-
Notifications
You must be signed in to change notification settings - Fork 11
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(crypto/bls12381): signature aggregation #11
feat(crypto/bls12381): signature aggregation #11
Conversation
types/canonical.go
Outdated
BlockID: CanonicalizeBlockID(vote.BlockID), | ||
// Timestamp is not included in the canonical vote | ||
// because we won't be able to aggregate votes with different timestamps. | ||
// Timestamp: vote.Timestamp, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this is probably the biggest breaking change - removing Timestamp from vote sign bytes
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am double checking, I think it is ok because this is only for the canonical vote. Because vote timestamps are used to compute the block time when using BFT time.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we should also remove the timestamp field from both vote structures: the one internal to comet, and the protobuf-generated one. Leaving that field there only adds confusion IMO (let me know if you want to discuss)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we should also remove the timestamp field from both vote structures: the one internal to comet, and the protobuf-generated one. Leaving that field there only adds confusion IMO (let me know if you want to discuss)
Should it go hand in hand with making the PBTS the default choice + ripping off median time?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The decision here was to add preemptive panics so we fail early in case CometBFT is misconfigured.
types/vote_set.go
Outdated
for i, v := range voteSet.votes { | ||
cSig := v.CommitSig() | ||
if cSig.BlockIDFlag != BlockIDFlagAbsent { | ||
cSig.Signature = []byte{0x00} // clear the signature |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is ugly. CometBFT requires signatures to be present (not empty), but with BLS we only have 2 signatures present at max (1 for block, 1 for nil)! We can disable the check for empty sig in ValidateBasic
though ... What do people think?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe we can have two new flags BlockIDFlagAggCommit
(to store the aggregated signature), BlockIDFlagAggAbsent
(to denote the signature is missing because it's aggregated in another slot). And maybe BlockIDFlagAggNil
(to store the aggregated signature for nil
). Although I still think aggregating nil
votes is not worth the extra complexity (nil
votes in a commit is extremely rare in practice)
privval/file_test.go
Outdated
assert.Equal(t, sig, v.Signature) | ||
assert.Equal(t, extSig, v.ExtensionSignature) | ||
} | ||
// { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we delete this or modify it so it works with the new scheme?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I will remove
types/canonical.go
Outdated
BlockID: CanonicalizeBlockID(vote.BlockID), | ||
// Timestamp is not included in the canonical vote | ||
// because we won't be able to aggregate votes with different timestamps. | ||
// Timestamp: vote.Timestamp, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am double checking, I think it is ok because this is only for the canonical vote. Because vote timestamps are used to compute the block time when using BFT time.
BLS at the moment has a |
internal/consensus/state.go
Outdated
// Note we can't aggregate a commit when vote extensions are enabled | ||
// because votes are different. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hmmm, I might be wrong, but I don't agree with this.
When vote extensions are enabled, there is one signature for the vote and another signature for the vote extension.
I agree the extension signatures cannot be aggregated, as the extensions can be different.
But the vote themselves can still be aggregated (assuming you remove the timestamp field, or set it always to 0-time).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good point. But then again, who is going to verify vote extensions? There's no point in aggregating votes if you need to verify vote extensions using individual verification (signature.Verify).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
On the 2nd thought, we don't verify vote extensions in VerifyCommit
, so I think using them while aggregating vote signatures is okay. 6b0b06e
(#11)
…s/bera-cometbft into melekes/bls-signature-aggregation
…s/bera-cometbft into melekes/bls-signature-aggregation
…ature-aggregation
Aggregating signatures in the
LastCommit
before including it in the next block (proposal block). Note we don't aggregate prevotes, nor precommits when accumulating them - only after we've received 2/3+ of them and are ready to go to the next height.Proto changes
BlockIDFlag
This PR adds 4 new enum options to
BlockIDFlag
:BlockIDFlagAggCommit
BlockIDFlagAggCommitAbsent
BlockIDFlagAggNil
BlockIDFlagAggNilAbsent
The structure of the commit becomes like this:
4 validators, 1 aggregated signature
When there are precommits for nil:
4 validators, 1 aggregated signature for block, 1 aggregated signature for nil (2 signatures in total).
CanonicalVote
Removes
Timestamp
Vote
Sets
Timestamp
always to zeroBreaking changes
Removes BFT time in favor of PBTS, which becomes required from height 1 (from the start). If PBTS is not enabled from height 1, the code will panic!
Removes support for all curves other than BLS12-381. CometBFT will return an error if the validator update contains ed25519 or a different curve.