use of tech.pegasys.teku.spec.logic.common.util.AsyncBatchBLSSignatureVerifier in project teku by ConsenSys.
the class SignedContributionAndProofValidator method validateWithState.
private SafeFuture<InternalValidationResult> validateWithState(final SignedContributionAndProof proof, final ContributionAndProof contributionAndProof, final SyncCommitteeContribution contribution, final SyncCommitteeUtil syncCommitteeUtil, final UniquenessKey uniquenessKey, final BeaconStateAltair state) {
final BeaconStateAccessors beaconStateAccessors = spec.atSlot(contribution.getSlot()).beaconStateAccessors();
final Optional<BLSPublicKey> aggregatorPublicKey = beaconStateAccessors.getValidatorPubKey(state, contributionAndProof.getAggregatorIndex());
if (aggregatorPublicKey.isEmpty()) {
return futureFailureResult("Rejecting proof because aggregator index %s is an unknown validator", contributionAndProof.getAggregatorIndex());
}
final UInt64 contributionEpoch = syncCommitteeUtil.getEpochForDutiesAtSlot(contribution.getSlot());
// state.current_sync_committee.pubkeys.
if (!isInSyncSubcommittee(syncCommitteeUtil, contribution, state, contributionEpoch, contributionAndProof.getAggregatorIndex())) {
return futureFailureResult("Rejecting proof because aggregator index %s is not in the current sync subcommittee", contributionAndProof.getAggregatorIndex());
}
// contribution.slot, contribution_and_proof.selection_proof) returns True.
if (!syncCommitteeUtil.isSyncCommitteeAggregator(contributionAndProof.getSelectionProof())) {
return futureFailureResult("Rejecting proof because selection proof %s is not an aggregator", contributionAndProof.getSelectionProof());
}
final AsyncBatchBLSSignatureVerifier signatureVerifier = new AsyncBatchBLSSignatureVerifier(this.signatureVerifier);
// [REJECT] The contribution_and_proof.selection_proof is a valid signature of the
// contribution.slot by the validator with index
// contribution_and_proof.aggregator_index.
final Bytes signingRoot = syncCommitteeUtil.getSyncAggregatorSelectionDataSigningRoot(syncCommitteeUtil.createSyncAggregatorSelectionData(contribution.getSlot(), contribution.getSubcommitteeIndex()), state.getForkInfo());
if (!signatureVerifier.verify(aggregatorPublicKey.get(), signingRoot, contributionAndProof.getSelectionProof())) {
return futureFailureResult("Rejecting proof at slot %s for subcommittee index %s because selection proof is invalid", contribution.getSlot(), contribution.getSubcommitteeIndex());
}
// valid.
if (!signatureVerifier.verify(aggregatorPublicKey.get(), syncCommitteeUtil.getContributionAndProofSigningRoot(state, contributionAndProof), proof.getSignature())) {
return futureFailureResult("Rejecting proof %s because aggregator signature is invalid", proof.getSignature());
}
final SpecConfigAltair config = SpecConfigAltair.required(spec.getSpecConfig(contributionEpoch));
final SyncCommittee syncCommittee = syncCommitteeUtil.getSyncCommittee(state, contributionEpoch);
final int subcommitteeSize = config.getSyncCommitteeSize() / SYNC_COMMITTEE_SUBNET_COUNT;
// [REJECT] The aggregate signature is valid for the message beacon_block_root and
// aggregate pubkey derived from the participation info in aggregation_bits for the
// subcommittee specified by the subcommittee_index.
final List<BLSPublicKey> contributorPublicKeys = contribution.getAggregationBits().streamAllSetBits().mapToObj(participantIndex -> getParticipantPublicKey(state, syncCommittee, contribution, subcommitteeSize, participantIndex)).collect(Collectors.toList());
if (!signatureVerifier.verify(contributorPublicKeys, syncCommitteeUtil.getSyncCommitteeMessageSigningRoot(contribution.getBeaconBlockRoot(), contributionEpoch, state.getForkInfo()), contribution.getSignature())) {
return futureFailureResult("Rejecting proof because aggregate signature %s is invalid", contribution.getSignature());
}
return signatureVerifier.batchVerify().thenApply(signatureValid -> {
if (!signatureValid) {
return failureResult("Rejecting proof with signature %s because batch signature check failed", contribution.getSignature());
}
if (!seenIndices.add(uniquenessKey)) {
// Got added by another thread while we were validating it
return IGNORE;
}
return ACCEPT;
});
}
use of tech.pegasys.teku.spec.logic.common.util.AsyncBatchBLSSignatureVerifier in project teku by ConsenSys.
the class AggregateAttestationValidator method validate.
public SafeFuture<InternalValidationResult> validate(final ValidateableAttestation attestation) {
final SignedAggregateAndProof signedAggregate = attestation.getSignedAggregateAndProof();
final AggregateAndProof aggregateAndProof = signedAggregate.getMessage();
final Attestation aggregate = aggregateAndProof.getAggregate();
final UInt64 aggregateSlot = aggregate.getData().getSlot();
final SpecVersion specVersion = spec.atSlot(aggregateSlot);
final AggregatorIndexAndEpoch aggregatorIndexAndEpoch = new AggregatorIndexAndEpoch(aggregateAndProof.getIndex(), spec.computeEpochAtSlot(aggregateSlot));
if (receivedAggregatorIndexAndEpochs.contains(aggregatorIndexAndEpoch)) {
return completedFuture(ignore("Ignoring duplicate aggregate"));
}
if (receivedValidAggregations.contains(attestation.hash_tree_root())) {
return completedFuture(ignore("Ignoring duplicate aggregate based on hash tree root"));
}
final AsyncBatchBLSSignatureVerifier signatureVerifier = new AsyncBatchBLSSignatureVerifier(this.signatureVerifier);
return singleOrAggregateAttestationChecks(signatureVerifier, attestation, OptionalInt.empty()).thenCompose(aggregateInternalValidationResult -> {
if (aggregateInternalValidationResult.isNotProcessable()) {
LOG.trace("Rejecting aggregate because attestation failed validation");
return completedFuture(aggregateInternalValidationResult);
}
return recentChainData.retrieveBlockState(aggregate.getData().getBeacon_block_root()).thenCompose(maybeState -> maybeState.isEmpty() ? completedFuture(Optional.empty()) : attestationValidator.resolveStateForAttestation(aggregate, maybeState.get())).thenCompose(maybeState -> {
if (maybeState.isEmpty()) {
return SafeFuture.completedFuture(InternalValidationResult.SAVE_FOR_FUTURE);
}
final BeaconState state = maybeState.get();
final Optional<BLSPublicKey> aggregatorPublicKey = spec.getValidatorPubKey(state, aggregateAndProof.getIndex());
if (aggregatorPublicKey.isEmpty()) {
return SafeFuture.completedFuture(reject("Rejecting aggregate with invalid index"));
}
if (!isSelectionProofValid(signatureVerifier, aggregateSlot, state, aggregatorPublicKey.get(), aggregateAndProof.getSelection_proof())) {
return SafeFuture.completedFuture(reject("Rejecting aggregate with incorrect selection proof"));
}
final IntList beaconCommittee = spec.getBeaconCommittee(state, aggregateSlot, aggregate.getData().getIndex());
final int aggregatorModulo = specVersion.getValidatorsUtil().getAggregatorModulo(beaconCommittee.size());
if (!specVersion.getValidatorsUtil().isAggregator(aggregateAndProof.getSelection_proof(), aggregatorModulo)) {
return SafeFuture.completedFuture(reject("Rejecting aggregate because selection proof does not select validator as aggregator"));
}
if (!beaconCommittee.contains(toIntExact(aggregateAndProof.getIndex().longValue()))) {
return SafeFuture.completedFuture(reject("Rejecting aggregate because attester is not in committee. Should have been one of %s", beaconCommittee));
}
if (!validateSignature(signatureVerifier, signedAggregate, state, aggregatorPublicKey.get())) {
return SafeFuture.completedFuture(reject("Rejecting aggregate with invalid signature"));
}
return signatureVerifier.batchVerify().thenApply(signatureValid -> {
if (!signatureValid) {
return reject("Rejecting aggregate with invalid batch signature");
}
if (!receivedAggregatorIndexAndEpochs.add(aggregatorIndexAndEpoch)) {
return ignore("Ignoring duplicate aggregate");
}
if (!receivedValidAggregations.add(attestation.hash_tree_root())) {
return ignore("Ignoring duplicate aggregate based on hash tree root");
}
return aggregateInternalValidationResult;
});
});
});
}
Aggregations