forked from Layr-Labs/eigenda
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathaggregation.go
367 lines (315 loc) · 12.9 KB
/
aggregation.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
package core
import (
"bytes"
"context"
"encoding/hex"
"errors"
"fmt"
"math/big"
"slices"
"sort"
"github.com/Layr-Labs/eigensdk-go/logging"
gethcommon "github.com/ethereum/go-ethereum/common"
"github.com/ethereum/go-ethereum/common/hexutil"
lru "github.com/hashicorp/golang-lru/v2"
)
const maxNumOperatorAddresses = 300
var (
ErrPubKeysNotEqual = errors.New("public keys are not equal")
ErrInsufficientEthSigs = errors.New("insufficient eth signatures")
ErrAggPubKeyNotValid = errors.New("aggregated public key is not valid")
ErrAggSigNotValid = errors.New("aggregated signature is not valid")
)
type SigningMessage struct {
Signature *Signature
Operator OperatorID
BatchHeaderHash [32]byte
// Undefined if this value <= 0.
AttestationLatencyMs float64
Err error
}
// QuorumAttestation contains the results of aggregating signatures from a set of operators by quorums
// It also returns map of all signers across all quorums
type QuorumAttestation struct {
// QuorumAggPubKeys contains the aggregated public keys for all of the operators each quorum,
// including those that did not sign
QuorumAggPubKey map[QuorumID]*G1Point
// SignersAggPubKey is the aggregated public key for all of the operators that signed the message by each quorum
SignersAggPubKey map[QuorumID]*G2Point
// AggSignature is the aggregated signature for all of the operators that signed the message for each quorum, mirroring the
// SignersAggPubKey.
AggSignature map[QuorumID]*Signature
// QuorumResults contains the quorum ID and the amount signed for each quorum
QuorumResults map[QuorumID]*QuorumResult
// SignerMap contains the operator IDs that signed the message
SignerMap map[OperatorID]bool
}
// SignatureAggregation contains the results of aggregating signatures from a set of operators across multiple quorums
type SignatureAggregation struct {
// NonSigners contains the public keys of the operators that did not sign the message
NonSigners []*G1Point
// QuorumAggPubKeys contains the aggregated public keys for all of the operators each quorum,
// Including those that did not sign
QuorumAggPubKeys map[QuorumID]*G1Point
// AggPubKey is the aggregated public key for all of the operators that signed the message,
// further aggregated across the quorums; operators signing for multiple quorums will be included in
// the aggregation multiple times
AggPubKey *G2Point
// AggSignature is the aggregated signature for all of the operators that signed the message, mirroring the
// AggPubKey.
AggSignature *Signature
// QuorumResults contains the quorum ID and the amount signed for each quorum
QuorumResults map[QuorumID]*QuorumResult
}
// SignatureAggregator is an interface for aggregating the signatures returned by DA nodes so that they can be verified by the DA contract
type SignatureAggregator interface {
// ReceiveSignatures blocks until it receives a response for each operator in the operator state via messageChan, and then returns the attestation result by quorum.
ReceiveSignatures(ctx context.Context, state *IndexedOperatorState, message [32]byte, messageChan chan SigningMessage) (*QuorumAttestation, error)
// AggregateSignatures takes attestation result by quorum and aggregates the signatures across them.
// If the aggregated signature is invalid, an error is returned.
AggregateSignatures(ctx context.Context, ics IndexedChainState, referenceBlockNumber uint, quorumAttestation *QuorumAttestation, quorumIDs []QuorumID) (*SignatureAggregation, error)
}
type StdSignatureAggregator struct {
Logger logging.Logger
Transactor Reader
// OperatorAddresses contains the ethereum addresses of the operators corresponding to their operator IDs
OperatorAddresses *lru.Cache[OperatorID, gethcommon.Address]
}
func NewStdSignatureAggregator(logger logging.Logger, transactor Reader) (*StdSignatureAggregator, error) {
operatorAddrs, err := lru.New[OperatorID, gethcommon.Address](maxNumOperatorAddresses)
if err != nil {
return nil, err
}
return &StdSignatureAggregator{
Logger: logger.With("component", "SignatureAggregator"),
Transactor: transactor,
OperatorAddresses: operatorAddrs,
}, nil
}
var _ SignatureAggregator = (*StdSignatureAggregator)(nil)
func (a *StdSignatureAggregator) ReceiveSignatures(ctx context.Context, state *IndexedOperatorState, message [32]byte, messageChan chan SigningMessage) (*QuorumAttestation, error) {
quorumIDs := make([]QuorumID, 0, len(state.AggKeys))
for quorumID := range state.Operators {
quorumIDs = append(quorumIDs, quorumID)
}
slices.Sort(quorumIDs)
if len(quorumIDs) == 0 {
return nil, errors.New("the number of quorums must be greater than zero")
}
// Ensure all quorums are found in state
for _, id := range quorumIDs {
_, found := state.Operators[id]
if !found {
return nil, errors.New("quorum not found")
}
}
stakeSigned := make(map[QuorumID]*big.Int, len(quorumIDs))
for _, quorumID := range quorumIDs {
stakeSigned[quorumID] = big.NewInt(0)
}
aggSigs := make(map[QuorumID]*Signature, len(quorumIDs))
aggPubKeys := make(map[QuorumID]*G2Point, len(quorumIDs))
signerMap := make(map[OperatorID]bool)
// Aggregate Signatures
numOperators := len(state.IndexedOperators)
for numReply := 0; numReply < numOperators; numReply++ {
var err error
r := <-messageChan
operatorIDHex := r.Operator.Hex()
operatorAddr, ok := a.OperatorAddresses.Get(r.Operator)
if !ok && a.Transactor != nil {
operatorAddr, err = a.Transactor.OperatorIDToAddress(ctx, r.Operator)
if err != nil {
a.Logger.Warn("failed to get operator address from registry", "operatorID", operatorIDHex)
operatorAddr = gethcommon.Address{}
} else {
a.OperatorAddresses.Add(r.Operator, operatorAddr)
}
} else if !ok {
operatorAddr = gethcommon.Address{}
}
socket := ""
if op, ok := state.IndexedOperators[r.Operator]; ok {
socket = op.Socket
}
batchHeaderHashHex := hex.EncodeToString(r.BatchHeaderHash[:])
if r.Err != nil {
a.Logger.Warn("error returned from messageChan", "operatorID", operatorIDHex, "operatorAddress", operatorAddr, "socket", socket, "batchHeaderHash", batchHeaderHashHex, "attestationLatencyMs", r.AttestationLatencyMs, "err", r.Err)
continue
}
op, found := state.IndexedOperators[r.Operator]
if !found {
a.Logger.Error("Operator not found in state", "operatorID", operatorIDHex, "operatorAddress", operatorAddr, "socket", socket)
continue
}
// Verify Signature
sig := r.Signature
ok = sig.Verify(op.PubkeyG2, message)
if !ok {
a.Logger.Error("signature is not valid", "operatorID", operatorIDHex, "operatorAddress", operatorAddr, "socket", socket, "pubkey", hexutil.Encode(op.PubkeyG2.Serialize()))
continue
}
operatorQuorums := make([]uint8, 0, len(quorumIDs))
for _, quorumID := range quorumIDs {
// Get stake amounts for operator
ops := state.Operators[quorumID]
opInfo, ok := ops[r.Operator]
// If operator is not in quorum, skip
if !ok {
continue
}
operatorQuorums = append(operatorQuorums, quorumID)
signerMap[r.Operator] = true
// Add to stake signed
stakeSigned[quorumID].Add(stakeSigned[quorumID], opInfo.Stake)
// Add to agg signature
if aggSigs[quorumID] == nil {
aggSigs[quorumID] = &Signature{sig.Clone()}
aggPubKeys[quorumID] = op.PubkeyG2.Clone()
} else {
aggSigs[quorumID].Add(sig.G1Point)
aggPubKeys[quorumID].Add(op.PubkeyG2)
}
}
a.Logger.Info("received signature from operator", "operatorID", operatorIDHex, "operatorAddress", operatorAddr, "socket", socket, "quorumIDs", fmt.Sprint(operatorQuorums), "batchHeaderHash", batchHeaderHashHex, "attestationLatencyMs", r.AttestationLatencyMs)
}
// Aggregate Non signer Pubkey Id
nonSignerKeys := make([]*G1Point, 0)
nonSignerOperatorIds := make([]OperatorID, 0)
for id, op := range state.IndexedOperators {
_, found := signerMap[id]
if !found {
nonSignerKeys = append(nonSignerKeys, op.PubkeyG1)
nonSignerOperatorIds = append(nonSignerOperatorIds, id)
}
}
quorumAggPubKeys := make(map[QuorumID]*G1Point, len(quorumIDs))
// Validate the amount signed and aggregate signatures for each quorum
quorumResults := make(map[QuorumID]*QuorumResult)
for _, quorumID := range quorumIDs {
// Check that quorum has sufficient stake
percent := GetSignedPercentage(state.OperatorState, quorumID, stakeSigned[quorumID])
quorumResults[quorumID] = &QuorumResult{
QuorumID: quorumID,
PercentSigned: percent,
}
if percent == 0 {
a.Logger.Warn("no stake signed for quorum", "quorumID", quorumID)
continue
}
// Verify that the aggregated public key for the quorum matches the on-chain quorum aggregate public key sans non-signers of the quorum
quorumAggKey := state.AggKeys[quorumID]
quorumAggPubKeys[quorumID] = quorumAggKey
signersAggKey := quorumAggKey.Clone()
for opInd, nsk := range nonSignerKeys {
ops := state.Operators[quorumID]
if _, ok := ops[nonSignerOperatorIds[opInd]]; ok {
signersAggKey.Sub(nsk)
}
}
if aggPubKeys[quorumID] == nil {
return nil, ErrAggPubKeyNotValid
}
ok, err := signersAggKey.VerifyEquivalence(aggPubKeys[quorumID])
if err != nil {
return nil, err
}
if !ok {
return nil, ErrPubKeysNotEqual
}
// Verify the aggregated signature for the quorum
ok = aggSigs[quorumID].Verify(aggPubKeys[quorumID], message)
if !ok {
return nil, ErrAggSigNotValid
}
}
return &QuorumAttestation{
QuorumAggPubKey: quorumAggPubKeys,
SignersAggPubKey: aggPubKeys,
AggSignature: aggSigs,
QuorumResults: quorumResults,
SignerMap: signerMap,
}, nil
}
func (a *StdSignatureAggregator) AggregateSignatures(ctx context.Context, ics IndexedChainState, referenceBlockNumber uint, quorumAttestation *QuorumAttestation, quorumIDs []QuorumID) (*SignatureAggregation, error) {
// Aggregate the aggregated signatures. We reuse the first aggregated signature as the accumulator
var aggSig *Signature
for _, quorumID := range quorumIDs {
if quorumAttestation.AggSignature[quorumID] == nil {
a.Logger.Error("cannot aggregate signature for quorum because aggregated signature is nil", "quorumID", quorumID)
continue
}
sig := quorumAttestation.AggSignature[quorumID]
if aggSig == nil {
aggSig = &Signature{sig.G1Point.Clone()}
} else {
aggSig.Add(sig.G1Point)
}
}
// Aggregate the aggregated public keys. We reuse the first aggregated public key as the accumulator
var aggPubKey *G2Point
for _, quorumID := range quorumIDs {
if quorumAttestation.SignersAggPubKey[quorumID] == nil {
a.Logger.Error("cannot aggregate public key for quorum because signers aggregated public key is nil", "quorumID", quorumID)
continue
}
apk := quorumAttestation.SignersAggPubKey[quorumID]
if aggPubKey == nil {
aggPubKey = apk.Clone()
} else {
aggPubKey.Add(apk)
}
}
nonSignerKeys := make([]*G1Point, 0)
indexedOperatorState, err := ics.GetIndexedOperatorState(ctx, referenceBlockNumber, quorumIDs)
if err != nil {
return nil, err
}
for id, op := range indexedOperatorState.IndexedOperators {
_, found := quorumAttestation.SignerMap[id]
if !found {
nonSignerKeys = append(nonSignerKeys, op.PubkeyG1)
}
}
// sort non signer keys according to how it's checked onchain
// ref: https://github.com/Layr-Labs/eigenlayer-middleware/blob/m2-mainnet/src/BLSSignatureChecker.sol#L99
sort.Slice(nonSignerKeys, func(i, j int) bool {
hash1 := nonSignerKeys[i].Hash()
hash2 := nonSignerKeys[j].Hash()
// sort in accending order
return bytes.Compare(hash1[:], hash2[:]) == -1
})
quorumAggKeys := make(map[QuorumID]*G1Point, len(quorumIDs))
for _, quorumID := range quorumIDs {
if quorumAttestation.QuorumAggPubKey[quorumID] == nil {
a.Logger.Error("cannot aggregate public key for quorum because aggregated public key is nil", "quorumID", quorumID)
continue
}
quorumAggKeys[quorumID] = quorumAttestation.QuorumAggPubKey[quorumID]
}
quorumResults := make(map[QuorumID]*QuorumResult, len(quorumIDs))
for _, quorumID := range quorumIDs {
quorumResults[quorumID] = quorumAttestation.QuorumResults[quorumID]
}
return &SignatureAggregation{
NonSigners: nonSignerKeys,
QuorumAggPubKeys: quorumAggKeys,
AggPubKey: aggPubKey,
AggSignature: aggSig,
QuorumResults: quorumResults,
}, nil
}
func GetStakeThreshold(state *OperatorState, quorum QuorumID, quorumThreshold uint8) *big.Int {
// Get stake threshold
quorumThresholdBig := new(big.Int).SetUint64(uint64(quorumThreshold))
stakeThreshold := new(big.Int)
stakeThreshold.Mul(quorumThresholdBig, state.Totals[quorum].Stake)
stakeThreshold = RoundUpDivideBig(stakeThreshold, new(big.Int).SetUint64(percentMultiplier))
return stakeThreshold
}
func GetSignedPercentage(state *OperatorState, quorum QuorumID, stakeAmount *big.Int) uint8 {
stakeAmount = stakeAmount.Mul(stakeAmount, new(big.Int).SetUint64(percentMultiplier))
quorumThresholdBig := stakeAmount.Div(stakeAmount, state.Totals[quorum].Stake)
quorumThreshold := uint8(quorumThresholdBig.Uint64())
return quorumThreshold
}