From 33a05109eaa79db5f8d3b6fd5c9ce42fa33422b1 Mon Sep 17 00:00:00 2001 From: Justin Date: Thu, 7 Mar 2019 23:56:03 +0100 Subject: [PATCH 01/13] Fair proposer sampling I think we want `first_committee[epoch % len(first_committee)]` as opposed to `first_committee[slot % len(first_committee)]`. The reason is that if the shuffling happens infrequently and `len(first_committee)` is a multiple of `SLOTS_PER_EPOCH` then the proposers will not be sampled fairly. Taking this logic further, we may want to avoiding always picking the proposer from `first_committee`, e.g.: ``` validators_at_slot = [] for crosslink_committee, _ in get_crosslink_committees_at_slot(state, slot, registry_change): validators_at_slot.append(crosslink_committee) return validators_at_slot[epoch % len(validators_at_slot)] ``` --- specs/core/0_beacon-chain.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/specs/core/0_beacon-chain.md b/specs/core/0_beacon-chain.md index 898fc3c86..dfce48f96 100644 --- a/specs/core/0_beacon-chain.md +++ b/specs/core/0_beacon-chain.md @@ -1002,7 +1002,7 @@ def get_beacon_proposer_index(state: BeaconState, assert previous_epoch <= epoch <= next_epoch first_committee, _ = get_crosslink_committees_at_slot(state, slot, registry_change)[0] - return first_committee[slot % len(first_committee)] + return first_committee[epoch % len(first_committee)] ``` ### `merkle_root` From 1f147486fccf4557c5cfd74f4a4f47a244e6393c Mon Sep 17 00:00:00 2001 From: Justin Date: Fri, 8 Mar 2019 09:57:09 +0100 Subject: [PATCH 02/13] Semantic fork versions and signature domains Fix #706 --- specs/core/0_beacon-chain.md | 23 +++++++++++------------ 1 file changed, 11 insertions(+), 12 deletions(-) diff --git a/specs/core/0_beacon-chain.md b/specs/core/0_beacon-chain.md index 898fc3c86..cfa4782a5 100644 --- a/specs/core/0_beacon-chain.md +++ b/specs/core/0_beacon-chain.md @@ -268,12 +268,12 @@ Code snippets appearing in `this style` are to be interpreted as Python code. | Name | Value | | - | - | -| `DOMAIN_BEACON_BLOCK` | `0` | -| `DOMAIN_RANDAO` | `1` | -| `DOMAIN_ATTESTATION` | `2` | -| `DOMAIN_DEPOSIT` | `3` | -| `DOMAIN_VOLUNTARY_EXIT` | `4` | -| `DOMAIN_TRANSFER` | `5` | +| `DOMAIN_BEACON_BLOCK` | `int_to_bytes4(0)` | +| `DOMAIN_RANDAO` | `int_to_bytes4(1)` | +| `DOMAIN_ATTESTATION` | `int_to_bytes4(2)` | +| `DOMAIN_DEPOSIT` | `int_to_bytes4(3)` | +| `DOMAIN_VOLUNTARY_EXIT` | `int_to_bytes4(4)` | +| `DOMAIN_TRANSFER` | `int_to_bytes4(5)` | ## Data structures @@ -288,9 +288,9 @@ The types are defined topologically to aid in facilitating an executable version ```python { # Previous fork version - 'previous_version': 'uint64', + 'previous_version': 'bytes4', # Current fork version - 'current_version': 'uint64', + 'current_version': 'bytes4', # Fork epoch number 'epoch': 'uint64', } @@ -1107,7 +1107,7 @@ def get_total_balance(state: BeaconState, validators: List[ValidatorIndex]) -> G ```python def get_fork_version(fork: Fork, - epoch: Epoch) -> int: + epoch: Epoch) -> bytes8: """ Return the fork version of the given ``epoch``. """ @@ -1122,12 +1122,11 @@ def get_fork_version(fork: Fork, ```python def get_domain(fork: Fork, epoch: Epoch, - domain_type: int) -> int: + domain_type: bytes4) -> bytes8: """ Get the domain number that represents the fork meta and signature domain. """ - fork_version = get_fork_version(fork, epoch) - return fork_version * 2**32 + domain_type + return get_fork_version(fork, epoch) + domain_type ``` ### `get_bitfield_bit` From a51d7d5db591ada9b7ae01ba37fe4fecf6ca0653 Mon Sep 17 00:00:00 2001 From: Justin Date: Fri, 8 Mar 2019 10:50:45 +0100 Subject: [PATCH 03/13] Update 0_beacon-chain.md --- specs/core/0_beacon-chain.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/specs/core/0_beacon-chain.md b/specs/core/0_beacon-chain.md index cfa4782a5..7b7c58ab0 100644 --- a/specs/core/0_beacon-chain.md +++ b/specs/core/0_beacon-chain.md @@ -1107,7 +1107,7 @@ def get_total_balance(state: BeaconState, validators: List[ValidatorIndex]) -> G ```python def get_fork_version(fork: Fork, - epoch: Epoch) -> bytes8: + epoch: Epoch) -> bytes4: """ Return the fork version of the given ``epoch``. """ From 3aedf1226a5913b3545f35cefcca058a9dfdf9a1 Mon Sep 17 00:00:00 2001 From: Justin Date: Fri, 8 Mar 2019 17:36:58 +0100 Subject: [PATCH 04/13] Update 0_beacon-chain.md Did I get the type casting OK @hwwhww? --- specs/core/0_beacon-chain.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/specs/core/0_beacon-chain.md b/specs/core/0_beacon-chain.md index 7b7c58ab0..9efc73f1a 100644 --- a/specs/core/0_beacon-chain.md +++ b/specs/core/0_beacon-chain.md @@ -1122,11 +1122,11 @@ def get_fork_version(fork: Fork, ```python def get_domain(fork: Fork, epoch: Epoch, - domain_type: bytes4) -> bytes8: + domain_type: bytes4) -> uint64: """ Get the domain number that represents the fork meta and signature domain. """ - return get_fork_version(fork, epoch) + domain_type + return bytes_to_int(get_fork_version(fork, epoch) + domain_type)) ``` ### `get_bitfield_bit` From ecd93468a233ba54af5a7a1492a195c4b3a18db1 Mon Sep 17 00:00:00 2001 From: Justin Date: Fri, 8 Mar 2019 17:38:19 +0100 Subject: [PATCH 05/13] Update 0_beacon-chain.md --- specs/core/0_beacon-chain.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/specs/core/0_beacon-chain.md b/specs/core/0_beacon-chain.md index 9efc73f1a..900708e7a 100644 --- a/specs/core/0_beacon-chain.md +++ b/specs/core/0_beacon-chain.md @@ -1122,7 +1122,7 @@ def get_fork_version(fork: Fork, ```python def get_domain(fork: Fork, epoch: Epoch, - domain_type: bytes4) -> uint64: + domain_type: bytes4) -> int: """ Get the domain number that represents the fork meta and signature domain. """ From 02428ec2520febb41f5be19fb6434d270d49586a Mon Sep 17 00:00:00 2001 From: Justin Date: Sun, 10 Mar 2019 13:25:57 +0100 Subject: [PATCH 06/13] Do not check withdrawal credentials for existing validators We should not invalidate blocks that contain a deposit with an inconsistent withdrawal credential as that would stall the chain. --- specs/core/0_beacon-chain.md | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/specs/core/0_beacon-chain.md b/specs/core/0_beacon-chain.md index c88155f77..25e8085de 100644 --- a/specs/core/0_beacon-chain.md +++ b/specs/core/0_beacon-chain.md @@ -1341,10 +1341,7 @@ def process_deposit(state: BeaconState, deposit: Deposit) -> None: state.validator_balances.append(amount) else: # Increase balance by deposit amount - index = validator_pubkeys.index(pubkey) - assert state.validator_registry[index].withdrawal_credentials == withdrawal_credentials - - state.validator_balances[index] += amount + state.validator_balances[validator_pubkeys.index(pubkey)] += amount ``` ### Routines for updating validator status From 0704297480b5706927999e4c337071a0e8d4abe4 Mon Sep 17 00:00:00 2001 From: Justin Date: Mon, 11 Mar 2019 17:28:39 +0100 Subject: [PATCH 07/13] Update 0_beacon-chain.md --- specs/core/0_beacon-chain.md | 28 +++++++++++++--------------- 1 file changed, 13 insertions(+), 15 deletions(-) diff --git a/specs/core/0_beacon-chain.md b/specs/core/0_beacon-chain.md index 25e8085de..5d824f288 100644 --- a/specs/core/0_beacon-chain.md +++ b/specs/core/0_beacon-chain.md @@ -1303,21 +1303,6 @@ def process_deposit(state: BeaconState, deposit: Deposit) -> None: # create an invalid Merkle branch, it may admit an invalid deposit # object, and we need to be able to skip over it state.deposit_index += 1 - - # Verify the proof of possession - proof_is_valid = bls_verify( - pubkey=deposit_input.pubkey, - message_hash=signed_root(deposit_input), - signature=deposit_input.proof_of_possession, - domain=get_domain( - state.fork, - get_current_epoch(state), - DOMAIN_DEPOSIT, - ) - ) - - if not proof_is_valid: - return validator_pubkeys = [v.pubkey for v in state.validator_registry] pubkey = deposit_input.pubkey @@ -1325,6 +1310,19 @@ def process_deposit(state: BeaconState, deposit: Deposit) -> None: withdrawal_credentials = deposit_input.withdrawal_credentials if pubkey not in validator_pubkeys: + # Verify the proof of possession + if not bls_verify( + pubkey=deposit_input.pubkey, + message_hash=signed_root(deposit_input), + signature=deposit_input.proof_of_possession, + domain=get_domain( + state.fork, + get_current_epoch(state), + DOMAIN_DEPOSIT, + ) + ): + return + # Add new validator validator = Validator( pubkey=pubkey, From 2e6c5171175bbb9f4d01ab229afda3246d7b6be4 Mon Sep 17 00:00:00 2001 From: Justin Date: Tue, 12 Mar 2019 11:59:08 +0000 Subject: [PATCH 08/13] CC0 1.0 Universal for repo --- LICENSE | 116 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 116 insertions(+) create mode 100644 LICENSE diff --git a/LICENSE b/LICENSE new file mode 100644 index 000000000..670154e35 --- /dev/null +++ b/LICENSE @@ -0,0 +1,116 @@ +CC0 1.0 Universal + +Statement of Purpose + +The laws of most jurisdictions throughout the world automatically confer +exclusive Copyright and Related Rights (defined below) upon the creator and +subsequent owner(s) (each and all, an "owner") of an original work of +authorship and/or a database (each, a "Work"). + +Certain owners wish to permanently relinquish those rights to a Work for the +purpose of contributing to a commons of creative, cultural and scientific +works ("Commons") that the public can reliably and without fear of later +claims of infringement build upon, modify, incorporate in other works, reuse +and redistribute as freely as possible in any form whatsoever and for any +purposes, including without limitation commercial purposes. These owners may +contribute to the Commons to promote the ideal of a free culture and the +further production of creative, cultural and scientific works, or to gain +reputation or greater distribution for their Work in part through the use and +efforts of others. + +For these and/or other purposes and motivations, and without any expectation +of additional consideration or compensation, the person associating CC0 with a +Work (the "Affirmer"), to the extent that he or she is an owner of Copyright +and Related Rights in the Work, voluntarily elects to apply CC0 to the Work +and publicly distribute the Work under its terms, with knowledge of his or her +Copyright and Related Rights in the Work and the meaning and intended legal +effect of CC0 on those rights. + +1. Copyright and Related Rights. A Work made available under CC0 may be +protected by copyright and related or neighboring rights ("Copyright and +Related Rights"). Copyright and Related Rights include, but are not limited +to, the following: + + i. the right to reproduce, adapt, distribute, perform, display, communicate, + and translate a Work; + + ii. moral rights retained by the original author(s) and/or performer(s); + + iii. publicity and privacy rights pertaining to a person's image or likeness + depicted in a Work; + + iv. rights protecting against unfair competition in regards to a Work, + subject to the limitations in paragraph 4(a), below; + + v. rights protecting the extraction, dissemination, use and reuse of data in + a Work; + + vi. database rights (such as those arising under Directive 96/9/EC of the + European Parliament and of the Council of 11 March 1996 on the legal + protection of databases, and under any national implementation thereof, + including any amended or successor version of such directive); and + + vii. other similar, equivalent or corresponding rights throughout the world + based on applicable law or treaty, and any national implementations thereof. + +2. Waiver. To the greatest extent permitted by, but not in contravention of, +applicable law, Affirmer hereby overtly, fully, permanently, irrevocably and +unconditionally waives, abandons, and surrenders all of Affirmer's Copyright +and Related Rights and associated claims and causes of action, whether now +known or unknown (including existing as well as future claims and causes of +action), in the Work (i) in all territories worldwide, (ii) for the maximum +duration provided by applicable law or treaty (including future time +extensions), (iii) in any current or future medium and for any number of +copies, and (iv) for any purpose whatsoever, including without limitation +commercial, advertising or promotional purposes (the "Waiver"). Affirmer makes +the Waiver for the benefit of each member of the public at large and to the +detriment of Affirmer's heirs and successors, fully intending that such Waiver +shall not be subject to revocation, rescission, cancellation, termination, or +any other legal or equitable action to disrupt the quiet enjoyment of the Work +by the public as contemplated by Affirmer's express Statement of Purpose. + +3. Public License Fallback. Should any part of the Waiver for any reason be +judged legally invalid or ineffective under applicable law, then the Waiver +shall be preserved to the maximum extent permitted taking into account +Affirmer's express Statement of Purpose. In addition, to the extent the Waiver +is so judged Affirmer hereby grants to each affected person a royalty-free, +non transferable, non sublicensable, non exclusive, irrevocable and +unconditional license to exercise Affirmer's Copyright and Related Rights in +the Work (i) in all territories worldwide, (ii) for the maximum duration +provided by applicable law or treaty (including future time extensions), (iii) +in any current or future medium and for any number of copies, and (iv) for any +purpose whatsoever, including without limitation commercial, advertising or +promotional purposes (the "License"). The License shall be deemed effective as +of the date CC0 was applied by Affirmer to the Work. Should any part of the +License for any reason be judged legally invalid or ineffective under +applicable law, such partial invalidity or ineffectiveness shall not +invalidate the remainder of the License, and in such case Affirmer hereby +affirms that he or she will not (i) exercise any of his or her remaining +Copyright and Related Rights in the Work or (ii) assert any associated claims +and causes of action with respect to the Work, in either case contrary to +Affirmer's express Statement of Purpose. + +4. Limitations and Disclaimers. + + a. No trademark or patent rights held by Affirmer are waived, abandoned, + surrendered, licensed or otherwise affected by this document. + + b. Affirmer offers the Work as-is and makes no representations or warranties + of any kind concerning the Work, express, implied, statutory or otherwise, + including without limitation warranties of title, merchantability, fitness + for a particular purpose, non infringement, or the absence of latent or + other defects, accuracy, or the present or absence of errors, whether or not + discoverable, all to the greatest extent permissible under applicable law. + + c. Affirmer disclaims responsibility for clearing rights of other persons + that may apply to the Work or any use thereof, including without limitation + any person's Copyright and Related Rights in the Work. Further, Affirmer + disclaims responsibility for obtaining any necessary consents, permissions + or other rights required for any use of the Work. + + d. Affirmer understands and acknowledges that Creative Commons is not a + party to this document and has no duty or obligation with respect to this + CC0 or use of the Work. + +For more information, please see + From 64ba3a31073346d278b66f42bc656ce214580043 Mon Sep 17 00:00:00 2001 From: Justin Date: Tue, 12 Mar 2019 12:24:37 +0000 Subject: [PATCH 09/13] Epoch-based proposer slashing See #675 item 25. --- specs/core/0_beacon-chain.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/specs/core/0_beacon-chain.md b/specs/core/0_beacon-chain.md index ceca50962..cfb87e91e 100644 --- a/specs/core/0_beacon-chain.md +++ b/specs/core/0_beacon-chain.md @@ -2306,7 +2306,7 @@ def process_proposer_slashing(state: BeaconState, """ proposer = state.validator_registry[proposer_slashing.proposer_index] # Verify that the slot is the same - assert proposer_slashing.header_1.slot == proposer_slashing.header_2.slot + assert slot_to_epoch(proposer_slashing.header_1.slot) == slot_to_epoch(proposer_slashing.header_2.slot) # But the headers are different assert proposer_slashing.header_1 != proposer_slashing.header_2 # Proposer is not yet slashed From d8a3048f2c119687e92072fe797fa1d377b3948f Mon Sep 17 00:00:00 2001 From: Justin Date: Tue, 12 Mar 2019 12:36:09 +0000 Subject: [PATCH 10/13] Update 0_beacon-chain.md --- specs/core/0_beacon-chain.md | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/specs/core/0_beacon-chain.md b/specs/core/0_beacon-chain.md index 900708e7a..b2696892f 100644 --- a/specs/core/0_beacon-chain.md +++ b/specs/core/0_beacon-chain.md @@ -268,12 +268,12 @@ Code snippets appearing in `this style` are to be interpreted as Python code. | Name | Value | | - | - | -| `DOMAIN_BEACON_BLOCK` | `int_to_bytes4(0)` | -| `DOMAIN_RANDAO` | `int_to_bytes4(1)` | -| `DOMAIN_ATTESTATION` | `int_to_bytes4(2)` | -| `DOMAIN_DEPOSIT` | `int_to_bytes4(3)` | -| `DOMAIN_VOLUNTARY_EXIT` | `int_to_bytes4(4)` | -| `DOMAIN_TRANSFER` | `int_to_bytes4(5)` | +| `DOMAIN_BEACON_BLOCK` | `0` | +| `DOMAIN_RANDAO` | `1` | +| `DOMAIN_ATTESTATION` | `2` | +| `DOMAIN_DEPOSIT` | `3` | +| `DOMAIN_VOLUNTARY_EXIT` | `4` | +| `DOMAIN_TRANSFER` | `5` | ## Data structures @@ -1107,7 +1107,7 @@ def get_total_balance(state: BeaconState, validators: List[ValidatorIndex]) -> G ```python def get_fork_version(fork: Fork, - epoch: Epoch) -> bytes4: + epoch: Epoch) -> bytes: """ Return the fork version of the given ``epoch``. """ @@ -1122,11 +1122,11 @@ def get_fork_version(fork: Fork, ```python def get_domain(fork: Fork, epoch: Epoch, - domain_type: bytes4) -> int: + domain_type: int) -> int: """ Get the domain number that represents the fork meta and signature domain. """ - return bytes_to_int(get_fork_version(fork, epoch) + domain_type)) + return bytes_to_int(get_fork_version(fork, epoch) + int_to_bytes4(domain_type)) ``` ### `get_bitfield_bit` From 0f120415b5f4d7da9dbd88ecb38bc80952f8b30e Mon Sep 17 00:00:00 2001 From: Hsiao-Wei Wang Date: Tue, 12 Mar 2019 16:49:04 +0100 Subject: [PATCH 11/13] Update specs/core/0_beacon-chain.md Co-Authored-By: JustinDrake --- specs/core/0_beacon-chain.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/specs/core/0_beacon-chain.md b/specs/core/0_beacon-chain.md index cfb87e91e..9571c23db 100644 --- a/specs/core/0_beacon-chain.md +++ b/specs/core/0_beacon-chain.md @@ -2305,7 +2305,7 @@ def process_proposer_slashing(state: BeaconState, Note that this function mutates ``state``. """ proposer = state.validator_registry[proposer_slashing.proposer_index] - # Verify that the slot is the same + # Verify that the epoch is the same assert slot_to_epoch(proposer_slashing.header_1.slot) == slot_to_epoch(proposer_slashing.header_2.slot) # But the headers are different assert proposer_slashing.header_1 != proposer_slashing.header_2 From 25f6647ef2a5a01a9000e658b276b609fb03479d Mon Sep 17 00:00:00 2001 From: Danny Ryan Date: Tue, 12 Mar 2019 11:07:20 -0600 Subject: [PATCH 12/13] minor formatting --- specs/core/0_beacon-chain.md | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/specs/core/0_beacon-chain.md b/specs/core/0_beacon-chain.md index a76da5ec3..b4554e0fd 100644 --- a/specs/core/0_beacon-chain.md +++ b/specs/core/0_beacon-chain.md @@ -1288,7 +1288,7 @@ def process_deposit(state: BeaconState, deposit: Deposit) -> None: serialized_deposit_data = serialize(deposit.deposit_data) # Deposits must be processed in order assert deposit.index == state.deposit_index - + # Verify the Merkle branch merkle_branch_is_valid = verify_merkle_branch( leaf=hash(serialized_deposit_data), @@ -1298,7 +1298,7 @@ def process_deposit(state: BeaconState, deposit: Deposit) -> None: root=state.latest_eth1_data.deposit_root, ) assert merkle_branch_is_valid - + # Increment the next deposit index we are expecting. Note that this # needs to be done here because while the deposit contract will never # create an invalid Merkle branch, it may admit an invalid deposit @@ -1312,7 +1312,7 @@ def process_deposit(state: BeaconState, deposit: Deposit) -> None: if pubkey not in validator_pubkeys: # Verify the proof of possession - if not bls_verify( + proof_is_valid = bls_verify( pubkey=deposit_input.pubkey, message_hash=signed_root(deposit_input), signature=deposit_input.proof_of_possession, @@ -1321,7 +1321,8 @@ def process_deposit(state: BeaconState, deposit: Deposit) -> None: get_current_epoch(state), DOMAIN_DEPOSIT, ) - ): + ) + if not proof_is_valid: return # Add new validator From a68b050053bcb08b5c0faa14348ecc88773dd137 Mon Sep 17 00:00:00 2001 From: Danny Ryan Date: Tue, 12 Mar 2019 11:35:59 -0600 Subject: [PATCH 13/13] set fork values in genesis as bytes4 --- specs/core/0_beacon-chain.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/specs/core/0_beacon-chain.md b/specs/core/0_beacon-chain.md index 21bf3e7a6..bb3d5269c 100644 --- a/specs/core/0_beacon-chain.md +++ b/specs/core/0_beacon-chain.md @@ -1517,8 +1517,8 @@ def get_genesis_beacon_state(genesis_validator_deposits: List[Deposit], slot=GENESIS_SLOT, genesis_time=genesis_time, fork=Fork( - previous_version=GENESIS_FORK_VERSION, - current_version=GENESIS_FORK_VERSION, + previous_version=int_to_bytes4(GENESIS_FORK_VERSION), + current_version=int_to_bytes4(GENESIS_FORK_VERSION), epoch=GENESIS_EPOCH, ),