SCOPE := $(foreach S,$(ALL_EXECUTABLE_SPECS), ./eth2spec/$S) +MYPY_SCOPE := $(foreach S,$(ALL_EXECUTABLE_SPECS), -p eth2spec.$S) + COV_HTML_OUT=.htmlcov COV_HTML_OUT_DIR=$(PY_SPEC_DIR)/$(COV_HTML_OUT) COV_INDEX_FILE=$(COV_HTML_OUT_DIR)/index.html @@ -63,15 +69,14 @@ partial_clean: rm -f .coverage rm -rf $(PY_SPEC_DIR)/.pytest_cache rm -rf $(DEPOSIT_CONTRACT_TESTER_DIR)/.pytest_cache - rm -rf $(ETH2SPEC_MODULE_DIR)/phase0 - rm -rf $(ETH2SPEC_MODULE_DIR)/altair - rm -rf $(ETH2SPEC_MODULE_DIR)/bellatrix - rm -rf $(ETH2SPEC_MODULE_DIR)/capella - rm -rf $(ETH2SPEC_MODULE_DIR)/deneb rm -rf $(COV_HTML_OUT_DIR) rm -rf $(TEST_REPORT_DIR) rm -rf eth2spec.egg-info dist build - rm -rf build + rm -rf build; + @for spec_name in $(ALL_EXECUTABLE_SPECS) ; do \ + echo $$spec_name; \ + rm -rf $(ETH2SPEC_MODULE_DIR)/$$spec_name; \ + done clean: partial_clean rm -rf venv @@ -105,12 +110,12 @@ install_test: # Testing against `minimal` or `mainnet` config by default test: pyspec . venv/bin/activate; cd $(PY_SPEC_DIR); \ - python3 -m pytest -n 4 --disable-bls --cov=eth2spec.phase0.$(TEST_PRESET_TYPE) --cov=eth2spec.altair.$(TEST_PRESET_TYPE) --cov=eth2spec.bellatrix.$(TEST_PRESET_TYPE) --cov=eth2spec.capella.$(TEST_PRESET_TYPE) --cov=eth2spec.deneb.$(TEST_PRESET_TYPE) --cov-report="html:$(COV_HTML_OUT)" --cov-branch eth2spec + python3 -m pytest -n 4 --disable-bls $(COVERAGE_SCOPE) --cov-report="html:$(COV_HTML_OUT)" --cov-branch eth2spec # Testing against `minimal` or `mainnet` config by default find_test: pyspec . venv/bin/activate; cd $(PY_SPEC_DIR); \ - python3 -m pytest -k=$(K) --disable-bls --cov=eth2spec.phase0.$(TEST_PRESET_TYPE) --cov=eth2spec.altair.$(TEST_PRESET_TYPE) --cov=eth2spec.bellatrix.$(TEST_PRESET_TYPE) --cov=eth2spec.capella.$(TEST_PRESET_TYPE) --cov=eth2spec.deneb.$(TEST_PRESET_TYPE) --cov-report="html:$(COV_HTML_OUT)" --cov-branch eth2spec + python3 -m pytest -k=$(K) --disable-bls $(COVERAGE_SCOPE) --cov-report="html:$(COV_HTML_OUT)" --cov-branch eth2spec citest: pyspec mkdir -p $(TEST_REPORT_DIR); @@ -119,7 +124,7 @@ ifdef fork python3 -m pytest -n 16 --bls-type=milagro --preset=$(TEST_PRESET_TYPE) --fork=$(fork) --junitxml=test-reports/test_results.xml eth2spec else . venv/bin/activate; cd $(PY_SPEC_DIR); \ - python3 -m pytest -n 16 --bls-type=milagro --preset=$(TEST_PRESET_TYPE) --junitxml=test-reports/test_results.xml eth2spec + python3 -m pytest -n 16 --bls-type=milagro --preset=$(TEST_PRESET_TYPE) --junitxml=test-reports/test_results.xml eth2spec endif @@ -137,13 +142,11 @@ check_toc: $(MARKDOWN_FILES:=.toc) codespell: codespell . --skip "./.git,./venv,$(PY_SPEC_DIR)/.mypy_cache" -I .codespell-whitelist -# TODO: add future protocol upgrade patch packages to linting. -# NOTE: we use `pylint` just for catching unused arguments in spec code lint: pyspec . venv/bin/activate; cd $(PY_SPEC_DIR); \ flake8 --config $(LINTER_CONFIG_FILE) ./eth2spec \ - && pylint --rcfile $(LINTER_CONFIG_FILE) ./eth2spec/phase0 ./eth2spec/altair ./eth2spec/bellatrix ./eth2spec/capella ./eth2spec/deneb \ - && mypy --config-file $(LINTER_CONFIG_FILE) -p eth2spec.phase0 -p eth2spec.altair -p eth2spec.bellatrix -p eth2spec.capella -p eth2spec.deneb + && pylint --rcfile $(LINTER_CONFIG_FILE) $(PYLINT_SCOPE) \ + && mypy --config-file $(LINTER_CONFIG_FILE) $(MYPY_SCOPE) lint_generators: pyspec . venv/bin/activate; cd $(TEST_GENERATORS_DIR); \ From 1f3249407a9521827c24455d8a010b2c27c3aed6 Mon Sep 17 00:00:00 2001 From: Hsiao-Wei Wang Date: Tue, 28 Feb 2023 23:37:12 +0800 Subject: [PATCH 39/46] Full wildcard search `MARKDOWN_FILES` --- Makefile | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/Makefile b/Makefile index 1bb78cb0c7..371a3ecf8a 100644 --- a/Makefile +++ b/Makefile @@ -23,14 +23,10 @@ GENERATOR_VENVS = $(patsubst $(GENERATOR_DIR)/%, $(GENERATOR_DIR)/%venv, $(GENER # To check generator matching: #$(info $$GENERATOR_TARGETS is [${GENERATOR_TARGETS}]) -MARKDOWN_FILES = $(wildcard $(SPEC_DIR)/phase0/*.md) \ - $(wildcard $(SPEC_DIR)/altair/*.md) $(wildcard $(SPEC_DIR)/altair/**/*.md) \ - $(wildcard $(SPEC_DIR)/bellatrix/*.md) \ - $(wildcard $(SPEC_DIR)/capella/*.md) $(wildcard $(SPEC_DIR)/capella/**/*.md) \ - $(wildcard $(SPEC_DIR)/deneb/*.md) $(wildcard $(SPEC_DIR)/deneb/**/*.md) \ - $(wildcard $(SPEC_DIR)/_features/custody/*.md) \ - $(wildcard $(SPEC_DIR)/_features/das/*.md) \ - $(wildcard $(SPEC_DIR)/_features/sharding/*.md) \ +MARKDOWN_FILES = $(wildcard $(SPEC_DIR)/*/*.md) \ + $(wildcard $(SPEC_DIR)/*/*/*.md) \ + $(wildcard $(SPEC_DIR)/_features/*/*.md) \ + $(wildcard $(SPEC_DIR)/_features/*/*/*.md) \ $(wildcard $(SSZ_DIR)/*.md) ALL_EXECUTABLE_SPECS = phase0 altair bellatrix capella deneb From a236770b077af8107b0afd4054781f6e1856e31f Mon Sep 17 00:00:00 2001 From: terencechain Date: Tue, 28 Feb 2023 15:17:40 -0800 Subject: [PATCH 40/46] EIP4844: Use `MAX_REQUEST_BLOB_SIDECARS` --- specs/deneb/p2p-interface.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/specs/deneb/p2p-interface.md b/specs/deneb/p2p-interface.md index 2e77fa98fa..660448b525 100644 --- a/specs/deneb/p2p-interface.md +++ b/specs/deneb/p2p-interface.md @@ -183,7 +183,7 @@ Request Content: ``` ( - List[BlobIdentifier, MAX_REQUEST_BLOBS_SIDECARS] + List[BlobIdentifier, MAX_REQUEST_BLOB_SIDECARS] ) ``` @@ -191,7 +191,7 @@ Response Content: ``` ( - List[BlobSidecar, MAX_REQUEST_BLOBS_SIDECARS] + List[BlobSidecar, MAX_REQUEST_BLOB_SIDECARS] ) ``` @@ -202,7 +202,7 @@ It may be less in the case that the responding peer is missing blocks or sidecar The response is unsigned, i.e. `BlobSidecar`, as the signature of the beacon block proposer may not be available beyond the initial distribution via gossip. -No more than `MAX_REQUEST_BLOBS_SIDECARS` may be requested at a time. +No more than `MAX_REQUEST_BLOB_SIDECARS` may be requested at a time. `BlobSidecarsByRoot` is primarily used to recover recent blobs (e.g. when receiving a block with a transaction whose corresponding blob is missing). From 3259922a9eb59c30c826e0986afbc07bfc296b2c Mon Sep 17 00:00:00 2001 From: Stefan Bratanov Date: Wed, 1 Mar 2023 17:10:58 +0000 Subject: [PATCH 41/46] change usage of MIN_EPOCHS_FOR_BLOBS_SIDECARS_REQUESTS --- specs/deneb/fork-choice.md | 2 +- specs/deneb/validator.md | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/specs/deneb/fork-choice.md b/specs/deneb/fork-choice.md index 91ff3c4b1a..830c487645 100644 --- a/specs/deneb/fork-choice.md +++ b/specs/deneb/fork-choice.md @@ -47,7 +47,7 @@ The block MUST NOT be considered valid until all valid `Blob`s have been downloa def is_data_available(beacon_block_root: Root, blob_kzg_commitments: Sequence[KZGCommitment]) -> bool: # `retrieve_blobs_and_proofs` is implementation and context dependent # It returns all the blobs for the given block root, and raises an exception if not available - # Note: the p2p network does not guarantee sidecar retrieval outside of `MIN_EPOCHS_FOR_BLOBS_SIDECARS_REQUESTS` + # Note: the p2p network does not guarantee sidecar retrieval outside of `MIN_EPOCHS_FOR_BLOB_SIDECARS_REQUESTS` blobs, proofs = retrieve_blobs_and_proofs(beacon_block_root) # For testing, `retrieve_blobs_and_proofs` returns ("TEST", "TEST"). diff --git a/specs/deneb/validator.md b/specs/deneb/validator.md index b29330ce57..77edb957f8 100644 --- a/specs/deneb/validator.md +++ b/specs/deneb/validator.md @@ -118,7 +118,7 @@ def get_blob_sidecar_signature(state: BeaconState, After publishing the peers on the network may request the sidecar through sync-requests, or a local user may be interested. -The validator MUST hold on to sidecars for `MIN_EPOCHS_FOR_BLOBS_SIDECARS_REQUESTS` epochs and serve when capable, +The validator MUST hold on to sidecars for `MIN_EPOCHS_FOR_BLOB_SIDECARS_REQUESTS` epochs and serve when capable, to ensure the data-availability of these blobs throughout the network. -After `MIN_EPOCHS_FOR_BLOBS_SIDECARS_REQUESTS` nodes MAY prune the sidecars and/or stop serving them. +After `MIN_EPOCHS_FOR_BLOB_SIDECARS_REQUESTS` nodes MAY prune the sidecars and/or stop serving them. From 86fb82b221474cc89387fa6436806507b3849d88 Mon Sep 17 00:00:00 2001 From: dankrad Date: Thu, 2 Mar 2023 20:49:10 +0000 Subject: [PATCH 42/46] Test generators for kzg-4844 libraries (#3274) Arkworks integration and test generators for kzg-4844 libraries --- Makefile | 4 +- setup.py | 1 + specs/deneb/polynomial-commitments.md | 15 +- tests/core/pyspec/eth2spec/test/conftest.py | 11 +- tests/core/pyspec/eth2spec/utils/bls.py | 223 ++++++- tests/formats/kzg/README.md | 15 + tests/formats/kzg/blob_to_kzg_commitment.md | 21 + tests/formats/kzg/compute_blob_kzg_proof.md | 21 + tests/formats/kzg/compute_kzg_proof.md | 23 + tests/formats/kzg/verify_blob_kzg_proof.md | 23 + .../kzg/verify_blob_kzg_proof_batch.md | 23 + tests/formats/kzg/verify_kzg_proof.md | 25 + tests/generators/kzg_4844/README.md | 3 + tests/generators/kzg_4844/main.py | 579 ++++++++++++++++++ tests/generators/kzg_4844/requirements.txt | 2 + 15 files changed, 951 insertions(+), 38 deletions(-) create mode 100644 tests/formats/kzg/README.md create mode 100644 tests/formats/kzg/blob_to_kzg_commitment.md create mode 100644 tests/formats/kzg/compute_blob_kzg_proof.md create mode 100644 tests/formats/kzg/compute_kzg_proof.md create mode 100644 tests/formats/kzg/verify_blob_kzg_proof.md create mode 100644 tests/formats/kzg/verify_blob_kzg_proof_batch.md create mode 100644 tests/formats/kzg/verify_kzg_proof.md create mode 100644 tests/generators/kzg_4844/README.md create mode 100644 tests/generators/kzg_4844/main.py create mode 100644 tests/generators/kzg_4844/requirements.txt diff --git a/Makefile b/Makefile index 371a3ecf8a..cd18256e9d 100644 --- a/Makefile +++ b/Makefile @@ -117,10 +117,10 @@ citest: pyspec mkdir -p $(TEST_REPORT_DIR); ifdef fork . venv/bin/activate; cd $(PY_SPEC_DIR); \ - python3 -m pytest -n 16 --bls-type=milagro --preset=$(TEST_PRESET_TYPE) --fork=$(fork) --junitxml=test-reports/test_results.xml eth2spec + python3 -m pytest -n 16 --bls-type=fastest --preset=$(TEST_PRESET_TYPE) --fork=$(fork) --junitxml=test-reports/test_results.xml eth2spec else . venv/bin/activate; cd $(PY_SPEC_DIR); \ - python3 -m pytest -n 16 --bls-type=milagro --preset=$(TEST_PRESET_TYPE) --junitxml=test-reports/test_results.xml eth2spec + python3 -m pytest -n 16 --bls-type=fastest --preset=$(TEST_PRESET_TYPE) --junitxml=test-reports/test_results.xml eth2spec endif diff --git a/setup.py b/setup.py index 9c5488f126..cf030c5492 100644 --- a/setup.py +++ b/setup.py @@ -1174,5 +1174,6 @@ def run(self): RUAMEL_YAML_VERSION, "lru-dict==1.1.8", MARKO_VERSION, + "py_arkworks_bls12381==0.3.4", ] ) diff --git a/specs/deneb/polynomial-commitments.md b/specs/deneb/polynomial-commitments.md index 61e22e1820..7b65b44b62 100644 --- a/specs/deneb/polynomial-commitments.md +++ b/specs/deneb/polynomial-commitments.md @@ -273,7 +273,7 @@ def g1_lincomb(points: Sequence[KZGCommitment], scalars: Sequence[BLSFieldElemen BLS multiscalar multiplication. This function can be optimized using Pippenger's algorithm and variants. """ assert len(points) == len(scalars) - result = bls.Z1 + result = bls.Z1() for x, a in zip(points, scalars): result = bls.add(result, bls.multiply(bls.bytes48_to_G1(x), a)) return KZGCommitment(bls.G1_to_bytes48(result)) @@ -323,7 +323,7 @@ def evaluate_polynomial_in_evaluation_form(polynomial: Polynomial, a = BLSFieldElement(int(polynomial[i]) * int(roots_of_unity_brp[i]) % BLS_MODULUS) b = BLSFieldElement((int(BLS_MODULUS) + int(z) - int(roots_of_unity_brp[i])) % BLS_MODULUS) result += int(div(a, b) % BLS_MODULUS) - result = result * int(pow(z, width, BLS_MODULUS) - 1) * int(inverse_width) + result = result * int(BLS_MODULUS + pow(z, width, BLS_MODULUS) - 1) * int(inverse_width) return BLSFieldElement(result % BLS_MODULUS) ``` @@ -371,10 +371,10 @@ def verify_kzg_proof_impl(commitment: KZGCommitment, Verify KZG proof that ``p(z) == y`` where ``p(z)`` is the polynomial represented by ``polynomial_kzg``. """ # Verify: P - y = Q * (X - z) - X_minus_z = bls.add(bls.bytes96_to_G2(KZG_SETUP_G2[1]), bls.multiply(bls.G2, BLS_MODULUS - z)) - P_minus_y = bls.add(bls.bytes48_to_G1(commitment), bls.multiply(bls.G1, BLS_MODULUS - y)) + X_minus_z = bls.add(bls.bytes96_to_G2(KZG_SETUP_G2[1]), bls.multiply(bls.G2(), (BLS_MODULUS - z) % BLS_MODULUS)) + P_minus_y = bls.add(bls.bytes48_to_G1(commitment), bls.multiply(bls.G1(), (BLS_MODULUS - y) % BLS_MODULUS)) return bls.pairing_check([ - [P_minus_y, bls.neg(bls.G2)], + [P_minus_y, bls.neg(bls.G2())], [bls.bytes48_to_G1(proof), X_minus_z] ]) ``` @@ -415,14 +415,14 @@ def verify_kzg_proof_batch(commitments: Sequence[KZGCommitment], proofs, [BLSFieldElement((int(z) * int(r_power)) % BLS_MODULUS) for z, r_power in zip(zs, r_powers)], ) - C_minus_ys = [bls.add(bls.bytes48_to_G1(commitment), bls.multiply(bls.G1, BLS_MODULUS - y)) + C_minus_ys = [bls.add(bls.bytes48_to_G1(commitment), bls.multiply(bls.G1(), (BLS_MODULUS - y) % BLS_MODULUS)) for commitment, y in zip(commitments, ys)] C_minus_y_as_KZGCommitments = [KZGCommitment(bls.G1_to_bytes48(x)) for x in C_minus_ys] C_minus_y_lincomb = g1_lincomb(C_minus_y_as_KZGCommitments, r_powers) return bls.pairing_check([ [bls.bytes48_to_G1(proof_lincomb), bls.neg(bls.bytes96_to_G2(KZG_SETUP_G2[1]))], - [bls.add(bls.bytes48_to_G1(C_minus_y_lincomb), bls.bytes48_to_G1(proof_z_lincomb)), bls.G2] + [bls.add(bls.bytes48_to_G1(C_minus_y_lincomb), bls.bytes48_to_G1(proof_z_lincomb)), bls.G2()] ]) ``` @@ -561,3 +561,4 @@ def verify_blob_kzg_proof_batch(blobs: Sequence[Blob], return verify_kzg_proof_batch(commitments, evaluation_challenges, ys, proofs) ``` + diff --git a/tests/core/pyspec/eth2spec/test/conftest.py b/tests/core/pyspec/eth2spec/test/conftest.py index a5f19e20cb..3026b48eb7 100644 --- a/tests/core/pyspec/eth2spec/test/conftest.py +++ b/tests/core/pyspec/eth2spec/test/conftest.py @@ -44,8 +44,11 @@ def pytest_addoption(parser): help="bls-default: make tests that are not dependent on BLS run without BLS" ) parser.addoption( - "--bls-type", action="store", type=str, default="py_ecc", choices=["py_ecc", "milagro"], - help="bls-type: use 'pyecc' or 'milagro' implementation for BLS" + "--bls-type", action="store", type=str, default="py_ecc", choices=["py_ecc", "milagro", "arkworks", "fastest"], + help=( + "bls-type: use specified BLS implementation;" + "fastest: use milagro for signatures and arkworks for everything else (e.g. KZG)" + ) ) @@ -88,5 +91,9 @@ def bls_type(request): bls_utils.use_py_ecc() elif bls_type == "milagro": bls_utils.use_milagro() + elif bls_type == "arkworks": + bls_utils.use_arkworks() + elif bls_type == "fastest": + bls_utils.use_fastest() else: raise Exception(f"unrecognized bls type: {bls_type}") diff --git a/tests/core/pyspec/eth2spec/utils/bls.py b/tests/core/pyspec/eth2spec/utils/bls.py index aa060f4f9a..7ea22be46d 100644 --- a/tests/core/pyspec/eth2spec/utils/bls.py +++ b/tests/core/pyspec/eth2spec/utils/bls.py @@ -1,28 +1,49 @@ from py_ecc.bls import G2ProofOfPossession as py_ecc_bls from py_ecc.bls.g2_primatives import signature_to_G2 as _signature_to_G2 from py_ecc.optimized_bls12_381 import ( # noqa: F401 - G1, - G2, - Z1, - Z2, - FQ, - add, - multiply, - neg, - pairing, - final_exponentiate, - FQ12 + G1 as py_ecc_G1, + G2 as py_ecc_G2, + Z1 as py_ecc_Z1, + add as py_ecc_add, + multiply as py_ecc_mul, + neg as py_ecc_neg, + pairing as py_ecc_pairing, + final_exponentiate as py_ecc_final_exponentiate, + FQ12 as py_ecc_GT, ) from py_ecc.bls.g2_primitives import ( # noqa: F401 - G1_to_pubkey as G1_to_bytes48, - pubkey_to_G1 as bytes48_to_G1, - G2_to_signature as G2_to_bytes96, - signature_to_G2 as bytes96_to_G2, + G1_to_pubkey as py_ecc_G1_to_bytes48, + pubkey_to_G1 as py_ecc_bytes48_to_G1, + G2_to_signature as py_ecc_G2_to_bytes96, + signature_to_G2 as py_ecc_bytes96_to_G2, +) +from py_arkworks_bls12381 import ( + G1Point as arkworks_G1, + G2Point as arkworks_G2, + Scalar as arkworks_Scalar, + GT as arkworks_GT, ) import milagro_bls_binding as milagro_bls # noqa: F401 for BLS switching option +import py_arkworks_bls12381 as arkworks_bls # noqa: F401 for BLS switching option + + +class fastest_bls: + G1 = arkworks_G1 + G2 = arkworks_G2 + Scalar = arkworks_Scalar + GT = arkworks_GT + _AggregatePKs = milagro_bls._AggregatePKs + Sign = milagro_bls.Sign + Verify = milagro_bls.Verify + Aggregate = milagro_bls.Aggregate + AggregateVerify = milagro_bls.AggregateVerify + FastAggregateVerify = milagro_bls.FastAggregateVerify + SkToPk = milagro_bls.SkToPk + + # Flag to make BLS active or not. Used for testing, do not ignore BLS in production unless you know what you are doing. bls_active = True @@ -43,6 +64,14 @@ def use_milagro(): bls = milagro_bls +def use_arkworks(): + """ + Shortcut to use Arkworks as BLS library + """ + global bls + bls = arkworks_bls + + def use_py_ecc(): """ Shortcut to use Py-ecc as BLS library @@ -51,6 +80,14 @@ def use_py_ecc(): bls = py_ecc_bls +def use_fastest(): + """ + Shortcut to use Milagro for signatures and Arkworks for other BLS operations + """ + global bls + bls = fastest_bls + + def only_with_bls(alt_return=None): """ Decorator factory to make a function only run when BLS is active. Otherwise return the default. @@ -68,7 +105,10 @@ def entry(*args, **kw): @only_with_bls(alt_return=True) def Verify(PK, message, signature): try: - result = bls.Verify(PK, message, signature) + if bls == arkworks_bls: # no signature API in arkworks + result = py_ecc_bls.Verify(PK, message, signature) + else: + result = bls.Verify(PK, message, signature) except Exception: result = False finally: @@ -78,7 +118,10 @@ def Verify(PK, message, signature): @only_with_bls(alt_return=True) def AggregateVerify(pubkeys, messages, signature): try: - result = bls.AggregateVerify(list(pubkeys), list(messages), signature) + if bls == arkworks_bls: # no signature API in arkworks + result = py_ecc_bls.AggregateVerify(list(pubkeys), list(messages), signature) + else: + result = bls.AggregateVerify(list(pubkeys), list(messages), signature) except Exception: result = False finally: @@ -88,7 +131,10 @@ def AggregateVerify(pubkeys, messages, signature): @only_with_bls(alt_return=True) def FastAggregateVerify(pubkeys, message, signature): try: - result = bls.FastAggregateVerify(list(pubkeys), message, signature) + if bls == arkworks_bls: # no signature API in arkworks + result = py_ecc_bls.FastAggregateVerify(list(pubkeys), message, signature) + else: + result = bls.FastAggregateVerify(list(pubkeys), message, signature) except Exception: result = False finally: @@ -97,12 +143,16 @@ def FastAggregateVerify(pubkeys, message, signature): @only_with_bls(alt_return=STUB_SIGNATURE) def Aggregate(signatures): + if bls == arkworks_bls: # no signature API in arkworks + return py_ecc_bls.Aggregate(signatures) return bls.Aggregate(signatures) @only_with_bls(alt_return=STUB_SIGNATURE) def Sign(SK, message): - if bls == py_ecc_bls: + if bls == arkworks_bls: # no signature API in arkworks + return py_ecc_bls.Sign(SK, message) + elif bls == py_ecc_bls: return bls.Sign(SK, message) else: return bls.Sign(SK.to_bytes(32, 'big'), message) @@ -121,24 +171,143 @@ def AggregatePKs(pubkeys): # milagro_bls._AggregatePKs checks KeyValidate internally pass + if bls == arkworks_bls: # no signature API in arkworks + return py_ecc_bls._AggregatePKs(list(pubkeys)) + return bls._AggregatePKs(list(pubkeys)) @only_with_bls(alt_return=STUB_SIGNATURE) def SkToPk(SK): - if bls == py_ecc_bls: - return bls.SkToPk(SK) + if bls == py_ecc_bls or bls == arkworks_bls: # no signature API in arkworks + return py_ecc_bls.SkToPk(SK) else: return bls.SkToPk(SK.to_bytes(32, 'big')) def pairing_check(values): - p_q_1, p_q_2 = values - final_exponentiation = final_exponentiate( - pairing(p_q_1[1], p_q_1[0], final_exponentiate=False) - * pairing(p_q_2[1], p_q_2[0], final_exponentiate=False) - ) - return final_exponentiation == FQ12.one() + if bls == arkworks_bls or bls == fastest_bls: + p_q_1, p_q_2 = values + g1s = [p_q_1[0], p_q_2[0]] + g2s = [p_q_1[1], p_q_2[1]] + return arkworks_GT.multi_pairing(g1s, g2s) == arkworks_GT.one() + else: + p_q_1, p_q_2 = values + final_exponentiation = py_ecc_final_exponentiate( + py_ecc_pairing(p_q_1[1], p_q_1[0], final_exponentiate=False) + * py_ecc_pairing(p_q_2[1], p_q_2[0], final_exponentiate=False) + ) + return final_exponentiation == py_ecc_GT.one() + + +def add(lhs, rhs): + """ + Performs point addition of `lhs` and `rhs`. + The points can either be in G1 or G2. + """ + if bls == arkworks_bls or bls == fastest_bls: + return lhs + rhs + return py_ecc_add(lhs, rhs) + + +def multiply(point, scalar): + """ + Performs Scalar multiplication between + `point` and `scalar`. + `point` can either be in G1 or G2 + """ + if bls == arkworks_bls or bls == fastest_bls: + int_as_bytes = scalar.to_bytes(32, 'little') + scalar = arkworks_Scalar.from_le_bytes(int_as_bytes) + return point * scalar + return py_ecc_mul(point, scalar) + + +def neg(point): + """ + Returns the point negation of `point` + `point` can either be in G1 or G2 + """ + if bls == arkworks_bls or bls == fastest_bls: + return -point + return py_ecc_neg(point) + + +def Z1(): + """ + Returns the identity point in G1 + """ + if bls == arkworks_bls or bls == fastest_bls: + return arkworks_G1.identity() + return py_ecc_Z1 + + +def G1(): + """ + Returns the chosen generator point in G1 + """ + if bls == arkworks_bls or bls == fastest_bls: + return arkworks_G1() + return py_ecc_G1 + + +def G2(): + """ + Returns the chosen generator point in G2 + """ + if bls == arkworks_bls or bls == fastest_bls: + return arkworks_G2() + return py_ecc_G2 + + +def G1_to_bytes48(point): + """ + Serializes a point in G1. + Returns a bytearray of size 48 as + we use the compressed format + """ + if bls == arkworks_bls or bls == fastest_bls: + return bytes(point.to_compressed_bytes()) + return py_ecc_G1_to_bytes48(point) + + +def G2_to_bytes96(point): + """ + Serializes a point in G2. + Returns a bytearray of size 96 as + we use the compressed format + """ + if bls == arkworks_bls or bls == fastest_bls: + return bytes(point.to_compressed_bytes()) + return py_ecc_G2_to_bytes96(point) + + +def bytes48_to_G1(bytes48): + """ + Deserializes a purported compressed serialized + point in G1. + - No subgroup checks are performed + - If the bytearray is not a valid serialization + of a point in G1, then this method will raise + an exception + """ + if bls == arkworks_bls or bls == fastest_bls: + return arkworks_G1.from_compressed_bytes_unchecked(bytes48) + return py_ecc_bytes48_to_G1(bytes48) + + +def bytes96_to_G2(bytes96): + """ + Deserializes a purported compressed serialized + point in G2. + - No subgroup checks are performed + - If the bytearray is not a valid serialization + of a point in G2, then this method will raise + an exception + """ + if bls == arkworks_bls or bls == fastest_bls: + return arkworks_G2.from_compressed_bytes_unchecked(bytes96) + return py_ecc_bytes96_to_G2(bytes96) @only_with_bls(alt_return=True) diff --git a/tests/formats/kzg/README.md b/tests/formats/kzg/README.md new file mode 100644 index 0000000000..b5bd720393 --- /dev/null +++ b/tests/formats/kzg/README.md @@ -0,0 +1,15 @@ +# KZG tests + +A test type for KZG libraries. Tests all the public interfaces that a KZG library required to implement EIP-4844 needs to provide, as defined in `polynomial-commitments.md`. + +We do not recommend rolling your own crypto or using an untested KZG library. + +The KZG test suite runner has the following handlers: + +- [`blob_to_kzg_commitment`](./blob_to_kzg_commitment.md) +- [`compute_kzg_proof`](./compute_kzg_proof.md) +- [`verify_kzg_proof`](./verify_kzg_proof.md) +- [`compute_blob_kzg_proof`](./compute_blob_kzg_proof.md) +- [`verify_blob_kzg_proof`](./verify_blob_kzg_proof.md) +- [`verify_blob_kzg_proof_batch`](./verify_blob_kzg_proof_batch.md) + diff --git a/tests/formats/kzg/blob_to_kzg_commitment.md b/tests/formats/kzg/blob_to_kzg_commitment.md new file mode 100644 index 0000000000..dbb1556a1d --- /dev/null +++ b/tests/formats/kzg/blob_to_kzg_commitment.md @@ -0,0 +1,21 @@ +# Test format: Blob to KZG commitment + +Compute the KZG commitment for a given `blob`. + +## Test case format + +The test data is declared in a `data.yaml` file: + +```yaml +input: + blob: Blob -- the data blob +output: KZGCommitment -- The KZG commitment +``` + +- `blob` here is encoded as a string: hexadecimal encoding of `4096 * 32 = 131072` bytes, prefixed with `0x`. + +All byte(s) fields are encoded as strings, hexadecimal encoding, prefixed with `0x`. + +## Condition + +The `blob_to_kzg_commitment` handler should compute the KZG commitment for `blob`, and the result should match the expected `output`. If the blob is invalid (e.g. incorrect length or one of the 32-byte blocks does not represent a BLS field element) it should error, i.e. the output should be `null`. diff --git a/tests/formats/kzg/compute_blob_kzg_proof.md b/tests/formats/kzg/compute_blob_kzg_proof.md new file mode 100644 index 0000000000..512f60ecb3 --- /dev/null +++ b/tests/formats/kzg/compute_blob_kzg_proof.md @@ -0,0 +1,21 @@ +# Test format: Compute blob KZG proof + +Compute the blob KZG proof for a given `blob`, that helps with quickly verifying that the KZG commitment for the blob is correct. + +## Test case format + +The test data is declared in a `data.yaml` file: + +```yaml +input: + blob: Blob -- the data blob +output: KZGProof -- The blob KZG proof +``` + +- `blob` here is encoded as a string: hexadecimal encoding of `4096 * 32 = 131072` bytes, prefixed with `0x`. + +All byte(s) fields are encoded as strings, hexadecimal encoding, prefixed with `0x`. + +## Condition + +The `compute_blob_kzg_proof` handler should compute the blob KZG proof for `blob`, and the result should match the expected `output`. If the blob is invalid (e.g. incorrect length or one of the 32-byte blocks does not represent a BLS field element) it should error, i.e. the output should be `null`. diff --git a/tests/formats/kzg/compute_kzg_proof.md b/tests/formats/kzg/compute_kzg_proof.md new file mode 100644 index 0000000000..bba13638f8 --- /dev/null +++ b/tests/formats/kzg/compute_kzg_proof.md @@ -0,0 +1,23 @@ +# Test format: Compute KZG proof + +Compute the KZG proof for a given `blob` and an evaluation point `z`. + +## Test case format + +The test data is declared in a `data.yaml` file: + +```yaml +input: + blob: Blob -- the data blob representing a polynomial + z: Bytes32 -- bytes encoding the BLS field element at which the polynomial should be evaluated +output: KZGProof -- The KZG proof +``` + +- `blob` here is encoded as a string: hexadecimal encoding of `4096 * 32 = 131072` bytes, prefixed with `0x`. +- `z` here is encoded as a string: hexadecimal encoding of `32` bytes representing a little endian encoded field element, prefixed with `0x`. + +All byte(s) fields are encoded as strings, hexadecimal encoding, prefixed with `0x`. + +## Condition + +The `compute_kzg_proof` handler should compute the KZG proof for evaluating the polynomial represented by `blob` at `z`, and the result should match the expected `output`. If the blob is invalid (e.g. incorrect length or one of the 32-byte blocks does not represent a BLS field element) or `z` is not a valid BLS field element, it should error, i.e. the output should be `null`. diff --git a/tests/formats/kzg/verify_blob_kzg_proof.md b/tests/formats/kzg/verify_blob_kzg_proof.md new file mode 100644 index 0000000000..dd0bcda5a9 --- /dev/null +++ b/tests/formats/kzg/verify_blob_kzg_proof.md @@ -0,0 +1,23 @@ +# Test format: Verify blob KZG proof + +Use the blob KZG proof to verify that the KZG commitment for a given `blob` is correct + +## Test case format + +The test data is declared in a `data.yaml` file: + +```yaml +input: + blob: Blob -- the data blob + commitment: KZGCommitment -- the KZG commitment to the data blob + proof: KZGProof -- The KZG proof +output: bool -- true (valid proof) or false (incorrect proof) +``` + +- `blob` here is encoded as a string: hexadecimal encoding of `4096 * 32 = 131072` bytes, prefixed with `0x`. + +All byte(s) fields are encoded as strings, hexadecimal encoding, prefixed with `0x`. + +## Condition + +The `verify_blob_kzg_proof` handler should verify that `commitment` is a correct KZG commitment to `blob` by using the blob KZG proof `proof`, and the result should match the expected `output`. If the commitment or proof is invalid (e.g. not on the curve or not in the G1 subgroup of the BLS curve) or `blob` is invalid (e.g. incorrect length or one of the 32-byte blocks does not represent a BLS field element), it should error, i.e. the output should be `null`. diff --git a/tests/formats/kzg/verify_blob_kzg_proof_batch.md b/tests/formats/kzg/verify_blob_kzg_proof_batch.md new file mode 100644 index 0000000000..3bcc74d6bb --- /dev/null +++ b/tests/formats/kzg/verify_blob_kzg_proof_batch.md @@ -0,0 +1,23 @@ +# Test format: Verify blob KZG proof batch + +Use the blob KZG proofs to verify that the KZG commitments for given `blob`s are correct + +## Test case format + +The test data is declared in a `data.yaml` file: + +```yaml +input: + blob: List[Blob] -- the data blob + commitment: List[KZGCommitment] -- the KZG commitment to the data blob + proof: List[KZGProof] -- The KZG proof +output: bool -- true (all proofs are valid) or false (some proofs incorrect) +``` + +- `blob`s here are encoded as a string: hexadecimal encoding of `4096 * 32 = 131072` bytes, prefixed with `0x`. + +All byte(s) fields are encoded as strings, hexadecimal encoding, prefixed with `0x`. + +## Condition + +The `verify_blob_kzg_proof_batch` handler should verify that `commitments` are correct KZG commitments to `blobs` by using the blob KZG proofs `proofs`, and the result should match the expected `output`. If any of the commitments or proofs are invalid (e.g. not on the curve or not in the G1 subgroup of the BLS curve) or any blob is invalid (e.g. incorrect length or one of the 32-byte blocks does not represent a BLS field element), it should error, i.e. the output should be `null`. diff --git a/tests/formats/kzg/verify_kzg_proof.md b/tests/formats/kzg/verify_kzg_proof.md new file mode 100644 index 0000000000..143466b66f --- /dev/null +++ b/tests/formats/kzg/verify_kzg_proof.md @@ -0,0 +1,25 @@ +# Test format: Verify KZG proof + +Verify the KZG proof for a given `blob` and an evaluation point `z` that claims to result in a value of `y`. + +## Test case format + +The test data is declared in a `data.yaml` file: + +```yaml +input: + commitment: KZGCommitment -- the KZG commitment to the data blob + z: Bytes32 -- bytes encoding the BLS field element at which the polynomial should be evaluated + y: Bytes32 -- the claimed result of the evaluation + proof: KZGProof -- The KZG proof +output: bool -- true (valid proof) or false (incorrect proof) +``` + +- `z` here is encoded as a string: hexadecimal encoding of `32` bytes representing a little endian encoded field element, prefixed with `0x`. +- `y` here is encoded as a string: hexadecimal encoding of `32` bytes representing a little endian encoded field element, prefixed with `0x`. + +All byte(s) fields are encoded as strings, hexadecimal encoding, prefixed with `0x`. + +## Condition + +The `verify_kzg_proof` handler should verify the KZG proof for evaluating the polynomial represented by `blob` at `z` resulting in the value `y`, and the result should match the expected `output`. If the commitment or proof is invalid (e.g. not on the curve or not in the G1 subgroup of the BLS curve) or `z` or `y` are not a valid BLS field element, it should error, i.e. the output should be `null`. diff --git a/tests/generators/kzg_4844/README.md b/tests/generators/kzg_4844/README.md new file mode 100644 index 0000000000..ab81a85e86 --- /dev/null +++ b/tests/generators/kzg_4844/README.md @@ -0,0 +1,3 @@ +# KZG 4844 Test Generator + +These tests are specific to the KZG API required for implementing EIP-4844 \ No newline at end of file diff --git a/tests/generators/kzg_4844/main.py b/tests/generators/kzg_4844/main.py new file mode 100644 index 0000000000..616e2cc461 --- /dev/null +++ b/tests/generators/kzg_4844/main.py @@ -0,0 +1,579 @@ +""" +KZG 4844 test vectors generator +""" + +from hashlib import sha256 +from typing import Tuple, Iterable, Any, Callable, Dict + +from eth_utils import ( + encode_hex, + int_to_big_endian, +) + +from eth2spec.utils import bls +from eth2spec.test.helpers.constants import DENEB +from eth2spec.test.helpers.typing import SpecForkName +from eth2spec.gen_helpers.gen_base import gen_runner, gen_typing +from eth2spec.deneb import spec + + +def expect_exception(func, *args): + try: + func(*args) + except Exception: + pass + else: + raise Exception("should have raised exception") + + +def field_element_bytes(x): + return int.to_bytes(x % spec.BLS_MODULUS, 32, "little") + + +def encode_hex_list(a): + return [encode_hex(x) for x in a] + + +def bls_add_one(x): + """ + Adds "one" (actually bls.G1()) to a compressed group element. + Useful to compute definitely incorrect proofs. + """ + return bls.G1_to_bytes48( + bls.add(bls.bytes48_to_G1(x), bls.G1()) + ) + + +def evaluate_blob_at(blob, z): + return field_element_bytes( + spec.evaluate_polynomial_in_evaluation_form(spec.blob_to_polynomial(blob), spec.bytes_to_bls_field(z)) + ) + + +G1 = bls.G1_to_bytes48(bls.G1()) +P1_NOT_IN_G1 = bytes.fromhex("8123456789abcdef0123456789abcdef0123456789abcdef" + + "0123456789abcdef0123456789abcdef0123456789abcdef") +P1_NOT_ON_CURVE = bytes.fromhex("8123456789abcdef0123456789abcdef0123456789abcdef" + + "0123456789abcdef0123456789abcdef0123456789abcde0") +BLS_MODULUS_BYTES = spec.BLS_MODULUS.to_bytes(32, spec.ENDIANNESS) + +BLOB_ALL_ZEROS = spec.Blob() +BLOB_RANDOM_VALID1 = spec.Blob(b''.join([field_element_bytes(pow(2, n + 256, spec.BLS_MODULUS)) for n in range(4096)])) +BLOB_RANDOM_VALID2 = spec.Blob(b''.join([field_element_bytes(pow(3, n + 256, spec.BLS_MODULUS)) for n in range(4096)])) +BLOB_RANDOM_VALID3 = spec.Blob(b''.join([field_element_bytes(pow(5, n + 256, spec.BLS_MODULUS)) for n in range(4096)])) +BLOB_ALL_MODULUS_MINUS_ONE = spec.Blob(b''.join([field_element_bytes(spec.BLS_MODULUS - 1) for n in range(4096)])) +BLOB_ALMOST_ZERO = spec.Blob(b''.join([field_element_bytes(1 if n == 3211 else 0) for n in range(4096)])) +BLOB_INVALID = spec.Blob(b'\xFF' * 4096 * 32) +BLOB_INVALID_CLOSE = spec.Blob(b''.join( + [BLS_MODULUS_BYTES if n == 2111 else field_element_bytes(0) for n in range(4096)] +)) + +VALID_BLOBS = [BLOB_ALL_ZEROS, BLOB_RANDOM_VALID1, BLOB_RANDOM_VALID2, + BLOB_RANDOM_VALID3, BLOB_ALL_MODULUS_MINUS_ONE, BLOB_ALMOST_ZERO] +INVALID_BLOBS = [BLOB_INVALID, BLOB_INVALID_CLOSE] +VALID_ZS = [field_element_bytes(x) for x in [0, 1, 2, pow(5, 1235, spec.BLS_MODULUS), + spec.BLS_MODULUS - 1, spec.ROOTS_OF_UNITY[1]]] +INVALID_ZS = [x.to_bytes(32, spec.ENDIANNESS) for x in [spec.BLS_MODULUS, 2**256 - 1, 2**256 - 2**128]] + + +def hash(x): + return sha256(x).digest() + + +def int_to_hex(n: int, byte_length: int = None) -> str: + byte_value = int_to_big_endian(n) + if byte_length: + byte_value = byte_value.rjust(byte_length, b'\x00') + return encode_hex(byte_value) + + +def case01_blob_to_kzg_commitment(): + # Valid cases + for blob in VALID_BLOBS: + commitment = spec.blob_to_kzg_commitment(blob) + identifier = f'{encode_hex(hash(blob))}' + yield f'blob_to_kzg_commitment_case_valid_blob_{(hash(bytes(identifier, "utf-8"))[:8]).hex()}', { + 'input': { + 'blob': encode_hex(blob), + }, + 'output': encode_hex(commitment) + } + + # Edge case: Invalid blobs + for blob in INVALID_BLOBS: + identifier = f'{encode_hex(hash(blob))}' + expect_exception(spec.blob_to_kzg_commitment, blob) + yield f'blob_to_kzg_commitment_case_invalid_blob_{(hash(bytes(identifier, "utf-8"))[:8]).hex()}', { + 'input': { + 'blob': encode_hex(blob) + }, + 'output': None + } + + +def case02_compute_kzg_proof(): + # Valid cases + for blob in VALID_BLOBS: + for z in VALID_ZS: + proof = spec.compute_kzg_proof(blob, z) + identifier = f'{encode_hex(hash(blob))}_{encode_hex(z)}' + yield f'compute_kzg_proof_case_valid_blob_{(hash(bytes(identifier, "utf-8"))[:8]).hex()}', { + 'input': { + 'blob': encode_hex(blob), + 'z': encode_hex(z), + }, + 'output': encode_hex(proof) + } + + # Edge case: Invalid blobs + for blob in INVALID_BLOBS: + z = VALID_ZS[0] + expect_exception(spec.compute_kzg_proof, blob, z) + identifier = f'{encode_hex(hash(blob))}_{encode_hex(z)}' + yield f'compute_kzg_proof_case_invalid_blob_{(hash(bytes(identifier, "utf-8"))[:8]).hex()}', { + 'input': { + 'blob': encode_hex(blob), + 'z': encode_hex(z), + }, + 'output': None + } + + # Edge case: Invalid z + for z in INVALID_ZS: + blob = VALID_BLOBS[4] + expect_exception(spec.compute_kzg_proof, blob, z) + identifier = f'{encode_hex(hash(blob))}_{encode_hex(z)}' + yield f'compute_kzg_proof_case_invalid_z_{(hash(bytes(identifier, "utf-8"))[:8]).hex()}', { + 'input': { + 'blob': encode_hex(blob), + 'z': encode_hex(z), + }, + 'output': None + } + + +def case03_verify_kzg_proof(): + # Valid cases + for blob in VALID_BLOBS: + for z in VALID_ZS: + proof = spec.compute_kzg_proof(blob, z) + commitment = spec.blob_to_kzg_commitment(blob) + y = evaluate_blob_at(blob, z) + assert spec.verify_kzg_proof(commitment, z, y, proof) + identifier = f'{encode_hex(hash(blob))}_{encode_hex(z)}' + yield f'verify_kzg_proof_case_correct_proof_{(hash(bytes(identifier, "utf-8"))[:8]).hex()}', { + 'input': { + 'commitment': encode_hex(commitment), + 'z': encode_hex(z), + 'y': encode_hex(y), + 'proof': encode_hex(proof), + }, + 'output': True + } + + # Incorrect proofs + for blob in VALID_BLOBS: + for z in VALID_ZS: + proof = bls_add_one(spec.compute_kzg_proof(blob, z)) + commitment = spec.blob_to_kzg_commitment(blob) + y = evaluate_blob_at(blob, z) + assert not spec.verify_kzg_proof(commitment, z, y, proof) + identifier = f'{encode_hex(hash(blob))}_{encode_hex(z)}' + yield f'verify_kzg_proof_case_incorrect_proof_{(hash(bytes(identifier, "utf-8"))[:8]).hex()}', { + 'input': { + 'commitment': encode_hex(commitment), + 'z': encode_hex(z), + 'y': encode_hex(y), + 'proof': encode_hex(proof), + }, + 'output': False + } + + # Edge case: Invalid z + for z in INVALID_ZS: + blob, validz = VALID_BLOBS[4], VALID_ZS[1] + proof = spec.compute_kzg_proof(blob, validz) + commitment = spec.blob_to_kzg_commitment(blob) + y = VALID_ZS[3] + expect_exception(spec.verify_kzg_proof, commitment, z, y, proof) + identifier = f'{encode_hex(hash(blob))}_{encode_hex(z)}' + yield f'verify_kzg_proof_case_invalid_z_{(hash(bytes(identifier, "utf-8"))[:8]).hex()}', { + 'input': { + 'commitment': encode_hex(commitment), + 'z': encode_hex(z), + 'y': encode_hex(y), + 'proof': encode_hex(proof), + }, + 'output': None + } + + # Edge case: Invalid y + blob, z = VALID_BLOBS[1], VALID_ZS[1] + proof = spec.compute_kzg_proof(blob, z) + commitment = spec.blob_to_kzg_commitment(blob) + y = INVALID_ZS[0] + expect_exception(spec.verify_kzg_proof, commitment, z, y, proof) + yield 'verify_kzg_proof_case_invalid_y', { + 'input': { + 'commitment': encode_hex(commitment), + 'z': encode_hex(z), + 'y': encode_hex(y), + 'proof': encode_hex(proof), + }, + 'output': None + } + + # Edge case: Invalid proof, not in G1 + blob, z = VALID_BLOBS[2], VALID_ZS[0] + proof = P1_NOT_IN_G1 + commitment = spec.blob_to_kzg_commitment(blob) + y = VALID_ZS[1] + expect_exception(spec.verify_kzg_proof, commitment, z, y, proof) + yield 'verify_kzg_proof_case_proof_not_in_G1', { + 'input': { + 'commitment': encode_hex(commitment), + 'z': encode_hex(z), + 'y': encode_hex(y), + 'proof': encode_hex(proof), + }, + 'output': None + } + + # Edge case: Invalid proof, not on curve + blob, z = VALID_BLOBS[3], VALID_ZS[1] + proof = P1_NOT_ON_CURVE + commitment = spec.blob_to_kzg_commitment(blob) + y = VALID_ZS[1] + expect_exception(spec.verify_kzg_proof, commitment, z, y, proof) + yield 'verify_kzg_proof_case_proof_not_on_curve', { + 'input': { + 'commitment': encode_hex(commitment), + 'z': encode_hex(z), + 'y': encode_hex(y), + 'proof': encode_hex(proof), + }, + 'output': None + } + + # Edge case: Invalid commitment, not in G1 + blob, z = VALID_BLOBS[4], VALID_ZS[3] + proof = spec.compute_kzg_proof(blob, z) + commitment = P1_NOT_IN_G1 + y = VALID_ZS[2] + expect_exception(spec.verify_kzg_proof, commitment, z, y, proof) + yield 'verify_kzg_proof_case_commitment_not_in_G1', { + 'input': { + 'commitment': encode_hex(commitment), + 'z': encode_hex(z), + 'y': encode_hex(y), + 'proof': encode_hex(proof), + }, + 'output': None + } + + # Edge case: Invalid commitment, not on curve + blob, z = VALID_BLOBS[1], VALID_ZS[4] + proof = spec.compute_kzg_proof(blob, z) + commitment = P1_NOT_ON_CURVE + y = VALID_ZS[3] + expect_exception(spec.verify_kzg_proof, commitment, z, y, proof) + yield 'verify_kzg_proof_case_commitment_not_on_curve', { + 'input': { + 'commitment': encode_hex(commitment), + 'z': encode_hex(z), + 'y': encode_hex(y), + 'proof': encode_hex(proof), + }, + 'output': None + } + + +def case04_compute_blob_kzg_proof(): + # Valid cases + for blob in VALID_BLOBS: + proof = spec.compute_blob_kzg_proof(blob) + identifier = f'{encode_hex(hash(blob))}' + yield f'compute_blob_kzg_proof_case_valid_blob_{(hash(bytes(identifier, "utf-8"))[:8]).hex()}', { + 'input': { + 'blob': encode_hex(blob), + }, + 'output': encode_hex(proof) + } + + # Edge case: Invalid blob + for blob in INVALID_BLOBS: + expect_exception(spec.compute_blob_kzg_proof, blob) + identifier = f'{encode_hex(hash(blob))}' + yield f'compute_blob_kzg_proof_case_invalid_blob_{(hash(bytes(identifier, "utf-8"))[:8]).hex()}', { + 'input': { + 'blob': encode_hex(blob), + }, + 'output': None + } + + +def case05_verify_blob_kzg_proof(): + # Valid cases + for blob in VALID_BLOBS: + proof = spec.compute_blob_kzg_proof(blob) + commitment = spec.blob_to_kzg_commitment(blob) + assert spec.verify_blob_kzg_proof(blob, commitment, proof) + identifier = f'{encode_hex(hash(blob))}' + yield f'verify_blob_kzg_proof_case_correct_proof_{(hash(bytes(identifier, "utf-8"))[:8]).hex()}', { + 'input': { + 'blob': encode_hex(blob), + 'commitment': encode_hex(commitment), + 'proof': encode_hex(proof), + }, + 'output': True + } + + # Incorrect proofs + for blob in VALID_BLOBS: + proof = bls_add_one(spec.compute_blob_kzg_proof(blob)) + commitment = spec.blob_to_kzg_commitment(blob) + assert not spec.verify_blob_kzg_proof(blob, commitment, proof) + identifier = f'{encode_hex(hash(blob))}' + yield f'verify_blob_kzg_proof_case_incorrect_proof_{(hash(bytes(identifier, "utf-8"))[:8]).hex()}', { + 'input': { + 'blob': encode_hex(blob), + 'commitment': encode_hex(commitment), + 'proof': encode_hex(proof), + }, + 'output': False + } + + # Edge case: Invalid proof, not in G1 + blob = VALID_BLOBS[2] + proof = P1_NOT_IN_G1 + commitment = G1 + expect_exception(spec.verify_blob_kzg_proof, blob, commitment, proof) + yield 'verify_blob_kzg_proof_case_proof_not_in_G1', { + 'input': { + 'blob': encode_hex(blob), + 'commitment': encode_hex(commitment), + 'proof': encode_hex(proof), + }, + 'output': None + } + + # Edge case: Invalid proof, not on curve + blob = VALID_BLOBS[1] + proof = P1_NOT_ON_CURVE + commitment = G1 + expect_exception(spec.verify_blob_kzg_proof, blob, commitment, proof) + yield 'verify_blob_kzg_proof_case_proof_not_on_curve', { + 'input': { + 'blob': encode_hex(blob), + 'commitment': encode_hex(commitment), + 'proof': encode_hex(proof), + }, + 'output': None + } + + # Edge case: Invalid commitment, not in G1 + blob = VALID_BLOBS[0] + proof = G1 + commitment = P1_NOT_IN_G1 + expect_exception(spec.verify_blob_kzg_proof, blob, commitment, proof) + yield 'verify_blob_kzg_proof_case_commitment_not_in_G1', { + 'input': { + 'blob': encode_hex(blob), + 'commitment': encode_hex(commitment), + 'proof': encode_hex(proof), + }, + 'output': None + } + + # Edge case: Invalid commitment, not on curve + blob = VALID_BLOBS[2] + proof = G1 + commitment = P1_NOT_ON_CURVE + expect_exception(spec.verify_blob_kzg_proof, blob, commitment, proof) + yield 'verify_blob_kzg_proof_case_commitment_not_on_curve', { + 'input': { + 'blob': encode_hex(blob), + 'commitment': encode_hex(commitment), + 'proof': encode_hex(proof), + }, + 'output': None + } + + # Edge case: Invalid blob + for blob in INVALID_BLOBS: + proof = G1 + commitment = G1 + expect_exception(spec.verify_blob_kzg_proof, blob, commitment, proof) + identifier = f'{encode_hex(hash(blob))}' + yield f'verify_blob_kzg_proof_case_invalid_blob_{(hash(bytes(identifier, "utf-8"))[:8]).hex()}', { + 'input': { + 'blob': encode_hex(blob), + 'commitment': encode_hex(commitment), + 'proof': encode_hex(proof), + }, + 'output': None + } + + +def case06_verify_blob_kzg_proof_batch(): + # Valid cases + proofs = [] + commitments = [] + for blob in VALID_BLOBS: + proofs.append(spec.compute_blob_kzg_proof(blob)) + commitments.append(spec.blob_to_kzg_commitment(blob)) + + for i in range(len(proofs)): + assert spec.verify_blob_kzg_proof_batch(VALID_BLOBS[:i], commitments[:i], proofs[:i]) + identifier = f'{encode_hex(hash(b"".join(VALID_BLOBS[:i])))}' + yield f'verify_blob_kzg_proof_batch_case_{(hash(bytes(identifier, "utf-8"))[:8]).hex()}', { + 'input': { + 'blobs': encode_hex_list(VALID_BLOBS[:i]), + 'commitments': encode_hex_list(commitments[:i]), + 'proofs': encode_hex_list(proofs[:i]), + }, + 'output': True + } + + # Incorrect proof + proofs_incorrect = [bls_add_one(proofs[0])] + proofs[1:] + assert not spec.verify_blob_kzg_proof_batch(VALID_BLOBS, commitments, proofs_incorrect) + yield 'verify_blob_kzg_proof_batch_case_invalid_proof', { + 'input': { + 'blobs': encode_hex_list(VALID_BLOBS), + 'commitments': encode_hex_list(commitments), + 'proofs': encode_hex_list(proofs_incorrect), + }, + 'output': False + } + + # Edge case: Invalid proof, not in G1 + proofs_invalid_notG1 = [P1_NOT_IN_G1] + proofs[1:] + expect_exception(spec.verify_blob_kzg_proof_batch, VALID_BLOBS, commitments, proofs_invalid_notG1) + yield 'verify_blob_kzg_proof_batch_case_proof_not_in_G1', { + 'input': { + 'blobs': encode_hex_list(VALID_BLOBS), + 'commitments': encode_hex_list(commitments), + 'proofs': encode_hex_list(proofs_invalid_notG1), + }, + 'output': None + } + + # Edge case: Invalid proof, not on curve + proofs_invalid_notCurve = proofs[:1] + [P1_NOT_ON_CURVE] + proofs[2:] + expect_exception(spec.verify_blob_kzg_proof_batch, VALID_BLOBS, commitments, proofs_invalid_notCurve) + yield 'verify_blob_kzg_proof_batch_case_proof_not_on_curve', { + 'input': { + 'blobs': encode_hex_list(VALID_BLOBS), + 'commitments': encode_hex_list(commitments), + 'proofs': encode_hex_list(proofs_invalid_notCurve), + }, + 'output': None + } + + # Edge case: Invalid commitment, not in G1 + commitments_invalid_notG1 = commitments[:2] + [P1_NOT_IN_G1] + commitments[3:] + expect_exception(spec.verify_blob_kzg_proof_batch, VALID_BLOBS, commitments, commitments_invalid_notG1) + yield 'verify_blob_kzg_proof_batch_case_commitment_not_in_G1', { + 'input': { + 'blobs': encode_hex_list(VALID_BLOBS), + 'commitments': encode_hex_list(commitments_invalid_notG1), + 'proofs': encode_hex_list(proofs), + }, + 'output': None + } + + # Edge case: Invalid commitment, not on curve + commitments_invalid_notCurve = commitments[:3] + [P1_NOT_ON_CURVE] + commitments[4:] + expect_exception(spec.verify_blob_kzg_proof_batch, VALID_BLOBS, commitments, commitments_invalid_notCurve) + yield 'verify_blob_kzg_proof_batch_case_not_on_curve', { + 'input': { + 'blobs': encode_hex_list(VALID_BLOBS), + 'commitments': encode_hex_list(commitments_invalid_notCurve), + 'proofs': encode_hex_list(proofs), + }, + 'output': None + } + + # Edge case: Invalid blob + blobs_invalid = VALID_BLOBS[:4] + [BLOB_INVALID] + VALID_BLOBS[5:] + expect_exception(spec.verify_blob_kzg_proof_batch, blobs_invalid, commitments, proofs) + yield 'verify_blob_kzg_proof_batch_case_invalid_blob', { + 'input': { + 'blobs': encode_hex_list(blobs_invalid), + 'commitments': encode_hex_list(commitments), + 'proofs': encode_hex_list(proofs), + }, + 'output': None + } + + # Edge case: Blob length different + expect_exception(spec.verify_blob_kzg_proof_batch, VALID_BLOBS[:-1], commitments, proofs) + yield 'verify_blob_kzg_proof_batch_case_blob_length_different', { + 'input': { + 'blobs': encode_hex_list(VALID_BLOBS[:-1]), + 'commitments': encode_hex_list(commitments), + 'proofs': encode_hex_list(proofs), + }, + 'output': None + } + + # Edge case: Commitment length different + expect_exception(spec.verify_blob_kzg_proof_batch, VALID_BLOBS, commitments[:-1], proofs) + yield 'verify_blob_kzg_proof_batch_case_commitment_length_different', { + 'input': { + 'blobs': encode_hex_list(VALID_BLOBS), + 'commitments': encode_hex_list(commitments[:-1]), + 'proofs': encode_hex_list(proofs), + }, + 'output': None + } + + # Edge case: Proof length different + expect_exception(spec.verify_blob_kzg_proof_batch, VALID_BLOBS, commitments, proofs[:-1]) + yield 'verify_blob_kzg_proof_batch_case_proof_length_different', { + 'input': { + 'blobs': encode_hex_list(VALID_BLOBS), + 'commitments': encode_hex_list(commitments), + 'proofs': encode_hex_list(proofs[:-1]), + }, + 'output': None + } + + +def create_provider(fork_name: SpecForkName, + handler_name: str, + test_case_fn: Callable[[], Iterable[Tuple[str, Dict[str, Any]]]]) -> gen_typing.TestProvider: + + def prepare_fn() -> None: + # Nothing to load / change in spec. Maybe in future forks. + # Put the tests into the general config category, to not require any particular configuration. + return + + def cases_fn() -> Iterable[gen_typing.TestCase]: + for data in test_case_fn(): + (case_name, case_content) = data + yield gen_typing.TestCase( + fork_name=fork_name, + preset_name='general', + runner_name='kzg', + handler_name=handler_name, + suite_name='small', + case_name=case_name, + case_fn=lambda: [('data', 'data', case_content)] + ) + + return gen_typing.TestProvider(prepare=prepare_fn, make_cases=cases_fn) + + +if __name__ == "__main__": + bls.use_arkworks() + gen_runner.run_generator("kzg", [ + # DENEB + create_provider(DENEB, 'blob_to_kzg_commitment', case01_blob_to_kzg_commitment), + create_provider(DENEB, 'compute_kzg_proof', case02_compute_kzg_proof), + create_provider(DENEB, 'verify_kzg_proof', case03_verify_kzg_proof), + create_provider(DENEB, 'compute_blob_kzg_proof', case04_compute_blob_kzg_proof), + create_provider(DENEB, 'verify_blob_kzg_proof', case05_verify_blob_kzg_proof), + create_provider(DENEB, 'verify_blob_kzg_proof_batch', case06_verify_blob_kzg_proof_batch), + ]) diff --git a/tests/generators/kzg_4844/requirements.txt b/tests/generators/kzg_4844/requirements.txt new file mode 100644 index 0000000000..1822486863 --- /dev/null +++ b/tests/generators/kzg_4844/requirements.txt @@ -0,0 +1,2 @@ +pytest>=4.4 +../../../[generator] From 1b4840c96704a1f1bcaa9d37df4d9c368ad2d047 Mon Sep 17 00:00:00 2001 From: kevaundray Date: Sat, 4 Mar 2023 19:20:01 +0000 Subject: [PATCH 43/46] Fix comment for `evaluate_polynomial_in_evaluation_form` to reflect that it can now also be used in the domain --- specs/deneb/polynomial-commitments.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/specs/deneb/polynomial-commitments.md b/specs/deneb/polynomial-commitments.md index 7b65b44b62..1b9de42a3b 100644 --- a/specs/deneb/polynomial-commitments.md +++ b/specs/deneb/polynomial-commitments.md @@ -303,8 +303,10 @@ def compute_powers(x: BLSFieldElement, n: uint64) -> Sequence[BLSFieldElement]: def evaluate_polynomial_in_evaluation_form(polynomial: Polynomial, z: BLSFieldElement) -> BLSFieldElement: """ - Evaluate a polynomial (in evaluation form) at an arbitrary point ``z`` that is not in the domain. - Uses the barycentric formula: + Evaluate a polynomial (in evaluation form) at an arbitrary point ``z``. + - When ``z`` is in the domain, the evaluation can be found by indexing the polynomial at the + position that ``z`` is in the domain. + - When ``z`` is not in the domain, the barycentric formula is used: f(z) = (z**WIDTH - 1) / WIDTH * sum_(i=0)^WIDTH (f(DOMAIN[i]) * DOMAIN[i]) / (z - DOMAIN[i]) """ width = len(polynomial) From 15033d28b9f0f3a05a26de6ec093d55a7860a305 Mon Sep 17 00:00:00 2001 From: dankrad Date: Tue, 7 Mar 2023 17:50:56 +0000 Subject: [PATCH 44/46] Modify compute_[blob_]kzg_proof to remove superfluous computations (#3280) Add parameter `commitment` to `compute_blob_kzg_proof` and output `y` to `compute_kzg_proof` --- specs/deneb/polynomial-commitments.md | 17 ++--- specs/deneb/validator.md | 2 +- .../test_polynomial_commitments.py | 6 +- tests/formats/kzg/compute_blob_kzg_proof.md | 2 + tests/formats/kzg/compute_kzg_proof.md | 5 +- tests/generators/kzg_4844/main.py | 62 +++++++++++++------ 6 files changed, 62 insertions(+), 32 deletions(-) diff --git a/specs/deneb/polynomial-commitments.md b/specs/deneb/polynomial-commitments.md index 1b9de42a3b..24ae08822b 100644 --- a/specs/deneb/polynomial-commitments.md +++ b/specs/deneb/polynomial-commitments.md @@ -431,14 +431,15 @@ def verify_kzg_proof_batch(commitments: Sequence[KZGCommitment], #### `compute_kzg_proof` ```python -def compute_kzg_proof(blob: Blob, z: Bytes32) -> KZGProof: +def compute_kzg_proof(blob: Blob, z: Bytes32) -> Tuple[KZGProof, Bytes32]: """ Compute KZG proof at point `z` for the polynomial represented by `blob`. Do this by computing the quotient polynomial in evaluation form: q(x) = (p(x) - p(z)) / (x - z). Public method. """ polynomial = blob_to_polynomial(blob) - return compute_kzg_proof_impl(polynomial, bytes_to_bls_field(z)) + proof, y = compute_kzg_proof_impl(polynomial, bytes_to_bls_field(z)) + return proof, y.to_bytes(BYTES_PER_FIELD_ELEMENT, ENDIANNESS) ``` #### `compute_quotient_eval_within_domain` @@ -472,7 +473,7 @@ def compute_quotient_eval_within_domain(z: BLSFieldElement, #### `compute_kzg_proof_impl` ```python -def compute_kzg_proof_impl(polynomial: Polynomial, z: BLSFieldElement) -> KZGProof: +def compute_kzg_proof_impl(polynomial: Polynomial, z: BLSFieldElement) -> Tuple[KZGProof, BLSFieldElement]: """ Helper function for `compute_kzg_proof()` and `compute_blob_kzg_proof()`. """ @@ -496,21 +497,23 @@ def compute_kzg_proof_impl(polynomial: Polynomial, z: BLSFieldElement) -> KZGPro # Compute: q(x_i) = (p(x_i) - p(z)) / (x_i - z). quotient_polynomial[i] = div(a, b) - return KZGProof(g1_lincomb(bit_reversal_permutation(KZG_SETUP_LAGRANGE), quotient_polynomial)) + return KZGProof(g1_lincomb(bit_reversal_permutation(KZG_SETUP_LAGRANGE), quotient_polynomial)), y ``` #### `compute_blob_kzg_proof` ```python -def compute_blob_kzg_proof(blob: Blob) -> KZGProof: +def compute_blob_kzg_proof(blob: Blob, commitment_bytes: Bytes48) -> KZGProof: """ Given a blob, return the KZG proof that is used to verify it against the commitment. + This method does not verify that the commitment is correct with respect to `blob`. Public method. """ - commitment = blob_to_kzg_commitment(blob) + commitment = bytes_to_kzg_commitment(commitment_bytes) polynomial = blob_to_polynomial(blob) evaluation_challenge = compute_challenge(blob, commitment) - return compute_kzg_proof_impl(polynomial, evaluation_challenge) + proof, _ = compute_kzg_proof_impl(polynomial, evaluation_challenge) + return proof ``` #### `verify_blob_kzg_proof` diff --git a/specs/deneb/validator.md b/specs/deneb/validator.md index 77edb957f8..50ab832e00 100644 --- a/specs/deneb/validator.md +++ b/specs/deneb/validator.md @@ -96,7 +96,7 @@ def get_blob_sidecars(block: BeaconBlock, blobs: Sequence[Blob]) -> Sequence[Blo block_parent_root=block.parent_root, blob=blob, kzg_commitment=block.body.blob_kzg_commitments[index], - kzg_proof=compute_blob_kzg_proof(blob), + kzg_proof=compute_blob_kzg_proof(blob, block.body.blob_kzg_commitments[index]), ) for index, blob in enumerate(blobs) ] diff --git a/tests/core/pyspec/eth2spec/test/deneb/unittests/polynomial_commitments/test_polynomial_commitments.py b/tests/core/pyspec/eth2spec/test/deneb/unittests/polynomial_commitments/test_polynomial_commitments.py index 67dce5c5b3..e1e67d639a 100644 --- a/tests/core/pyspec/eth2spec/test/deneb/unittests/polynomial_commitments/test_polynomial_commitments.py +++ b/tests/core/pyspec/eth2spec/test/deneb/unittests/polynomial_commitments/test_polynomial_commitments.py @@ -18,9 +18,8 @@ def test_verify_kzg_proof(spec, state): blob = get_sample_blob(spec) commitment = spec.blob_to_kzg_commitment(blob) polynomial = spec.blob_to_polynomial(blob) - proof = spec.compute_kzg_proof_impl(polynomial, x) + proof, y = spec.compute_kzg_proof_impl(polynomial, x) - y = spec.evaluate_polynomial_in_evaluation_form(polynomial, x) assert spec.verify_kzg_proof_impl(commitment, x, y, proof) @@ -103,7 +102,6 @@ def test_compute_kzg_proof_within_domain(spec, state): roots_of_unity_brp = spec.bit_reversal_permutation(spec.ROOTS_OF_UNITY) for i, z in enumerate(roots_of_unity_brp): - proof = spec.compute_kzg_proof_impl(polynomial, z) + proof, y = spec.compute_kzg_proof_impl(polynomial, z) - y = spec.evaluate_polynomial_in_evaluation_form(polynomial, z) assert spec.verify_kzg_proof_impl(commitment, z, y, proof) diff --git a/tests/formats/kzg/compute_blob_kzg_proof.md b/tests/formats/kzg/compute_blob_kzg_proof.md index 512f60ecb3..62fce37231 100644 --- a/tests/formats/kzg/compute_blob_kzg_proof.md +++ b/tests/formats/kzg/compute_blob_kzg_proof.md @@ -9,10 +9,12 @@ The test data is declared in a `data.yaml` file: ```yaml input: blob: Blob -- the data blob + commitment: Bytes48 -- the commitment to the blob output: KZGProof -- The blob KZG proof ``` - `blob` here is encoded as a string: hexadecimal encoding of `4096 * 32 = 131072` bytes, prefixed with `0x`. +- `commitment` here is encoded as a string: hexadecimal encoding of `48` bytes, prefixed with `0x`. All byte(s) fields are encoded as strings, hexadecimal encoding, prefixed with `0x`. diff --git a/tests/formats/kzg/compute_kzg_proof.md b/tests/formats/kzg/compute_kzg_proof.md index bba13638f8..0713d50d81 100644 --- a/tests/formats/kzg/compute_kzg_proof.md +++ b/tests/formats/kzg/compute_kzg_proof.md @@ -10,14 +10,15 @@ The test data is declared in a `data.yaml` file: input: blob: Blob -- the data blob representing a polynomial z: Bytes32 -- bytes encoding the BLS field element at which the polynomial should be evaluated -output: KZGProof -- The KZG proof +output: Tuple[KZGProof, Bytes32] -- The KZG proof and the value y = f(z) ``` - `blob` here is encoded as a string: hexadecimal encoding of `4096 * 32 = 131072` bytes, prefixed with `0x`. - `z` here is encoded as a string: hexadecimal encoding of `32` bytes representing a little endian encoded field element, prefixed with `0x`. +- `y` here is encoded as a string: hexadecimal encoding of `32` bytes representing a little endian encoded field element, prefixed with `0x`. All byte(s) fields are encoded as strings, hexadecimal encoding, prefixed with `0x`. ## Condition -The `compute_kzg_proof` handler should compute the KZG proof for evaluating the polynomial represented by `blob` at `z`, and the result should match the expected `output`. If the blob is invalid (e.g. incorrect length or one of the 32-byte blocks does not represent a BLS field element) or `z` is not a valid BLS field element, it should error, i.e. the output should be `null`. +The `compute_kzg_proof` handler should compute the KZG proof as well as the value `y` for evaluating the polynomial represented by `blob` at `z`, and the result should match the expected `output`. If the blob is invalid (e.g. incorrect length or one of the 32-byte blocks does not represent a BLS field element) or `z` is not a valid BLS field element, it should error, i.e. the output should be `null`. diff --git a/tests/generators/kzg_4844/main.py b/tests/generators/kzg_4844/main.py index 616e2cc461..65f6405e52 100644 --- a/tests/generators/kzg_4844/main.py +++ b/tests/generators/kzg_4844/main.py @@ -115,14 +115,14 @@ def case02_compute_kzg_proof(): # Valid cases for blob in VALID_BLOBS: for z in VALID_ZS: - proof = spec.compute_kzg_proof(blob, z) + proof, y = spec.compute_kzg_proof(blob, z) identifier = f'{encode_hex(hash(blob))}_{encode_hex(z)}' yield f'compute_kzg_proof_case_valid_blob_{(hash(bytes(identifier, "utf-8"))[:8]).hex()}', { 'input': { 'blob': encode_hex(blob), 'z': encode_hex(z), }, - 'output': encode_hex(proof) + 'output': (encode_hex(proof), encode_hex(y)) } # Edge case: Invalid blobs @@ -156,9 +156,8 @@ def case03_verify_kzg_proof(): # Valid cases for blob in VALID_BLOBS: for z in VALID_ZS: - proof = spec.compute_kzg_proof(blob, z) + proof, y = spec.compute_kzg_proof(blob, z) commitment = spec.blob_to_kzg_commitment(blob) - y = evaluate_blob_at(blob, z) assert spec.verify_kzg_proof(commitment, z, y, proof) identifier = f'{encode_hex(hash(blob))}_{encode_hex(z)}' yield f'verify_kzg_proof_case_correct_proof_{(hash(bytes(identifier, "utf-8"))[:8]).hex()}', { @@ -174,9 +173,9 @@ def case03_verify_kzg_proof(): # Incorrect proofs for blob in VALID_BLOBS: for z in VALID_ZS: - proof = bls_add_one(spec.compute_kzg_proof(blob, z)) + proof_orig, y = spec.compute_kzg_proof(blob, z) + proof = bls_add_one(proof_orig) commitment = spec.blob_to_kzg_commitment(blob) - y = evaluate_blob_at(blob, z) assert not spec.verify_kzg_proof(commitment, z, y, proof) identifier = f'{encode_hex(hash(blob))}_{encode_hex(z)}' yield f'verify_kzg_proof_case_incorrect_proof_{(hash(bytes(identifier, "utf-8"))[:8]).hex()}', { @@ -192,9 +191,8 @@ def case03_verify_kzg_proof(): # Edge case: Invalid z for z in INVALID_ZS: blob, validz = VALID_BLOBS[4], VALID_ZS[1] - proof = spec.compute_kzg_proof(blob, validz) + proof, y = spec.compute_kzg_proof(blob, validz) commitment = spec.blob_to_kzg_commitment(blob) - y = VALID_ZS[3] expect_exception(spec.verify_kzg_proof, commitment, z, y, proof) identifier = f'{encode_hex(hash(blob))}_{encode_hex(z)}' yield f'verify_kzg_proof_case_invalid_z_{(hash(bytes(identifier, "utf-8"))[:8]).hex()}', { @@ -209,7 +207,7 @@ def case03_verify_kzg_proof(): # Edge case: Invalid y blob, z = VALID_BLOBS[1], VALID_ZS[1] - proof = spec.compute_kzg_proof(blob, z) + proof, _ = spec.compute_kzg_proof(blob, z) commitment = spec.blob_to_kzg_commitment(blob) y = INVALID_ZS[0] expect_exception(spec.verify_kzg_proof, commitment, z, y, proof) @@ -257,9 +255,8 @@ def case03_verify_kzg_proof(): # Edge case: Invalid commitment, not in G1 blob, z = VALID_BLOBS[4], VALID_ZS[3] - proof = spec.compute_kzg_proof(blob, z) + proof, y = spec.compute_kzg_proof(blob, z) commitment = P1_NOT_IN_G1 - y = VALID_ZS[2] expect_exception(spec.verify_kzg_proof, commitment, z, y, proof) yield 'verify_kzg_proof_case_commitment_not_in_G1', { 'input': { @@ -273,9 +270,8 @@ def case03_verify_kzg_proof(): # Edge case: Invalid commitment, not on curve blob, z = VALID_BLOBS[1], VALID_ZS[4] - proof = spec.compute_kzg_proof(blob, z) + proof, y = spec.compute_kzg_proof(blob, z) commitment = P1_NOT_ON_CURVE - y = VALID_ZS[3] expect_exception(spec.verify_kzg_proof, commitment, z, y, proof) yield 'verify_kzg_proof_case_commitment_not_on_curve', { 'input': { @@ -291,32 +287,62 @@ def case03_verify_kzg_proof(): def case04_compute_blob_kzg_proof(): # Valid cases for blob in VALID_BLOBS: - proof = spec.compute_blob_kzg_proof(blob) + commitment = spec.blob_to_kzg_commitment(blob) + proof = spec.compute_blob_kzg_proof(blob, commitment) identifier = f'{encode_hex(hash(blob))}' yield f'compute_blob_kzg_proof_case_valid_blob_{(hash(bytes(identifier, "utf-8"))[:8]).hex()}', { 'input': { 'blob': encode_hex(blob), + 'commitment': encode_hex(commitment), }, 'output': encode_hex(proof) } # Edge case: Invalid blob for blob in INVALID_BLOBS: - expect_exception(spec.compute_blob_kzg_proof, blob) + commitment = G1 + expect_exception(spec.compute_blob_kzg_proof, blob, commitment) identifier = f'{encode_hex(hash(blob))}' yield f'compute_blob_kzg_proof_case_invalid_blob_{(hash(bytes(identifier, "utf-8"))[:8]).hex()}', { 'input': { 'blob': encode_hex(blob), + 'commitment': encode_hex(commitment), }, 'output': None } + # Edge case: Invalid commitment, not in G1 + commitment = P1_NOT_IN_G1 + blob = VALID_BLOBS[1] + expect_exception(spec.compute_blob_kzg_proof, blob, commitment) + identifier = f'{encode_hex(hash(blob))}' + yield 'compute_blob_kzg_proof_case_invalid_commitment_not_in_G1', { + 'input': { + 'blob': encode_hex(blob), + 'commitment': encode_hex(commitment), + }, + 'output': None + } + + # Edge case: Invalid commitment, not on curve + commitment = P1_NOT_ON_CURVE + blob = VALID_BLOBS[1] + expect_exception(spec.compute_blob_kzg_proof, blob, commitment) + identifier = f'{encode_hex(hash(blob))}' + yield 'compute_blob_kzg_proof_case_invalid_commitment_not_on_curve', { + 'input': { + 'blob': encode_hex(blob), + 'commitment': encode_hex(commitment), + }, + 'output': None + } + def case05_verify_blob_kzg_proof(): # Valid cases for blob in VALID_BLOBS: - proof = spec.compute_blob_kzg_proof(blob) commitment = spec.blob_to_kzg_commitment(blob) + proof = spec.compute_blob_kzg_proof(blob, commitment) assert spec.verify_blob_kzg_proof(blob, commitment, proof) identifier = f'{encode_hex(hash(blob))}' yield f'verify_blob_kzg_proof_case_correct_proof_{(hash(bytes(identifier, "utf-8"))[:8]).hex()}', { @@ -330,8 +356,8 @@ def case05_verify_blob_kzg_proof(): # Incorrect proofs for blob in VALID_BLOBS: - proof = bls_add_one(spec.compute_blob_kzg_proof(blob)) commitment = spec.blob_to_kzg_commitment(blob) + proof = bls_add_one(spec.compute_blob_kzg_proof(blob, commitment)) assert not spec.verify_blob_kzg_proof(blob, commitment, proof) identifier = f'{encode_hex(hash(blob))}' yield f'verify_blob_kzg_proof_case_incorrect_proof_{(hash(bytes(identifier, "utf-8"))[:8]).hex()}', { @@ -420,8 +446,8 @@ def case06_verify_blob_kzg_proof_batch(): proofs = [] commitments = [] for blob in VALID_BLOBS: - proofs.append(spec.compute_blob_kzg_proof(blob)) commitments.append(spec.blob_to_kzg_commitment(blob)) + proofs.append(spec.compute_blob_kzg_proof(blob, commitments[-1])) for i in range(len(proofs)): assert spec.verify_blob_kzg_proof_batch(VALID_BLOBS[:i], commitments[:i], proofs[:i]) From ccfe576dcc466a129da19d13f0418700af6515ab Mon Sep 17 00:00:00 2001 From: Justin Traglia <95511699+jtraglia@users.noreply.github.com> Date: Tue, 7 Mar 2023 14:56:55 -0700 Subject: [PATCH 45/46] Add KZG tests for input length inputs (#3282) --- specs/deneb/polynomial-commitments.md | 32 +++- tests/generators/kzg_4844/main.py | 264 ++++++++++++++++++++++---- 2 files changed, 256 insertions(+), 40 deletions(-) diff --git a/specs/deneb/polynomial-commitments.md b/specs/deneb/polynomial-commitments.md index 24ae08822b..edf2062b2a 100644 --- a/specs/deneb/polynomial-commitments.md +++ b/specs/deneb/polynomial-commitments.md @@ -72,7 +72,10 @@ Public functions MUST accept raw bytes as input and perform the required cryptog | Name | Value | Notes | | - | - | - | | `BLS_MODULUS` | `52435875175126190479447740508185965837690552500527637822603658699938581184513` | Scalar field modulus of BLS12-381 | +| `BYTES_PER_COMMITMENT` | `uint64(48)` | The number of bytes in a KZG commitment | +| `BYTES_PER_PROOF` | `uint64(48)` | The number of bytes in a KZG proof | | `BYTES_PER_FIELD_ELEMENT` | `uint64(32)` | Bytes used to encode a BLS scalar field element | +| `BYTES_PER_BLOB` | `uint64(BYTES_PER_FIELD_ELEMENT * FIELD_ELEMENTS_PER_BLOB)` | The number of bytes in a blob | | `G1_POINT_AT_INFINITY` | `Bytes48(b'\xc0' + b'\x00' * 47)` | Serialized form of the point at infinity on the G1 group | @@ -340,6 +343,7 @@ def blob_to_kzg_commitment(blob: Blob) -> KZGCommitment: """ Public method. """ + assert len(blob) == BYTES_PER_BLOB return g1_lincomb(bit_reversal_permutation(KZG_SETUP_LAGRANGE), blob_to_polynomial(blob)) ``` @@ -347,17 +351,22 @@ def blob_to_kzg_commitment(blob: Blob) -> KZGCommitment: ```python def verify_kzg_proof(commitment_bytes: Bytes48, - z: Bytes32, - y: Bytes32, + z_bytes: Bytes32, + y_bytes: Bytes32, proof_bytes: Bytes48) -> bool: """ Verify KZG proof that ``p(z) == y`` where ``p(z)`` is the polynomial represented by ``polynomial_kzg``. Receives inputs as bytes. Public method. """ + assert len(commitment_bytes) == BYTES_PER_COMMITMENT + assert len(z_bytes) == BYTES_PER_FIELD_ELEMENT + assert len(y_bytes) == BYTES_PER_FIELD_ELEMENT + assert len(proof_bytes) == BYTES_PER_PROOF + return verify_kzg_proof_impl(bytes_to_kzg_commitment(commitment_bytes), - bytes_to_bls_field(z), - bytes_to_bls_field(y), + bytes_to_bls_field(z_bytes), + bytes_to_bls_field(y_bytes), bytes_to_kzg_proof(proof_bytes)) ``` @@ -431,14 +440,16 @@ def verify_kzg_proof_batch(commitments: Sequence[KZGCommitment], #### `compute_kzg_proof` ```python -def compute_kzg_proof(blob: Blob, z: Bytes32) -> Tuple[KZGProof, Bytes32]: +def compute_kzg_proof(blob: Blob, z_bytes: Bytes32) -> Tuple[KZGProof, Bytes32]: """ Compute KZG proof at point `z` for the polynomial represented by `blob`. Do this by computing the quotient polynomial in evaluation form: q(x) = (p(x) - p(z)) / (x - z). Public method. """ + assert len(blob) == BYTES_PER_BLOB + assert len(z_bytes) == BYTES_PER_FIELD_ELEMENT polynomial = blob_to_polynomial(blob) - proof, y = compute_kzg_proof_impl(polynomial, bytes_to_bls_field(z)) + proof, y = compute_kzg_proof_impl(polynomial, bytes_to_bls_field(z_bytes)) return proof, y.to_bytes(BYTES_PER_FIELD_ELEMENT, ENDIANNESS) ``` @@ -509,6 +520,8 @@ def compute_blob_kzg_proof(blob: Blob, commitment_bytes: Bytes48) -> KZGProof: This method does not verify that the commitment is correct with respect to `blob`. Public method. """ + assert len(blob) == BYTES_PER_BLOB + assert len(commitment_bytes) == BYTES_PER_COMMITMENT commitment = bytes_to_kzg_commitment(commitment_bytes) polynomial = blob_to_polynomial(blob) evaluation_challenge = compute_challenge(blob, commitment) @@ -527,6 +540,10 @@ def verify_blob_kzg_proof(blob: Blob, Public method. """ + assert len(blob) == BYTES_PER_BLOB + assert len(commitment_bytes) == BYTES_PER_COMMITMENT + assert len(proof_bytes) == BYTES_PER_PROOF + commitment = bytes_to_kzg_commitment(commitment_bytes) polynomial = blob_to_polynomial(blob) @@ -556,6 +573,9 @@ def verify_blob_kzg_proof_batch(blobs: Sequence[Blob], commitments, evaluation_challenges, ys, proofs = [], [], [], [] for blob, commitment_bytes, proof_bytes in zip(blobs, commitments_bytes, proofs_bytes): + assert len(blob) == BYTES_PER_BLOB + assert len(commitment_bytes) == BYTES_PER_COMMITMENT + assert len(proof_bytes) == BYTES_PER_PROOF commitment = bytes_to_kzg_commitment(commitment_bytes) commitments.append(commitment) polynomial = blob_to_polynomial(blob) diff --git a/tests/generators/kzg_4844/main.py b/tests/generators/kzg_4844/main.py index 65f6405e52..699d1f369a 100644 --- a/tests/generators/kzg_4844/main.py +++ b/tests/generators/kzg_4844/main.py @@ -27,7 +27,11 @@ def expect_exception(func, *args): def field_element_bytes(x): - return int.to_bytes(x % spec.BLS_MODULUS, 32, "little") + return int.to_bytes(x % spec.BLS_MODULUS, 32, spec.ENDIANNESS) + + +def field_element_bytes_unchecked(x): + return int.to_bytes(x, 32, spec.ENDIANNESS) def encode_hex_list(a): @@ -67,13 +71,30 @@ def evaluate_blob_at(blob, z): BLOB_INVALID_CLOSE = spec.Blob(b''.join( [BLS_MODULUS_BYTES if n == 2111 else field_element_bytes(0) for n in range(4096)] )) +BLOB_INVALID_LENGTH_PLUS_ONE = BLOB_RANDOM_VALID1 + b"\x00" +BLOB_INVALID_LENGTH_MINUS_ONE = BLOB_RANDOM_VALID1[:-1] VALID_BLOBS = [BLOB_ALL_ZEROS, BLOB_RANDOM_VALID1, BLOB_RANDOM_VALID2, BLOB_RANDOM_VALID3, BLOB_ALL_MODULUS_MINUS_ONE, BLOB_ALMOST_ZERO] -INVALID_BLOBS = [BLOB_INVALID, BLOB_INVALID_CLOSE] -VALID_ZS = [field_element_bytes(x) for x in [0, 1, 2, pow(5, 1235, spec.BLS_MODULUS), - spec.BLS_MODULUS - 1, spec.ROOTS_OF_UNITY[1]]] -INVALID_ZS = [x.to_bytes(32, spec.ENDIANNESS) for x in [spec.BLS_MODULUS, 2**256 - 1, 2**256 - 2**128]] +INVALID_BLOBS = [BLOB_INVALID, BLOB_INVALID_CLOSE, BLOB_INVALID_LENGTH_PLUS_ONE, BLOB_INVALID_LENGTH_MINUS_ONE] + +FE_VALID1 = field_element_bytes(0) +FE_VALID2 = field_element_bytes(1) +FE_VALID3 = field_element_bytes(2) +FE_VALID4 = field_element_bytes(pow(5, 1235, spec.BLS_MODULUS)) +FE_VALID5 = field_element_bytes(spec.BLS_MODULUS - 1) +FE_VALID6 = field_element_bytes(spec.ROOTS_OF_UNITY[1]) +VALID_FIELD_ELEMENTS = [FE_VALID1, FE_VALID2, FE_VALID3, FE_VALID4, FE_VALID5, FE_VALID6] + +FE_INVALID_EQUAL_TO_MODULUS = field_element_bytes_unchecked(spec.BLS_MODULUS) +FE_INVALID_MODULUS_PLUS_ONE = field_element_bytes_unchecked(spec.BLS_MODULUS + 1) +FE_INVALID_UINT256_MAX = field_element_bytes_unchecked(2**256 - 1) +FE_INVALID_UINT256_MID = field_element_bytes_unchecked(2**256 - 2**128) +FE_INVALID_LENGTH_PLUS_ONE = VALID_FIELD_ELEMENTS[0] + b"\x00" +FE_INVALID_LENGTH_MINUS_ONE = VALID_FIELD_ELEMENTS[0][:-1] +INVALID_FIELD_ELEMENTS = [FE_INVALID_EQUAL_TO_MODULUS, FE_INVALID_MODULUS_PLUS_ONE, + FE_INVALID_UINT256_MAX, FE_INVALID_UINT256_MID, + FE_INVALID_LENGTH_PLUS_ONE, FE_INVALID_LENGTH_MINUS_ONE] def hash(x): @@ -114,7 +135,7 @@ def case01_blob_to_kzg_commitment(): def case02_compute_kzg_proof(): # Valid cases for blob in VALID_BLOBS: - for z in VALID_ZS: + for z in VALID_FIELD_ELEMENTS: proof, y = spec.compute_kzg_proof(blob, z) identifier = f'{encode_hex(hash(blob))}_{encode_hex(z)}' yield f'compute_kzg_proof_case_valid_blob_{(hash(bytes(identifier, "utf-8"))[:8]).hex()}', { @@ -127,7 +148,7 @@ def case02_compute_kzg_proof(): # Edge case: Invalid blobs for blob in INVALID_BLOBS: - z = VALID_ZS[0] + z = VALID_FIELD_ELEMENTS[0] expect_exception(spec.compute_kzg_proof, blob, z) identifier = f'{encode_hex(hash(blob))}_{encode_hex(z)}' yield f'compute_kzg_proof_case_invalid_blob_{(hash(bytes(identifier, "utf-8"))[:8]).hex()}', { @@ -139,7 +160,7 @@ def case02_compute_kzg_proof(): } # Edge case: Invalid z - for z in INVALID_ZS: + for z in INVALID_FIELD_ELEMENTS: blob = VALID_BLOBS[4] expect_exception(spec.compute_kzg_proof, blob, z) identifier = f'{encode_hex(hash(blob))}_{encode_hex(z)}' @@ -155,7 +176,7 @@ def case02_compute_kzg_proof(): def case03_verify_kzg_proof(): # Valid cases for blob in VALID_BLOBS: - for z in VALID_ZS: + for z in VALID_FIELD_ELEMENTS: proof, y = spec.compute_kzg_proof(blob, z) commitment = spec.blob_to_kzg_commitment(blob) assert spec.verify_kzg_proof(commitment, z, y, proof) @@ -172,7 +193,7 @@ def case03_verify_kzg_proof(): # Incorrect proofs for blob in VALID_BLOBS: - for z in VALID_ZS: + for z in VALID_FIELD_ELEMENTS: proof_orig, y = spec.compute_kzg_proof(blob, z) proof = bls_add_one(proof_orig) commitment = spec.blob_to_kzg_commitment(blob) @@ -189,8 +210,8 @@ def case03_verify_kzg_proof(): } # Edge case: Invalid z - for z in INVALID_ZS: - blob, validz = VALID_BLOBS[4], VALID_ZS[1] + for z in INVALID_FIELD_ELEMENTS: + blob, validz = VALID_BLOBS[4], VALID_FIELD_ELEMENTS[1] proof, y = spec.compute_kzg_proof(blob, validz) commitment = spec.blob_to_kzg_commitment(blob) expect_exception(spec.verify_kzg_proof, commitment, z, y, proof) @@ -206,12 +227,29 @@ def case03_verify_kzg_proof(): } # Edge case: Invalid y - blob, z = VALID_BLOBS[1], VALID_ZS[1] - proof, _ = spec.compute_kzg_proof(blob, z) + for y in INVALID_FIELD_ELEMENTS: + blob, z = VALID_BLOBS[4], VALID_FIELD_ELEMENTS[1] + proof, _ = spec.compute_kzg_proof(blob, z) + commitment = spec.blob_to_kzg_commitment(blob) + expect_exception(spec.verify_kzg_proof, commitment, z, y, proof) + identifier = f'{encode_hex(hash(blob))}_{encode_hex(y)}' + yield f'verify_kzg_proof_case_invalid_y_{(hash(bytes(identifier, "utf-8"))[:8]).hex()}', { + 'input': { + 'commitment': encode_hex(commitment), + 'z': encode_hex(z), + 'y': encode_hex(y), + 'proof': encode_hex(proof), + }, + 'output': None + } + + # Edge case: Invalid proof, not in G1 + blob, z = VALID_BLOBS[2], VALID_FIELD_ELEMENTS[0] + proof = P1_NOT_IN_G1 commitment = spec.blob_to_kzg_commitment(blob) - y = INVALID_ZS[0] + y = VALID_FIELD_ELEMENTS[1] expect_exception(spec.verify_kzg_proof, commitment, z, y, proof) - yield 'verify_kzg_proof_case_invalid_y', { + yield 'verify_kzg_proof_case_proof_not_in_G1', { 'input': { 'commitment': encode_hex(commitment), 'z': encode_hex(z), @@ -221,13 +259,13 @@ def case03_verify_kzg_proof(): 'output': None } - # Edge case: Invalid proof, not in G1 - blob, z = VALID_BLOBS[2], VALID_ZS[0] - proof = P1_NOT_IN_G1 + # Edge case: Invalid proof, not on curve + blob, z = VALID_BLOBS[3], VALID_FIELD_ELEMENTS[1] + proof = P1_NOT_ON_CURVE commitment = spec.blob_to_kzg_commitment(blob) - y = VALID_ZS[1] + y = VALID_FIELD_ELEMENTS[1] expect_exception(spec.verify_kzg_proof, commitment, z, y, proof) - yield 'verify_kzg_proof_case_proof_not_in_G1', { + yield 'verify_kzg_proof_case_proof_not_on_curve', { 'input': { 'commitment': encode_hex(commitment), 'z': encode_hex(z), @@ -237,13 +275,31 @@ def case03_verify_kzg_proof(): 'output': None } - # Edge case: Invalid proof, not on curve - blob, z = VALID_BLOBS[3], VALID_ZS[1] - proof = P1_NOT_ON_CURVE + # Edge case: Invalid proof, too few bytes + blob = VALID_BLOBS[1] commitment = spec.blob_to_kzg_commitment(blob) - y = VALID_ZS[1] + z = VALID_FIELD_ELEMENTS[4] + proof, y = spec.compute_kzg_proof(blob, z) + proof = proof[:-1] expect_exception(spec.verify_kzg_proof, commitment, z, y, proof) - yield 'verify_kzg_proof_case_proof_not_on_curve', { + yield 'verify_kzg_proof_case_proof_too_few_bytes', { + 'input': { + 'commitment': encode_hex(commitment), + 'z': encode_hex(z), + 'y': encode_hex(y), + 'proof': encode_hex(proof), + }, + 'output': None + } + + # Edge case: Invalid proof, too many bytes + blob = VALID_BLOBS[1] + commitment = spec.blob_to_kzg_commitment(blob) + z = VALID_FIELD_ELEMENTS[4] + proof, y = spec.compute_kzg_proof(blob, z) + proof = proof + b"\x00" + expect_exception(spec.verify_kzg_proof, commitment, z, y, proof) + yield 'verify_kzg_proof_case_proof_too_many_bytes', { 'input': { 'commitment': encode_hex(commitment), 'z': encode_hex(z), @@ -254,7 +310,7 @@ def case03_verify_kzg_proof(): } # Edge case: Invalid commitment, not in G1 - blob, z = VALID_BLOBS[4], VALID_ZS[3] + blob, z = VALID_BLOBS[4], VALID_FIELD_ELEMENTS[3] proof, y = spec.compute_kzg_proof(blob, z) commitment = P1_NOT_IN_G1 expect_exception(spec.verify_kzg_proof, commitment, z, y, proof) @@ -269,7 +325,7 @@ def case03_verify_kzg_proof(): } # Edge case: Invalid commitment, not on curve - blob, z = VALID_BLOBS[1], VALID_ZS[4] + blob, z = VALID_BLOBS[1], VALID_FIELD_ELEMENTS[4] proof, y = spec.compute_kzg_proof(blob, z) commitment = P1_NOT_ON_CURVE expect_exception(spec.verify_kzg_proof, commitment, z, y, proof) @@ -283,6 +339,38 @@ def case03_verify_kzg_proof(): 'output': None } + # Edge case: Invalid commitment, too few bytes + blob = VALID_BLOBS[1] + commitment = spec.blob_to_kzg_commitment(blob)[:-1] + z = VALID_FIELD_ELEMENTS[4] + proof, y = spec.compute_kzg_proof(blob, z) + expect_exception(spec.verify_kzg_proof, commitment, z, y, proof) + yield 'verify_kzg_proof_case_commitment_too_few_bytes', { + 'input': { + 'commitment': encode_hex(commitment), + 'z': encode_hex(z), + 'y': encode_hex(y), + 'proof': encode_hex(proof), + }, + 'output': None + } + + # Edge case: Invalid commitment, too many bytes + blob = VALID_BLOBS[1] + commitment = spec.blob_to_kzg_commitment(blob) + b"\x00" + z = VALID_FIELD_ELEMENTS[4] + proof, y = spec.compute_kzg_proof(blob, z) + expect_exception(spec.verify_kzg_proof, commitment, z, y, proof) + yield 'verify_kzg_proof_case_commitment_too_many_bytes', { + 'input': { + 'commitment': encode_hex(commitment), + 'z': encode_hex(z), + 'y': encode_hex(y), + 'proof': encode_hex(proof), + }, + 'output': None + } + def case04_compute_blob_kzg_proof(): # Valid cases @@ -397,6 +485,34 @@ def case05_verify_blob_kzg_proof(): 'output': None } + # Edge case: Invalid proof, too few bytes + blob = VALID_BLOBS[1] + commitment = spec.blob_to_kzg_commitment(blob) + proof = spec.compute_blob_kzg_proof(blob, commitment)[:-1] + expect_exception(spec.verify_blob_kzg_proof, blob, commitment, proof) + yield 'verify_blob_kzg_proof_case_proof_too_few_bytes', { + 'input': { + 'blob': encode_hex(blob), + 'commitment': encode_hex(commitment), + 'proof': encode_hex(proof), + }, + 'output': None + } + + # Edge case: Invalid proof, too many bytes + blob = VALID_BLOBS[1] + commitment = spec.blob_to_kzg_commitment(blob) + proof = spec.compute_blob_kzg_proof(blob, commitment) + b"\x00" + expect_exception(spec.verify_blob_kzg_proof, blob, commitment, proof) + yield 'verify_blob_kzg_proof_case_proof_too_many_bytes', { + 'input': { + 'blob': encode_hex(blob), + 'commitment': encode_hex(commitment), + 'proof': encode_hex(proof), + }, + 'output': None + } + # Edge case: Invalid commitment, not in G1 blob = VALID_BLOBS[0] proof = G1 @@ -425,6 +541,36 @@ def case05_verify_blob_kzg_proof(): 'output': None } + # Edge case: Invalid commitment, too few bytes + blob = VALID_BLOBS[1] + commitment = spec.blob_to_kzg_commitment(blob) + proof = spec.compute_blob_kzg_proof(blob, commitment) + commitment = commitment[:-1] + expect_exception(spec.verify_blob_kzg_proof, blob, commitment, proof) + yield 'verify_blob_kzg_proof_case_commitment_too_few_bytes', { + 'input': { + 'blob': encode_hex(blob), + 'commitment': encode_hex(commitment), + 'proof': encode_hex(proof), + }, + 'output': None + } + + # Edge case: Invalid commitment, too many bytes + blob = VALID_BLOBS[1] + commitment = spec.blob_to_kzg_commitment(blob) + proof = spec.compute_blob_kzg_proof(blob, commitment) + commitment = commitment + b"\x00" + expect_exception(spec.verify_blob_kzg_proof, blob, commitment, proof) + yield 'verify_blob_kzg_proof_case_commitment_too_many_bytes', { + 'input': { + 'blob': encode_hex(blob), + 'commitment': encode_hex(commitment), + 'proof': encode_hex(proof), + }, + 'output': None + } + # Edge case: Invalid blob for blob in INVALID_BLOBS: proof = G1 @@ -473,6 +619,20 @@ def case06_verify_blob_kzg_proof_batch(): 'output': False } + # Edge case: Invalid blobs + for blob in INVALID_BLOBS: + blobs_invalid = VALID_BLOBS[:4] + [blob] + VALID_BLOBS[5:] + expect_exception(spec.verify_blob_kzg_proof_batch, blobs_invalid, commitments, proofs) + identifier = f'{encode_hex(hash(blob))}' + yield f'verify_blob_kzg_proof_batch_case_invalid_blob_{(hash(bytes(identifier, "utf-8"))[:8]).hex()}', { + 'input': { + 'blobs': encode_hex_list(blobs_invalid), + 'commitments': encode_hex_list(commitments), + 'proofs': encode_hex_list(proofs), + }, + 'output': None + } + # Edge case: Invalid proof, not in G1 proofs_invalid_notG1 = [P1_NOT_IN_G1] + proofs[1:] expect_exception(spec.verify_blob_kzg_proof_batch, VALID_BLOBS, commitments, proofs_invalid_notG1) @@ -497,6 +657,30 @@ def case06_verify_blob_kzg_proof_batch(): 'output': None } + # Edge case: Invalid proof, too few bytes + proofs_invalid_tooFewBytes = proofs[:1] + [proofs[1][:-1]] + proofs[2:] + expect_exception(spec.verify_blob_kzg_proof_batch, VALID_BLOBS, commitments, proofs_invalid_tooFewBytes) + yield 'verify_blob_kzg_proof_batch_case_proof_too_few_bytes', { + 'input': { + 'blobs': encode_hex_list(VALID_BLOBS), + 'commitments': encode_hex_list(commitments), + 'proofs': encode_hex_list(proofs_invalid_tooFewBytes), + }, + 'output': None + } + + # Edge case: Invalid proof, too many bytes + proofs_invalid_tooManyBytes = proofs[:1] + [proofs[1] + b"\x00"] + proofs[2:] + expect_exception(spec.verify_blob_kzg_proof_batch, VALID_BLOBS, commitments, proofs_invalid_tooManyBytes) + yield 'verify_blob_kzg_proof_batch_case_proof_too_many_bytes', { + 'input': { + 'blobs': encode_hex_list(VALID_BLOBS), + 'commitments': encode_hex_list(commitments), + 'proofs': encode_hex_list(proofs_invalid_tooManyBytes), + }, + 'output': None + } + # Edge case: Invalid commitment, not in G1 commitments_invalid_notG1 = commitments[:2] + [P1_NOT_IN_G1] + commitments[3:] expect_exception(spec.verify_blob_kzg_proof_batch, VALID_BLOBS, commitments, commitments_invalid_notG1) @@ -521,13 +705,25 @@ def case06_verify_blob_kzg_proof_batch(): 'output': None } - # Edge case: Invalid blob - blobs_invalid = VALID_BLOBS[:4] + [BLOB_INVALID] + VALID_BLOBS[5:] - expect_exception(spec.verify_blob_kzg_proof_batch, blobs_invalid, commitments, proofs) - yield 'verify_blob_kzg_proof_batch_case_invalid_blob', { + # Edge case: Invalid commitment, too few bytes + commitments_invalid_tooFewBytes = commitments[:3] + [commitments[3][:-1]] + commitments[4:] + expect_exception(spec.verify_blob_kzg_proof_batch, VALID_BLOBS, commitments, commitments_invalid_tooFewBytes) + yield 'verify_blob_kzg_proof_batch_case_too_few_bytes', { 'input': { - 'blobs': encode_hex_list(blobs_invalid), - 'commitments': encode_hex_list(commitments), + 'blobs': encode_hex_list(VALID_BLOBS), + 'commitments': encode_hex_list(commitments_invalid_tooFewBytes), + 'proofs': encode_hex_list(proofs), + }, + 'output': None + } + + # Edge case: Invalid commitment, too many bytes + commitments_invalid_tooManyBytes = commitments[:3] + [commitments[3] + b"\x00"] + commitments[4:] + expect_exception(spec.verify_blob_kzg_proof_batch, VALID_BLOBS, commitments, commitments_invalid_tooManyBytes) + yield 'verify_blob_kzg_proof_batch_case_too_many_bytes', { + 'input': { + 'blobs': encode_hex_list(VALID_BLOBS), + 'commitments': encode_hex_list(commitments_invalid_tooManyBytes), 'proofs': encode_hex_list(proofs), }, 'output': None From 7f74a08a6c4734e2d87c07e65dbc4a2624c16ab6 Mon Sep 17 00:00:00 2001 From: Ben Edgington Date: Thu, 9 Mar 2023 11:07:01 +0000 Subject: [PATCH 46/46] Fix trailing whitespace --- specs/phase0/fork-choice.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/specs/phase0/fork-choice.md b/specs/phase0/fork-choice.md index 3176c1cd5d..8681975ca9 100644 --- a/specs/phase0/fork-choice.md +++ b/specs/phase0/fork-choice.md @@ -388,7 +388,7 @@ def on_tick(store: Store, time: uint64) -> None: # Update store.justified_checkpoint if a better checkpoint on the store.finalized_checkpoint chain if store.best_justified_checkpoint.epoch > store.justified_checkpoint.epoch: - finalized_slot = compute_start_slot_at_epoch(store.finalized_checkpoint.epoch) + finalized_slot = compute_start_slot_at_epoch(store.finalized_checkpoint.epoch) ancestor_at_finalized_slot = get_ancestor(store, store.best_justified_checkpoint.root, finalized_slot) if ancestor_at_finalized_slot == store.finalized_checkpoint.root: store.justified_checkpoint = store.best_justified_checkpoint