Add nonce and chain ID to signature requests (#354)

Co-authored-by: eltitanb <[email protected]>
Co-authored-by: ltitanb <[email protected]>
Co-authored-by: Manuel Iñaki Bilbao <[email protected]>

Author: 3 people

api/signer-api.yml

@@ -79,6 +79,8 @@ paths:
                 object_root:
                   description: The 32-byte data you want to sign, with optional `0x` prefix.
                   $ref: "#/components/schemas/B256"
+                nonce:
+                  $ref: "#/components/schemas/Nonce"
             example:
               pubkey: "0xa3ffa9241f78279f1af04644cb8c79c2d8f02bcf0e28e2f186f6dcccac0a869c2be441fda50f0dea895cfce2e53f0989"
               object_root: "0x3e9f4a78b5c21d64f0b8e3d9a7f5c02b4d1e67a3c8f29b5d6e4a3b1c8f72e6d9"
@@ -217,6 +219,8 @@ paths:
                 object_root:
                   description: The 32-byte data you want to sign, with optional `0x` prefix.
                   $ref: "#/components/schemas/B256"
+                nonce:
+                  $ref: "#/components/schemas/Nonce"
             example:
               pubkey: "0xa3ffa9241f78279f1af04644cb8c79c2d8f02bcf0e28e2f186f6dcccac0a869c2be441fda50f0dea895cfce2e53f0989"
               object_root: "0x3e9f4a78b5c21d64f0b8e3d9a7f5c02b4d1e67a3c8f29b5d6e4a3b1c8f72e6d9"
@@ -355,6 +359,8 @@ paths:
                 object_root:
                   description: The 32-byte data you want to sign, with optional `0x` prefix.
                   $ref: "#/components/schemas/B256"
+                nonce:
+                  $ref: "#/components/schemas/Nonce"
             example:
               proxy: "0x71f65e9f6336770e22d148bd5e89b391a1c3b0bb"
               object_root: "0x3e9f4a78b5c21d64f0b8e3d9a7f5c02b4d1e67a3c8f29b5d6e4a3b1c8f72e6d9"
@@ -629,9 +635,15 @@ components:
         object_root:
           description: The 32-byte data that was signed, with `0x` prefix
           $ref: "#/components/schemas/B256"
-        signing_id:
+        module_signing_id:
           description: The signing ID of the module that requested the signature, as specified in the Commit-Boost configuration
           $ref: "#/components/schemas/B256"
+        nonce:
+          $ref: "#/components/schemas/Nonce"
+        chain_id:
+          description: The chain ID that the signature is valid for, as specified in the Commit-Boost configuration
+          type: integer
+          example: 1
         signature:
           description: The BLS signature of the Merkle root hash of the provided `object_root` field and the requesting module's Signing ID. For details on this signature, see the [signature structure documentation](https://commit-boost.github.io/commit-boost-client/developing/prop-commit-signing.md#structure-of-a-signature).
           $ref: "#/components/schemas/BlsSignature"
@@ -647,6 +659,18 @@ components:
         module_signing_id:
           description: The signing ID of the module that requested the signature, as specified in the Commit-Boost configuration
           $ref: "#/components/schemas/B256"
+        nonce:
+          $ref: "#/components/schemas/Nonce"
+        chain_id:
+          description: The chain ID that the signature is valid for, as specified in the Commit-Boost configuration
+          type: integer
+          example: 1
         signature:
           description: The ECDSA signature (in Ethereum RSV format) of the Merkle root hash of the provided `object_root` field and the requesting module's Signing ID. For details on this signature, see the [signature structure documentation](https://commit-boost.github.io/commit-boost-client/developing/prop-commit-signing.md#structure-of-a-signature).
-          $ref: "#/components/schemas/EcdsaSignature"
+          $ref: "#/components/schemas/EcdsaSignature"
+    Nonce:
+      type: integer
+      description: If your module tracks nonces per signature (e.g., to prevent replay attacks), this is the unique nonce to use for the signature. It should be an unsigned 64-bit integer in big-endian format. It must be between 0 and 2^64-2, inclusive. If your module doesn't use nonces, we suggest setting this to 2^64-1 instead of 0 because 0 is a legal nonce and will cause complications with your module if you ever want to use a nonce in the future.
+      minimum: 0
+      maximum: 18446744073709551614 // 2^64-2
+      example: 1

crates/common/src/commit/request.rs

@@ -77,15 +77,16 @@ impl<T: ProxyId> fmt::Display for SignedProxyDelegation<T> {
 pub struct SignConsensusRequest {
     pub pubkey: BlsPublicKey,
     pub object_root: B256,
+    pub nonce: u64,
 }
 
 impl SignConsensusRequest {
-    pub fn new(pubkey: BlsPublicKey, object_root: B256) -> Self {
-        Self { pubkey, object_root }
+    pub fn new(pubkey: BlsPublicKey, object_root: B256, nonce: u64) -> Self {
+        Self { pubkey, object_root, nonce }
     }
 
     pub fn builder(pubkey: BlsPublicKey) -> Self {
-        Self::new(pubkey, B256::ZERO)
+        Self::new(pubkey, B256::ZERO, u64::MAX - 1)
     }
 
     pub fn with_root<R: Into<B256>>(self, object_root: R) -> Self {
@@ -95,15 +96,20 @@ impl SignConsensusRequest {
     pub fn with_msg(self, msg: &impl TreeHash) -> Self {
         self.with_root(msg.tree_hash_root().0)
     }
+
+    pub fn with_nonce(self, nonce: u64) -> Self {
+        Self { nonce, ..self }
+    }
 }
 
 impl Display for SignConsensusRequest {
     fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
         write!(
             f,
-            "Consensus(pubkey: {}, object_root: {})",
+            "Consensus(pubkey: {}, object_root: {}, nonce: {})",
             self.pubkey,
-            hex::encode_prefixed(self.object_root)
+            hex::encode_prefixed(self.object_root),
+            self.nonce
         )
     }
 }
@@ -112,15 +118,16 @@ impl Display for SignConsensusRequest {
 pub struct SignProxyRequest<T: ProxyId> {
     pub proxy: T,
     pub object_root: B256,
+    pub nonce: u64,
 }
 
 impl<T: ProxyId> SignProxyRequest<T> {
-    pub fn new(proxy: T, object_root: B256) -> Self {
-        Self { proxy, object_root }
+    pub fn new(proxy: T, object_root: B256, nonce: u64) -> Self {
+        Self { proxy, object_root, nonce }
     }
 
     pub fn builder(proxy: T) -> Self {
-        Self::new(proxy, B256::ZERO)
+        Self::new(proxy, B256::ZERO, u64::MAX - 1)
     }
 
     pub fn with_root<R: Into<B256>>(self, object_root: R) -> Self {
@@ -130,15 +137,20 @@ impl<T: ProxyId> SignProxyRequest<T> {
     pub fn with_msg(self, msg: &impl TreeHash) -> Self {
         self.with_root(msg.tree_hash_root().0)
     }
+
+    pub fn with_nonce(self, nonce: u64) -> Self {
+        Self { nonce, ..self }
+    }
 }
 
 impl Display for SignProxyRequest<BlsPublicKey> {
     fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
         write!(
             f,
-            "BLS(proxy: {}, object_root: {})",
+            "BLS(proxy: {}, object_root: {}, nonce: {})",
             self.proxy,
-            hex::encode_prefixed(self.object_root)
+            hex::encode_prefixed(self.object_root),
+            self.nonce
         )
     }
 }
@@ -147,9 +159,10 @@ impl Display for SignProxyRequest<Address> {
     fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
         write!(
             f,
-            "ECDSA(proxy: {}, object_root: {})",
+            "ECDSA(proxy: {}, object_root: {}, nonce: {})",
             self.proxy,
-            hex::encode_prefixed(self.object_root)
+            hex::encode_prefixed(self.object_root),
+            self.nonce
         )
     }
 }

crates/common/src/commit/response.rs

@@ -1,5 +1,5 @@
 use alloy::{
-    primitives::{Address, B256},
+    primitives::{Address, B256, U256},
     rpc::types::beacon::BlsSignature,
 };
 use serde::{Deserialize, Serialize};
@@ -11,6 +11,8 @@ pub struct BlsSignResponse {
     pub pubkey: BlsPublicKey,
     pub object_root: B256,
     pub module_signing_id: B256,
+    pub nonce: u64,
+    pub chain_id: U256,
     pub signature: BlsSignature,
 }
 
@@ -19,9 +21,11 @@ impl BlsSignResponse {
         pubkey: BlsPublicKey,
         object_root: B256,
         module_signing_id: B256,
+        nonce: u64,
+        chain_id: U256,
         signature: BlsSignature,
     ) -> Self {
-        Self { pubkey, object_root, module_signing_id, signature }
+        Self { pubkey, object_root, module_signing_id, nonce, chain_id, signature }
     }
 }
 
@@ -30,6 +34,8 @@ pub struct EcdsaSignResponse {
     pub address: Address,
     pub object_root: B256,
     pub module_signing_id: B256,
+    pub nonce: u64,
+    pub chain_id: U256,
     pub signature: EcdsaSignature,
 }
 
@@ -38,8 +44,10 @@ impl EcdsaSignResponse {
         address: Address,
         object_root: B256,
         module_signing_id: B256,
+        nonce: u64,
+        chain_id: U256,
         signature: EcdsaSignature,
     ) -> Self {
-        Self { address, object_root, module_signing_id, signature }
+        Self { address, object_root, module_signing_id, nonce, chain_id, signature }
     }
 }

crates/common/src/config/pbs.rs

@@ -169,12 +169,13 @@ impl PbsConfig {
             if !matches!(chain, Chain::Custom { .. }) {
                 let provider = ProviderBuilder::new().on_http(rpc_url.clone());
                 let chain_id = provider.get_chain_id().await?;
+                let chain_id_big = U256::from(chain_id);
                 ensure!(
-                    chain_id == chain.id(),
+                    chain_id_big == chain.id(),
                     "Rpc url is for the wrong chain, expected: {} ({:?}) got {}",
                     chain.id(),
                     chain,
-                    chain_id
+                    chain_id_big
                 );
             }
         }

crates/common/src/pbs/types/get_header.rs

@@ -177,7 +177,7 @@ mod tests {
             &parsed.message,
             &parsed.signature,
             None,
-            &B32::from(APPLICATION_BUILDER_DOMAIN)
+            &B32::from(APPLICATION_BUILDER_DOMAIN),
         )
         .is_ok())
     }

crates/common/src/signature.rs

@@ -9,7 +9,7 @@ use crate::{
     constants::{COMMIT_BOOST_DOMAIN, GENESIS_VALIDATORS_ROOT},
     error::BlstErrorWrapper,
     signer::{verify_bls_signature, verify_ecdsa_signature, BlsSecretKey, EcdsaSignature},
-    types::{self, Chain},
+    types::{self, Chain, SignatureRequestInfo},
 };
 
 pub fn sign_message(secret_key: &BlsSecretKey, msg: &[u8]) -> BlsSignature {
@@ -20,15 +20,19 @@ pub fn sign_message(secret_key: &BlsSecretKey, msg: &[u8]) -> BlsSignature {
 pub fn compute_prop_commit_signing_root(
     chain: Chain,
     object_root: &B256,
-    module_signing_id: Option<&B256>,
+    signature_request_info: Option<&SignatureRequestInfo>,
     domain_mask: &B32,
 ) -> B256 {
     let domain = compute_domain(chain, domain_mask);
-    match module_signing_id {
-        Some(id) => {
-            let object_root =
-                types::PropCommitSigningInfo { data: *object_root, module_signing_id: *id }
-                    .tree_hash_root();
+    match signature_request_info {
+        Some(SignatureRequestInfo { module_signing_id, nonce }) => {
+            let object_root = types::PropCommitSigningInfo {
+                data: *object_root,
+                module_signing_id: *module_signing_id,
+                nonce: *nonce,
+                chain_id: chain.id(),
+            }
+            .tree_hash_root();
             types::SigningData { object_root, signing_domain: domain }.tree_hash_root()
         }
         None => types::SigningData { object_root: *object_root, signing_domain: domain }
@@ -63,13 +67,13 @@ pub fn verify_signed_message<T: TreeHash>(
     pubkey: &BlsPublicKey,
     msg: &T,
     signature: &BlsSignature,
-    module_signing_id: Option<&B256>,
+    signature_request_info: Option<&SignatureRequestInfo>,
     domain_mask: &B32,
 ) -> Result<(), BlstErrorWrapper> {
     let signing_root = compute_prop_commit_signing_root(
         chain,
         &msg.tree_hash_root(),
-        module_signing_id,
+        signature_request_info,
         domain_mask,
     );
     verify_bls_signature(pubkey, signing_root.as_slice(), signature)
@@ -100,12 +104,12 @@ pub fn sign_commit_boost_root(
     chain: Chain,
     secret_key: &BlsSecretKey,
     object_root: &B256,
-    module_signing_id: Option<&B256>,
+    signature_request_info: Option<&SignatureRequestInfo>,
 ) -> BlsSignature {
     let signing_root = compute_prop_commit_signing_root(
         chain,
         object_root,
-        module_signing_id,
+        signature_request_info,
         &B32::from(COMMIT_BOOST_DOMAIN),
     );
     sign_message(secret_key, signing_root.as_slice())
@@ -123,11 +127,14 @@ pub fn verify_proposer_commitment_signature_bls(
     msg: &impl TreeHash,
     signature: &BlsSignature,
     module_signing_id: &B256,
+    nonce: u64,
 ) -> Result<(), BlstErrorWrapper> {
     let signing_domain = compute_domain(chain, &B32::from(COMMIT_BOOST_DOMAIN));
     let object_root = types::PropCommitSigningInfo {
         data: msg.tree_hash_root(),
         module_signing_id: *module_signing_id,
+        nonce,
+        chain_id: chain.id(),
     }
     .tree_hash_root();
     let signing_root = types::SigningData { object_root, signing_domain }.tree_hash_root();
@@ -142,12 +149,16 @@ pub fn verify_proposer_commitment_signature_ecdsa(
     msg: &impl TreeHash,
     signature: &EcdsaSignature,
     module_signing_id: &B256,
+    nonce: u64,
 ) -> Result<(), eyre::Report> {
-    let object_root = msg.tree_hash_root();
     let signing_domain = compute_domain(chain, &B32::from(COMMIT_BOOST_DOMAIN));
-    let object_root =
-        types::PropCommitSigningInfo { data: object_root, module_signing_id: *module_signing_id }
-            .tree_hash_root();
+    let object_root = types::PropCommitSigningInfo {
+        data: msg.tree_hash_root(),
+        module_signing_id: *module_signing_id,
+        nonce,
+        chain_id: chain.id(),
+    }
+    .tree_hash_root();
     let signing_root = types::SigningData { object_root, signing_domain }.tree_hash_root();
     verify_ecdsa_signature(address, &signing_root, signature)
 }

crates/common/src/signer/schemes/bls.rs

@@ -4,7 +4,9 @@ use blst::BLST_ERROR;
 use tree_hash::TreeHash;
 
 use crate::{
-    error::BlstErrorWrapper, signature::sign_commit_boost_root, types::Chain,
+    error::BlstErrorWrapper,
+    signature::sign_commit_boost_root,
+    types::{Chain, SignatureRequestInfo},
     utils::blst_pubkey_to_alloy,
 };
 
@@ -42,11 +44,11 @@ impl BlsSigner {
         &self,
         chain: Chain,
         object_root: &B256,
-        module_signing_id: Option<&B256>,
+        signature_request_info: Option<&SignatureRequestInfo>,
     ) -> BlsSignature {
         match self {
             BlsSigner::Local(sk) => {
-                sign_commit_boost_root(chain, sk, object_root, module_signing_id)
+                sign_commit_boost_root(chain, sk, object_root, signature_request_info)
             }
         }
     }
@@ -55,9 +57,9 @@ impl BlsSigner {
         &self,
         chain: Chain,
         msg: &impl TreeHash,
-        module_signing_id: Option<&B256>,
+        signature_request_info: Option<&SignatureRequestInfo>,
     ) -> BlsSignature {
-        self.sign(chain, &msg.tree_hash_root(), module_signing_id).await
+        self.sign(chain, &msg.tree_hash_root(), signature_request_info).await
     }
 }