verification

package
v0.38.0-preview.0.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 2, 2024 License: AGPL-3.0 Imports: 13 Imported by: 11

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func MakeTimeoutMessage added in v0.29.0

func MakeTimeoutMessage(view uint64, newestQCView uint64) []byte

MakeTimeoutMessage generates the message we have to sign in order to be able to contribute to Active Pacemaker protocol. Each replica signs with the highest QC view known to that replica.

func MakeVoteMessage added in v0.20.0

func MakeVoteMessage(view uint64, blockID flow.Identifier) []byte

MakeVoteMessage generates the message we have to sign in order to be able to verify signatures without having the full block. To that effect, each data structure that is signed contains the sometimes redundant view number and block ID; this allows us to create the signed message and verify the signed message without having the full block contents.

Types

type CombinedSigner

type CombinedSigner struct {
	// contains filtered or unexported fields
}

CombinedSigner creates votes for the main consensus. When a participant votes for a block, it _always_ provide the staking signature as part of their vote. Furthermore, the participant can _optionally_ also provide a random beacon signature. Through their staking signature, a participant always contributes to HotStuff's progress. Participation in the random beacon is optional (but encouraged). This allows nodes that failed the DKG to still contribute only to consensus (as fallback). TODO: to be replaced by CombinedSignerV3 for mature V2 solution. The difference between V2 and V3 is that V2 will sign 2 sigs, whereas V3 only sign 1 sig.

func NewCombinedSigner

func NewCombinedSigner(
	staking module.Local,
	beaconKeyStore module.RandomBeaconKeyStore,
) *CombinedSigner

NewCombinedSigner creates a new combined signer with the given dependencies: - the staking signer is used to create and verify aggregatable signatures for Hotstuff - the beaconKeyStore is used to get threshold-signers by epoch/view; - the signer ID is used as the identity when creating signatures;

func (*CombinedSigner) CreateTimeout added in v0.29.0

func (c *CombinedSigner) CreateTimeout(curView uint64, newestQC *flow.QuorumCertificate, lastViewTC *flow.TimeoutCertificate) (*model.TimeoutObject, error)

CreateTimeout will create a signed timeout object for the given view. Timeout objects are only signed with the staking key (not beacon key).

func (*CombinedSigner) CreateVote

func (c *CombinedSigner) CreateVote(block *model.Block) (*model.Vote, error)

CreateVote will create a vote with a combined signature for the given block.

type CombinedSignerV3 added in v0.23.9

type CombinedSignerV3 struct {
	// contains filtered or unexported fields
}

CombinedSignerV3 creates votes for the main consensus. When a participant votes for a block, it _always_ provide the staking signature as part of their vote. Furthermore, the participant can _optionally_ also provide a random beacon signature. Through their staking signature, a participant always contributes to HotStuff's progress. Participation in the random beacon is optional (but encouraged). This allows nodes that failed the DKG to still contribute only to consensus (as fallback). TODO: to be replaced by CombinedSignerV3 for mature V2 solution. The difference between V2 and V3 is that V2 will sign 2 sigs, whereas V3 only sign 1 sig.

func NewCombinedSignerV3 added in v0.23.9

func NewCombinedSignerV3(
	staking module.Local,
	beaconKeyStore module.RandomBeaconKeyStore,
) *CombinedSignerV3

NewCombinedSignerV3 creates a new combined signer with the given dependencies: - the staking signer is used to create and verify aggregatable signatures for Hotstuff - the beaconKeyStore is used to get threshold-signers by epoch/view; - the signer ID is used as the identity when creating signatures;

func (*CombinedSignerV3) CreateTimeout added in v0.29.0

func (c *CombinedSignerV3) CreateTimeout(curView uint64, newestQC *flow.QuorumCertificate, lastViewTC *flow.TimeoutCertificate) (*model.TimeoutObject, error)

CreateTimeout will create a signed timeout object for the given view. Timeout objects are only signed with the staking key (not beacon key).

func (*CombinedSignerV3) CreateVote added in v0.23.9

func (c *CombinedSignerV3) CreateVote(block *model.Block) (*model.Vote, error)

CreateVote will create a vote with a combined signature for the given block.

type CombinedVerifier

type CombinedVerifier struct {
	// contains filtered or unexported fields
}

CombinedVerifier is a verifier capable of verifying two signatures, one for each scheme. The first type is a signature from a staking signer, which verifies either a single or an aggregated signature. The second type is a signature from a random beacon signer, which verifies either the signature share or the reconstructed threshold signature.

func NewCombinedVerifier

func NewCombinedVerifier(committee hotstuff.Replicas, packer hotstuff.Packer) *CombinedVerifier

NewCombinedVerifier creates a new combined verifier with the given dependencies. - the hotstuff committee's state is used to retrieve the public keys for the staking signature; - the merger is used to combine and split staking and random beacon signatures; - the packer is used to unpack QC for verification;

func (*CombinedVerifier) VerifyQC

func (c *CombinedVerifier) VerifyQC(signers flow.IdentitySkeletonList, sigData []byte, view uint64, blockID flow.Identifier) error

VerifyQC checks the cryptographic validity of the QC's `sigData` for the given block. It is the responsibility of the calling code to ensure that all `signers` are authorized, without duplicates. Return values:

  • nil if `sigData` is cryptographically valid
  • model.InsufficientSignaturesError if `signers` is empty. Depending on the order of checks in the higher-level logic this error might be an indicator of an external byzantine input or an internal bug.
  • model.InvalidFormatError if `sigData` has an incompatible format
  • model.ErrInvalidSignature if a signature is invalid
  • model.ErrViewForUnknownEpoch if no epoch containing the given view is known
  • error if running into any unexpected exception (i.e. fatal error)

func (*CombinedVerifier) VerifyTC added in v0.33.1

func (c *CombinedVerifier) VerifyTC(signers flow.IdentitySkeletonList, sigData []byte, view uint64, highQCViews []uint64) error

VerifyTC checks cryptographic validity of the TC's `sigData` w.r.t. the given view. It is the responsibility of the calling code to ensure that all `signers` are authorized, without duplicates. Return values:

  • nil if `sigData` is cryptographically valid
  • model.InsufficientSignaturesError if `signers is empty.
  • model.InvalidFormatError if `signers`/`highQCViews` have differing lengths
  • model.ErrInvalidSignature if a signature is invalid
  • unexpected errors should be treated as symptoms of bugs or uncovered edge cases in the logic (i.e. as fatal)

func (*CombinedVerifier) VerifyVote

func (c *CombinedVerifier) VerifyVote(signer *flow.IdentitySkeleton, sigData []byte, view uint64, blockID flow.Identifier) error

VerifyVote verifies the validity of a combined signature from a vote. Usually this method is only used to verify the proposer's vote, which is the vote included in a block proposal.

  • model.InvalidFormatError if the signature has an incompatible format.
  • model.ErrInvalidSignature is the signature is invalid
  • model.InvalidSignerError if signer is _not_ part of the random beacon committee
  • model.ErrViewForUnknownEpoch if no epoch containing the given view is known
  • unexpected errors should be treated as symptoms of bugs or uncovered edge cases in the logic (i.e. as fatal)

type CombinedVerifierV3 added in v0.33.1

type CombinedVerifierV3 struct {
	// contains filtered or unexported fields
}

CombinedVerifierV3 is a verifier capable of verifying two signatures, one for each scheme. The first type is a signature from a staking signer, which verifies either a single or an aggregated signature. The second type is a signature from a random beacon signer, which verifies both the signature share and the reconstructed threshold signature.

func NewCombinedVerifierV3 added in v0.33.1

func NewCombinedVerifierV3(committee hotstuff.Replicas, packer hotstuff.Packer) *CombinedVerifierV3

NewCombinedVerifierV3 creates a new combined verifier with the given dependencies. - the hotstuff committee's state is used to retrieve the public keys for the staking signature; - the packer is used to unpack QC for verification;

func (*CombinedVerifierV3) VerifyQC added in v0.33.1

func (c *CombinedVerifierV3) VerifyQC(signers flow.IdentitySkeletonList, sigData []byte, view uint64, blockID flow.Identifier) error

VerifyQC checks the cryptographic validity of the QC's `sigData` for the given block. It is the responsibility of the calling code to ensure that all `signers` are authorized, without duplicates. Return values:

  • nil if `sigData` is cryptographically valid
  • model.InsufficientSignaturesError if `signers` is empty. Depending on the order of checks in the higher-level logic this error might be an indicator of a external byzantine input or an internal bug.
  • model.InvalidFormatError if `sigData` has an incompatible format
  • model.ErrInvalidSignature if a signature is invalid
  • model.InvalidSignerError if a signer is _not_ part of the random beacon committee
  • model.ErrViewForUnknownEpoch if no epoch containing the given view is known
  • error if running into any unexpected exception (i.e. fatal error)

This implementation already support the cases, where the DKG committee is a _strict subset_ of the full consensus committee.

func (*CombinedVerifierV3) VerifyTC added in v0.33.1

func (c *CombinedVerifierV3) VerifyTC(signers flow.IdentitySkeletonList, sigData []byte, view uint64, highQCViews []uint64) error

VerifyTC checks cryptographic validity of the TC's `sigData` w.r.t. the given view. It is the responsibility of the calling code to ensure that all `signers` are authorized, without duplicates. Return values:

  • nil if `sigData` is cryptographically valid
  • model.InsufficientSignaturesError if `signers is empty.
  • model.InvalidFormatError if `signers`/`highQCViews` have differing lengths
  • model.ErrInvalidSignature if a signature is invalid
  • unexpected errors should be treated as symptoms of bugs or uncovered edge cases in the logic (i.e. as fatal)

func (*CombinedVerifierV3) VerifyVote added in v0.33.1

func (c *CombinedVerifierV3) VerifyVote(signer *flow.IdentitySkeleton, sigData []byte, view uint64, blockID flow.Identifier) error

VerifyVote verifies the validity of a combined signature from a vote. Usually this method is only used to verify the proposer's vote, which is the vote included in a block proposal.

  • model.InvalidFormatError if the signature has an incompatible format.
  • model.ErrInvalidSignature is the signature is invalid
  • model.InvalidSignerError if signer is _not_ part of the random beacon committee
  • model.ErrViewForUnknownEpoch if no epoch containing the given view is known
  • unexpected errors should be treated as symptoms of bugs or uncovered edge cases in the logic (i.e. as fatal)

This implementation already support the cases, where the DKG committee is a _strict subset_ of the full consensus committee.

type SignerMetricsWrapper

type SignerMetricsWrapper struct {
	// contains filtered or unexported fields
}

SignerMetricsWrapper implements the hotstuff.SignerVerifier interface. It wraps a hotstuff.SignerVerifier instance and measures the time which the HotStuff's core logic spends in the hotstuff.Signer component, i.e. the with crypto-related operations. The measured time durations are reported as values for the SignerProcessingDuration metric. TODO: to be moved to consensus/hotstuff/signature

func NewMetricsWrapper

func NewMetricsWrapper(signer hotstuff.Signer, metrics module.HotstuffMetrics) *SignerMetricsWrapper

func (SignerMetricsWrapper) CreateTimeout added in v0.29.0

func (w SignerMetricsWrapper) CreateTimeout(curView uint64,
	newestQC *flow.QuorumCertificate,
	lastViewTC *flow.TimeoutCertificate) (*model.TimeoutObject, error)

func (SignerMetricsWrapper) CreateVote

func (w SignerMetricsWrapper) CreateVote(block *model.Block) (*model.Vote, error)

type StakingSigner added in v0.23.9

type StakingSigner struct {
	// contains filtered or unexported fields
}

StakingSigner creates votes for the collector clusters consensus. When a participant votes for a block, it _always_ provide the staking signature as part of their vote. StakingSigner is responsible for creating correctly signed proposals and votes.

func NewStakingSigner added in v0.23.9

func NewStakingSigner(
	me module.Local,
) *StakingSigner

NewStakingSigner instantiates a StakingSigner, which signs votes and proposals with the staking key. The generated signatures are aggregatable.

func (*StakingSigner) CreateTimeout added in v0.29.0

func (c *StakingSigner) CreateTimeout(curView uint64, newestQC *flow.QuorumCertificate, lastViewTC *flow.TimeoutCertificate) (*model.TimeoutObject, error)

CreateTimeout will create a signed timeout object for the given view.

func (*StakingSigner) CreateVote added in v0.23.9

func (c *StakingSigner) CreateVote(block *model.Block) (*model.Vote, error)

CreateVote will create a vote with a staking signature for the given block.

type StakingVerifier added in v0.33.1

type StakingVerifier struct {
	// contains filtered or unexported fields
}

StakingVerifier is a verifier capable of verifying staking signature for each verifying operation. It's used primarily with collection cluster where hotstuff without beacon signers is used.

func NewStakingVerifier added in v0.33.1

func NewStakingVerifier() *StakingVerifier

NewStakingVerifier creates a new single verifier with the given dependencies.

func (*StakingVerifier) VerifyQC added in v0.33.1

func (v *StakingVerifier) VerifyQC(signers flow.IdentitySkeletonList, sigData []byte, view uint64, blockID flow.Identifier) error

VerifyQC checks the cryptographic validity of the QC's `sigData` for the given block. It is the responsibility of the calling code to ensure that all `signers` are authorized, without duplicates. Return values:

  • nil if `sigData` is cryptographically valid
  • model.InvalidFormatError if `sigData` has an incompatible format
  • model.InsufficientSignaturesError if `signers` is empty.
  • model.ErrInvalidSignature if a signature is invalid
  • unexpected errors should be treated as symptoms of bugs or uncovered edge cases in the logic (i.e. as fatal)

In the single verification case, `sigData` represents a single signature (`crypto.Signature`).

func (*StakingVerifier) VerifyTC added in v0.33.1

func (v *StakingVerifier) VerifyTC(signers flow.IdentitySkeletonList, sigData []byte, view uint64, highQCViews []uint64) error

VerifyTC checks cryptographic validity of the TC's `sigData` w.r.t. the given view. It is the responsibility of the calling code to ensure that all `signers` are authorized, without duplicates. Return values:

  • nil if `sigData` is cryptographically valid
  • model.InsufficientSignaturesError if `signers is empty.
  • model.InvalidFormatError if `signers`/`highQCViews` have differing lengths
  • model.ErrInvalidSignature if a signature is invalid
  • unexpected errors should be treated as symptoms of bugs or uncovered edge cases in the logic (i.e. as fatal)

func (*StakingVerifier) VerifyVote added in v0.33.1

func (v *StakingVerifier) VerifyVote(signer *flow.IdentitySkeleton, sigData []byte, view uint64, blockID flow.Identifier) error

VerifyVote verifies the validity of a single signature from a vote. Usually this method is only used to verify the proposer's vote, which is the vote included in a block proposal. The implementation returns the following sentinel errors:

  • model.ErrInvalidSignature is the signature is invalid
  • unexpected errors should be treated as symptoms of bugs or uncovered edge cases in the logic (i.e. as fatal)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL