Partial Signature Verification Aggregation #369
Conversation
| // Check if signer is in committee | ||
| signerInCommittee := false | ||
| for _, operator := range b.Share.Committee { | ||
| if operator.OperatorID == signedMsg.Signer { | ||
| signerInCommittee = true | ||
| break | ||
| } | ||
| } | ||
| if !signerInCommittee { | ||
| return errors.New("unknown signer") | ||
| } |
There was a problem hiding this comment.
hmmm
This is currently checked by MsgValidation ERR_PSIG_INVALID_SIG_ID?
Since MsgValidation isn't part of spec it is fine that you added this..
But now I made up my mind that MsgValidation should be an inseperable part of spec.
Once we add tests for this, we won't have to do those double checks
There was a problem hiding this comment.
I agree that message validation should belong to the spec
types/messages_encoding.go
Outdated
| // MarshalSSZ ssz marshals the SignedSSVMessage object | ||
| func (s *SignedSSVMessage) MarshalSSZ() ([]byte, error) { | ||
| return ssz.MarshalSSZ(s) | ||
| } | ||
|
|
||
| // MarshalSSZTo ssz marshals the SignedSSVMessage object to a target array | ||
| func (s *SignedSSVMessage) MarshalSSZTo(buf []byte) (dst []byte, err error) { |
There was a problem hiding this comment.
ok...
So we need to decide how to do this...
In #345 we added the SignedSSVMessage but we merged it to the fork branch because of this very encoding change...
I made this decision because I decided that the ssz encoding is anyhow the correct (consistent) way to go and I didn't take into account that this PR would need this.
I think we should rework #345 to remove the ssz encoding and add flat encoding so no fork
There was a problem hiding this comment.
Removed SignedSSVMessage from this PR.
| @@ -9,10 +9,9 @@ import ( | |||
| "github.com/bloxapp/ssv-spec/types/testingutils" | |||
| ) | |||
|
|
|||
| // InvalidMessageSignature tests PartialSignatureMessage signature invalid | |||
| // InvalidMessageSignature tests PartialSignatureMessage signature invalid. No error is generated since the SignedPartialSignatureMessage.Signature is no longer checked | |||
There was a problem hiding this comment.
| // InvalidMessageSignature tests PartialSignatureMessage signature invalid. No error is generated since the SignedPartialSignatureMessage.Signature is no longer checked | |
| // InvalidMessageSignature tests PartialSignatureMessage signature invalid. No error is generated since the SignedPartialSignatureMessage. Signature is no longer checked. Wait for quorum before verifying. |
There was a problem hiding this comment.
The "no space" is intended. I wanted it to be: "SignedPartialSignatureMessage. Signature"
|
|
||
| // invalidThenQuorumSyncCommitteeContributionSC returns state comparison object for the invalid then quorum SyncCommitteeContribution versioned spec test | ||
| // runner should finish since quorum is achieved | ||
| func invalidQuorumThenValidQuorumSyncCommitteeContributionSC() *comparable.StateComparison { |
There was a problem hiding this comment.
Just a friendly reminder that SC files were replaced by generated jsons.
However if you think this is a core test (looks like one) and that coding out the SC helps in verifying then this is great!!
| @@ -14,7 +14,6 @@ import ( | |||
| // InvalidThenQuorum tests a runner receiving an invalid message then a valid quorum, terminating successfully | |||
| func InvalidThenQuorum() tests.SpecTest { | |||
There was a problem hiding this comment.
What's the difference between this and InvalidQuorumThenQuorum?
There was a problem hiding this comment.
InvalidQuorumThenQuorum: tests an initial invalid quorum and, then, sends valid messages until a valid quorum is reached.InvalidThenQuorum: test an invalid partial signature message being received and then, later, a valid quorum is reached.
| @@ -8,7 +8,7 @@ import ( | |||
| "github.com/bloxapp/ssv-spec/types/testingutils" | |||
| ) | |||
|
|
|||
| // InvalidMessageSignature tests SignedPartialSignatureMessage signature invalid | |||
| // InvalidMessageSignature tests SignedPartialSignatureMessage signature invalid. No error is generated since the SignedPartialSignatureMessage.Signature is no longer checked | |||
There was a problem hiding this comment.
| // InvalidMessageSignature tests SignedPartialSignatureMessage signature invalid. No error is generated since the SignedPartialSignatureMessage.Signature is no longer checked | |
| // InvalidMessageSignature tests SignedPartialSignatureMessage signature invalid. No error is generated since the SignedPartialSignatureMessage. Signature is no longer checked. | |
| // We wait for quorum to verify sig. |
There was a problem hiding this comment.
The "no space" is intended. I wanted it to be: "SignedPartialSignatureMessage. Signature"
| @@ -32,7 +32,6 @@ func InvalidThenQuorum() tests.SpecTest { | |||
| OutputMessages: []*types.SignedPartialSignatureMessage{ | |||
| testingutils.PreConsensusContributionProofMsg(ks.Shares[1], ks.Shares[1], 1, 1), // broadcasts when starting a new duty | |||
| }, | |||
| ExpectedError: "failed processing sync committee selection proof message: invalid pre-consensus message: could not verify Beacon partial Signature: wrong signature", | |||
There was a problem hiding this comment.
shouldn't the error happen on the first quorum?
There was a problem hiding this comment.
The first invalid signature is overwritten by the correct one before a quorum is reached. Once the quorum is reached, all signatures stored are correct and no error is created
|
@GalRogozinski This PR is for partial signature messages |
MatheusFranco99
changed the title
| signatures := container.GetSignatures(root) | ||
|
|
||
| for operatorID, signature := range signatures { | ||
| if err := b.verifyBeaconPartialSignature(operatorID, signature, root); err != nil { | ||
| container.Remove(operatorID, root) | ||
| } | ||
| } |
There was a problem hiding this comment.
- shouldn't we do another check here? or after calling FallBackAndVerifyEachSignature, what if we had a quorum of 4, then we realized one is invalid, don't we want to reconstruct again with the 3 left?
or this is not possible since its a must we'll try first when have 3? - I guess nothing else to do here regarding notifying the runner we no longer have quorum? since the quorum is calculated on the fly using the container?
Overview
This PR implements the reduction of signatures optimization for partial signature messages as described in this SIP.
Changes
SignedPartialSignatureMessage's signature verification.Changed tests
SignedPartialSignatureMessage's signatureNew tests
Improvement
New total duty time per number of consensus rounds.
New partial signature quorum processing time: 17%.