mirror of
https://source.quilibrium.com/quilibrium/ceremonyclient.git
synced 2024-12-28 17:45:17 +00:00
367566ea88
commit 8e57cb3c50417665495617721687da33f7ae2a33
Author: Cassandra Heart <cassandra@quilibrium.com>
Date: Mon May 27 00:06:39 2024 -0500
remove binaries, release ready
commit a032474e5f420707ae1b61f2cb1bcf87a7de113c
Author: Cassandra Heart <cassandra@quilibrium.com>
Date: Mon May 27 00:04:25 2024 -0500
Signatory #8 added
commit 86ab72ea75a366045052daa2a5c71f4f1e2de717
Author: Cassandra Heart <cassandra@quilibrium.com>
Date: Sun May 26 23:55:02 2024 -0500
Signatory #1 added
commit 9853bbff1c18bb941b4563acf3afbbc72846e57a
Author: Cassandra Heart <cassandra@quilibrium.com>
Date: Sun May 26 23:52:43 2024 -0500
Signatory #16 added
commit d1eb0bd2b2e0aab92cbe1c9ca8c43dc19d93eb22
Author: Cassandra Heart <cassandra@quilibrium.com>
Date: Sun May 26 23:24:51 2024 -0500
Signatory #2 added
commit 270591416ba2817c879471ea27bc93769bb22819
Author: Cassandra Heart <cassandra@quilibrium.com>
Date: Sun May 26 22:33:53 2024 -0500
Signatory #3 added
commit ea767f9eaa5de1e7e00e3e87ff2760a23377205b
Author: Cassandra Heart <cassandra@quilibrium.com>
Date: Sun May 26 22:10:50 2024 -0500
Signatory #12 added
commit e73a0a005a01b8045859673781f3e2d6360f13f8
Author: Cassandra Heart <cassandra@quilibrium.com>
Date: Sun May 26 22:09:07 2024 -0500
Signatory #17 added
commit 07be249c52682c66c91a07df6eeb0eadf41603b5
Author: Cassandra Heart <cassandra@quilibrium.com>
Date: Sun May 26 22:04:40 2024 -0500
Signatory #14 added
commit dbc014b8127e6452e31609b130ea68759a3c1f4a
Author: 0xOzgur <29779769+0xOzgur@users.noreply.github.com>
Date: Mon May 27 05:55:21 2024 +0300
Signatory #4 added (#223)
commit 13407f6ff3347bd57fbacabda42d60d0285a927f
Author: Cassandra Heart <cassandra@quilibrium.com>
Date: Sun May 26 21:34:26 2024 -0500
Signatory #13 added
commit 3731de7b66bd403c92bb7d66db25890567652e9d
Author: Cassandra Heart <cassandra@quilibrium.com>
Date: Sun May 26 21:33:50 2024 -0500
add digests
commit b0a3493dd2f6162d7e02e9cb10aa482fb3ff6e9b
Author: Cassandra Heart <cassandra@quilibrium.com>
Date: Sun May 26 21:26:54 2024 -0500
replace binaries with patch build
commit 6a20b44441cba01189050ccf45b53c99f9a218ab
Author: Cassandra Heart <7929478+CassOnMars@users.noreply.github.com>
Date: Sun May 26 21:15:07 2024 -0500
fix: switch RPC for peer and node info (#222)
commit 72d730d23f91ce9a2bdd55617fb70f7a1193645e
Author: Cassandra Heart <7929478+CassOnMars@users.noreply.github.com>
Date: Sun May 26 20:53:38 2024 -0500
feat: recalibrate self-test on the fly (#221)
commit 99702af0b7afd3b556bb20e9bebc238b3e52b53a
Author: Marius Scurtescu <marius.scurtescu@gmail.com>
Date: Sun May 26 19:31:39 2024 -0400
Signer related fixes (#220)
* add pems 16 and 17
* remove .bin extension from generated binaries
* no more json files to copy to docker image
commit 88d704ab16dd3a18985a7179f88fb39908110532
Author: Marius Scurtescu <marius.scurtescu@gmail.com>
Date: Sun May 26 19:07:52 2024 -0400
Docker split take 2 (#219)
* split runtime docker files into a docker subfolder
* split DOCKER-README.md
* updated docker instructions
* add restore command
* add image update related tasks
* add command to test if P2P port is visible
* Remove bootstrap peer (#189)
* Change bootstrap servers to DHT-only peers (#187)
* support voucher file-based claims (#183)
* Change bootstrap servers to DHT-only peers
Changing my bootstrap servers to DHT-only peers with somewhat lower
specs. One of the new ones is in the US and the other one is in
Switzerland. Both use reliable providers and have 10Gbps network
interfaces.
---------
Co-authored-by: Cassandra Heart <7929478+CassOnMars@users.noreply.github.com>
* Don't run self-test in DHT-only mode (#186)
* support voucher file-based claims (#183)
* Don't run self-test in DHT-only mode
The node tries to create a self-test when ran with the `-dht-only`
flag, but it doesn't load the KZG ceremony data in DHT-only mode
which leads to a crash.
Don't run self-test when the `-dht-only` flag is set.
I tested by starting a node locally with and without existing
self-test and with the `-dht-only` flag.
---------
Co-authored-by: Cassandra Heart <7929478+CassOnMars@users.noreply.github.com>
* Embed json files in binary (#182)
* Embed ceremony.json in binary
* Embed retroactive_peers.json in binary
* Signers build and verification tasks (#181)
* add signers specific Taskfile
* add verify tasks
* move signer task under signer folder
* create docker image specific for signers
* map current user into docker image and container
* ignore node-tmp-*
* add verify:build:internal
* prevent tasks with docker commands from being run inside a container
* rename *:internal to *:container
* add README.md
* add pem files to git
* Updating Q Guide link (#173)
* Update README.md
Updated link to Quilibrium guide to new website
* Update README.md
---------
Co-authored-by: littleblackcloud <163544315+littleblackcloud@users.noreply.github.com>
Co-authored-by: Agost Biro <5764438+agostbiro@users.noreply.github.com>
Co-authored-by: Cassandra Heart <7929478+CassOnMars@users.noreply.github.com>
Co-authored-by: Demipoet <161999657+demipoet@users.noreply.github.com>
commit 20560176dcb8ace8ff4fe5a3bb0a8a188c11add2
Author: Cassandra Heart <7929478+CassOnMars@users.noreply.github.com>
Date: Sun May 26 17:17:36 2024 -0500
Revert "Change volume mapping so .config folder is created inside node folder…" (#218)
This reverts commit 27f50a92c6f5e340fd4106da828c6e8cdc12116b.
commit b9ea4c158e4657c09976fa6b2e625b3809119687
Author: Cassandra Heart <7929478+CassOnMars@users.noreply.github.com>
Date: Sun May 26 14:46:40 2024 -0500
fix: keys file remains null (#217)
commit 6ed6728bfdb6825470cb772ee44a6a468887e3eb
Author: luk <luk@luktech.dev>
Date: Sun May 26 22:38:50 2024 +0300
switched get node info response to use masterClock frame for maxFrame field (#212)
commit 2bc8ab6a0a243a28300f999af695fe3b42db5e3e
Author: Ravish Ahmad <ravishahmad16@gmail.com>
Date: Mon May 27 01:07:53 2024 +0530
Update main.go to fix Q logo (#213)
Q logo is not appearing correctly on the terminal while running node. Added a new line character after "Signature check passed" to fix it
commit 27f50a92c6f5e340fd4106da828c6e8cdc12116b
Author: AvAcalho <158583728+AvAcalho@users.noreply.github.com>
Date: Sun May 26 20:37:14 2024 +0100
Change volume mapping so .config folder is created inside node folder and not on root (#214)
commit 4656dedc2a2de608b9d69d0a6b4559b7169b03be
Author: Cassandra Heart <7929478+CassOnMars@users.noreply.github.com>
Date: Sun May 26 14:27:55 2024 -0500
experiment: verify in channel (#215)
commit 2bbd1e0690
Author: Cassandra Heart <7929478+CassOnMars@users.noreply.github.com>
Date: Sat May 25 00:22:50 2024 -0500
v1.4.18 (#193)
* Remove bootstrap peer (#189)
* Change bootstrap servers to DHT-only peers (#187)
* support voucher file-based claims (#183)
* Change bootstrap servers to DHT-only peers
Changing my bootstrap servers to DHT-only peers with somewhat lower
specs. One of the new ones is in the US and the other one is in
Switzerland. Both use reliable providers and have 10Gbps network
interfaces.
---------
Co-authored-by: Cassandra Heart <7929478+CassOnMars@users.noreply.github.com>
* Don't run self-test in DHT-only mode (#186)
* support voucher file-based claims (#183)
* Don't run self-test in DHT-only mode
The node tries to create a self-test when ran with the `-dht-only`
flag, but it doesn't load the KZG ceremony data in DHT-only mode
which leads to a crash.
Don't run self-test when the `-dht-only` flag is set.
I tested by starting a node locally with and without existing
self-test and with the `-dht-only` flag.
---------
Co-authored-by: Cassandra Heart <7929478+CassOnMars@users.noreply.github.com>
* Embed json files in binary (#182)
* Embed ceremony.json in binary
* Embed retroactive_peers.json in binary
* Signers build and verification tasks (#181)
* add signers specific Taskfile
* add verify tasks
* move signer task under signer folder
* create docker image specific for signers
* map current user into docker image and container
* ignore node-tmp-*
* add verify:build:internal
* prevent tasks with docker commands from being run inside a container
* rename *:internal to *:container
* add README.md
* add pem files to git
* Updating Q Guide link (#173)
* Update README.md
Updated link to Quilibrium guide to new website
* Update README.md
* feat: network switching and namespaced announce strings/bitmasks (#190)
* feat: network switching and namespaced announce strings/bitmasks
* bump version name and logo
* feat: mini pomw proofs as part of peer manifest (#191)
* shift default config directory under current folder (#176)
* feat: signature check (#192)
* feat: signature check
* adjust docker command so it doesn't invoke sigcheck
* remove old version
* add binaries and digests
* fix bug, revert build
* shasum has weird byte at end
* proper binaries and digests
* Signatory #13 added
* Signatory #3 added
* Signer 4 (#194)
* Signatory #5 added
* Signatory #9 added (#195)
* Signatory #1 added
* added sig.6 files (#196)
* Signatories #8 and #16 added
* Signatory #12 added
* Add signature (#197)
* reset build for v1.4.18 after testnet bug
* updated build, resigned by #13
* Signatory #16 added
* added sig.6 files (#198)
* Signatory #8 added
* Signatory #17 added
* Signatory #1 added
* Signatory #7 added
* Signatory #4 added
* Signatory #14 added
* remove binaries, ready to ship
---------
Co-authored-by: littleblackcloud <163544315+littleblackcloud@users.noreply.github.com>
Co-authored-by: Agost Biro <5764438+agostbiro@users.noreply.github.com>
Co-authored-by: Marius Scurtescu <marius.scurtescu@gmail.com>
Co-authored-by: Demipoet <161999657+demipoet@users.noreply.github.com>
Co-authored-by: 0xOzgur <29779769+0xOzgur@users.noreply.github.com>
Co-authored-by: Freekers <1370857+Freekers@users.noreply.github.com>
690 lines
17 KiB
Go
690 lines
17 KiB
Go
package crypto
|
|
|
|
import (
|
|
"bytes"
|
|
"crypto"
|
|
"crypto/rand"
|
|
"encoding/binary"
|
|
"math/big"
|
|
"sync"
|
|
"time"
|
|
|
|
"github.com/cloudflare/circl/sign/ed448"
|
|
"github.com/iden3/go-iden3-crypto/poseidon"
|
|
"github.com/pkg/errors"
|
|
"go.uber.org/zap"
|
|
"golang.org/x/crypto/sha3"
|
|
"source.quilibrium.com/quilibrium/monorepo/nekryptology/pkg/vdf"
|
|
"source.quilibrium.com/quilibrium/monorepo/node/config"
|
|
"source.quilibrium.com/quilibrium/monorepo/node/keys"
|
|
"source.quilibrium.com/quilibrium/monorepo/node/protobufs"
|
|
"source.quilibrium.com/quilibrium/monorepo/node/tries"
|
|
)
|
|
|
|
type WesolowskiFrameProver struct {
|
|
logger *zap.Logger
|
|
}
|
|
|
|
func NewWesolowskiFrameProver(logger *zap.Logger) *WesolowskiFrameProver {
|
|
return &WesolowskiFrameProver{
|
|
logger,
|
|
}
|
|
}
|
|
|
|
func (w *WesolowskiFrameProver) ProveMasterClockFrame(
|
|
previousFrame *protobufs.ClockFrame,
|
|
timestamp int64,
|
|
difficulty uint32,
|
|
) (*protobufs.ClockFrame, error) {
|
|
input := []byte{}
|
|
input = append(input, previousFrame.Filter...)
|
|
input = binary.BigEndian.AppendUint64(input, previousFrame.FrameNumber+1)
|
|
input = binary.BigEndian.AppendUint32(input, difficulty)
|
|
input = append(input, previousFrame.Output[:]...)
|
|
|
|
b := sha3.Sum256(input)
|
|
v := vdf.New(difficulty, b)
|
|
v.Execute()
|
|
o := v.GetOutput()
|
|
|
|
previousSelectorBytes := [516]byte{}
|
|
copy(previousSelectorBytes[:], previousFrame.Output[:516])
|
|
|
|
parent, err := poseidon.HashBytes(previousSelectorBytes[:])
|
|
if err != nil {
|
|
return nil, errors.Wrap(err, "prove clock frame")
|
|
}
|
|
|
|
frame := &protobufs.ClockFrame{
|
|
Filter: previousFrame.Filter,
|
|
FrameNumber: previousFrame.FrameNumber + 1,
|
|
Timestamp: timestamp,
|
|
Difficulty: difficulty,
|
|
ParentSelector: parent.FillBytes(make([]byte, 32)),
|
|
Input: previousFrame.Output,
|
|
AggregateProofs: []*protobufs.InclusionAggregateProof{},
|
|
Output: o[:],
|
|
}
|
|
|
|
return frame, nil
|
|
}
|
|
|
|
func (w *WesolowskiFrameProver) VerifyMasterClockFrame(
|
|
frame *protobufs.ClockFrame,
|
|
) error {
|
|
input := []byte{}
|
|
input = append(input, frame.Filter...)
|
|
input = binary.BigEndian.AppendUint64(input, frame.FrameNumber)
|
|
input = binary.BigEndian.AppendUint32(input, frame.Difficulty)
|
|
input = append(input, frame.Input...)
|
|
|
|
if len(frame.Input) < 516 {
|
|
return errors.Wrap(
|
|
errors.New("invalid input"),
|
|
"verify clock frame",
|
|
)
|
|
}
|
|
|
|
if len(frame.AggregateProofs) > 0 {
|
|
return errors.Wrap(
|
|
errors.New("invalid input"),
|
|
"verify clock frame",
|
|
)
|
|
}
|
|
|
|
if frame.PublicKeySignature != nil {
|
|
return errors.Wrap(
|
|
errors.New("invalid input"),
|
|
"verify clock frame",
|
|
)
|
|
}
|
|
|
|
if len(frame.Input) != 516 {
|
|
return errors.Wrap(
|
|
errors.New("invalid input"),
|
|
"verify clock frame",
|
|
)
|
|
}
|
|
|
|
if len(frame.Output) != 516 {
|
|
return errors.Wrap(
|
|
errors.New("invalid output"),
|
|
"verify clock frame",
|
|
)
|
|
}
|
|
|
|
b := sha3.Sum256(input)
|
|
v := vdf.New(frame.Difficulty, b)
|
|
proof := [516]byte{}
|
|
copy(proof[:], frame.Output)
|
|
|
|
if !v.Verify(proof) {
|
|
w.logger.Error("invalid proof",
|
|
zap.Binary("filter", frame.Filter),
|
|
zap.Uint64("frame_number", frame.FrameNumber),
|
|
zap.Uint32("difficulty", frame.Difficulty),
|
|
zap.Binary("frame_input", frame.Input),
|
|
zap.Binary("frame_output", frame.Output),
|
|
)
|
|
return errors.Wrap(
|
|
errors.New("invalid proof"),
|
|
"verify clock frame",
|
|
)
|
|
}
|
|
|
|
previousSelectorBytes := [516]byte{}
|
|
copy(previousSelectorBytes[:], frame.Input[:516])
|
|
|
|
parent, err := poseidon.HashBytes(previousSelectorBytes[:])
|
|
if err != nil {
|
|
return errors.Wrap(err, "verify clock frame")
|
|
}
|
|
|
|
selector := new(big.Int).SetBytes(frame.ParentSelector)
|
|
if parent.Cmp(selector) != 0 {
|
|
return errors.Wrap(
|
|
errors.New("selector did not match input"),
|
|
"verify clock frame",
|
|
)
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func (w *WesolowskiFrameProver) CreateMasterGenesisFrame(
|
|
filter []byte,
|
|
seed []byte,
|
|
difficulty uint32,
|
|
) (
|
|
*protobufs.ClockFrame,
|
|
error,
|
|
) {
|
|
b := sha3.Sum256(seed)
|
|
v := vdf.New(difficulty, b)
|
|
|
|
v.Execute()
|
|
o := v.GetOutput()
|
|
inputMessage := o[:]
|
|
|
|
w.logger.Debug("proving genesis frame")
|
|
input := []byte{}
|
|
input = append(input, filter...)
|
|
input = binary.BigEndian.AppendUint64(input, 0)
|
|
input = binary.BigEndian.AppendUint32(input, difficulty)
|
|
if bytes.Equal(seed, []byte{0x00}) {
|
|
value := [516]byte{}
|
|
input = append(input, value[:]...)
|
|
} else {
|
|
input = append(input, seed...)
|
|
}
|
|
|
|
b = sha3.Sum256(input)
|
|
v = vdf.New(difficulty, b)
|
|
|
|
v.Execute()
|
|
o = v.GetOutput()
|
|
|
|
frame := &protobufs.ClockFrame{
|
|
Filter: filter,
|
|
FrameNumber: 0,
|
|
Timestamp: 0,
|
|
Difficulty: difficulty,
|
|
Input: inputMessage,
|
|
Output: o[:],
|
|
ParentSelector: []byte{
|
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
|
},
|
|
AggregateProofs: []*protobufs.InclusionAggregateProof{},
|
|
PublicKeySignature: nil,
|
|
}
|
|
|
|
return frame, nil
|
|
}
|
|
|
|
func (w *WesolowskiFrameProver) ProveDataClockFrame(
|
|
previousFrame *protobufs.ClockFrame,
|
|
commitments [][]byte,
|
|
aggregateProofs []*protobufs.InclusionAggregateProof,
|
|
provingKey crypto.Signer,
|
|
timestamp int64,
|
|
difficulty uint32,
|
|
) (*protobufs.ClockFrame, error) {
|
|
var pubkey []byte
|
|
pubkeyType := keys.KeyTypeEd448
|
|
ed448PublicKey, ok := provingKey.Public().(ed448.PublicKey)
|
|
if ok {
|
|
pubkey = []byte(ed448PublicKey)
|
|
} else {
|
|
return nil, errors.Wrap(
|
|
errors.New("no valid signature provided"),
|
|
"prove clock frame",
|
|
)
|
|
}
|
|
|
|
h, err := poseidon.HashBytes(pubkey)
|
|
if err != nil {
|
|
return nil, errors.Wrap(
|
|
errors.New("could not hash proving key"),
|
|
"prove clock frame",
|
|
)
|
|
}
|
|
|
|
address := h.Bytes()
|
|
input := []byte{}
|
|
input = append(input, previousFrame.Filter...)
|
|
input = binary.BigEndian.AppendUint64(input, previousFrame.FrameNumber+1)
|
|
input = binary.BigEndian.AppendUint64(input, uint64(timestamp))
|
|
input = binary.BigEndian.AppendUint32(input, difficulty)
|
|
input = append(input, address...)
|
|
input = append(input, previousFrame.Output[:]...)
|
|
|
|
commitmentInput := []byte{}
|
|
for _, commitment := range commitments {
|
|
commitmentInput = append(commitmentInput, commitment...)
|
|
}
|
|
|
|
input = append(input, commitmentInput...)
|
|
|
|
b := sha3.Sum256(input)
|
|
v := vdf.New(difficulty, b)
|
|
|
|
v.Execute()
|
|
o := v.GetOutput()
|
|
|
|
// TODO: make this configurable for signing algorithms that allow
|
|
// user-supplied hash functions
|
|
signature, err := provingKey.Sign(
|
|
rand.Reader,
|
|
append(append([]byte{}, b[:]...), o[:]...),
|
|
crypto.Hash(0),
|
|
)
|
|
if err != nil {
|
|
return nil, errors.Wrap(
|
|
err,
|
|
"prove",
|
|
)
|
|
}
|
|
|
|
previousSelectorBytes := [516]byte{}
|
|
copy(previousSelectorBytes[:], previousFrame.Output[:516])
|
|
|
|
parent, err := poseidon.HashBytes(previousSelectorBytes[:])
|
|
if err != nil {
|
|
return nil, errors.Wrap(err, "prove clock frame")
|
|
}
|
|
|
|
frame := &protobufs.ClockFrame{
|
|
Filter: previousFrame.Filter,
|
|
FrameNumber: previousFrame.FrameNumber + 1,
|
|
Timestamp: timestamp,
|
|
Difficulty: difficulty,
|
|
ParentSelector: parent.FillBytes(make([]byte, 32)),
|
|
Input: append(
|
|
append([]byte{}, previousFrame.Output...),
|
|
commitmentInput...,
|
|
),
|
|
AggregateProofs: aggregateProofs,
|
|
Output: o[:],
|
|
}
|
|
|
|
switch pubkeyType {
|
|
case keys.KeyTypeEd448:
|
|
frame.PublicKeySignature = &protobufs.ClockFrame_PublicKeySignatureEd448{
|
|
PublicKeySignatureEd448: &protobufs.Ed448Signature{
|
|
Signature: signature,
|
|
PublicKey: &protobufs.Ed448PublicKey{
|
|
KeyValue: pubkey,
|
|
},
|
|
},
|
|
}
|
|
default:
|
|
return nil, errors.Wrap(
|
|
errors.New("unsupported proving key"),
|
|
"prove clock frame",
|
|
)
|
|
}
|
|
|
|
return frame, nil
|
|
}
|
|
|
|
func (w *WesolowskiFrameProver) CreateDataGenesisFrame(
|
|
filter []byte,
|
|
origin []byte,
|
|
difficulty uint32,
|
|
inclusionProof *InclusionAggregateProof,
|
|
proverKeys [][]byte,
|
|
preDusk bool,
|
|
) (*protobufs.ClockFrame, *tries.RollingFrecencyCritbitTrie, error) {
|
|
frameProverTrie := &tries.RollingFrecencyCritbitTrie{}
|
|
for _, s := range proverKeys {
|
|
addr, err := poseidon.HashBytes(s)
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
|
|
addrBytes := addr.Bytes()
|
|
addrBytes = append(make([]byte, 32-len(addrBytes)), addrBytes...)
|
|
frameProverTrie.Add(addrBytes, 0)
|
|
}
|
|
|
|
w.logger.Info("proving genesis frame")
|
|
input := []byte{}
|
|
input = append(input, filter...)
|
|
input = binary.BigEndian.AppendUint64(input, 0)
|
|
input = binary.BigEndian.AppendUint64(input, 0)
|
|
input = binary.BigEndian.AppendUint32(input, difficulty)
|
|
input = append(input, origin...)
|
|
if !preDusk {
|
|
input = append(input, inclusionProof.AggregateCommitment...)
|
|
}
|
|
|
|
b := sha3.Sum256(input)
|
|
v := vdf.New(difficulty, b)
|
|
|
|
v.Execute()
|
|
o := v.GetOutput()
|
|
|
|
commitments := []*protobufs.InclusionCommitment{}
|
|
for i, commit := range inclusionProof.InclusionCommitments {
|
|
commitments = append(commitments, &protobufs.InclusionCommitment{
|
|
Filter: filter,
|
|
FrameNumber: 0,
|
|
Position: uint32(i),
|
|
TypeUrl: commit.TypeUrl,
|
|
Data: commit.Data,
|
|
Commitment: commit.Commitment,
|
|
})
|
|
}
|
|
|
|
frame := &protobufs.ClockFrame{
|
|
Filter: filter,
|
|
FrameNumber: 0,
|
|
Timestamp: 0,
|
|
Difficulty: difficulty,
|
|
Input: append(
|
|
append([]byte{}, origin...),
|
|
inclusionProof.AggregateCommitment...,
|
|
),
|
|
Output: o[:],
|
|
ParentSelector: []byte{
|
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
|
},
|
|
AggregateProofs: []*protobufs.InclusionAggregateProof{
|
|
{
|
|
Filter: filter,
|
|
FrameNumber: 0,
|
|
InclusionCommitments: commitments,
|
|
Proof: inclusionProof.Proof,
|
|
},
|
|
},
|
|
PublicKeySignature: nil,
|
|
}
|
|
|
|
return frame, frameProverTrie, nil
|
|
}
|
|
|
|
func (w *WesolowskiFrameProver) VerifyDataClockFrame(
|
|
frame *protobufs.ClockFrame,
|
|
) error {
|
|
var pubkey []byte
|
|
var signature []byte
|
|
pubkeyType := keys.KeyTypeEd448
|
|
ed448PublicKey := frame.GetPublicKeySignatureEd448()
|
|
if ed448PublicKey != nil {
|
|
pubkey = ed448PublicKey.PublicKey.KeyValue
|
|
signature = ed448PublicKey.Signature
|
|
} else {
|
|
return errors.Wrap(
|
|
errors.New("no valid signature provided"),
|
|
"verify clock frame",
|
|
)
|
|
}
|
|
|
|
h, err := poseidon.HashBytes(pubkey)
|
|
if err != nil {
|
|
return errors.Wrap(
|
|
errors.New("could not hash proving key"),
|
|
"verify clock frame",
|
|
)
|
|
}
|
|
|
|
address := h.Bytes()
|
|
|
|
input := []byte{}
|
|
input = append(input, frame.Filter...)
|
|
input = binary.BigEndian.AppendUint64(input, frame.FrameNumber)
|
|
input = binary.BigEndian.AppendUint64(input, uint64(frame.Timestamp))
|
|
input = binary.BigEndian.AppendUint32(input, frame.Difficulty)
|
|
input = append(input, address...)
|
|
input = append(input, frame.Input...)
|
|
|
|
if len(frame.Input) < 516 {
|
|
return errors.Wrap(
|
|
errors.New("invalid input"),
|
|
"verify clock frame",
|
|
)
|
|
}
|
|
|
|
if len(frame.Output) != 516 {
|
|
return errors.Wrap(
|
|
errors.New("invalid output"),
|
|
"verify clock frame",
|
|
)
|
|
}
|
|
|
|
b := sha3.Sum256(input)
|
|
v := vdf.New(frame.Difficulty, b)
|
|
proof := [516]byte{}
|
|
copy(proof[:], frame.Output)
|
|
|
|
// TODO: make this configurable for signing algorithms that allow
|
|
// user-supplied hash functions
|
|
switch pubkeyType {
|
|
case keys.KeyTypeEd448:
|
|
if len(pubkey) != 57 || len(signature) != 114 || !ed448.VerifyAny(
|
|
pubkey,
|
|
append(append([]byte{}, b[:]...), frame.Output...),
|
|
signature,
|
|
crypto.Hash(0),
|
|
) {
|
|
return errors.Wrap(
|
|
errors.New("invalid signature for issuer"),
|
|
"verify clock frame",
|
|
)
|
|
}
|
|
}
|
|
if !v.Verify(proof) {
|
|
return errors.Wrap(
|
|
errors.New("invalid proof"),
|
|
"verify clock frame",
|
|
)
|
|
}
|
|
|
|
previousSelectorBytes := [516]byte{}
|
|
copy(previousSelectorBytes[:], frame.Input[:516])
|
|
|
|
parent, err := poseidon.HashBytes(previousSelectorBytes[:])
|
|
if err != nil {
|
|
return errors.Wrap(err, "verify clock frame")
|
|
}
|
|
|
|
selector := new(big.Int).SetBytes(frame.ParentSelector)
|
|
if parent.Cmp(selector) != 0 {
|
|
return errors.Wrap(
|
|
errors.New("selector did not match input"),
|
|
"verify clock frame",
|
|
)
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func (w *WesolowskiFrameProver) GenerateWeakRecursiveProofIndex(
|
|
frame *protobufs.ClockFrame,
|
|
) (uint64, error) {
|
|
hash, err := poseidon.HashBytes(frame.Output)
|
|
if err != nil {
|
|
return 0, errors.Wrap(err, "generate weak recursive proof")
|
|
}
|
|
|
|
return hash.Mod(
|
|
hash,
|
|
new(big.Int).SetUint64(frame.FrameNumber),
|
|
).Uint64(), nil
|
|
}
|
|
|
|
func (w *WesolowskiFrameProver) FetchRecursiveProof(
|
|
frame *protobufs.ClockFrame,
|
|
) []byte {
|
|
var pubkey []byte
|
|
ed448PublicKey := frame.GetPublicKeySignatureEd448()
|
|
if ed448PublicKey != nil {
|
|
pubkey = ed448PublicKey.PublicKey.KeyValue
|
|
} else {
|
|
return nil
|
|
}
|
|
|
|
h, err := poseidon.HashBytes(pubkey)
|
|
if err != nil {
|
|
return nil
|
|
}
|
|
|
|
address := h.Bytes()
|
|
input := []byte{}
|
|
input = append(input, frame.Filter...)
|
|
input = binary.BigEndian.AppendUint64(input, frame.FrameNumber)
|
|
input = binary.BigEndian.AppendUint64(input, uint64(frame.Timestamp))
|
|
input = binary.BigEndian.AppendUint32(input, frame.Difficulty)
|
|
input = append(input, address...)
|
|
input = append(input, frame.Input...)
|
|
input = append(input, frame.Output...)
|
|
|
|
return input
|
|
}
|
|
|
|
func (w *WesolowskiFrameProver) VerifyWeakRecursiveProof(
|
|
frame *protobufs.ClockFrame,
|
|
proof []byte,
|
|
deepVerifier *protobufs.ClockFrame,
|
|
) bool {
|
|
hash, err := poseidon.HashBytes(frame.Output)
|
|
if err != nil {
|
|
w.logger.Debug("could not hash output")
|
|
return false
|
|
}
|
|
|
|
frameNumber := hash.Mod(
|
|
hash,
|
|
new(big.Int).SetUint64(frame.FrameNumber),
|
|
).Uint64()
|
|
|
|
if len(proof) < 1084 {
|
|
w.logger.Debug("invalid proof size")
|
|
return false
|
|
}
|
|
|
|
filter := proof[:len(frame.Filter)]
|
|
check := binary.BigEndian.Uint64(
|
|
proof[len(frame.Filter) : len(frame.Filter)+8],
|
|
)
|
|
timestamp := binary.BigEndian.Uint64(
|
|
proof[len(frame.Filter)+8 : len(frame.Filter)+16],
|
|
)
|
|
difficulty := binary.BigEndian.Uint32(
|
|
proof[len(frame.Filter)+16 : len(frame.Filter)+20],
|
|
)
|
|
input := proof[len(frame.Filter)+52:]
|
|
|
|
if check != frameNumber ||
|
|
!bytes.Equal(filter, frame.Filter) ||
|
|
int64(timestamp) >= frame.Timestamp ||
|
|
difficulty > frame.Difficulty ||
|
|
len(input) < 1032 {
|
|
w.logger.Debug(
|
|
"check failed",
|
|
zap.Bool("failed_frame_number", check != frameNumber),
|
|
zap.Bool("failed_filter", !bytes.Equal(filter, frame.Filter)),
|
|
zap.Bool("failed_timestamp", int64(timestamp) >= frame.Timestamp),
|
|
zap.Bool("failed_difficulty", difficulty > frame.Difficulty),
|
|
zap.Bool("failed_input_size", len(input) < 1032),
|
|
)
|
|
return false
|
|
}
|
|
|
|
if deepVerifier != nil && (check != deepVerifier.FrameNumber ||
|
|
!bytes.Equal(filter, deepVerifier.Filter) ||
|
|
int64(timestamp) != deepVerifier.Timestamp ||
|
|
difficulty != deepVerifier.Difficulty ||
|
|
!bytes.Equal(input[:len(input)-516], deepVerifier.Input)) {
|
|
return false
|
|
}
|
|
|
|
b := sha3.Sum256(input[:len(input)-516])
|
|
v := vdf.New(difficulty, b)
|
|
output := [516]byte{}
|
|
copy(output[:], input[len(input)-516:])
|
|
|
|
if v.Verify(output) {
|
|
w.logger.Debug("verification succeeded")
|
|
return true
|
|
} else {
|
|
w.logger.Debug("verification failed")
|
|
return false
|
|
}
|
|
}
|
|
|
|
func (w *WesolowskiFrameProver) CalculateChallengeProof(
|
|
challenge []byte,
|
|
parallelism uint32,
|
|
skew int64,
|
|
) (int64, [][]byte, int64, error) {
|
|
now := time.Now()
|
|
nowMs := now.UnixMilli()
|
|
input := binary.BigEndian.AppendUint64([]byte{}, uint64(nowMs))
|
|
input = append(input, challenge...)
|
|
outputs := make([][]byte, parallelism)
|
|
|
|
wg := sync.WaitGroup{}
|
|
wg.Add(int(parallelism))
|
|
|
|
// 4.5 minutes = 270 seconds, one increment should be ten seconds
|
|
proofDuration := 270 * 1000
|
|
calibratedDifficulty := (int64(proofDuration) * 10000) / skew
|
|
for i := uint32(0); i < parallelism; i++ {
|
|
i := i
|
|
go func() {
|
|
instanceInput := binary.BigEndian.AppendUint32([]byte{}, i)
|
|
instanceInput = append(instanceInput, input...)
|
|
b := sha3.Sum256(instanceInput)
|
|
v := vdf.New(uint32(calibratedDifficulty), b)
|
|
|
|
v.Execute()
|
|
o := v.GetOutput()
|
|
|
|
outputs[i] = make([]byte, 516)
|
|
copy(outputs[i][:], o[:])
|
|
wg.Done()
|
|
}()
|
|
}
|
|
|
|
wg.Wait()
|
|
after := time.Since(now)
|
|
nextSkew := (skew * after.Milliseconds()) / int64(proofDuration)
|
|
|
|
return nowMs, outputs, nextSkew, nil
|
|
}
|
|
|
|
func (w *WesolowskiFrameProver) VerifyChallengeProof(
|
|
challenge []byte,
|
|
timestamp int64,
|
|
assertedDifficulty int64,
|
|
proof [][]byte,
|
|
) bool {
|
|
input := binary.BigEndian.AppendUint64([]byte{}, uint64(timestamp))
|
|
input = append(input, challenge...)
|
|
|
|
if assertedDifficulty < 1 {
|
|
return false
|
|
}
|
|
|
|
for i := uint32(0); i < uint32(len(proof)); i++ {
|
|
if len(proof[i]) != 516 {
|
|
return false
|
|
}
|
|
|
|
instanceInput := binary.BigEndian.AppendUint32([]byte{}, i)
|
|
instanceInput = append(instanceInput, input...)
|
|
b := sha3.Sum256(instanceInput)
|
|
|
|
// 4.5 minutes = 270 seconds, one increment should be ten seconds
|
|
proofDuration := 270 * 1000
|
|
skew := (assertedDifficulty * 12) / 10
|
|
calibratedDifficulty := (int64(proofDuration) * 10000) / skew
|
|
|
|
v := vdf.New(uint32(calibratedDifficulty), b)
|
|
check := v.Verify([516]byte(proof[i]))
|
|
if !check {
|
|
// TODO: Remove after 2024-05-28
|
|
if time.Now().Before(config.GetMinimumVersionCutoff()) {
|
|
calibratedDifficulty = (int64(proofDuration) / skew) * 10000
|
|
|
|
v = vdf.New(uint32(calibratedDifficulty), sha3.Sum256(input))
|
|
check = v.Verify([516]byte(proof[i]))
|
|
if !check {
|
|
return false
|
|
}
|
|
} else {
|
|
return false
|
|
}
|
|
}
|
|
}
|
|
|
|
return true
|
|
}
|