gaz

.bazelrc

@@ -15,7 +15,7 @@ run --host_force_python=PY2
 # Network sandboxing only works on linux.
 --experimental_sandbox_default_allow_network=false
 
-# Use minimal protobufs at runtime
+# Use mainnet protobufs at runtime
 run --define ssz=mainnet
 test --define ssz=mainnet
 build --define ssz=mainnet

WORKSPACE

@@ -185,8 +185,8 @@ filegroup(
     visibility = ["//visibility:public"],
 )
     """,
-    sha256 = "72c6ee3c20d19736b1203f364a6eb0ddee2c173073e20bee2beccd288fdc42be",
-    url = "https://github.com/ethereum/eth2.0-spec-tests/releases/download/v0.9.4/general.tar.gz",
+    sha256 = "abba615d62ff895774fb354e99ea7fb11bd442760b3d1d2cd57e605a58be566c",
+    url = "https://github.com/ethereum/eth2.0-spec-tests/releases/download/v0.10.1/general.tar.gz",
 )
 
 http_archive(
@@ -201,8 +201,8 @@ filegroup(
     visibility = ["//visibility:public"],
 )
     """,
-    sha256 = "a3cc860a3679f6f62ee57b65677a9b48a65fdebb151cdcbf50f23852632845ef",
-    url = "https://github.com/ethereum/eth2.0-spec-tests/releases/download/v0.9.4/minimal.tar.gz",
+    sha256 = "f5fc250f1b73f14d9ebdb7f47371cae2ef9aa2175e37a69ab2e44ffa4baa16c4",
+    url = "https://github.com/ethereum/eth2.0-spec-tests/releases/download/v0.10.1/minimal.tar.gz",
 )
 
 http_archive(
@@ -217,8 +217,8 @@ filegroup(
     visibility = ["//visibility:public"],
 )
     """,
-    sha256 = "8fc1b6220973ca30fa4ddc4ed24d66b1719abadca8bedb5e06c3bd9bc0df28e9",
-    url = "https://github.com/ethereum/eth2.0-spec-tests/releases/download/v0.9.4/mainnet.tar.gz",
+    sha256 = "dbafe15d00ff6d75b7cb32a2ca7dc45ded786db8db7100e027e443f75469cfcf",
+    url = "https://github.com/ethereum/eth2.0-spec-tests/releases/download/v0.10.1/mainnet.tar.gz",
 )
 
 http_archive(
@@ -273,6 +273,13 @@ http_archive(
     urls = ["https://github.com/edenhill/librdkafka/archive/v1.2.1.tar.gz"],
 )
 
+http_archive(
+    name = "com_github_herumi_bls_eth_go_binary",
+    sha256 = "3b155ff597c307b5b0875c3b1ffc3beaa0a6634ee1cfad8768041b61c47eac39",
+    strip_prefix = "bls-eth-go-binary-946ee977cd0f585757741dda65073cbd84a160ac",
+    url = "https://github.com/prysmaticlabs/bls-eth-go-binary/archive/946ee977cd0f585757741dda65073cbd84a160ac.zip",
+)
+
 # External dependencies
 
 go_repository(
@@ -1292,7 +1299,7 @@ go_repository(
 
 go_repository(
     name = "com_github_prysmaticlabs_ethereumapis",
-    commit = "fca4d6f69bedb8615c2fc916d1a68f2692285caa",
+    commit = "36966ba5fad8447f8ea7fedffa893112146fd362",
     importpath = "github.com/prysmaticlabs/ethereumapis",
     patch_args = ["-p1"],
     patches = [
@@ -1509,74 +1516,86 @@ go_repository(
 
 go_repository(
     name = "com_github_wealdtech_go_eth2_wallet",
-    commit = "6970d62e60d86fdae3c3e510e800e8a60d755a7d",
     importpath = "github.com/wealdtech/go-eth2-wallet",
+    sum = "h1:H/T1n0SNd0jTsbf4rA4YxigsBPFWRUWgobsTOjzW4Hw=",
+    version = "v1.9.2",
 )
 
 go_repository(
-    name = "com_github_wealdtech_go_eth2_wallet_hd",
-    commit = "ce0a252a01c621687e9786a64899cfbfe802ba73",
-    importpath = "github.com/wealdtech/go-eth2-wallet-hd",
+    name = "com_github_wealdtech_go_eth2_wallet_hd_v2",
+    importpath = "github.com/wealdtech/go-eth2-wallet-hd/v2",
+    sum = "h1:oqE/+zFOKteklEemecMWGlyNmPv+5OBaHmAo1LKG6LE=",
+    version = "v2.0.0",
 )
 
 go_repository(
-    name = "com_github_wealdtech_go_eth2_wallet_nd",
-    commit = "12c8c41cdbd16797ff292e27f58e126bb89e9706",
-    importpath = "github.com/wealdtech/go-eth2-wallet-nd",
+    name = "com_github_wealdtech_go_eth2_wallet_nd_v2",
+    importpath = "github.com/wealdtech/go-eth2-wallet-nd/v2",
+    sum = "h1:nWsbiaSVa1kwRdwPX5NfXsrowlRBjqoRpDv37i8ZecE=",
+    version = "v2.0.0",
 )
 
 go_repository(
     name = "com_github_wealdtech_go_eth2_wallet_store_filesystem",
-    commit = "1eea6a48d75380047d2ebe7c8c4bd8985bcfdeca",
     importpath = "github.com/wealdtech/go-eth2-wallet-store-filesystem",
+    sum = "h1:px7vV01opCUeeHjvdiBdkPbdnr60Ygq01Ddjy4dIbfg=",
+    version = "v1.7.1",
 )
 
 go_repository(
     name = "com_github_wealdtech_go_eth2_wallet_store_s3",
-    commit = "1c821b5161f7bb0b3efa2030eff687eea5e70e53",
     importpath = "github.com/wealdtech/go-eth2-wallet-store-s3",
+    sum = "h1:f86TIVHqYkmDYc8VLsiIJ/KbGtNMeCGhkefqpXUVmYE=",
+    version = "v1.6.1",
 )
 
 go_repository(
     name = "com_github_wealdtech_go_eth2_wallet_encryptor_keystorev4",
-    commit = "0c11c07b9544eb662210fadded94f40f309d8c8f",
     importpath = "github.com/wealdtech/go-eth2-wallet-encryptor-keystorev4",
+    sum = "h1:IcpS4VpXhYz+TVupB5n6C6IQzaKwG+Rc8nvgCa/da4c=",
+    version = "v1.0.0",
 )
 
 go_repository(
-    name = "com_github_wealdtech_go_eth2_wallet_types",
-    commit = "af67d8101be61e7c4dd8126d2b3eba20cff5dab2",
-    importpath = "github.com/wealdtech/go-eth2-wallet-types",
+    name = "com_github_wealdtech_go_eth2_wallet_types_v2",
+    importpath = "github.com/wealdtech/go-eth2-wallet-types/v2",
+    sum = "h1:EyTwHO7zXtYkf62h3MqSB3OWc8pv0dnFl41yykUJY3s=",
+    version = "v2.0.0",
 )
 
 go_repository(
-    name = "com_github_wealdtech_go_eth2_types",
-    commit = "f9c31ddf180537dd5712d5998a3d56c45864d71f",
-    importpath = "github.com/wealdtech/go-eth2-types",
+    name = "com_github_wealdtech_go_eth2_types_v2",
+    importpath = "github.com/wealdtech/go-eth2-types/v2",
+    sum = "h1:L1Eg55aArRpUR2H8dnpSevHlSGRDuRQbQwA4IyYh0Js=",
+    version = "v2.0.2",
 )
 
 go_repository(
     name = "com_github_wealdtech_go_eth2_util",
-    commit = "326ebb1755651131bb8f4506ea9a23be6d9ad1dd",
     importpath = "github.com/wealdtech/go-eth2-util",
+    sum = "h1:m56HKJgWSuNy53Gt5GN7HcoFaGRCl1uE3OGWhIhWh1M=",
+    version = "v1.1.2",
 )
 
 go_repository(
     name = "com_github_wealdtech_go_ecodec",
-    commit = "7473d835445a3490e61a5fcf48fe4e9755a37957",
     importpath = "github.com/wealdtech/go-ecodec",
+    sum = "h1:yggrTSckcPJRaxxOxQF7FPm21kgE8WA6+f5jdq5Kr8o=",
+    version = "v1.1.0",
 )
 
 go_repository(
     name = "com_github_wealdtech_go_bytesutil",
-    commit = "e564d0ade555b9f97494f0f669196ddcc6bc531d",
     importpath = "github.com/wealdtech/go-bytesutil",
+    sum = "h1:6XrN7OIQhhBjQy/PZ1HZ3ySE8v8UDyxzERkOgmsIc1g=",
+    version = "v1.1.0",
 )
 
 go_repository(
     name = "com_github_wealdtech_go_indexer",
-    commit = "334862c32b1e3a5c6738a2618f5c0a8ebeb8cd51",
     importpath = "github.com/wealdtech/go-indexer",
+    sum = "h1:/S4rfWQbSOnnYmwnvuTVatDibZ8o1s9bmTCHO16XINg=",
+    version = "v1.0.0",
 )
 
 go_repository(

beacon-chain/blockchain/process_attestation.go

@@ -98,7 +98,7 @@ func (s *Service) onAttestation(ctx context.Context, a *ethpb.Attestation) ([]ui
 	}
 
 	// Verify Attestations cannot be from future epochs.
-	if err := helpers.VerifySlotTime(genesisTime, tgtSlot); err != nil {
+	if err := helpers.VerifySlotTime(genesisTime, tgtSlot, helpers.TimeShiftTolerance); err != nil {
 		return nil, errors.Wrap(err, "could not verify attestation target slot")
 	}
 
@@ -108,7 +108,7 @@ func (s *Service) onAttestation(ctx context.Context, a *ethpb.Attestation) ([]ui
 	}
 
 	// Verify attestations can only affect the fork choice of subsequent slots.
-	if err := helpers.VerifySlotTime(genesisTime, a.Data.Slot+1); err != nil {
+	if err := helpers.VerifySlotTime(genesisTime, a.Data.Slot+1, helpers.TimeShiftTolerance); err != nil {
 		return nil, err
 	}
 

beacon-chain/blockchain/process_block_helpers.go

@@ -39,7 +39,7 @@ func (s *Service) getBlockPreState(ctx context.Context, b *ethpb.BeaconBlock) (*
 	}
 
 	// Verify block slot time is not from the feature.
-	if err := helpers.VerifySlotTime(preState.GenesisTime(), b.Slot); err != nil {
+	if err := helpers.VerifySlotTime(preState.GenesisTime(), b.Slot, helpers.TimeShiftTolerance); err != nil {
 		return nil, err
 	}
 

beacon-chain/core/blocks/block_operations.go

@@ -39,7 +39,7 @@ var eth1DataCache = cache.NewEth1DataVoteCache()
 // failed to verify.
 var ErrSigFailedToVerify = errors.New("signature did not verify")
 
-func verifySigningRoot(obj interface{}, pub []byte, signature []byte, domain uint64) error {
+func verifySigningRoot(obj interface{}, pub []byte, signature []byte, domain []byte) error {
 	publicKey, err := bls.PublicKeyFromBytes(pub)
 	if err != nil {
 		return errors.Wrap(err, "could not convert bytes to public key")
@@ -48,18 +48,18 @@ func verifySigningRoot(obj interface{}, pub []byte, signature []byte, domain uin
 	if err != nil {
 		return errors.Wrap(err, "could not convert bytes to signature")
 	}
-	root, err := ssz.HashTreeRoot(obj)
+	root, err := helpers.ComputeSigningRoot(obj, domain)
 	if err != nil {
-		return errors.Wrap(err, "could not get signing root")
+		return errors.Wrap(err, "could not compute signing root")
 	}
-	if !sig.Verify(root[:], publicKey, domain) {
+	if !sig.Verify(root[:], publicKey) {
 		return ErrSigFailedToVerify
 	}
 	return nil
 }
 
 // Deprecated: This method uses deprecated ssz.SigningRoot.
-func verifyDepositDataSigningRoot(obj *ethpb.Deposit_Data, pub []byte, signature []byte, domain uint64) error {
+func verifyDepositDataSigningRoot(obj *ethpb.Deposit_Data, pub []byte, signature []byte, domain []byte) error {
 	publicKey, err := bls.PublicKeyFromBytes(pub)
 	if err != nil {
 		return errors.Wrap(err, "could not convert bytes to public key")
@@ -72,13 +72,21 @@ func verifyDepositDataSigningRoot(obj *ethpb.Deposit_Data, pub []byte, signature
 	if err != nil {
 		return errors.Wrap(err, "could not get signing root")
 	}
-	if !sig.Verify(root[:], publicKey, domain) {
+	sigRoot := &pb.SigningRoot{
+		ObjectRoot: root[:],
+		Domain:     domain,
+	}
+	ctrRoot, err := ssz.HashTreeRoot(sigRoot)
+	if err != nil {
+		return errors.Wrap(err, "could not get container root")
+	}
+	if !sig.Verify(ctrRoot[:], publicKey) {
 		return ErrSigFailedToVerify
 	}
 	return nil
 }
 
-func verifySignature(signedData []byte, pub []byte, signature []byte, domain uint64) error {
+func verifySignature(signedData []byte, pub []byte, signature []byte, domain []byte) error {
 	publicKey, err := bls.PublicKeyFromBytes(pub)
 	if err != nil {
 		return errors.Wrap(err, "could not convert bytes to public key")
@@ -87,7 +95,15 @@ func verifySignature(signedData []byte, pub []byte, signature []byte, domain uin
 	if err != nil {
 		return errors.Wrap(err, "could not convert bytes to signature")
 	}
-	if !sig.Verify(signedData, publicKey, domain) {
+	ctr := &pb.SigningRoot{
+		ObjectRoot: signedData,
+		Domain:     domain,
+	}
+	root, err := ssz.HashTreeRoot(ctr)
+	if err != nil {
+		return errors.Wrap(err, "could not hash container")
+	}
+	if !sig.Verify(root[:], publicKey) {
 		return ErrSigFailedToVerify
 	}
 	return nil
@@ -812,26 +828,21 @@ func VerifyIndexedAttestation(ctx context.Context, beaconState *stateTrie.Beacon
 	if err != nil {
 		return err
 	}
-	var pubkey *bls.PublicKey
+	pubkeys := []*bls.PublicKey{}
 	if len(indices) > 0 {
-		pubkeyAtIdx := beaconState.PubkeyAtIndex(indices[0])
-		pubkey, err = bls.PublicKeyFromBytes(pubkeyAtIdx[:])
-		if err != nil {
-			return errors.Wrap(err, "could not deserialize validator public key")
-		}
-		for i := 1; i < len(indices); i++ {
-			pubkeyAtIdx = beaconState.PubkeyAtIndex(indices[i])
+		for i := 0; i < len(indices); i++ {
+			pubkeyAtIdx := beaconState.PubkeyAtIndex(indices[i])
 			pk, err := bls.PublicKeyFromBytes(pubkeyAtIdx[:])
 			if err != nil {
 				return errors.Wrap(err, "could not deserialize validator public key")
 			}
-			pubkey.Aggregate(pk)
+			pubkeys = append(pubkeys, pk)
 		}
 	}
 
-	messageHash, err := ssz.HashTreeRoot(indexedAtt.Data)
+	messageHash, err := helpers.ComputeSigningRoot(indexedAtt.Data, domain)
 	if err != nil {
-		return errors.Wrap(err, "could not tree hash att data")
+		return errors.Wrap(err, "could not get signing root of object")
 	}
 
 	sig, err := bls.SignatureFromBytes(indexedAtt.Signature)
@@ -840,7 +851,7 @@ func VerifyIndexedAttestation(ctx context.Context, beaconState *stateTrie.Beacon
 	}
 
 	voted := len(indices) > 0
-	if voted && !sig.Verify(messageHash[:], pubkey, domain) {
+	if voted && !sig.FastAggregateVerify(pubkeys, messageHash) {
 		return ErrSigFailedToVerify
 	}
 	return nil
@@ -986,7 +997,7 @@ func ProcessDeposit(
 	index, ok := beaconState.ValidatorIndexByPubkey(bytesutil.ToBytes48(pubKey))
 	numVals := beaconState.NumValidators()
 	if !ok {
-		domain := bls.ComputeDomain(params.BeaconConfig().DomainDeposit)
+		domain := bls.ComputeDomain(params.BeaconConfig().DomainDeposit, nil)
 		depositSig := deposit.Data.Signature
 		if err := verifyDepositDataSigningRoot(deposit.Data, pubKey, depositSig, domain); err != nil {
 			// Ignore this error as in the spec pseudo code.

beacon-chain/core/blocks/block_operations_fuzz_test.go

@@ -9,8 +9,6 @@ import (
 	pb "github.com/prysmaticlabs/prysm/proto/beacon/p2p/v1"
 
 	fuzz "github.com/google/gofuzz"
-	"github.com/prysmaticlabs/prysm/shared/bytesutil"
-
 	//"github.com/prysmaticlabs/prysm/beacon-chain/core/blocks"
 	beaconstate "github.com/prysmaticlabs/prysm/beacon-chain/state"
 	ethereum_beacon_p2p_v1 "github.com/prysmaticlabs/prysm/proto/beacon/p2p/v1"
@@ -52,7 +50,7 @@ func TestFuzzverifySigningRoot_10000(t *testing.T) {
 	domain := [4]byte{}
 	p := []byte{}
 	s := []byte{}
-	d := uint64(0)
+	d := []byte{}
 	for i := 0; i < 10000; i++ {
 		fuzzer.Fuzz(state)
 		fuzzer.Fuzz(&pubkey)
@@ -62,8 +60,7 @@ func TestFuzzverifySigningRoot_10000(t *testing.T) {
 		fuzzer.Fuzz(&p)
 		fuzzer.Fuzz(&s)
 		fuzzer.Fuzz(&d)
-		domain := bytesutil.FromBytes4(domain[:])
-		verifySigningRoot(state, pubkey[:], sig[:], domain)
+		verifySigningRoot(state, pubkey[:], sig[:], domain[:])
 		verifySigningRoot(state, p, s, d)
 
 	}
@@ -77,7 +74,7 @@ func TestFuzzverifyDepositDataSigningRoot_10000(t *testing.T) {
 	domain := [4]byte{}
 	p := []byte{}
 	s := []byte{}
-	d := uint64(0)
+	d := []byte{}
 	for i := 0; i < 10000; i++ {
 		fuzzer.Fuzz(&ba)
 		fuzzer.Fuzz(&pubkey)
@@ -86,8 +83,7 @@ func TestFuzzverifyDepositDataSigningRoot_10000(t *testing.T) {
 		fuzzer.Fuzz(&p)
 		fuzzer.Fuzz(&s)
 		fuzzer.Fuzz(&d)
-		domain := bytesutil.FromBytes4(domain[:])
-		verifySignature(ba, pubkey[:], sig[:], domain)
+		verifySignature(ba, pubkey[:], sig[:], domain[:])
 		verifySignature(ba, p, s, d)
 	}
 }

beacon-chain/core/blocks/block_operations_test.go

@@ -20,6 +20,7 @@ import (
 	pb "github.com/prysmaticlabs/prysm/proto/beacon/p2p/v1"
 	"github.com/prysmaticlabs/prysm/shared/attestationutil"
 	"github.com/prysmaticlabs/prysm/shared/bls"
+	"github.com/prysmaticlabs/prysm/shared/bytesutil"
 	"github.com/prysmaticlabs/prysm/shared/params"
 	"github.com/prysmaticlabs/prysm/shared/testutil"
 	"github.com/prysmaticlabs/prysm/shared/trieutil"
@@ -54,15 +55,15 @@ func TestProcessBlockHeader_WrongProposerSig(t *testing.T) {
 			ParentRoot: lbhsr[:],
 		},
 	}
-	signingRoot, err := ssz.HashTreeRoot(block.Block)
-	if err != nil {
-		t.Fatalf("Failed to get signing root of block: %v", err)
-	}
 	dt, err := helpers.Domain(beaconState.Fork(), 0, params.BeaconConfig().DomainBeaconProposer)
 	if err != nil {
 		t.Fatalf("Failed to get domain form state: %v", err)
 	}
-	blockSig := privKeys[proposerIdx+1].Sign(signingRoot[:], dt)
+	signingRoot, err := helpers.ComputeSigningRoot(block.Block, dt)
+	if err != nil {
+		t.Fatalf("Failed to get signing root of block: %v", err)
+	}
+	blockSig := privKeys[proposerIdx+1].Sign(signingRoot[:])
 	block.Signature = blockSig.Marshal()[:]
 
 	_, err = blocks.ProcessBlockHeader(beaconState, block)
@@ -103,7 +104,11 @@ func TestProcessBlockHeader_DifferentSlots(t *testing.T) {
 		t.Fatalf("Failed to get domain form state: %v", err)
 	}
 	priv := bls.RandKey()
-	blockSig := priv.Sign([]byte("hello"), dt)
+	root, err := helpers.ComputeSigningRoot([]byte("hello"), dt)
+	if err != nil {
+		t.Error(err)
+	}
+	blockSig := priv.Sign(root[:])
 	validators[5896].PublicKey = priv.PublicKey().Marshal()
 	block := &ethpb.SignedBeaconBlock{
 		Block: &ethpb.BeaconBlock{
@@ -149,7 +154,11 @@ func TestProcessBlockHeader_PreviousBlockRootNotSignedRoot(t *testing.T) {
 		t.Fatalf("Failed to get domain form state: %v", err)
 	}
 	priv := bls.RandKey()
-	blockSig := priv.Sign([]byte("hello"), dt)
+	root, err := helpers.ComputeSigningRoot([]byte("hello"), dt)
+	if err != nil {
+		t.Error(err)
+	}
+	blockSig := priv.Sign(root[:])
 	validators[5896].PublicKey = priv.PublicKey().Marshal()
 	block := &ethpb.SignedBeaconBlock{
 		Block: &ethpb.BeaconBlock{
@@ -199,7 +208,11 @@ func TestProcessBlockHeader_SlashedProposer(t *testing.T) {
 		t.Fatalf("Failed to get domain form state: %v", err)
 	}
 	priv := bls.RandKey()
-	blockSig := priv.Sign([]byte("hello"), dt)
+	root, err := helpers.ComputeSigningRoot([]byte("hello"), dt)
+	if err != nil {
+		t.Error(err)
+	}
+	blockSig := priv.Sign(root[:])
 	validators[12683].PublicKey = priv.PublicKey().Marshal()
 	block := &ethpb.SignedBeaconBlock{
 		Block: &ethpb.BeaconBlock{
@@ -258,11 +271,11 @@ func TestProcessBlockHeader_OK(t *testing.T) {
 			ParentRoot: latestBlockSignedRoot[:],
 		},
 	}
-	signingRoot, err := ssz.HashTreeRoot(block.Block)
+	signingRoot, err := helpers.ComputeSigningRoot(block.Block, dt)
 	if err != nil {
 		t.Fatalf("Failed to get signing root of block: %v", err)
 	}
-	blockSig := priv.Sign(signingRoot[:], dt)
+	blockSig := priv.Sign(signingRoot[:])
 	block.Signature = blockSig.Marshal()[:]
 	bodyRoot, err := ssz.HashTreeRoot(block.Block.Body)
 	if err != nil {
@@ -311,8 +324,12 @@ func TestProcessRandao_IncorrectProposerFailsVerification(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
+	root, err := ssz.HashTreeRoot(&pb.SigningRoot{ObjectRoot: buf, Domain: domain})
+	if err != nil {
+		t.Fatal(err)
+	}
 	// We make the previous validator's index sign the message instead of the proposer.
-	epochSignature := privKeys[proposerIdx-1].Sign(buf, domain)
+	epochSignature := privKeys[proposerIdx-1].Sign(root[:])
 	block := &ethpb.BeaconBlock{
 		Body: &ethpb.BeaconBlockBody{
 			RandaoReveal: epochSignature.Marshal(),
@@ -519,11 +536,11 @@ func TestProcessProposerSlashings_AppliesCorrectStatus(t *testing.T) {
 			StateRoot: []byte("A"),
 		},
 	}
-	signingRoot, err := ssz.HashTreeRoot(header1.Header)
+	signingRoot, err := helpers.ComputeSigningRoot(header1.Header, domain)
 	if err != nil {
 		t.Errorf("Could not get signing root of beacon block header: %v", err)
 	}
-	header1.Signature = privKeys[proposerIdx].Sign(signingRoot[:], domain).Marshal()[:]
+	header1.Signature = privKeys[proposerIdx].Sign(signingRoot[:]).Marshal()[:]
 
 	header2 := &ethpb.SignedBeaconBlockHeader{
 		Header: &ethpb.BeaconBlockHeader{
@@ -531,11 +548,11 @@ func TestProcessProposerSlashings_AppliesCorrectStatus(t *testing.T) {
 			StateRoot: []byte("B"),
 		},
 	}
-	signingRoot, err = ssz.HashTreeRoot(header2.Header)
+	signingRoot, err = helpers.ComputeSigningRoot(header2.Header, domain)
 	if err != nil {
 		t.Errorf("Could not get signing root of beacon block header: %v", err)
 	}
-	header2.Signature = privKeys[proposerIdx].Sign(signingRoot[:], domain).Marshal()[:]
+	header2.Signature = privKeys[proposerIdx].Sign(signingRoot[:]).Marshal()[:]
 
 	slashings := []*ethpb.ProposerSlashing{
 		{
@@ -672,16 +689,16 @@ func TestProcessAttesterSlashings_AppliesCorrectStatus(t *testing.T) {
 		},
 		AttestingIndices: []uint64{0, 1},
 	}
-	hashTreeRoot, err := ssz.HashTreeRoot(att1.Data)
-	if err != nil {
-		t.Error(err)
-	}
 	domain, err := helpers.Domain(beaconState.Fork(), 0, params.BeaconConfig().DomainBeaconAttester)
 	if err != nil {
 		t.Fatal(err)
 	}
-	sig0 := privKeys[0].Sign(hashTreeRoot[:], domain)
-	sig1 := privKeys[1].Sign(hashTreeRoot[:], domain)
+	signingRoot, err := helpers.ComputeSigningRoot(att1.Data, domain)
+	if err != nil {
+		t.Errorf("Could not get signing root of beacon block header: %v", err)
+	}
+	sig0 := privKeys[0].Sign(signingRoot[:])
+	sig1 := privKeys[1].Sign(signingRoot[:])
 	aggregateSig := bls.AggregateSignatures([]*bls.Signature{sig0, sig1})
 	att1.Signature = aggregateSig.Marshal()[:]
 
@@ -692,12 +709,12 @@ func TestProcessAttesterSlashings_AppliesCorrectStatus(t *testing.T) {
 		},
 		AttestingIndices: []uint64{0, 1},
 	}
-	hashTreeRoot, err = ssz.HashTreeRoot(att2.Data)
+	signingRoot, err = helpers.ComputeSigningRoot(att2.Data, domain)
 	if err != nil {
-		t.Error(err)
+		t.Errorf("Could not get signing root of beacon block header: %v", err)
 	}
-	sig0 = privKeys[0].Sign(hashTreeRoot[:], domain)
-	sig1 = privKeys[1].Sign(hashTreeRoot[:], domain)
+	sig0 = privKeys[0].Sign(signingRoot[:])
+	sig1 = privKeys[1].Sign(signingRoot[:])
 	aggregateSig = bls.AggregateSignatures([]*bls.Signature{sig0, sig1})
 	att2.Signature = aggregateSig.Marshal()[:]
 
@@ -947,17 +964,17 @@ func TestProcessAttestations_OK(t *testing.T) {
 	if err != nil {
 		t.Error(err)
 	}
-	hashTreeRoot, err := ssz.HashTreeRoot(att.Data)
-	if err != nil {
-		t.Error(err)
-	}
 	domain, err := helpers.Domain(beaconState.Fork(), 0, params.BeaconConfig().DomainBeaconAttester)
 	if err != nil {
 		t.Fatal(err)
 	}
+	hashTreeRoot, err := helpers.ComputeSigningRoot(att.Data, domain)
+	if err != nil {
+		t.Error(err)
+	}
 	sigs := make([]*bls.Signature, len(attestingIndices))
 	for i, indice := range attestingIndices {
-		sig := privKeys[indice].Sign(hashTreeRoot[:], domain)
+		sig := privKeys[indice].Sign(hashTreeRoot[:])
 		sigs[i] = sig
 	}
 	att.Signature = bls.AggregateSignatures(sigs).Marshal()[:]
@@ -1008,13 +1025,13 @@ func TestProcessAggregatedAttestation_OverlappingBits(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	hashTreeRoot, err := ssz.HashTreeRoot(att1.Data)
+	hashTreeRoot, err := helpers.ComputeSigningRoot(att1.Data, domain)
 	if err != nil {
-		t.Fatal(err)
+		t.Error(err)
 	}
 	sigs := make([]*bls.Signature, len(attestingIndices1))
 	for i, indice := range attestingIndices1 {
-		sig := privKeys[indice].Sign(hashTreeRoot[:], domain)
+		sig := privKeys[indice].Sign(hashTreeRoot[:])
 		sigs[i] = sig
 	}
 	att1.Signature = bls.AggregateSignatures(sigs).Marshal()[:]
@@ -1036,13 +1053,13 @@ func TestProcessAggregatedAttestation_OverlappingBits(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	hashTreeRoot, err = ssz.HashTreeRoot(data)
+	hashTreeRoot, err = helpers.ComputeSigningRoot(data, domain)
 	if err != nil {
-		t.Fatal(err)
+		t.Error(err)
 	}
 	sigs = make([]*bls.Signature, len(attestingIndices2))
 	for i, indice := range attestingIndices2 {
-		sig := privKeys[indice].Sign(hashTreeRoot[:], domain)
+		sig := privKeys[indice].Sign(hashTreeRoot[:])
 		sigs[i] = sig
 	}
 	att2.Signature = bls.AggregateSignatures(sigs).Marshal()[:]
@@ -1086,13 +1103,13 @@ func TestProcessAggregatedAttestation_NoOverlappingBits(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	hashTreeRoot, err := ssz.HashTreeRoot(data)
+	hashTreeRoot, err := helpers.ComputeSigningRoot(data, domain)
 	if err != nil {
-		t.Fatal(err)
+		t.Error(err)
 	}
 	sigs := make([]*bls.Signature, len(attestingIndices1))
 	for i, indice := range attestingIndices1 {
-		sig := privKeys[indice].Sign(hashTreeRoot[:], domain)
+		sig := privKeys[indice].Sign(hashTreeRoot[:])
 		sigs[i] = sig
 	}
 	att1.Signature = bls.AggregateSignatures(sigs).Marshal()[:]
@@ -1113,13 +1130,13 @@ func TestProcessAggregatedAttestation_NoOverlappingBits(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	hashTreeRoot, err = ssz.HashTreeRoot(data)
+	hashTreeRoot, err = helpers.ComputeSigningRoot(data, domain)
 	if err != nil {
-		t.Fatal(err)
+		t.Error(err)
 	}
 	sigs = make([]*bls.Signature, len(attestingIndices2))
 	for i, indice := range attestingIndices2 {
-		sig := privKeys[indice].Sign(hashTreeRoot[:], domain)
+		sig := privKeys[indice].Sign(hashTreeRoot[:])
 		sigs[i] = sig
 	}
 	att2.Signature = bls.AggregateSignatures(sigs).Marshal()[:]
@@ -1315,14 +1332,13 @@ func TestVerifyIndexedAttestation_OK(t *testing.T) {
 		if err != nil {
 			t.Fatal(err)
 		}
-		root, err := ssz.HashTreeRoot(tt.attestation.Data)
+		root, err := helpers.ComputeSigningRoot(tt.attestation.Data, domain)
 		if err != nil {
-			t.Errorf("Could not find the ssz root: %v", err)
-			continue
+			t.Error(err)
 		}
 		var sig []*bls.Signature
 		for _, idx := range tt.attestation.AttestingIndices {
-			validatorSig := keys[idx].Sign(root[:], domain)
+			validatorSig := keys[idx].Sign(root[:])
 			sig = append(sig, validatorSig)
 		}
 		aggSig := bls.AggregateSignatures(sig)
@@ -1486,11 +1502,11 @@ func TestProcessDeposits_RepeatedDeposit_IncreasesValidatorBalance(t *testing.T)
 			Amount:    1000,
 		},
 	}
-	sr, err := ssz.HashTreeRoot(deposit.Data)
+	sr, err := helpers.ComputeSigningRoot(deposit.Data, bytesutil.ToBytes(3, 8))
 	if err != nil {
 		t.Fatal(err)
 	}
-	sig := sk.Sign(sr[:], 3)
+	sig := sk.Sign(sr[:])
 	deposit.Data.Signature = sig.Marshal()
 	leaf, err := ssz.HashTreeRoot(deposit.Data)
 	if err != nil {
@@ -1762,15 +1778,15 @@ func TestProcessVoluntaryExits_AppliesCorrectStatus(t *testing.T) {
 	}
 	val.PublicKey = priv.PublicKey().Marshal()[:]
 	state.UpdateValidatorAtIndex(0, val)
-	signingRoot, err := ssz.HashTreeRoot(exits[0].Exit)
-	if err != nil {
-		t.Error(err)
-	}
 	domain, err := helpers.Domain(state.Fork(), helpers.CurrentEpoch(state), params.BeaconConfig().DomainVoluntaryExit)
 	if err != nil {
 		t.Fatal(err)
 	}
-	sig := priv.Sign(signingRoot[:], domain)
+	signingRoot, err := helpers.ComputeSigningRoot(exits[0].Exit, domain)
+	if err != nil {
+		t.Error(err)
+	}
+	sig := priv.Sign(signingRoot[:])
 	exits[0].Signature = sig.Marshal()
 	block := &ethpb.BeaconBlock{
 		Body: &ethpb.BeaconBlockBody{

beacon-chain/core/blocks/spectest/block_processing_test.go

@@ -94,8 +94,8 @@ func runBlockProcessingTest(t *testing.T, config string) {
 					t.Fatalf("Failed to unmarshal: %v", err)
 				}
 
-				if !proto.Equal(beaconState.CloneInnerState(), postBeaconState) {
-					diff, _ := messagediff.PrettyDiff(beaconState.CloneInnerState(), postBeaconState)
+				if !proto.Equal(beaconState.InnerStateUnsafe(), postBeaconState) {
+					diff, _ := messagediff.PrettyDiff(beaconState.InnerStateUnsafe(), postBeaconState)
 					t.Log(diff)
 					t.Fatal("Post state does not match expected")
 				}

beacon-chain/core/helpers/BUILD.bazel

@@ -9,6 +9,7 @@ go_library(
         "randao.go",
         "rewards_penalties.go",
         "shuffle.go",
+        "signing_root.go",
         "slot_epoch.go",
         "validators.go",
     ],
@@ -48,6 +49,7 @@ go_test(
         "randao_test.go",
         "rewards_penalties_test.go",
         "shuffle_test.go",
+        "signing_root_test.go",
         "slot_epoch_test.go",
         "validators_test.go",
     ],

beacon-chain/core/helpers/attestation.go

@@ -5,7 +5,6 @@ import (
 
 	"github.com/pkg/errors"
 	ethpb "github.com/prysmaticlabs/ethereumapis/eth/v1alpha1"
-	"github.com/prysmaticlabs/go-ssz"
 	stateTrie "github.com/prysmaticlabs/prysm/beacon-chain/state"
 	"github.com/prysmaticlabs/prysm/shared/bls"
 	"github.com/prysmaticlabs/prysm/shared/hashutil"
@@ -128,11 +127,11 @@ func SlotSignature(state *stateTrie.BeaconState, slot uint64, privKey *bls.Secre
 	if err != nil {
 		return nil, err
 	}
-	s, err := ssz.HashTreeRoot(slot)
+	s, err := ComputeSigningRoot(slot, d)
 	if err != nil {
 		return nil, err
 	}
-	return privKey.Sign(s[:], d), nil
+	return privKey.Sign(s[:]), nil
 }
 
 // IsAggregator returns true if the signature is from the input validator. The committee

beacon-chain/core/helpers/attestation_test.go

@@ -202,7 +202,7 @@ func TestAggregateAttestations(t *testing.T) {
 		atts := make([]*ethpb.Attestation, len(bl))
 		for i, b := range bl {
 			sk := bls.RandKey()
-			sig := sk.Sign([]byte("dummy_test_data"), 0 /*domain*/)
+			sig := sk.Sign([]byte("dummy_test_data"))
 			atts[i] = &ethpb.Attestation{
 				AggregationBits: b,
 				Data:            nil,
@@ -259,8 +259,8 @@ func TestSlotSignature_Verify(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	msg, _ := ssz.HashTreeRoot(slot)
-	if !sig.Verify(msg[:], pub, domain) {
+	msg, _ := helpers.ComputeSigningRoot(slot, domain)
+	if !sig.Verify(msg[:], pub) {
 		t.Error("Could not verify slot signature")
 	}
 }
@@ -272,7 +272,7 @@ func TestIsAggregator_True(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	sig := privKeys[0].Sign([]byte{}, 0)
+	sig := privKeys[0].Sign([]byte{'A'})
 	agg, err := helpers.IsAggregator(uint64(len(committee)), sig.Marshal())
 	if err != nil {
 		t.Fatal(err)
@@ -291,7 +291,7 @@ func TestIsAggregator_False(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	sig := privKeys[0].Sign([]byte{}, 0)
+	sig := privKeys[0].Sign([]byte{'A'})
 	agg, err := helpers.IsAggregator(uint64(len(committee)), sig.Marshal())
 	if err != nil {
 		t.Fatal(err)
@@ -304,11 +304,11 @@ func TestIsAggregator_False(t *testing.T) {
 func TestAggregateSignature_True(t *testing.T) {
 	pubkeys := make([]*bls.PublicKey, 0, 100)
 	atts := make([]*ethpb.Attestation, 0, 100)
-	msg := []byte("hello")
+	msg := bytesutil.ToBytes32([]byte("hello"))
 	for i := 0; i < 100; i++ {
 		priv := bls.RandKey()
 		pub := priv.PublicKey()
-		sig := priv.Sign(msg[:], 0)
+		sig := priv.Sign(msg[:])
 		pubkeys = append(pubkeys, pub)
 		att := &ethpb.Attestation{Signature: sig.Marshal()}
 		atts = append(atts, att)
@@ -317,7 +317,7 @@ func TestAggregateSignature_True(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	if !aggSig.VerifyAggregateCommon(pubkeys, bytesutil.ToBytes32(msg), 0) {
+	if !aggSig.FastAggregateVerify(pubkeys, msg) {
 		t.Error("Signature did not verify")
 	}
 }
@@ -329,7 +329,7 @@ func TestAggregateSignature_False(t *testing.T) {
 	for i := 0; i < 100; i++ {
 		priv := bls.RandKey()
 		pub := priv.PublicKey()
-		sig := priv.Sign(msg[:], 0)
+		sig := priv.Sign(msg[:])
 		pubkeys = append(pubkeys, pub)
 		att := &ethpb.Attestation{Signature: sig.Marshal()}
 		atts = append(atts, att)
@@ -338,7 +338,7 @@ func TestAggregateSignature_False(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	if aggSig.VerifyAggregateCommon(pubkeys, bytesutil.ToBytes32(msg), 0) {
+	if aggSig.FastAggregateVerify(pubkeys, bytesutil.ToBytes32(msg)) {
 		t.Error("Signature not suppose to verify")
 	}
 }

beacon-chain/core/helpers/signing_root.go

@@ -0,0 +1,30 @@
+package helpers
+
+import (
+	"github.com/prysmaticlabs/go-ssz"
+	p2ppb "github.com/prysmaticlabs/prysm/proto/beacon/p2p/v1"
+)
+
+// ComputeSigningRoot computes the root of the object by calculating the root of the object domain tree.
+//
+// Spec pseudocode definition:
+//	def compute_signing_root(ssz_object: SSZObject, domain: Domain) -> Root:
+//    """
+//    Return the signing root of an object by calculating the root of the object-domain tree.
+//    """
+//    domain_wrapped_object = SigningRoot(
+//        object_root=hash_tree_root(ssz_object),
+//        domain=domain,
+//    )
+//    return hash_tree_root(domain_wrapped_object)
+func ComputeSigningRoot(object interface{}, domain []byte) ([32]byte, error) {
+	objRoot, err := ssz.HashTreeRoot(object)
+	if err != nil {
+		return [32]byte{}, err
+	}
+	container := &p2ppb.SigningRoot{
+		ObjectRoot: objRoot[:],
+		Domain:     domain,
+	}
+	return ssz.HashTreeRoot(container)
+}

beacon-chain/core/helpers/signing_root_test.go

@@ -0,0 +1,15 @@
+package helpers
+
+import (
+	"testing"
+
+	ethpb "github.com/prysmaticlabs/ethereumapis/eth/v1alpha1"
+)
+
+func TestSigningRoot_ComputeOK(t *testing.T) {
+	emptyBlock := &ethpb.BeaconBlock{}
+	_, err := ComputeSigningRoot(emptyBlock, []byte{'T', 'E', 'S', 'T'})
+	if err != nil {
+		t.Errorf("Could not compute signing root of block: %v", err)
+	}
+}

beacon-chain/core/helpers/slot_epoch.go

@@ -89,15 +89,17 @@ func SlotsSinceEpochStarts(slot uint64) uint64 {
 	return slot - StartSlot(SlotToEpoch(slot))
 }
 
-// Allow for slots "from the future" within a certain tolerance.
-const timeShiftTolerance = 10 // ms
+// TimeShiftTolerance specifies the tolerance threshold for slots "from the future".
+const TimeShiftTolerance = 500 * time.Millisecond // ms
 
 // VerifySlotTime validates the input slot is not from the future.
-func VerifySlotTime(genesisTime uint64, slot uint64) error {
-	slotTime := genesisTime + slot*params.BeaconConfig().SecondsPerSlot
-	currentTime := uint64(roughtime.Now().Unix())
-	if slotTime > currentTime+timeShiftTolerance {
-		return fmt.Errorf("could not process slot from the future, slot time %d > current time %d", slotTime, currentTime)
+func VerifySlotTime(genesisTime uint64, slot uint64, timeTolerance time.Duration) error {
+	// denominate everything in milliseconds
+	slotTime := 1000 * (genesisTime + slot*params.BeaconConfig().SecondsPerSlot)
+	currentTime := 1000 * uint64(roughtime.Now().Unix())
+	tolerance := uint64(timeTolerance.Milliseconds())
+	if slotTime > currentTime+tolerance {
+		return fmt.Errorf("could not process slot from the future, slot time(ms) %d > current time(ms) %d", slotTime, currentTime)
 	}
 	return nil
 }

beacon-chain/core/helpers/validators.go

@@ -231,18 +231,17 @@ func ComputeProposerIndex(validators []*ethpb.Validator, activeIndices []uint64,
 // Domain returns the domain version for BLS private key to sign and verify.
 //
 // Spec pseudocode definition:
-//  def get_domain(state: BeaconState,
-//               domain_type: int,
-//               message_epoch: Epoch=None) -> int:
+//  def get_domain(state: BeaconState, domain_type: DomainType, epoch: Epoch=None) -> Domain:
 //    """
 //    Return the signature domain (fork version concatenated with domain type) of a message.
 //    """
 //    epoch = get_current_epoch(state) if message_epoch is None else message_epoch
+//    epoch = get_current_epoch(state) if epoch is None else epoch
 //    fork_version = state.fork.previous_version if epoch < state.fork.epoch else state.fork.current_version
-//    return bls_domain(domain_type, fork_version)
-func Domain(fork *pb.Fork, epoch uint64, domainType [bls.DomainByteLength]byte) (uint64, error) {
+//    return compute_domain(domain_type, fork_version)
+func Domain(fork *pb.Fork, epoch uint64, domainType [bls.DomainByteLength]byte) ([]byte, error) {
 	if fork == nil {
-		return 0, errors.New("nil fork or domain type")
+		return []byte{}, errors.New("nil fork or domain type")
 	}
 	var forkVersion []byte
 	if epoch < fork.Epoch {
@@ -251,7 +250,7 @@ func Domain(fork *pb.Fork, epoch uint64, domainType [bls.DomainByteLength]byte)
 		forkVersion = fork.CurrentVersion
 	}
 	if len(forkVersion) != 4 {
-		return 0, errors.New("fork version length is not 4 byte")
+		return []byte{}, errors.New("fork version length is not 4 byte")
 	}
 	var forkVersionArray [4]byte
 	copy(forkVersionArray[:], forkVersion[:4])

beacon-chain/core/helpers/validators_test.go

@@ -1,6 +1,7 @@
 package helpers
 
 import (
+	"bytes"
 	"reflect"
 	"testing"
 
@@ -235,22 +236,22 @@ func TestDomain_OK(t *testing.T) {
 	}
 	tests := []struct {
 		epoch      uint64
-		domainType uint64
-		version    uint64
+		domainType [4]byte
+		result     []byte
 	}{
-		{epoch: 1, domainType: 4, version: 144115188075855876},
-		{epoch: 2, domainType: 4, version: 144115188075855876},
-		{epoch: 2, domainType: 5, version: 144115188075855877},
-		{epoch: 3, domainType: 4, version: 216172782113783812},
-		{epoch: 3, domainType: 5, version: 216172782113783813},
+		{epoch: 1, domainType: bytesutil.ToBytes4(bytesutil.Bytes4(4)), result: bytesutil.ToBytes(144115188075855876, 8)},
+		{epoch: 2, domainType: bytesutil.ToBytes4(bytesutil.Bytes4(4)), result: bytesutil.ToBytes(144115188075855876, 8)},
+		{epoch: 2, domainType: bytesutil.ToBytes4(bytesutil.Bytes4(5)), result: bytesutil.ToBytes(144115188075855877, 8)},
+		{epoch: 3, domainType: bytesutil.ToBytes4(bytesutil.Bytes4(4)), result: bytesutil.ToBytes(216172782113783812, 8)},
+		{epoch: 3, domainType: bytesutil.ToBytes4(bytesutil.Bytes4(5)), result: bytesutil.ToBytes(216172782113783813, 8)},
 	}
 	for _, tt := range tests {
-		domain, err := Domain(state.Fork, tt.epoch, bytesutil.ToBytes4(bytesutil.Bytes4(tt.domainType)))
+		domain, err := Domain(state.Fork, tt.epoch, tt.domainType)
 		if err != nil {
 			t.Fatal(err)
 		}
-		if domain != tt.version {
-			t.Errorf("wanted domain version: %d, got: %d", tt.version, domain)
+		if !bytes.Equal(domain, tt.result) {
+			t.Errorf("wanted domain version: %d, got: %d", tt.result, domain)
 		}
 	}
 }

beacon-chain/core/state/transition_test.go

@@ -125,10 +125,6 @@ func TestProcessBlock_IncorrectProposerSlashing(t *testing.T) {
 	}
 	block.Block.Body.ProposerSlashings = []*ethpb.ProposerSlashing{slashing}
 
-	blockRoot, err := ssz.HashTreeRoot(block.Block)
-	if err != nil {
-		t.Fatal(err)
-	}
 	beaconState.SetSlot(beaconState.Slot() + 1)
 	proposerIdx, err := helpers.BeaconProposerIndex(beaconState)
 	if err != nil {
@@ -139,7 +135,11 @@ func TestProcessBlock_IncorrectProposerSlashing(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	sig := privKeys[proposerIdx].Sign(blockRoot[:], domain)
+	root, err := helpers.ComputeSigningRoot(block.Block, domain)
+	if err != nil {
+		t.Fatal(err)
+	}
+	sig := privKeys[proposerIdx].Sign(root[:])
 	block.Signature = sig.Marshal()
 
 	beaconState, err = state.ProcessSlots(context.Background(), beaconState, 1)
@@ -168,10 +168,6 @@ func TestProcessBlock_IncorrectProcessBlockAttestations(t *testing.T) {
 		t.Fatal(err)
 	}
 	block.Block.Body.Attestations = []*ethpb.Attestation{att}
-	blockRoot, err := ssz.HashTreeRoot(block.Block)
-	if err != nil {
-		t.Fatal(err)
-	}
 	beaconState.SetSlot(beaconState.Slot() + 1)
 	proposerIdx, err := helpers.BeaconProposerIndex(beaconState)
 	if err != nil {
@@ -182,7 +178,11 @@ func TestProcessBlock_IncorrectProcessBlockAttestations(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	sig := privKeys[proposerIdx].Sign(blockRoot[:], domain)
+	root, err := helpers.ComputeSigningRoot(block.Block, domain)
+	if err != nil {
+		t.Fatal(err)
+	}
+	sig := privKeys[proposerIdx].Sign(root[:])
 	block.Signature = sig.Marshal()
 
 	beaconState, err = state.ProcessSlots(context.Background(), beaconState, 1)
@@ -333,11 +333,11 @@ func TestProcessBlock_PassesProcessingConditions(t *testing.T) {
 			StateRoot: []byte("A"),
 		},
 	}
-	signingRoot, err := ssz.HashTreeRoot(header1.Header)
+	root, err := helpers.ComputeSigningRoot(header1.Header, domain)
 	if err != nil {
-		t.Errorf("Could not get signing root of beacon block header: %v", err)
+		t.Fatal(err)
 	}
-	header1.Signature = privKeys[proposerSlashIdx].Sign(signingRoot[:], domain).Marshal()[:]
+	header1.Signature = privKeys[proposerSlashIdx].Sign(root[:]).Marshal()[:]
 
 	header2 := &ethpb.SignedBeaconBlockHeader{
 		Header: &ethpb.BeaconBlockHeader{
@@ -345,11 +345,11 @@ func TestProcessBlock_PassesProcessingConditions(t *testing.T) {
 			StateRoot: []byte("B"),
 		},
 	}
-	signingRoot, err = ssz.HashTreeRoot(header2.Header)
+	root, err = helpers.ComputeSigningRoot(header2.Header, domain)
 	if err != nil {
-		t.Errorf("Could not get signing root of beacon block header: %v", err)
+		t.Fatal(err)
 	}
-	header2.Signature = privKeys[proposerSlashIdx].Sign(signingRoot[:], domain).Marshal()[:]
+	header2.Signature = privKeys[proposerSlashIdx].Sign(root[:]).Marshal()[:]
 
 	proposerSlashings := []*ethpb.ProposerSlashing{
 		{
@@ -369,16 +369,16 @@ func TestProcessBlock_PassesProcessingConditions(t *testing.T) {
 			Target: &ethpb.Checkpoint{Epoch: 0}},
 		AttestingIndices: []uint64{0, 1},
 	}
-	hashTreeRoot, err := ssz.HashTreeRoot(att1.Data)
-	if err != nil {
-		t.Error(err)
-	}
 	domain, err = helpers.Domain(beaconState.Fork(), currentEpoch, params.BeaconConfig().DomainBeaconAttester)
 	if err != nil {
 		t.Fatal(err)
 	}
-	sig0 := privKeys[0].Sign(hashTreeRoot[:], domain)
-	sig1 := privKeys[1].Sign(hashTreeRoot[:], domain)
+	hashTreeRoot, err := helpers.ComputeSigningRoot(att1.Data, domain)
+	if err != nil {
+		t.Error(err)
+	}
+	sig0 := privKeys[0].Sign(hashTreeRoot[:])
+	sig1 := privKeys[1].Sign(hashTreeRoot[:])
 	aggregateSig := bls.AggregateSignatures([]*bls.Signature{sig0, sig1})
 	att1.Signature = aggregateSig.Marshal()[:]
 
@@ -389,12 +389,13 @@ func TestProcessBlock_PassesProcessingConditions(t *testing.T) {
 			Target: &ethpb.Checkpoint{Epoch: 0}},
 		AttestingIndices: []uint64{0, 1},
 	}
-	hashTreeRoot, err = ssz.HashTreeRoot(att2.Data)
+
+	hashTreeRoot, err = helpers.ComputeSigningRoot(att2.Data, domain)
 	if err != nil {
 		t.Error(err)
 	}
-	sig0 = privKeys[0].Sign(hashTreeRoot[:], domain)
-	sig1 = privKeys[1].Sign(hashTreeRoot[:], domain)
+	sig0 = privKeys[0].Sign(hashTreeRoot[:])
+	sig1 = privKeys[1].Sign(hashTreeRoot[:])
 	aggregateSig = bls.AggregateSignatures([]*bls.Signature{sig0, sig1})
 	att2.Signature = aggregateSig.Marshal()[:]
 
@@ -432,13 +433,13 @@ func TestProcessBlock_PassesProcessingConditions(t *testing.T) {
 	if err != nil {
 		t.Error(err)
 	}
-	hashTreeRoot, err = ssz.HashTreeRoot(blockAtt.Data)
+	hashTreeRoot, err = helpers.ComputeSigningRoot(blockAtt.Data, domain)
 	if err != nil {
 		t.Error(err)
 	}
 	sigs := make([]*bls.Signature, len(attestingIndices))
 	for i, indice := range attestingIndices {
-		sig := privKeys[indice].Sign(hashTreeRoot[:], domain)
+		sig := privKeys[indice].Sign(hashTreeRoot[:])
 		sigs[i] = sig
 	}
 	blockAtt.Signature = bls.AggregateSignatures(sigs).Marshal()[:]
@@ -449,15 +450,15 @@ func TestProcessBlock_PassesProcessingConditions(t *testing.T) {
 			Epoch:          0,
 		},
 	}
-	signingRoot, err = ssz.HashTreeRoot(exit.Exit)
-	if err != nil {
-		t.Errorf("Could not get signing root of beacon block header: %v", err)
-	}
 	domain, err = helpers.Domain(beaconState.Fork(), currentEpoch, params.BeaconConfig().DomainVoluntaryExit)
 	if err != nil {
 		t.Fatal(err)
 	}
-	exit.Signature = privKeys[exit.Exit.ValidatorIndex].Sign(signingRoot[:], domain).Marshal()[:]
+	signingRoot, err := helpers.ComputeSigningRoot(exit.Exit, domain)
+	if err != nil {
+		t.Errorf("Could not get signing root of beacon block header: %v", err)
+	}
+	exit.Signature = privKeys[exit.Exit.ValidatorIndex].Sign(signingRoot[:]).Marshal()[:]
 
 	parentRoot, err := ssz.HashTreeRoot(beaconState.LatestBlockHeader())
 	if err != nil {
@@ -656,7 +657,15 @@ func BenchmarkProcessBlk_65536Validators_FullBlock(b *testing.B) {
 	if err != nil {
 		b.Fatal(err)
 	}
-	epochSignature := priv.Sign(buf, domain)
+	ctr := &pb.SigningRoot{
+		ObjectRoot: buf,
+		Domain:     domain,
+	}
+	root, err = ssz.HashTreeRoot(ctr)
+	if err != nil {
+		b.Fatal(err)
+	}
+	epochSignature := priv.Sign(root[:])
 
 	buf = []byte{params.BeaconConfig().BLSWithdrawalPrefixByte}
 	pubKey := []byte("A")
@@ -753,11 +762,11 @@ func TestProcessBlk_AttsBasedOnValidatorCount(t *testing.T) {
 		}
 		sigs := make([]*bls.Signature, len(attestingIndices))
 		for i, indice := range attestingIndices {
-			hashTreeRoot, err := ssz.HashTreeRoot(att.Data)
+			hashTreeRoot, err := helpers.ComputeSigningRoot(att.Data, domain)
 			if err != nil {
 				t.Error(err)
 			}
-			sig := privKeys[indice].Sign(hashTreeRoot[:], domain)
+			sig := privKeys[indice].Sign(hashTreeRoot[:])
 			sigs[i] = sig
 		}
 		att.Signature = bls.AggregateSignatures(sigs).Marshal()[:]

beacon-chain/operations/attestations/aggregate_test.go

@@ -20,7 +20,7 @@ func TestAggregateAttestations_SingleAttestation(t *testing.T) {
 	}
 
 	sk := bls.RandKey()
-	sig := sk.Sign([]byte("dummy_test_data"), 0 /*domain*/)
+	sig := sk.Sign([]byte("dummy_test_data"))
 
 	unaggregatedAtts := []*ethpb.Attestation{
 		{Data: &ethpb.AttestationData{}, AggregationBits: bitfield.Bitlist{0b100001}, Signature: sig.Marshal()},
@@ -46,7 +46,7 @@ func TestAggregateAttestations_MultipleAttestationsSameRoot(t *testing.T) {
 	}
 
 	sk := bls.RandKey()
-	sig := sk.Sign([]byte("dummy_test_data"), 0 /*domain*/)
+	sig := sk.Sign([]byte("dummy_test_data"))
 
 	attsToBeAggregated := []*ethpb.Attestation{
 		{Data: &ethpb.AttestationData{}, AggregationBits: bitfield.Bitlist{0b110001}, Signature: sig.Marshal()},
@@ -88,7 +88,7 @@ func TestAggregateAttestations_MultipleAttestationsDifferentRoots(t *testing.T)
 	d2.Slot = 2
 
 	sk := bls.RandKey()
-	sig := sk.Sign([]byte("dummy_test_data"), 0 /*domain*/)
+	sig := sk.Sign([]byte("dummy_test_data"))
 
 	atts := []*ethpb.Attestation{
 		{Data: d, AggregationBits: bitfield.Bitlist{0b100001}, Signature: sig.Marshal()},

beacon-chain/operations/attestations/prepare_forkchoice_test.go

@@ -21,7 +21,7 @@ func TestBatchAttestations_Multiple(t *testing.T) {
 	}
 
 	sk := bls.RandKey()
-	sig := sk.Sign([]byte("dummy_test_data"), 0 /*domain*/)
+	sig := sk.Sign([]byte("dummy_test_data"))
 	var mockRoot [32]byte
 
 	unaggregatedAtts := []*ethpb.Attestation{
@@ -135,7 +135,7 @@ func TestBatchAttestations_Single(t *testing.T) {
 	}
 
 	sk := bls.RandKey()
-	sig := sk.Sign([]byte("dummy_test_data"), 0 /*domain*/)
+	sig := sk.Sign([]byte("dummy_test_data"))
 	mockRoot := [32]byte{}
 	d := &ethpb.AttestationData{
 		BeaconBlockRoot: mockRoot[:],
@@ -194,7 +194,7 @@ func TestAggregateAndSaveForkChoiceAtts_Single(t *testing.T) {
 	}
 
 	sk := bls.RandKey()
-	sig := sk.Sign([]byte("dummy_test_data"), 0 /*domain*/)
+	sig := sk.Sign([]byte("dummy_test_data"))
 	mockRoot := [32]byte{}
 	d := &ethpb.AttestationData{
 		BeaconBlockRoot: mockRoot[:],
@@ -226,7 +226,7 @@ func TestAggregateAndSaveForkChoiceAtts_Multiple(t *testing.T) {
 	}
 
 	sk := bls.RandKey()
-	sig := sk.Sign([]byte("dummy_test_data"), 0 /*domain*/)
+	sig := sk.Sign([]byte("dummy_test_data"))
 	mockRoot := [32]byte{}
 	d := &ethpb.AttestationData{
 		BeaconBlockRoot: mockRoot[:],

beacon-chain/powchain/deposit_test.go

@@ -180,10 +180,7 @@ func TestProcessDeposit_UnableToVerify(t *testing.T) {
 	testutil.ResetCache()
 
 	deposits, keys, _ := testutil.DeterministicDepositsAndKeys(1)
-
-	domain := bls.ComputeDomain(params.BeaconConfig().DomainDeposit)
-
-	sig := keys[0].Sign([]byte{'F', 'A', 'K', 'E'}, domain)
+	sig := keys[0].Sign([]byte{'F', 'A', 'K', 'E'})
 	deposits[0].Data.Signature = sig.Marshal()[:]
 
 	trie, _, err := testutil.DepositTrieFromDeposits(deposits)
@@ -228,12 +225,12 @@ func TestProcessDeposit_IncompleteDeposit(t *testing.T) {
 
 	sk := bls.RandKey()
 	deposit.Data.PublicKey = sk.PublicKey().Marshal()
-	signedRoot, err := ssz.HashTreeRoot(deposit.Data)
+	signedRoot, err := helpers.ComputeSigningRoot(deposit.Data, bls.ComputeDomain(params.BeaconConfig().DomainDeposit, nil))
 	if err != nil {
 		t.Fatal(err)
 	}
-	domain := bls.ComputeDomain(params.BeaconConfig().DomainDeposit)
-	sig := sk.Sign(signedRoot[:], domain)
+
+	sig := sk.Sign(signedRoot[:])
 	deposit.Data.Signature = sig.Marshal()
 
 	trie, err := trieutil.NewTrie(int(params.BeaconConfig().DepositContractTreeDepth))

beacon-chain/powchain/log_processing_test.go

@@ -61,6 +61,7 @@ func TestProcessDepositLog_OK(t *testing.T) {
 	}
 
 	testAcc.Backend.Commit()
+	testutil.ResetCache()
 	deposits, _, _ := testutil.DeterministicDepositsAndKeys(1)
 	_, depositRoots, err := testutil.DeterministicDepositTrie(len(deposits))
 	if err != nil {
@@ -130,6 +131,7 @@ func TestProcessDepositLog_InsertsPendingDeposit(t *testing.T) {
 
 	testAcc.Backend.Commit()
 
+	testutil.ResetCache()
 	deposits, _, _ := testutil.DeterministicDepositsAndKeys(1)
 	_, depositRoots, err := testutil.DeterministicDepositTrie(len(deposits))
 	if err != nil {
@@ -199,6 +201,7 @@ func TestUnpackDepositLogData_OK(t *testing.T) {
 		t.Fatalf("Could not init from contract: %v", err)
 	}
 
+	testutil.ResetCache()
 	deposits, _, _ := testutil.DeterministicDepositsAndKeys(1)
 	_, depositRoots, err := testutil.DeterministicDepositTrie(len(deposits))
 	if err != nil {
@@ -277,6 +280,7 @@ func TestProcessETH2GenesisLog_8DuplicatePubkeys(t *testing.T) {
 	testAcc.Backend.Commit()
 	testAcc.Backend.AdjustTime(time.Duration(int64(time.Now().Nanosecond())))
 
+	testutil.ResetCache()
 	deposits, _, _ := testutil.DeterministicDepositsAndKeys(1)
 	_, depositRoots, err := testutil.DeterministicDepositTrie(len(deposits))
 	if err != nil {
@@ -355,8 +359,8 @@ func TestProcessETH2GenesisLog(t *testing.T) {
 	testAcc.Backend.Commit()
 	testAcc.Backend.AdjustTime(time.Duration(int64(time.Now().Nanosecond())))
 
+	testutil.ResetCache()
 	deposits, _, _ := testutil.DeterministicDepositsAndKeys(uint64(depositsReqForChainStart))
-
 	_, roots, err := testutil.DeterministicDepositTrie(len(deposits))
 	if err != nil {
 		t.Fatal(err)
@@ -565,6 +569,7 @@ func TestWeb3ServiceProcessDepositLog_RequestMissedDeposits(t *testing.T) {
 	testAcc.Backend.Commit()
 	testAcc.Backend.AdjustTime(time.Duration(int64(time.Now().Nanosecond())))
 	depositsWanted := 10
+	testutil.ResetCache()
 	deposits, _, _ := testutil.DeterministicDepositsAndKeys(uint64(depositsWanted))
 	_, depositRoots, err := testutil.DeterministicDepositTrie(len(deposits))
 	if err != nil {
@@ -659,8 +664,8 @@ func TestConsistentGenesisState(t *testing.T) {
 	testAcc.Backend.Commit()
 	testAcc.Backend.AdjustTime(time.Duration(int64(time.Now().Nanosecond())))
 
+	testutil.ResetCache()
 	deposits, _, _ := testutil.DeterministicDepositsAndKeys(uint64(depositsReqForChainStart))
-
 	_, roots, err := testutil.DeterministicDepositTrie(len(deposits))
 	if err != nil {
 		t.Fatal(err)

beacon-chain/rpc/beacon/attestations_test.go

@@ -945,11 +945,11 @@ func TestServer_StreamIndexedAttestations_OK(t *testing.T) {
 					},
 				},
 			}
-			encoded, err := ssz.Marshal(attExample.Data)
+			encoded, err := helpers.ComputeSigningRoot(attExample.Data, []byte{})
 			if err != nil {
 				t.Fatal(err)
 			}
-			sig := privKeys[j].Sign(encoded, 0 /*domain*/)
+			sig := privKeys[j].Sign(encoded[:])
 			attExample.Signature = sig.Marshal()
 
 			var indexInCommittee uint64

beacon-chain/rpc/validator/aggregator_test.go

@@ -8,7 +8,6 @@ import (
 
 	ethpb "github.com/prysmaticlabs/ethereumapis/eth/v1alpha1"
 	"github.com/prysmaticlabs/go-bitfield"
-	"github.com/prysmaticlabs/go-ssz"
 	mock "github.com/prysmaticlabs/prysm/beacon-chain/blockchain/testing"
 	"github.com/prysmaticlabs/prysm/beacon-chain/core/helpers"
 	dbutil "github.com/prysmaticlabs/prysm/beacon-chain/db/testing"
@@ -64,7 +63,7 @@ func TestSubmitAggregateAndProof_CantFindValidatorIndex(t *testing.T) {
 	}
 
 	priv := bls.RandKey()
-	sig := priv.Sign([]byte{'A'}, 0)
+	sig := priv.Sign([]byte{'A'})
 	req := &ethpb.AggregationRequest{CommitteeIndex: 1, SlotSignature: sig.Marshal(), PublicKey: pubKey(3)}
 	wanted := "Could not locate validator index in DB"
 	if _, err := server.SubmitAggregateAndProof(ctx, req); !strings.Contains(err.Error(), wanted) {
@@ -89,7 +88,7 @@ func TestSubmitAggregateAndProof_IsAggregator(t *testing.T) {
 	}
 
 	priv := bls.RandKey()
-	sig := priv.Sign([]byte{'A'}, 0)
+	sig := priv.Sign([]byte{'A'})
 	pubKey := pubKey(1)
 	req := &ethpb.AggregationRequest{CommitteeIndex: 1, SlotSignature: sig.Marshal(), PublicKey: pubKey}
 	if err := db.SaveValidatorIndex(ctx, pubKey, 100); err != nil {
@@ -133,7 +132,7 @@ func TestSubmitAggregateAndProof_AggregateOk(t *testing.T) {
 	}
 
 	priv := bls.RandKey()
-	sig := priv.Sign([]byte{'B'}, 0)
+	sig := priv.Sign([]byte{'B'})
 	pubKey := pubKey(2)
 	req := &ethpb.AggregationRequest{CommitteeIndex: 1, SlotSignature: sig.Marshal(), PublicKey: pubKey}
 	if err := db.SaveValidatorIndex(ctx, pubKey, 100); err != nil {
@@ -188,7 +187,7 @@ func TestSubmitAggregateAndProof_AggregateNotOk(t *testing.T) {
 	}
 
 	priv := bls.RandKey()
-	sig := priv.Sign([]byte{'B'}, 0)
+	sig := priv.Sign([]byte{'B'})
 	pubKey := pubKey(2)
 	req := &ethpb.AggregationRequest{CommitteeIndex: 1, SlotSignature: sig.Marshal(), PublicKey: pubKey}
 	if err := db.SaveValidatorIndex(ctx, pubKey, 100); err != nil {
@@ -232,8 +231,8 @@ func generateAtt(state *beaconstate.BeaconState, index uint64, privKeys []*bls.S
 	att.Signature = zeroSig[:]
 
 	for i, indice := range attestingIndices {
-		hashTreeRoot, _ := ssz.HashTreeRoot(att.Data)
-		sig := privKeys[indice].Sign(hashTreeRoot[:], domain)
+		hashTreeRoot, _ := helpers.ComputeSigningRoot(att.Data, domain)
+		sig := privKeys[indice].Sign(hashTreeRoot[:])
 		sigs[i] = sig
 	}
 

beacon-chain/rpc/validator/assignments_test.go

@@ -231,6 +231,7 @@ func TestGetDuties_MultipleKeys_OK(t *testing.T) {
 
 	genesis := blk.NewGenesisBlock([]byte{})
 	depChainStart := uint64(64)
+	testutil.ResetCache()
 	deposits, _, _ := testutil.DeterministicDepositsAndKeys(depChainStart)
 	eth1Data, err := testutil.DeterministicEth1Data(len(deposits))
 	if err != nil {
@@ -277,8 +278,8 @@ func TestGetDuties_MultipleKeys_OK(t *testing.T) {
 	if len(res.Duties) != 2 {
 		t.Errorf("expected 2 assignments but got %d", len(res.Duties))
 	}
-	if res.Duties[0].AttesterSlot != 4 {
-		t.Errorf("Expected res.Duties[0].AttesterSlot == 4, got %d", res.Duties[0].AttesterSlot)
+	if res.Duties[0].AttesterSlot != 7 {
+		t.Errorf("Expected res.Duties[0].AttesterSlot == 7, got %d", res.Duties[0].AttesterSlot)
 	}
 	if res.Duties[1].AttesterSlot != 3 {
 		t.Errorf("Expected res.Duties[1].AttesterSlot == 3, got %d", res.Duties[0].AttesterSlot)

beacon-chain/rpc/validator/attester_test.go

@@ -77,7 +77,7 @@ func TestProposeAttestation_OK(t *testing.T) {
 	}
 
 	sk := bls.RandKey()
-	sig := sk.Sign([]byte("dummy_test_data"), 0 /*domain*/)
+	sig := sk.Sign([]byte("dummy_test_data"))
 	req := &ethpb.Attestation{
 		Signature: sig.Marshal(),
 		Data: &ethpb.AttestationData{

beacon-chain/rpc/validator/exit_test.go

@@ -11,6 +11,7 @@ import (
 	blk "github.com/prysmaticlabs/prysm/beacon-chain/core/blocks"
 	"github.com/prysmaticlabs/prysm/beacon-chain/core/feed"
 	opfeed "github.com/prysmaticlabs/prysm/beacon-chain/core/feed/operation"
+	"github.com/prysmaticlabs/prysm/beacon-chain/core/helpers"
 	"github.com/prysmaticlabs/prysm/beacon-chain/core/state"
 	dbutil "github.com/prysmaticlabs/prysm/beacon-chain/db/testing"
 	"github.com/prysmaticlabs/prysm/beacon-chain/operations/voluntaryexits"
@@ -24,7 +25,8 @@ func TestSub(t *testing.T) {
 	db := dbutil.SetupDB(t)
 	defer dbutil.TeardownDB(t, db)
 	ctx := context.Background()
-	deposits, _, _ := testutil.DeterministicDepositsAndKeys(params.BeaconConfig().MinGenesisActiveValidatorCount)
+	testutil.ResetCache()
+	deposits, keys, _ := testutil.DeterministicDepositsAndKeys(params.BeaconConfig().MinGenesisActiveValidatorCount)
 	beaconState, err := state.GenesisBeaconState(deposits, 0, &ethpb.Eth1Data{BlockHash: make([]byte, 32)})
 	if err != nil {
 		t.Fatal(err)
@@ -65,8 +67,16 @@ func TestSub(t *testing.T) {
 			Epoch:          epoch,
 			ValidatorIndex: validatorIndex,
 		},
-		Signature: []byte{0xb3, 0xe1, 0x9d, 0xc6, 0x7c, 0x78, 0x6c, 0xcf, 0x33, 0x1d, 0xb9, 0x6f, 0x59, 0x64, 0x44, 0xe1, 0x29, 0xd0, 0x87, 0x03, 0x26, 0x6e, 0x49, 0x1c, 0x05, 0xae, 0x16, 0x7b, 0x04, 0x0f, 0x3f, 0xf8, 0x82, 0x77, 0x60, 0xfc, 0xcf, 0x2f, 0x59, 0xc7, 0x40, 0x0b, 0x2c, 0xa9, 0x23, 0x8a, 0x6c, 0x8d, 0x01, 0x21, 0x5e, 0xa8, 0xac, 0x36, 0x70, 0x31, 0xb0, 0xe1, 0xa8, 0xb8, 0x8f, 0x93, 0x8c, 0x1c, 0xa2, 0x86, 0xe7, 0x22, 0x00, 0x6a, 0x7d, 0x36, 0xc0, 0x2b, 0x86, 0x2c, 0xf5, 0xf9, 0x10, 0xb9, 0xf2, 0xbd, 0x5e, 0xa6, 0x5f, 0x12, 0x86, 0x43, 0x20, 0x4d, 0xa2, 0x9d, 0x8b, 0xe6, 0x6f, 0x09},
 	}
+	domain, err := helpers.Domain(beaconState.Fork(), epoch, params.BeaconConfig().DomainVoluntaryExit)
+	if err != nil {
+		t.Fatal(err)
+	}
+	sigRoot, err := helpers.ComputeSigningRoot(req.Exit, domain)
+	if err != nil {
+		t.Fatalf("Could not compute signing root: %v", err)
+	}
+	req.Signature = keys[0].Sign(sigRoot[:]).Marshal()
 
 	_, err = server.ProposeExit(context.Background(), req)
 	if err != nil {

beacon-chain/rpc/validator/proposer_test.go

@@ -370,16 +370,16 @@ func TestComputeStateRoot_OK(t *testing.T) {
 	}
 	beaconState.SetSlot(beaconState.Slot() - 1)
 	req.Block.Body.RandaoReveal = randaoReveal[:]
-	signingRoot, err := ssz.HashTreeRoot(req.Block)
-	if err != nil {
-		t.Error(err)
-	}
 	currentEpoch := helpers.CurrentEpoch(beaconState)
 	domain, err := helpers.Domain(beaconState.Fork(), currentEpoch, params.BeaconConfig().DomainBeaconProposer)
 	if err != nil {
 		t.Fatal(err)
 	}
-	blockSig := privKeys[proposerIdx].Sign(signingRoot[:], domain).Marshal()
+	signingRoot, err := helpers.ComputeSigningRoot(req.Block, domain)
+	if err != nil {
+		t.Error(err)
+	}
+	blockSig := privKeys[proposerIdx].Sign(signingRoot[:]).Marshal()
 	req.Signature = blockSig[:]
 
 	_, err = proposerServer.computeStateRoot(context.Background(), req)
@@ -1320,8 +1320,8 @@ func TestFilterAttestation_OK(t *testing.T) {
 		atts[i].Signature = zeroSig[:]
 
 		for i, indice := range attestingIndices {
-			hashTreeRoot, _ := ssz.HashTreeRoot(atts[i].Data)
-			sig := privKeys[indice].Sign(hashTreeRoot[:], domain)
+			hashTreeRoot, _ := helpers.ComputeSigningRoot(atts[i].Data, domain)
+			sig := privKeys[indice].Sign(hashTreeRoot[:])
 			sigs[i] = sig
 		}
 		atts[i].Signature = bls.AggregateSignatures(sigs).Marshal()[:]
@@ -1528,7 +1528,7 @@ func TestDeleteAttsInPool_Aggregated(t *testing.T) {
 		AttPool: attestations.NewPool(),
 	}
 
-	sig := bls.RandKey().Sign([]byte("foo"), 0).Marshal()
+	sig := bls.RandKey().Sign([]byte("foo")).Marshal()
 	aggregatedAtts := []*ethpb.Attestation{{AggregationBits: bitfield.Bitlist{0b10101}, Signature: sig}, {AggregationBits: bitfield.Bitlist{0b11010}, Signature: sig}}
 	unaggregatedAtts := []*ethpb.Attestation{{AggregationBits: bitfield.Bitlist{0b1001}, Signature: sig}, {AggregationBits: bitfield.Bitlist{0b0001}, Signature: sig}}
 

beacon-chain/rpc/validator/server_test.go

@@ -7,6 +7,7 @@ import (
 	"testing"
 	"time"
 
+	"github.com/prysmaticlabs/prysm/beacon-chain/core/helpers"
 	ptypes "github.com/gogo/protobuf/types"
 	"github.com/golang/mock/gomock"
 	ethpb "github.com/prysmaticlabs/ethereumapis/eth/v1alpha1"
@@ -152,12 +153,12 @@ func TestWaitForActivation_ValidatorOriginallyExists(t *testing.T) {
 		PublicKey:             pubKey1,
 		WithdrawalCredentials: []byte("hey"),
 	}
-	signingRoot, err := ssz.HashTreeRoot(depData)
+	domain := bls.ComputeDomain(params.BeaconConfig().DomainDeposit, nil)
+	signingRoot, err := helpers.ComputeSigningRoot(depData, domain)
 	if err != nil {
 		t.Error(err)
 	}
-	domain := bls.ComputeDomain(params.BeaconConfig().DomainDeposit)
-	depData.Signature = priv1.Sign(signingRoot[:], domain).Marshal()[:]
+	depData.Signature = priv1.Sign(signingRoot[:]).Marshal()[:]
 
 	deposit := &ethpb.Deposit{
 		Data: depData,

beacon-chain/sync/pending_attestations_queue_test.go

@@ -71,7 +71,7 @@ func TestProcessPendingAtts_HasBlockSaveUnAggregatedAtt(t *testing.T) {
 
 	a := &ethpb.AggregateAttestationAndProof{
 		Aggregate: &ethpb.Attestation{
-			Signature:       bls.RandKey().Sign([]byte("foo"), 0).Marshal(),
+			Signature:       bls.RandKey().Sign([]byte("foo")).Marshal(),
 			AggregationBits: bitfield.Bitlist{0x02},
 			Data: &ethpb.AttestationData{
 				Target: &ethpb.Checkpoint{}}}}
@@ -106,6 +106,7 @@ func TestProcessPendingAtts_HasBlockSaveAggregatedAtt(t *testing.T) {
 	defer dbtest.TeardownDB(t, db)
 	p1 := p2ptest.NewTestP2P(t)
 	validators := uint64(256)
+	testutil.ResetCache()
 	beaconState, privKeys := testutil.DeterministicGenesisState(t, validators)
 
 	sb := &ethpb.SignedBeaconBlock{Block: &ethpb.BeaconBlock{}}
@@ -132,31 +133,30 @@ func TestProcessPendingAtts_HasBlockSaveAggregatedAtt(t *testing.T) {
 	if err != nil {
 		t.Error(err)
 	}
-	hashTreeRoot, err := ssz.HashTreeRoot(att.Data)
-	if err != nil {
-		t.Error(err)
-	}
 	domain, err := helpers.Domain(beaconState.Fork(), 0, params.BeaconConfig().DomainBeaconAttester)
 	if err != nil {
 		t.Fatal(err)
 	}
+	hashTreeRoot, err := helpers.ComputeSigningRoot(att.Data, domain)
+	if err != nil {
+		t.Error(err)
+	}
 	sigs := make([]*bls.Signature, len(attestingIndices))
 	for i, indice := range attestingIndices {
-		sig := privKeys[indice].Sign(hashTreeRoot[:], domain)
+		sig := privKeys[indice].Sign(hashTreeRoot[:])
 		sigs[i] = sig
 	}
 	att.Signature = bls.AggregateSignatures(sigs).Marshal()[:]
 
-	slotRoot, err := ssz.HashTreeRoot(att.Data.Slot)
+	slotRoot, err := helpers.ComputeSigningRoot(att.Data.Slot, domain)
 	if err != nil {
 		t.Fatal(err)
 	}
-
-	sig := privKeys[154].Sign(slotRoot[:], domain)
+	sig := privKeys[18].Sign(slotRoot[:])
 	aggregateAndProof := &ethpb.AggregateAttestationAndProof{
 		SelectionProof:  sig.Marshal(),
 		Aggregate:       att,
-		AggregatorIndex: 154,
+		AggregatorIndex: 18,
 	}
 
 	if err := beaconState.SetGenesisTime(uint64(time.Now().Unix())); err != nil {

beacon-chain/sync/subscriber.go

@@ -19,6 +19,7 @@ import (
 )
 
 const pubsubMessageTimeout = 30 * time.Second
+const maximumGossipClockDisparity = 500 * time.Millisecond
 
 // subHandler represents handler for a given subscription.
 type subHandler func(context.Context, proto.Message) error

beacon-chain/sync/subscriber_committee_index_beacon_attestation_test.go

@@ -73,7 +73,7 @@ func TestService_committeeIndexBeaconAttestationSubscriber_ValidMessage(t *testi
 			BeaconBlockRoot: root[:],
 		},
 		AggregationBits: bitfield.Bitlist{0b0101},
-		Signature:       sKeys[0].Sign([]byte("foo"), 0).Marshal(),
+		Signature:       sKeys[0].Sign([]byte("foo")).Marshal(),
 	}
 
 	p.ReceivePubSub("/eth2/committee_index0_beacon_attestation", att)

beacon-chain/sync/subscriber_test.go

@@ -81,7 +81,7 @@ func TestSubscribe_WaitToSync(t *testing.T) {
 		Block: &pb.BeaconBlock{
 			ParentRoot: testutil.Random32Bytes(t),
 		},
-		Signature: sk.Sign([]byte("data"), 0).Marshal(),
+		Signature: sk.Sign([]byte("data")).Marshal(),
 	}
 	p2p.ReceivePubSub(topic, msg)
 	// wait for chainstart to be sent

beacon-chain/sync/validate_aggregate_proof.go

@@ -8,7 +8,6 @@ import (
 	pubsub "github.com/libp2p/go-libp2p-pubsub"
 	"github.com/pkg/errors"
 	ethpb "github.com/prysmaticlabs/ethereumapis/eth/v1alpha1"
-	"github.com/prysmaticlabs/go-ssz"
 	"github.com/prysmaticlabs/prysm/beacon-chain/core/blocks"
 	"github.com/prysmaticlabs/prysm/beacon-chain/core/helpers"
 	"github.com/prysmaticlabs/prysm/beacon-chain/core/state"
@@ -81,13 +80,9 @@ func (r *Service) validateAggregatedAtt(ctx context.Context, a *ethpb.AggregateA
 	defer span.End()
 
 	attSlot := a.Aggregate.Data.Slot
-
-	// Verify attestation slot is within the last ATTESTATION_PROPAGATION_SLOT_RANGE slots.
-	currentSlot := uint64(roughtime.Now().Unix()-r.chain.GenesisTime().Unix()) / params.BeaconConfig().SecondsPerSlot
-	if attSlot > currentSlot || currentSlot > attSlot+params.BeaconConfig().AttestationPropagationSlotRange {
-		traceutil.AnnotateError(span, fmt.Errorf("attestation slot out of range %d <= %d <= %d", attSlot, currentSlot, attSlot+params.BeaconConfig().AttestationPropagationSlotRange))
+	if err := validateAggregateAttTime(attSlot, uint64(r.chain.GenesisTime().Unix())); err != nil {
+		traceutil.AnnotateError(span, err)
 		return false
-
 	}
 
 	s, err := r.chain.HeadState(ctx)
@@ -165,6 +160,24 @@ func validateIndexInCommittee(ctx context.Context, s *stateTrie.BeaconState, a *
 	return nil
 }
 
+// Validates that the incoming aggregate attestation is in the desired time range.
+func validateAggregateAttTime(attSlot uint64, genesisTime uint64) error {
+	// in milliseconds
+	attTime := 1000 * (genesisTime + (attSlot * params.BeaconConfig().SecondsPerSlot))
+	attSlotRange := attSlot + params.BeaconConfig().AttestationPropagationSlotRange
+	attTimeRange := 1000 * (genesisTime + (attSlotRange * params.BeaconConfig().SecondsPerSlot))
+	currentTimeInSec := roughtime.Now().Unix()
+	currentTime := 1000 * currentTimeInSec
+
+	// Verify attestation slot is within the last ATTESTATION_PROPAGATION_SLOT_RANGE slots.
+	currentSlot := (uint64(currentTimeInSec) - genesisTime) / params.BeaconConfig().SecondsPerSlot
+	if attTime-uint64(maximumGossipClockDisparity.Milliseconds()) > uint64(currentTime) ||
+		uint64(currentTime-maximumGossipClockDisparity.Milliseconds()) > attTimeRange {
+		return fmt.Errorf("attestation slot out of range %d <= %d <= %d", attSlot, currentSlot, attSlot+params.BeaconConfig().AttestationPropagationSlotRange)
+	}
+	return nil
+}
+
 // This validates selection proof by validating it's from the correct validator index of the slot and selection
 // proof is a valid signature.
 func validateSelection(ctx context.Context, s *stateTrie.BeaconState, data *ethpb.AttestationData, validatorIndex uint64, proof []byte) error {
@@ -187,7 +200,7 @@ func validateSelection(ctx context.Context, s *stateTrie.BeaconState, data *ethp
 	if err != nil {
 		return err
 	}
-	slotMsg, err := ssz.HashTreeRoot(data.Slot)
+	slotMsg, err := helpers.ComputeSigningRoot(data.Slot, domain)
 	if err != nil {
 		return err
 	}
@@ -200,7 +213,7 @@ func validateSelection(ctx context.Context, s *stateTrie.BeaconState, data *ethp
 	if err != nil {
 		return err
 	}
-	if !slotSig.Verify(slotMsg[:], pubKey, domain) {
+	if !slotSig.Verify(slotMsg[:], pubKey) {
 		return errors.New("could not validate slot signature")
 	}
 

beacon-chain/sync/validate_aggregate_proof_test.go

@@ -70,7 +70,7 @@ func TestVerifySelection_NotAnAggregator(t *testing.T) {
 	validators := uint64(2048)
 	beaconState, privKeys := testutil.DeterministicGenesisState(t, validators)
 
-	sig := privKeys[0].Sign([]byte{}, 0)
+	sig := privKeys[0].Sign([]byte{'A'})
 	data := &ethpb.AttestationData{}
 
 	wanted := "validator is not an aggregator for slot"
@@ -84,7 +84,7 @@ func TestVerifySelection_BadSignature(t *testing.T) {
 	validators := uint64(256)
 	beaconState, privKeys := testutil.DeterministicGenesisState(t, validators)
 
-	sig := privKeys[0].Sign([]byte{}, 0)
+	sig := privKeys[0].Sign([]byte{'A'})
 	data := &ethpb.AttestationData{}
 
 	wanted := "could not validate slot signature"
@@ -99,15 +99,15 @@ func TestVerifySelection_CanVerify(t *testing.T) {
 	beaconState, privKeys := testutil.DeterministicGenesisState(t, validators)
 
 	data := &ethpb.AttestationData{}
-	slotRoot, err := ssz.HashTreeRoot(data.Slot)
-	if err != nil {
-		t.Fatal(err)
-	}
 	domain, err := helpers.Domain(beaconState.Fork(), 0, params.BeaconConfig().DomainBeaconAttester)
 	if err != nil {
 		t.Fatal(err)
 	}
-	sig := privKeys[0].Sign(slotRoot[:], domain)
+	slotRoot, err := helpers.ComputeSigningRoot(data.Slot, domain)
+	if err != nil {
+		t.Fatal(err)
+	}
+	sig := privKeys[0].Sign(slotRoot[:])
 
 	if err := validateSelection(ctx, beaconState, data, 0, sig.Marshal()); err != nil {
 		t.Fatal(err)
@@ -219,7 +219,7 @@ func TestValidateAggregateAndProof_NotWithinSlotRange(t *testing.T) {
 		t.Error("Expected validate to fail")
 	}
 
-	att.Data.Slot = 1<<64 - 1
+	att.Data.Slot = 1<<32 - 1
 
 	buf = new(bytes.Buffer)
 	if _, err := p.Encoding().Encode(buf, aggregateAndProof); err != nil {
@@ -334,31 +334,31 @@ func TestValidateAggregateAndProof_CanValidate(t *testing.T) {
 	if err != nil {
 		t.Error(err)
 	}
-	hashTreeRoot, err := ssz.HashTreeRoot(att.Data)
-	if err != nil {
-		t.Error(err)
-	}
 	domain, err := helpers.Domain(beaconState.Fork(), 0, params.BeaconConfig().DomainBeaconAttester)
 	if err != nil {
 		t.Fatal(err)
 	}
+	hashTreeRoot, err := helpers.ComputeSigningRoot(att.Data, domain)
+	if err != nil {
+		t.Error(err)
+	}
 	sigs := make([]*bls.Signature, len(attestingIndices))
 	for i, indice := range attestingIndices {
-		sig := privKeys[indice].Sign(hashTreeRoot[:], domain)
+		sig := privKeys[indice].Sign(hashTreeRoot[:])
 		sigs[i] = sig
 	}
 	att.Signature = bls.AggregateSignatures(sigs).Marshal()[:]
 
-	slotRoot, err := ssz.HashTreeRoot(att.Data.Slot)
+	slotRoot, err := helpers.ComputeSigningRoot(att.Data.Slot, domain)
 	if err != nil {
 		t.Fatal(err)
 	}
 
-	sig := privKeys[154].Sign(slotRoot[:], domain)
+	sig := privKeys[18].Sign(slotRoot[:])
 	aggregateAndProof := &ethpb.AggregateAttestationAndProof{
 		SelectionProof:  sig.Marshal(),
 		Aggregate:       att,
-		AggregatorIndex: 154,
+		AggregatorIndex: 18,
 	}
 
 	if err := beaconState.SetGenesisTime(uint64(time.Now().Unix())); err != nil {

beacon-chain/sync/validate_attester_slashing_test.go

@@ -11,7 +11,6 @@ import (
 	pubsub "github.com/libp2p/go-libp2p-pubsub"
 	pubsubpb "github.com/libp2p/go-libp2p-pubsub/pb"
 	ethpb "github.com/prysmaticlabs/ethereumapis/eth/v1alpha1"
-	"github.com/prysmaticlabs/go-ssz"
 	mock "github.com/prysmaticlabs/prysm/beacon-chain/blockchain/testing"
 	"github.com/prysmaticlabs/prysm/beacon-chain/core/helpers"
 	"github.com/prysmaticlabs/prysm/beacon-chain/p2p"
@@ -40,16 +39,16 @@ func setupValidAttesterSlashing(t *testing.T) (*ethpb.AttesterSlashing, *stateTr
 		},
 		AttestingIndices: []uint64{0, 1},
 	}
-	hashTreeRoot, err := ssz.HashTreeRoot(att1.Data)
-	if err != nil {
-		t.Error(err)
-	}
 	domain, err := helpers.Domain(state.Fork(), 0, params.BeaconConfig().DomainBeaconAttester)
 	if err != nil {
 		t.Fatal(err)
 	}
-	sig0 := privKeys[0].Sign(hashTreeRoot[:], domain)
-	sig1 := privKeys[1].Sign(hashTreeRoot[:], domain)
+	hashTreeRoot, err := helpers.ComputeSigningRoot(att1.Data, domain)
+	if err != nil {
+		t.Error(err)
+	}
+	sig0 := privKeys[0].Sign(hashTreeRoot[:])
+	sig1 := privKeys[1].Sign(hashTreeRoot[:])
 	aggregateSig := bls.AggregateSignatures([]*bls.Signature{sig0, sig1})
 	att1.Signature = aggregateSig.Marshal()[:]
 
@@ -60,12 +59,12 @@ func setupValidAttesterSlashing(t *testing.T) (*ethpb.AttesterSlashing, *stateTr
 		},
 		AttestingIndices: []uint64{0, 1},
 	}
-	hashTreeRoot, err = ssz.HashTreeRoot(att2.Data)
+	hashTreeRoot, err = helpers.ComputeSigningRoot(att2.Data, domain)
 	if err != nil {
 		t.Error(err)
 	}
-	sig0 = privKeys[0].Sign(hashTreeRoot[:], domain)
-	sig1 = privKeys[1].Sign(hashTreeRoot[:], domain)
+	sig0 = privKeys[0].Sign(hashTreeRoot[:])
+	sig1 = privKeys[1].Sign(hashTreeRoot[:])
 	aggregateSig = bls.AggregateSignatures([]*bls.Signature{sig0, sig1})
 	att2.Signature = aggregateSig.Marshal()[:]
 

beacon-chain/sync/validate_beacon_blocks.go

@@ -58,7 +58,7 @@ func (r *Service) validateBeaconBlockPubSub(ctx context.Context, pid peer.ID, ms
 	}
 	r.pendingQueueLock.RUnlock()
 
-	if err := helpers.VerifySlotTime(uint64(r.chain.GenesisTime().Unix()), blk.Block.Slot); err != nil {
+	if err := helpers.VerifySlotTime(uint64(r.chain.GenesisTime().Unix()), blk.Block.Slot, maximumGossipClockDisparity); err != nil {
 		log.WithError(err).WithField("blockSlot", blk.Block.Slot).Warn("Rejecting incoming block.")
 		return false
 	}

beacon-chain/sync/validate_beacon_blocks_test.go

@@ -125,7 +125,7 @@ func TestValidateBeaconBlockPubSub_ValidSignature(t *testing.T) {
 		Block: &ethpb.BeaconBlock{
 			ParentRoot: testutil.Random32Bytes(t),
 		},
-		Signature: sk.Sign([]byte("data"), 0).Marshal(),
+		Signature: sk.Sign([]byte("data")).Marshal(),
 	}
 
 	r := &Service{
@@ -175,7 +175,7 @@ func TestValidateBeaconBlockPubSub_Syncing(t *testing.T) {
 		Block: &ethpb.BeaconBlock{
 			ParentRoot: testutil.Random32Bytes(t),
 		},
-		Signature: sk.Sign([]byte("data"), 0).Marshal(),
+		Signature: sk.Sign([]byte("data")).Marshal(),
 	}
 
 	r := &Service{
@@ -223,7 +223,7 @@ func TestValidateBeaconBlockPubSub_RejectBlocksFromFuture(t *testing.T) {
 			ParentRoot: testutil.Random32Bytes(t),
 			Slot:       1000,
 		},
-		Signature: sk.Sign([]byte("data"), 0).Marshal(),
+		Signature: sk.Sign([]byte("data")).Marshal(),
 	}
 
 	r := &Service{
@@ -267,7 +267,7 @@ func TestValidateBeaconBlockPubSub_RejectBlocksFromThePast(t *testing.T) {
 			ParentRoot: testutil.Random32Bytes(t),
 			Slot:       10,
 		},
-		Signature: sk.Sign([]byte("data"), 0).Marshal(),
+		Signature: sk.Sign([]byte("data")).Marshal(),
 	}
 
 	genesisTime := time.Now()

beacon-chain/sync/validate_committee_index_beacon_attestation.go

@@ -9,11 +9,9 @@ import (
 	"github.com/libp2p/go-libp2p-core/peer"
 	pubsub "github.com/libp2p/go-libp2p-pubsub"
 	eth "github.com/prysmaticlabs/ethereumapis/eth/v1alpha1"
-	"github.com/prysmaticlabs/prysm/beacon-chain/core/helpers"
 	"github.com/prysmaticlabs/prysm/beacon-chain/p2p"
 	"github.com/prysmaticlabs/prysm/shared/bytesutil"
 	"github.com/prysmaticlabs/prysm/shared/featureconfig"
-	"github.com/prysmaticlabs/prysm/shared/params"
 	"github.com/prysmaticlabs/prysm/shared/traceutil"
 	"go.opencensus.io/trace"
 )
@@ -66,10 +64,8 @@ func (s *Service) validateCommitteeIndexBeaconAttestation(ctx context.Context, p
 	}
 
 	// Attestation's slot is within ATTESTATION_PROPAGATION_SLOT_RANGE.
-	currentSlot := helpers.SlotsSince(s.chain.GenesisTime())
-	upper := att.Data.Slot + params.BeaconConfig().AttestationPropagationSlotRange
-	lower := att.Data.Slot
-	if currentSlot > upper || currentSlot < lower {
+	if err := validateAggregateAttTime(att.Data.Slot, uint64(s.chain.GenesisTime().Unix())); err != nil {
+		traceutil.AnnotateError(span, err)
 		return false
 	}
 

beacon-chain/sync/validate_proposer_slashing_test.go

@@ -11,7 +11,6 @@ import (
 	pubsub "github.com/libp2p/go-libp2p-pubsub"
 	pubsubpb "github.com/libp2p/go-libp2p-pubsub/pb"
 	ethpb "github.com/prysmaticlabs/ethereumapis/eth/v1alpha1"
-	"github.com/prysmaticlabs/go-ssz"
 	mock "github.com/prysmaticlabs/prysm/beacon-chain/blockchain/testing"
 	"github.com/prysmaticlabs/prysm/beacon-chain/core/helpers"
 	"github.com/prysmaticlabs/prysm/beacon-chain/p2p"
@@ -80,11 +79,11 @@ func setupValidProposerSlashing(t *testing.T) (*ethpb.ProposerSlashing, *stateTr
 			BodyRoot:   someRoot[:],
 		},
 	}
-	signingRoot, err := ssz.HashTreeRoot(header1.Header)
+	signingRoot, err := helpers.ComputeSigningRoot(header1.Header, domain)
 	if err != nil {
 		t.Errorf("Could not get signing root of beacon block header: %v", err)
 	}
-	header1.Signature = privKey.Sign(signingRoot[:], domain).Marshal()[:]
+	header1.Signature = privKey.Sign(signingRoot[:]).Marshal()[:]
 
 	header2 := &ethpb.SignedBeaconBlockHeader{
 		Header: &ethpb.BeaconBlockHeader{
@@ -94,11 +93,11 @@ func setupValidProposerSlashing(t *testing.T) (*ethpb.ProposerSlashing, *stateTr
 			BodyRoot:   someRoot2[:],
 		},
 	}
-	signingRoot, err = ssz.HashTreeRoot(header2.Header)
+	signingRoot, err = helpers.ComputeSigningRoot(header2.Header, domain)
 	if err != nil {
 		t.Errorf("Could not get signing root of beacon block header: %v", err)
 	}
-	header2.Signature = privKey.Sign(signingRoot[:], domain).Marshal()[:]
+	header2.Signature = privKey.Sign(signingRoot[:]).Marshal()[:]
 
 	slashing := &ethpb.ProposerSlashing{
 		ProposerIndex: 1,

beacon-chain/sync/validate_voluntary_exit_test.go

@@ -10,7 +10,6 @@ import (
 	pubsub "github.com/libp2p/go-libp2p-pubsub"
 	pubsubpb "github.com/libp2p/go-libp2p-pubsub/pb"
 	ethpb "github.com/prysmaticlabs/ethereumapis/eth/v1alpha1"
-	"github.com/prysmaticlabs/go-ssz"
 	mock "github.com/prysmaticlabs/prysm/beacon-chain/blockchain/testing"
 	"github.com/prysmaticlabs/prysm/beacon-chain/core/helpers"
 	"github.com/prysmaticlabs/prysm/beacon-chain/p2p"
@@ -51,17 +50,17 @@ func setupValidExit(t *testing.T) (*ethpb.SignedVoluntaryExit, *stateTrie.Beacon
 	); err != nil {
 		t.Fatal(err)
 	}
-	signingRoot, err := ssz.HashTreeRoot(exit.Exit)
-	if err != nil {
-		t.Error(err)
-	}
 	domain, err := helpers.Domain(state.Fork(), helpers.CurrentEpoch(state), params.BeaconConfig().DomainVoluntaryExit)
 	if err != nil {
 		t.Fatal(err)
 	}
+	signingRoot, err := helpers.ComputeSigningRoot(exit.Exit, domain)
+	if err != nil {
+		t.Error(err)
+	}
 	priv := bls.RandKey()
 
-	sig := priv.Sign(signingRoot[:], domain)
+	sig := priv.Sign(signingRoot[:])
 	exit.Signature = sig.Marshal()
 
 	val, err := state.ValidatorAtIndex(0)

proto/beacon/p2p/v1/types.pb.go

@@ -532,6 +532,61 @@ func (m *StateSummary) GetBoundaryRoot() []byte {
 	return nil
 }
 
+type SigningRoot struct {
+	ObjectRoot           []byte   `protobuf:"bytes,1,opt,name=object_root,json=objectRoot,proto3" json:"object_root,omitempty" ssz-size:"32"`
+	Domain               []byte   `protobuf:"bytes,2,opt,name=domain,proto3" json:"domain,omitempty" ssz-size:"8"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *SigningRoot) Reset()         { *m = SigningRoot{} }
+func (m *SigningRoot) String() string { return proto.CompactTextString(m) }
+func (*SigningRoot) ProtoMessage()    {}
+func (*SigningRoot) Descriptor() ([]byte, []int) {
+	return fileDescriptor_e719e7d82cfa7b0d, []int{6}
+}
+func (m *SigningRoot) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *SigningRoot) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_SigningRoot.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *SigningRoot) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_SigningRoot.Merge(m, src)
+}
+func (m *SigningRoot) XXX_Size() int {
+	return m.Size()
+}
+func (m *SigningRoot) XXX_DiscardUnknown() {
+	xxx_messageInfo_SigningRoot.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_SigningRoot proto.InternalMessageInfo
+
+func (m *SigningRoot) GetObjectRoot() []byte {
+	if m != nil {
+		return m.ObjectRoot
+	}
+	return nil
+}
+
+func (m *SigningRoot) GetDomain() []byte {
+	if m != nil {
+		return m.Domain
+	}
+	return nil
+}
+
 func init() {
 	proto.RegisterType((*BeaconState)(nil), "ethereum.beacon.p2p.v1.BeaconState")
 	proto.RegisterType((*Fork)(nil), "ethereum.beacon.p2p.v1.Fork")
@@ -539,82 +594,86 @@ func init() {
 	proto.RegisterType((*ValidatorLatestVote)(nil), "ethereum.beacon.p2p.v1.ValidatorLatestVote")
 	proto.RegisterType((*HistoricalBatch)(nil), "ethereum.beacon.p2p.v1.HistoricalBatch")
 	proto.RegisterType((*StateSummary)(nil), "ethereum.beacon.p2p.v1.StateSummary")
+	proto.RegisterType((*SigningRoot)(nil), "ethereum.beacon.p2p.v1.SigningRoot")
 }
 
 func init() { proto.RegisterFile("proto/beacon/p2p/v1/types.proto", fileDescriptor_e719e7d82cfa7b0d) }
 
 var fileDescriptor_e719e7d82cfa7b0d = []byte{
-	// 1107 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xac, 0x56, 0xcd, 0x6f, 0xe3, 0x44,
-	0x14, 0x57, 0xda, 0x00, 0xbb, 0xd3, 0xb4, 0xe9, 0x4e, 0x56, 0x5b, 0xd3, 0x2d, 0x75, 0x30, 0x62,
-	0xb7, 0x42, 0x5b, 0xa7, 0x4e, 0xdb, 0xa4, 0xed, 0x8a, 0x5d, 0xe1, 0xdd, 0x45, 0x0b, 0x02, 0x09,
-	0x79, 0xa1, 0x12, 0x02, 0x61, 0x4d, 0xec, 0x49, 0x3c, 0xd4, 0xf1, 0x58, 0x9e, 0x49, 0xd4, 0x56,
-	0x42, 0x1c, 0x38, 0x71, 0x40, 0x5c, 0xf8, 0x07, 0xe0, 0xbf, 0x00, 0x4e, 0x7c, 0x1c, 0x38, 0xf2,
-	0x75, 0x81, 0x43, 0x84, 0x7a, 0x03, 0x4e, 0xe4, 0xc8, 0x09, 0xcd, 0xf8, 0x33, 0x6c, 0x03, 0x39,
-	0xec, 0xcd, 0x7e, 0xef, 0xf7, 0xfb, 0xbd, 0x37, 0xef, 0x3d, 0xbf, 0x31, 0x50, 0xc3, 0x88, 0x72,
-	0xda, 0xe8, 0x60, 0xe4, 0xd0, 0xa0, 0x11, 0x36, 0xc3, 0xc6, 0xd0, 0x68, 0xf0, 0x93, 0x10, 0x33,
-	0x5d, 0x7a, 0xe0, 0x15, 0xcc, 0x3d, 0x1c, 0xe1, 0x41, 0x5f, 0x8f, 0x31, 0x7a, 0xd8, 0x0c, 0xf5,
-	0xa1, 0xb1, 0xba, 0x8e, 0xb9, 0xd7, 0x18, 0x1a, 0xc8, 0x0f, 0x3d, 0x64, 0x34, 0x10, 0xe7, 0x98,
-	0x71, 0xc4, 0x89, 0x00, 0x08, 0xde, 0xaa, 0x3a, 0xe1, 0x8f, 0xb9, 0x76, 0xc7, 0xa7, 0xce, 0x51,
-	0x02, 0x58, 0x9b, 0x00, 0x0c, 0x91, 0x4f, 0x5c, 0xc4, 0x69, 0x94, 0x78, 0x37, 0x7b, 0x84, 0x7b,
-	0x83, 0x8e, 0xee, 0xd0, 0x7e, 0xa3, 0x47, 0x7b, 0xb4, 0x21, 0xcd, 0x9d, 0x41, 0x57, 0xbe, 0xc5,
-	0x49, 0x8b, 0xa7, 0x18, 0xae, 0x7d, 0x54, 0x01, 0x0b, 0xa6, 0x8c, 0xf1, 0x80, 0x23, 0x8e, 0xa1,
-	0x06, 0x2a, 0x3d, 0x1c, 0x60, 0x46, 0x98, 0xcd, 0x49, 0x1f, 0x2b, 0xbf, 0x3f, 0x51, 0x2f, 0x6d,
-	0x94, 0xad, 0x85, 0xc4, 0xf8, 0x3a, 0xe9, 0x63, 0x58, 0x03, 0x65, 0xe6, 0x53, 0xae, 0xfc, 0x11,
-	0xfb, 0xe4, 0x0b, 0x34, 0x40, 0xb9, 0x4b, 0xa3, 0x23, 0xe5, 0x4f, 0x61, 0x5c, 0x68, 0xae, 0xe9,
-	0xe7, 0x1f, 0x5f, 0x7f, 0x91, 0x46, 0x47, 0x96, 0x84, 0xc2, 0x37, 0x41, 0xcd, 0x47, 0xe2, 0xf8,
-	0xf1, 0xf1, 0x6c, 0x0f, 0x23, 0x17, 0x47, 0xca, 0x0f, 0x55, 0xa9, 0xb0, 0x91, 0x2b, 0x60, 0xee,
-	0xe9, 0xe9, 0x81, 0xf5, 0x38, 0x5b, 0x53, 0x30, 0xee, 0x4b, 0x82, 0x75, 0x29, 0x56, 0x29, 0x98,
-	0xe0, 0x1e, 0x58, 0x88, 0x35, 0x23, 0x4a, 0x39, 0x53, 0x7e, 0xac, 0xd6, 0xe7, 0x37, 0x2a, 0xe6,
-	0x95, 0xf1, 0x48, 0x85, 0x8c, 0x9d, 0x6e, 0x32, 0x72, 0x8a, 0x0f, 0xb4, 0x3d, 0x63, 0xbf, 0x79,
-	0x63, 0xbb, 0xa9, 0x59, 0x40, 0x62, 0x2d, 0x01, 0x15, 0x4c, 0xd1, 0x0f, 0x9c, 0x30, 0x7f, 0xfa,
-	0x1f, 0xa6, 0xc4, 0xc6, 0x4c, 0x0b, 0x2c, 0x7b, 0x84, 0x71, 0x1a, 0x11, 0x07, 0xf9, 0x09, 0xfd,
-	0xe7, 0x98, 0x7e, 0x6d, 0x3c, 0x52, 0xb5, 0x9c, 0x7e, 0x5b, 0x70, 0xeb, 0xe2, 0xbd, 0x8f, 0x8e,
-	0x0f, 0x34, 0xa3, 0xd5, 0x6e, 0xb7, 0x9b, 0x46, 0x4b, 0xb3, 0xaa, 0xb9, 0x40, 0xac, 0xf9, 0x3c,
-	0xb8, 0x88, 0xb9, 0x67, 0xd8, 0x2e, 0xe2, 0x48, 0xf9, 0x7c, 0x45, 0x16, 0x46, 0x9d, 0x52, 0x98,
-	0x7b, 0xdc, 0x33, 0xee, 0x22, 0x8e, 0xac, 0x0b, 0x38, 0x79, 0x82, 0x6f, 0x83, 0x6a, 0x46, 0xb7,
-	0x87, 0x94, 0x63, 0xa6, 0x7c, 0xb1, 0x52, 0x9f, 0x9f, 0x41, 0xc4, 0x84, 0xe3, 0x91, 0xba, 0x94,
-	0xa7, 0xb8, 0xd5, 0xdc, 0xd1, 0xac, 0xc5, 0x54, 0xf8, 0x50, 0x48, 0xc1, 0x4d, 0x00, 0x63, 0x75,
-	0x1c, 0x52, 0x46, 0xb8, 0x4d, 0x02, 0x17, 0x1f, 0x2b, 0x5f, 0xae, 0xc8, 0xa9, 0x58, 0x96, 0xd8,
-	0xd8, 0xf3, 0x92, 0x70, 0xc0, 0x77, 0x00, 0xc8, 0x86, 0x95, 0x29, 0x9f, 0xaa, 0x32, 0x8f, 0xfa,
-	0x94, 0x3c, 0x0e, 0x53, 0xa4, 0x79, 0x75, 0x3c, 0x52, 0x57, 0x0a, 0x89, 0xec, 0xef, 0xef, 0x1a,
-	0x46, 0xab, 0xd9, 0x6e, 0xb7, 0x5b, 0x9a, 0x55, 0x50, 0x84, 0x7b, 0xe0, 0x42, 0x07, 0xf9, 0x28,
-	0x70, 0x30, 0x53, 0x3e, 0x13, 0xea, 0xe5, 0xff, 0xe6, 0x66, 0x68, 0x78, 0x13, 0x54, 0x22, 0x14,
-	0xb8, 0x88, 0xda, 0x7d, 0x72, 0x8c, 0x99, 0xf2, 0xe1, 0x75, 0xd9, 0xb5, 0x95, 0xf1, 0x48, 0xad,
-	0xe5, 0x5d, 0x6b, 0xed, 0xee, 0x6e, 0xb7, 0x64, 0xd7, 0x17, 0x62, 0xf4, 0xab, 0x02, 0x0c, 0x9b,
-	0xe0, 0x22, 0xf3, 0x11, 0xf3, 0x48, 0xd0, 0x63, 0xca, 0x5f, 0xba, 0x8c, 0x5b, 0x1b, 0x8f, 0xd4,
-	0xea, 0xe4, 0xb8, 0x68, 0x56, 0x0e, 0x83, 0xef, 0x83, 0xab, 0x61, 0x84, 0x87, 0x84, 0x0e, 0x98,
-	0x8d, 0x43, 0xea, 0x78, 0x76, 0x61, 0x0f, 0x30, 0xe5, 0x97, 0x96, 0xac, 0xcd, 0x73, 0xd3, 0xbe,
-	0xa1, 0xd7, 0x70, 0xe0, 0x92, 0xa0, 0xf7, 0x42, 0xce, 0xf9, 0x57, 0xbb, 0x76, 0xb6, 0xf6, 0x5b,
-	0x9a, 0xf5, 0x64, 0x1a, 0xe3, 0x9e, 0x08, 0x51, 0x40, 0x33, 0xf8, 0x1e, 0x58, 0x75, 0x06, 0x51,
-	0x84, 0x03, 0x7e, 0x5e, 0xfc, 0x5f, 0x1f, 0x4d, 0x7c, 0x25, 0x09, 0xf1, 0x70, 0x78, 0x06, 0xe0,
-	0xbb, 0x03, 0xc6, 0x49, 0x97, 0x38, 0xd2, 0x62, 0x77, 0x08, 0x67, 0xca, 0x57, 0xb7, 0xea, 0xa5,
-	0x8d, 0x8a, 0x79, 0x67, 0x3c, 0x52, 0x2b, 0x79, 0xf1, 0x0c, 0xed, 0xef, 0x91, 0xda, 0x28, 0x6c,
-	0xb5, 0x30, 0x3a, 0x61, 0x7d, 0xc4, 0x89, 0xe3, 0xa3, 0x0e, 0x6b, 0xf4, 0xe8, 0x66, 0x87, 0xf0,
-	0x2e, 0xc1, 0xbe, 0xab, 0x9b, 0x84, 0x0f, 0xb1, 0xc3, 0x69, 0xb4, 0x63, 0x5d, 0x9a, 0xd0, 0x37,
-	0x09, 0x67, 0xb0, 0x0b, 0x9e, 0xca, 0x8a, 0x9e, 0x78, 0xb1, 0x6b, 0x3b, 0x1e, 0x76, 0x8e, 0x42,
-	0x4a, 0x02, 0xae, 0x7c, 0x7d, 0x4b, 0x7e, 0x5f, 0x4f, 0x4f, 0x19, 0xc9, 0x3b, 0x19, 0xd2, 0xca,
-	0xba, 0xf7, 0x72, 0xaa, 0x93, 0x3b, 0xa1, 0x0b, 0xd6, 0xd2, 0xda, 0x9e, 0x1b, 0xe6, 0x9b, 0x99,
-	0xc3, 0xa4, 0x3d, 0x3a, 0x2f, 0xca, 0x1b, 0xe0, 0x72, 0x97, 0x04, 0xc8, 0x27, 0xa7, 0x93, 0xea,
-	0xdf, 0xce, 0xac, 0x5e, 0xcb, 0xf8, 0xb9, 0x51, 0xfb, 0xa4, 0x04, 0xca, 0x62, 0x45, 0xc3, 0x9b,
-	0x60, 0x39, 0xab, 0xd6, 0x10, 0x47, 0x8c, 0xd0, 0x40, 0x29, 0xc9, 0xfe, 0x2c, 0x4f, 0xf6, 0x67,
-	0x47, 0xb3, 0xaa, 0x29, 0xf2, 0x30, 0x06, 0xc2, 0x7d, 0x50, 0x4d, 0x4b, 0x90, 0x72, 0xe7, 0xa6,
-	0x70, 0x97, 0x12, 0x60, 0x4a, 0xbd, 0x0c, 0x1e, 0x93, 0x13, 0xa9, 0xcc, 0xcb, 0x35, 0x12, 0xbf,
-	0x68, 0x1f, 0xcf, 0x01, 0xf8, 0xf0, 0xd4, 0xc1, 0x3e, 0x58, 0x46, 0xbd, 0x5e, 0x84, 0x7b, 0x85,
-	0x29, 0x8a, 0x93, 0x34, 0x27, 0xe6, 0xb1, 0xb9, 0xb5, 0xb3, 0x27, 0xc6, 0xe8, 0xc6, 0xac, 0x63,
-	0xe4, 0x13, 0xc6, 0xad, 0x6a, 0x41, 0x5b, 0x4e, 0xd0, 0x01, 0x28, 0xcb, 0x45, 0x3c, 0x27, 0x4b,
-	0x7c, 0x6d, 0x4a, 0x89, 0x0b, 0x09, 0xca, 0x75, 0x2c, 0x39, 0xf0, 0x3a, 0xa8, 0x92, 0xc0, 0xf1,
-	0x07, 0xe2, 0x90, 0xb6, 0x8b, 0x7d, 0x74, 0x92, 0x9c, 0x70, 0x29, 0x33, 0xdf, 0x15, 0x56, 0xf8,
-	0x2c, 0x58, 0x0a, 0x23, 0x1a, 0x52, 0x86, 0xa3, 0x64, 0xa3, 0x96, 0x25, 0x6e, 0x31, 0xb5, 0xca,
-	0x6d, 0xaa, 0xdd, 0x06, 0xb5, 0x6c, 0x47, 0xbe, 0x22, 0xef, 0x3f, 0xb1, 0x94, 0xf3, 0xf2, 0x95,
-	0x0a, 0xe5, 0x83, 0x10, 0x94, 0xc5, 0x7d, 0x14, 0x37, 0xc1, 0x92, 0xcf, 0xda, 0x07, 0x25, 0x50,
-	0xbd, 0x9f, 0x5d, 0x37, 0x26, 0xe2, 0x8e, 0x07, 0xdb, 0x93, 0xd7, 0x66, 0x69, 0xe6, 0x5b, 0xb3,
-	0x3d, 0x79, 0x6b, 0xce, 0xcd, 0x7a, 0x69, 0x6a, 0x6f, 0x81, 0x8a, 0xfc, 0xf1, 0x78, 0x30, 0xe8,
-	0xf7, 0x51, 0x74, 0x22, 0x32, 0x95, 0xff, 0x16, 0xa5, 0xc2, 0xaf, 0xc5, 0x39, 0xd9, 0xc3, 0x67,
-	0xc0, 0x62, 0x87, 0x0e, 0x02, 0x17, 0x45, 0x27, 0x32, 0xa6, 0x2c, 0x66, 0xc5, 0xaa, 0xa4, 0x46,
-	0xa1, 0x6e, 0x56, 0xbe, 0x3b, 0x5b, 0x2f, 0x7d, 0x7f, 0xb6, 0x5e, 0xfa, 0xed, 0x6c, 0xbd, 0xd4,
-	0x79, 0x5c, 0xfe, 0xf1, 0x6c, 0xff, 0x13, 0x00, 0x00, 0xff, 0xff, 0x0a, 0x6d, 0xa0, 0x24, 0xba,
-	0x09, 0x00, 0x00,
+	// 1157 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xac, 0x56, 0xcf, 0x6f, 0x1b, 0xc5,
+	0x17, 0x97, 0x13, 0x7f, 0xfb, 0x6d, 0xc7, 0x4e, 0x9c, 0x8c, 0xab, 0x66, 0x49, 0x43, 0xd6, 0x2c,
+	0xa2, 0x8d, 0x50, 0x63, 0x67, 0x9d, 0xc4, 0x4e, 0x52, 0xd1, 0x0a, 0xb7, 0x45, 0x05, 0x81, 0x84,
+	0x36, 0x10, 0x09, 0x81, 0x58, 0x8d, 0x77, 0xc7, 0xbb, 0xd3, 0xac, 0x77, 0x56, 0x3b, 0x63, 0x2b,
+	0x89, 0x84, 0x38, 0x70, 0xe2, 0x80, 0xb8, 0xf0, 0x0f, 0xc0, 0x7f, 0x01, 0x9c, 0xf8, 0x71, 0xe0,
+	0xc8, 0xaf, 0x0b, 0x1c, 0x2c, 0x94, 0x1b, 0x70, 0xc2, 0x47, 0x4e, 0x68, 0x66, 0x76, 0xbd, 0x36,
+	0x8d, 0xc1, 0x07, 0x6e, 0x9e, 0xf7, 0x3e, 0x9f, 0xcf, 0x7b, 0xf3, 0xde, 0xf3, 0x9b, 0x05, 0x7a,
+	0x14, 0x53, 0x4e, 0x6b, 0x6d, 0x8c, 0x1c, 0x1a, 0xd6, 0xa2, 0x7a, 0x54, 0xeb, 0x9b, 0x35, 0x7e,
+	0x1a, 0x61, 0x56, 0x95, 0x1e, 0x78, 0x0d, 0x73, 0x1f, 0xc7, 0xb8, 0xd7, 0xad, 0x2a, 0x4c, 0x35,
+	0xaa, 0x47, 0xd5, 0xbe, 0xb9, 0xba, 0x8e, 0xb9, 0x5f, 0xeb, 0x9b, 0x28, 0x88, 0x7c, 0x64, 0xd6,
+	0x10, 0xe7, 0x98, 0x71, 0xc4, 0x89, 0x00, 0x08, 0xde, 0xaa, 0x3e, 0xe1, 0x57, 0x5c, 0xbb, 0x1d,
+	0x50, 0xe7, 0x38, 0x01, 0xac, 0x4d, 0x00, 0xfa, 0x28, 0x20, 0x2e, 0xe2, 0x34, 0x4e, 0xbc, 0x9b,
+	0x1e, 0xe1, 0x7e, 0xaf, 0x5d, 0x75, 0x68, 0xb7, 0xe6, 0x51, 0x8f, 0xd6, 0xa4, 0xb9, 0xdd, 0xeb,
+	0xc8, 0x93, 0x4a, 0x5a, 0xfc, 0x52, 0x70, 0xe3, 0x83, 0x22, 0x28, 0xb4, 0x64, 0x8c, 0x43, 0x8e,
+	0x38, 0x86, 0x06, 0x28, 0x7a, 0x38, 0xc4, 0x8c, 0x30, 0x9b, 0x93, 0x2e, 0xd6, 0x7e, 0xfd, 0x7f,
+	0x25, 0xb7, 0x91, 0xb7, 0x0a, 0x89, 0xf1, 0x35, 0xd2, 0xc5, 0xb0, 0x0c, 0xf2, 0x2c, 0xa0, 0x5c,
+	0xfb, 0x4d, 0xf9, 0xe4, 0x01, 0x9a, 0x20, 0xdf, 0xa1, 0xf1, 0xb1, 0xf6, 0xbb, 0x30, 0x16, 0xea,
+	0x6b, 0xd5, 0x8b, 0xaf, 0x5f, 0x7d, 0x81, 0xc6, 0xc7, 0x96, 0x84, 0xc2, 0x37, 0x40, 0x39, 0x40,
+	0xe2, 0xfa, 0xea, 0x7a, 0xb6, 0x8f, 0x91, 0x8b, 0x63, 0xed, 0xbb, 0x92, 0x54, 0xd8, 0xc8, 0x14,
+	0x30, 0xf7, 0xab, 0xe9, 0x85, 0xab, 0x2a, 0xdb, 0x96, 0x60, 0x3c, 0x94, 0x04, 0x6b, 0x59, 0xa9,
+	0x8c, 0x99, 0xe0, 0x1e, 0x28, 0x28, 0xcd, 0x98, 0x52, 0xce, 0xb4, 0xef, 0x4b, 0x95, 0xf9, 0x8d,
+	0x62, 0xeb, 0xda, 0x70, 0xa0, 0x43, 0xc6, 0xce, 0x36, 0x19, 0x39, 0xc3, 0x07, 0xc6, 0x9e, 0xb9,
+	0x5f, 0xbf, 0xb5, 0x5d, 0x37, 0x2c, 0x20, 0xb1, 0x96, 0x80, 0x0a, 0xa6, 0xe8, 0x07, 0x4e, 0x98,
+	0x3f, 0xfc, 0x0b, 0x53, 0x62, 0x15, 0xd3, 0x02, 0x4b, 0x3e, 0x61, 0x9c, 0xc6, 0xc4, 0x41, 0x41,
+	0x42, 0xff, 0x51, 0xd1, 0x6f, 0x0c, 0x07, 0xba, 0x91, 0xd1, 0xef, 0x0a, 0x6e, 0x45, 0x9c, 0xbb,
+	0xe8, 0xe4, 0xc0, 0x30, 0x1b, 0xcd, 0x66, 0xb3, 0x6e, 0x36, 0x0c, 0xab, 0x94, 0x09, 0x28, 0xcd,
+	0xe7, 0xc0, 0x15, 0xcc, 0x7d, 0xd3, 0x76, 0x11, 0x47, 0xda, 0xa7, 0x2b, 0xb2, 0x30, 0xfa, 0x94,
+	0xc2, 0x3c, 0xe0, 0xbe, 0x79, 0x1f, 0x71, 0x64, 0x5d, 0xc6, 0xc9, 0x2f, 0xf8, 0x16, 0x28, 0x8d,
+	0xe8, 0x76, 0x9f, 0x72, 0xcc, 0xb4, 0xcf, 0x56, 0x2a, 0xf3, 0x33, 0x88, 0xb4, 0xe0, 0x70, 0xa0,
+	0x2f, 0x66, 0x29, 0x6e, 0xd5, 0x77, 0x0c, 0x6b, 0x21, 0x15, 0x3e, 0x12, 0x52, 0x70, 0x13, 0x40,
+	0xa5, 0x8e, 0x23, 0xca, 0x08, 0xb7, 0x49, 0xe8, 0xe2, 0x13, 0xed, 0xf3, 0x15, 0x39, 0x15, 0x4b,
+	0x12, 0xab, 0x3c, 0x2f, 0x0a, 0x07, 0x7c, 0x1b, 0x80, 0xd1, 0xb0, 0x32, 0xed, 0x63, 0x5d, 0xe6,
+	0x51, 0x99, 0x92, 0xc7, 0x51, 0x8a, 0x6c, 0x5d, 0x1f, 0x0e, 0xf4, 0x95, 0xb1, 0x44, 0xf6, 0xf7,
+	0x77, 0x4d, 0xb3, 0x51, 0x6f, 0x36, 0x9b, 0x0d, 0xc3, 0x1a, 0x53, 0x84, 0x7b, 0xe0, 0x72, 0x1b,
+	0x05, 0x28, 0x74, 0x30, 0xd3, 0x3e, 0x11, 0xea, 0xf9, 0x7f, 0xe6, 0x8e, 0xd0, 0xf0, 0x36, 0x28,
+	0xc6, 0x28, 0x74, 0x11, 0xb5, 0xbb, 0xe4, 0x04, 0x33, 0xed, 0xfd, 0x9b, 0xb2, 0x6b, 0x2b, 0xc3,
+	0x81, 0x5e, 0xce, 0xba, 0xd6, 0xd8, 0xdd, 0xdd, 0x6e, 0xc8, 0xae, 0x17, 0x14, 0xfa, 0x15, 0x01,
+	0x86, 0x75, 0x70, 0x85, 0x05, 0x88, 0xf9, 0x24, 0xf4, 0x98, 0xf6, 0x47, 0x55, 0xc6, 0x2d, 0x0f,
+	0x07, 0x7a, 0x69, 0x72, 0x5c, 0x0c, 0x2b, 0x83, 0xc1, 0x77, 0xc1, 0xf5, 0x28, 0xc6, 0x7d, 0x42,
+	0x7b, 0xcc, 0xc6, 0x11, 0x75, 0x7c, 0x7b, 0x6c, 0x0f, 0x30, 0xed, 0xa7, 0x86, 0xac, 0xcd, 0xb3,
+	0xd3, 0xfe, 0x43, 0xaf, 0xe2, 0xd0, 0x25, 0xa1, 0xf7, 0x7c, 0xc6, 0xf9, 0x5b, 0xbb, 0x76, 0xb6,
+	0xf6, 0x1b, 0x86, 0xf5, 0x44, 0x1a, 0xe3, 0x81, 0x08, 0x31, 0x86, 0x66, 0xf0, 0x1d, 0xb0, 0xea,
+	0xf4, 0xe2, 0x18, 0x87, 0xfc, 0xa2, 0xf8, 0x3f, 0xff, 0x37, 0xf1, 0xb5, 0x24, 0xc4, 0xe3, 0xe1,
+	0x19, 0x80, 0x8f, 0x7a, 0x8c, 0x93, 0x0e, 0x71, 0xa4, 0xc5, 0x6e, 0x13, 0xce, 0xb4, 0x2f, 0xee,
+	0x54, 0x72, 0x1b, 0xc5, 0xd6, 0xbd, 0xe1, 0x40, 0x2f, 0x66, 0xc5, 0x33, 0x8d, 0x3f, 0x07, 0x7a,
+	0x6d, 0x6c, 0xab, 0x45, 0xf1, 0x29, 0xeb, 0x22, 0x4e, 0x9c, 0x00, 0xb5, 0x59, 0xcd, 0xa3, 0x9b,
+	0x6d, 0xc2, 0x3b, 0x04, 0x07, 0x6e, 0xb5, 0x45, 0x78, 0x1f, 0x3b, 0x9c, 0xc6, 0x3b, 0xd6, 0xf2,
+	0x84, 0x7e, 0x8b, 0x70, 0x06, 0x3b, 0xe0, 0xc9, 0x51, 0xd1, 0x13, 0x2f, 0x76, 0x6d, 0xc7, 0xc7,
+	0xce, 0x71, 0x44, 0x49, 0xc8, 0xb5, 0x2f, 0xef, 0xc8, 0xff, 0xd7, 0x53, 0x53, 0x46, 0xf2, 0xde,
+	0x08, 0x69, 0x8d, 0xba, 0xf7, 0x52, 0xaa, 0x93, 0x39, 0xa1, 0x0b, 0xd6, 0xd2, 0xda, 0x5e, 0x18,
+	0xe6, 0xab, 0x99, 0xc3, 0xa4, 0x3d, 0xba, 0x28, 0xca, 0xeb, 0xe0, 0x6a, 0x87, 0x84, 0x28, 0x20,
+	0x67, 0x93, 0xea, 0x5f, 0xcf, 0xac, 0x5e, 0x1e, 0xf1, 0x33, 0xa3, 0xf1, 0x51, 0x0e, 0xe4, 0xc5,
+	0x8a, 0x86, 0xb7, 0xc1, 0xd2, 0xa8, 0x5a, 0x7d, 0x1c, 0x33, 0x42, 0x43, 0x2d, 0x27, 0xfb, 0xb3,
+	0x34, 0xd9, 0x9f, 0x1d, 0xc3, 0x2a, 0xa5, 0xc8, 0x23, 0x05, 0x84, 0xfb, 0xa0, 0x94, 0x96, 0x20,
+	0xe5, 0xce, 0x4d, 0xe1, 0x2e, 0x26, 0xc0, 0x94, 0x7a, 0x15, 0xfc, 0x4f, 0x4e, 0xa4, 0x36, 0x2f,
+	0xd7, 0x88, 0x3a, 0x18, 0x1f, 0xce, 0x01, 0xf8, 0xf8, 0xd4, 0xc1, 0x2e, 0x58, 0x42, 0x9e, 0x17,
+	0x63, 0x6f, 0x6c, 0x8a, 0x54, 0x92, 0xad, 0x89, 0x79, 0xac, 0x6f, 0xed, 0xec, 0x89, 0x31, 0xba,
+	0x35, 0xeb, 0x18, 0x05, 0x84, 0x71, 0xab, 0x34, 0xa6, 0x2d, 0x27, 0xe8, 0x00, 0xe4, 0xe5, 0x22,
+	0x9e, 0x93, 0x25, 0xbe, 0x31, 0xa5, 0xc4, 0x63, 0x09, 0xca, 0x75, 0x2c, 0x39, 0xf0, 0x26, 0x28,
+	0x91, 0xd0, 0x09, 0x7a, 0xe2, 0x92, 0xb6, 0x8b, 0x03, 0x74, 0x9a, 0xdc, 0x70, 0x71, 0x64, 0xbe,
+	0x2f, 0xac, 0xf0, 0x19, 0xb0, 0x18, 0xc5, 0x34, 0xa2, 0x0c, 0xc7, 0xc9, 0x46, 0xcd, 0x4b, 0xdc,
+	0x42, 0x6a, 0x95, 0xdb, 0xd4, 0xb8, 0x0b, 0xca, 0xa3, 0x1d, 0xf9, 0xb2, 0x7c, 0xff, 0xc4, 0x52,
+	0xce, 0xca, 0x97, 0x1b, 0x2b, 0x1f, 0x84, 0x20, 0x2f, 0xde, 0x23, 0xd5, 0x04, 0x4b, 0xfe, 0x36,
+	0xde, 0xcb, 0x81, 0xd2, 0xc3, 0xd1, 0x73, 0xd3, 0x42, 0xdc, 0xf1, 0x61, 0x73, 0xf2, 0xd9, 0xcc,
+	0xcd, 0xfc, 0x6a, 0x36, 0x27, 0x5f, 0xcd, 0xb9, 0x59, 0x1f, 0x4d, 0xe3, 0x4d, 0x50, 0x94, 0x1f,
+	0x1e, 0x87, 0xbd, 0x6e, 0x17, 0xc5, 0xa7, 0x22, 0x53, 0xf9, 0x6d, 0x91, 0x1b, 0xfb, 0xb4, 0xb8,
+	0x20, 0x7b, 0xf8, 0x34, 0x58, 0x68, 0xd3, 0x5e, 0xe8, 0xa2, 0xf8, 0x54, 0xc6, 0x94, 0xc5, 0x2c,
+	0x5a, 0xc5, 0xd4, 0x28, 0xd4, 0x8d, 0x63, 0x50, 0x38, 0x24, 0x5e, 0x48, 0x42, 0x4f, 0x1c, 0x61,
+	0x1d, 0x14, 0x68, 0xfb, 0x11, 0x76, 0xb8, 0x62, 0xa8, 0x41, 0x59, 0x1e, 0x0e, 0xf4, 0x85, 0x2c,
+	0x49, 0x99, 0x9f, 0x42, 0x49, 0xce, 0x06, 0xb8, 0xe4, 0xd2, 0x2e, 0x22, 0x53, 0x06, 0x78, 0xcf,
+	0xb0, 0x12, 0x7f, 0xab, 0xf8, 0xcd, 0xf9, 0x7a, 0xee, 0xdb, 0xf3, 0xf5, 0xdc, 0x2f, 0xe7, 0xeb,
+	0xb9, 0xf6, 0x25, 0xf9, 0x79, 0xb5, 0xfd, 0x57, 0x00, 0x00, 0x00, 0xff, 0xff, 0x46, 0xfb, 0x22,
+	0xe5, 0x27, 0x0a, 0x00, 0x00,
 }
 
 func (m *BeaconState) Marshal() (dAtA []byte, err error) {
@@ -1164,6 +1223,47 @@ func (m *StateSummary) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 	return len(dAtA) - i, nil
 }
 
+func (m *SigningRoot) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *SigningRoot) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *SigningRoot) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if len(m.Domain) > 0 {
+		i -= len(m.Domain)
+		copy(dAtA[i:], m.Domain)
+		i = encodeVarintTypes(dAtA, i, uint64(len(m.Domain)))
+		i--
+		dAtA[i] = 0x12
+	}
+	if len(m.ObjectRoot) > 0 {
+		i -= len(m.ObjectRoot)
+		copy(dAtA[i:], m.ObjectRoot)
+		i = encodeVarintTypes(dAtA, i, uint64(len(m.ObjectRoot)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
+}
+
 func encodeVarintTypes(dAtA []byte, offset int, v uint64) int {
 	offset -= sovTypes(v)
 	base := offset
@@ -1401,6 +1501,26 @@ func (m *StateSummary) Size() (n int) {
 	return n
 }
 
+func (m *SigningRoot) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.ObjectRoot)
+	if l > 0 {
+		n += 1 + l + sovTypes(uint64(l))
+	}
+	l = len(m.Domain)
+	if l > 0 {
+		n += 1 + l + sovTypes(uint64(l))
+	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
+	return n
+}
+
 func sovTypes(x uint64) (n int) {
 	return (math_bits.Len64(x|1) + 6) / 7
 }
@@ -2853,6 +2973,128 @@ func (m *StateSummary) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
+func (m *SigningRoot) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowTypes
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: SigningRoot: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: SigningRoot: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ObjectRoot", wireType)
+			}
+			var byteLen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowTypes
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				byteLen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if byteLen < 0 {
+				return ErrInvalidLengthTypes
+			}
+			postIndex := iNdEx + byteLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.ObjectRoot = append(m.ObjectRoot[:0], dAtA[iNdEx:postIndex]...)
+			if m.ObjectRoot == nil {
+				m.ObjectRoot = []byte{}
+			}
+			iNdEx = postIndex
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Domain", wireType)
+			}
+			var byteLen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowTypes
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				byteLen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if byteLen < 0 {
+				return ErrInvalidLengthTypes
+			}
+			postIndex := iNdEx + byteLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTypes
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Domain = append(m.Domain[:0], dAtA[iNdEx:postIndex]...)
+			if m.Domain == nil {
+				m.Domain = []byte{}
+			}
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipTypes(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if skippy < 0 {
+				return ErrInvalidLengthTypes
+			}
+			if (iNdEx + skippy) < 0 {
+				return ErrInvalidLengthTypes
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
 func skipTypes(dAtA []byte) (n int, err error) {
 	l := len(dAtA)
 	iNdEx := 0

proto/beacon/p2p/v1/types.proto

@@ -86,3 +86,10 @@ message StateSummary {
   // The block root at epoch boundary of the state.
   bytes boundary_root = 3;
 }
+
+message SigningRoot {
+  // The root of the object being signed.
+  bytes object_root = 1 [(gogoproto.moretags) = "ssz-size:\"32\""];
+  // The domain for the particular object being signed.
+  bytes domain = 2 [(gogoproto.moretags) = "ssz-size:\"8\""];
+}

proto/testing/ssz_static_test.go

@@ -130,6 +130,9 @@ func UnmarshalledSSZ(t *testing.T, serializedBytes []byte, folderName string) (i
 		return nil, nil
 	case "Eth1Data":
 		obj = &ethpb.Eth1Data{}
+	case "Eth1Block":
+		t.Skip("Unused type")
+		return nil, nil
 	case "Fork":
 		obj = &pb.Fork{}
 	case "HistoricalBatch":
@@ -146,6 +149,8 @@ func UnmarshalledSSZ(t *testing.T, serializedBytes []byte, folderName string) (i
 		obj = &ethpb.SignedBeaconBlockHeader{}
 	case "SignedVoluntaryExit":
 		obj = &ethpb.SignedVoluntaryExit{}
+	case "SigningRoot":
+		obj = &pb.SigningRoot{}
 	case "Validator":
 		obj = &ethpb.Validator{}
 	case "VoluntaryExit":

shared/bls/BUILD.bazel

@@ -8,7 +8,6 @@ go_library(
     importpath = "github.com/prysmaticlabs/prysm/shared/bls",
     visibility = ["//visibility:public"],
     deps = [
-        "//shared/bytesutil:go_default_library",
         "//shared/featureconfig:go_default_library",
         "//shared/hashutil:go_default_library",
         "//shared/params:go_default_library",

shared/bls/bls.go

@@ -10,7 +10,6 @@ import (
 	"github.com/dgraph-io/ristretto"
 	bls12 "github.com/herumi/bls-eth-go-binary/bls"
 	"github.com/pkg/errors"
-	"github.com/prysmaticlabs/prysm/shared/bytesutil"
 	"github.com/prysmaticlabs/prysm/shared/featureconfig"
 	"github.com/prysmaticlabs/prysm/shared/hashutil"
 	"github.com/prysmaticlabs/prysm/shared/params"
@@ -21,7 +20,7 @@ func init() {
 	if err != nil {
 		panic(err)
 	}
-	bls12.SetETHserialization(true)
+	bls12.SetETHmode(1)
 }
 
 // DomainByteLength length of domain byte array.
@@ -133,11 +132,11 @@ func concatMsgAndDomain(msg []byte, domain uint64) []byte {
 }
 
 // Sign a message using a secret key - in a beacon/validator client.
-func (s *SecretKey) Sign(msg []byte, domain uint64) *Signature {
+func (s *SecretKey) Sign(msg []byte) *Signature {
 	if featureconfig.Get().SkipBLSVerify {
 		return &Signature{}
 	}
-	signature := s.p.SignHashWithDomain(concatMsgAndDomain(msg, domain))
+	signature := s.p.SignByte(msg)
 	return &Signature{s: signature}
 }
 
@@ -172,18 +171,18 @@ func (p *PublicKey) Aggregate(p2 *PublicKey) *PublicKey {
 	return p
 }
 
-// Verify a bls signature given a public key, a message, and a domain.
-func (s *Signature) Verify(msg []byte, pub *PublicKey, domain uint64) bool {
+// Verify a bls signature given a public key, a message.
+func (s *Signature) Verify(msg []byte, pub *PublicKey) bool {
 	if featureconfig.Get().SkipBLSVerify {
 		return true
 	}
-	return s.s.VerifyHashWithDomain(pub.p, concatMsgAndDomain(msg, domain))
+	return s.s.VerifyByte(pub.p, msg)
 }
 
 // VerifyAggregate verifies each public key against its respective message.
 // This is vulnerable to rogue public-key attack. Each user must
 // provide a proof-of-knowledge of the public key.
-func (s *Signature) VerifyAggregate(pubKeys []*PublicKey, msg [][32]byte, domain uint64) bool {
+func (s *Signature) VerifyAggregate(pubKeys []*PublicKey, msg [][32]byte) bool {
 	if featureconfig.Get().SkipBLSVerify {
 		return true
 	}
@@ -194,21 +193,40 @@ func (s *Signature) VerifyAggregate(pubKeys []*PublicKey, msg [][32]byte, domain
 	if size != len(msg) {
 		return false
 	}
-	b := [8]byte{}
-	binary.LittleEndian.PutUint64(b[:], domain)
-	hashWithDomains := make([]byte, 0, size*concatMsgDomainSize)
+	hashes := make([][]byte, 0, len(msg))
 	var rawKeys []bls12.PublicKey
 	for i := 0; i < size; i++ {
-		hashWithDomains = append(hashWithDomains, concatMsgAndDomain(msg[i][:], domain)...)
+		hashes = append(hashes, msg[i][:])
 		rawKeys = append(rawKeys, *pubKeys[i].p)
 	}
-	return s.s.VerifyAggregateHashWithDomain(rawKeys, hashWithDomains)
+	return s.s.VerifyAggregateHashes(rawKeys, hashes)
 }
 
-// VerifyAggregateCommon verifies each public key against its respective message.
+// AggregateVerify verifies each public key against its respective message.
 // This is vulnerable to rogue public-key attack. Each user must
 // provide a proof-of-knowledge of the public key.
-func (s *Signature) VerifyAggregateCommon(pubKeys []*PublicKey, msg [32]byte, domain uint64) bool {
+func (s *Signature) AggregateVerify(pubKeys []*PublicKey, msgs [][32]byte) bool {
+	if featureconfig.Get().SkipBLSVerify {
+		return true
+	}
+	size := len(pubKeys)
+	if size == 0 {
+		return false
+	}
+	if size != len(msgs) {
+		return false
+	}
+	msgSlices := []byte{}
+	var rawKeys []bls12.PublicKey
+	for i := 0; i < size; i++ {
+		msgSlices = append(msgSlices, msgs[i][:]...)
+		rawKeys = append(rawKeys, *pubKeys[i].p)
+	}
+	return s.s.AggregateVerify(rawKeys, msgSlices)
+}
+
+// FastAggregateVerify verifies all the provided pubkeys with their aggregated signature.
+func (s *Signature) FastAggregateVerify(pubKeys []*PublicKey, msg [32]byte) bool {
 	if featureconfig.Get().SkipBLSVerify {
 		return true
 	}
@@ -216,13 +234,12 @@ func (s *Signature) VerifyAggregateCommon(pubKeys []*PublicKey, msg [32]byte, do
 		return false
 	}
 	//#nosec G104
-	aggregated, _ := pubKeys[0].Copy()
-
-	for i := 1; i < len(pubKeys); i++ {
-		aggregated.p.Add(pubKeys[i].p)
+	rawKeys := make([]bls12.PublicKey, len(pubKeys))
+	for i := 0; i < len(pubKeys); i++ {
+		rawKeys[i] = *pubKeys[i].p
 	}
 
-	return s.s.VerifyHashWithDomain(aggregated.p, concatMsgAndDomain(msg[:], domain))
+	return s.s.FastAggregateVerify(rawKeys, msg[:])
 }
 
 // NewAggregateSignature creates a blank aggregate signature.
@@ -274,24 +291,30 @@ func (s *Signature) Marshal() []byte {
 //    epoch = get_current_epoch(state) if message_epoch is None else message_epoch
 //    fork_version = state.fork.previous_version if epoch < state.fork.epoch else state.fork.current_version
 //    return compute_domain(domain_type, fork_version)
-func Domain(domainType [DomainByteLength]byte, forkVersion [ForkVersionByteLength]byte) uint64 {
-
+func Domain(domainType [DomainByteLength]byte, forkVersion [ForkVersionByteLength]byte) []byte {
 	b := []byte{}
 	b = append(b, domainType[:4]...)
 	b = append(b, forkVersion[:4]...)
-	return bytesutil.FromBytes8(b)
+	return b
 }
 
 // ComputeDomain returns the domain version for BLS private key to sign and verify with a zeroed 4-byte
 // array as the fork version.
 //
-// def compute_domain(domain_type: DomainType, fork_version: Version=Version()) -> Domain:
+// def compute_domain(domain_type: DomainType, fork_version: Optional[Version]=None) -> Domain:
 //    """
 //    Return the domain for the ``domain_type`` and ``fork_version``.
 //    """
+//    if fork_version is None:
+//        fork_version = GENESIS_FORK_VERSION
 //    return Domain(domain_type + fork_version)
-func ComputeDomain(domainType [DomainByteLength]byte) uint64 {
-	return Domain(domainType, [4]byte{0, 0, 0, 0})
+func ComputeDomain(domainType [DomainByteLength]byte, forkVersion []byte) []byte {
+	if forkVersion == nil {
+		forkVersion = params.BeaconConfig().GenesisForkVersion
+	}
+	forkBytes := [ForkVersionByteLength]byte{}
+	copy(forkBytes[:], forkVersion)
+	return Domain(domainType, forkBytes)
 }
 
 // HashWithDomain hashes 32 byte message and uint64 domain parameters a Fp2 element

shared/bls/bls_test.go

@@ -29,8 +29,8 @@ func TestSignVerify(t *testing.T) {
 	priv := bls.RandKey()
 	pub := priv.PublicKey()
 	msg := []byte("hello")
-	sig := priv.Sign(msg, 0)
-	if !sig.Verify(msg, pub, 0) {
+	sig := priv.Sign(msg)
+	if !sig.Verify(msg, pub) {
 		t.Error("Signature did not verify")
 	}
 }
@@ -43,13 +43,13 @@ func TestVerifyAggregate(t *testing.T) {
 		msg := [32]byte{'h', 'e', 'l', 'l', 'o', byte(i)}
 		priv := bls.RandKey()
 		pub := priv.PublicKey()
-		sig := priv.Sign(msg[:], 0)
+		sig := priv.Sign(msg[:])
 		pubkeys = append(pubkeys, pub)
 		sigs = append(sigs, sig)
 		msgs = append(msgs, msg)
 	}
 	aggSig := bls.AggregateSignatures(sigs)
-	if !aggSig.VerifyAggregate(pubkeys, msgs, 0) {
+	if !aggSig.VerifyAggregate(pubkeys, msgs) {
 		t.Error("Signature did not verify")
 	}
 }
@@ -61,12 +61,12 @@ func TestVerifyAggregateCommon(t *testing.T) {
 	for i := 0; i < 100; i++ {
 		priv := bls.RandKey()
 		pub := priv.PublicKey()
-		sig := priv.Sign(msg[:], 0)
+		sig := priv.Sign(msg[:])
 		pubkeys = append(pubkeys, pub)
 		sigs = append(sigs, sig)
 	}
 	aggSig := bls.AggregateSignatures(sigs)
-	if !aggSig.VerifyAggregateCommon(pubkeys, msg, 0) {
+	if !aggSig.FastAggregateVerify(pubkeys, msg) {
 		t.Error("Signature did not verify")
 	}
 }
@@ -77,7 +77,7 @@ func TestVerifyAggregate_ReturnsFalseOnEmptyPubKeyList(t *testing.T) {
 	msg := [32]byte{'h', 'e', 'l', 'l', 'o'}
 
 	aggSig := bls.AggregateSignatures(sigs)
-	if aggSig.VerifyAggregateCommon(pubkeys, msg, 0 /*domain*/) != false {
+	if aggSig.FastAggregateVerify(pubkeys, msg) != false {
 		t.Error("Expected VerifyAggregate to return false with empty input " +
 			"of public keys.")
 	}
@@ -86,19 +86,18 @@ func TestVerifyAggregate_ReturnsFalseOnEmptyPubKeyList(t *testing.T) {
 func TestComputeDomain_OK(t *testing.T) {
 	tests := []struct {
 		epoch      uint64
-		domainType uint64
-		domain     uint64
+		domainType [4]byte
+		domain     []byte
 	}{
-		{epoch: 1, domainType: 4, domain: 4},
-		{epoch: 2, domainType: 4, domain: 4},
-		{epoch: 2, domainType: 5, domain: 5},
-		{epoch: 3, domainType: 4, domain: 4},
-		{epoch: 3, domainType: 5, domain: 5},
+		{epoch: 1, domainType: [4]byte{4, 0, 0, 0}, domain: []byte{4, 0, 0, 0, 0, 0, 0, 0}},
+		{epoch: 2, domainType: [4]byte{4, 0, 0, 0}, domain: []byte{4, 0, 0, 0, 0, 0, 0, 0}},
+		{epoch: 2, domainType: [4]byte{5, 0, 0, 0}, domain: []byte{5, 0, 0, 0, 0, 0, 0, 0}},
+		{epoch: 3, domainType: [4]byte{4, 0, 0, 0}, domain: []byte{4, 0, 0, 0, 0, 0, 0, 0}},
+		{epoch: 3, domainType: [4]byte{5, 0, 0, 0}, domain: []byte{5, 0, 0, 0, 0, 0, 0, 0}},
 	}
 	for _, tt := range tests {
-		domain := bls.ComputeDomain(bytesutil.ToBytes4(bytesutil.Bytes4(tt.domainType)))
-		if domain != tt.domain {
-			t.Errorf("wanted domain version: %d, got: %d", tt.domain, domain)
+		if !bytes.Equal(bls.ComputeDomain(tt.domainType, nil), tt.domain) {
+			t.Errorf("wanted domain version: %d, got: %d", tt.domain, bls.ComputeDomain(tt.domainType, nil))
 		}
 	}
 }

shared/bls/spectest/BUILD.bazel

@@ -4,12 +4,11 @@ go_library(
     name = "go_default_library",
     testonly = True,
     srcs = [
-        "aggregate_pubkeys_test.yaml.go",
-        "aggregate_sigs_test.yaml.go",
-        "msg_hash_compressed_test.yaml.go",
-        "msg_hash_uncompressed_test.yaml.go",
-        "priv_to_pub_test.yaml.go",
-        "sign_msg_test.yaml.go",
+        "aggregate_test.yaml.go",
+        "aggregate_verify_test.yaml.go",
+        "fast_aggregate_verify_test.yaml.go",
+        "sign_test.yaml.go",
+        "verify_test.yaml.go",
     ],
     importpath = "github.com/prysmaticlabs/prysm/shared/bls/spectest",
     visibility = ["//visibility:public"],
@@ -19,12 +18,11 @@ go_test(
     name = "go_default_test",
     size = "small",
     srcs = [
-        "aggregate_pubkeys_test.go",
-        "aggregate_sigs_test.go",
-        "msg_hash_compressed_test.go",
-        "msg_hash_uncompressed_test.go",
-        "priv_to_pub_test.go",
-        "sign_msg_test.go",
+        "aggregate_test.go",
+        "aggregate_verify_test.go",
+        "fast_aggregate_verify_test.go",
+        "sign_test.go",
+        "verify_test.go",
     ],
     data = [
         "@eth2_spec_tests_general//:test_data",
@@ -36,6 +34,5 @@ go_test(
         "//shared/bytesutil:go_default_library",
         "//shared/testutil:go_default_library",
         "@com_github_ghodss_yaml//:go_default_library",
-        "@herumi_bls_eth_go_binary//:go_default_library",
     ],
 )

shared/bls/spectest/aggregate_pubkeys_test.go

@@ -1,52 +0,0 @@
-package spectest
-
-import (
-	"bytes"
-	"encoding/hex"
-	"testing"
-
-	"github.com/ghodss/yaml"
-	"github.com/prysmaticlabs/prysm/shared/bls"
-	"github.com/prysmaticlabs/prysm/shared/testutil"
-)
-
-func TestAggregatePubkeysYaml(t *testing.T) {
-	file, err := testutil.BazelFileBytes("tests/general/phase0/bls/aggregate_pubkeys/small/agg_pub_keys/data.yaml")
-	if err != nil {
-		t.Fatalf("Failed to read file: %v", err)
-	}
-
-	test := &AggregatePubkeysTest{}
-	if err := yaml.Unmarshal(file, test); err != nil {
-		t.Fatalf("Failed to unmarshal: %v", err)
-	}
-
-	pubBytes, err := hex.DecodeString(test.Input[0][2:])
-	if err != nil {
-		t.Fatalf("Cannot decode string to bytes: %v", err)
-	}
-	pk, err := bls.PublicKeyFromBytes(pubBytes)
-	if err != nil {
-		t.Fatal(err)
-	}
-	for _, pk2 := range test.Input[1:] {
-		pubBytes2, err := hex.DecodeString(pk2[2:])
-		if err != nil {
-			t.Fatalf("Cannot decode string to bytes: %v", err)
-		}
-		p, err := bls.PublicKeyFromBytes(pubBytes2)
-		if err != nil {
-			t.Fatal(err)
-		}
-		pk.Aggregate(p)
-	}
-
-	outputBytes, err := hex.DecodeString(test.Output[2:])
-	if err != nil {
-		t.Fatalf("Cannot decode string to bytes: %v", err)
-	}
-	if !bytes.Equal(outputBytes, pk.Marshal()) {
-		t.Fatalf("Output does not equal marshaled aggregated public "+
-			"key bytes. wanted %#x but got %#x", outputBytes, pk.Marshal())
-	}
-}

shared/bls/spectest/aggregate_pubkeys_test.yaml.go

@@ -1,9 +0,0 @@
-// Code generated by yaml_to_go. DO NOT EDIT.
-// source: aggregate_pubkeys.yaml
-
-package spectest
-
-type AggregatePubkeysTest struct {
-	Input  []string `json:"input"`
-	Output string   `json:"output" ssz:"size=48"`
-}

shared/bls/spectest/aggregate_test.go

@@ -7,12 +7,12 @@ import (
 	"testing"
 
 	"github.com/ghodss/yaml"
-	"github.com/prysmaticlabs/prysm/shared/bls"
+	bls "github.com/prysmaticlabs/prysm/shared/bls"
 	"github.com/prysmaticlabs/prysm/shared/testutil"
 )
 
-func TestAggregateSignaturesYaml(t *testing.T) {
-	testFolders, testFolderPath := testutil.TestFolders(t, "general", "bls/aggregate_sigs/small")
+func TestAggregateYaml(t *testing.T) {
+	testFolders, testFolderPath := testutil.TestFolders(t, "general", "bls/aggregate/small")
 
 	for _, folder := range testFolders {
 		t.Run(folder.Name(), func(t *testing.T) {
@@ -21,7 +21,7 @@ func TestAggregateSignaturesYaml(t *testing.T) {
 				t.Fatalf("Failed to read file: %v", err)
 			}
 
-			test := &AggregateSigsTest{}
+			test := &AggregateTest{}
 			if err := yaml.Unmarshal(file, test); err != nil {
 				t.Fatalf("Failed to unmarshal: %v", err)
 			}

shared/bls/spectest/aggregate_test.yaml.go

@@ -1,9 +1,9 @@
 // Code generated by yaml_to_go. DO NOT EDIT.
-// source: aggregate_sigs.yaml
+// source: aggregate.yaml
 
 package spectest
 
-type AggregateSigsTest struct {
+type AggregateTest struct {
 	Input  []string `json:"input"`
 	Output string   `json:"output" ssz:"size=96"`
 }

shared/bls/spectest/aggregate_verify_test.go

@@ -0,0 +1,69 @@
+package spectest
+
+import (
+	"encoding/hex"
+	"path"
+	"testing"
+
+	"github.com/ghodss/yaml"
+	bls "github.com/prysmaticlabs/prysm/shared/bls"
+	"github.com/prysmaticlabs/prysm/shared/bytesutil"
+	"github.com/prysmaticlabs/prysm/shared/testutil"
+)
+
+func TestAggregateVerifyYaml(t *testing.T) {
+	testFolders, testFolderPath := testutil.TestFolders(t, "general", "bls/aggregate_verify/small")
+
+	for i, folder := range testFolders {
+		t.Run(folder.Name(), func(t *testing.T) {
+			file, err := testutil.BazelFileBytes(path.Join(testFolderPath, folder.Name(), "data.yaml"))
+			if err != nil {
+				t.Fatalf("Failed to read file: %v", err)
+			}
+			test := &AggregateVerifyTest{}
+			if err := yaml.Unmarshal(file, test); err != nil {
+				t.Fatalf("Failed to unmarshal: %v", err)
+			}
+
+			pubkeys := make([]*bls.PublicKey, 0, len(test.Input.Pairs))
+			msgs := make([][32]byte, 0, len(test.Input.Pairs))
+			for _, pair := range test.Input.Pairs {
+				pkBytes, err := hex.DecodeString(pair.Pubkey[2:])
+				if err != nil {
+					t.Fatalf("Cannot decode string to bytes: %v", err)
+				}
+				pk, err := bls.PublicKeyFromBytes(pkBytes)
+				if err != nil {
+					t.Fatalf("Cannot unmarshal input to secret key: %v", err)
+				}
+				pubkeys = append(pubkeys, pk)
+				msgBytes, err := hex.DecodeString(pair.Message[2:])
+				if err != nil {
+					t.Fatalf("Cannot decode string to bytes: %v", err)
+				}
+				if len(msgBytes) != 32 {
+					t.Fatalf("Message: %#x is not 32 bytes", msgBytes)
+				}
+				msgs = append(msgs, bytesutil.ToBytes32(msgBytes))
+			}
+			sigBytes, err := hex.DecodeString(test.Input.Signature[2:])
+			if err != nil {
+				t.Fatalf("Cannot decode string to bytes: %v", err)
+			}
+			sig, err := bls.SignatureFromBytes(sigBytes)
+			if err != nil {
+				if test.Output == false {
+					return
+				}
+				t.Fatalf("Cannot unmarshal input to signature: %v", err)
+			}
+
+			verified := sig.AggregateVerify(pubkeys, msgs)
+			if verified != test.Output {
+				t.Fatalf("Signature does not match the expected verification output. "+
+					"Expected %#v but received %#v for test case %d", test.Output, verified, i)
+			}
+			t.Log("Success")
+		})
+	}
+}

shared/bls/spectest/aggregate_verify_test.yaml.go

@@ -0,0 +1,15 @@
+// Code generated by yaml_to_go. DO NOT EDIT.
+// source: aggregate_verify.yaml
+
+package spectest
+
+type AggregateVerifyTest struct {
+	Input struct {
+		Pairs []struct {
+			Pubkey  string `json:"pubkey"`
+			Message string `json:"message"`
+		} `json:"pairs"`
+		Signature string `json:"signature"`
+	} `json:"input"`
+	Output bool `json:"output"`
+}

shared/bls/spectest/fast_aggregate_verify_test.go

@@ -0,0 +1,66 @@
+package spectest
+
+import (
+	"encoding/hex"
+	"path"
+	"testing"
+
+	"github.com/ghodss/yaml"
+	bls "github.com/prysmaticlabs/prysm/shared/bls"
+	"github.com/prysmaticlabs/prysm/shared/bytesutil"
+	"github.com/prysmaticlabs/prysm/shared/testutil"
+)
+
+func TestFastAggregateVerifyYaml(t *testing.T) {
+	testFolders, testFolderPath := testutil.TestFolders(t, "general", "bls/fast_aggregate_verify/small")
+
+	for i, folder := range testFolders {
+		t.Run(folder.Name(), func(t *testing.T) {
+			file, err := testutil.BazelFileBytes(path.Join(testFolderPath, folder.Name(), "data.yaml"))
+			if err != nil {
+				t.Fatalf("Failed to read file: %v", err)
+			}
+			test := &FastAggregateVerifyTest{}
+			if err := yaml.Unmarshal(file, test); err != nil {
+				t.Fatalf("Failed to unmarshal: %v", err)
+			}
+
+			pubkeys := make([]*bls.PublicKey, len(test.Input.Pubkeys))
+			for j, raw := range test.Input.Pubkeys {
+				pkBytes, err := hex.DecodeString(raw[2:])
+				if err != nil {
+					t.Fatalf("Cannot decode string to bytes: %v", err)
+				}
+				pk, err := bls.PublicKeyFromBytes(pkBytes)
+				if err != nil {
+					t.Fatalf("Cannot unmarshal input to secret key: %v", err)
+				}
+				pubkeys[j] = pk
+			}
+
+			msgBytes, err := hex.DecodeString(test.Input.Message[2:])
+			if err != nil {
+				t.Fatalf("Cannot decode string to bytes: %v", err)
+			}
+
+			sigBytes, err := hex.DecodeString(test.Input.Signature[2:])
+			if err != nil {
+				t.Fatalf("Cannot decode string to bytes: %v", err)
+			}
+			sig, err := bls.SignatureFromBytes(sigBytes)
+			if err != nil {
+				if test.Output == false {
+					return
+				}
+				t.Fatalf("Cannot unmarshal input to signature: %v", err)
+			}
+
+			verified := sig.FastAggregateVerify(pubkeys, bytesutil.ToBytes32(msgBytes))
+			if verified != test.Output {
+				t.Fatalf("Signature does not match the expected verification output. "+
+					"Expected %#v but received %#v for test case %d", test.Output, verified, i)
+			}
+			t.Log("Success")
+		})
+	}
+}

shared/bls/spectest/fast_aggregate_verify_test.yaml.go

@@ -0,0 +1,13 @@
+// Code generated by yaml_to_go. DO NOT EDIT.
+// source: fast_aggregate_verify.yaml
+
+package spectest
+
+type FastAggregateVerifyTest struct {
+	Input struct {
+		Pubkeys   []string `json:"pubkeys"`
+		Message   string   `json:"message"`
+		Signature string   `json:"signature"`
+	} `json:"input"`
+	Output bool `json:"output"`
+}

shared/bls/spectest/msg_hash_compressed_test.go

@@ -1,72 +0,0 @@
-package spectest
-
-import (
-	"bytes"
-	"encoding/hex"
-	"path"
-	"testing"
-
-	"github.com/ghodss/yaml"
-	bls2 "github.com/herumi/bls-eth-go-binary/bls"
-	"github.com/prysmaticlabs/prysm/shared/bls"
-	"github.com/prysmaticlabs/prysm/shared/bytesutil"
-	"github.com/prysmaticlabs/prysm/shared/testutil"
-)
-
-// Note: This actually tests the underlying library as we don't have a need for
-// HashG2Compressed in our local BLS API.
-func TestMsgHashCompressed(t *testing.T) {
-	testFolders, testFolderPath := testutil.TestFolders(t, "general", "bls/msg_hash_compressed/small")
-
-	for _, folder := range testFolders {
-		t.Run(folder.Name(), func(t *testing.T) {
-			file, err := testutil.BazelFileBytes(path.Join(testFolderPath, folder.Name(), "data.yaml"))
-			if err != nil {
-				t.Fatalf("Failed to read file: %v", err)
-			}
-			test := &MsgHashCompressedTest{}
-			if err := yaml.Unmarshal(file, test); err != nil {
-				t.Fatalf("Failed to unmarshal: %v", err)
-			}
-
-			msgBytes, err := hex.DecodeString(test.Input.Message[2:])
-			if err != nil {
-				t.Fatalf("Cannot decode string to bytes: %v", err)
-			}
-			domain, err := hex.DecodeString(test.Input.Domain[2:])
-			if err != nil {
-				t.Fatalf("Cannot decode string to bytes: %v", err)
-			}
-			hash := bls.HashWithDomain(
-				bytesutil.ToBytes32(msgBytes),
-				bytesutil.ToBytes8(domain),
-			)
-			g2Point := &bls2.G2{}
-			fp2Point := &bls2.Fp2{}
-			err = fp2Point.Deserialize(hash)
-			if err != nil {
-				t.Fatal(err)
-			}
-			err = bls2.MapToG2(g2Point, fp2Point)
-			if err != nil {
-				t.Fatal(err)
-			}
-			compressedHash := g2Point.Serialize()
-
-			var buf []byte
-			for _, innerString := range test.Output {
-				slice, err := hex.DecodeString(innerString[2:])
-				if err != nil {
-					t.Fatalf("Cannot decode string to bytes: %v", err)
-				}
-				buf = append(buf, slice...)
-			}
-			if !bytes.Equal(buf, compressedHash[:]) {
-				t.Logf("Domain=%d", domain)
-				t.Fatalf("Hash does not match the expected output. "+
-					"Expected %#x but received %#x", buf, compressedHash)
-			}
-			t.Logf("Success. Domain=%d", domain)
-		})
-	}
-}

shared/bls/spectest/msg_hash_compressed_test.yaml.go

@@ -1,12 +0,0 @@
-// Code generated by yaml_to_go. DO NOT EDIT.
-// source: g2_compressed.yaml
-
-package spectest
-
-type MsgHashCompressedTest struct {
-	Input struct {
-		Message string `json:"message"`
-		Domain  string `json:"domain"`
-	} `json:"input"`
-	Output []string `json:"output"`
-}

shared/bls/spectest/msg_hash_uncompressed_test.go

@@ -1,67 +0,0 @@
-package spectest
-
-import (
-	"bytes"
-	"encoding/hex"
-	"path"
-	"testing"
-
-	"github.com/ghodss/yaml"
-	bls2 "github.com/herumi/bls-eth-go-binary/bls"
-	"github.com/prysmaticlabs/prysm/shared/bls"
-	"github.com/prysmaticlabs/prysm/shared/bytesutil"
-	"github.com/prysmaticlabs/prysm/shared/testutil"
-)
-
-// Note: This actually tests the underlying library as we don't have a need for
-// HashG2Uncompressed in our local BLS API.
-func TestMsgHashUncompressed(t *testing.T) {
-	t.Skip("The python uncompressed method does not match the go uncompressed method and this isn't very important")
-	testFolders, testFolderPath := testutil.TestFolders(t, "general", "bls/msg_hash_uncompressed/small")
-
-	for _, folder := range testFolders {
-		t.Run(folder.Name(), func(t *testing.T) {
-			file, err := testutil.BazelFileBytes(path.Join(testFolderPath, folder.Name(), "data.yaml"))
-			if err != nil {
-				t.Fatalf("Failed to read file: %v", err)
-			}
-			test := &MsgHashUncompressedTest{}
-			if err := yaml.Unmarshal(file, test); err != nil {
-				t.Fatalf("Failed to unmarshal: %v", err)
-			}
-
-			domain, err := hex.DecodeString(test.Input.Domain[2:])
-			if err != nil {
-				t.Fatalf("Cannot decode string to bytes: %v", err)
-			}
-			msgBytes, err := hex.DecodeString(test.Input.Message[2:])
-			if err != nil {
-				t.Fatalf("Cannot decode string to bytes: %v", err)
-			}
-			hash := bls.HashWithDomain(
-				bytesutil.ToBytes32(msgBytes),
-				bytesutil.ToBytes8(domain),
-			)
-			sig := bls2.HashAndMapToSignature(hash)
-			uncompressed := sig.Serialize()
-
-			var buf []byte
-			for _, outputStrings := range test.Output {
-				for _, innerString := range outputStrings {
-					slice, err := hex.DecodeString(innerString[2:])
-					if err != nil {
-						t.Fatalf("Cannot decode string to bytes: %v", err)
-					}
-					buf = append(buf, slice...)
-				}
-			}
-			if !bytes.Equal(buf, uncompressed[:]) {
-				t.Logf("Domain=%d", domain)
-				t.Logf("Message=%#x", msgBytes)
-				t.Fatalf("Hash does not match the expected output. "+
-					"Expected %#x but received %#x", buf, uncompressed)
-			}
-			t.Logf("Success. Domain=%d", domain)
-		})
-	}
-}

shared/bls/spectest/msg_hash_uncompressed_test.yaml.go

@@ -1,12 +0,0 @@
-// Code generated by yaml_to_go. DO NOT EDIT.
-// source: g2_uncompressed.yaml
-
-package spectest
-
-type MsgHashUncompressedTest struct {
-	Input struct {
-		Message string `json:"message"`
-		Domain  string `json:"domain"`
-	} `json:"input"`
-	Output [][]string `json:"output"`
-}

shared/bls/spectest/priv_to_pub_test.go

@@ -1,46 +0,0 @@
-package spectest
-
-import (
-	"bytes"
-	"encoding/hex"
-	"path"
-	"testing"
-
-	"github.com/ghodss/yaml"
-	"github.com/prysmaticlabs/prysm/shared/bls"
-	"github.com/prysmaticlabs/prysm/shared/testutil"
-)
-
-func TestPrivToPubYaml(t *testing.T) {
-	testFolders, testFolderPath := testutil.TestFolders(t, "general", "bls/priv_to_pub/small")
-
-	for _, folder := range testFolders {
-		t.Run(folder.Name(), func(t *testing.T) {
-			file, err := testutil.BazelFileBytes(path.Join(testFolderPath, folder.Name(), "data.yaml"))
-			if err != nil {
-				t.Fatalf("Failed to read file: %v", err)
-			}
-			test := &PrivToPubTest{}
-			if err := yaml.Unmarshal(file, test); err != nil {
-				t.Fatalf("Failed to unmarshal: %v", err)
-			}
-
-			pkBytes, err := hex.DecodeString(test.Input[2:])
-			if err != nil {
-				t.Fatalf("Cannot decode string to bytes: %v", err)
-			}
-			sk, err := bls.SecretKeyFromBytes(pkBytes)
-			if err != nil {
-				t.Fatalf("Cannot unmarshal input to secret key: %v", err)
-			}
-
-			outputBytes, err := hex.DecodeString(test.Output[2:])
-			if err != nil {
-				t.Fatalf("Cannot decode string to bytes: %v", err)
-			}
-			if !bytes.Equal(outputBytes, sk.PublicKey().Marshal()) {
-				t.Fatalf("Output does not marshaled public key bytes wanted %#x but got %#x", outputBytes, sk.PublicKey().Marshal())
-			}
-		})
-	}
-}

shared/bls/spectest/priv_to_pub_test.yaml.go

@@ -1,9 +0,0 @@
-// Code generated by yaml_to_go. DO NOT EDIT.
-// source: priv_to_pub.yaml
-
-package spectest
-
-type PrivToPubTest struct {
-	Input  string `json:"input"`
-	Output string `json:"output"`
-}

shared/bls/spectest/sign_test.go

@@ -2,20 +2,19 @@ package spectest
 
 import (
 	"bytes"
-	"encoding/binary"
 	"encoding/hex"
 	"path"
 	"testing"
 
 	"github.com/ghodss/yaml"
-	"github.com/prysmaticlabs/prysm/shared/bls"
+	bls "github.com/prysmaticlabs/prysm/shared/bls"
 	"github.com/prysmaticlabs/prysm/shared/testutil"
 )
 
 func TestSignMessageYaml(t *testing.T) {
-	testFolders, testFolderPath := testutil.TestFolders(t, "general", "bls/sign_msg/small")
+	testFolders, testFolderPath := testutil.TestFolders(t, "general", "bls/sign/small")
 
-	for _, folder := range testFolders {
+	for i, folder := range testFolders {
 		t.Run(folder.Name(), func(t *testing.T) {
 			file, err := testutil.BazelFileBytes(path.Join(testFolderPath, folder.Name(), "data.yaml"))
 			if err != nil {
@@ -39,23 +38,22 @@ func TestSignMessageYaml(t *testing.T) {
 			if err != nil {
 				t.Fatalf("Cannot decode string to bytes: %v", err)
 			}
-			domain, err := hex.DecodeString(test.Input.Domain[2:])
-			if err != nil {
-				t.Fatalf("Cannot decode string to bytes: %v", err)
+			sig := sk.Sign(msgBytes)
+
+			if !sig.Verify(msgBytes, sk.PublicKey()) {
+				t.Fatal("could not verify signature")
 			}
-			num := binary.LittleEndian.Uint64(domain)
-			sig := sk.Sign(msgBytes, num)
 
 			outputBytes, err := hex.DecodeString(test.Output[2:])
 			if err != nil {
 				t.Fatalf("Cannot decode string to bytes: %v", err)
 			}
+
 			if !bytes.Equal(outputBytes, sig.Marshal()) {
-				t.Logf("Domain=%d", domain)
-				t.Fatalf("Signature does not match the expected output. "+
-					"Expected %#x but received %#x", outputBytes, sig.Marshal())
+				t.Fatalf("Test Case %d: Signature does not match the expected output. "+
+					"Expected %#x but received %#x", i, outputBytes, sig.Marshal())
 			}
-			t.Logf("Success. Domain=%d", domain)
+			t.Log("Success")
 		})
 	}
 }

shared/bls/spectest/sign_test.yaml.go

@@ -7,7 +7,6 @@ type SignMsgTest struct {
 	Input struct {
 		Privkey string `json:"privkey"`
 		Message string `json:"message"`
-		Domain  string `json:"domain"`
 	} `json:"input"`
 	Output string `json:"output"`
 }

shared/bls/spectest/verify_test.go

@@ -0,0 +1,61 @@
+package spectest
+
+import (
+	"encoding/hex"
+	"path"
+	"testing"
+
+	"github.com/ghodss/yaml"
+	bls "github.com/prysmaticlabs/prysm/shared/bls"
+	"github.com/prysmaticlabs/prysm/shared/testutil"
+)
+
+func TestVerifyMessageYaml(t *testing.T) {
+	testFolders, testFolderPath := testutil.TestFolders(t, "general", "bls/verify/small")
+
+	for i, folder := range testFolders {
+		t.Run(folder.Name(), func(t *testing.T) {
+			file, err := testutil.BazelFileBytes(path.Join(testFolderPath, folder.Name(), "data.yaml"))
+			if err != nil {
+				t.Fatalf("Failed to read file: %v", err)
+			}
+			test := &VerifyMsgTest{}
+			if err := yaml.Unmarshal(file, test); err != nil {
+				t.Fatalf("Failed to unmarshal: %v", err)
+			}
+
+			pkBytes, err := hex.DecodeString(test.Input.Pubkey[2:])
+			if err != nil {
+				t.Fatalf("Cannot decode string to bytes: %v", err)
+			}
+			pk, err := bls.PublicKeyFromBytes(pkBytes)
+			if err != nil {
+				t.Fatalf("Cannot unmarshal input to secret key: %v", err)
+			}
+
+			msgBytes, err := hex.DecodeString(test.Input.Message[2:])
+			if err != nil {
+				t.Fatalf("Cannot decode string to bytes: %v", err)
+			}
+
+			sigBytes, err := hex.DecodeString(test.Input.Signature[2:])
+			if err != nil {
+				t.Fatalf("Cannot decode string to bytes: %v", err)
+			}
+			sig, err := bls.SignatureFromBytes(sigBytes)
+			if err != nil {
+				if test.Output == false {
+					return
+				}
+				t.Fatalf("Cannot unmarshal input to signature: %v", err)
+			}
+
+			verified := sig.Verify(msgBytes, pk)
+			if verified != test.Output {
+				t.Fatalf("Signature does not match the expected verification output. "+
+					"Expected %#v but received %#v for test case %d", test.Output, verified, i)
+			}
+			t.Log("Success")
+		})
+	}
+}

shared/bls/spectest/verify_test.yaml.go

@@ -0,0 +1,13 @@
+// Code generated by yaml_to_go. DO NOT EDIT.
+// source: verify.yaml
+
+package spectest
+
+type VerifyMsgTest struct {
+	Input struct {
+		Pubkey    string `json:"pubkey"`
+		Message   string `json:"message"`
+		Signature string `json:"signature"`
+	} `json:"input"`
+	Output bool `json:"output"`
+}

shared/interop/generate_genesis_state.go

@@ -149,8 +149,12 @@ func createDepositData(privKey *bls.SecretKey, pubKey *bls.PublicKey) (*ethpb.De
 	if err != nil {
 		return nil, err
 	}
-	domain := bls.ComputeDomain(params.BeaconConfig().DomainDeposit)
-	di.Signature = privKey.Sign(sr[:], domain).Marshal()
+	domain := bls.ComputeDomain(params.BeaconConfig().DomainDeposit, nil)
+	root, err := ssz.HashTreeRoot(&pb.SigningRoot{ObjectRoot: sr[:], Domain: domain})
+	if err != nil {
+		return nil, err
+	}
+	di.Signature = privKey.Sign(root[:]).Marshal()
 	return di, nil
 }
 

shared/keystore/BUILD.bazel

@@ -12,6 +12,7 @@ go_library(
     importpath = "github.com/prysmaticlabs/prysm/shared/keystore",
     visibility = ["//visibility:public"],
     deps = [
+        "//proto/beacon/p2p/v1:go_default_library",
         "//shared/bls:go_default_library",
         "//shared/hashutil:go_default_library",
         "//shared/params:go_default_library",
@@ -36,6 +37,7 @@ go_test(
     ],
     embed = [":go_default_library"],
     deps = [
+        "//proto/beacon/p2p/v1:go_default_library",
         "//shared/bls:go_default_library",
         "//shared/bytesutil:go_default_library",
         "//shared/params:go_default_library",

shared/keystore/deposit_input.go

@@ -3,6 +3,7 @@ package keystore
 import (
 	ethpb "github.com/prysmaticlabs/ethereumapis/eth/v1alpha1"
 	"github.com/prysmaticlabs/go-ssz"
+	pb "github.com/prysmaticlabs/prysm/proto/beacon/p2p/v1"
 	"github.com/prysmaticlabs/prysm/shared/bls"
 	"github.com/prysmaticlabs/prysm/shared/hashutil"
 	"github.com/prysmaticlabs/prysm/shared/params"
@@ -34,8 +35,12 @@ func DepositInput(depositKey *Key, withdrawalKey *Key, amountInGwei uint64) (*et
 		return nil, [32]byte{}, err
 	}
 
-	domain := bls.ComputeDomain(params.BeaconConfig().DomainDeposit)
-	di.Signature = depositKey.SecretKey.Sign(sr[:], domain).Marshal()
+	domain := bls.ComputeDomain(params.BeaconConfig().DomainDeposit, nil)
+	root, err := ssz.HashTreeRoot(&pb.SigningRoot{ObjectRoot: sr[:], Domain: domain})
+	if err != nil {
+		return nil, [32]byte{}, err
+	}
+	di.Signature = depositKey.SecretKey.Sign(root[:]).Marshal()
 
 	dr, err := ssz.HashTreeRoot(di)
 	if err != nil {

shared/keystore/deposit_input_test.go

@@ -5,8 +5,8 @@ import (
 	"testing"
 
 	"github.com/prysmaticlabs/go-ssz"
+	pb "github.com/prysmaticlabs/prysm/proto/beacon/p2p/v1"
 	"github.com/prysmaticlabs/prysm/shared/bls"
-	"github.com/prysmaticlabs/prysm/shared/bytesutil"
 	"github.com/prysmaticlabs/prysm/shared/keystore"
 	"github.com/prysmaticlabs/prysm/shared/params"
 )
@@ -38,9 +38,12 @@ func TestDepositInput_GeneratesPb(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-
-	dom := bytesutil.FromBytes4(params.BeaconConfig().DomainDeposit[:])
-	if !sig.Verify(sr[:], k1.PublicKey, dom) {
+	dom := params.BeaconConfig().DomainDeposit
+	root, err := ssz.HashTreeRoot(&pb.SigningRoot{ObjectRoot: sr[:], Domain: dom[:]})
+	if err != nil {
+		t.Fatal(err)
+	}
+	if !sig.Verify(root[:], k1.PublicKey) {
 		t.Error("Invalid proof of deposit input signature")
 	}
 }

shared/params/config.go

@@ -51,7 +51,7 @@ type BeaconChainConfig struct {
 	Eth1FollowDistance               uint64 // Eth1FollowDistance is the number of eth1.0 blocks to wait before considering a new deposit for voting. This only applies after the chain as been started.
 	SafeSlotsToUpdateJustified       uint64 // SafeSlotsToUpdateJustified is the minimal slots needed to update justified check point.
 	AttestationPropagationSlotRange  uint64 // AttestationPropagationSlotRange is the maximum number of slots during which an attestation can be propagated.
-
+	SecondsPerETH1Block              uint64 `yaml:"SECONDS_PER_ETH1_BLOCK"` // SecondsPerETH1Block is the approximate time for a single eth1 block to be produced.
 	// State list lengths
 	EpochsPerHistoricalVector uint64 `yaml:"EPOCHS_PER_HISTORICAL_VECTOR"` // EpochsPerHistoricalVector defines max length in epoch to store old historical stats in beacon state.
 	EpochsPerSlashingsVector  uint64 `yaml:"EPOCHS_PER_SLASHINGS_VECTOR"`  // EpochsPerSlashingsVector defines max length in epoch to store old stats to recompute slashing witness.
@@ -142,6 +142,7 @@ var defaultBeaconConfig = &BeaconChainConfig{
 	Eth1FollowDistance:               1024,
 	SafeSlotsToUpdateJustified:       8,
 	AttestationPropagationSlotRange:  32,
+	SecondsPerETH1Block:              14,
 
 	// State list length constants.
 	EpochsPerHistoricalVector: 65536,
@@ -259,6 +260,7 @@ func MinimalSpecConfig() *BeaconChainConfig {
 	minimalConfig.MinEpochsToInactivityPenalty = 4
 	minimalConfig.Eth1FollowDistance = 16
 	minimalConfig.SafeSlotsToUpdateJustified = 2
+	minimalConfig.SecondsPerETH1Block = 14
 
 	// State vector lengths
 	minimalConfig.EpochsPerHistoricalVector = 64
@@ -286,6 +288,7 @@ func MinimalSpecConfig() *BeaconChainConfig {
 	minimalConfig.DomainRandao = bytesutil.ToBytes4(bytesutil.Bytes4(2))
 	minimalConfig.DomainDeposit = bytesutil.ToBytes4(bytesutil.Bytes4(3))
 	minimalConfig.DomainVoluntaryExit = bytesutil.ToBytes4(bytesutil.Bytes4(4))
+	minimalConfig.GenesisForkVersion = []byte{0, 0, 0, 1}
 
 	minimalConfig.DepositContractTreeDepth = 32
 	minimalConfig.FarFutureEpoch = 1<<64 - 1

shared/testutil/BUILD.bazel

@@ -52,6 +52,5 @@ go_test(
         "//beacon-chain/core/state/stateutils:go_default_library",
         "//shared/bytesutil:go_default_library",
         "//shared/params:go_default_library",
-        "@com_github_prysmaticlabs_go_ssz//:go_default_library",
     ],
 )

shared/testutil/block.go

@@ -166,16 +166,16 @@ func GenerateProposerSlashingForValidator(
 			BodyRoot: []byte{0, 1, 0},
 		},
 	}
-	root, err := ssz.HashTreeRoot(header1.Header)
-	if err != nil {
-		return nil, err
-	}
 	currentEpoch := helpers.CurrentEpoch(bState)
 	domain, err := helpers.Domain(bState.Fork(), currentEpoch, params.BeaconConfig().DomainBeaconProposer)
 	if err != nil {
 		return nil, err
 	}
-	header1.Signature = priv.Sign(root[:], domain).Marshal()
+	root, err := helpers.ComputeSigningRoot(header1.Header, domain)
+	if err != nil {
+		return nil, err
+	}
+	header1.Signature = priv.Sign(root[:]).Marshal()
 
 	header2 := &ethpb.SignedBeaconBlockHeader{
 		Header: &ethpb.BeaconBlockHeader{
@@ -183,11 +183,11 @@ func GenerateProposerSlashingForValidator(
 			BodyRoot: []byte{0, 2, 0},
 		},
 	}
-	root, err = ssz.HashTreeRoot(header2.Header)
+	root, err = helpers.ComputeSigningRoot(header2.Header, domain)
 	if err != nil {
 		return nil, err
 	}
-	header2.Signature = priv.Sign(root[:], domain).Marshal()
+	header2.Signature = priv.Sign(root[:]).Marshal()
 
 	return &ethpb.ProposerSlashing{
 		ProposerIndex: idx,
@@ -239,15 +239,15 @@ func GenerateAttesterSlashingForValidator(
 		},
 		AttestingIndices: []uint64{idx},
 	}
-	dataRoot, err := ssz.HashTreeRoot(att1.Data)
-	if err != nil {
-		return nil, err
-	}
 	domain, err := helpers.Domain(bState.Fork(), currentEpoch, params.BeaconConfig().DomainBeaconAttester)
 	if err != nil {
 		return nil, err
 	}
-	sig := priv.Sign(dataRoot[:], domain)
+	dataRoot, err := helpers.ComputeSigningRoot(att1.Data, domain)
+	if err != nil {
+		return nil, err
+	}
+	sig := priv.Sign(dataRoot[:])
 	att1.Signature = bls.AggregateSignatures([]*bls.Signature{sig}).Marshal()
 
 	att2 := &ethpb.IndexedAttestation{
@@ -265,11 +265,11 @@ func GenerateAttesterSlashingForValidator(
 		},
 		AttestingIndices: []uint64{idx},
 	}
-	dataRoot, err = ssz.HashTreeRoot(att2.Data)
+	dataRoot, err = helpers.ComputeSigningRoot(att2.Data, domain)
 	if err != nil {
 		return nil, err
 	}
-	sig = priv.Sign(dataRoot[:], domain)
+	sig = priv.Sign(dataRoot[:])
 	att2.Signature = bls.AggregateSignatures([]*bls.Signature{sig}).Marshal()
 
 	return &ethpb.AttesterSlashing{
@@ -407,7 +407,7 @@ func GenerateAttestations(bState *stateTrie.BeaconState, privs []*bls.SecretKey,
 			},
 		}
 
-		dataRoot, err := ssz.HashTreeRoot(attData)
+		dataRoot, err := helpers.ComputeSigningRoot(attData, domain)
 		if err != nil {
 			return nil, err
 		}
@@ -419,7 +419,7 @@ func GenerateAttestations(bState *stateTrie.BeaconState, privs []*bls.SecretKey,
 			sigs := []*bls.Signature{}
 			for b := i; b < i+bitsPerAtt; b++ {
 				aggregationBits.SetBitAt(b, true)
-				sigs = append(sigs, privs[committee[b]].Sign(dataRoot[:], domain))
+				sigs = append(sigs, privs[committee[b]].Sign(dataRoot[:]))
 			}
 
 			// bls.AggregateSignatures will return nil if sigs is 0.
@@ -477,15 +477,15 @@ func generateVoluntaryExits(
 				ValidatorIndex: valIndex,
 			},
 		}
-		root, err := ssz.HashTreeRoot(exit.Exit)
-		if err != nil {
-			return nil, err
-		}
 		domain, err := helpers.Domain(bState.Fork(), currentEpoch, params.BeaconConfig().DomainVoluntaryExit)
 		if err != nil {
 			return nil, err
 		}
-		exit.Signature = privs[valIndex].Sign(root[:], domain).Marshal()
+		root, err := helpers.ComputeSigningRoot(exit.Exit, domain)
+		if err != nil {
+			return nil, err
+		}
+		exit.Signature = privs[valIndex].Sign(root[:]).Marshal()
 		voluntaryExits[i] = exit
 	}
 	return voluntaryExits, nil

shared/testutil/deposits.go

@@ -4,6 +4,7 @@ import (
 	"sync"
 	"testing"
 
+	pb "github.com/prysmaticlabs/prysm/proto/beacon/p2p/v1"
 	"github.com/pkg/errors"
 	ethpb "github.com/prysmaticlabs/ethereumapis/eth/v1alpha1"
 	"github.com/prysmaticlabs/go-ssz"
@@ -64,12 +65,16 @@ func DeterministicDepositsAndKeys(numDeposits uint64) ([]*ethpb.Deposit, []*bls.
 				WithdrawalCredentials: withdrawalCreds[:],
 			}
 
-			domain := bls.ComputeDomain(params.BeaconConfig().DomainDeposit)
+			domain := bls.ComputeDomain(params.BeaconConfig().DomainDeposit, nil)
 			root, err := ssz.SigningRoot(depositData)
 			if err != nil {
 				return nil, nil, errors.Wrap(err, "could not get signing root of deposit data")
 			}
-			depositData.Signature = secretKeys[i].Sign(root[:], domain).Marshal()
+			sigRoot, err := ssz.HashTreeRoot(&pb.SigningRoot{ObjectRoot: root[:], Domain: domain})
+			if err != nil {
+				return nil, nil, err
+			}
+			depositData.Signature = secretKeys[i].Sign(sigRoot[:]).Marshal()
 
 			deposit := &ethpb.Deposit{
 				Data: depositData,
@@ -156,6 +161,7 @@ func DeterministicGenesisState(t testing.TB, numValidators uint64) (*stateTrie.B
 	if err != nil {
 		t.Fatal(errors.Wrapf(err, "failed to get genesis beacon state of %d validators", numValidators))
 	}
+	ResetCache()
 	return beaconState, privKeys
 }
 
@@ -228,13 +234,17 @@ func DeterministicDepositsAndKeysSameValidator(numDeposits uint64) ([]*ethpb.Dep
 				WithdrawalCredentials: withdrawalCreds[:],
 			}
 
-			domain := bls.ComputeDomain(params.BeaconConfig().DomainDeposit)
+			domain := bls.ComputeDomain(params.BeaconConfig().DomainDeposit, nil)
 			root, err := ssz.SigningRoot(depositData)
 			if err != nil {
 				return nil, nil, errors.Wrap(err, "could not get signing root of deposit data")
 			}
+			sigRoot, err := ssz.HashTreeRoot(&pb.SigningRoot{ObjectRoot: root[:], Domain: domain})
+			if err != nil {
+				return nil, nil, errors.Wrap(err, "could not get signing root of deposit data and domain")
+			}
 			// Always use the same validator to sign
-			depositData.Signature = secretKeys[1].Sign(root[:], domain).Marshal()
+			depositData.Signature = secretKeys[1].Sign(sigRoot[:]).Marshal()
 
 			deposit := &ethpb.Deposit{
 				Data: depositData,

shared/testutil/deposits_test.go

@@ -9,6 +9,7 @@ import (
 
 func TestSetupInitialDeposits_1024Entries(t *testing.T) {
 	entries := 1
+	ResetCache()
 	deposits, privKeys, err := DeterministicDepositsAndKeys(uint64(entries))
 	if err != nil {
 		t.Fatal(err)
@@ -32,16 +33,17 @@ func TestSetupInitialDeposits_1024Entries(t *testing.T) {
 	if !bytes.Equal(deposits[0].Data.WithdrawalCredentials, expectedWithdrawalCredentialsAt0) {
 		t.Fatalf("incorrect withdrawal credentials, wanted %x but received %x", expectedWithdrawalCredentialsAt0, deposits[0].Data.WithdrawalCredentials)
 	}
-	expectedDepositDataRootAt0 := []byte{0xc2, 0x58, 0x8b, 0xb0, 0x44, 0xf5, 0xe8, 0xaf, 0xb9, 0xb1, 0xcc, 0xb7, 0xe0, 0x83, 0x30, 0x35, 0x83, 0x18, 0xf2, 0x56, 0x27, 0x96, 0xfa, 0xad, 0xce, 0x92, 0x03, 0x50, 0x64, 0xaa, 0xf1, 0x3d}
+	expectedDepositDataRootAt0 := []byte{0xe7, 0x81, 0x7d, 0xef, 0x7d, 0x8c, 0xf3, 0x15, 0x12, 0x5a, 0x77, 0xf7, 0x84, 0x06, 0xeb, 0x3a, 0xb8, 0xaf, 0xf1, 0xc9, 0x9d, 0x9f, 0x41, 0xb5, 0xc9, 0x68, 0xc0, 0xfd, 0x84, 0x8a, 0xf9, 0xe6}
 	if !bytes.Equal(depositDataRoots[0][:], expectedDepositDataRootAt0) {
 		t.Fatalf("incorrect deposit data root, wanted %x but received %x", expectedDepositDataRootAt0, depositDataRoots[0])
 	}
-	expectedSignatureAt0 := []byte{0xb3, 0xb9, 0x6e, 0xba, 0x50, 0xfa, 0x47, 0x49, 0x26, 0xfa, 0x46, 0xbb, 0xea, 0x3c, 0x8c, 0x73, 0x4c, 0x85, 0xc9, 0x70, 0x4e, 0x54, 0xb7, 0x19, 0xe5, 0x4e, 0x1b, 0xc5, 0x83, 0x77, 0xdd, 0x00, 0x30, 0x0b, 0x9e, 0xe4, 0xb0, 0x5b, 0xb2, 0x7b, 0x81, 0x8b, 0x38, 0xeb, 0xa2, 0x89, 0xcb, 0xe0, 0x06, 0x7a, 0x34, 0x56, 0xbc, 0xb8, 0xad, 0x59, 0xd0, 0x17, 0xfc, 0xf0, 0x04, 0xe5, 0xf1, 0xc5, 0xff, 0x1b, 0xf2, 0xe4, 0x89, 0x6b, 0x53, 0x2f, 0x4a, 0xea, 0x4b, 0x4c, 0x47, 0x06, 0x9a, 0x26, 0xe3, 0x85, 0x98, 0xf3, 0xd3, 0x37, 0x04, 0x7b, 0x8d, 0x0b, 0xd5, 0x25, 0xe4, 0x9f, 0xfc, 0xd2}
+	expectedSignatureAt0 := []byte{0xa7, 0xe5, 0x53, 0xde, 0x1b, 0x2a, 0x0c, 0x6f, 0x9f, 0xe1, 0x01, 0x44, 0x9d, 0x54, 0x55, 0x27, 0x55, 0xc6, 0x51, 0x01, 0xe2, 0x77, 0x0d, 0xfe, 0x10, 0xda, 0x1c, 0x34, 0x29, 0xc4, 0xc9, 0x94, 0x98, 0xd6, 0x69, 0x10, 0x09, 0x57, 0x91, 0x05, 0x89, 0xc0, 0x82, 0xdf, 0x53, 0x0f, 0x37, 0x49, 0x12, 0x1c, 0xc0, 0x70, 0x3b, 0x57, 0x0f, 0x61, 0x7d, 0x39, 0x89, 0x35, 0xef, 0x8f, 0x4e, 0xe0, 0x25, 0x8b, 0xac, 0x17, 0xa6, 0xb4, 0x43, 0xe9, 0xba, 0xdd, 0x12, 0x80, 0x5b, 0x50, 0xa6, 0xe2, 0xab, 0x93, 0x80, 0xaf, 0x79, 0xe1, 0x7e, 0x14, 0x75, 0x94, 0x7c, 0xe3, 0xf3, 0x52, 0x7e, 0xf8}
 	if !bytes.Equal(deposits[0].Data.Signature, expectedSignatureAt0) {
 		t.Fatalf("incorrect signature, wanted %x but received %x", expectedSignatureAt0, deposits[0].Data.Signature)
 	}
 
 	entries = 1024
+	ResetCache()
 	deposits, privKeys, err = DeterministicDepositsAndKeys(uint64(entries))
 	if err != nil {
 		t.Fatal(err)
@@ -77,11 +79,11 @@ func TestSetupInitialDeposits_1024Entries(t *testing.T) {
 	if !bytes.Equal(deposits[1023].Data.WithdrawalCredentials, expectedWithdrawalCredentialsAt1023) {
 		t.Fatalf("incorrect withdrawal credentials, wanted %x but received %x", expectedWithdrawalCredentialsAt1023, deposits[1023].Data.WithdrawalCredentials)
 	}
-	expectedDepositDataRootAt1023 := []byte{0x54, 0x45, 0x80, 0xf3, 0xc3, 0x87, 0xdd, 0xfb, 0x1f, 0xf7, 0x03, 0xab, 0x15, 0xc9, 0x5b, 0x56, 0x2c, 0x29, 0x04, 0x7b, 0x17, 0xb4, 0xa0, 0x19, 0x69, 0xd6, 0x45, 0x7d, 0xec, 0x4e, 0x87, 0xfc}
+	expectedDepositDataRootAt1023 := []byte{0xec, 0xd3, 0x60, 0x05, 0x49, 0xdc, 0x62, 0xb3, 0xe9, 0x55, 0xb3, 0x7e, 0x40, 0xab, 0x17, 0x9b, 0x5c, 0x62, 0x02, 0x99, 0xa9, 0x59, 0x5c, 0x99, 0xc8, 0xd3, 0xd5, 0xed, 0xc1, 0x51, 0xc8, 0x54}
 	if !bytes.Equal(depositDataRoots[1023][:], expectedDepositDataRootAt1023) {
 		t.Fatalf("incorrect deposit data root, wanted %x but received %x", expectedDepositDataRootAt1023, depositDataRoots[1023])
 	}
-	expectedSignatureAt1023 := []byte{0xa2, 0xad, 0x23, 0x3b, 0x6d, 0xa0, 0xd9, 0xf8, 0xb4, 0xac, 0xe0, 0xc9, 0xae, 0x25, 0x81, 0xfb, 0xca, 0x2d, 0x0a, 0xed, 0x6a, 0xdc, 0xd6, 0xda, 0x49, 0x0a, 0x75, 0xab, 0x3a, 0x3c, 0xc6, 0x37, 0xec, 0x65, 0xe3, 0x3d, 0xbc, 0x00, 0xad, 0xd8, 0x5f, 0x1e, 0x7b, 0x93, 0xcd, 0x63, 0x74, 0x8e, 0x0c, 0x28, 0x60, 0x4f, 0x99, 0x33, 0x6a, 0x29, 0x21, 0x57, 0xb6, 0xe0, 0x45, 0x9f, 0xaa, 0x10, 0xe9, 0x78, 0x02, 0x01, 0x68, 0x65, 0xcf, 0x6a, 0x4c, 0x2a, 0xd5, 0x5f, 0x37, 0xa1, 0x66, 0x05, 0x2b, 0x55, 0x86, 0xe7, 0x68, 0xb7, 0xfd, 0x76, 0xd5, 0x91, 0x3e, 0xeb, 0x6e, 0x46, 0x3f, 0x6d}
+	expectedSignatureAt1023 := []byte{0xac, 0xd2, 0xa6, 0x84, 0x07, 0x73, 0x23, 0x18, 0x8b, 0x77, 0x71, 0xd0, 0x0c, 0x98, 0x76, 0x1e, 0xc8, 0x88, 0xd0, 0x0e, 0x6c, 0xee, 0xe0, 0x55, 0xa4, 0x18, 0x98, 0x18, 0xb9, 0x02, 0x75, 0xee, 0xd3, 0xe6, 0xe1, 0x36, 0xed, 0x08, 0xfa, 0x19, 0x2f, 0x79, 0x12, 0x58, 0x11, 0x99, 0x50, 0x9a, 0x19, 0x78, 0x6b, 0x50, 0x14, 0xb2, 0x4b, 0x7f, 0xf5, 0xee, 0x3d, 0x96, 0xc8, 0xfc, 0x9e, 0x6b, 0x79, 0x63, 0x39, 0x2d, 0xb4, 0x74, 0xb0, 0xca, 0xb7, 0xd9, 0x21, 0x0d, 0x90, 0x79, 0x0c, 0xa7, 0x6b, 0xe9, 0x80, 0x3a, 0xe7, 0x54, 0x47, 0x38, 0xec, 0x5a, 0x71, 0xfc, 0x89, 0x03, 0x2e, 0xd1}
 	if !bytes.Equal(deposits[1023].Data.Signature, expectedSignatureAt1023) {
 		t.Fatalf("incorrect signature, wanted %x but received %x", expectedSignatureAt1023, deposits[1023].Data.Signature)
 	}

shared/testutil/helpers.go

@@ -8,13 +8,12 @@ import (
 
 	"github.com/pkg/errors"
 	ethpb "github.com/prysmaticlabs/ethereumapis/eth/v1alpha1"
-	"github.com/prysmaticlabs/go-ssz"
+	"github.com/prysmaticlabs/prysm/shared/params"
 
 	"github.com/prysmaticlabs/prysm/beacon-chain/core/helpers"
 	"github.com/prysmaticlabs/prysm/beacon-chain/core/state"
 	stateTrie "github.com/prysmaticlabs/prysm/beacon-chain/state"
 	"github.com/prysmaticlabs/prysm/shared/bls"
-	"github.com/prysmaticlabs/prysm/shared/params"
 )
 
 // RandaoReveal returns a signature of the requested epoch using the beacon proposer private key.
@@ -30,8 +29,12 @@ func RandaoReveal(beaconState *stateTrie.BeaconState, epoch uint64, privKeys []*
 	if err != nil {
 		return nil, err
 	}
+	root, err := helpers.ComputeSigningRoot(epoch, domain)
+	if err != nil {
+		return nil, errors.Wrap(err, "could not compute signing root of epoch")
+	}
 	// We make the previous validator's index sign the message instead of the proposer.
-	epochSignature := privKeys[proposerIdx].Sign(buf, domain)
+	epochSignature := privKeys[proposerIdx].Sign(root[:])
 	return epochSignature.Marshal(), nil
 }
 
@@ -47,8 +50,11 @@ func BlockSignature(
 		return nil, err
 	}
 	block.StateRoot = s[:]
-
-	blockRoot, err := ssz.HashTreeRoot(block)
+	domain, err := helpers.Domain(bState.Fork(), helpers.CurrentEpoch(bState), params.BeaconConfig().DomainBeaconProposer)
+	if err != nil {
+		return nil, err
+	}
+	blockRoot, err := helpers.ComputeSigningRoot(block, domain)
 	if err != nil {
 		return nil, err
 	}
@@ -62,14 +68,10 @@ func BlockSignature(
 	if err != nil {
 		return nil, err
 	}
-	domain, err := helpers.Domain(bState.Fork(), helpers.CurrentEpoch(bState), params.BeaconConfig().DomainBeaconProposer)
-	if err != nil {
-		return nil, err
-	}
 	if err := bState.SetSlot(currentSlot); err != nil {
 		return nil, err
 	}
-	return privKeys[proposerIdx].Sign(blockRoot[:], domain), nil
+	return privKeys[proposerIdx].Sign(blockRoot[:]), nil
 }
 
 // Random32Bytes generates a random 32 byte slice.

shared/testutil/helpers_test.go

@@ -5,7 +5,6 @@ import (
 	"encoding/binary"
 	"testing"
 
-	"github.com/prysmaticlabs/go-ssz"
 	"github.com/prysmaticlabs/prysm/beacon-chain/core/helpers"
 	"github.com/prysmaticlabs/prysm/shared/params"
 )
@@ -23,16 +22,17 @@ func TestBlockSignature(t *testing.T) {
 		t.Error(err)
 	}
 	beaconState.SetSlot(beaconState.Slot() - 1)
-	signingRoot, err := ssz.HashTreeRoot(block.Block)
-	if err != nil {
-		t.Error(err)
-	}
 	epoch := helpers.SlotToEpoch(block.Block.Slot)
 	domain, err := helpers.Domain(beaconState.Fork(), epoch, params.BeaconConfig().DomainBeaconProposer)
 	if err != nil {
 		t.Fatal(err)
 	}
-	blockSig := privKeys[proposerIdx].Sign(signingRoot[:], domain).Marshal()
+	signingRoot, err := helpers.ComputeSigningRoot(block.Block, domain)
+	if err != nil {
+		t.Error(err)
+	}
+
+	blockSig := privKeys[proposerIdx].Sign(signingRoot[:]).Marshal()
 
 	signature, err := BlockSignature(beaconState, block.Block, privKeys)
 	if err != nil {
@@ -63,8 +63,12 @@ func TestRandaoReveal(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
+	root, err := helpers.ComputeSigningRoot(epoch, domain)
+	if err != nil {
+		t.Fatal(err)
+	}
 	// We make the previous validator's index sign the message instead of the proposer.
-	epochSignature := privKeys[proposerIdx].Sign(buf, domain).Marshal()
+	epochSignature := privKeys[proposerIdx].Sign(root[:]).Marshal()
 
 	if !bytes.Equal(randaoReveal[:], epochSignature[:]) {
 		t.Errorf("Expected randao reveals to be equal, received %#x != %#x", randaoReveal[:], epochSignature[:])

shared/testutil/spectest.go

@@ -116,8 +116,8 @@ func RunBlockOperationTest(
 			t.Fatalf("Failed to unmarshal: %v", err)
 		}
 
-		if !proto.Equal(beaconState.CloneInnerState(), postBeaconState) {
-			diff, _ := messagediff.PrettyDiff(beaconState, postBeaconState)
+		if !proto.Equal(beaconState.InnerStateUnsafe(), postBeaconState) {
+			diff, _ := messagediff.PrettyDiff(beaconState.InnerStateUnsafe(), postBeaconState)
 			t.Log(diff)
 			t.Fatal("Post state does not match expected")
 		}

third_party/herumi/herumi.bzl

@@ -8,21 +8,15 @@ Herumi's BLS library for go depends on
 """
 
 def bls_dependencies():
-    # TODO(4804): Update herumi_bls_eth_go_binary and herumi_bls to latest supporting v0.10.0.
     _maybe(
         http_archive,
         name = "herumi_bls_eth_go_binary",
-        strip_prefix = "bls-eth-go-binary-147ed25f233ed0b211e711ed8271606540c58064",
+        strip_prefix = "bls-eth-go-binary-da18d415993a059052dfed16711f2b3bd03c34b8",
         urls = [
-            "https://github.com/herumi/bls-eth-go-binary/archive/147ed25f233ed0b211e711ed8271606540c58064.tar.gz",
+            "https://github.com/herumi/bls-eth-go-binary/archive/da18d415993a059052dfed16711f2b3bd03c34b8.tar.gz",
         ],
-        sha256 = "bbd04f3354f12982e4ef32c62eb13ceb183303ada1ee69e2869553ed35134321",
+        sha256 = "69080ca634f8aaeb0950e19db218811f4bb920a054232e147669ea574ba11ef0",
         build_file = "@prysm//third_party/herumi:bls_eth_go_binary.BUILD",
-        # TODO(4804): Delete this patch after updating this archive to commit 381c62473c28af84f424cfb1521c97e48289174a or later.
-        patches = [
-            "@prysm//third_party/herumi:bls_eth_go_binary_serialization_alloc_fix.patch",  # Integrates changes from PR #5.
-        ],
-        patch_args = ["-p1"],
     )
     _maybe(
         http_archive,
@@ -37,11 +31,11 @@ def bls_dependencies():
     _maybe(
         http_archive,
         name = "herumi_bls",
-        strip_prefix = "bls-b0e010004293a7ffd2a626edc2062950abd09938",
+        strip_prefix = "bls-989e28ede489e5f0e50cfc87e3fd8a8767155b9f",
         urls = [
-            "https://github.com/herumi/bls/archive/b0e010004293a7ffd2a626edc2062950abd09938.tar.gz",
+            "https://github.com/herumi/bls/archive/989e28ede489e5f0e50cfc87e3fd8a8767155b9f.tar.gz",
         ],
-        sha256 = "c7300970c8a639cbbe7465d10f412d6c6ab162b15f2e184b191c9763c2241da4",
+        sha256 = "14b441cc66ca7e6c4e0542dcfc6d9f83f4472f0e7a43efaa1d3ea93e2e2b7491",
         build_file = "@prysm//third_party/herumi:bls.BUILD",
     )
 

tools/benchmark-files-gen/main.go

@@ -133,10 +133,6 @@ func generateMarshalledFullStateAndBlock() error {
 		return errors.Wrap(err, "could not calculate state root")
 	}
 	block.Block.StateRoot = s[:]
-	blockRoot, err := ssz.HashTreeRoot(block.Block)
-	if err != nil {
-		return errors.Wrap(err, "could not get signing root of block")
-	}
 	// Temporarily incrementing the beacon state slot here since BeaconProposerIndex is a
 	// function deterministic on beacon state slot.
 	beaconState.SetSlot(beaconState.Slot() + 1)
@@ -148,10 +144,14 @@ func generateMarshalledFullStateAndBlock() error {
 	if err != nil {
 		return err
 	}
-	block.Signature = privs[proposerIdx].Sign(blockRoot[:], domain).Marshal()
+	blockRoot, err := helpers.ComputeSigningRoot(block.Block, domain)
+	if err != nil {
+		return errors.Wrap(err, "could not get signing root of block")
+	}
+	block.Signature = privs[proposerIdx].Sign(blockRoot[:]).Marshal()
 	beaconState.SetSlot(beaconState.Slot() - 1)
 
-	beaconBytes, err := ssz.Marshal(beaconState)
+	beaconBytes, err := ssz.Marshal(beaconState.InnerStateUnsafe())
 	if err != nil {
 		return err
 	}
@@ -202,7 +202,7 @@ func generate2FullEpochState() error {
 		}
 	}
 
-	beaconBytes, err := ssz.Marshal(beaconState)
+	beaconBytes, err := ssz.Marshal(beaconState.InnerStateUnsafe())
 	if err != nil {
 		return err
 	}

validator/client/BUILD.bazel

@@ -66,6 +66,8 @@ go_test(
     ],
     embed = [":go_default_library"],
     deps = [
+        "//beacon-chain/core/helpers:go_default_library",
+        "//proto/beacon/p2p/v1:go_default_library",
         "//proto/beacon/rpc/v1:go_default_library",
         "//proto/slashing:go_default_library",
         "//shared:go_default_library",
@@ -85,8 +87,8 @@ go_test(
         "@com_github_golang_mock//gomock:go_default_library",
         "@com_github_prysmaticlabs_ethereumapis//eth/v1alpha1:go_default_library",
         "@com_github_prysmaticlabs_go_bitfield//:go_default_library",
-        "@com_github_prysmaticlabs_go_ssz//:go_default_library",
         "@com_github_sirupsen_logrus//:go_default_library",
         "@com_github_sirupsen_logrus//hooks/test:go_default_library",
+        "@in_gopkg_d4l3k_messagediff_v1//:go_default_library",
     ],
 )

validator/client/validator_aggregate.go

@@ -8,7 +8,6 @@ import (
 	"github.com/prometheus/client_golang/prometheus"
 	"github.com/prometheus/client_golang/prometheus/promauto"
 	ethpb "github.com/prysmaticlabs/ethereumapis/eth/v1alpha1"
-	"github.com/prysmaticlabs/go-ssz"
 	"github.com/prysmaticlabs/prysm/beacon-chain/core/helpers"
 	"github.com/prysmaticlabs/prysm/shared/params"
 	"github.com/prysmaticlabs/prysm/shared/roughtime"
@@ -108,12 +107,11 @@ func (v *validator) signSlot(ctx context.Context, pubKey [48]byte, slot uint64)
 		return nil, err
 	}
 
-	slotRoot, err := ssz.HashTreeRoot(slot)
+	root, err := helpers.ComputeSigningRoot(slot, domain.SignatureDomain)
 	if err != nil {
 		return nil, err
 	}
-
-	sig, err := v.keyManager.Sign(pubKey, slotRoot, domain.SignatureDomain)
+	sig, err := v.keyManager.Sign(pubKey, root)
 	if err != nil {
 		return nil, err
 	}

validator/client/validator_attest.go

@@ -10,7 +10,7 @@ import (
 	"github.com/prometheus/client_golang/prometheus/promauto"
 	ethpb "github.com/prysmaticlabs/ethereumapis/eth/v1alpha1"
 	"github.com/prysmaticlabs/go-bitfield"
-	"github.com/prysmaticlabs/go-ssz"
+	"github.com/prysmaticlabs/prysm/beacon-chain/core/helpers"
 	slashpb "github.com/prysmaticlabs/prysm/proto/slashing"
 	"github.com/prysmaticlabs/prysm/shared/bls"
 	"github.com/prysmaticlabs/prysm/shared/bytesutil"
@@ -206,7 +206,7 @@ func (v *validator) signAtt(ctx context.Context, pubKey [48]byte, data *ethpb.At
 		return nil, err
 	}
 
-	root, err := ssz.HashTreeRoot(data)
+	root, err := helpers.ComputeSigningRoot(data, domain.SignatureDomain)
 	if err != nil {
 		return nil, err
 	}
@@ -215,7 +215,7 @@ func (v *validator) signAtt(ctx context.Context, pubKey [48]byte, data *ethpb.At
 	if protectingKeymanager, supported := v.keyManager.(keymanager.ProtectingKeyManager); supported {
 		sig, err = protectingKeymanager.SignAttestation(pubKey, domain.SignatureDomain, data)
 	} else {
-		sig, err = v.keyManager.Sign(pubKey, root, domain.SignatureDomain)
+		sig, err = v.keyManager.Sign(pubKey, root)
 	}
 	if err != nil {
 		return nil, err

validator/client/validator_attest_test.go

@@ -8,16 +8,21 @@ import (
 	"testing"
 	"time"
 
+	"github.com/prysmaticlabs/prysm/shared/bytesutil"
+
 	"github.com/golang/mock/gomock"
 	ethpb "github.com/prysmaticlabs/ethereumapis/eth/v1alpha1"
 	"github.com/prysmaticlabs/go-bitfield"
-	"github.com/prysmaticlabs/go-ssz"
+	"github.com/prysmaticlabs/prysm/beacon-chain/core/helpers"
+	pb "github.com/prysmaticlabs/prysm/proto/beacon/p2p/v1"
 	slashpb "github.com/prysmaticlabs/prysm/proto/slashing"
+	"github.com/prysmaticlabs/prysm/shared/bls"
 	"github.com/prysmaticlabs/prysm/shared/featureconfig"
 	"github.com/prysmaticlabs/prysm/shared/params"
 	"github.com/prysmaticlabs/prysm/shared/roughtime"
 	"github.com/prysmaticlabs/prysm/shared/testutil"
 	logTest "github.com/sirupsen/logrus/hooks/test"
+	"gopkg.in/d4l3k/messagediff.v1"
 )
 
 func TestRequestAttestation_ValidatorDutiesRequestFailure(t *testing.T) {
@@ -87,7 +92,7 @@ func TestAttestToBlockHead_AttestsCorrectly(t *testing.T) {
 	m.validatorClient.EXPECT().DomainData(
 		gomock.Any(), // ctx
 		gomock.Any(), // epoch
-	).Return(&ethpb.DomainResponse{}, nil /*err*/)
+	).Return(&ethpb.DomainResponse{SignatureDomain: bls.Domain(params.BeaconConfig().DomainBeaconAttester, bytesutil.ToBytes4(params.BeaconConfig().GenesisForkVersion))}, nil /*err*/)
 
 	var generatedAttestation *ethpb.Attestation
 	m.validatorClient.EXPECT().ProposeAttestation(
@@ -110,18 +115,30 @@ func TestAttestToBlockHead_AttestsCorrectly(t *testing.T) {
 		AggregationBits: aggregationBitfield,
 	}
 
-	root, err := ssz.HashTreeRoot(expectedAttestation.Data)
+	domain, err := helpers.Domain(&pb.Fork{
+		PreviousVersion: params.BeaconConfig().GenesisForkVersion,
+		CurrentVersion:  params.BeaconConfig().GenesisForkVersion,
+		Epoch:           0,
+	}, 0, params.BeaconConfig().DomainBeaconAttester)
+
 	if err != nil {
 		t.Fatal(err)
 	}
 
-	sig, err := validator.keyManager.Sign(validatorPubKey, root, 0)
+	root, err := helpers.ComputeSigningRoot(expectedAttestation.Data, domain)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	sig, err := validator.keyManager.Sign(validatorPubKey, root)
 	if err != nil {
 		t.Fatal(err)
 	}
 	expectedAttestation.Signature = sig.Marshal()
 	if !reflect.DeepEqual(generatedAttestation, expectedAttestation) {
 		t.Errorf("Incorrectly attested head, wanted %v, received %v", expectedAttestation, generatedAttestation)
+		diff, _ := messagediff.PrettyDiff(expectedAttestation, generatedAttestation)
+		t.Log(diff)
 	}
 }
 

validator/client/validator_propose.go

@@ -11,6 +11,7 @@ import (
 	"github.com/prometheus/client_golang/prometheus/promauto"
 	ethpb "github.com/prysmaticlabs/ethereumapis/eth/v1alpha1"
 	"github.com/prysmaticlabs/go-ssz"
+	"github.com/prysmaticlabs/prysm/beacon-chain/core/helpers"
 	slashpb "github.com/prysmaticlabs/prysm/proto/slashing"
 	"github.com/prysmaticlabs/prysm/shared/bls"
 	"github.com/prysmaticlabs/prysm/shared/bytesutil"
@@ -181,7 +182,11 @@ func (v *validator) signRandaoReveal(ctx context.Context, pubKey [48]byte, epoch
 	}
 	var buf [32]byte
 	binary.LittleEndian.PutUint64(buf[:], epoch)
-	randaoReveal, err := v.keyManager.Sign(pubKey, buf, domain.SignatureDomain)
+	sigRoot, err := helpers.ComputeSigningRoot(epoch, domain.SignatureDomain)
+	if err != nil {
+		return nil, errors.Wrap(err, "could not compute signing root")
+	}
+	randaoReveal, err := v.keyManager.Sign(pubKey, sigRoot)
 	if err != nil {
 		return nil, errors.Wrap(err, "could not sign reveal")
 	}
@@ -211,11 +216,11 @@ func (v *validator) signBlock(ctx context.Context, pubKey [48]byte, epoch uint64
 			return nil, errors.Wrap(err, "could not sign block proposal")
 		}
 	} else {
-		blockRoot, err := ssz.HashTreeRoot(b)
+		blockRoot, err := helpers.ComputeSigningRoot(b, domain.SignatureDomain)
 		if err != nil {
 			return nil, errors.Wrap(err, "could not get signing root")
 		}
-		sig, err = v.keyManager.Sign(pubKey, blockRoot, domain.SignatureDomain)
+		sig, err = v.keyManager.Sign(pubKey, blockRoot)
 		if err != nil {
 			return nil, errors.Wrap(err, "could not sign block proposal")
 		}

validator/keymanager/BUILD.bazel

@@ -23,7 +23,7 @@ go_library(
         "@com_github_sirupsen_logrus//:go_default_library",
         "@com_github_wealdtech_go_eth2_wallet//:go_default_library",
         "@com_github_wealdtech_go_eth2_wallet_store_filesystem//:go_default_library",
-        "@com_github_wealdtech_go_eth2_wallet_types//:go_default_library",
+        "@com_github_wealdtech_go_eth2_wallet_types_v2//:go_default_library",
         "@org_golang_x_crypto//ssh/terminal:go_default_library",
     ],
 )

validator/keymanager/direct.go

@@ -38,9 +38,9 @@ func (km *Direct) FetchValidatingKeys() ([][48]byte, error) {
 }
 
 // Sign signs a message for the validator to broadcast.
-func (km *Direct) Sign(pubKey [48]byte, root [32]byte, domain uint64) (*bls.Signature, error) {
+func (km *Direct) Sign(pubKey [48]byte, root [32]byte) (*bls.Signature, error) {
 	if secretKey, exists := km.secretKeys[pubKey]; exists {
-		return secretKey.Sign(root[:], domain), nil
+		return secretKey.Sign(root[:]), nil
 	}
 	return nil, ErrNoSuchKey
 }

validator/keymanager/direct_test.go

@@ -54,7 +54,7 @@ func TestSignNoSuchKey(t *testing.T) {
 	//	sks = append(sks, bls.RandKey())
 	direct := keymanager.NewDirect(sks)
 
-	sig, err := direct.Sign([48]byte{}, [32]byte{}, 0)
+	sig, err := direct.Sign([48]byte{}, [32]byte{})
 	if err != keymanager.ErrNoSuchKey {
 		t.Fatalf("Incorrect error: expected %v, received %v", keymanager.ErrNoSuchKey, err)
 	}
@@ -68,11 +68,11 @@ func TestSign(t *testing.T) {
 
 	pubKey := bytesutil.ToBytes48(sks[0].PublicKey().Marshal())
 	msg := [32]byte{}
-	sig, err := direct.Sign(pubKey, msg, 0)
+	sig, err := direct.Sign(pubKey, msg)
 	if err != nil {
 		t.Fatalf("Unexpected error: %v", err)
 	}
-	if !sig.Verify(bytesutil.FromBytes32(msg), sks[0].PublicKey(), 0) {
+	if !sig.Verify(bytesutil.FromBytes32(msg), sks[0].PublicKey()) {
 		t.Fatal("Failed to verify generated signature")
 	}
 }

validator/keymanager/keymanager.go

@@ -21,14 +21,14 @@ type KeyManager interface {
 	// FetchValidatingKeys fetches the list of public keys that should be used to validate with.
 	FetchValidatingKeys() ([][48]byte, error)
 	// Sign signs a message for the validator to broadcast.
-	Sign(pubKey [48]byte, root [32]byte, domain uint64) (*bls.Signature, error)
+	Sign(pubKey [48]byte, root [32]byte) (*bls.Signature, error)
 }
 
 // ProtectingKeyManager provides access to a keymanager that protects its clients from slashing events.
 type ProtectingKeyManager interface {
 	// SignProposal signs a block proposal for the validator to broadcast.
-	SignProposal(pubKey [48]byte, domain uint64, data *ethpb.BeaconBlockHeader) (*bls.Signature, error)
+	SignProposal(pubKey [48]byte, domain []byte, data *ethpb.BeaconBlockHeader) (*bls.Signature, error)
 
 	// SignAttestation signs an attestation for the validator to broadcast.
-	SignAttestation(pubKey [48]byte, domain uint64, data *ethpb.AttestationData) (*bls.Signature, error)
+	SignAttestation(pubKey [48]byte, domain []byte, data *ethpb.AttestationData) (*bls.Signature, error)
 }

validator/keymanager/wallet.go

@@ -11,7 +11,7 @@ import (
 	"github.com/prysmaticlabs/prysm/shared/bytesutil"
 	e2wallet "github.com/wealdtech/go-eth2-wallet"
 	filesystem "github.com/wealdtech/go-eth2-wallet-store-filesystem"
-	e2wtypes "github.com/wealdtech/go-eth2-wallet-types"
+	e2wtypes "github.com/wealdtech/go-eth2-wallet-types/v2"
 )
 
 type walletOpts struct {
@@ -115,12 +115,12 @@ func (km *Wallet) FetchValidatingKeys() ([][48]byte, error) {
 }
 
 // Sign signs a message for the validator to broadcast.
-func (km *Wallet) Sign(pubKey [48]byte, root [32]byte, domain uint64) (*bls.Signature, error) {
+func (km *Wallet) Sign(pubKey [48]byte, root [32]byte) (*bls.Signature, error) {
 	account, exists := km.accounts[pubKey]
 	if !exists {
 		return nil, ErrNoSuchKey
 	}
-	sig, err := account.Sign(root[:], domain)
+	sig, err := account.Sign(root[:])
 	if err != nil {
 		return nil, err
 	}